Merge pull request #90209 from akien-mga/mbedtls-2.28.8
mbedtls: Update to upstream version 2.28.8
This commit is contained in:
commit
d3e8b6c6b8
|
@ -520,7 +520,7 @@ in the MSVC debugger.
|
|||
## mbedtls
|
||||
|
||||
- Upstream: https://github.com/Mbed-TLS/mbedtls
|
||||
- Version: 2.28.7 (555f84735aecdbd76a566cf087ec8425dfb0c8ab, 2024)
|
||||
- Version: 2.28.8 (5a764e5555c64337ed17444410269ff21cb617b1, 2024)
|
||||
- License: Apache 2.0
|
||||
|
||||
File extracted from upstream release tarball:
|
||||
|
|
|
@ -46,7 +46,7 @@
|
|||
* macros that may change in future releases.
|
||||
*/
|
||||
#undef MBEDTLS_AESNI_HAVE_INTRINSICS
|
||||
#if defined(_MSC_VER)
|
||||
#if defined(_MSC_VER) && !defined(__clang__)
|
||||
/* Visual Studio supports AESNI intrinsics since VS 2008 SP1. We only support
|
||||
* VS 2013 and up for other reasons anyway, so no need to check the version. */
|
||||
#define MBEDTLS_AESNI_HAVE_INTRINSICS
|
||||
|
@ -54,7 +54,7 @@
|
|||
/* GCC-like compilers: currently, we only support intrinsics if the requisite
|
||||
* target flag is enabled when building the library (e.g. `gcc -mpclmul -msse2`
|
||||
* or `clang -maes -mpclmul`). */
|
||||
#if defined(__GNUC__) && defined(__AES__) && defined(__PCLMUL__)
|
||||
#if (defined(__GNUC__) || defined(__clang__)) && defined(__AES__) && defined(__PCLMUL__)
|
||||
#define MBEDTLS_AESNI_HAVE_INTRINSICS
|
||||
#endif
|
||||
|
||||
|
|
|
@ -1570,6 +1570,26 @@
|
|||
*/
|
||||
//#define MBEDTLS_PSA_INJECT_ENTROPY
|
||||
|
||||
/**
|
||||
* \def MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS
|
||||
*
|
||||
* Assume all buffers passed to PSA functions are owned exclusively by the
|
||||
* PSA function and are not stored in shared memory.
|
||||
*
|
||||
* This option may be enabled if all buffers passed to any PSA function reside
|
||||
* in memory that is accessible only to the PSA function during its execution.
|
||||
*
|
||||
* This option MUST be disabled whenever buffer arguments are in memory shared
|
||||
* with an untrusted party, for example where arguments to PSA calls are passed
|
||||
* across a trust boundary.
|
||||
*
|
||||
* \note Enabling this option reduces memory usage and code size.
|
||||
*
|
||||
* \note Enabling this option causes overlap of input and output buffers
|
||||
* not to be supported by PSA functions.
|
||||
*/
|
||||
//#define MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS
|
||||
|
||||
/**
|
||||
* \def MBEDTLS_RSA_NO_CRT
|
||||
*
|
||||
|
|
|
@ -1265,6 +1265,8 @@ int mbedtls_ecp_gen_key(mbedtls_ecp_group_id grp_id, mbedtls_ecp_keypair *key,
|
|||
/**
|
||||
* \brief This function reads an elliptic curve private key.
|
||||
*
|
||||
* \note This function does not support Curve448 yet.
|
||||
*
|
||||
* \param grp_id The ECP group identifier.
|
||||
* \param key The destination key.
|
||||
* \param buf The buffer containing the binary representation of the
|
||||
|
@ -1286,17 +1288,43 @@ int mbedtls_ecp_read_key(mbedtls_ecp_group_id grp_id, mbedtls_ecp_keypair *key,
|
|||
/**
|
||||
* \brief This function exports an elliptic curve private key.
|
||||
*
|
||||
* \note Note that although this function accepts an output
|
||||
* buffer that is smaller or larger than the key, most key
|
||||
* import interfaces require the output to have exactly
|
||||
* key's nominal length. It is generally simplest to
|
||||
* pass the key's nominal length as \c buflen, after
|
||||
* checking that the output buffer is large enough.
|
||||
* See the description of the \p buflen parameter for
|
||||
* how to calculate the nominal length.
|
||||
*
|
||||
* \note If the private key was not set in \p key,
|
||||
* the output is unspecified. Future versions
|
||||
* may return an error in that case.
|
||||
*
|
||||
* \note This function does not support Curve448 yet.
|
||||
*
|
||||
* \param key The private key.
|
||||
* \param buf The output buffer for containing the binary representation
|
||||
* of the key. (Big endian integer for Weierstrass curves, byte
|
||||
* string for Montgomery curves.)
|
||||
* of the key.
|
||||
* For Weierstrass curves, this is the big-endian
|
||||
* representation, padded with null bytes at the beginning
|
||||
* to reach \p buflen bytes.
|
||||
* For Montgomery curves, this is the standard byte string
|
||||
* representation (which is little-endian), padded with
|
||||
* null bytes at the end to reach \p buflen bytes.
|
||||
* \param buflen The total length of the buffer in bytes.
|
||||
* The length of the output is
|
||||
* (`grp->nbits` + 7) / 8 bytes
|
||||
* where `grp->nbits` is the private key size in bits.
|
||||
* For Weierstrass keys, if the output buffer is smaller,
|
||||
* leading zeros are trimmed to fit if possible. For
|
||||
* Montgomery keys, the output buffer must always be large
|
||||
* enough for the nominal length.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL if the \p key
|
||||
representation is larger than the available space in \p buf.
