mbedtls: Update to upstream version 2.28.2

This commit is contained in:
Rémi Verschelde 2022-12-21 12:05:54 +01:00
parent 63f95c0e58
commit 6e65244b6b
No known key found for this signature in database
GPG key ID: C3336907360768E1
83 changed files with 672 additions and 726 deletions

View file

@ -345,7 +345,7 @@ Files extracted from upstream source:
## mbedtls ## mbedtls
- Upstream: https://github.com/Mbed-TLS/mbedtls - Upstream: https://github.com/Mbed-TLS/mbedtls
- Version: 2.18.1 (dd79db10014d85b26d11fe57218431f2e5ede6f2, 2022) - Version: 2.18.2 (89f040a5c938985c5f30728baed21e49d0846a53, 2022)
- License: Apache 2.0 - License: Apache 2.0
File extracted from upstream release tarball: File extracted from upstream release tarball:
@ -355,12 +355,10 @@ File extracted from upstream release tarball:
- The `LICENSE` file. - The `LICENSE` file.
- Applied the patch in `patches/1453.diff` (upstream PR: - Applied the patch in `patches/1453.diff` (upstream PR:
https://github.com/ARMmbed/mbedtls/pull/1453). https://github.com/ARMmbed/mbedtls/pull/1453).
Applied the patch in `patches/windows-arm64-hardclock.diff`
- Added 2 files `godot_core_mbedtls_platform.c` and `godot_core_mbedtls_config.h` - Added 2 files `godot_core_mbedtls_platform.c` and `godot_core_mbedtls_config.h`
providing configuration for light bundling with core. providing configuration for light bundling with core.
Some changes have been made in order to fix Windows on ARM build errors.
They are marked with `// -- GODOT start --` and `// -- GODOT end --`
## meshoptimizer ## meshoptimizer

View file

@ -90,7 +90,7 @@ int mbedtls_asn1_write_raw_buffer( unsigned char **p, unsigned char *start,
#if defined(MBEDTLS_BIGNUM_C) #if defined(MBEDTLS_BIGNUM_C)
/** /**
* \brief Write a arbitrary-precision number (#MBEDTLS_ASN1_INTEGER) * \brief Write an arbitrary-precision number (#MBEDTLS_ASN1_INTEGER)
* in ASN.1 format. * in ASN.1 format.
* *
* \note This function works backwards in data buffer. * \note This function works backwards in data buffer.

View file

@ -182,6 +182,20 @@
#endif /* !MBEDTLS_NO_UDBL_DIVISION */ #endif /* !MBEDTLS_NO_UDBL_DIVISION */
#endif /* !MBEDTLS_HAVE_INT64 */ #endif /* !MBEDTLS_HAVE_INT64 */
/** \typedef mbedtls_mpi_uint
* \brief The type of machine digits in a bignum, called _limbs_.
*
* This is always an unsigned integer type with no padding bits. The size
* is platform-dependent.
*/
/** \typedef mbedtls_mpi_sint
* \brief The signed type corresponding to #mbedtls_mpi_uint.
*
* This is always a signed integer type with no padding bits. The size
* is platform-dependent.
*/
#ifdef __cplusplus #ifdef __cplusplus
extern "C" { extern "C" {
#endif #endif
@ -191,9 +205,27 @@ extern "C" {
*/ */
typedef struct mbedtls_mpi typedef struct mbedtls_mpi
{ {
int s; /*!< Sign: -1 if the mpi is negative, 1 otherwise */ /** Sign: -1 if the mpi is negative, 1 otherwise.
size_t n; /*!< total # of limbs */ *
mbedtls_mpi_uint *p; /*!< pointer to limbs */ * The number 0 must be represented with `s = +1`. Although many library
* functions treat all-limbs-zero as equivalent to a valid representation
* of 0 regardless of the sign bit, there are exceptions, so bignum
* functions and external callers must always set \c s to +1 for the
* number zero.
*
* Note that this implies that calloc() or `... = {0}` does not create
* a valid MPI representation. You must call mbedtls_mpi_init().
*/
int s;
/** Total number of limbs in \c p. */
size_t n;
/** Pointer to limbs.
*
* This may be \c NULL if \c n is 0.
*/
mbedtls_mpi_uint *p;
} }
mbedtls_mpi; mbedtls_mpi;
@ -280,7 +312,7 @@ void mbedtls_mpi_swap( mbedtls_mpi *X, mbedtls_mpi *Y );
* \param Y The MPI to be assigned from. This must point to an * \param Y The MPI to be assigned from. This must point to an
* initialized MPI. * initialized MPI.
* \param assign The condition deciding whether to perform the * \param assign The condition deciding whether to perform the
* assignment or not. Possible values: * assignment or not. Must be either 0 or 1:
* * \c 1: Perform the assignment `X = Y`. * * \c 1: Perform the assignment `X = Y`.
* * \c 0: Keep the original value of \p X. * * \c 0: Keep the original value of \p X.
* *
@ -291,6 +323,10 @@ void mbedtls_mpi_swap( mbedtls_mpi *X, mbedtls_mpi *Y );
* information through branch prediction and/or memory access * information through branch prediction and/or memory access
* patterns analysis). * patterns analysis).
* *
* \warning If \p assign is neither 0 nor 1, the result of this function
* is indeterminate, and the resulting value in \p X might be
* neither its original value nor the value in \p Y.
*
* \return \c 0 if successful. * \return \c 0 if successful.
* \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed. * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed.
* \return Another negative error code on other kinds of failure. * \return Another negative error code on other kinds of failure.
@ -303,24 +339,28 @@ int mbedtls_mpi_safe_cond_assign( mbedtls_mpi *X, const mbedtls_mpi *Y, unsigned
* *
* \param X The first MPI. This must be initialized. * \param X The first MPI. This must be initialized.
* \param Y The second MPI. This must be initialized. * \param Y The second MPI. This must be initialized.
* \param assign The condition deciding whether to perform * \param swap The condition deciding whether to perform
* the swap or not. Possible values: * the swap or not. Must be either 0 or 1:
* * \c 1: Swap the values of \p X and \p Y. * * \c 1: Swap the values of \p X and \p Y.
* * \c 0: Keep the original values of \p X and \p Y. * * \c 0: Keep the original values of \p X and \p Y.
* *
* \note This function is equivalent to * \note This function is equivalent to
* if( assign ) mbedtls_mpi_swap( X, Y ); * if( swap ) mbedtls_mpi_swap( X, Y );
* except that it avoids leaking any information about whether * except that it avoids leaking any information about whether
* the assignment was done or not (the above code may leak * the swap was done or not (the above code may leak
* information through branch prediction and/or memory access * information through branch prediction and/or memory access
* patterns analysis). * patterns analysis).
* *
* \warning If \p swap is neither 0 nor 1, the result of this function
* is indeterminate, and both \p X and \p Y might end up with
* values different to either of the original ones.
*
* \return \c 0 if successful. * \return \c 0 if successful.
* \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed. * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed.
* \return Another negative error code on other kinds of failure. * \return Another negative error code on other kinds of failure.
* *
*/ */
int mbedtls_mpi_safe_cond_swap( mbedtls_mpi *X, mbedtls_mpi *Y, unsigned char assign ); int mbedtls_mpi_safe_cond_swap( mbedtls_mpi *X, mbedtls_mpi *Y, unsigned char swap );
/** /**
* \brief Store integer value in MPI. * \brief Store integer value in MPI.
@ -753,11 +793,11 @@ int mbedtls_mpi_mul_int( mbedtls_mpi *X, const mbedtls_mpi *A,
* *
* \param Q The destination MPI for the quotient. * \param Q The destination MPI for the quotient.
* This may be \c NULL if the value of the * This may be \c NULL if the value of the
* quotient is not needed. * quotient is not needed. This must not alias A or B.
* \param R The destination MPI for the remainder value. * \param R The destination MPI for the remainder value.
* This may be \c NULL if the value of the * This may be \c NULL if the value of the
* remainder is not needed. * remainder is not needed. This must not alias A or B.
* \param A The dividend. This must point to an initialized MPi. * \param A The dividend. This must point to an initialized MPI.
* \param B The divisor. This must point to an initialized MPI. * \param B The divisor. This must point to an initialized MPI.
* *
* \return \c 0 if successful. * \return \c 0 if successful.
@ -774,10 +814,10 @@ int mbedtls_mpi_div_mpi( mbedtls_mpi *Q, mbedtls_mpi *R, const mbedtls_mpi *A,
* *
* \param Q The destination MPI for the quotient. * \param Q The destination MPI for the quotient.
* This may be \c NULL if the value of the * This may be \c NULL if the value of the
* quotient is not needed. * quotient is not needed. This must not alias A.
* \param R The destination MPI for the remainder value. * \param R The destination MPI for the remainder value.
* This may be \c NULL if the value of the * This may be \c NULL if the value of the
* remainder is not needed. * remainder is not needed. This must not alias A.
* \param A The dividend. This must point to an initialized MPi. * \param A The dividend. This must point to an initialized MPi.
* \param b The divisor. * \param b The divisor.
* *
@ -832,6 +872,7 @@ int mbedtls_mpi_mod_int( mbedtls_mpi_uint *r, const mbedtls_mpi *A,
* \brief Perform a sliding-window exponentiation: X = A^E mod N * \brief Perform a sliding-window exponentiation: X = A^E mod N
* *
* \param X The destination MPI. This must point to an initialized MPI. * \param X The destination MPI. This must point to an initialized MPI.
* This must not alias E or N.
* \param A The base of the exponentiation. * \param A The base of the exponentiation.
* This must point to an initialized MPI. * This must point to an initialized MPI.
* \param E The exponent MPI. This must point to an initialized MPI. * \param E The exponent MPI. This must point to an initialized MPI.

View file

@ -94,13 +94,29 @@
#if defined(__GNUC__) && \ #if defined(__GNUC__) && \
( !defined(__ARMCC_VERSION) || __ARMCC_VERSION >= 6000000 ) ( !defined(__ARMCC_VERSION) || __ARMCC_VERSION >= 6000000 )
/*
* GCC < 5.0 treated the x86 ebx (which is used for the GOT) as a
* fixed reserved register when building as PIC, leading to errors
* like: bn_mul.h:46:13: error: PIC register clobbered by 'ebx' in 'asm'
*
* This is fixed by an improved register allocator in GCC 5+. From the
* release notes:
* Register allocation improvements: Reuse of the PIC hard register,
* instead of using a fixed register, was implemented on x86/x86-64
* targets. This improves generated PIC code performance as more hard
* registers can be used.
*/
#if defined(__GNUC__) && __GNUC__ < 5 && defined(__PIC__)
#define MULADDC_CANNOT_USE_EBX
#endif
/* /*
* Disable use of the i386 assembly code below if option -O0, to disable all * Disable use of the i386 assembly code below if option -O0, to disable all
* compiler optimisations, is passed, detected with __OPTIMIZE__ * compiler optimisations, is passed, detected with __OPTIMIZE__
* This is done as the number of registers used in the assembly code doesn't * This is done as the number of registers used in the assembly code doesn't
* work with the -O0 option. * work with the -O0 option.
*/ */
#if defined(__i386__) && defined(__OPTIMIZE__) #if defined(__i386__) && defined(__OPTIMIZE__) && !defined(MULADDC_CANNOT_USE_EBX)
#define MULADDC_INIT \ #define MULADDC_INIT \
asm( \ asm( \
@ -563,10 +579,20 @@
"andi r7, r6, 0xffff \n\t" \ "andi r7, r6, 0xffff \n\t" \
"bsrli r6, r6, 16 \n\t" "bsrli r6, r6, 16 \n\t"
#define MULADDC_CORE \ #if(__BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__)
#define MULADDC_LHUI \
"lhui r9, r3, 0 \n\t" \
"addi r3, r3, 2 \n\t" \
"lhui r8, r3, 0 \n\t"
#else
#define MULADDC_LHUI \
"lhui r8, r3, 0 \n\t" \ "lhui r8, r3, 0 \n\t" \
"addi r3, r3, 2 \n\t" \ "addi r3, r3, 2 \n\t" \
"lhui r9, r3, 0 \n\t" \ "lhui r9, r3, 0 \n\t"
#endif
#define MULADDC_CORE \
MULADDC_LHUI \
"addi r3, r3, 2 \n\t" \ "addi r3, r3, 2 \n\t" \
"mul r10, r9, r6 \n\t" \ "mul r10, r9, r6 \n\t" \
"mul r11, r8, r7 \n\t" \ "mul r11, r8, r7 \n\t" \

View file

@ -525,6 +525,20 @@
#error "MBEDTLS_PLATFORM_SNPRINTF_MACRO and MBEDTLS_PLATFORM_STD_SNPRINTF/MBEDTLS_PLATFORM_SNPRINTF_ALT cannot be defined simultaneously" #error "MBEDTLS_PLATFORM_SNPRINTF_MACRO and MBEDTLS_PLATFORM_STD_SNPRINTF/MBEDTLS_PLATFORM_SNPRINTF_ALT cannot be defined simultaneously"
#endif #endif
#if defined(MBEDTLS_PLATFORM_VSNPRINTF_ALT) && !defined(MBEDTLS_PLATFORM_C)
#error "MBEDTLS_PLATFORM_VSNPRINTF_ALT defined, but not all prerequisites"
#endif
#if defined(MBEDTLS_PLATFORM_VSNPRINTF_MACRO) && !defined(MBEDTLS_PLATFORM_C)
#error "MBEDTLS_PLATFORM_VSNPRINTF_MACRO defined, but not all prerequisites"
#endif
#if defined(MBEDTLS_PLATFORM_VSNPRINTF_MACRO) &&\
( defined(MBEDTLS_PLATFORM_STD_VSNPRINTF) ||\
defined(MBEDTLS_PLATFORM_VSNPRINTF_ALT) )
#error "MBEDTLS_PLATFORM_VSNPRINTF_MACRO and MBEDTLS_PLATFORM_STD_VSNPRINTF/MBEDTLS_PLATFORM_VSNPRINTF_ALT cannot be defined simultaneously"
#endif
#if defined(MBEDTLS_PLATFORM_STD_MEM_HDR) &&\ #if defined(MBEDTLS_PLATFORM_STD_MEM_HDR) &&\
!defined(MBEDTLS_PLATFORM_NO_STD_FUNCTIONS) !defined(MBEDTLS_PLATFORM_NO_STD_FUNCTIONS)
#error "MBEDTLS_PLATFORM_STD_MEM_HDR defined, but not all prerequisites" #error "MBEDTLS_PLATFORM_STD_MEM_HDR defined, but not all prerequisites"
@ -650,10 +664,9 @@
MBEDTLS_ECDSA_C requires MBEDTLS_PK_WRITE_C to be defined." MBEDTLS_ECDSA_C requires MBEDTLS_PK_WRITE_C to be defined."
#endif #endif
#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_PKCS1_V15) && \ #if defined(MBEDTLS_PSA_CRYPTO_C) && defined(MBEDTLS_RSA_C) && \
!defined(MBEDTLS_PK_WRITE_C) && defined(MBEDTLS_PSA_CRYPTO_C) !( defined(MBEDTLS_PK_PARSE_C) && defined(MBEDTLS_PK_WRITE_C) )
#error "MBEDTLS_PSA_CRYPTO_C, MBEDTLS_RSA_C and MBEDTLS_PKCS1_V15 defined, \ #error "MBEDTLS_PSA_CRYPTO_C with MBEDTLS_RSA_C requires MBEDTLS_PK_PARSE_C and MBEDTLS_PK_WRITE_C"
but not all prerequisites"
#endif #endif
#if defined(MBEDTLS_RSA_C) && ( !defined(MBEDTLS_BIGNUM_C) || \ #if defined(MBEDTLS_RSA_C) && ( !defined(MBEDTLS_BIGNUM_C) || \
@ -812,6 +825,11 @@
#error "MBEDTLS_SSL_TICKET_C defined, but not all prerequisites" #error "MBEDTLS_SSL_TICKET_C defined, but not all prerequisites"
#endif #endif
#if defined(MBEDTLS_SSL_TICKET_C) && \
!( defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CCM_C) || defined(MBEDTLS_CHACHAPOLY_C) )
#error "MBEDTLS_SSL_TICKET_C defined, but not all prerequisites"
#endif
#if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING) && \ #if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING) && \
!defined(MBEDTLS_SSL_PROTO_SSL3) && !defined(MBEDTLS_SSL_PROTO_TLS1) !defined(MBEDTLS_SSL_PROTO_SSL3) && !defined(MBEDTLS_SSL_PROTO_TLS1)
#error "MBEDTLS_SSL_CBC_RECORD_SPLITTING defined, but not all prerequisites" #error "MBEDTLS_SSL_CBC_RECORD_SPLITTING defined, but not all prerequisites"
@ -926,6 +944,10 @@
#error "MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH defined, but not all prerequisites" #error "MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH defined, but not all prerequisites"
#endif #endif
#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) && !( defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CCM_C) || defined(MBEDTLS_CHACHAPOLY_C) )
#error "MBEDTLS_SSL_CONTEXT_SERIALIZATION defined, but not all prerequisites"
#endif
/* /*
* Avoid warning from -pedantic. This is a convenient place for this * Avoid warning from -pedantic. This is a convenient place for this
* workaround since this is included by every single file before the * workaround since this is included by every single file before the

View file

@ -1329,7 +1329,7 @@
* Include backtrace information with each allocated block. * Include backtrace information with each allocated block.
* *
* Requires: MBEDTLS_MEMORY_BUFFER_ALLOC_C * Requires: MBEDTLS_MEMORY_BUFFER_ALLOC_C
* GLIBC-compatible backtrace() an backtrace_symbols() support * GLIBC-compatible backtrace() and backtrace_symbols() support
* *
* Uncomment this macro to include backtrace information * Uncomment this macro to include backtrace information
*/ */
@ -1620,6 +1620,8 @@
* saved after the handshake to allow for more efficient serialization, so if * saved after the handshake to allow for more efficient serialization, so if
* you don't need this feature you'll save RAM by disabling it. * you don't need this feature you'll save RAM by disabling it.
* *
* Requires: MBEDTLS_GCM_C or MBEDTLS_CCM_C or MBEDTLS_CHACHAPOLY_C
*
* Comment to disable the context serialization APIs. * Comment to disable the context serialization APIs.
*/ */
#define MBEDTLS_SSL_CONTEXT_SERIALIZATION #define MBEDTLS_SSL_CONTEXT_SERIALIZATION
@ -2425,7 +2427,7 @@
* MBEDTLS_TLS_PSK_WITH_RC4_128_SHA * MBEDTLS_TLS_PSK_WITH_RC4_128_SHA
* *
* \warning ARC4 is considered a weak cipher and its use constitutes a * \warning ARC4 is considered a weak cipher and its use constitutes a
* security risk. If possible, we recommend avoidng dependencies on * security risk. If possible, we recommend avoiding dependencies on
* it, and considering stronger ciphers instead. * it, and considering stronger ciphers instead.
* *
*/ */
@ -3030,7 +3032,7 @@
* *
* \note See also our Knowledge Base article about porting to a new * \note See also our Knowledge Base article about porting to a new
* environment: * environment:
* https://tls.mbed.org/kb/how-to/how-do-i-port-mbed-tls-to-a-new-environment-OS * https://mbed-tls.readthedocs.io/en/latest/kb/how-to/how-do-i-port-mbed-tls-to-a-new-environment-OS
* *
* Module: library/net_sockets.c * Module: library/net_sockets.c
* *
@ -3400,7 +3402,8 @@
* Module: library/ssl_ticket.c * Module: library/ssl_ticket.c
* Caller: * Caller:
* *
* Requires: MBEDTLS_CIPHER_C * Requires: MBEDTLS_CIPHER_C &&
* ( MBEDTLS_GCM_C || MBEDTLS_CCM_C || MBEDTLS_CHACHAPOLY_C )
*/ */
#define MBEDTLS_SSL_TICKET_C #define MBEDTLS_SSL_TICKET_C
@ -3456,7 +3459,7 @@
* contexts are not shared between threads. If you do intend to use contexts * contexts are not shared between threads. If you do intend to use contexts
* between threads, you will need to enable this layer to prevent race * between threads, you will need to enable this layer to prevent race
* conditions. See also our Knowledge Base article about threading: * conditions. See also our Knowledge Base article about threading:
* https://tls.mbed.org/kb/development/thread-safety-and-multi-threading * https://mbed-tls.readthedocs.io/en/latest/kb/development/thread-safety-and-multi-threading
* *
* Module: library/threading.c * Module: library/threading.c
* *
@ -3488,7 +3491,7 @@
* *
* \note See also our Knowledge Base article about porting to a new * \note See also our Knowledge Base article about porting to a new
* environment: * environment:
* https://tls.mbed.org/kb/how-to/how-do-i-port-mbed-tls-to-a-new-environment-OS * https://mbed-tls.readthedocs.io/en/latest/kb/how-to/how-do-i-port-mbed-tls-to-a-new-environment-OS
* *
* Module: library/timing.c * Module: library/timing.c
* Caller: library/havege.c * Caller: library/havege.c

