Bump mbedtls to version 2.18.1, update LICENSE.
Keep applying windows entropy patch. Update thirdparty/README with correct version information.
This commit is contained in:
parent
73a67f9309
commit
9403a68853
32 changed files with 638 additions and 316 deletions
6
thirdparty/README.md
vendored
6
thirdparty/README.md
vendored
|
@ -328,15 +328,15 @@ Files extracted from upstream source:
|
|||
|
||||
## mbedtls
|
||||
|
||||
- Upstream: https://tls.mbed.org/
|
||||
- Version: 2.16.12 (cf4667126010c665341f9e50ef691b7ef8294188, 2021)
|
||||
- Upstream: https://github.com/Mbed-TLS/mbedtls
|
||||
- Version: 2.18.1 (dd79db10014d85b26d11fe57218431f2e5ede6f2, 2022)
|
||||
- License: Apache 2.0
|
||||
|
||||
File extracted from upstream release tarball:
|
||||
|
||||
- All `*.h` from `include/mbedtls/` to `thirdparty/mbedtls/include/mbedtls/` except `config_psa.h` and `psa_util.h`.
|
||||
- All `*.c` and `*.h` from `library/` to `thirdparty/mbedtls/library/` except those starting with `psa_*`.
|
||||
- `LICENSE` and `apache-2.0.txt` files.
|
||||
- The `LICENSE` file.
|
||||
- Applied the patch in `patches/1453.diff` (upstream PR:
|
||||
https://github.com/ARMmbed/mbedtls/pull/1453).
|
||||
- Added 2 files `godot_core_mbedtls_platform.c` and `godot_core_mbedtls_config.h`
|
||||
|
|
205
thirdparty/mbedtls/LICENSE
vendored
205
thirdparty/mbedtls/LICENSE
vendored
|
@ -1,5 +1,202 @@
|
|||
Unless specifically indicated otherwise in a file, Mbed TLS files are provided
|
||||
under the Apache License 2.0, or the GNU General Public License v2.0 or later
|
||||
(SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later).
|
||||
|
||||
A copy of these licenses can be found in apache-2.0.txt and gpl-2.0.txt
|
||||
Apache License
|
||||
Version 2.0, January 2004
|
||||
http://www.apache.org/licenses/
|
||||
|
||||
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
|
||||
|
||||
1. Definitions.
|
||||
|
||||
"License" shall mean the terms and conditions for use, reproduction,
|
||||
and distribution as defined by Sections 1 through 9 of this document.
|
||||
|
||||
"Licensor" shall mean the copyright owner or entity authorized by
|
||||
the copyright owner that is granting the License.
|
||||
|
||||
"Legal Entity" shall mean the union of the acting entity and all
|
||||
other entities that control, are controlled by, or are under common
|
||||
control with that entity. For the purposes of this definition,
|
||||
"control" means (i) the power, direct or indirect, to cause the
|
||||
direction or management of such entity, whether by contract or
|
||||
otherwise, or (ii) ownership of fifty percent (50%) or more of the
|
||||
outstanding shares, or (iii) beneficial ownership of such entity.
|
||||
|
||||
"You" (or "Your") shall mean an individual or Legal Entity
|
||||
exercising permissions granted by this License.
|
||||
|
||||
"Source" form shall mean the preferred form for making modifications,
|
||||
including but not limited to software source code, documentation
|
||||
source, and configuration files.
|
||||
|
||||
"Object" form shall mean any form resulting from mechanical
|
||||
transformation or translation of a Source form, including but
|
||||
not limited to compiled object code, generated documentation,
|
||||
and conversions to other media types.
|
||||
|
||||
"Work" shall mean the work of authorship, whether in Source or
|
||||
Object form, made available under the License, as indicated by a
|
||||
copyright notice that is included in or attached to the work
|
||||
(an example is provided in the Appendix below).
|
||||
|
||||
"Derivative Works" shall mean any work, whether in Source or Object
|
||||
form, that is based on (or derived from) the Work and for which the
|
||||
editorial revisions, annotations, elaborations, or other modifications
|
||||
represent, as a whole, an original work of authorship. For the purposes
|
||||
of this License, Derivative Works shall not include works that remain
|
||||
separable from, or merely link (or bind by name) to the interfaces of,
|
||||
the Work and Derivative Works thereof.
|
||||
|
||||
"Contribution" shall mean any work of authorship, including
|
||||
the original version of the Work and any modifications or additions
|
||||
to that Work or Derivative Works thereof, that is intentionally
|
||||
submitted to Licensor for inclusion in the Work by the copyright owner
|
||||
or by an individual or Legal Entity authorized to submit on behalf of
|
||||
the copyright owner. For the purposes of this definition, "submitted"
|
||||
means any form of electronic, verbal, or written communication sent
|
||||
to the Licensor or its representatives, including but not limited to
|
||||
communication on electronic mailing lists, source code control systems,
|
||||
and issue tracking systems that are managed by, or on behalf of, the
|
||||
Licensor for the purpose of discussing and improving the Work, but
|
||||
excluding communication that is conspicuously marked or otherwise
|
||||
designated in writing by the copyright owner as "Not a Contribution."
|
||||
|
||||
"Contributor" shall mean Licensor and any individual or Legal Entity
|
||||
on behalf of whom a Contribution has been received by Licensor and
|
||||
subsequently incorporated within the Work.
|
||||
|
||||
2. Grant of Copyright License. Subject to the terms and conditions of
|
||||
this License, each Contributor hereby grants to You a perpetual,
|
||||
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
|
||||
copyright license to reproduce, prepare Derivative Works of,
|
||||
publicly display, publicly perform, sublicense, and distribute the
|
||||
Work and such Derivative Works in Source or Object form.
|
||||
|
||||
3. Grant of Patent License. Subject to the terms and conditions of
|
||||
this License, each Contributor hereby grants to You a perpetual,
|
||||
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
|
||||
(except as stated in this section) patent license to make, have made,
|
||||
use, offer to sell, sell, import, and otherwise transfer the Work,
|
||||
where such license applies only to those patent claims licensable
|
||||
by such Contributor that are necessarily infringed by their
|
||||
Contribution(s) alone or by combination of their Contribution(s)
|
||||
with the Work to which such Contribution(s) was submitted. If You
|
||||
institute patent litigation against any entity (including a
|
||||
cross-claim or counterclaim in a lawsuit) alleging that the Work
|
||||
or a Contribution incorporated within the Work constitutes direct
|
||||
or contributory patent infringement, then any patent licenses
|
||||
granted to You under this License for that Work shall terminate
|
||||
as of the date such litigation is filed.
|
||||
|
||||
4. Redistribution. You may reproduce and distribute copies of the
|
||||
Work or Derivative Works thereof in any medium, with or without
|
||||
modifications, and in Source or Object form, provided that You
|
||||
meet the following conditions:
|
||||
|
||||
(a) You must give any other recipients of the Work or
|
||||
Derivative Works a copy of this License; and
|
||||
|
||||
(b) You must cause any modified files to carry prominent notices
|
||||
stating that You changed the files; and
|
||||
|
||||
(c) You must retain, in the Source form of any Derivative Works
|
||||
that You distribute, all copyright, patent, trademark, and
|
||||
attribution notices from the Source form of the Work,
|
||||
excluding those notices that do not pertain to any part of
|
||||
the Derivative Works; and
|
||||
|
||||
(d) If the Work includes a "NOTICE" text file as part of its
|
||||
distribution, then any Derivative Works that You distribute must
|
||||
include a readable copy of the attribution notices contained
|
||||
within such NOTICE file, excluding those notices that do not
|
||||
pertain to any part of the Derivative Works, in at least one
|
||||
of the following places: within a NOTICE text file distributed
|
||||
as part of the Derivative Works; within the Source form or
|
||||
documentation, if provided along with the Derivative Works; or,
|
||||
within a display generated by the Derivative Works, if and
|
||||
wherever such third-party notices normally appear. The contents
|
||||
of the NOTICE file are for informational purposes only and
|
||||
do not modify the License. You may add Your own attribution
|
||||
notices within Derivative Works that You distribute, alongside
|
||||
or as an addendum to the NOTICE text from the Work, provided
|
||||
that such additional attribution notices cannot be construed
|
||||
as modifying the License.
|
||||
|
||||
You may add Your own copyright statement to Your modifications and
|
||||
may provide additional or different license terms and conditions
|
||||
for use, reproduction, or distribution of Your modifications, or
|
||||
for any such Derivative Works as a whole, provided Your use,
|
||||
reproduction, and distribution of the Work otherwise complies with
|
||||
the conditions stated in this License.
|
||||
|
||||
5. Submission of Contributions. Unless You explicitly state otherwise,
|
||||
any Contribution intentionally submitted for inclusion in the Work
|
||||
by You to the Licensor shall be under the terms and conditions of
|
||||
this License, without any additional terms or conditions.
|
||||
Notwithstanding the above, nothing herein shall supersede or modify
|
||||
the terms of any separate license agreement you may have executed
|
||||
with Licensor regarding such Contributions.
|
||||
|
||||
6. Trademarks. This License does not grant permission to use the trade
|
||||
names, trademarks, service marks, or product names of the Licensor,
|
||||
except as required for reasonable and customary use in describing the
|
||||
origin of the Work and reproducing the content of the NOTICE file.
|
||||
|
||||
7. Disclaimer of Warranty. Unless required by applicable law or
|
||||
agreed to in writing, Licensor provides the Work (and each
|
||||
Contributor provides its Contributions) on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
|
||||
implied, including, without limitation, any warranties or conditions
|
||||
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
|
||||
PARTICULAR PURPOSE. You are solely responsible for determining the
|
||||
appropriateness of using or redistributing the Work and assume any
|
||||
risks associated with Your exercise of permissions under this License.
|
||||
|
||||
8. Limitation of Liability. In no event and under no legal theory,
|
||||
whether in tort (including negligence), contract, or otherwise,
|
||||
unless required by applicable law (such as deliberate and grossly
|
||||
negligent acts) or agreed to in writing, shall any Contributor be
|
||||
liable to You for damages, including any direct, indirect, special,
|
||||
incidental, or consequential damages of any character arising as a
|
||||
result of this License or out of the use or inability to use the
|
||||
Work (including but not limited to damages for loss of goodwill,
|
||||
work stoppage, computer failure or malfunction, or any and all
|
||||
other commercial damages or losses), even if such Contributor
|
||||
has been advised of the possibility of such damages.
|
||||
|
||||
9. Accepting Warranty or Additional Liability. While redistributing
|
||||
the Work or Derivative Works thereof, You may choose to offer,
|
||||
and charge a fee for, acceptance of support, warranty, indemnity,
|
||||
or other liability obligations and/or rights consistent with this
|
||||
License. However, in accepting such obligations, You may act only
|
||||
on Your own behalf and on Your sole responsibility, not on behalf
|
||||
of any other Contributor, and only if You agree to indemnify,
|
||||
defend, and hold each Contributor harmless for any liability
|
||||
incurred by, or claims asserted against, such Contributor by reason
|
||||
of your accepting any such warranty or additional liability.
|
||||
|
||||
END OF TERMS AND CONDITIONS
|
||||
|
||||
APPENDIX: How to apply the Apache License to your work.
|
||||
|
||||
To apply the Apache License to your work, attach the following
|
||||
boilerplate notice, with the fields enclosed by brackets "[]"
|
||||
replaced with your own identifying information. (Don't include
|
||||
the brackets!) The text should be enclosed in the appropriate
|
||||
comment syntax for the file format. We also recommend that a
|
||||
file or class name and description of purpose be included on the
|
||||
same "printed page" as the copyright notice for easier
|
||||
identification within third-party archives.
|
||||
|
||||
Copyright [yyyy] [name of copyright owner]
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
|
|
202
thirdparty/mbedtls/apache-2.0.txt
vendored
202
thirdparty/mbedtls/apache-2.0.txt
vendored
|
@ -1,202 +0,0 @@
|
|||
|
||||
Apache License
|
||||
Version 2.0, January 2004
|
||||
http://www.apache.org/licenses/
|
||||
|
||||
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
|
||||
|
||||
1. Definitions.
|
||||
|
||||
"License" shall mean the terms and conditions for use, reproduction,
|
||||
and distribution as defined by Sections 1 through 9 of this document.
|
||||
|
||||
"Licensor" shall mean the copyright owner or entity authorized by
|
||||
the copyright owner that is granting the License.
|
||||
|
||||
"Legal Entity" shall mean the union of the acting entity and all
|
||||
other entities that control, are controlled by, or are under common
|
||||
control with that entity. For the purposes of this definition,
|
||||
"control" means (i) the power, direct or indirect, to cause the
|
||||
direction or management of such entity, whether by contract or
|
||||
otherwise, or (ii) ownership of fifty percent (50%) or more of the
|
||||
outstanding shares, or (iii) beneficial ownership of such entity.
|
||||
|
||||
"You" (or "Your") shall mean an individual or Legal Entity
|
||||
exercising permissions granted by this License.
|
||||
|
||||
"Source" form shall mean the preferred form for making modifications,
|
||||
including but not limited to software source code, documentation
|
||||
source, and configuration files.
|
||||
|
||||
"Object" form shall mean any form resulting from mechanical
|
||||
transformation or translation of a Source form, including but
|
||||
not limited to compiled object code, generated documentation,
|
||||
and conversions to other media types.
|
||||
|
||||
"Work" shall mean the work of authorship, whether in Source or
|
||||
Object form, made available under the License, as indicated by a
|
||||
copyright notice that is included in or attached to the work
|
||||
(an example is provided in the Appendix below).
|
||||
|
||||
"Derivative Works" shall mean any work, whether in Source or Object
|
||||
form, that is based on (or derived from) the Work and for which the
|
||||
editorial revisions, annotations, elaborations, or other modifications
|
||||
represent, as a whole, an original work of authorship. For the purposes
|
||||
of this License, Derivative Works shall not include works that remain
|
||||
separable from, or merely link (or bind by name) to the interfaces of,
|
||||
the Work and Derivative Works thereof.
|
||||
|
||||
"Contribution" shall mean any work of authorship, including
|
||||
the original version of the Work and any modifications or additions
|
||||
to that Work or Derivative Works thereof, that is intentionally
|
||||
submitted to Licensor for inclusion in the Work by the copyright owner
|
||||
or by an individual or Legal Entity authorized to submit on behalf of
|
||||
the copyright owner. For the purposes of this definition, "submitted"
|
||||
means any form of electronic, verbal, or written communication sent
|
||||
to the Licensor or its representatives, including but not limited to
|
||||
communication on electronic mailing lists, source code control systems,
|
||||
and issue tracking systems that are managed by, or on behalf of, the
|
||||
Licensor for the purpose of discussing and improving the Work, but
|
||||
excluding communication that is conspicuously marked or otherwise
|
||||
designated in writing by the copyright owner as "Not a Contribution."
|
||||
|
||||
"Contributor" shall mean Licensor and any individual or Legal Entity
|
||||
on behalf of whom a Contribution has been received by Licensor and
|
||||
subsequently incorporated within the Work.
|
||||
|
||||
2. Grant of Copyright License. Subject to the terms and conditions of
|
||||
this License, each Contributor hereby grants to You a perpetual,
|
||||
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
|
||||
copyright license to reproduce, prepare Derivative Works of,
|
||||
publicly display, publicly perform, sublicense, and distribute the
|
||||
Work and such Derivative Works in Source or Object form.
|
||||
|
||||
3. Grant of Patent License. Subject to the terms and conditions of
|
||||
this License, each Contributor hereby grants to You a perpetual,
|
||||
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
|
||||
(except as stated in this section) patent license to make, have made,
|
||||
use, offer to sell, sell, import, and otherwise transfer the Work,
|
||||
where such license applies only to those patent claims licensable
|
||||
by such Contributor that are necessarily infringed by their
|
||||
Contribution(s) alone or by combination of their Contribution(s)
|
||||
with the Work to which such Contribution(s) was submitted. If You
|
||||
institute patent litigation against any entity (including a
|
||||
cross-claim or counterclaim in a lawsuit) alleging that the Work
|
||||
or a Contribution incorporated within the Work constitutes direct
|
||||
or contributory patent infringement, then any patent licenses
|
||||
granted to You under this License for that Work shall terminate
|
||||
as of the date such litigation is filed.