|
||||
* \return #MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE if the operation for
|
||||
* the group is not implemented.
|
||||
* \return #MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL or
|
||||
* #MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL if the \p key
|
||||
* representation is larger than the available space in \p buf.
|
||||
* \return Another negative error code on different kinds of failure.
|
||||
*/
|
||||
int mbedtls_ecp_write_key(mbedtls_ecp_keypair *key,
|
||||
|
|
|
@ -140,7 +140,7 @@ int mbedtls_net_bind(mbedtls_net_context *ctx, const char *bind_ip, const char *
|
|||
* \param client_ctx Will contain the connected client socket
|
||||
* \param client_ip Will contain the client IP address, can be NULL
|
||||
* \param buf_size Size of the client_ip buffer
|
||||
* \param ip_len Will receive the size of the client IP written,
|
||||
* \param cip_len Will receive the size of the client IP written,
|
||||
* can be NULL if client_ip is null
|
||||
*
|
||||
* \return 0 if successful, or
|
||||
|
@ -153,7 +153,7 @@ int mbedtls_net_bind(mbedtls_net_context *ctx, const char *bind_ip, const char *
|
|||
*/
|
||||
int mbedtls_net_accept(mbedtls_net_context *bind_ctx,
|
||||
mbedtls_net_context *client_ctx,
|
||||
void *client_ip, size_t buf_size, size_t *ip_len);
|
||||
void *client_ip, size_t buf_size, size_t *cip_len);
|
||||
|
||||
/**
|
||||
* \brief Check and wait for the context to be ready for read/write
|
||||
|
|
|
@ -26,16 +26,16 @@
|
|||
*/
|
||||
#define MBEDTLS_VERSION_MAJOR 2
|
||||
#define MBEDTLS_VERSION_MINOR 28
|
||||
#define MBEDTLS_VERSION_PATCH 7
|
||||
#define MBEDTLS_VERSION_PATCH 8
|
||||
|
||||
/**
|
||||
* The single version number has the following structure:
|
||||
* MMNNPP00
|
||||
* Major version | Minor version | Patch version
|
||||
*/
|
||||
#define MBEDTLS_VERSION_NUMBER 0x021C0700
|
||||
#define MBEDTLS_VERSION_STRING "2.28.7"
|
||||
#define MBEDTLS_VERSION_STRING_FULL "Mbed TLS 2.28.7"
|
||||
#define MBEDTLS_VERSION_NUMBER 0x021C0800
|
||||
#define MBEDTLS_VERSION_STRING "2.28.8"
|
||||
#define MBEDTLS_VERSION_STRING_FULL "Mbed TLS 2.28.8"
|
||||
|
||||
#if defined(MBEDTLS_VERSION_C)
|
||||
|
||||
|
|
|
@ -322,7 +322,7 @@ static const uint32_t RT3[256] = { RT };
|
|||
/*
|
||||
* Round constants
|
||||
*/
|
||||
static const uint32_t RCON[10] =
|
||||
static const uint32_t round_constants[10] =
|
||||
{
|
||||
0x00000001, 0x00000002, 0x00000004, 0x00000008,
|
||||
0x00000010, 0x00000020, 0x00000040, 0x00000080,
|
||||
|
@ -369,7 +369,7 @@ static uint32_t RT3[256];
|
|||
/*
|
||||
* Round constants
|
||||
*/
|
||||
static uint32_t RCON[10];
|
||||
static uint32_t round_constants[10];
|
||||
|
||||
/*
|
||||
* Tables generation code
|
||||
|
@ -399,7 +399,7 @@ static void aes_gen_tables(void)
|
|||
* calculate the round constants
|
||||
*/
|
||||
for (i = 0, x = 1; i < 10; i++) {
|
||||
RCON[i] = (uint32_t) x;
|
||||
round_constants[i] = (uint32_t) x;
|
||||
x = MBEDTLS_BYTE_0(XTIME(x));
|
||||
}
|
||||
|
||||
|
@ -625,7 +625,7 @@ int mbedtls_aes_setkey_enc(mbedtls_aes_context *ctx, const unsigned char *key,
|
|||
case 10:
|
||||
|
||||
for (i = 0; i < 10; i++, RK += 4) {
|
||||
RK[4] = RK[0] ^ RCON[i] ^
|
||||
RK[4] = RK[0] ^ round_constants[i] ^
|
||||
((uint32_t) FSb[MBEDTLS_BYTE_1(RK[3])]) ^
|
||||
((uint32_t) FSb[MBEDTLS_BYTE_2(RK[3])] << 8) ^
|
||||
((uint32_t) FSb[MBEDTLS_BYTE_3(RK[3])] << 16) ^
|
||||
|
@ -640,7 +640,7 @@ int mbedtls_aes_setkey_enc(mbedtls_aes_context *ctx, const unsigned char *key,
|
|||
case 12:
|
||||
|
||||
for (i = 0; i < 8; i++, RK += 6) {
|
||||
RK[6] = RK[0] ^ RCON[i] ^
|
||||
RK[6] = RK[0] ^ round_constants[i] ^
|
||||
((uint32_t) FSb[MBEDTLS_BYTE_1(RK[5])]) ^
|
||||
((uint32_t) FSb[MBEDTLS_BYTE_2(RK[5])] << 8) ^
|
||||
((uint32_t) FSb[MBEDTLS_BYTE_3(RK[5])] << 16) ^
|
||||