View file

@ -309,10 +309,8 @@ int mbedtls_ecdsa_sign_det_ext( mbedtls_ecp_group *grp, mbedtls_mpi *r,
* This must be initialized. * This must be initialized.
* *
* \return \c 0 on success. * \return \c 0 on success.
* \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if the signature
* is invalid.
* \return An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX * \return An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX
* error code on failure for any other reason. * error code on failure.
*/ */
int mbedtls_ecdsa_verify( mbedtls_ecp_group *grp, int mbedtls_ecdsa_verify( mbedtls_ecp_group *grp,
const unsigned char *buf, size_t blen, const unsigned char *buf, size_t blen,

View file

@ -215,7 +215,7 @@ MBEDTLS_CHECK_RETURN_TYPICAL
int mbedtls_md_setup( mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_info, int hmac ); int mbedtls_md_setup( mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_info, int hmac );
/** /**
* \brief This function clones the state of an message-digest * \brief This function clones the state of a message-digest
* context. * context.
* *
* \note You must call mbedtls_md_setup() on \c dst before calling * \note You must call mbedtls_md_setup() on \c dst before calling

View file

@ -11,6 +11,13 @@
* implementations of these functions, or implementations specific to * implementations of these functions, or implementations specific to
* their platform, which can be statically linked to the library or * their platform, which can be statically linked to the library or
* dynamically configured at runtime. * dynamically configured at runtime.
*
* When all compilation options related to platform abstraction are
* disabled, this header just defines `mbedtls_xxx` function names
* as aliases to the standard `xxx` function.
*
* Most modules in the library and example programs are expected to
* include this header.
*/ */
/* /*
* Copyright The Mbed TLS Contributors * Copyright The Mbed TLS Contributors

View file

@ -74,7 +74,7 @@ void mbedtls_ripemd160_init( mbedtls_ripemd160_context *ctx );
void mbedtls_ripemd160_free( mbedtls_ripemd160_context *ctx ); void mbedtls_ripemd160_free( mbedtls_ripemd160_context *ctx );
/** /**
* \brief Clone (the state of) an RIPEMD-160 context * \brief Clone (the state of) a RIPEMD-160 context
* *
* \param dst The destination context * \param dst The destination context
* \param src The context to be cloned * \param src The context to be cloned

View file

@ -491,7 +491,7 @@ int mbedtls_rsa_check_pubkey( const mbedtls_rsa_context *ctx );
* the current function does not have access to them, * the current function does not have access to them,
* and therefore cannot check them. See mbedtls_rsa_complete(). * and therefore cannot check them. See mbedtls_rsa_complete().
* If you want to check the consistency of the entire * If you want to check the consistency of the entire
* content of an PKCS1-encoded RSA private key, for example, you * content of a PKCS1-encoded RSA private key, for example, you
* should use mbedtls_rsa_validate_params() before setting * should use mbedtls_rsa_validate_params() before setting
* up the RSA context. * up the RSA context.
* Additionally, if the implementation performs empirical checks, * Additionally, if the implementation performs empirical checks,

View file

@ -624,7 +624,7 @@ typedef int mbedtls_ssl_recv_t( void *ctx,
* \param ctx Context for the receive callback (typically a file descriptor) * \param ctx Context for the receive callback (typically a file descriptor)
* \param buf Buffer to write the received data to * \param buf Buffer to write the received data to
* \param len Length of the receive buffer * \param len Length of the receive buffer
* \param timeout Maximum nomber of millisecondes to wait for data * \param timeout Maximum number of milliseconds to wait for data
* 0 means no timeout (potentially waiting forever) * 0 means no timeout (potentially waiting forever)
* *
* \return The callback must return the number of bytes received, * \return The callback must return the number of bytes received,
@ -652,7 +652,7 @@ typedef int mbedtls_ssl_recv_timeout_t( void *ctx,
* for the associated \c mbedtls_ssl_get_timer_t callback to * for the associated \c mbedtls_ssl_get_timer_t callback to
* return correct information. * return correct information.
* *
* \note If using a event-driven style of programming, an event must * \note If using an event-driven style of programming, an event must
* be generated when the final delay is passed. The event must * be generated when the final delay is passed. The event must
* cause a call to \c mbedtls_ssl_handshake() with the proper * cause a call to \c mbedtls_ssl_handshake() with the proper
* SSL context to be scheduled. Care must be taken to ensure * SSL context to be scheduled. Care must be taken to ensure
@ -2000,7 +2000,7 @@ int mbedtls_ssl_check_record( mbedtls_ssl_context const *ssl,
* here, except if using an event-driven style. * here, except if using an event-driven style.
* *
* \note See also the "DTLS tutorial" article in our knowledge base. * \note See also the "DTLS tutorial" article in our knowledge base.
* https://tls.mbed.org/kb/how-to/dtls-tutorial * https://mbed-tls.readthedocs.io/en/latest/kb/how-to/dtls-tutorial
*/ */
void mbedtls_ssl_set_timer_cb( mbedtls_ssl_context *ssl, void mbedtls_ssl_set_timer_cb( mbedtls_ssl_context *ssl,
void *p_timer, void *p_timer,

View file

@ -782,7 +782,7 @@ struct mbedtls_ssl_transform
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
uint8_t in_cid_len; uint8_t in_cid_len;
uint8_t out_cid_len; uint8_t out_cid_len;
unsigned char in_cid [ MBEDTLS_SSL_CID_OUT_LEN_MAX ]; unsigned char in_cid [ MBEDTLS_SSL_CID_IN_LEN_MAX ];
unsigned char out_cid[ MBEDTLS_SSL_CID_OUT_LEN_MAX ]; unsigned char out_cid[ MBEDTLS_SSL_CID_OUT_LEN_MAX ];
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */

View file

@ -38,16 +38,16 @@
*/ */
#define MBEDTLS_VERSION_MAJOR 2 #define MBEDTLS_VERSION_MAJOR 2
#define MBEDTLS_VERSION_MINOR 28 #define MBEDTLS_VERSION_MINOR 28
#define MBEDTLS_VERSION_PATCH 1 #define MBEDTLS_VERSION_PATCH 2
/** /**
* The single version number has the following structure: * The single version number has the following structure:
* MMNNPP00 * MMNNPP00
* Major version | Minor version | Patch version * Major version | Minor version | Patch version
*/ */
#define MBEDTLS_VERSION_NUMBER 0x021C0100 #define MBEDTLS_VERSION_NUMBER 0x021C0200
#define MBEDTLS_VERSION_STRING "2.28.1" #define MBEDTLS_VERSION_STRING "2.28.2"
#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 2.28.1" #define MBEDTLS_VERSION_STRING_FULL "mbed TLS 2.28.2"
#if defined(MBEDTLS_VERSION_C) #if defined(MBEDTLS_VERSION_C)

View file

@ -40,14 +40,7 @@
#include "mbedtls/aesni.h" #include "mbedtls/aesni.h"
#endif #endif
#if defined(MBEDTLS_SELF_TEST)
#if defined(MBEDTLS_PLATFORM_C)
#include "mbedtls/platform.h" #include "mbedtls/platform.h"
#else
#include <stdio.h>
#define mbedtls_printf printf
#endif /* MBEDTLS_PLATFORM_C */
#endif /* MBEDTLS_SELF_TEST */
#if !defined(MBEDTLS_AES_ALT) #if !defined(MBEDTLS_AES_ALT)
@ -1170,7 +1163,7 @@ int mbedtls_aes_crypt_xts( mbedtls_aes_xts_context *ctx,
{ {
/* We are on the last block in a decrypt operation that has /* We are on the last block in a decrypt operation that has
* leftover bytes, so we need to use the next tweak for this block, * leftover bytes, so we need to use the next tweak for this block,
* and this tweak for the lefover bytes. Save the current tweak for * and this tweak for the leftover bytes. Save the current tweak for
* the leftovers and then update the current tweak for use on this, * the leftovers and then update the current tweak for use on this,
* the last full block. */ * the last full block. */
memcpy( prev_tweak, tweak, sizeof( tweak ) ); memcpy( prev_tweak, tweak, sizeof( tweak ) );
@ -1770,7 +1763,8 @@ int mbedtls_aes_self_test( int verbose )
unsigned char key[32]; unsigned char key[32];
unsigned char buf[64]; unsigned char buf[64];
const unsigned char *aes_tests; const unsigned char *aes_tests;
#if defined(MBEDTLS_CIPHER_MODE_CBC) || defined(MBEDTLS_CIPHER_MODE_CFB) #if defined(MBEDTLS_CIPHER_MODE_CBC) || defined(MBEDTLS_CIPHER_MODE_CFB) || \
defined(MBEDTLS_CIPHER_MODE_OFB)
unsigned char iv[16]; unsigned char iv[16];
#endif #endif
#if defined(MBEDTLS_CIPHER_MODE_CBC) #if defined(MBEDTLS_CIPHER_MODE_CBC)

View file

@ -31,14 +31,7 @@
#include <string.h> #include <string.h>
#if defined(MBEDTLS_SELF_TEST)
#if defined(MBEDTLS_PLATFORM_C)
#include "mbedtls/platform.h" #include "mbedtls/platform.h"
#else
#include <stdio.h>
#define mbedtls_printf printf
#endif /* MBEDTLS_PLATFORM_C */
#endif /* MBEDTLS_SELF_TEST */
#if !defined(MBEDTLS_ARC4_ALT) #if !defined(MBEDTLS_ARC4_ALT)

View file

@ -31,24 +31,12 @@
#include <string.h> #include <string.h>
#if defined(MBEDTLS_SELF_TEST)
#if defined(MBEDTLS_PLATFORM_C)
#include "mbedtls/platform.h" #include "mbedtls/platform.h"
#else
#include <stdio.h>
#define mbedtls_printf printf
#endif /* MBEDTLS_PLATFORM_C */
#endif /* MBEDTLS_SELF_TEST */
#if !defined(MBEDTLS_ARIA_ALT) #if !defined(MBEDTLS_ARIA_ALT)
#include "mbedtls/platform_util.h" #include "mbedtls/platform_util.h"
#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
!defined(inline) && !defined(__cplusplus)
#define inline __inline
#endif
/* Parameter validation macros */ /* Parameter validation macros */
#define ARIA_VALIDATE_RET( cond ) \ #define ARIA_VALIDATE_RET( cond ) \
MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_ARIA_BAD_INPUT_DATA ) MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_ARIA_BAD_INPUT_DATA )
@ -895,15 +883,17 @@ static const uint8_t aria_test2_ctr_ct[3][48] = // CTR ciphertext
}; };
#endif /* MBEDTLS_CIPHER_MODE_CFB */ #endif /* MBEDTLS_CIPHER_MODE_CFB */
#define ARIA_SELF_TEST_IF_FAIL \ #define ARIA_SELF_TEST_ASSERT( cond ) \
{ \ do { \
if( cond ) { \
if( verbose ) \ if( verbose ) \
mbedtls_printf( "failed\n" ); \ mbedtls_printf( "failed\n" ); \
goto exit; \ goto exit; \
} else { \ } else { \
if( verbose ) \ if( verbose ) \
mbedtls_printf( "passed\n" ); \ mbedtls_printf( "passed\n" ); \
} } \
} while( 0 )
/* /*
* Checkup routine * Checkup routine
@ -937,16 +927,18 @@ int mbedtls_aria_self_test( int verbose )
mbedtls_printf( " ARIA-ECB-%d (enc): ", 128 + 64 * i ); mbedtls_printf( " ARIA-ECB-%d (enc): ", 128 + 64 * i );
mbedtls_aria_setkey_enc( &ctx, aria_test1_ecb_key, 128 + 64 * i ); mbedtls_aria_setkey_enc( &ctx, aria_test1_ecb_key, 128 + 64 * i );
mbedtls_aria_crypt_ecb( &ctx, aria_test1_ecb_pt, blk ); mbedtls_aria_crypt_ecb( &ctx, aria_test1_ecb_pt, blk );
if( memcmp( blk, aria_test1_ecb_ct[i], MBEDTLS_ARIA_BLOCKSIZE ) != 0 ) ARIA_SELF_TEST_ASSERT(
ARIA_SELF_TEST_IF_FAIL; memcmp( blk, aria_test1_ecb_ct[i], MBEDTLS_ARIA_BLOCKSIZE )
!= 0 );
/* test ECB decryption */ /* test ECB decryption */
if( verbose ) if( verbose )
mbedtls_printf( " ARIA-ECB-%d (dec): ", 128 + 64 * i ); mbedtls_printf( " ARIA-ECB-%d (dec): ", 128 + 64 * i );
mbedtls_aria_setkey_dec( &ctx, aria_test1_ecb_key, 128 + 64 * i ); mbedtls_aria_setkey_dec( &ctx, aria_test1_ecb_key, 128 + 64 * i );
mbedtls_aria_crypt_ecb( &ctx, aria_test1_ecb_ct[i], blk ); mbedtls_aria_crypt_ecb( &ctx, aria_test1_ecb_ct[i], blk );
if( memcmp( blk, aria_test1_ecb_pt, MBEDTLS_ARIA_BLOCKSIZE ) != 0 ) ARIA_SELF_TEST_ASSERT(
ARIA_SELF_TEST_IF_FAIL; memcmp( blk, aria_test1_ecb_pt, MBEDTLS_ARIA_BLOCKSIZE )
!= 0 );
} }
if( verbose ) if( verbose )
mbedtls_printf( "\n" ); mbedtls_printf( "\n" );
@ -965,8 +957,8 @@ int mbedtls_aria_self_test( int verbose )
memset( buf, 0x55, sizeof( buf ) ); memset( buf, 0x55, sizeof( buf ) );
mbedtls_aria_crypt_cbc( &ctx, MBEDTLS_ARIA_ENCRYPT, 48, iv, mbedtls_aria_crypt_cbc( &ctx, MBEDTLS_ARIA_ENCRYPT, 48, iv,
aria_test2_pt, buf ); aria_test2_pt, buf );
if( memcmp( buf, aria_test2_cbc_ct[i], 48 ) != 0 ) ARIA_SELF_TEST_ASSERT( memcmp( buf, aria_test2_cbc_ct[i], 48 )
ARIA_SELF_TEST_IF_FAIL; != 0 );
/* Test CBC decryption */ /* Test CBC decryption */
if( verbose ) if( verbose )
@ -976,8 +968,7 @@ int mbedtls_aria_self_test( int verbose )
memset( buf, 0xAA, sizeof( buf ) ); memset( buf, 0xAA, sizeof( buf ) );
mbedtls_aria_crypt_cbc( &ctx, MBEDTLS_ARIA_DECRYPT, 48, iv, mbedtls_aria_crypt_cbc( &ctx, MBEDTLS_ARIA_DECRYPT, 48, iv,
aria_test2_cbc_ct[i], buf ); aria_test2_cbc_ct[i], buf );
if( memcmp( buf, aria_test2_pt, 48 ) != 0 ) ARIA_SELF_TEST_ASSERT( memcmp( buf, aria_test2_pt, 48 ) != 0 );
ARIA_SELF_TEST_IF_FAIL;
} }
if( verbose ) if( verbose )
mbedtls_printf( "\n" ); mbedtls_printf( "\n" );
@ -996,8 +987,7 @@ int mbedtls_aria_self_test( int verbose )
j = 0; j = 0;
mbedtls_aria_crypt_cfb128( &ctx, MBEDTLS_ARIA_ENCRYPT, 48, &j, iv, mbedtls_aria_crypt_cfb128( &ctx, MBEDTLS_ARIA_ENCRYPT, 48, &j, iv,
aria_test2_pt, buf ); aria_test2_pt, buf );
if( memcmp( buf, aria_test2_cfb_ct[i], 48 ) != 0 ) ARIA_SELF_TEST_ASSERT( memcmp( buf, aria_test2_cfb_ct[i], 48 ) != 0 );
ARIA_SELF_TEST_IF_FAIL;
/* Test CFB decryption */ /* Test CFB decryption */
if( verbose ) if( verbose )
@ -1008,8 +998,7 @@ int mbedtls_aria_self_test( int verbose )
j = 0; j = 0;
mbedtls_aria_crypt_cfb128( &ctx, MBEDTLS_ARIA_DECRYPT, 48, &j, mbedtls_aria_crypt_cfb128( &ctx, MBEDTLS_ARIA_DECRYPT, 48, &j,
iv, aria_test2_cfb_ct[i], buf ); iv, aria_test2_cfb_ct[i], buf );
if( memcmp( buf, aria_test2_pt, 48 ) != 0 ) ARIA_SELF_TEST_ASSERT( memcmp( buf, aria_test2_pt, 48 ) != 0 );
ARIA_SELF_TEST_IF_FAIL;
} }
if( verbose ) if( verbose )
mbedtls_printf( "\n" ); mbedtls_printf( "\n" );
@ -1027,8 +1016,7 @@ int mbedtls_aria_self_test( int verbose )
j = 0; j = 0;
mbedtls_aria_crypt_ctr( &ctx, 48, &j, iv, blk, mbedtls_aria_crypt_ctr( &ctx, 48, &j, iv, blk,
aria_test2_pt, buf ); aria_test2_pt, buf );
if( memcmp( buf, aria_test2_ctr_ct[i], 48 ) != 0 ) ARIA_SELF_TEST_ASSERT( memcmp( buf, aria_test2_ctr_ct[i], 48 ) != 0 );
ARIA_SELF_TEST_IF_FAIL;
/* Test CTR decryption */ /* Test CTR decryption */
if( verbose ) if( verbose )
@ -1039,8 +1027,7 @@ int mbedtls_aria_self_test( int verbose )
j = 0; j = 0;
mbedtls_aria_crypt_ctr( &ctx, 48, &j, iv, blk, mbedtls_aria_crypt_ctr( &ctx, 48, &j, iv, blk,
aria_test2_ctr_ct[i], buf ); aria_test2_ctr_ct[i], buf );
if( memcmp( buf, aria_test2_pt, 48 ) != 0 ) ARIA_SELF_TEST_ASSERT( memcmp( buf, aria_test2_pt, 48 ) != 0 );
ARIA_SELF_TEST_IF_FAIL;
} }
if( verbose ) if( verbose )
mbedtls_printf( "\n" ); mbedtls_printf( "\n" );

View file

@ -31,13 +31,7 @@
#include "mbedtls/bignum.h" #include "mbedtls/bignum.h"
#endif #endif
#if defined(MBEDTLS_PLATFORM_C)
#include "mbedtls/platform.h" #include "mbedtls/platform.h"
#else
#include <stdlib.h>
#define mbedtls_calloc calloc
#define mbedtls_free free
#endif
/* /*
* ASN.1 DER decoding routines * ASN.1 DER decoding routines