|
||||
|
||||
4. Redistribution. You may reproduce and distribute copies of the
|
||||
Work or Derivative Works thereof in any medium, with or without
|
||||
modifications, and in Source or Object form, provided that You
|
||||
meet the following conditions:
|
||||
|
||||
(a) You must give any other recipients of the Work or
|
||||
Derivative Works a copy of this License; and
|
||||
|
||||
(b) You must cause any modified files to carry prominent notices
|
||||
stating that You changed the files; and
|
||||
|
||||
(c) You must retain, in the Source form of any Derivative Works
|
||||
that You distribute, all copyright, patent, trademark, and
|
||||
attribution notices from the Source form of the Work,
|
||||
excluding those notices that do not pertain to any part of
|
||||
the Derivative Works; and
|
||||
|
||||
(d) If the Work includes a "NOTICE" text file as part of its
|
||||
distribution, then any Derivative Works that You distribute must
|
||||
include a readable copy of the attribution notices contained
|
||||
within such NOTICE file, excluding those notices that do not
|
||||
pertain to any part of the Derivative Works, in at least one
|
||||
of the following places: within a NOTICE text file distributed
|
||||
as part of the Derivative Works; within the Source form or
|
||||
documentation, if provided along with the Derivative Works; or,
|
||||
within a display generated by the Derivative Works, if and
|
||||
wherever such third-party notices normally appear. The contents
|
||||
of the NOTICE file are for informational purposes only and
|
||||
do not modify the License. You may add Your own attribution
|
||||
notices within Derivative Works that You distribute, alongside
|
||||
or as an addendum to the NOTICE text from the Work, provided
|
||||
that such additional attribution notices cannot be construed
|
||||
as modifying the License.
|
||||
|
||||
You may add Your own copyright statement to Your modifications and
|
||||
may provide additional or different license terms and conditions
|
||||
for use, reproduction, or distribution of Your modifications, or
|
||||
for any such Derivative Works as a whole, provided Your use,
|
||||
reproduction, and distribution of the Work otherwise complies with
|
||||
the conditions stated in this License.
|
||||
|
||||
5. Submission of Contributions. Unless You explicitly state otherwise,
|
||||
any Contribution intentionally submitted for inclusion in the Work
|
||||
by You to the Licensor shall be under the terms and conditions of
|
||||
this License, without any additional terms or conditions.
|
||||
Notwithstanding the above, nothing herein shall supersede or modify
|
||||
the terms of any separate license agreement you may have executed
|
||||
with Licensor regarding such Contributions.
|
||||
|
||||
6. Trademarks. This License does not grant permission to use the trade
|
||||
names, trademarks, service marks, or product names of the Licensor,
|
||||
except as required for reasonable and customary use in describing the
|
||||
origin of the Work and reproducing the content of the NOTICE file.
|
||||
|
||||
7. Disclaimer of Warranty. Unless required by applicable law or
|
||||
agreed to in writing, Licensor provides the Work (and each
|
||||
Contributor provides its Contributions) on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
|
||||
implied, including, without limitation, any warranties or conditions
|
||||
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
|
||||
PARTICULAR PURPOSE. You are solely responsible for determining the
|
||||
appropriateness of using or redistributing the Work and assume any
|
||||
risks associated with Your exercise of permissions under this License.
|
||||
|
||||
8. Limitation of Liability. In no event and under no legal theory,
|
||||
whether in tort (including negligence), contract, or otherwise,
|
||||
unless required by applicable law (such as deliberate and grossly
|
||||
negligent acts) or agreed to in writing, shall any Contributor be
|
||||
liable to You for damages, including any direct, indirect, special,
|
||||
incidental, or consequential damages of any character arising as a
|
||||
result of this License or out of the use or inability to use the
|
||||
Work (including but not limited to damages for loss of goodwill,
|
||||
work stoppage, computer failure or malfunction, or any and all
|
||||
other commercial damages or losses), even if such Contributor
|
||||
has been advised of the possibility of such damages.
|
||||
|
||||
9. Accepting Warranty or Additional Liability. While redistributing
|
||||
the Work or Derivative Works thereof, You may choose to offer,
|
||||
and charge a fee for, acceptance of support, warranty, indemnity,
|
||||
or other liability obligations and/or rights consistent with this
|
||||
License. However, in accepting such obligations, You may act only
|
||||
on Your own behalf and on Your sole responsibility, not on behalf
|
||||
of any other Contributor, and only if You agree to indemnify,
|
||||
defend, and hold each Contributor harmless for any liability
|
||||
incurred by, or claims asserted against, such Contributor by reason
|
||||
of your accepting any such warranty or additional liability.
|
||||
|
||||
END OF TERMS AND CONDITIONS
|
||||
|
||||
APPENDIX: How to apply the Apache License to your work.
|
||||
|
||||
To apply the Apache License to your work, attach the following
|
||||
boilerplate notice, with the fields enclosed by brackets "[]"
|
||||
replaced with your own identifying information. (Don't include
|
||||
the brackets!) The text should be enclosed in the appropriate
|
||||
comment syntax for the file format. We also recommend that a
|
||||
file or class name and description of purpose be included on the
|
||||
same "printed page" as the copyright notice for easier
|
||||
identification within third-party archives.
|
||||
|
||||
Copyright [yyyy] [name of copyright owner]
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
4
thirdparty/mbedtls/library/aes.c
vendored
4
thirdparty/mbedtls/library/aes.c
vendored
|
@ -1106,7 +1106,7 @@ typedef unsigned char mbedtls_be128[16];
|
|||
*
|
||||
* This function multiplies a field element by x in the polynomial field
|
||||
* representation. It uses 64-bit word operations to gain speed but compensates
|
||||
* for machine endianess and hence works correctly on both big and little
|
||||
* for machine endianness and hence works correctly on both big and little
|
||||
* endian machines.
|
||||
*/
|
||||
static void mbedtls_gf128mul_x_ble( unsigned char r[16],
|
||||
|
@ -1206,7 +1206,7 @@ int mbedtls_aes_crypt_xts( mbedtls_aes_xts_context *ctx,
|
|||
unsigned char *prev_output = output - 16;
|
||||
|
||||
/* Copy ciphertext bytes from the previous block to our output for each
|
||||
* byte of cyphertext we won't steal. At the same time, copy the
|
||||
* byte of ciphertext we won't steal. At the same time, copy the
|
||||
* remainder of the input for this final round (since the loop bounds
|
||||
* are the same). */
|
||||
for( i = 0; i < leftover; i++ )
|
||||
|
|
7
thirdparty/mbedtls/library/asn1write.c
vendored
7
thirdparty/mbedtls/library/asn1write.c
vendored
|
@ -133,6 +133,11 @@ int mbedtls_asn1_write_mpi( unsigned char **p, unsigned char *start, const mbedt
|
|||
//
|
||||
len = mbedtls_mpi_size( X );
|
||||
|
||||
/* DER represents 0 with a sign bit (0=nonnegative) and 7 value bits, not
|
||||
* as 0 digits. We need to end up with 020100, not with 0200. */
|
||||
if( len == 0 )
|
||||
len = 1;
|
||||
|
||||
if( *p < start || (size_t)( *p - start ) < len )
|
||||
return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
|
||||
|
||||
|
@ -472,7 +477,7 @@ mbedtls_asn1_named_data *mbedtls_asn1_store_named_data(
|
|||
cur->val.len = val_len;
|
||||
}
|
||||
|
||||
if( val != NULL )
|
||||
if( val != NULL && val_len != 0 )
|
||||
memcpy( cur->val.p, val, val_len );
|
||||
|
||||
return( cur );
|
||||
|
|
4
thirdparty/mbedtls/library/bignum.c
vendored
4
thirdparty/mbedtls/library/bignum.c
vendored
|
@ -1829,7 +1829,7 @@ int mbedtls_mpi_mod_int( mbedtls_mpi_uint *r, const mbedtls_mpi *A, mbedtls_mpi_
|
|||
/*
|
||||
* handle trivial cases
|
||||
*/
|
||||
if( b == 1 )
|
||||
if( b == 1 || A->n == 0 )
|
||||
{
|
||||
*r = 0;
|
||||
return( 0 );
|
||||
|
@ -2317,7 +2317,7 @@ int mbedtls_mpi_gcd( mbedtls_mpi *G, const mbedtls_mpi *A, const mbedtls_mpi *B
|
|||
* TA-TB is even so the division by 2 has an integer result.
|
||||
* Invariant (I) is preserved since any odd divisor of both TA and TB
|
||||
* also divides |TA-TB|/2, and any odd divisor of both TA and |TA-TB|/2
|
||||
* also divides TB, and any odd divisior of both TB and |TA-TB|/2 also
|
||||
* also divides TB, and any odd divisor of both TB and |TA-TB|/2 also
|
||||
* divides TA.
|
||||
*/
|
||||
if( mbedtls_mpi_cmp_mpi( &TA, &TB ) >= 0 )
|
||||
|
|
11
thirdparty/mbedtls/library/cipher.c
vendored
11
thirdparty/mbedtls/library/cipher.c
vendored
|
@ -386,6 +386,12 @@ int mbedtls_cipher_set_iv( mbedtls_cipher_context_t *ctx,
|
|||
#if defined(MBEDTLS_CHACHA20_C)
|
||||
if ( ctx->cipher_info->type == MBEDTLS_CIPHER_CHACHA20 )
|
||||
{
|
||||
/* Even though the actual_iv_size is overwritten with a correct value
|
||||
* of 12 from the cipher info, return an error to indicate that
|
||||
* the input iv_len is wrong. */
|
||||
if( iv_len != 12 )
|
||||
return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
|
||||
|
||||
if ( 0 != mbedtls_chacha20_starts( (mbedtls_chacha20_context*)ctx->cipher_ctx,
|
||||
iv,
|
||||
0U ) ) /* Initial counter value */
|
||||
|
@ -393,6 +399,11 @@ int mbedtls_cipher_set_iv( mbedtls_cipher_context_t *ctx,
|
|||
return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
|
||||
}
|
||||
}
|
||||
#if defined(MBEDTLS_CHACHAPOLY_C)
|
||||
if ( ctx->cipher_info->type == MBEDTLS_CIPHER_CHACHA20_POLY1305 &&
|
||||
iv_len != 12 )
|
||||
return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
|
||||
#endif
|
||||
#endif
|
||||
|
||||
if ( actual_iv_size != 0 )
|
||||
|
|
15
thirdparty/mbedtls/library/constant_time.c
vendored
15
thirdparty/mbedtls/library/constant_time.c
vendored
|
@ -489,6 +489,12 @@ int mbedtls_ct_hmac( mbedtls_md_context_t *ctx,
|
|||
MD_CHK( mbedtls_md_update( ctx, add_data, add_data_len ) );
|
||||
MD_CHK( mbedtls_md_update( ctx, data, min_data_len ) );
|
||||
|
||||
/* Fill the hash buffer in advance with something that is
|
||||
* not a valid hash (barring an attack on the hash and
|
||||
* deliberately-crafted input), in case the caller doesn't
|
||||
* check the return status properly. */
|
||||
memset( output, '!', hash_size );
|
||||
|
||||
/* For each possible length, compute the hash up to that point */
|
||||
for( offset = min_data_len; offset <= max_data_len; offset++ )
|
||||
{
|
||||
|
@ -533,6 +539,13 @@ cleanup:
|
|||
* about whether the assignment was made or not.
|
||||
* (Leaking information about the respective sizes of X and Y is ok however.)
|
||||
*/
|
||||
#if defined(_MSC_VER) && defined(_M_ARM64) && (_MSC_FULL_VER < 193131103)
|
||||
/*
|
||||
* MSVC miscompiles this function if it's inlined prior to Visual Studio 2022 version 17.1. See:
|
||||
* https://developercommunity.visualstudio.com/t/c-compiler-miscompiles-part-of-mbedtls-library-on/1646989
|
||||
*/
|
||||
__declspec(noinline)
|
||||
#endif
|
||||
int mbedtls_mpi_safe_cond_assign( mbedtls_mpi *X,
|
||||
const mbedtls_mpi *Y,
|
||||
unsigned char assign )
|
||||
|
@ -562,7 +575,7 @@ cleanup:
|
|||
/*
|
||||
* Conditionally swap X and Y, without leaking information
|
||||
* about whether the swap was made or not.
|
||||
* Here it is not ok to simply swap the pointers, which whould lead to
|
||||
* Here it is not ok to simply swap the pointers, which would lead to
|
||||
* different memory access patterns when X and Y are used afterwards.
|
||||
*/
|
||||
int mbedtls_mpi_safe_cond_swap( mbedtls_mpi *X,
|
||||
|
|
|
@ -221,6 +221,13 @@ void mbedtls_ct_memcpy_if_eq( unsigned char *dest,
|
|||
* offset_secret, but only on \p offset_min, \p offset_max and \p len.
|
||||
* Functionally equivalent to `memcpy(dst, src + offset_secret, len)`.
|
||||
*
|
||||
* \note This function reads from \p dest, but the value that
|
||||
* is read does not influence the result and this
|
||||
* function's behavior is well-defined regardless of the
|
||||
* contents of the buffers. This may result in false
|
||||
* positives from static or dynamic analyzers, especially
|
||||
* if \p dest is not initialized.
|
||||
*
|
||||
* \param dest The destination buffer. This must point to a writable
|
||||
* buffer of at least \p len bytes.
|
||||
* \param src The base of the source buffer. This must point to a
|
||||
|
|
6
thirdparty/mbedtls/library/ctr_drbg.c
vendored
6
thirdparty/mbedtls/library/ctr_drbg.c
vendored
|
@ -828,7 +828,7 @@ static int ctr_drbg_self_test_entropy( void *data, unsigned char *buf,
|
|||
return( 1 ); \
|
||||
}
|
||||
|
||||
#define SELF_TEST_OUPUT_DISCARD_LENGTH 64
|
||||
#define SELF_TEST_OUTPUT_DISCARD_LENGTH 64
|
||||
|
||||
/*
|
||||
* Checkup routine
|
||||
|
@ -854,7 +854,7 @@ int mbedtls_ctr_drbg_self_test( int verbose )
|
|||
(void *) entropy_source_pr,
|
||||
pers_pr, MBEDTLS_CTR_DRBG_KEYSIZE ) );
|
||||
mbedtls_ctr_drbg_set_prediction_resistance( &ctx, MBEDTLS_CTR_DRBG_PR_ON );
|
||||
CHK( mbedtls_ctr_drbg_random( &ctx, buf, SELF_TEST_OUPUT_DISCARD_LENGTH ) );
|
||||
CHK( mbedtls_ctr_drbg_random( &ctx, buf, SELF_TEST_OUTPUT_DISCARD_LENGTH ) );
|
||||
CHK( mbedtls_ctr_drbg_random( &ctx, buf, sizeof( result_pr ) ) );
|
||||
CHK( memcmp( buf, result_pr, sizeof( result_pr ) ) );
|
||||
|
||||
|
@ -879,7 +879,7 @@ int mbedtls_ctr_drbg_self_test( int verbose )
|
|||
(void *) entropy_source_nopr,
|
||||
pers_nopr, MBEDTLS_CTR_DRBG_KEYSIZE ) );
|
||||
CHK( mbedtls_ctr_drbg_reseed( &ctx, NULL, 0 ) );
|
||||
CHK( mbedtls_ctr_drbg_random( &ctx, buf, SELF_TEST_OUPUT_DISCARD_LENGTH ) );
|
||||
CHK( mbedtls_ctr_drbg_random( &ctx, buf, SELF_TEST_OUTPUT_DISCARD_LENGTH ) );
|
||||
CHK( mbedtls_ctr_drbg_random( &ctx, buf, sizeof( result_nopr ) ) );
|
||||
CHK( memcmp( buf, result_nopr, sizeof( result_nopr ) ) );
|
||||
|
||||
|
|
2
thirdparty/mbedtls/library/ecdh.c
vendored
2
thirdparty/mbedtls/library/ecdh.c
vendored
|
@ -399,7 +399,7 @@ static int ecdh_read_params_internal( mbedtls_ecdh_context_mbed *ctx,
|
|||
}
|
||||
|
||||
/*
|
||||
* Read the ServerKeyExhange parameters (RFC 4492)
|
||||
* Read the ServerKeyExchange parameters (RFC 4492)
|
||||
* struct {
|
||||
* ECParameters curve_params;
|
||||
* ECPoint public;
|
||||
|
|
2
thirdparty/mbedtls/library/ecjpake.c
vendored
2
thirdparty/mbedtls/library/ecjpake.c
vendored
|
@ -435,7 +435,7 @@ cleanup:
|
|||
|
||||
/*
|
||||
* Read a ECJPAKEKeyKPPairList (7.4.2.3) and check proofs
|
||||
* Ouputs: verified peer public keys Xa, Xb
|
||||
* Outputs: verified peer public keys Xa, Xb
|
||||
*/
|
||||
static int ecjpake_kkpp_read( const mbedtls_md_info_t *md_info,
|
||||
const mbedtls_ecp_group *grp,
|
||||
|
|
8
thirdparty/mbedtls/library/ecp.c
vendored
8
thirdparty/mbedtls/library/ecp.c
vendored
|
@ -1307,7 +1307,7 @@ cleanup:
|
|||
* For curves in short Weierstrass form, we do all the internal operations in
|
||||
* Jacobian coordinates.
