godotengine/godot
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Bump mbedTLS to version 2.10.0

Browse Source
This commit is contained in:
Fabio Alessandrelli 2018-06-07 16:25:01 +02:00
parent 9d23f1bf1a
commit 888379e513
105 changed files with 5997 additions and 2838 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
modules/mbedtls/SCsub
View File

@ -11,6 +11,7 @@ if env['builtin_mbedtls']:
"aes.c", "aes.c",
"aesni.c", "aesni.c",
"arc4.c", "arc4.c",
"aria.c",
"asn1parse.c", "asn1parse.c",
"asn1write.c", "asn1write.c",
"base64.c", "base64.c",
@ -55,6 +56,7 @@ if env['builtin_mbedtls']:
"pk_wrap.c", "pk_wrap.c",
"pkwrite.c", "pkwrite.c",
"platform.c", "platform.c",
"platform_util.c",
"ripemd160.c", "ripemd160.c",
"rsa.c", "rsa.c",
"rsa_internal.c", "rsa_internal.c",

24
thirdparty/mbedtls/1453.diff vendored
View File

@ -1,7 +1,7 @@
diff --git a/thirdparty/mbedtls/library/entropy_poll.c b/thirdparty/mbedtls/library/entropy_poll.c diff --git a/library/entropy_poll.c b/library/entropy_poll.c
index 67900c46c8..cefe882d2a 100644 index 67900c46..cefe882d 100644
--- a/thirdparty/mbedtls/library/entropy_poll.c --- a/library/entropy_poll.c
+++ b/thirdparty/mbedtls/library/entropy_poll.c +++ b/library/entropy_poll.c
@@ -54,28 +54,43 @@ @@ -54,28 +54,43 @@
#define _WIN32_WINNT 0x0400 #define _WIN32_WINNT 0x0400
#endif #endif
@ -53,11 +53,11 @@ index 67900c46c8..cefe882d2a 100644
*olen = len; *olen = len;
return( 0 ); return( 0 );
diff --git a/thirdparty/mbedtls/library/x509_crt.c b/thirdparty/mbedtls/library/x509_crt.c diff --git a/library/x509_crt.c b/library/x509_crt.c
index afff4e18bf..7960fa1a1a 100644 index 290c1eb3..038eae02 100644
--- a/thirdparty/mbedtls/library/x509_crt.c --- a/library/x509_crt.c
+++ b/thirdparty/mbedtls/library/x509_crt.c +++ b/library/x509_crt.c
@@ -64,6 +64,19 @@ @@ -65,6 +65,19 @@
#if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32) #if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
#include <windows.h> #include <windows.h>
@ -77,7 +77,7 @@ index afff4e18bf..7960fa1a1a 100644
#else #else
#include <time.h> #include <time.h>
#endif #endif
@@ -1130,6 +1143,7 @@ int mbedtls_x509_crt_parse_path( mbedtls_x509_crt *chain, const char *path ) @@ -1126,6 +1139,7 @@ int mbedtls_x509_crt_parse_path( mbedtls_x509_crt *chain, const char *path )
char filename[MAX_PATH]; char filename[MAX_PATH];
char *p; char *p;
size_t len = strlen( path ); size_t len = strlen( path );
@ -85,7 +85,7 @@ index afff4e18bf..7960fa1a1a 100644
WIN32_FIND_DATAW file_data; WIN32_FIND_DATAW file_data;
HANDLE hFind; HANDLE hFind;
@@ -1144,7 +1158,18 @@ int mbedtls_x509_crt_parse_path( mbedtls_x509_crt *chain, const char *path ) @@ -1140,7 +1154,18 @@ int mbedtls_x509_crt_parse_path( mbedtls_x509_crt *chain, const char *path )
p = filename + len; p = filename + len;
filename[len++] = '*'; filename[len++] = '*';
@ -105,7 +105,7 @@ index afff4e18bf..7960fa1a1a 100644
MAX_PATH - 3 ); MAX_PATH - 3 );
if( w_ret == 0 ) if( w_ret == 0 )
return( MBEDTLS_ERR_X509_BAD_INPUT_DATA ); return( MBEDTLS_ERR_X509_BAD_INPUT_DATA );
@@ -1161,8 +1186,11 @@ int mbedtls_x509_crt_parse_path( mbedtls_x509_crt *chain, const char *path ) @@ -1157,8 +1182,11 @@ int mbedtls_x509_crt_parse_path( mbedtls_x509_crt *chain, const char *path )
if( file_data.dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY ) if( file_data.dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY )
continue; continue;

91
thirdparty/mbedtls/include/mbedtls/aes.h vendored
View File

@ -1,7 +1,9 @@
/** /**
* \file aes.h * \file aes.h
* *
* \brief The Advanced Encryption Standard (AES) specifies a FIPS-approved * \brief This file contains AES definitions and functions.
*
* The Advanced Encryption Standard (AES) specifies a FIPS-approved
* cryptographic algorithm that can be used to protect electronic * cryptographic algorithm that can be used to protect electronic
* data. * data.
* *
@ -12,6 +14,7 @@
* techniques -- Encryption algorithms -- Part 2: Asymmetric * techniques -- Encryption algorithms -- Part 2: Asymmetric
* ciphers</em>. * ciphers</em>.
*/ */
/* Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved. /* Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved.
* SPDX-License-Identifier: Apache-2.0 * SPDX-License-Identifier: Apache-2.0
* *
@ -50,7 +53,8 @@
#define MBEDTLS_ERR_AES_INVALID_KEY_LENGTH -0x0020 /**< Invalid key length. */ #define MBEDTLS_ERR_AES_INVALID_KEY_LENGTH -0x0020 /**< Invalid key length. */
#define MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH -0x0022 /**< Invalid data input length. */ #define MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH -0x0022 /**< Invalid data input length. */
/* Error codes in range 0x0023-0x0025 */ /* Error codes in range 0x0021-0x0025 */
#define MBEDTLS_ERR_AES_BAD_INPUT_DATA -0x0021 /**< Invalid input data. */
#define MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE -0x0023 /**< Feature not available. For example, an unsupported AES key size. */ #define MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE -0x0023 /**< Feature not available. For example, an unsupported AES key size. */
#define MBEDTLS_ERR_AES_HW_ACCEL_FAILED -0x0025 /**< AES hardware accelerator failed. */ #define MBEDTLS_ERR_AES_HW_ACCEL_FAILED -0x0025 /**< AES hardware accelerator failed. */
@ -59,14 +63,14 @@
#define inline __inline #define inline __inline
#endif #endif
#if !defined(MBEDTLS_AES_ALT)
// Regular implementation
//
#ifdef __cplusplus #ifdef __cplusplus
extern "C" { extern "C" {
#endif #endif
#if !defined(MBEDTLS_AES_ALT)
// Regular implementation
//
/** /**
* \brief The AES context-type definition. * \brief The AES context-type definition.
*/ */
@ -85,6 +89,10 @@ typedef struct
} }
mbedtls_aes_context; mbedtls_aes_context;
#else /* MBEDTLS_AES_ALT */
#include "aes_alt.h"
#endif /* MBEDTLS_AES_ALT */
/** /**
* \brief This function initializes the specified AES context. * \brief This function initializes the specified AES context.
* *
@ -112,8 +120,8 @@ void mbedtls_aes_free( mbedtls_aes_context *ctx );
* <li>192 bits</li> * <li>192 bits</li>
* <li>256 bits</li></ul> * <li>256 bits</li></ul>
* *
* \return \c 0 on success or #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH * \return \c 0 on success.
* on failure. * \return #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure.
*/ */
int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key, int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key,
unsigned int keybits ); unsigned int keybits );
@ -128,7 +136,8 @@ int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key,
* <li>192 bits</li> * <li>192 bits</li>
* <li>256 bits</li></ul> * <li>256 bits</li></ul>
* *
* \return \c 0 on success, or #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure. * \return \c 0 on success.
* \return #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure.
*/ */
int mbedtls_aes_setkey_dec( mbedtls_aes_context *ctx, const unsigned char *key, int mbedtls_aes_setkey_dec( mbedtls_aes_context *ctx, const unsigned char *key,
unsigned int keybits ); unsigned int keybits );
@ -192,7 +201,8 @@ int mbedtls_aes_crypt_ecb( mbedtls_aes_context *ctx,
* \param input The buffer holding the input data. * \param input The buffer holding the input data.
* \param output The buffer holding the output data. * \param output The buffer holding the output data.
* *
* \return \c 0 on success, or #MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH * \return \c 0 on success.
* \return #MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH
* on failure. * on failure.
*/ */
int mbedtls_aes_crypt_cbc( mbedtls_aes_context *ctx, int mbedtls_aes_crypt_cbc( mbedtls_aes_context *ctx,
@ -300,7 +310,49 @@ int mbedtls_aes_crypt_cfb8( mbedtls_aes_context *ctx,
* must use the context initialized with mbedtls_aes_setkey_enc() * must use the context initialized with mbedtls_aes_setkey_enc()
* for both #MBEDTLS_AES_ENCRYPT and #MBEDTLS_AES_DECRYPT. * for both #MBEDTLS_AES_ENCRYPT and #MBEDTLS_AES_DECRYPT.
* *
* \warning You must keep the maximum use of your counter in mind. * \warning You must never reuse a nonce value with the same key. Doing so
* would void the encryption for the two messages encrypted with
* the same nonce and key.
*
* There are two common strategies for managing nonces with CTR:
*
* 1. You can handle everything as a single message processed over
* successive calls to this function. In that case, you want to
* set \p nonce_counter and \p nc_off to 0 for the first call, and
* then preserve the values of \p nonce_counter, \p nc_off and \p
* stream_block across calls to this function as they will be
* updated by this function.
*
* With this strategy, you must not encrypt more than 2**128
* blocks of data with the same key.
*
* 2. You can encrypt separate messages by dividing the \p
* nonce_counter buffer in two areas: the first one used for a
* per-message nonce, handled by yourself, and the second one
* updated by this function internally.
*
* For example, you might reserve the first 12 bytes for the
* per-message nonce, and the last 4 bytes for internal use. In that
* case, before calling this function on a new message you need to
* set the first 12 bytes of \p nonce_counter to your chosen nonce
* value, the last 4 to 0, and \p nc_off to 0 (which will cause \p
* stream_block to be ignored). That way, you can encrypt at most
* 2**96 messages of up to 2**32 blocks each with the same key.
*
* The per-message nonce (or information sufficient to reconstruct
* it) needs to be communicated with the ciphertext and must be unique.
* The recommended way to ensure uniqueness is to use a message
* counter. An alternative is to generate random nonces, but this
* limits the number of messages that can be securely encrypted:
* for example, with 96-bit random nonces, you should not encrypt
* more than 2**32 messages with the same key.
*
* Note that for both stategies, sizes are measured in blocks and
* that an AES block is 16 bytes.
*
* \warning Upon return, \p stream_block contains sensitive data. Its
* content must not be written to insecure storage and should be
* securely discarded as soon as it's no longer needed.
* *
* \param ctx The AES context to use for encryption or decryption. * \param ctx The AES context to use for encryption or decryption.
* \param length The length of the input data. * \param length The length of the input data.
@ -313,7 +365,7 @@ int mbedtls_aes_crypt_cfb8( mbedtls_aes_context *ctx,
* \param input The buffer holding the input data. * \param input The buffer holding the input data.
* \param output The buffer holding the output data. * \param output The buffer holding the output data.
* *
* \return \c 0 on success. * \return \c 0 on success.
*/ */
int mbedtls_aes_crypt_ctr( mbedtls_aes_context *ctx, int mbedtls_aes_crypt_ctr( mbedtls_aes_context *ctx,
size_t length, size_t length,
@ -391,22 +443,11 @@ MBEDTLS_DEPRECATED void mbedtls_aes_decrypt( mbedtls_aes_context *ctx,
#undef MBEDTLS_DEPRECATED #undef MBEDTLS_DEPRECATED
#endif /* !MBEDTLS_DEPRECATED_REMOVED */ #endif /* !MBEDTLS_DEPRECATED_REMOVED */
#ifdef __cplusplus
}
#endif
#else /* MBEDTLS_AES_ALT */
#include "aes_alt.h"
#endif /* MBEDTLS_AES_ALT */
#ifdef __cplusplus
extern "C" {
#endif
/** /**
* \brief Checkup routine. * \brief Checkup routine.
* *
* \return \c 0 on success, or \c 1 on failure. * \return \c 0 on success.
* \return \c 1 on failure.
*/ */
int mbedtls_aes_self_test( int verbose ); int mbedtls_aes_self_test( int verbose );

24
thirdparty/mbedtls/include/mbedtls/arc4.h vendored
View File

@ -38,14 +38,14 @@
#define MBEDTLS_ERR_ARC4_HW_ACCEL_FAILED -0x0019 /**< ARC4 hardware accelerator failed. */ #define MBEDTLS_ERR_ARC4_HW_ACCEL_FAILED -0x0019 /**< ARC4 hardware accelerator failed. */
#if !defined(MBEDTLS_ARC4_ALT)
// Regular implementation
//
#ifdef __cplusplus #ifdef __cplusplus
extern "C" { extern "C" {
#endif #endif
#if !defined(MBEDTLS_ARC4_ALT)
// Regular implementation
//
/** /**
* \brief ARC4 context structure * \brief ARC4 context structure
* *
@ -61,6 +61,10 @@ typedef struct
} }
mbedtls_arc4_context; mbedtls_arc4_context;
#else /* MBEDTLS_ARC4_ALT */
#include "arc4_alt.h"
#endif /* MBEDTLS_ARC4_ALT */
/** /**
* \brief Initialize ARC4 context * \brief Initialize ARC4 context
* *
@ -118,18 +122,6 @@ void mbedtls_arc4_setup( mbedtls_arc4_context *ctx, const unsigned char *key,
int mbedtls_arc4_crypt( mbedtls_arc4_context *ctx, size_t length, const unsigned char *input, int mbedtls_arc4_crypt( mbedtls_arc4_context *ctx, size_t length, const unsigned char *input,
unsigned char *output ); unsigned char *output );
#ifdef __cplusplus
}
#endif
#else /* MBEDTLS_ARC4_ALT */
#include "arc4_alt.h"
#endif /* MBEDTLS_ARC4_ALT */
#ifdef __cplusplus
extern "C" {
#endif
/** /**
* \brief Checkup routine * \brief Checkup routine
* *

331
thirdparty/mbedtls/include/mbedtls/aria.h vendored Normal file
View File

@ -0,0 +1,331 @@
/**
* \file aria.h
*
* \brief ARIA block cipher
*
* The ARIA algorithm is a symmetric block cipher that can encrypt and
* decrypt information. It is defined by the Korean Agency for
* Technology and Standards (KATS) in <em>KS X 1213:2004</em> (in
* Korean, but see http://210.104.33.10/ARIA/index-e.html in English)
* and also described by the IETF in <em>RFC 5794</em>.
*/
/* Copyright (C) 2006-2018, ARM Limited, All Rights Reserved
* SPDX-License-Identifier: Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
* This file is part of mbed TLS (https://tls.mbed.org)
*/
#ifndef MBEDTLS_ARIA_H
#define MBEDTLS_ARIA_H
#if !defined(MBEDTLS_CONFIG_FILE)
#include "config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif
#include <stddef.h>
#include <stdint.h>
#define MBEDTLS_ARIA_ENCRYPT 1 /**< ARIA encryption. */
#define MBEDTLS_ARIA_DECRYPT 0 /**< ARIA decryption. */
#define MBEDTLS_ARIA_BLOCKSIZE 16 /**< ARIA block size in bytes. */
#define MBEDTLS_ARIA_MAX_ROUNDS 16 /**< Maxiumum number of rounds in ARIA. */
#define MBEDTLS_ARIA_MAX_KEYSIZE 32 /**< Maximum size of an ARIA key in bytes. */
#define MBEDTLS_ERR_ARIA_INVALID_KEY_LENGTH -0x005C /**< Invalid key length. */
#define MBEDTLS_ERR_ARIA_INVALID_INPUT_LENGTH -0x005E /**< Invalid data input length. */
#define MBEDTLS_ERR_ARIA_FEATURE_UNAVAILABLE -0x005A /**< Feature not available. For example, an unsupported ARIA key size. */
#define MBEDTLS_ERR_ARIA_HW_ACCEL_FAILED -0x0058 /**< ARIA hardware accelerator failed. */
#if !defined(MBEDTLS_ARIA_ALT)
// Regular implementation
//
#ifdef __cplusplus
extern "C" {
#endif
/**
* \brief The ARIA context-type definition.
*/
typedef struct
{
unsigned char nr; /*!< The number of rounds (12, 14 or 16) */
/*! The ARIA round keys. */
uint32_t rk[MBEDTLS_ARIA_MAX_ROUNDS + 1][MBEDTLS_ARIA_BLOCKSIZE / 4];
}
mbedtls_aria_context;
#else /* MBEDTLS_ARIA_ALT */
#include "aria_alt.h"
#endif /* MBEDTLS_ARIA_ALT */
/**
* \brief This function initializes the specified ARIA context.
*
* It must be the first API called before using
* the context.
*
* \param ctx The ARIA context to initialize.
*/
void mbedtls_aria_init( mbedtls_aria_context *ctx );
/**
* \brief This function releases and clears the specified ARIA context.
*
* \param ctx The ARIA context to clear.
*/
void mbedtls_aria_free( mbedtls_aria_context *ctx );
/**
* \brief This function sets the encryption key.
*
* \param ctx The ARIA context to which the key should be bound.
* \param key The encryption key.
* \param keybits The size of data passed in bits. Valid options are:
* <ul><li>128 bits</li>
* <li>192 bits</li>
* <li>256 bits</li></ul>
*
* \return \c 0 on success or #MBEDTLS_ERR_ARIA_INVALID_KEY_LENGTH
* on failure.
*/
int mbedtls_aria_setkey_enc( mbedtls_aria_context *ctx,
const unsigned char *key,
unsigned int keybits );
/**
* \brief This function sets the decryption key.
*
* \param ctx The ARIA context to which the key should be bound.
* \param key The decryption key.
* \param keybits The size of data passed. Valid options are:
* <ul><li>128 bits</li>
* <li>192 bits</li>
* <li>256 bits</li></ul>
*
* \return \c 0 on success, or #MBEDTLS_ERR_ARIA_INVALID_KEY_LENGTH on failure.
*/
int mbedtls_aria_setkey_dec( mbedtls_aria_context *ctx,
const unsigned char *key,
unsigned int keybits );
/**
* \brief This function performs an ARIA single-block encryption or
* decryption operation.
*
* It performs encryption or decryption (depending on whether
* the key was set for encryption on decryption) on the input
* data buffer defined in the \p input parameter.
*
* mbedtls_aria_init(), and either mbedtls_aria_setkey_enc() or
* mbedtls_aria_setkey_dec() must be called before the first
* call to this API with the same context.
*
* \param ctx The ARIA context to use for encryption or decryption.
* \param input The 16-Byte buffer holding the input data.
* \param output The 16-Byte buffer holding the output data.
* \return \c 0 on success.
*/
int mbedtls_aria_crypt_ecb( mbedtls_aria_context *ctx,
const unsigned char input[MBEDTLS_ARIA_BLOCKSIZE],
unsigned char output[MBEDTLS_ARIA_BLOCKSIZE] );
#if defined(MBEDTLS_CIPHER_MODE_CBC)
/**
* \brief This function performs an ARIA-CBC encryption or decryption operation
* on full blocks.
*
* It performs the operation defined in the \p mode
* parameter (encrypt/decrypt), on the input data buffer defined in
* the \p input parameter.
*
* It can be called as many times as needed, until all the input
* data is processed. mbedtls_aria_init(), and either
* mbedtls_aria_setkey_enc() or mbedtls_aria_setkey_dec() must be called
* before the first call to this API with the same context.
*
* \note This function operates on aligned blocks, that is, the input size
* must be a multiple of the ARIA block size of 16 Bytes.
*
* \note Upon exit, the content of the IV is updated so that you can
* call the same function again on the next
* block(s) of data and get the same result as if it was
* encrypted in one call. This allows a "streaming" usage.
* If you need to retain the contents of the IV, you should
* either save it manually or use the cipher module instead.
*
*
* \param ctx The ARIA context to use for encryption or decryption.
* \param mode The ARIA operation: #MBEDTLS_ARIA_ENCRYPT or
* #MBEDTLS_ARIA_DECRYPT.
* \param length The length of the input data in Bytes. This must be a
* multiple of the block size (16 Bytes).
* \param iv Initialization vector (updated after use).
* \param input The buffer holding the input data.
* \param output The buffer holding the output data.
*
* \return \c 0 on success, or #MBEDTLS_ERR_ARIA_INVALID_INPUT_LENGTH
* on failure.
*/
int mbedtls_aria_crypt_cbc( mbedtls_aria_context *ctx,
int mode,
size_t length,
unsigned char iv[MBEDTLS_ARIA_BLOCKSIZE],
const unsigned char *input,
unsigned char *output );
#endif /* MBEDTLS_CIPHER_MODE_CBC */
#if defined(MBEDTLS_CIPHER_MODE_CFB)
/**
* \brief This function performs an ARIA-CFB128 encryption or decryption
* operation.
*
* It performs the operation defined in the \p mode
* parameter (encrypt or decrypt), on the input data buffer
* defined in the \p input parameter.
*
* For CFB, you must set up the context with mbedtls_aria_setkey_enc(),
* regardless of whether you are performing an encryption or decryption
* operation, that is, regardless of the \p mode parameter. This is
* because CFB mode uses the same key schedule for encryption and
* decryption.
*
* \note Upon exit, the content of the IV is updated so that you can
* call the same function again on the next
* block(s) of data and get the same result as if it was
* encrypted in one call. This allows a "streaming" usage.
* If you need to retain the contents of the
* IV, you must either save it manually or use the cipher
* module instead.
*
*
* \param ctx The ARIA context to use for encryption or decryption.
* \param mode The ARIA operation: #MBEDTLS_ARIA_ENCRYPT or
* #MBEDTLS_ARIA_DECRYPT.
* \param length The length of the input data.
* \param iv_off The offset in IV (updated after use).
* \param iv The initialization vector (updated after use).
* \param input The buffer holding the input data.
* \param output The buffer holding the output data.
*
* \return \c 0 on success.
*/
int mbedtls_aria_crypt_cfb128( mbedtls_aria_context *ctx,
int mode,
size_t length,
size_t *iv_off,
unsigned char iv[MBEDTLS_ARIA_BLOCKSIZE],
const unsigned char *input,
unsigned char *output );
#endif /* MBEDTLS_CIPHER_MODE_CFB */
#if defined(MBEDTLS_CIPHER_MODE_CTR)
/**
* \brief This function performs an ARIA-CTR encryption or decryption
* operation.
*
* This function performs the operation defined in the \p mode
* parameter (encrypt/decrypt), on the input data buffer
* defined in the \p input parameter.
*
* Due to the nature of CTR, you must use the same key schedule
* for both encryption and decryption operations. Therefore, you
* must use the context initialized with mbedtls_aria_setkey_enc()
* for both #MBEDTLS_ARIA_ENCRYPT and #MBEDTLS_ARIA_DECRYPT.
*
* \warning You must never reuse a nonce value with the same key. Doing so
* would void the encryption for the two messages encrypted with
* the same nonce and key.
*
* There are two common strategies for managing nonces with CTR:
*
* 1. You can handle everything as a single message processed over
* successive calls to this function. In that case, you want to
* set \p nonce_counter and \p nc_off to 0 for the first call, and
* then preserve the values of \p nonce_counter, \p nc_off and \p
* stream_block across calls to this function as they will be
* updated by this function.
*
* With this strategy, you must not encrypt more than 2**128
* blocks of data with the same key.
*
* 2. You can encrypt separate messages by dividing the \p
* nonce_counter buffer in two areas: the first one used for a
* per-message nonce, handled by yourself, and the second one
* updated by this function internally.
*
* For example, you might reserve the first 12 bytes for the
* per-message nonce, and the last 4 bytes for internal use. In that
* case, before calling this function on a new message you need to
* set the first 12 bytes of \p nonce_counter to your chosen nonce
* value, the last 4 to 0, and \p nc_off to 0 (which will cause \p
* stream_block to be ignored). That way, you can encrypt at most
* 2**96 messages of up to 2**32 blocks each with the same key.
*
* The per-message nonce (or information sufficient to reconstruct
* it) needs to be communicated with the ciphertext and must be unique.
* The recommended way to ensure uniqueness is to use a message
* counter. An alternative is to generate random nonces, but this
* limits the number of messages that can be securely encrypted:
* for example, with 96-bit random nonces, you should not encrypt
* more than 2**32 messages with the same key.
*
* Note that for both stategies, sizes are measured in blocks and
* that an ARIA block is 16 bytes.
*
* \warning Upon return, \p stream_block contains sensitive data. Its
* content must not be written to insecure storage and should be
* securely discarded as soon as it's no longer needed.
*
* \param ctx The ARIA context to use for encryption or decryption.
* \param length The length of the input data.
* \param nc_off The offset in the current \p stream_block, for
* resuming within the current cipher stream. The
* offset pointer should be 0 at the start of a stream.
* \param nonce_counter The 128-bit nonce and counter.
* \param stream_block The saved stream block for resuming. This is
* overwritten by the function.
* \param input The buffer holding the input data.
* \param output The buffer holding the output data.
*
* \return \c 0 on success.
*/
int mbedtls_aria_crypt_ctr( mbedtls_aria_context *ctx,
size_t length,
size_t *nc_off,
unsigned char nonce_counter[MBEDTLS_ARIA_BLOCKSIZE],
unsigned char stream_block[MBEDTLS_ARIA_BLOCKSIZE],
const unsigned char *input,
unsigned char *output );
#endif /* MBEDTLS_CIPHER_MODE_CTR */
#if defined(MBEDTLS_SELF_TEST)
/**
* \brief Checkup routine.
*
* \return \c 0 on success, or \c 1 on failure.
*/
int mbedtls_aria_self_test( int verbose );
#endif /* MBEDTLS_SELF_TEST */
#ifdef __cplusplus
}
#endif
#endif /* aria.h */

10
thirdparty/mbedtls/include/mbedtls/bignum.h vendored
View File

@ -204,6 +204,8 @@ void mbedtls_mpi_free( mbedtls_mpi *X );
/** /**
* \brief Enlarge to the specified number of limbs * \brief Enlarge to the specified number of limbs
* *
* This function does nothing if the MPI is already large enough.
*
* \param X MPI to grow * \param X MPI to grow
* \param nblimbs The target number of limbs * \param nblimbs The target number of limbs
* *
@ -215,19 +217,23 @@ int mbedtls_mpi_grow( mbedtls_mpi *X, size_t nblimbs );
/** /**
* \brief Resize down, keeping at least the specified number of limbs * \brief Resize down, keeping at least the specified number of limbs
* *
* If \c X is smaller than \c nblimbs, it is resized up
* instead.
*
* \param X MPI to shrink * \param X MPI to shrink
* \param nblimbs The minimum number of limbs to keep * \param nblimbs The minimum number of limbs to keep
* *
* \return 0 if successful, * \return 0 if successful,
* MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed * MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
* (this can only happen when resizing up).
*/ */
int mbedtls_mpi_shrink( mbedtls_mpi *X, size_t nblimbs ); int mbedtls_mpi_shrink( mbedtls_mpi *X, size_t nblimbs );
/** /**
* \brief Copy the contents of Y into X * \brief Copy the contents of Y into X
* *
* \param X Destination MPI * \param X Destination MPI. It is enlarged if necessary.
* \param Y Source MPI * \param Y Source MPI.
* *
* \return 0 if successful, * \return 0 if successful,
* MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed * MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed

57
thirdparty/mbedtls/include/mbedtls/blowfish.h vendored
View File

@ -44,14 +44,14 @@
#define MBEDTLS_ERR_BLOWFISH_HW_ACCEL_FAILED -0x0017 /**< Blowfish hardware accelerator failed. */ #define MBEDTLS_ERR_BLOWFISH_HW_ACCEL_FAILED -0x0017 /**< Blowfish hardware accelerator failed. */
#define MBEDTLS_ERR_BLOWFISH_INVALID_INPUT_LENGTH -0x0018 /**< Invalid data input length. */ #define MBEDTLS_ERR_BLOWFISH_INVALID_INPUT_LENGTH -0x0018 /**< Invalid data input length. */
#if !defined(MBEDTLS_BLOWFISH_ALT)
// Regular implementation
//
#ifdef __cplusplus #ifdef __cplusplus
extern "C" { extern "C" {
#endif #endif
#if !defined(MBEDTLS_BLOWFISH_ALT)
// Regular implementation
//
/** /**
* \brief Blowfish context structure * \brief Blowfish context structure
*/ */
@ -62,6 +62,10 @@ typedef struct
} }
mbedtls_blowfish_context; mbedtls_blowfish_context;
#else /* MBEDTLS_BLOWFISH_ALT */
#include "blowfish_alt.h"
#endif /* MBEDTLS_BLOWFISH_ALT */
/** /**
* \brief Initialize Blowfish context * \brief Initialize Blowfish context
* *
@ -170,7 +174,46 @@ int mbedtls_blowfish_crypt_cfb64( mbedtls_blowfish_context *ctx,
/** /**
* \brief Blowfish-CTR buffer encryption/decryption * \brief Blowfish-CTR buffer encryption/decryption
* *
* Warning: You have to keep the maximum use of your counter in mind! * \warning You must never reuse a nonce value with the same key. Doing so
* would void the encryption for the two messages encrypted with
* the same nonce and key.
*
* There are two common strategies for managing nonces with CTR:
*
* 1. You can handle everything as a single message processed over
* successive calls to this function. In that case, you want to
* set \p nonce_counter and \p nc_off to 0 for the first call, and
* then preserve the values of \p nonce_counter, \p nc_off and \p
* stream_block across calls to this function as they will be
* updated by this function.
*
* With this strategy, you must not encrypt more than 2**64
* blocks of data with the same key.
*
* 2. You can encrypt separate messages by dividing the \p
* nonce_counter buffer in two areas: the first one used for a
* per-message nonce, handled by yourself, and the second one
* updated by this function internally.
*
* For example, you might reserve the first 4 bytes for the
* per-message nonce, and the last 4 bytes for internal use. In that
* case, before calling this function on a new message you need to
* set the first 4 bytes of \p nonce_counter to your chosen nonce
* value, the last 4 to 0, and \p nc_off to 0 (which will cause \p
* stream_block to be ignored). That way, you can encrypt at most
* 2**32 messages of up to 2**32 blocks each with the same key.
*
* The per-message nonce (or information sufficient to reconstruct
* it) needs to be communicated with the ciphertext and must be unique.
* The recommended way to ensure uniqueness is to use a message
* counter.
*
* Note that for both stategies, sizes are measured in blocks and
* that a Blowfish block is 8 bytes.
*
* \warning Upon return, \p stream_block contains sensitive data. Its
* content must not be written to insecure storage and should be
* securely discarded as soon as it's no longer needed.
* *
* \param ctx Blowfish context * \param ctx Blowfish context
* \param length The length of the data * \param length The length of the data
@ -198,8 +241,4 @@ int mbedtls_blowfish_crypt_ctr( mbedtls_blowfish_context *ctx,
} }
#endif #endif
#else /* MBEDTLS_BLOWFISH_ALT */
#include "blowfish_alt.h"
#endif /* MBEDTLS_BLOWFISH_ALT */
#endif /* blowfish.h */ #endif /* blowfish.h */

2
thirdparty/mbedtls/include/mbedtls/bn_mul.h vendored
View File

@ -521,7 +521,7 @@
"swi r3, %2 \n\t" \ "swi r3, %2 \n\t" \
: "=m" (c), "=m" (d), "=m" (s) \ : "=m" (c), "=m" (d), "=m" (s) \
: "m" (s), "m" (d), "m" (c), "m" (b) \ : "m" (s), "m" (d), "m" (c), "m" (b) \
: "r3", "r4" "r5", "r6", "r7", "r8", \ : "r3", "r4", "r5", "r6", "r7", "r8", \
"r9", "r10", "r11", "r12", "r13" \ "r9", "r10", "r11", "r12", "r13" \
); );

70
thirdparty/mbedtls/include/mbedtls/camellia.h vendored
View File

@ -40,14 +40,14 @@
#define MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH -0x0026 /**< Invalid data input length. */ #define MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH -0x0026 /**< Invalid data input length. */
#define MBEDTLS_ERR_CAMELLIA_HW_ACCEL_FAILED -0x0027 /**< Camellia hardware accelerator failed. */ #define MBEDTLS_ERR_CAMELLIA_HW_ACCEL_FAILED -0x0027 /**< Camellia hardware accelerator failed. */
#if !defined(MBEDTLS_CAMELLIA_ALT)
// Regular implementation
//
#ifdef __cplusplus #ifdef __cplusplus
extern "C" { extern "C" {
#endif #endif
#if !defined(MBEDTLS_CAMELLIA_ALT)
// Regular implementation
//
/** /**
* \brief CAMELLIA context structure * \brief CAMELLIA context structure
*/ */
@ -58,6 +58,10 @@ typedef struct
} }
mbedtls_camellia_context; mbedtls_camellia_context;
#else /* MBEDTLS_CAMELLIA_ALT */
#include "camellia_alt.h"
#endif /* MBEDTLS_CAMELLIA_ALT */
/** /**
* \brief Initialize CAMELLIA context * \brief Initialize CAMELLIA context
* *
@ -183,12 +187,54 @@ int mbedtls_camellia_crypt_cfb128( mbedtls_camellia_context *ctx,
/** /**
* \brief CAMELLIA-CTR buffer encryption/decryption * \brief CAMELLIA-CTR buffer encryption/decryption
* *
* Warning: You have to keep the maximum use of your counter in mind!
*
* Note: Due to the nature of CTR you should use the same key schedule for * Note: Due to the nature of CTR you should use the same key schedule for
* both encryption and decryption. So a context initialized with * both encryption and decryption. So a context initialized with
* mbedtls_camellia_setkey_enc() for both MBEDTLS_CAMELLIA_ENCRYPT and MBEDTLS_CAMELLIA_DECRYPT. * mbedtls_camellia_setkey_enc() for both MBEDTLS_CAMELLIA_ENCRYPT and MBEDTLS_CAMELLIA_DECRYPT.
* *
* \warning You must never reuse a nonce value with the same key. Doing so
* would void the encryption for the two messages encrypted with
* the same nonce and key.
*
* There are two common strategies for managing nonces with CTR:
*
* 1. You can handle everything as a single message processed over
* successive calls to this function. In that case, you want to
* set \p nonce_counter and \p nc_off to 0 for the first call, and
* then preserve the values of \p nonce_counter, \p nc_off and \p
* stream_block across calls to this function as they will be
* updated by this function.
*
* With this strategy, you must not encrypt more than 2**128
* blocks of data with the same key.
*
* 2. You can encrypt separate messages by dividing the \p
* nonce_counter buffer in two areas: the first one used for a
* per-message nonce, handled by yourself, and the second one
* updated by this function internally.
*
* For example, you might reserve the first 12 bytes for the
* per-message nonce, and the last 4 bytes for internal use. In that
* case, before calling this function on a new message you need to
* set the first 12 bytes of \p nonce_counter to your chosen nonce
* value, the last 4 to 0, and \p nc_off to 0 (which will cause \p
* stream_block to be ignored). That way, you can encrypt at most
* 2**96 messages of up to 2**32 blocks each with the same key.
*
* The per-message nonce (or information sufficient to reconstruct
* it) needs to be communicated with the ciphertext and must be unique.
* The recommended way to ensure uniqueness is to use a message
* counter. An alternative is to generate random nonces, but this
* limits the number of messages that can be securely encrypted:
* for example, with 96-bit random nonces, you should not encrypt
* more than 2**32 messages with the same key.
*
* Note that for both stategies, sizes are measured in blocks and
* that a CAMELLIA block is 16 bytes.
*
* \warning Upon return, \p stream_block contains sensitive data. Its
* content must not be written to insecure storage and should be
* securely discarded as soon as it's no longer needed.
*
* \param ctx CAMELLIA context * \param ctx CAMELLIA context
* \param length The length of the data * \param length The length of the data
* \param nc_off The offset in the current stream_block (for resuming * \param nc_off The offset in the current stream_block (for resuming
@ -211,18 +257,6 @@ int mbedtls_camellia_crypt_ctr( mbedtls_camellia_context *ctx,
unsigned char *output ); unsigned char *output );
#endif /* MBEDTLS_CIPHER_MODE_CTR */ #endif /* MBEDTLS_CIPHER_MODE_CTR */
#ifdef __cplusplus
}
#endif
#else /* MBEDTLS_CAMELLIA_ALT */
#include "camellia_alt.h"
#endif /* MBEDTLS_CAMELLIA_ALT */
#ifdef __cplusplus
extern "C" {
#endif
/** /**
* \brief Checkup routine * \brief Checkup routine
* *

54
thirdparty/mbedtls/include/mbedtls/ccm.h vendored
View File

@ -1,8 +1,11 @@
/** /**
* \file ccm.h * \file ccm.h
* *
* \brief CCM combines Counter mode encryption with CBC-MAC authentication * \brief This file provides an API for the CCM authenticated encryption
* for 128-bit block ciphers. * mode for block ciphers.
*
* CCM combines Counter mode encryption with CBC-MAC authentication
* for 128-bit block ciphers.
* *
* Input to CCM includes the following elements: * Input to CCM includes the following elements:
* <ul><li>Payload - data that is both authenticated and encrypted.</li> * <ul><li>Payload - data that is both authenticated and encrypted.</li>
@ -40,14 +43,15 @@
#define MBEDTLS_ERR_CCM_AUTH_FAILED -0x000F /**< Authenticated decryption failed. */ #define MBEDTLS_ERR_CCM_AUTH_FAILED -0x000F /**< Authenticated decryption failed. */
#define MBEDTLS_ERR_CCM_HW_ACCEL_FAILED -0x0011 /**< CCM hardware accelerator failed. */ #define MBEDTLS_ERR_CCM_HW_ACCEL_FAILED -0x0011 /**< CCM hardware accelerator failed. */
#if !defined(MBEDTLS_CCM_ALT)
// Regular implementation
//
#ifdef __cplusplus #ifdef __cplusplus
extern "C" { extern "C" {
#endif #endif
#if !defined(MBEDTLS_CCM_ALT)
// Regular implementation
//
/** /**
* \brief The CCM context-type definition. The CCM context is passed * \brief The CCM context-type definition. The CCM context is passed
* to the APIs called. * to the APIs called.
@ -57,6 +61,10 @@ typedef struct {
} }
mbedtls_ccm_context; mbedtls_ccm_context;
#else /* MBEDTLS_CCM_ALT */
#include "ccm_alt.h"
#endif /* MBEDTLS_CCM_ALT */
/** /**
* \brief This function initializes the specified CCM context, * \brief This function initializes the specified CCM context,
* to make references valid, and prepare the context * to make references valid, and prepare the context
@ -75,7 +83,8 @@ void mbedtls_ccm_init( mbedtls_ccm_context *ctx );
* \param key The encryption key. * \param key The encryption key.
* \param keybits The key size in bits. This must be acceptable by the cipher. * \param keybits The key size in bits. This must be acceptable by the cipher.
* *
* \return \c 0 on success, or a cipher-specific error code. * \return \c 0 on success.
* \return A CCM or cipher-specific error code on failure.
*/ */
int mbedtls_ccm_setkey( mbedtls_ccm_context *ctx, int mbedtls_ccm_setkey( mbedtls_ccm_context *ctx,
mbedtls_cipher_id_t cipher, mbedtls_cipher_id_t cipher,
@ -93,6 +102,13 @@ void mbedtls_ccm_free( mbedtls_ccm_context *ctx );
/** /**
* \brief This function encrypts a buffer using CCM. * \brief This function encrypts a buffer using CCM.
* *
*
* \note The tag is written to a separate buffer. To concatenate
* the \p tag with the \p output, as done in <em>RFC-3610:
* Counter with CBC-MAC (CCM)</em>, use
* \p tag = \p output + \p length, and make sure that the
* output buffer is at least \p length + \p tag_len wide.
*
* \param ctx The CCM context to use for encryption. * \param ctx The CCM context to use for encryption.
* \param length The length of the input data in Bytes. * \param length The length of the input data in Bytes.
* \param iv Initialization vector (nonce). * \param iv Initialization vector (nonce).
@ -107,13 +123,8 @@ void mbedtls_ccm_free( mbedtls_ccm_context *ctx );
* \param tag_len The length of the tag to generate in Bytes: * \param tag_len The length of the tag to generate in Bytes:
* 4, 6, 8, 10, 12, 14 or 16. * 4, 6, 8, 10, 12, 14 or 16.
* *
* \note The tag is written to a separate buffer. To concatenate
* the \p tag with the \p output, as done in <em>RFC-3610:
* Counter with CBC-MAC (CCM)</em>, use
* \p tag = \p output + \p length, and make sure that the
* output buffer is at least \p length + \p tag_len wide.
*
* \return \c 0 on success. * \return \c 0 on success.
* \return A CCM or cipher-specific error code on failure.
*/ */
int mbedtls_ccm_encrypt_and_tag( mbedtls_ccm_context *ctx, size_t length, int mbedtls_ccm_encrypt_and_tag( mbedtls_ccm_context *ctx, size_t length,
const unsigned char *iv, size_t iv_len, const unsigned char *iv, size_t iv_len,
@ -139,8 +150,9 @@ int mbedtls_ccm_encrypt_and_tag( mbedtls_ccm_context *ctx, size_t length,
* \param tag_len The length of the tag in Bytes. * \param tag_len The length of the tag in Bytes.
* 4, 6, 8, 10, 12, 14 or 16. * 4, 6, 8, 10, 12, 14 or 16.
* *
* \return 0 if successful and authenticated, or * \return \c 0 on success. This indicates that the message is authentic.
* #MBEDTLS_ERR_CCM_AUTH_FAILED if the tag does not match. * \return #MBEDTLS_ERR_CCM_AUTH_FAILED if the tag does not match.
* \return A cipher-specific error code on calculation failure.
*/ */
int mbedtls_ccm_auth_decrypt( mbedtls_ccm_context *ctx, size_t length, int mbedtls_ccm_auth_decrypt( mbedtls_ccm_context *ctx, size_t length,
const unsigned char *iv, size_t iv_len, const unsigned char *iv, size_t iv_len,
@ -148,23 +160,13 @@ int mbedtls_ccm_auth_decrypt( mbedtls_ccm_context *ctx, size_t length,
const unsigned char *input, unsigned char *output, const unsigned char *input, unsigned char *output,
const unsigned char *tag, size_t tag_len ); const unsigned char *tag, size_t tag_len );
#ifdef __cplusplus
}
#endif
#else /* MBEDTLS_CCM_ALT */
#include "ccm_alt.h"
#endif /* MBEDTLS_CCM_ALT */
#ifdef __cplusplus
extern "C" {
#endif
#if defined(MBEDTLS_SELF_TEST) && defined(MBEDTLS_AES_C) #if defined(MBEDTLS_SELF_TEST) && defined(MBEDTLS_AES_C)
/** /**
* \brief The CCM checkup routine. * \brief The CCM checkup routine.
* *
* \return \c 0 on success, or \c 1 on failure. * \return \c 0 on success.
* \return \c 1 on failure.
*/ */
int mbedtls_ccm_self_test( int verbose ); int mbedtls_ccm_self_test( int verbose );
#endif /* MBEDTLS_SELF_TEST && MBEDTLS_AES_C */ #endif /* MBEDTLS_SELF_TEST && MBEDTLS_AES_C */

338
thirdparty/mbedtls/include/mbedtls/cipher.h vendored
View File

@ -1,7 +1,9 @@
/** /**
* \file cipher.h * \file cipher.h
* *
* \brief The generic cipher wrapper. * \brief This file contains an abstraction interface for use with the cipher
* primitives provided by the library. It provides a common interface to all of
* the available cipher operations.
* *
* \author Adriaan de Jong <dejong@fox-it.com> * \author Adriaan de Jong <dejong@fox-it.com>
*/ */
@ -69,93 +71,112 @@ extern "C" {
#endif #endif
/** /**
* \brief An enumeration of supported ciphers. * \brief Supported cipher types.
* *
* \warning ARC4 and DES are considered weak ciphers and their use * \warning RC4 and DES are considered weak ciphers and their use
* constitutes a security risk. We recommend considering stronger * constitutes a security risk. Arm recommends considering stronger
* ciphers instead. * ciphers instead.
*/ */
typedef enum { typedef enum {
MBEDTLS_CIPHER_ID_NONE = 0, MBEDTLS_CIPHER_ID_NONE = 0, /**< Placeholder to mark the end of cipher ID lists. */
MBEDTLS_CIPHER_ID_NULL, MBEDTLS_CIPHER_ID_NULL, /**< The identity cipher, treated as a stream cipher. */
MBEDTLS_CIPHER_ID_AES, MBEDTLS_CIPHER_ID_AES, /**< The AES cipher. */
MBEDTLS_CIPHER_ID_DES, MBEDTLS_CIPHER_ID_DES, /**< The DES cipher. */
MBEDTLS_CIPHER_ID_3DES, MBEDTLS_CIPHER_ID_3DES, /**< The Triple DES cipher. */
MBEDTLS_CIPHER_ID_CAMELLIA, MBEDTLS_CIPHER_ID_CAMELLIA, /**< The Camellia cipher. */
MBEDTLS_CIPHER_ID_BLOWFISH, MBEDTLS_CIPHER_ID_BLOWFISH, /**< The Blowfish cipher. */
MBEDTLS_CIPHER_ID_ARC4, MBEDTLS_CIPHER_ID_ARC4, /**< The RC4 cipher. */
MBEDTLS_CIPHER_ID_ARIA, /**< The Aria cipher. */
} mbedtls_cipher_id_t; } mbedtls_cipher_id_t;
/** /**
* \brief An enumeration of supported (cipher, mode) pairs. * \brief Supported {cipher type, cipher mode} pairs.
* *
* \warning ARC4 and DES are considered weak ciphers and their use * \warning RC4 and DES are considered weak ciphers and their use
* constitutes a security risk. We recommend considering stronger * constitutes a security risk. Arm recommends considering stronger
* ciphers instead. * ciphers instead.
*/ */
typedef enum { typedef enum {
MBEDTLS_CIPHER_NONE = 0, MBEDTLS_CIPHER_NONE = 0, /**< Placeholder to mark the end of cipher-pair lists. */
MBEDTLS_CIPHER_NULL, MBEDTLS_CIPHER_NULL, /**< The identity stream cipher. */
MBEDTLS_CIPHER_AES_128_ECB, MBEDTLS_CIPHER_AES_128_ECB, /**< AES cipher with 128-bit ECB mode. */
MBEDTLS_CIPHER_AES_192_ECB, MBEDTLS_CIPHER_AES_192_ECB, /**< AES cipher with 192-bit ECB mode. */
MBEDTLS_CIPHER_AES_256_ECB, MBEDTLS_CIPHER_AES_256_ECB, /**< AES cipher with 256-bit ECB mode. */
MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_CIPHER_AES_128_CBC, /**< AES cipher with 128-bit CBC mode. */
MBEDTLS_CIPHER_AES_192_CBC, MBEDTLS_CIPHER_AES_192_CBC, /**< AES cipher with 192-bit CBC mode. */
MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_CIPHER_AES_256_CBC, /**< AES cipher with 256-bit CBC mode. */
MBEDTLS_CIPHER_AES_128_CFB128, MBEDTLS_CIPHER_AES_128_CFB128, /**< AES cipher with 128-bit CFB128 mode. */
MBEDTLS_CIPHER_AES_192_CFB128, MBEDTLS_CIPHER_AES_192_CFB128, /**< AES cipher with 192-bit CFB128 mode. */
MBEDTLS_CIPHER_AES_256_CFB128, MBEDTLS_CIPHER_AES_256_CFB128, /**< AES cipher with 256-bit CFB128 mode. */
MBEDTLS_CIPHER_AES_128_CTR, MBEDTLS_CIPHER_AES_128_CTR, /**< AES cipher with 128-bit CTR mode. */
MBEDTLS_CIPHER_AES_192_CTR, MBEDTLS_CIPHER_AES_192_CTR, /**< AES cipher with 192-bit CTR mode. */
MBEDTLS_CIPHER_AES_256_CTR, MBEDTLS_CIPHER_AES_256_CTR, /**< AES cipher with 256-bit CTR mode. */
MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_CIPHER_AES_128_GCM, /**< AES cipher with 128-bit GCM mode. */
MBEDTLS_CIPHER_AES_192_GCM, MBEDTLS_CIPHER_AES_192_GCM, /**< AES cipher with 192-bit GCM mode. */
MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_CIPHER_AES_256_GCM, /**< AES cipher with 256-bit GCM mode. */
MBEDTLS_CIPHER_CAMELLIA_128_ECB, MBEDTLS_CIPHER_CAMELLIA_128_ECB, /**< Camellia cipher with 128-bit ECB mode. */
MBEDTLS_CIPHER_CAMELLIA_192_ECB, MBEDTLS_CIPHER_CAMELLIA_192_ECB, /**< Camellia cipher with 192-bit ECB mode. */
MBEDTLS_CIPHER_CAMELLIA_256_ECB, MBEDTLS_CIPHER_CAMELLIA_256_ECB, /**< Camellia cipher with 256-bit ECB mode. */
MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_CIPHER_CAMELLIA_128_CBC, /**< Camellia cipher with 128-bit CBC mode. */
MBEDTLS_CIPHER_CAMELLIA_192_CBC, MBEDTLS_CIPHER_CAMELLIA_192_CBC, /**< Camellia cipher with 192-bit CBC mode. */
MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_CIPHER_CAMELLIA_256_CBC, /**< Camellia cipher with 256-bit CBC mode. */
MBEDTLS_CIPHER_CAMELLIA_128_CFB128, MBEDTLS_CIPHER_CAMELLIA_128_CFB128, /**< Camellia cipher with 128-bit CFB128 mode. */
MBEDTLS_CIPHER_CAMELLIA_192_CFB128, MBEDTLS_CIPHER_CAMELLIA_192_CFB128, /**< Camellia cipher with 192-bit CFB128 mode. */
MBEDTLS_CIPHER_CAMELLIA_256_CFB128, MBEDTLS_CIPHER_CAMELLIA_256_CFB128, /**< Camellia cipher with 256-bit CFB128 mode. */
MBEDTLS_CIPHER_CAMELLIA_128_CTR, MBEDTLS_CIPHER_CAMELLIA_128_CTR, /**< Camellia cipher with 128-bit CTR mode. */
MBEDTLS_CIPHER_CAMELLIA_192_CTR, MBEDTLS_CIPHER_CAMELLIA_192_CTR, /**< Camellia cipher with 192-bit CTR mode. */
MBEDTLS_CIPHER_CAMELLIA_256_CTR, MBEDTLS_CIPHER_CAMELLIA_256_CTR, /**< Camellia cipher with 256-bit CTR mode. */
MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_CIPHER_CAMELLIA_128_GCM, /**< Camellia cipher with 128-bit GCM mode. */
MBEDTLS_CIPHER_CAMELLIA_192_GCM, MBEDTLS_CIPHER_CAMELLIA_192_GCM, /**< Camellia cipher with 192-bit GCM mode. */
MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_CIPHER_CAMELLIA_256_GCM, /**< Camellia cipher with 256-bit GCM mode. */
MBEDTLS_CIPHER_DES_ECB, MBEDTLS_CIPHER_DES_ECB, /**< DES cipher with ECB mode. */
MBEDTLS_CIPHER_DES_CBC, MBEDTLS_CIPHER_DES_CBC, /**< DES cipher with CBC mode. */
MBEDTLS_CIPHER_DES_EDE_ECB, MBEDTLS_CIPHER_DES_EDE_ECB, /**< DES cipher with EDE ECB mode. */
MBEDTLS_CIPHER_DES_EDE_CBC, MBEDTLS_CIPHER_DES_EDE_CBC, /**< DES cipher with EDE CBC mode. */
MBEDTLS_CIPHER_DES_EDE3_ECB, MBEDTLS_CIPHER_DES_EDE3_ECB, /**< DES cipher with EDE3 ECB mode. */
MBEDTLS_CIPHER_DES_EDE3_CBC, MBEDTLS_CIPHER_DES_EDE3_CBC, /**< DES cipher with EDE3 CBC mode. */
MBEDTLS_CIPHER_BLOWFISH_ECB, MBEDTLS_CIPHER_BLOWFISH_ECB, /**< Blowfish cipher with ECB mode. */
MBEDTLS_CIPHER_BLOWFISH_CBC, MBEDTLS_CIPHER_BLOWFISH_CBC, /**< Blowfish cipher with CBC mode. */
MBEDTLS_CIPHER_BLOWFISH_CFB64, MBEDTLS_CIPHER_BLOWFISH_CFB64, /**< Blowfish cipher with CFB64 mode. */
MBEDTLS_CIPHER_BLOWFISH_CTR, MBEDTLS_CIPHER_BLOWFISH_CTR, /**< Blowfish cipher with CTR mode. */
MBEDTLS_CIPHER_ARC4_128, MBEDTLS_CIPHER_ARC4_128, /**< RC4 cipher with 128-bit mode. */
MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_CIPHER_AES_128_CCM, /**< AES cipher with 128-bit CCM mode. */
MBEDTLS_CIPHER_AES_192_CCM, MBEDTLS_CIPHER_AES_192_CCM, /**< AES cipher with 192-bit CCM mode. */
MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_CIPHER_AES_256_CCM, /**< AES cipher with 256-bit CCM mode. */
MBEDTLS_CIPHER_CAMELLIA_128_CCM, MBEDTLS_CIPHER_CAMELLIA_128_CCM, /**< Camellia cipher with 128-bit CCM mode. */
MBEDTLS_CIPHER_CAMELLIA_192_CCM, MBEDTLS_CIPHER_CAMELLIA_192_CCM, /**< Camellia cipher with 192-bit CCM mode. */
MBEDTLS_CIPHER_CAMELLIA_256_CCM, MBEDTLS_CIPHER_CAMELLIA_256_CCM, /**< Camellia cipher with 256-bit CCM mode. */
MBEDTLS_CIPHER_ARIA_128_ECB, /**< Aria cipher with 128-bit key and ECB mode. */
MBEDTLS_CIPHER_ARIA_192_ECB, /**< Aria cipher with 192-bit key and ECB mode. */
MBEDTLS_CIPHER_ARIA_256_ECB, /**< Aria cipher with 256-bit key and ECB mode. */
MBEDTLS_CIPHER_ARIA_128_CBC, /**< Aria cipher with 128-bit key and CBC mode. */
MBEDTLS_CIPHER_ARIA_192_CBC, /**< Aria cipher with 192-bit key and CBC mode. */
MBEDTLS_CIPHER_ARIA_256_CBC, /**< Aria cipher with 256-bit key and CBC mode. */
MBEDTLS_CIPHER_ARIA_128_CFB128, /**< Aria cipher with 128-bit key and CFB-128 mode. */
MBEDTLS_CIPHER_ARIA_192_CFB128, /**< Aria cipher with 192-bit key and CFB-128 mode. */
MBEDTLS_CIPHER_ARIA_256_CFB128, /**< Aria cipher with 256-bit key and CFB-128 mode. */
MBEDTLS_CIPHER_ARIA_128_CTR, /**< Aria cipher with 128-bit key and CTR mode. */
MBEDTLS_CIPHER_ARIA_192_CTR, /**< Aria cipher with 192-bit key and CTR mode. */
MBEDTLS_CIPHER_ARIA_256_CTR, /**< Aria cipher with 256-bit key and CTR mode. */
MBEDTLS_CIPHER_ARIA_128_GCM, /**< Aria cipher with 128-bit key and GCM mode. */
MBEDTLS_CIPHER_ARIA_192_GCM, /**< Aria cipher with 192-bit key and GCM mode. */
MBEDTLS_CIPHER_ARIA_256_GCM, /**< Aria cipher with 256-bit key and GCM mode. */
MBEDTLS_CIPHER_ARIA_128_CCM, /**< Aria cipher with 128-bit key and CCM mode. */
MBEDTLS_CIPHER_ARIA_192_CCM, /**< Aria cipher with 192-bit key and CCM mode. */
MBEDTLS_CIPHER_ARIA_256_CCM, /**< Aria cipher with 256-bit key and CCM mode. */
} mbedtls_cipher_type_t; } mbedtls_cipher_type_t;
/** Supported cipher modes. */ /** Supported cipher modes. */
typedef enum { typedef enum {
MBEDTLS_MODE_NONE = 0, MBEDTLS_MODE_NONE = 0, /**< None. */
MBEDTLS_MODE_ECB, MBEDTLS_MODE_ECB, /**< The ECB cipher mode. */
MBEDTLS_MODE_CBC, MBEDTLS_MODE_CBC, /**< The CBC cipher mode. */
MBEDTLS_MODE_CFB, MBEDTLS_MODE_CFB, /**< The CFB cipher mode. */
MBEDTLS_MODE_OFB, /* Unused! */ MBEDTLS_MODE_OFB, /**< The OFB cipher mode - unsupported. */
MBEDTLS_MODE_CTR, MBEDTLS_MODE_CTR, /**< The CTR cipher mode. */
MBEDTLS_MODE_GCM, MBEDTLS_MODE_GCM, /**< The GCM cipher mode. */
MBEDTLS_MODE_STREAM, MBEDTLS_MODE_STREAM, /**< The stream cipher mode. */
MBEDTLS_MODE_CCM, MBEDTLS_MODE_CCM, /**< The CCM cipher mode. */
} mbedtls_cipher_mode_t; } mbedtls_cipher_mode_t;
/** Supported cipher padding types. */ /** Supported cipher padding types. */
@ -163,8 +184,8 @@ typedef enum {
MBEDTLS_PADDING_PKCS7 = 0, /**< PKCS7 padding (default). */ MBEDTLS_PADDING_PKCS7 = 0, /**< PKCS7 padding (default). */
MBEDTLS_PADDING_ONE_AND_ZEROS, /**< ISO/IEC 7816-4 padding. */ MBEDTLS_PADDING_ONE_AND_ZEROS, /**< ISO/IEC 7816-4 padding. */
MBEDTLS_PADDING_ZEROS_AND_LEN, /**< ANSI X.923 padding. */ MBEDTLS_PADDING_ZEROS_AND_LEN, /**< ANSI X.923 padding. */
MBEDTLS_PADDING_ZEROS, /**< zero padding (not reversible). */ MBEDTLS_PADDING_ZEROS, /**< Zero padding (not reversible). */
MBEDTLS_PADDING_NONE, /**< never pad (full blocks only). */ MBEDTLS_PADDING_NONE, /**< Never pad (full blocks only). */
} mbedtls_cipher_padding_t; } mbedtls_cipher_padding_t;
/** Type of operation. */ /** Type of operation. */
@ -228,7 +249,10 @@ typedef struct {
*/ */
unsigned int iv_size; unsigned int iv_size;
/** Flags to set. For example, if the cipher supports variable IV sizes or variable key sizes. */ /** Bitflag comprised of MBEDTLS_CIPHER_VARIABLE_IV_LEN and
* MBEDTLS_CIPHER_VARIABLE_KEY_LEN indicating whether the
* cipher supports variable IV or variable key sizes, respectively.
*/
int flags; int flags;
/** The block size, in Bytes. */ /** The block size, in Bytes. */
@ -299,7 +323,8 @@ const int *mbedtls_cipher_list( void );
* \param cipher_name Name of the cipher to search for. * \param cipher_name Name of the cipher to search for.
* *
* \return The cipher information structure associated with the * \return The cipher information structure associated with the
* given \p cipher_name, or NULL if not found. * given \p cipher_name.
* \return NULL if the associated cipher information is not found.
*/ */
const mbedtls_cipher_info_t *mbedtls_cipher_info_from_string( const char *cipher_name ); const mbedtls_cipher_info_t *mbedtls_cipher_info_from_string( const char *cipher_name );
@ -310,7 +335,8 @@ const mbedtls_cipher_info_t *mbedtls_cipher_info_from_string( const char *cipher
* \param cipher_type Type of the cipher to search for. * \param cipher_type Type of the cipher to search for.
* *
* \return The cipher information structure associated with the * \return The cipher information structure associated with the
* given \p cipher_type, or NULL if not found. * given \p cipher_type.
* \return NULL if the associated cipher information is not found.
*/ */
const mbedtls_cipher_info_t *mbedtls_cipher_info_from_type( const mbedtls_cipher_type_t cipher_type ); const mbedtls_cipher_info_t *mbedtls_cipher_info_from_type( const mbedtls_cipher_type_t cipher_type );
@ -325,7 +351,8 @@ const mbedtls_cipher_info_t *mbedtls_cipher_info_from_type( const mbedtls_cipher
* \param mode The cipher mode. For example, #MBEDTLS_MODE_CBC. * \param mode The cipher mode. For example, #MBEDTLS_MODE_CBC.
* *
* \return The cipher information structure associated with the * \return The cipher information structure associated with the
* given \p cipher_id, or NULL if not found. * given \p cipher_id.
* \return NULL if the associated cipher information is not found.
*/ */
const mbedtls_cipher_info_t *mbedtls_cipher_info_from_values( const mbedtls_cipher_id_t cipher_id, const mbedtls_cipher_info_t *mbedtls_cipher_info_from_values( const mbedtls_cipher_id_t cipher_id,
int key_bitlen, int key_bitlen,
@ -352,10 +379,11 @@ void mbedtls_cipher_free( mbedtls_cipher_context_t *ctx );
* \param ctx The context to initialize. May not be NULL. * \param ctx The context to initialize. May not be NULL.
* \param cipher_info The cipher to use. * \param cipher_info The cipher to use.
* *
* \return \c 0 on success, * \return \c 0 on success.
* #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on parameter failure, * \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on
* #MBEDTLS_ERR_CIPHER_ALLOC_FAILED if allocation of the * parameter-verification failure.
* cipher-specific context failed. * \return #MBEDTLS_ERR_CIPHER_ALLOC_FAILED if allocation of the
* cipher-specific context fails.
* *
* \internal Currently, the function also clears the structure. * \internal Currently, the function also clears the structure.
* In future versions, the caller will be required to call * In future versions, the caller will be required to call
@ -368,8 +396,8 @@ int mbedtls_cipher_setup( mbedtls_cipher_context_t *ctx, const mbedtls_cipher_in
* *
* \param ctx The context of the cipher. Must be initialized. * \param ctx The context of the cipher. Must be initialized.
* *
* \return The size of the blocks of the cipher, or zero if \p ctx * \return The size of the blocks of the cipher.
* has not been initialized. * \return 0 if \p ctx has not been initialized.
*/ */
static inline unsigned int mbedtls_cipher_get_block_size( const mbedtls_cipher_context_t *ctx ) static inline unsigned int mbedtls_cipher_get_block_size( const mbedtls_cipher_context_t *ctx )
{ {
@ -385,8 +413,8 @@ static inline unsigned int mbedtls_cipher_get_block_size( const mbedtls_cipher_c
* *
* \param ctx The context of the cipher. Must be initialized. * \param ctx The context of the cipher. Must be initialized.
* *
* \return The mode of operation, or #MBEDTLS_MODE_NONE if * \return The mode of operation.
* \p ctx has not been initialized. * \return #MBEDTLS_MODE_NONE if \p ctx has not been initialized.
*/ */
static inline mbedtls_cipher_mode_t mbedtls_cipher_get_cipher_mode( const mbedtls_cipher_context_t *ctx ) static inline mbedtls_cipher_mode_t mbedtls_cipher_get_cipher_mode( const mbedtls_cipher_context_t *ctx )
{ {
@ -402,9 +430,9 @@ static inline mbedtls_cipher_mode_t mbedtls_cipher_get_cipher_mode( const mbedtl
* *
* \param ctx The context of the cipher. Must be initialized. * \param ctx The context of the cipher. Must be initialized.
* *
* \return <ul><li>If no IV has been set: the recommended IV size. * \return The recommended IV size if no IV has been set.
* 0 for ciphers not using IV or nonce.</li> * \return \c 0 for ciphers not using an IV or a nonce.
* <li>If IV has already been set: the actual size.</li></ul> * \return The actual size if an IV has been set.
*/ */
static inline int mbedtls_cipher_get_iv_size( const mbedtls_cipher_context_t *ctx ) static inline int mbedtls_cipher_get_iv_size( const mbedtls_cipher_context_t *ctx )
{ {
@ -422,8 +450,8 @@ static inline int mbedtls_cipher_get_iv_size( const mbedtls_cipher_context_t *ct
* *
* \param ctx The context of the cipher. Must be initialized. * \param ctx The context of the cipher. Must be initialized.
* *
* \return The type of the cipher, or #MBEDTLS_CIPHER_NONE if * \return The type of the cipher.
* \p ctx has not been initialized. * \return #MBEDTLS_CIPHER_NONE if \p ctx has not been initialized.
*/ */
static inline mbedtls_cipher_type_t mbedtls_cipher_get_type( const mbedtls_cipher_context_t *ctx ) static inline mbedtls_cipher_type_t mbedtls_cipher_get_type( const mbedtls_cipher_context_t *ctx )
{ {
@ -439,8 +467,8 @@ static inline mbedtls_cipher_type_t mbedtls_cipher_get_type( const mbedtls_ciphe
* *
* \param ctx The context of the cipher. Must be initialized. * \param ctx The context of the cipher. Must be initialized.
* *
* \return The name of the cipher, or NULL if \p ctx has not * \return The name of the cipher.
* been not initialized. * \return NULL if \p ctx has not been not initialized.
*/ */
static inline const char *mbedtls_cipher_get_name( const mbedtls_cipher_context_t *ctx ) static inline const char *mbedtls_cipher_get_name( const mbedtls_cipher_context_t *ctx )
{ {
@ -455,8 +483,8 @@ static inline const char *mbedtls_cipher_get_name( const mbedtls_cipher_context_
* *
* \param ctx The context of the cipher. Must be initialized. * \param ctx The context of the cipher. Must be initialized.
* *
* \return The key length of the cipher in bits, or * \return The key length of the cipher in bits.
* #MBEDTLS_KEY_LENGTH_NONE if ctx \p has not been * \return #MBEDTLS_KEY_LENGTH_NONE if ctx \p has not been
* initialized. * initialized.
*/ */
static inline int mbedtls_cipher_get_key_bitlen( const mbedtls_cipher_context_t *ctx ) static inline int mbedtls_cipher_get_key_bitlen( const mbedtls_cipher_context_t *ctx )
@ -472,9 +500,8 @@ static inline int mbedtls_cipher_get_key_bitlen( const mbedtls_cipher_context_t
* *
* \param ctx The context of the cipher. Must be initialized. * \param ctx The context of the cipher. Must be initialized.
* *
* \return The type of operation: #MBEDTLS_ENCRYPT or * \return The type of operation: #MBEDTLS_ENCRYPT or #MBEDTLS_DECRYPT.
* #MBEDTLS_DECRYPT, or #MBEDTLS_OPERATION_NONE if \p ctx * \return #MBEDTLS_OPERATION_NONE if \p ctx has not been initialized.
* has not been initialized.
*/ */
static inline mbedtls_operation_t mbedtls_cipher_get_operation( const mbedtls_cipher_context_t *ctx ) static inline mbedtls_operation_t mbedtls_cipher_get_operation( const mbedtls_cipher_context_t *ctx )
{ {
@ -495,9 +522,10 @@ static inline mbedtls_operation_t mbedtls_cipher_get_operation( const mbedtls_ci
* \param operation The operation that the key will be used for: * \param operation The operation that the key will be used for:
* #MBEDTLS_ENCRYPT or #MBEDTLS_DECRYPT. * #MBEDTLS_ENCRYPT or #MBEDTLS_DECRYPT.
* *
* \returns \c 0 on success, #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA if * \return \c 0 on success.
* parameter verification fails, or a cipher-specific * \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on
* error code. * parameter-verification failure.
* \return A cipher-specific error code on failure.
*/ */
int mbedtls_cipher_setkey( mbedtls_cipher_context_t *ctx, const unsigned char *key, int mbedtls_cipher_setkey( mbedtls_cipher_context_t *ctx, const unsigned char *key,
int key_bitlen, const mbedtls_operation_t operation ); int key_bitlen, const mbedtls_operation_t operation );
@ -512,9 +540,10 @@ int mbedtls_cipher_setkey( mbedtls_cipher_context_t *ctx, const unsigned char *k
* \param ctx The generic cipher context. * \param ctx The generic cipher context.
* \param mode The padding mode. * \param mode The padding mode.
* *
* \returns \c 0 on success, #MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE * \return \c 0 on success.
* if the selected padding mode is not supported, or * \return #MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE
* #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA if the cipher mode * if the selected padding mode is not supported.
* \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA if the cipher mode
* does not support padding. * does not support padding.
*/ */
int mbedtls_cipher_set_padding_mode( mbedtls_cipher_context_t *ctx, mbedtls_cipher_padding_t mode ); int mbedtls_cipher_set_padding_mode( mbedtls_cipher_context_t *ctx, mbedtls_cipher_padding_t mode );
@ -524,15 +553,17 @@ int mbedtls_cipher_set_padding_mode( mbedtls_cipher_context_t *ctx, mbedtls_ciph
* \brief This function sets the initialization vector (IV) * \brief This function sets the initialization vector (IV)
* or nonce. * or nonce.
* *
* \note Some ciphers do not use IVs nor nonce. For these
* ciphers, this function has no effect.
*
* \param ctx The generic cipher context. * \param ctx The generic cipher context.
* \param iv The IV to use, or NONCE_COUNTER for CTR-mode ciphers. * \param iv The IV to use, or NONCE_COUNTER for CTR-mode ciphers.
* \param iv_len The IV length for ciphers with variable-size IV. * \param iv_len The IV length for ciphers with variable-size IV.
* This parameter is discarded by ciphers with fixed-size IV. * This parameter is discarded by ciphers with fixed-size IV.
* *
* \returns \c 0 on success, or #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA * \return \c 0 on success.
* * \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on
* \note Some ciphers do not use IVs nor nonce. For these * parameter-verification failure.
* ciphers, this function has no effect.
*/ */
int mbedtls_cipher_set_iv( mbedtls_cipher_context_t *ctx, int mbedtls_cipher_set_iv( mbedtls_cipher_context_t *ctx,
const unsigned char *iv, size_t iv_len ); const unsigned char *iv, size_t iv_len );
@ -542,8 +573,9 @@ int mbedtls_cipher_set_iv( mbedtls_cipher_context_t *ctx,
* *
* \param ctx The generic cipher context. * \param ctx The generic cipher context.
* *
* \returns \c 0 on success, #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA * \return \c 0 on success.
* if parameter verification fails. * \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on
* parameter-verification failure.
*/ */
int mbedtls_cipher_reset( mbedtls_cipher_context_t *ctx ); int mbedtls_cipher_reset( mbedtls_cipher_context_t *ctx );
@ -557,7 +589,8 @@ int mbedtls_cipher_reset( mbedtls_cipher_context_t *ctx );
* \param ad The additional data to use. * \param ad The additional data to use.
* \param ad_len the Length of \p ad. * \param ad_len the Length of \p ad.
* *
* \return \c 0 on success, or a specific error code on failure. * \return \c 0 on success.
* \return A specific error code on failure.
*/ */
int mbedtls_cipher_update_ad( mbedtls_cipher_context_t *ctx, int mbedtls_cipher_update_ad( mbedtls_cipher_context_t *ctx,
const unsigned char *ad, size_t ad_len ); const unsigned char *ad, size_t ad_len );
@ -573,6 +606,11 @@ int mbedtls_cipher_update_ad( mbedtls_cipher_context_t *ctx,
* Exception: For MBEDTLS_MODE_ECB, expects a single block * Exception: For MBEDTLS_MODE_ECB, expects a single block
* in size. For example, 16 Bytes for AES. * in size. For example, 16 Bytes for AES.
* *
* \note If the underlying cipher is used in GCM mode, all calls
* to this function, except for the last one before
* mbedtls_cipher_finish(), must have \p ilen as a
* multiple of the block size of the cipher.
*
* \param ctx The generic cipher context. * \param ctx The generic cipher context.
* \param input The buffer holding the input data. * \param input The buffer holding the input data.
* \param ilen The length of the input data. * \param ilen The length of the input data.
@ -582,16 +620,12 @@ int mbedtls_cipher_update_ad( mbedtls_cipher_context_t *ctx,
* \param olen The length of the output data, to be updated with the * \param olen The length of the output data, to be updated with the
* actual number of Bytes written. * actual number of Bytes written.
* *
* \returns \c 0 on success, #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA if * \return \c 0 on success.
* parameter verification fails, * \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on
* #MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE on an * parameter-verification failure.
* unsupported mode for a cipher, or a cipher-specific * \return #MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE on an
* error code. * unsupported mode for a cipher.
* * \return A cipher-specific error code on failure.
* \note If the underlying cipher is GCM, all calls to this
* function, except the last one before
* mbedtls_cipher_finish(). Must have \p ilen as a
* multiple of the block_size.
*/ */
int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx, const unsigned char *input, int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx, const unsigned char *input,
size_t ilen, unsigned char *output, size_t *olen ); size_t ilen, unsigned char *output, size_t *olen );
@ -606,13 +640,14 @@ int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx, const unsigned char *i
* \param output The buffer to write data to. Needs block_size available. * \param output The buffer to write data to. Needs block_size available.
* \param olen The length of the data written to the \p output buffer. * \param olen The length of the data written to the \p output buffer.
* *
* \returns \c 0 on success, #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA if * \return \c 0 on success.
* parameter verification fails, * \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on
* #MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED if decryption * parameter-verification failure.
* expected a full block but was not provided one, * \return #MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED on decryption
* #MBEDTLS_ERR_CIPHER_INVALID_PADDING on invalid padding * expecting a full block but not receiving one.
* while decrypting, or a cipher-specific error code * \return #MBEDTLS_ERR_CIPHER_INVALID_PADDING on invalid padding
* on failure for any other reason. * while decrypting.
* \return A cipher-specific error code on failure.
*/ */
int mbedtls_cipher_finish( mbedtls_cipher_context_t *ctx, int mbedtls_cipher_finish( mbedtls_cipher_context_t *ctx,
unsigned char *output, size_t *olen ); unsigned char *output, size_t *olen );
@ -627,7 +662,8 @@ int mbedtls_cipher_finish( mbedtls_cipher_context_t *ctx,
* \param tag The buffer to write the tag to. * \param tag The buffer to write the tag to.
* \param tag_len The length of the tag to write. * \param tag_len The length of the tag to write.
* *
* \return \c 0 on success, or a specific error code on failure. * \return \c 0 on success.
* \return A specific error code on failure.
*/ */
int mbedtls_cipher_write_tag( mbedtls_cipher_context_t *ctx, int mbedtls_cipher_write_tag( mbedtls_cipher_context_t *ctx,
unsigned char *tag, size_t tag_len ); unsigned char *tag, size_t tag_len );
@ -641,7 +677,8 @@ int mbedtls_cipher_write_tag( mbedtls_cipher_context_t *ctx,
* \param tag The buffer holding the tag. * \param tag The buffer holding the tag.
* \param tag_len The length of the tag to check. * \param tag_len The length of the tag to check.
* *
* \return \c 0 on success, or a specific error code on failure. * \return \c 0 on success.
* \return A specific error code on failure.
*/ */
int mbedtls_cipher_check_tag( mbedtls_cipher_context_t *ctx, int mbedtls_cipher_check_tag( mbedtls_cipher_context_t *ctx,
const unsigned char *tag, size_t tag_len ); const unsigned char *tag, size_t tag_len );
@ -667,13 +704,14 @@ int mbedtls_cipher_check_tag( mbedtls_cipher_context_t *ctx,
* \note Some ciphers do not use IVs nor nonce. For these * \note Some ciphers do not use IVs nor nonce. For these
* ciphers, use \p iv = NULL and \p iv_len = 0. * ciphers, use \p iv = NULL and \p iv_len = 0.
* *
* \returns \c 0 on success, or * \return \c 0 on success.
* #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, or * \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on
* #MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED if decryption * parameter-verification failure.
* expected a full block but was not provided one, or * \return #MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED on decryption
* #MBEDTLS_ERR_CIPHER_INVALID_PADDING on invalid padding * expecting a full block but not receiving one.
* while decrypting, or a cipher-specific error code on * \return #MBEDTLS_ERR_CIPHER_INVALID_PADDING on invalid padding
* failure for any other reason. * while decrypting.
* \return A cipher-specific error code on failure.
*/ */
int mbedtls_cipher_crypt( mbedtls_cipher_context_t *ctx, int mbedtls_cipher_crypt( mbedtls_cipher_context_t *ctx,
const unsigned char *iv, size_t iv_len, const unsigned char *iv, size_t iv_len,
@ -699,9 +737,10 @@ int mbedtls_cipher_crypt( mbedtls_cipher_context_t *ctx,
* \param tag The buffer for the authentication tag. * \param tag The buffer for the authentication tag.
* \param tag_len The desired length of the authentication tag. * \param tag_len The desired length of the authentication tag.
* *
* \returns \c 0 on success, or * \return \c 0 on success.
* #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, or * \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on
* a cipher-specific error code. * parameter-verification failure.
* \return A cipher-specific error code on failure.
*/ */
int mbedtls_cipher_auth_encrypt( mbedtls_cipher_context_t *ctx, int mbedtls_cipher_auth_encrypt( mbedtls_cipher_context_t *ctx,
const unsigned char *iv, size_t iv_len, const unsigned char *iv, size_t iv_len,
@ -713,6 +752,10 @@ int mbedtls_cipher_auth_encrypt( mbedtls_cipher_context_t *ctx,
/** /**
* \brief The generic autenticated decryption (AEAD) function. * \brief The generic autenticated decryption (AEAD) function.
* *
* \note If the data is not authentic, then the output buffer
* is zeroed out to prevent the unauthentic plaintext being
* used, making this interface safer.
*
* \param ctx The generic cipher context. * \param ctx The generic cipher context.
* \param iv The IV to use, or NONCE_COUNTER for CTR-mode ciphers. * \param iv The IV to use, or NONCE_COUNTER for CTR-mode ciphers.
* \param iv_len The IV length for ciphers with variable-size IV. * \param iv_len The IV length for ciphers with variable-size IV.
@ -728,14 +771,11 @@ int mbedtls_cipher_auth_encrypt( mbedtls_cipher_context_t *ctx,
* \param tag The buffer holding the authentication tag. * \param tag The buffer holding the authentication tag.
* \param tag_len The length of the authentication tag. * \param tag_len The length of the authentication tag.
* *
* \returns \c 0 on success, or * \return \c 0 on success.
* #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, or * \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on
* #MBEDTLS_ERR_CIPHER_AUTH_FAILED if data is not authentic, * parameter-verification failure.
* or a cipher-specific error code on failure for any other reason. * \return #MBEDTLS_ERR_CIPHER_AUTH_FAILED if data is not authentic.
* * \return A cipher-specific error code on failure.
* \note If the data is not authentic, then the output buffer
* is zeroed out to prevent the unauthentic plaintext being
* used, making this interface safer.
*/ */
int mbedtls_cipher_auth_decrypt( mbedtls_cipher_context_t *ctx, int mbedtls_cipher_auth_decrypt( mbedtls_cipher_context_t *ctx,
const unsigned char *iv, size_t iv_len, const unsigned char *iv, size_t iv_len,