View file

@ -26,13 +26,7 @@
#include <string.h> #include <string.h>
#if defined(MBEDTLS_PLATFORM_C)
#include "mbedtls/platform.h" #include "mbedtls/platform.h"
#else
#include <stdlib.h>
#define mbedtls_calloc calloc
#define mbedtls_free free
#endif
int mbedtls_asn1_write_len( unsigned char **p, unsigned char *start, size_t len ) int mbedtls_asn1_write_len( unsigned char **p, unsigned char *start, size_t len )
{ {
@ -78,9 +72,11 @@ int mbedtls_asn1_write_len( unsigned char **p, unsigned char *start, size_t len
return( 4 ); return( 4 );
} }
int len_is_valid = 1;
#if SIZE_MAX > 0xFFFFFFFF #if SIZE_MAX > 0xFFFFFFFF
if( len <= 0xFFFFFFFF ) len_is_valid = ( len <= 0xFFFFFFFF );
#endif #endif
if( len_is_valid )
{ {
if( *p - start < 5 ) if( *p - start < 5 )
return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL ); return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
@ -93,9 +89,7 @@ int mbedtls_asn1_write_len( unsigned char **p, unsigned char *start, size_t len
return( 5 ); return( 5 );
} }
#if SIZE_MAX > 0xFFFFFFFF
return( MBEDTLS_ERR_ASN1_INVALID_LENGTH ); return( MBEDTLS_ERR_ASN1_INVALID_LENGTH );
#endif
} }
int mbedtls_asn1_write_tag( unsigned char **p, unsigned char *start, unsigned char tag ) int mbedtls_asn1_write_tag( unsigned char **p, unsigned char *start, unsigned char tag )

View file

@ -28,12 +28,7 @@
#if defined(MBEDTLS_SELF_TEST) #if defined(MBEDTLS_SELF_TEST)
#include <string.h> #include <string.h>
#if defined(MBEDTLS_PLATFORM_C)
#include "mbedtls/platform.h" #include "mbedtls/platform.h"
#else
#include <stdio.h>
#define mbedtls_printf printf
#endif /* MBEDTLS_PLATFORM_C */
#endif /* MBEDTLS_SELF_TEST */ #endif /* MBEDTLS_SELF_TEST */
#define BASE64_SIZE_T_MAX ( (size_t) -1 ) /* SIZE_T_MAX is not standard */ #define BASE64_SIZE_T_MAX ( (size_t) -1 ) /* SIZE_T_MAX is not standard */

View file

@ -46,15 +46,7 @@
#include <limits.h> #include <limits.h>
#include <string.h> #include <string.h>
#if defined(MBEDTLS_PLATFORM_C)
#include "mbedtls/platform.h" #include "mbedtls/platform.h"
#else
#include <stdio.h>
#include <stdlib.h>
#define mbedtls_printf printf
#define mbedtls_calloc calloc
#define mbedtls_free free
#endif
#define MPI_VALIDATE_RET( cond ) \ #define MPI_VALIDATE_RET( cond ) \
MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_MPI_BAD_INPUT_DATA ) MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_MPI_BAD_INPUT_DATA )
@ -270,6 +262,17 @@ void mbedtls_mpi_swap( mbedtls_mpi *X, mbedtls_mpi *Y )
memcpy( Y, &T, sizeof( mbedtls_mpi ) ); memcpy( Y, &T, sizeof( mbedtls_mpi ) );
} }
static inline mbedtls_mpi_uint mpi_sint_abs( mbedtls_mpi_sint z )
{
if( z >= 0 )
return( z );
/* Take care to handle the most negative value (-2^(biL-1)) correctly.
* A naive -z would have undefined behavior.
* Write this in a way that makes popular compilers happy (GCC, Clang,
* MSVC). */
return( (mbedtls_mpi_uint) 0 - (mbedtls_mpi_uint) z );
}
/* /*
* Set value from integer * Set value from integer
*/ */
@ -281,7 +284,7 @@ int mbedtls_mpi_lset( mbedtls_mpi *X, mbedtls_mpi_sint z )
MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, 1 ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, 1 ) );
memset( X->p, 0, X->n * ciL ); memset( X->p, 0, X->n * ciL );
X->p[0] = ( z < 0 ) ? -z : z; X->p[0] = mpi_sint_abs( z );
X->s = ( z < 0 ) ? -1 : 1; X->s = ( z < 0 ) ? -1 : 1;
cleanup: cleanup:
@ -1101,7 +1104,7 @@ int mbedtls_mpi_cmp_int( const mbedtls_mpi *X, mbedtls_mpi_sint z )
mbedtls_mpi_uint p[1]; mbedtls_mpi_uint p[1];
MPI_VALIDATE_RET( X != NULL ); MPI_VALIDATE_RET( X != NULL );
*p = ( z < 0 ) ? -z : z; *p = mpi_sint_abs( z );
Y.s = ( z < 0 ) ? -1 : 1; Y.s = ( z < 0 ) ? -1 : 1;
Y.n = 1; Y.n = 1;
Y.p = p; Y.p = p;
@ -1138,6 +1141,11 @@ int mbedtls_mpi_add_abs( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi
if( B->p[j - 1] != 0 ) if( B->p[j - 1] != 0 )
break; break;
/* Exit early to avoid undefined behavior on NULL+0 when X->n == 0
* and B is 0 (of any size). */
if( j == 0 )
return( 0 );
MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, j ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, j ) );
o = B->p; p = X->p; c = 0; o = B->p; p = X->p; c = 0;
@ -1257,10 +1265,12 @@ cleanup:
return( ret ); return( ret );
} }
/* /* Common function for signed addition and subtraction.
* Signed addition: X = A + B * Calculate A + B * flip_B where flip_B is 1 or -1.
*/ */
int mbedtls_mpi_add_mpi( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B ) static int add_sub_mpi( mbedtls_mpi *X,
const mbedtls_mpi *A, const mbedtls_mpi *B,
int flip_B )
{ {
int ret, s; int ret, s;
MPI_VALIDATE_RET( X != NULL ); MPI_VALIDATE_RET( X != NULL );
@ -1268,16 +1278,21 @@ int mbedtls_mpi_add_mpi( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi
MPI_VALIDATE_RET( B != NULL ); MPI_VALIDATE_RET( B != NULL );
s = A->s; s = A->s;
if( A->s * B->s < 0 ) if( A->s * B->s * flip_B < 0 )
{ {
if( mbedtls_mpi_cmp_abs( A, B ) >= 0 ) int cmp = mbedtls_mpi_cmp_abs( A, B );
if( cmp >= 0 )
{ {
MBEDTLS_MPI_CHK( mbedtls_mpi_sub_abs( X, A, B ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_sub_abs( X, A, B ) );
X->s = s; /* If |A| = |B|, the result is 0 and we must set the sign bit
* to +1 regardless of which of A or B was negative. Otherwise,
* since |A| > |B|, the sign is the sign of A. */
X->s = cmp == 0 ? 1 : s;
} }
else else
{ {
MBEDTLS_MPI_CHK( mbedtls_mpi_sub_abs( X, B, A ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_sub_abs( X, B, A ) );
/* Since |A| < |B|, the sign is the opposite of A. */
X->s = -s; X->s = -s;
} }
} }
@ -1292,39 +1307,20 @@ cleanup:
return( ret ); return( ret );
} }
/*
* Signed addition: X = A + B
*/
int mbedtls_mpi_add_mpi( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B )
{
return( add_sub_mpi( X, A, B, 1 ) );
}
/* /*
* Signed subtraction: X = A - B * Signed subtraction: X = A - B
*/ */
int mbedtls_mpi_sub_mpi( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B ) int mbedtls_mpi_sub_mpi( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B )
{ {
int ret, s; return( add_sub_mpi( X, A, B, -1 ) );
MPI_VALIDATE_RET( X != NULL );
MPI_VALIDATE_RET( A != NULL );
MPI_VALIDATE_RET( B != NULL );
s = A->s;
if( A->s * B->s > 0 )
{
if( mbedtls_mpi_cmp_abs( A, B ) >= 0 )
{
MBEDTLS_MPI_CHK( mbedtls_mpi_sub_abs( X, A, B ) );
X->s = s;
}
else
{
MBEDTLS_MPI_CHK( mbedtls_mpi_sub_abs( X, B, A ) );
X->s = -s;
}
}
else
{
MBEDTLS_MPI_CHK( mbedtls_mpi_add_abs( X, A, B ) );
X->s = s;
}
cleanup:
return( ret );
} }
/* /*
@ -1337,7 +1333,7 @@ int mbedtls_mpi_add_int( mbedtls_mpi *X, const mbedtls_mpi *A, mbedtls_mpi_sint
MPI_VALIDATE_RET( X != NULL ); MPI_VALIDATE_RET( X != NULL );
MPI_VALIDATE_RET( A != NULL ); MPI_VALIDATE_RET( A != NULL );
p[0] = ( b < 0 ) ? -b : b; p[0] = mpi_sint_abs( b );
B.s = ( b < 0 ) ? -1 : 1; B.s = ( b < 0 ) ? -1 : 1;
B.n = 1; B.n = 1;
B.p = p; B.p = p;
@ -1355,7 +1351,7 @@ int mbedtls_mpi_sub_int( mbedtls_mpi *X, const mbedtls_mpi *A, mbedtls_mpi_sint
MPI_VALIDATE_RET( X != NULL ); MPI_VALIDATE_RET( X != NULL );
MPI_VALIDATE_RET( A != NULL ); MPI_VALIDATE_RET( A != NULL );
p[0] = ( b < 0 ) ? -b : b; p[0] = mpi_sint_abs( b );
B.s = ( b < 0 ) ? -1 : 1; B.s = ( b < 0 ) ? -1 : 1;
B.n = 1; B.n = 1;
B.p = p; B.p = p;
@ -1776,7 +1772,7 @@ int mbedtls_mpi_div_int( mbedtls_mpi *Q, mbedtls_mpi *R,
mbedtls_mpi_uint p[1]; mbedtls_mpi_uint p[1];
MPI_VALIDATE_RET( A != NULL ); MPI_VALIDATE_RET( A != NULL );
p[0] = ( b < 0 ) ? -b : b; p[0] = mpi_sint_abs( b );
B.s = ( b < 0 ) ? -1 : 1; B.s = ( b < 0 ) ? -1 : 1;
B.n = 1; B.n = 1;
B.p = p; B.p = p;
@ -2009,11 +2005,11 @@ int mbedtls_mpi_exp_mod( mbedtls_mpi *X, const mbedtls_mpi *A,
mbedtls_mpi *prec_RR ) mbedtls_mpi *prec_RR )
{ {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t wbits, wsize, one = 1; size_t window_bitsize;
size_t i, j, nblimbs; size_t i, j, nblimbs;
size_t bufsize, nbits; size_t bufsize, nbits;
mbedtls_mpi_uint ei, mm, state; mbedtls_mpi_uint ei, mm, state;
mbedtls_mpi RR, T, W[ 1 << MBEDTLS_MPI_WINDOW_SIZE ], WW, Apos; mbedtls_mpi RR, T, W[ (size_t) 1 << MBEDTLS_MPI_WINDOW_SIZE ], WW, Apos;
int neg; int neg;
MPI_VALIDATE_RET( X != NULL ); MPI_VALIDATE_RET( X != NULL );
@ -2042,21 +2038,59 @@ int mbedtls_mpi_exp_mod( mbedtls_mpi *X, const mbedtls_mpi *A,
i = mbedtls_mpi_bitlen( E ); i = mbedtls_mpi_bitlen( E );
wsize = ( i > 671 ) ? 6 : ( i > 239 ) ? 5 : window_bitsize = ( i > 671 ) ? 6 : ( i > 239 ) ? 5 :
( i > 79 ) ? 4 : ( i > 23 ) ? 3 : 1; ( i > 79 ) ? 4 : ( i > 23 ) ? 3 : 1;
#if( MBEDTLS_MPI_WINDOW_SIZE < 6 ) #if( MBEDTLS_MPI_WINDOW_SIZE < 6 )
if( wsize > MBEDTLS_MPI_WINDOW_SIZE ) if( window_bitsize > MBEDTLS_MPI_WINDOW_SIZE )
wsize = MBEDTLS_MPI_WINDOW_SIZE; window_bitsize = MBEDTLS_MPI_WINDOW_SIZE;
#endif #endif
const size_t w_table_used_size = (size_t) 1 << window_bitsize;
/*
* This function is not constant-trace: its memory accesses depend on the
* exponent value. To defend against timing attacks, callers (such as RSA
* and DHM) should use exponent blinding. However this is not enough if the
* adversary can find the exponent in a single trace, so this function
* takes extra precautions against adversaries who can observe memory
* access patterns.
*
* This function performs a series of multiplications by table elements and
* squarings, and we want the prevent the adversary from finding out which
* table element was used, and from distinguishing between multiplications
* and squarings. Firstly, when multiplying by an element of the window
* W[i], we do a constant-trace table lookup to obfuscate i. This leaves
* squarings as having a different memory access patterns from other
* multiplications. So secondly, we put the accumulator X in the table as
* well, and also do a constant-trace table lookup to multiply by X.
*
* This way, all multiplications take the form of a lookup-and-multiply.
* The number of lookup-and-multiply operations inside each iteration of
* the main loop still depends on the bits of the exponent, but since the
* other operations in the loop don't have an easily recognizable memory
* trace, an adversary is unlikely to be able to observe the exact
* patterns.
*
* An adversary may still be able to recover the exponent if they can
* observe both memory accesses and branches. However, branch prediction
* exploitation typically requires many traces of execution over the same
* data, which is defeated by randomized blinding.
*
* To achieve this, we make a copy of X and we use the table entry in each
* calculation from this point on.
*/
const size_t x_index = 0;
mbedtls_mpi_init( &W[x_index] );
mbedtls_mpi_copy( &W[x_index], X );
j = N->n + 1; j = N->n + 1;
/* All W[i] and X must have at least N->n limbs for the mpi_montmul() /* All W[i] and X must have at least N->n limbs for the mpi_montmul()
* and mpi_montred() calls later. Here we ensure that W[1] and X are * and mpi_montred() calls later. Here we ensure that W[1] and X are
* large enough, and later we'll grow other W[i] to the same length. * large enough, and later we'll grow other W[i] to the same length.
* They must not be shrunk midway through this function! * They must not be shrunk midway through this function!
*/ */
MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, j ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &W[x_index], j ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &W[1], j ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &W[1], j ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &T, j * 2 ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &T, j * 2 ) );
@ -2105,28 +2139,36 @@ int mbedtls_mpi_exp_mod( mbedtls_mpi *X, const mbedtls_mpi *A,
mpi_montmul( &W[1], &RR, N, mm, &T ); mpi_montmul( &W[1], &RR, N, mm, &T );
/* /*
* X = R^2 * R^-1 mod N = R mod N * W[x_index] = R^2 * R^-1 mod N = R mod N
*/ */
MBEDTLS_MPI_CHK( mbedtls_mpi_copy( X, &RR ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &W[x_index], &RR ) );
mpi_montred( X, N, mm, &T ); mpi_montred( &W[x_index], N, mm, &T );
if( wsize > 1 )
if( window_bitsize > 1 )
{ {
/* /*
* W[1 << (wsize - 1)] = W[1] ^ (wsize - 1) * W[i] = W[1] ^ i
*
* The first bit of the sliding window is always 1 and therefore we
* only need to store the second half of the table.
*
* (There are two special elements in the table: W[0] for the
* accumulator/result and W[1] for A in Montgomery form. Both of these
* are already set at this point.)
*/ */
j = one << ( wsize - 1 ); j = w_table_used_size / 2;
MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &W[j], N->n + 1 ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &W[j], N->n + 1 ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &W[j], &W[1] ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &W[j], &W[1] ) );
for( i = 0; i < wsize - 1; i++ ) for( i = 0; i < window_bitsize - 1; i++ )
mpi_montmul( &W[j], &W[j], N, mm, &T ); mpi_montmul( &W[j], &W[j], N, mm, &T );
/* /*
* W[i] = W[i - 1] * W[1] * W[i] = W[i - 1] * W[1]
*/ */
for( i = j + 1; i < ( one << wsize ); i++ ) for( i = j + 1; i < w_table_used_size; i++ )
{ {
MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &W[i], N->n + 1 ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &W[i], N->n + 1 ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &W[i], &W[i - 1] ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &W[i], &W[i - 1] ) );
@ -2138,7 +2180,7 @@ int mbedtls_mpi_exp_mod( mbedtls_mpi *X, const mbedtls_mpi *A,
nblimbs = E->n; nblimbs = E->n;
bufsize = 0; bufsize = 0;
nbits = 0; nbits = 0;
wbits = 0; size_t exponent_bits_in_window = 0;
state = 0; state = 0;
while( 1 ) while( 1 )
@ -2166,9 +2208,10 @@ int mbedtls_mpi_exp_mod( mbedtls_mpi *X, const mbedtls_mpi *A,
if( ei == 0 && state == 1 ) if( ei == 0 && state == 1 )
{ {
/* /*
* out of window, square X * out of window, square W[x_index]
*/ */
mpi_montmul( X, X, N, mm, &T ); MBEDTLS_MPI_CHK( mpi_select( &WW, W, w_table_used_size, x_index ) );
mpi_montmul( &W[x_index], &WW, N, mm, &T );
continue; continue;
} }
@ -2178,25 +2221,30 @@ int mbedtls_mpi_exp_mod( mbedtls_mpi *X, const mbedtls_mpi *A,
state = 2; state = 2;
nbits++; nbits++;
wbits |= ( ei << ( wsize - nbits ) ); exponent_bits_in_window |= ( ei << ( window_bitsize - nbits ) );
if( nbits == wsize ) if( nbits == window_bitsize )
{ {
/* /*
* X = X^wsize R^-1 mod N * W[x_index] = W[x_index]^window_bitsize R^-1 mod N
*/ */
for( i = 0; i < wsize; i++ ) for( i = 0; i < window_bitsize; i++ )
mpi_montmul( X, X, N, mm, &T ); {
MBEDTLS_MPI_CHK( mpi_select( &WW, W, w_table_used_size,
x_index ) );
mpi_montmul( &W[x_index], &WW, N, mm, &T );
}
/* /*
* X = X * W[wbits] R^-1 mod N * W[x_index] = W[x_index] * W[exponent_bits_in_window] R^-1 mod N
*/ */
MBEDTLS_MPI_CHK( mpi_select( &WW, W, (size_t) 1 << wsize, wbits ) ); MBEDTLS_MPI_CHK( mpi_select( &WW, W, w_table_used_size,
mpi_montmul( X, &WW, N, mm, &T ); exponent_bits_in_window ) );
mpi_montmul( &W[x_index], &WW, N, mm, &T );
state--; state--;
nbits = 0; nbits = 0;
wbits = 0; exponent_bits_in_window = 0;
} }
} }
@ -2205,31 +2253,45 @@ int mbedtls_mpi_exp_mod( mbedtls_mpi *X, const mbedtls_mpi *A,
*/ */
for( i = 0; i < nbits; i++ ) for( i = 0; i < nbits; i++ )
{ {
mpi_montmul( X, X, N, mm, &T ); MBEDTLS_MPI_CHK( mpi_select( &WW, W, w_table_used_size, x_index ) );
mpi_montmul( &W[x_index], &WW, N, mm, &T );
wbits <<= 1; exponent_bits_in_window <<= 1;
if( ( wbits & ( one << wsize ) ) != 0 ) if( ( exponent_bits_in_window & ( (size_t) 1 << window_bitsize ) ) != 0 )
mpi_montmul( X, &W[1], N, mm, &T ); {
MBEDTLS_MPI_CHK( mpi_select( &WW, W, w_table_used_size, 1 ) );
mpi_montmul( &W[x_index], &WW, N, mm, &T );
}
} }
/* /*
* X = A^E * R * R^-1 mod N = A^E mod N * W[x_index] = A^E * R * R^-1 mod N = A^E mod N
*/ */
mpi_montred( X, N, mm, &T ); mpi_montred( &W[x_index], N, mm, &T );
if( neg && E->n != 0 && ( E->p[0] & 1 ) != 0 ) if( neg && E->n != 0 && ( E->p[0] & 1 ) != 0 )
{ {
X->s = -1; W[x_index].s = -1;
MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( X, N, X ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &W[x_index], N, &W[x_index] ) );
} }
/*
* Load the result in the output variable.
*/
mbedtls_mpi_copy( X, &W[x_index] );
cleanup: cleanup:
for( i = ( one << ( wsize - 1 ) ); i < ( one << wsize ); i++ ) /* The first bit of the sliding window is always 1 and therefore the first
* half of the table was unused. */
for( i = w_table_used_size/2; i < w_table_used_size; i++ )
mbedtls_mpi_free( &W[i] ); mbedtls_mpi_free( &W[i] );
mbedtls_mpi_free( &W[1] ); mbedtls_mpi_free( &T ); mbedtls_mpi_free( &Apos ); mbedtls_mpi_free( &W[x_index] );
mbedtls_mpi_free( &W[1] );
mbedtls_mpi_free( &T );
mbedtls_mpi_free( &Apos );
mbedtls_mpi_free( &WW ); mbedtls_mpi_free( &WW );
if( prec_RR == NULL || prec_RR->p == NULL ) if( prec_RR == NULL || prec_RR->p == NULL )
@ -2862,7 +2924,7 @@ int mbedtls_mpi_gen_prime( mbedtls_mpi *X, size_t nbits, int flags,
else else
{ {
/* /*
* An necessary condition for Y and X = 2Y + 1 to be prime * A necessary condition for Y and X = 2Y + 1 to be prime
* is X = 2 mod 3 (which is equivalent to Y = 2 mod 3). * is X = 2 mod 3 (which is equivalent to Y = 2 mod 3).
* Make sure it is satisfied, while keeping X = 3 mod 4 * Make sure it is satisfied, while keeping X = 3 mod 4
*/ */