|
@ -657,7 +657,7 @@ int mbedtls_aes_setkey_enc(mbedtls_aes_context *ctx, const unsigned char *key,
|
|||
case 14:
|
||||
|
||||
for (i = 0; i < 7; i++, RK += 8) {
|
||||
RK[8] = RK[0] ^ RCON[i] ^
|
||||
RK[8] = RK[0] ^ round_constants[i] ^
|
||||
((uint32_t) FSb[MBEDTLS_BYTE_1(RK[7])]) ^
|
||||
((uint32_t) FSb[MBEDTLS_BYTE_2(RK[7])] << 8) ^
|
||||
((uint32_t) FSb[MBEDTLS_BYTE_3(RK[7])] << 16) ^
|
||||
|
|
|
@ -27,10 +27,12 @@
|
|||
#if defined(MBEDTLS_AESNI_HAVE_CODE)
|
||||
|
||||
#if MBEDTLS_AESNI_HAVE_CODE == 2
|
||||
#if !defined(_WIN32)
|
||||
#if defined(__GNUC__)
|
||||
#include <cpuid.h>
|
||||
#else
|
||||
#elif defined(_MSC_VER)
|
||||
#include <intrin.h>
|
||||
#else
|
||||
#error "`__cpuid` required by MBEDTLS_AESNI_C is not supported by the compiler"
|
||||
#endif
|
||||
#include <immintrin.h>
|
||||
#endif
|
||||
|
@ -45,7 +47,7 @@ int mbedtls_aesni_has_support(unsigned int what)
|
|||
|
||||
if (!done) {
|
||||
#if MBEDTLS_AESNI_HAVE_CODE == 2
|
||||
static unsigned info[4] = { 0, 0, 0, 0 };
|
||||
static int info[4] = { 0, 0, 0, 0 };
|
||||
#if defined(_MSC_VER)
|
||||
__cpuid(info, 1);
|
||||
#else
|
||||
|
@ -179,7 +181,7 @@ void mbedtls_aesni_gcm_mult(unsigned char c[16],
|
|||
const unsigned char a[16],
|
||||
const unsigned char b[16])
|
||||
{
|
||||
__m128i aa, bb, cc, dd;
|
||||
__m128i aa = { 0 }, bb = { 0 }, cc, dd;
|
||||
|
||||
/* The inputs are in big-endian order, so byte-reverse them */
|
||||
for (size_t i = 0; i < 16; i++) {
|
||||
|
|
|
@ -350,4 +350,31 @@ static inline const unsigned char *mbedtls_buffer_offset_const(
|
|||
#define MBEDTLS_STATIC_ASSERT(expr, msg)
|
||||
#endif
|
||||
|
||||
/* Suppress compiler warnings for unused functions and variables. */
|
||||
#if !defined(MBEDTLS_MAYBE_UNUSED) && defined(__has_attribute)
|
||||
# if __has_attribute(unused)
|
||||
# define MBEDTLS_MAYBE_UNUSED __attribute__((unused))
|
||||
# endif
|
||||
#endif
|
||||
#if !defined(MBEDTLS_MAYBE_UNUSED) && defined(__GNUC__)
|
||||
# define MBEDTLS_MAYBE_UNUSED __attribute__((unused))
|
||||
#endif
|
||||
#if !defined(MBEDTLS_MAYBE_UNUSED) && defined(__IAR_SYSTEMS_ICC__) && defined(__VER__)
|
||||
/* IAR does support __attribute__((unused)), but only if the -e flag (extended language support)
|
||||
* is given; the pragma always works.
|
||||
* Unfortunately the pragma affects the rest of the file where it is used, but this is harmless.
|
||||
* Check for version 5.2 or later - this pragma may be supported by earlier versions, but I wasn't
|
||||
* able to find documentation).
|
||||
*/
|
||||
# if (__VER__ >= 5020000)
|
||||
# define MBEDTLS_MAYBE_UNUSED _Pragma("diag_suppress=Pe177")
|
||||
# endif
|
||||
#endif
|
||||
#if !defined(MBEDTLS_MAYBE_UNUSED) && defined(_MSC_VER)
|
||||
# define MBEDTLS_MAYBE_UNUSED __pragma(warning(suppress:4189))
|
||||
#endif
|
||||
#if !defined(MBEDTLS_MAYBE_UNUSED)
|
||||
# define MBEDTLS_MAYBE_UNUSED
|
||||
#endif
|
||||
|
||||
#endif /* MBEDTLS_LIBRARY_COMMON_H */
|
||||
|
|
|
@ -927,7 +927,7 @@ int mbedtls_ecp_point_read_binary(const mbedtls_ecp_group *grp,
|
|||
size_t plen;
|
||||
ECP_VALIDATE_RET(grp != NULL);
|
||||
ECP_VALIDATE_RET(pt != NULL);
|
||||
ECP_VALIDATE_RET(buf != NULL);
|
||||
ECP_VALIDATE_RET(ilen == 0 || buf != NULL);
|
||||
|
||||
if (ilen < 1) {
|
||||
return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
|
||||
|
@ -996,7 +996,7 @@ int mbedtls_ecp_tls_read_point(const mbedtls_ecp_group *grp,
|
|||
ECP_VALIDATE_RET(grp != NULL);
|
||||
ECP_VALIDATE_RET(pt != NULL);
|
||||
ECP_VALIDATE_RET(buf != NULL);
|
||||
ECP_VALIDATE_RET(*buf != NULL);
|
||||
ECP_VALIDATE_RET(buf_len == 0 || *buf != NULL);
|
||||
|
||||
/*
|
||||
* We must have at least two bytes (1 for length, at least one for data)
|
||||
|
@ -1068,7 +1068,7 @@ int mbedtls_ecp_tls_read_group(mbedtls_ecp_group *grp,
|
|||