54
thirdparty/mbedtls/include/mbedtls/cmac.h vendored
View File

@ -1,8 +1,10 @@
/** /**
* \file cmac.h * \file cmac.h
* *
* \brief The Cipher-based Message Authentication Code (CMAC) Mode for * \brief This file contains CMAC definitions and functions.
* Authentication. *
* The Cipher-based Message Authentication Code (CMAC) Mode for
* Authentication is defined in <em>RFC-4493: The AES-CMAC Algorithm</em>.
*/ */
/* /*
* Copyright (C) 2015-2018, Arm Limited (or its affiliates), All Rights Reserved * Copyright (C) 2015-2018, Arm Limited (or its affiliates), All Rights Reserved
@ -38,9 +40,9 @@ extern "C" {
#define MBEDTLS_DES3_BLOCK_SIZE 8 #define MBEDTLS_DES3_BLOCK_SIZE 8
#if defined(MBEDTLS_AES_C) #if defined(MBEDTLS_AES_C)
#define MBEDTLS_CIPHER_BLKSIZE_MAX 16 /* The longest block used by CMAC is that of AES. */ #define MBEDTLS_CIPHER_BLKSIZE_MAX 16 /**< The longest block used by CMAC is that of AES. */
#else #else
#define MBEDTLS_CIPHER_BLKSIZE_MAX 8 /* The longest block used by CMAC is that of 3DES. */ #define MBEDTLS_CIPHER_BLKSIZE_MAX 8 /**< The longest block used by CMAC is that of 3DES. */
#endif #endif
#if !defined(MBEDTLS_CMAC_ALT) #if !defined(MBEDTLS_CMAC_ALT)
@ -61,22 +63,25 @@ struct mbedtls_cmac_context_t
size_t unprocessed_len; size_t unprocessed_len;
}; };
#else /* !MBEDTLS_CMAC_ALT */
#include "cmac_alt.h"
#endif /* !MBEDTLS_CMAC_ALT */
/** /**
* \brief This function sets the CMAC key, and prepares to authenticate * \brief This function sets the CMAC key, and prepares to authenticate
* the input data. * the input data.
* Must be called with an initialized cipher context. * Must be called with an initialized cipher context.
* *
* \param ctx The cipher context used for the CMAC operation, initialized * \param ctx The cipher context used for the CMAC operation, initialized
* as one of the following types:<ul> * as one of the following types: MBEDTLS_CIPHER_AES_128_ECB,
* <li>MBEDTLS_CIPHER_AES_128_ECB</li> * MBEDTLS_CIPHER_AES_192_ECB, MBEDTLS_CIPHER_AES_256_ECB,
* <li>MBEDTLS_CIPHER_AES_192_ECB</li> * or MBEDTLS_CIPHER_DES_EDE3_ECB.
* <li>MBEDTLS_CIPHER_AES_256_ECB</li>
* <li>MBEDTLS_CIPHER_DES_EDE3_ECB</li></ul>
* \param key The CMAC key. * \param key The CMAC key.
* \param keybits The length of the CMAC key in bits. * \param keybits The length of the CMAC key in bits.
* Must be supported by the cipher. * Must be supported by the cipher.
* *
* \return \c 0 on success, or a cipher-specific error code. * \return \c 0 on success.
* \return A cipher-specific error code on failure.
*/ */
int mbedtls_cipher_cmac_starts( mbedtls_cipher_context_t *ctx, int mbedtls_cipher_cmac_starts( mbedtls_cipher_context_t *ctx,
const unsigned char *key, size_t keybits ); const unsigned char *key, size_t keybits );
@ -93,8 +98,9 @@ int mbedtls_cipher_cmac_starts( mbedtls_cipher_context_t *ctx,
* \param input The buffer holding the input data. * \param input The buffer holding the input data.
* \param ilen The length of the input data. * \param ilen The length of the input data.
* *
* \returns \c 0 on success, or #MBEDTLS_ERR_MD_BAD_INPUT_DATA * \return \c 0 on success.
* if parameter verification fails. * \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA
* if parameter verification fails.
*/ */
int mbedtls_cipher_cmac_update( mbedtls_cipher_context_t *ctx, int mbedtls_cipher_cmac_update( mbedtls_cipher_context_t *ctx,
const unsigned char *input, size_t ilen ); const unsigned char *input, size_t ilen );
@ -110,7 +116,8 @@ int mbedtls_cipher_cmac_update( mbedtls_cipher_context_t *ctx,
* \param ctx The cipher context used for the CMAC operation. * \param ctx The cipher context used for the CMAC operation.
* \param output The output buffer for the CMAC checksum result. * \param output The output buffer for the CMAC checksum result.
* *
* \returns \c 0 on success, or #MBEDTLS_ERR_MD_BAD_INPUT_DATA * \return \c 0 on success.
* \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA
* if parameter verification fails. * if parameter verification fails.
*/ */
int mbedtls_cipher_cmac_finish( mbedtls_cipher_context_t *ctx, int mbedtls_cipher_cmac_finish( mbedtls_cipher_context_t *ctx,
@ -126,7 +133,8 @@ int mbedtls_cipher_cmac_finish( mbedtls_cipher_context_t *ctx,
* *
* \param ctx The cipher context used for the CMAC operation. * \param ctx The cipher context used for the CMAC operation.
* *
* \returns \c 0 on success, or #MBEDTLS_ERR_MD_BAD_INPUT_DATA * \return \c 0 on success.
* \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA
* if parameter verification fails. * if parameter verification fails.
*/ */
int mbedtls_cipher_cmac_reset( mbedtls_cipher_context_t *ctx ); int mbedtls_cipher_cmac_reset( mbedtls_cipher_context_t *ctx );
@ -149,7 +157,8 @@ int mbedtls_cipher_cmac_reset( mbedtls_cipher_context_t *ctx );
* \param ilen The length of the input data. * \param ilen The length of the input data.
* \param output The buffer for the generic CMAC result. * \param output The buffer for the generic CMAC result.
* *
* \returns \c 0 on success, or #MBEDTLS_ERR_MD_BAD_INPUT_DATA * \return \c 0 on success.
* \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA
* if parameter verification fails. * if parameter verification fails.
*/ */
int mbedtls_cipher_cmac( const mbedtls_cipher_info_t *cipher_info, int mbedtls_cipher_cmac( const mbedtls_cipher_info_t *cipher_info,
@ -180,23 +189,12 @@ int mbedtls_aes_cmac_prf_128( const unsigned char *key, size_t key_len,
unsigned char output[16] ); unsigned char output[16] );
#endif /* MBEDTLS_AES_C */ #endif /* MBEDTLS_AES_C */
#ifdef __cplusplus
}
#endif
#else /* !MBEDTLS_CMAC_ALT */
#include "cmac_alt.h"
#endif /* !MBEDTLS_CMAC_ALT */
#ifdef __cplusplus
extern "C" {
#endif
#if defined(MBEDTLS_SELF_TEST) && ( defined(MBEDTLS_AES_C) || defined(MBEDTLS_DES_C) ) #if defined(MBEDTLS_SELF_TEST) && ( defined(MBEDTLS_AES_C) || defined(MBEDTLS_DES_C) )
/** /**
* \brief The CMAC checkup routine. * \brief The CMAC checkup routine.
* *
* \return \c 0 on success, or \c 1 on failure. * \return \c 0 on success.
* \return \c 1 on failure.
*/ */
int mbedtls_cmac_self_test( int verbose ); int mbedtls_cmac_self_test( int verbose );
#endif /* MBEDTLS_SELF_TEST && ( MBEDTLS_AES_C || MBEDTLS_DES_C ) */ #endif /* MBEDTLS_SELF_TEST && ( MBEDTLS_AES_C || MBEDTLS_DES_C ) */

126
thirdparty/mbedtls/include/mbedtls/config.h vendored
View File

@ -48,10 +48,14 @@
* Requires support for asm() in compiler. * Requires support for asm() in compiler.
* *
* Used in: * Used in:
* library/aria.c
* library/timing.c * library/timing.c
* library/padlock.c
* include/mbedtls/bn_mul.h * include/mbedtls/bn_mul.h
* *
* Required by:
* MBEDTLS_AESNI_C
* MBEDTLS_PADLOCK_C
*
* Comment to disable the use of assembly code. * Comment to disable the use of assembly code.
*/ */
#define MBEDTLS_HAVE_ASM #define MBEDTLS_HAVE_ASM
@ -271,6 +275,7 @@
*/ */
//#define MBEDTLS_AES_ALT //#define MBEDTLS_AES_ALT
//#define MBEDTLS_ARC4_ALT //#define MBEDTLS_ARC4_ALT
//#define MBEDTLS_ARIA_ALT
//#define MBEDTLS_BLOWFISH_ALT //#define MBEDTLS_BLOWFISH_ALT
//#define MBEDTLS_CAMELLIA_ALT //#define MBEDTLS_CAMELLIA_ALT
//#define MBEDTLS_CCM_ALT //#define MBEDTLS_CCM_ALT
@ -288,6 +293,7 @@
//#define MBEDTLS_SHA256_ALT //#define MBEDTLS_SHA256_ALT
//#define MBEDTLS_SHA512_ALT //#define MBEDTLS_SHA512_ALT
//#define MBEDTLS_XTEA_ALT //#define MBEDTLS_XTEA_ALT
/* /*
* When replacing the elliptic curve module, pleace consider, that it is * When replacing the elliptic curve module, pleace consider, that it is
* implemented with two .c files: * implemented with two .c files:
@ -440,12 +446,45 @@
/** /**
* \def MBEDTLS_AES_ROM_TABLES * \def MBEDTLS_AES_ROM_TABLES
* *
* Store the AES tables in ROM. * Use precomputed AES tables stored in ROM.
*
* Uncomment this macro to use precomputed AES tables stored in ROM.
* Comment this macro to generate AES tables in RAM at runtime.
*
* Tradeoff: Using precomputed ROM tables reduces RAM usage by ~8kb
* (or ~2kb if \c MBEDTLS_AES_FEWER_TABLES is used) and reduces the
* initialization time before the first AES operation can be performed.
* It comes at the cost of additional ~8kb ROM use (resp. ~2kb if \c
* MBEDTLS_AES_FEWER_TABLES below is used), and potentially degraded
* performance if ROM access is slower than RAM access.
*
* This option is independent of \c MBEDTLS_AES_FEWER_TABLES.
* *
* Uncomment this macro to store the AES tables in ROM.
*/ */
//#define MBEDTLS_AES_ROM_TABLES //#define MBEDTLS_AES_ROM_TABLES
/**
* \def MBEDTLS_AES_FEWER_TABLES
*
* Use less ROM/RAM for AES tables.
*
* Uncommenting this macro omits 75% of the AES tables from
* ROM / RAM (depending on the value of \c MBEDTLS_AES_ROM_TABLES)
* by computing their values on the fly during operations
* (the tables are entry-wise rotations of one another).
*
* Tradeoff: Uncommenting this reduces the RAM / ROM footprint
* by ~6kb but at the cost of more arithmetic operations during
* runtime. Specifically, one has to compare 4 accesses within
* different tables to 4 accesses with additional arithmetic
* operations within the same table. The performance gain/loss
* depends on the system and memory details.
*
* This option is independent of \c MBEDTLS_AES_ROM_TABLES.
*
*/
//#define MBEDTLS_AES_FEWER_TABLES
/** /**
* \def MBEDTLS_CAMELLIA_SMALL_MEMORY * \def MBEDTLS_CAMELLIA_SMALL_MEMORY
* *
@ -576,6 +615,7 @@
#define MBEDTLS_ECP_DP_BP384R1_ENABLED #define MBEDTLS_ECP_DP_BP384R1_ENABLED
#define MBEDTLS_ECP_DP_BP512R1_ENABLED #define MBEDTLS_ECP_DP_BP512R1_ENABLED
#define MBEDTLS_ECP_DP_CURVE25519_ENABLED #define MBEDTLS_ECP_DP_CURVE25519_ENABLED
#define MBEDTLS_ECP_DP_CURVE448_ENABLED
/** /**
* \def MBEDTLS_ECP_NIST_OPTIM * \def MBEDTLS_ECP_NIST_OPTIM
@ -1583,7 +1623,7 @@
* Enable the AES block cipher. * Enable the AES block cipher.
* *
* Module: library/aes.c * Module: library/aes.c
* Caller: library/ssl_tls.c * Caller: library/cipher.c
* library/pem.c * library/pem.c
* library/ctr_drbg.c * library/ctr_drbg.c
* *
@ -1658,7 +1698,7 @@
* Enable the ARCFOUR stream cipher. * Enable the ARCFOUR stream cipher.
* *
* Module: library/arc4.c * Module: library/arc4.c
* Caller: library/ssl_tls.c * Caller: library/cipher.c
* *
* This module enables the following ciphersuites (if other requisites are * This module enables the following ciphersuites (if other requisites are
* enabled as well): * enabled as well):
@ -1752,7 +1792,7 @@
* Enable the Camellia block cipher. * Enable the Camellia block cipher.
* *
* Module: library/camellia.c * Module: library/camellia.c
* Caller: library/ssl_tls.c * Caller: library/cipher.c
* *
* This module enables the following ciphersuites (if other requisites are * This module enables the following ciphersuites (if other requisites are
* enabled as well): * enabled as well):
@ -1801,6 +1841,58 @@
*/ */
#define MBEDTLS_CAMELLIA_C #define MBEDTLS_CAMELLIA_C
/**
* \def MBEDTLS_ARIA_C
*
* Enable the ARIA block cipher.
*
* Module: library/aria.c
* Caller: library/cipher.c
*
* This module enables the following ciphersuites (if other requisites are
* enabled as well):
*
* MBEDTLS_TLS_RSA_WITH_ARIA_128_CBC_SHA256
* MBEDTLS_TLS_RSA_WITH_ARIA_256_CBC_SHA384
* MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256
* MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384
* MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256
* MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384
* MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256
* MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384
* MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256
* MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384
* MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256
* MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384
* MBEDTLS_TLS_RSA_WITH_ARIA_128_GCM_SHA256
* MBEDTLS_TLS_RSA_WITH_ARIA_256_GCM_SHA384
* MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256
* MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384
* MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256
* MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384
* MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256
* MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384
* MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256
* MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384
* MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256
* MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384
* MBEDTLS_TLS_PSK_WITH_ARIA_128_CBC_SHA256
* MBEDTLS_TLS_PSK_WITH_ARIA_256_CBC_SHA384
* MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256
* MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384
* MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256
* MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384
* MBEDTLS_TLS_PSK_WITH_ARIA_128_GCM_SHA256
* MBEDTLS_TLS_PSK_WITH_ARIA_256_GCM_SHA384
* MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256
* MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384
* MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256
* MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384
* MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256
* MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384
*/
//#define MBEDTLS_ARIA_C
/** /**
* \def MBEDTLS_CCM_C * \def MBEDTLS_CCM_C
* *
@ -1887,7 +1979,7 @@
* *
* Module: library/des.c * Module: library/des.c
* Caller: library/pem.c * Caller: library/pem.c
* library/ssl_tls.c * library/cipher.c
* *
* This module enables the following ciphersuites (if other requisites are * This module enables the following ciphersuites (if other requisites are
* enabled as well): * enabled as well):
@ -2818,6 +2910,26 @@
*/ */
#define MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE #define MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE
/**
* Uncomment the macro to let mbed TLS use your alternate implementation of
* mbedtls_platform_zeroize(). This replaces the default implementation in
* platform_util.c.
*
* mbedtls_platform_zeroize() is a widely used function across the library to
* zero a block of memory. The implementation is expected to be secure in the
* sense that it has been written to prevent the compiler from removing calls
* to mbedtls_platform_zeroize() as part of redundant code elimination
* optimizations. However, it is difficult to guarantee that calls to
* mbedtls_platform_zeroize() will not be optimized by the compiler as older
* versions of the C language standards do not provide a secure implementation
* of memset(). Therefore, MBEDTLS_PLATFORM_ZEROIZE_ALT enables users to
* configure their own implementation of mbedtls_platform_zeroize(), for
* example by using directives specific to their compiler, features from newer
* C standards (e.g using memset_s() in C11) or calling a secure memset() from
* their system (e.g explicit_bzero() in BSD).
*/
//#define MBEDTLS_PLATFORM_ZEROIZE_ALT
/* \} name SECTION: Customisation configuration options */ /* \} name SECTION: Customisation configuration options */
/* Target and application specific configurations */ /* Target and application specific configurations */

58
thirdparty/mbedtls/include/mbedtls/ctr_drbg.h vendored
View File

@ -1,10 +1,15 @@
/** /**
* \file ctr_drbg.h * \file ctr_drbg.h
* *
* \brief CTR_DRBG is based on AES-256, as defined in <em>NIST SP 800-90A: * \brief This file contains CTR_DRBG definitions and functions.
* Recommendation for Random Number Generation Using Deterministic
* Random Bit Generators</em>.
* *
* CTR_DRBG is a standardized way of building a PRNG from a block-cipher
* in counter mode operation, as defined in <em>NIST SP 800-90A:
* Recommendation for Random Number Generation Using Deterministic Random
* Bit Generators</em>.
*
* The Mbed TLS implementation of CTR_DRBG uses AES-256 as the underlying
* block cipher.
*/ */
/* /*
* Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved * Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved
@ -156,8 +161,8 @@ void mbedtls_ctr_drbg_init( mbedtls_ctr_drbg_context *ctx );
identifiers. Can be NULL. identifiers. Can be NULL.
* \param len The length of the personalization data. * \param len The length of the personalization data.
* *
* \return \c 0 on success, or * \return \c 0 on success.
* #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED on failure. * \return #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED on failure.
*/ */
int mbedtls_ctr_drbg_seed( mbedtls_ctr_drbg_context *ctx, int mbedtls_ctr_drbg_seed( mbedtls_ctr_drbg_context *ctx,
int (*f_entropy)(void *, unsigned char *, size_t), int (*f_entropy)(void *, unsigned char *, size_t),
@ -216,22 +221,24 @@ void mbedtls_ctr_drbg_set_reseed_interval( mbedtls_ctr_drbg_context *ctx,
* \param additional Additional data to add to the state. Can be NULL. * \param additional Additional data to add to the state. Can be NULL.
* \param len The length of the additional data. * \param len The length of the additional data.
* *
* \return \c 0 on success, or * \return \c 0 on success.
* #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED on failure. * \return #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED on failure.
*/ */
int mbedtls_ctr_drbg_reseed( mbedtls_ctr_drbg_context *ctx, int mbedtls_ctr_drbg_reseed( mbedtls_ctr_drbg_context *ctx,
const unsigned char *additional, size_t len ); const unsigned char *additional, size_t len );
/** /**
* \brief This function updates the state of the CTR_DRBG context. * \brief This function updates the state of the CTR_DRBG context.
* *
* \param ctx The CTR_DRBG context. * \note If \p add_len is greater than
* \param additional The data to update the state with. * #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT, only the first
* \param add_len Length of \p additional data. * #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT Bytes are used.
* The remaining Bytes are silently discarded.
*
* \param ctx The CTR_DRBG context.
* \param additional The data to update the state with.
* \param add_len Length of \p additional data.
* *
* \note If \p add_len is greater than #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT,
* only the first #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT Bytes are used.
* The remaining Bytes are silently discarded.
*/ */
void mbedtls_ctr_drbg_update( mbedtls_ctr_drbg_context *ctx, void mbedtls_ctr_drbg_update( mbedtls_ctr_drbg_context *ctx,
const unsigned char *additional, size_t add_len ); const unsigned char *additional, size_t add_len );
@ -249,8 +256,8 @@ void mbedtls_ctr_drbg_update( mbedtls_ctr_drbg_context *ctx,
* \param additional Additional data to update. Can be NULL. * \param additional Additional data to update. Can be NULL.
* \param add_len The length of the additional data. * \param add_len The length of the additional data.
* *
* \return \c 0 on success, or * \return \c 0 on success.
* #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED or * \return #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED or
* #MBEDTLS_ERR_CTR_DRBG_REQUEST_TOO_BIG on failure. * #MBEDTLS_ERR_CTR_DRBG_REQUEST_TOO_BIG on failure.
*/ */
int mbedtls_ctr_drbg_random_with_add( void *p_rng, int mbedtls_ctr_drbg_random_with_add( void *p_rng,
@ -267,8 +274,8 @@ int mbedtls_ctr_drbg_random_with_add( void *p_rng,
* \param output The buffer to fill. * \param output The buffer to fill.
* \param output_len The length of the buffer. * \param output_len The length of the buffer.
* *
* \return \c 0 on success, or * \return \c 0 on success.
* #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED or * \return #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED or
* #MBEDTLS_ERR_CTR_DRBG_REQUEST_TOO_BIG on failure. * #MBEDTLS_ERR_CTR_DRBG_REQUEST_TOO_BIG on failure.
*/ */
int mbedtls_ctr_drbg_random( void *p_rng, int mbedtls_ctr_drbg_random( void *p_rng,
@ -281,9 +288,9 @@ int mbedtls_ctr_drbg_random( void *p_rng,
* \param ctx The CTR_DRBG context. * \param ctx The CTR_DRBG context.
* \param path The name of the file. * \param path The name of the file.
* *
* \return \c 0 on success, * \return \c 0 on success.
* #MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR on file error, or * \return #MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR on file error.
* #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED on * \return #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED on
* failure. * failure.
*/ */
int mbedtls_ctr_drbg_write_seed_file( mbedtls_ctr_drbg_context *ctx, const char *path ); int mbedtls_ctr_drbg_write_seed_file( mbedtls_ctr_drbg_context *ctx, const char *path );
@ -295,9 +302,9 @@ int mbedtls_ctr_drbg_write_seed_file( mbedtls_ctr_drbg_context *ctx, const char
* \param ctx The CTR_DRBG context. * \param ctx The CTR_DRBG context.
* \param path The name of the file. * \param path The name of the file.
* *
* \return \c 0 on success, * \return \c 0 on success.
* #MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR on file error, * \return #MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR on file error.
* #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED or * \return #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED or
* #MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG on failure. * #MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG on failure.
*/ */
int mbedtls_ctr_drbg_update_seed_file( mbedtls_ctr_drbg_context *ctx, const char *path ); int mbedtls_ctr_drbg_update_seed_file( mbedtls_ctr_drbg_context *ctx, const char *path );
@ -306,7 +313,8 @@ int mbedtls_ctr_drbg_update_seed_file( mbedtls_ctr_drbg_context *ctx, const char
/** /**
* \brief The CTR_DRBG checkup routine. * \brief The CTR_DRBG checkup routine.
* *
* \return \c 0 on success, or \c 1 on failure. * \return \c 0 on success.
* \return \c 1 on failure.
*/ */
int mbedtls_ctr_drbg_self_test( int verbose ); int mbedtls_ctr_drbg_self_test( int verbose );

23
thirdparty/mbedtls/include/mbedtls/des.h vendored
View File

@ -46,14 +46,14 @@
#define MBEDTLS_DES_KEY_SIZE 8 #define MBEDTLS_DES_KEY_SIZE 8
#if !defined(MBEDTLS_DES_ALT)
// Regular implementation
//
#ifdef __cplusplus #ifdef __cplusplus
extern "C" { extern "C" {
#endif #endif
#if !defined(MBEDTLS_DES_ALT)
// Regular implementation
//
/** /**
* \brief DES context structure * \brief DES context structure
* *
@ -76,6 +76,10 @@ typedef struct
} }
mbedtls_des3_context; mbedtls_des3_context;
#else /* MBEDTLS_DES_ALT */
#include "des_alt.h"
#endif /* MBEDTLS_DES_ALT */
/** /**
* \brief Initialize DES context * \brief Initialize DES context
* *
@ -331,17 +335,6 @@ int mbedtls_des3_crypt_cbc( mbedtls_des3_context *ctx,
*/ */
void mbedtls_des_setkey( uint32_t SK[32], void mbedtls_des_setkey( uint32_t SK[32],
const unsigned char key[MBEDTLS_DES_KEY_SIZE] ); const unsigned char key[MBEDTLS_DES_KEY_SIZE] );
#ifdef __cplusplus
}
#endif
#else /* MBEDTLS_DES_ALT */
#include "des_alt.h"
#endif /* MBEDTLS_DES_ALT */
#ifdef __cplusplus
extern "C" {
#endif
/** /**
* \brief Checkup routine * \brief Checkup routine

130
thirdparty/mbedtls/include/mbedtls/dhm.h vendored
View File

@ -1,7 +1,13 @@
/** /**
* \file dhm.h * \file dhm.h
* *
* \brief Diffie-Hellman-Merkle key exchange. * \brief This file contains Diffie-Hellman-Merkle (DHM) key exchange
* definitions and functions.
*
* Diffie-Hellman-Merkle (DHM) key exchange is defined in
* <em>RFC-2631: Diffie-Hellman Key Agreement Method</em> and
* <em>Public-Key Cryptography Standards (PKCS) #3: Diffie
* Hellman Key Agreement Standard</em>.
* *
* <em>RFC-3526: More Modular Exponential (MODP) Diffie-Hellman groups for * <em>RFC-3526: More Modular Exponential (MODP) Diffie-Hellman groups for
* Internet Key Exchange (IKE)</em> defines a number of standardized * Internet Key Exchange (IKE)</em> defines a number of standardized
@ -65,7 +71,6 @@
#include MBEDTLS_CONFIG_FILE #include MBEDTLS_CONFIG_FILE
#endif #endif
#include "bignum.h" #include "bignum.h"
#if !defined(MBEDTLS_DHM_ALT)
/* /*
* DHM Error codes * DHM Error codes
@ -86,6 +91,8 @@
extern "C" { extern "C" {
#endif #endif
#if !defined(MBEDTLS_DHM_ALT)
/** /**
* \brief The DHM context structure. * \brief The DHM context structure.
*/ */
@ -105,6 +112,10 @@ typedef struct
} }
mbedtls_dhm_context; mbedtls_dhm_context;
#else /* MBEDTLS_DHM_ALT */
#include "dhm_alt.h"
#endif /* MBEDTLS_DHM_ALT */
/** /**
* \brief This function initializes the DHM context. * \brief This function initializes the DHM context.
* *
@ -125,8 +136,8 @@ void mbedtls_dhm_init( mbedtls_dhm_context *ctx );
* failures. * failures.
* \param end The end of the input buffer. * \param end The end of the input buffer.
* *
* \return \c 0 on success, or an \c MBEDTLS_ERR_DHM_XXX error code * \return \c 0 on success.
* on failure. * \return An \c MBEDTLS_ERR_DHM_XXX error code on failure.
*/ */
int mbedtls_dhm_read_params( mbedtls_dhm_context *ctx, int mbedtls_dhm_read_params( mbedtls_dhm_context *ctx,
unsigned char **p, unsigned char **p,
@ -136,13 +147,6 @@ int mbedtls_dhm_read_params( mbedtls_dhm_context *ctx,
* \brief This function sets up and writes the ServerKeyExchange * \brief This function sets up and writes the ServerKeyExchange
* parameters. * parameters.
* *
* \param ctx The DHM context.
* \param x_size The private value size in Bytes.
* \param olen The number of characters written.
* \param output The destination buffer.
* \param f_rng The RNG function.
* \param p_rng The RNG parameter.
*
* \note The destination buffer must be large enough to hold * \note The destination buffer must be large enough to hold
* the reduced binary presentation of the modulus, the generator * the reduced binary presentation of the modulus, the generator
* and the public key, each wrapped with a 2-byte length field. * and the public key, each wrapped with a 2-byte length field.
@ -155,8 +159,15 @@ int mbedtls_dhm_read_params( mbedtls_dhm_context *ctx,
* mbedtls_dhm_set_group() below in conjunction with * mbedtls_dhm_set_group() below in conjunction with
* mbedtls_mpi_read_binary() and mbedtls_mpi_read_string(). * mbedtls_mpi_read_binary() and mbedtls_mpi_read_string().
* *
* \return \c 0 on success, or an \c MBEDTLS_ERR_DHM_XXX error code * \param ctx The DHM context.
* on failure. * \param x_size The private key size in Bytes.
* \param olen The number of characters written.
* \param output The destination buffer.
* \param f_rng The RNG function.
* \param p_rng The RNG context.
*
* \return \c 0 on success.
* \return An \c MBEDTLS_ERR_DHM_XXX error code on failure.
*/ */
int mbedtls_dhm_make_params( mbedtls_dhm_context *ctx, int x_size, int mbedtls_dhm_make_params( mbedtls_dhm_context *ctx, int x_size,
unsigned char *output, size_t *olen, unsigned char *output, size_t *olen,
@ -164,54 +175,54 @@ int mbedtls_dhm_make_params( mbedtls_dhm_context *ctx, int x_size,
void *p_rng ); void *p_rng );
/** /**
* \brief Set prime modulus and generator * \brief This function sets the prime modulus and generator.
*
* \note This function can be used to set \p P, \p G
* in preparation for mbedtls_dhm_make_params().
* *
* \param ctx The DHM context. * \param ctx The DHM context.
* \param P The MPI holding DHM prime modulus. * \param P The MPI holding the DHM prime modulus.
* \param G The MPI holding DHM generator. * \param G The MPI holding the DHM generator.
* *
* \note This function can be used to set P, G * \return \c 0 if successful.
* in preparation for \c mbedtls_dhm_make_params. * \return An \c MBEDTLS_ERR_DHM_XXX error code on failure.
*
* \return \c 0 if successful, or an \c MBEDTLS_ERR_DHM_XXX error code
* on failure.
*/ */
int mbedtls_dhm_set_group( mbedtls_dhm_context *ctx, int mbedtls_dhm_set_group( mbedtls_dhm_context *ctx,
const mbedtls_mpi *P, const mbedtls_mpi *P,
const mbedtls_mpi *G ); const mbedtls_mpi *G );
/** /**
* \brief This function imports the public value G^Y of the peer. * \brief This function imports the public value of the peer, G^Y.
* *
* \param ctx The DHM context. * \param ctx The DHM context.
* \param input The input buffer. * \param input The input buffer containing the G^Y value of the peer.
* \param ilen The size of the input buffer. * \param ilen The size of the input buffer.
* *
* \return \c 0 on success, or an \c MBEDTLS_ERR_DHM_XXX error code * \return \c 0 on success.
* on failure. * \return An \c MBEDTLS_ERR_DHM_XXX error code on failure.
*/ */
int mbedtls_dhm_read_public( mbedtls_dhm_context *ctx, int mbedtls_dhm_read_public( mbedtls_dhm_context *ctx,
const unsigned char *input, size_t ilen ); const unsigned char *input, size_t ilen );
/** /**
* \brief This function creates its own private value \c X and * \brief This function creates its own private key, \c X, and
* exports \c G^X. * exports \c G^X.
* *
* \note The destination buffer is always fully written
* so as to contain a big-endian representation of G^X mod P.
* If it is larger than ctx->len, it is padded accordingly
* with zero-bytes at the beginning.
*
* \param ctx The DHM context. * \param ctx The DHM context.
* \param x_size The private value size in Bytes. * \param x_size The private key size in Bytes.
* \param output The destination buffer. * \param output The destination buffer.
* \param olen The length of the destination buffer. Must be at least * \param olen The length of the destination buffer. Must be at least
equal to ctx->len (the size of \c P). * equal to ctx->len (the size of \c P).
* \param f_rng The RNG function. * \param f_rng The RNG function.
* \param p_rng The RNG parameter. * \param p_rng The RNG context.
* *
* \note The destination buffer will always be fully written * \return \c 0 on success.
* so as to contain a big-endian presentation of G^X mod P. * \return An \c MBEDTLS_ERR_DHM_XXX error code on failure.
* If it is larger than ctx->len, it will accordingly be
* padded with zero-bytes in the beginning.
*
* \return \c 0 on success, or an \c MBEDTLS_ERR_DHM_XXX error code
* on failure.
*/ */
int mbedtls_dhm_make_public( mbedtls_dhm_context *ctx, int x_size, int mbedtls_dhm_make_public( mbedtls_dhm_context *ctx, int x_size,
unsigned char *output, size_t olen, unsigned char *output, size_t olen,
@ -222,22 +233,22 @@ int mbedtls_dhm_make_public( mbedtls_dhm_context *ctx, int x_size,
* \brief This function derives and exports the shared secret * \brief This function derives and exports the shared secret
* \c (G^Y)^X mod \c P. * \c (G^Y)^X mod \c P.
* *
* \note If \p f_rng is not NULL, it is used to blind the input as
* a countermeasure against timing attacks. Blinding is used
* only if our private key \c X is re-used, and not used
* otherwise. We recommend always passing a non-NULL
* \p f_rng argument.
*
* \param ctx The DHM context. * \param ctx The DHM context.
* \param output The destination buffer. * \param output The destination buffer.
* \param output_size The size of the destination buffer. Must be at least * \param output_size The size of the destination buffer. Must be at least
* the size of ctx->len. * the size of ctx->len (the size of \c P).
* \param olen On exit, holds the actual number of Bytes written. * \param olen On exit, holds the actual number of Bytes written.
* \param f_rng The RNG function, for blinding purposes. * \param f_rng The RNG function, for blinding purposes.
* \param p_rng The RNG parameter. * \param p_rng The RNG context.
* *
* \return \c 0 on success, or an \c MBEDTLS_ERR_DHM_XXX error code * \return \c 0 on success.
* on failure. * \return An \c MBEDTLS_ERR_DHM_XXX error code on failure.
*
* \note If non-NULL, \p f_rng is used to blind the input as
* a countermeasure against timing attacks. Blinding is used
* only if our secret value \p X is re-used and omitted
* otherwise. Therefore, we recommend always passing a
* non-NULL \p f_rng argument.
*/ */
int mbedtls_dhm_calc_secret( mbedtls_dhm_context *ctx, int mbedtls_dhm_calc_secret( mbedtls_dhm_context *ctx,
unsigned char *output, size_t output_size, size_t *olen, unsigned char *output, size_t output_size, size_t *olen,
@ -245,7 +256,7 @@ int mbedtls_dhm_calc_secret( mbedtls_dhm_context *ctx,
void *p_rng ); void *p_rng );
/** /**
* \brief This function frees and clears the components of a DHM key. * \brief This function frees and clears the components of a DHM context.
* *
* \param ctx The DHM context to free and clear. * \param ctx The DHM context to free and clear.
*/ */
@ -261,8 +272,9 @@ void mbedtls_dhm_free( mbedtls_dhm_context *ctx );
* \param dhminlen The size of the buffer, including the terminating null * \param dhminlen The size of the buffer, including the terminating null
* Byte for PEM data. * Byte for PEM data.
* *
* \return \c 0 on success, or a specific DHM or PEM error code * \return \c 0 on success.
* on failure. * \return An \c MBEDTLS_ERR_DHM_XXX or \c MBEDTLS_ERR_PEM_XXX error code
* error code on failure.
*/ */
int mbedtls_dhm_parse_dhm( mbedtls_dhm_context *dhm, const unsigned char *dhmin, int mbedtls_dhm_parse_dhm( mbedtls_dhm_context *dhm, const unsigned char *dhmin,
size_t dhminlen ); size_t dhminlen );
@ -275,29 +287,19 @@ int mbedtls_dhm_parse_dhm( mbedtls_dhm_context *dhm, const unsigned char *dhmin,
* \param dhm The DHM context to load the parameters to. * \param dhm The DHM context to load the parameters to.
* \param path The filename to read the DHM parameters from. * \param path The filename to read the DHM parameters from.
* *
* \return \c 0 on success, or a specific DHM or PEM error code * \return \c 0 on success.
* on failure. * \return An \c MBEDTLS_ERR_DHM_XXX or \c MBEDTLS_ERR_PEM_XXX error code
* error code on failure.
*/ */
int mbedtls_dhm_parse_dhmfile( mbedtls_dhm_context *dhm, const char *path ); int mbedtls_dhm_parse_dhmfile( mbedtls_dhm_context *dhm, const char *path );
#endif /* MBEDTLS_FS_IO */ #endif /* MBEDTLS_FS_IO */
#endif /* MBEDTLS_ASN1_PARSE_C */ #endif /* MBEDTLS_ASN1_PARSE_C */
#ifdef __cplusplus
}
#endif
#else /* MBEDTLS_DHM_ALT */
#include "dhm_alt.h"
#endif /* MBEDTLS_DHM_ALT */
#ifdef __cplusplus
extern "C" {
#endif
/** /**
* \brief The DMH checkup routine. * \brief The DMH checkup routine.
* *
* \return \c 0 on success, or \c 1 on failure. * \return \c 0 on success.
* \return \c 1 on failure.
*/ */
int mbedtls_dhm_self_test( int verbose ); int mbedtls_dhm_self_test( int verbose );

113
thirdparty/mbedtls/include/mbedtls/ecdh.h vendored
View File

@ -1,10 +1,11 @@
/** /**
* \file ecdh.h * \file ecdh.h
* *
* \brief The Elliptic Curve Diffie-Hellman (ECDH) protocol APIs. * \brief This file contains ECDH definitions and functions.
* *
* ECDH is an anonymous key agreement protocol allowing two parties to * The Elliptic Curve Diffie-Hellman (ECDH) protocol is an anonymous
* establish a shared secret over an insecure channel. Each party must have an * key agreement protocol allowing two parties to establish a shared
* secret over an insecure channel. Each party must have an
* elliptic-curve publicprivate key pair. * elliptic-curve publicprivate key pair.
* *
* For more information, see <em>NIST SP 800-56A Rev. 2: Recommendation for * For more information, see <em>NIST SP 800-56A Rev. 2: Recommendation for
@ -40,14 +41,12 @@ extern "C" {
#endif #endif
/** /**
* Defines the source of the imported EC key: * Defines the source of the imported EC key.
* <ul><li>Our key.</li>
* <li>The key of the peer.</li></ul>
*/ */
typedef enum typedef enum
{ {
MBEDTLS_ECDH_OURS, MBEDTLS_ECDH_OURS, /**< Our key. */
MBEDTLS_ECDH_THEIRS, MBEDTLS_ECDH_THEIRS, /**< The key of the peer. */
} mbedtls_ecdh_side; } mbedtls_ecdh_side;
/** /**
@ -75,16 +74,18 @@ mbedtls_ecdh_context;
* implemented during the ECDH key exchange. The second core * implemented during the ECDH key exchange. The second core
* computation is performed by mbedtls_ecdh_compute_shared(). * computation is performed by mbedtls_ecdh_compute_shared().
* *
* \see ecp.h
*
* \param grp The ECP group. * \param grp The ECP group.
* \param d The destination MPI (private key). * \param d The destination MPI (private key).
* \param Q The destination point (public key). * \param Q The destination point (public key).
* \param f_rng The RNG function. * \param f_rng The RNG function.
* \param p_rng The RNG parameter. * \param p_rng The RNG context.
* *
* \return \c 0 on success, or an \c MBEDTLS_ERR_ECP_XXX or * \return \c 0 on success.
* \return An \c MBEDTLS_ERR_ECP_XXX or
* \c MBEDTLS_MPI_XXX error code on failure. * \c MBEDTLS_MPI_XXX error code on failure.
* *
* \see ecp.h
*/ */
int mbedtls_ecdh_gen_public( mbedtls_ecp_group *grp, mbedtls_mpi *d, mbedtls_ecp_point *Q, int mbedtls_ecdh_gen_public( mbedtls_ecp_group *grp, mbedtls_mpi *d, mbedtls_ecp_point *Q,
int (*f_rng)(void *, unsigned char *, size_t), int (*f_rng)(void *, unsigned char *, size_t),
@ -97,21 +98,22 @@ int mbedtls_ecdh_gen_public( mbedtls_ecp_group *grp, mbedtls_mpi *d, mbedtls_ecp
* implemented during the ECDH key exchange. The first core * implemented during the ECDH key exchange. The first core
* computation is performed by mbedtls_ecdh_gen_public(). * computation is performed by mbedtls_ecdh_gen_public().
* *
* \see ecp.h
*
* \note If \p f_rng is not NULL, it is used to implement
* countermeasures against side-channel attacks.
* For more information, see mbedtls_ecp_mul().
*
* \param grp The ECP group. * \param grp The ECP group.
* \param z The destination MPI (shared secret). * \param z The destination MPI (shared secret).
* \param Q The public key from another party. * \param Q The public key from another party.
* \param d Our secret exponent (private key). * \param d Our secret exponent (private key).
* \param f_rng The RNG function. * \param f_rng The RNG function.
* \param p_rng The RNG parameter. * \param p_rng The RNG context.
* *
* \return \c 0 on success, or an \c MBEDTLS_ERR_ECP_XXX or * \return \c 0 on success.
* \return An \c MBEDTLS_ERR_ECP_XXX or
* \c MBEDTLS_MPI_XXX error code on failure. * \c MBEDTLS_MPI_XXX error code on failure.
*
* \see ecp.h
*
* \note If \p f_rng is not NULL, it is used to implement
* countermeasures against potential elaborate timing
* attacks. For more information, see mbedtls_ecp_mul().
*/ */
int mbedtls_ecdh_compute_shared( mbedtls_ecp_group *grp, mbedtls_mpi *z, int mbedtls_ecdh_compute_shared( mbedtls_ecp_group *grp, mbedtls_mpi *z,
const mbedtls_ecp_point *Q, const mbedtls_mpi *d, const mbedtls_ecp_point *Q, const mbedtls_mpi *d,
@ -139,21 +141,21 @@ void mbedtls_ecdh_free( mbedtls_ecdh_context *ctx );
* This is the first function used by a TLS server for ECDHE * This is the first function used by a TLS server for ECDHE
* ciphersuites. * ciphersuites.
* *
* \note This function assumes that the ECP group (grp) of the
* \p ctx context has already been properly set,
* for example, using mbedtls_ecp_group_load().
*
* \see ecp.h
*
* \param ctx The ECDH context. * \param ctx The ECDH context.
* \param olen The number of characters written. * \param olen The number of characters written.
* \param buf The destination buffer. * \param buf The destination buffer.
* \param blen The length of the destination buffer. * \param blen The length of the destination buffer.
* \param f_rng The RNG function. * \param f_rng The RNG function.
* \param p_rng The RNG parameter. * \param p_rng The RNG context.
* *
* \note This function assumes that the ECP group (grp) of the * \return \c 0 on success.
* \p ctx context has already been properly set, * \return An \c MBEDTLS_ERR_ECP_XXX error code on failure.
* for example, using mbedtls_ecp_group_load().
*
* \return \c 0 on success, or an \c MBEDTLS_ERR_ECP_XXX error code
* on failure.
*
* \see ecp.h
*/ */
int mbedtls_ecdh_make_params( mbedtls_ecdh_context *ctx, size_t *olen, int mbedtls_ecdh_make_params( mbedtls_ecdh_context *ctx, size_t *olen,
unsigned char *buf, size_t blen, unsigned char *buf, size_t blen,
@ -167,14 +169,15 @@ int mbedtls_ecdh_make_params( mbedtls_ecdh_context *ctx, size_t *olen,
* This is the first function used by a TLS client for ECDHE * This is the first function used by a TLS client for ECDHE
* ciphersuites. * ciphersuites.
* *
* \see ecp.h
*
* \param ctx The ECDH context. * \param ctx The ECDH context.
* \param buf The pointer to the start of the input buffer. * \param buf The pointer to the start of the input buffer.
* \param end The address for one Byte past the end of the buffer. * \param end The address for one Byte past the end of the buffer.
* *
* \return \c 0 on success, or an \c MBEDTLS_ERR_ECP_XXX error code * \return \c 0 on success.
* on failure. * \return An \c MBEDTLS_ERR_ECP_XXX error code on failure.
* *
* \see ecp.h
*/ */
int mbedtls_ecdh_read_params( mbedtls_ecdh_context *ctx, int mbedtls_ecdh_read_params( mbedtls_ecdh_context *ctx,
const unsigned char **buf, const unsigned char *end ); const unsigned char **buf, const unsigned char *end );
@ -186,16 +189,16 @@ int mbedtls_ecdh_read_params( mbedtls_ecdh_context *ctx,
* ServerKeyEchange for static ECDH, and imports ECDH * ServerKeyEchange for static ECDH, and imports ECDH
* parameters from the EC key information of a certificate. * parameters from the EC key information of a certificate.
* *
* \see ecp.h
*
* \param ctx The ECDH context to set up. * \param ctx The ECDH context to set up.
* \param key The EC key to use. * \param key The EC key to use.
* \param side Defines the source of the key: * \param side Defines the source of the key: 1: Our key, or
* <ul><li>1: Our key.</li> * 0: The key of the peer.
<li>0: The key of the peer.</li></ul>
* *
* \return \c 0 on success, or an \c MBEDTLS_ERR_ECP_XXX error code * \return \c 0 on success.
* on failure. * \return An \c MBEDTLS_ERR_ECP_XXX error code on failure.
* *
* \see ecp.h
*/ */
int mbedtls_ecdh_get_params( mbedtls_ecdh_context *ctx, const mbedtls_ecp_keypair *key, int mbedtls_ecdh_get_params( mbedtls_ecdh_context *ctx, const mbedtls_ecp_keypair *key,
mbedtls_ecdh_side side ); mbedtls_ecdh_side side );
@ -207,17 +210,17 @@ int mbedtls_ecdh_get_params( mbedtls_ecdh_context *ctx, const mbedtls_ecp_keypai
* This is the second function used by a TLS client for ECDH(E) * This is the second function used by a TLS client for ECDH(E)
* ciphersuites. * ciphersuites.
* *
* \see ecp.h
*
* \param ctx The ECDH context. * \param ctx The ECDH context.
* \param olen The number of Bytes written. * \param olen The number of Bytes written.
* \param buf The destination buffer. * \param buf The destination buffer.
* \param blen The size of the destination buffer. * \param blen The size of the destination buffer.
* \param f_rng The RNG function. * \param f_rng The RNG function.
* \param p_rng The RNG parameter. * \param p_rng The RNG context.
* *
* \return \c 0 on success, or an \c MBEDTLS_ERR_ECP_XXX error code * \return \c 0 on success.
* on failure. * \return An \c MBEDTLS_ERR_ECP_XXX error code on failure.
*
* \see ecp.h
*/ */
int mbedtls_ecdh_make_public( mbedtls_ecdh_context *ctx, size_t *olen, int mbedtls_ecdh_make_public( mbedtls_ecdh_context *ctx, size_t *olen,
unsigned char *buf, size_t blen, unsigned char *buf, size_t blen,
@ -231,14 +234,14 @@ int mbedtls_ecdh_make_public( mbedtls_ecdh_context *ctx, size_t *olen,
* This is the second function used by a TLS server for ECDH(E) * This is the second function used by a TLS server for ECDH(E)
* ciphersuites. * ciphersuites.
* *
* \see ecp.h
*
* \param ctx The ECDH context. * \param ctx The ECDH context.
* \param buf The start of the input buffer. * \param buf The start of the input buffer.
* \param blen The length of the input buffer. * \param blen The length of the input buffer.
* *
* \return \c 0 on success, or an \c MBEDTLS_ERR_ECP_XXX error code * \return \c 0 on success.
* on failure. * \return An \c MBEDTLS_ERR_ECP_XXX error code on failure.
*
* \see ecp.h
*/ */
int mbedtls_ecdh_read_public( mbedtls_ecdh_context *ctx, int mbedtls_ecdh_read_public( mbedtls_ecdh_context *ctx,
const unsigned char *buf, size_t blen ); const unsigned char *buf, size_t blen );
@ -249,21 +252,21 @@ int mbedtls_ecdh_read_public( mbedtls_ecdh_context *ctx,
* This is the last function used by both TLS client * This is the last function used by both TLS client
* and servers. * and servers.
* *
* \note If \p f_rng is not NULL, it is used to implement
* countermeasures against side-channel attacks.
* For more information, see mbedtls_ecp_mul().
*
* \see ecp.h
*
* \param ctx The ECDH context. * \param ctx The ECDH context.
* \param olen The number of Bytes written. * \param olen The number of Bytes written.
* \param buf The destination buffer. * \param buf The destination buffer.
* \param blen The length of the destination buffer. * \param blen The length of the destination buffer.
* \param f_rng The RNG function. * \param f_rng The RNG function.
* \param p_rng The RNG parameter. * \param p_rng The RNG context.
* *
* \return \c 0 on success, or an \c MBEDTLS_ERR_ECP_XXX error code * \return \c 0 on success.
* on failure. * \return An \c MBEDTLS_ERR_ECP_XXX error code on failure.
*
* \see ecp.h
*
* \note If \p f_rng is not NULL, it is used to implement
* countermeasures against potential elaborate timing
* attacks. For more information, see mbedtls_ecp_mul().
*/ */
int mbedtls_ecdh_calc_secret( mbedtls_ecdh_context *ctx, size_t *olen, int mbedtls_ecdh_calc_secret( mbedtls_ecdh_context *ctx, size_t *olen,
unsigned char *buf, size_t blen, unsigned char *buf, size_t blen,