|
||||
*
|
||||
* For multiplication, we'll use a comb method with coutermeasueres against
|
||||
* For multiplication, we'll use a comb method with countermeasures against
|
||||
* SPA, hence timing attacks.
|
||||
*/
|
||||
|
||||
|
@ -2251,7 +2251,7 @@ static unsigned char ecp_pick_window_size( const mbedtls_ecp_group *grp,
|
|||
* This function is mainly responsible for administrative work:
|
||||
* - managing the restart context if enabled
|
||||
* - managing the table of precomputed points (passed between the below two
|
||||
* functions): allocation, computation, ownership tranfer, freeing.
|
||||
* functions): allocation, computation, ownership transfer, freeing.
|
||||
*
|
||||
* It delegates the actual arithmetic work to:
|
||||
* ecp_precompute_comb() and ecp_mul_comb_with_precomp()
|
||||
|
@ -2422,7 +2422,7 @@ cleanup:
|
|||
/*
|
||||
* For Montgomery curves, we do all the internal arithmetic in projective
|
||||
* coordinates. Import/export of points uses only the x coordinates, which is
|
||||
* internaly represented as X / Z.
|
||||
* internally represented as X / Z.
|
||||
*
|
||||
* For scalar multiplication, we'll use a Montgomery ladder.
|
||||
*/
|
||||
|
@ -2592,7 +2592,7 @@ static int ecp_mul_mxz( mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
|
|||
MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &R->Z, 0 ) );
|
||||
mbedtls_mpi_free( &R->Y );
|
||||
|
||||
/* RP.X might be sligtly larger than P, so reduce it */
|
||||
/* RP.X might be slightly larger than P, so reduce it */
|
||||
MOD_ADD( RP.X );
|
||||
|
||||
/* Randomize coordinates of the starting point */
|
||||
|
|
2
thirdparty/mbedtls/library/ecp_curves.c
vendored
2
thirdparty/mbedtls/library/ecp_curves.c
vendored
|
@ -755,6 +755,8 @@ int mbedtls_ecp_group_load( mbedtls_ecp_group *grp, mbedtls_ecp_group_id id )
|
|||
ECP_VALIDATE_RET( grp != NULL );
|
||||
mbedtls_ecp_group_free( grp );
|
||||
|
||||
mbedtls_ecp_group_init( grp );
|
||||
|
||||
grp->id = id;
|
||||
|
||||
switch( id )
|
||||
|
|
|
@ -555,8 +555,8 @@ static void *buffer_alloc_calloc_mutexed( size_t n, size_t size )
|
|||
|
||||
static void buffer_alloc_free_mutexed( void *ptr )
|
||||
{
|
||||
/* We have to good option here, but corrupting the heap seems
|
||||
* worse than loosing memory. */
|
||||
/* We have no good option here, but corrupting the heap seems
|
||||
* worse than losing memory. */
|
||||
if( mbedtls_mutex_lock( &heap.mutex ) )
|
||||
return;
|
||||
buffer_alloc_free( ptr );
|
||||
|
|
2
thirdparty/mbedtls/library/mps_common.h
vendored
2
thirdparty/mbedtls/library/mps_common.h
vendored
|
@ -51,7 +51,7 @@
|
|||
* the function's behavior is entirely undefined.
|
||||
* In addition to state integrity, all MPS structures have a more refined
|
||||
* notion of abstract state that the API operates on. For example, all layers
|
||||
* have a notion of 'abtract read state' which indicates if incoming data has
|
||||
* have a notion of 'abstract read state' which indicates if incoming data has
|
||||
* been passed to the user, e.g. through mps_l2_read_start() for Layer 2
|
||||
* or mps_l3_read() in Layer 3. After such a call, it doesn't make sense to
|
||||
* call these reading functions again until the incoming data has been
|
||||
|
|
2
thirdparty/mbedtls/library/net_sockets.c
vendored
2
thirdparty/mbedtls/library/net_sockets.c
vendored
|
@ -107,7 +107,9 @@ static int wsa_init_done = 0;
|
|||
|
||||
#include <stdio.h>
|
||||
|
||||
#if defined(MBEDTLS_HAVE_TIME)
|
||||
#include <time.h>
|
||||
#endif
|
||||
|
||||
#include <stdint.h>
|
||||
|
||||
|
|
10
thirdparty/mbedtls/library/pkparse.c
vendored
10
thirdparty/mbedtls/library/pkparse.c
vendored
|
@ -474,7 +474,7 @@ static int pk_use_ecparams( const mbedtls_asn1_buf *params, mbedtls_ecp_group *g
|
|||
}
|
||||
|
||||
/*
|
||||
* grp may already be initilialized; if so, make sure IDs match
|
||||
* grp may already be initialized; if so, make sure IDs match
|
||||
*/
|
||||
if( grp->id != MBEDTLS_ECP_DP_NONE && grp->id != grp_id )
|
||||
return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT );
|
||||
|
@ -807,7 +807,7 @@ static int pk_parse_key_pkcs1_der( mbedtls_rsa_context *rsa,
|
|||
goto cleanup;
|
||||
|
||||
#else
|
||||
/* Verify existance of the CRT params */
|
||||
/* Verify existence of the CRT params */
|
||||
if( ( ret = asn1_get_nonzero_mpi( &p, end, &T ) ) != 0 ||
|
||||
( ret = asn1_get_nonzero_mpi( &p, end, &T ) ) != 0 ||
|
||||
( ret = asn1_get_nonzero_mpi( &p, end, &T ) ) != 0 )
|
||||
|
@ -1463,10 +1463,16 @@ int mbedtls_pk_parse_public_key( mbedtls_pk_context *ctx,
|
|||
{
|
||||
p = pem.buf;
|
||||
if( ( pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ) ) == NULL )
|
||||
{
|
||||
mbedtls_pem_free( &pem );
|
||||
return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG );
|
||||
}
|
||||
|
||||
if( ( ret = mbedtls_pk_setup( ctx, pk_info ) ) != 0 )
|
||||
{
|
||||
mbedtls_pem_free( &pem );
|
||||
return( ret );
|
||||
}
|
||||
|
||||
if ( ( ret = pk_get_rsapubkey( &p, p + pem.buflen, mbedtls_pk_rsa( *ctx ) ) ) != 0 )
|
||||
mbedtls_pk_free( ctx );
|
||||
|
|
4
thirdparty/mbedtls/library/rsa.c
vendored
4
thirdparty/mbedtls/library/rsa.c
vendored
|
@ -832,10 +832,10 @@ cleanup:
|
|||
* the more bits of the key can be recovered. See [3].
|
||||
*
|
||||
* Collecting n collisions with m bit long blinding value requires 2^(m-m/n)
|
||||
* observations on avarage.
|
||||
* observations on average.
|
||||
*
|
||||
* For example with 28 byte blinding to achieve 2 collisions the adversary has
|
||||
* to make 2^112 observations on avarage.
|
||||
* to make 2^112 observations on average.
|
||||
*
|
||||
* (With the currently (as of 2017 April) known best algorithms breaking 2048
|
||||
* bit RSA requires approximately as much time as trying out 2^112 random keys.
|
||||
|
|
|
@ -2181,6 +2181,7 @@ const int *mbedtls_ssl_list_ciphersuites( void )
|
|||
static int supported_ciphersuites[MAX_CIPHERSUITES];
|
||||
static int supported_init = 0;
|
||||
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ciphersuite_is_removed( const mbedtls_ssl_ciphersuite_t *cs_info )
|
||||
{
|
||||
(void)cs_info;
|
||||
|
|
111
thirdparty/mbedtls/library/ssl_cli.c
vendored
111
thirdparty/mbedtls/library/ssl_cli.c
vendored
|
@ -53,6 +53,7 @@
|
|||
#endif
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_conf_has_static_psk( mbedtls_ssl_config const *conf )
|
||||
{
|
||||
if( conf->psk_identity == NULL ||
|
||||
|
@ -73,6 +74,7 @@ static int ssl_conf_has_static_psk( mbedtls_ssl_config const *conf )
|
|||
}
|
||||
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_conf_has_static_raw_psk( mbedtls_ssl_config const *conf )
|
||||
{
|
||||
if( conf->psk_identity == NULL ||
|
||||
|
@ -91,6 +93,7 @@ static int ssl_conf_has_static_raw_psk( mbedtls_ssl_config const *conf )
|
|||
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
|
||||
|
||||
#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_write_hostname_ext( mbedtls_ssl_context *ssl,
|
||||
unsigned char *buf,
|
||||
const unsigned char *end,
|
||||
|
@ -161,6 +164,7 @@ static int ssl_write_hostname_ext( mbedtls_ssl_context *ssl,
|
|||
#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */
|
||||
|
||||
#if defined(MBEDTLS_SSL_RENEGOTIATION)
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_write_renegotiation_ext( mbedtls_ssl_context *ssl,
|
||||
unsigned char *buf,
|
||||
const unsigned char *end,
|
||||
|
@ -204,6 +208,7 @@ static int ssl_write_renegotiation_ext( mbedtls_ssl_context *ssl,
|
|||
*/
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_write_signature_algorithms_ext( mbedtls_ssl_context *ssl,
|
||||
unsigned char *buf,
|
||||
const unsigned char *end,
|
||||
|
@ -302,6 +307,7 @@ static int ssl_write_signature_algorithms_ext( mbedtls_ssl_context *ssl,
|
|||
|
||||
#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_write_supported_elliptic_curves_ext( mbedtls_ssl_context *ssl,
|
||||
unsigned char *buf,
|
||||
const unsigned char *end,
|
||||
|
@ -373,6 +379,7 @@ static int ssl_write_supported_elliptic_curves_ext( mbedtls_ssl_context *ssl,
|
|||
return( 0 );
|
||||
}
|
||||
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_write_supported_point_formats_ext( mbedtls_ssl_context *ssl,
|
||||
unsigned char *buf,
|
||||
const unsigned char *end,
|
||||
|
@ -404,6 +411,7 @@ static int ssl_write_supported_point_formats_ext( mbedtls_ssl_context *ssl,
|
|||
MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_write_ecjpake_kkpp_ext( mbedtls_ssl_context *ssl,
|
||||
unsigned char *buf,
|
||||
const unsigned char *end,
|
||||
|
@ -477,6 +485,7 @@ static int ssl_write_ecjpake_kkpp_ext( mbedtls_ssl_context *ssl,
|
|||
#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
|
||||
|
||||
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_write_cid_ext( mbedtls_ssl_context *ssl,
|
||||
unsigned char *buf,
|
||||
const unsigned char *end,
|
||||
|
@ -523,6 +532,7 @@ static int ssl_write_cid_ext( mbedtls_ssl_context *ssl,
|
|||
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
|
||||
|
||||
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_write_max_fragment_length_ext( mbedtls_ssl_context *ssl,
|
||||
unsigned char *buf,
|
||||
const unsigned char *end,
|
||||
|
@ -555,6 +565,7 @@ static int ssl_write_max_fragment_length_ext( mbedtls_ssl_context *ssl,
|
|||
#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
|
||||
|
||||
#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_write_truncated_hmac_ext( mbedtls_ssl_context *ssl,
|
||||
unsigned char *buf,
|
||||
const unsigned char *end,
|
||||
|
@ -585,6 +596,7 @@ static int ssl_write_truncated_hmac_ext( mbedtls_ssl_context *ssl,
|
|||
#endif /* MBEDTLS_SSL_TRUNCATED_HMAC */
|
||||
|
||||
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_write_encrypt_then_mac_ext( mbedtls_ssl_context *ssl,
|
||||
unsigned char *buf,
|
||||
const unsigned char *end,
|
||||
|
@ -616,6 +628,7 @@ static int ssl_write_encrypt_then_mac_ext( mbedtls_ssl_context *ssl,
|
|||
#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */
|
||||
|
||||
#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_write_extended_ms_ext( mbedtls_ssl_context *ssl,
|
||||
unsigned char *buf,
|
||||
const unsigned char *end,
|
||||
|
@ -647,6 +660,7 @@ static int ssl_write_extended_ms_ext( mbedtls_ssl_context *ssl,
|
|||
#endif /* MBEDTLS_SSL_EXTENDED_MASTER_SECRET */
|
||||
|
||||
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_write_session_ticket_ext( mbedtls_ssl_context *ssl,
|
||||
unsigned char *buf,
|
||||
const unsigned char *end,
|
||||
|
@ -689,6 +703,7 @@ static int ssl_write_session_ticket_ext( mbedtls_ssl_context *ssl,
|
|||
#endif /* MBEDTLS_SSL_SESSION_TICKETS */
|
||||
|
||||
#if defined(MBEDTLS_SSL_ALPN)
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_write_alpn_ext( mbedtls_ssl_context *ssl,
|
||||
unsigned char *buf,
|
||||
const unsigned char *end,
|
||||
|
@ -748,6 +763,7 @@ static int ssl_write_alpn_ext( mbedtls_ssl_context *ssl,
|
|||
#endif /* MBEDTLS_SSL_ALPN */
|
||||
|
||||
#if defined(MBEDTLS_SSL_DTLS_SRTP)
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_write_use_srtp_ext( mbedtls_ssl_context *ssl,
|
||||
unsigned char *buf,
|
||||
const unsigned char *end,
|
||||
|
@ -868,6 +884,7 @@ static int ssl_write_use_srtp_ext( mbedtls_ssl_context *ssl,
|
|||
/*
|
||||
* Generate random bytes for ClientHello
|
||||
*/
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_generate_random( mbedtls_ssl_context *ssl )
|
||||
{
|
||||
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
||||
|
@ -917,6 +934,7 @@ static int ssl_generate_random( mbedtls_ssl_context *ssl )
|
|||
*
|
||||
* \return 0 if valid, else 1
|
||||
*/
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_validate_ciphersuite(
|
||||
const mbedtls_ssl_ciphersuite_t * suite_info,
|
||||
const mbedtls_ssl_context * ssl,
|
||||
|
@ -960,6 +978,7 @@ static int ssl_validate_ciphersuite(
|
|||
return( 0 );
|
||||
}
|
||||
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_write_client_hello( mbedtls_ssl_context *ssl )
|
||||
{
|
||||
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
||||
|
@ -1450,6 +1469,7 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl )
|
|||
return( 0 );
|
||||
}
|
||||
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_parse_renegotiation_info( mbedtls_ssl_context *ssl,
|
||||
const unsigned char *buf,
|
||||
size_t len )
|
||||
|
@ -1494,6 +1514,7 @@ static int ssl_parse_renegotiation_info( mbedtls_ssl_context *ssl,
|
|||
}
|
||||
|
||||
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_parse_max_fragment_length_ext( mbedtls_ssl_context *ssl,
|
||||
const unsigned char *buf,
|
||||
size_t len )
|
||||
|
@ -1520,6 +1541,7 @@ static int ssl_parse_max_fragment_length_ext( mbedtls_ssl_context *ssl,
|
|||
#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
|
||||
|
||||
#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_parse_truncated_hmac_ext( mbedtls_ssl_context *ssl,
|
||||
const unsigned char *buf,
|
||||
size_t len )
|
||||
|
@ -1545,6 +1567,7 @@ static int ssl_parse_truncated_hmac_ext( mbedtls_ssl_context *ssl,
|
|||
#endif /* MBEDTLS_SSL_TRUNCATED_HMAC */
|
||||
|
||||
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_parse_cid_ext( mbedtls_ssl_context *ssl,
|
||||
const unsigned char *buf,
|
||||
size_t len )
|
||||
|
@ -1601,6 +1624,7 @@ static int ssl_parse_cid_ext( mbedtls_ssl_context *ssl,
|
|||
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
|
||||
|
||||
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_parse_encrypt_then_mac_ext( mbedtls_ssl_context *ssl,
|
||||
const unsigned char *buf,
|
||||
size_t len )
|
||||
|
@ -1627,6 +1651,7 @@ static int ssl_parse_encrypt_then_mac_ext( mbedtls_ssl_context *ssl,
|
|||
#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */
|
||||
|
||||
#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_parse_extended_ms_ext( mbedtls_ssl_context *ssl,
|
||||
const unsigned char *buf,
|
||||
size_t len )
|
||||
|
@ -1653,6 +1678,7 @@ static int ssl_parse_extended_ms_ext( mbedtls_ssl_context *ssl,
|
|||
#endif /* MBEDTLS_SSL_EXTENDED_MASTER_SECRET */
|
||||
|
||||
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_parse_session_ticket_ext( mbedtls_ssl_context *ssl,
|
||||
const unsigned char *buf,
|
||||
size_t len )
|
||||
|
@ -1679,6 +1705,7 @@ static int ssl_parse_session_ticket_ext( mbedtls_ssl_context *ssl,
|
|||
|
||||
#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_parse_supported_point_formats_ext( mbedtls_ssl_context *ssl,
|
||||
const unsigned char *buf,
|
||||
size_t len )
|
||||
|
@ -1724,6 +1751,7 @@ static int ssl_parse_supported_point_formats_ext( mbedtls_ssl_context *ssl,
|
|||
MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_parse_ecjpake_kkpp( mbedtls_ssl_context *ssl,
|
||||
const unsigned char *buf,
|
||||
size_t len )
|
||||
|
@ -1758,6 +1786,7 @@ static int ssl_parse_ecjpake_kkpp( mbedtls_ssl_context *ssl,
|
|||
#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
|
||||
|
||||
#if defined(MBEDTLS_SSL_ALPN)
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_parse_alpn_ext( mbedtls_ssl_context *ssl,
|
||||
const unsigned char *buf, size_t len )
|
||||
{
|
||||
|
@ -1828,6 +1857,7 @@ static int ssl_parse_alpn_ext( mbedtls_ssl_context *ssl,
|
|||
#endif /* MBEDTLS_SSL_ALPN */
|
||||
|
||||
#if defined(MBEDTLS_SSL_DTLS_SRTP)
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_parse_use_srtp_ext( mbedtls_ssl_context *ssl,
|
||||
const unsigned char *buf,
|
||||
size_t len )
|
||||
|
@ -1948,6 +1978,7 @@ static int ssl_parse_use_srtp_ext( mbedtls_ssl_context *ssl,
|
|||
* Parse HelloVerifyRequest. Only called after verifying the HS type.