mbedtls_ecp_group_id grp_id;
|
||||
ECP_VALIDATE_RET(grp != NULL);
|
||||
ECP_VALIDATE_RET(buf != NULL);
|
||||
ECP_VALIDATE_RET(*buf != NULL);
|
||||
ECP_VALIDATE_RET(len == 0 || *buf != NULL);
|
||||
|
||||
if ((ret = mbedtls_ecp_tls_read_group_id(&grp_id, buf, len)) != 0) {
|
||||
return ret;
|
||||
|
@ -1088,7 +1088,7 @@ int mbedtls_ecp_tls_read_group_id(mbedtls_ecp_group_id *grp,
|
|||
const mbedtls_ecp_curve_info *curve_info;
|
||||
ECP_VALIDATE_RET(grp != NULL);
|
||||
ECP_VALIDATE_RET(buf != NULL);
|
||||
ECP_VALIDATE_RET(*buf != NULL);
|
||||
ECP_VALIDATE_RET(len == 0 || *buf != NULL);
|
||||
|
||||
/*
|
||||
* We expect at least three bytes (see below)
|
||||
|
@ -2614,8 +2614,8 @@ static int ecp_mul_mxz(mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
|
|||
/* RP.X might be slightly larger than P, so reduce it */
|
||||
MOD_ADD(RP.X);
|
||||
|
||||
/* Randomize coordinates of the starting point */
|
||||
#if defined(MBEDTLS_ECP_NO_INTERNAL_RNG)
|
||||
/* Derandomize coordinates of the starting point */
|
||||
if (f_rng == NULL) {
|
||||
have_rng = 0;
|
||||
}
|
||||
|
@ -3358,10 +3358,10 @@ cleanup:
|
|||
int mbedtls_ecp_write_key(mbedtls_ecp_keypair *key,
|
||||
unsigned char *buf, size_t buflen)
|
||||
{
|
||||
int ret = MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE;
|
||||
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
||||
|
||||
ECP_VALIDATE_RET(key != NULL);
|
||||
ECP_VALIDATE_RET(buf != NULL);
|
||||
ECP_VALIDATE_RET(buflen == 0 || buf != NULL);
|
||||
|
||||
#if defined(MBEDTLS_ECP_MONTGOMERY_ENABLED)
|
||||
if (mbedtls_ecp_get_type(&key->grp) == MBEDTLS_ECP_TYPE_MONTGOMERY) {
|
||||
|
|
|
@ -535,10 +535,10 @@ static inline void ecp_mpi_load(mbedtls_mpi *X, const mbedtls_mpi_uint *p, size_
|
|||
*/
|
||||
static inline void ecp_mpi_set1(mbedtls_mpi *X)
|
||||
{
|
||||
static mbedtls_mpi_uint one[] = { 1 };
|
||||
static const mbedtls_mpi_uint one[] = { 1 };
|
||||
X->s = 1;
|
||||
X->n = 1;
|
||||
X->p = one;
|
||||
X->p = (mbedtls_mpi_uint *) one; /* X->p will not be modified so the cast is safe */
|
||||
}
|
||||
|
||||
/*
|
||||
|
@ -1348,7 +1348,7 @@ cleanup:
|
|||
*/
|
||||
#define P_KOBLITZ_MAX (256 / 8 / sizeof(mbedtls_mpi_uint)) // Max limbs in P
|
||||
#define P_KOBLITZ_R (8 / sizeof(mbedtls_mpi_uint)) // Limbs in R
|
||||
static inline int ecp_mod_koblitz(mbedtls_mpi *N, mbedtls_mpi_uint *Rp, size_t p_limbs,
|
||||
static inline int ecp_mod_koblitz(mbedtls_mpi *N, const mbedtls_mpi_uint *Rp, size_t p_limbs,
|
||||
size_t adjust, size_t shift, mbedtls_mpi_uint mask)
|
||||
{
|
||||
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
||||
|
@ -1362,7 +1362,7 @@ static inline int ecp_mod_koblitz(mbedtls_mpi *N, mbedtls_mpi_uint *Rp, size_t p
|
|||
|
||||
/* Init R */
|
||||
R.s = 1;
|
||||
R.p = Rp;
|
||||
R.p = (mbedtls_mpi_uint *) Rp; /* R.p will not be modified so the cast is safe */
|
||||
R.n = P_KOBLITZ_R;
|
||||
|
||||
/* Common setup for M */
|
||||
|
@ -1433,7 +1433,7 @@ cleanup:
|
|||
*/
|
||||
static int ecp_mod_p192k1(mbedtls_mpi *N)
|
||||
{
|
||||
static mbedtls_mpi_uint Rp[] = {
|
||||
static const mbedtls_mpi_uint Rp[] = {
|
||||
MBEDTLS_BYTES_TO_T_UINT_8(0xC9, 0x11, 0x00, 0x00, 0x01, 0x00, 0x00,
|
||||
0x00)
|
||||
};
|
||||
|
@ -1450,7 +1450,7 @@ static int ecp_mod_p192k1(mbedtls_mpi *N)
|
|||
*/
|
||||
static int ecp_mod_p224k1(mbedtls_mpi *N)
|
||||
{
|
||||
static mbedtls_mpi_uint Rp[] = {
|
||||
static const mbedtls_mpi_uint Rp[] = {
|
||||
MBEDTLS_BYTES_TO_T_UINT_8(0x93, 0x1A, 0x00, 0x00, 0x01, 0x00, 0x00,
|
||||
0x00)
|
||||
};
|
||||
|
@ -1472,7 +1472,7 @@ static int ecp_mod_p224k1(mbedtls_mpi *N)
|
|||
*/
|
||||
static int ecp_mod_p256k1(mbedtls_mpi *N)
|
||||
{
|
||||
static mbedtls_mpi_uint Rp[] = {
|
||||
static const mbedtls_mpi_uint Rp[] = {
|
||||
MBEDTLS_BYTES_TO_T_UINT_8(0xD1, 0x03, 0x00, 0x00, 0x01, 0x00, 0x00,