181
thirdparty/mbedtls/include/mbedtls/ecdsa.h vendored
View File

@ -1,9 +1,10 @@
/** /**
* \file ecdsa.h * \file ecdsa.h
* *
* \brief The Elliptic Curve Digital Signature Algorithm (ECDSA). * \brief This file contains ECDSA definitions and functions.
* *
* ECDSA is defined in <em>Standards for Efficient Cryptography Group (SECG): * The Elliptic Curve Digital Signature Algorithm (ECDSA) is defined in
* <em>Standards for Efficient Cryptography Group (SECG):
* SEC1 Elliptic Curve Cryptography</em>. * SEC1 Elliptic Curve Cryptography</em>.
* The use of ECDSA for TLS is defined in <em>RFC-4492: Elliptic Curve * The use of ECDSA for TLS is defined in <em>RFC-4492: Elliptic Curve
* Cryptography (ECC) Cipher Suites for Transport Layer Security (TLS)</em>. * Cryptography (ECC) Cipher Suites for Transport Layer Security (TLS)</em>.
@ -69,6 +70,14 @@ extern "C" {
* *
* \note The deterministic version is usually preferred. * \note The deterministic version is usually preferred.
* *
* \note If the bitlength of the message hash is larger than the
* bitlength of the group order, then the hash is truncated
* as defined in <em>Standards for Efficient Cryptography Group
* (SECG): SEC1 Elliptic Curve Cryptography</em>, section
* 4.1.3, step 5.
*
* \see ecp.h
*
* \param grp The ECP group. * \param grp The ECP group.
* \param r The first output integer. * \param r The first output integer.
* \param s The second output integer. * \param s The second output integer.
@ -76,18 +85,11 @@ extern "C" {
* \param buf The message hash. * \param buf The message hash.
* \param blen The length of \p buf. * \param blen The length of \p buf.
* \param f_rng The RNG function. * \param f_rng The RNG function.
* \param p_rng The RNG parameter. * \param p_rng The RNG context.
* *
* \note If the bitlength of the message hash is larger than the * \return \c 0 on success.
* bitlength of the group order, then the hash is truncated * \return An \c MBEDTLS_ERR_ECP_XXX
* as defined in <em>Standards for Efficient Cryptography Group
* (SECG): SEC1 Elliptic Curve Cryptography</em>, section
* 4.1.3, step 5.
*
* \return \c 0 on success, or an \c MBEDTLS_ERR_ECP_XXX
* or \c MBEDTLS_MPI_XXX error code on failure. * or \c MBEDTLS_MPI_XXX error code on failure.
*
* \see ecp.h
*/ */
int mbedtls_ecdsa_sign( mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi *s, int mbedtls_ecdsa_sign( mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi *s,
const mbedtls_mpi *d, const unsigned char *buf, size_t blen, const mbedtls_mpi *d, const unsigned char *buf, size_t blen,
@ -97,10 +99,19 @@ int mbedtls_ecdsa_sign( mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi *s,
/** /**
* \brief This function computes the ECDSA signature of a * \brief This function computes the ECDSA signature of a
* previously-hashed message, deterministic version. * previously-hashed message, deterministic version.
*
* For more information, see <em>RFC-6979: Deterministic * For more information, see <em>RFC-6979: Deterministic
* Usage of the Digital Signature Algorithm (DSA) and Elliptic * Usage of the Digital Signature Algorithm (DSA) and Elliptic
* Curve Digital Signature Algorithm (ECDSA)</em>. * Curve Digital Signature Algorithm (ECDSA)</em>.
* *
* \note If the bitlength of the message hash is larger than the
* bitlength of the group order, then the hash is truncated as
* defined in <em>Standards for Efficient Cryptography Group
* (SECG): SEC1 Elliptic Curve Cryptography</em>, section
* 4.1.3, step 5.
*
* \see ecp.h
*
* \param grp The ECP group. * \param grp The ECP group.
* \param r The first output integer. * \param r The first output integer.
* \param s The second output integer. * \param s The second output integer.
@ -109,17 +120,9 @@ int mbedtls_ecdsa_sign( mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi *s,
* \param blen The length of \p buf. * \param blen The length of \p buf.
* \param md_alg The MD algorithm used to hash the message. * \param md_alg The MD algorithm used to hash the message.
* *
* \note If the bitlength of the message hash is larger than the * \return \c 0 on success.
* bitlength of the group order, then the hash is truncated as * \return An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX
* defined in <em>Standards for Efficient Cryptography Group
* (SECG): SEC1 Elliptic Curve Cryptography</em>, section
* 4.1.3, step 5.
*
* \return \c 0 on success,
* or an \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX
* error code on failure. * error code on failure.
*
* \see ecp.h
*/ */
int mbedtls_ecdsa_sign_det( mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi *s, int mbedtls_ecdsa_sign_det( mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi *s,
const mbedtls_mpi *d, const unsigned char *buf, size_t blen, const mbedtls_mpi *d, const unsigned char *buf, size_t blen,
@ -130,6 +133,14 @@ int mbedtls_ecdsa_sign_det( mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi
* \brief This function verifies the ECDSA signature of a * \brief This function verifies the ECDSA signature of a
* previously-hashed message. * previously-hashed message.
* *
* \note If the bitlength of the message hash is larger than the
* bitlength of the group order, then the hash is truncated as
* defined in <em>Standards for Efficient Cryptography Group
* (SECG): SEC1 Elliptic Curve Cryptography</em>, section
* 4.1.4, step 3.
*
* \see ecp.h
*
* \param grp The ECP group. * \param grp The ECP group.
* \param buf The message hash. * \param buf The message hash.
* \param blen The length of \p buf. * \param blen The length of \p buf.
@ -137,18 +148,11 @@ int mbedtls_ecdsa_sign_det( mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi
* \param r The first integer of the signature. * \param r The first integer of the signature.
* \param s The second integer of the signature. * \param s The second integer of the signature.
* *
* \note If the bitlength of the message hash is larger than the * \return \c 0 on success.
* bitlength of the group order, then the hash is truncated as * \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if the signature
* defined in <em>Standards for Efficient Cryptography Group * is invalid.
* (SECG): SEC1 Elliptic Curve Cryptography</em>, section * \return An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX
* 4.1.4, step 3.
*
* \return \c 0 on success,
* #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if signature is invalid,
* or an \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX
* error code on failure for any other reason. * error code on failure for any other reason.
*
* \see ecp.h
*/ */
int mbedtls_ecdsa_verify( mbedtls_ecp_group *grp, int mbedtls_ecdsa_verify( mbedtls_ecp_group *grp,
const unsigned char *buf, size_t blen, const unsigned char *buf, size_t blen,
@ -169,15 +173,6 @@ int mbedtls_ecdsa_verify( mbedtls_ecp_group *grp,
* of the Digital Signature Algorithm (DSA) and Elliptic * of the Digital Signature Algorithm (DSA) and Elliptic
* Curve Digital Signature Algorithm (ECDSA)</em>. * Curve Digital Signature Algorithm (ECDSA)</em>.
* *
* \param ctx The ECDSA context.
* \param md_alg The message digest that was used to hash the message.
* \param hash The message hash.
* \param hlen The length of the hash.
* \param sig The buffer that holds the signature.
* \param slen The length of the signature written.
* \param f_rng The RNG function.
* \param p_rng The RNG parameter.
*
* \note The \p sig buffer must be at least twice as large as the * \note The \p sig buffer must be at least twice as large as the
* size of the curve used, plus 9. For example, 73 Bytes if * size of the curve used, plus 9. For example, 73 Bytes if
* a 256-bit curve is used. A buffer length of * a 256-bit curve is used. A buffer length of
@ -189,11 +184,20 @@ int mbedtls_ecdsa_verify( mbedtls_ecp_group *grp,
* (SECG): SEC1 Elliptic Curve Cryptography</em>, section * (SECG): SEC1 Elliptic Curve Cryptography</em>, section
* 4.1.3, step 5. * 4.1.3, step 5.
* *
* \return \c 0 on success,
* or an \c MBEDTLS_ERR_ECP_XXX, \c MBEDTLS_ERR_MPI_XXX or
* \c MBEDTLS_ERR_ASN1_XXX error code on failure.
*
* \see ecp.h * \see ecp.h
*
* \param ctx The ECDSA context.
* \param md_alg The message digest that was used to hash the message.
* \param hash The message hash.
* \param hlen The length of the hash.
* \param sig The buffer that holds the signature.
* \param slen The length of the signature written.
* \param f_rng The RNG function.
* \param p_rng The RNG context.
*
* \return \c 0 on success.
* \return An \c MBEDTLS_ERR_ECP_XXX, \c MBEDTLS_ERR_MPI_XXX or
* \c MBEDTLS_ERR_ASN1_XXX error code on failure.
*/ */
int mbedtls_ecdsa_write_signature( mbedtls_ecdsa_context *ctx, mbedtls_md_type_t md_alg, int mbedtls_ecdsa_write_signature( mbedtls_ecdsa_context *ctx, mbedtls_md_type_t md_alg,
const unsigned char *hash, size_t hlen, const unsigned char *hash, size_t hlen,
@ -209,26 +213,17 @@ int mbedtls_ecdsa_write_signature( mbedtls_ecdsa_context *ctx, mbedtls_md_type_t
#define MBEDTLS_DEPRECATED #define MBEDTLS_DEPRECATED
#endif #endif
/** /**
* \brief This function computes an ECDSA signature and writes it to a buffer, * \brief This function computes an ECDSA signature and writes
* serialized as defined in <em>RFC-4492: Elliptic Curve Cryptography * it to a buffer, serialized as defined in <em>RFC-4492:
* (ECC) Cipher Suites for Transport Layer Security (TLS)</em>. * Elliptic Curve Cryptography (ECC) Cipher Suites for
* Transport Layer Security (TLS)</em>.
* *
* The deterministic version is defined in <em>RFC-6979: * The deterministic version is defined in <em>RFC-6979:
* Deterministic Usage of the Digital Signature Algorithm (DSA) and * Deterministic Usage of the Digital Signature Algorithm (DSA)
* Elliptic Curve Digital Signature Algorithm (ECDSA)</em>. * and Elliptic Curve Digital Signature Algorithm (ECDSA)</em>.
* *
* \warning It is not thread-safe to use the same context in * \warning It is not thread-safe to use the same context in
* multiple threads. * multiple threads.
*
* \deprecated Superseded by mbedtls_ecdsa_write_signature() in 2.0.0
*
* \param ctx The ECDSA context.
* \param hash The Message hash.
* \param hlen The length of the hash.
* \param sig The buffer that holds the signature.
* \param slen The length of the signature written.
* \param md_alg The MD algorithm used to hash the message.
* *
* \note The \p sig buffer must be at least twice as large as the * \note The \p sig buffer must be at least twice as large as the
* size of the curve used, plus 9. For example, 73 Bytes if a * size of the curve used, plus 9. For example, 73 Bytes if a
@ -241,11 +236,21 @@ int mbedtls_ecdsa_write_signature( mbedtls_ecdsa_context *ctx, mbedtls_md_type_t
* (SECG): SEC1 Elliptic Curve Cryptography</em>, section * (SECG): SEC1 Elliptic Curve Cryptography</em>, section
* 4.1.3, step 5. * 4.1.3, step 5.
* *
* \return \c 0 on success,
* or an \c MBEDTLS_ERR_ECP_XXX, \c MBEDTLS_ERR_MPI_XXX or
* \c MBEDTLS_ERR_ASN1_XXX error code on failure.
*
* \see ecp.h * \see ecp.h
*
* \deprecated Superseded by mbedtls_ecdsa_write_signature() in
* Mbed TLS version 2.0 and later.
*
* \param ctx The ECDSA context.
* \param hash The message hash.
* \param hlen The length of the hash.
* \param sig The buffer that holds the signature.
* \param slen The length of the signature written.
* \param md_alg The MD algorithm used to hash the message.
*
* \return \c 0 on success.
* \return An \c MBEDTLS_ERR_ECP_XXX, \c MBEDTLS_ERR_MPI_XXX or
* \c MBEDTLS_ERR_ASN1_XXX error code on failure.
*/ */
int mbedtls_ecdsa_write_signature_det( mbedtls_ecdsa_context *ctx, int mbedtls_ecdsa_write_signature_det( mbedtls_ecdsa_context *ctx,
const unsigned char *hash, size_t hlen, const unsigned char *hash, size_t hlen,
@ -258,26 +263,26 @@ int mbedtls_ecdsa_write_signature_det( mbedtls_ecdsa_context *ctx,
/** /**
* \brief This function reads and verifies an ECDSA signature. * \brief This function reads and verifies an ECDSA signature.
* *
* \param ctx The ECDSA context.
* \param hash The message hash.
* \param hlen The size of the hash.
* \param sig The signature to read and verify.
* \param slen The size of \p sig.
*
* \note If the bitlength of the message hash is larger than the * \note If the bitlength of the message hash is larger than the
* bitlength of the group order, then the hash is truncated as * bitlength of the group order, then the hash is truncated as
* defined in <em>Standards for Efficient Cryptography Group * defined in <em>Standards for Efficient Cryptography Group
* (SECG): SEC1 Elliptic Curve Cryptography</em>, section * (SECG): SEC1 Elliptic Curve Cryptography</em>, section
* 4.1.4, step 3. * 4.1.4, step 3.
* *
* \return \c 0 on success,
* #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if signature is invalid,
* #MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH if the signature is
* valid but its actual length is less than \p siglen,
* or an \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_ERR_MPI_XXX
* error code on failure for any other reason.
*
* \see ecp.h * \see ecp.h
*
* \param ctx The ECDSA context.
* \param hash The message hash.
* \param hlen The size of the hash.
* \param sig The signature to read and verify.
* \param slen The size of \p sig.
*
* \return \c 0 on success.
* \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if signature is invalid.
* \return #MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH if there is a valid
* signature in \p sig, but its length is less than \p siglen.
* \return An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_ERR_MPI_XXX
* error code on failure for any other reason.
*/ */
int mbedtls_ecdsa_read_signature( mbedtls_ecdsa_context *ctx, int mbedtls_ecdsa_read_signature( mbedtls_ecdsa_context *ctx,
const unsigned char *hash, size_t hlen, const unsigned char *hash, size_t hlen,
@ -286,16 +291,16 @@ int mbedtls_ecdsa_read_signature( mbedtls_ecdsa_context *ctx,
/** /**
* \brief This function generates an ECDSA keypair on the given curve. * \brief This function generates an ECDSA keypair on the given curve.
* *
* \see ecp.h
*
* \param ctx The ECDSA context to store the keypair in. * \param ctx The ECDSA context to store the keypair in.
* \param gid The elliptic curve to use. One of the various * \param gid The elliptic curve to use. One of the various
* \c MBEDTLS_ECP_DP_XXX macros depending on configuration. * \c MBEDTLS_ECP_DP_XXX macros depending on configuration.
* \param f_rng The RNG function. * \param f_rng The RNG function.
* \param p_rng The RNG parameter. * \param p_rng The RNG context.
* *
* \return \c 0 on success, or an \c MBEDTLS_ERR_ECP_XXX code on * \return \c 0 on success.
* failure. * \return An \c MBEDTLS_ERR_ECP_XXX code on failure.
*
* \see ecp.h
*/ */
int mbedtls_ecdsa_genkey( mbedtls_ecdsa_context *ctx, mbedtls_ecp_group_id gid, int mbedtls_ecdsa_genkey( mbedtls_ecdsa_context *ctx, mbedtls_ecp_group_id gid,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ); int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
@ -303,13 +308,13 @@ int mbedtls_ecdsa_genkey( mbedtls_ecdsa_context *ctx, mbedtls_ecp_group_id gid,
/** /**
* \brief This function sets an ECDSA context from an EC key pair. * \brief This function sets an ECDSA context from an EC key pair.
* *
* \see ecp.h
*
* \param ctx The ECDSA context to set. * \param ctx The ECDSA context to set.
* \param key The EC key to use. * \param key The EC key to use.
* *
* \return \c 0 on success, or an \c MBEDTLS_ERR_ECP_XXX code on * \return \c 0 on success.
* failure. * \return An \c MBEDTLS_ERR_ECP_XXX code on failure.
*
* \see ecp.h
*/ */
int mbedtls_ecdsa_from_keypair( mbedtls_ecdsa_context *ctx, const mbedtls_ecp_keypair *key ); int mbedtls_ecdsa_from_keypair( mbedtls_ecdsa_context *ctx, const mbedtls_ecp_keypair *key );

20
thirdparty/mbedtls/include/mbedtls/ecjpake.h vendored
View File

@ -44,8 +44,6 @@
#include "ecp.h" #include "ecp.h"
#include "md.h" #include "md.h"
#if !defined(MBEDTLS_ECJPAKE_ALT)
#ifdef __cplusplus #ifdef __cplusplus
extern "C" { extern "C" {
#endif #endif
@ -58,6 +56,7 @@ typedef enum {
MBEDTLS_ECJPAKE_SERVER, /**< Server */ MBEDTLS_ECJPAKE_SERVER, /**< Server */
} mbedtls_ecjpake_role; } mbedtls_ecjpake_role;
#if !defined(MBEDTLS_ECJPAKE_ALT)
/** /**
* EC J-PAKE context structure. * EC J-PAKE context structure.
* *
@ -88,6 +87,10 @@ typedef struct
mbedtls_mpi s; /**< Pre-shared secret (passphrase) */ mbedtls_mpi s; /**< Pre-shared secret (passphrase) */
} mbedtls_ecjpake_context; } mbedtls_ecjpake_context;
#else /* MBEDTLS_ECJPAKE_ALT */
#include "ecjpake_alt.h"
#endif /* MBEDTLS_ECJPAKE_ALT */
/** /**
* \brief Initialize a context * \brief Initialize a context
* (just makes it ready for setup() or free()). * (just makes it ready for setup() or free()).
@ -225,20 +228,10 @@ int mbedtls_ecjpake_derive_secret( mbedtls_ecjpake_context *ctx,
*/ */
void mbedtls_ecjpake_free( mbedtls_ecjpake_context *ctx ); void mbedtls_ecjpake_free( mbedtls_ecjpake_context *ctx );
#ifdef __cplusplus
}
#endif
#else /* MBEDTLS_ECJPAKE_ALT */
#include "ecjpake_alt.h"
#endif /* MBEDTLS_ECJPAKE_ALT */
#if defined(MBEDTLS_SELF_TEST) #if defined(MBEDTLS_SELF_TEST)
#ifdef __cplusplus
extern "C" {
#endif
/** /**
* \brief Checkup routine * \brief Checkup routine
* *
@ -246,10 +239,11 @@ extern "C" {
*/ */
int mbedtls_ecjpake_self_test( int verbose ); int mbedtls_ecjpake_self_test( int verbose );
#endif /* MBEDTLS_SELF_TEST */
#ifdef __cplusplus #ifdef __cplusplus
} }
#endif #endif
#endif /* MBEDTLS_SELF_TEST */
#endif /* ecjpake.h */ #endif /* ecjpake.h */

764
thirdparty/mbedtls/include/mbedtls/ecp.h vendored
View File

File diff suppressed because it is too large Load Diff

2
thirdparty/mbedtls/include/mbedtls/entropy.h vendored
View File

@ -166,7 +166,7 @@ void mbedtls_entropy_free( mbedtls_entropy_context *ctx );
* \param threshold Minimum required from source before entropy is released * \param threshold Minimum required from source before entropy is released
* ( with mbedtls_entropy_func() ) (in bytes) * ( with mbedtls_entropy_func() ) (in bytes)
* \param strong MBEDTLS_ENTROPY_SOURCE_STRONG or * \param strong MBEDTLS_ENTROPY_SOURCE_STRONG or
* MBEDTSL_ENTROPY_SOURCE_WEAK. * MBEDTLS_ENTROPY_SOURCE_WEAK.
* At least one strong source needs to be added. * At least one strong source needs to be added.
* Weaker sources (such as the cycle counter) can be used as * Weaker sources (such as the cycle counter) can be used as
* a complement. * a complement.

3
thirdparty/mbedtls/include/mbedtls/error.h vendored
View File

@ -53,7 +53,7 @@
* GCM 3 0x0012-0x0014 0x0013-0x0013 * GCM 3 0x0012-0x0014 0x0013-0x0013
* BLOWFISH 3 0x0016-0x0018 0x0017-0x0017 * BLOWFISH 3 0x0016-0x0018 0x0017-0x0017
* THREADING 3 0x001A-0x001E * THREADING 3 0x001A-0x001E
* AES 4 0x0020-0x0022 0x0023-0x0025 * AES 5 0x0020-0x0022 0x0021-0x0025
* CAMELLIA 3 0x0024-0x0026 0x0027-0x0027 * CAMELLIA 3 0x0024-0x0026 0x0027-0x0027
* XTEA 2 0x0028-0x0028 0x0029-0x0029 * XTEA 2 0x0028-0x0028 0x0029-0x0029
* BASE64 2 0x002A-0x002C * BASE64 2 0x002A-0x002C
@ -63,6 +63,7 @@
* CTR_DBRG 4 0x0034-0x003A * CTR_DBRG 4 0x0034-0x003A
* ENTROPY 3 0x003C-0x0040 0x003D-0x003F * ENTROPY 3 0x003C-0x0040 0x003D-0x003F
* NET 11 0x0042-0x0052 0x0043-0x0045 * NET 11 0x0042-0x0052 0x0043-0x0045
* ARIA 4 0x0058-0x005E
* ASN1 7 0x0060-0x006C * ASN1 7 0x0060-0x006C
* CMAC 1 0x007A-0x007A * CMAC 1 0x007A-0x007A
* PBKDF2 1 0x007C-0x007C * PBKDF2 1 0x007C-0x007C

81
thirdparty/mbedtls/include/mbedtls/gcm.h vendored
View File

@ -1,9 +1,11 @@
/** /**
* \file gcm.h * \file gcm.h
* *
* \brief Galois/Counter Mode (GCM) for 128-bit block ciphers, as defined * \brief This file contains GCM definitions and functions.
* in <em>D. McGrew, J. Viega, The Galois/Counter Mode of Operation *
* (GCM), Natl. Inst. Stand. Technol.</em> * The Galois/Counter Mode (GCM) for 128-bit block ciphers is defined
* in <em>D. McGrew, J. Viega, The Galois/Counter Mode of Operation
* (GCM), Natl. Inst. Stand. Technol.</em>
* *
* For more information on GCM, see <em>NIST SP 800-38D: Recommendation for * For more information on GCM, see <em>NIST SP 800-38D: Recommendation for
* Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC</em>. * Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC</em>.
@ -42,12 +44,12 @@
#define MBEDTLS_ERR_GCM_HW_ACCEL_FAILED -0x0013 /**< GCM hardware accelerator failed. */ #define MBEDTLS_ERR_GCM_HW_ACCEL_FAILED -0x0013 /**< GCM hardware accelerator failed. */
#define MBEDTLS_ERR_GCM_BAD_INPUT -0x0014 /**< Bad input parameters to function. */ #define MBEDTLS_ERR_GCM_BAD_INPUT -0x0014 /**< Bad input parameters to function. */
#if !defined(MBEDTLS_GCM_ALT)
#ifdef __cplusplus #ifdef __cplusplus
extern "C" { extern "C" {
#endif #endif
#if !defined(MBEDTLS_GCM_ALT)
/** /**
* \brief The GCM context structure. * \brief The GCM context structure.
*/ */
@ -66,6 +68,10 @@ typedef struct {
} }
mbedtls_gcm_context; mbedtls_gcm_context;
#else /* !MBEDTLS_GCM_ALT */
#include "gcm_alt.h"
#endif /* !MBEDTLS_GCM_ALT */
/** /**
* \brief This function initializes the specified GCM context, * \brief This function initializes the specified GCM context,
* to make references valid, and prepares the context * to make references valid, and prepares the context
@ -91,7 +97,8 @@ void mbedtls_gcm_init( mbedtls_gcm_context *ctx );
* <li>192 bits</li> * <li>192 bits</li>
* <li>256 bits</li></ul> * <li>256 bits</li></ul>
* *
* \return \c 0 on success, or a cipher specific error code. * \return \c 0 on success.
* \return A cipher-specific error code on failure.
*/ */
int mbedtls_gcm_setkey( mbedtls_gcm_context *ctx, int mbedtls_gcm_setkey( mbedtls_gcm_context *ctx,
mbedtls_cipher_id_t cipher, mbedtls_cipher_id_t cipher,
@ -101,15 +108,16 @@ int mbedtls_gcm_setkey( mbedtls_gcm_context *ctx,
/** /**
* \brief This function performs GCM encryption or decryption of a buffer. * \brief This function performs GCM encryption or decryption of a buffer.
* *
* \note For encryption, the output buffer can be the same as the input buffer. * \note For encryption, the output buffer can be the same as the
* For decryption, the output buffer cannot be the same as input buffer. * input buffer. For decryption, the output buffer cannot be
* If the buffers overlap, the output buffer must trail at least 8 Bytes * the same as input buffer. If the buffers overlap, the output
* behind the input buffer. * buffer must trail at least 8 Bytes behind the input buffer.
* *
* \param ctx The GCM context to use for encryption or decryption. * \param ctx The GCM context to use for encryption or decryption.
* \param mode The operation to perform: #MBEDTLS_GCM_ENCRYPT or * \param mode The operation to perform: #MBEDTLS_GCM_ENCRYPT or
* #MBEDTLS_GCM_DECRYPT. * #MBEDTLS_GCM_DECRYPT.
* \param length The length of the input data. This must be a multiple of 16 except in the last call before mbedtls_gcm_finish(). * \param length The length of the input data. This must be a multiple of
* 16 except in the last call before mbedtls_gcm_finish().
* \param iv The initialization vector. * \param iv The initialization vector.
* \param iv_len The length of the IV. * \param iv_len The length of the IV.
* \param add The buffer holding the additional data. * \param add The buffer holding the additional data.
@ -137,12 +145,13 @@ int mbedtls_gcm_crypt_and_tag( mbedtls_gcm_context *ctx,
* \brief This function performs a GCM authenticated decryption of a * \brief This function performs a GCM authenticated decryption of a
* buffer. * buffer.
* *
* \note For decryption, the output buffer cannot be the same as input buffer. * \note For decryption, the output buffer cannot be the same as
* If the buffers overlap, the output buffer must trail at least 8 Bytes * input buffer. If the buffers overlap, the output buffer
* behind the input buffer. * must trail at least 8 Bytes behind the input buffer.
* *
* \param ctx The GCM context. * \param ctx The GCM context.
* \param length The length of the input data. This must be a multiple of 16 except in the last call before mbedtls_gcm_finish(). * \param length The length of the input data. This must be a multiple
* of 16 except in the last call before mbedtls_gcm_finish().
* \param iv The initialization vector. * \param iv The initialization vector.
* \param iv_len The length of the IV. * \param iv_len The length of the IV.
* \param add The buffer holding the additional data. * \param add The buffer holding the additional data.
@ -152,8 +161,8 @@ int mbedtls_gcm_crypt_and_tag( mbedtls_gcm_context *ctx,
* \param input The buffer holding the input data. * \param input The buffer holding the input data.
* \param output The buffer for holding the output data. * \param output The buffer for holding the output data.
* *
* \return 0 if successful and authenticated, or * \return 0 if successful and authenticated.
* #MBEDTLS_ERR_GCM_AUTH_FAILED if tag does not match. * \return #MBEDTLS_ERR_GCM_AUTH_FAILED if the tag does not match.
*/ */
int mbedtls_gcm_auth_decrypt( mbedtls_gcm_context *ctx, int mbedtls_gcm_auth_decrypt( mbedtls_gcm_context *ctx,
size_t length, size_t length,
@ -175,10 +184,12 @@ int mbedtls_gcm_auth_decrypt( mbedtls_gcm_context *ctx,
* #MBEDTLS_GCM_DECRYPT. * #MBEDTLS_GCM_DECRYPT.
* \param iv The initialization vector. * \param iv The initialization vector.
* \param iv_len The length of the IV. * \param iv_len The length of the IV.
* \param add The buffer holding the additional data, or NULL if \p add_len is 0. * \param add The buffer holding the additional data, or NULL
* \param add_len The length of the additional data. If 0, \p add is NULL. * if \p add_len is 0.
* \param add_len The length of the additional data. If 0,
* \p add is NULL.
* *
* \return \c 0 on success. * \return \c 0 on success.
*/ */
int mbedtls_gcm_starts( mbedtls_gcm_context *ctx, int mbedtls_gcm_starts( mbedtls_gcm_context *ctx,
int mode, int mode,
@ -195,16 +206,18 @@ int mbedtls_gcm_starts( mbedtls_gcm_context *ctx,
* Bytes. Only the last call before calling * Bytes. Only the last call before calling
* mbedtls_gcm_finish() can be less than 16 Bytes. * mbedtls_gcm_finish() can be less than 16 Bytes.
* *
* \note For decryption, the output buffer cannot be the same as input buffer. * \note For decryption, the output buffer cannot be the same as
* If the buffers overlap, the output buffer must trail at least 8 Bytes * input buffer. If the buffers overlap, the output buffer
* behind the input buffer. * must trail at least 8 Bytes behind the input buffer.
* *
* \param ctx The GCM context. * \param ctx The GCM context.
* \param length The length of the input data. This must be a multiple of 16 except in the last call before mbedtls_gcm_finish(). * \param length The length of the input data. This must be a multiple of
* 16 except in the last call before mbedtls_gcm_finish().
* \param input The buffer holding the input data. * \param input The buffer holding the input data.
* \param output The buffer for holding the output data. * \param output The buffer for holding the output data.
* *
* \return \c 0 on success, or #MBEDTLS_ERR_GCM_BAD_INPUT on failure. * \return \c 0 on success.
* \return #MBEDTLS_ERR_GCM_BAD_INPUT on failure.
*/ */
int mbedtls_gcm_update( mbedtls_gcm_context *ctx, int mbedtls_gcm_update( mbedtls_gcm_context *ctx,
size_t length, size_t length,
@ -222,7 +235,8 @@ int mbedtls_gcm_update( mbedtls_gcm_context *ctx,
* \param tag The buffer for holding the tag. * \param tag The buffer for holding the tag.
* \param tag_len The length of the tag to generate. Must be at least four. * \param tag_len The length of the tag to generate. Must be at least four.
* *
* \return \c 0 on success, or #MBEDTLS_ERR_GCM_BAD_INPUT on failure. * \return \c 0 on success.
* \return #MBEDTLS_ERR_GCM_BAD_INPUT on failure.
*/ */
int mbedtls_gcm_finish( mbedtls_gcm_context *ctx, int mbedtls_gcm_finish( mbedtls_gcm_context *ctx,
unsigned char *tag, unsigned char *tag,
@ -236,22 +250,11 @@ int mbedtls_gcm_finish( mbedtls_gcm_context *ctx,
*/ */
void mbedtls_gcm_free( mbedtls_gcm_context *ctx ); void mbedtls_gcm_free( mbedtls_gcm_context *ctx );
#ifdef __cplusplus
}
#endif
#else /* !MBEDTLS_GCM_ALT */
#include "gcm_alt.h"
#endif /* !MBEDTLS_GCM_ALT */
#ifdef __cplusplus
extern "C" {
#endif
/** /**
* \brief The GCM checkup routine. * \brief The GCM checkup routine.
* *
* \return \c 0 on success, or \c 1 on failure. * \return \c 0 on success.
* \return \c 1 on failure.
*/ */
int mbedtls_gcm_self_test( int verbose ); int mbedtls_gcm_self_test( int verbose );

106
thirdparty/mbedtls/include/mbedtls/md.h vendored
View File

@ -1,7 +1,7 @@
/** /**
* \file md.h * \file md.h
* *
* \brief The generic message-digest wrapper. * \brief This file contains the generic message-digest wrapper.
* *
* \author Adriaan de Jong <dejong@fox-it.com> * \author Adriaan de Jong <dejong@fox-it.com>
*/ */
@ -46,7 +46,7 @@ extern "C" {
#endif #endif
/** /**
* \brief Enumeration of supported message digests * \brief Supported message digests.
* *
* \warning MD2, MD4, MD5 and SHA-1 are considered weak message digests and * \warning MD2, MD4, MD5 and SHA-1 are considered weak message digests and
* their use constitutes a security risk. We recommend considering * their use constitutes a security risk. We recommend considering
@ -54,16 +54,16 @@ extern "C" {
* *
*/ */
typedef enum { typedef enum {
MBEDTLS_MD_NONE=0, MBEDTLS_MD_NONE=0, /**< None. */
MBEDTLS_MD_MD2, MBEDTLS_MD_MD2, /**< The MD2 message digest. */
MBEDTLS_MD_MD4, MBEDTLS_MD_MD4, /**< The MD4 message digest. */
MBEDTLS_MD_MD5, MBEDTLS_MD_MD5, /**< The MD5 message digest. */
MBEDTLS_MD_SHA1, MBEDTLS_MD_SHA1, /**< The SHA-1 message digest. */
MBEDTLS_MD_SHA224, MBEDTLS_MD_SHA224, /**< The SHA-224 message digest. */
MBEDTLS_MD_SHA256, MBEDTLS_MD_SHA256, /**< The SHA-256 message digest. */
MBEDTLS_MD_SHA384, MBEDTLS_MD_SHA384, /**< The SHA-384 message digest. */
MBEDTLS_MD_SHA512, MBEDTLS_MD_SHA512, /**< The SHA-512 message digest. */
MBEDTLS_MD_RIPEMD160, MBEDTLS_MD_RIPEMD160, /**< The RIPEMD-160 message digest. */
} mbedtls_md_type_t; } mbedtls_md_type_t;
#if defined(MBEDTLS_SHA512_C) #if defined(MBEDTLS_SHA512_C)
@ -108,8 +108,8 @@ const int *mbedtls_md_list( void );
* *
* \param md_name The name of the digest to search for. * \param md_name The name of the digest to search for.
* *
* \return The message-digest information associated with \p md_name, * \return The message-digest information associated with \p md_name.
* or NULL if not found. * \return NULL if the associated message-digest information is not found.
*/ */
const mbedtls_md_info_t *mbedtls_md_info_from_string( const char *md_name ); const mbedtls_md_info_t *mbedtls_md_info_from_string( const char *md_name );
@ -119,8 +119,8 @@ const mbedtls_md_info_t *mbedtls_md_info_from_string( const char *md_name );
* *
* \param md_type The type of digest to search for. * \param md_type The type of digest to search for.
* *
* \return The message-digest information associated with \p md_type, * \return The message-digest information associated with \p md_type.
* or NULL if not found. * \return NULL if the associated message-digest information is not found.
*/ */
const mbedtls_md_info_t *mbedtls_md_info_from_type( mbedtls_md_type_t md_type ); const mbedtls_md_info_t *mbedtls_md_info_from_type( mbedtls_md_type_t md_type );
@ -168,9 +168,10 @@ void mbedtls_md_free( mbedtls_md_context_t *ctx );
* \param md_info The information structure of the message-digest algorithm * \param md_info The information structure of the message-digest algorithm
* to use. * to use.
* *
* \returns \c 0 on success, * \return \c 0 on success.
* #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter failure, * \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification
* #MBEDTLS_ERR_MD_ALLOC_FAILED memory allocation failure. * failure.
* \return #MBEDTLS_ERR_MD_ALLOC_FAILED on memory-allocation failure.
*/ */
int mbedtls_md_init_ctx( mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_info ) MBEDTLS_DEPRECATED; int mbedtls_md_init_ctx( mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_info ) MBEDTLS_DEPRECATED;
#undef MBEDTLS_DEPRECATED #undef MBEDTLS_DEPRECATED
@ -187,12 +188,13 @@ int mbedtls_md_init_ctx( mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_
* \param ctx The context to set up. * \param ctx The context to set up.
* \param md_info The information structure of the message-digest algorithm * \param md_info The information structure of the message-digest algorithm
* to use. * to use.
* \param hmac <ul><li>0: HMAC is not used. Saves some memory.</li> * \param hmac Defines if HMAC is used. 0: HMAC is not used (saves some memory),
* <li>non-zero: HMAC is used with this context.</li></ul> * or non-zero: HMAC is used with this context.
* *
* \returns \c 0 on success, * \return \c 0 on success.
* #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter failure, or * \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification
* #MBEDTLS_ERR_MD_ALLOC_FAILED on memory allocation failure. * failure.
* \return #MBEDTLS_ERR_MD_ALLOC_FAILED on memory-allocation failure.
*/ */
int mbedtls_md_setup( mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_info, int hmac ); int mbedtls_md_setup( mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_info, int hmac );
@ -212,8 +214,8 @@ int mbedtls_md_setup( mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_inf
* \param dst The destination context. * \param dst The destination context.
* \param src The context to be cloned. * \param src The context to be cloned.
* *
* \return \c 0 on success, * \return \c 0 on success.
* #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter failure. * \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification failure.
*/ */
int mbedtls_md_clone( mbedtls_md_context_t *dst, int mbedtls_md_clone( mbedtls_md_context_t *dst,
const mbedtls_md_context_t *src ); const mbedtls_md_context_t *src );
@ -260,8 +262,9 @@ const char *mbedtls_md_get_name( const mbedtls_md_info_t *md_info );
* *
* \param ctx The generic message-digest context. * \param ctx The generic message-digest context.
* *
* \returns \c 0 on success, #MBEDTLS_ERR_MD_BAD_INPUT_DATA if * \return \c 0 on success.
* parameter verification fails. * \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification
* failure.
*/ */
int mbedtls_md_starts( mbedtls_md_context_t *ctx ); int mbedtls_md_starts( mbedtls_md_context_t *ctx );
@ -277,8 +280,9 @@ int mbedtls_md_starts( mbedtls_md_context_t *ctx );
* \param input The buffer holding the input data. * \param input The buffer holding the input data.
* \param ilen The length of the input data. * \param ilen The length of the input data.
* *
* \returns \c 0 on success, #MBEDTLS_ERR_MD_BAD_INPUT_DATA if * \return \c 0 on success.
* parameter verification fails. * \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification
* failure.
*/ */
int mbedtls_md_update( mbedtls_md_context_t *ctx, const unsigned char *input, size_t ilen ); int mbedtls_md_update( mbedtls_md_context_t *ctx, const unsigned char *input, size_t ilen );
@ -296,8 +300,9 @@ int mbedtls_md_update( mbedtls_md_context_t *ctx, const unsigned char *input, si
* \param ctx The generic message-digest context. * \param ctx The generic message-digest context.
* \param output The buffer for the generic message-digest checksum result. * \param output The buffer for the generic message-digest checksum result.
* *
* \returns \c 0 on success, or #MBEDTLS_ERR_MD_BAD_INPUT_DATA if * \return \c 0 on success.
* parameter verification fails. * \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification
* failure.
*/ */
int mbedtls_md_finish( mbedtls_md_context_t *ctx, unsigned char *output ); int mbedtls_md_finish( mbedtls_md_context_t *ctx, unsigned char *output );
@ -315,8 +320,9 @@ int mbedtls_md_finish( mbedtls_md_context_t *ctx, unsigned char *output );
* \param ilen The length of the input data. * \param ilen The length of the input data.
* \param output The generic message-digest checksum result. * \param output The generic message-digest checksum result.
* *
* \returns \c 0 on success, or #MBEDTLS_ERR_MD_BAD_INPUT_DATA if * \return \c 0 on success.
* parameter verification fails. * \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification
* failure.
*/ */
int mbedtls_md( const mbedtls_md_info_t *md_info, const unsigned char *input, size_t ilen, int mbedtls_md( const mbedtls_md_info_t *md_info, const unsigned char *input, size_t ilen,
unsigned char *output ); unsigned char *output );
@ -334,9 +340,10 @@ int mbedtls_md( const mbedtls_md_info_t *md_info, const unsigned char *input, si
* \param path The input file name. * \param path The input file name.
* \param output The generic message-digest checksum result. * \param output The generic message-digest checksum result.
* *
* \return \c 0 on success, * \return \c 0 on success.
* #MBEDTLS_ERR_MD_FILE_IO_ERROR if file input failed, or * \return #MBEDTLS_ERR_MD_FILE_IO_ERROR on an I/O error accessing
* #MBEDTLS_ERR_MD_BAD_INPUT_DATA if \p md_info was NULL. * the file pointed by \p path.
* \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA if \p md_info was NULL.
*/ */
int mbedtls_md_file( const mbedtls_md_info_t *md_info, const char *path, int mbedtls_md_file( const mbedtls_md_info_t *md_info, const char *path,
unsigned char *output ); unsigned char *output );
@ -356,8 +363,9 @@ int mbedtls_md_file( const mbedtls_md_info_t *md_info, const char *path,
* \param key The HMAC secret key. * \param key The HMAC secret key.
* \param keylen The length of the HMAC key in Bytes. * \param keylen The length of the HMAC key in Bytes.
* *
* \returns \c 0 on success, or #MBEDTLS_ERR_MD_BAD_INPUT_DATA if * \return \c 0 on success.
* parameter verification fails. * \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification
* failure.
*/ */
int mbedtls_md_hmac_starts( mbedtls_md_context_t *ctx, const unsigned char *key, int mbedtls_md_hmac_starts( mbedtls_md_context_t *ctx, const unsigned char *key,
size_t keylen ); size_t keylen );
@ -377,8 +385,9 @@ int mbedtls_md_hmac_starts( mbedtls_md_context_t *ctx, const unsigned char *key,
* \param input The buffer holding the input data. * \param input The buffer holding the input data.
* \param ilen The length of the input data. * \param ilen The length of the input data.
* *
* \returns \c 0 on success, or #MBEDTLS_ERR_MD_BAD_INPUT_DATA if * \return \c 0 on success.
* parameter verification fails. * \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification
* failure.
*/ */
int mbedtls_md_hmac_update( mbedtls_md_context_t *ctx, const unsigned char *input, int mbedtls_md_hmac_update( mbedtls_md_context_t *ctx, const unsigned char *input,
size_t ilen ); size_t ilen );
@ -397,8 +406,9 @@ int mbedtls_md_hmac_update( mbedtls_md_context_t *ctx, const unsigned char *inpu
* context. * context.
* \param output The generic HMAC checksum result. * \param output The generic HMAC checksum result.
* *
* \returns \c 0 on success, or #MBEDTLS_ERR_MD_BAD_INPUT_DATA if * \return \c 0 on success.
* parameter verification fails. * \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification
* failure.
*/ */
int mbedtls_md_hmac_finish( mbedtls_md_context_t *ctx, unsigned char *output); int mbedtls_md_hmac_finish( mbedtls_md_context_t *ctx, unsigned char *output);
@ -413,8 +423,9 @@ int mbedtls_md_hmac_finish( mbedtls_md_context_t *ctx, unsigned char *output);
* \param ctx The message digest context containing an embedded HMAC * \param ctx The message digest context containing an embedded HMAC
* context. * context.
* *
* \returns \c 0 on success, or #MBEDTLS_ERR_MD_BAD_INPUT_DATA if * \return \c 0 on success.
* parameter verification fails. * \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification
* failure.
*/ */
int mbedtls_md_hmac_reset( mbedtls_md_context_t *ctx ); int mbedtls_md_hmac_reset( mbedtls_md_context_t *ctx );
@ -436,8 +447,9 @@ int mbedtls_md_hmac_reset( mbedtls_md_context_t *ctx );
* \param ilen The length of the input data. * \param ilen The length of the input data.
* \param output The generic HMAC result. * \param output The generic HMAC result.
* *
* \returns \c 0 on success, or #MBEDTLS_ERR_MD_BAD_INPUT_DATA if * \return \c 0 on success.
* parameter verification fails. * \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification
* failure.
*/ */
int mbedtls_md_hmac( const mbedtls_md_info_t *md_info, const unsigned char *key, size_t keylen, int mbedtls_md_hmac( const mbedtls_md_info_t *md_info, const unsigned char *key, size_t keylen,
const unsigned char *input, size_t ilen, const unsigned char *input, size_t ilen,

24
thirdparty/mbedtls/include/mbedtls/md2.h vendored
View File

@ -39,14 +39,14 @@
#define MBEDTLS_ERR_MD2_HW_ACCEL_FAILED -0x002B /**< MD2 hardware accelerator failed */ #define MBEDTLS_ERR_MD2_HW_ACCEL_FAILED -0x002B /**< MD2 hardware accelerator failed */
#if !defined(MBEDTLS_MD2_ALT)
// Regular implementation
//
#ifdef __cplusplus #ifdef __cplusplus
extern "C" { extern "C" {
#endif #endif
#if !defined(MBEDTLS_MD2_ALT)
// Regular implementation
//
/** /**
* \brief MD2 context structure * \brief MD2 context structure
* *
@ -64,6 +64,10 @@ typedef struct
} }
mbedtls_md2_context; mbedtls_md2_context;
#else /* MBEDTLS_MD2_ALT */
#include "md2_alt.h"
#endif /* MBEDTLS_MD2_ALT */
/** /**
* \brief Initialize MD2 context * \brief Initialize MD2 context
* *
@ -235,18 +239,6 @@ MBEDTLS_DEPRECATED void mbedtls_md2_process( mbedtls_md2_context *ctx );
#undef MBEDTLS_DEPRECATED #undef MBEDTLS_DEPRECATED
#endif /* !MBEDTLS_DEPRECATED_REMOVED */ #endif /* !MBEDTLS_DEPRECATED_REMOVED */
#ifdef __cplusplus
}
#endif
#else /* MBEDTLS_MD2_ALT */
#include "md2_alt.h"
#endif /* MBEDTLS_MD2_ALT */
#ifdef __cplusplus
extern "C" {
#endif
/** /**
* \brief Output = MD2( input buffer ) * \brief Output = MD2( input buffer )
* *

24
thirdparty/mbedtls/include/mbedtls/md4.h vendored
View File

@ -40,14 +40,14 @@
#define MBEDTLS_ERR_MD4_HW_ACCEL_FAILED -0x002D /**< MD4 hardware accelerator failed */ #define MBEDTLS_ERR_MD4_HW_ACCEL_FAILED -0x002D /**< MD4 hardware accelerator failed */
#if !defined(MBEDTLS_MD4_ALT)
// Regular implementation
//
#ifdef __cplusplus #ifdef __cplusplus
extern "C" { extern "C" {
#endif #endif
#if !defined(MBEDTLS_MD4_ALT)
// Regular implementation
//
/** /**
* \brief MD4 context structure * \brief MD4 context structure
* *
@ -64,6 +64,10 @@ typedef struct
} }
mbedtls_md4_context; mbedtls_md4_context;
#else /* MBEDTLS_MD4_ALT */
#include "md4_alt.h"
#endif /* MBEDTLS_MD4_ALT */
/** /**
* \brief Initialize MD4 context * \brief Initialize MD4 context
* *
@ -238,18 +242,6 @@ MBEDTLS_DEPRECATED void mbedtls_md4_process( mbedtls_md4_context *ctx,
#undef MBEDTLS_DEPRECATED #undef MBEDTLS_DEPRECATED
#endif /* !MBEDTLS_DEPRECATED_REMOVED */ #endif /* !MBEDTLS_DEPRECATED_REMOVED */
#ifdef __cplusplus
}
#endif
#else /* MBEDTLS_MD4_ALT */
#include "md4_alt.h"
#endif /* MBEDTLS_MD4_ALT */
#ifdef __cplusplus
extern "C" {
#endif
/** /**
* \brief Output = MD4( input buffer ) * \brief Output = MD4( input buffer )
* *

24
thirdparty/mbedtls/include/mbedtls/md5.h vendored
View File

@ -39,14 +39,14 @@
#define MBEDTLS_ERR_MD5_HW_ACCEL_FAILED -0x002F /**< MD5 hardware accelerator failed */ #define MBEDTLS_ERR_MD5_HW_ACCEL_FAILED -0x002F /**< MD5 hardware accelerator failed */
#if !defined(MBEDTLS_MD5_ALT)
// Regular implementation
//
#ifdef __cplusplus #ifdef __cplusplus
extern "C" { extern "C" {
#endif #endif
#if !defined(MBEDTLS_MD5_ALT)
// Regular implementation
//
/** /**
* \brief MD5 context structure * \brief MD5 context structure
* *
@ -63,6 +63,10 @@ typedef struct
} }
mbedtls_md5_context; mbedtls_md5_context;
#else /* MBEDTLS_MD5_ALT */
#include "md5_alt.h"
#endif /* MBEDTLS_MD5_ALT */
/** /**
* \brief Initialize MD5 context * \brief Initialize MD5 context
* *
@ -238,18 +242,6 @@ MBEDTLS_DEPRECATED void mbedtls_md5_process( mbedtls_md5_context *ctx,
#undef MBEDTLS_DEPRECATED #undef MBEDTLS_DEPRECATED
#endif /* !MBEDTLS_DEPRECATED_REMOVED */ #endif /* !MBEDTLS_DEPRECATED_REMOVED */
#ifdef __cplusplus
}
#endif
#else /* MBEDTLS_MD5_ALT */
#include "md5_alt.h"
#endif /* MBEDTLS_MD5_ALT */
#ifdef __cplusplus
extern "C" {
#endif
/** /**
* \brief Output = MD5( input buffer ) * \brief Output = MD5( input buffer )
* *

33
thirdparty/mbedtls/include/mbedtls/net_sockets.h vendored
View File

@ -46,12 +46,17 @@
#define MBEDTLS_ERR_NET_UNKNOWN_HOST -0x0052 /**< Failed to get an IP address for the given hostname. */ #define MBEDTLS_ERR_NET_UNKNOWN_HOST -0x0052 /**< Failed to get an IP address for the given hostname. */
#define MBEDTLS_ERR_NET_BUFFER_TOO_SMALL -0x0043 /**< Buffer is too small to hold the data. */ #define MBEDTLS_ERR_NET_BUFFER_TOO_SMALL -0x0043 /**< Buffer is too small to hold the data. */
#define MBEDTLS_ERR_NET_INVALID_CONTEXT -0x0045 /**< The context is invalid, eg because it was free()ed. */ #define MBEDTLS_ERR_NET_INVALID_CONTEXT -0x0045 /**< The context is invalid, eg because it was free()ed. */
#define MBEDTLS_ERR_NET_POLL_FAILED -0x0047 /**< Polling the net context failed. */
#define MBEDTLS_ERR_NET_BAD_INPUT_DATA -0x0049 /**< Input invalid. */
#define MBEDTLS_NET_LISTEN_BACKLOG 10 /**< The backlog that listen() should use. */ #define MBEDTLS_NET_LISTEN_BACKLOG 10 /**< The backlog that listen() should use. */
#define MBEDTLS_NET_PROTO_TCP 0 /**< The TCP transport protocol */ #define MBEDTLS_NET_PROTO_TCP 0 /**< The TCP transport protocol */
#define MBEDTLS_NET_PROTO_UDP 1 /**< The UDP transport protocol */ #define MBEDTLS_NET_PROTO_UDP 1 /**< The UDP transport protocol */
#define MBEDTLS_NET_POLL_READ 1 /**< Used in \c mbedtls_net_poll to check for pending data */
#define MBEDTLS_NET_POLL_WRITE 2 /**< Used in \c mbedtls_net_poll to check if write possible */
#ifdef __cplusplus #ifdef __cplusplus
extern "C" { extern "C" {
#endif #endif
@ -118,9 +123,10 @@ int mbedtls_net_bind( mbedtls_net_context *ctx, const char *bind_ip, const char
* *
* \param bind_ctx Relevant socket * \param bind_ctx Relevant socket
* \param client_ctx Will contain the connected client socket * \param client_ctx Will contain the connected client socket
* \param client_ip Will contain the client IP address * \param client_ip Will contain the client IP address, can be NULL
* \param buf_size Size of the client_ip buffer * \param buf_size Size of the client_ip buffer
* \param ip_len Will receive the size of the client IP written * \param ip_len Will receive the size of the client IP written,
* can be NULL if client_ip is null
* *
* \return 0 if successful, or * \return 0 if successful, or
* MBEDTLS_ERR_NET_ACCEPT_FAILED, or * MBEDTLS_ERR_NET_ACCEPT_FAILED, or
@ -132,6 +138,29 @@ int mbedtls_net_accept( mbedtls_net_context *bind_ctx,
mbedtls_net_context *client_ctx, mbedtls_net_context *client_ctx,
void *client_ip, size_t buf_size, size_t *ip_len ); void *client_ip, size_t buf_size, size_t *ip_len );
/**
* \brief Check and wait for the context to be ready for read/write
*
* \param ctx Socket to check
* \param rw Bitflag composed of MBEDTLS_NET_POLL_READ and
* MBEDTLS_NET_POLL_WRITE specifying the events
* to wait for:
* - If MBEDTLS_NET_POLL_READ is set, the function
* will return as soon as the net context is available
* for reading.
* - If MBEDTLS_NET_POLL_WRITE is set, the function
* will return as soon as the net context is available
* for writing.
* \param timeout Maximal amount of time to wait before returning,
* in milliseconds. If \c timeout is zero, the
* function returns immediately. If \c timeout is
* -1u, the function blocks potentially indefinitely.
*
* \return Bitmask composed of MBEDTLS_NET_POLL_READ/WRITE
* on success or timeout, or a negative return code otherwise.
*/
int mbedtls_net_poll( mbedtls_net_context *ctx, uint32_t rw, uint32_t timeout );
/** /**
* \brief Set the socket blocking * \brief Set the socket blocking
* *

12
thirdparty/mbedtls/include/mbedtls/pk.h vendored
View File

@ -63,7 +63,7 @@
#define MBEDTLS_ERR_PK_INVALID_ALG -0x3A80 /**< The algorithm tag or value is invalid. */ #define MBEDTLS_ERR_PK_INVALID_ALG -0x3A80 /**< The algorithm tag or value is invalid. */
#define MBEDTLS_ERR_PK_UNKNOWN_NAMED_CURVE -0x3A00 /**< Elliptic curve is unsupported (only NIST curves are supported). */ #define MBEDTLS_ERR_PK_UNKNOWN_NAMED_CURVE -0x3A00 /**< Elliptic curve is unsupported (only NIST curves are supported). */
#define MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE -0x3980 /**< Unavailable feature, e.g. RSA disabled for RSA key. */ #define MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE -0x3980 /**< Unavailable feature, e.g. RSA disabled for RSA key. */
#define MBEDTLS_ERR_PK_SIG_LEN_MISMATCH -0x3900 /**< The signature is valid but its length is less than expected. */ #define MBEDTLS_ERR_PK_SIG_LEN_MISMATCH -0x3900 /**< The buffer contains a valid signature followed by more data. */
#define MBEDTLS_ERR_PK_HW_ACCEL_FAILED -0x3880 /**< PK hardware accelerator failed. */ #define MBEDTLS_ERR_PK_HW_ACCEL_FAILED -0x3880 /**< PK hardware accelerator failed. */
#ifdef __cplusplus #ifdef __cplusplus
@ -269,8 +269,8 @@ int mbedtls_pk_can_do( const mbedtls_pk_context *ctx, mbedtls_pk_type_t type );
* \param sig_len Signature length * \param sig_len Signature length
* *
* \return 0 on success (signature is valid), * \return 0 on success (signature is valid),
* MBEDTLS_ERR_PK_SIG_LEN_MISMATCH if the signature is * #MBEDTLS_ERR_PK_SIG_LEN_MISMATCH if there is a valid
* valid but its actual length is less than sig_len, * signature in sig but its length is less than \p siglen,
* or a specific error code. * or a specific error code.
* *
* \note For RSA keys, the default padding type is PKCS#1 v1.5. * \note For RSA keys, the default padding type is PKCS#1 v1.5.
@ -300,10 +300,10 @@ int mbedtls_pk_verify( mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg,
* \param sig_len Signature length * \param sig_len Signature length
* *
* \return 0 on success (signature is valid), * \return 0 on success (signature is valid),
* MBEDTLS_ERR_PK_TYPE_MISMATCH if the PK context can't be * #MBEDTLS_ERR_PK_TYPE_MISMATCH if the PK context can't be
* used for this type of signatures, * used for this type of signatures,
* MBEDTLS_ERR_PK_SIG_LEN_MISMATCH if the signature is * #MBEDTLS_ERR_PK_SIG_LEN_MISMATCH if there is a valid
* valid but its actual length is less than sig_len, * signature in sig but its length is less than \p siglen,
* or a specific error code. * or a specific error code.
* *
* \note If hash_len is 0, then the length associated with md_alg * \note If hash_len is 0, then the length associated with md_alg

69
thirdparty/mbedtls/include/mbedtls/platform.h vendored
View File

@ -1,7 +1,16 @@
/** /**
* \file platform.h * \file platform.h
* *
* \brief The Mbed TLS platform abstraction layer. * \brief This file contains the definitions and functions of the
* Mbed TLS platform abstraction layer.
*
* The platform abstraction layer removes the need for the library
* to directly link to standard C library functions or operating
* system services, making the library easier to port and embed.
* Application developers and users of the library can provide their own
* implementations of these functions, or implementations specific to
* their platform, which can be statically linked to the library or
* dynamically configured at runtime.
*/ */
/* /*
* Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved * Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved
@ -102,7 +111,7 @@ extern "C" {
/* \} name SECTION: Module settings */ /* \} name SECTION: Module settings */
/* /*
* The function pointers for calloc and free * The function pointers for calloc and free.
*/ */
#if defined(MBEDTLS_PLATFORM_MEMORY) #if defined(MBEDTLS_PLATFORM_MEMORY)
#if defined(MBEDTLS_PLATFORM_FREE_MACRO) && \ #if defined(MBEDTLS_PLATFORM_FREE_MACRO) && \
@ -116,7 +125,8 @@ extern void * (*mbedtls_calloc)( size_t n, size_t size );
extern void (*mbedtls_free)( void *ptr ); extern void (*mbedtls_free)( void *ptr );
/** /**
* \brief This function allows configuring custom memory-management functions. * \brief This function dynamically sets the memory-management
* functions used by the library, during runtime.
* *
* \param calloc_func The \c calloc function implementation. * \param calloc_func The \c calloc function implementation.
* \param free_func The \c free function implementation. * \param free_func The \c free function implementation.
@ -140,7 +150,9 @@ int mbedtls_platform_set_calloc_free( void * (*calloc_func)( size_t, size_t ),
extern int (*mbedtls_fprintf)( FILE *stream, const char *format, ... ); extern int (*mbedtls_fprintf)( FILE *stream, const char *format, ... );
/** /**
* \brief This function allows configuring a custom \p fprintf function pointer. * \brief This function dynamically configures the fprintf
* function that is called when the
* mbedtls_fprintf() function is invoked by the library.
* *
* \param fprintf_func The \c fprintf function implementation. * \param fprintf_func The \c fprintf function implementation.
* *
@ -163,8 +175,9 @@ int mbedtls_platform_set_fprintf( int (*fprintf_func)( FILE *stream, const char
extern int (*mbedtls_printf)( const char *format, ... ); extern int (*mbedtls_printf)( const char *format, ... );
/** /**
* \brief This function allows configuring a custom \c printf function * \brief This function dynamically configures the snprintf
* pointer. * function that is called when the mbedtls_snprintf()
* function is invoked by the library.
* *
* \param printf_func The \c printf function implementation. * \param printf_func The \c printf function implementation.
* *
@ -197,12 +210,12 @@ int mbedtls_platform_win32_snprintf( char *s, size_t n, const char *fmt, ... );
extern int (*mbedtls_snprintf)( char * s, size_t n, const char * format, ... ); extern int (*mbedtls_snprintf)( char * s, size_t n, const char * format, ... );
/** /**
* \brief This function allows configuring a custom \c snprintf function * \brief This function allows configuring a custom
* pointer. * \c snprintf function pointer.
* *
* \param snprintf_func The \c snprintf function implementation. * \param snprintf_func The \c snprintf function implementation.
* *
* \return \c 0 on success. * \return \c 0 on success.
*/ */
int mbedtls_platform_set_snprintf( int (*snprintf_func)( char * s, size_t n, int mbedtls_platform_set_snprintf( int (*snprintf_func)( char * s, size_t n,
const char * format, ... ) ); const char * format, ... ) );
@ -210,7 +223,7 @@ int mbedtls_platform_set_snprintf( int (*snprintf_func)( char * s, size_t n,
#if defined(MBEDTLS_PLATFORM_SNPRINTF_MACRO) #if defined(MBEDTLS_PLATFORM_SNPRINTF_MACRO)
#define mbedtls_snprintf MBEDTLS_PLATFORM_SNPRINTF_MACRO #define mbedtls_snprintf MBEDTLS_PLATFORM_SNPRINTF_MACRO
#else #else
#define mbedtls_snprintf snprintf #define mbedtls_snprintf MBEDTLS_PLATFORM_STD_SNPRINTF
#endif /* MBEDTLS_PLATFORM_SNPRINTF_MACRO */ #endif /* MBEDTLS_PLATFORM_SNPRINTF_MACRO */
#endif /* MBEDTLS_PLATFORM_SNPRINTF_ALT */ #endif /* MBEDTLS_PLATFORM_SNPRINTF_ALT */
@ -221,12 +234,13 @@ int mbedtls_platform_set_snprintf( int (*snprintf_func)( char * s, size_t n,
extern void (*mbedtls_exit)( int status ); extern void (*mbedtls_exit)( int status );
/** /**
* \brief This function allows configuring a custom \c exit function * \brief This function dynamically configures the exit
* pointer. * function that is called when the mbedtls_exit()
* function is invoked by the library.
* *
* \param exit_func The \c exit function implementation. * \param exit_func The \c exit function implementation.
* *
* \return \c 0 on success. * \return \c 0 on success.
*/ */
int mbedtls_platform_set_exit( void (*exit_func)( int status ) ); int mbedtls_platform_set_exit( void (*exit_func)( int status ) );
#else #else
@ -302,7 +316,7 @@ int mbedtls_platform_set_nv_seed(
* setup or teardown operations. * setup or teardown operations.
*/ */
typedef struct { typedef struct {
char dummy; /**< Placeholder member, as empty structs are not portable. */ char dummy; /**< A placeholder member, as empty structs are not portable. */
} }
mbedtls_platform_context; mbedtls_platform_context;
@ -311,33 +325,34 @@ mbedtls_platform_context;
#endif /* !MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT */ #endif /* !MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT */
/** /**
* \brief This function performs any platform initialization operations. * \brief This function performs any platform-specific initialization
* operations.
* *
* \param ctx The Mbed TLS context. * \note This function should be called before any other library functions.
* *
* \return \c 0 on success. * Its implementation is platform-specific, and unless
*
* \note This function is intended to allow platform-specific initialization,
* and should be called before any other library functions. Its
* implementation is platform-specific, and unless
* platform-specific code is provided, it does nothing. * platform-specific code is provided, it does nothing.
* *
* Its use and whether it is necessary to call it is dependent on the * \note The usage and necessity of this function is dependent on the platform.
* platform. *
* \param ctx The platform context.
*
* \return \c 0 on success.
*/ */
int mbedtls_platform_setup( mbedtls_platform_context *ctx ); int mbedtls_platform_setup( mbedtls_platform_context *ctx );
/** /**
* \brief This function performs any platform teardown operations. * \brief This function performs any platform teardown operations.
* *
* \param ctx The Mbed TLS context.
*
* \note This function should be called after every other Mbed TLS module * \note This function should be called after every other Mbed TLS module
* has been correctly freed using the appropriate free function. * has been correctly freed using the appropriate free function.
*
* Its implementation is platform-specific, and unless * Its implementation is platform-specific, and unless
* platform-specific code is provided, it does nothing. * platform-specific code is provided, it does nothing.
* *
* Its use and whether it is necessary to call it is dependent on the * \note The usage and necessity of this function is dependent on the platform.
* platform. *
* \param ctx The platform context.
*
*/ */
void mbedtls_platform_teardown( mbedtls_platform_context *ctx ); void mbedtls_platform_teardown( mbedtls_platform_context *ctx );

62
thirdparty/mbedtls/include/mbedtls/platform_util.h vendored Normal file
View File

@ -0,0 +1,62 @@
/**
* \file platform_util.h
*
* \brief Common and shared functions used by multiple modules in the Mbed TLS
* library.
*/
/*
* Copyright (C) 2018, Arm Limited, All Rights Reserved
* SPDX-License-Identifier: Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
* This file is part of Mbed TLS (https://tls.mbed.org)
*/
#ifndef MBEDTLS_PLATFORM_UTIL_H
#define MBEDTLS_PLATFORM_UTIL_H
#include <stddef.h>
#ifdef __cplusplus
extern "C" {
#endif
/**
* \brief Securely zeroize a buffer
*
* The function is meant to wipe the data contained in a buffer so
* that it can no longer be recovered even if the program memory
* is later compromised. Call this function on sensitive data
* stored on the stack before returning from a function, and on
* sensitive data stored on the heap before freeing the heap
* object.
*
* It is extremely difficult to guarantee that calls to
* mbedtls_platform_zeroize() are not removed by aggressive
* compiler optimizations in a portable way. For this reason, Mbed
* TLS provides the configuration option
* MBEDTLS_PLATFORM_ZEROIZE_ALT, which allows users to configure
* mbedtls_platform_zeroize() to use a suitable implementation for
* their platform and needs
*
* \param buf Buffer to be zeroized
* \param len Length of the buffer in bytes
*
*/
void mbedtls_platform_zeroize( void *buf, size_t len );
#ifdef __cplusplus
}
#endif
#endif /* MBEDTLS_PLATFORM_UTIL_H */

24
thirdparty/mbedtls/include/mbedtls/ripemd160.h vendored
View File

@ -35,14 +35,14 @@
#define MBEDTLS_ERR_RIPEMD160_HW_ACCEL_FAILED -0x0031 /**< RIPEMD160 hardware accelerator failed */ #define MBEDTLS_ERR_RIPEMD160_HW_ACCEL_FAILED -0x0031 /**< RIPEMD160 hardware accelerator failed */
#if !defined(MBEDTLS_RIPEMD160_ALT)
// Regular implementation
//
#ifdef __cplusplus #ifdef __cplusplus
extern "C" { extern "C" {
#endif #endif
#if !defined(MBEDTLS_RIPEMD160_ALT)
// Regular implementation
//
/** /**
* \brief RIPEMD-160 context structure * \brief RIPEMD-160 context structure
*/ */
@ -54,6 +54,10 @@ typedef struct
} }
mbedtls_ripemd160_context; mbedtls_ripemd160_context;
#else /* MBEDTLS_RIPEMD160_ALT */
#include "ripemd160.h"
#endif /* MBEDTLS_RIPEMD160_ALT */
/** /**
* \brief Initialize RIPEMD-160 context * \brief Initialize RIPEMD-160 context
* *
@ -178,18 +182,6 @@ MBEDTLS_DEPRECATED void mbedtls_ripemd160_process(
#undef MBEDTLS_DEPRECATED #undef MBEDTLS_DEPRECATED
#endif /* !MBEDTLS_DEPRECATED_REMOVED */ #endif /* !MBEDTLS_DEPRECATED_REMOVED */
#ifdef __cplusplus
}
#endif
#else /* MBEDTLS_RIPEMD160_ALT */
#include "ripemd160_alt.h"
#endif /* MBEDTLS_RIPEMD160_ALT */
#ifdef __cplusplus
extern "C" {
#endif
/** /**
* \brief Output = RIPEMD-160( input buffer ) * \brief Output = RIPEMD-160( input buffer )
* *

695
thirdparty/mbedtls/include/mbedtls/rsa.h vendored
View File

File diff suppressed because it is too large Load Diff

60
thirdparty/mbedtls/include/mbedtls/rsa_internal.h vendored
View File

@ -2,6 +2,37 @@
* \file rsa_internal.h * \file rsa_internal.h
* *
* \brief Context-independent RSA helper functions * \brief Context-independent RSA helper functions
*
* This module declares some RSA-related helper functions useful when
* implementing the RSA interface. These functions are provided in a separate
* compilation unit in order to make it easy for designers of alternative RSA
* implementations to use them in their own code, as it is conceived that the
* functionality they provide will be necessary for most complete
* implementations.
*
* End-users of Mbed TLS who are not providing their own alternative RSA
* implementations should not use these functions directly, and should instead
* use only the functions declared in rsa.h.
*
* The interface provided by this module will be maintained through LTS (Long
* Term Support) branches of Mbed TLS, but may otherwise be subject to change,
* and must be considered an internal interface of the library.
*
* There are two classes of helper functions:
*
* (1) Parameter-generating helpers. These are:
* - mbedtls_rsa_deduce_primes
* - mbedtls_rsa_deduce_private_exponent
* - mbedtls_rsa_deduce_crt
* Each of these functions takes a set of core RSA parameters and
* generates some other, or CRT related parameters.
*
* (2) Parameter-checking helpers. These are:
* - mbedtls_rsa_validate_params
* - mbedtls_rsa_validate_crt
* They take a set of core or CRT related RSA parameters and check their
* validity.
*
*/ */
/* /*
* Copyright (C) 2006-2017, ARM Limited, All Rights Reserved * Copyright (C) 2006-2017, ARM Limited, All Rights Reserved
@ -21,31 +52,6 @@
* *
* This file is part of mbed TLS (https://tls.mbed.org) * This file is part of mbed TLS (https://tls.mbed.org)
* *
*
* This file declares some RSA-related helper functions useful when
* implementing the RSA interface. They are public and provided in a
* separate compilation unit in order to make it easy for designers of
* alternative RSA implementations to use them in their code, as it is
* conceived that the functionality they provide will be necessary
* for most complete implementations.
*
* End-users of Mbed TLS not intending to re-implement the RSA functionality
* are not expected to get into the need of making use of these functions directly,
* but instead should be able to use the functions declared in rsa.h.
*
* There are two classes of helper functions:
* (1) Parameter-generating helpers. These are:
* - mbedtls_rsa_deduce_primes
* - mbedtls_rsa_deduce_private_exponent
* - mbedtls_rsa_deduce_crt
* Each of these functions takes a set of core RSA parameters
* and generates some other, or CRT related parameters.
* (2) Parameter-checking helpers. These are:
* - mbedtls_rsa_validate_params
* - mbedtls_rsa_validate_crt
* They take a set of core or CRT related RSA parameters
* and check their validity.
*
*/ */
#ifndef MBEDTLS_RSA_INTERNAL_H #ifndef MBEDTLS_RSA_INTERNAL_H
@ -213,4 +219,8 @@ int mbedtls_rsa_validate_crt( const mbedtls_mpi *P, const mbedtls_mpi *Q,
const mbedtls_mpi *D, const mbedtls_mpi *DP, const mbedtls_mpi *D, const mbedtls_mpi *DP,
const mbedtls_mpi *DQ, const mbedtls_mpi *QP ); const mbedtls_mpi *DQ, const mbedtls_mpi *QP );
#ifdef __cplusplus
}
#endif
#endif /* rsa_internal.h */ #endif /* rsa_internal.h */