|
||||
*/
|
||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_parse_hello_verify_request( mbedtls_ssl_context *ssl )
|
||||
{
|
||||
const unsigned char *p = ssl->in_msg + mbedtls_ssl_hs_hdr_len( ssl );
|
||||
|
@ -2031,6 +2062,7 @@ static int ssl_parse_hello_verify_request( mbedtls_ssl_context *ssl )
|
|||
}
|
||||
#endif /* MBEDTLS_SSL_PROTO_DTLS */
|
||||
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_parse_server_hello( mbedtls_ssl_context *ssl )
|
||||
{
|
||||
int ret, i;
|
||||
|
@ -2276,16 +2308,6 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl )
|
|||
else
|
||||
{
|
||||
ssl->state = MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC;
|
||||
|
||||
if( ( ret = mbedtls_ssl_derive_keys( ssl ) ) != 0 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_derive_keys", ret );
|
||||
mbedtls_ssl_send_alert_message(
|
||||
ssl,
|
||||
MBEDTLS_SSL_ALERT_LEVEL_FATAL,
|
||||
MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR );
|
||||
return( ret );
|
||||
}
|
||||
}
|
||||
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "%s session has been resumed",
|
||||
|
@ -2537,6 +2559,24 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl )
|
|||
}
|
||||
}
|
||||
|
||||
/*
|
||||
* mbedtls_ssl_derive_keys() has to be called after the parsing of the
|
||||
* extensions. It sets the transform data for the resumed session which in
|
||||
* case of DTLS includes the server CID extracted from the CID extension.
|
||||
*/
|
||||
if( ssl->handshake->resume )
|
||||
{
|
||||
if( ( ret = mbedtls_ssl_derive_keys( ssl ) ) != 0 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_derive_keys", ret );
|
||||
mbedtls_ssl_send_alert_message(
|
||||
ssl,
|
||||
MBEDTLS_SSL_ALERT_LEVEL_FATAL,
|
||||
MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR );
|
||||
return( ret );
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
* Renegotiation security checks
|
||||
*/
|
||||
|
@ -2591,6 +2631,7 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl )
|
|||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_parse_server_dh_params( mbedtls_ssl_context *ssl,
|
||||
unsigned char **p,
|
||||
unsigned char *end )
|
||||
|
@ -2637,6 +2678,7 @@ static int ssl_parse_server_dh_params( mbedtls_ssl_context *ssl,
|
|||
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_check_server_ecdh_params( const mbedtls_ssl_context *ssl )
|
||||
{
|
||||
const mbedtls_ecp_curve_info *curve_info;
|
||||
|
@ -2678,6 +2720,7 @@ static int ssl_check_server_ecdh_params( const mbedtls_ssl_context *ssl )
|
|||
#if defined(MBEDTLS_USE_PSA_CRYPTO) && \
|
||||
( defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) )
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_parse_server_ecdh_params_psa( mbedtls_ssl_context *ssl,
|
||||
unsigned char **p,
|
||||
unsigned char *end )
|
||||
|
@ -2703,6 +2746,10 @@ static int ssl_parse_server_ecdh_params_psa( mbedtls_ssl_context *ssl,
|
|||
tls_id <<= 8;
|
||||
tls_id |= *(*p)++;
|
||||
|
||||
/* Check it's a curve we offered */
|
||||
if( mbedtls_ssl_check_curve_tls_id( ssl, tls_id ) != 0 )
|
||||
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
|
||||
|
||||
/* Convert EC group to PSA key type. */
|
||||
if( ( handshake->ecdh_psa_type =
|
||||
mbedtls_psa_parse_tls_ecc_group( tls_id, &ecdh_bits ) ) == 0 )
|
||||
|
@ -2740,6 +2787,7 @@ static int ssl_parse_server_ecdh_params_psa( mbedtls_ssl_context *ssl,
|
|||
#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_parse_server_ecdh_params( mbedtls_ssl_context *ssl,
|
||||
unsigned char **p,
|
||||
unsigned char *end )
|
||||
|
@ -2779,6 +2827,7 @@ static int ssl_parse_server_ecdh_params( mbedtls_ssl_context *ssl,
|
|||
MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_parse_server_psk_hint( mbedtls_ssl_context *ssl,
|
||||
unsigned char **p,
|
||||
unsigned char *end )
|
||||
|
@ -2825,6 +2874,7 @@ static int ssl_parse_server_psk_hint( mbedtls_ssl_context *ssl,
|
|||
/*
|
||||
* Generate a pre-master secret and encrypt it with the server's RSA key
|
||||
*/
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_write_encrypted_pms( mbedtls_ssl_context *ssl,
|
||||
size_t offset, size_t *olen,
|
||||
size_t pms_offset )
|
||||
|
@ -2912,6 +2962,7 @@ static int ssl_write_encrypted_pms( mbedtls_ssl_context *ssl,
|
|||
#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_parse_signature_algorithm( mbedtls_ssl_context *ssl,
|
||||
unsigned char **p,
|
||||
unsigned char *end,
|
||||
|
@ -2978,6 +3029,7 @@ static int ssl_parse_signature_algorithm( mbedtls_ssl_context *ssl,
|
|||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_get_ecdh_params_from_cert( mbedtls_ssl_context *ssl )
|
||||
{
|
||||
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
||||
|
@ -2996,6 +3048,8 @@ static int ssl_get_ecdh_params_from_cert( mbedtls_ssl_context *ssl )
|
|||
peer_pk = &ssl->session_negotiate->peer_cert->pk;
|
||||
#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
|
||||
|
||||
/* This is a public key, so it can't be opaque, so can_do() is a good
|
||||
* enough check to ensure pk_ec() is safe to use below. */
|
||||
if( ! mbedtls_pk_can_do( peer_pk, MBEDTLS_PK_ECKEY ) )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "server key not ECDH capable" ) );
|
||||
|
@ -3029,6 +3083,7 @@ static int ssl_get_ecdh_params_from_cert( mbedtls_ssl_context *ssl )
|
|||
#endif /* MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) ||
|
||||
MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */
|
||||
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_parse_server_key_exchange( mbedtls_ssl_context *ssl )
|
||||
{
|
||||
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
||||
|
@ -3147,7 +3202,7 @@ start_processing:
|
|||
MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER );
|
||||
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
|
||||
}
|
||||
} /* FALLTROUGH */
|
||||
} /* FALLTHROUGH */
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) || \
|
||||
|
@ -3435,6 +3490,7 @@ exit:
|
|||
}
|
||||
|
||||
#if ! defined(MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED)
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_parse_certificate_request( mbedtls_ssl_context *ssl )
|
||||
{
|
||||
const mbedtls_ssl_ciphersuite_t *ciphersuite_info =
|
||||
|
@ -3453,6 +3509,7 @@ static int ssl_parse_certificate_request( mbedtls_ssl_context *ssl )
|
|||
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
|
||||
}
|
||||
#else /* MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED */
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_parse_certificate_request( mbedtls_ssl_context *ssl )
|
||||
{
|
||||
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
||||
|
@ -3624,6 +3681,7 @@ exit:
|
|||
}
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED */
|
||||
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_parse_server_hello_done( mbedtls_ssl_context *ssl )
|
||||
{
|
||||
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
||||
|
@ -3663,6 +3721,7 @@ static int ssl_parse_server_hello_done( mbedtls_ssl_context *ssl )
|
|||
return( 0 );
|
||||
}
|
||||
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_write_client_key_exchange( mbedtls_ssl_context *ssl )
|
||||
{
|
||||
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
||||
|
@ -3718,7 +3777,8 @@ static int ssl_write_client_key_exchange( mbedtls_ssl_context *ssl )
|
|||
if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_RSA ||
|
||||
ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA )
|
||||
{
|
||||
psa_status_t status;
|
||||
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
|
||||
psa_status_t destruction_status = PSA_ERROR_CORRUPTION_DETECTED;
|
||||
psa_key_attributes_t key_attributes;
|
||||
|
||||
mbedtls_ssl_handshake_params *handshake = ssl->handshake;
|
||||
|
@ -3761,13 +3821,19 @@ static int ssl_write_client_key_exchange( mbedtls_ssl_context *ssl )
|
|||
own_pubkey, sizeof( own_pubkey ),
|
||||
&own_pubkey_len );
|
||||
if( status != PSA_SUCCESS )
|
||||
{
|
||||
psa_destroy_key( handshake->ecdh_psa_privkey );
|
||||
handshake->ecdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;
|
||||
return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
|
||||
}
|
||||
|
||||
if( mbedtls_psa_tls_psa_ec_to_ecpoint( own_pubkey,
|
||||
own_pubkey_len,
|
||||
&own_pubkey_ecpoint,
|
||||
&own_pubkey_ecpoint_len ) != 0 )
|
||||
{
|
||||
psa_destroy_key( handshake->ecdh_psa_privkey );
|
||||
handshake->ecdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;
|
||||
return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
|
||||
}
|
||||
|
||||
|
@ -3787,13 +3853,12 @@ static int ssl_write_client_key_exchange( mbedtls_ssl_context *ssl )
|
|||
ssl->handshake->premaster,
|
||||
sizeof( ssl->handshake->premaster ),
|
||||
&ssl->handshake->pmslen );
|
||||
if( status != PSA_SUCCESS )
|
||||
return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
|
||||
|
||||
status = psa_destroy_key( handshake->ecdh_psa_privkey );
|
||||
if( status != PSA_SUCCESS )
|
||||
return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
|
||||
destruction_status = psa_destroy_key( handshake->ecdh_psa_privkey );
|
||||
handshake->ecdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;
|
||||
|
||||
if( status != PSA_SUCCESS || destruction_status != PSA_SUCCESS )
|
||||
return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
|
||||
}
|
||||
else
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO &&
|
||||
|
@ -3918,7 +3983,10 @@ ecdh_calc_secret:
|
|||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
/* Opaque PSKs are currently only supported for PSK-only suites. */
|
||||
if( ssl_conf_has_static_raw_psk( ssl->conf ) == 0 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "opaque PSK not supported with RSA-PSK" ) );
|
||||
return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
|
||||
}
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
|
||||
if( ( ret = ssl_write_encrypted_pms( ssl, header_len,
|
||||
|
@ -3933,7 +4001,10 @@ ecdh_calc_secret:
|
|||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
/* Opaque PSKs are currently only supported for PSK-only suites. */
|
||||
if( ssl_conf_has_static_raw_psk( ssl->conf ) == 0 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "opaque PSK not supported with DHE-PSK" ) );
|
||||
return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
|
||||
}
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
|
||||
/*
|
||||
|
@ -3970,7 +4041,10 @@ ecdh_calc_secret:
|
|||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
/* Opaque PSKs are currently only supported for PSK-only suites. */
|
||||
if( ssl_conf_has_static_raw_psk( ssl->conf ) == 0 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "opaque PSK not supported with ECDHE-PSK" ) );
|
||||
return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
|
||||
}
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
|
||||
/*
|
||||
|
@ -4080,6 +4154,7 @@ ecdh_calc_secret:
|
|||
}
|
||||
|
||||
#if !defined(MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED)
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_write_certificate_verify( mbedtls_ssl_context *ssl )
|
||||
{
|
||||
const mbedtls_ssl_ciphersuite_t *ciphersuite_info =
|
||||
|
@ -4105,6 +4180,7 @@ static int ssl_write_certificate_verify( mbedtls_ssl_context *ssl )
|
|||
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
|
||||
}
|
||||
#else /* !MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED */
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_write_certificate_verify( mbedtls_ssl_context *ssl )
|
||||
{
|
||||
int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
|
||||
|
@ -4277,6 +4353,7 @@ sign:
|
|||
#endif /* MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED */
|
||||
|
||||
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_parse_new_session_ticket( mbedtls_ssl_context *ssl )
|
||||
{
|
||||
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
||||
|
|
3
thirdparty/mbedtls/library/ssl_cookie.c
vendored
3
thirdparty/mbedtls/library/ssl_cookie.c
vendored
|
@ -63,7 +63,7 @@
|
|||
|
||||
/*
|
||||
* Cookies are formed of a 4-bytes timestamp (or serial number) and
|
||||
* an HMAC of timestemp and client ID.
|
||||
* an HMAC of timestamp and client ID.
|
||||
*/
|
||||
#define COOKIE_LEN ( 4 + COOKIE_HMAC_LEN )
|
||||
|
||||
|
@ -122,6 +122,7 @@ int mbedtls_ssl_cookie_setup( mbedtls_ssl_cookie_ctx *ctx,
|
|||
/*
|
||||
* Generate the HMAC part of a cookie
|
||||
*/
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_cookie_hmac( mbedtls_md_context_t *hmac_ctx,
|
||||
const unsigned char time[4],
|
||||
unsigned char **p, unsigned char *end,
|
||||
|
|
135
thirdparty/mbedtls/library/ssl_msg.c
vendored
135
thirdparty/mbedtls/library/ssl_msg.c
vendored
|
@ -91,6 +91,7 @@ int mbedtls_ssl_check_timer( mbedtls_ssl_context *ssl )
|
|||
}
|
||||
|
||||
#if defined(MBEDTLS_SSL_RECORD_CHECKING)
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_parse_record_header( mbedtls_ssl_context const *ssl,
|
||||
unsigned char *buf,
|
||||
size_t len,
|
||||
|
@ -165,11 +166,16 @@ exit:
|
|||
static void ssl_buffering_free_slot( mbedtls_ssl_context *ssl,
|
||||
uint8_t slot );
|
||||
static void ssl_free_buffered_record( mbedtls_ssl_context *ssl );
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_load_buffered_message( mbedtls_ssl_context *ssl );
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_load_buffered_record( mbedtls_ssl_context *ssl );
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_buffer_message( mbedtls_ssl_context *ssl );
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_buffer_future_record( mbedtls_ssl_context *ssl,
|
||||
mbedtls_record const *rec );
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_next_record_is_in_datagram( mbedtls_ssl_context *ssl );
|
||||
|
||||
static size_t ssl_get_maximum_datagram_size( mbedtls_ssl_context const *ssl )
|
||||
|
@ -187,6 +193,7 @@ static size_t ssl_get_maximum_datagram_size( mbedtls_ssl_context const *ssl )
|
|||
return( out_buf_len );
|
||||
}
|
||||
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_get_remaining_space_in_datagram( mbedtls_ssl_context const *ssl )
|
||||
{
|
||||
size_t const bytes_written = ssl->out_left;
|
||||
|
@ -203,6 +210,7 @@ static int ssl_get_remaining_space_in_datagram( mbedtls_ssl_context const *ssl )
|
|||
return( (int) ( mtu - bytes_written ) );
|
||||
}
|
||||
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_get_remaining_payload_in_datagram( mbedtls_ssl_context const *ssl )
|
||||
{
|
||||
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
||||
|
@ -254,6 +262,7 @@ static int ssl_get_remaining_payload_in_datagram( mbedtls_ssl_context const *ssl
|
|||
* Double the retransmit timeout value, within the allowed range,
|
||||
* returning -1 if the maximum value has already been reached.