|
||||
0x00)
|
||||
};
|
||||
|
|
|
@ -5,7 +5,7 @@
|
|||
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
|
||||
*/
|
||||
|
||||
#if defined(__linux__) && !defined(_GNU_SOURCE)
|
||||
#if defined(__linux__) || defined(__midipix__) && !defined(_GNU_SOURCE)
|
||||
/* Ensure that syscall() is available even when compiling with -std=c99 */
|
||||
#define _GNU_SOURCE
|
||||
#endif
|
||||
|
|
|
@ -241,7 +241,7 @@ int mbedtls_gcm_starts(mbedtls_gcm_context *ctx,
|
|||
uint64_t iv_bits;
|
||||
|
||||
GCM_VALIDATE_RET(ctx != NULL);
|
||||
GCM_VALIDATE_RET(iv != NULL);
|
||||
GCM_VALIDATE_RET(iv_len == 0 || iv != NULL);
|
||||
GCM_VALIDATE_RET(add_len == 0 || add != NULL);
|
||||
|
||||
/* IV and AD are limited to 2^64 bits, so 2^61 bytes */
|
||||
|
@ -433,7 +433,7 @@ int mbedtls_gcm_crypt_and_tag(mbedtls_gcm_context *ctx,
|
|||
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
||||
|
||||
GCM_VALIDATE_RET(ctx != NULL);
|
||||
GCM_VALIDATE_RET(iv != NULL);
|
||||
GCM_VALIDATE_RET(iv_len == 0 || iv != NULL);
|
||||
GCM_VALIDATE_RET(add_len == 0 || add != NULL);
|
||||
GCM_VALIDATE_RET(length == 0 || input != NULL);
|
||||
GCM_VALIDATE_RET(length == 0 || output != NULL);
|
||||
|
@ -470,7 +470,7 @@ int mbedtls_gcm_auth_decrypt(mbedtls_gcm_context *ctx,
|
|||
int diff;
|
||||
|
||||
GCM_VALIDATE_RET(ctx != NULL);
|
||||
GCM_VALIDATE_RET(iv != NULL);
|
||||
GCM_VALIDATE_RET(iv_len == 0 || iv != NULL);
|
||||
GCM_VALIDATE_RET(add_len == 0 || add != NULL);
|
||||
GCM_VALIDATE_RET(tag != NULL);
|
||||
GCM_VALIDATE_RET(length == 0 || input != NULL);
|
||||
|
|
|
@ -321,7 +321,7 @@ static int net_would_block(const mbedtls_net_context *ctx)
|
|||
*/
|
||||
int mbedtls_net_accept(mbedtls_net_context *bind_ctx,
|
||||
mbedtls_net_context *client_ctx,
|
||||
void *client_ip, size_t buf_size, size_t *ip_len)
|
||||
void *client_ip, size_t buf_size, size_t *cip_len)
|
||||
{
|
||||
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
||||
int type;
|
||||
|
@ -404,22 +404,22 @@ int mbedtls_net_accept(mbedtls_net_context *bind_ctx,
|
|||
if (client_ip != NULL) {
|
||||
if (client_addr.ss_family == AF_INET) {
|
||||
struct sockaddr_in *addr4 = (struct sockaddr_in *) &client_addr;
|
||||
*ip_len = sizeof(addr4->sin_addr.s_addr);
|
||||
*cip_len = sizeof(addr4->sin_addr.s_addr);
|
||||
|
||||
if (buf_size < *ip_len) {
|
||||
if (buf_size < *cip_len) {
|
||||
return MBEDTLS_ERR_NET_BUFFER_TOO_SMALL;
|
||||
}
|
||||
|
||||
memcpy(client_ip, &addr4->sin_addr.s_addr, *ip_len);
|
||||
memcpy(client_ip, &addr4->sin_addr.s_addr, *cip_len);
|
||||
} else {
|
||||
struct sockaddr_in6 *addr6 = (struct sockaddr_in6 *) &client_addr;
|
||||
*ip_len = sizeof(addr6->sin6_addr.s6_addr);
|
||||
*cip_len = sizeof(addr6->sin6_addr.s6_addr);
|
||||
|
||||
if (buf_size < *ip_len) {
|
||||
if (buf_size < *cip_len) {
|
||||
return MBEDTLS_ERR_NET_BUFFER_TOO_SMALL;
|
||||
}
|
||||
|
||||
memcpy(client_ip, &addr6->sin6_addr.s6_addr, *ip_len);
|
||||
memcpy(client_ip, &addr6->sin6_addr.s6_addr, *cip_len);
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -53,7 +53,23 @@ static int rsa_can_do(mbedtls_pk_type_t type)
|
|||
static size_t rsa_get_bitlen(const void *ctx)
|
||||
{
|
||||
const mbedtls_rsa_context *rsa = (const mbedtls_rsa_context *) ctx;
|
||||
return 8 * mbedtls_rsa_get_len(rsa);
|
||||
/* Unfortunately, the rsa.h interface does not have a direct way
|
||||
* to access the bit-length that works with MBEDTLS_RSA_ALT.
|
||||
* So we have to do a little work here.
|
||||
*/
|
||||
mbedtls_mpi N;
|
||||
mbedtls_mpi_init(&N);
|
||||
int ret = mbedtls_rsa_export(rsa, &N, NULL, NULL, NULL, NULL);
|
||||
/* If the export fails for some reason (e.g. the RSA_ALT implementation
|
||||
* does not support export, or there is not enough memory),
|
||||
* we have no way of returning an error from this function.