164
thirdparty/mbedtls/include/mbedtls/sha1.h vendored
View File

@ -1,7 +1,10 @@
/** /**
* \file sha1.h * \file sha1.h
* *
* \brief The SHA-1 cryptographic hash function. * \brief This file contains SHA-1 definitions and functions.
*
* The Secure Hash Algorithm 1 (SHA-1) cryptographic hash function is defined in
* <em>FIPS 180-4: Secure Hash Standard (SHS)</em>.
* *
* \warning SHA-1 is considered a weak message digest and its use constitutes * \warning SHA-1 is considered a weak message digest and its use constitutes
* a security risk. We recommend considering stronger message * a security risk. We recommend considering stronger message
@ -39,14 +42,14 @@
#define MBEDTLS_ERR_SHA1_HW_ACCEL_FAILED -0x0035 /**< SHA-1 hardware accelerator failed */ #define MBEDTLS_ERR_SHA1_HW_ACCEL_FAILED -0x0035 /**< SHA-1 hardware accelerator failed */
#if !defined(MBEDTLS_SHA1_ALT)
// Regular implementation
//
#ifdef __cplusplus #ifdef __cplusplus
extern "C" { extern "C" {
#endif #endif
#if !defined(MBEDTLS_SHA1_ALT)
// Regular implementation
//
/** /**
* \brief The SHA-1 context structure. * \brief The SHA-1 context structure.
* *
@ -63,40 +66,44 @@ typedef struct
} }
mbedtls_sha1_context; mbedtls_sha1_context;
#else /* MBEDTLS_SHA1_ALT */
#include "sha1_alt.h"
#endif /* MBEDTLS_SHA1_ALT */
/** /**
* \brief This function initializes a SHA-1 context. * \brief This function initializes a SHA-1 context.
* *
* \param ctx The SHA-1 context to initialize.
*
* \warning SHA-1 is considered a weak message digest and its use * \warning SHA-1 is considered a weak message digest and its use
* constitutes a security risk. We recommend considering * constitutes a security risk. We recommend considering
* stronger message digests instead. * stronger message digests instead.
* *
* \param ctx The SHA-1 context to initialize.
*
*/ */
void mbedtls_sha1_init( mbedtls_sha1_context *ctx ); void mbedtls_sha1_init( mbedtls_sha1_context *ctx );
/** /**
* \brief This function clears a SHA-1 context. * \brief This function clears a SHA-1 context.
* *
* \param ctx The SHA-1 context to clear.
*
* \warning SHA-1 is considered a weak message digest and its use * \warning SHA-1 is considered a weak message digest and its use
* constitutes a security risk. We recommend considering * constitutes a security risk. We recommend considering
* stronger message digests instead. * stronger message digests instead.
* *
* \param ctx The SHA-1 context to clear.
*
*/ */
void mbedtls_sha1_free( mbedtls_sha1_context *ctx ); void mbedtls_sha1_free( mbedtls_sha1_context *ctx );
/** /**
* \brief This function clones the state of a SHA-1 context. * \brief This function clones the state of a SHA-1 context.
* *
* \param dst The destination context.
* \param src The context to clone.
*
* \warning SHA-1 is considered a weak message digest and its use * \warning SHA-1 is considered a weak message digest and its use
* constitutes a security risk. We recommend considering * constitutes a security risk. We recommend considering
* stronger message digests instead. * stronger message digests instead.
* *
* \param dst The SHA-1 context to clone to.
* \param src The SHA-1 context to clone from.
*
*/ */
void mbedtls_sha1_clone( mbedtls_sha1_context *dst, void mbedtls_sha1_clone( mbedtls_sha1_context *dst,
const mbedtls_sha1_context *src ); const mbedtls_sha1_context *src );
@ -104,14 +111,14 @@ void mbedtls_sha1_clone( mbedtls_sha1_context *dst,
/** /**
* \brief This function starts a SHA-1 checksum calculation. * \brief This function starts a SHA-1 checksum calculation.
* *
* \param ctx The context to initialize.
*
* \return \c 0 if successful
*
* \warning SHA-1 is considered a weak message digest and its use * \warning SHA-1 is considered a weak message digest and its use
* constitutes a security risk. We recommend considering * constitutes a security risk. We recommend considering
* stronger message digests instead. * stronger message digests instead.
* *
* \param ctx The SHA-1 context to initialize.
*
* \return \c 0 on success.
*
*/ */
int mbedtls_sha1_starts_ret( mbedtls_sha1_context *ctx ); int mbedtls_sha1_starts_ret( mbedtls_sha1_context *ctx );
@ -119,16 +126,15 @@ int mbedtls_sha1_starts_ret( mbedtls_sha1_context *ctx );
* \brief This function feeds an input buffer into an ongoing SHA-1 * \brief This function feeds an input buffer into an ongoing SHA-1
* checksum calculation. * checksum calculation.
* *
* \param ctx The SHA-1 context.
* \param input The buffer holding the input data.
* \param ilen The length of the input data.
*
* \return \c 0 if successful
*
* \warning SHA-1 is considered a weak message digest and its use * \warning SHA-1 is considered a weak message digest and its use
* constitutes a security risk. We recommend considering * constitutes a security risk. We recommend considering
* stronger message digests instead. * stronger message digests instead.
* *
* \param ctx The SHA-1 context.
* \param input The buffer holding the input data.
* \param ilen The length of the input data.
*
* \return \c 0 on success.
*/ */
int mbedtls_sha1_update_ret( mbedtls_sha1_context *ctx, int mbedtls_sha1_update_ret( mbedtls_sha1_context *ctx,
const unsigned char *input, const unsigned char *input,
@ -138,31 +144,30 @@ int mbedtls_sha1_update_ret( mbedtls_sha1_context *ctx,
* \brief This function finishes the SHA-1 operation, and writes * \brief This function finishes the SHA-1 operation, and writes
* the result to the output buffer. * the result to the output buffer.
* *
* \param ctx The SHA-1 context.
* \param output The SHA-1 checksum result.
*
* \return \c 0 if successful
*
* \warning SHA-1 is considered a weak message digest and its use * \warning SHA-1 is considered a weak message digest and its use
* constitutes a security risk. We recommend considering * constitutes a security risk. We recommend considering
* stronger message digests instead. * stronger message digests instead.
* *
* \param ctx The SHA-1 context.
* \param output The SHA-1 checksum result.
*
* \return \c 0 on success.
*/ */
int mbedtls_sha1_finish_ret( mbedtls_sha1_context *ctx, int mbedtls_sha1_finish_ret( mbedtls_sha1_context *ctx,
unsigned char output[20] ); unsigned char output[20] );
/** /**
* \brief SHA-1 process data block (internal use only) * \brief SHA-1 process data block (internal use only).
*
* \param ctx SHA-1 context
* \param data The data block being processed.
*
* \return \c 0 if successful
* *
* \warning SHA-1 is considered a weak message digest and its use * \warning SHA-1 is considered a weak message digest and its use
* constitutes a security risk. We recommend considering * constitutes a security risk. We recommend considering
* stronger message digests instead. * stronger message digests instead.
* *
* \param ctx The SHA-1 context.
* \param data The data block being processed.
*
* \return \c 0 on success.
*
*/ */
int mbedtls_internal_sha1_process( mbedtls_sha1_context *ctx, int mbedtls_internal_sha1_process( mbedtls_sha1_context *ctx,
const unsigned char data[64] ); const unsigned char data[64] );
@ -174,65 +179,67 @@ int mbedtls_internal_sha1_process( mbedtls_sha1_context *ctx,
#define MBEDTLS_DEPRECATED #define MBEDTLS_DEPRECATED
#endif #endif
/** /**
* \brief SHA-1 context setup * \brief This function starts a SHA-1 checksum calculation.
*
* \deprecated Superseded by mbedtls_sha1_starts_ret() in 2.7.0
*
* \param ctx The SHA-1 context to be initialized.
* *
* \warning SHA-1 is considered a weak message digest and its use * \warning SHA-1 is considered a weak message digest and its use
* constitutes a security risk. We recommend considering * constitutes a security risk. We recommend considering
* stronger message digests instead. * stronger message digests instead.
* *
* \deprecated Superseded by mbedtls_sha1_starts_ret() in 2.7.0.
*
* \param ctx The SHA-1 context to initialize.
*
*/ */
MBEDTLS_DEPRECATED void mbedtls_sha1_starts( mbedtls_sha1_context *ctx ); MBEDTLS_DEPRECATED void mbedtls_sha1_starts( mbedtls_sha1_context *ctx );
/** /**
* \brief SHA-1 process buffer * \brief This function feeds an input buffer into an ongoing SHA-1
* * checksum calculation.
* \deprecated Superseded by mbedtls_sha1_update_ret() in 2.7.0
*
* \param ctx The SHA-1 context.
* \param input The buffer holding the input data.
* \param ilen The length of the input data.
* *
* \warning SHA-1 is considered a weak message digest and its use * \warning SHA-1 is considered a weak message digest and its use
* constitutes a security risk. We recommend considering * constitutes a security risk. We recommend considering
* stronger message digests instead. * stronger message digests instead.
* *
* \deprecated Superseded by mbedtls_sha1_update_ret() in 2.7.0.
*
* \param ctx The SHA-1 context.
* \param input The buffer holding the input data.
* \param ilen The length of the input data.
*
*/ */
MBEDTLS_DEPRECATED void mbedtls_sha1_update( mbedtls_sha1_context *ctx, MBEDTLS_DEPRECATED void mbedtls_sha1_update( mbedtls_sha1_context *ctx,
const unsigned char *input, const unsigned char *input,
size_t ilen ); size_t ilen );
/** /**
* \brief SHA-1 final digest * \brief This function finishes the SHA-1 operation, and writes
* * the result to the output buffer.
* \deprecated Superseded by mbedtls_sha1_finish_ret() in 2.7.0
*
* \param ctx The SHA-1 context.
* \param output The SHA-1 checksum result.
* *
* \warning SHA-1 is considered a weak message digest and its use * \warning SHA-1 is considered a weak message digest and its use
* constitutes a security risk. We recommend considering * constitutes a security risk. We recommend considering
* stronger message digests instead. * stronger message digests instead.
* *
* \deprecated Superseded by mbedtls_sha1_finish_ret() in 2.7.0.
*
* \param ctx The SHA-1 context.
* \param output The SHA-1 checksum result.
*
*/ */
MBEDTLS_DEPRECATED void mbedtls_sha1_finish( mbedtls_sha1_context *ctx, MBEDTLS_DEPRECATED void mbedtls_sha1_finish( mbedtls_sha1_context *ctx,
unsigned char output[20] ); unsigned char output[20] );
/** /**
* \brief SHA-1 process data block (internal use only) * \brief SHA-1 process data block (internal use only).
*
* \deprecated Superseded by mbedtls_internal_sha1_process() in 2.7.0
*
* \param ctx The SHA-1 context.
* \param data The data block being processed.
* *
* \warning SHA-1 is considered a weak message digest and its use * \warning SHA-1 is considered a weak message digest and its use
* constitutes a security risk. We recommend considering * constitutes a security risk. We recommend considering
* stronger message digests instead. * stronger message digests instead.
* *
* \deprecated Superseded by mbedtls_internal_sha1_process() in 2.7.0.
*
* \param ctx The SHA-1 context.
* \param data The data block being processed.
*
*/ */
MBEDTLS_DEPRECATED void mbedtls_sha1_process( mbedtls_sha1_context *ctx, MBEDTLS_DEPRECATED void mbedtls_sha1_process( mbedtls_sha1_context *ctx,
const unsigned char data[64] ); const unsigned char data[64] );
@ -240,18 +247,6 @@ MBEDTLS_DEPRECATED void mbedtls_sha1_process( mbedtls_sha1_context *ctx,
#undef MBEDTLS_DEPRECATED #undef MBEDTLS_DEPRECATED
#endif /* !MBEDTLS_DEPRECATED_REMOVED */ #endif /* !MBEDTLS_DEPRECATED_REMOVED */
#ifdef __cplusplus
}
#endif
#else /* MBEDTLS_SHA1_ALT */
#include "sha1_alt.h"
#endif /* MBEDTLS_SHA1_ALT */
#ifdef __cplusplus
extern "C" {
#endif
/** /**
* \brief This function calculates the SHA-1 checksum of a buffer. * \brief This function calculates the SHA-1 checksum of a buffer.
* *
@ -261,15 +256,15 @@ extern "C" {
* The SHA-1 result is calculated as * The SHA-1 result is calculated as
* output = SHA-1(input buffer). * output = SHA-1(input buffer).
* *
* \warning SHA-1 is considered a weak message digest and its use
* constitutes a security risk. We recommend considering
* stronger message digests instead.
*
* \param input The buffer holding the input data. * \param input The buffer holding the input data.
* \param ilen The length of the input data. * \param ilen The length of the input data.
* \param output The SHA-1 checksum result. * \param output The SHA-1 checksum result.
* *
* \return \c 0 if successful * \return \c 0 on success.
*
* \warning SHA-1 is considered a weak message digest and its use
* constitutes a security risk. We recommend considering
* stronger message digests instead.
* *
*/ */
int mbedtls_sha1_ret( const unsigned char *input, int mbedtls_sha1_ret( const unsigned char *input,
@ -283,7 +278,17 @@ int mbedtls_sha1_ret( const unsigned char *input,
#define MBEDTLS_DEPRECATED #define MBEDTLS_DEPRECATED
#endif #endif
/** /**
* \brief Output = SHA-1( input buffer ) * \brief This function calculates the SHA-1 checksum of a buffer.
*
* The function allocates the context, performs the
* calculation, and frees the context.
*
* The SHA-1 result is calculated as
* output = SHA-1(input buffer).
*
* \warning SHA-1 is considered a weak message digest and its use
* constitutes a security risk. We recommend considering
* stronger message digests instead.
* *
* \deprecated Superseded by mbedtls_sha1_ret() in 2.7.0 * \deprecated Superseded by mbedtls_sha1_ret() in 2.7.0
* *
@ -291,10 +296,6 @@ int mbedtls_sha1_ret( const unsigned char *input,
* \param ilen The length of the input data. * \param ilen The length of the input data.
* \param output The SHA-1 checksum result. * \param output The SHA-1 checksum result.
* *
* \warning SHA-1 is considered a weak message digest and its use
* constitutes a security risk. We recommend considering
* stronger message digests instead.
*
*/ */
MBEDTLS_DEPRECATED void mbedtls_sha1( const unsigned char *input, MBEDTLS_DEPRECATED void mbedtls_sha1( const unsigned char *input,
size_t ilen, size_t ilen,
@ -306,12 +307,13 @@ MBEDTLS_DEPRECATED void mbedtls_sha1( const unsigned char *input,
/** /**
* \brief The SHA-1 checkup routine. * \brief The SHA-1 checkup routine.
* *
* \return \c 0 on success, or \c 1 on failure.
*
* \warning SHA-1 is considered a weak message digest and its use * \warning SHA-1 is considered a weak message digest and its use
* constitutes a security risk. We recommend considering * constitutes a security risk. We recommend considering
* stronger message digests instead. * stronger message digests instead.
* *
* \return \c 0 on success.
* \return \c 1 on failure.
*
*/ */
int mbedtls_sha1_self_test( int verbose ); int mbedtls_sha1_self_test( int verbose );

70
thirdparty/mbedtls/include/mbedtls/sha256.h vendored
View File

@ -1,7 +1,10 @@
/** /**
* \file sha256.h * \file sha256.h
* *
* \brief The SHA-224 and SHA-256 cryptographic hash function. * \brief This file contains SHA-224 and SHA-256 definitions and functions.
*
* The Secure Hash Algorithms 224 and 256 (SHA-224 and SHA-256) cryptographic
* hash functions are defined in <em>FIPS 180-4: Secure Hash Standard (SHS)</em>.
*/ */
/* /*
* Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved * Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved
@ -35,14 +38,14 @@
#define MBEDTLS_ERR_SHA256_HW_ACCEL_FAILED -0x0037 /**< SHA-256 hardware accelerator failed */ #define MBEDTLS_ERR_SHA256_HW_ACCEL_FAILED -0x0037 /**< SHA-256 hardware accelerator failed */
#if !defined(MBEDTLS_SHA256_ALT)
// Regular implementation
//
#ifdef __cplusplus #ifdef __cplusplus
extern "C" { extern "C" {
#endif #endif
#if !defined(MBEDTLS_SHA256_ALT)
// Regular implementation
//
/** /**
* \brief The SHA-256 context structure. * \brief The SHA-256 context structure.
* *
@ -55,12 +58,15 @@ typedef struct
uint32_t total[2]; /*!< The number of Bytes processed. */ uint32_t total[2]; /*!< The number of Bytes processed. */
uint32_t state[8]; /*!< The intermediate digest state. */ uint32_t state[8]; /*!< The intermediate digest state. */
unsigned char buffer[64]; /*!< The data block being processed. */ unsigned char buffer[64]; /*!< The data block being processed. */
int is224; /*!< Determines which function to use. int is224; /*!< Determines which function to use:
<ul><li>0: Use SHA-256.</li> 0: Use SHA-256, or 1: Use SHA-224. */
<li>1: Use SHA-224.</li></ul> */
} }
mbedtls_sha256_context; mbedtls_sha256_context;
#else /* MBEDTLS_SHA256_ALT */
#include "sha256_alt.h"
#endif /* MBEDTLS_SHA256_ALT */
/** /**
* \brief This function initializes a SHA-256 context. * \brief This function initializes a SHA-256 context.
* *
@ -89,9 +95,8 @@ void mbedtls_sha256_clone( mbedtls_sha256_context *dst,
* calculation. * calculation.
* *
* \param ctx The context to initialize. * \param ctx The context to initialize.
* \param is224 Determines which function to use. * \param is224 Determines which function to use:
* <ul><li>0: Use SHA-256.</li> * 0: Use SHA-256, or 1: Use SHA-224.
* <li>1: Use SHA-224.</li></ul>
* *
* \return \c 0 on success. * \return \c 0 on success.
*/ */
@ -101,9 +106,9 @@ int mbedtls_sha256_starts_ret( mbedtls_sha256_context *ctx, int is224 );
* \brief This function feeds an input buffer into an ongoing * \brief This function feeds an input buffer into an ongoing
* SHA-256 checksum calculation. * SHA-256 checksum calculation.
* *
* \param ctx SHA-256 context * \param ctx The SHA-256 context.
* \param input buffer holding the data * \param input The buffer holding the data.
* \param ilen length of the input data * \param ilen The length of the input data.
* *
* \return \c 0 on success. * \return \c 0 on success.
*/ */
@ -143,14 +148,15 @@ int mbedtls_internal_sha256_process( mbedtls_sha256_context *ctx,
#define MBEDTLS_DEPRECATED #define MBEDTLS_DEPRECATED
#endif #endif
/** /**
* \brief This function starts a SHA-256 checksum calculation. * \brief This function starts a SHA-224 or SHA-256 checksum
* calculation.
*
* *
* \deprecated Superseded by mbedtls_sha256_starts_ret() in 2.7.0. * \deprecated Superseded by mbedtls_sha256_starts_ret() in 2.7.0.
* *
* \param ctx The SHA-256 context to initialize. * \param ctx The context to initialize.
* \param is224 Determines which function to use. * \param is224 Determines which function to use:
* <ul><li>0: Use SHA-256.</li> * 0: Use SHA-256, or 1: Use SHA-224.
* <li>1: Use SHA-224.</li></ul>
*/ */
MBEDTLS_DEPRECATED void mbedtls_sha256_starts( mbedtls_sha256_context *ctx, MBEDTLS_DEPRECATED void mbedtls_sha256_starts( mbedtls_sha256_context *ctx,
int is224 ); int is224 );
@ -176,7 +182,7 @@ MBEDTLS_DEPRECATED void mbedtls_sha256_update( mbedtls_sha256_context *ctx,
* \deprecated Superseded by mbedtls_sha256_finish_ret() in 2.7.0. * \deprecated Superseded by mbedtls_sha256_finish_ret() in 2.7.0.
* *
* \param ctx The SHA-256 context. * \param ctx The SHA-256 context.
* \param output The SHA-224or SHA-256 checksum result. * \param output The SHA-224 or SHA-256 checksum result.
*/ */
MBEDTLS_DEPRECATED void mbedtls_sha256_finish( mbedtls_sha256_context *ctx, MBEDTLS_DEPRECATED void mbedtls_sha256_finish( mbedtls_sha256_context *ctx,
unsigned char output[32] ); unsigned char output[32] );
@ -196,17 +202,6 @@ MBEDTLS_DEPRECATED void mbedtls_sha256_process( mbedtls_sha256_context *ctx,
#undef MBEDTLS_DEPRECATED #undef MBEDTLS_DEPRECATED
#endif /* !MBEDTLS_DEPRECATED_REMOVED */ #endif /* !MBEDTLS_DEPRECATED_REMOVED */
#ifdef __cplusplus
}
#endif
#else /* MBEDTLS_SHA256_ALT */
#include "sha256_alt.h"
#endif /* MBEDTLS_SHA256_ALT */
#ifdef __cplusplus
extern "C" {
#endif
/** /**
* \brief This function calculates the SHA-224 or SHA-256 * \brief This function calculates the SHA-224 or SHA-256
@ -221,9 +216,8 @@ extern "C" {
* \param input The buffer holding the input data. * \param input The buffer holding the input data.
* \param ilen The length of the input data. * \param ilen The length of the input data.
* \param output The SHA-224 or SHA-256 checksum result. * \param output The SHA-224 or SHA-256 checksum result.
* \param is224 Determines which function to use. * \param is224 Determines which function to use:
* <ul><li>0: Use SHA-256.</li> * 0: Use SHA-256, or 1: Use SHA-224.
* <li>1: Use SHA-224.</li></ul>
*/ */
int mbedtls_sha256_ret( const unsigned char *input, int mbedtls_sha256_ret( const unsigned char *input,
size_t ilen, size_t ilen,
@ -252,9 +246,8 @@ int mbedtls_sha256_ret( const unsigned char *input,
* \param input The buffer holding the data. * \param input The buffer holding the data.
* \param ilen The length of the input data. * \param ilen The length of the input data.
* \param output The SHA-224 or SHA-256 checksum result. * \param output The SHA-224 or SHA-256 checksum result.
* \param is224 Determines which function to use. * \param is224 Determines which function to use:
* <ul><li>0: Use SHA-256.</li> * 0: Use SHA-256, or 1: Use SHA-224.
* <li>1: Use SHA-224.</li></ul>
*/ */
MBEDTLS_DEPRECATED void mbedtls_sha256( const unsigned char *input, MBEDTLS_DEPRECATED void mbedtls_sha256( const unsigned char *input,
size_t ilen, size_t ilen,
@ -267,7 +260,8 @@ MBEDTLS_DEPRECATED void mbedtls_sha256( const unsigned char *input,
/** /**
* \brief The SHA-224 and SHA-256 checkup routine. * \brief The SHA-224 and SHA-256 checkup routine.
* *
* \return \c 0 on success, or \c 1 on failure. * \return \c 0 on success.
* \return \c 1 on failure.
*/ */
int mbedtls_sha256_self_test( int verbose ); int mbedtls_sha256_self_test( int verbose );

62
thirdparty/mbedtls/include/mbedtls/sha512.h vendored
View File

@ -1,7 +1,9 @@
/** /**
* \file sha512.h * \file sha512.h
* \brief This file contains SHA-384 and SHA-512 definitions and functions.
* *
* \brief The SHA-384 and SHA-512 cryptographic hash function. * The Secure Hash Algorithms 384 and 512 (SHA-384 and SHA-512) cryptographic
* hash functions are defined in <em>FIPS 180-4: Secure Hash Standard (SHS)</em>.
*/ */
/* /*
* Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved * Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved
@ -35,14 +37,14 @@
#define MBEDTLS_ERR_SHA512_HW_ACCEL_FAILED -0x0039 /**< SHA-512 hardware accelerator failed */ #define MBEDTLS_ERR_SHA512_HW_ACCEL_FAILED -0x0039 /**< SHA-512 hardware accelerator failed */
#if !defined(MBEDTLS_SHA512_ALT)
// Regular implementation
//
#ifdef __cplusplus #ifdef __cplusplus
extern "C" { extern "C" {
#endif #endif
#if !defined(MBEDTLS_SHA512_ALT)
// Regular implementation
//
/** /**
* \brief The SHA-512 context structure. * \brief The SHA-512 context structure.
* *
@ -55,12 +57,15 @@ typedef struct
uint64_t total[2]; /*!< The number of Bytes processed. */ uint64_t total[2]; /*!< The number of Bytes processed. */
uint64_t state[8]; /*!< The intermediate digest state. */ uint64_t state[8]; /*!< The intermediate digest state. */
unsigned char buffer[128]; /*!< The data block being processed. */ unsigned char buffer[128]; /*!< The data block being processed. */
int is384; /*!< Determines which function to use. int is384; /*!< Determines which function to use:
* <ul><li>0: Use SHA-512.</li> 0: Use SHA-512, or 1: Use SHA-384. */
* <li>1: Use SHA-384.</li></ul> */
} }
mbedtls_sha512_context; mbedtls_sha512_context;
#else /* MBEDTLS_SHA512_ALT */
#include "sha512_alt.h"
#endif /* MBEDTLS_SHA512_ALT */
/** /**
* \brief This function initializes a SHA-512 context. * \brief This function initializes a SHA-512 context.
* *
@ -89,9 +94,8 @@ void mbedtls_sha512_clone( mbedtls_sha512_context *dst,
* calculation. * calculation.
* *
* \param ctx The SHA-512 context to initialize. * \param ctx The SHA-512 context to initialize.
* \param is384 Determines which function to use. * \param is384 Determines which function to use:
* <ul><li>0: Use SHA-512.</li> * 0: Use SHA-512, or 1: Use SHA-384.
* <li>1: Use SHA-384.</li></ul>
* *
* \return \c 0 on success. * \return \c 0 on success.
*/ */
@ -148,9 +152,8 @@ int mbedtls_internal_sha512_process( mbedtls_sha512_context *ctx,
* \deprecated Superseded by mbedtls_sha512_starts_ret() in 2.7.0 * \deprecated Superseded by mbedtls_sha512_starts_ret() in 2.7.0
* *
* \param ctx The SHA-512 context to initialize. * \param ctx The SHA-512 context to initialize.
* \param is384 Determines which function to use. * \param is384 Determines which function to use:
* <ul><li>0: Use SHA-512.</li> * 0: Use SHA-512, or 1: Use SHA-384.
* <li>1: Use SHA-384.</li></ul>
*/ */
MBEDTLS_DEPRECATED void mbedtls_sha512_starts( mbedtls_sha512_context *ctx, MBEDTLS_DEPRECATED void mbedtls_sha512_starts( mbedtls_sha512_context *ctx,
int is384 ); int is384 );
@ -159,7 +162,7 @@ MBEDTLS_DEPRECATED void mbedtls_sha512_starts( mbedtls_sha512_context *ctx,
* \brief This function feeds an input buffer into an ongoing * \brief This function feeds an input buffer into an ongoing
* SHA-512 checksum calculation. * SHA-512 checksum calculation.
* *
* \deprecated Superseded by mbedtls_sha512_update_ret() in 2.7.0 * \deprecated Superseded by mbedtls_sha512_update_ret() in 2.7.0.
* *
* \param ctx The SHA-512 context. * \param ctx The SHA-512 context.
* \param input The buffer holding the data. * \param input The buffer holding the data.
@ -173,7 +176,7 @@ MBEDTLS_DEPRECATED void mbedtls_sha512_update( mbedtls_sha512_context *ctx,
* \brief This function finishes the SHA-512 operation, and writes * \brief This function finishes the SHA-512 operation, and writes
* the result to the output buffer. * the result to the output buffer.
* *
* \deprecated Superseded by mbedtls_sha512_finish_ret() in 2.7.0 * \deprecated Superseded by mbedtls_sha512_finish_ret() in 2.7.0.
* *
* \param ctx The SHA-512 context. * \param ctx The SHA-512 context.
* \param output The SHA-384 or SHA-512 checksum result. * \param output The SHA-384 or SHA-512 checksum result.
@ -186,7 +189,7 @@ MBEDTLS_DEPRECATED void mbedtls_sha512_finish( mbedtls_sha512_context *ctx,
* the ongoing SHA-512 computation. This function is for * the ongoing SHA-512 computation. This function is for
* internal use only. * internal use only.
* *
* \deprecated Superseded by mbedtls_internal_sha512_process() in 2.7.0 * \deprecated Superseded by mbedtls_internal_sha512_process() in 2.7.0.
* *
* \param ctx The SHA-512 context. * \param ctx The SHA-512 context.
* \param data The buffer holding one block of data. * \param data The buffer holding one block of data.
@ -198,18 +201,6 @@ MBEDTLS_DEPRECATED void mbedtls_sha512_process(
#undef MBEDTLS_DEPRECATED #undef MBEDTLS_DEPRECATED
#endif /* !MBEDTLS_DEPRECATED_REMOVED */ #endif /* !MBEDTLS_DEPRECATED_REMOVED */
#ifdef __cplusplus
}
#endif
#else /* MBEDTLS_SHA512_ALT */
#include "sha512_alt.h"
#endif /* MBEDTLS_SHA512_ALT */
#ifdef __cplusplus
extern "C" {
#endif
/** /**
* \brief This function calculates the SHA-512 or SHA-384 * \brief This function calculates the SHA-512 or SHA-384
* checksum of a buffer. * checksum of a buffer.
@ -223,9 +214,8 @@ extern "C" {
* \param input The buffer holding the input data. * \param input The buffer holding the input data.
* \param ilen The length of the input data. * \param ilen The length of the input data.
* \param output The SHA-384 or SHA-512 checksum result. * \param output The SHA-384 or SHA-512 checksum result.
* \param is384 Determines which function to use. * \param is384 Determines which function to use:
* <ul><li>0: Use SHA-512.</li> * 0: Use SHA-512, or 1: Use SHA-384.
* <li>1: Use SHA-384.</li></ul>
* *
* \return \c 0 on success. * \return \c 0 on success.
*/ */
@ -255,9 +245,8 @@ int mbedtls_sha512_ret( const unsigned char *input,
* \param input The buffer holding the data. * \param input The buffer holding the data.
* \param ilen The length of the input data. * \param ilen The length of the input data.
* \param output The SHA-384 or SHA-512 checksum result. * \param output The SHA-384 or SHA-512 checksum result.
* \param is384 Determines which function to use. * \param is384 Determines which function to use:
* <ul><li>0: Use SHA-512.</li> * 0: Use SHA-512, or 1: Use SHA-384.
* <li>1: Use SHA-384.</li></ul>
*/ */
MBEDTLS_DEPRECATED void mbedtls_sha512( const unsigned char *input, MBEDTLS_DEPRECATED void mbedtls_sha512( const unsigned char *input,
size_t ilen, size_t ilen,
@ -269,7 +258,8 @@ MBEDTLS_DEPRECATED void mbedtls_sha512( const unsigned char *input,
/** /**
* \brief The SHA-384 or SHA-512 checkup routine. * \brief The SHA-384 or SHA-512 checkup routine.
* *
* \return \c 0 on success, or \c 1 on failure. * \return \c 0 on success.
* \return \c 1 on failure.
*/ */
int mbedtls_sha512_self_test( int verbose ); int mbedtls_sha512_self_test( int verbose );

197
thirdparty/mbedtls/include/mbedtls/ssl.h vendored
View File

@ -112,13 +112,14 @@
#define MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED -0x6A80 /**< DTLS client must retry for hello verification */ #define MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED -0x6A80 /**< DTLS client must retry for hello verification */
#define MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL -0x6A00 /**< A buffer is too small to receive or write a message */ #define MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL -0x6A00 /**< A buffer is too small to receive or write a message */
#define MBEDTLS_ERR_SSL_NO_USABLE_CIPHERSUITE -0x6980 /**< None of the common ciphersuites is usable (eg, no suitable certificate, see debug messages). */ #define MBEDTLS_ERR_SSL_NO_USABLE_CIPHERSUITE -0x6980 /**< None of the common ciphersuites is usable (eg, no suitable certificate, see debug messages). */
#define MBEDTLS_ERR_SSL_WANT_READ -0x6900 /**< Connection requires a read call. */ #define MBEDTLS_ERR_SSL_WANT_READ -0x6900 /**< No data of requested type currently available on underlying transport. */
#define MBEDTLS_ERR_SSL_WANT_WRITE -0x6880 /**< Connection requires a write call. */ #define MBEDTLS_ERR_SSL_WANT_WRITE -0x6880 /**< Connection requires a write call. */
#define MBEDTLS_ERR_SSL_TIMEOUT -0x6800 /**< The operation timed out. */ #define MBEDTLS_ERR_SSL_TIMEOUT -0x6800 /**< The operation timed out. */
#define MBEDTLS_ERR_SSL_CLIENT_RECONNECT -0x6780 /**< The client initiated a reconnect from the same port. */ #define MBEDTLS_ERR_SSL_CLIENT_RECONNECT -0x6780 /**< The client initiated a reconnect from the same port. */
#define MBEDTLS_ERR_SSL_UNEXPECTED_RECORD -0x6700 /**< Record header looks valid but is not expected. */ #define MBEDTLS_ERR_SSL_UNEXPECTED_RECORD -0x6700 /**< Record header looks valid but is not expected. */
#define MBEDTLS_ERR_SSL_NON_FATAL -0x6680 /**< The alert message received indicates a non-fatal error. */ #define MBEDTLS_ERR_SSL_NON_FATAL -0x6680 /**< The alert message received indicates a non-fatal error. */
#define MBEDTLS_ERR_SSL_INVALID_VERIFY_HASH -0x6600 /**< Couldn't set the hash for verifying CertificateVerify */ #define MBEDTLS_ERR_SSL_INVALID_VERIFY_HASH -0x6600 /**< Couldn't set the hash for verifying CertificateVerify */
#define MBEDTLS_ERR_SSL_CONTINUE_PROCESSING -0x6580 /**< Internal-only message signaling that further message-processing should be done */
/* /*
* Various constants * Various constants
@ -682,10 +683,18 @@ struct mbedtls_ssl_config
#endif #endif
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED) #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
unsigned char *psk; /*!< pre-shared key */ unsigned char *psk; /*!< pre-shared key. This field should
size_t psk_len; /*!< length of the pre-shared key */ only be set via
unsigned char *psk_identity; /*!< identity for PSK negotiation */ mbedtls_ssl_conf_psk() */
size_t psk_identity_len;/*!< length of identity */ size_t psk_len; /*!< length of the pre-shared key. This
field should only be set via
mbedtls_ssl_conf_psk() */
unsigned char *psk_identity; /*!< identity for PSK negotiation. This
field should only be set via
mbedtls_ssl_conf_psk() */
size_t psk_identity_len;/*!< length of identity. This field should
only be set via
mbedtls_ssl_conf_psk() */
#endif #endif
#if defined(MBEDTLS_SSL_ALPN) #if defined(MBEDTLS_SSL_ALPN)
@ -937,14 +946,6 @@ extern int (*mbedtls_ssl_hw_record_read)(mbedtls_ssl_context *ssl);
extern int (*mbedtls_ssl_hw_record_finish)(mbedtls_ssl_context *ssl); extern int (*mbedtls_ssl_hw_record_finish)(mbedtls_ssl_context *ssl);
#endif /* MBEDTLS_SSL_HW_RECORD_ACCEL */ #endif /* MBEDTLS_SSL_HW_RECORD_ACCEL */
/**
* \brief Returns the list of ciphersuites supported by the SSL/TLS module.
*
* \return a statically allocated array of ciphersuites, the last
* entry is 0.
*/
const int *mbedtls_ssl_list_ciphersuites( void );
/** /**
* \brief Return the name of the ciphersuite associated with the * \brief Return the name of the ciphersuite associated with the
* given ID * given ID
@ -1601,6 +1602,10 @@ void mbedtls_ssl_conf_cert_profile( mbedtls_ssl_config *conf,
/** /**
* \brief Set the data required to verify peer certificate * \brief Set the data required to verify peer certificate
* *
* \note See \c mbedtls_x509_crt_verify() for notes regarding the
* parameters ca_chain (maps to trust_ca for that function)
* and ca_crl.
*
* \param conf SSL configuration * \param conf SSL configuration
* \param ca_chain trusted CA chain (meaning all fully trusted top-level CAs) * \param ca_chain trusted CA chain (meaning all fully trusted top-level CAs)
* \param ca_crl trusted CA CRLs * \param ca_crl trusted CA CRLs
@ -2289,11 +2294,59 @@ void mbedtls_ssl_conf_renegotiation_period( mbedtls_ssl_config *conf,
#endif /* MBEDTLS_SSL_RENEGOTIATION */ #endif /* MBEDTLS_SSL_RENEGOTIATION */
/** /**
* \brief Return the number of data bytes available to read * \brief Check if there is data already read from the
* underlying transport but not yet processed.
* *
* \param ssl SSL context * \param ssl SSL context
* *
* \return how many bytes are available in the read buffer * \return 0 if nothing's pending, 1 otherwise.
*
* \note This is different in purpose and behaviour from
* \c mbedtls_ssl_get_bytes_avail in that it considers
* any kind of unprocessed data, not only unread
* application data. If \c mbedtls_ssl_get_bytes
* returns a non-zero value, this function will
* also signal pending data, but the converse does
* not hold. For example, in DTLS there might be
* further records waiting to be processed from
* the current underlying transport's datagram.
*
* \note If this function returns 1 (data pending), this
* does not imply that a subsequent call to
* \c mbedtls_ssl_read will provide any data;
* e.g., the unprocessed data might turn out
* to be an alert or a handshake message.
*
* \note This function is useful in the following situation:
* If the SSL/TLS module successfully returns from an
* operation - e.g. a handshake or an application record
* read - and you're awaiting incoming data next, you
* must not immediately idle on the underlying transport
* to have data ready, but you need to check the value
* of this function first. The reason is that the desired
* data might already be read but not yet processed.
* If, in contrast, a previous call to the SSL/TLS module
* returned MBEDTLS_ERR_SSL_WANT_READ, it is not necessary
* to call this function, as the latter error code entails
* that all internal data has been processed.
*
*/
int mbedtls_ssl_check_pending( const mbedtls_ssl_context *ssl );
/**
* \brief Return the number of application data bytes
* remaining to be read from the current record.
*
* \param ssl SSL context
*
* \return How many bytes are available in the application
* data record read buffer.
*
* \note When working over a datagram transport, this is
* useful to detect the current datagram's boundary
* in case \c mbedtls_ssl_read has written the maximal
* amount of data fitting into the input buffer.
*
*/ */
size_t mbedtls_ssl_get_bytes_avail( const mbedtls_ssl_context *ssl ); size_t mbedtls_ssl_get_bytes_avail( const mbedtls_ssl_context *ssl );
@ -2408,11 +2461,25 @@ int mbedtls_ssl_get_session( const mbedtls_ssl_context *ssl, mbedtls_ssl_session
* MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED (see below), or * MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED (see below), or
* a specific SSL error code. * a specific SSL error code.
* *
* If this function returns MBEDTLS_ERR_SSL_WANT_READ, the
* handshake is unfinished and no further data is available
* from the underlying transport. In this case, you must call
* the function again at some later stage.
*
* \note Remarks regarding event-driven DTLS:
* If the function returns MBEDTLS_ERR_SSL_WANT_READ, no datagram
* from the underlying transport layer is currently being processed,
* and it is safe to idle until the timer or the underlying transport
* signal a new event. This is not true for a successful handshake,
* in which case the datagram of the underlying transport that is
* currently being processed might or might not contain further
* DTLS records.
*
* \note If this function returns something other than 0 or * \note If this function returns something other than 0 or
* MBEDTLS_ERR_SSL_WANT_READ/WRITE, then the ssl context * MBEDTLS_ERR_SSL_WANT_READ/WRITE, you must stop using
* becomes unusable, and you should either free it or call * the SSL context for reading or writing, and either free it or
* \c mbedtls_ssl_session_reset() on it before re-using it for * call \c mbedtls_ssl_session_reset() on it before re-using it
* a new connection; the current connection must be closed. * for a new connection; the current connection must be closed.
* *
* \note If DTLS is in use, then you may choose to handle * \note If DTLS is in use, then you may choose to handle
* MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED specially for logging * MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED specially for logging
@ -2429,10 +2496,10 @@ int mbedtls_ssl_handshake( mbedtls_ssl_context *ssl );
* call this function if state is MBEDTLS_SSL_HANDSHAKE_OVER. * call this function if state is MBEDTLS_SSL_HANDSHAKE_OVER.
* *
* \note If this function returns something other than 0 or * \note If this function returns something other than 0 or
* MBEDTLS_ERR_SSL_WANT_READ/WRITE, then the ssl context * MBEDTLS_ERR_SSL_WANT_READ/WRITE, you must stop using
* becomes unusable, and you should either free it or call * the SSL context for reading or writing, and either free it or
* \c mbedtls_ssl_session_reset() on it before re-using it for * call \c mbedtls_ssl_session_reset() on it before re-using it
* a new connection; the current connection must be closed. * for a new connection; the current connection must be closed.
* *
* \param ssl SSL context * \param ssl SSL context
* *
@ -2456,10 +2523,10 @@ int mbedtls_ssl_handshake_step( mbedtls_ssl_context *ssl );
* value. * value.
* *
* \note If this function returns something other than 0 or * \note If this function returns something other than 0 or
* MBEDTLS_ERR_SSL_WANT_READ/WRITE, then the ssl context * MBEDTLS_ERR_SSL_WANT_READ/WRITE, you must stop using
* becomes unusable, and you should either free it or call * the SSL context for reading or writing, and either free it or
* \c mbedtls_ssl_session_reset() on it before re-using it for * call \c mbedtls_ssl_session_reset() on it before re-using it
* a new connection; the current connection must be closed. * for a new connection; the current connection must be closed.
*/ */
int mbedtls_ssl_renegotiate( mbedtls_ssl_context *ssl ); int mbedtls_ssl_renegotiate( mbedtls_ssl_context *ssl );
#endif /* MBEDTLS_SSL_RENEGOTIATION */ #endif /* MBEDTLS_SSL_RENEGOTIATION */
@ -2471,20 +2538,20 @@ int mbedtls_ssl_renegotiate( mbedtls_ssl_context *ssl );
* \param buf buffer that will hold the data * \param buf buffer that will hold the data
* \param len maximum number of bytes to read * \param len maximum number of bytes to read
* *
* \return the number of bytes read, or * \return One of the following:
* 0 for EOF, or * - 0 if the read end of the underlying transport was closed,
* MBEDTLS_ERR_SSL_WANT_READ or MBEDTLS_ERR_SSL_WANT_WRITE, or * - the (positive) number of bytes read, or
* MBEDTLS_ERR_SSL_CLIENT_RECONNECT (see below), or * - a negative error code on failure.
* another negative error code.
* *
* \note If this function returns something other than a positive * If MBEDTLS_ERR_SSL_WANT_READ is returned, no application data
* value or MBEDTLS_ERR_SSL_WANT_READ/WRITE or * is available from the underlying transport. In this case,
* MBEDTLS_ERR_SSL_CLIENT_RECONNECT, then the ssl context * the function needs to be called again at some later stage.
* becomes unusable, and you should either free it or call
* \c mbedtls_ssl_session_reset() on it before re-using it for
* a new connection; the current connection must be closed.
* *
* \note When this function return MBEDTLS_ERR_SSL_CLIENT_RECONNECT * If MBEDTLS_ERR_SSL_WANT_WRITE is returned, a write is pending
* but the underlying transport isn't available for writing. In this
* case, the function needs to be called again at some later stage.
*
* When this function return MBEDTLS_ERR_SSL_CLIENT_RECONNECT
* (which can only happen server-side), it means that a client * (which can only happen server-side), it means that a client
* is initiating a new connection using the same source port. * is initiating a new connection using the same source port.
* You can either treat that as a connection close and wait * You can either treat that as a connection close and wait
@ -2497,6 +2564,28 @@ int mbedtls_ssl_renegotiate( mbedtls_ssl_context *ssl );
* again. WARNING: not validating the identity of the client * again. WARNING: not validating the identity of the client
* again, or not transmitting the new identity to the * again, or not transmitting the new identity to the
* application layer, would allow authentication bypass! * application layer, would allow authentication bypass!
*
* \note If this function returns something other than a positive value
* or MBEDTLS_ERR_SSL_WANT_READ/WRITE or MBEDTLS_ERR_SSL_CLIENT_RECONNECT,
* you must stop using the SSL context for reading or writing,
* and either free it or call \c mbedtls_ssl_session_reset() on it
* before re-using it for a new connection; the current connection
* must be closed.
*
* \note Remarks regarding event-driven DTLS:
* - If the function returns MBEDTLS_ERR_SSL_WANT_READ, no datagram
* from the underlying transport layer is currently being processed,
* and it is safe to idle until the timer or the underlying transport
* signal a new event.
* - This function may return MBEDTLS_ERR_SSL_WANT_READ even if data was
* initially available on the underlying transport, as this data may have
* been only e.g. duplicated messages or a renegotiation request.
* Therefore, you must be prepared to receive MBEDTLS_ERR_SSL_WANT_READ even
* when reacting to an incoming-data event from the underlying transport.
* - On success, the datagram of the underlying transport that is currently
* being processed may contain further DTLS records. You should call
* \c mbedtls_ssl_check_pending to check for remaining records.
*
*/ */
int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len ); int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len );
@ -2517,15 +2606,17 @@ int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len )
* or MBEDTLS_ERR_SSL_WANT_WRITE or MBEDTLS_ERR_SSL_WANT_READ, * or MBEDTLS_ERR_SSL_WANT_WRITE or MBEDTLS_ERR_SSL_WANT_READ,
* or another negative error code. * or another negative error code.
* *
* \note If this function returns something other than a positive * \note If this function returns something other than a positive value
* value or MBEDTLS_ERR_SSL_WANT_READ/WRITE, the ssl context * or MBEDTLS_ERR_SSL_WANT_READ/WRITE, you must stop using
* becomes unusable, and you should either free it or call * the SSL context for reading or writing, and either free it or
* \c mbedtls_ssl_session_reset() on it before re-using it for * call \c mbedtls_ssl_session_reset() on it before re-using it
* a new connection; the current connection must be closed. * for a new connection; the current connection must be closed.
* *
* \note When this function returns MBEDTLS_ERR_SSL_WANT_WRITE/READ, * \note When this function returns MBEDTLS_ERR_SSL_WANT_WRITE/READ,
* it must be called later with the *same* arguments, * it must be called later with the *same* arguments,
* until it returns a positive value. * until it returns a positive value. When the function returns
* MBEDTLS_ERR_SSL_WANT_WRITE there may be some partial
* data in the output buffer, however this is not yet sent.
* *
* \note If the requested length is greater than the maximum * \note If the requested length is greater than the maximum
* fragment length (either the built-in limit or the one set * fragment length (either the built-in limit or the one set
@ -2548,10 +2639,10 @@ int mbedtls_ssl_write( mbedtls_ssl_context *ssl, const unsigned char *buf, size_
* \return 0 if successful, or a specific SSL error code. * \return 0 if successful, or a specific SSL error code.
* *
* \note If this function returns something other than 0 or * \note If this function returns something other than 0 or
* MBEDTLS_ERR_SSL_WANT_READ/WRITE, then the ssl context * MBEDTLS_ERR_SSL_WANT_READ/WRITE, you must stop using
* becomes unusable, and you should either free it or call * the SSL context for reading or writing, and either free it or
* \c mbedtls_ssl_session_reset() on it before re-using it for * call \c mbedtls_ssl_session_reset() on it before re-using it
* a new connection; the current connection must be closed. * for a new connection; the current connection must be closed.
*/ */
int mbedtls_ssl_send_alert_message( mbedtls_ssl_context *ssl, int mbedtls_ssl_send_alert_message( mbedtls_ssl_context *ssl,
unsigned char level, unsigned char level,
@ -2564,10 +2655,10 @@ int mbedtls_ssl_send_alert_message( mbedtls_ssl_context *ssl,
* \return 0 if successful, or a specific SSL error code. * \return 0 if successful, or a specific SSL error code.
* *
* \note If this function returns something other than 0 or * \note If this function returns something other than 0 or
* MBEDTLS_ERR_SSL_WANT_READ/WRITE, then the ssl context * MBEDTLS_ERR_SSL_WANT_READ/WRITE, you must stop using
* becomes unusable, and you should either free it or call * the SSL context for reading or writing, and either free it or
* \c mbedtls_ssl_session_reset() on it before re-using it for * call \c mbedtls_ssl_session_reset() on it before re-using it
* a new connection; the current connection must be closed. * for a new connection; the current connection must be closed.
*/ */
int mbedtls_ssl_close_notify( mbedtls_ssl_context *ssl ); int mbedtls_ssl_close_notify( mbedtls_ssl_context *ssl );

39
thirdparty/mbedtls/include/mbedtls/ssl_ciphersuites.h vendored
View File

@ -169,6 +169,45 @@ extern "C" {
#define MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256 0xC03A /**< Weak! No SSL3! */ #define MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256 0xC03A /**< Weak! No SSL3! */
#define MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384 0xC03B /**< Weak! No SSL3! */ #define MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384 0xC03B /**< Weak! No SSL3! */
#define MBEDTLS_TLS_RSA_WITH_ARIA_128_CBC_SHA256 0xC03C /**< TLS 1.2 */
#define MBEDTLS_TLS_RSA_WITH_ARIA_256_CBC_SHA384 0xC03D /**< TLS 1.2 */
#define MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256 0xC044 /**< TLS 1.2 */
#define MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384 0xC045 /**< TLS 1.2 */
#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256 0xC048 /**< TLS 1.2 */
#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384 0xC049 /**< TLS 1.2 */
#define MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256 0xC04A /**< TLS 1.2 */
#define MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384 0xC04B /**< TLS 1.2 */
#define MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256 0xC04C /**< TLS 1.2 */
#define MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384 0xC04D /**< TLS 1.2 */
#define MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256 0xC04E /**< TLS 1.2 */
#define MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384 0xC04F /**< TLS 1.2 */
#define MBEDTLS_TLS_RSA_WITH_ARIA_128_GCM_SHA256 0xC050 /**< TLS 1.2 */
#define MBEDTLS_TLS_RSA_WITH_ARIA_256_GCM_SHA384 0xC051 /**< TLS 1.2 */
#define MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256 0xC052 /**< TLS 1.2 */
#define MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384 0xC053 /**< TLS 1.2 */
#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256 0xC05C /**< TLS 1.2 */
#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384 0xC05D /**< TLS 1.2 */
#define MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256 0xC05E /**< TLS 1.2 */
#define MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384 0xC05F /**< TLS 1.2 */
#define MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256 0xC060 /**< TLS 1.2 */
#define MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384 0xC061 /**< TLS 1.2 */
#define MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256 0xC062 /**< TLS 1.2 */
#define MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384 0xC063 /**< TLS 1.2 */
#define MBEDTLS_TLS_PSK_WITH_ARIA_128_CBC_SHA256 0xC064 /**< TLS 1.2 */
#define MBEDTLS_TLS_PSK_WITH_ARIA_256_CBC_SHA384 0xC065 /**< TLS 1.2 */
#define MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256 0xC066 /**< TLS 1.2 */
#define MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384 0xC067 /**< TLS 1.2 */
#define MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256 0xC068 /**< TLS 1.2 */
#define MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384 0xC069 /**< TLS 1.2 */
#define MBEDTLS_TLS_PSK_WITH_ARIA_128_GCM_SHA256 0xC06A /**< TLS 1.2 */
#define MBEDTLS_TLS_PSK_WITH_ARIA_256_GCM_SHA384 0xC06B /**< TLS 1.2 */
#define MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256 0xC06C /**< TLS 1.2 */
#define MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384 0xC06D /**< TLS 1.2 */
#define MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256 0xC06E /**< TLS 1.2 */
#define MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384 0xC06F /**< TLS 1.2 */
#define MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256 0xC070 /**< TLS 1.2 */
#define MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384 0xC071 /**< TLS 1.2 */
#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 0xC072 /**< Not in SSL3! */ #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 0xC072 /**< Not in SSL3! */
#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 0xC073 /**< Not in SSL3! */ #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 0xC073 /**< Not in SSL3! */
#define MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 0xC074 /**< Not in SSL3! */ #define MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 0xC074 /**< Not in SSL3! */

4
thirdparty/mbedtls/include/mbedtls/threading.h vendored
View File

@ -96,8 +96,12 @@ extern int (*mbedtls_mutex_unlock)( mbedtls_threading_mutex_t *mutex );
/* /*
* Global mutexes * Global mutexes
*/ */
#if defined(MBEDTLS_FS_IO)
extern mbedtls_threading_mutex_t mbedtls_threading_readdir_mutex; extern mbedtls_threading_mutex_t mbedtls_threading_readdir_mutex;
#endif
#if defined(MBEDTLS_HAVE_TIME_DATE)
extern mbedtls_threading_mutex_t mbedtls_threading_gmtime_mutex; extern mbedtls_threading_mutex_t mbedtls_threading_gmtime_mutex;
#endif
#endif /* MBEDTLS_THREADING_C */ #endif /* MBEDTLS_THREADING_C */
#ifdef __cplusplus #ifdef __cplusplus

24
thirdparty/mbedtls/include/mbedtls/timing.h vendored
View File

@ -30,16 +30,16 @@
#include MBEDTLS_CONFIG_FILE #include MBEDTLS_CONFIG_FILE
#endif #endif
#if !defined(MBEDTLS_TIMING_ALT)
// Regular implementation
//
#include <stdint.h> #include <stdint.h>
#ifdef __cplusplus #ifdef __cplusplus
extern "C" { extern "C" {
#endif #endif
#if !defined(MBEDTLS_TIMING_ALT)
// Regular implementation
//
/** /**
* \brief timer structure * \brief timer structure
*/ */
@ -58,6 +58,10 @@ typedef struct
uint32_t fin_ms; uint32_t fin_ms;
} mbedtls_timing_delay_context; } mbedtls_timing_delay_context;
#else /* MBEDTLS_TIMING_ALT */
#include "timing_alt.h"
#endif /* MBEDTLS_TIMING_ALT */
extern volatile int mbedtls_timing_alarmed; extern volatile int mbedtls_timing_alarmed;
/** /**
@ -133,18 +137,6 @@ void mbedtls_timing_set_delay( void *data, uint32_t int_ms, uint32_t fin_ms );
*/ */
int mbedtls_timing_get_delay( void *data ); int mbedtls_timing_get_delay( void *data );
#ifdef __cplusplus
}
#endif
#else /* MBEDTLS_TIMING_ALT */
#include "timing_alt.h"
#endif /* MBEDTLS_TIMING_ALT */
#ifdef __cplusplus
extern "C" {
#endif
#if defined(MBEDTLS_SELF_TEST) #if defined(MBEDTLS_SELF_TEST)
/** /**
* \brief Checkup routine * \brief Checkup routine

8
thirdparty/mbedtls/include/mbedtls/version.h vendored
View File

@ -39,7 +39,7 @@
* Major, Minor, Patchlevel * Major, Minor, Patchlevel
*/ */
#define MBEDTLS_VERSION_MAJOR 2 #define MBEDTLS_VERSION_MAJOR 2
#define MBEDTLS_VERSION_MINOR 8 #define MBEDTLS_VERSION_MINOR 10
#define MBEDTLS_VERSION_PATCH 0 #define MBEDTLS_VERSION_PATCH 0
/** /**
@ -47,9 +47,9 @@
* MMNNPP00 * MMNNPP00
* Major version | Minor version | Patch version * Major version | Minor version | Patch version
*/ */
#define MBEDTLS_VERSION_NUMBER 0x02080000 #define MBEDTLS_VERSION_NUMBER 0x020A0000
#define MBEDTLS_VERSION_STRING "2.8.0" #define MBEDTLS_VERSION_STRING "2.10.0"
#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 2.8.0" #define MBEDTLS_VERSION_STRING_FULL "mbed TLS 2.10.0"
#if defined(MBEDTLS_VERSION_C) #if defined(MBEDTLS_VERSION_C)

9
thirdparty/mbedtls/include/mbedtls/x509_crt.h vendored
View File

@ -287,8 +287,15 @@ int mbedtls_x509_crt_verify_info( char *buf, size_t size, const char *prefix,
* used to sign the certificate, CRL verification is skipped * used to sign the certificate, CRL verification is skipped
* silently, that is *without* setting any flag. * silently, that is *without* setting any flag.
* *
* \note The \c trust_ca list can contain two types of certificates:
* (1) those of trusted root CAs, so that certificates
* chaining up to those CAs will be trusted, and (2)
* self-signed end-entity certificates to be trusted (for
* specific peers you know) - in that case, the self-signed
* certificate doesn't need to have the CA bit set.
*
* \param crt a certificate (chain) to be verified * \param crt a certificate (chain) to be verified
* \param trust_ca the list of trusted CAs * \param trust_ca the list of trusted CAs (see note above)
* \param ca_crl the list of CRLs for trusted CAs (see note above) * \param ca_crl the list of CRLs for trusted CAs (see note above)
* \param cn expected Common Name (can be set to * \param cn expected Common Name (can be set to
* NULL if the CN must not be verified) * NULL if the CN must not be verified)

24
thirdparty/mbedtls/include/mbedtls/xtea.h vendored
View File

@ -39,14 +39,14 @@
#define MBEDTLS_ERR_XTEA_INVALID_INPUT_LENGTH -0x0028 /**< The data input has an invalid length. */ #define MBEDTLS_ERR_XTEA_INVALID_INPUT_LENGTH -0x0028 /**< The data input has an invalid length. */
#define MBEDTLS_ERR_XTEA_HW_ACCEL_FAILED -0x0029 /**< XTEA hardware accelerator failed. */ #define MBEDTLS_ERR_XTEA_HW_ACCEL_FAILED -0x0029 /**< XTEA hardware accelerator failed. */
#if !defined(MBEDTLS_XTEA_ALT)
// Regular implementation
//
#ifdef __cplusplus #ifdef __cplusplus
extern "C" { extern "C" {
#endif #endif
#if !defined(MBEDTLS_XTEA_ALT)
// Regular implementation
//
/** /**
* \brief XTEA context structure * \brief XTEA context structure
*/ */
@ -56,6 +56,10 @@ typedef struct
} }
mbedtls_xtea_context; mbedtls_xtea_context;
#else /* MBEDTLS_XTEA_ALT */
#include "xtea_alt.h"
#endif /* MBEDTLS_XTEA_ALT */
/** /**
* \brief Initialize XTEA context * \brief Initialize XTEA context
* *
@ -115,18 +119,6 @@ int mbedtls_xtea_crypt_cbc( mbedtls_xtea_context *ctx,
unsigned char *output); unsigned char *output);
#endif /* MBEDTLS_CIPHER_MODE_CBC */ #endif /* MBEDTLS_CIPHER_MODE_CBC */
#ifdef __cplusplus
}
#endif
#else /* MBEDTLS_XTEA_ALT */
#include "xtea_alt.h"
#endif /* MBEDTLS_XTEA_ALT */
#ifdef __cplusplus
extern "C" {
#endif
/** /**
* \brief Checkup routine * \brief Checkup routine
* *

151
thirdparty/mbedtls/library/aes.c vendored
View File

@ -36,6 +36,7 @@
#include <string.h> #include <string.h>
#include "mbedtls/aes.h" #include "mbedtls/aes.h"
#include "mbedtls/platform_util.h"
#if defined(MBEDTLS_PADLOCK_C) #if defined(MBEDTLS_PADLOCK_C)
#include "mbedtls/padlock.h" #include "mbedtls/padlock.h"
#endif #endif
@ -54,11 +55,6 @@
#if !defined(MBEDTLS_AES_ALT) #if !defined(MBEDTLS_AES_ALT)
/* Implementation that should never be optimized out by the compiler */
static void mbedtls_zeroize( void *v, size_t n ) {
volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0;
}
/* /*
* 32-bit integer manipulation macros (little endian) * 32-bit integer manipulation macros (little endian)
*/ */
@ -201,6 +197,8 @@ static const unsigned char FSb[256] =
static const uint32_t FT0[256] = { FT }; static const uint32_t FT0[256] = { FT };
#undef V #undef V
#if !defined(MBEDTLS_AES_FEWER_TABLES)
#define V(a,b,c,d) 0x##b##c##d##a #define V(a,b,c,d) 0x##b##c##d##a
static const uint32_t FT1[256] = { FT }; static const uint32_t FT1[256] = { FT };
#undef V #undef V
@ -213,6 +211,8 @@ static const uint32_t FT2[256] = { FT };
static const uint32_t FT3[256] = { FT }; static const uint32_t FT3[256] = { FT };
#undef V #undef V
#endif /* !MBEDTLS_AES_FEWER_TABLES */
#undef FT #undef FT
/* /*
@ -328,6 +328,8 @@ static const unsigned char RSb[256] =
static const uint32_t RT0[256] = { RT }; static const uint32_t RT0[256] = { RT };
#undef V #undef V
#if !defined(MBEDTLS_AES_FEWER_TABLES)
#define V(a,b,c,d) 0x##b##c##d##a #define V(a,b,c,d) 0x##b##c##d##a
static const uint32_t RT1[256] = { RT }; static const uint32_t RT1[256] = { RT };
#undef V #undef V
@ -340,6 +342,8 @@ static const uint32_t RT2[256] = { RT };
static const uint32_t RT3[256] = { RT }; static const uint32_t RT3[256] = { RT };
#undef V #undef V
#endif /* !MBEDTLS_AES_FEWER_TABLES */
#undef RT #undef RT
/* /*
@ -359,18 +363,22 @@ static const uint32_t RCON[10] =
*/ */
static unsigned char FSb[256]; static unsigned char FSb[256];
static uint32_t FT0[256]; static uint32_t FT0[256];
#if !defined(MBEDTLS_AES_FEWER_TABLES)
static uint32_t FT1[256]; static uint32_t FT1[256];
static uint32_t FT2[256]; static uint32_t FT2[256];
static uint32_t FT3[256]; static uint32_t FT3[256];
#endif /* !MBEDTLS_AES_FEWER_TABLES */
/* /*
* Reverse S-box & tables * Reverse S-box & tables
*/ */
static unsigned char RSb[256]; static unsigned char RSb[256];
static uint32_t RT0[256]; static uint32_t RT0[256];
#if !defined(MBEDTLS_AES_FEWER_TABLES)
static uint32_t RT1[256]; static uint32_t RT1[256];
static uint32_t RT2[256]; static uint32_t RT2[256];
static uint32_t RT3[256]; static uint32_t RT3[256];
#endif /* !MBEDTLS_AES_FEWER_TABLES */
/* /*
* Round constants * Round constants
@ -445,9 +453,11 @@ static void aes_gen_tables( void )
( (uint32_t) x << 16 ) ^ ( (uint32_t) x << 16 ) ^
( (uint32_t) z << 24 ); ( (uint32_t) z << 24 );
#if !defined(MBEDTLS_AES_FEWER_TABLES)
FT1[i] = ROTL8( FT0[i] ); FT1[i] = ROTL8( FT0[i] );
FT2[i] = ROTL8( FT1[i] ); FT2[i] = ROTL8( FT1[i] );
FT3[i] = ROTL8( FT2[i] ); FT3[i] = ROTL8( FT2[i] );
#endif /* !MBEDTLS_AES_FEWER_TABLES */
x = RSb[i]; x = RSb[i];
@ -456,14 +466,48 @@ static void aes_gen_tables( void )
( (uint32_t) MUL( 0x0D, x ) << 16 ) ^ ( (uint32_t) MUL( 0x0D, x ) << 16 ) ^
( (uint32_t) MUL( 0x0B, x ) << 24 ); ( (uint32_t) MUL( 0x0B, x ) << 24 );
#if !defined(MBEDTLS_AES_FEWER_TABLES)
RT1[i] = ROTL8( RT0[i] ); RT1[i] = ROTL8( RT0[i] );
RT2[i] = ROTL8( RT1[i] ); RT2[i] = ROTL8( RT1[i] );
RT3[i] = ROTL8( RT2[i] ); RT3[i] = ROTL8( RT2[i] );
#endif /* !MBEDTLS_AES_FEWER_TABLES */
} }
} }
#undef ROTL8
#endif /* MBEDTLS_AES_ROM_TABLES */ #endif /* MBEDTLS_AES_ROM_TABLES */
#if defined(MBEDTLS_AES_FEWER_TABLES)
#define ROTL8(x) ( (uint32_t)( ( x ) << 8 ) + (uint32_t)( ( x ) >> 24 ) )
#define ROTL16(x) ( (uint32_t)( ( x ) << 16 ) + (uint32_t)( ( x ) >> 16 ) )
#define ROTL24(x) ( (uint32_t)( ( x ) << 24 ) + (uint32_t)( ( x ) >> 8 ) )
#define AES_RT0(idx) RT0[idx]
#define AES_RT1(idx) ROTL8( RT0[idx] )
#define AES_RT2(idx) ROTL16( RT0[idx] )
#define AES_RT3(idx) ROTL24( RT0[idx] )
#define AES_FT0(idx) FT0[idx]
#define AES_FT1(idx) ROTL8( FT0[idx] )
#define AES_FT2(idx) ROTL16( FT0[idx] )
#define AES_FT3(idx) ROTL24( FT0[idx] )
#else /* MBEDTLS_AES_FEWER_TABLES */
#define AES_RT0(idx) RT0[idx]
#define AES_RT1(idx) RT1[idx]
#define AES_RT2(idx) RT2[idx]
#define AES_RT3(idx) RT3[idx]
#define AES_FT0(idx) FT0[idx]
#define AES_FT1(idx) FT1[idx]
#define AES_FT2(idx) FT2[idx]
#define AES_FT3(idx) FT3[idx]
#endif /* MBEDTLS_AES_FEWER_TABLES */
void mbedtls_aes_init( mbedtls_aes_context *ctx ) void mbedtls_aes_init( mbedtls_aes_context *ctx )
{ {
memset( ctx, 0, sizeof( mbedtls_aes_context ) ); memset( ctx, 0, sizeof( mbedtls_aes_context ) );
@ -474,7 +518,7 @@ void mbedtls_aes_free( mbedtls_aes_context *ctx )
if( ctx == NULL ) if( ctx == NULL )
return; return;
mbedtls_zeroize( ctx, sizeof( mbedtls_aes_context ) ); mbedtls_platform_zeroize( ctx, sizeof( mbedtls_aes_context ) );
} }
/* /*
@ -641,10 +685,10 @@ int mbedtls_aes_setkey_dec( mbedtls_aes_context *ctx, const unsigned char *key,
{ {
for( j = 0; j < 4; j++, SK++ ) for( j = 0; j < 4; j++, SK++ )
{ {
*RK++ = RT0[ FSb[ ( *SK ) & 0xFF ] ] ^ *RK++ = AES_RT0( FSb[ ( *SK ) & 0xFF ] ) ^
RT1[ FSb[ ( *SK >> 8 ) & 0xFF ] ] ^ AES_RT1( FSb[ ( *SK >> 8 ) & 0xFF ] ) ^
RT2[ FSb[ ( *SK >> 16 ) & 0xFF ] ] ^ AES_RT2( FSb[ ( *SK >> 16 ) & 0xFF ] ) ^
RT3[ FSb[ ( *SK >> 24 ) & 0xFF ] ]; AES_RT3( FSb[ ( *SK >> 24 ) & 0xFF ] );
} }
} }
@ -660,50 +704,50 @@ exit:
} }
#endif /* !MBEDTLS_AES_SETKEY_DEC_ALT */ #endif /* !MBEDTLS_AES_SETKEY_DEC_ALT */
#define AES_FROUND(X0,X1,X2,X3,Y0,Y1,Y2,Y3) \ #define AES_FROUND(X0,X1,X2,X3,Y0,Y1,Y2,Y3) \
{ \ { \
X0 = *RK++ ^ FT0[ ( Y0 ) & 0xFF ] ^ \ X0 = *RK++ ^ AES_FT0( ( Y0 ) & 0xFF ) ^ \
FT1[ ( Y1 >> 8 ) & 0xFF ] ^ \ AES_FT1( ( Y1 >> 8 ) & 0xFF ) ^ \
FT2[ ( Y2 >> 16 ) & 0xFF ] ^ \ AES_FT2( ( Y2 >> 16 ) & 0xFF ) ^ \
FT3[ ( Y3 >> 24 ) & 0xFF ]; \ AES_FT3( ( Y3 >> 24 ) & 0xFF ); \
\ \
X1 = *RK++ ^ FT0[ ( Y1 ) & 0xFF ] ^ \ X1 = *RK++ ^ AES_FT0( ( Y1 ) & 0xFF ) ^ \
FT1[ ( Y2 >> 8 ) & 0xFF ] ^ \ AES_FT1( ( Y2 >> 8 ) & 0xFF ) ^ \
FT2[ ( Y3 >> 16 ) & 0xFF ] ^ \ AES_FT2( ( Y3 >> 16 ) & 0xFF ) ^ \
FT3[ ( Y0 >> 24 ) & 0xFF ]; \ AES_FT3( ( Y0 >> 24 ) & 0xFF ); \
\ \
X2 = *RK++ ^ FT0[ ( Y2 ) & 0xFF ] ^ \ X2 = *RK++ ^ AES_FT0( ( Y2 ) & 0xFF ) ^ \
FT1[ ( Y3 >> 8 ) & 0xFF ] ^ \ AES_FT1( ( Y3 >> 8 ) & 0xFF ) ^ \
FT2[ ( Y0 >> 16 ) & 0xFF ] ^ \ AES_FT2( ( Y0 >> 16 ) & 0xFF ) ^ \
FT3[ ( Y1 >> 24 ) & 0xFF ]; \ AES_FT3( ( Y1 >> 24 ) & 0xFF ); \
\ \
X3 = *RK++ ^ FT0[ ( Y3 ) & 0xFF ] ^ \ X3 = *RK++ ^ AES_FT0( ( Y3 ) & 0xFF ) ^ \
FT1[ ( Y0 >> 8 ) & 0xFF ] ^ \ AES_FT1( ( Y0 >> 8 ) & 0xFF ) ^ \
FT2[ ( Y1 >> 16 ) & 0xFF ] ^ \ AES_FT2( ( Y1 >> 16 ) & 0xFF ) ^ \
FT3[ ( Y2 >> 24 ) & 0xFF ]; \ AES_FT3( ( Y2 >> 24 ) & 0xFF ); \
} }
#define AES_RROUND(X0,X1,X2,X3,Y0,Y1,Y2,Y3) \ #define AES_RROUND(X0,X1,X2,X3,Y0,Y1,Y2,Y3) \
{ \ { \
X0 = *RK++ ^ RT0[ ( Y0 ) & 0xFF ] ^ \ X0 = *RK++ ^ AES_RT0( ( Y0 ) & 0xFF ) ^ \
RT1[ ( Y3 >> 8 ) & 0xFF ] ^ \ AES_RT1( ( Y3 >> 8 ) & 0xFF ) ^ \
RT2[ ( Y2 >> 16 ) & 0xFF ] ^ \ AES_RT2( ( Y2 >> 16 ) & 0xFF ) ^ \
RT3[ ( Y1 >> 24 ) & 0xFF ]; \ AES_RT3( ( Y1 >> 24 ) & 0xFF ); \
\ \
X1 = *RK++ ^ RT0[ ( Y1 ) & 0xFF ] ^ \ X1 = *RK++ ^ AES_RT0( ( Y1 ) & 0xFF ) ^ \
RT1[ ( Y0 >> 8 ) & 0xFF ] ^ \ AES_RT1( ( Y0 >> 8 ) & 0xFF ) ^ \
RT2[ ( Y3 >> 16 ) & 0xFF ] ^ \ AES_RT2( ( Y3 >> 16 ) & 0xFF ) ^ \
RT3[ ( Y2 >> 24 ) & 0xFF ]; \ AES_RT3( ( Y2 >> 24 ) & 0xFF ); \
\ \
X2 = *RK++ ^ RT0[ ( Y2 ) & 0xFF ] ^ \ X2 = *RK++ ^ AES_RT0( ( Y2 ) & 0xFF ) ^ \
RT1[ ( Y1 >> 8 ) & 0xFF ] ^ \ AES_RT1( ( Y1 >> 8 ) & 0xFF ) ^ \
RT2[ ( Y0 >> 16 ) & 0xFF ] ^ \ AES_RT2( ( Y0 >> 16 ) & 0xFF ) ^ \
RT3[ ( Y3 >> 24 ) & 0xFF ]; \ AES_RT3( ( Y3 >> 24 ) & 0xFF ); \
\ \
X3 = *RK++ ^ RT0[ ( Y3 ) & 0xFF ] ^ \ X3 = *RK++ ^ AES_RT0( ( Y3 ) & 0xFF ) ^ \
RT1[ ( Y2 >> 8 ) & 0xFF ] ^ \ AES_RT1( ( Y2 >> 8 ) & 0xFF ) ^ \
RT2[ ( Y1 >> 16 ) & 0xFF ] ^ \ AES_RT2( ( Y1 >> 16 ) & 0xFF ) ^ \
RT3[ ( Y0 >> 24 ) & 0xFF ]; \ AES_RT3( ( Y0 >> 24 ) & 0xFF ); \
} }
/* /*
@ -1034,6 +1078,9 @@ int mbedtls_aes_crypt_ctr( mbedtls_aes_context *ctx,
int c, i; int c, i;
size_t n = *nc_off; size_t n = *nc_off;
if ( n > 0x0F )
return( MBEDTLS_ERR_AES_BAD_INPUT_DATA );
while( length-- ) while( length-- )
{ {
if( n == 0 ) { if( n == 0 ) {