|
||||
*/
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_double_retransmit_timeout( mbedtls_ssl_context *ssl )
|
||||
{
|
||||
uint32_t new_timeout;
|
||||
|
@ -353,6 +362,7 @@ static size_t ssl_compute_padding_length( size_t len,
|
|||
* - A negative error code if `max_len` didn't offer enough space
|
||||
* for the expansion.
|
||||
*/
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_build_inner_plaintext( unsigned char *content,
|
||||
size_t *content_size,
|
||||
size_t remaining,
|
||||
|
@ -380,6 +390,7 @@ static int ssl_build_inner_plaintext( unsigned char *content,
|
|||
|
||||
/* This function parses a (D)TLSInnerPlaintext structure.
|
||||
* See ssl_build_inner_plaintext() for details. */
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_parse_inner_plaintext( unsigned char const *content,
|
||||
size_t *content_size,
|
||||
uint8_t *rec_type )
|
||||
|
@ -474,6 +485,7 @@ static void ssl_extract_add_data_from_record( unsigned char* add_data,
|
|||
/*
|
||||
* SSLv3.0 MAC functions
|
||||
*/
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_mac( mbedtls_md_context_t *md_ctx,
|
||||
const unsigned char *secret,
|
||||
const unsigned char *buf, size_t len,
|
||||
|
@ -541,6 +553,7 @@ static int ssl_mac( mbedtls_md_context_t *md_ctx,
|
|||
#if defined(MBEDTLS_GCM_C) || \
|
||||
defined(MBEDTLS_CCM_C) || \
|
||||
defined(MBEDTLS_CHACHAPOLY_C)
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_transform_aead_dynamic_iv_is_explicit(
|
||||
mbedtls_ssl_transform const *transform )
|
||||
{
|
||||
|
@ -1245,7 +1258,7 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl,
|
|||
add_data, add_data_len );
|
||||
|
||||
/* Because of the check above, we know that there are
|
||||
* explicit_iv_len Bytes preceeding data, and taglen
|
||||
* explicit_iv_len Bytes preceding data, and taglen
|
||||
* bytes following data + data_len. This justifies
|
||||
* the debug message and the invocation of
|
||||
* mbedtls_cipher_auth_decrypt() below. */
|
||||
|
@ -1590,8 +1603,8 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl,
|
|||
#if defined(MBEDTLS_SSL_SOME_MODES_USE_MAC)
|
||||
if( auth_done == 0 )
|
||||
{
|
||||
unsigned char mac_expect[MBEDTLS_SSL_MAC_ADD];
|
||||
unsigned char mac_peer[MBEDTLS_SSL_MAC_ADD];
|
||||
unsigned char mac_expect[MBEDTLS_SSL_MAC_ADD] = { 0 };
|
||||
unsigned char mac_peer[MBEDTLS_SSL_MAC_ADD] = { 0 };
|
||||
|
||||
/* If the initial value of padlen was such that
|
||||
* data_len < maclen + padlen + 1, then padlen
|
||||
|
@ -1738,6 +1751,7 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl,
|
|||
/*
|
||||
* Compression/decompression functions
|
||||
*/
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_compress_buf( mbedtls_ssl_context *ssl )
|
||||
{
|
||||
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
||||
|
@ -1790,6 +1804,7 @@ static int ssl_compress_buf( mbedtls_ssl_context *ssl )
|
|||
return( 0 );
|
||||
}
|
||||
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_decompress_buf( mbedtls_ssl_context *ssl )
|
||||
{
|
||||
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
||||
|
@ -2149,6 +2164,7 @@ int mbedtls_ssl_flush_output( mbedtls_ssl_context *ssl )
|
|||
/*
|
||||
* Append current handshake message to current outgoing flight
|
||||
*/
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_flight_append( mbedtls_ssl_context *ssl )
|
||||
{
|
||||
mbedtls_ssl_flight_item *msg;
|
||||
|
@ -2215,6 +2231,7 @@ void mbedtls_ssl_flight_free( mbedtls_ssl_flight_item *flight )
|
|||
/*
|
||||
* Swap transform_out and out_ctr with the alternative ones
|
||||
*/
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_swap_epochs( mbedtls_ssl_context *ssl )
|
||||
{
|
||||
mbedtls_ssl_transform *tmp_transform;
|
||||
|
@ -2857,6 +2874,7 @@ int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl, uint8_t force_flush )
|
|||
|
||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_hs_is_proper_fragment( mbedtls_ssl_context *ssl )
|
||||
{
|
||||
if( ssl->in_msglen < ssl->in_hslen ||
|
||||
|
@ -2882,6 +2900,7 @@ static uint32_t ssl_get_hs_frag_off( mbedtls_ssl_context const *ssl )
|
|||
ssl->in_msg[8] );
|
||||
}
|
||||
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_check_hs_header( mbedtls_ssl_context const *ssl )
|
||||
{
|
||||
uint32_t msg_len, frag_off, frag_len;
|
||||
|
@ -2948,6 +2967,7 @@ static void ssl_bitmask_set( unsigned char *mask, size_t offset, size_t len )
|
|||
/*
|
||||
* Check that bitmask is full
|
||||
*/
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_bitmask_check( unsigned char *mask, size_t len )
|
||||
{
|
||||
size_t i;
|
||||
|
@ -3147,6 +3167,7 @@ static inline uint64_t ssl_load_six_bytes( unsigned char *buf )
|
|||
( (uint64_t) buf[5] ) );
|
||||
}
|
||||
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int mbedtls_ssl_dtls_record_replay_check( mbedtls_ssl_context *ssl, uint8_t *record_in_ctr )
|
||||
{
|
||||
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
||||
|
@ -3229,8 +3250,8 @@ void mbedtls_ssl_dtls_replay_update( mbedtls_ssl_context *ssl )
|
|||
|
||||
#if defined(MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE) && defined(MBEDTLS_SSL_SRV_C)
|
||||
/*
|
||||
* Without any SSL context, check if a datagram looks like a ClientHello with
|
||||
* a valid cookie, and if it doesn't, generate a HelloVerifyRequest message.
|
||||
* Check if a datagram looks like a ClientHello with a valid cookie,
|
||||
* and if it doesn't, generate a HelloVerifyRequest message.
|
||||
* Both input and output include full DTLS headers.
|
||||
*
|
||||
* - if cookie is valid, return 0
|
||||
|
@ -3239,10 +3260,10 @@ void mbedtls_ssl_dtls_replay_update( mbedtls_ssl_context *ssl )
|
|||
* return MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED
|
||||
* - otherwise return a specific error code
|
||||
*/
|
||||
static int ssl_check_dtls_clihlo_cookie(
|
||||
mbedtls_ssl_cookie_write_t *f_cookie_write,
|
||||
mbedtls_ssl_cookie_check_t *f_cookie_check,
|
||||
void *p_cookie,
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
MBEDTLS_STATIC_TESTABLE
|
||||
int mbedtls_ssl_check_dtls_clihlo_cookie(
|
||||
mbedtls_ssl_context *ssl,
|
||||
const unsigned char *cli_id, size_t cli_id_len,
|
||||
const unsigned char *in, size_t in_len,
|
||||
unsigned char *obuf, size_t buf_len, size_t *olen )
|
||||
|
@ -3276,26 +3297,53 @@ static int ssl_check_dtls_clihlo_cookie(
|
|||
*
|
||||
* Minimum length is 61 bytes.
|
||||
*/
|
||||
if( in_len < 61 ||
|
||||
in[0] != MBEDTLS_SSL_MSG_HANDSHAKE ||
|
||||
MBEDTLS_SSL_DEBUG_MSG( 4, ( "check cookie: in_len=%u",
|
||||
(unsigned) in_len ) );
|
||||
MBEDTLS_SSL_DEBUG_BUF( 4, "cli_id", cli_id, cli_id_len );
|
||||
if( in_len < 61 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 4, ( "check cookie: record too short" ) );
|
||||
return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
|
||||
}
|
||||
if( in[0] != MBEDTLS_SSL_MSG_HANDSHAKE ||
|
||||
in[3] != 0 || in[4] != 0 ||
|
||||
in[19] != 0 || in[20] != 0 || in[21] != 0 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 4, ( "check cookie: not a good ClientHello" ) );
|
||||
MBEDTLS_SSL_DEBUG_MSG( 4, ( " type=%u epoch=%u fragment_offset=%u",
|
||||
in[0],
|
||||
(unsigned) in[3] << 8 | in[4],
|
||||
(unsigned) in[19] << 16 | in[20] << 8 | in[21] ) );
|
||||
return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
|
||||
}
|
||||
|
||||
sid_len = in[59];
|
||||
if( sid_len > in_len - 61 )
|
||||
if( 59 + 1 + sid_len + 1 > in_len )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 4, ( "check cookie: sid_len=%u > %u",
|
||||
(unsigned) sid_len,
|
||||
(unsigned) in_len - 61 ) );
|
||||
return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
|
||||
}
|
||||
MBEDTLS_SSL_DEBUG_BUF( 4, "sid received from network",
|
||||
in + 60, sid_len );
|
||||
|
||||
cookie_len = in[60 + sid_len];
|
||||
if( cookie_len > in_len - 60 )
|
||||
return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
|
||||
|
||||
if( f_cookie_check( p_cookie, in + sid_len + 61, cookie_len,
|
||||
cli_id, cli_id_len ) == 0 )
|
||||
if( 59 + 1 + sid_len + 1 + cookie_len > in_len )
|
||||
{
|
||||
/* Valid cookie */
|
||||
MBEDTLS_SSL_DEBUG_MSG( 4, ( "check cookie: cookie_len=%u > %u",
|
||||
(unsigned) cookie_len,
|
||||
(unsigned) ( in_len - sid_len - 61 ) ) );
|
||||
return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
|
||||
}
|
||||
|
||||
MBEDTLS_SSL_DEBUG_BUF( 4, "cookie received from network",
|
||||
in + sid_len + 61, cookie_len );
|
||||
if( ssl->conf->f_cookie_check( ssl->conf->p_cookie,
|
||||
in + sid_len + 61, cookie_len,
|
||||
cli_id, cli_id_len ) == 0 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 4, ( "check cookie: valid" ) );
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
|
@ -3330,8 +3378,9 @@ static int ssl_check_dtls_clihlo_cookie(
|
|||
|
||||
/* Generate and write actual cookie */
|
||||
p = obuf + 28;
|
||||
if( f_cookie_write( p_cookie,
|
||||
&p, obuf + buf_len, cli_id, cli_id_len ) != 0 )
|
||||
if( ssl->conf->f_cookie_write( ssl->conf->p_cookie,
|
||||
&p, obuf + buf_len,
|
||||
cli_id, cli_id_len ) != 0 )
|
||||
{
|
||||
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
|
||||
}
|
||||
|
@ -3370,6 +3419,7 @@ static int ssl_check_dtls_clihlo_cookie(
|
|||
* includes the case of MBEDTLS_ERR_SSL_CLIENT_RECONNECT and of unexpected
|
||||
* errors, and is the right thing to do in both cases).
|
||||
*/
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_handle_possible_reconnect( mbedtls_ssl_context *ssl )
|
||||
{
|
||||
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
||||
|
@ -3385,15 +3435,13 @@ static int ssl_handle_possible_reconnect( mbedtls_ssl_context *ssl )
|
|||
return( 0 );
|
||||
}
|
||||
|
||||
ret = ssl_check_dtls_clihlo_cookie(
|
||||
ssl->conf->f_cookie_write,
|
||||
ssl->conf->f_cookie_check,
|
||||
ssl->conf->p_cookie,
|
||||
ret = mbedtls_ssl_check_dtls_clihlo_cookie(
|
||||
ssl,
|
||||
ssl->cli_id, ssl->cli_id_len,
|
||||
ssl->in_buf, ssl->in_left,
|
||||
ssl->out_buf, MBEDTLS_SSL_OUT_CONTENT_LEN, &len );
|
||||
|
||||
MBEDTLS_SSL_DEBUG_RET( 2, "ssl_check_dtls_clihlo_cookie", ret );
|
||||
MBEDTLS_SSL_DEBUG_RET( 2, "mbedtls_ssl_check_dtls_clihlo_cookie", ret );
|
||||
|
||||
if( ret == MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED )
|
||||
{
|
||||
|
@ -3427,6 +3475,7 @@ static int ssl_handle_possible_reconnect( mbedtls_ssl_context *ssl )
|
|||
}
|
||||
#endif /* MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE && MBEDTLS_SSL_SRV_C */
|
||||
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_check_record_type( uint8_t record_type )
|
||||
{
|
||||
if( record_type != MBEDTLS_SSL_MSG_HANDSHAKE &&
|
||||
|
@ -3459,6 +3508,7 @@ static int ssl_check_record_type( uint8_t record_type )
|
|||
* Point 2 is needed when the peer is resending, and we have already received
|
||||
* the first record from a datagram but are still waiting for the others.
|
||||
*/
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_parse_record_header( mbedtls_ssl_context const *ssl,
|
||||
unsigned char *buf,
|
||||
size_t len,
|
||||
|
@ -3571,7 +3621,6 @@ static int ssl_parse_record_header( mbedtls_ssl_context const *ssl,
|
|||
/*
|
||||
* Parse and validate record version
|
||||
*/
|
||||
|
||||
rec->ver[0] = buf[ rec_hdr_version_offset + 0 ];
|
||||
rec->ver[1] = buf[ rec_hdr_version_offset + 1 ];
|
||||
mbedtls_ssl_read_version( &major_ver, &minor_ver,
|
||||
|
@ -3580,16 +3629,19 @@ static int ssl_parse_record_header( mbedtls_ssl_context const *ssl,
|
|||
|
||||
if( major_ver != ssl->major_ver )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "major version mismatch" ) );
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "major version mismatch: got %u, expected %u",
|
||||
(unsigned) major_ver,
|
||||
(unsigned) ssl->major_ver ) );
|
||||
return( MBEDTLS_ERR_SSL_INVALID_RECORD );
|
||||
}
|
||||
|
||||
if( minor_ver > ssl->conf->max_minor_ver )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "minor version mismatch" ) );
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "minor version mismatch: got %u, expected max %u",
|
||||
(unsigned) minor_ver,
|
||||
(unsigned) ssl->conf->max_minor_ver ) );
|
||||
return( MBEDTLS_ERR_SSL_INVALID_RECORD );
|
||||
}
|
||||
|
||||
/*
|
||||
* Parse/Copy record sequence number.