View file

@ -32,14 +32,7 @@
#include <string.h> #include <string.h>
#if defined(MBEDTLS_SELF_TEST)
#if defined(MBEDTLS_PLATFORM_C)
#include "mbedtls/platform.h" #include "mbedtls/platform.h"
#else
#include <stdio.h>
#define mbedtls_printf printf
#endif /* MBEDTLS_PLATFORM_C */
#endif /* MBEDTLS_SELF_TEST */
#if !defined(MBEDTLS_CAMELLIA_ALT) #if !defined(MBEDTLS_CAMELLIA_ALT)

View file

@ -36,14 +36,7 @@
#include <string.h> #include <string.h>
#if defined(MBEDTLS_SELF_TEST) && defined(MBEDTLS_AES_C)
#if defined(MBEDTLS_PLATFORM_C)
#include "mbedtls/platform.h" #include "mbedtls/platform.h"
#else
#include <stdio.h>
#define mbedtls_printf printf
#endif /* MBEDTLS_PLATFORM_C */
#endif /* MBEDTLS_SELF_TEST && MBEDTLS_AES_C */
#if !defined(MBEDTLS_CCM_ALT) #if !defined(MBEDTLS_CCM_ALT)

View file

@ -32,22 +32,10 @@
#include <stddef.h> #include <stddef.h>
#include <string.h> #include <string.h>
#if defined(MBEDTLS_SELF_TEST)
#if defined(MBEDTLS_PLATFORM_C)
#include "mbedtls/platform.h" #include "mbedtls/platform.h"
#else
#include <stdio.h>
#define mbedtls_printf printf
#endif /* MBEDTLS_PLATFORM_C */
#endif /* MBEDTLS_SELF_TEST */
#if !defined(MBEDTLS_CHACHA20_ALT) #if !defined(MBEDTLS_CHACHA20_ALT)
#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
!defined(inline) && !defined(__cplusplus)
#define inline __inline
#endif
/* Parameter validation macros */ /* Parameter validation macros */
#define CHACHA20_VALIDATE_RET( cond ) \ #define CHACHA20_VALIDATE_RET( cond ) \
MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA ) MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA )

View file

@ -28,14 +28,7 @@
#include <string.h> #include <string.h>
#if defined(MBEDTLS_SELF_TEST)
#if defined(MBEDTLS_PLATFORM_C)
#include "mbedtls/platform.h" #include "mbedtls/platform.h"
#else
#include <stdio.h>
#define mbedtls_printf printf
#endif /* MBEDTLS_PLATFORM_C */
#endif /* MBEDTLS_SELF_TEST */
#if !defined(MBEDTLS_CHACHAPOLY_ALT) #if !defined(MBEDTLS_CHACHAPOLY_ALT)

View file

@ -63,12 +63,7 @@
#include "mbedtls/nist_kw.h" #include "mbedtls/nist_kw.h"
#endif #endif
#if defined(MBEDTLS_PLATFORM_C)
#include "mbedtls/platform.h" #include "mbedtls/platform.h"
#else
#define mbedtls_calloc calloc
#define mbedtls_free free
#endif
#define CIPHER_VALIDATE_RET( cond ) \ #define CIPHER_VALIDATE_RET( cond ) \
MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ) MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA )

View file

@ -76,13 +76,7 @@
#include <string.h> #include <string.h>
#endif #endif
#if defined(MBEDTLS_PLATFORM_C)
#include "mbedtls/platform.h" #include "mbedtls/platform.h"
#else
#include <stdlib.h>
#define mbedtls_calloc calloc
#define mbedtls_free free
#endif
#if defined(MBEDTLS_GCM_C) #if defined(MBEDTLS_GCM_C)
/* shared by all GCM ciphers */ /* shared by all GCM ciphers */

View file

@ -29,8 +29,15 @@
#include "mbedtls/config.h" #include "mbedtls/config.h"
#endif #endif
#include <stddef.h>
#include <stdint.h> #include <stdint.h>
/* Define `inline` on some non-C99-compliant compilers. */
#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
!defined(inline) && !defined(__cplusplus)
#define inline __inline
#endif
/** Helper to define a function as static except when building invasive tests. /** Helper to define a function as static except when building invasive tests.
* *
* If a function is only used inside its own source file and should be * If a function is only used inside its own source file and should be
@ -52,6 +59,44 @@
#define MBEDTLS_STATIC_TESTABLE static #define MBEDTLS_STATIC_TESTABLE static
#endif #endif
/** Return an offset into a buffer.
*
* This is just the addition of an offset to a pointer, except that this
* function also accepts an offset of 0 into a buffer whose pointer is null.
* (`p + n` has undefined behavior when `p` is null, even when `n == 0`.
* A null pointer is a valid buffer pointer when the size is 0, for example
* as the result of `malloc(0)` on some platforms.)
*
* \param p Pointer to a buffer of at least n bytes.
* This may be \p NULL if \p n is zero.
* \param n An offset in bytes.
* \return Pointer to offset \p n in the buffer \p p.
* Note that this is only a valid pointer if the size of the
* buffer is at least \p n + 1.
*/
static inline unsigned char *mbedtls_buffer_offset(
unsigned char *p, size_t n )
{
return( p == NULL ? NULL : p + n );
}
/** Return an offset into a read-only buffer.
*
* Similar to mbedtls_buffer_offset(), but for const pointers.
*
* \param p Pointer to a buffer of at least n bytes.
* This may be \p NULL if \p n is zero.
* \param n An offset in bytes.
* \return Pointer to offset \p n in the buffer \p p.
* Note that this is only a valid pointer if the size of the
* buffer is at least \p n + 1.
*/
static inline const unsigned char *mbedtls_buffer_offset_const(
const unsigned char *p, size_t n )
{
return( p == NULL ? NULL : p + n );
}
/** Byte Reading Macros /** Byte Reading Macros
* *
* Given a multi-byte integer \p x, MBEDTLS_BYTE_n retrieves the n-th * Given a multi-byte integer \p x, MBEDTLS_BYTE_n retrieves the n-th

View file

@ -81,7 +81,7 @@ unsigned mbedtls_ct_uint_mask( unsigned value )
#endif #endif
} }
#if defined(MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC) #if defined(MBEDTLS_SSL_SOME_MODES_USE_MAC)
size_t mbedtls_ct_size_mask( size_t value ) size_t mbedtls_ct_size_mask( size_t value )
{ {
@ -97,7 +97,7 @@ size_t mbedtls_ct_size_mask( size_t value )
#endif #endif
} }
#endif /* MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC */ #endif /* MBEDTLS_SSL_SOME_MODES_USE_MAC */
#if defined(MBEDTLS_BIGNUM_C) #if defined(MBEDTLS_BIGNUM_C)
@ -272,7 +272,7 @@ unsigned mbedtls_ct_uint_if( unsigned condition,
* \note if1 and if0 must be either 1 or -1, otherwise the result * \note if1 and if0 must be either 1 or -1, otherwise the result
* is undefined. * is undefined.
* *
* \param condition Condition to test. * \param condition Condition to test; must be either 0 or 1.
* \param if1 The first sign; must be either +1 or -1. * \param if1 The first sign; must be either +1 or -1.
* \param if0 The second sign; must be either +1 or -1. * \param if0 The second sign; must be either +1 or -1.
* *
@ -404,8 +404,7 @@ static void mbedtls_ct_mem_move_to_left( void *start,
#endif /* MBEDTLS_PKCS1_V15 && MBEDTLS_RSA_C && ! MBEDTLS_RSA_ALT */ #endif /* MBEDTLS_PKCS1_V15 && MBEDTLS_RSA_C && ! MBEDTLS_RSA_ALT */
#if defined(MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC) #if defined(MBEDTLS_SSL_SOME_MODES_USE_MAC)
void mbedtls_ct_memcpy_if_eq( unsigned char *dest, void mbedtls_ct_memcpy_if_eq( unsigned char *dest,
const unsigned char *src, const unsigned char *src,
size_t len, size_t len,
@ -527,7 +526,7 @@ cleanup:
return( ret ); return( ret );
} }
#endif /* MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC */ #endif /* MBEDTLS_SSL_SOME_MODES_USE_MAC */
#if defined(MBEDTLS_BIGNUM_C) #if defined(MBEDTLS_BIGNUM_C)

View file

@ -32,7 +32,6 @@
#include <stddef.h> #include <stddef.h>
/** Turn a value into a mask: /** Turn a value into a mask:
* - if \p value == 0, return the all-bits 0 mask, aka 0 * - if \p value == 0, return the all-bits 0 mask, aka 0
* - otherwise, return the all-bits 1 mask, aka (unsigned) -1 * - otherwise, return the all-bits 1 mask, aka (unsigned) -1
@ -46,7 +45,7 @@
*/ */
unsigned mbedtls_ct_uint_mask( unsigned value ); unsigned mbedtls_ct_uint_mask( unsigned value );
#if defined(MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC) #if defined(MBEDTLS_SSL_SOME_MODES_USE_MAC)
/** Turn a value into a mask: /** Turn a value into a mask:
* - if \p value == 0, return the all-bits 0 mask, aka 0 * - if \p value == 0, return the all-bits 0 mask, aka 0
@ -61,7 +60,7 @@ unsigned mbedtls_ct_uint_mask( unsigned value );
*/ */
size_t mbedtls_ct_size_mask( size_t value ); size_t mbedtls_ct_size_mask( size_t value );
#endif /* MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC */ #endif /* MBEDTLS_SSL_SOME_MODES_USE_MAC */
#if defined(MBEDTLS_BIGNUM_C) #if defined(MBEDTLS_BIGNUM_C)
@ -196,7 +195,7 @@ signed char mbedtls_ct_base64_dec_value( unsigned char c );
#endif /* MBEDTLS_BASE64_C */ #endif /* MBEDTLS_BASE64_C */
#if defined(MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC) #if defined(MBEDTLS_SSL_SOME_MODES_USE_MAC)
/** Conditional memcpy without branches. /** Conditional memcpy without branches.
* *
@ -292,7 +291,7 @@ int mbedtls_ct_hmac( mbedtls_md_context_t *ctx,
size_t max_data_len, size_t max_data_len,
unsigned char *output ); unsigned char *output );
#endif /* MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC */ #endif /* MBEDTLS_SSL_SOME_MODES_USE_MAC */
#if defined(MBEDTLS_PKCS1_V15) && defined(MBEDTLS_RSA_C) && !defined(MBEDTLS_RSA_ALT) #if defined(MBEDTLS_PKCS1_V15) && defined(MBEDTLS_RSA_C) && !defined(MBEDTLS_RSA_ALT)

View file

@ -36,14 +36,7 @@
#include <stdio.h> #include <stdio.h>
#endif #endif
#if defined(MBEDTLS_SELF_TEST)
#if defined(MBEDTLS_PLATFORM_C)
#include "mbedtls/platform.h" #include "mbedtls/platform.h"
#else
#include <stdio.h>
#define mbedtls_printf printf
#endif /* MBEDTLS_PLATFORM_C */
#endif /* MBEDTLS_SELF_TEST */
/* /*
* CTR_DRBG context initialization * CTR_DRBG context initialization

View file

@ -21,16 +21,7 @@
#if defined(MBEDTLS_DEBUG_C) #if defined(MBEDTLS_DEBUG_C)
#if defined(MBEDTLS_PLATFORM_C)
#include "mbedtls/platform.h" #include "mbedtls/platform.h"
#else
#include <stdlib.h>
#define mbedtls_calloc calloc
#define mbedtls_free free
#define mbedtls_time_t time_t
#define mbedtls_snprintf snprintf
#define mbedtls_vsnprintf vsnprintf
#endif
#include "mbedtls/debug.h" #include "mbedtls/debug.h"
#include "mbedtls/error.h" #include "mbedtls/error.h"
@ -39,11 +30,6 @@
#include <stdio.h> #include <stdio.h>
#include <string.h> #include <string.h>
#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
!defined(inline) && !defined(__cplusplus)
#define inline __inline
#endif
#define DEBUG_BUF_SIZE 512 #define DEBUG_BUF_SIZE 512
static int debug_threshold = 0; static int debug_threshold = 0;

View file

@ -33,14 +33,7 @@
#include <string.h> #include <string.h>
#if defined(MBEDTLS_SELF_TEST)
#if defined(MBEDTLS_PLATFORM_C)
#include "mbedtls/platform.h" #include "mbedtls/platform.h"
#else
#include <stdio.h>
#define mbedtls_printf printf
#endif /* MBEDTLS_PLATFORM_C */
#endif /* MBEDTLS_SELF_TEST */
#if !defined(MBEDTLS_DES_ALT) #if !defined(MBEDTLS_DES_ALT)

View file

@ -43,15 +43,7 @@
#include "mbedtls/asn1.h" #include "mbedtls/asn1.h"
#endif #endif
#if defined(MBEDTLS_PLATFORM_C)
#include "mbedtls/platform.h" #include "mbedtls/platform.h"
#else
#include <stdlib.h>
#include <stdio.h>
#define mbedtls_printf printf
#define mbedtls_calloc calloc
#define mbedtls_free free
#endif
#if !defined(MBEDTLS_DHM_ALT) #if !defined(MBEDTLS_DHM_ALT)

View file

@ -77,10 +77,12 @@ static int ecdh_gen_public_restartable( mbedtls_ecp_group *grp,
{ {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
/* If multiplication is in progress, we already generated a privkey */ int restarting = 0;
#if defined(MBEDTLS_ECP_RESTARTABLE) #if defined(MBEDTLS_ECP_RESTARTABLE)
if( rs_ctx == NULL || rs_ctx->rsm == NULL ) restarting = ( rs_ctx != NULL && rs_ctx->rsm != NULL );
#endif #endif
/* If multiplication is in progress, we already generated a privkey */
if( !restarting )
MBEDTLS_MPI_CHK( mbedtls_ecp_gen_privkey( grp, d, f_rng, p_rng ) ); MBEDTLS_MPI_CHK( mbedtls_ecp_gen_privkey( grp, d, f_rng, p_rng ) );
MBEDTLS_MPI_CHK( mbedtls_ecp_mul_restartable( grp, Q, d, &grp->G, MBEDTLS_MPI_CHK( mbedtls_ecp_mul_restartable( grp, Q, d, &grp->G,

View file

@ -36,13 +36,7 @@
#include "mbedtls/hmac_drbg.h" #include "mbedtls/hmac_drbg.h"
#endif #endif
#if defined(MBEDTLS_PLATFORM_C)
#include "mbedtls/platform.h" #include "mbedtls/platform.h"
#else
#include <stdlib.h>
#define mbedtls_calloc calloc
#define mbedtls_free free
#endif
#include "mbedtls/platform_util.h" #include "mbedtls/platform_util.h"
#include "mbedtls/error.h" #include "mbedtls/error.h"

View file

@ -794,12 +794,7 @@ cleanup:
#if defined(MBEDTLS_SELF_TEST) #if defined(MBEDTLS_SELF_TEST)
#if defined(MBEDTLS_PLATFORM_C)
#include "mbedtls/platform.h" #include "mbedtls/platform.h"
#else
#include <stdio.h>
#define mbedtls_printf printf
#endif
#if !defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) || \ #if !defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) || \
!defined(MBEDTLS_SHA256_C) !defined(MBEDTLS_SHA256_C)