6
thirdparty/mbedtls/library/aesni.c vendored
View File

@ -32,6 +32,12 @@
#if defined(MBEDTLS_AESNI_C) #if defined(MBEDTLS_AESNI_C)
#if defined(__has_feature)
#if __has_feature(memory_sanitizer)
#warning "MBEDTLS_AESNI_C is known to cause spurious error reports with some memory sanitizers as they do not understand the assembly code."
#endif
#endif
#include "mbedtls/aesni.h" #include "mbedtls/aesni.h"
#include <string.h> #include <string.h>

8
thirdparty/mbedtls/library/arc4.c vendored
View File

@ -33,6 +33,7 @@
#if defined(MBEDTLS_ARC4_C) #if defined(MBEDTLS_ARC4_C)
#include "mbedtls/arc4.h" #include "mbedtls/arc4.h"
#include "mbedtls/platform_util.h"
#include <string.h> #include <string.h>
@ -47,11 +48,6 @@
#if !defined(MBEDTLS_ARC4_ALT) #if !defined(MBEDTLS_ARC4_ALT)
/* Implementation that should never be optimized out by the compiler */
static void mbedtls_zeroize( void *v, size_t n ) {
volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0;
}
void mbedtls_arc4_init( mbedtls_arc4_context *ctx ) void mbedtls_arc4_init( mbedtls_arc4_context *ctx )
{ {
memset( ctx, 0, sizeof( mbedtls_arc4_context ) ); memset( ctx, 0, sizeof( mbedtls_arc4_context ) );
@ -62,7 +58,7 @@ void mbedtls_arc4_free( mbedtls_arc4_context *ctx )
if( ctx == NULL ) if( ctx == NULL )
return; return;
mbedtls_zeroize( ctx, sizeof( mbedtls_arc4_context ) ); mbedtls_platform_zeroize( ctx, sizeof( mbedtls_arc4_context ) );
} }
/* /*

1028
thirdparty/mbedtls/library/aria.c vendored Normal file
View File

File diff suppressed because it is too large Load Diff

10
thirdparty/mbedtls/library/asn1parse.c vendored
View File

@ -28,6 +28,7 @@
#if defined(MBEDTLS_ASN1_PARSE_C) #if defined(MBEDTLS_ASN1_PARSE_C)
#include "mbedtls/asn1.h" #include "mbedtls/asn1.h"
#include "mbedtls/platform_util.h"
#include <string.h> #include <string.h>
@ -43,11 +44,6 @@
#define mbedtls_free free #define mbedtls_free free
#endif #endif
/* Implementation that should never be optimized out by the compiler */
static void mbedtls_zeroize( void *v, size_t n ) {
volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0;
}
/* /*
* ASN.1 DER decoding routines * ASN.1 DER decoding routines
*/ */
@ -313,7 +309,7 @@ int mbedtls_asn1_get_alg( unsigned char **p,
if( *p == end ) if( *p == end )
{ {
mbedtls_zeroize( params, sizeof(mbedtls_asn1_buf) ); mbedtls_platform_zeroize( params, sizeof(mbedtls_asn1_buf) );
return( 0 ); return( 0 );
} }
@ -358,7 +354,7 @@ void mbedtls_asn1_free_named_data( mbedtls_asn1_named_data *cur )
mbedtls_free( cur->oid.p ); mbedtls_free( cur->oid.p );
mbedtls_free( cur->val.p ); mbedtls_free( cur->val.p );
mbedtls_zeroize( cur, sizeof( mbedtls_asn1_named_data ) ); mbedtls_platform_zeroize( cur, sizeof( mbedtls_asn1_named_data ) );
} }
void mbedtls_asn1_free_named_data_list( mbedtls_asn1_named_data **head ) void mbedtls_asn1_free_named_data_list( mbedtls_asn1_named_data **head )

4
thirdparty/mbedtls/library/asn1write.c vendored
View File

@ -232,10 +232,6 @@ int mbedtls_asn1_write_int( unsigned char **p, unsigned char *start, int val )
int ret; int ret;
size_t len = 0; size_t len = 0;
// TODO negative values and values larger than 128
// DER format assumes 2s complement for numbers, so the leftmost bit
// should be 0 for positive numbers and 1 for negative numbers.
//
if( *p - start < 1 ) if( *p - start < 1 )
return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL ); return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );

153
thirdparty/mbedtls/library/bignum.c vendored
View File

@ -45,6 +45,7 @@
#include "mbedtls/bignum.h" #include "mbedtls/bignum.h"
#include "mbedtls/bn_mul.h" #include "mbedtls/bn_mul.h"
#include "mbedtls/platform_util.h"
#include <string.h> #include <string.h>
@ -58,16 +59,6 @@
#define mbedtls_free free #define mbedtls_free free
#endif #endif
/* Implementation that should never be optimized out by the compiler */
static void mbedtls_mpi_zeroize( mbedtls_mpi_uint *v, size_t n ) {
volatile mbedtls_mpi_uint *p = v; while( n-- ) *p++ = 0;
}
/* Implementation that should never be optimized out by the compiler */
static void mbedtls_zeroize( void *v, size_t n ) {
volatile unsigned char *p = v; while( n-- ) *p++ = 0;
}
#define ciL (sizeof(mbedtls_mpi_uint)) /* chars in limb */ #define ciL (sizeof(mbedtls_mpi_uint)) /* chars in limb */
#define biL (ciL << 3) /* bits in limb */ #define biL (ciL << 3) /* bits in limb */
#define biH (ciL << 2) /* half limb size */ #define biH (ciL << 2) /* half limb size */
@ -81,6 +72,12 @@ static void mbedtls_zeroize( void *v, size_t n ) {
#define BITS_TO_LIMBS(i) ( (i) / biL + ( (i) % biL != 0 ) ) #define BITS_TO_LIMBS(i) ( (i) / biL + ( (i) % biL != 0 ) )
#define CHARS_TO_LIMBS(i) ( (i) / ciL + ( (i) % ciL != 0 ) ) #define CHARS_TO_LIMBS(i) ( (i) / ciL + ( (i) % ciL != 0 ) )
/* Implementation that should never be optimized out by the compiler */
static void mbedtls_mpi_zeroize( mbedtls_mpi_uint *v, size_t n )
{
mbedtls_platform_zeroize( v, ciL * n );
}
/* /*
* Initialize one MPI * Initialize one MPI
*/ */
@ -184,7 +181,7 @@ int mbedtls_mpi_shrink( mbedtls_mpi *X, size_t nblimbs )
*/ */
int mbedtls_mpi_copy( mbedtls_mpi *X, const mbedtls_mpi *Y ) int mbedtls_mpi_copy( mbedtls_mpi *X, const mbedtls_mpi *Y )
{ {
int ret; int ret = 0;
size_t i; size_t i;
if( X == Y ) if( X == Y )
@ -203,9 +200,15 @@ int mbedtls_mpi_copy( mbedtls_mpi *X, const mbedtls_mpi *Y )
X->s = Y->s; X->s = Y->s;
MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, i ) ); if( X->n < i )
{
MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, i ) );
}
else
{
memset( X->p + i, 0, ( X->n - i ) * ciL );
}
memset( X->p, 0, X->n * ciL );
memcpy( X->p, Y->p, i * ciL ); memcpy( X->p, Y->p, i * ciL );
cleanup: cleanup:
@ -963,7 +966,7 @@ static void mpi_sub_hlp( size_t n, mbedtls_mpi_uint *s, mbedtls_mpi_uint *d )
while( c != 0 ) while( c != 0 )
{ {
z = ( *d < c ); *d -= c; z = ( *d < c ); *d -= c;
c = z; i++; d++; c = z; d++;
} }
} }
@ -1201,8 +1204,8 @@ int mbedtls_mpi_mul_mpi( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi
MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, i + j ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, i + j ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_lset( X, 0 ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_lset( X, 0 ) );
for( i++; j > 0; j-- ) for( ; j > 0; j-- )
mpi_mul_hlp( i - 1, A->p, X->p + j - 1, B->p[j - 1] ); mpi_mul_hlp( i, A->p, X->p + j - 1, B->p[j - 1] );
X->s = A->s * B->s; X->s = A->s * B->s;
@ -1891,7 +1894,7 @@ int mbedtls_mpi_fill_random( mbedtls_mpi *X, size_t size,
MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( X, buf, size ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( X, buf, size ) );
cleanup: cleanup:
mbedtls_zeroize( buf, sizeof( buf ) ); mbedtls_platform_zeroize( buf, sizeof( buf ) );
return( ret ); return( ret );
} }
@ -2188,12 +2191,23 @@ int mbedtls_mpi_is_prime( const mbedtls_mpi *X,
/* /*
* Prime number generation * Prime number generation
*
* If dh_flag is 0 and nbits is at least 1024, then the procedure
* follows the RSA probably-prime generation method of FIPS 186-4.
* NB. FIPS 186-4 only allows the specific bit lengths of 1024 and 1536.
*/ */
int mbedtls_mpi_gen_prime( mbedtls_mpi *X, size_t nbits, int dh_flag, int mbedtls_mpi_gen_prime( mbedtls_mpi *X, size_t nbits, int dh_flag,
int (*f_rng)(void *, unsigned char *, size_t), int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng ) void *p_rng )
{ {
int ret; #ifdef MBEDTLS_HAVE_INT64
// ceil(2^63.5)
#define CEIL_MAXUINT_DIV_SQRT2 0xb504f333f9de6485ULL
#else
// ceil(2^31.5)
#define CEIL_MAXUINT_DIV_SQRT2 0xb504f334U
#endif
int ret = MBEDTLS_ERR_MPI_NOT_ACCEPTABLE;
size_t k, n; size_t k, n;
mbedtls_mpi_uint r; mbedtls_mpi_uint r;
mbedtls_mpi Y; mbedtls_mpi Y;
@ -2205,69 +2219,66 @@ int mbedtls_mpi_gen_prime( mbedtls_mpi *X, size_t nbits, int dh_flag,
n = BITS_TO_LIMBS( nbits ); n = BITS_TO_LIMBS( nbits );
MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( X, n * ciL, f_rng, p_rng ) ); while( 1 )
k = mbedtls_mpi_bitlen( X );
if( k > nbits ) MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( X, k - nbits + 1 ) );
mbedtls_mpi_set_bit( X, nbits-1, 1 );
X->p[0] |= 1;
if( dh_flag == 0 )
{ {
while( ( ret = mbedtls_mpi_is_prime( X, f_rng, p_rng ) ) != 0 ) MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( X, n * ciL, f_rng, p_rng ) );
/* make sure generated number is at least (nbits-1)+0.5 bits (FIPS 186-4 §B.3.3 steps 4.4, 5.5) */
if( X->p[n-1] < CEIL_MAXUINT_DIV_SQRT2 ) continue;
k = n * biL;
if( k > nbits ) MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( X, k - nbits ) );
X->p[0] |= 1;
if( dh_flag == 0 )
{ {
ret = mbedtls_mpi_is_prime( X, f_rng, p_rng );
if( ret != MBEDTLS_ERR_MPI_NOT_ACCEPTABLE ) if( ret != MBEDTLS_ERR_MPI_NOT_ACCEPTABLE )
goto cleanup; goto cleanup;
MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( X, X, 2 ) );
} }
} else
else
{
/*
* An necessary condition for Y and X = 2Y + 1 to be prime
* is X = 2 mod 3 (which is equivalent to Y = 2 mod 3).
* Make sure it is satisfied, while keeping X = 3 mod 4
*/
X->p[0] |= 2;
MBEDTLS_MPI_CHK( mbedtls_mpi_mod_int( &r, X, 3 ) );
if( r == 0 )
MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( X, X, 8 ) );
else if( r == 1 )
MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( X, X, 4 ) );
/* Set Y = (X-1) / 2, which is X / 2 because X is odd */
MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &Y, X ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &Y, 1 ) );
while( 1 )
{ {
/* /*
* First, check small factors for X and Y * An necessary condition for Y and X = 2Y + 1 to be prime
* before doing Miller-Rabin on any of them * is X = 2 mod 3 (which is equivalent to Y = 2 mod 3).
* Make sure it is satisfied, while keeping X = 3 mod 4
*/ */
if( ( ret = mpi_check_small_factors( X ) ) == 0 &&
( ret = mpi_check_small_factors( &Y ) ) == 0 && X->p[0] |= 2;
( ret = mpi_miller_rabin( X, f_rng, p_rng ) ) == 0 &&
( ret = mpi_miller_rabin( &Y, f_rng, p_rng ) ) == 0 ) MBEDTLS_MPI_CHK( mbedtls_mpi_mod_int( &r, X, 3 ) );
if( r == 0 )
MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( X, X, 8 ) );
else if( r == 1 )
MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( X, X, 4 ) );
/* Set Y = (X-1) / 2, which is X / 2 because X is odd */
MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &Y, X ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &Y, 1 ) );
while( 1 )
{ {
break; /*
* First, check small factors for X and Y
* before doing Miller-Rabin on any of them
*/
if( ( ret = mpi_check_small_factors( X ) ) == 0 &&
( ret = mpi_check_small_factors( &Y ) ) == 0 &&
( ret = mpi_miller_rabin( X, f_rng, p_rng ) ) == 0 &&
( ret = mpi_miller_rabin( &Y, f_rng, p_rng ) ) == 0 )
goto cleanup;
if( ret != MBEDTLS_ERR_MPI_NOT_ACCEPTABLE )
goto cleanup;
/*
* Next candidates. We want to preserve Y = (X-1) / 2 and
* Y = 1 mod 2 and Y = 2 mod 3 (eq X = 3 mod 4 and X = 2 mod 3)
* so up Y by 6 and X by 12.
*/
MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( X, X, 12 ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( &Y, &Y, 6 ) );
} }
if( ret != MBEDTLS_ERR_MPI_NOT_ACCEPTABLE )
goto cleanup;
/*
* Next candidates. We want to preserve Y = (X-1) / 2 and
* Y = 1 mod 2 and Y = 2 mod 3 (eq X = 3 mod 4 and X = 2 mod 3)
* so up Y by 6 and X by 12.
*/
MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( X, X, 12 ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( &Y, &Y, 6 ) );
} }
} }

8
thirdparty/mbedtls/library/blowfish.c vendored
View File

@ -34,16 +34,12 @@
#if defined(MBEDTLS_BLOWFISH_C) #if defined(MBEDTLS_BLOWFISH_C)
#include "mbedtls/blowfish.h" #include "mbedtls/blowfish.h"
#include "mbedtls/platform_util.h"
#include <string.h> #include <string.h>
#if !defined(MBEDTLS_BLOWFISH_ALT) #if !defined(MBEDTLS_BLOWFISH_ALT)
/* Implementation that should never be optimized out by the compiler */
static void mbedtls_zeroize( void *v, size_t n ) {
volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0;
}
/* /*
* 32-bit integer manipulation macros (big endian) * 32-bit integer manipulation macros (big endian)
*/ */
@ -165,7 +161,7 @@ void mbedtls_blowfish_free( mbedtls_blowfish_context *ctx )
if( ctx == NULL ) if( ctx == NULL )
return; return;
mbedtls_zeroize( ctx, sizeof( mbedtls_blowfish_context ) ); mbedtls_platform_zeroize( ctx, sizeof( mbedtls_blowfish_context ) );
} }
/* /*

8
thirdparty/mbedtls/library/camellia.c vendored
View File

@ -34,6 +34,7 @@
#if defined(MBEDTLS_CAMELLIA_C) #if defined(MBEDTLS_CAMELLIA_C)
#include "mbedtls/camellia.h" #include "mbedtls/camellia.h"
#include "mbedtls/platform_util.h"
#include <string.h> #include <string.h>
@ -48,11 +49,6 @@
#if !defined(MBEDTLS_CAMELLIA_ALT) #if !defined(MBEDTLS_CAMELLIA_ALT)
/* Implementation that should never be optimized out by the compiler */
static void mbedtls_zeroize( void *v, size_t n ) {
volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0;
}
/* /*
* 32-bit integer manipulation macros (big endian) * 32-bit integer manipulation macros (big endian)
*/ */
@ -333,7 +329,7 @@ void mbedtls_camellia_free( mbedtls_camellia_context *ctx )
if( ctx == NULL ) if( ctx == NULL )
return; return;
mbedtls_zeroize( ctx, sizeof( mbedtls_camellia_context ) ); mbedtls_platform_zeroize( ctx, sizeof( mbedtls_camellia_context ) );
} }
/* /*

10
thirdparty/mbedtls/library/ccm.c vendored
View File

@ -37,6 +37,7 @@
#if defined(MBEDTLS_CCM_C) #if defined(MBEDTLS_CCM_C)
#include "mbedtls/ccm.h" #include "mbedtls/ccm.h"
#include "mbedtls/platform_util.h"
#include <string.h> #include <string.h>
@ -51,11 +52,6 @@
#if !defined(MBEDTLS_CCM_ALT) #if !defined(MBEDTLS_CCM_ALT)
/* Implementation that should never be optimized out by the compiler */
static void mbedtls_zeroize( void *v, size_t n ) {
volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0;
}
#define CCM_ENCRYPT 0 #define CCM_ENCRYPT 0
#define CCM_DECRYPT 1 #define CCM_DECRYPT 1
@ -102,7 +98,7 @@ int mbedtls_ccm_setkey( mbedtls_ccm_context *ctx,
void mbedtls_ccm_free( mbedtls_ccm_context *ctx ) void mbedtls_ccm_free( mbedtls_ccm_context *ctx )
{ {
mbedtls_cipher_free( &ctx->cipher_ctx ); mbedtls_cipher_free( &ctx->cipher_ctx );
mbedtls_zeroize( ctx, sizeof( mbedtls_ccm_context ) ); mbedtls_platform_zeroize( ctx, sizeof( mbedtls_ccm_context ) );
} }
/* /*
@ -343,7 +339,7 @@ int mbedtls_ccm_auth_decrypt( mbedtls_ccm_context *ctx, size_t length,
if( diff != 0 ) if( diff != 0 )
{ {
mbedtls_zeroize( output, length ); mbedtls_platform_zeroize( output, length );
return( MBEDTLS_ERR_CCM_AUTH_FAILED ); return( MBEDTLS_ERR_CCM_AUTH_FAILED );
} }

25
thirdparty/mbedtls/library/cipher.c vendored
View File

@ -33,6 +33,7 @@
#include "mbedtls/cipher.h" #include "mbedtls/cipher.h"
#include "mbedtls/cipher_internal.h" #include "mbedtls/cipher_internal.h"
#include "mbedtls/platform_util.h"
#include <stdlib.h> #include <stdlib.h>
#include <string.h> #include <string.h>
@ -60,11 +61,6 @@
#define MBEDTLS_CIPHER_MODE_STREAM #define MBEDTLS_CIPHER_MODE_STREAM
#endif #endif
/* Implementation that should never be optimized out by the compiler */
static void mbedtls_zeroize( void *v, size_t n ) {
volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0;
}
static int supported_init = 0; static int supported_init = 0;
const int *mbedtls_cipher_list( void ) const int *mbedtls_cipher_list( void )
@ -141,7 +137,8 @@ void mbedtls_cipher_free( mbedtls_cipher_context_t *ctx )
#if defined(MBEDTLS_CMAC_C) #if defined(MBEDTLS_CMAC_C)
if( ctx->cmac_ctx ) if( ctx->cmac_ctx )
{ {
mbedtls_zeroize( ctx->cmac_ctx, sizeof( mbedtls_cmac_context_t ) ); mbedtls_platform_zeroize( ctx->cmac_ctx,
sizeof( mbedtls_cmac_context_t ) );
mbedtls_free( ctx->cmac_ctx ); mbedtls_free( ctx->cmac_ctx );
} }
#endif #endif
@ -149,7 +146,7 @@ void mbedtls_cipher_free( mbedtls_cipher_context_t *ctx )
if( ctx->cipher_ctx ) if( ctx->cipher_ctx )
ctx->cipher_info->base->ctx_free_func( ctx->cipher_ctx ); ctx->cipher_info->base->ctx_free_func( ctx->cipher_ctx );
mbedtls_zeroize( ctx, sizeof(mbedtls_cipher_context_t) ); mbedtls_platform_zeroize( ctx, sizeof(mbedtls_cipher_context_t) );
} }
int mbedtls_cipher_setup( mbedtls_cipher_context_t *ctx, const mbedtls_cipher_info_t *cipher_info ) int mbedtls_cipher_setup( mbedtls_cipher_context_t *ctx, const mbedtls_cipher_info_t *cipher_info )
@ -325,8 +322,10 @@ int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx, const unsigned char *i
/* /*
* If there is not enough data for a full block, cache it. * If there is not enough data for a full block, cache it.
*/ */
if( ( ctx->operation == MBEDTLS_DECRYPT && if( ( ctx->operation == MBEDTLS_DECRYPT && NULL != ctx->add_padding &&
ilen <= block_size - ctx->unprocessed_len ) || ilen <= block_size - ctx->unprocessed_len ) ||
( ctx->operation == MBEDTLS_DECRYPT && NULL == ctx->add_padding &&
ilen < block_size - ctx->unprocessed_len ) ||
( ctx->operation == MBEDTLS_ENCRYPT && ( ctx->operation == MBEDTLS_ENCRYPT &&
ilen < block_size - ctx->unprocessed_len ) ) ilen < block_size - ctx->unprocessed_len ) )
{ {
@ -372,9 +371,17 @@ int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx, const unsigned char *i
return MBEDTLS_ERR_CIPHER_INVALID_CONTEXT; return MBEDTLS_ERR_CIPHER_INVALID_CONTEXT;
} }
/* Encryption: only cache partial blocks
* Decryption w/ padding: always keep at least one whole block
* Decryption w/o padding: only cache partial blocks
*/
copy_len = ilen % block_size; copy_len = ilen % block_size;
if( copy_len == 0 && ctx->operation == MBEDTLS_DECRYPT ) if( copy_len == 0 &&
ctx->operation == MBEDTLS_DECRYPT &&
NULL != ctx->add_padding)
{
copy_len = block_size; copy_len = block_size;
}
memcpy( ctx->unprocessed_data, &( input[ilen - copy_len] ), memcpy( ctx->unprocessed_data, &( input[ilen - copy_len] ),
copy_len ); copy_len );

393
thirdparty/mbedtls/library/cipher_wrap.c vendored
View File

@ -45,6 +45,10 @@
#include "mbedtls/camellia.h" #include "mbedtls/camellia.h"
#endif #endif
#if defined(MBEDTLS_ARIA_C)
#include "mbedtls/aria.h"
#endif
#if defined(MBEDTLS_DES_C) #if defined(MBEDTLS_DES_C)
#include "mbedtls/des.h" #include "mbedtls/des.h"
#endif #endif
@ -822,6 +826,364 @@ static const mbedtls_cipher_info_t camellia_256_ccm_info = {
#endif /* MBEDTLS_CAMELLIA_C */ #endif /* MBEDTLS_CAMELLIA_C */
#if defined(MBEDTLS_ARIA_C)
static int aria_crypt_ecb_wrap( void *ctx, mbedtls_operation_t operation,
const unsigned char *input, unsigned char *output )
{
(void) operation;
return mbedtls_aria_crypt_ecb( (mbedtls_aria_context *) ctx, input,
output );
}
#if defined(MBEDTLS_CIPHER_MODE_CBC)
static int aria_crypt_cbc_wrap( void *ctx, mbedtls_operation_t operation,
size_t length, unsigned char *iv,
const unsigned char *input, unsigned char *output )
{
return mbedtls_aria_crypt_cbc( (mbedtls_aria_context *) ctx, operation, length, iv,
input, output );
}
#endif /* MBEDTLS_CIPHER_MODE_CBC */
#if defined(MBEDTLS_CIPHER_MODE_CFB)
static int aria_crypt_cfb128_wrap( void *ctx, mbedtls_operation_t operation,
size_t length, size_t *iv_off, unsigned char *iv,
const unsigned char *input, unsigned char *output )
{
return mbedtls_aria_crypt_cfb128( (mbedtls_aria_context *) ctx, operation, length,
iv_off, iv, input, output );
}
#endif /* MBEDTLS_CIPHER_MODE_CFB */
#if defined(MBEDTLS_CIPHER_MODE_CTR)
static int aria_crypt_ctr_wrap( void *ctx, size_t length, size_t *nc_off,
unsigned char *nonce_counter, unsigned char *stream_block,
const unsigned char *input, unsigned char *output )
{
return mbedtls_aria_crypt_ctr( (mbedtls_aria_context *) ctx, length, nc_off,
nonce_counter, stream_block, input, output );
}
#endif /* MBEDTLS_CIPHER_MODE_CTR */
static int aria_setkey_dec_wrap( void *ctx, const unsigned char *key,
unsigned int key_bitlen )
{
return mbedtls_aria_setkey_dec( (mbedtls_aria_context *) ctx, key, key_bitlen );
}
static int aria_setkey_enc_wrap( void *ctx, const unsigned char *key,
unsigned int key_bitlen )
{
return mbedtls_aria_setkey_enc( (mbedtls_aria_context *) ctx, key, key_bitlen );
}
static void * aria_ctx_alloc( void )
{
mbedtls_aria_context *ctx;
ctx = mbedtls_calloc( 1, sizeof( mbedtls_aria_context ) );
if( ctx == NULL )
return( NULL );
mbedtls_aria_init( ctx );
return( ctx );
}
static void aria_ctx_free( void *ctx )
{
mbedtls_aria_free( (mbedtls_aria_context *) ctx );
mbedtls_free( ctx );
}
static const mbedtls_cipher_base_t aria_info = {
MBEDTLS_CIPHER_ID_ARIA,
aria_crypt_ecb_wrap,
#if defined(MBEDTLS_CIPHER_MODE_CBC)
aria_crypt_cbc_wrap,
#endif
#if defined(MBEDTLS_CIPHER_MODE_CFB)
aria_crypt_cfb128_wrap,
#endif
#if defined(MBEDTLS_CIPHER_MODE_CTR)
aria_crypt_ctr_wrap,
#endif
#if defined(MBEDTLS_CIPHER_MODE_STREAM)
NULL,
#endif
aria_setkey_enc_wrap,
aria_setkey_dec_wrap,
aria_ctx_alloc,
aria_ctx_free
};
static const mbedtls_cipher_info_t aria_128_ecb_info = {
MBEDTLS_CIPHER_ARIA_128_ECB,
MBEDTLS_MODE_ECB,
128,
"ARIA-128-ECB",
16,
0,
16,
&aria_info
};
static const mbedtls_cipher_info_t aria_192_ecb_info = {
MBEDTLS_CIPHER_ARIA_192_ECB,
MBEDTLS_MODE_ECB,
192,
"ARIA-192-ECB",
16,
0,
16,
&aria_info
};
static const mbedtls_cipher_info_t aria_256_ecb_info = {
MBEDTLS_CIPHER_ARIA_256_ECB,
MBEDTLS_MODE_ECB,
256,
"ARIA-256-ECB",
16,
0,
16,
&aria_info
};
#if defined(MBEDTLS_CIPHER_MODE_CBC)
static const mbedtls_cipher_info_t aria_128_cbc_info = {
MBEDTLS_CIPHER_ARIA_128_CBC,
MBEDTLS_MODE_CBC,
128,
"ARIA-128-CBC",
16,
0,
16,
&aria_info
};
static const mbedtls_cipher_info_t aria_192_cbc_info = {
MBEDTLS_CIPHER_ARIA_192_CBC,
MBEDTLS_MODE_CBC,
192,
"ARIA-192-CBC",
16,
0,
16,
&aria_info
};
static const mbedtls_cipher_info_t aria_256_cbc_info = {
MBEDTLS_CIPHER_ARIA_256_CBC,
MBEDTLS_MODE_CBC,
256,
"ARIA-256-CBC",
16,
0,
16,
&aria_info
};
#endif /* MBEDTLS_CIPHER_MODE_CBC */
#if defined(MBEDTLS_CIPHER_MODE_CFB)
static const mbedtls_cipher_info_t aria_128_cfb128_info = {
MBEDTLS_CIPHER_ARIA_128_CFB128,
MBEDTLS_MODE_CFB,
128,
"ARIA-128-CFB128",
16,
0,
16,
&aria_info
};
static const mbedtls_cipher_info_t aria_192_cfb128_info = {
MBEDTLS_CIPHER_ARIA_192_CFB128,
MBEDTLS_MODE_CFB,
192,
"ARIA-192-CFB128",
16,
0,
16,
&aria_info
};
static const mbedtls_cipher_info_t aria_256_cfb128_info = {
MBEDTLS_CIPHER_ARIA_256_CFB128,
MBEDTLS_MODE_CFB,
256,
"ARIA-256-CFB128",
16,
0,
16,
&aria_info
};
#endif /* MBEDTLS_CIPHER_MODE_CFB */
#if defined(MBEDTLS_CIPHER_MODE_CTR)
static const mbedtls_cipher_info_t aria_128_ctr_info = {
MBEDTLS_CIPHER_ARIA_128_CTR,
MBEDTLS_MODE_CTR,
128,
"ARIA-128-CTR",
16,
0,
16,
&aria_info
};
static const mbedtls_cipher_info_t aria_192_ctr_info = {
MBEDTLS_CIPHER_ARIA_192_CTR,
MBEDTLS_MODE_CTR,
192,
"ARIA-192-CTR",
16,
0,
16,
&aria_info
};
static const mbedtls_cipher_info_t aria_256_ctr_info = {
MBEDTLS_CIPHER_ARIA_256_CTR,
MBEDTLS_MODE_CTR,
256,
"ARIA-256-CTR",
16,
0,
16,
&aria_info
};
#endif /* MBEDTLS_CIPHER_MODE_CTR */
#if defined(MBEDTLS_GCM_C)
static int gcm_aria_setkey_wrap( void *ctx, const unsigned char *key,
unsigned int key_bitlen )
{
return mbedtls_gcm_setkey( (mbedtls_gcm_context *) ctx, MBEDTLS_CIPHER_ID_ARIA,
key, key_bitlen );
}
static const mbedtls_cipher_base_t gcm_aria_info = {
MBEDTLS_CIPHER_ID_ARIA,
NULL,
#if defined(MBEDTLS_CIPHER_MODE_CBC)
NULL,
#endif
#if defined(MBEDTLS_CIPHER_MODE_CFB)
NULL,
#endif
#if defined(MBEDTLS_CIPHER_MODE_CTR)
NULL,
#endif
#if defined(MBEDTLS_CIPHER_MODE_STREAM)
NULL,
#endif
gcm_aria_setkey_wrap,
gcm_aria_setkey_wrap,
gcm_ctx_alloc,
gcm_ctx_free,
};
static const mbedtls_cipher_info_t aria_128_gcm_info = {
MBEDTLS_CIPHER_ARIA_128_GCM,
MBEDTLS_MODE_GCM,
128,
"ARIA-128-GCM",
12,
MBEDTLS_CIPHER_VARIABLE_IV_LEN,
16,
&gcm_aria_info
};
static const mbedtls_cipher_info_t aria_192_gcm_info = {
MBEDTLS_CIPHER_ARIA_192_GCM,
MBEDTLS_MODE_GCM,
192,
"ARIA-192-GCM",
12,
MBEDTLS_CIPHER_VARIABLE_IV_LEN,
16,
&gcm_aria_info
};
static const mbedtls_cipher_info_t aria_256_gcm_info = {
MBEDTLS_CIPHER_ARIA_256_GCM,
MBEDTLS_MODE_GCM,
256,
"ARIA-256-GCM",
12,
MBEDTLS_CIPHER_VARIABLE_IV_LEN,
16,
&gcm_aria_info
};
#endif /* MBEDTLS_GCM_C */
#if defined(MBEDTLS_CCM_C)
static int ccm_aria_setkey_wrap( void *ctx, const unsigned char *key,
unsigned int key_bitlen )
{
return mbedtls_ccm_setkey( (mbedtls_ccm_context *) ctx, MBEDTLS_CIPHER_ID_ARIA,
key, key_bitlen );
}
static const mbedtls_cipher_base_t ccm_aria_info = {
MBEDTLS_CIPHER_ID_ARIA,
NULL,
#if defined(MBEDTLS_CIPHER_MODE_CBC)
NULL,
#endif
#if defined(MBEDTLS_CIPHER_MODE_CFB)
NULL,
#endif
#if defined(MBEDTLS_CIPHER_MODE_CTR)
NULL,
#endif
#if defined(MBEDTLS_CIPHER_MODE_STREAM)
NULL,
#endif
ccm_aria_setkey_wrap,
ccm_aria_setkey_wrap,
ccm_ctx_alloc,
ccm_ctx_free,
};
static const mbedtls_cipher_info_t aria_128_ccm_info = {
MBEDTLS_CIPHER_ARIA_128_CCM,
MBEDTLS_MODE_CCM,
128,
"ARIA-128-CCM",
12,
MBEDTLS_CIPHER_VARIABLE_IV_LEN,
16,
&ccm_aria_info
};
static const mbedtls_cipher_info_t aria_192_ccm_info = {
MBEDTLS_CIPHER_ARIA_192_CCM,
MBEDTLS_MODE_CCM,
192,
"ARIA-192-CCM",
12,
MBEDTLS_CIPHER_VARIABLE_IV_LEN,
16,
&ccm_aria_info
};
static const mbedtls_cipher_info_t aria_256_ccm_info = {
MBEDTLS_CIPHER_ARIA_256_CCM,
MBEDTLS_MODE_CCM,
256,
"ARIA-256-CCM",
12,
MBEDTLS_CIPHER_VARIABLE_IV_LEN,
16,
&ccm_aria_info
};
#endif /* MBEDTLS_CCM_C */
#endif /* MBEDTLS_ARIA_C */
#if defined(MBEDTLS_DES_C) #if defined(MBEDTLS_DES_C)
static int des_crypt_ecb_wrap( void *ctx, mbedtls_operation_t operation, static int des_crypt_ecb_wrap( void *ctx, mbedtls_operation_t operation,
@ -1427,6 +1789,37 @@ const mbedtls_cipher_definition_t mbedtls_cipher_definitions[] =
#endif #endif
#endif /* MBEDTLS_CAMELLIA_C */ #endif /* MBEDTLS_CAMELLIA_C */
#if defined(MBEDTLS_ARIA_C)
{ MBEDTLS_CIPHER_ARIA_128_ECB, &aria_128_ecb_info },
{ MBEDTLS_CIPHER_ARIA_192_ECB, &aria_192_ecb_info },
{ MBEDTLS_CIPHER_ARIA_256_ECB, &aria_256_ecb_info },
#if defined(MBEDTLS_CIPHER_MODE_CBC)
{ MBEDTLS_CIPHER_ARIA_128_CBC, &aria_128_cbc_info },
{ MBEDTLS_CIPHER_ARIA_192_CBC, &aria_192_cbc_info },
{ MBEDTLS_CIPHER_ARIA_256_CBC, &aria_256_cbc_info },
#endif
#if defined(MBEDTLS_CIPHER_MODE_CFB)
{ MBEDTLS_CIPHER_ARIA_128_CFB128, &aria_128_cfb128_info },
{ MBEDTLS_CIPHER_ARIA_192_CFB128, &aria_192_cfb128_info },
{ MBEDTLS_CIPHER_ARIA_256_CFB128, &aria_256_cfb128_info },
#endif
#if defined(MBEDTLS_CIPHER_MODE_CTR)
{ MBEDTLS_CIPHER_ARIA_128_CTR, &aria_128_ctr_info },
{ MBEDTLS_CIPHER_ARIA_192_CTR, &aria_192_ctr_info },
{ MBEDTLS_CIPHER_ARIA_256_CTR, &aria_256_ctr_info },
#endif
#if defined(MBEDTLS_GCM_C)
{ MBEDTLS_CIPHER_ARIA_128_GCM, &aria_128_gcm_info },
{ MBEDTLS_CIPHER_ARIA_192_GCM, &aria_192_gcm_info },
{ MBEDTLS_CIPHER_ARIA_256_GCM, &aria_256_gcm_info },
#endif
#if defined(MBEDTLS_CCM_C)
{ MBEDTLS_CIPHER_ARIA_128_CCM, &aria_128_ccm_info },
{ MBEDTLS_CIPHER_ARIA_192_CCM, &aria_192_ccm_info },
{ MBEDTLS_CIPHER_ARIA_256_CCM, &aria_256_ccm_info },
#endif
#endif /* MBEDTLS_ARIA_C */
#if defined(MBEDTLS_DES_C) #if defined(MBEDTLS_DES_C)
{ MBEDTLS_CIPHER_DES_ECB, &des_ecb_info }, { MBEDTLS_CIPHER_DES_ECB, &des_ecb_info },
{ MBEDTLS_CIPHER_DES_EDE_ECB, &des_ede_ecb_info }, { MBEDTLS_CIPHER_DES_EDE_ECB, &des_ede_ecb_info },

40
thirdparty/mbedtls/library/cmac.c vendored
View File

@ -49,6 +49,7 @@
#if defined(MBEDTLS_CMAC_C) #if defined(MBEDTLS_CMAC_C)
#include "mbedtls/cmac.h" #include "mbedtls/cmac.h"
#include "mbedtls/platform_util.h"
#include <string.h> #include <string.h>
@ -67,11 +68,6 @@
#if !defined(MBEDTLS_CMAC_ALT) || defined(MBEDTLS_SELF_TEST) #if !defined(MBEDTLS_CMAC_ALT) || defined(MBEDTLS_SELF_TEST)
/* Implementation that should never be optimized out by the compiler */
static void mbedtls_zeroize( void *v, size_t n ) {
volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0;
}
/* /*
* Multiplication by u in the Galois field of GF(2^n) * Multiplication by u in the Galois field of GF(2^n)
* *
@ -144,7 +140,7 @@ static int cmac_generate_subkeys( mbedtls_cipher_context_t *ctx,
unsigned char L[MBEDTLS_CIPHER_BLKSIZE_MAX]; unsigned char L[MBEDTLS_CIPHER_BLKSIZE_MAX];
size_t olen, block_size; size_t olen, block_size;
mbedtls_zeroize( L, sizeof( L ) ); mbedtls_platform_zeroize( L, sizeof( L ) );
block_size = ctx->cipher_info->block_size; block_size = ctx->cipher_info->block_size;
@ -162,7 +158,7 @@ static int cmac_generate_subkeys( mbedtls_cipher_context_t *ctx,
goto exit; goto exit;
exit: exit:
mbedtls_zeroize( L, sizeof( L ) ); mbedtls_platform_zeroize( L, sizeof( L ) );
return( ret ); return( ret );
} }
@ -238,7 +234,7 @@ int mbedtls_cipher_cmac_starts( mbedtls_cipher_context_t *ctx,
ctx->cmac_ctx = cmac_ctx; ctx->cmac_ctx = cmac_ctx;
mbedtls_zeroize( cmac_ctx->state, sizeof( cmac_ctx->state ) ); mbedtls_platform_zeroize( cmac_ctx->state, sizeof( cmac_ctx->state ) );
return 0; return 0;
} }
@ -330,8 +326,8 @@ int mbedtls_cipher_cmac_finish( mbedtls_cipher_context_t *ctx,
block_size = ctx->cipher_info->block_size; block_size = ctx->cipher_info->block_size;
state = cmac_ctx->state; state = cmac_ctx->state;
mbedtls_zeroize( K1, sizeof( K1 ) ); mbedtls_platform_zeroize( K1, sizeof( K1 ) );
mbedtls_zeroize( K2, sizeof( K2 ) ); mbedtls_platform_zeroize( K2, sizeof( K2 ) );
cmac_generate_subkeys( ctx, K1, K2 ); cmac_generate_subkeys( ctx, K1, K2 );
last_block = cmac_ctx->unprocessed_block; last_block = cmac_ctx->unprocessed_block;
@ -361,14 +357,14 @@ int mbedtls_cipher_cmac_finish( mbedtls_cipher_context_t *ctx,
exit: exit:
/* Wipe the generated keys on the stack, and any other transients to avoid /* Wipe the generated keys on the stack, and any other transients to avoid
* side channel leakage */ * side channel leakage */
mbedtls_zeroize( K1, sizeof( K1 ) ); mbedtls_platform_zeroize( K1, sizeof( K1 ) );
mbedtls_zeroize( K2, sizeof( K2 ) ); mbedtls_platform_zeroize( K2, sizeof( K2 ) );
cmac_ctx->unprocessed_len = 0; cmac_ctx->unprocessed_len = 0;
mbedtls_zeroize( cmac_ctx->unprocessed_block, mbedtls_platform_zeroize( cmac_ctx->unprocessed_block,
sizeof( cmac_ctx->unprocessed_block ) ); sizeof( cmac_ctx->unprocessed_block ) );
mbedtls_zeroize( state, MBEDTLS_CIPHER_BLKSIZE_MAX ); mbedtls_platform_zeroize( state, MBEDTLS_CIPHER_BLKSIZE_MAX );
return( ret ); return( ret );
} }
@ -383,10 +379,10 @@ int mbedtls_cipher_cmac_reset( mbedtls_cipher_context_t *ctx )
/* Reset the internal state */ /* Reset the internal state */
cmac_ctx->unprocessed_len = 0; cmac_ctx->unprocessed_len = 0;
mbedtls_zeroize( cmac_ctx->unprocessed_block, mbedtls_platform_zeroize( cmac_ctx->unprocessed_block,
sizeof( cmac_ctx->unprocessed_block ) ); sizeof( cmac_ctx->unprocessed_block ) );
mbedtls_zeroize( cmac_ctx->state, mbedtls_platform_zeroize( cmac_ctx->state,
sizeof( cmac_ctx->state ) ); sizeof( cmac_ctx->state ) );
return( 0 ); return( 0 );
} }
@ -466,7 +462,7 @@ int mbedtls_aes_cmac_prf_128( const unsigned char *key, size_t key_length,
output ); output );
exit: exit:
mbedtls_zeroize( int_key, sizeof( int_key ) ); mbedtls_platform_zeroize( int_key, sizeof( int_key ) );
return( ret ); return( ret );
} }
@ -771,7 +767,7 @@ static int cmac_test_subkeys( int verbose,
int block_size, int block_size,
int num_tests ) int num_tests )
{ {
int i, ret; int i, ret = 0;
mbedtls_cipher_context_t ctx; mbedtls_cipher_context_t ctx;
const mbedtls_cipher_info_t *cipher_info; const mbedtls_cipher_info_t *cipher_info;
unsigned char K1[MBEDTLS_CIPHER_BLKSIZE_MAX]; unsigned char K1[MBEDTLS_CIPHER_BLKSIZE_MAX];
@ -853,7 +849,7 @@ static int cmac_test_wth_cipher( int verbose,
int num_tests ) int num_tests )
{ {
const mbedtls_cipher_info_t *cipher_info; const mbedtls_cipher_info_t *cipher_info;
int i, ret; int i, ret = 0;
unsigned char output[MBEDTLS_CIPHER_BLKSIZE_MAX]; unsigned char output[MBEDTLS_CIPHER_BLKSIZE_MAX];
cipher_info = mbedtls_cipher_info_from_type( cipher_type ); cipher_info = mbedtls_cipher_info_from_type( cipher_type );

22
thirdparty/mbedtls/library/ctr_drbg.c vendored
View File

@ -33,6 +33,7 @@
#if defined(MBEDTLS_CTR_DRBG_C) #if defined(MBEDTLS_CTR_DRBG_C)
#include "mbedtls/ctr_drbg.h" #include "mbedtls/ctr_drbg.h"
#include "mbedtls/platform_util.h"
#include <string.h> #include <string.h>
@ -49,11 +50,6 @@
#endif /* MBEDTLS_PLATFORM_C */ #endif /* MBEDTLS_PLATFORM_C */
#endif /* MBEDTLS_SELF_TEST */ #endif /* MBEDTLS_SELF_TEST */
/* Implementation that should never be optimized out by the compiler */
static void mbedtls_zeroize( void *v, size_t n ) {
volatile unsigned char *p = v; while( n-- ) *p++ = 0;
}
/* /*
* CTR_DRBG context initialization * CTR_DRBG context initialization
*/ */
@ -125,7 +121,7 @@ void mbedtls_ctr_drbg_free( mbedtls_ctr_drbg_context *ctx )
mbedtls_mutex_free( &ctx->mutex ); mbedtls_mutex_free( &ctx->mutex );
#endif #endif
mbedtls_aes_free( &ctx->aes_ctx ); mbedtls_aes_free( &ctx->aes_ctx );
mbedtls_zeroize( ctx, sizeof( mbedtls_ctr_drbg_context ) ); mbedtls_platform_zeroize( ctx, sizeof( mbedtls_ctr_drbg_context ) );
} }
void mbedtls_ctr_drbg_set_prediction_resistance( mbedtls_ctr_drbg_context *ctx, int resistance ) void mbedtls_ctr_drbg_set_prediction_resistance( mbedtls_ctr_drbg_context *ctx, int resistance )
@ -245,16 +241,16 @@ exit:
/* /*
* tidy up the stack * tidy up the stack
*/ */
mbedtls_zeroize( buf, sizeof( buf ) ); mbedtls_platform_zeroize( buf, sizeof( buf ) );
mbedtls_zeroize( tmp, sizeof( tmp ) ); mbedtls_platform_zeroize( tmp, sizeof( tmp ) );
mbedtls_zeroize( key, sizeof( key ) ); mbedtls_platform_zeroize( key, sizeof( key ) );
mbedtls_zeroize( chain, sizeof( chain ) ); mbedtls_platform_zeroize( chain, sizeof( chain ) );
if( 0 != ret ) if( 0 != ret )
{ {
/* /*
* wipe partial seed from memory * wipe partial seed from memory
*/ */
mbedtls_zeroize( output, MBEDTLS_CTR_DRBG_SEEDLEN ); mbedtls_platform_zeroize( output, MBEDTLS_CTR_DRBG_SEEDLEN );
} }
return( ret ); return( ret );
@ -493,7 +489,7 @@ int mbedtls_ctr_drbg_write_seed_file( mbedtls_ctr_drbg_context *ctx, const char
ret = 0; ret = 0;
exit: exit:
mbedtls_zeroize( buf, sizeof( buf ) ); mbedtls_platform_zeroize( buf, sizeof( buf ) );
fclose( f ); fclose( f );
return( ret ); return( ret );
@ -526,7 +522,7 @@ int mbedtls_ctr_drbg_update_seed_file( mbedtls_ctr_drbg_context *ctx, const char
fclose( f ); fclose( f );
mbedtls_zeroize( buf, sizeof( buf ) ); mbedtls_platform_zeroize( buf, sizeof( buf ) );
if( ret != 0 ) if( ret != 0 )
return( ret ); return( ret );

18
thirdparty/mbedtls/library/des.c vendored
View File

@ -34,6 +34,7 @@
#if defined(MBEDTLS_DES_C) #if defined(MBEDTLS_DES_C)
#include "mbedtls/des.h" #include "mbedtls/des.h"
#include "mbedtls/platform_util.h"
#include <string.h> #include <string.h>
@ -48,11 +49,6 @@
#if !defined(MBEDTLS_DES_ALT) #if !defined(MBEDTLS_DES_ALT)
/* Implementation that should never be optimized out by the compiler */
static void mbedtls_zeroize( void *v, size_t n ) {
volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0;
}
/* /*
* 32-bit integer manipulation macros (big endian) * 32-bit integer manipulation macros (big endian)
*/ */
@ -316,7 +312,7 @@ void mbedtls_des_free( mbedtls_des_context *ctx )
if( ctx == NULL ) if( ctx == NULL )
return; return;
mbedtls_zeroize( ctx, sizeof( mbedtls_des_context ) ); mbedtls_platform_zeroize( ctx, sizeof( mbedtls_des_context ) );
} }
void mbedtls_des3_init( mbedtls_des3_context *ctx ) void mbedtls_des3_init( mbedtls_des3_context *ctx )
@ -329,7 +325,7 @@ void mbedtls_des3_free( mbedtls_des3_context *ctx )
if( ctx == NULL ) if( ctx == NULL )
return; return;
mbedtls_zeroize( ctx, sizeof( mbedtls_des3_context ) ); mbedtls_platform_zeroize( ctx, sizeof( mbedtls_des3_context ) );
} }
static const unsigned char odd_parity_table[128] = { 1, 2, 4, 7, 8, static const unsigned char odd_parity_table[128] = { 1, 2, 4, 7, 8,
@ -553,7 +549,7 @@ int mbedtls_des3_set2key_enc( mbedtls_des3_context *ctx,
uint32_t sk[96]; uint32_t sk[96];
des3_set2key( ctx->sk, sk, key ); des3_set2key( ctx->sk, sk, key );
mbedtls_zeroize( sk, sizeof( sk ) ); mbedtls_platform_zeroize( sk, sizeof( sk ) );
return( 0 ); return( 0 );
} }
@ -567,7 +563,7 @@ int mbedtls_des3_set2key_dec( mbedtls_des3_context *ctx,
uint32_t sk[96]; uint32_t sk[96];
des3_set2key( sk, ctx->sk, key ); des3_set2key( sk, ctx->sk, key );
mbedtls_zeroize( sk, sizeof( sk ) ); mbedtls_platform_zeroize( sk, sizeof( sk ) );
return( 0 ); return( 0 );
} }
@ -604,7 +600,7 @@ int mbedtls_des3_set3key_enc( mbedtls_des3_context *ctx,
uint32_t sk[96]; uint32_t sk[96];
des3_set3key( ctx->sk, sk, key ); des3_set3key( ctx->sk, sk, key );
mbedtls_zeroize( sk, sizeof( sk ) ); mbedtls_platform_zeroize( sk, sizeof( sk ) );
return( 0 ); return( 0 );
} }
@ -618,7 +614,7 @@ int mbedtls_des3_set3key_dec( mbedtls_des3_context *ctx,
uint32_t sk[96]; uint32_t sk[96];
des3_set3key( sk, ctx->sk, key ); des3_set3key( sk, ctx->sk, key );
mbedtls_zeroize( sk, sizeof( sk ) ); mbedtls_platform_zeroize( sk, sizeof( sk ) );
return( 0 ); return( 0 );
} }

11
thirdparty/mbedtls/library/dhm.c vendored
View File

@ -36,6 +36,7 @@
#if defined(MBEDTLS_DHM_C) #if defined(MBEDTLS_DHM_C)
#include "mbedtls/dhm.h" #include "mbedtls/dhm.h"
#include "mbedtls/platform_util.h"
#include <string.h> #include <string.h>
@ -58,10 +59,6 @@
#endif #endif
#if !defined(MBEDTLS_DHM_ALT) #if !defined(MBEDTLS_DHM_ALT)
/* Implementation that should never be optimized out by the compiler */
static void mbedtls_zeroize( void *v, size_t n ) {
volatile unsigned char *p = v; while( n-- ) *p++ = 0;
}
/* /*
* helper to validate the mbedtls_mpi size and import it * helper to validate the mbedtls_mpi size and import it
@ -437,7 +434,7 @@ void mbedtls_dhm_free( mbedtls_dhm_context *ctx )
mbedtls_mpi_free( &ctx->GX ); mbedtls_mpi_free( &ctx->X ); mbedtls_mpi_free( &ctx->GX ); mbedtls_mpi_free( &ctx->X );
mbedtls_mpi_free( &ctx->G ); mbedtls_mpi_free( &ctx->P ); mbedtls_mpi_free( &ctx->G ); mbedtls_mpi_free( &ctx->P );
mbedtls_zeroize( ctx, sizeof( mbedtls_dhm_context ) ); mbedtls_platform_zeroize( ctx, sizeof( mbedtls_dhm_context ) );
} }
#if defined(MBEDTLS_ASN1_PARSE_C) #if defined(MBEDTLS_ASN1_PARSE_C)
@ -575,7 +572,7 @@ static int load_file( const char *path, unsigned char **buf, size_t *n )
{ {
fclose( f ); fclose( f );
mbedtls_zeroize( *buf, *n + 1 ); mbedtls_platform_zeroize( *buf, *n + 1 );
mbedtls_free( *buf ); mbedtls_free( *buf );
return( MBEDTLS_ERR_DHM_FILE_IO_ERROR ); return( MBEDTLS_ERR_DHM_FILE_IO_ERROR );
@ -605,7 +602,7 @@ int mbedtls_dhm_parse_dhmfile( mbedtls_dhm_context *dhm, const char *path )
ret = mbedtls_dhm_parse_dhm( dhm, buf, n ); ret = mbedtls_dhm_parse_dhm( dhm, buf, n );
mbedtls_zeroize( buf, n ); mbedtls_platform_zeroize( buf, n );
mbedtls_free( buf ); mbedtls_free( buf );
return( ret ); return( ret );

3
thirdparty/mbedtls/library/ecdsa.c vendored
View File

@ -400,6 +400,9 @@ int mbedtls_ecdsa_read_signature( mbedtls_ecdsa_context *ctx,
&ctx->Q, &r, &s ) ) != 0 ) &ctx->Q, &r, &s ) ) != 0 )
goto cleanup; goto cleanup;
/* At this point we know that the buffer starts with a valid signature.
* Return 0 if the buffer just contains the signature, and a specific
* error code if the valid signature is followed by more data. */
if( p != end ) if( p != end )
ret = MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH; ret = MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH;

32
thirdparty/mbedtls/library/ecp.c vendored
View File

@ -26,6 +26,7 @@
* GECC = Guide to Elliptic Curve Cryptography - Hankerson, Menezes, Vanstone * GECC = Guide to Elliptic Curve Cryptography - Hankerson, Menezes, Vanstone
* FIPS 186-3 http://csrc.nist.gov/publications/fips/fips186-3/fips_186-3.pdf * FIPS 186-3 http://csrc.nist.gov/publications/fips/fips186-3/fips_186-3.pdf
* RFC 4492 for the related TLS structures and constants * RFC 4492 for the related TLS structures and constants
* RFC 7748 for the Curve448 and Curve25519 curve definitions
* *
* [Curve25519] http://cr.yp.to/ecdh/curve25519-20060209.pdf * [Curve25519] http://cr.yp.to/ecdh/curve25519-20060209.pdf
* *
@ -50,6 +51,7 @@
#include "mbedtls/ecp.h" #include "mbedtls/ecp.h"
#include "mbedtls/threading.h" #include "mbedtls/threading.h"
#include "mbedtls/platform_util.h"
#include <string.h> #include <string.h>
@ -72,11 +74,6 @@
#define inline __inline #define inline __inline
#endif #endif
/* Implementation that should never be optimized out by the compiler */
static void mbedtls_zeroize( void *v, size_t n ) {
volatile unsigned char *p = v; while( n-- ) *p++ = 0;
}
#if defined(MBEDTLS_SELF_TEST) #if defined(MBEDTLS_SELF_TEST)
/* /*
* Counts of point addition and doubling, and field multiplications. * Counts of point addition and doubling, and field multiplications.
@ -99,7 +96,8 @@ static unsigned long add_count, dbl_count, mul_count;
#define ECP_SHORTWEIERSTRASS #define ECP_SHORTWEIERSTRASS
#endif #endif
#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) #if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) || \
defined(MBEDTLS_ECP_DP_CURVE448_ENABLED)
#define ECP_MONTGOMERY #define ECP_MONTGOMERY
#endif #endif
@ -346,7 +344,7 @@ void mbedtls_ecp_group_free( mbedtls_ecp_group *grp )
mbedtls_free( grp->T ); mbedtls_free( grp->T );
} }
mbedtls_zeroize( grp, sizeof( mbedtls_ecp_group ) ); mbedtls_platform_zeroize( grp, sizeof( mbedtls_ecp_group ) );
} }
/* /*
@ -1852,6 +1850,8 @@ cleanup:
static int ecp_check_pubkey_mx( const mbedtls_ecp_group *grp, const mbedtls_ecp_point *pt ) static int ecp_check_pubkey_mx( const mbedtls_ecp_group *grp, const mbedtls_ecp_point *pt )
{ {
/* [Curve25519 p. 5] Just check X is the correct number of bytes */ /* [Curve25519 p. 5] Just check X is the correct number of bytes */
/* Allow any public value, if it's too big then we'll just reduce it mod p
* (RFC 7748 sec. 5 para. 3). */
if( mbedtls_mpi_size( &pt->X ) > ( grp->nbits + 7 ) / 8 ) if( mbedtls_mpi_size( &pt->X ) > ( grp->nbits + 7 ) / 8 )
return( MBEDTLS_ERR_ECP_INVALID_KEY ); return( MBEDTLS_ERR_ECP_INVALID_KEY );
@ -1887,14 +1887,18 @@ int mbedtls_ecp_check_privkey( const mbedtls_ecp_group *grp, const mbedtls_mpi *
#if defined(ECP_MONTGOMERY) #if defined(ECP_MONTGOMERY)
if( ecp_get_type( grp ) == ECP_TYPE_MONTGOMERY ) if( ecp_get_type( grp ) == ECP_TYPE_MONTGOMERY )
{ {
/* see [Curve25519] page 5 */ /* see RFC 7748 sec. 5 para. 5 */
if( mbedtls_mpi_get_bit( d, 0 ) != 0 || if( mbedtls_mpi_get_bit( d, 0 ) != 0 ||
mbedtls_mpi_get_bit( d, 1 ) != 0 || mbedtls_mpi_get_bit( d, 1 ) != 0 ||
mbedtls_mpi_get_bit( d, 2 ) != 0 ||
mbedtls_mpi_bitlen( d ) - 1 != grp->nbits ) /* mbedtls_mpi_bitlen is one-based! */ mbedtls_mpi_bitlen( d ) - 1 != grp->nbits ) /* mbedtls_mpi_bitlen is one-based! */
return( MBEDTLS_ERR_ECP_INVALID_KEY ); return( MBEDTLS_ERR_ECP_INVALID_KEY );
else else
return( 0 );
/* see [Curve25519] page 5 */
if( grp->nbits == 254 && mbedtls_mpi_get_bit( d, 2 ) != 0 )
return( MBEDTLS_ERR_ECP_INVALID_KEY );
return( 0 );
} }
#endif /* ECP_MONTGOMERY */ #endif /* ECP_MONTGOMERY */
#if defined(ECP_SHORTWEIERSTRASS) #if defined(ECP_SHORTWEIERSTRASS)
@ -1941,10 +1945,14 @@ int mbedtls_ecp_gen_keypair_base( mbedtls_ecp_group *grp,
else else
MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( d, grp->nbits, 1 ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( d, grp->nbits, 1 ) );
/* Make sure the last three bits are unset */ /* Make sure the last two bits are unset for Curve448, three bits for
Curve25519 */
MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( d, 0, 0 ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( d, 0, 0 ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( d, 1, 0 ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( d, 1, 0 ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( d, 2, 0 ) ); if( grp->nbits == 254 )
{
MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( d, 2, 0 ) );
}
} }
else else
#endif /* ECP_MONTGOMERY */ #endif /* ECP_MONTGOMERY */

135
thirdparty/mbedtls/library/ecp_curves.c vendored
View File

@ -627,6 +627,9 @@ static int ecp_mod_p521( mbedtls_mpi * );
#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) #if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED)
static int ecp_mod_p255( mbedtls_mpi * ); static int ecp_mod_p255( mbedtls_mpi * );
#endif #endif
#if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED)
static int ecp_mod_p448( mbedtls_mpi * );
#endif
#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) #if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED)
static int ecp_mod_p192k1( mbedtls_mpi * ); static int ecp_mod_p192k1( mbedtls_mpi * );
#endif #endif
@ -670,7 +673,12 @@ static int ecp_use_curve25519( mbedtls_ecp_group *grp )
MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &grp->P, &grp->P, 19 ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &grp->P, &grp->P, 19 ) );
grp->pbits = mbedtls_mpi_bitlen( &grp->P ); grp->pbits = mbedtls_mpi_bitlen( &grp->P );
/* Y intentionaly not set, since we use x/z coordinates. /* N = 2^252 + 27742317777372353535851937790883648493 */
MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &grp->N, 16,
"14DEF9DEA2F79CD65812631A5CF5D3ED" ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( &grp->N, 252, 1 ) );
/* Y intentionally not set, since we use x/z coordinates.
* This is used as a marker to identify Montgomery curves! */ * This is used as a marker to identify Montgomery curves! */
MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &grp->G.X, 9 ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &grp->G.X, 9 ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &grp->G.Z, 1 ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &grp->G.Z, 1 ) );
@ -687,6 +695,52 @@ cleanup:
} }
#endif /* MBEDTLS_ECP_DP_CURVE25519_ENABLED */ #endif /* MBEDTLS_ECP_DP_CURVE25519_ENABLED */
#if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED)
/*
* Specialized function for creating the Curve448 group
*/
static int ecp_use_curve448( mbedtls_ecp_group *grp )
{
mbedtls_mpi Ns;
int ret;
mbedtls_mpi_init( &Ns );
/* Actually ( A + 2 ) / 4 */
MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &grp->A, 16, "98AA" ) );
/* P = 2^448 - 2^224 - 1 */
MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &grp->P, 1 ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l( &grp->P, 224 ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &grp->P, &grp->P, 1 ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l( &grp->P, 224 ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &grp->P, &grp->P, 1 ) );
grp->pbits = mbedtls_mpi_bitlen( &grp->P );
/* Y intentionally not set, since we use x/z coordinates.
* This is used as a marker to identify Montgomery curves! */
MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &grp->G.X, 5 ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &grp->G.Z, 1 ) );
mbedtls_mpi_free( &grp->G.Y );
/* N = 2^446 - 13818066809895115352007386748515426880336692474882178609894547503885 */
MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( &grp->N, 446, 1 ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &Ns, 16,
"8335DC163BB124B65129C96FDE933D8D723A70AADC873D6D54A7BB0D" ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &grp->N, &grp->N, &Ns ) );
/* Actually, the required msb for private keys */
grp->nbits = 447;
cleanup:
mbedtls_mpi_free( &Ns );
if( ret != 0 )
mbedtls_ecp_group_free( grp );
return( ret );
}
#endif /* MBEDTLS_ECP_DP_CURVE448_ENABLED */
/* /*
* Set a group using well-known domain parameters * Set a group using well-known domain parameters
*/ */
@ -767,6 +821,12 @@ int mbedtls_ecp_group_load( mbedtls_ecp_group *grp, mbedtls_ecp_group_id id )
return( ecp_use_curve25519( grp ) ); return( ecp_use_curve25519( grp ) );
#endif /* MBEDTLS_ECP_DP_CURVE25519_ENABLED */ #endif /* MBEDTLS_ECP_DP_CURVE25519_ENABLED */
#if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED)
case MBEDTLS_ECP_DP_CURVE448:
grp->modp = ecp_mod_p448;
return( ecp_use_curve448( grp ) );
#endif /* MBEDTLS_ECP_DP_CURVE448_ENABLED */
default: default:
mbedtls_ecp_group_free( grp ); mbedtls_ecp_group_free( grp );
return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE ); return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE );
@ -1176,7 +1236,7 @@ static int ecp_mod_p255( mbedtls_mpi *N )
M.s = 1; M.s = 1;
M.n = N->n - ( P255_WIDTH - 1 ); M.n = N->n - ( P255_WIDTH - 1 );
if( M.n > P255_WIDTH + 1 ) if( M.n > P255_WIDTH + 1 )
M.n = P255_WIDTH + 1; return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
M.p = Mp; M.p = Mp;
memset( Mp, 0, sizeof Mp ); memset( Mp, 0, sizeof Mp );
memcpy( Mp, N->p + P255_WIDTH - 1, M.n * sizeof( mbedtls_mpi_uint ) ); memcpy( Mp, N->p + P255_WIDTH - 1, M.n * sizeof( mbedtls_mpi_uint ) );
@ -1197,6 +1257,77 @@ cleanup:
} }
#endif /* MBEDTLS_ECP_DP_CURVE25519_ENABLED */ #endif /* MBEDTLS_ECP_DP_CURVE25519_ENABLED */
#if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED)
/* Size of p448 in terms of mbedtls_mpi_uint */
#define P448_WIDTH ( 448 / 8 / sizeof( mbedtls_mpi_uint ) )
/* Number of limbs fully occupied by 2^224 (max), and limbs used by it (min) */
#define DIV_ROUND_UP( X, Y ) ( ( ( X ) + ( Y ) - 1 ) / ( Y ) )
#define P224_WIDTH_MIN ( 28 / sizeof( mbedtls_mpi_uint ) )
#define P224_WIDTH_MAX DIV_ROUND_UP( 28, sizeof( mbedtls_mpi_uint ) )
#define P224_UNUSED_BITS ( ( P224_WIDTH_MAX * sizeof( mbedtls_mpi_uint ) * 8 ) - 224 )
/*
* Fast quasi-reduction modulo p448 = 2^448 - 2^224 - 1
* Write N as A0 + 2^448 A1 and A1 as B0 + 2^224 B1, and return
* A0 + A1 + B1 + (B0 + B1) * 2^224. This is different to the reference
* implementation of Curve448, which uses its own special 56-bit limbs rather
* than a generic bignum library. We could squeeze some extra speed out on
* 32-bit machines by splitting N up into 32-bit limbs and doing the
* arithmetic using the limbs directly as we do for the NIST primes above,
* but for 64-bit targets it should use half the number of operations if we do
* the reduction with 224-bit limbs, since mpi_add_mpi will then use 64-bit adds.
*/
static int ecp_mod_p448( mbedtls_mpi *N )
{
int ret;
size_t i;
mbedtls_mpi M, Q;
mbedtls_mpi_uint Mp[P448_WIDTH + 1], Qp[P448_WIDTH];
if( N->n <= P448_WIDTH )
return( 0 );
/* M = A1 */
M.s = 1;
M.n = N->n - ( P448_WIDTH );
if( M.n > P448_WIDTH )
/* Shouldn't be called with N larger than 2^896! */
return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
M.p = Mp;
memset( Mp, 0, sizeof( Mp ) );
memcpy( Mp, N->p + P448_WIDTH, M.n * sizeof( mbedtls_mpi_uint ) );
/* N = A0 */
for( i = P448_WIDTH; i < N->n; i++ )
N->p[i] = 0;
/* N += A1 */
MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( N, N, &M ) );
/* Q = B1, N += B1 */
Q = M;
Q.p = Qp;
memcpy( Qp, Mp, sizeof( Qp ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &Q, 224 ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( N, N, &Q ) );
/* M = (B0 + B1) * 2^224, N += M */
if( sizeof( mbedtls_mpi_uint ) > 4 )
Mp[P224_WIDTH_MIN] &= ( (mbedtls_mpi_uint)-1 ) >> ( P224_UNUSED_BITS );
for( i = P224_WIDTH_MAX; i < M.n; ++i )
Mp[i] = 0;
MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &M, &M, &Q ) );
M.n = P448_WIDTH + 1; /* Make room for shifted carry bit from the addition */
MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l( &M, 224 ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( N, N, &M ) );
cleanup:
return( ret );
}
#endif /* MBEDTLS_ECP_DP_CURVE448_ENABLED */
#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) || \ #if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) || \
defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) || \ defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) || \
defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)