|
||||
*/
|
||||
|
@ -3692,6 +3744,7 @@ static int ssl_parse_record_header( mbedtls_ssl_context const *ssl,
|
|||
|
||||
|
||||
#if defined(MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE) && defined(MBEDTLS_SSL_SRV_C)
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_check_client_reconnect( mbedtls_ssl_context *ssl )
|
||||
{
|
||||
unsigned int rec_epoch = ( ssl->in_ctr[0] << 8 ) | ssl->in_ctr[1];
|
||||
|
@ -3721,6 +3774,7 @@ static int ssl_check_client_reconnect( mbedtls_ssl_context *ssl )
|
|||
/*
|
||||
* If applicable, decrypt record content
|
||||
*/
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_prepare_record_content( mbedtls_ssl_context *ssl,
|
||||
mbedtls_record *rec )
|
||||
{
|
||||
|
@ -3854,7 +3908,7 @@ static int ssl_prepare_record_content( mbedtls_ssl_context *ssl,
|
|||
|
||||
/* Check actual (decrypted) record content length against
|
||||
* configured maximum. */
|
||||
if( ssl->in_msglen > MBEDTLS_SSL_IN_CONTENT_LEN )
|
||||
if( rec->data_len > MBEDTLS_SSL_IN_CONTENT_LEN )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad message length" ) );
|
||||
return( MBEDTLS_ERR_SSL_INVALID_RECORD );
|
||||
|
@ -3872,8 +3926,11 @@ static int ssl_prepare_record_content( mbedtls_ssl_context *ssl,
|
|||
*/
|
||||
|
||||
/* Helper functions for mbedtls_ssl_read_record(). */
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_consume_current_message( mbedtls_ssl_context *ssl );
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_get_next_record( mbedtls_ssl_context *ssl );
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_record_is_in_progress( mbedtls_ssl_context *ssl );
|
||||
|
||||
int mbedtls_ssl_read_record( mbedtls_ssl_context *ssl,
|
||||
|
@ -3961,6 +4018,7 @@ int mbedtls_ssl_read_record( mbedtls_ssl_context *ssl,
|
|||
}
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_next_record_is_in_datagram( mbedtls_ssl_context *ssl )
|
||||
{
|
||||
if( ssl->in_left > ssl->next_record_offset )
|
||||
|
@ -3969,6 +4027,7 @@ static int ssl_next_record_is_in_datagram( mbedtls_ssl_context *ssl )
|
|||
return( 0 );
|
||||
}
|
||||
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_load_buffered_message( mbedtls_ssl_context *ssl )
|
||||
{
|
||||
mbedtls_ssl_handshake_params * const hs = ssl->handshake;
|
||||
|
@ -4066,6 +4125,7 @@ exit:
|
|||
return( ret );
|
||||
}
|
||||
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_buffer_make_space( mbedtls_ssl_context *ssl,
|
||||
size_t desired )
|
||||
{
|
||||
|
@ -4108,6 +4168,7 @@ static int ssl_buffer_make_space( mbedtls_ssl_context *ssl,
|
|||
return( -1 );
|
||||
}
|
||||
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_buffer_message( mbedtls_ssl_context *ssl )
|
||||
{
|
||||
int ret = 0;
|
||||
|
@ -4312,6 +4373,7 @@ exit:
|
|||
}
|
||||
#endif /* MBEDTLS_SSL_PROTO_DTLS */
|
||||
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_consume_current_message( mbedtls_ssl_context *ssl )
|
||||
{
|
||||
/*
|
||||
|
@ -4399,6 +4461,7 @@ static int ssl_consume_current_message( mbedtls_ssl_context *ssl )
|
|||
return( 0 );
|
||||
}
|
||||
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_record_is_in_progress( mbedtls_ssl_context *ssl )
|
||||
{
|
||||
if( ssl->in_msglen > 0 )
|
||||
|
@ -4425,6 +4488,7 @@ static void ssl_free_buffered_record( mbedtls_ssl_context *ssl )
|
|||
}
|
||||
}
|
||||
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_load_buffered_record( mbedtls_ssl_context *ssl )
|
||||
{
|
||||
mbedtls_ssl_handshake_params * const hs = ssl->handshake;
|
||||
|
@ -4482,6 +4546,7 @@ exit:
|
|||
return( 0 );
|
||||
}
|
||||
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_buffer_future_record( mbedtls_ssl_context *ssl,
|
||||
mbedtls_record const *rec )
|
||||
{
|
||||
|
@ -4540,6 +4605,7 @@ static int ssl_buffer_future_record( mbedtls_ssl_context *ssl,
|
|||
|
||||
#endif /* MBEDTLS_SSL_PROTO_DTLS */
|
||||
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_get_next_record( mbedtls_ssl_context *ssl )
|
||||
{
|
||||
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
||||
|
@ -4918,6 +4984,9 @@ int mbedtls_ssl_send_alert_message( mbedtls_ssl_context *ssl,
|
|||
if( ssl == NULL || ssl->conf == NULL )
|
||||
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
|
||||
|
||||
if( ssl->out_left != 0 )
|
||||
return( mbedtls_ssl_flush_output( ssl ) );
|
||||
|
||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> send alert message" ) );
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "send alert level=%u message=%u", level, message ));
|
||||
|
||||
|
@ -5287,6 +5356,7 @@ int mbedtls_ssl_get_record_expansion( const mbedtls_ssl_context *ssl )
|
|||
/*
|
||||
* Check record counters and renegotiate if they're above the limit.
|
||||
*/
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_check_ctr_renegotiate( mbedtls_ssl_context *ssl )
|
||||
{
|
||||
size_t ep_len = mbedtls_ssl_ep_len( ssl );
|
||||
|
@ -5637,6 +5707,7 @@ int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len )
|
|||
* Therefore, it is possible that the input message length is 0 and the
|
||||
* corresponding return code is 0 on success.
|
||||
*/
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_write_real( mbedtls_ssl_context *ssl,
|
||||
const unsigned char *buf, size_t len )
|
||||
{
|
||||
|
@ -5708,6 +5779,7 @@ static int ssl_write_real( mbedtls_ssl_context *ssl,
|
|||
* remember whether we already did the split or not.
|
||||
*/
|
||||
#if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING)
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_write_split( mbedtls_ssl_context *ssl,
|
||||
const unsigned char *buf, size_t len )
|
||||
{
|
||||
|
@ -5790,9 +5862,6 @@ int mbedtls_ssl_close_notify( mbedtls_ssl_context *ssl )
|
|||
|
||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write close notify" ) );
|
||||
|
||||
if( ssl->out_left != 0 )
|
||||
return( mbedtls_ssl_flush_output( ssl ) );
|
||||
|
||||
if( ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER )
|
||||
{
|
||||
if( ( ret = mbedtls_ssl_send_alert_message( ssl,
|
||||
|
|
101
thirdparty/mbedtls/library/ssl_srv.c
vendored
101
thirdparty/mbedtls/library/ssl_srv.c
vendored
|
@ -78,6 +78,7 @@ void mbedtls_ssl_conf_dtls_cookies( mbedtls_ssl_config *conf,
|
|||
#endif /* MBEDTLS_SSL_DTLS_HELLO_VERIFY */
|
||||
|
||||
#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_parse_servername_ext( mbedtls_ssl_context *ssl,
|
||||
const unsigned char *buf,
|
||||
size_t len )
|
||||
|
@ -147,6 +148,7 @@ static int ssl_parse_servername_ext( mbedtls_ssl_context *ssl,
|
|||
#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_conf_has_psk_or_cb( mbedtls_ssl_config const *conf )
|
||||
{
|
||||
if( conf->f_psk != NULL )
|
||||
|
@ -167,6 +169,7 @@ static int ssl_conf_has_psk_or_cb( mbedtls_ssl_config const *conf )
|
|||
}
|
||||
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_use_opaque_psk( mbedtls_ssl_context const *ssl )
|
||||
{
|
||||
if( ssl->conf->f_psk != NULL )
|
||||
|
@ -188,6 +191,7 @@ static int ssl_use_opaque_psk( mbedtls_ssl_context const *ssl )
|
|||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
|
||||
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_parse_renegotiation_info( mbedtls_ssl_context *ssl,
|
||||
const unsigned char *buf,
|
||||
size_t len )
|
||||
|
@ -239,6 +243,7 @@ static int ssl_parse_renegotiation_info( mbedtls_ssl_context *ssl,
|
|||
* This needs to be done at a later stage.
|
||||
*
|
||||
*/
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_parse_signature_algorithms_ext( mbedtls_ssl_context *ssl,
|
||||
const unsigned char *buf,
|
||||
size_t len )
|
||||
|
@ -317,6 +322,7 @@ static int ssl_parse_signature_algorithms_ext( mbedtls_ssl_context *ssl,
|
|||
|
||||
#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_parse_supported_elliptic_curves( mbedtls_ssl_context *ssl,
|
||||
const unsigned char *buf,
|
||||
size_t len )
|
||||
|
@ -383,6 +389,7 @@ static int ssl_parse_supported_elliptic_curves( mbedtls_ssl_context *ssl,
|
|||
return( 0 );
|
||||
}
|
||||
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_parse_supported_point_formats( mbedtls_ssl_context *ssl,
|
||||
const unsigned char *buf,
|
||||
size_t len )
|
||||
|
@ -425,6 +432,7 @@ static int ssl_parse_supported_point_formats( mbedtls_ssl_context *ssl,
|
|||
MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_parse_ecjpake_kkpp( mbedtls_ssl_context *ssl,
|
||||
const unsigned char *buf,
|
||||
size_t len )
|
||||
|
@ -454,6 +462,7 @@ static int ssl_parse_ecjpake_kkpp( mbedtls_ssl_context *ssl,
|
|||
#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
|
||||
|
||||
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_parse_max_fragment_length_ext( mbedtls_ssl_context *ssl,
|
||||
const unsigned char *buf,
|
||||
size_t len )
|
||||
|
@ -473,6 +482,7 @@ static int ssl_parse_max_fragment_length_ext( mbedtls_ssl_context *ssl,
|
|||
#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
|
||||
|
||||
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_parse_cid_ext( mbedtls_ssl_context *ssl,
|
||||
const unsigned char *buf,
|
||||
size_t len )
|
||||
|
@ -545,6 +555,7 @@ static int ssl_parse_cid_ext( mbedtls_ssl_context *ssl,
|
|||
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
|
||||
|
||||
#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_parse_truncated_hmac_ext( mbedtls_ssl_context *ssl,
|
||||
const unsigned char *buf,
|
||||
size_t len )
|
||||
|
@ -567,6 +578,7 @@ static int ssl_parse_truncated_hmac_ext( mbedtls_ssl_context *ssl,
|
|||
#endif /* MBEDTLS_SSL_TRUNCATED_HMAC */
|
||||
|
||||
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_parse_encrypt_then_mac_ext( mbedtls_ssl_context *ssl,
|
||||
const unsigned char *buf,
|
||||
size_t len )
|
||||
|
@ -592,6 +604,7 @@ static int ssl_parse_encrypt_then_mac_ext( mbedtls_ssl_context *ssl,
|
|||
#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */
|
||||
|
||||
#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_parse_extended_ms_ext( mbedtls_ssl_context *ssl,
|
||||
const unsigned char *buf,
|
||||
size_t len )
|
||||
|
@ -617,6 +630,7 @@ static int ssl_parse_extended_ms_ext( mbedtls_ssl_context *ssl,
|
|||
#endif /* MBEDTLS_SSL_EXTENDED_MASTER_SECRET */
|
||||
|
||||
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_parse_session_ticket_ext( mbedtls_ssl_context *ssl,
|
||||
unsigned char *buf,
|
||||
size_t len )
|
||||
|
@ -691,6 +705,7 @@ static int ssl_parse_session_ticket_ext( mbedtls_ssl_context *ssl,
|
|||
#endif /* MBEDTLS_SSL_SESSION_TICKETS */
|
||||
|
||||
#if defined(MBEDTLS_SSL_ALPN)
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_parse_alpn_ext( mbedtls_ssl_context *ssl,
|
||||
const unsigned char *buf, size_t len )
|
||||
{
|
||||
|
@ -779,6 +794,7 @@ static int ssl_parse_alpn_ext( mbedtls_ssl_context *ssl,
|
|||
#endif /* MBEDTLS_SSL_ALPN */
|
||||
|
||||
#if defined(MBEDTLS_SSL_DTLS_SRTP)
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_parse_use_srtp_ext( mbedtls_ssl_context *ssl,
|
||||
const unsigned char *buf,
|
||||
size_t len )
|
||||
|
@ -907,6 +923,7 @@ static int ssl_parse_use_srtp_ext( mbedtls_ssl_context *ssl,
|
|||
* Return 0 if the given key uses one of the acceptable curves, -1 otherwise
|
||||
*/
|
||||
#if defined(MBEDTLS_ECDSA_C)
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_check_key_curve( mbedtls_pk_context *pk,
|
||||
const mbedtls_ecp_curve_info **curves )
|
||||
{
|
||||
|
@ -928,6 +945,7 @@ static int ssl_check_key_curve( mbedtls_pk_context *pk,
|
|||
* Try picking a certificate for this ciphersuite,
|
||||
* return 0 on success and -1 on failure.
|
||||
*/
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_pick_cert( mbedtls_ssl_context *ssl,
|
||||
const mbedtls_ssl_ciphersuite_t * ciphersuite_info )
|
||||
{
|
||||
|
@ -1032,6 +1050,7 @@ static int ssl_pick_cert( mbedtls_ssl_context *ssl,
|
|||
* Check if a given ciphersuite is suitable for use with our config/keys/etc
|
||||
* Sets ciphersuite_info only if the suite matches.
|
||||
*/
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_ciphersuite_match( mbedtls_ssl_context *ssl, int suite_id,
|
||||
const mbedtls_ssl_ciphersuite_t **ciphersuite_info )
|
||||
{
|
||||
|
@ -1147,6 +1166,7 @@ static int ssl_ciphersuite_match( mbedtls_ssl_context *ssl, int suite_id,
|
|||
}
|
||||
|
||||
#if defined(MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO)
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_parse_client_hello_v2( mbedtls_ssl_context *ssl )
|
||||
{
|
||||
int ret, got_common_suite;
|
||||
|
@ -1410,6 +1430,7 @@ have_ciphersuite_v2:
|
|||
/* This function doesn't alert on errors that happen early during
|
||||
ClientHello parsing because they might indicate that the client is
|
||||
not talking SSL/TLS at all and would not understand our alert. */
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_parse_client_hello( mbedtls_ssl_context *ssl )
|
||||
{
|
||||
int ret, got_common_suite;
|
||||
|
@ -1583,7 +1604,7 @@ read_record_header:
|
|||
* Handshake layer:
|
||||
* 0 . 0 handshake type
|
||||
* 1 . 3 handshake length
|
||||
* 4 . 5 DTLS only: message seqence number
|
||||
* 4 . 5 DTLS only: message sequence number
|
||||
* 6 . 8 DTLS only: fragment offset
|
||||
* 9 . 11 DTLS only: fragment length
|
||||
*/
|
||||
|
@ -1604,11 +1625,19 @@ read_record_header:
|
|||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello v3, handshake len.: %d",
|
||||
( buf[1] << 16 ) | ( buf[2] << 8 ) | buf[3] ) );
|
||||
|
||||
/* We don't support fragmentation of ClientHello (yet?) */
|
||||
if( buf[1] != 0 ||
|
||||
msg_len != mbedtls_ssl_hs_hdr_len( ssl ) + ( ( buf[2] << 8 ) | buf[3] ) )
|
||||
if( buf[1] != 0 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message: %u != 0",
|
||||
(unsigned) buf[1] ) );
|
||||
return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
|
||||
}
|
||||
/* We don't support fragmentation of ClientHello (yet?) */
|
||||
if( msg_len != mbedtls_ssl_hs_hdr_len( ssl ) + ( ( buf[2] << 8 ) | buf[3] ) )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message: %u != %u + %u",
|
||||
(unsigned) msg_len,
|
||||
(unsigned) mbedtls_ssl_hs_hdr_len( ssl ),
|
||||
(unsigned) ( buf[2] << 8 ) | buf[3] ) );
|
||||
return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
|
||||
}
|
||||
|
||||
|
@ -1649,6 +1678,11 @@ read_record_header:
|
|||
* For now we don't support fragmentation, so make sure
|
||||
* fragment_offset == 0 and fragment_length == length
|
||||
*/
|
||||
MBEDTLS_SSL_DEBUG_MSG(
|
||||
4, ( "fragment_offset=%u fragment_length=%u length=%u",
|
||||
(unsigned) ( ssl->in_msg[6] << 16 | ssl->in_msg[7] << 8 | ssl->in_msg[8] ),
|
||||
(unsigned) ( ssl->in_msg[9] << 16 | ssl->in_msg[10] << 8 | ssl->in_msg[11] ),
|
||||
(unsigned) ( ssl->in_msg[1] << 16 | ssl->in_msg[2] << 8 | ssl->in_msg[3] ) ) );
|
||||
if( ssl->in_msg[6] != 0 || ssl->in_msg[7] != 0 || ssl->in_msg[8] != 0 ||
|
||||
memcmp( ssl->in_msg + 1, ssl->in_msg + 9, 3 ) != 0 )
|
||||
{
|
||||
|
@ -2354,12 +2388,8 @@ static void ssl_write_encrypt_then_mac_ext( mbedtls_ssl_context *ssl,
|
|||
const mbedtls_ssl_ciphersuite_t *suite = NULL;
|
||||
const mbedtls_cipher_info_t *cipher = NULL;
|
||||
|
||||
if( ssl->session_negotiate->encrypt_then_mac == MBEDTLS_SSL_ETM_DISABLED ||
|
||||
ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 )
|
||||
{
|
||||
*olen = 0;
|
||||
return;
|
||||
}
|
||||
if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 )
|
||||
ssl->session_negotiate->encrypt_then_mac = MBEDTLS_SSL_ETM_DISABLED;
|
||||
|
||||
/*
|
||||
* RFC 7366: "If a server receives an encrypt-then-MAC request extension
|
||||
|
@ -2371,6 +2401,11 @@ static void ssl_write_encrypt_then_mac_ext( mbedtls_ssl_context *ssl,
|
|||
ssl->session_negotiate->ciphersuite ) ) == NULL ||
|
||||
( cipher = mbedtls_cipher_info_from_type( suite->cipher ) ) == NULL ||
|
||||
cipher->mode != MBEDTLS_MODE_CBC )
|
||||
{
|
||||
ssl->session_negotiate->encrypt_then_mac = MBEDTLS_SSL_ETM_DISABLED;
|
||||
}
|
||||
|
||||
if( ssl->session_negotiate->encrypt_then_mac == MBEDTLS_SSL_ETM_DISABLED )
|
||||
{
|
||||
*olen = 0;
|
||||
return;
|
||||
|
@ -2685,6 +2720,7 @@ static void ssl_write_use_srtp_ext( mbedtls_ssl_context *ssl,
|
|||
#endif /* MBEDTLS_SSL_DTLS_SRTP */
|
||||
|
||||
#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY)
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_write_hello_verify_request( mbedtls_ssl_context *ssl )
|
||||
{
|
||||
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
||||
|
@ -2805,6 +2841,7 @@ exit:
|
|||
mbedtls_ssl_session_free( &session_tmp );
|
||||
}
|
||||
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_write_server_hello( mbedtls_ssl_context *ssl )
|
||||
{
|
||||
#if defined(MBEDTLS_HAVE_TIME)
|
||||
|
@ -3035,6 +3072,7 @@ static int ssl_write_server_hello( mbedtls_ssl_context *ssl )
|
|||
}
|
||||
|
||||
#if !defined(MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED)
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_write_certificate_request( mbedtls_ssl_context *ssl )
|
||||
{
|
||||
const mbedtls_ssl_ciphersuite_t *ciphersuite_info =
|
||||
|
@ -3053,6 +3091,7 @@ static int ssl_write_certificate_request( mbedtls_ssl_context *ssl )
|
|||
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
|
||||
}
|
||||
#else /* !MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED */
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_write_certificate_request( mbedtls_ssl_context *ssl )
|
||||
{
|
||||
int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
|
||||
|
@ -3222,18 +3261,23 @@ static int ssl_write_certificate_request( mbedtls_ssl_context *ssl )
|
|||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_get_ecdh_params_from_cert( mbedtls_ssl_context *ssl )
|
||||
{
|
||||
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
||||
mbedtls_pk_context *own_key = mbedtls_ssl_own_key( ssl );
|
||||
|
||||
if( ! mbedtls_pk_can_do( mbedtls_ssl_own_key( ssl ), MBEDTLS_PK_ECKEY ) )
|
||||
/* Check if the key is a transparent ECDH key.