|
||||
* As a fallback, return the byte-length converted in bits, which is
|
||||
* the correct value if the modulus size is a multiple of 8 bits, which
|
||||
* is very often the case in practice. */
|
||||
size_t bitlen = (ret == 0 ? mbedtls_mpi_bitlen(&N) :
|
||||
8 * mbedtls_rsa_get_len(rsa));
|
||||
mbedtls_mpi_free(&N);
|
||||
return bitlen;
|
||||
}
|
||||
|
||||
static int rsa_verify_wrap(void *ctx, mbedtls_md_type_t md_alg,
|
||||
|
|
|
@ -244,8 +244,8 @@ int mbedtls_pkcs12_pbe_ext(mbedtls_asn1_buf *pbe_params, int mode,
|
|||
}
|
||||
|
||||
#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING)
|
||||
{
|
||||
/* PKCS12 uses CBC with PKCS7 padding */
|
||||
|
||||
mbedtls_cipher_padding_t padding = MBEDTLS_PADDING_PKCS7;
|
||||
#if !defined(MBEDTLS_CIPHER_PADDING_PKCS7)
|
||||
/* For historical reasons, when decrypting, this function works when
|
||||
|
@ -260,6 +260,7 @@ int mbedtls_pkcs12_pbe_ext(mbedtls_asn1_buf *pbe_params, int mode,
|
|||
if ((ret = mbedtls_cipher_set_padding_mode(&cipher_ctx, padding)) != 0) {
|
||||
goto exit;
|
||||
}
|
||||
}
|
||||
#endif /* MBEDTLS_CIPHER_MODE_WITH_PADDING */
|
||||
|
||||
if ((ret = mbedtls_cipher_set_iv(&cipher_ctx, iv, cipher_info->iv_size)) != 0) {
|
||||
|
|
|
@ -239,6 +239,7 @@ int mbedtls_pkcs5_pbes2_ext(const mbedtls_asn1_buf *pbe_params, int mode,
|
|||
}
|
||||
|
||||
#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING)
|
||||
{
|
||||
/* PKCS5 uses CBC with PKCS7 padding (which is the same as
|
||||
* "PKCS5 padding" except that it's typically only called PKCS5
|
||||
* with 64-bit-block ciphers).
|
||||
|
@ -257,6 +258,7 @@ int mbedtls_pkcs5_pbes2_ext(const mbedtls_asn1_buf *pbe_params, int mode,
|
|||
if ((ret = mbedtls_cipher_set_padding_mode(&cipher_ctx, padding)) != 0) {
|
||||
goto exit;
|
||||
}
|
||||
}
|
||||
#endif /* MBEDTLS_CIPHER_MODE_WITH_PADDING */
|
||||
if ((ret = mbedtls_cipher_crypt(&cipher_ctx, iv, enc_scheme_params.len,
|
||||
data, datalen, output, output_len)) != 0) {
|
||||
|
|
|
@ -559,38 +559,49 @@ end_of_export:
|
|||
int mbedtls_pk_write_pubkey_pem(mbedtls_pk_context *key, unsigned char *buf, size_t size)
|
||||
{
|
||||
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
||||
unsigned char output_buf[PUB_DER_MAX_BYTES];
|
||||
unsigned char *output_buf = NULL;
|
||||
output_buf = mbedtls_calloc(1, PUB_DER_MAX_BYTES);
|
||||
if (output_buf == NULL) {
|
||||
return MBEDTLS_ERR_PK_ALLOC_FAILED;
|
||||
}
|
||||
size_t olen = 0;
|
||||
|
||||
PK_VALIDATE_RET(key != NULL);
|
||||
PK_VALIDATE_RET(buf != NULL || size == 0);
|
||||
|
||||
if ((ret = mbedtls_pk_write_pubkey_der(key, output_buf,
|
||||
sizeof(output_buf))) < 0) {
|
||||
return ret;
|
||||
PUB_DER_MAX_BYTES)) < 0) {
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
if ((ret = mbedtls_pem_write_buffer(PEM_BEGIN_PUBLIC_KEY, PEM_END_PUBLIC_KEY,
|
||||
output_buf + sizeof(output_buf) - ret,
|
||||
output_buf + PUB_DER_MAX_BYTES - ret,
|
||||
ret, buf, size, &olen)) != 0) {
|
||||
return ret;
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
return 0;
|
||||
ret = 0;
|
||||
cleanup:
|
||||
mbedtls_free(output_buf);
|
||||
return ret;
|
||||
}
|
||||
|
||||
int mbedtls_pk_write_key_pem(mbedtls_pk_context *key, unsigned char *buf, size_t size)
|
||||
{
|
||||
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
||||
unsigned char output_buf[PRV_DER_MAX_BYTES];
|
||||
unsigned char *output_buf = NULL;
|
||||
output_buf = mbedtls_calloc(1, PRV_DER_MAX_BYTES);
|
||||
if (output_buf == NULL) {
|
||||
return MBEDTLS_ERR_PK_ALLOC_FAILED;
|
||||
}
|
||||
const char *begin, *end;
|
||||
size_t olen = 0;
|
||||
|
||||
PK_VALIDATE_RET(key != NULL);
|
||||
PK_VALIDATE_RET(buf != NULL || size == 0);
|
||||
|
||||
if ((ret = mbedtls_pk_write_key_der(key, output_buf, sizeof(output_buf))) < 0) {
|
||||
return ret;
|
||||
if ((ret = mbedtls_pk_write_key_der(key, output_buf, PRV_DER_MAX_BYTES)) < 0) {
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_RSA_C)
|
||||
|
@ -605,15 +616,22 @@ int mbedtls_pk_write_key_pem(mbedtls_pk_context *key, unsigned char *buf, size_t