18
thirdparty/mbedtls/library/entropy.c vendored
View File

@ -35,6 +35,7 @@
#include "mbedtls/entropy.h" #include "mbedtls/entropy.h"
#include "mbedtls/entropy_poll.h" #include "mbedtls/entropy_poll.h"
#include "mbedtls/platform_util.h"
#include <string.h> #include <string.h>
@ -59,11 +60,6 @@
#include "mbedtls/havege.h" #include "mbedtls/havege.h"
#endif #endif
/* Implementation that should never be optimized out by the compiler */
static void mbedtls_zeroize( void *v, size_t n ) {
volatile unsigned char *p = v; while( n-- ) *p++ = 0;
}
#define ENTROPY_MAX_LOOP 256 /**< Maximum amount to loop before error */ #define ENTROPY_MAX_LOOP 256 /**< Maximum amount to loop before error */
void mbedtls_entropy_init( mbedtls_entropy_context *ctx ) void mbedtls_entropy_init( mbedtls_entropy_context *ctx )
@ -140,7 +136,7 @@ void mbedtls_entropy_free( mbedtls_entropy_context *ctx )
ctx->initial_entropy_run = 0; ctx->initial_entropy_run = 0;
#endif #endif
ctx->source_count = 0; ctx->source_count = 0;
mbedtls_zeroize( ctx->source, sizeof( ctx->source ) ); mbedtls_platform_zeroize( ctx->source, sizeof( ctx->source ) );
ctx->accumulator_started = 0; ctx->accumulator_started = 0;
} }
@ -232,7 +228,7 @@ static int entropy_update( mbedtls_entropy_context *ctx, unsigned char source_id
#endif #endif
cleanup: cleanup:
mbedtls_zeroize( tmp, sizeof( tmp ) ); mbedtls_platform_zeroize( tmp, sizeof( tmp ) );
return( ret ); return( ret );
} }
@ -300,7 +296,7 @@ static int entropy_gather_internal( mbedtls_entropy_context *ctx )
ret = MBEDTLS_ERR_ENTROPY_NO_STRONG_SOURCE; ret = MBEDTLS_ERR_ENTROPY_NO_STRONG_SOURCE;
cleanup: cleanup:
mbedtls_zeroize( buf, sizeof( buf ) ); mbedtls_platform_zeroize( buf, sizeof( buf ) );
return( ret ); return( ret );
} }
@ -433,7 +429,7 @@ int mbedtls_entropy_func( void *data, unsigned char *output, size_t len )
ret = 0; ret = 0;
exit: exit:
mbedtls_zeroize( buf, sizeof( buf ) ); mbedtls_platform_zeroize( buf, sizeof( buf ) );
#if defined(MBEDTLS_THREADING_C) #if defined(MBEDTLS_THREADING_C)
if( mbedtls_mutex_unlock( &ctx->mutex ) != 0 ) if( mbedtls_mutex_unlock( &ctx->mutex ) != 0 )
@ -486,7 +482,7 @@ int mbedtls_entropy_write_seed_file( mbedtls_entropy_context *ctx, const char *p
ret = 0; ret = 0;
exit: exit:
mbedtls_zeroize( buf, sizeof( buf ) ); mbedtls_platform_zeroize( buf, sizeof( buf ) );
fclose( f ); fclose( f );
return( ret ); return( ret );
@ -516,7 +512,7 @@ int mbedtls_entropy_update_seed_file( mbedtls_entropy_context *ctx, const char *
fclose( f ); fclose( f );
mbedtls_zeroize( buf, sizeof( buf ) ); mbedtls_platform_zeroize( buf, sizeof( buf ) );
if( ret != 0 ) if( ret != 0 )
return( ret ); return( ret );

2
thirdparty/mbedtls/library/entropy_poll.c vendored
View File

@ -44,7 +44,7 @@
#if !defined(MBEDTLS_NO_PLATFORM_ENTROPY) #if !defined(MBEDTLS_NO_PLATFORM_ENTROPY)
#if !defined(unix) && !defined(__unix__) && !defined(__unix) && \ #if !defined(unix) && !defined(__unix__) && !defined(__unix) && \
!defined(__APPLE__) && !defined(_WIN32) !defined(__APPLE__) && !defined(_WIN32) && !defined(__QNXNTO__)
#error "Platform entropy sources only work on Unix and Windows, see MBEDTLS_NO_PLATFORM_ENTROPY in config.h" #error "Platform entropy sources only work on Unix and Windows, see MBEDTLS_NO_PLATFORM_ENTROPY in config.h"
#endif #endif

35
thirdparty/mbedtls/library/error.c vendored
View File

@ -49,6 +49,10 @@
#include "mbedtls/arc4.h" #include "mbedtls/arc4.h"
#endif #endif
#if defined(MBEDTLS_ARIA_C)
#include "mbedtls/aria.h"
#endif
#if defined(MBEDTLS_BASE64_C) #if defined(MBEDTLS_BASE64_C)
#include "mbedtls/base64.h" #include "mbedtls/base64.h"
#endif #endif
@ -256,19 +260,19 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen )
if( use_ret == -(MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL) ) if( use_ret == -(MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL) )
mbedtls_snprintf( buf, buflen, "ECP - The buffer is too small to write to" ); mbedtls_snprintf( buf, buflen, "ECP - The buffer is too small to write to" );
if( use_ret == -(MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE) ) if( use_ret == -(MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE) )
mbedtls_snprintf( buf, buflen, "ECP - Requested curve not available" ); mbedtls_snprintf( buf, buflen, "ECP - The requested feature is not available, for example, the requested curve is not supported" );
if( use_ret == -(MBEDTLS_ERR_ECP_VERIFY_FAILED) ) if( use_ret == -(MBEDTLS_ERR_ECP_VERIFY_FAILED) )
mbedtls_snprintf( buf, buflen, "ECP - The signature is not valid" ); mbedtls_snprintf( buf, buflen, "ECP - The signature is not valid" );
if( use_ret == -(MBEDTLS_ERR_ECP_ALLOC_FAILED) ) if( use_ret == -(MBEDTLS_ERR_ECP_ALLOC_FAILED) )
mbedtls_snprintf( buf, buflen, "ECP - Memory allocation failed" ); mbedtls_snprintf( buf, buflen, "ECP - Memory allocation failed" );
if( use_ret == -(MBEDTLS_ERR_ECP_RANDOM_FAILED) ) if( use_ret == -(MBEDTLS_ERR_ECP_RANDOM_FAILED) )
mbedtls_snprintf( buf, buflen, "ECP - Generation of random value, such as (ephemeral) key, failed" ); mbedtls_snprintf( buf, buflen, "ECP - Generation of random value, such as ephemeral key, failed" );
if( use_ret == -(MBEDTLS_ERR_ECP_INVALID_KEY) ) if( use_ret == -(MBEDTLS_ERR_ECP_INVALID_KEY) )
mbedtls_snprintf( buf, buflen, "ECP - Invalid private or public key" ); mbedtls_snprintf( buf, buflen, "ECP - Invalid private or public key" );
if( use_ret == -(MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH) ) if( use_ret == -(MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH) )
mbedtls_snprintf( buf, buflen, "ECP - Signature is valid but shorter than the user-supplied length" ); mbedtls_snprintf( buf, buflen, "ECP - The buffer contains a valid signature followed by more data" );
if( use_ret == -(MBEDTLS_ERR_ECP_HW_ACCEL_FAILED) ) if( use_ret == -(MBEDTLS_ERR_ECP_HW_ACCEL_FAILED) )
mbedtls_snprintf( buf, buflen, "ECP - ECP hardware accelerator failed" ); mbedtls_snprintf( buf, buflen, "ECP - The ECP hardware accelerator failed" );
#endif /* MBEDTLS_ECP_C */ #endif /* MBEDTLS_ECP_C */
#if defined(MBEDTLS_MD_C) #if defined(MBEDTLS_MD_C)
@ -333,7 +337,7 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen )
if( use_ret == -(MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE) ) if( use_ret == -(MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE) )
mbedtls_snprintf( buf, buflen, "PK - Unavailable feature, e.g. RSA disabled for RSA key" ); mbedtls_snprintf( buf, buflen, "PK - Unavailable feature, e.g. RSA disabled for RSA key" );
if( use_ret == -(MBEDTLS_ERR_PK_SIG_LEN_MISMATCH) ) if( use_ret == -(MBEDTLS_ERR_PK_SIG_LEN_MISMATCH) )
mbedtls_snprintf( buf, buflen, "PK - The signature is valid but its length is less than expected" ); mbedtls_snprintf( buf, buflen, "PK - The buffer contains a valid signature followed by more data" );
if( use_ret == -(MBEDTLS_ERR_PK_HW_ACCEL_FAILED) ) if( use_ret == -(MBEDTLS_ERR_PK_HW_ACCEL_FAILED) )
mbedtls_snprintf( buf, buflen, "PK - PK hardware accelerator failed" ); mbedtls_snprintf( buf, buflen, "PK - PK hardware accelerator failed" );
#endif /* MBEDTLS_PK_C */ #endif /* MBEDTLS_PK_C */
@ -478,7 +482,7 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen )
if( use_ret == -(MBEDTLS_ERR_SSL_NO_USABLE_CIPHERSUITE) ) if( use_ret == -(MBEDTLS_ERR_SSL_NO_USABLE_CIPHERSUITE) )
mbedtls_snprintf( buf, buflen, "SSL - None of the common ciphersuites is usable (eg, no suitable certificate, see debug messages)" ); mbedtls_snprintf( buf, buflen, "SSL - None of the common ciphersuites is usable (eg, no suitable certificate, see debug messages)" );
if( use_ret == -(MBEDTLS_ERR_SSL_WANT_READ) ) if( use_ret == -(MBEDTLS_ERR_SSL_WANT_READ) )
mbedtls_snprintf( buf, buflen, "SSL - Connection requires a read call" ); mbedtls_snprintf( buf, buflen, "SSL - No data of requested type currently available on underlying transport" );
if( use_ret == -(MBEDTLS_ERR_SSL_WANT_WRITE) ) if( use_ret == -(MBEDTLS_ERR_SSL_WANT_WRITE) )
mbedtls_snprintf( buf, buflen, "SSL - Connection requires a write call" ); mbedtls_snprintf( buf, buflen, "SSL - Connection requires a write call" );
if( use_ret == -(MBEDTLS_ERR_SSL_TIMEOUT) ) if( use_ret == -(MBEDTLS_ERR_SSL_TIMEOUT) )
@ -491,6 +495,8 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen )
mbedtls_snprintf( buf, buflen, "SSL - The alert message received indicates a non-fatal error" ); mbedtls_snprintf( buf, buflen, "SSL - The alert message received indicates a non-fatal error" );
if( use_ret == -(MBEDTLS_ERR_SSL_INVALID_VERIFY_HASH) ) if( use_ret == -(MBEDTLS_ERR_SSL_INVALID_VERIFY_HASH) )
mbedtls_snprintf( buf, buflen, "SSL - Couldn't set the hash for verifying CertificateVerify" ); mbedtls_snprintf( buf, buflen, "SSL - Couldn't set the hash for verifying CertificateVerify" );
if( use_ret == -(MBEDTLS_ERR_SSL_CONTINUE_PROCESSING) )
mbedtls_snprintf( buf, buflen, "SSL - Internal-only message signaling that further message-processing should be done" );
#endif /* MBEDTLS_SSL_TLS_C */ #endif /* MBEDTLS_SSL_TLS_C */
#if defined(MBEDTLS_X509_USE_C) || defined(MBEDTLS_X509_CREATE_C) #if defined(MBEDTLS_X509_USE_C) || defined(MBEDTLS_X509_CREATE_C)
@ -570,6 +576,8 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen )
mbedtls_snprintf( buf, buflen, "AES - Invalid key length" ); mbedtls_snprintf( buf, buflen, "AES - Invalid key length" );
if( use_ret == -(MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH) ) if( use_ret == -(MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH) )
mbedtls_snprintf( buf, buflen, "AES - Invalid data input length" ); mbedtls_snprintf( buf, buflen, "AES - Invalid data input length" );
if( use_ret == -(MBEDTLS_ERR_AES_BAD_INPUT_DATA) )
mbedtls_snprintf( buf, buflen, "AES - Invalid input data" );
if( use_ret == -(MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE) ) if( use_ret == -(MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE) )
mbedtls_snprintf( buf, buflen, "AES - Feature not available. For example, an unsupported AES key size" ); mbedtls_snprintf( buf, buflen, "AES - Feature not available. For example, an unsupported AES key size" );
if( use_ret == -(MBEDTLS_ERR_AES_HW_ACCEL_FAILED) ) if( use_ret == -(MBEDTLS_ERR_AES_HW_ACCEL_FAILED) )
@ -581,6 +589,17 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen )
mbedtls_snprintf( buf, buflen, "ARC4 - ARC4 hardware accelerator failed" ); mbedtls_snprintf( buf, buflen, "ARC4 - ARC4 hardware accelerator failed" );
#endif /* MBEDTLS_ARC4_C */ #endif /* MBEDTLS_ARC4_C */
#if defined(MBEDTLS_ARIA_C)
if( use_ret == -(MBEDTLS_ERR_ARIA_INVALID_KEY_LENGTH) )
mbedtls_snprintf( buf, buflen, "ARIA - Invalid key length" );
if( use_ret == -(MBEDTLS_ERR_ARIA_INVALID_INPUT_LENGTH) )
mbedtls_snprintf( buf, buflen, "ARIA - Invalid data input length" );
if( use_ret == -(MBEDTLS_ERR_ARIA_FEATURE_UNAVAILABLE) )
mbedtls_snprintf( buf, buflen, "ARIA - Feature not available. For example, an unsupported ARIA key size" );
if( use_ret == -(MBEDTLS_ERR_ARIA_HW_ACCEL_FAILED) )
mbedtls_snprintf( buf, buflen, "ARIA - ARIA hardware accelerator failed" );
#endif /* MBEDTLS_ARIA_C */
#if defined(MBEDTLS_ASN1_PARSE_C) #if defined(MBEDTLS_ASN1_PARSE_C)
if( use_ret == -(MBEDTLS_ERR_ASN1_OUT_OF_DATA) ) if( use_ret == -(MBEDTLS_ERR_ASN1_OUT_OF_DATA) )
mbedtls_snprintf( buf, buflen, "ASN1 - Out of data when parsing an ASN1 data structure" ); mbedtls_snprintf( buf, buflen, "ASN1 - Out of data when parsing an ASN1 data structure" );
@ -745,6 +764,10 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen )
mbedtls_snprintf( buf, buflen, "NET - Buffer is too small to hold the data" ); mbedtls_snprintf( buf, buflen, "NET - Buffer is too small to hold the data" );
if( use_ret == -(MBEDTLS_ERR_NET_INVALID_CONTEXT) ) if( use_ret == -(MBEDTLS_ERR_NET_INVALID_CONTEXT) )
mbedtls_snprintf( buf, buflen, "NET - The context is invalid, eg because it was free()ed" ); mbedtls_snprintf( buf, buflen, "NET - The context is invalid, eg because it was free()ed" );
if( use_ret == -(MBEDTLS_ERR_NET_POLL_FAILED) )
mbedtls_snprintf( buf, buflen, "NET - Polling the net context failed" );
if( use_ret == -(MBEDTLS_ERR_NET_BAD_INPUT_DATA) )
mbedtls_snprintf( buf, buflen, "NET - Input invalid" );
#endif /* MBEDTLS_NET_C */ #endif /* MBEDTLS_NET_C */
#if defined(MBEDTLS_OID_C) #if defined(MBEDTLS_OID_C)

10
thirdparty/mbedtls/library/gcm.c vendored
View File

@ -38,6 +38,7 @@
#if defined(MBEDTLS_GCM_C) #if defined(MBEDTLS_GCM_C)
#include "mbedtls/gcm.h" #include "mbedtls/gcm.h"
#include "mbedtls/platform_util.h"
#include <string.h> #include <string.h>
@ -80,11 +81,6 @@
} }
#endif #endif
/* Implementation that should never be optimized out by the compiler */
static void mbedtls_zeroize( void *v, size_t n ) {
volatile unsigned char *p = v; while( n-- ) *p++ = 0;
}
/* /*
* Initialize a context * Initialize a context
*/ */
@ -498,7 +494,7 @@ int mbedtls_gcm_auth_decrypt( mbedtls_gcm_context *ctx,
if( diff != 0 ) if( diff != 0 )
{ {
mbedtls_zeroize( output, length ); mbedtls_platform_zeroize( output, length );
return( MBEDTLS_ERR_GCM_AUTH_FAILED ); return( MBEDTLS_ERR_GCM_AUTH_FAILED );
} }
@ -508,7 +504,7 @@ int mbedtls_gcm_auth_decrypt( mbedtls_gcm_context *ctx,
void mbedtls_gcm_free( mbedtls_gcm_context *ctx ) void mbedtls_gcm_free( mbedtls_gcm_context *ctx )
{ {
mbedtls_cipher_free( &ctx->cipher_ctx ); mbedtls_cipher_free( &ctx->cipher_ctx );
mbedtls_zeroize( ctx, sizeof( mbedtls_gcm_context ) ); mbedtls_platform_zeroize( ctx, sizeof( mbedtls_gcm_context ) );
} }
#endif /* !MBEDTLS_GCM_ALT */ #endif /* !MBEDTLS_GCM_ALT */

8
thirdparty/mbedtls/library/havege.c vendored
View File

@ -36,14 +36,10 @@
#include "mbedtls/havege.h" #include "mbedtls/havege.h"
#include "mbedtls/timing.h" #include "mbedtls/timing.h"
#include "mbedtls/platform_util.h"
#include <string.h> #include <string.h>
/* Implementation that should never be optimized out by the compiler */
static void mbedtls_zeroize( void *v, size_t n ) {
volatile unsigned char *p = v; while( n-- ) *p++ = 0;
}
/* ------------------------------------------------------------------------ /* ------------------------------------------------------------------------
* On average, one iteration accesses two 8-word blocks in the havege WALK * On average, one iteration accesses two 8-word blocks in the havege WALK
* table, and generates 16 words in the RES array. * table, and generates 16 words in the RES array.
@ -208,7 +204,7 @@ void mbedtls_havege_free( mbedtls_havege_state *hs )
if( hs == NULL ) if( hs == NULL )
return; return;
mbedtls_zeroize( hs, sizeof( mbedtls_havege_state ) ); mbedtls_platform_zeroize( hs, sizeof( mbedtls_havege_state ) );
} }
/* /*

12
thirdparty/mbedtls/library/hmac_drbg.c vendored
View File

@ -34,6 +34,7 @@
#if defined(MBEDTLS_HMAC_DRBG_C) #if defined(MBEDTLS_HMAC_DRBG_C)
#include "mbedtls/hmac_drbg.h" #include "mbedtls/hmac_drbg.h"
#include "mbedtls/platform_util.h"
#include <string.h> #include <string.h>
@ -50,11 +51,6 @@
#endif /* MBEDTLS_SELF_TEST */ #endif /* MBEDTLS_SELF_TEST */
#endif /* MBEDTLS_PLATFORM_C */ #endif /* MBEDTLS_PLATFORM_C */
/* Implementation that should never be optimized out by the compiler */
static void mbedtls_zeroize( void *v, size_t n ) {
volatile unsigned char *p = v; while( n-- ) *p++ = 0;
}
/* /*
* HMAC_DRBG context initialization * HMAC_DRBG context initialization
*/ */
@ -338,7 +334,7 @@ void mbedtls_hmac_drbg_free( mbedtls_hmac_drbg_context *ctx )
mbedtls_mutex_free( &ctx->mutex ); mbedtls_mutex_free( &ctx->mutex );
#endif #endif
mbedtls_md_free( &ctx->md_ctx ); mbedtls_md_free( &ctx->md_ctx );
mbedtls_zeroize( ctx, sizeof( mbedtls_hmac_drbg_context ) ); mbedtls_platform_zeroize( ctx, sizeof( mbedtls_hmac_drbg_context ) );
} }
#if defined(MBEDTLS_FS_IO) #if defined(MBEDTLS_FS_IO)
@ -364,7 +360,7 @@ int mbedtls_hmac_drbg_write_seed_file( mbedtls_hmac_drbg_context *ctx, const cha
exit: exit:
fclose( f ); fclose( f );
mbedtls_zeroize( buf, sizeof( buf ) ); mbedtls_platform_zeroize( buf, sizeof( buf ) );
return( ret ); return( ret );
} }
@ -396,7 +392,7 @@ int mbedtls_hmac_drbg_update_seed_file( mbedtls_hmac_drbg_context *ctx, const ch
fclose( f ); fclose( f );
mbedtls_zeroize( buf, sizeof( buf ) ); mbedtls_platform_zeroize( buf, sizeof( buf ) );
if( ret != 0 ) if( ret != 0 )
return( ret ); return( ret );

15
thirdparty/mbedtls/library/md.c vendored
View File

@ -33,6 +33,7 @@
#include "mbedtls/md.h" #include "mbedtls/md.h"
#include "mbedtls/md_internal.h" #include "mbedtls/md_internal.h"
#include "mbedtls/platform_util.h"
#if defined(MBEDTLS_PLATFORM_C) #if defined(MBEDTLS_PLATFORM_C)
#include "mbedtls/platform.h" #include "mbedtls/platform.h"
@ -48,11 +49,6 @@
#include <stdio.h> #include <stdio.h>
#endif #endif
/* Implementation that should never be optimized out by the compiler */
static void mbedtls_zeroize( void *v, size_t n ) {
volatile unsigned char *p = v; while( n-- ) *p++ = 0;
}
/* /*
* Reminder: update profiles in x509_crt.c when adding a new hash! * Reminder: update profiles in x509_crt.c when adding a new hash!
*/ */
@ -193,11 +189,12 @@ void mbedtls_md_free( mbedtls_md_context_t *ctx )
if( ctx->hmac_ctx != NULL ) if( ctx->hmac_ctx != NULL )
{ {
mbedtls_zeroize( ctx->hmac_ctx, 2 * ctx->md_info->block_size ); mbedtls_platform_zeroize( ctx->hmac_ctx,
2 * ctx->md_info->block_size );
mbedtls_free( ctx->hmac_ctx ); mbedtls_free( ctx->hmac_ctx );
} }
mbedtls_zeroize( ctx, sizeof( mbedtls_md_context_t ) ); mbedtls_platform_zeroize( ctx, sizeof( mbedtls_md_context_t ) );
} }
int mbedtls_md_clone( mbedtls_md_context_t *dst, int mbedtls_md_clone( mbedtls_md_context_t *dst,
@ -311,7 +308,7 @@ int mbedtls_md_file( const mbedtls_md_info_t *md_info, const char *path, unsigne
ret = md_info->finish_func( ctx.md_ctx, output ); ret = md_info->finish_func( ctx.md_ctx, output );
cleanup: cleanup:
mbedtls_zeroize( buf, sizeof( buf ) ); mbedtls_platform_zeroize( buf, sizeof( buf ) );
fclose( f ); fclose( f );
mbedtls_md_free( &ctx ); mbedtls_md_free( &ctx );
@ -361,7 +358,7 @@ int mbedtls_md_hmac_starts( mbedtls_md_context_t *ctx, const unsigned char *key,
goto cleanup; goto cleanup;
cleanup: cleanup:
mbedtls_zeroize( sum, sizeof( sum ) ); mbedtls_platform_zeroize( sum, sizeof( sum ) );
return( ret ); return( ret );
} }

8
thirdparty/mbedtls/library/md2.c vendored
View File

@ -34,6 +34,7 @@
#if defined(MBEDTLS_MD2_C) #if defined(MBEDTLS_MD2_C)
#include "mbedtls/md2.h" #include "mbedtls/md2.h"
#include "mbedtls/platform_util.h"
#include <string.h> #include <string.h>
@ -48,11 +49,6 @@
#if !defined(MBEDTLS_MD2_ALT) #if !defined(MBEDTLS_MD2_ALT)
/* Implementation that should never be optimized out by the compiler */
static void mbedtls_zeroize( void *v, size_t n ) {
volatile unsigned char *p = v; while( n-- ) *p++ = 0;
}
static const unsigned char PI_SUBST[256] = static const unsigned char PI_SUBST[256] =
{ {
0x29, 0x2E, 0x43, 0xC9, 0xA2, 0xD8, 0x7C, 0x01, 0x3D, 0x36, 0x29, 0x2E, 0x43, 0xC9, 0xA2, 0xD8, 0x7C, 0x01, 0x3D, 0x36,
@ -93,7 +89,7 @@ void mbedtls_md2_free( mbedtls_md2_context *ctx )
if( ctx == NULL ) if( ctx == NULL )
return; return;
mbedtls_zeroize( ctx, sizeof( mbedtls_md2_context ) ); mbedtls_platform_zeroize( ctx, sizeof( mbedtls_md2_context ) );
} }
void mbedtls_md2_clone( mbedtls_md2_context *dst, void mbedtls_md2_clone( mbedtls_md2_context *dst,

8
thirdparty/mbedtls/library/md4.c vendored
View File

@ -34,6 +34,7 @@
#if defined(MBEDTLS_MD4_C) #if defined(MBEDTLS_MD4_C)
#include "mbedtls/md4.h" #include "mbedtls/md4.h"
#include "mbedtls/platform_util.h"
#include <string.h> #include <string.h>
@ -48,11 +49,6 @@
#if !defined(MBEDTLS_MD4_ALT) #if !defined(MBEDTLS_MD4_ALT)
/* Implementation that should never be optimized out by the compiler */
static void mbedtls_zeroize( void *v, size_t n ) {
volatile unsigned char *p = v; while( n-- ) *p++ = 0;
}
/* /*
* 32-bit integer manipulation macros (little endian) * 32-bit integer manipulation macros (little endian)
*/ */
@ -86,7 +82,7 @@ void mbedtls_md4_free( mbedtls_md4_context *ctx )
if( ctx == NULL ) if( ctx == NULL )
return; return;
mbedtls_zeroize( ctx, sizeof( mbedtls_md4_context ) ); mbedtls_platform_zeroize( ctx, sizeof( mbedtls_md4_context ) );
} }
void mbedtls_md4_clone( mbedtls_md4_context *dst, void mbedtls_md4_clone( mbedtls_md4_context *dst,

8
thirdparty/mbedtls/library/md5.c vendored
View File

@ -33,6 +33,7 @@
#if defined(MBEDTLS_MD5_C) #if defined(MBEDTLS_MD5_C)
#include "mbedtls/md5.h" #include "mbedtls/md5.h"
#include "mbedtls/platform_util.h"
#include <string.h> #include <string.h>
@ -47,11 +48,6 @@
#if !defined(MBEDTLS_MD5_ALT) #if !defined(MBEDTLS_MD5_ALT)
/* Implementation that should never be optimized out by the compiler */
static void mbedtls_zeroize( void *v, size_t n ) {
volatile unsigned char *p = v; while( n-- ) *p++ = 0;
}
/* /*
* 32-bit integer manipulation macros (little endian) * 32-bit integer manipulation macros (little endian)
*/ */
@ -85,7 +81,7 @@ void mbedtls_md5_free( mbedtls_md5_context *ctx )
if( ctx == NULL ) if( ctx == NULL )
return; return;
mbedtls_zeroize( ctx, sizeof( mbedtls_md5_context ) ); mbedtls_platform_zeroize( ctx, sizeof( mbedtls_md5_context ) );
} }
void mbedtls_md5_clone( mbedtls_md5_context *dst, void mbedtls_md5_clone( mbedtls_md5_context *dst,

8
thirdparty/mbedtls/library/memory_buffer_alloc.c vendored
View File

@ -31,6 +31,7 @@
/* No need for the header guard as MBEDTLS_MEMORY_BUFFER_ALLOC_C /* No need for the header guard as MBEDTLS_MEMORY_BUFFER_ALLOC_C
is dependent upon MBEDTLS_PLATFORM_C */ is dependent upon MBEDTLS_PLATFORM_C */
#include "mbedtls/platform.h" #include "mbedtls/platform.h"
#include "mbedtls/platform_util.h"
#include <string.h> #include <string.h>
@ -42,11 +43,6 @@
#include "mbedtls/threading.h" #include "mbedtls/threading.h"
#endif #endif
/* Implementation that should never be optimized out by the compiler */
static void mbedtls_zeroize( void *v, size_t n ) {
volatile unsigned char *p = v; while( n-- ) *p++ = 0;
}
#define MAGIC1 0xFF00AA55 #define MAGIC1 0xFF00AA55
#define MAGIC2 0xEE119966 #define MAGIC2 0xEE119966
#define MAX_BT 20 #define MAX_BT 20
@ -612,7 +608,7 @@ void mbedtls_memory_buffer_alloc_free( void )
#if defined(MBEDTLS_THREADING_C) #if defined(MBEDTLS_THREADING_C)
mbedtls_mutex_free( &heap.mutex ); mbedtls_mutex_free( &heap.mutex );
#endif #endif
mbedtls_zeroize( &heap, sizeof(buffer_alloc_ctx) ); mbedtls_platform_zeroize( &heap, sizeof(buffer_alloc_ctx) );
} }
#if defined(MBEDTLS_SELF_TEST) #if defined(MBEDTLS_SELF_TEST)

76
thirdparty/mbedtls/library/net_sockets.c vendored
View File

@ -28,7 +28,7 @@
#if defined(MBEDTLS_NET_C) #if defined(MBEDTLS_NET_C)
#if !defined(unix) && !defined(__unix__) && !defined(__unix) && \ #if !defined(unix) && !defined(__unix__) && !defined(__unix) && \
!defined(__APPLE__) && !defined(_WIN32) !defined(__APPLE__) && !defined(_WIN32) && !defined(__QNXNTO__)
#error "This module only works on Unix and Windows, see MBEDTLS_NET_C in config.h" #error "This module only works on Unix and Windows, see MBEDTLS_NET_C in config.h"
#endif #endif
@ -45,6 +45,8 @@
#if (defined(_WIN32) || defined(_WIN32_WCE)) && !defined(EFIX64) && \ #if (defined(_WIN32) || defined(_WIN32_WCE)) && !defined(EFIX64) && \
!defined(EFI32) !defined(EFI32)
#define IS_EINTR( ret ) ( ( ret ) == WSAEINTR )
/* GODOT ADDITION */ /* GODOT ADDITION */
#if !defined(_WIN32_WINNT) || (_WIN32_WINNT < 0x0501) #if !defined(_WIN32_WINNT) || (_WIN32_WINNT < 0x0501)
#undef _WIN32_WINNT #undef _WIN32_WINNT
@ -85,6 +87,8 @@ static int wsa_init_done = 0;
#include <netdb.h> #include <netdb.h>
#include <errno.h> #include <errno.h>
#define IS_EINTR( ret ) ( ( ret ) == EINTR )
#endif /* ( _WIN32 || _WIN32_WCE ) && !EFIX64 && !EFI32 */ #endif /* ( _WIN32 || _WIN32_WCE ) && !EFIX64 && !EFI32 */
/* Some MS functions want int and MSVC warns if we pass size_t, /* Some MS functions want int and MSVC warns if we pass size_t,
@ -441,6 +445,72 @@ int mbedtls_net_set_nonblock( mbedtls_net_context *ctx )
#endif #endif
} }
/*
* Check if data is available on the socket
*/
int mbedtls_net_poll( mbedtls_net_context *ctx, uint32_t rw, uint32_t timeout )
{
int ret;
struct timeval tv;
fd_set read_fds;
fd_set write_fds;
int fd = ctx->fd;
if( fd < 0 )
return( MBEDTLS_ERR_NET_INVALID_CONTEXT );
#if defined(__has_feature)
#if __has_feature(memory_sanitizer)
/* Ensure that memory sanitizers consider read_fds and write_fds as
* initialized even on platforms such as Glibc/x86_64 where FD_ZERO
* is implemented in assembly. */
memset( &read_fds, 0, sizeof( read_fds ) );
memset( &write_fds, 0, sizeof( write_fds ) );
#endif
#endif
FD_ZERO( &read_fds );
if( rw & MBEDTLS_NET_POLL_READ )
{
rw &= ~MBEDTLS_NET_POLL_READ;
FD_SET( fd, &read_fds );
}
FD_ZERO( &write_fds );
if( rw & MBEDTLS_NET_POLL_WRITE )
{
rw &= ~MBEDTLS_NET_POLL_WRITE;
FD_SET( fd, &write_fds );
}
if( rw != 0 )
return( MBEDTLS_ERR_NET_BAD_INPUT_DATA );
tv.tv_sec = timeout / 1000;
tv.tv_usec = ( timeout % 1000 ) * 1000;
do
{
ret = select( fd + 1, &read_fds, &write_fds, NULL,
timeout == (uint32_t) -1 ? NULL : &tv );
}
while( IS_EINTR( ret ) );
if( ret < 0 )
return( MBEDTLS_ERR_NET_POLL_FAILED );
ret = 0;
if( FD_ISSET( fd, &read_fds ) )
ret |= MBEDTLS_NET_POLL_READ;
if( FD_ISSET( fd, &write_fds ) )
ret |= MBEDTLS_NET_POLL_WRITE;
return( ret );
}
/* /*
* Portable usleep helper * Portable usleep helper
*/ */
@ -500,8 +570,8 @@ int mbedtls_net_recv( void *ctx, unsigned char *buf, size_t len )
/* /*
* Read at most 'len' characters, blocking for at most 'timeout' ms * Read at most 'len' characters, blocking for at most 'timeout' ms
*/ */
int mbedtls_net_recv_timeout( void *ctx, unsigned char *buf, size_t len, int mbedtls_net_recv_timeout( void *ctx, unsigned char *buf,
uint32_t timeout ) size_t len, uint32_t timeout )
{ {
int ret; int ret;
struct timeval tv; struct timeval tv;

28
thirdparty/mbedtls/library/pem.c vendored
View File

@ -33,6 +33,7 @@
#include "mbedtls/aes.h" #include "mbedtls/aes.h"
#include "mbedtls/md5.h" #include "mbedtls/md5.h"
#include "mbedtls/cipher.h" #include "mbedtls/cipher.h"
#include "mbedtls/platform_util.h"
#include <string.h> #include <string.h>
@ -45,11 +46,6 @@
#endif #endif
#if defined(MBEDTLS_PEM_PARSE_C) #if defined(MBEDTLS_PEM_PARSE_C)
/* Implementation that should never be optimized out by the compiler */
static void mbedtls_zeroize( void *v, size_t n ) {
volatile unsigned char *p = v; while( n-- ) *p++ = 0;
}
void mbedtls_pem_init( mbedtls_pem_context *ctx ) void mbedtls_pem_init( mbedtls_pem_context *ctx )
{ {
memset( ctx, 0, sizeof( mbedtls_pem_context ) ); memset( ctx, 0, sizeof( mbedtls_pem_context ) );
@ -135,7 +131,7 @@ static int pem_pbkdf1( unsigned char *key, size_t keylen,
exit: exit:
mbedtls_md5_free( &md5_ctx ); mbedtls_md5_free( &md5_ctx );
mbedtls_zeroize( md5sum, 16 ); mbedtls_platform_zeroize( md5sum, 16 );
return( ret ); return( ret );
} }
@ -164,7 +160,7 @@ static int pem_des_decrypt( unsigned char des_iv[8],
exit: exit:
mbedtls_des_free( &des_ctx ); mbedtls_des_free( &des_ctx );
mbedtls_zeroize( des_key, 8 ); mbedtls_platform_zeroize( des_key, 8 );
return( ret ); return( ret );
} }
@ -192,7 +188,7 @@ static int pem_des3_decrypt( unsigned char des3_iv[8],
exit: exit:
mbedtls_des3_free( &des3_ctx ); mbedtls_des3_free( &des3_ctx );
mbedtls_zeroize( des3_key, 24 ); mbedtls_platform_zeroize( des3_key, 24 );
return( ret ); return( ret );
} }
@ -222,7 +218,7 @@ static int pem_aes_decrypt( unsigned char aes_iv[16], unsigned int keylen,
exit: exit:
mbedtls_aes_free( &aes_ctx ); mbedtls_aes_free( &aes_ctx );
mbedtls_zeroize( aes_key, keylen ); mbedtls_platform_zeroize( aes_key, keylen );
return( ret ); return( ret );
} }
@ -359,7 +355,7 @@ int mbedtls_pem_read_buffer( mbedtls_pem_context *ctx, const char *header, const
if( ( ret = mbedtls_base64_decode( buf, len, &len, s1, s2 - s1 ) ) != 0 ) if( ( ret = mbedtls_base64_decode( buf, len, &len, s1, s2 - s1 ) ) != 0 )
{ {
mbedtls_zeroize( buf, len ); mbedtls_platform_zeroize( buf, len );
mbedtls_free( buf ); mbedtls_free( buf );
return( MBEDTLS_ERR_PEM_INVALID_DATA + ret ); return( MBEDTLS_ERR_PEM_INVALID_DATA + ret );
} }
@ -370,7 +366,7 @@ int mbedtls_pem_read_buffer( mbedtls_pem_context *ctx, const char *header, const
( defined(MBEDTLS_DES_C) || defined(MBEDTLS_AES_C) ) ( defined(MBEDTLS_DES_C) || defined(MBEDTLS_AES_C) )
if( pwd == NULL ) if( pwd == NULL )
{ {
mbedtls_zeroize( buf, len ); mbedtls_platform_zeroize( buf, len );
mbedtls_free( buf ); mbedtls_free( buf );
return( MBEDTLS_ERR_PEM_PASSWORD_REQUIRED ); return( MBEDTLS_ERR_PEM_PASSWORD_REQUIRED );
} }
@ -403,16 +399,16 @@ int mbedtls_pem_read_buffer( mbedtls_pem_context *ctx, const char *header, const
* The result will be ASN.1 starting with a SEQUENCE tag, with 1 to 3 * The result will be ASN.1 starting with a SEQUENCE tag, with 1 to 3
* length bytes (allow 4 to be sure) in all known use cases. * length bytes (allow 4 to be sure) in all known use cases.
* *
* Use that as heurisitic to try detecting password mismatchs. * Use that as a heuristic to try to detect password mismatches.
*/ */
if( len <= 2 || buf[0] != 0x30 || buf[1] > 0x83 ) if( len <= 2 || buf[0] != 0x30 || buf[1] > 0x83 )
{ {
mbedtls_zeroize( buf, len ); mbedtls_platform_zeroize( buf, len );
mbedtls_free( buf ); mbedtls_free( buf );
return( MBEDTLS_ERR_PEM_PASSWORD_MISMATCH ); return( MBEDTLS_ERR_PEM_PASSWORD_MISMATCH );
} }
#else #else
mbedtls_zeroize( buf, len ); mbedtls_platform_zeroize( buf, len );
mbedtls_free( buf ); mbedtls_free( buf );
return( MBEDTLS_ERR_PEM_FEATURE_UNAVAILABLE ); return( MBEDTLS_ERR_PEM_FEATURE_UNAVAILABLE );
#endif /* MBEDTLS_MD5_C && MBEDTLS_CIPHER_MODE_CBC && #endif /* MBEDTLS_MD5_C && MBEDTLS_CIPHER_MODE_CBC &&
@ -428,11 +424,11 @@ int mbedtls_pem_read_buffer( mbedtls_pem_context *ctx, const char *header, const
void mbedtls_pem_free( mbedtls_pem_context *ctx ) void mbedtls_pem_free( mbedtls_pem_context *ctx )
{ {
if( ctx->buf != NULL ) if( ctx->buf != NULL )
mbedtls_zeroize( ctx->buf, ctx->buflen ); mbedtls_platform_zeroize( ctx->buf, ctx->buflen );
mbedtls_free( ctx->buf ); mbedtls_free( ctx->buf );
mbedtls_free( ctx->info ); mbedtls_free( ctx->info );
mbedtls_zeroize( ctx, sizeof( mbedtls_pem_context ) ); mbedtls_platform_zeroize( ctx, sizeof( mbedtls_pem_context ) );
} }
#endif /* MBEDTLS_PEM_PARSE_C */ #endif /* MBEDTLS_PEM_PARSE_C */

9
thirdparty/mbedtls/library/pk.c vendored
View File

@ -29,6 +29,8 @@
#include "mbedtls/pk.h" #include "mbedtls/pk.h"
#include "mbedtls/pk_internal.h" #include "mbedtls/pk_internal.h"
#include "mbedtls/platform_util.h"
#if defined(MBEDTLS_RSA_C) #if defined(MBEDTLS_RSA_C)
#include "mbedtls/rsa.h" #include "mbedtls/rsa.h"
#endif #endif
@ -42,11 +44,6 @@
#include <limits.h> #include <limits.h>
#include <stdint.h> #include <stdint.h>
/* Implementation that should never be optimized out by the compiler */
static void mbedtls_zeroize( void *v, size_t n ) {
volatile unsigned char *p = v; while( n-- ) *p++ = 0;
}
/* /*
* Initialise a mbedtls_pk_context * Initialise a mbedtls_pk_context
*/ */
@ -69,7 +66,7 @@ void mbedtls_pk_free( mbedtls_pk_context *ctx )
ctx->pk_info->ctx_free_func( ctx->pk_ctx ); ctx->pk_info->ctx_free_func( ctx->pk_ctx );
mbedtls_zeroize( ctx, sizeof( mbedtls_pk_context ) ); mbedtls_platform_zeroize( ctx, sizeof( mbedtls_pk_context ) );
} }
/* /*

18
thirdparty/mbedtls/library/pk_wrap.c vendored
View File

@ -41,6 +41,10 @@
#include "mbedtls/ecdsa.h" #include "mbedtls/ecdsa.h"
#endif #endif
#if defined(MBEDTLS_PK_RSA_ALT_SUPPORT)
#include "mbedtls/platform_util.h"
#endif
#if defined(MBEDTLS_PLATFORM_C) #if defined(MBEDTLS_PLATFORM_C)
#include "mbedtls/platform.h" #include "mbedtls/platform.h"
#else #else
@ -52,13 +56,6 @@
#include <limits.h> #include <limits.h>
#include <stdint.h> #include <stdint.h>
#if defined(MBEDTLS_PK_RSA_ALT_SUPPORT)
/* Implementation that should never be optimized out by the compiler */
static void mbedtls_zeroize( void *v, size_t n ) {
volatile unsigned char *p = v; while( n-- ) *p++ = 0;
}
#endif
#if defined(MBEDTLS_RSA_C) #if defined(MBEDTLS_RSA_C)
static int rsa_can_do( mbedtls_pk_type_t type ) static int rsa_can_do( mbedtls_pk_type_t type )
{ {
@ -93,6 +90,11 @@ static int rsa_verify_wrap( void *ctx, mbedtls_md_type_t md_alg,
(unsigned int) hash_len, hash, sig ) ) != 0 ) (unsigned int) hash_len, hash, sig ) ) != 0 )
return( ret ); return( ret );
/* The buffer contains a valid signature followed by extra data.
* We have a special error code for that so that so that callers can
* use mbedtls_pk_verify() to check "Does the buffer start with a
* valid signature?" and not just "Does the buffer contain a valid
* signature?". */
if( sig_len > rsa_len ) if( sig_len > rsa_len )
return( MBEDTLS_ERR_PK_SIG_LEN_MISMATCH ); return( MBEDTLS_ERR_PK_SIG_LEN_MISMATCH );
@ -493,7 +495,7 @@ static void *rsa_alt_alloc_wrap( void )
static void rsa_alt_free_wrap( void *ctx ) static void rsa_alt_free_wrap( void *ctx )
{ {
mbedtls_zeroize( ctx, sizeof( mbedtls_rsa_alt_context ) ); mbedtls_platform_zeroize( ctx, sizeof( mbedtls_rsa_alt_context ) );
mbedtls_free( ctx ); mbedtls_free( ctx );
} }

20
thirdparty/mbedtls/library/pkcs12.c vendored
View File

@ -36,6 +36,7 @@
#include "mbedtls/pkcs12.h" #include "mbedtls/pkcs12.h"
#include "mbedtls/asn1.h" #include "mbedtls/asn1.h"
#include "mbedtls/cipher.h" #include "mbedtls/cipher.h"
#include "mbedtls/platform_util.h"
#include <string.h> #include <string.h>
@ -47,11 +48,6 @@
#include "mbedtls/des.h" #include "mbedtls/des.h"
#endif #endif
/* Implementation that should never be optimized out by the compiler */
static void mbedtls_zeroize( void *v, size_t n ) {
volatile unsigned char *p = v; while( n-- ) *p++ = 0;
}
static int pkcs12_parse_pbe_params( mbedtls_asn1_buf *params, static int pkcs12_parse_pbe_params( mbedtls_asn1_buf *params,
mbedtls_asn1_buf *salt, int *iterations ) mbedtls_asn1_buf *salt, int *iterations )
{ {
@ -166,7 +162,7 @@ int mbedtls_pkcs12_pbe_sha1_rc4_128( mbedtls_asn1_buf *pbe_params, int mode,
goto exit; goto exit;
exit: exit:
mbedtls_zeroize( key, sizeof( key ) ); mbedtls_platform_zeroize( key, sizeof( key ) );
mbedtls_arc4_free( &ctx ); mbedtls_arc4_free( &ctx );
return( ret ); return( ret );
@ -223,8 +219,8 @@ int mbedtls_pkcs12_pbe( mbedtls_asn1_buf *pbe_params, int mode,
ret = MBEDTLS_ERR_PKCS12_PASSWORD_MISMATCH; ret = MBEDTLS_ERR_PKCS12_PASSWORD_MISMATCH;
exit: exit:
mbedtls_zeroize( key, sizeof( key ) ); mbedtls_platform_zeroize( key, sizeof( key ) );
mbedtls_zeroize( iv, sizeof( iv ) ); mbedtls_platform_zeroize( iv, sizeof( iv ) );
mbedtls_cipher_free( &cipher_ctx ); mbedtls_cipher_free( &cipher_ctx );
return( ret ); return( ret );
@ -352,10 +348,10 @@ int mbedtls_pkcs12_derivation( unsigned char *data, size_t datalen,
ret = 0; ret = 0;
exit: exit:
mbedtls_zeroize( salt_block, sizeof( salt_block ) ); mbedtls_platform_zeroize( salt_block, sizeof( salt_block ) );
mbedtls_zeroize( pwd_block, sizeof( pwd_block ) ); mbedtls_platform_zeroize( pwd_block, sizeof( pwd_block ) );
mbedtls_zeroize( hash_block, sizeof( hash_block ) ); mbedtls_platform_zeroize( hash_block, sizeof( hash_block ) );
mbedtls_zeroize( hash_output, sizeof( hash_output ) ); mbedtls_platform_zeroize( hash_output, sizeof( hash_output ) );
mbedtls_md_free( &md_ctx ); mbedtls_md_free( &md_ctx );

20
thirdparty/mbedtls/library/pkcs5.c vendored
View File

@ -38,9 +38,12 @@
#if defined(MBEDTLS_PKCS5_C) #if defined(MBEDTLS_PKCS5_C)
#include "mbedtls/pkcs5.h" #include "mbedtls/pkcs5.h"
#if defined(MBEDTLS_ASN1_PARSE_C)
#include "mbedtls/asn1.h" #include "mbedtls/asn1.h"
#include "mbedtls/cipher.h" #include "mbedtls/cipher.h"
#include "mbedtls/oid.h" #include "mbedtls/oid.h"
#endif /* MBEDTLS_ASN1_PARSE_C */
#include <string.h> #include <string.h>
@ -51,6 +54,22 @@
#define mbedtls_printf printf #define mbedtls_printf printf
#endif #endif
#if !defined(MBEDTLS_ASN1_PARSE_C)
int mbedtls_pkcs5_pbes2( const mbedtls_asn1_buf *pbe_params, int mode,
const unsigned char *pwd, size_t pwdlen,
const unsigned char *data, size_t datalen,
unsigned char *output )
{
((void) pbe_params);
((void) mode);
((void) pwd);
((void) pwdlen);
((void) data);
((void) datalen);
((void) output);
return( MBEDTLS_ERR_PKCS5_FEATURE_UNAVAILABLE );
}
#else
static int pkcs5_parse_pbkdf2_params( const mbedtls_asn1_buf *params, static int pkcs5_parse_pbkdf2_params( const mbedtls_asn1_buf *params,
mbedtls_asn1_buf *salt, int *iterations, mbedtls_asn1_buf *salt, int *iterations,
int *keylen, mbedtls_md_type_t *md_type ) int *keylen, mbedtls_md_type_t *md_type )
@ -211,6 +230,7 @@ exit:
return( ret ); return( ret );
} }
#endif /* MBEDTLS_ASN1_PARSE_C */
int mbedtls_pkcs5_pbkdf2_hmac( mbedtls_md_context_t *ctx, const unsigned char *password, int mbedtls_pkcs5_pbkdf2_hmac( mbedtls_md_context_t *ctx, const unsigned char *password,
size_t plen, const unsigned char *salt, size_t slen, size_t plen, const unsigned char *salt, size_t slen,

20
thirdparty/mbedtls/library/pkparse.c vendored
View File

@ -30,6 +30,7 @@
#include "mbedtls/pk.h" #include "mbedtls/pk.h"
#include "mbedtls/asn1.h" #include "mbedtls/asn1.h"
#include "mbedtls/oid.h" #include "mbedtls/oid.h"
#include "mbedtls/platform_util.h"
#include <string.h> #include <string.h>
@ -60,14 +61,6 @@
#define mbedtls_free free #define mbedtls_free free
#endif #endif
#if defined(MBEDTLS_FS_IO) || \
defined(MBEDTLS_PKCS12_C) || defined(MBEDTLS_PKCS5_C)
/* Implementation that should never be optimized out by the compiler */
static void mbedtls_zeroize( void *v, size_t n ) {
volatile unsigned char *p = v; while( n-- ) *p++ = 0;
}
#endif
#if defined(MBEDTLS_FS_IO) #if defined(MBEDTLS_FS_IO)
/* /*
* Load all data from a file into a given buffer. * Load all data from a file into a given buffer.
@ -105,7 +98,7 @@ int mbedtls_pk_load_file( const char *path, unsigned char **buf, size_t *n )
{ {
fclose( f ); fclose( f );
mbedtls_zeroize( *buf, *n ); mbedtls_platform_zeroize( *buf, *n );
mbedtls_free( *buf ); mbedtls_free( *buf );
return( MBEDTLS_ERR_PK_FILE_IO_ERROR ); return( MBEDTLS_ERR_PK_FILE_IO_ERROR );
@ -140,7 +133,7 @@ int mbedtls_pk_parse_keyfile( mbedtls_pk_context *ctx,
ret = mbedtls_pk_parse_key( ctx, buf, n, ret = mbedtls_pk_parse_key( ctx, buf, n,
(const unsigned char *) pwd, strlen( pwd ) ); (const unsigned char *) pwd, strlen( pwd ) );
mbedtls_zeroize( buf, n ); mbedtls_platform_zeroize( buf, n );
mbedtls_free( buf ); mbedtls_free( buf );
return( ret ); return( ret );
@ -160,7 +153,7 @@ int mbedtls_pk_parse_public_keyfile( mbedtls_pk_context *ctx, const char *path )
ret = mbedtls_pk_parse_public_key( ctx, buf, n ); ret = mbedtls_pk_parse_public_key( ctx, buf, n );
mbedtls_zeroize( buf, n ); mbedtls_platform_zeroize( buf, n );
mbedtls_free( buf ); mbedtls_free( buf );
return( ret ); return( ret );
@ -861,7 +854,10 @@ static int pk_parse_key_sec1_der( mbedtls_ecp_keypair *eck,
mbedtls_ecp_keypair_free( eck ); mbedtls_ecp_keypair_free( eck );
return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
} }
}
if( p != end )
{
/* /*
* Is 'publickey' present? If not, or if we can't read it (eg because it * Is 'publickey' present? If not, or if we can't read it (eg because it
* is compressed), create it from the private key. * is compressed), create it from the private key.
@ -1292,7 +1288,7 @@ int mbedtls_pk_parse_key( mbedtls_pk_context *pk,
ret = pk_parse_key_pkcs8_encrypted_der( pk, key_copy, keylen, ret = pk_parse_key_pkcs8_encrypted_der( pk, key_copy, keylen,
pwd, pwdlen ); pwd, pwdlen );
mbedtls_zeroize( key_copy, keylen ); mbedtls_platform_zeroize( key_copy, keylen );
mbedtls_free( key_copy ); mbedtls_free( key_copy );
} }

11
thirdparty/mbedtls/library/platform.c vendored
View File

@ -28,14 +28,7 @@
#if defined(MBEDTLS_PLATFORM_C) #if defined(MBEDTLS_PLATFORM_C)
#include "mbedtls/platform.h" #include "mbedtls/platform.h"
#include "mbedtls/platform_util.h"
#if defined(MBEDTLS_ENTROPY_NV_SEED) && \
!defined(MBEDTLS_PLATFORM_NO_STD_FUNCTIONS) && defined(MBEDTLS_FS_IO)
/* Implementation that should never be optimized out by the compiler */
static void mbedtls_zeroize( void *v, size_t n ) {
volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0;
}
#endif
#if defined(MBEDTLS_PLATFORM_MEMORY) #if defined(MBEDTLS_PLATFORM_MEMORY)
#if !defined(MBEDTLS_PLATFORM_STD_CALLOC) #if !defined(MBEDTLS_PLATFORM_STD_CALLOC)
@ -241,7 +234,7 @@ int mbedtls_platform_std_nv_seed_read( unsigned char *buf, size_t buf_len )
if( ( n = fread( buf, 1, buf_len, file ) ) != buf_len ) if( ( n = fread( buf, 1, buf_len, file ) ) != buf_len )
{ {
fclose( file ); fclose( file );
mbedtls_zeroize( buf, buf_len ); mbedtls_platform_zeroize( buf, buf_len );
return( -1 ); return( -1 );
} }

67
thirdparty/mbedtls/library/platform_util.c vendored Normal file
View File

@ -0,0 +1,67 @@
/*
* Common and shared functions used by multiple modules in the Mbed TLS
* library.
*
* Copyright (C) 2018, Arm Limited, All Rights Reserved
* SPDX-License-Identifier: Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
* This file is part of Mbed TLS (https://tls.mbed.org)
*/
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif
#include "mbedtls/platform_util.h"
#include <stddef.h>
#include <string.h>
#if !defined(MBEDTLS_PLATFORM_ZEROIZE_ALT)
/*
* This implementation should never be optimized out by the compiler
*
* This implementation for mbedtls_platform_zeroize() was inspired from Colin
* Percival's blog article at:
*
* http://www.daemonology.net/blog/2014-09-04-how-to-zero-a-buffer.html
*
* It uses a volatile function pointer to the standard memset(). Because the
* pointer is volatile the compiler expects it to change at
* any time and will not optimize out the call that could potentially perform
* other operations on the input buffer instead of just setting it to 0.
* Nevertheless, as pointed out by davidtgoldblatt on Hacker News
* (refer to http://www.daemonology.net/blog/2014-09-05-erratum.html for
* details), optimizations of the following form are still possible:
*
* if( memset_func != memset )
* memset_func( buf, 0, len );
*
* Note that it is extremely difficult to guarantee that
* mbedtls_platform_zeroize() will not be optimized out by aggressive compilers
* in a portable way. For this reason, Mbed TLS also provides the configuration
* option MBEDTLS_PLATFORM_ZEROIZE_ALT, which allows users to configure
* mbedtls_platform_zeroize() to use a suitable implementation for their
* platform and needs.
*/
static void * (* const volatile memset_func)( void *, int, size_t ) = memset;
void mbedtls_platform_zeroize( void *buf, size_t len )
{
memset_func( buf, 0, len );
}
#endif /* MBEDTLS_PLATFORM_ZEROIZE_ALT */

8
thirdparty/mbedtls/library/ripemd160.c vendored
View File

@ -34,6 +34,7 @@
#if defined(MBEDTLS_RIPEMD160_C) #if defined(MBEDTLS_RIPEMD160_C)
#include "mbedtls/ripemd160.h" #include "mbedtls/ripemd160.h"
#include "mbedtls/platform_util.h"
#include <string.h> #include <string.h>
@ -71,11 +72,6 @@
} }
#endif #endif
/* Implementation that should never be optimized out by the compiler */
static void mbedtls_zeroize( void *v, size_t n ) {
volatile unsigned char *p = v; while( n-- ) *p++ = 0;
}
void mbedtls_ripemd160_init( mbedtls_ripemd160_context *ctx ) void mbedtls_ripemd160_init( mbedtls_ripemd160_context *ctx )
{ {
memset( ctx, 0, sizeof( mbedtls_ripemd160_context ) ); memset( ctx, 0, sizeof( mbedtls_ripemd160_context ) );
@ -86,7 +82,7 @@ void mbedtls_ripemd160_free( mbedtls_ripemd160_context *ctx )
if( ctx == NULL ) if( ctx == NULL )
return; return;
mbedtls_zeroize( ctx, sizeof( mbedtls_ripemd160_context ) ); mbedtls_platform_zeroize( ctx, sizeof( mbedtls_ripemd160_context ) );
} }
void mbedtls_ripemd160_clone( mbedtls_ripemd160_context *dst, void mbedtls_ripemd160_clone( mbedtls_ripemd160_context *dst,

70
thirdparty/mbedtls/library/rsa.c vendored
View File

@ -48,6 +48,7 @@
#include "mbedtls/rsa.h" #include "mbedtls/rsa.h"
#include "mbedtls/rsa_internal.h" #include "mbedtls/rsa_internal.h"
#include "mbedtls/oid.h" #include "mbedtls/oid.h"
#include "mbedtls/platform_util.h"
#include <string.h> #include <string.h>
@ -70,11 +71,7 @@
#if !defined(MBEDTLS_RSA_ALT) #if !defined(MBEDTLS_RSA_ALT)
/* Implementation that should never be optimized out by the compiler */ #if defined(MBEDTLS_PKCS1_V15)
static void mbedtls_zeroize( void *v, size_t n ) {
volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0;
}
/* constant-time buffer comparison */ /* constant-time buffer comparison */
static inline int mbedtls_safer_memcmp( const void *a, const void *b, size_t n ) static inline int mbedtls_safer_memcmp( const void *a, const void *b, size_t n )
{ {
@ -88,6 +85,7 @@ static inline int mbedtls_safer_memcmp( const void *a, const void *b, size_t n )
return( diff ); return( diff );
} }
#endif /* MBEDTLS_PKCS1_V15 */
int mbedtls_rsa_import( mbedtls_rsa_context *ctx, int mbedtls_rsa_import( mbedtls_rsa_context *ctx,
const mbedtls_mpi *N, const mbedtls_mpi *N,
@ -493,6 +491,9 @@ size_t mbedtls_rsa_get_len( const mbedtls_rsa_context *ctx )
/* /*
* Generate an RSA keypair * Generate an RSA keypair
*
* This generation method follows the RSA key pair generation procedure of
* FIPS 186-4 if 2^16 < exponent < 2^256 and nbits = 2048 or nbits = 3072.
*/ */
int mbedtls_rsa_gen_key( mbedtls_rsa_context *ctx, int mbedtls_rsa_gen_key( mbedtls_rsa_context *ctx,
int (*f_rng)(void *, unsigned char *, size_t), int (*f_rng)(void *, unsigned char *, size_t),
@ -500,7 +501,7 @@ int mbedtls_rsa_gen_key( mbedtls_rsa_context *ctx,
unsigned int nbits, int exponent ) unsigned int nbits, int exponent )
{ {
int ret; int ret;
mbedtls_mpi H, G; mbedtls_mpi H, G, L;
if( f_rng == NULL || nbits < 128 || exponent < 3 ) if( f_rng == NULL || nbits < 128 || exponent < 3 )
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
@ -510,10 +511,13 @@ int mbedtls_rsa_gen_key( mbedtls_rsa_context *ctx,
mbedtls_mpi_init( &H ); mbedtls_mpi_init( &H );
mbedtls_mpi_init( &G ); mbedtls_mpi_init( &G );
mbedtls_mpi_init( &L );
/* /*
* find primes P and Q with Q < P so that: * find primes P and Q with Q < P so that:
* GCD( E, (P-1)*(Q-1) ) == 1 * 1. |P-Q| > 2^( nbits / 2 - 100 )
* 2. GCD( E, (P-1)*(Q-1) ) == 1
* 3. E^-1 mod LCM(P-1, Q-1) > 2^( nbits / 2 )
*/ */
MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &ctx->E, exponent ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &ctx->E, exponent ) );
@ -525,40 +529,51 @@ int mbedtls_rsa_gen_key( mbedtls_rsa_context *ctx,
MBEDTLS_MPI_CHK( mbedtls_mpi_gen_prime( &ctx->Q, nbits >> 1, 0, MBEDTLS_MPI_CHK( mbedtls_mpi_gen_prime( &ctx->Q, nbits >> 1, 0,
f_rng, p_rng ) ); f_rng, p_rng ) );
if( mbedtls_mpi_cmp_mpi( &ctx->P, &ctx->Q ) == 0 ) /* make sure the difference between p and q is not too small (FIPS 186-4 §B.3.3 step 5.4) */
MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &H, &ctx->P, &ctx->Q ) );
if( mbedtls_mpi_bitlen( &H ) <= ( ( nbits >= 200 ) ? ( ( nbits >> 1 ) - 99 ) : 0 ) )
continue; continue;
MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &ctx->N, &ctx->P, &ctx->Q ) ); /* not required by any standards, but some users rely on the fact that P > Q */
if( mbedtls_mpi_bitlen( &ctx->N ) != nbits ) if( H.s < 0 )
continue;
if( mbedtls_mpi_cmp_mpi( &ctx->P, &ctx->Q ) < 0 )
mbedtls_mpi_swap( &ctx->P, &ctx->Q ); mbedtls_mpi_swap( &ctx->P, &ctx->Q );
/* Temporarily replace P,Q by P-1, Q-1 */ /* Temporarily replace P,Q by P-1, Q-1 */
MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &ctx->P, &ctx->P, 1 ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &ctx->P, &ctx->P, 1 ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &ctx->Q, &ctx->Q, 1 ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &ctx->Q, &ctx->Q, 1 ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &H, &ctx->P, &ctx->Q ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &H, &ctx->P, &ctx->Q ) );
/* check GCD( E, (P-1)*(Q-1) ) == 1 (FIPS 186-4 §B.3.1 criterion 2(a)) */
MBEDTLS_MPI_CHK( mbedtls_mpi_gcd( &G, &ctx->E, &H ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_gcd( &G, &ctx->E, &H ) );
if( mbedtls_mpi_cmp_int( &G, 1 ) != 0 )
continue;
/* compute smallest possible D = E^-1 mod LCM(P-1, Q-1) (FIPS 186-4 §B.3.1 criterion 3(b)) */
MBEDTLS_MPI_CHK( mbedtls_mpi_gcd( &G, &ctx->P, &ctx->Q ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_div_mpi( &L, NULL, &H, &G ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( &ctx->D, &ctx->E, &L ) );
if( mbedtls_mpi_bitlen( &ctx->D ) <= ( ( nbits + 1 ) / 2 ) ) // (FIPS 186-4 §B.3.1 criterion 3(a))
continue;
break;
} }
while( mbedtls_mpi_cmp_int( &G, 1 ) != 0 ); while( 1 );
/* Restore P,Q */ /* Restore P,Q */
MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( &ctx->P, &ctx->P, 1 ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( &ctx->P, &ctx->P, 1 ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( &ctx->Q, &ctx->Q, 1 ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( &ctx->Q, &ctx->Q, 1 ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &ctx->N, &ctx->P, &ctx->Q ) );
ctx->len = mbedtls_mpi_size( &ctx->N ); ctx->len = mbedtls_mpi_size( &ctx->N );
#if !defined(MBEDTLS_RSA_NO_CRT)
/* /*
* D = E^-1 mod ((P-1)*(Q-1))
* DP = D mod (P - 1) * DP = D mod (P - 1)
* DQ = D mod (Q - 1) * DQ = D mod (Q - 1)
* QP = Q^-1 mod P * QP = Q^-1 mod P
*/ */
MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( &ctx->D, &ctx->E, &H ) );
#if !defined(MBEDTLS_RSA_NO_CRT)
MBEDTLS_MPI_CHK( mbedtls_rsa_deduce_crt( &ctx->P, &ctx->Q, &ctx->D, MBEDTLS_MPI_CHK( mbedtls_rsa_deduce_crt( &ctx->P, &ctx->Q, &ctx->D,
&ctx->DP, &ctx->DQ, &ctx->QP ) ); &ctx->DP, &ctx->DQ, &ctx->QP ) );
#endif /* MBEDTLS_RSA_NO_CRT */ #endif /* MBEDTLS_RSA_NO_CRT */
@ -570,6 +585,7 @@ cleanup:
mbedtls_mpi_free( &H ); mbedtls_mpi_free( &H );
mbedtls_mpi_free( &G ); mbedtls_mpi_free( &G );
mbedtls_mpi_free( &L );
if( ret != 0 ) if( ret != 0 )
{ {
@ -1040,7 +1056,7 @@ static int mgf_mask( unsigned char *dst, size_t dlen, unsigned char *src,
} }
exit: exit:
mbedtls_zeroize( mask, sizeof( mask ) ); mbedtls_platform_zeroize( mask, sizeof( mask ) );
return( ret ); return( ret );
} }
@ -1354,8 +1370,8 @@ int mbedtls_rsa_rsaes_oaep_decrypt( mbedtls_rsa_context *ctx,
ret = 0; ret = 0;
cleanup: cleanup:
mbedtls_zeroize( buf, sizeof( buf ) ); mbedtls_platform_zeroize( buf, sizeof( buf ) );
mbedtls_zeroize( lhash, sizeof( lhash ) ); mbedtls_platform_zeroize( lhash, sizeof( lhash ) );
return( ret ); return( ret );
} }
@ -1452,7 +1468,7 @@ int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx,
ret = 0; ret = 0;
cleanup: cleanup:
mbedtls_zeroize( buf, sizeof( buf ) ); mbedtls_platform_zeroize( buf, sizeof( buf ) );
return( ret ); return( ret );
} }
@ -1583,7 +1599,7 @@ int mbedtls_rsa_rsassa_pss_sign( mbedtls_rsa_context *ctx,
p += hlen; p += hlen;
*p++ = 0xBC; *p++ = 0xBC;
mbedtls_zeroize( salt, sizeof( salt ) ); mbedtls_platform_zeroize( salt, sizeof( salt ) );
exit: exit:
mbedtls_md_free( &md_ctx ); mbedtls_md_free( &md_ctx );
@ -1725,7 +1741,7 @@ static int rsa_rsassa_pkcs1_v15_encode( mbedtls_md_type_t md_alg,
* after the initial bounds check. */ * after the initial bounds check. */
if( p != dst + dst_len ) if( p != dst + dst_len )
{ {
mbedtls_zeroize( dst, dst_len ); mbedtls_platform_zeroize( dst, dst_len );
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
} }
@ -2062,13 +2078,13 @@ cleanup:
if( encoded != NULL ) if( encoded != NULL )
{ {
mbedtls_zeroize( encoded, sig_len ); mbedtls_platform_zeroize( encoded, sig_len );
mbedtls_free( encoded ); mbedtls_free( encoded );
} }
if( encoded_expected != NULL ) if( encoded_expected != NULL )
{ {
mbedtls_zeroize( encoded_expected, sig_len ); mbedtls_platform_zeroize( encoded_expected, sig_len );
mbedtls_free( encoded_expected ); mbedtls_free( encoded_expected );
} }