|
||||
* This also ensures that it is safe to call mbedtls_pk_ec(). */
|
||||
if( mbedtls_pk_get_type( own_key ) != MBEDTLS_PK_ECKEY &&
|
||||
mbedtls_pk_get_type( own_key ) != MBEDTLS_PK_ECKEY_DH )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "server key not ECDH capable" ) );
|
||||
return( MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH );
|
||||
}
|
||||
|
||||
if( ( ret = mbedtls_ecdh_get_params( &ssl->handshake->ecdh_ctx,
|
||||
mbedtls_pk_ec( *mbedtls_ssl_own_key( ssl ) ),
|
||||
mbedtls_pk_ec( *own_key ),
|
||||
MBEDTLS_ECDH_OURS ) ) != 0 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_RET( 1, ( "mbedtls_ecdh_get_params" ), ret );
|
||||
|
@ -3247,6 +3291,7 @@ static int ssl_get_ecdh_params_from_cert( mbedtls_ssl_context *ssl )
|
|||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED) && \
|
||||
defined(MBEDTLS_SSL_ASYNC_PRIVATE)
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_resume_server_key_exchange( mbedtls_ssl_context *ssl,
|
||||
size_t *signature_len )
|
||||
{
|
||||
|
@ -3274,6 +3319,7 @@ static int ssl_resume_server_key_exchange( mbedtls_ssl_context *ssl,
|
|||
/* Prepare the ServerKeyExchange message, up to and including
|
||||
* calculating the signature if any, but excluding formatting the
|
||||
* signature and sending the message. */
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_prepare_server_key_exchange( mbedtls_ssl_context *ssl,
|
||||
size_t *signature_len )
|
||||
{
|
||||
|
@ -3643,6 +3689,7 @@ curve_matching_done:
|
|||
* that do not include a ServerKeyExchange message, do nothing. Either
|
||||
* way, if successful, move on to the next step in the SSL state
|
||||
* machine. */
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_write_server_key_exchange( mbedtls_ssl_context *ssl )
|
||||
{
|
||||
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
||||
|
@ -3664,7 +3711,12 @@ static int ssl_write_server_key_exchange( mbedtls_ssl_context *ssl )
|
|||
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_ENABLED)
|
||||
if( mbedtls_ssl_ciphersuite_uses_ecdh( ciphersuite_info ) )
|
||||
{
|
||||
ssl_get_ecdh_params_from_cert( ssl );
|
||||
ret = ssl_get_ecdh_params_from_cert( ssl );
|
||||
if( ret != 0 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_RET( 1, "ssl_get_ecdh_params_from_cert", ret );
|
||||
return( ret );
|
||||
}
|
||||
}
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDH_ENABLED */
|
||||
|
||||
|
@ -3740,6 +3792,7 @@ static int ssl_write_server_key_exchange( mbedtls_ssl_context *ssl )
|
|||
return( 0 );
|
||||
}
|
||||
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_write_server_hello_done( mbedtls_ssl_context *ssl )
|
||||
{
|
||||
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
||||
|
@ -3779,6 +3832,7 @@ static int ssl_write_server_hello_done( mbedtls_ssl_context *ssl )
|
|||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_parse_client_dh_public( mbedtls_ssl_context *ssl, unsigned char **p,
|
||||
const unsigned char *end )
|
||||
{
|
||||
|
@ -3822,6 +3876,7 @@ static int ssl_parse_client_dh_public( mbedtls_ssl_context *ssl, unsigned char *
|
|||
defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED)
|
||||
|
||||
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_resume_decrypt_pms( mbedtls_ssl_context *ssl,
|
||||
unsigned char *peer_pms,
|
||||
size_t *peer_pmslen,
|
||||
|
@ -3839,6 +3894,7 @@ static int ssl_resume_decrypt_pms( mbedtls_ssl_context *ssl,
|
|||
}
|
||||
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
|
||||
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_decrypt_encrypted_pms( mbedtls_ssl_context *ssl,
|
||||
const unsigned char *p,
|
||||
const unsigned char *end,
|
||||
|
@ -3931,6 +3987,7 @@ static int ssl_decrypt_encrypted_pms( mbedtls_ssl_context *ssl,
|
|||
return( ret );
|
||||
}
|
||||
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_parse_encrypted_pms( mbedtls_ssl_context *ssl,
|
||||
const unsigned char *p,
|
||||
const unsigned char *end,
|
||||
|
@ -4020,6 +4077,7 @@ static int ssl_parse_encrypted_pms( mbedtls_ssl_context *ssl,
|
|||
MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_parse_client_psk_identity( mbedtls_ssl_context *ssl, unsigned char **p,
|
||||
const unsigned char *end )
|
||||
{
|
||||
|
@ -4080,6 +4138,7 @@ static int ssl_parse_client_psk_identity( mbedtls_ssl_context *ssl, unsigned cha
|
|||
}
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
|
||||
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_parse_client_key_exchange( mbedtls_ssl_context *ssl )
|
||||
{
|
||||
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
||||
|
@ -4207,7 +4266,7 @@ static int ssl_parse_client_key_exchange( mbedtls_ssl_context *ssl )
|
|||
}
|
||||
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
/* For opaque PSKs, we perform the PSK-to-MS derivation atomatically
|
||||
/* For opaque PSKs, we perform the PSK-to-MS derivation automatically
|
||||
* and skip the intermediate PMS. */
|
||||
if( ssl_use_opaque_psk( ssl ) == 1 )
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "skip PMS generation for opaque PSK" ) );
|
||||
|
@ -4247,7 +4306,10 @@ static int ssl_parse_client_key_exchange( mbedtls_ssl_context *ssl )
|
|||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
/* Opaque PSKs are currently only supported for PSK-only. */
|
||||
if( ssl_use_opaque_psk( ssl ) == 1 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "opaque PSK not supported with RSA-PSK" ) );
|
||||
return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
|
||||
}
|
||||
#endif
|
||||
|
||||
if( ( ret = ssl_parse_encrypted_pms( ssl, p, end, 2 ) ) != 0 )
|
||||
|
@ -4282,7 +4344,10 @@ static int ssl_parse_client_key_exchange( mbedtls_ssl_context *ssl )
|
|||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
/* Opaque PSKs are currently only supported for PSK-only. */
|
||||
if( ssl_use_opaque_psk( ssl ) == 1 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "opaque PSK not supported with DHE-PSK" ) );
|
||||
return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
|
||||
}
|
||||
#endif
|
||||
|
||||
if( p != end )
|
||||
|
@ -4319,7 +4384,10 @@ static int ssl_parse_client_key_exchange( mbedtls_ssl_context *ssl )
|
|||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
/* Opaque PSKs are currently only supported for PSK-only. */
|
||||
if( ssl_use_opaque_psk( ssl ) == 1 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "opaque PSK not supported with ECDHE-PSK" ) );
|
||||
return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
|
||||
}
|
||||
#endif
|
||||
|
||||
MBEDTLS_SSL_DEBUG_ECDH( 3, &ssl->handshake->ecdh_ctx,
|
||||
|
@ -4386,6 +4454,7 @@ static int ssl_parse_client_key_exchange( mbedtls_ssl_context *ssl )
|
|||
}
|
||||
|
||||
#if !defined(MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED)
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl )
|
||||
{
|
||||
const mbedtls_ssl_ciphersuite_t *ciphersuite_info =
|
||||
|
@ -4404,6 +4473,7 @@ static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl )
|
|||
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
|
||||
}
|
||||
#else /* !MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED */
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl )
|
||||
{
|
||||
int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
|
||||
|
@ -4597,6 +4667,7 @@ static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl )
|
|||
#endif /* MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED */
|
||||
|
||||
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_write_new_session_ticket( mbedtls_ssl_context *ssl )
|
||||
{
|
||||
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
||||
|
|
4
thirdparty/mbedtls/library/ssl_ticket.c
vendored
4
thirdparty/mbedtls/library/ssl_ticket.c
vendored
|
@ -37,7 +37,7 @@
|
|||
#include <string.h>
|
||||
|
||||
/*
|
||||
* Initialze context
|
||||
* Initialize context
|
||||
*/
|
||||
void mbedtls_ssl_ticket_init( mbedtls_ssl_ticket_context *ctx )
|
||||
{
|
||||
|
@ -66,6 +66,7 @@ void mbedtls_ssl_ticket_init( mbedtls_ssl_ticket_context *ctx )
|
|||
/*
|
||||
* Generate/update a key
|
||||
*/
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_ticket_gen_key( mbedtls_ssl_ticket_context *ctx,
|
||||
unsigned char index )
|
||||
{
|
||||
|
@ -96,6 +97,7 @@ static int ssl_ticket_gen_key( mbedtls_ssl_ticket_context *ctx,
|
|||
/*
|
||||
* Rotate/generate keys if necessary
|
||||
*/
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_ticket_update_keys( mbedtls_ssl_ticket_context *ctx )
|
||||
{
|
||||
#if !defined(MBEDTLS_HAVE_TIME)
|
||||
|
|
58
thirdparty/mbedtls/library/ssl_tls.c
vendored
58
thirdparty/mbedtls/library/ssl_tls.c
vendored
|
@ -245,6 +245,7 @@ int mbedtls_ssl_session_copy( mbedtls_ssl_session *dst,
|
|||
}
|
||||
|
||||
#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int resize_buffer( unsigned char **buffer, size_t len_new, size_t *len_old )
|
||||
{
|
||||
unsigned char* resized_buffer = mbedtls_calloc( 1, len_new );
|
||||
|
@ -337,6 +338,7 @@ static void handle_buffer_resizing( mbedtls_ssl_context *ssl, int downsizing,
|
|||
* Key material generation
|
||||
*/
|
||||
#if defined(MBEDTLS_SSL_PROTO_SSL3)
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl3_prf( const unsigned char *secret, size_t slen,
|
||||
const char *label,
|
||||
const unsigned char *random, size_t rlen,
|
||||
|
@ -398,6 +400,7 @@ exit:
|
|||
#endif /* MBEDTLS_SSL_PROTO_SSL3 */
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1)
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int tls1_prf( const unsigned char *secret, size_t slen,
|
||||
const char *label,
|
||||
const unsigned char *random, size_t rlen,
|
||||
|
@ -605,6 +608,7 @@ static psa_status_t setup_psa_key_derivation( psa_key_derivation_operation_t* de
|
|||
return( PSA_SUCCESS );
|
||||
}
|
||||
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int tls_prf_generic( mbedtls_md_type_t md_type,
|
||||
const unsigned char *secret, size_t slen,
|
||||
const char *label,
|
||||
|
@ -679,6 +683,7 @@ static int tls_prf_generic( mbedtls_md_type_t md_type,
|
|||
|
||||
#else /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int tls_prf_generic( mbedtls_md_type_t md_type,
|
||||
const unsigned char *secret, size_t slen,
|
||||
const char *label,
|
||||
|
@ -770,6 +775,7 @@ exit:
|
|||
}
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
#if defined(MBEDTLS_SHA256_C)
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int tls_prf_sha256( const unsigned char *secret, size_t slen,
|
||||
const char *label,
|
||||
const unsigned char *random, size_t rlen,
|
||||
|
@ -781,6 +787,7 @@ static int tls_prf_sha256( const unsigned char *secret, size_t slen,
|
|||
#endif /* MBEDTLS_SHA256_C */
|
||||
|
||||
#if defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_SHA512_NO_SHA384)
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int tls_prf_sha384( const unsigned char *secret, size_t slen,
|
||||
const char *label,
|
||||
const unsigned char *random, size_t rlen,
|
||||
|
@ -825,6 +832,7 @@ static void ssl_calc_finished_tls_sha384( mbedtls_ssl_context *, unsigned char *
|
|||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) && \
|
||||
defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_use_opaque_psk( mbedtls_ssl_context const *ssl )
|
||||
{
|
||||
if( ssl->conf->f_psk != NULL )
|
||||
|
@ -949,6 +957,7 @@ typedef int ssl_tls_prf_t(const unsigned char *, size_t, const char *,
|
|||
* - MBEDTLS_SSL_EXPORT_KEYS: ssl->conf->{f,p}_export_keys
|
||||
* - MBEDTLS_DEBUG_C: ssl->conf->{f,p}_dbg
|
||||
*/
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_populate_transform( mbedtls_ssl_transform *transform,
|
||||
int ciphersuite,
|
||||
const unsigned char master[48],
|
||||
|
@ -990,6 +999,7 @@ static int ssl_populate_transform( mbedtls_ssl_transform *transform,
|
|||
|
||||
#if !defined(MBEDTLS_SSL_HW_RECORD_ACCEL) && \
|
||||
!defined(MBEDTLS_SSL_EXPORT_KEYS) && \
|
||||
!defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) && \
|
||||
!defined(MBEDTLS_DEBUG_C)
|
||||
ssl = NULL; /* make sure we don't use it except for those cases */
|
||||
(void) ssl;
|
||||
|
@ -1361,7 +1371,7 @@ static int ssl_populate_transform( mbedtls_ssl_transform *transform,
|
|||
* the structure field for the IV, which the PSA-based
|
||||
* implementation currently doesn't. */
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 )
|
||||
if( minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 )
|
||||
{
|
||||
ret = mbedtls_cipher_setup_psa( &transform->cipher_ctx_enc,
|
||||
cipher_info, transform->taglen );
|
||||
|
@ -1404,7 +1414,7 @@ static int ssl_populate_transform( mbedtls_ssl_transform *transform,
|
|||
* the structure field for the IV, which the PSA-based
|
||||
* implementation currently doesn't. */
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 )
|
||||
if( minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 )
|
||||
{
|
||||
ret = mbedtls_cipher_setup_psa( &transform->cipher_ctx_dec,
|
||||
cipher_info, transform->taglen );
|
||||
|
@ -1511,6 +1521,7 @@ end:
|
|||
* Outputs:
|
||||
* - the tls_prf, calc_verify and calc_finished members of handshake structure
|
||||
*/
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_set_handshake_prfs( mbedtls_ssl_handshake_params *handshake,
|
||||
int minor_ver,
|
||||
mbedtls_md_type_t hash )
|
||||
|
@ -1580,6 +1591,7 @@ static int ssl_set_handshake_prfs( mbedtls_ssl_handshake_params *handshake,
|
|||
* EMS: passed to calc_verify (debug + (SSL3) session_negotiate)
|
||||
* PSA-PSA: minor_ver, conf
|
||||
*/
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_compute_master( mbedtls_ssl_handshake_params *handshake,
|
||||
unsigned char *master,
|
||||
const mbedtls_ssl_context *ssl )
|
||||
|
@ -2108,6 +2120,7 @@ int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl, mbedtls_key_exch
|
|||
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
|
||||
|
||||
#if defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_RENEGOTIATION)
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_write_hello_request( mbedtls_ssl_context *ssl );
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||
|
@ -2323,6 +2336,7 @@ write_msg:
|
|||
#if defined(MBEDTLS_SSL_RENEGOTIATION) && defined(MBEDTLS_SSL_CLI_C)
|
||||
|
||||
#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_check_peer_crt_unchanged( mbedtls_ssl_context *ssl,
|
||||
unsigned char *crt_buf,
|
||||
size_t crt_buf_len )
|
||||
|
@ -2338,6 +2352,7 @@ static int ssl_check_peer_crt_unchanged( mbedtls_ssl_context *ssl,
|
|||
return( memcmp( peer_crt->raw.p, crt_buf, peer_crt->raw.len ) );
|
||||
}
|
||||
#else /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_check_peer_crt_unchanged( mbedtls_ssl_context *ssl,
|
||||
unsigned char *crt_buf,
|
||||
size_t crt_buf_len )
|
||||
|
@ -2372,6 +2387,7 @@ static int ssl_check_peer_crt_unchanged( mbedtls_ssl_context *ssl,
|
|||
* Once the certificate message is read, parse it into a cert chain and
|
||||
* perform basic checks, but leave actual verification to the caller
|
||||
*/
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_parse_certificate_chain( mbedtls_ssl_context *ssl,
|
||||
mbedtls_x509_crt *chain )
|
||||
{
|
||||
|
@ -2521,6 +2537,7 @@ static int ssl_parse_certificate_chain( mbedtls_ssl_context *ssl,
|
|||
}
|
||||
|
||||
#if defined(MBEDTLS_SSL_SRV_C)
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_srv_check_client_no_crt_notification( mbedtls_ssl_context *ssl )
|
||||
{
|
||||
if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT )
|
||||
|
@ -2570,6 +2587,7 @@ static int ssl_srv_check_client_no_crt_notification( mbedtls_ssl_context *ssl )
|
|||
*/
|
||||
#define SSL_CERTIFICATE_EXPECTED 0
|
||||
#define SSL_CERTIFICATE_SKIP 1
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_parse_certificate_coordinate( mbedtls_ssl_context *ssl,
|
||||
int authmode )
|
||||
{
|
||||
|
@ -2599,6 +2617,7 @@ static int ssl_parse_certificate_coordinate( mbedtls_ssl_context *ssl,
|
|||
return( SSL_CERTIFICATE_EXPECTED );
|
||||
}
|
||||
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl,
|
||||
int authmode,
|
||||
mbedtls_x509_crt *chain,
|
||||
|
@ -2696,7 +2715,9 @@ static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl,
|
|||
{
|
||||
const mbedtls_pk_context *pk = &chain->pk;
|
||||
|
||||
/* If certificate uses an EC key, make sure the curve is OK */
|
||||
/* If certificate uses an EC key, make sure the curve is OK.