|
|||
end = PEM_END_PRIVATE_KEY_EC;
|
||||
} else
|
||||
#endif
|
||||
return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE;
|
||||
|
||||
if ((ret = mbedtls_pem_write_buffer(begin, end,
|
||||
output_buf + sizeof(output_buf) - ret,
|
||||
ret, buf, size, &olen)) != 0) {
|
||||
return ret;
|
||||
{
|
||||
ret = MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE;
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
return 0;
|
||||
if ((ret = mbedtls_pem_write_buffer(begin, end,
|
||||
output_buf + PRV_DER_MAX_BYTES - ret,
|
||||
ret, buf, size, &olen)) != 0) {
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
ret = 0;
|
||||
cleanup:
|
||||
mbedtls_platform_zeroize(output_buf, PRV_DER_MAX_BYTES);
|
||||
mbedtls_free(output_buf);
|
||||
return ret;
|
||||
}
|
||||
#endif /* MBEDTLS_PEM_WRITE_C */
|
||||
|
||||
|
|
|
@ -66,10 +66,10 @@ void mbedtls_platform_zeroize(void *buf, size_t len)
|
|||
#include <time.h>
|
||||
#if !defined(_WIN32) && (defined(unix) || \
|
||||
defined(__unix) || defined(__unix__) || (defined(__APPLE__) && \
|
||||
defined(__MACH__)))
|
||||
defined(__MACH__)) || defined(__midipix__))
|
||||
#include <unistd.h>
|
||||
#endif /* !_WIN32 && (unix || __unix || __unix__ ||
|
||||
* (__APPLE__ && __MACH__)) */
|
||||
* (__APPLE__ && __MACH__)) || __midipix__ */
|
||||
|
||||
#if !((defined(_POSIX_VERSION) && _POSIX_VERSION >= 200809L) || \
|
||||
(defined(_POSIX_THREAD_SAFE_FUNCTIONS) && \
|
||||
|
|
|
@ -992,8 +992,7 @@ static int ssl_populate_transform(mbedtls_ssl_transform *transform,
|
|||
!defined(MBEDTLS_SSL_EXPORT_KEYS) && \
|
||||
!defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) && \
|
||||
!defined(MBEDTLS_DEBUG_C)
|
||||
ssl = NULL; /* make sure we don't use it except for those cases */
|
||||
(void) ssl;
|
||||
(void) ssl; /* ssl is unused except for those cases */
|
||||
#endif
|
||||
|
||||
/*
|
||||
|
@ -5205,6 +5204,12 @@ const mbedtls_ssl_session *mbedtls_ssl_get_session_pointer(const mbedtls_ssl_con
|
|||
#define SSL_SERIALIZED_SESSION_CONFIG_CRT 0
|
||||
#endif /* MBEDTLS_X509_CRT_PARSE_C */
|
||||
|
||||
#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
|
||||
#define SSL_SERIALIZED_SESSION_CONFIG_KEEP_PEER_CRT 1
|
||||
#else
|
||||
#define SSL_SERIALIZED_SESSION_CONFIG_KEEP_PEER_CRT 0
|
||||
#endif /* MBEDTLS_SSL_SESSION_TICKETS */
|
||||
|
||||
#if defined(MBEDTLS_SSL_CLI_C) && defined(MBEDTLS_SSL_SESSION_TICKETS)
|
||||
#define SSL_SERIALIZED_SESSION_CONFIG_CLIENT_TICKET 1
|
||||
#else
|
||||
|
@ -5242,6 +5247,7 @@ const mbedtls_ssl_session *mbedtls_ssl_get_session_pointer(const mbedtls_ssl_con
|
|||
#define SSL_SERIALIZED_SESSION_CONFIG_TRUNC_HMAC_BIT 4
|
||||
#define SSL_SERIALIZED_SESSION_CONFIG_ETM_BIT 5
|
||||
#define SSL_SERIALIZED_SESSION_CONFIG_TICKET_BIT 6
|
||||
#define SSL_SERIALIZED_SESSION_CONFIG_KEEP_PEER_CRT_BIT 7
|
||||
|
||||
#define SSL_SERIALIZED_SESSION_CONFIG_BITFLAG \
|
||||
((uint16_t) ( \
|
||||
|
@ -5253,9 +5259,11 @@ const mbedtls_ssl_session *mbedtls_ssl_get_session_pointer(const mbedtls_ssl_con
|
|||
(SSL_SERIALIZED_SESSION_CONFIG_TRUNC_HMAC << \
|
||||
SSL_SERIALIZED_SESSION_CONFIG_TRUNC_HMAC_BIT) | \
|
||||
(SSL_SERIALIZED_SESSION_CONFIG_ETM << SSL_SERIALIZED_SESSION_CONFIG_ETM_BIT) | \
|
||||
(SSL_SERIALIZED_SESSION_CONFIG_TICKET << SSL_SERIALIZED_SESSION_CONFIG_TICKET_BIT)))
|
||||
(SSL_SERIALIZED_SESSION_CONFIG_TICKET << SSL_SERIALIZED_SESSION_CONFIG_TICKET_BIT) | \
|
||||
(SSL_SERIALIZED_SESSION_CONFIG_KEEP_PEER_CRT << \
|
||||
SSL_SERIALIZED_SESSION_CONFIG_KEEP_PEER_CRT_BIT)))
|
||||
|
||||
static unsigned char ssl_serialized_session_header[] = {
|
||||
static const unsigned char ssl_serialized_session_header[] = {
|
||||
MBEDTLS_VERSION_MAJOR,
|
||||
MBEDTLS_VERSION_MINOR,
|
||||
MBEDTLS_VERSION_PATCH,
|
||||
|
@ -5279,19 +5287,36 @@ static unsigned char ssl_serialized_session_header[] = {
|
|||
* // the setting of those compile-time
|
||||
* // configuration options which influence
|
||||
* // the structure of mbedtls_ssl_session.