8
thirdparty/mbedtls/library/sha1.c vendored
View File

@ -33,6 +33,7 @@
#if defined(MBEDTLS_SHA1_C) #if defined(MBEDTLS_SHA1_C)
#include "mbedtls/sha1.h" #include "mbedtls/sha1.h"
#include "mbedtls/platform_util.h"
#include <string.h> #include <string.h>
@ -47,11 +48,6 @@
#if !defined(MBEDTLS_SHA1_ALT) #if !defined(MBEDTLS_SHA1_ALT)
/* Implementation that should never be optimized out by the compiler */
static void mbedtls_zeroize( void *v, size_t n ) {
volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0;
}
/* /*
* 32-bit integer manipulation macros (big endian) * 32-bit integer manipulation macros (big endian)
*/ */
@ -85,7 +81,7 @@ void mbedtls_sha1_free( mbedtls_sha1_context *ctx )
if( ctx == NULL ) if( ctx == NULL )
return; return;
mbedtls_zeroize( ctx, sizeof( mbedtls_sha1_context ) ); mbedtls_platform_zeroize( ctx, sizeof( mbedtls_sha1_context ) );
} }
void mbedtls_sha1_clone( mbedtls_sha1_context *dst, void mbedtls_sha1_clone( mbedtls_sha1_context *dst,

8
thirdparty/mbedtls/library/sha256.c vendored
View File

@ -33,6 +33,7 @@
#if defined(MBEDTLS_SHA256_C) #if defined(MBEDTLS_SHA256_C)
#include "mbedtls/sha256.h" #include "mbedtls/sha256.h"
#include "mbedtls/platform_util.h"
#include <string.h> #include <string.h>
@ -50,11 +51,6 @@
#if !defined(MBEDTLS_SHA256_ALT) #if !defined(MBEDTLS_SHA256_ALT)
/* Implementation that should never be optimized out by the compiler */
static void mbedtls_zeroize( void *v, size_t n ) {
volatile unsigned char *p = v; while( n-- ) *p++ = 0;
}
/* /*
* 32-bit integer manipulation macros (big endian) * 32-bit integer manipulation macros (big endian)
*/ */
@ -88,7 +84,7 @@ void mbedtls_sha256_free( mbedtls_sha256_context *ctx )
if( ctx == NULL ) if( ctx == NULL )
return; return;
mbedtls_zeroize( ctx, sizeof( mbedtls_sha256_context ) ); mbedtls_platform_zeroize( ctx, sizeof( mbedtls_sha256_context ) );
} }
void mbedtls_sha256_clone( mbedtls_sha256_context *dst, void mbedtls_sha256_clone( mbedtls_sha256_context *dst,

8
thirdparty/mbedtls/library/sha512.c vendored
View File

@ -33,6 +33,7 @@
#if defined(MBEDTLS_SHA512_C) #if defined(MBEDTLS_SHA512_C)
#include "mbedtls/sha512.h" #include "mbedtls/sha512.h"
#include "mbedtls/platform_util.h"
#if defined(_MSC_VER) || defined(__WATCOMC__) #if defined(_MSC_VER) || defined(__WATCOMC__)
#define UL64(x) x##ui64 #define UL64(x) x##ui64
@ -56,11 +57,6 @@
#if !defined(MBEDTLS_SHA512_ALT) #if !defined(MBEDTLS_SHA512_ALT)
/* Implementation that should never be optimized out by the compiler */
static void mbedtls_zeroize( void *v, size_t n ) {
volatile unsigned char *p = v; while( n-- ) *p++ = 0;
}
/* /*
* 64-bit integer manipulation macros (big endian) * 64-bit integer manipulation macros (big endian)
*/ */
@ -102,7 +98,7 @@ void mbedtls_sha512_free( mbedtls_sha512_context *ctx )
if( ctx == NULL ) if( ctx == NULL )
return; return;
mbedtls_zeroize( ctx, sizeof( mbedtls_sha512_context ) ); mbedtls_platform_zeroize( ctx, sizeof( mbedtls_sha512_context ) );
} }
void mbedtls_sha512_clone( mbedtls_sha512_context *dst, void mbedtls_sha512_clone( mbedtls_sha512_context *dst,

407
thirdparty/mbedtls/library/ssl_ciphersuites.c vendored
View File

@ -47,7 +47,7 @@
* 1. By key exchange: * 1. By key exchange:
* Forward-secure non-PSK > forward-secure PSK > ECJPAKE > other non-PSK > other PSK * Forward-secure non-PSK > forward-secure PSK > ECJPAKE > other non-PSK > other PSK
* 2. By key length and cipher: * 2. By key length and cipher:
* AES-256 > Camellia-256 > AES-128 > Camellia-128 > 3DES * AES-256 > Camellia-256 > ARIA-256 > AES-128 > Camellia-128 > ARIA-128 > 3DES
* 3. By cipher mode when relevant GCM > CCM > CBC > CCM_8 * 3. By cipher mode when relevant GCM > CCM > CBC > CCM_8
* 4. By hash function used when relevant * 4. By hash function used when relevant
* 5. By key exchange/auth again: EC > non-EC * 5. By key exchange/auth again: EC > non-EC
@ -81,6 +81,14 @@ static const int ciphersuite_preference[] =
MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256, MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
/* All ARIA-256 ephemeral suites */
MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384,
MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384,
MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384,
MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384,
MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384,
MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384,
/* All AES-128 ephemeral suites */ /* All AES-128 ephemeral suites */
MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
@ -105,6 +113,14 @@ static const int ciphersuite_preference[] =
MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
/* All ARIA-128 ephemeral suites */
MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256,
MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256,
MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256,
MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256,
MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256,
MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256,
/* All remaining >= 128-bit ephemeral suites */ /* All remaining >= 128-bit ephemeral suites */
MBEDTLS_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, MBEDTLS_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
MBEDTLS_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, MBEDTLS_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
@ -121,6 +137,9 @@ static const int ciphersuite_preference[] =
MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384, MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384, MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM_8, MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM_8,
MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384,
MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384,
MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384,
MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256, MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256,
MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM, MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM,
@ -132,6 +151,9 @@ static const int ciphersuite_preference[] =
MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256, MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256, MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM_8, MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM_8,
MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256,
MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256,
MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256,
MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA, MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA, MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
@ -161,6 +183,14 @@ static const int ciphersuite_preference[] =
MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384, MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384,
MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384, MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
/* All ARIA-256 suites */
MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384,
MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384,
MBEDTLS_TLS_RSA_WITH_ARIA_256_GCM_SHA384,
MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384,
MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384,
MBEDTLS_TLS_RSA_WITH_ARIA_256_CBC_SHA384,
/* All AES-128 suites */ /* All AES-128 suites */
MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256, MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256,
MBEDTLS_TLS_RSA_WITH_AES_128_CCM, MBEDTLS_TLS_RSA_WITH_AES_128_CCM,
@ -183,6 +213,14 @@ static const int ciphersuite_preference[] =
MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256, MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256,
MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256, MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
/* All ARIA-128 suites */
MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256,
MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256,
MBEDTLS_TLS_RSA_WITH_ARIA_128_GCM_SHA256,
MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256,
MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256,
MBEDTLS_TLS_RSA_WITH_ARIA_128_CBC_SHA256,
/* All remaining >= 128-bit suites */ /* All remaining >= 128-bit suites */
MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA, MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA,
MBEDTLS_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, MBEDTLS_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,
@ -194,12 +232,16 @@ static const int ciphersuite_preference[] =
MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA, MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA,
MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384, MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384,
MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384, MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384,
MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384,
MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256, MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256,
MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256, MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256,
MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA, MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA,
MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256, MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256,
MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256, MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256,
MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256,
MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA, MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
@ -211,6 +253,8 @@ static const int ciphersuite_preference[] =
MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384, MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384,
MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384, MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384,
MBEDTLS_TLS_PSK_WITH_AES_256_CCM_8, MBEDTLS_TLS_PSK_WITH_AES_256_CCM_8,
MBEDTLS_TLS_PSK_WITH_ARIA_256_GCM_SHA384,
MBEDTLS_TLS_PSK_WITH_ARIA_256_CBC_SHA384,
MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256, MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256,
MBEDTLS_TLS_PSK_WITH_AES_128_CCM, MBEDTLS_TLS_PSK_WITH_AES_128_CCM,
@ -219,6 +263,8 @@ static const int ciphersuite_preference[] =
MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256, MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256,
MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256, MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256,
MBEDTLS_TLS_PSK_WITH_AES_128_CCM_8, MBEDTLS_TLS_PSK_WITH_AES_128_CCM_8,
MBEDTLS_TLS_PSK_WITH_ARIA_128_GCM_SHA256,
MBEDTLS_TLS_PSK_WITH_ARIA_128_CBC_SHA256,
MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA, MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA,
@ -1688,6 +1734,365 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
#endif /* MBEDTLS_DES_C */ #endif /* MBEDTLS_DES_C */
#endif /* MBEDTLS_ENABLE_WEAK_CIPHERSUITES */ #endif /* MBEDTLS_ENABLE_WEAK_CIPHERSUITES */
#if defined(MBEDTLS_ARIA_C)
#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_SHA512_C))
{ MBEDTLS_TLS_RSA_WITH_ARIA_256_GCM_SHA384,
"TLS-RSA-WITH-ARIA-256-GCM-SHA384",
MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
0 },
#endif
#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_SHA512_C))
{ MBEDTLS_TLS_RSA_WITH_ARIA_256_CBC_SHA384,
"TLS-RSA-WITH-ARIA-256-CBC-SHA384",
MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
0 },
#endif
#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_SHA256_C))
{ MBEDTLS_TLS_RSA_WITH_ARIA_128_GCM_SHA256,
"TLS-RSA-WITH-ARIA-128-GCM-SHA256",
MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
0 },
#endif
#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_SHA256_C))
{ MBEDTLS_TLS_RSA_WITH_ARIA_128_CBC_SHA256,
"TLS-RSA-WITH-ARIA-128-CBC-SHA256",
MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
0 },
#endif
#endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */
#if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED)
#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_SHA512_C))
{ MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384,
"TLS-RSA-PSK-WITH-ARIA-256-GCM-SHA384",
MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
0 },
#endif
#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_SHA512_C))
{ MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384,
"TLS-RSA-PSK-WITH-ARIA-256-CBC-SHA384",
MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
0 },
#endif
#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_SHA256_C))
{ MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256,
"TLS-RSA-PSK-WITH-ARIA-128-GCM-SHA256",
MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
0 },
#endif
#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_SHA256_C))
{ MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256,
"TLS-RSA-PSK-WITH-ARIA-128-CBC-SHA256",
MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
0 },
#endif
#endif /* MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */
#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_SHA512_C))
{ MBEDTLS_TLS_PSK_WITH_ARIA_256_GCM_SHA384,
"TLS-PSK-WITH-ARIA-256-GCM-SHA384",
MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384,MBEDTLS_KEY_EXCHANGE_PSK,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
0 },
#endif
#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_SHA512_C))
{ MBEDTLS_TLS_PSK_WITH_ARIA_256_CBC_SHA384,
"TLS-PSK-WITH-ARIA-256-CBC-SHA384",
MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
0 },
#endif
#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_SHA256_C))
{ MBEDTLS_TLS_PSK_WITH_ARIA_128_GCM_SHA256,
"TLS-PSK-WITH-ARIA-128-GCM-SHA256",
MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
0 },
#endif
#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_SHA256_C))
{ MBEDTLS_TLS_PSK_WITH_ARIA_128_CBC_SHA256,
"TLS-PSK-WITH-ARIA-128-CBC-SHA256",
MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
0 },
#endif
#endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */
#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED)
#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_SHA512_C))
{ MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384,
"TLS-ECDH-RSA-WITH-ARIA-256-GCM-SHA384",
MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
0 },
#endif
#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_SHA512_C))
{ MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384,
"TLS-ECDH-RSA-WITH-ARIA-256-CBC-SHA384",
MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
0 },
#endif
#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_SHA256_C))
{ MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256,
"TLS-ECDH-RSA-WITH-ARIA-128-GCM-SHA256",
MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
0 },
#endif
#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_SHA256_C))
{ MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256,
"TLS-ECDH-RSA-WITH-ARIA-128-CBC-SHA256",
MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
0 },
#endif
#endif /* MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED */
#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED)
#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_SHA512_C))
{ MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384,
"TLS-ECDHE-RSA-WITH-ARIA-256-GCM-SHA384",
MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
0 },
#endif
#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_SHA512_C))
{ MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384,
"TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384",
MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
0 },
#endif
#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_SHA256_C))
{ MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256,
"TLS-ECDHE-RSA-WITH-ARIA-128-GCM-SHA256",
MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
0 },
#endif
#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_SHA256_C))
{ MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256,
"TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256",
MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
0 },
#endif
#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED */
#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_SHA512_C))
{ MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384,
"TLS-ECDHE-PSK-WITH-ARIA-256-CBC-SHA384",
MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
0 },
#endif
#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_SHA256_C))
{ MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256,
"TLS-ECDHE-PSK-WITH-ARIA-128-CBC-SHA256",
MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
0 },
#endif
#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_SHA512_C))
{ MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384,
"TLS-ECDHE-ECDSA-WITH-ARIA-256-GCM-SHA384",
MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
0 },
#endif
#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_SHA512_C))
{ MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384,
"TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384",
MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
0 },
#endif
#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_SHA256_C))
{ MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256,
"TLS-ECDHE-ECDSA-WITH-ARIA-128-GCM-SHA256",
MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
0 },
#endif
#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_SHA256_C))
{ MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256,
"TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256",
MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
0 },
#endif
#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */
#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_SHA512_C))
{ MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384,
"TLS-ECDH-ECDSA-WITH-ARIA-256-GCM-SHA384",
MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
0 },
#endif
#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_SHA512_C))
{ MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384,
"TLS-ECDH-ECDSA-WITH-ARIA-256-CBC-SHA384",
MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
0 },
#endif
#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_SHA256_C))
{ MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256,
"TLS-ECDH-ECDSA-WITH-ARIA-128-GCM-SHA256",
MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
0 },
#endif
#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_SHA256_C))
{ MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256,
"TLS-ECDH-ECDSA-WITH-ARIA-128-CBC-SHA256",
MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
0 },
#endif
#endif /* MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */
#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED)
#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_SHA512_C))
{ MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384,
"TLS-DHE-RSA-WITH-ARIA-256-GCM-SHA384",
MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
0 },
#endif
#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_SHA512_C))
{ MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384,
"TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384",
MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
0 },
#endif
#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_SHA256_C))
{ MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256,
"TLS-DHE-RSA-WITH-ARIA-128-GCM-SHA256",
MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
0 },
#endif
#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_SHA256_C))
{ MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256,
"TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256",
MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
0 },
#endif
#endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED */
#if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_SHA512_C))
{ MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384,
"TLS-DHE-PSK-WITH-ARIA-256-GCM-SHA384",
MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
0 },
#endif
#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_SHA512_C))
{ MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384,
"TLS-DHE-PSK-WITH-ARIA-256-CBC-SHA384",
MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
0 },
#endif
#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_SHA256_C))
{ MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256,
"TLS-DHE-PSK-WITH-ARIA-128-GCM-SHA256",
MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
0 },
#endif
#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_SHA256_C))
{ MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256,
"TLS-DHE-PSK-WITH-ARIA-128-CBC-SHA256",
MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
0 },
#endif
#endif /* MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */
#endif /* MBEDTLS_ARIA_C */
{ 0, "", { 0, "",
MBEDTLS_CIPHER_NONE, MBEDTLS_MD_NONE, MBEDTLS_KEY_EXCHANGE_NONE, MBEDTLS_CIPHER_NONE, MBEDTLS_MD_NONE, MBEDTLS_KEY_EXCHANGE_NONE,
0, 0, 0, 0, 0 } 0, 0, 0, 0, 0 }

162
thirdparty/mbedtls/library/ssl_cli.c vendored
View File

@ -48,10 +48,7 @@
#endif #endif
#if defined(MBEDTLS_SSL_SESSION_TICKETS) #if defined(MBEDTLS_SSL_SESSION_TICKETS)
/* Implementation that should never be optimized out by the compiler */ #include "mbedtls/platform_util.h"
static void mbedtls_zeroize( void *v, size_t n ) {
volatile unsigned char *p = v; while( n-- ) *p++ = 0;
}
#endif #endif
#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
@ -717,6 +714,49 @@ static int ssl_generate_random( mbedtls_ssl_context *ssl )
return( 0 ); return( 0 );
} }
/**
* \brief Validate cipher suite against config in SSL context.
*
* \param suite_info cipher suite to validate
* \param ssl SSL context
* \param min_minor_ver Minimal minor version to accept a cipher suite
* \param max_minor_ver Maximal minor version to accept a cipher suite
*
* \return 0 if valid, else 1
*/
static int ssl_validate_ciphersuite( const mbedtls_ssl_ciphersuite_t * suite_info,
const mbedtls_ssl_context * ssl,
int min_minor_ver, int max_minor_ver )
{
(void) ssl;
if( suite_info == NULL )
return( 1 );
if( suite_info->min_minor_ver > max_minor_ver ||
suite_info->max_minor_ver < min_minor_ver )
return( 1 );
#if defined(MBEDTLS_SSL_PROTO_DTLS)
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
( suite_info->flags & MBEDTLS_CIPHERSUITE_NODTLS ) )
return( 1 );
#endif
#if defined(MBEDTLS_ARC4_C)
if( ssl->conf->arc4_disabled == MBEDTLS_SSL_ARC4_DISABLED &&
suite_info->cipher == MBEDTLS_CIPHER_ARC4_128 )
return( 1 );
#endif
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
if( suite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE &&
mbedtls_ecjpake_check( &ssl->handshake->ecjpake_ctx ) != 0 )
return( 1 );
#endif
return( 0 );
}
static int ssl_write_client_hello( mbedtls_ssl_context *ssl ) static int ssl_write_client_hello( mbedtls_ssl_context *ssl )
{ {
int ret; int ret;
@ -869,31 +909,11 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl )
{ {
ciphersuite_info = mbedtls_ssl_ciphersuite_from_id( ciphersuites[i] ); ciphersuite_info = mbedtls_ssl_ciphersuite_from_id( ciphersuites[i] );
if( ciphersuite_info == NULL ) if( ssl_validate_ciphersuite( ciphersuite_info, ssl,
ssl->conf->min_minor_ver,
ssl->conf->max_minor_ver ) != 0 )
continue; continue;
if( ciphersuite_info->min_minor_ver > ssl->conf->max_minor_ver ||
ciphersuite_info->max_minor_ver < ssl->conf->min_minor_ver )
continue;
#if defined(MBEDTLS_SSL_PROTO_DTLS)
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
( ciphersuite_info->flags & MBEDTLS_CIPHERSUITE_NODTLS ) )
continue;
#endif
#if defined(MBEDTLS_ARC4_C)
if( ssl->conf->arc4_disabled == MBEDTLS_SSL_ARC4_DISABLED &&
ciphersuite_info->cipher == MBEDTLS_CIPHER_ARC4_128 )
continue;
#endif
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE &&
mbedtls_ecjpake_check( &ssl->handshake->ecjpake_ctx ) != 0 )
continue;
#endif
MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, add ciphersuite: %04x", MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, add ciphersuite: %04x",
ciphersuites[i] ) ); ciphersuites[i] ) );
@ -938,7 +958,7 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl )
#endif #endif
/* /*
* We don't support compression with DTLS right now: is many records come * We don't support compression with DTLS right now: if many records come
* in the same datagram, uncompressing one could overwrite the next one. * in the same datagram, uncompressing one could overwrite the next one.
* We don't want to add complexity for handling that case unless there is * We don't want to add complexity for handling that case unless there is
* an actual need for it. * an actual need for it.
@ -1690,22 +1710,9 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl )
MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, chosen ciphersuite: %04x", i ) ); MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, chosen ciphersuite: %04x", i ) );
MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, compress alg.: %d", buf[37 + n] ) ); MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, compress alg.: %d", buf[37 + n] ) );
suite_info = mbedtls_ssl_ciphersuite_from_id( ssl->session_negotiate->ciphersuite ); /*
if( suite_info == NULL * Perform cipher suite validation in same way as in ssl_write_client_hello.
#if defined(MBEDTLS_ARC4_C) */
|| ( ssl->conf->arc4_disabled &&
suite_info->cipher == MBEDTLS_CIPHER_ARC4_128 )
#endif
)
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello message" ) );
mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER );
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
}
MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, chosen ciphersuite: %s", suite_info->name ) );
i = 0; i = 0;
while( 1 ) while( 1 )
{ {
@ -1724,6 +1731,17 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl )
} }
} }
suite_info = mbedtls_ssl_ciphersuite_from_id( ssl->session_negotiate->ciphersuite );
if( ssl_validate_ciphersuite( suite_info, ssl, ssl->minor_ver, ssl->minor_ver ) != 0 )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello message" ) );
mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER );
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
}
MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, chosen ciphersuite: %s", suite_info->name ) );
if( comp != MBEDTLS_SSL_COMPRESS_NULL if( comp != MBEDTLS_SSL_COMPRESS_NULL
#if defined(MBEDTLS_ZLIB_SUPPORT) #if defined(MBEDTLS_ZLIB_SUPPORT)
&& comp != MBEDTLS_SSL_COMPRESS_DEFLATE && comp != MBEDTLS_SSL_COMPRESS_DEFLATE
@ -2673,10 +2691,27 @@ static int ssl_parse_certificate_request( mbedtls_ssl_context *ssl )
buf = ssl->in_msg; buf = ssl->in_msg;
/* certificate_types */ /* certificate_types */
if( ssl->in_hslen <= mbedtls_ssl_hs_hdr_len( ssl ) )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate request message" ) );
mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST );
}
cert_type_len = buf[mbedtls_ssl_hs_hdr_len( ssl )]; cert_type_len = buf[mbedtls_ssl_hs_hdr_len( ssl )];
n = cert_type_len; n = cert_type_len;
if( ssl->in_hslen < mbedtls_ssl_hs_hdr_len( ssl ) + 2 + n ) /*
* In the subsequent code there are two paths that read from buf:
* * the length of the signature algorithms field (if minor version of
* SSL is 3),
* * distinguished name length otherwise.
* Both reach at most the index:
* ...hdr_len + 2 + n,
* therefore the buffer length at this point must be greater than that
* regardless of the actual code path.
*/
if( ssl->in_hslen <= mbedtls_ssl_hs_hdr_len( ssl ) + 2 + n )
{ {
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate request message" ) ); MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate request message" ) );
mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
@ -2691,9 +2726,32 @@ static int ssl_parse_certificate_request( mbedtls_ssl_context *ssl )
size_t sig_alg_len = ( ( buf[mbedtls_ssl_hs_hdr_len( ssl ) + 1 + n] << 8 ) size_t sig_alg_len = ( ( buf[mbedtls_ssl_hs_hdr_len( ssl ) + 1 + n] << 8 )
| ( buf[mbedtls_ssl_hs_hdr_len( ssl ) + 2 + n] ) ); | ( buf[mbedtls_ssl_hs_hdr_len( ssl ) + 2 + n] ) );
#if defined(MBEDTLS_DEBUG_C) #if defined(MBEDTLS_DEBUG_C)
unsigned char* sig_alg = buf + mbedtls_ssl_hs_hdr_len( ssl ) + 3 + n; unsigned char* sig_alg;
size_t i; size_t i;
#endif
/*
* The furthest access in buf is in the loop few lines below:
* sig_alg[i + 1],
* where:
* sig_alg = buf + ...hdr_len + 3 + n,
* max(i) = sig_alg_len - 1.
* Therefore the furthest access is:
* buf[...hdr_len + 3 + n + sig_alg_len - 1 + 1],
* which reduces to:
* buf[...hdr_len + 3 + n + sig_alg_len],
* which is one less than we need the buf to be.
*/
if( ssl->in_hslen <= mbedtls_ssl_hs_hdr_len( ssl ) + 3 + n + sig_alg_len )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate request message" ) );
mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST );
}
#if defined(MBEDTLS_DEBUG_C)
sig_alg = buf + mbedtls_ssl_hs_hdr_len( ssl ) + 3 + n;
for( i = 0; i < sig_alg_len; i += 2 ) for( i = 0; i < sig_alg_len; i += 2 )
{ {
MBEDTLS_SSL_DEBUG_MSG( 3, ( "Supported Signature Algorithm found: %d" MBEDTLS_SSL_DEBUG_MSG( 3, ( "Supported Signature Algorithm found: %d"
@ -2702,14 +2760,6 @@ static int ssl_parse_certificate_request( mbedtls_ssl_context *ssl )
#endif #endif
n += 2 + sig_alg_len; n += 2 + sig_alg_len;
if( ssl->in_hslen < mbedtls_ssl_hs_hdr_len( ssl ) + 2 + n )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate request message" ) );
mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST );
}
} }
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
@ -3289,8 +3339,8 @@ static int ssl_parse_new_session_ticket( mbedtls_ssl_context *ssl )
if( ticket_len == 0 ) if( ticket_len == 0 )
return( 0 ); return( 0 );
mbedtls_zeroize( ssl->session_negotiate->ticket, mbedtls_platform_zeroize( ssl->session_negotiate->ticket,
ssl->session_negotiate->ticket_len ); ssl->session_negotiate->ticket_len );
mbedtls_free( ssl->session_negotiate->ticket ); mbedtls_free( ssl->session_negotiate->ticket );
ssl->session_negotiate->ticket = NULL; ssl->session_negotiate->ticket = NULL;
ssl->session_negotiate->ticket_len = 0; ssl->session_negotiate->ticket_len = 0;

10
thirdparty/mbedtls/library/ssl_cookie.c vendored
View File

@ -40,14 +40,10 @@
#include "mbedtls/ssl_cookie.h" #include "mbedtls/ssl_cookie.h"
#include "mbedtls/ssl_internal.h" #include "mbedtls/ssl_internal.h"
#include "mbedtls/platform_util.h"
#include <string.h> #include <string.h>
/* Implementation that should never be optimized out by the compiler */
static void mbedtls_zeroize( void *v, size_t n ) {
volatile unsigned char *p = v; while( n-- ) *p++ = 0;
}
/* /*
* If DTLS is in use, then at least one of SHA-1, SHA-256, SHA-512 is * If DTLS is in use, then at least one of SHA-1, SHA-256, SHA-512 is
* available. Try SHA-256 first, 512 wastes resources since we need to stay * available. Try SHA-256 first, 512 wastes resources since we need to stay
@ -101,7 +97,7 @@ void mbedtls_ssl_cookie_free( mbedtls_ssl_cookie_ctx *ctx )
mbedtls_mutex_free( &ctx->mutex ); mbedtls_mutex_free( &ctx->mutex );
#endif #endif
mbedtls_zeroize( ctx, sizeof( mbedtls_ssl_cookie_ctx ) ); mbedtls_platform_zeroize( ctx, sizeof( mbedtls_ssl_cookie_ctx ) );
} }
int mbedtls_ssl_cookie_setup( mbedtls_ssl_cookie_ctx *ctx, int mbedtls_ssl_cookie_setup( mbedtls_ssl_cookie_ctx *ctx,
@ -122,7 +118,7 @@ int mbedtls_ssl_cookie_setup( mbedtls_ssl_cookie_ctx *ctx,
if( ret != 0 ) if( ret != 0 )
return( ret ); return( ret );
mbedtls_zeroize( key, sizeof( key ) ); mbedtls_platform_zeroize( key, sizeof( key ) );
return( 0 ); return( 0 );
} }

18
thirdparty/mbedtls/library/ssl_srv.c vendored
View File

@ -38,6 +38,7 @@
#include "mbedtls/debug.h" #include "mbedtls/debug.h"
#include "mbedtls/ssl.h" #include "mbedtls/ssl.h"
#include "mbedtls/ssl_internal.h" #include "mbedtls/ssl_internal.h"
#include "mbedtls/platform_util.h"
#include <string.h> #include <string.h>
@ -49,13 +50,6 @@
#include "mbedtls/platform_time.h" #include "mbedtls/platform_time.h"
#endif #endif
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
/* Implementation that should never be optimized out by the compiler */
static void mbedtls_zeroize( void *v, size_t n ) {
volatile unsigned char *p = v; while( n-- ) *p++ = 0;
}
#endif
#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) #if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY)
int mbedtls_ssl_set_client_transport_id( mbedtls_ssl_context *ssl, int mbedtls_ssl_set_client_transport_id( mbedtls_ssl_context *ssl,
const unsigned char *info, const unsigned char *info,
@ -553,7 +547,7 @@ static int ssl_parse_session_ticket_ext( mbedtls_ssl_context *ssl,
memcpy( ssl->session_negotiate, &session, sizeof( mbedtls_ssl_session ) ); memcpy( ssl->session_negotiate, &session, sizeof( mbedtls_ssl_session ) );
/* Zeroize instead of free as we copied the content */ /* Zeroize instead of free as we copied the content */
mbedtls_zeroize( &session, sizeof( mbedtls_ssl_session ) ); mbedtls_platform_zeroize( &session, sizeof( mbedtls_ssl_session ) );
MBEDTLS_SSL_DEBUG_MSG( 3, ( "session successfully restored from ticket" ) ); MBEDTLS_SSL_DEBUG_MSG( 3, ( "session successfully restored from ticket" ) );
@ -3750,7 +3744,10 @@ static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl )
/* Read the message without adding it to the checksum */ /* Read the message without adding it to the checksum */
do { do {
if( ( ret = mbedtls_ssl_read_record_layer( ssl ) ) != 0 ) do ret = mbedtls_ssl_read_record_layer( ssl );
while( ret == MBEDTLS_ERR_SSL_CONTINUE_PROCESSING );
if( ret != 0 )
{ {
MBEDTLS_SSL_DEBUG_RET( 1, ( "mbedtls_ssl_read_record_layer" ), ret ); MBEDTLS_SSL_DEBUG_RET( 1, ( "mbedtls_ssl_read_record_layer" ), ret );
return( ret ); return( ret );
@ -3758,7 +3755,8 @@ static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl )
ret = mbedtls_ssl_handle_message_type( ssl ); ret = mbedtls_ssl_handle_message_type( ssl );
} while( MBEDTLS_ERR_SSL_NON_FATAL == ret ); } while( MBEDTLS_ERR_SSL_NON_FATAL == ret ||
MBEDTLS_ERR_SSL_CONTINUE_PROCESSING == ret );
if( 0 != ret ) if( 0 != ret )
{ {

10
thirdparty/mbedtls/library/ssl_ticket.c vendored
View File

@ -36,14 +36,10 @@
#endif #endif
#include "mbedtls/ssl_ticket.h" #include "mbedtls/ssl_ticket.h"
#include "mbedtls/platform_util.h"
#include <string.h> #include <string.h>
/* Implementation that should never be optimized out by the compiler */
static void mbedtls_zeroize( void *v, size_t n ) {
volatile unsigned char *p = v; while( n-- ) *p++ = 0;
}
/* /*
* Initialze context * Initialze context
*/ */
@ -83,7 +79,7 @@ static int ssl_ticket_gen_key( mbedtls_ssl_ticket_context *ctx,
mbedtls_cipher_get_key_bitlen( &key->ctx ), mbedtls_cipher_get_key_bitlen( &key->ctx ),
MBEDTLS_ENCRYPT ); MBEDTLS_ENCRYPT );
mbedtls_zeroize( buf, sizeof( buf ) ); mbedtls_platform_zeroize( buf, sizeof( buf ) );
return( ret ); return( ret );
} }
@ -483,7 +479,7 @@ void mbedtls_ssl_ticket_free( mbedtls_ssl_ticket_context *ctx )
mbedtls_mutex_free( &ctx->mutex ); mbedtls_mutex_free( &ctx->mutex );
#endif #endif
mbedtls_zeroize( ctx, sizeof( mbedtls_ssl_ticket_context ) ); mbedtls_platform_zeroize( ctx, sizeof( mbedtls_ssl_ticket_context ) );
} }
#endif /* MBEDTLS_SSL_TICKET_C */ #endif /* MBEDTLS_SSL_TICKET_C */

493
thirdparty/mbedtls/library/ssl_tls.c vendored
View File

@ -46,6 +46,7 @@
#include "mbedtls/debug.h" #include "mbedtls/debug.h"
#include "mbedtls/ssl.h" #include "mbedtls/ssl.h"
#include "mbedtls/ssl_internal.h" #include "mbedtls/ssl_internal.h"
#include "mbedtls/platform_util.h"
#include <string.h> #include <string.h>
@ -53,11 +54,6 @@
#include "mbedtls/oid.h" #include "mbedtls/oid.h"
#endif #endif
/* Implementation that should never be optimized out by the compiler */
static void mbedtls_zeroize( void *v, size_t n ) {
volatile unsigned char *p = v; while( n-- ) *p++ = 0;
}
/* Length of the "epoch" field in the record header */ /* Length of the "epoch" field in the record header */
static inline size_t ssl_ep_len( const mbedtls_ssl_context *ssl ) static inline size_t ssl_ep_len( const mbedtls_ssl_context *ssl )
{ {
@ -269,8 +265,8 @@ exit:
mbedtls_md5_free( &md5 ); mbedtls_md5_free( &md5 );
mbedtls_sha1_free( &sha1 ); mbedtls_sha1_free( &sha1 );
mbedtls_zeroize( padding, sizeof( padding ) ); mbedtls_platform_zeroize( padding, sizeof( padding ) );
mbedtls_zeroize( sha1sum, sizeof( sha1sum ) ); mbedtls_platform_zeroize( sha1sum, sizeof( sha1sum ) );
return( ret ); return( ret );
} }
@ -367,8 +363,8 @@ static int tls1_prf( const unsigned char *secret, size_t slen,
mbedtls_md_free( &md_ctx ); mbedtls_md_free( &md_ctx );
mbedtls_zeroize( tmp, sizeof( tmp ) ); mbedtls_platform_zeroize( tmp, sizeof( tmp ) );
mbedtls_zeroize( h_i, sizeof( h_i ) ); mbedtls_platform_zeroize( h_i, sizeof( h_i ) );
return( 0 ); return( 0 );
} }
@ -432,8 +428,8 @@ static int tls_prf_generic( mbedtls_md_type_t md_type,
mbedtls_md_free( &md_ctx ); mbedtls_md_free( &md_ctx );
mbedtls_zeroize( tmp, sizeof( tmp ) ); mbedtls_platform_zeroize( tmp, sizeof( tmp ) );
mbedtls_zeroize( h_i, sizeof( h_i ) ); mbedtls_platform_zeroize( h_i, sizeof( h_i ) );
return( 0 ); return( 0 );
} }
@ -642,7 +638,8 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl )
return( ret ); return( ret );
} }
mbedtls_zeroize( handshake->premaster, sizeof(handshake->premaster) ); mbedtls_platform_zeroize( handshake->premaster,
sizeof(handshake->premaster) );
} }
else else
MBEDTLS_SSL_DEBUG_MSG( 3, ( "no premaster (session resumed)" ) ); MBEDTLS_SSL_DEBUG_MSG( 3, ( "no premaster (session resumed)" ) );
@ -653,7 +650,7 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl )
memcpy( tmp, handshake->randbytes, 64 ); memcpy( tmp, handshake->randbytes, 64 );
memcpy( handshake->randbytes, tmp + 32, 32 ); memcpy( handshake->randbytes, tmp + 32, 32 );
memcpy( handshake->randbytes + 32, tmp, 32 ); memcpy( handshake->randbytes + 32, tmp, 32 );
mbedtls_zeroize( tmp, sizeof( tmp ) ); mbedtls_platform_zeroize( tmp, sizeof( tmp ) );
/* /*
* SSLv3: * SSLv3:
@ -681,7 +678,8 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl )
MBEDTLS_SSL_DEBUG_BUF( 4, "random bytes", handshake->randbytes, 64 ); MBEDTLS_SSL_DEBUG_BUF( 4, "random bytes", handshake->randbytes, 64 );
MBEDTLS_SSL_DEBUG_BUF( 4, "key block", keyblk, 256 ); MBEDTLS_SSL_DEBUG_BUF( 4, "key block", keyblk, 256 );
mbedtls_zeroize( handshake->randbytes, sizeof( handshake->randbytes ) ); mbedtls_platform_zeroize( handshake->randbytes,
sizeof( handshake->randbytes ) );
/* /*
* Determine the appropriate key, IV and MAC length. * Determine the appropriate key, IV and MAC length.
@ -855,8 +853,13 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl )
defined(MBEDTLS_SSL_PROTO_TLS1_2) defined(MBEDTLS_SSL_PROTO_TLS1_2)
if( ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_1 ) if( ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_1 )
{ {
mbedtls_md_hmac_starts( &transform->md_ctx_enc, mac_enc, mac_key_len ); /* For HMAC-based ciphersuites, initialize the HMAC transforms.
mbedtls_md_hmac_starts( &transform->md_ctx_dec, mac_dec, mac_key_len ); For AEAD-based ciphersuites, there is nothing to do here. */
if( mac_key_len != 0 )
{
mbedtls_md_hmac_starts( &transform->md_ctx_enc, mac_enc, mac_key_len );
mbedtls_md_hmac_starts( &transform->md_ctx_dec, mac_dec, mac_key_len );
}
} }
else else
#endif #endif
@ -943,7 +946,7 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl )
} }
#endif /* MBEDTLS_CIPHER_MODE_CBC */ #endif /* MBEDTLS_CIPHER_MODE_CBC */
mbedtls_zeroize( keyblk, sizeof( keyblk ) ); mbedtls_platform_zeroize( keyblk, sizeof( keyblk ) );
#if defined(MBEDTLS_ZLIB_SUPPORT) #if defined(MBEDTLS_ZLIB_SUPPORT)
// Initialize compression // Initialize compression
@ -1269,7 +1272,7 @@ static void ssl_mac( mbedtls_md_context_t *md_ctx,
#if defined(MBEDTLS_ARC4_C) || defined(MBEDTLS_CIPHER_NULL_CIPHER) || \ #if defined(MBEDTLS_ARC4_C) || defined(MBEDTLS_CIPHER_NULL_CIPHER) || \
( defined(MBEDTLS_CIPHER_MODE_CBC) && \ ( defined(MBEDTLS_CIPHER_MODE_CBC) && \
( defined(MBEDTLS_AES_C) || defined(MBEDTLS_CAMELLIA_C) ) ) ( defined(MBEDTLS_AES_C) || defined(MBEDTLS_CAMELLIA_C) || defined(MBEDTLS_ARIA_C)) )
#define SSL_SOME_MODES_USE_MAC #define SSL_SOME_MODES_USE_MAC
#endif #endif
@ -1470,7 +1473,7 @@ static int ssl_encrypt_buf( mbedtls_ssl_context *ssl )
else else
#endif /* MBEDTLS_GCM_C || MBEDTLS_CCM_C */ #endif /* MBEDTLS_GCM_C || MBEDTLS_CCM_C */
#if defined(MBEDTLS_CIPHER_MODE_CBC) && \ #if defined(MBEDTLS_CIPHER_MODE_CBC) && \
( defined(MBEDTLS_AES_C) || defined(MBEDTLS_CAMELLIA_C) ) ( defined(MBEDTLS_AES_C) || defined(MBEDTLS_CAMELLIA_C) || defined(MBEDTLS_ARIA_C) )
if( mode == MBEDTLS_MODE_CBC ) if( mode == MBEDTLS_MODE_CBC )
{ {
int ret; int ret;
@ -1586,7 +1589,7 @@ static int ssl_encrypt_buf( mbedtls_ssl_context *ssl )
} }
else else
#endif /* MBEDTLS_CIPHER_MODE_CBC && #endif /* MBEDTLS_CIPHER_MODE_CBC &&
( MBEDTLS_AES_C || MBEDTLS_CAMELLIA_C ) */ ( MBEDTLS_AES_C || MBEDTLS_CAMELLIA_C || MBEDTLS_ARIA_C ) */
{ {
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
@ -1730,7 +1733,7 @@ static int ssl_decrypt_buf( mbedtls_ssl_context *ssl )
else else
#endif /* MBEDTLS_GCM_C || MBEDTLS_CCM_C */ #endif /* MBEDTLS_GCM_C || MBEDTLS_CCM_C */
#if defined(MBEDTLS_CIPHER_MODE_CBC) && \ #if defined(MBEDTLS_CIPHER_MODE_CBC) && \
( defined(MBEDTLS_AES_C) || defined(MBEDTLS_CAMELLIA_C) ) ( defined(MBEDTLS_AES_C) || defined(MBEDTLS_CAMELLIA_C) || defined(MBEDTLS_ARIA_C) )
if( mode == MBEDTLS_MODE_CBC ) if( mode == MBEDTLS_MODE_CBC )
{ {
/* /*
@ -1942,7 +1945,7 @@ static int ssl_decrypt_buf( mbedtls_ssl_context *ssl )
} }
else else
#endif /* MBEDTLS_CIPHER_MODE_CBC && #endif /* MBEDTLS_CIPHER_MODE_CBC &&
( MBEDTLS_AES_C || MBEDTLS_CAMELLIA_C ) */ ( MBEDTLS_AES_C || MBEDTLS_CAMELLIA_C || MBEDTLS_ARIA_C ) */
{ {
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
@ -2103,6 +2106,7 @@ static int ssl_compress_buf( mbedtls_ssl_context *ssl )
{ {
int ret; int ret;
unsigned char *msg_post = ssl->out_msg; unsigned char *msg_post = ssl->out_msg;
ptrdiff_t bytes_written = ssl->out_msg - ssl->out_buf;
size_t len_pre = ssl->out_msglen; size_t len_pre = ssl->out_msglen;
unsigned char *msg_pre = ssl->compress_buf; unsigned char *msg_pre = ssl->compress_buf;
@ -2122,7 +2126,7 @@ static int ssl_compress_buf( mbedtls_ssl_context *ssl )
ssl->transform_out->ctx_deflate.next_in = msg_pre; ssl->transform_out->ctx_deflate.next_in = msg_pre;
ssl->transform_out->ctx_deflate.avail_in = len_pre; ssl->transform_out->ctx_deflate.avail_in = len_pre;
ssl->transform_out->ctx_deflate.next_out = msg_post; ssl->transform_out->ctx_deflate.next_out = msg_post;
ssl->transform_out->ctx_deflate.avail_out = MBEDTLS_SSL_BUFFER_LEN; ssl->transform_out->ctx_deflate.avail_out = MBEDTLS_SSL_BUFFER_LEN - bytes_written;
ret = deflate( &ssl->transform_out->ctx_deflate, Z_SYNC_FLUSH ); ret = deflate( &ssl->transform_out->ctx_deflate, Z_SYNC_FLUSH );
if( ret != Z_OK ) if( ret != Z_OK )
@ -2132,7 +2136,7 @@ static int ssl_compress_buf( mbedtls_ssl_context *ssl )
} }
ssl->out_msglen = MBEDTLS_SSL_BUFFER_LEN - ssl->out_msglen = MBEDTLS_SSL_BUFFER_LEN -
ssl->transform_out->ctx_deflate.avail_out; ssl->transform_out->ctx_deflate.avail_out - bytes_written;
MBEDTLS_SSL_DEBUG_MSG( 3, ( "after compression: msglen = %d, ", MBEDTLS_SSL_DEBUG_MSG( 3, ( "after compression: msglen = %d, ",
ssl->out_msglen ) ); ssl->out_msglen ) );
@ -2149,6 +2153,7 @@ static int ssl_decompress_buf( mbedtls_ssl_context *ssl )
{ {
int ret; int ret;
unsigned char *msg_post = ssl->in_msg; unsigned char *msg_post = ssl->in_msg;
ptrdiff_t header_bytes = ssl->in_msg - ssl->in_buf;
size_t len_pre = ssl->in_msglen; size_t len_pre = ssl->in_msglen;
unsigned char *msg_pre = ssl->compress_buf; unsigned char *msg_pre = ssl->compress_buf;
@ -2168,7 +2173,8 @@ static int ssl_decompress_buf( mbedtls_ssl_context *ssl )
ssl->transform_in->ctx_inflate.next_in = msg_pre; ssl->transform_in->ctx_inflate.next_in = msg_pre;
ssl->transform_in->ctx_inflate.avail_in = len_pre; ssl->transform_in->ctx_inflate.avail_in = len_pre;
ssl->transform_in->ctx_inflate.next_out = msg_post; ssl->transform_in->ctx_inflate.next_out = msg_post;
ssl->transform_in->ctx_inflate.avail_out = MBEDTLS_SSL_MAX_CONTENT_LEN; ssl->transform_in->ctx_inflate.avail_out = MBEDTLS_SSL_BUFFER_LEN -
header_bytes;
ret = inflate( &ssl->transform_in->ctx_inflate, Z_SYNC_FLUSH ); ret = inflate( &ssl->transform_in->ctx_inflate, Z_SYNC_FLUSH );
if( ret != Z_OK ) if( ret != Z_OK )
@ -2177,8 +2183,8 @@ static int ssl_decompress_buf( mbedtls_ssl_context *ssl )
return( MBEDTLS_ERR_SSL_COMPRESSION_FAILED ); return( MBEDTLS_ERR_SSL_COMPRESSION_FAILED );
} }
ssl->in_msglen = MBEDTLS_SSL_MAX_CONTENT_LEN - ssl->in_msglen = MBEDTLS_SSL_BUFFER_LEN -
ssl->transform_in->ctx_inflate.avail_out; ssl->transform_in->ctx_inflate.avail_out - header_bytes;
MBEDTLS_SSL_DEBUG_MSG( 3, ( "after decompression: msglen = %d, ", MBEDTLS_SSL_DEBUG_MSG( 3, ( "after decompression: msglen = %d, ",
ssl->in_msglen ) ); ssl->in_msglen ) );
@ -2332,7 +2338,10 @@ int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want )
* that will end up being dropped. * that will end up being dropped.
*/ */
if( ssl_check_timer( ssl ) != 0 ) if( ssl_check_timer( ssl ) != 0 )
{
MBEDTLS_SSL_DEBUG_MSG( 2, ( "timer has expired" ) );
ret = MBEDTLS_ERR_SSL_TIMEOUT; ret = MBEDTLS_ERR_SSL_TIMEOUT;
}
else else
{ {
len = MBEDTLS_SSL_BUFFER_LEN - ( ssl->in_hdr - ssl->in_buf ); len = MBEDTLS_SSL_BUFFER_LEN - ( ssl->in_hdr - ssl->in_buf );
@ -2434,6 +2443,14 @@ int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want )
if( ret < 0 ) if( ret < 0 )
return( ret ); return( ret );
if ( (size_t)ret > len || ( INT_MAX > SIZE_MAX && ret > SIZE_MAX ) )
{
MBEDTLS_SSL_DEBUG_MSG( 1,
( "f_recv returned %d bytes but only %lu were requested",
ret, (unsigned long)len ) );
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
}
ssl->in_left += ret; ssl->in_left += ret;
} }
} }
@ -2481,6 +2498,14 @@ int mbedtls_ssl_flush_output( mbedtls_ssl_context *ssl )
if( ret <= 0 ) if( ret <= 0 )
return( ret ); return( ret );
if( (size_t)ret > ssl->out_left || ( INT_MAX > SIZE_MAX && ret > SIZE_MAX ) )
{
MBEDTLS_SSL_DEBUG_MSG( 1,
( "f_send returned %d bytes but only %lu bytes were sent",
ret, (unsigned long)ssl->out_left ) );
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
}
ssl->out_left -= ret; ssl->out_left -= ret;
} }
@ -3064,7 +3089,7 @@ static int ssl_reassemble_dtls_handshake( mbedtls_ssl_context *ssl )
if( ssl_bitmask_check( bitmask, msg_len ) != 0 ) if( ssl_bitmask_check( bitmask, msg_len ) != 0 )
{ {
MBEDTLS_SSL_DEBUG_MSG( 2, ( "message is not complete yet" ) ); MBEDTLS_SSL_DEBUG_MSG( 2, ( "message is not complete yet" ) );
return( MBEDTLS_ERR_SSL_WANT_READ ); return( MBEDTLS_ERR_SSL_CONTINUE_PROCESSING );
} }
MBEDTLS_SSL_DEBUG_MSG( 2, ( "handshake message completed" ) ); MBEDTLS_SSL_DEBUG_MSG( 2, ( "handshake message completed" ) );
@ -3141,9 +3166,11 @@ int mbedtls_ssl_prepare_handshake_record( mbedtls_ssl_context *ssl )
int ret; int ret;
unsigned int recv_msg_seq = ( ssl->in_msg[4] << 8 ) | ssl->in_msg[5]; unsigned int recv_msg_seq = ( ssl->in_msg[4] << 8 ) | ssl->in_msg[5];
/* ssl->handshake is NULL when receiving ClientHello for renego */
if( ssl->handshake != NULL && if( ssl->handshake != NULL &&
recv_msg_seq != ssl->handshake->in_msg_seq ) ( ( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER &&
recv_msg_seq != ssl->handshake->in_msg_seq ) ||
( ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER &&
ssl->in_msg[0] != MBEDTLS_SSL_HS_CLIENT_HELLO ) ) )
{ {
/* Retransmit only on last message from previous flight, to avoid /* Retransmit only on last message from previous flight, to avoid
* too many retransmissions. * too many retransmissions.
@ -3170,7 +3197,7 @@ int mbedtls_ssl_prepare_handshake_record( mbedtls_ssl_context *ssl )
ssl->handshake->in_msg_seq ) ); ssl->handshake->in_msg_seq ) );
} }
return( MBEDTLS_ERR_SSL_WANT_READ ); return( MBEDTLS_ERR_SSL_CONTINUE_PROCESSING );
} }
/* Wait until message completion to increment in_msg_seq */ /* Wait until message completion to increment in_msg_seq */
@ -3573,81 +3600,23 @@ static int ssl_parse_record_header( mbedtls_ssl_context *ssl )
return( MBEDTLS_ERR_SSL_INVALID_RECORD ); return( MBEDTLS_ERR_SSL_INVALID_RECORD );
} }
/* Check length against bounds of the current transform and version */
if( ssl->transform_in == NULL )
{
if( ssl->in_msglen < 1 ||
ssl->in_msglen > MBEDTLS_SSL_MAX_CONTENT_LEN )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad message length" ) );
return( MBEDTLS_ERR_SSL_INVALID_RECORD );
}
}
else
{
if( ssl->in_msglen < ssl->transform_in->minlen )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad message length" ) );
return( MBEDTLS_ERR_SSL_INVALID_RECORD );
}
#if defined(MBEDTLS_SSL_PROTO_SSL3)
if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 &&
ssl->in_msglen > ssl->transform_in->minlen + MBEDTLS_SSL_MAX_CONTENT_LEN )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad message length" ) );
return( MBEDTLS_ERR_SSL_INVALID_RECORD );
}
#endif
#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \
defined(MBEDTLS_SSL_PROTO_TLS1_2)
/*
* TLS encrypted messages can have up to 256 bytes of padding
*/
if( ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_1 &&
ssl->in_msglen > ssl->transform_in->minlen +
MBEDTLS_SSL_MAX_CONTENT_LEN + 256 )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad message length" ) );
return( MBEDTLS_ERR_SSL_INVALID_RECORD );
}
#endif
}
/* /*
* DTLS-related tests done last, because most of them may result in * DTLS-related tests.
* silently dropping the record (but not the whole datagram), and we only * Check epoch before checking length constraint because
* want to consider that after ensuring that the "basic" fields (type, * the latter varies with the epoch. E.g., if a ChangeCipherSpec
* version, length) are sane. * message gets duplicated before the corresponding Finished message,
* the second ChangeCipherSpec should be discarded because it belongs
* to an old epoch, but not because its length is shorter than
* the minimum record length for packets using the new record transform.
* Note that these two kinds of failures are handled differently,
* as an unexpected record is silently skipped but an invalid
* record leads to the entire datagram being dropped.
*/ */
#if defined(MBEDTLS_SSL_PROTO_DTLS) #if defined(MBEDTLS_SSL_PROTO_DTLS)
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
{ {
unsigned int rec_epoch = ( ssl->in_ctr[0] << 8 ) | ssl->in_ctr[1]; unsigned int rec_epoch = ( ssl->in_ctr[0] << 8 ) | ssl->in_ctr[1];
/* Drop unexpected ChangeCipherSpec messages */
if( ssl->in_msgtype == MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC &&
ssl->state != MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC &&
ssl->state != MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "dropping unexpected ChangeCipherSpec" ) );
return( MBEDTLS_ERR_SSL_UNEXPECTED_RECORD );
}
/* Drop unexpected ApplicationData records,
* except at the beginning of renegotiations */
if( ssl->in_msgtype == MBEDTLS_SSL_MSG_APPLICATION_DATA &&
ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER
#if defined(MBEDTLS_SSL_RENEGOTIATION)
&& ! ( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS &&
ssl->state == MBEDTLS_SSL_SERVER_HELLO )
#endif
)
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "dropping unexpected ApplicationData" ) );
return( MBEDTLS_ERR_SSL_UNEXPECTED_RECORD );
}
/* Check epoch (and sequence number) with DTLS */ /* Check epoch (and sequence number) with DTLS */
if( rec_epoch != ssl->in_epoch ) if( rec_epoch != ssl->in_epoch )
{ {
@ -3687,9 +3656,74 @@ static int ssl_parse_record_header( mbedtls_ssl_context *ssl )
return( MBEDTLS_ERR_SSL_UNEXPECTED_RECORD ); return( MBEDTLS_ERR_SSL_UNEXPECTED_RECORD );
} }
#endif #endif
/* Drop unexpected ChangeCipherSpec messages */
if( ssl->in_msgtype == MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC &&
ssl->state != MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC &&
ssl->state != MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "dropping unexpected ChangeCipherSpec" ) );
return( MBEDTLS_ERR_SSL_UNEXPECTED_RECORD );
}
/* Drop unexpected ApplicationData records,
* except at the beginning of renegotiations */
if( ssl->in_msgtype == MBEDTLS_SSL_MSG_APPLICATION_DATA &&
ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER
#if defined(MBEDTLS_SSL_RENEGOTIATION)
&& ! ( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS &&
ssl->state == MBEDTLS_SSL_SERVER_HELLO )
#endif
)
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "dropping unexpected ApplicationData" ) );
return( MBEDTLS_ERR_SSL_UNEXPECTED_RECORD );
}
} }
#endif /* MBEDTLS_SSL_PROTO_DTLS */ #endif /* MBEDTLS_SSL_PROTO_DTLS */
/* Check length against bounds of the current transform and version */
if( ssl->transform_in == NULL )
{
if( ssl->in_msglen < 1 ||
ssl->in_msglen > MBEDTLS_SSL_MAX_CONTENT_LEN )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad message length" ) );
return( MBEDTLS_ERR_SSL_INVALID_RECORD );
}
}
else
{
if( ssl->in_msglen < ssl->transform_in->minlen )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad message length" ) );
return( MBEDTLS_ERR_SSL_INVALID_RECORD );
}
#if defined(MBEDTLS_SSL_PROTO_SSL3)
if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 &&
ssl->in_msglen > ssl->transform_in->minlen + MBEDTLS_SSL_MAX_CONTENT_LEN )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad message length" ) );
return( MBEDTLS_ERR_SSL_INVALID_RECORD );
}
#endif
#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \
defined(MBEDTLS_SSL_PROTO_TLS1_2)
/*
* TLS encrypted messages can have up to 256 bytes of padding
*/
if( ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_1 &&
ssl->in_msglen > ssl->transform_in->minlen +
MBEDTLS_SSL_MAX_CONTENT_LEN + 256 )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad message length" ) );
return( MBEDTLS_ERR_SSL_INVALID_RECORD );
}
#endif
}
return( 0 ); return( 0 );
} }
@ -3778,7 +3812,10 @@ int mbedtls_ssl_read_record( mbedtls_ssl_context *ssl )
{ {
do { do {
if( ( ret = mbedtls_ssl_read_record_layer( ssl ) ) != 0 ) do ret = mbedtls_ssl_read_record_layer( ssl );
while( ret == MBEDTLS_ERR_SSL_CONTINUE_PROCESSING );
if( ret != 0 )
{ {
MBEDTLS_SSL_DEBUG_RET( 1, ( "mbedtls_ssl_read_record_layer" ), ret ); MBEDTLS_SSL_DEBUG_RET( 1, ( "mbedtls_ssl_read_record_layer" ), ret );
return( ret ); return( ret );
@ -3786,11 +3823,12 @@ int mbedtls_ssl_read_record( mbedtls_ssl_context *ssl )
ret = mbedtls_ssl_handle_message_type( ssl ); ret = mbedtls_ssl_handle_message_type( ssl );
} while( MBEDTLS_ERR_SSL_NON_FATAL == ret ); } while( MBEDTLS_ERR_SSL_NON_FATAL == ret ||
MBEDTLS_ERR_SSL_CONTINUE_PROCESSING == ret );
if( 0 != ret ) if( 0 != ret )
{ {
MBEDTLS_SSL_DEBUG_RET( 1, ( "mbedtls_ssl_read_record_layer" ), ret ); MBEDTLS_SSL_DEBUG_RET( 1, ( "mbedtls_ssl_handle_message_type" ), ret );
return( ret ); return( ret );
} }
@ -3828,11 +3866,6 @@ int mbedtls_ssl_read_record_layer( mbedtls_ssl_context *ssl )
* (2) Alert messages: * (2) Alert messages:
* Consume whole record content, in_msglen = 0. * Consume whole record content, in_msglen = 0.
* *
* NOTE: This needs to be fixed, since like for
* handshake messages it is allowed to have
* multiple alerts witin a single record.
* Internal reference IOTSSL-1321.
*
* (3) Change cipher spec: * (3) Change cipher spec:
* Consume whole record content, in_msglen = 0. * Consume whole record content, in_msglen = 0.
* *
@ -3860,12 +3893,12 @@ int mbedtls_ssl_read_record_layer( mbedtls_ssl_context *ssl )
*/ */
/* Notes: /* Notes:
* (1) in_hslen is *NOT* necessarily the size of the * (1) in_hslen is not necessarily the size of the
* current handshake content: If DTLS handshake * current handshake content: If DTLS handshake
* fragmentation is used, that's the fragment * fragmentation is used, that's the fragment
* size instead. Using the total handshake message * size instead. Using the total handshake message
* size here is FAULTY and should be changed at * size here is faulty and should be changed at
* some point. Internal reference IOTSSL-1414. * some point.
* (2) While it doesn't seem to cause problems, one * (2) While it doesn't seem to cause problems, one
* has to be very careful not to assume that in_hslen * has to be very careful not to assume that in_hslen
* is always <= in_msglen in a sensible communication. * is always <= in_msglen in a sensible communication.
@ -3916,12 +3949,6 @@ int mbedtls_ssl_read_record_layer( mbedtls_ssl_context *ssl )
return( 0 ); return( 0 );
} }
/* Need to fetch a new record */
#if defined(MBEDTLS_SSL_PROTO_DTLS)
read_record_header:
#endif
/* Current record either fully processed or to be discarded. */ /* Current record either fully processed or to be discarded. */
if( ( ret = mbedtls_ssl_fetch_input( ssl, mbedtls_ssl_hdr_len( ssl ) ) ) != 0 ) if( ( ret = mbedtls_ssl_fetch_input( ssl, mbedtls_ssl_hdr_len( ssl ) ) ) != 0 )
@ -3956,7 +3983,7 @@ read_record_header:
} }
/* Get next record */ /* Get next record */
goto read_record_header; return( MBEDTLS_ERR_SSL_CONTINUE_PROCESSING );
} }
#endif #endif
return( ret ); return( ret );
@ -3975,7 +4002,13 @@ read_record_header:
/* Done reading this record, get ready for the next one */ /* Done reading this record, get ready for the next one */
#if defined(MBEDTLS_SSL_PROTO_DTLS) #if defined(MBEDTLS_SSL_PROTO_DTLS)
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
{
ssl->next_record_offset = ssl->in_msglen + mbedtls_ssl_hdr_len( ssl ); ssl->next_record_offset = ssl->in_msglen + mbedtls_ssl_hdr_len( ssl );
if( ssl->next_record_offset < ssl->in_left )
{
MBEDTLS_SSL_DEBUG_MSG( 3, ( "more than one record within datagram" ) );
}
}
else else
#endif #endif
ssl->in_left = 0; ssl->in_left = 0;
@ -4022,7 +4055,7 @@ read_record_header:
ssl->in_left = 0; ssl->in_left = 0;
MBEDTLS_SSL_DEBUG_MSG( 1, ( "discarding invalid record (mac)" ) ); MBEDTLS_SSL_DEBUG_MSG( 1, ( "discarding invalid record (mac)" ) );
goto read_record_header; return( MBEDTLS_ERR_SSL_CONTINUE_PROCESSING );
} }
return( ret ); return( ret );
@ -4043,46 +4076,6 @@ read_record_header:
} }
} }
/*
* When we sent the last flight of the handshake, we MUST respond to a
* retransmit of the peer's previous flight with a retransmit. (In
* practice, only the Finished message will make it, other messages
* including CCS use the old transform so they're dropped as invalid.)
*
* If the record we received is not a handshake message, however, it
* means the peer received our last flight so we can clean up
* handshake info.
*
* This check needs to be done before prepare_handshake() due to an edge
* case: if the client immediately requests renegotiation, this
* finishes the current handshake first, avoiding the new ClientHello
* being mistaken for an ancient message in the current handshake.
*/
#if defined(MBEDTLS_SSL_PROTO_DTLS)
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
ssl->handshake != NULL &&
ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER )
{
if( ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE &&
ssl->in_msg[0] == MBEDTLS_SSL_HS_FINISHED )
{
MBEDTLS_SSL_DEBUG_MSG( 2, ( "received retransmit of last flight" ) );
if( ( ret = mbedtls_ssl_resend( ssl ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_resend", ret );
return( ret );
}
return( MBEDTLS_ERR_SSL_WANT_READ );
}
else
{
ssl_handshake_wrapup_free_hs_transform( ssl );
}
}
#endif
return( 0 ); return( 0 );
} }
@ -4127,7 +4120,7 @@ int mbedtls_ssl_handle_message_type( mbedtls_ssl_context *ssl )
if( ssl->in_msg[0] == MBEDTLS_SSL_ALERT_LEVEL_WARNING && if( ssl->in_msg[0] == MBEDTLS_SSL_ALERT_LEVEL_WARNING &&
ssl->in_msg[1] == MBEDTLS_SSL_ALERT_MSG_NO_RENEGOTIATION ) ssl->in_msg[1] == MBEDTLS_SSL_ALERT_MSG_NO_RENEGOTIATION )
{ {
MBEDTLS_SSL_DEBUG_MSG( 2, ( "is a SSLv3 no_cert" ) ); MBEDTLS_SSL_DEBUG_MSG( 2, ( "is a SSLv3 no renegotiation alert" ) );
/* Will be handled when trying to parse ServerHello */ /* Will be handled when trying to parse ServerHello */
return( 0 ); return( 0 );
} }
@ -4149,6 +4142,15 @@ int mbedtls_ssl_handle_message_type( mbedtls_ssl_context *ssl )
return MBEDTLS_ERR_SSL_NON_FATAL; return MBEDTLS_ERR_SSL_NON_FATAL;
} }
#if defined(MBEDTLS_SSL_PROTO_DTLS)
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
ssl->handshake != NULL &&
ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER )
{
ssl_handshake_wrapup_free_hs_transform( ssl );
}
#endif
return( 0 ); return( 0 );
} }
@ -5026,9 +5028,9 @@ static void ssl_calc_finished_ssl(
mbedtls_md5_free( &md5 ); mbedtls_md5_free( &md5 );
mbedtls_sha1_free( &sha1 ); mbedtls_sha1_free( &sha1 );
mbedtls_zeroize( padbuf, sizeof( padbuf ) ); mbedtls_platform_zeroize( padbuf, sizeof( padbuf ) );
mbedtls_zeroize( md5sum, sizeof( md5sum ) ); mbedtls_platform_zeroize( md5sum, sizeof( md5sum ) );
mbedtls_zeroize( sha1sum, sizeof( sha1sum ) ); mbedtls_platform_zeroize( sha1sum, sizeof( sha1sum ) );
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc finished" ) ); MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc finished" ) );
} }
@ -5087,7 +5089,7 @@ static void ssl_calc_finished_tls(
mbedtls_md5_free( &md5 ); mbedtls_md5_free( &md5 );
mbedtls_sha1_free( &sha1 ); mbedtls_sha1_free( &sha1 );
mbedtls_zeroize( padbuf, sizeof( padbuf ) ); mbedtls_platform_zeroize( padbuf, sizeof( padbuf ) );
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc finished" ) ); MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc finished" ) );
} }
@ -5137,7 +5139,7 @@ static void ssl_calc_finished_tls_sha256(
mbedtls_sha256_free( &sha256 ); mbedtls_sha256_free( &sha256 );
mbedtls_zeroize( padbuf, sizeof( padbuf ) ); mbedtls_platform_zeroize( padbuf, sizeof( padbuf ) );
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc finished" ) ); MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc finished" ) );
} }
@ -5186,7 +5188,7 @@ static void ssl_calc_finished_tls_sha384(
mbedtls_sha512_free( &sha512 ); mbedtls_sha512_free( &sha512 );
mbedtls_zeroize( padbuf, sizeof( padbuf ) ); mbedtls_platform_zeroize( padbuf, sizeof( padbuf ) );
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc finished" ) ); MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc finished" ) );
} }
@ -6105,7 +6107,7 @@ int mbedtls_ssl_conf_psk( mbedtls_ssl_config *conf,
if( conf->psk != NULL ) if( conf->psk != NULL )
{ {
mbedtls_zeroize( conf->psk, conf->psk_len ); mbedtls_platform_zeroize( conf->psk, conf->psk_len );
mbedtls_free( conf->psk ); mbedtls_free( conf->psk );
conf->psk = NULL; conf->psk = NULL;
@ -6148,7 +6150,8 @@ int mbedtls_ssl_set_hs_psk( mbedtls_ssl_context *ssl,
if( ssl->handshake->psk != NULL ) if( ssl->handshake->psk != NULL )
{ {
mbedtls_zeroize( ssl->handshake->psk, ssl->handshake->psk_len ); mbedtls_platform_zeroize( ssl->handshake->psk,
ssl->handshake->psk_len );
mbedtls_free( ssl->handshake->psk ); mbedtls_free( ssl->handshake->psk );
ssl->handshake->psk_len = 0; ssl->handshake->psk_len = 0;
} }
@ -6278,7 +6281,7 @@ int mbedtls_ssl_set_hostname( mbedtls_ssl_context *ssl, const char *hostname )
if( ssl->hostname != NULL ) if( ssl->hostname != NULL )
{ {
mbedtls_zeroize( ssl->hostname, strlen( ssl->hostname ) ); mbedtls_platform_zeroize( ssl->hostname, strlen( ssl->hostname ) );
mbedtls_free( ssl->hostname ); mbedtls_free( ssl->hostname );
} }
@ -6485,6 +6488,61 @@ size_t mbedtls_ssl_get_bytes_avail( const mbedtls_ssl_context *ssl )
return( ssl->in_offt == NULL ? 0 : ssl->in_msglen ); return( ssl->in_offt == NULL ? 0 : ssl->in_msglen );
} }
int mbedtls_ssl_check_pending( const mbedtls_ssl_context *ssl )
{
/*
* Case A: We're currently holding back
* a message for further processing.
*/
if( ssl->keep_current_message == 1 )
{
MBEDTLS_SSL_DEBUG_MSG( 3, ( "ssl_check_pending: record held back for processing" ) );
return( 1 );
}
/*
* Case B: Further records are pending in the current datagram.
*/
#if defined(MBEDTLS_SSL_PROTO_DTLS)
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
ssl->in_left > ssl->next_record_offset )
{
MBEDTLS_SSL_DEBUG_MSG( 3, ( "ssl_check_pending: more records within current datagram" ) );
return( 1 );
}
#endif /* MBEDTLS_SSL_PROTO_DTLS */
/*
* Case C: A handshake message is being processed.
*/
if( ssl->in_hslen > 0 && ssl->in_hslen < ssl->in_msglen )
{
MBEDTLS_SSL_DEBUG_MSG( 3, ( "ssl_check_pending: more handshake messages within current record" ) );
return( 1 );
}
/*
* Case D: An application data message is being processed
*/
if( ssl->in_offt != NULL )
{
MBEDTLS_SSL_DEBUG_MSG( 3, ( "ssl_check_pending: application data record is being processed" ) );
return( 1 );
}
/*
* In all other cases, the rest of the message can be dropped.
* As in ssl_read_record_layer, this needs to be adapted if
* we implement support for multiple alerts in single records.
*/
MBEDTLS_SSL_DEBUG_MSG( 3, ( "ssl_check_pending: nothing pending" ) );
return( 0 );
}
uint32_t mbedtls_ssl_get_verify_result( const mbedtls_ssl_context *ssl ) uint32_t mbedtls_ssl_get_verify_result( const mbedtls_ssl_context *ssl )
{ {
if( ssl->session != NULL ) if( ssl->session != NULL )
@ -6892,42 +6950,8 @@ int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len )
} }
} }
/* /* Loop as long as no application data record is available */
* TODO while( ssl->in_offt == NULL )
*
* The logic should be streamlined here:
*
* Instead of
*
* - Manually checking whether ssl->in_offt is NULL
* - Fetching a new record if yes
* - Setting ssl->in_offt if one finds an application record
* - Resetting keep_current_message after handling the application data
*
* one should
*
* - Adapt read_record to set ssl->in_offt automatically
* when a new application data record is processed.
* - Always call mbedtls_ssl_read_record here.
*
* This way, the logic of ssl_read would be much clearer:
*
* (1) Always call record layer and see what kind of record is on
* and have it ready for consumption (in particular, in_offt
* properly set for application data records).
* (2) If it's application data (either freshly fetched
* or something already being partially processed),
* serve the read request from it.
* (3) If it's something different from application data,
* handle it accordingly, e.g. potentially start a
* renegotiation.
*
* This will also remove the need to manually reset
* ssl->keep_current_message = 0 below.
*
*/
if( ssl->in_offt == NULL )
{ {
/* Start timer if not already running */ /* Start timer if not already running */
if( ssl->f_get_timer != NULL && if( ssl->f_get_timer != NULL &&
@ -6981,7 +7005,9 @@ int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len )
/* With DTLS, drop the packet (probably from last handshake) */ /* With DTLS, drop the packet (probably from last handshake) */
#if defined(MBEDTLS_SSL_PROTO_DTLS) #if defined(MBEDTLS_SSL_PROTO_DTLS)
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
return( MBEDTLS_ERR_SSL_WANT_READ ); {
continue;
}
#endif #endif
return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE ); return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE );
} }
@ -6996,7 +7022,9 @@ int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len )
/* With DTLS, drop the packet (probably from last handshake) */ /* With DTLS, drop the packet (probably from last handshake) */
#if defined(MBEDTLS_SSL_PROTO_DTLS) #if defined(MBEDTLS_SSL_PROTO_DTLS)
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
return( MBEDTLS_ERR_SSL_WANT_READ ); {
continue;
}
#endif #endif
return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE ); return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE );
} }
@ -7069,7 +7097,25 @@ int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len )
} }
} }
return( MBEDTLS_ERR_SSL_WANT_READ ); /* At this point, we don't know whether the renegotiation has been
* completed or not. The cases to consider are the following:
* 1) The renegotiation is complete. In this case, no new record
* has been read yet.
* 2) The renegotiation is incomplete because the client received
* an application data record while awaiting the ServerHello.
* 3) The renegotiation is incomplete because the client received
* a non-handshake, non-application data message while awaiting
* the ServerHello.
* In each of these case, looping will be the proper action:
* - For 1), the next iteration will read a new record and check
* if it's application data.
* - For 2), the loop condition isn't satisfied as application data
* is present, hence continue is the same as break
* - For 3), the loop condition is satisfied and read_record
* will re-deliver the message that was held back by the client
* when expecting the ServerHello.
*/
continue;
} }
#if defined(MBEDTLS_SSL_RENEGOTIATION) #if defined(MBEDTLS_SSL_RENEGOTIATION)
else if( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_PENDING ) else if( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_PENDING )
@ -7324,7 +7370,7 @@ void mbedtls_ssl_transform_free( mbedtls_ssl_transform *transform )
mbedtls_md_free( &transform->md_ctx_enc ); mbedtls_md_free( &transform->md_ctx_enc );
mbedtls_md_free( &transform->md_ctx_dec ); mbedtls_md_free( &transform->md_ctx_dec );
mbedtls_zeroize( transform, sizeof( mbedtls_ssl_transform ) ); mbedtls_platform_zeroize( transform, sizeof( mbedtls_ssl_transform ) );
} }
#if defined(MBEDTLS_X509_CRT_PARSE_C) #if defined(MBEDTLS_X509_CRT_PARSE_C)
@ -7384,7 +7430,7 @@ void mbedtls_ssl_handshake_free( mbedtls_ssl_handshake_params *handshake )
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED) #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
if( handshake->psk != NULL ) if( handshake->psk != NULL )
{ {
mbedtls_zeroize( handshake->psk, handshake->psk_len ); mbedtls_platform_zeroize( handshake->psk, handshake->psk_len );
mbedtls_free( handshake->psk ); mbedtls_free( handshake->psk );
} }
#endif #endif
@ -7414,7 +7460,8 @@ void mbedtls_ssl_handshake_free( mbedtls_ssl_handshake_params *handshake )
ssl_flight_free( handshake->flight ); ssl_flight_free( handshake->flight );
#endif #endif
mbedtls_zeroize( handshake, sizeof( mbedtls_ssl_handshake_params ) ); mbedtls_platform_zeroize( handshake,
sizeof( mbedtls_ssl_handshake_params ) );
} }
void mbedtls_ssl_session_free( mbedtls_ssl_session *session ) void mbedtls_ssl_session_free( mbedtls_ssl_session *session )
@ -7434,7 +7481,7 @@ void mbedtls_ssl_session_free( mbedtls_ssl_session *session )
mbedtls_free( session->ticket ); mbedtls_free( session->ticket );
#endif #endif
mbedtls_zeroize( session, sizeof( mbedtls_ssl_session ) ); mbedtls_platform_zeroize( session, sizeof( mbedtls_ssl_session ) );
} }
/* /*
@ -7449,20 +7496,20 @@ void mbedtls_ssl_free( mbedtls_ssl_context *ssl )
if( ssl->out_buf != NULL ) if( ssl->out_buf != NULL )
{ {
mbedtls_zeroize( ssl->out_buf, MBEDTLS_SSL_BUFFER_LEN ); mbedtls_platform_zeroize( ssl->out_buf, MBEDTLS_SSL_BUFFER_LEN );
mbedtls_free( ssl->out_buf ); mbedtls_free( ssl->out_buf );
} }
if( ssl->in_buf != NULL ) if( ssl->in_buf != NULL )
{ {
mbedtls_zeroize( ssl->in_buf, MBEDTLS_SSL_BUFFER_LEN ); mbedtls_platform_zeroize( ssl->in_buf, MBEDTLS_SSL_BUFFER_LEN );
mbedtls_free( ssl->in_buf ); mbedtls_free( ssl->in_buf );
} }
#if defined(MBEDTLS_ZLIB_SUPPORT) #if defined(MBEDTLS_ZLIB_SUPPORT)
if( ssl->compress_buf != NULL ) if( ssl->compress_buf != NULL )
{ {
mbedtls_zeroize( ssl->compress_buf, MBEDTLS_SSL_BUFFER_LEN ); mbedtls_platform_zeroize( ssl->compress_buf, MBEDTLS_SSL_BUFFER_LEN );
mbedtls_free( ssl->compress_buf ); mbedtls_free( ssl->compress_buf );
} }
#endif #endif
@ -7493,7 +7540,7 @@ void mbedtls_ssl_free( mbedtls_ssl_context *ssl )
#if defined(MBEDTLS_X509_CRT_PARSE_C) #if defined(MBEDTLS_X509_CRT_PARSE_C)
if( ssl->hostname != NULL ) if( ssl->hostname != NULL )
{ {
mbedtls_zeroize( ssl->hostname, strlen( ssl->hostname ) ); mbedtls_platform_zeroize( ssl->hostname, strlen( ssl->hostname ) );
mbedtls_free( ssl->hostname ); mbedtls_free( ssl->hostname );
} }
#endif #endif
@ -7513,7 +7560,7 @@ void mbedtls_ssl_free( mbedtls_ssl_context *ssl )
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= free" ) ); MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= free" ) );
/* Actually clear after last debug message */ /* Actually clear after last debug message */
mbedtls_zeroize( ssl, sizeof( mbedtls_ssl_context ) ); mbedtls_platform_zeroize( ssl, sizeof( mbedtls_ssl_context ) );
} }
/* /*
@ -7740,11 +7787,17 @@ void mbedtls_ssl_config_free( mbedtls_ssl_config *conf )
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED) #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
if( conf->psk != NULL ) if( conf->psk != NULL )
{ {
mbedtls_zeroize( conf->psk, conf->psk_len ); mbedtls_platform_zeroize( conf->psk, conf->psk_len );
mbedtls_zeroize( conf->psk_identity, conf->psk_identity_len );
mbedtls_free( conf->psk ); mbedtls_free( conf->psk );
mbedtls_free( conf->psk_identity ); conf->psk = NULL;
conf->psk_len = 0; conf->psk_len = 0;
}
if( conf->psk_identity != NULL )
{
mbedtls_platform_zeroize( conf->psk_identity, conf->psk_identity_len );
mbedtls_free( conf->psk_identity );
conf->psk_identity = NULL;
conf->psk_identity_len = 0; conf->psk_identity_len = 0;
} }
#endif #endif
@ -7753,7 +7806,7 @@ void mbedtls_ssl_config_free( mbedtls_ssl_config *conf )
ssl_key_cert_free( conf->key_cert ); ssl_key_cert_free( conf->key_cert );
#endif #endif
mbedtls_zeroize( conf, sizeof( mbedtls_ssl_config ) ); mbedtls_platform_zeroize( conf, sizeof( mbedtls_ssl_config ) );
} }
#if defined(MBEDTLS_PK_C) && \ #if defined(MBEDTLS_PK_C) && \