View file

@ -90,15 +90,7 @@
#define ECP_VALIDATE( cond ) \ #define ECP_VALIDATE( cond ) \
MBEDTLS_INTERNAL_VALIDATE( cond ) MBEDTLS_INTERNAL_VALIDATE( cond )
#if defined(MBEDTLS_PLATFORM_C)
#include "mbedtls/platform.h" #include "mbedtls/platform.h"
#else
#include <stdlib.h>
#include <stdio.h>
#define mbedtls_printf printf
#define mbedtls_calloc calloc
#define mbedtls_free free
#endif
#include "mbedtls/ecp_internal.h" #include "mbedtls/ecp_internal.h"
@ -112,11 +104,6 @@
#endif #endif
#endif /* MBEDTLS_ECP_NO_INTERNAL_RNG */ #endif /* MBEDTLS_ECP_NO_INTERNAL_RNG */
#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
!defined(inline) && !defined(__cplusplus)
#define inline __inline
#endif
#if defined(MBEDTLS_SELF_TEST) #if defined(MBEDTLS_SELF_TEST)
/* /*
* Counts of point addition and doubling, and field multiplications. * Counts of point addition and doubling, and field multiplications.
@ -2056,9 +2043,13 @@ static int ecp_mul_comb_core( const mbedtls_ecp_group *grp, mbedtls_ecp_point *R
i = d; i = d;
MBEDTLS_MPI_CHK( ecp_select_comb( grp, R, T, T_size, x[i] ) ); MBEDTLS_MPI_CHK( ecp_select_comb( grp, R, T, T_size, x[i] ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &R->Z, 1 ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &R->Z, 1 ) );
int have_rng = 1;
#if defined(MBEDTLS_ECP_NO_INTERNAL_RNG) #if defined(MBEDTLS_ECP_NO_INTERNAL_RNG)
if( f_rng != 0 ) if( f_rng == NULL )
have_rng = 0;
#endif #endif
if( have_rng )
MBEDTLS_MPI_CHK( ecp_randomize_jac( grp, R, f_rng, p_rng ) ); MBEDTLS_MPI_CHK( ecp_randomize_jac( grp, R, f_rng, p_rng ) );
} }
@ -2192,9 +2183,12 @@ final_norm:
* *
* Avoid the leak by randomizing coordinates before we normalize them. * Avoid the leak by randomizing coordinates before we normalize them.
*/ */
int have_rng = 1;
#if defined(MBEDTLS_ECP_NO_INTERNAL_RNG) #if defined(MBEDTLS_ECP_NO_INTERNAL_RNG)
if( f_rng != 0 ) if( f_rng == NULL )
have_rng = 0;
#endif #endif
if( have_rng )
MBEDTLS_MPI_CHK( ecp_randomize_jac( grp, RR, f_rng, p_rng ) ); MBEDTLS_MPI_CHK( ecp_randomize_jac( grp, RR, f_rng, p_rng ) );
MBEDTLS_MPI_CHK( ecp_normalize_jac( grp, RR ) ); MBEDTLS_MPI_CHK( ecp_normalize_jac( grp, RR ) );
@ -2403,12 +2397,14 @@ cleanup:
mbedtls_free( T ); mbedtls_free( T );
} }
/* don't free R while in progress in case R == P */
#if defined(MBEDTLS_ECP_RESTARTABLE)
if( ret != MBEDTLS_ERR_ECP_IN_PROGRESS )
#endif
/* prevent caller from using invalid value */ /* prevent caller from using invalid value */
if( ret != 0 ) int should_free_R = ( ret != 0 );
#if defined(MBEDTLS_ECP_RESTARTABLE)
/* don't free R while in progress in case R == P */
if( ret == MBEDTLS_ERR_ECP_IN_PROGRESS )
should_free_R = 0;
#endif
if( should_free_R )
mbedtls_ecp_point_free( R ); mbedtls_ecp_point_free( R );
ECP_RS_LEAVE( rsm ); ECP_RS_LEAVE( rsm );
@ -2596,13 +2592,16 @@ static int ecp_mul_mxz( mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
MOD_ADD( RP.X ); MOD_ADD( RP.X );
/* Randomize coordinates of the starting point */ /* Randomize coordinates of the starting point */
int have_rng = 1;
#if defined(MBEDTLS_ECP_NO_INTERNAL_RNG) #if defined(MBEDTLS_ECP_NO_INTERNAL_RNG)
if( f_rng != NULL ) if( f_rng == NULL )
have_rng = 0;
#endif #endif
if( have_rng )
MBEDTLS_MPI_CHK( ecp_randomize_mxz( grp, &RP, f_rng, p_rng ) ); MBEDTLS_MPI_CHK( ecp_randomize_mxz( grp, &RP, f_rng, p_rng ) );
/* Loop invariant: R = result so far, RP = R + P */ /* Loop invariant: R = result so far, RP = R + P */
i = mbedtls_mpi_bitlen( m ); /* one past the (zero-based) most significant bit */ i = grp->nbits + 1; /* one past the (zero-based) required msb for private keys */
while( i-- > 0 ) while( i-- > 0 )
{ {
b = mbedtls_mpi_get_bit( m, i ); b = mbedtls_mpi_get_bit( m, i );
@ -2631,9 +2630,12 @@ static int ecp_mul_mxz( mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
* *
* Avoid the leak by randomizing coordinates before we normalize them. * Avoid the leak by randomizing coordinates before we normalize them.
*/ */
have_rng = 1;
#if defined(MBEDTLS_ECP_NO_INTERNAL_RNG) #if defined(MBEDTLS_ECP_NO_INTERNAL_RNG)
if( f_rng != NULL ) if( f_rng == NULL )
have_rng = 0;
#endif #endif
if( have_rng )
MBEDTLS_MPI_CHK( ecp_randomize_mxz( grp, R, f_rng, p_rng ) ); MBEDTLS_MPI_CHK( ecp_randomize_mxz( grp, R, f_rng, p_rng ) );
MBEDTLS_MPI_CHK( ecp_normalize_mxz( grp, R ) ); MBEDTLS_MPI_CHK( ecp_normalize_mxz( grp, R ) );
@ -2680,10 +2682,12 @@ int mbedtls_ecp_mul_restartable( mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
MBEDTLS_MPI_CHK( mbedtls_internal_ecp_init( grp ) ); MBEDTLS_MPI_CHK( mbedtls_internal_ecp_init( grp ) );
#endif /* MBEDTLS_ECP_INTERNAL_ALT */ #endif /* MBEDTLS_ECP_INTERNAL_ALT */
int restarting = 0;
#if defined(MBEDTLS_ECP_RESTARTABLE) #if defined(MBEDTLS_ECP_RESTARTABLE)
/* skip argument check when restarting */ restarting = ( rs_ctx != NULL && rs_ctx->rsm != NULL );
if( rs_ctx == NULL || rs_ctx->rsm == NULL )
#endif #endif
/* skip argument check when restarting */
if( !restarting )
{ {
/* check_privkey is free */ /* check_privkey is free */
MBEDTLS_ECP_BUDGET( MBEDTLS_ECP_OPS_CHK ); MBEDTLS_ECP_BUDGET( MBEDTLS_ECP_OPS_CHK );
@ -2797,14 +2801,17 @@ static int mbedtls_ecp_mul_shortcuts( mbedtls_ecp_group *grp,
if( mbedtls_mpi_cmp_int( m, 0 ) == 0 ) if( mbedtls_mpi_cmp_int( m, 0 ) == 0 )
{ {
MBEDTLS_MPI_CHK( mbedtls_ecp_check_pubkey( grp, P ) );
MBEDTLS_MPI_CHK( mbedtls_ecp_set_zero( R ) ); MBEDTLS_MPI_CHK( mbedtls_ecp_set_zero( R ) );
} }
else if( mbedtls_mpi_cmp_int( m, 1 ) == 0 ) else if( mbedtls_mpi_cmp_int( m, 1 ) == 0 )
{ {
MBEDTLS_MPI_CHK( mbedtls_ecp_check_pubkey( grp, P ) );
MBEDTLS_MPI_CHK( mbedtls_ecp_copy( R, P ) ); MBEDTLS_MPI_CHK( mbedtls_ecp_copy( R, P ) );
} }
else if( mbedtls_mpi_cmp_int( m, -1 ) == 0 ) else if( mbedtls_mpi_cmp_int( m, -1 ) == 0 )
{ {
MBEDTLS_MPI_CHK( mbedtls_ecp_check_pubkey( grp, P ) );
MBEDTLS_MPI_CHK( mbedtls_ecp_copy( R, P ) ); MBEDTLS_MPI_CHK( mbedtls_ecp_copy( R, P ) );
if( mbedtls_mpi_cmp_int( &R->Y, 0 ) != 0 ) if( mbedtls_mpi_cmp_int( &R->Y, 0 ) != 0 )
MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &R->Y, &grp->P, &R->Y ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &R->Y, &grp->P, &R->Y ) );

View file

@ -38,11 +38,6 @@
#define ECP_VALIDATE( cond ) \ #define ECP_VALIDATE( cond ) \
MBEDTLS_INTERNAL_VALIDATE( cond ) MBEDTLS_INTERNAL_VALIDATE( cond )
#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
!defined(inline) && !defined(__cplusplus)
#define inline __inline
#endif
#define ECP_MPI_INIT(s, n, p) {s, (n), (mbedtls_mpi_uint *)(p)} #define ECP_MPI_INIT(s, n, p) {s, (n), (mbedtls_mpi_uint *)(p)}
#define ECP_MPI_INIT_ARRAY(x) \ #define ECP_MPI_INIT_ARRAY(x) \

View file

@ -38,18 +38,9 @@
#include <stdio.h> #include <stdio.h>
#endif #endif
#if defined(MBEDTLS_ENTROPY_NV_SEED)
#include "mbedtls/platform.h" #include "mbedtls/platform.h"
#endif
#if defined(MBEDTLS_SELF_TEST)
#if defined(MBEDTLS_PLATFORM_C)
#include "mbedtls/platform.h" #include "mbedtls/platform.h"
#else
#include <stdio.h>
#define mbedtls_printf printf
#endif /* MBEDTLS_PLATFORM_C */
#endif /* MBEDTLS_SELF_TEST */
#if defined(MBEDTLS_HAVEGE_C) #if defined(MBEDTLS_HAVEGE_C)
#include "mbedtls/havege.h" #include "mbedtls/havege.h"

View file

@ -38,9 +38,7 @@
#if defined(MBEDTLS_HAVEGE_C) #if defined(MBEDTLS_HAVEGE_C)
#include "mbedtls/havege.h" #include "mbedtls/havege.h"
#endif #endif
#if defined(MBEDTLS_ENTROPY_NV_SEED)
#include "mbedtls/platform.h" #include "mbedtls/platform.h"
#endif
#if !defined(MBEDTLS_NO_PLATFORM_ENTROPY) #if !defined(MBEDTLS_NO_PLATFORM_ENTROPY)

View file

@ -25,11 +25,7 @@
#if defined(MBEDTLS_ERROR_C) #if defined(MBEDTLS_ERROR_C)
#if defined(MBEDTLS_PLATFORM_C)
#include "mbedtls/platform.h" #include "mbedtls/platform.h"
#else
#define mbedtls_snprintf snprintf
#endif
#include <stdio.h> #include <stdio.h>
#include <string.h> #include <string.h>
@ -961,7 +957,7 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen )
#else /* MBEDTLS_ERROR_C */ #else /* MBEDTLS_ERROR_C */
/* /*
* Provide an non-function in case MBEDTLS_ERROR_C is not defined * Provide a dummy implementation when MBEDTLS_ERROR_C is not defined
*/ */
void mbedtls_strerror( int ret, char *buf, size_t buflen ) void mbedtls_strerror( int ret, char *buf, size_t buflen )
{ {

View file

@ -32,6 +32,7 @@
#if defined(MBEDTLS_GCM_C) #if defined(MBEDTLS_GCM_C)
#include "mbedtls/gcm.h" #include "mbedtls/gcm.h"
#include "mbedtls/platform.h"
#include "mbedtls/platform_util.h" #include "mbedtls/platform_util.h"
#include "mbedtls/error.h" #include "mbedtls/error.h"
@ -41,15 +42,6 @@
#include "mbedtls/aesni.h" #include "mbedtls/aesni.h"
#endif #endif
#if defined(MBEDTLS_SELF_TEST) && defined(MBEDTLS_AES_C)
#include "mbedtls/aes.h"
#include "mbedtls/platform.h"
#if !defined(MBEDTLS_PLATFORM_C)
#include <stdio.h>
#define mbedtls_printf printf
#endif /* MBEDTLS_PLATFORM_C */
#endif /* MBEDTLS_SELF_TEST && MBEDTLS_AES_C */
#if !defined(MBEDTLS_GCM_ALT) #if !defined(MBEDTLS_GCM_ALT)
/* Parameter validation macros */ /* Parameter validation macros */

View file

@ -37,14 +37,7 @@
#include <stdio.h> #include <stdio.h>
#endif #endif
#if defined(MBEDTLS_SELF_TEST)
#if defined(MBEDTLS_PLATFORM_C)
#include "mbedtls/platform.h" #include "mbedtls/platform.h"
#else
#include <stdio.h>
#define mbedtls_printf printf
#endif /* MBEDTLS_SELF_TEST */
#endif /* MBEDTLS_PLATFORM_C */
/* /*
* HMAC_DRBG context initialization * HMAC_DRBG context initialization

View file

@ -38,13 +38,7 @@
#include "mbedtls/sha256.h" #include "mbedtls/sha256.h"
#include "mbedtls/sha512.h" #include "mbedtls/sha512.h"
#if defined(MBEDTLS_PLATFORM_C)
#include "mbedtls/platform.h" #include "mbedtls/platform.h"
#else
#include <stdlib.h>
#define mbedtls_calloc calloc
#define mbedtls_free free
#endif
#include <string.h> #include <string.h>

View file

@ -33,14 +33,7 @@
#include <string.h> #include <string.h>
#if defined(MBEDTLS_SELF_TEST)
#if defined(MBEDTLS_PLATFORM_C)
#include "mbedtls/platform.h" #include "mbedtls/platform.h"
#else
#include <stdio.h>
#define mbedtls_printf printf
#endif /* MBEDTLS_PLATFORM_C */
#endif /* MBEDTLS_SELF_TEST */
#if !defined(MBEDTLS_MD2_ALT) #if !defined(MBEDTLS_MD2_ALT)

View file

@ -33,14 +33,7 @@
#include <string.h> #include <string.h>
#if defined(MBEDTLS_SELF_TEST)
#if defined(MBEDTLS_PLATFORM_C)
#include "mbedtls/platform.h" #include "mbedtls/platform.h"
#else
#include <stdio.h>
#define mbedtls_printf printf
#endif /* MBEDTLS_PLATFORM_C */
#endif /* MBEDTLS_SELF_TEST */
#if !defined(MBEDTLS_MD4_ALT) #if !defined(MBEDTLS_MD4_ALT)

View file

@ -32,14 +32,7 @@
#include <string.h> #include <string.h>
#if defined(MBEDTLS_SELF_TEST)
#if defined(MBEDTLS_PLATFORM_C)
#include "mbedtls/platform.h" #include "mbedtls/platform.h"
#else
#include <stdio.h>
#define mbedtls_printf printf
#endif /* MBEDTLS_PLATFORM_C */
#endif /* MBEDTLS_SELF_TEST */
#if !defined(MBEDTLS_MD5_ALT) #if !defined(MBEDTLS_MD5_ALT)

View file

@ -29,11 +29,6 @@
#include <string.h> #include <string.h>
#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
!defined(inline) && !defined(__cplusplus)
#define inline __inline
#endif
#if defined(MBEDTLS_MPS_ENABLE_TRACE) #if defined(MBEDTLS_MPS_ENABLE_TRACE)
static int mbedtls_mps_trace_id = MBEDTLS_MPS_TRACE_BIT_READER; static int mbedtls_mps_trace_id = MBEDTLS_MPS_TRACE_BIT_READER;
#endif /* MBEDTLS_MPS_ENABLE_TRACE */ #endif /* MBEDTLS_MPS_ENABLE_TRACE */
@ -535,7 +530,7 @@ int mbedtls_mps_reader_reclaim( mbedtls_mps_reader *rd,
* of the accumulator. */ * of the accumulator. */
memmove( acc, acc + acc_backup_offset, acc_backup_len ); memmove( acc, acc + acc_backup_offset, acc_backup_len );
/* Copy uncmmitted parts of the current fragment to the /* Copy uncommitted parts of the current fragment to the
* accumulator. */ * accumulator. */
memcpy( acc + acc_backup_len, memcpy( acc + acc_backup_len,
frag + frag_backup_offset, frag_backup_len ); frag + frag_backup_offset, frag_backup_len );

View file

@ -30,13 +30,7 @@
#include "mps_common.h" #include "mps_common.h"
#include "mps_trace.h" #include "mps_trace.h"
#if defined(MBEDTLS_PLATFORM_C)
#include "mbedtls/platform.h" #include "mbedtls/platform.h"
#else
#include <stdio.h>
#define mbedtls_printf printf
#define mbedtls_vsnprintf vsnprintf
#endif /* MBEDTLS_PLATFORM_C */
#if defined(MBEDTLS_MPS_ENABLE_TRACE) #if defined(MBEDTLS_MPS_ENABLE_TRACE)

View file

@ -37,11 +37,7 @@
#error "This module only works on Unix and Windows, see MBEDTLS_NET_C in config.h" #error "This module only works on Unix and Windows, see MBEDTLS_NET_C in config.h"
#endif #endif
#if defined(MBEDTLS_PLATFORM_C)
#include "mbedtls/platform.h" #include "mbedtls/platform.h"
#else
#include <stdlib.h>
#endif
#include "mbedtls/net_sockets.h" #include "mbedtls/net_sockets.h"
#include "mbedtls/error.h" #include "mbedtls/error.h"

View file

@ -39,14 +39,7 @@
#include <stdint.h> #include <stdint.h>
#include <string.h> #include <string.h>
#if defined(MBEDTLS_SELF_TEST) && defined(MBEDTLS_AES_C)
#if defined(MBEDTLS_PLATFORM_C)
#include "mbedtls/platform.h" #include "mbedtls/platform.h"
#else
#include <stdio.h>
#define mbedtls_printf printf
#endif /* MBEDTLS_PLATFORM_C */
#endif /* MBEDTLS_SELF_TEST && MBEDTLS_AES_C */
#if !defined(MBEDTLS_NIST_KW_ALT) #if !defined(MBEDTLS_NIST_KW_ALT)

View file

@ -30,11 +30,7 @@
#include <stdio.h> #include <stdio.h>
#include <string.h> #include <string.h>
#if defined(MBEDTLS_PLATFORM_C)
#include "mbedtls/platform.h" #include "mbedtls/platform.h"
#else
#define mbedtls_snprintf snprintf
#endif
/* /*
* Macro to automatically add the size of #define'd OIDs * Macro to automatically add the size of #define'd OIDs

View file

@ -32,13 +32,7 @@
#include <string.h> #include <string.h>
#if defined(MBEDTLS_PLATFORM_C)
#include "mbedtls/platform.h" #include "mbedtls/platform.h"
#else
#include <stdlib.h>
#define mbedtls_calloc calloc
#define mbedtls_free free
#endif
#if defined(MBEDTLS_PEM_PARSE_C) #if defined(MBEDTLS_PEM_PARSE_C)
void mbedtls_pem_init( mbedtls_pem_context *ctx ) void mbedtls_pem_init( mbedtls_pem_context *ctx )

View file

@ -50,13 +50,7 @@
#include "mbedtls/asn1.h" #include "mbedtls/asn1.h"
#endif #endif
#if defined(MBEDTLS_PLATFORM_C)
#include "mbedtls/platform.h" #include "mbedtls/platform.h"
#else
#include <stdlib.h>
#define mbedtls_calloc calloc
#define mbedtls_free free
#endif
#include <limits.h> #include <limits.h>
#include <stdint.h> #include <stdint.h>
@ -872,7 +866,7 @@ static void *pk_opaque_alloc_wrap( void )
{ {
void *ctx = mbedtls_calloc( 1, sizeof( psa_key_id_t ) ); void *ctx = mbedtls_calloc( 1, sizeof( psa_key_id_t ) );
/* no _init() function to call, an calloc() already zeroized */ /* no _init() function to call, as calloc() already zeroized */
return( ctx ); return( ctx );
} }

View file

@ -29,13 +29,7 @@
#include "mbedtls/oid.h" #include "mbedtls/oid.h"
#include "mbedtls/x509_crt.h" #include "mbedtls/x509_crt.h"
#if defined(MBEDTLS_PLATFORM_C)
#include "mbedtls/platform.h" #include "mbedtls/platform.h"
#else
#include <stdlib.h>
#define mbedtls_calloc calloc
#define mbedtls_free free
#endif
#include <string.h> #include <string.h>

View file

@ -42,12 +42,7 @@
#include <string.h> #include <string.h>
#if defined(MBEDTLS_PLATFORM_C)
#include "mbedtls/platform.h" #include "mbedtls/platform.h"
#else
#include <stdio.h>
#define mbedtls_printf printf
#endif
#if defined(MBEDTLS_ASN1_PARSE_C) #if defined(MBEDTLS_ASN1_PARSE_C)
static int pkcs5_parse_pbkdf2_params( const mbedtls_asn1_buf *params, static int pkcs5_parse_pbkdf2_params( const mbedtls_asn1_buf *params,

View file

@ -48,13 +48,7 @@
#include "mbedtls/pkcs12.h" #include "mbedtls/pkcs12.h"
#endif #endif
#if defined(MBEDTLS_PLATFORM_C)
#include "mbedtls/platform.h" #include "mbedtls/platform.h"
#else
#include <stdlib.h>
#define mbedtls_calloc calloc
#define mbedtls_free free
#endif
/* Parameter validation macros based on platform_util.h */ /* Parameter validation macros based on platform_util.h */
#define PK_VALIDATE_RET( cond ) \ #define PK_VALIDATE_RET( cond ) \

View file

@ -48,13 +48,7 @@
#include "psa/crypto.h" #include "psa/crypto.h"
#include "mbedtls/psa_util.h" #include "mbedtls/psa_util.h"
#endif #endif
#if defined(MBEDTLS_PLATFORM_C)
#include "mbedtls/platform.h" #include "mbedtls/platform.h"
#else
#include <stdlib.h>
#define mbedtls_calloc calloc
#define mbedtls_free free
#endif
/* Parameter validation macros based on platform_util.h */ /* Parameter validation macros based on platform_util.h */
#define PK_VALIDATE_RET( cond ) \ #define PK_VALIDATE_RET( cond ) \