|
||||
* #if defined(MBEDTLS_HAVE_TIME)
|
||||
* uint64 start_time;
|
||||
* #endif
|
||||
* uint8 ciphersuite[2]; // defined by the standard
|
||||
* uint8 compression; // 0 or 1
|
||||
* uint8 session_id_len; // at most 32
|
||||
* opaque session_id[32];
|
||||
* opaque master[48]; // fixed length in the standard
|
||||
* uint32 verify_result;
|
||||
* #if defined(MBEDTLS_X509_CRT_PARSE_C)
|
||||
* #if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
|
||||
* opaque peer_cert<0..2^24-1>; // length 0 means no peer cert
|
||||
* #else
|
||||
* uint8 peer_cert_digest_type;
|
||||
* opaque peer_cert_digest<0..2^8-1>
|
||||
* #endif
|
||||
* #endif
|
||||
* #if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C)
|
||||
* opaque ticket<0..2^24-1>; // length 0 means no ticket
|
||||
* uint32 ticket_lifetime;
|
||||
* #endif
|
||||
* #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
|
||||
* uint8 mfl_code; // up to 255 according to standard
|
||||
* #endif
|
||||
* #if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
|
||||
* uint8 trunc_hmac; // 0 or 1
|
||||
* #endif
|
||||
* #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
|
||||
* uint8 encrypt_then_mac; // 0 or 1
|
||||
* #endif
|
||||
*
|
||||
* The order is the same as in the definition of the structure, except
|
||||
* verify_result is put before peer_cert so that all mandatory fields come
|
||||
|
@ -6124,7 +6149,7 @@ void mbedtls_ssl_session_free(mbedtls_ssl_session *session)
|
|||
(SSL_SERIALIZED_CONTEXT_CONFIG_ALPN << SSL_SERIALIZED_CONTEXT_CONFIG_ALPN_BIT) | \
|
||||
0u))
|
||||
|
||||
static unsigned char ssl_serialized_context_header[] = {
|
||||
static const unsigned char ssl_serialized_context_header[] = {
|
||||
MBEDTLS_VERSION_MAJOR,
|
||||
MBEDTLS_VERSION_MINOR,
|
||||
MBEDTLS_VERSION_PATCH,
|
||||
|
@ -6655,7 +6680,7 @@ static int ssl_context_load(mbedtls_ssl_context *ssl,
|
|||
/* alpn_chosen should point to an item in the configured list */
|
||||
for (cur = ssl->conf->alpn_list; *cur != NULL; cur++) {
|
||||
if (strlen(*cur) == alpn_len &&
|
||||
memcmp(p, cur, alpn_len) == 0) {
|
||||
memcmp(p, *cur, alpn_len) == 0) {
|
||||
ssl->alpn_chosen = *cur;
|
||||
break;
|
||||
}
|
||||
|
@ -6822,7 +6847,7 @@ void mbedtls_ssl_config_init(mbedtls_ssl_config *conf)
|
|||
}
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
||||
static int ssl_preset_default_hashes[] = {
|
||||
static const int ssl_preset_default_hashes[] = {
|
||||
#if defined(MBEDTLS_SHA512_C)
|
||||
MBEDTLS_MD_SHA512,
|
||||
#endif
|
||||
|
@ -6840,14 +6865,14 @@ static int ssl_preset_default_hashes[] = {
|
|||
};
|
||||
#endif
|
||||
|
||||
static int ssl_preset_suiteb_ciphersuites[] = {
|
||||
static const int ssl_preset_suiteb_ciphersuites[] = {
|
||||
MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
|
||||
MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
|
||||
0
|
||||
};
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
||||
static int ssl_preset_suiteb_hashes[] = {
|
||||
static const int ssl_preset_suiteb_hashes[] = {
|
||||
MBEDTLS_MD_SHA256,
|
||||
MBEDTLS_MD_SHA384,
|
||||
MBEDTLS_MD_NONE
|
||||
|
@ -6855,7 +6880,7 @@ static int ssl_preset_suiteb_hashes[] = {
|
|||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ECP_C)
|
||||
static mbedtls_ecp_group_id ssl_preset_suiteb_curves[] = {
|
||||
static const mbedtls_ecp_group_id ssl_preset_suiteb_curves[] = {
|
||||
#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
|
||||
MBEDTLS_ECP_DP_SECP256R1,
|
||||
#endif
|
||||
|
|
|
@ -403,6 +403,7 @@ int mbedtls_timing_self_test(int verbose)
|
|||
uint32_t a = 0, b = 0;
|
||||
mbedtls_timing_delay_context ctx;
|
||||
|
||||
memset(&ctx, 0, sizeof(ctx));
|
||||
if (verbose != 0) {
|
||||
mbedtls_printf(" TIMING tests note: will take some time!\n");
|
||||
}
|
||||
|
|
|
@ -456,6 +456,9 @@ static const char * const features[] = {
|
|||
#if defined(MBEDTLS_PSA_INJECT_ENTROPY)
|
||||
"MBEDTLS_PSA_INJECT_ENTROPY",
|
||||
#endif /* MBEDTLS_PSA_INJECT_ENTROPY */
|
||||
#if defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS)
|
||||
"MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS",
|
||||
#endif /* MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS */
|
||||
#if defined(MBEDTLS_RSA_NO_CRT)
|
||||
"MBEDTLS_RSA_NO_CRT",
|
||||
#endif /* MBEDTLS_RSA_NO_CRT */
|
||||
|
|
Loading…
Reference in New Issue