12
thirdparty/mbedtls/library/threading.c vendored
View File

@ -111,8 +111,12 @@ void mbedtls_threading_set_alt( void (*mutex_init)( mbedtls_threading_mutex_t *
mbedtls_mutex_lock = mutex_lock; mbedtls_mutex_lock = mutex_lock;
mbedtls_mutex_unlock = mutex_unlock; mbedtls_mutex_unlock = mutex_unlock;
#if defined(MBEDTLS_FS_IO)
mbedtls_mutex_init( &mbedtls_threading_readdir_mutex ); mbedtls_mutex_init( &mbedtls_threading_readdir_mutex );
#endif
#if defined(MBEDTLS_HAVE_TIME_DATE)
mbedtls_mutex_init( &mbedtls_threading_gmtime_mutex ); mbedtls_mutex_init( &mbedtls_threading_gmtime_mutex );
#endif
} }
/* /*
@ -120,8 +124,12 @@ void mbedtls_threading_set_alt( void (*mutex_init)( mbedtls_threading_mutex_t *
*/ */
void mbedtls_threading_free_alt( void ) void mbedtls_threading_free_alt( void )
{ {
#if defined(MBEDTLS_FS_IO)
mbedtls_mutex_free( &mbedtls_threading_readdir_mutex ); mbedtls_mutex_free( &mbedtls_threading_readdir_mutex );
#endif
#if defined(MBEDTLS_HAVE_TIME_DATE)
mbedtls_mutex_free( &mbedtls_threading_gmtime_mutex ); mbedtls_mutex_free( &mbedtls_threading_gmtime_mutex );
#endif
} }
#endif /* MBEDTLS_THREADING_ALT */ #endif /* MBEDTLS_THREADING_ALT */
@ -131,7 +139,11 @@ void mbedtls_threading_free_alt( void )
#ifndef MUTEX_INIT #ifndef MUTEX_INIT
#define MUTEX_INIT #define MUTEX_INIT
#endif #endif
#if defined(MBEDTLS_FS_IO)
mbedtls_threading_mutex_t mbedtls_threading_readdir_mutex MUTEX_INIT; mbedtls_threading_mutex_t mbedtls_threading_readdir_mutex MUTEX_INIT;
#endif
#if defined(MBEDTLS_HAVE_TIME_DATE)
mbedtls_threading_mutex_t mbedtls_threading_gmtime_mutex MUTEX_INIT; mbedtls_threading_mutex_t mbedtls_threading_gmtime_mutex MUTEX_INIT;
#endif
#endif /* MBEDTLS_THREADING_C */ #endif /* MBEDTLS_THREADING_C */

2
thirdparty/mbedtls/library/timing.c vendored
View File

@ -39,7 +39,7 @@
#if !defined(MBEDTLS_TIMING_ALT) #if !defined(MBEDTLS_TIMING_ALT)
#if !defined(unix) && !defined(__unix__) && !defined(__unix) && \ #if !defined(unix) && !defined(__unix__) && !defined(__unix) && \
!defined(__APPLE__) && !defined(_WIN32) !defined(__APPLE__) && !defined(_WIN32) && !defined(__QNXNTO__)
#error "This module only works on Unix and Windows, see MBEDTLS_TIMING_C in config.h" #error "This module only works on Unix and Windows, see MBEDTLS_TIMING_C in config.h"
#endif #endif

12
thirdparty/mbedtls/library/version_features.c vendored
View File

@ -90,6 +90,9 @@ static const char *features[] = {
#if defined(MBEDTLS_ARC4_ALT) #if defined(MBEDTLS_ARC4_ALT)
"MBEDTLS_ARC4_ALT", "MBEDTLS_ARC4_ALT",
#endif /* MBEDTLS_ARC4_ALT */ #endif /* MBEDTLS_ARC4_ALT */
#if defined(MBEDTLS_ARIA_ALT)
"MBEDTLS_ARIA_ALT",
#endif /* MBEDTLS_ARIA_ALT */
#if defined(MBEDTLS_BLOWFISH_ALT) #if defined(MBEDTLS_BLOWFISH_ALT)
"MBEDTLS_BLOWFISH_ALT", "MBEDTLS_BLOWFISH_ALT",
#endif /* MBEDTLS_BLOWFISH_ALT */ #endif /* MBEDTLS_BLOWFISH_ALT */
@ -237,6 +240,9 @@ static const char *features[] = {
#if defined(MBEDTLS_AES_ROM_TABLES) #if defined(MBEDTLS_AES_ROM_TABLES)
"MBEDTLS_AES_ROM_TABLES", "MBEDTLS_AES_ROM_TABLES",
#endif /* MBEDTLS_AES_ROM_TABLES */ #endif /* MBEDTLS_AES_ROM_TABLES */
#if defined(MBEDTLS_AES_FEWER_TABLES)
"MBEDTLS_AES_FEWER_TABLES",
#endif /* MBEDTLS_AES_FEWER_TABLES */
#if defined(MBEDTLS_CAMELLIA_SMALL_MEMORY) #if defined(MBEDTLS_CAMELLIA_SMALL_MEMORY)
"MBEDTLS_CAMELLIA_SMALL_MEMORY", "MBEDTLS_CAMELLIA_SMALL_MEMORY",
#endif /* MBEDTLS_CAMELLIA_SMALL_MEMORY */ #endif /* MBEDTLS_CAMELLIA_SMALL_MEMORY */
@ -306,6 +312,9 @@ static const char *features[] = {
#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) #if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED)
"MBEDTLS_ECP_DP_CURVE25519_ENABLED", "MBEDTLS_ECP_DP_CURVE25519_ENABLED",
#endif /* MBEDTLS_ECP_DP_CURVE25519_ENABLED */ #endif /* MBEDTLS_ECP_DP_CURVE25519_ENABLED */
#if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED)
"MBEDTLS_ECP_DP_CURVE448_ENABLED",
#endif /* MBEDTLS_ECP_DP_CURVE448_ENABLED */
#if defined(MBEDTLS_ECP_NIST_OPTIM) #if defined(MBEDTLS_ECP_NIST_OPTIM)
"MBEDTLS_ECP_NIST_OPTIM", "MBEDTLS_ECP_NIST_OPTIM",
#endif /* MBEDTLS_ECP_NIST_OPTIM */ #endif /* MBEDTLS_ECP_NIST_OPTIM */
@ -525,6 +534,9 @@ static const char *features[] = {
#if defined(MBEDTLS_CAMELLIA_C) #if defined(MBEDTLS_CAMELLIA_C)
"MBEDTLS_CAMELLIA_C", "MBEDTLS_CAMELLIA_C",
#endif /* MBEDTLS_CAMELLIA_C */ #endif /* MBEDTLS_CAMELLIA_C */
#if defined(MBEDTLS_ARIA_C)
"MBEDTLS_ARIA_C",
#endif /* MBEDTLS_ARIA_C */
#if defined(MBEDTLS_CCM_C) #if defined(MBEDTLS_CCM_C)
"MBEDTLS_CCM_C", "MBEDTLS_CCM_C",
#endif /* MBEDTLS_CCM_C */ #endif /* MBEDTLS_CCM_C */

17
thirdparty/mbedtls/library/x509_crl.c vendored
View File

@ -39,6 +39,7 @@
#include "mbedtls/x509_crl.h" #include "mbedtls/x509_crl.h"
#include "mbedtls/oid.h" #include "mbedtls/oid.h"
#include "mbedtls/platform_util.h"
#include <string.h> #include <string.h>
@ -66,11 +67,6 @@
#include <stdio.h> #include <stdio.h>
#endif #endif
/* Implementation that should never be optimized out by the compiler */
static void mbedtls_zeroize( void *v, size_t n ) {
volatile unsigned char *p = v; while( n-- ) *p++ = 0;
}
/* /*
* Version ::= INTEGER { v1(0), v2(1) } * Version ::= INTEGER { v1(0), v2(1) }
*/ */
@ -616,7 +612,7 @@ int mbedtls_x509_crl_parse_file( mbedtls_x509_crl *chain, const char *path )
ret = mbedtls_x509_crl_parse( chain, buf, n ); ret = mbedtls_x509_crl_parse( chain, buf, n );
mbedtls_zeroize( buf, n ); mbedtls_platform_zeroize( buf, n );
mbedtls_free( buf ); mbedtls_free( buf );
return( ret ); return( ret );
@ -737,7 +733,7 @@ void mbedtls_x509_crl_free( mbedtls_x509_crl *crl )
{ {
name_prv = name_cur; name_prv = name_cur;
name_cur = name_cur->next; name_cur = name_cur->next;
mbedtls_zeroize( name_prv, sizeof( mbedtls_x509_name ) ); mbedtls_platform_zeroize( name_prv, sizeof( mbedtls_x509_name ) );
mbedtls_free( name_prv ); mbedtls_free( name_prv );
} }
@ -746,13 +742,14 @@ void mbedtls_x509_crl_free( mbedtls_x509_crl *crl )
{ {
entry_prv = entry_cur; entry_prv = entry_cur;
entry_cur = entry_cur->next; entry_cur = entry_cur->next;
mbedtls_zeroize( entry_prv, sizeof( mbedtls_x509_crl_entry ) ); mbedtls_platform_zeroize( entry_prv,
sizeof( mbedtls_x509_crl_entry ) );
mbedtls_free( entry_prv ); mbedtls_free( entry_prv );
} }
if( crl_cur->raw.p != NULL ) if( crl_cur->raw.p != NULL )
{ {
mbedtls_zeroize( crl_cur->raw.p, crl_cur->raw.len ); mbedtls_platform_zeroize( crl_cur->raw.p, crl_cur->raw.len );
mbedtls_free( crl_cur->raw.p ); mbedtls_free( crl_cur->raw.p );
} }
@ -766,7 +763,7 @@ void mbedtls_x509_crl_free( mbedtls_x509_crl *crl )
crl_prv = crl_cur; crl_prv = crl_cur;
crl_cur = crl_cur->next; crl_cur = crl_cur->next;
mbedtls_zeroize( crl_prv, sizeof( mbedtls_x509_crl ) ); mbedtls_platform_zeroize( crl_prv, sizeof( mbedtls_x509_crl ) );
if( crl_prv != crl ) if( crl_prv != crl )
mbedtls_free( crl_prv ); mbedtls_free( crl_prv );
} }

760
thirdparty/mbedtls/library/x509_crt.c vendored
View File

@ -27,6 +27,8 @@
* *
* http://www.itu.int/ITU-T/studygroups/com17/languages/X.680-0207.pdf * http://www.itu.int/ITU-T/studygroups/com17/languages/X.680-0207.pdf
* http://www.itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf * http://www.itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf
*
* [SIRO] https://cabforum.org/wp-content/uploads/Chunghwatelecom201503cabforumV4.pdf
*/ */
#if !defined(MBEDTLS_CONFIG_FILE) #if !defined(MBEDTLS_CONFIG_FILE)
@ -39,6 +41,7 @@
#include "mbedtls/x509_crt.h" #include "mbedtls/x509_crt.h"
#include "mbedtls/oid.h" #include "mbedtls/oid.h"
#include "mbedtls/platform_util.h"
#include <stdio.h> #include <stdio.h>
#include <string.h> #include <string.h>
@ -88,10 +91,18 @@
#endif /* !_WIN32 || EFIX64 || EFI32 */ #endif /* !_WIN32 || EFIX64 || EFI32 */
#endif #endif
/* Implementation that should never be optimized out by the compiler */ /*
static void mbedtls_zeroize( void *v, size_t n ) { * Item in a verification chain: cert and flags for it
volatile unsigned char *p = v; while( n-- ) *p++ = 0; */
} typedef struct {
mbedtls_x509_crt *crt;
uint32_t flags;
} x509_crt_verify_chain_item;
/*
* Max size of verification chain: end-entity + intermediates + trusted root
*/
#define X509_MAX_VERIFY_CHAIN_SIZE ( MBEDTLS_X509_MAX_INTERMEDIATE_CA + 2 )
/* /*
* Default profile * Default profile
@ -160,7 +171,7 @@ const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_suiteb =
/* /*
* Check md_alg against profile * Check md_alg against profile
* Return 0 if md_alg acceptable for this profile, -1 otherwise * Return 0 if md_alg is acceptable for this profile, -1 otherwise
*/ */
static int x509_profile_check_md_alg( const mbedtls_x509_crt_profile *profile, static int x509_profile_check_md_alg( const mbedtls_x509_crt_profile *profile,
mbedtls_md_type_t md_alg ) mbedtls_md_type_t md_alg )
@ -173,7 +184,7 @@ static int x509_profile_check_md_alg( const mbedtls_x509_crt_profile *profile,
/* /*
* Check pk_alg against profile * Check pk_alg against profile
* Return 0 if pk_alg acceptable for this profile, -1 otherwise * Return 0 if pk_alg is acceptable for this profile, -1 otherwise
*/ */
static int x509_profile_check_pk_alg( const mbedtls_x509_crt_profile *profile, static int x509_profile_check_pk_alg( const mbedtls_x509_crt_profile *profile,
mbedtls_pk_type_t pk_alg ) mbedtls_pk_type_t pk_alg )
@ -186,12 +197,13 @@ static int x509_profile_check_pk_alg( const mbedtls_x509_crt_profile *profile,
/* /*
* Check key against profile * Check key against profile
* Return 0 if pk_alg acceptable for this profile, -1 otherwise * Return 0 if pk is acceptable for this profile, -1 otherwise
*/ */
static int x509_profile_check_key( const mbedtls_x509_crt_profile *profile, static int x509_profile_check_key( const mbedtls_x509_crt_profile *profile,
mbedtls_pk_type_t pk_alg,
const mbedtls_pk_context *pk ) const mbedtls_pk_context *pk )
{ {
const mbedtls_pk_type_t pk_alg = mbedtls_pk_get_type( pk );
#if defined(MBEDTLS_RSA_C) #if defined(MBEDTLS_RSA_C)
if( pk_alg == MBEDTLS_PK_RSA || pk_alg == MBEDTLS_PK_RSASSA_PSS ) if( pk_alg == MBEDTLS_PK_RSA || pk_alg == MBEDTLS_PK_RSASSA_PSS )
{ {
@ -207,7 +219,7 @@ static int x509_profile_check_key( const mbedtls_x509_crt_profile *profile,
pk_alg == MBEDTLS_PK_ECKEY || pk_alg == MBEDTLS_PK_ECKEY ||
pk_alg == MBEDTLS_PK_ECKEY_DH ) pk_alg == MBEDTLS_PK_ECKEY_DH )
{ {
mbedtls_ecp_group_id gid = mbedtls_pk_ec( *pk )->grp.id; const mbedtls_ecp_group_id gid = mbedtls_pk_ec( *pk )->grp.id;
if( ( profile->allowed_curves & MBEDTLS_X509_ID_FLAG( gid ) ) != 0 ) if( ( profile->allowed_curves & MBEDTLS_X509_ID_FLAG( gid ) ) != 0 )
return( 0 ); return( 0 );
@ -1112,7 +1124,7 @@ int mbedtls_x509_crt_parse_file( mbedtls_x509_crt *chain, const char *path )
ret = mbedtls_x509_crt_parse( chain, buf, n ); ret = mbedtls_x509_crt_parse( chain, buf, n );
mbedtls_zeroize( buf, n ); mbedtls_platform_zeroize( buf, n );
mbedtls_free( buf ); mbedtls_free( buf );
return( ret ); return( ret );
@ -1662,7 +1674,7 @@ int mbedtls_x509_crt_is_revoked( const mbedtls_x509_crt *crt, const mbedtls_x509
/* /*
* Check that the given certificate is not revoked according to the CRL. * Check that the given certificate is not revoked according to the CRL.
* Skip validation is no CRL for the given CA is present. * Skip validation if no CRL for the given CA is present.
*/ */
static int x509_crt_verifycrl( mbedtls_x509_crt *crt, mbedtls_x509_crt *ca, static int x509_crt_verifycrl( mbedtls_x509_crt *crt, mbedtls_x509_crt *ca,
mbedtls_x509_crl *crl_list, mbedtls_x509_crl *crl_list,
@ -1707,18 +1719,14 @@ static int x509_crt_verifycrl( mbedtls_x509_crt *crt, mbedtls_x509_crt *ca,
flags |= MBEDTLS_X509_BADCRL_BAD_PK; flags |= MBEDTLS_X509_BADCRL_BAD_PK;
md_info = mbedtls_md_info_from_type( crl_list->sig_md ); md_info = mbedtls_md_info_from_type( crl_list->sig_md );
if( md_info == NULL ) if( mbedtls_md( md_info, crl_list->tbs.p, crl_list->tbs.len, hash ) != 0 )
{ {
/* /* Note: this can't happen except after an internal error */
* Cannot check 'unknown' hash
*/
flags |= MBEDTLS_X509_BADCRL_NOT_TRUSTED; flags |= MBEDTLS_X509_BADCRL_NOT_TRUSTED;
break; break;
} }
mbedtls_md( md_info, crl_list->tbs.p, crl_list->tbs.len, hash ); if( x509_profile_check_key( profile, &ca->pk ) != 0 )
if( x509_profile_check_key( profile, crl_list->sig_pk, &ca->pk ) != 0 )
flags |= MBEDTLS_X509_BADCERT_BAD_KEY; flags |= MBEDTLS_X509_BADCERT_BAD_KEY;
if( mbedtls_pk_verify_ext( crl_list->sig_pk, crl_list->sig_opts, &ca->pk, if( mbedtls_pk_verify_ext( crl_list->sig_pk, crl_list->sig_opts, &ca->pk,
@ -1786,13 +1794,14 @@ static int x509_memcasecmp( const void *s1, const void *s2, size_t len )
/* /*
* Return 0 if name matches wildcard, -1 otherwise * Return 0 if name matches wildcard, -1 otherwise
*/ */
static int x509_check_wildcard( const char *cn, mbedtls_x509_buf *name ) static int x509_check_wildcard( const char *cn, const mbedtls_x509_buf *name )
{ {
size_t i; size_t i;
size_t cn_idx = 0, cn_len = strlen( cn ); size_t cn_idx = 0, cn_len = strlen( cn );
/* We can't have a match if there is no wildcard to match */
if( name->len < 3 || name->p[0] != '*' || name->p[1] != '.' ) if( name->len < 3 || name->p[0] != '*' || name->p[1] != '.' )
return( 0 ); return( -1 );
for( i = 0; i < cn_len; ++i ) for( i = 0; i < cn_len; ++i )
{ {
@ -1883,16 +1892,41 @@ static int x509_name_cmp( const mbedtls_x509_name *a, const mbedtls_x509_name *b
return( 0 ); return( 0 );
} }
/*
* Check the signature of a certificate by its parent
*/
static int x509_crt_check_signature( const mbedtls_x509_crt *child,
mbedtls_x509_crt *parent )
{
const mbedtls_md_info_t *md_info;
unsigned char hash[MBEDTLS_MD_MAX_SIZE];
md_info = mbedtls_md_info_from_type( child->sig_md );
if( mbedtls_md( md_info, child->tbs.p, child->tbs.len, hash ) != 0 )
{
/* Note: this can't happen except after an internal error */
return( -1 );
}
if( mbedtls_pk_verify_ext( child->sig_pk, child->sig_opts, &parent->pk,
child->sig_md, hash, mbedtls_md_get_size( md_info ),
child->sig.p, child->sig.len ) != 0 )
{
return( -1 );
}
return( 0 );
}
/* /*
* Check if 'parent' is a suitable parent (signing CA) for 'child'. * Check if 'parent' is a suitable parent (signing CA) for 'child'.
* Return 0 if yes, -1 if not. * Return 0 if yes, -1 if not.
* *
* top means parent is a locally-trusted certificate * top means parent is a locally-trusted certificate
* bottom means child is the end entity cert
*/ */
static int x509_crt_check_parent( const mbedtls_x509_crt *child, static int x509_crt_check_parent( const mbedtls_x509_crt *child,
const mbedtls_x509_crt *parent, const mbedtls_x509_crt *parent,
int top, int bottom ) int top )
{ {
int need_ca_bit; int need_ca_bit;
@ -1907,14 +1941,6 @@ static int x509_crt_check_parent( const mbedtls_x509_crt *child,
if( top && parent->version < 3 ) if( top && parent->version < 3 )
need_ca_bit = 0; need_ca_bit = 0;
/* Exception: self-signed end-entity certs that are locally trusted. */
if( top && bottom &&
child->raw.len == parent->raw.len &&
memcmp( child->raw.p, parent->raw.p, child->raw.len ) == 0 )
{
need_ca_bit = 0;
}
if( need_ca_bit && ! parent->ca_istrue ) if( need_ca_bit && ! parent->ca_istrue )
return( -1 ); return( -1 );
@ -1929,86 +1955,78 @@ static int x509_crt_check_parent( const mbedtls_x509_crt *child,
return( 0 ); return( 0 );
} }
static int x509_crt_verify_top( /*
mbedtls_x509_crt *child, mbedtls_x509_crt *trust_ca, * Find a suitable parent for child in candidates, or return NULL.
mbedtls_x509_crl *ca_crl, *
const mbedtls_x509_crt_profile *profile, * Here suitable is defined as:
int path_cnt, int self_cnt, uint32_t *flags, * 1. subject name matches child's issuer
int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), * 2. if necessary, the CA bit is set and key usage allows signing certs
void *p_vrfy ) * 3. for trusted roots, the signature is correct
* 4. pathlen constraints are satisfied
*
* If there's a suitable candidate which is also time-valid, return the first
* such. Otherwise, return the first suitable candidate (or NULL if there is
* none).
*
* The rationale for this rule is that someone could have a list of trusted
* roots with two versions on the same root with different validity periods.
* (At least one user reported having such a list and wanted it to just work.)
* The reason we don't just require time-validity is that generally there is
* only one version, and if it's expired we want the flags to state that
* rather than NOT_TRUSTED, as would be the case if we required it here.
*
* The rationale for rule 3 (signature for trusted roots) is that users might
* have two versions of the same CA with different keys in their list, and the
* way we select the correct one is by checking the signature (as we don't
* rely on key identifier extensions). (This is one way users might choose to
* handle key rollover, another relies on self-issued certs, see [SIRO].)
*
* Arguments:
* - [in] child: certificate for which we're looking for a parent
* - [in] candidates: chained list of potential parents
* - [in] top: 1 if candidates consists of trusted roots, ie we're at the top
* of the chain, 0 otherwise
* - [in] path_cnt: number of intermediates seen so far
* - [in] self_cnt: number of self-signed intermediates seen so far
* (will never be greater than path_cnt)
*
* Return value:
* - the first suitable parent found (see above regarding time-validity)
* - NULL if no suitable parent was found
*/
static mbedtls_x509_crt *x509_crt_find_parent_in( mbedtls_x509_crt *child,
mbedtls_x509_crt *candidates,
int top,
size_t path_cnt,
size_t self_cnt )
{ {
int ret; mbedtls_x509_crt *parent, *badtime_parent = NULL;
uint32_t ca_flags = 0;
int check_path_cnt;
unsigned char hash[MBEDTLS_MD_MAX_SIZE];
const mbedtls_md_info_t *md_info;
mbedtls_x509_crt *future_past_ca = NULL;
if( mbedtls_x509_time_is_past( &child->valid_to ) ) for( parent = candidates; parent != NULL; parent = parent->next )
*flags |= MBEDTLS_X509_BADCERT_EXPIRED;
if( mbedtls_x509_time_is_future( &child->valid_from ) )
*flags |= MBEDTLS_X509_BADCERT_FUTURE;
if( x509_profile_check_md_alg( profile, child->sig_md ) != 0 )
*flags |= MBEDTLS_X509_BADCERT_BAD_MD;
if( x509_profile_check_pk_alg( profile, child->sig_pk ) != 0 )
*flags |= MBEDTLS_X509_BADCERT_BAD_PK;
/*
* Child is the top of the chain. Check against the trust_ca list.
*/
*flags |= MBEDTLS_X509_BADCERT_NOT_TRUSTED;
md_info = mbedtls_md_info_from_type( child->sig_md );
if( md_info == NULL )
{ {
/* /* basic parenting skills (name, CA bit, key usage) */
* Cannot check 'unknown', no need to try any CA if( x509_crt_check_parent( child, parent, top ) != 0 )
*/
trust_ca = NULL;
}
else
mbedtls_md( md_info, child->tbs.p, child->tbs.len, hash );
for( /* trust_ca */ ; trust_ca != NULL; trust_ca = trust_ca->next )
{
if( x509_crt_check_parent( child, trust_ca, 1, path_cnt == 0 ) != 0 )
continue; continue;
check_path_cnt = path_cnt + 1; /* +1 because stored max_pathlen is 1 higher that the actual value */
if( parent->max_pathlen > 0 &&
/* (size_t) parent->max_pathlen < 1 + path_cnt - self_cnt )
* Reduce check_path_cnt to check against if top of the chain is
* the same as the trusted CA
*/
if( child->subject_raw.len == trust_ca->subject_raw.len &&
memcmp( child->subject_raw.p, trust_ca->subject_raw.p,
child->issuer_raw.len ) == 0 )
{
check_path_cnt--;
}
/* Self signed certificates do not count towards the limit */
if( trust_ca->max_pathlen > 0 &&
trust_ca->max_pathlen < check_path_cnt - self_cnt )
{ {
continue; continue;
} }
if( mbedtls_pk_verify_ext( child->sig_pk, child->sig_opts, &trust_ca->pk, /* Signature */
child->sig_md, hash, mbedtls_md_get_size( md_info ), if( top && x509_crt_check_signature( child, parent ) != 0 )
child->sig.p, child->sig.len ) != 0 )
{ {
continue; continue;
} }
if( mbedtls_x509_time_is_past( &trust_ca->valid_to ) || /* optional time check */
mbedtls_x509_time_is_future( &trust_ca->valid_from ) ) if( mbedtls_x509_time_is_past( &parent->valid_to ) ||
mbedtls_x509_time_is_future( &parent->valid_from ) )
{ {
if ( future_past_ca == NULL ) if( badtime_parent == NULL )
future_past_ca = trust_ca; badtime_parent = parent;
continue; continue;
} }
@ -2016,190 +2034,292 @@ static int x509_crt_verify_top(
break; break;
} }
if( trust_ca != NULL || ( trust_ca = future_past_ca ) != NULL ) if( parent == NULL )
{ parent = badtime_parent;
/*
* Top of chain is signed by a trusted CA
*/
*flags &= ~MBEDTLS_X509_BADCERT_NOT_TRUSTED;
if( x509_profile_check_key( profile, child->sig_pk, &trust_ca->pk ) != 0 ) return( parent );
*flags |= MBEDTLS_X509_BADCERT_BAD_KEY;
}
/*
* If top of chain is not the same as the trusted CA send a verify request
* to the callback for any issues with validity and CRL presence for the
* trusted CA certificate.
*/
if( trust_ca != NULL &&
( child->subject_raw.len != trust_ca->subject_raw.len ||
memcmp( child->subject_raw.p, trust_ca->subject_raw.p,
child->issuer_raw.len ) != 0 ) )
{
#if defined(MBEDTLS_X509_CRL_PARSE_C)
/* Check trusted CA's CRL for the chain's top crt */
*flags |= x509_crt_verifycrl( child, trust_ca, ca_crl, profile );
#else
((void) ca_crl);
#endif
if( mbedtls_x509_time_is_past( &trust_ca->valid_to ) )
ca_flags |= MBEDTLS_X509_BADCERT_EXPIRED;
if( mbedtls_x509_time_is_future( &trust_ca->valid_from ) )
ca_flags |= MBEDTLS_X509_BADCERT_FUTURE;
if( NULL != f_vrfy )
{
if( ( ret = f_vrfy( p_vrfy, trust_ca, path_cnt + 1,
&ca_flags ) ) != 0 )
{
return( ret );
}
}
}
/* Call callback on top cert */
if( NULL != f_vrfy )
{
if( ( ret = f_vrfy( p_vrfy, child, path_cnt, flags ) ) != 0 )
return( ret );
}
*flags |= ca_flags;
return( 0 );
} }
static int x509_crt_verify_child( /*
mbedtls_x509_crt *child, mbedtls_x509_crt *parent, * Find a parent in trusted CAs or the provided chain, or return NULL.
mbedtls_x509_crt *trust_ca, mbedtls_x509_crl *ca_crl, *
const mbedtls_x509_crt_profile *profile, * Searches in trusted CAs first, and return the first suitable parent found
int path_cnt, int self_cnt, uint32_t *flags, * (see find_parent_in() for definition of suitable).
int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), *
void *p_vrfy ) * Arguments:
* - [in] child: certificate for which we're looking for a parent, followed
* by a chain of possible intermediates
* - [in] trust_ca: locally trusted CAs
* - [out] 1 if parent was found in trust_ca, 0 if found in provided chain
* - [in] path_cnt: number of intermediates seen so far
* - [in] self_cnt: number of self-signed intermediates seen so far
* (will always be no greater than path_cnt)
*
* Return value:
* - the first suitable parent found (see find_parent_in() for "suitable")
* - NULL if no suitable parent was found
*/
static mbedtls_x509_crt *x509_crt_find_parent( mbedtls_x509_crt *child,
mbedtls_x509_crt *trust_ca,
int *parent_is_trusted,
size_t path_cnt,
size_t self_cnt )
{ {
int ret; mbedtls_x509_crt *parent;
uint32_t parent_flags = 0;
unsigned char hash[MBEDTLS_MD_MAX_SIZE];
mbedtls_x509_crt *grandparent;
const mbedtls_md_info_t *md_info;
/* Counting intermediate self signed certificates */ /* Look for a parent in trusted CAs */
if( ( path_cnt != 0 ) && x509_name_cmp( &child->issuer, &child->subject ) == 0 ) *parent_is_trusted = 1;
self_cnt++; parent = x509_crt_find_parent_in( child, trust_ca, 1, path_cnt, self_cnt );
/* path_cnt is 0 for the first intermediate CA */ if( parent != NULL )
if( 1 + path_cnt > MBEDTLS_X509_MAX_INTERMEDIATE_CA ) return( parent );
/* Look for a parent upwards the chain */
*parent_is_trusted = 0;
return( x509_crt_find_parent_in( child, child->next, 0, path_cnt, self_cnt ) );
}
/*
* Check if an end-entity certificate is locally trusted
*
* Currently we require such certificates to be self-signed (actually only
* check for self-issued as self-signatures are not checked)
*/
static int x509_crt_check_ee_locally_trusted(
mbedtls_x509_crt *crt,
mbedtls_x509_crt *trust_ca )
{
mbedtls_x509_crt *cur;
/* must be self-issued */
if( x509_name_cmp( &crt->issuer, &crt->subject ) != 0 )
return( -1 );
/* look for an exact match with trusted cert */
for( cur = trust_ca; cur != NULL; cur = cur->next )
{ {
/* return immediately as the goal is to avoid unbounded recursion */ if( crt->raw.len == cur->raw.len &&
return( MBEDTLS_ERR_X509_FATAL_ERROR ); memcmp( crt->raw.p, cur->raw.p, crt->raw.len ) == 0 )
}
if( mbedtls_x509_time_is_past( &child->valid_to ) )
*flags |= MBEDTLS_X509_BADCERT_EXPIRED;
if( mbedtls_x509_time_is_future( &child->valid_from ) )
*flags |= MBEDTLS_X509_BADCERT_FUTURE;
if( x509_profile_check_md_alg( profile, child->sig_md ) != 0 )
*flags |= MBEDTLS_X509_BADCERT_BAD_MD;
if( x509_profile_check_pk_alg( profile, child->sig_pk ) != 0 )
*flags |= MBEDTLS_X509_BADCERT_BAD_PK;
md_info = mbedtls_md_info_from_type( child->sig_md );
if( md_info == NULL )
{
/*
* Cannot check 'unknown' hash
*/
*flags |= MBEDTLS_X509_BADCERT_NOT_TRUSTED;
}
else
{
mbedtls_md( md_info, child->tbs.p, child->tbs.len, hash );
if( x509_profile_check_key( profile, child->sig_pk, &parent->pk ) != 0 )
*flags |= MBEDTLS_X509_BADCERT_BAD_KEY;
if( mbedtls_pk_verify_ext( child->sig_pk, child->sig_opts, &parent->pk,
child->sig_md, hash, mbedtls_md_get_size( md_info ),
child->sig.p, child->sig.len ) != 0 )
{ {
*flags |= MBEDTLS_X509_BADCERT_NOT_TRUSTED; return( 0 );
} }
} }
/* too bad */
return( -1 );
}
/*
* Build and verify a certificate chain
*
* Given a peer-provided list of certificates EE, C1, ..., Cn and
* a list of trusted certs R1, ... Rp, try to build and verify a chain
* EE, Ci1, ... Ciq [, Rj]
* such that every cert in the chain is a child of the next one,
* jumping to a trusted root as early as possible.
*
* Verify that chain and return it with flags for all issues found.
*
* Special cases:
* - EE == Rj -> return a one-element list containing it
* - EE, Ci1, ..., Ciq cannot be continued with a trusted root
* -> return that chain with NOT_TRUSTED set on Ciq
*
* Arguments:
* - [in] crt: the cert list EE, C1, ..., Cn
* - [in] trust_ca: the trusted list R1, ..., Rp
* - [in] ca_crl, profile: as in verify_with_profile()
* - [out] ver_chain, chain_len: the built and verified chain
*
* Return value:
* - non-zero if the chain could not be fully built and examined
* - 0 is the chain was successfully built and examined,
* even if it was found to be invalid
*/
static int x509_crt_verify_chain(
mbedtls_x509_crt *crt,
mbedtls_x509_crt *trust_ca,
mbedtls_x509_crl *ca_crl,
const mbedtls_x509_crt_profile *profile,
x509_crt_verify_chain_item ver_chain[X509_MAX_VERIFY_CHAIN_SIZE],
size_t *chain_len )
{
uint32_t *flags;
mbedtls_x509_crt *child;
mbedtls_x509_crt *parent;
int parent_is_trusted = 0;
int child_is_trusted = 0;
size_t self_cnt = 0;
child = crt;
*chain_len = 0;
while( 1 ) {
/* Add certificate to the verification chain */
ver_chain[*chain_len].crt = child;
flags = &ver_chain[*chain_len].flags;
++*chain_len;
/* Check time-validity (all certificates) */
if( mbedtls_x509_time_is_past( &child->valid_to ) )
*flags |= MBEDTLS_X509_BADCERT_EXPIRED;
if( mbedtls_x509_time_is_future( &child->valid_from ) )
*flags |= MBEDTLS_X509_BADCERT_FUTURE;
/* Stop here for trusted roots (but not for trusted EE certs) */
if( child_is_trusted )
return( 0 );
/* Check signature algorithm: MD & PK algs */
if( x509_profile_check_md_alg( profile, child->sig_md ) != 0 )
*flags |= MBEDTLS_X509_BADCERT_BAD_MD;
if( x509_profile_check_pk_alg( profile, child->sig_pk ) != 0 )
*flags |= MBEDTLS_X509_BADCERT_BAD_PK;
/* Special case: EE certs that are locally trusted */
if( *chain_len == 1 &&
x509_crt_check_ee_locally_trusted( child, trust_ca ) == 0 )
{
return( 0 );
}
/* Look for a parent in trusted CAs or up the chain */
parent = x509_crt_find_parent( child, trust_ca, &parent_is_trusted,
*chain_len - 1, self_cnt );
/* No parent? We're done here */
if( parent == NULL )
{
*flags |= MBEDTLS_X509_BADCERT_NOT_TRUSTED;
return( 0 );
}
/* Count intermediate self-issued (not necessarily self-signed) certs.
* These can occur with some strategies for key rollover, see [SIRO],
* and should be excluded from max_pathlen checks. */
if( *chain_len != 1 &&
x509_name_cmp( &child->issuer, &child->subject ) == 0 )
{
self_cnt++;
}
/* path_cnt is 0 for the first intermediate CA,
* and if parent is trusted it's not an intermediate CA */
if( ! parent_is_trusted &&
*chain_len > MBEDTLS_X509_MAX_INTERMEDIATE_CA )
{
/* return immediately to avoid overflow the chain array */
return( MBEDTLS_ERR_X509_FATAL_ERROR );
}
/* if parent is trusted, the signature was checked by find_parent() */
if( ! parent_is_trusted && x509_crt_check_signature( child, parent ) != 0 )
*flags |= MBEDTLS_X509_BADCERT_NOT_TRUSTED;
/* check size of signing key */
if( x509_profile_check_key( profile, &parent->pk ) != 0 )
*flags |= MBEDTLS_X509_BADCERT_BAD_KEY;
#if defined(MBEDTLS_X509_CRL_PARSE_C) #if defined(MBEDTLS_X509_CRL_PARSE_C)
/* Check trusted CA's CRL for the given crt */ /* Check trusted CA's CRL for the given crt */
*flags |= x509_crt_verifycrl(child, parent, ca_crl, profile ); *flags |= x509_crt_verifycrl( child, parent, ca_crl, profile );
#else
(void) ca_crl;
#endif #endif
/* Look for a grandparent in trusted CAs */ /* prepare for next iteration */
for( grandparent = trust_ca; child = parent;
grandparent != NULL; parent = NULL;
grandparent = grandparent->next ) child_is_trusted = parent_is_trusted;
}
}
/*
* Check for CN match
*/
static int x509_crt_check_cn( const mbedtls_x509_buf *name,
const char *cn, size_t cn_len )
{
/* try exact match */
if( name->len == cn_len &&
x509_memcasecmp( cn, name->p, cn_len ) == 0 )
{ {
if( x509_crt_check_parent( parent, grandparent, return( 0 );
0, path_cnt == 0 ) == 0 )
break;
} }
if( grandparent != NULL ) /* try wildcard match */
if( x509_check_wildcard( cn, name ) == 0 )
{ {
ret = x509_crt_verify_top( parent, grandparent, ca_crl, profile, return( 0 );
path_cnt + 1, self_cnt, &parent_flags, f_vrfy, p_vrfy );
if( ret != 0 )
return( ret );
} }
else
return( -1 );
}
/*
* Verify the requested CN - only call this if cn is not NULL!
*/
static void x509_crt_verify_name( const mbedtls_x509_crt *crt,
const char *cn,
uint32_t *flags )
{
const mbedtls_x509_name *name;
const mbedtls_x509_sequence *cur;
size_t cn_len = strlen( cn );
if( crt->ext_types & MBEDTLS_X509_EXT_SUBJECT_ALT_NAME )
{ {
/* Look for a grandparent upwards the chain */ for( cur = &crt->subject_alt_names; cur != NULL; cur = cur->next )
for( grandparent = parent->next;
grandparent != NULL;
grandparent = grandparent->next )
{ {
/* +2 because the current step is not yet accounted for if( x509_crt_check_cn( &cur->buf, cn, cn_len ) == 0 )
* and because max_pathlen is one higher than it should be.
* Also self signed certificates do not count to the limit. */
if( grandparent->max_pathlen > 0 &&
grandparent->max_pathlen < 2 + path_cnt - self_cnt )
{
continue;
}
if( x509_crt_check_parent( parent, grandparent,
0, path_cnt == 0 ) == 0 )
break; break;
} }
/* Is our parent part of the chain or at the top? */ if( cur == NULL )
if( grandparent != NULL ) *flags |= MBEDTLS_X509_BADCERT_CN_MISMATCH;
{
ret = x509_crt_verify_child( parent, grandparent, trust_ca, ca_crl,
profile, path_cnt + 1, self_cnt, &parent_flags,
f_vrfy, p_vrfy );
if( ret != 0 )
return( ret );
}
else
{
ret = x509_crt_verify_top( parent, trust_ca, ca_crl, profile,
path_cnt + 1, self_cnt, &parent_flags,
f_vrfy, p_vrfy );
if( ret != 0 )
return( ret );
}
} }
else
{
for( name = &crt->subject; name != NULL; name = name->next )
{
if( MBEDTLS_OID_CMP( MBEDTLS_OID_AT_CN, &name->oid ) == 0 &&
x509_crt_check_cn( &name->val, cn, cn_len ) == 0 )
{
break;
}
}
/* child is verified to be a child of the parent, call verify callback */ if( name == NULL )
if( NULL != f_vrfy ) *flags |= MBEDTLS_X509_BADCERT_CN_MISMATCH;
if( ( ret = f_vrfy( p_vrfy, child, path_cnt, flags ) ) != 0 ) }
return( ret ); }
*flags |= parent_flags; /*
* Merge the flags for all certs in the chain, after calling callback
*/
static int x509_crt_merge_flags_with_cb(
uint32_t *flags,
x509_crt_verify_chain_item ver_chain[X509_MAX_VERIFY_CHAIN_SIZE],
size_t chain_len,
int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
void *p_vrfy )
{
int ret;
size_t i;
uint32_t cur_flags;
for( i = chain_len; i != 0; --i )
{
cur_flags = ver_chain[i-1].flags;
if( NULL != f_vrfy )
if( ( ret = f_vrfy( p_vrfy, ver_chain[i-1].crt, (int) i-1, &cur_flags ) ) != 0 )
return( ret );
*flags |= cur_flags;
}
return( 0 ); return( 0 );
} }
@ -2218,9 +2338,15 @@ int mbedtls_x509_crt_verify( mbedtls_x509_crt *crt,
&mbedtls_x509_crt_profile_default, cn, flags, f_vrfy, p_vrfy ) ); &mbedtls_x509_crt_profile_default, cn, flags, f_vrfy, p_vrfy ) );
} }
/* /*
* Verify the certificate validity, with profile * Verify the certificate validity, with profile
*
* This function:
* - checks the requested CN (if any)
* - checks the type and size of the EE cert's key,
* as that isn't done as part of chain building/verification currently
* - builds and verifies the chain
* - then calls the callback and merges the flags
*/ */
int mbedtls_x509_crt_verify_with_profile( mbedtls_x509_crt *crt, int mbedtls_x509_crt_verify_with_profile( mbedtls_x509_crt *crt,
mbedtls_x509_crt *trust_ca, mbedtls_x509_crt *trust_ca,
@ -2230,15 +2356,15 @@ int mbedtls_x509_crt_verify_with_profile( mbedtls_x509_crt *crt,
int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
void *p_vrfy ) void *p_vrfy )
{ {
size_t cn_len;
int ret; int ret;
int pathlen = 0, selfsigned = 0;
mbedtls_x509_crt *parent;
mbedtls_x509_name *name;
mbedtls_x509_sequence *cur = NULL;
mbedtls_pk_type_t pk_type; mbedtls_pk_type_t pk_type;
x509_crt_verify_chain_item ver_chain[X509_MAX_VERIFY_CHAIN_SIZE];
size_t chain_len;
uint32_t *ee_flags = &ver_chain[0].flags;
*flags = 0; *flags = 0;
memset( ver_chain, 0, sizeof( ver_chain ) );
chain_len = 0;
if( profile == NULL ) if( profile == NULL )
{ {
@ -2246,104 +2372,28 @@ int mbedtls_x509_crt_verify_with_profile( mbedtls_x509_crt *crt,
goto exit; goto exit;
} }
/* check name if requested */
if( cn != NULL ) if( cn != NULL )
{ x509_crt_verify_name( crt, cn, ee_flags );
name = &crt->subject;
cn_len = strlen( cn );
if( crt->ext_types & MBEDTLS_X509_EXT_SUBJECT_ALT_NAME )
{
cur = &crt->subject_alt_names;
while( cur != NULL )
{
if( cur->buf.len == cn_len &&
x509_memcasecmp( cn, cur->buf.p, cn_len ) == 0 )
break;
if( cur->buf.len > 2 &&
memcmp( cur->buf.p, "*.", 2 ) == 0 &&
x509_check_wildcard( cn, &cur->buf ) == 0 )
{
break;
}
cur = cur->next;
}
if( cur == NULL )
*flags |= MBEDTLS_X509_BADCERT_CN_MISMATCH;
}
else
{
while( name != NULL )
{
if( MBEDTLS_OID_CMP( MBEDTLS_OID_AT_CN, &name->oid ) == 0 )
{
if( name->val.len == cn_len &&
x509_memcasecmp( name->val.p, cn, cn_len ) == 0 )
break;
if( name->val.len > 2 &&
memcmp( name->val.p, "*.", 2 ) == 0 &&
x509_check_wildcard( cn, &name->val ) == 0 )
break;
}
name = name->next;
}
if( name == NULL )
*flags |= MBEDTLS_X509_BADCERT_CN_MISMATCH;
}
}
/* Check the type and size of the key */ /* Check the type and size of the key */
pk_type = mbedtls_pk_get_type( &crt->pk ); pk_type = mbedtls_pk_get_type( &crt->pk );
if( x509_profile_check_pk_alg( profile, pk_type ) != 0 ) if( x509_profile_check_pk_alg( profile, pk_type ) != 0 )
*flags |= MBEDTLS_X509_BADCERT_BAD_PK; *ee_flags |= MBEDTLS_X509_BADCERT_BAD_PK;
if( x509_profile_check_key( profile, pk_type, &crt->pk ) != 0 ) if( x509_profile_check_key( profile, &crt->pk ) != 0 )
*flags |= MBEDTLS_X509_BADCERT_BAD_KEY; *ee_flags |= MBEDTLS_X509_BADCERT_BAD_KEY;
/* Look for a parent in trusted CAs */ /* Check the chain */
for( parent = trust_ca; parent != NULL; parent = parent->next ) ret = x509_crt_verify_chain( crt, trust_ca, ca_crl, profile,
{ ver_chain, &chain_len );
if( x509_crt_check_parent( crt, parent, 0, pathlen == 0 ) == 0 ) if( ret != 0 )
break; goto exit;
}
if( parent != NULL ) /* Build final flags, calling callback on the way if any */
{ ret = x509_crt_merge_flags_with_cb( flags,
ret = x509_crt_verify_top( crt, parent, ca_crl, profile, ver_chain, chain_len, f_vrfy, p_vrfy );
pathlen, selfsigned, flags, f_vrfy, p_vrfy );
if( ret != 0 )
goto exit;
}
else
{
/* Look for a parent upwards the chain */
for( parent = crt->next; parent != NULL; parent = parent->next )
if( x509_crt_check_parent( crt, parent, 0, pathlen == 0 ) == 0 )
break;
/* Are we part of the chain or at the top? */
if( parent != NULL )
{
ret = x509_crt_verify_child( crt, parent, trust_ca, ca_crl, profile,
pathlen, selfsigned, flags, f_vrfy, p_vrfy );
if( ret != 0 )
goto exit;
}
else
{
ret = x509_crt_verify_top( crt, trust_ca, ca_crl, profile,
pathlen, selfsigned, flags, f_vrfy, p_vrfy );
if( ret != 0 )
goto exit;
}
}
exit: exit:
/* prevent misuse of the vrfy callback - VERIFY_FAILED would be ignored by /* prevent misuse of the vrfy callback - VERIFY_FAILED would be ignored by
@ -2400,7 +2450,7 @@ void mbedtls_x509_crt_free( mbedtls_x509_crt *crt )
{ {
name_prv = name_cur; name_prv = name_cur;
name_cur = name_cur->next; name_cur = name_cur->next;
mbedtls_zeroize( name_prv, sizeof( mbedtls_x509_name ) ); mbedtls_platform_zeroize( name_prv, sizeof( mbedtls_x509_name ) );
mbedtls_free( name_prv ); mbedtls_free( name_prv );
} }
@ -2409,7 +2459,7 @@ void mbedtls_x509_crt_free( mbedtls_x509_crt *crt )
{ {
name_prv = name_cur; name_prv = name_cur;
name_cur = name_cur->next; name_cur = name_cur->next;
mbedtls_zeroize( name_prv, sizeof( mbedtls_x509_name ) ); mbedtls_platform_zeroize( name_prv, sizeof( mbedtls_x509_name ) );
mbedtls_free( name_prv ); mbedtls_free( name_prv );
} }
@ -2418,7 +2468,8 @@ void mbedtls_x509_crt_free( mbedtls_x509_crt *crt )
{ {
seq_prv = seq_cur; seq_prv = seq_cur;
seq_cur = seq_cur->next; seq_cur = seq_cur->next;
mbedtls_zeroize( seq_prv, sizeof( mbedtls_x509_sequence ) ); mbedtls_platform_zeroize( seq_prv,
sizeof( mbedtls_x509_sequence ) );
mbedtls_free( seq_prv ); mbedtls_free( seq_prv );
} }
@ -2427,13 +2478,14 @@ void mbedtls_x509_crt_free( mbedtls_x509_crt *crt )
{ {
seq_prv = seq_cur; seq_prv = seq_cur;
seq_cur = seq_cur->next; seq_cur = seq_cur->next;
mbedtls_zeroize( seq_prv, sizeof( mbedtls_x509_sequence ) ); mbedtls_platform_zeroize( seq_prv,
sizeof( mbedtls_x509_sequence ) );
mbedtls_free( seq_prv ); mbedtls_free( seq_prv );
} }
if( cert_cur->raw.p != NULL ) if( cert_cur->raw.p != NULL )
{ {
mbedtls_zeroize( cert_cur->raw.p, cert_cur->raw.len ); mbedtls_platform_zeroize( cert_cur->raw.p, cert_cur->raw.len );
mbedtls_free( cert_cur->raw.p ); mbedtls_free( cert_cur->raw.p );
} }
@ -2447,7 +2499,7 @@ void mbedtls_x509_crt_free( mbedtls_x509_crt *crt )
cert_prv = cert_cur; cert_prv = cert_cur;
cert_cur = cert_cur->next; cert_cur = cert_cur->next;
mbedtls_zeroize( cert_prv, sizeof( mbedtls_x509_crt ) ); mbedtls_platform_zeroize( cert_prv, sizeof( mbedtls_x509_crt ) );
if( cert_prv != crt ) if( cert_prv != crt )
mbedtls_free( cert_prv ); mbedtls_free( cert_prv );
} }

14
thirdparty/mbedtls/library/x509_csr.c vendored
View File

@ -39,6 +39,7 @@
#include "mbedtls/x509_csr.h" #include "mbedtls/x509_csr.h"
#include "mbedtls/oid.h" #include "mbedtls/oid.h"
#include "mbedtls/platform_util.h"
#include <string.h> #include <string.h>
@ -60,11 +61,6 @@
#include <stdio.h> #include <stdio.h>
#endif #endif
/* Implementation that should never be optimized out by the compiler */
static void mbedtls_zeroize( void *v, size_t n ) {
volatile unsigned char *p = v; while( n-- ) *p++ = 0;
}
/* /*
* Version ::= INTEGER { v1(0) } * Version ::= INTEGER { v1(0) }
*/ */
@ -325,7 +321,7 @@ int mbedtls_x509_csr_parse_file( mbedtls_x509_csr *csr, const char *path )
ret = mbedtls_x509_csr_parse( csr, buf, n ); ret = mbedtls_x509_csr_parse( csr, buf, n );
mbedtls_zeroize( buf, n ); mbedtls_platform_zeroize( buf, n );
mbedtls_free( buf ); mbedtls_free( buf );
return( ret ); return( ret );
@ -407,17 +403,17 @@ void mbedtls_x509_csr_free( mbedtls_x509_csr *csr )
{ {
name_prv = name_cur; name_prv = name_cur;
name_cur = name_cur->next; name_cur = name_cur->next;
mbedtls_zeroize( name_prv, sizeof( mbedtls_x509_name ) ); mbedtls_platform_zeroize( name_prv, sizeof( mbedtls_x509_name ) );
mbedtls_free( name_prv ); mbedtls_free( name_prv );
} }
if( csr->raw.p != NULL ) if( csr->raw.p != NULL )
{ {
mbedtls_zeroize( csr->raw.p, csr->raw.len ); mbedtls_platform_zeroize( csr->raw.p, csr->raw.len );
mbedtls_free( csr->raw.p ); mbedtls_free( csr->raw.p );
} }
mbedtls_zeroize( csr, sizeof( mbedtls_x509_csr ) ); mbedtls_platform_zeroize( csr, sizeof( mbedtls_x509_csr ) );
} }
#endif /* MBEDTLS_X509_CSR_PARSE_C */ #endif /* MBEDTLS_X509_CSR_PARSE_C */

Some files were not shown because too many files have changed in this diff Show More