|
||||
* This is a public key, so it can't be opaque, so can_do() is a good
|
||||
* enough check to ensure pk_ec() is safe to use here. */
|
||||
if( mbedtls_pk_can_do( pk, MBEDTLS_PK_ECKEY ) &&
|
||||
mbedtls_ssl_check_curve( ssl, mbedtls_pk_ec( *pk )->grp.id ) != 0 )
|
||||
{
|
||||
|
@ -2787,6 +2808,7 @@ static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl,
|
|||
}
|
||||
|
||||
#if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_remember_peer_crt_digest( mbedtls_ssl_context *ssl,
|
||||
unsigned char *start, size_t len )
|
||||
{
|
||||
|
@ -2818,6 +2840,7 @@ static int ssl_remember_peer_crt_digest( mbedtls_ssl_context *ssl,
|
|||
return( ret );
|
||||
}
|
||||
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_remember_peer_pubkey( mbedtls_ssl_context *ssl,
|
||||
unsigned char *start, size_t len )
|
||||
{
|
||||
|
@ -3428,7 +3451,7 @@ void mbedtls_ssl_handshake_wrapup_free_hs_transform( mbedtls_ssl_context *ssl )
|
|||
ssl->handshake = NULL;
|
||||
|
||||
/*
|
||||
* Free the previous transform and swith in the current one
|
||||
* Free the previous transform and switch in the current one
|
||||
*/
|
||||
if( ssl->transform )
|
||||
{
|
||||
|
@ -3796,6 +3819,7 @@ void mbedtls_ssl_session_init( mbedtls_ssl_session *session )
|
|||
memset( session, 0, sizeof(mbedtls_ssl_session) );
|
||||
}
|
||||
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_handshake_init( mbedtls_ssl_context *ssl )
|
||||
{
|
||||
/* Clear old handshake information if present */
|
||||
|
@ -3873,6 +3897,7 @@ static int ssl_handshake_init( mbedtls_ssl_context *ssl )
|
|||
|
||||
#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C)
|
||||
/* Dummy cookie callbacks for defaults */
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_cookie_write_dummy( void *ctx,
|
||||
unsigned char **p, unsigned char *end,
|
||||
const unsigned char *cli_id, size_t cli_id_len )
|
||||
|
@ -3886,6 +3911,7 @@ static int ssl_cookie_write_dummy( void *ctx,
|
|||
return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
|
||||
}
|
||||
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_cookie_check_dummy( void *ctx,
|
||||
const unsigned char *cookie, size_t cookie_len,
|
||||
const unsigned char *cli_id, size_t cli_id_len )
|
||||
|
@ -4303,6 +4329,7 @@ void mbedtls_ssl_conf_cert_profile( mbedtls_ssl_config *conf,
|
|||
}
|
||||
|
||||
/* Append a new keycert entry to a (possibly empty) list */
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_append_key_cert( mbedtls_ssl_key_cert **head,
|
||||
mbedtls_x509_crt *cert,
|
||||
mbedtls_pk_context *key )
|
||||
|
@ -4471,6 +4498,7 @@ static void ssl_conf_remove_psk( mbedtls_ssl_config *conf )
|
|||
* It checks that the provided identity is well-formed and attempts
|
||||
* to make a copy of it in the SSL config.
|
||||
* On failure, the PSK identity in the config remains unset. */
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_conf_set_psk_identity( mbedtls_ssl_config *conf,
|
||||
unsigned char const *psk_identity,
|
||||
size_t psk_identity_len )
|
||||
|
@ -4632,6 +4660,9 @@ int mbedtls_ssl_conf_dh_param_bin( mbedtls_ssl_config *conf,
|
|||
{
|
||||
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
||||
|
||||
mbedtls_mpi_free( &conf->dhm_P );
|
||||
mbedtls_mpi_free( &conf->dhm_G );
|
||||
|
||||
if( ( ret = mbedtls_mpi_read_binary( &conf->dhm_P, dhm_P, P_len ) ) != 0 ||
|
||||
( ret = mbedtls_mpi_read_binary( &conf->dhm_G, dhm_G, G_len ) ) != 0 )
|
||||
{
|
||||
|
@ -4647,6 +4678,9 @@ int mbedtls_ssl_conf_dh_param_ctx( mbedtls_ssl_config *conf, mbedtls_dhm_context
|
|||
{
|
||||
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
||||
|
||||
mbedtls_mpi_free( &conf->dhm_P );
|
||||
mbedtls_mpi_free( &conf->dhm_G );
|
||||
|
||||
if( ( ret = mbedtls_mpi_copy( &conf->dhm_P, &dhm_ctx->P ) ) != 0 ||
|
||||
( ret = mbedtls_mpi_copy( &conf->dhm_G, &dhm_ctx->G ) ) != 0 )
|
||||
{
|
||||
|
@ -5384,6 +5418,7 @@ static unsigned char ssl_serialized_session_header[] = {
|
|||
* verify_result is put before peer_cert so that all mandatory fields come
|
||||
* together in one block.
|
||||
*/
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_session_save( const mbedtls_ssl_session *session,
|
||||
unsigned char omit_header,
|
||||
unsigned char *buf,
|
||||
|
@ -5583,6 +5618,7 @@ int mbedtls_ssl_session_save( const mbedtls_ssl_session *session,
|
|||
* This internal version is wrapped by a public function that cleans up in
|
||||
* case of error, and has an extra option omit_header.
|
||||
*/
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_session_load( mbedtls_ssl_session *session,
|
||||
unsigned char omit_header,
|
||||
const unsigned char *buf,
|
||||
|
@ -5886,6 +5922,7 @@ int mbedtls_ssl_handshake( mbedtls_ssl_context *ssl )
|
|||
/*
|
||||
* Write HelloRequest to request renegotiation on server
|
||||
*/
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_write_hello_request( mbedtls_ssl_context *ssl )
|
||||
{
|
||||
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
||||
|
@ -6497,6 +6534,7 @@ static tls_prf_fn ssl_tls12prf_from_cs( int ciphersuite_id )
|
|||
* This internal version is wrapped by a public function that cleans up in
|
||||
* case of error.
|
||||
*/
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_context_load( mbedtls_ssl_context *ssl,
|
||||
const unsigned char *buf,
|
||||
size_t len )
|
||||
|
@ -7320,6 +7358,18 @@ int mbedtls_ssl_check_curve( const mbedtls_ssl_context *ssl, mbedtls_ecp_group_i
|
|||
|
||||
return( -1 );
|
||||
}
|
||||
|
||||
/*
|
||||
* Same as mbedtls_ssl_check_curve() but takes a TLS ID for the curve.
|
||||
*/
|
||||
int mbedtls_ssl_check_curve_tls_id( const mbedtls_ssl_context *ssl, uint16_t tls_id )
|
||||
{
|
||||
const mbedtls_ecp_curve_info *curve_info =
|
||||
mbedtls_ecp_curve_info_from_tls_id( tls_id );
|
||||
if( curve_info == NULL )
|
||||
return( -1 );
|
||||
return( mbedtls_ssl_check_curve( ssl, curve_info->grp_id ) );
|
||||
}
|
||||
#endif /* MBEDTLS_ECP_C */
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
||||
|
|
2
thirdparty/mbedtls/library/threading.c
vendored
2
thirdparty/mbedtls/library/threading.c
vendored
|
@ -113,7 +113,7 @@ int (*mbedtls_mutex_lock)( mbedtls_threading_mutex_t * ) = threading_mutex_lock_
|
|||
int (*mbedtls_mutex_unlock)( mbedtls_threading_mutex_t * ) = threading_mutex_unlock_pthread;
|
||||
|
||||
/*
|
||||
* With phtreads we can statically initialize mutexes
|
||||
* With pthreads we can statically initialize mutexes
|
||||
*/
|
||||
#define MUTEX_INIT = { PTHREAD_MUTEX_INITIALIZER, 1 }
|
||||
|
||||
|
|
9
thirdparty/mbedtls/library/timing.c
vendored
9
thirdparty/mbedtls/library/timing.c
vendored
|
@ -56,15 +56,15 @@ struct _hr_time
|
|||
|
||||
#include <unistd.h>
|
||||
#include <sys/types.h>
|
||||
#include <sys/time.h>
|
||||
#include <signal.h>
|
||||
/* time.h should be included independently of MBEDTLS_HAVE_TIME. If the
|
||||
* platform matches the ifdefs above, it will be used. */
|
||||
#include <time.h>
|
||||
|
||||
#include <sys/time.h>
|
||||
struct _hr_time
|
||||
{
|
||||
struct timeval start;
|
||||
};
|
||||
|
||||
#endif /* _WIN32 && !EFIX64 && !EFI32 */
|
||||
|
||||
#if !defined(HAVE_HARDCLOCK) && defined(MBEDTLS_HAVE_ASM) && \
|
||||
|
@ -364,7 +364,6 @@ int mbedtls_timing_get_delay( void *data )
|
|||
return( 0 );
|
||||
}
|
||||
|
||||
#endif /* !MBEDTLS_TIMING_ALT */
|
||||
|
||||
#if defined(MBEDTLS_SELF_TEST)
|
||||
|
||||
|
@ -526,5 +525,5 @@ hard_test_done:
|
|||
}
|
||||
|
||||
#endif /* MBEDTLS_SELF_TEST */
|
||||
|
||||
#endif /* !MBEDTLS_TIMING_ALT */
|
||||
#endif /* MBEDTLS_TIMING_C */
|
||||
|
|
21
thirdparty/mbedtls/library/x509.c
vendored
21
thirdparty/mbedtls/library/x509.c
vendored
|
@ -741,7 +741,7 @@ int mbedtls_x509_get_ext( unsigned char **p, const unsigned char *end,
|
|||
int mbedtls_x509_dn_gets( char *buf, size_t size, const mbedtls_x509_name *dn )
|
||||
{
|
||||
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
||||
size_t i, n;
|
||||
size_t i, j, n;
|
||||
unsigned char c, merge = 0;
|
||||
const mbedtls_x509_name *name;
|
||||
const char *short_name = NULL;
|
||||
|
@ -775,17 +775,24 @@ int mbedtls_x509_dn_gets( char *buf, size_t size, const mbedtls_x509_name *dn )
|
|||
ret = mbedtls_snprintf( p, n, "\?\?=" );
|
||||
MBEDTLS_X509_SAFE_SNPRINTF;
|
||||
|
||||
for( i = 0; i < name->val.len; i++ )
|
||||
for( i = 0, j = 0; i < name->val.len; i++, j++ )
|
||||
{
|
||||
if( i >= sizeof( s ) - 1 )
|
||||
break;
|
||||
if( j >= sizeof( s ) - 1 )
|
||||
return( MBEDTLS_ERR_X509_BUFFER_TOO_SMALL );
|
||||
|
||||
c = name->val.p[i];
|
||||
// Special characters requiring escaping, RFC 1779
|
||||
if( c && strchr( ",=+<>#;\"\\", c ) )
|
||||
{
|
||||
if( j + 1 >= sizeof( s ) - 1 )
|
||||
return( MBEDTLS_ERR_X509_BUFFER_TOO_SMALL );
|
||||
s[j++] = '\\';
|
||||
}
|
||||
if( c < 32 || c >= 127 )
|
||||
s[i] = '?';
|
||||
else s[i] = c;
|
||||
s[j] = '?';
|
||||
else s[j] = c;
|
||||
}
|
||||
s[i] = '\0';
|
||||
s[j] = '\0';
|
||||
ret = mbedtls_snprintf( p, n, "%s", s );
|
||||
MBEDTLS_X509_SAFE_SNPRINTF;
|
||||
|
||||
|
|
2
thirdparty/mbedtls/library/x509_crl.c
vendored
2
thirdparty/mbedtls/library/x509_crl.c
vendored
|
@ -52,11 +52,13 @@
|
|||
#define mbedtls_snprintf snprintf
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_HAVE_TIME)
|
||||
#if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
|
||||
#include <windows.h>
|
||||
#else
|
||||
#include <time.h>
|
||||
#endif
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_FS_IO) || defined(EFIX64) || defined(EFI32)
|
||||
#include <stdio.h>
|
||||
|
|
2
thirdparty/mbedtls/library/x509_crt.c
vendored
2
thirdparty/mbedtls/library/x509_crt.c
vendored
|
@ -63,6 +63,7 @@
|
|||
#include "mbedtls/threading.h"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_HAVE_TIME)
|
||||
#if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
|
||||
#include <windows.h>
|
||||
#if defined(_MSC_VER) && _MSC_VER <= 1600
|
||||
|
@ -81,6 +82,7 @@
|
|||
#else
|
||||
#include <time.h>
|
||||
#endif
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_FS_IO)
|
||||
#include <stdio.h>
|
||||
|
|
2
thirdparty/mbedtls/library/x509write_crt.c
vendored
2
thirdparty/mbedtls/library/x509write_crt.c
vendored
|
@ -299,7 +299,7 @@ static int x509_write_time( unsigned char **p, unsigned char *start,
|
|||
/*
|
||||
* write MBEDTLS_ASN1_UTC_TIME if year < 2050 (2 bytes shorter)
|
||||
*/
|
||||
if( t[0] == '2' && t[1] == '0' && t[2] < '5' )
|
||||
if( t[0] < '2' || ( t[0] == '2' && t[1] == '0' && t[2] < '5' ) )
|
||||
{
|
||||
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_raw_buffer( p, start,
|
||||
(const unsigned char *) t + 2,
|
||||
|
|
Loading…
Reference in a new issue