View file

@ -28,22 +28,10 @@
#include <string.h> #include <string.h>
#if defined(MBEDTLS_SELF_TEST)
#if defined(MBEDTLS_PLATFORM_C)
#include "mbedtls/platform.h" #include "mbedtls/platform.h"
#else
#include <stdio.h>
#define mbedtls_printf printf
#endif /* MBEDTLS_PLATFORM_C */
#endif /* MBEDTLS_SELF_TEST */
#if !defined(MBEDTLS_POLY1305_ALT) #if !defined(MBEDTLS_POLY1305_ALT)
#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
!defined(inline) && !defined(__cplusplus)
#define inline __inline
#endif
/* Parameter validation macros */ /* Parameter validation macros */
#define POLY1305_VALIDATE_RET( cond ) \ #define POLY1305_VALIDATE_RET( cond ) \
MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA ) MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA )

View file

@ -33,14 +33,7 @@
#include <string.h> #include <string.h>
#if defined(MBEDTLS_SELF_TEST)
#if defined(MBEDTLS_PLATFORM_C)
#include "mbedtls/platform.h" #include "mbedtls/platform.h"
#else
#include <stdio.h>
#define mbedtls_printf printf
#endif /* MBEDTLS_PLATFORM_C */
#endif /* MBEDTLS_SELF_TEST */
#if !defined(MBEDTLS_RIPEMD160_ALT) #if !defined(MBEDTLS_RIPEMD160_ALT)

View file

@ -57,14 +57,7 @@
#include <stdlib.h> #include <stdlib.h>
#endif #endif
#if defined(MBEDTLS_PLATFORM_C)
#include "mbedtls/platform.h" #include "mbedtls/platform.h"
#else
#include <stdio.h>
#define mbedtls_printf printf
#define mbedtls_calloc calloc
#define mbedtls_free free
#endif
#if !defined(MBEDTLS_RSA_ALT) #if !defined(MBEDTLS_RSA_ALT)

View file

@ -32,14 +32,7 @@
#include <string.h> #include <string.h>
#if defined(MBEDTLS_SELF_TEST)
#if defined(MBEDTLS_PLATFORM_C)
#include "mbedtls/platform.h" #include "mbedtls/platform.h"
#else
#include <stdio.h>
#define mbedtls_printf printf
#endif /* MBEDTLS_PLATFORM_C */
#endif /* MBEDTLS_SELF_TEST */
#define SHA1_VALIDATE_RET(cond) \ #define SHA1_VALIDATE_RET(cond) \
MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_SHA1_BAD_INPUT_DATA ) MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_SHA1_BAD_INPUT_DATA )

View file

@ -32,17 +32,7 @@
#include <string.h> #include <string.h>
#if defined(MBEDTLS_SELF_TEST)
#if defined(MBEDTLS_PLATFORM_C)
#include "mbedtls/platform.h" #include "mbedtls/platform.h"
#else
#include <stdio.h>
#include <stdlib.h>
#define mbedtls_printf printf
#define mbedtls_calloc calloc
#define mbedtls_free free
#endif /* MBEDTLS_PLATFORM_C */
#endif /* MBEDTLS_SELF_TEST */
#define SHA256_VALIDATE_RET(cond) \ #define SHA256_VALIDATE_RET(cond) \
MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_SHA256_BAD_INPUT_DATA ) MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_SHA256_BAD_INPUT_DATA )

View file

@ -38,17 +38,7 @@
#include <string.h> #include <string.h>
#if defined(MBEDTLS_SELF_TEST)
#if defined(MBEDTLS_PLATFORM_C)
#include "mbedtls/platform.h" #include "mbedtls/platform.h"
#else
#include <stdio.h>
#include <stdlib.h>
#define mbedtls_printf printf
#define mbedtls_calloc calloc
#define mbedtls_free free
#endif /* MBEDTLS_PLATFORM_C */
#endif /* MBEDTLS_SELF_TEST */
#define SHA512_VALIDATE_RET(cond) \ #define SHA512_VALIDATE_RET(cond) \
MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_SHA512_BAD_INPUT_DATA ) MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_SHA512_BAD_INPUT_DATA )
@ -428,9 +418,11 @@ int mbedtls_sha512_finish_ret( mbedtls_sha512_context *ctx,
sha512_put_uint64_be( ctx->state[4], output, 32 ); sha512_put_uint64_be( ctx->state[4], output, 32 );
sha512_put_uint64_be( ctx->state[5], output, 40 ); sha512_put_uint64_be( ctx->state[5], output, 40 );
int truncated = 0;
#if !defined(MBEDTLS_SHA512_NO_SHA384) #if !defined(MBEDTLS_SHA512_NO_SHA384)
if( ctx->is384 == 0 ) truncated = ctx->is384;
#endif #endif
if( !truncated )
{ {
sha512_put_uint64_be( ctx->state[6], output, 48 ); sha512_put_uint64_be( ctx->state[6], output, 48 );
sha512_put_uint64_be( ctx->state[7], output, 56 ); sha512_put_uint64_be( ctx->state[7], output, 56 );

View file

@ -25,13 +25,7 @@
#if defined(MBEDTLS_SSL_CACHE_C) #if defined(MBEDTLS_SSL_CACHE_C)
#if defined(MBEDTLS_PLATFORM_C)
#include "mbedtls/platform.h" #include "mbedtls/platform.h"
#else
#include <stdlib.h>
#define mbedtls_calloc calloc
#define mbedtls_free free
#endif
#include "mbedtls/ssl_cache.h" #include "mbedtls/ssl_cache.h"
#include "mbedtls/ssl_internal.h" #include "mbedtls/ssl_internal.h"

View file

@ -23,11 +23,7 @@
#if defined(MBEDTLS_SSL_TLS_C) #if defined(MBEDTLS_SSL_TLS_C)
#if defined(MBEDTLS_PLATFORM_C)
#include "mbedtls/platform.h" #include "mbedtls/platform.h"
#else
#include <stdlib.h>
#endif
#include "mbedtls/ssl_ciphersuites.h" #include "mbedtls/ssl_ciphersuites.h"
#include "mbedtls/ssl.h" #include "mbedtls/ssl.h"

View file

@ -21,13 +21,7 @@
#if defined(MBEDTLS_SSL_CLI_C) #if defined(MBEDTLS_SSL_CLI_C)
#if defined(MBEDTLS_PLATFORM_C)
#include "mbedtls/platform.h" #include "mbedtls/platform.h"
#else
#include <stdlib.h>
#define mbedtls_calloc calloc
#define mbedtls_free free
#endif
#include "mbedtls/ssl.h" #include "mbedtls/ssl.h"
#include "mbedtls/ssl_internal.h" #include "mbedtls/ssl_internal.h"
@ -174,7 +168,7 @@ static int ssl_write_renegotiation_ext( mbedtls_ssl_context *ssl,
*olen = 0; *olen = 0;
/* We're always including an TLS_EMPTY_RENEGOTIATION_INFO_SCSV in the /* We're always including a TLS_EMPTY_RENEGOTIATION_INFO_SCSV in the
* initial ClientHello, in which case also adding the renegotiation * initial ClientHello, in which case also adding the renegotiation
* info extension is NOT RECOMMENDED as per RFC 5746 Section 3.4. */ * info extension is NOT RECOMMENDED as per RFC 5746 Section 3.4. */
if( ssl->renego_status != MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS ) if( ssl->renego_status != MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS )
@ -1004,9 +998,12 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl )
return( MBEDTLS_ERR_SSL_NO_RNG ); return( MBEDTLS_ERR_SSL_NO_RNG );
} }
int renegotiating = 0;
#if defined(MBEDTLS_SSL_RENEGOTIATION) #if defined(MBEDTLS_SSL_RENEGOTIATION)
if( ssl->renego_status == MBEDTLS_SSL_INITIAL_HANDSHAKE ) if( ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE )
renegotiating = 1;
#endif #endif
if( !renegotiating )
{ {
ssl->major_ver = ssl->conf->min_major_ver; ssl->major_ver = ssl->conf->min_major_ver;
ssl->minor_ver = ssl->conf->min_minor_ver; ssl->minor_ver = ssl->conf->min_minor_ver;
@ -1092,9 +1089,7 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl )
* RFC 5077 section 3.4: "When presenting a ticket, the client MAY * RFC 5077 section 3.4: "When presenting a ticket, the client MAY
* generate and include a Session ID in the TLS ClientHello." * generate and include a Session ID in the TLS ClientHello."
*/ */
#if defined(MBEDTLS_SSL_RENEGOTIATION) if( !renegotiating )
if( ssl->renego_status == MBEDTLS_SSL_INITIAL_HANDSHAKE )
#endif
{ {
if( ssl->session_negotiate->ticket != NULL && if( ssl->session_negotiate->ticket != NULL &&
ssl->session_negotiate->ticket_len != 0 ) ssl->session_negotiate->ticket_len != 0 )
@ -1209,9 +1204,7 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl )
/* /*
* Add TLS_EMPTY_RENEGOTIATION_INFO_SCSV * Add TLS_EMPTY_RENEGOTIATION_INFO_SCSV
*/ */
#if defined(MBEDTLS_SSL_RENEGOTIATION) if( !renegotiating )
if( ssl->renego_status == MBEDTLS_SSL_INITIAL_HANDSHAKE )
#endif
{ {
MBEDTLS_SSL_DEBUG_MSG( 3, ( "adding EMPTY_RENEGOTIATION_INFO_SCSV" ) ); MBEDTLS_SSL_DEBUG_MSG( 3, ( "adding EMPTY_RENEGOTIATION_INFO_SCSV" ) );
MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 ); MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 );
@ -2062,6 +2055,30 @@ static int ssl_parse_hello_verify_request( mbedtls_ssl_context *ssl )
} }
#endif /* MBEDTLS_SSL_PROTO_DTLS */ #endif /* MBEDTLS_SSL_PROTO_DTLS */
static int is_compression_bad( mbedtls_ssl_context *ssl, unsigned char comp )
{
int bad_comp = 0;
/* Suppress warnings in some configurations */
(void) ssl;
#if defined(MBEDTLS_ZLIB_SUPPORT)
/* See comments in ssl_write_client_hello() */
#if defined(MBEDTLS_SSL_PROTO_DTLS)
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
comp != MBEDTLS_SSL_COMPRESS_NULL )
bad_comp = 1;
#endif
if( comp != MBEDTLS_SSL_COMPRESS_NULL &&
comp != MBEDTLS_SSL_COMPRESS_DEFLATE )
bad_comp = 1;
#else /* MBEDTLS_ZLIB_SUPPORT */
if( comp != MBEDTLS_SSL_COMPRESS_NULL )
bad_comp = 1;
#endif/* MBEDTLS_ZLIB_SUPPORT */
return bad_comp;
}
MBEDTLS_CHECK_RETURN_CRITICAL MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_parse_server_hello( mbedtls_ssl_context *ssl ) static int ssl_parse_server_hello( mbedtls_ssl_context *ssl )
{ {
@ -2070,9 +2087,6 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl )
size_t ext_len; size_t ext_len;
unsigned char *buf, *ext; unsigned char *buf, *ext;
unsigned char comp; unsigned char comp;
#if defined(MBEDTLS_ZLIB_SUPPORT)
int accept_comp;
#endif
#if defined(MBEDTLS_SSL_RENEGOTIATION) #if defined(MBEDTLS_SSL_RENEGOTIATION)
int renegotiation_info_seen = 0; int renegotiation_info_seen = 0;
#endif #endif
@ -2241,20 +2255,7 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl )
*/ */
comp = buf[37 + n]; comp = buf[37 + n];
#if defined(MBEDTLS_ZLIB_SUPPORT) if( is_compression_bad( ssl, comp ) )
/* See comments in ssl_write_client_hello() */
#if defined(MBEDTLS_SSL_PROTO_DTLS)
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
accept_comp = 0;
else
#endif
accept_comp = 1;
if( comp != MBEDTLS_SSL_COMPRESS_NULL &&
( comp != MBEDTLS_SSL_COMPRESS_DEFLATE || accept_comp == 0 ) )
#else /* MBEDTLS_ZLIB_SUPPORT */
if( comp != MBEDTLS_SSL_COMPRESS_NULL )
#endif/* MBEDTLS_ZLIB_SUPPORT */
{ {
MBEDTLS_SSL_DEBUG_MSG( 1, MBEDTLS_SSL_DEBUG_MSG( 1,
( "server hello, bad compression: %d", comp ) ); ( "server hello, bad compression: %d", comp ) );
@ -2687,7 +2688,7 @@ static int ssl_check_server_ecdh_params( const mbedtls_ssl_context *ssl )
grp_id = ssl->handshake->ecdh_ctx.grp.id; grp_id = ssl->handshake->ecdh_ctx.grp.id;
#else #else
grp_id = ssl->handshake->ecdh_ctx.grp_id; grp_id = ssl->handshake->ecdh_ctx.grp_id;
#endif #endif /* MBEDTLS_ECDH_LEGACY_CONTEXT */
curve_info = mbedtls_ecp_curve_info_from_grp_id( grp_id ); curve_info = mbedtls_ecp_curve_info_from_grp_id( grp_id );
if( curve_info == NULL ) if( curve_info == NULL )
@ -2700,11 +2701,12 @@ static int ssl_check_server_ecdh_params( const mbedtls_ssl_context *ssl )
#if defined(MBEDTLS_ECP_C) #if defined(MBEDTLS_ECP_C)
if( mbedtls_ssl_check_curve( ssl, grp_id ) != 0 ) if( mbedtls_ssl_check_curve( ssl, grp_id ) != 0 )
return( -1 );
#else #else
if( ssl->handshake->ecdh_ctx.grp.nbits < 163 || if( ssl->handshake->ecdh_ctx.grp.nbits < 163 ||
ssl->handshake->ecdh_ctx.grp.nbits > 521 ) ssl->handshake->ecdh_ctx.grp.nbits > 521 )
#endif
return( -1 ); return( -1 );
#endif /* MBEDTLS_ECP_C */
MBEDTLS_SSL_DEBUG_ECDH( 3, &ssl->handshake->ecdh_ctx, MBEDTLS_SSL_DEBUG_ECDH( 3, &ssl->handshake->ecdh_ctx,
MBEDTLS_DEBUG_ECDH_QP ); MBEDTLS_DEBUG_ECDH_QP );
@ -2858,8 +2860,8 @@ static int ssl_parse_server_psk_hint( mbedtls_ssl_context *ssl,
} }
/* /*
* Note: we currently ignore the PKS identity hint, as we only allow one * Note: we currently ignore the PSK identity hint, as we only allow one
* PSK to be provisionned on the client. This could be changed later if * PSK to be provisioned on the client. This could be changed later if
* someone needs that feature. * someone needs that feature.
*/ */
*p += len; *p += len;
@ -3452,23 +3454,23 @@ start_processing:
#if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED) #if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED)
if( ssl->handshake->ecrs_enabled ) if( ssl->handshake->ecrs_enabled )
rs_ctx = &ssl->handshake->ecrs_ctx.pk; rs_ctx = &ssl->handshake->ecrs_ctx.pk;
#endif #endif /* MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED */
if( ( ret = mbedtls_pk_verify_restartable( peer_pk, if( ( ret = mbedtls_pk_verify_restartable( peer_pk,
md_alg, hash, hashlen, p, sig_len, rs_ctx ) ) != 0 ) md_alg, hash, hashlen, p, sig_len, rs_ctx ) ) != 0 )
{ {
#if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED) #if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED)
if( ret != MBEDTLS_ERR_ECP_IN_PROGRESS ) if( ret == MBEDTLS_ERR_ECP_IN_PROGRESS )
#endif {
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_pk_verify", ret );
return( MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS );
}
#endif /* MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED */
mbedtls_ssl_send_alert_message( mbedtls_ssl_send_alert_message(
ssl, ssl,
MBEDTLS_SSL_ALERT_LEVEL_FATAL, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
MBEDTLS_SSL_ALERT_MSG_DECRYPT_ERROR ); MBEDTLS_SSL_ALERT_MSG_DECRYPT_ERROR );
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_pk_verify", ret ); MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_pk_verify", ret );
#if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED)
if( ret == MBEDTLS_ERR_ECP_IN_PROGRESS )
ret = MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS;
#endif
return( ret ); return( ret );
} }

View file

@ -25,12 +25,7 @@
#if defined(MBEDTLS_SSL_COOKIE_C) #if defined(MBEDTLS_SSL_COOKIE_C)
#if defined(MBEDTLS_PLATFORM_C)
#include "mbedtls/platform.h" #include "mbedtls/platform.h"
#else
#define mbedtls_calloc calloc
#define mbedtls_free free
#endif
#include "mbedtls/ssl_cookie.h" #include "mbedtls/ssl_cookie.h"
#include "mbedtls/ssl_internal.h" #include "mbedtls/ssl_internal.h"

View file

@ -30,13 +30,7 @@
#if defined(MBEDTLS_SSL_TLS_C) #if defined(MBEDTLS_SSL_TLS_C)
#if defined(MBEDTLS_PLATFORM_C)
#include "mbedtls/platform.h" #include "mbedtls/platform.h"
#else
#include <stdlib.h>
#define mbedtls_calloc calloc
#define mbedtls_free free
#endif
#include "mbedtls/ssl.h" #include "mbedtls/ssl.h"
#include "mbedtls/ssl_internal.h" #include "mbedtls/ssl_internal.h"
@ -441,9 +435,12 @@ static void ssl_extract_add_data_from_record( unsigned char* add_data,
unsigned char *cur = add_data; unsigned char *cur = add_data;
int is_tls13 = 0;
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) #if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
if( minor_ver != MBEDTLS_SSL_MINOR_VERSION_4 ) if( minor_ver == MBEDTLS_SSL_MINOR_VERSION_4 )
is_tls13 = 1;
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ #endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
if( !is_tls13 )
{ {
((void) minor_ver); ((void) minor_ver);
memcpy( cur, rec->ctr, sizeof( rec->ctr ) ); memcpy( cur, rec->ctr, sizeof( rec->ctr ) );
@ -1887,8 +1884,7 @@ int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want )
if( ssl->f_recv == NULL && ssl->f_recv_timeout == NULL ) if( ssl->f_recv == NULL && ssl->f_recv_timeout == NULL )
{ {
MBEDTLS_SSL_DEBUG_MSG( 1, ( "Bad usage of mbedtls_ssl_set_bio() " MBEDTLS_SSL_DEBUG_MSG( 1, ( "Bad usage of mbedtls_ssl_set_bio() " ) );
"or mbedtls_ssl_set_bio()" ) );
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
} }
@ -2103,8 +2099,7 @@ int mbedtls_ssl_flush_output( mbedtls_ssl_context *ssl )
if( ssl->f_send == NULL ) if( ssl->f_send == NULL )
{ {
MBEDTLS_SSL_DEBUG_MSG( 1, ( "Bad usage of mbedtls_ssl_set_bio() " MBEDTLS_SSL_DEBUG_MSG( 1, ( "Bad usage of mbedtls_ssl_set_bio() " ) );
"or mbedtls_ssl_set_bio()" ) );
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
} }
@ -3950,8 +3945,8 @@ int mbedtls_ssl_read_record( mbedtls_ssl_context *ssl,
if( ssl_record_is_in_progress( ssl ) == 0 ) if( ssl_record_is_in_progress( ssl ) == 0 )
{ {
int dtls_have_buffered = 0;
#if defined(MBEDTLS_SSL_PROTO_DTLS) #if defined(MBEDTLS_SSL_PROTO_DTLS)
int have_buffered = 0;
/* We only check for buffered messages if the /* We only check for buffered messages if the
* current datagram is fully consumed. */ * current datagram is fully consumed. */
@ -3959,11 +3954,11 @@ int mbedtls_ssl_read_record( mbedtls_ssl_context *ssl,
ssl_next_record_is_in_datagram( ssl ) == 0 ) ssl_next_record_is_in_datagram( ssl ) == 0 )
{ {
if( ssl_load_buffered_message( ssl ) == 0 ) if( ssl_load_buffered_message( ssl ) == 0 )
have_buffered = 1; dtls_have_buffered = 1;
} }
if( have_buffered == 0 )
#endif /* MBEDTLS_SSL_PROTO_DTLS */ #endif /* MBEDTLS_SSL_PROTO_DTLS */
if( dtls_have_buffered == 0 )
{ {
ret = ssl_get_next_record( ssl ); ret = ssl_get_next_record( ssl );
if( ret == MBEDTLS_ERR_SSL_CONTINUE_PROCESSING ) if( ret == MBEDTLS_ERR_SSL_CONTINUE_PROCESSING )
@ -4037,7 +4032,7 @@ static int ssl_load_buffered_message( mbedtls_ssl_context *ssl )
if( hs == NULL ) if( hs == NULL )
return( -1 ); return( -1 );
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> ssl_load_buffered_messsage" ) ); MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> ssl_load_buffered_message" ) );
if( ssl->state == MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC || if( ssl->state == MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC ||
ssl->state == MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC ) ssl->state == MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC )

View file

@ -21,13 +21,7 @@
#if defined(MBEDTLS_SSL_SRV_C) #if defined(MBEDTLS_SSL_SRV_C)
#if defined(MBEDTLS_PLATFORM_C)
#include "mbedtls/platform.h" #include "mbedtls/platform.h"
#else
#include <stdlib.h>
#define mbedtls_calloc calloc
#define mbedtls_free free
#endif
#include "mbedtls/ssl.h" #include "mbedtls/ssl.h"
#include "mbedtls/ssl_internal.h" #include "mbedtls/ssl_internal.h"
@ -1460,6 +1454,7 @@ static int ssl_parse_client_hello( mbedtls_ssl_context *ssl )
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse client hello" ) ); MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse client hello" ) );
int renegotiating = 0;
#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
read_record_header: read_record_header:
#endif #endif
@ -1469,8 +1464,10 @@ read_record_header:
* ClientHello, which doesn't use the same record layer format. * ClientHello, which doesn't use the same record layer format.
*/ */
#if defined(MBEDTLS_SSL_RENEGOTIATION) #if defined(MBEDTLS_SSL_RENEGOTIATION)
if( ssl->renego_status == MBEDTLS_SSL_INITIAL_HANDSHAKE ) if( ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE )
renegotiating = 1;
#endif #endif
if( !renegotiating )
{ {
if( ( ret = mbedtls_ssl_fetch_input( ssl, 5 ) ) != 0 ) if( ( ret = mbedtls_ssl_fetch_input( ssl, 5 ) ) != 0 )
{ {
@ -1483,9 +1480,12 @@ read_record_header:
buf = ssl->in_hdr; buf = ssl->in_hdr;
#if defined(MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO) #if defined(MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO)
int is_dtls = 0;
#if defined(MBEDTLS_SSL_PROTO_DTLS) #if defined(MBEDTLS_SSL_PROTO_DTLS)
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_STREAM ) if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
is_dtls = 1;
#endif #endif
if( !is_dtls )
if( ( buf[0] & 0x80 ) != 0 ) if( ( buf[0] & 0x80 ) != 0 )
return( ssl_parse_client_hello_v2( ssl ) ); return( ssl_parse_client_hello_v2( ssl ) );
#endif #endif
@ -3903,8 +3903,14 @@ static int ssl_decrypt_encrypted_pms( mbedtls_ssl_context *ssl,
size_t peer_pmssize ) size_t peer_pmssize )
{ {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_x509_crt *own_cert = mbedtls_ssl_own_cert( ssl );
if( own_cert == NULL ) {
MBEDTLS_SSL_DEBUG_MSG( 1, ( "got no local certificate" ) );
return( MBEDTLS_ERR_SSL_NO_CLIENT_CERTIFICATE );
}
mbedtls_pk_context *public_key = &own_cert->pk;
mbedtls_pk_context *private_key = mbedtls_ssl_own_key( ssl ); mbedtls_pk_context *private_key = mbedtls_ssl_own_key( ssl );
mbedtls_pk_context *public_key = &mbedtls_ssl_own_cert( ssl )->pk;
size_t len = mbedtls_pk_get_len( public_key ); size_t len = mbedtls_pk_get_len( public_key );
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE) #if defined(MBEDTLS_SSL_ASYNC_PRIVATE)

View file

@ -21,13 +21,7 @@
#if defined(MBEDTLS_SSL_TICKET_C) #if defined(MBEDTLS_SSL_TICKET_C)
#if defined(MBEDTLS_PLATFORM_C)
#include "mbedtls/platform.h" #include "mbedtls/platform.h"
#else
#include <stdlib.h>
#define mbedtls_calloc calloc
#define mbedtls_free free
#endif
#include "mbedtls/ssl_internal.h" #include "mbedtls/ssl_internal.h"
#include "mbedtls/ssl_ticket.h" #include "mbedtls/ssl_ticket.h"
@ -152,26 +146,44 @@ int mbedtls_ssl_ticket_setup( mbedtls_ssl_ticket_context *ctx,
if( cipher_info->key_bitlen > 8 * MAX_KEY_BYTES ) if( cipher_info->key_bitlen > 8 * MAX_KEY_BYTES )
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
int do_mbedtls_cipher_setup = 1;
#if defined(MBEDTLS_USE_PSA_CRYPTO) #if defined(MBEDTLS_USE_PSA_CRYPTO)
ret = mbedtls_cipher_setup_psa( &ctx->keys[0].ctx, ret = mbedtls_cipher_setup_psa( &ctx->keys[0].ctx,
cipher_info, TICKET_AUTH_TAG_BYTES ); cipher_info, TICKET_AUTH_TAG_BYTES );
if( ret != 0 && ret != MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE )
return( ret ); switch( ret )
{
case 0:
do_mbedtls_cipher_setup = 0;
break;
case MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE:
/* We don't yet expect to support all ciphers through PSA, /* We don't yet expect to support all ciphers through PSA,
* so allow fallback to ordinary mbedtls_cipher_setup(). */ * so allow fallback to ordinary mbedtls_cipher_setup(). */
if( ret == MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE ) do_mbedtls_cipher_setup = 1;
break;
default:
return( ret );
}
#endif /* MBEDTLS_USE_PSA_CRYPTO */ #endif /* MBEDTLS_USE_PSA_CRYPTO */
if( ( ret = mbedtls_cipher_setup( &ctx->keys[0].ctx, cipher_info ) ) != 0 ) if( do_mbedtls_cipher_setup )
if( ( ret = mbedtls_cipher_setup( &ctx->keys[0].ctx, cipher_info ) )
!= 0 )
return( ret ); return( ret );
do_mbedtls_cipher_setup = 1;
#if defined(MBEDTLS_USE_PSA_CRYPTO) #if defined(MBEDTLS_USE_PSA_CRYPTO)
do_mbedtls_cipher_setup = 0;
ret = mbedtls_cipher_setup_psa( &ctx->keys[1].ctx, ret = mbedtls_cipher_setup_psa( &ctx->keys[1].ctx,
cipher_info, TICKET_AUTH_TAG_BYTES ); cipher_info, TICKET_AUTH_TAG_BYTES );
if( ret != 0 && ret != MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE ) if( ret != 0 && ret != MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE )
return( ret ); return( ret );
if( ret == MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE ) if( ret == MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE )
do_mbedtls_cipher_setup = 1;
#endif /* MBEDTLS_USE_PSA_CRYPTO */ #endif /* MBEDTLS_USE_PSA_CRYPTO */
if( ( ret = mbedtls_cipher_setup( &ctx->keys[1].ctx, cipher_info ) ) != 0 ) if( do_mbedtls_cipher_setup )
if( ( ret = mbedtls_cipher_setup( &ctx->keys[1].ctx, cipher_info ) )
!= 0 )
return( ret ); return( ret );
if( ( ret = ssl_ticket_gen_key( ctx, 0 ) ) != 0 || if( ( ret = ssl_ticket_gen_key( ctx, 0 ) ) != 0 ||

View file

@ -29,13 +29,7 @@
#if defined(MBEDTLS_SSL_TLS_C) #if defined(MBEDTLS_SSL_TLS_C)
#if defined(MBEDTLS_PLATFORM_C)
#include "mbedtls/platform.h" #include "mbedtls/platform.h"
#else
#include <stdlib.h>
#define mbedtls_calloc calloc
#define mbedtls_free free
#endif
#include "mbedtls/ssl.h" #include "mbedtls/ssl.h"
#include "mbedtls/ssl_internal.h" #include "mbedtls/ssl_internal.h"
@ -766,7 +760,9 @@ static int tls_prf_generic( mbedtls_md_type_t md_type,
exit: exit:
mbedtls_md_free( &md_ctx ); mbedtls_md_free( &md_ctx );
if ( tmp != NULL )
mbedtls_platform_zeroize( tmp, tmp_len ); mbedtls_platform_zeroize( tmp, tmp_len );
mbedtls_platform_zeroize( h_i, sizeof( h_i ) ); mbedtls_platform_zeroize( h_i, sizeof( h_i ) );
mbedtls_free( tmp ); mbedtls_free( tmp );
@ -985,6 +981,7 @@ static int ssl_populate_transform( mbedtls_ssl_transform *transform,
#if defined(MBEDTLS_USE_PSA_CRYPTO) #if defined(MBEDTLS_USE_PSA_CRYPTO)
int psa_fallthrough; int psa_fallthrough;
#endif /* MBEDTLS_USE_PSA_CRYPTO */ #endif /* MBEDTLS_USE_PSA_CRYPTO */
int do_mbedtls_cipher_setup;
unsigned char keyblk[256]; unsigned char keyblk[256];
unsigned char *key1; unsigned char *key1;
unsigned char *key2; unsigned char *key2;
@ -1363,6 +1360,7 @@ static int ssl_populate_transform( mbedtls_ssl_transform *transform,
} }
#endif #endif
do_mbedtls_cipher_setup = 1;
#if defined(MBEDTLS_USE_PSA_CRYPTO) #if defined(MBEDTLS_USE_PSA_CRYPTO)
/* Only use PSA-based ciphers for TLS-1.2. /* Only use PSA-based ciphers for TLS-1.2.
@ -1398,15 +1396,18 @@ static int ssl_populate_transform( mbedtls_ssl_transform *transform,
psa_fallthrough = 1; psa_fallthrough = 1;
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
if( psa_fallthrough == 1 ) if( psa_fallthrough == 0 )
do_mbedtls_cipher_setup = 0;
#endif /* MBEDTLS_USE_PSA_CRYPTO */ #endif /* MBEDTLS_USE_PSA_CRYPTO */
if( ( ret = mbedtls_cipher_setup( &transform->cipher_ctx_enc, if( do_mbedtls_cipher_setup &&
( ret = mbedtls_cipher_setup( &transform->cipher_ctx_enc,
cipher_info ) ) != 0 ) cipher_info ) ) != 0 )
{ {
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setup", ret ); MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setup", ret );
goto end; goto end;
} }
do_mbedtls_cipher_setup = 1;
#if defined(MBEDTLS_USE_PSA_CRYPTO) #if defined(MBEDTLS_USE_PSA_CRYPTO)
/* Only use PSA-based ciphers for TLS-1.2. /* Only use PSA-based ciphers for TLS-1.2.
* That's relevant at least for TLS-1.0, where * That's relevant at least for TLS-1.0, where
@ -1441,9 +1442,11 @@ static int ssl_populate_transform( mbedtls_ssl_transform *transform,
psa_fallthrough = 1; psa_fallthrough = 1;
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
if( psa_fallthrough == 1 ) if( psa_fallthrough == 0 )
do_mbedtls_cipher_setup = 0;
#endif /* MBEDTLS_USE_PSA_CRYPTO */ #endif /* MBEDTLS_USE_PSA_CRYPTO */
if( ( ret = mbedtls_cipher_setup( &transform->cipher_ctx_dec, if( do_mbedtls_cipher_setup &&
( ret = mbedtls_cipher_setup( &transform->cipher_ctx_dec,
cipher_info ) ) != 0 ) cipher_info ) ) != 0 )
{ {
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setup", ret ); MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setup", ret );
@ -3411,7 +3414,7 @@ static void ssl_calc_finished_tls_sha384(
sha512.state, sizeof( sha512.state ) ); sha512.state, sizeof( sha512.state ) );
#endif #endif
/* mbedtls_sha512_finish_ret's output parameter is declared as a /* mbedtls_sha512_finish_ret's output parameter is declared as a
* 64-byte buffer, but sice we're using SHA-384, we know that the * 64-byte buffer, but since we're using SHA-384, we know that the
* output fits in 48 bytes. This is correct C, but GCC 11.1 warns * output fits in 48 bytes. This is correct C, but GCC 11.1 warns
* about it. * about it.
*/ */
@ -4089,9 +4092,12 @@ int mbedtls_ssl_session_reset_int( mbedtls_ssl_context *ssl, int partial )
memset( ssl->out_buf, 0, out_buf_len ); memset( ssl->out_buf, 0, out_buf_len );
int clear_in_buf = 1;
#if defined(MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE) && defined(MBEDTLS_SSL_SRV_C) #if defined(MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE) && defined(MBEDTLS_SSL_SRV_C)
if( partial == 0 ) if( partial != 0 )
clear_in_buf = 0;
#endif /* MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE && MBEDTLS_SSL_SRV_C */ #endif /* MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE && MBEDTLS_SSL_SRV_C */
if( clear_in_buf )
{ {
ssl->in_left = 0; ssl->in_left = 0;
memset( ssl->in_buf, 0, in_buf_len ); memset( ssl->in_buf, 0, in_buf_len );
@ -4128,9 +4134,12 @@ int mbedtls_ssl_session_reset_int( mbedtls_ssl_context *ssl, int partial )
#endif #endif
#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C) #if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C)
int free_cli_id = 1;
#if defined(MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE) #if defined(MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE)
if( partial == 0 ) if( partial != 0 )
free_cli_id = 0;
#endif #endif
if( free_cli_id )
{ {
mbedtls_free( ssl->cli_id ); mbedtls_free( ssl->cli_id );
ssl->cli_id = NULL; ssl->cli_id = NULL;
@ -4471,7 +4480,7 @@ static void ssl_conf_remove_psk( mbedtls_ssl_config *conf )
conf->psk_opaque = MBEDTLS_SVC_KEY_ID_INIT; conf->psk_opaque = MBEDTLS_SVC_KEY_ID_INIT;
} }
/* This and the following branch should never /* This and the following branch should never
* be taken simultaenously as we maintain the * be taken simultaneously as we maintain the
* invariant that raw and opaque PSKs are never * invariant that raw and opaque PSKs are never
* configured simultaneously. As a safeguard, * configured simultaneously. As a safeguard,
* though, `else` is omitted here. */ * though, `else` is omitted here. */
@ -6335,7 +6344,7 @@ int mbedtls_ssl_context_save( mbedtls_ssl_context *ssl,
MBEDTLS_SSL_DEBUG_MSG( 1, ( "There is pending outgoing data" ) ); MBEDTLS_SSL_DEBUG_MSG( 1, ( "There is pending outgoing data" ) );
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
} }
/* Protocol must be DLTS, not TLS */ /* Protocol must be DTLS, not TLS */
if( ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM ) if( ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM )
{ {
MBEDTLS_SSL_DEBUG_MSG( 1, ( "Only DTLS is supported" ) ); MBEDTLS_SSL_DEBUG_MSG( 1, ( "Only DTLS is supported" ) );
@ -6510,24 +6519,41 @@ int mbedtls_ssl_context_save( mbedtls_ssl_context *ssl,
* Helper to get TLS 1.2 PRF from ciphersuite * Helper to get TLS 1.2 PRF from ciphersuite
* (Duplicates bits of logic from ssl_set_handshake_prfs().) * (Duplicates bits of logic from ssl_set_handshake_prfs().)
*/ */
#if defined(MBEDTLS_SHA256_C) || \
(defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_SHA512_NO_SHA384))
typedef int (*tls_prf_fn)( const unsigned char *secret, size_t slen, typedef int (*tls_prf_fn)( const unsigned char *secret, size_t slen,
const char *label, const char *label,
const unsigned char *random, size_t rlen, const unsigned char *random, size_t rlen,
unsigned char *dstbuf, size_t dlen ); unsigned char *dstbuf, size_t dlen );
static tls_prf_fn ssl_tls12prf_from_cs( int ciphersuite_id ) static tls_prf_fn ssl_tls12prf_from_cs( int ciphersuite_id )
{ {
#if defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_SHA512_NO_SHA384)
const mbedtls_ssl_ciphersuite_t * const ciphersuite_info = const mbedtls_ssl_ciphersuite_t * const ciphersuite_info =
mbedtls_ssl_ciphersuite_from_id( ciphersuite_id ); mbedtls_ssl_ciphersuite_from_id( ciphersuite_id );
if( ciphersuite_info == NULL )
return( NULL );
#if defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_SHA512_NO_SHA384)
if( ciphersuite_info->mac == MBEDTLS_MD_SHA384 ) if( ciphersuite_info->mac == MBEDTLS_MD_SHA384 )
return( tls_prf_sha384 ); return( tls_prf_sha384 );
#else else
(void) ciphersuite_id;
#endif #endif
#if defined(MBEDTLS_SHA256_C)
{
if( ciphersuite_info->mac == MBEDTLS_MD_SHA256 )
return( tls_prf_sha256 ); return( tls_prf_sha256 );
}
#endif
#if !defined(MBEDTLS_SHA256_C) && \
(!defined(MBEDTLS_SHA512_C) || defined(MBEDTLS_SHA512_NO_SHA384))
(void) ciphersuite_info;
#endif
return( NULL );
} }
#endif /* MBEDTLS_SHA256_C ||
(MBEDTLS_SHA512_C && !MBEDTLS_SHA512_NO_SHA384) */
/* /*
* Deserialize context, see mbedtls_ssl_context_save() for format. * Deserialize context, see mbedtls_ssl_context_save() for format.
* *
@ -6543,6 +6569,7 @@ static int ssl_context_load( mbedtls_ssl_context *ssl,
const unsigned char * const end = buf + len; const unsigned char * const end = buf + len;
size_t session_len; size_t session_len;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
tls_prf_fn prf_func = NULL;
/* /*
* The context should have been freshly setup or reset. * The context should have been freshly setup or reset.
@ -6630,6 +6657,10 @@ static int ssl_context_load( mbedtls_ssl_context *ssl,
ssl->transform_out = ssl->transform; ssl->transform_out = ssl->transform;
ssl->transform_negotiate = NULL; ssl->transform_negotiate = NULL;
prf_func = ssl_tls12prf_from_cs( ssl->session->ciphersuite );
if( prf_func == NULL )
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
/* Read random bytes and populate structure */ /* Read random bytes and populate structure */
if( (size_t)( end - p ) < sizeof( ssl->transform->randbytes ) ) if( (size_t)( end - p ) < sizeof( ssl->transform->randbytes ) )
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
@ -6648,7 +6679,7 @@ static int ssl_context_load( mbedtls_ssl_context *ssl,
#if defined(MBEDTLS_ZLIB_SUPPORT) #if defined(MBEDTLS_ZLIB_SUPPORT)
ssl->session->compression, ssl->session->compression,
#endif #endif
ssl_tls12prf_from_cs( ssl->session->ciphersuite ), prf_func,
p, /* currently pointing to randbytes */ p, /* currently pointing to randbytes */
MBEDTLS_SSL_MINOR_VERSION_3, /* (D)TLS 1.2 is forced */ MBEDTLS_SSL_MINOR_VERSION_3, /* (D)TLS 1.2 is forced */
ssl->conf->endpoint, ssl->conf->endpoint,
@ -6921,7 +6952,7 @@ void mbedtls_ssl_free( mbedtls_ssl_context *ssl )
} }
/* /*
* Initialze mbedtls_ssl_config * Initialize mbedtls_ssl_config
*/ */
void mbedtls_ssl_config_init( mbedtls_ssl_config *conf ) void mbedtls_ssl_config_init( mbedtls_ssl_config *conf )
{ {

View file

@ -24,6 +24,7 @@
#include "mbedtls/hkdf.h" #include "mbedtls/hkdf.h"
#include "mbedtls/ssl_internal.h" #include "mbedtls/ssl_internal.h"
#include "ssl_tls13_keys.h" #include "ssl_tls13_keys.h"
#include "psa/crypto_sizes.h"
#include <stdint.h> #include <stdint.h>
#include <string.h> #include <string.h>
@ -31,6 +32,9 @@
#define MBEDTLS_SSL_TLS1_3_LABEL( name, string ) \ #define MBEDTLS_SSL_TLS1_3_LABEL( name, string ) \
.name = string, .name = string,
#define TLS1_3_EVOLVE_INPUT_SIZE ( PSA_HASH_MAX_SIZE > PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE ) ? \
PSA_HASH_MAX_SIZE : PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE
struct mbedtls_ssl_tls1_3_labels_struct const mbedtls_ssl_tls1_3_labels = struct mbedtls_ssl_tls1_3_labels_struct const mbedtls_ssl_tls1_3_labels =
{ {
/* This seems to work in C, despite the string literal being one /* This seems to work in C, despite the string literal being one
@ -292,8 +296,8 @@ int mbedtls_ssl_tls1_3_evolve_secret(
{ {
int ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR; int ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR;
size_t hlen, ilen; size_t hlen, ilen;
unsigned char tmp_secret[ MBEDTLS_MD_MAX_SIZE ] = { 0 }; unsigned char tmp_secret[ PSA_MAC_MAX_SIZE ] = { 0 };
unsigned char tmp_input [ MBEDTLS_MD_MAX_SIZE ] = { 0 }; unsigned char tmp_input [ TLS1_3_EVOLVE_INPUT_SIZE ] = { 0 };
const mbedtls_md_info_t *md; const mbedtls_md_info_t *md;
md = mbedtls_md_info_from_type( hash_alg ); md = mbedtls_md_info_from_type( hash_alg );

View file

@ -19,12 +19,7 @@
#include "common.h" #include "common.h"
#if defined(MBEDTLS_SELF_TEST) && defined(MBEDTLS_PLATFORM_C)
#include "mbedtls/platform.h" #include "mbedtls/platform.h"
#else
#include <stdio.h>
#define mbedtls_printf printf
#endif
#if defined(MBEDTLS_TIMING_C) #if defined(MBEDTLS_TIMING_C)
@ -269,7 +264,7 @@ static void TimerProc( void *TimerContext )
Sleep( alarmMs ); Sleep( alarmMs );
mbedtls_timing_alarmed = 1; mbedtls_timing_alarmed = 1;
/* _endthread will be called implicitly on return /* _endthread will be called implicitly on return
* That ensures execution of thread funcition's epilogue */ * That ensures execution of thread function's epilogue */
} }
void mbedtls_set_alarm( int seconds ) void mbedtls_set_alarm( int seconds )

View file

@ -43,16 +43,7 @@
#include "mbedtls/pem.h" #include "mbedtls/pem.h"
#endif #endif
#if defined(MBEDTLS_PLATFORM_C)
#include "mbedtls/platform.h" #include "mbedtls/platform.h"
#else
#include <stdio.h>
#include <stdlib.h>
#define mbedtls_free free
#define mbedtls_calloc calloc
#define mbedtls_printf printf
#define mbedtls_snprintf snprintf
#endif
#if defined(MBEDTLS_HAVE_TIME) #if defined(MBEDTLS_HAVE_TIME)
#include "mbedtls/platform_time.h" #include "mbedtls/platform_time.h"
@ -198,7 +189,7 @@ static int x509_get_hash_alg( const mbedtls_x509_buf *alg, mbedtls_md_type_t *md
* *
* RFC 4055 (which defines use of RSASSA-PSS in PKIX) states that the value * RFC 4055 (which defines use of RSASSA-PSS in PKIX) states that the value
* of trailerField MUST be 1, and PKCS#1 v2.2 doesn't even define any other * of trailerField MUST be 1, and PKCS#1 v2.2 doesn't even define any other
* option. Enfore this at parsing time. * option. Enforce this at parsing time.
*/ */
int mbedtls_x509_get_rsassa_pss_params( const mbedtls_x509_buf *params, int mbedtls_x509_get_rsassa_pss_params( const mbedtls_x509_buf *params,
mbedtls_md_type_t *md_alg, mbedtls_md_type_t *mgf_md, mbedtls_md_type_t *md_alg, mbedtls_md_type_t *mgf_md,
@ -424,6 +415,11 @@ static int x509_get_attr_type_value( unsigned char **p,
* For the general case we still use a flat list, but we mark elements of the * For the general case we still use a flat list, but we mark elements of the
* same set so that they are "merged" together in the functions that consume * same set so that they are "merged" together in the functions that consume
* this list, eg mbedtls_x509_dn_gets(). * this list, eg mbedtls_x509_dn_gets().
*
* On success, this function may allocate a linked list starting at cur->next
* that must later be free'd by the caller using mbedtls_free(). In error
* cases, this function frees all allocated memory internally and the caller
* has no freeing responsibilities.
*/ */
int mbedtls_x509_get_name( unsigned char **p, const unsigned char *end, int mbedtls_x509_get_name( unsigned char **p, const unsigned char *end,
mbedtls_x509_name *cur ) mbedtls_x509_name *cur )
@ -431,6 +427,8 @@ int mbedtls_x509_get_name( unsigned char **p, const unsigned char *end,
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t set_len; size_t set_len;
const unsigned char *end_set; const unsigned char *end_set;
mbedtls_x509_name *head = cur;
mbedtls_x509_name *prev, *allocated;
/* don't use recursion, we'd risk stack overflow if not optimized */ /* don't use recursion, we'd risk stack overflow if not optimized */
while( 1 ) while( 1 )
@ -440,14 +438,17 @@ int mbedtls_x509_get_name( unsigned char **p, const unsigned char *end,
*/ */
if( ( ret = mbedtls_asn1_get_tag( p, end, &set_len, if( ( ret = mbedtls_asn1_get_tag( p, end, &set_len,
MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SET ) ) != 0 ) MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SET ) ) != 0 )
return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_NAME, ret ) ); {
ret = MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_NAME, ret );
goto error;
}
end_set = *p + set_len; end_set = *p + set_len;
while( 1 ) while( 1 )
{ {
if( ( ret = x509_get_attr_type_value( p, end_set, cur ) ) != 0 ) if( ( ret = x509_get_attr_type_value( p, end_set, cur ) ) != 0 )
return( ret ); goto error;
if( *p == end_set ) if( *p == end_set )
break; break;
@ -458,7 +459,10 @@ int mbedtls_x509_get_name( unsigned char **p, const unsigned char *end,
cur->next = mbedtls_calloc( 1, sizeof( mbedtls_x509_name ) ); cur->next = mbedtls_calloc( 1, sizeof( mbedtls_x509_name ) );
if( cur->next == NULL ) if( cur->next == NULL )
return( MBEDTLS_ERR_X509_ALLOC_FAILED ); {
ret = MBEDTLS_ERR_X509_ALLOC_FAILED;
goto error;
}
cur = cur->next; cur = cur->next;
} }
@ -472,10 +476,30 @@ int mbedtls_x509_get_name( unsigned char **p, const unsigned char *end,
cur->next = mbedtls_calloc( 1, sizeof( mbedtls_x509_name ) ); cur->next = mbedtls_calloc( 1, sizeof( mbedtls_x509_name ) );
if( cur->next == NULL ) if( cur->next == NULL )
return( MBEDTLS_ERR_X509_ALLOC_FAILED ); {
ret = MBEDTLS_ERR_X509_ALLOC_FAILED;
goto error;
}
cur = cur->next; cur = cur->next;
} }
error:
/* Skip the first element as we did not allocate it */
allocated = head->next;
while( allocated != NULL )
{
prev = allocated;
allocated = allocated->next;
mbedtls_platform_zeroize( prev, sizeof( *prev ) );
mbedtls_free( prev );
}
mbedtls_platform_zeroize( head, sizeof( *head ) );
return( ret );
} }
static int x509_parse_int( unsigned char **p, size_t n, int *res ) static int x509_parse_int( unsigned char **p, size_t n, int *res )

View file

@ -1,5 +1,5 @@
/* /*
* X.509 Certidicate Revocation List (CRL) parsing * X.509 Certificate Revocation List (CRL) parsing
* *
* Copyright The Mbed TLS Contributors * Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 * SPDX-License-Identifier: Apache-2.0
@ -42,15 +42,7 @@
#include "mbedtls/pem.h" #include "mbedtls/pem.h"
#endif #endif
#if defined(MBEDTLS_PLATFORM_C)
#include "mbedtls/platform.h" #include "mbedtls/platform.h"
#else
#include <stdlib.h>
#include <stdio.h>
#define mbedtls_free free
#define mbedtls_calloc calloc
#define mbedtls_snprintf snprintf
#endif
#if defined(MBEDTLS_HAVE_TIME) #if defined(MBEDTLS_HAVE_TIME)
#if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32) #if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)

View file

@ -49,15 +49,7 @@
#include "mbedtls/psa_util.h" #include "mbedtls/psa_util.h"
#endif #endif
#if defined(MBEDTLS_PLATFORM_C)
#include "mbedtls/platform.h" #include "mbedtls/platform.h"
#else
#include <stdio.h>
#include <stdlib.h>
#define mbedtls_free free
#define mbedtls_calloc calloc
#define mbedtls_snprintf snprintf
#endif
#if defined(MBEDTLS_THREADING_C) #if defined(MBEDTLS_THREADING_C)
#include "mbedtls/threading.h" #include "mbedtls/threading.h"
@ -90,6 +82,7 @@
#include <sys/types.h> #include <sys/types.h>
#include <sys/stat.h> #include <sys/stat.h>
#include <dirent.h> #include <dirent.h>
#include <errno.h>
#endif /* !_WIN32 || EFIX64 || EFI32 */ #endif /* !_WIN32 || EFIX64 || EFI32 */
#endif #endif
@ -1278,9 +1271,12 @@ static int x509_crt_parse_der_core( mbedtls_x509_crt *crt,
} }
} }
int extensions_allowed = 1;
#if !defined(MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3) #if !defined(MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3)
if( crt->version == 3 ) if( crt->version != 3 )
extensions_allowed = 0;
#endif #endif
if( extensions_allowed )
{ {
ret = x509_get_crt_ext( &p, end, crt, cb, p_ctx ); ret = x509_get_crt_ext( &p, end, crt, cb, p_ctx );
if( ret != 0 ) if( ret != 0 )
@ -1668,9 +1664,23 @@ cleanup:
} }
else if( stat( entry_name, &sb ) == -1 ) else if( stat( entry_name, &sb ) == -1 )
{ {
if( errno == ENOENT )
{
/* Broken symbolic link - ignore this entry.
stat(2) will return this error for either (a) a dangling
symlink or (b) a missing file.
Given that we have just obtained the filename from readdir,
assume that it does exist and therefore treat this as a
dangling symlink. */
continue;
}
else
{
/* Some other file error; report the error. */
ret = MBEDTLS_ERR_X509_FILE_IO_ERROR; ret = MBEDTLS_ERR_X509_FILE_IO_ERROR;
goto cleanup; goto cleanup;
} }
}
if( !S_ISREG( sb.st_mode ) ) if( !S_ISREG( sb.st_mode ) )
continue; continue;
@ -1798,6 +1808,7 @@ static int x509_info_subject_alt_name( char **buf, size_t *size,
const char *prefix ) const char *prefix )
{ {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t i;
size_t n = *size; size_t n = *size;
char *p = *buf; char *p = *buf;
const mbedtls_x509_sequence *cur = subject_alt_name; const mbedtls_x509_sequence *cur = subject_alt_name;
@ -1850,18 +1861,11 @@ static int x509_info_subject_alt_name( char **buf, size_t *size,
ret = mbedtls_snprintf( p, n, "\n%s hardware serial number : ", prefix ); ret = mbedtls_snprintf( p, n, "\n%s hardware serial number : ", prefix );
MBEDTLS_X509_SAFE_SNPRINTF; MBEDTLS_X509_SAFE_SNPRINTF;
if( other_name->value.hardware_module_name.val.len >= n ) for( i = 0; i < other_name->value.hardware_module_name.val.len; i++ )
{ {
*p = '\0'; ret = mbedtls_snprintf( p, n, "%02X", other_name->value.hardware_module_name.val.p[i] );
return( MBEDTLS_ERR_X509_BUFFER_TOO_SMALL ); MBEDTLS_X509_SAFE_SNPRINTF;
} }
memcpy( p, other_name->value.hardware_module_name.val.p,
other_name->value.hardware_module_name.val.len );
p += other_name->value.hardware_module_name.val.len;
n -= other_name->value.hardware_module_name.val.len;
}/* MBEDTLS_OID_ON_HW_MODULE_NAME */ }/* MBEDTLS_OID_ON_HW_MODULE_NAME */
} }
break; break;

View file

@ -42,15 +42,7 @@
#include "mbedtls/pem.h" #include "mbedtls/pem.h"
#endif #endif
#if defined(MBEDTLS_PLATFORM_C)
#include "mbedtls/platform.h" #include "mbedtls/platform.h"
#else
#include <stdlib.h>
#include <stdio.h>
#define mbedtls_free free
#define mbedtls_calloc calloc
#define mbedtls_snprintf snprintf
#endif
#if defined(MBEDTLS_FS_IO) || defined(EFIX64) || defined(EFI32) #if defined(MBEDTLS_FS_IO) || defined(EFIX64) || defined(EFI32)
#include <stdio.h> #include <stdio.h>

View file

@ -44,13 +44,7 @@
#include "mbedtls/pem.h" #include "mbedtls/pem.h"
#endif #endif
#if defined(MBEDTLS_PLATFORM_C)
#include "mbedtls/platform.h" #include "mbedtls/platform.h"
#else
#include <stdlib.h>
#define mbedtls_calloc calloc
#define mbedtls_free free
#endif
void mbedtls_x509write_csr_init( mbedtls_x509write_csr *ctx ) void mbedtls_x509write_csr_init( mbedtls_x509write_csr *ctx )
{ {

View file

@ -1,5 +1,5 @@
/* /*
* An 32-bit implementation of the XTEA algorithm * A 32-bit implementation of the XTEA algorithm
* *
* Copyright The Mbed TLS Contributors * Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 * SPDX-License-Identifier: Apache-2.0
@ -26,14 +26,7 @@
#include <string.h> #include <string.h>
#if defined(MBEDTLS_SELF_TEST)
#if defined(MBEDTLS_PLATFORM_C)
#include "mbedtls/platform.h" #include "mbedtls/platform.h"
#else
#include <stdio.h>
#define mbedtls_printf printf
#endif /* MBEDTLS_PLATFORM_C */
#endif /* MBEDTLS_SELF_TEST */
#if !defined(MBEDTLS_XTEA_ALT) #if !defined(MBEDTLS_XTEA_ALT)

View file

@ -1,8 +1,8 @@
diff --git a/library/entropy_poll.c b/library/entropy_poll.c diff --git a/thirdparty/mbedtls/library/entropy_poll.c b/thirdparty/mbedtls/library/entropy_poll.c
index 4556f88a5..ba56b70f7 100644 index a858c1892b..69ac29e4f7 100644
--- a/library/entropy_poll.c --- a/thirdparty/mbedtls/library/entropy_poll.c
+++ b/library/entropy_poll.c +++ b/thirdparty/mbedtls/library/entropy_poll.c
@@ -61,28 +61,43 @@ @@ -54,28 +54,43 @@
#define _WIN32_WINNT 0x0400 #define _WIN32_WINNT 0x0400
#endif #endif
#include <windows.h> #include <windows.h>
@ -53,12 +53,12 @@ index 4556f88a5..ba56b70f7 100644
*olen = len; *olen = len;
return( 0 ); return( 0 );
diff --git a/library/x509_crt.c b/library/x509_crt.c diff --git a/thirdparty/mbedtls/library/x509_crt.c b/thirdparty/mbedtls/library/x509_crt.c
index 76558342e..35a134950 100644 index def1414eca..4361f43ed0 100644
--- a/library/x509_crt.c --- a/thirdparty/mbedtls/library/x509_crt.c
+++ b/library/x509_crt.c +++ b/thirdparty/mbedtls/library/x509_crt.c
@@ -65,6 +65,19 @@ @@ -58,6 +58,19 @@
#if defined(MBEDTLS_HAVE_TIME)
#if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32) #if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
#include <windows.h> #include <windows.h>
+#if defined(_MSC_VER) && _MSC_VER <= 1600 +#if defined(_MSC_VER) && _MSC_VER <= 1600
@ -77,7 +77,7 @@ index 76558342e..35a134950 100644
#else #else
#include <time.h> #include <time.h>
#endif #endif
@@ -1278,6 +1291,7 @@ int mbedtls_x509_crt_parse_path( mbedtls_x509_crt *chain, const char *path ) @@ -1549,6 +1562,7 @@ int mbedtls_x509_crt_parse_path( mbedtls_x509_crt *chain, const char *path )
char filename[MAX_PATH]; char filename[MAX_PATH];
char *p; char *p;
size_t len = strlen( path ); size_t len = strlen( path );
@ -85,7 +85,7 @@ index 76558342e..35a134950 100644
WIN32_FIND_DATAW file_data; WIN32_FIND_DATAW file_data;
HANDLE hFind; HANDLE hFind;
@@ -1292,7 +1306,18 @@ int mbedtls_x509_crt_parse_path( mbedtls_x509_crt *chain, const char *path ) @@ -1563,7 +1577,18 @@ int mbedtls_x509_crt_parse_path( mbedtls_x509_crt *chain, const char *path )
p = filename + len; p = filename + len;
filename[len++] = '*'; filename[len++] = '*';
@ -105,7 +105,7 @@ index 76558342e..35a134950 100644
MAX_PATH - 3 ); MAX_PATH - 3 );
if( w_ret == 0 ) if( w_ret == 0 )
return( MBEDTLS_ERR_X509_BAD_INPUT_DATA ); return( MBEDTLS_ERR_X509_BAD_INPUT_DATA );
@@ -1309,8 +1334,11 @@ int mbedtls_x509_crt_parse_path( mbedtls_x509_crt *chain, const char *path ) @@ -1580,8 +1605,11 @@ int mbedtls_x509_crt_parse_path( mbedtls_x509_crt *chain, const char *path )
if( file_data.dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY ) if( file_data.dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY )
continue; continue;

View file

@ -0,0 +1,16 @@
diff --git a/thirdparty/mbedtls/library/timing.c b/thirdparty/mbedtls/library/timing.c
index 6c14a4fd01..151292e325 100644
--- a/thirdparty/mbedtls/library/timing.c
+++ b/thirdparty/mbedtls/library/timing.c
@@ -190,8 +190,10 @@ unsigned long mbedtls_timing_hardclock( void )
#endif /* !HAVE_HARDCLOCK && MBEDTLS_HAVE_ASM &&
__GNUC__ && __ia64__ */
-#if !defined(HAVE_HARDCLOCK) && defined(_MSC_VER) && \
+// -- GODOT start --
+#if !defined(HAVE_HARDCLOCK) && defined(_WIN32) && \
!defined(EFIX64) && !defined(EFI32)
+// -- GODOT end --
#define HAVE_HARDCLOCK