/* Implementation that should never be optimized out by the compiler */
static void mbedtls_zeroize( void *v, size_t n ) {
- volatile unsigned char *p = v; while( n-- ) *p++ = 0;
+ volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0;
}
/*
int ret = 0, i, j, u, v;
unsigned char key[32];
unsigned char buf[64];
+#if defined(MBEDTLS_CIPHER_MODE_CBC) || defined(MBEDTLS_CIPHER_MODE_CFB)
unsigned char iv[16];
+#endif
#if defined(MBEDTLS_CIPHER_MODE_CBC)
unsigned char prv[16];
#endif
asm( "movdqu (%3), %%xmm0 \n\t" // load input
"movdqu (%1), %%xmm1 \n\t" // load round key 0
"pxor %%xmm1, %%xmm0 \n\t" // round 0
- "addq $16, %1 \n\t" // point to next round key
+ "add $16, %1 \n\t" // point to next round key
"subl $1, %0 \n\t" // normal rounds = nr - 1
"test %2, %2 \n\t" // mode?
"jz 2f \n\t" // 0 = decrypt
"1: \n\t" // encryption loop
"movdqu (%1), %%xmm1 \n\t" // load round key
AESENC xmm1_xmm0 "\n\t" // do round
- "addq $16, %1 \n\t" // point to next round key
+ "add $16, %1 \n\t" // point to next round key
"subl $1, %0 \n\t" // loop
"jnz 1b \n\t"
"movdqu (%1), %%xmm1 \n\t" // load round key
"2: \n\t" // decryption loop
"movdqu (%1), %%xmm1 \n\t"
AESDEC xmm1_xmm0 "\n\t" // do round
- "addq $16, %1 \n\t"
+ "add $16, %1 \n\t"
"subl $1, %0 \n\t"
"jnz 2b \n\t"
"movdqu (%1), %%xmm1 \n\t" // load round key
/* Implementation that should never be optimized out by the compiler */
static void mbedtls_zeroize( void *v, size_t n ) {
- volatile unsigned char *p = v; while( n-- ) *p++ = 0;
+ volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0;
}
void mbedtls_arc4_init( mbedtls_arc4_context *ctx )
/* Implementation that should never be optimized out by the compiler */
static void mbedtls_zeroize( void *v, size_t n ) {
- volatile unsigned char *p = v; while( n-- ) *p++ = 0;
+ volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0;
}
/*
/* Allocate and assign next pointer */
if( *p < end )
{
- cur->next = mbedtls_calloc( 1, sizeof( mbedtls_asn1_sequence ) );
+ cur->next = (mbedtls_asn1_sequence*)mbedtls_calloc( 1,
+ sizeof( mbedtls_asn1_sequence ) );
if( cur->next == NULL )
return( MBEDTLS_ERR_ASN1_ALLOC_FAILED );
{
// Add new entry if not present yet based on OID
//
- if( ( cur = mbedtls_calloc( 1, sizeof(mbedtls_asn1_named_data) ) ) == NULL )
+ cur = (mbedtls_asn1_named_data*)mbedtls_calloc( 1,
+ sizeof(mbedtls_asn1_named_data) );
+ if( cur == NULL )
return( NULL );
cur->oid.len = oid_len;
n *= 4;
- if( dlen < n + 1 )
+ if( ( dlen < n + 1 ) || ( NULL == dst ) )
{
*olen = n + 1;
return( MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL );
#endif
/* Implementation that should never be optimized out by the compiler */
-static void mbedtls_zeroize( void *v, size_t n ) {
- volatile unsigned char *p = v; while( n-- ) *p++ = 0;
+static void mbedtls_mpi_zeroize( mbedtls_mpi_uint *v, size_t n ) {
+ volatile mbedtls_mpi_uint *p = v; while( n-- ) *p++ = 0;
}
#define ciL (sizeof(mbedtls_mpi_uint)) /* chars in limb */
if( X->p != NULL )
{
- mbedtls_zeroize( X->p, X->n * ciL );
+ mbedtls_mpi_zeroize( X->p, X->n );
mbedtls_free( X->p );
}
if( X->n < nblimbs )
{
- if( ( p = mbedtls_calloc( nblimbs, ciL ) ) == NULL )
+ if( ( p = (mbedtls_mpi_uint*)mbedtls_calloc( nblimbs, ciL ) ) == NULL )
return( MBEDTLS_ERR_MPI_ALLOC_FAILED );
if( X->p != NULL )
{
memcpy( p, X->p, X->n * ciL );
- mbedtls_zeroize( X->p, X->n * ciL );
+ mbedtls_mpi_zeroize( X->p, X->n );
mbedtls_free( X->p );
}
if( i < nblimbs )
i = nblimbs;
- if( ( p = mbedtls_calloc( i, ciL ) ) == NULL )
+ if( ( p = (mbedtls_mpi_uint*)mbedtls_calloc( i, ciL ) ) == NULL )
return( MBEDTLS_ERR_MPI_ALLOC_FAILED );
if( X->p != NULL )
{
memcpy( p, X->p, i * ciL );
- mbedtls_zeroize( X->p, X->n * ciL );
+ mbedtls_mpi_zeroize( X->p, X->n );
mbedtls_free( X->p );
}
{
int ret;
size_t i, j;
- mbedtls_mpi_uint *o, *p, c;
+ mbedtls_mpi_uint *o, *p, c, tmp;
if( X == B )
{
o = B->p; p = X->p; c = 0;
+ /*
+ * tmp is used because it might happen that p == o
+ */
for( i = 0; i < j; i++, o++, p++ )
{
+ tmp= *o;
*p += c; c = ( *p < c );
- *p += *o; c += ( *p < *o );
+ *p += tmp; c += ( *p < tmp );
}
while( c != 0 )
/*
* Montgomery multiplication: A = A * B * R^-1 mod N (HAC 14.36)
*/
-static void mpi_montmul( mbedtls_mpi *A, const mbedtls_mpi *B, const mbedtls_mpi *N, mbedtls_mpi_uint mm,
+static int mpi_montmul( mbedtls_mpi *A, const mbedtls_mpi *B, const mbedtls_mpi *N, mbedtls_mpi_uint mm,
const mbedtls_mpi *T )
{
size_t i, n, m;
mbedtls_mpi_uint u0, u1, *d;
+ if( T->n < N->n + 1 || T->p == NULL )
+ return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
+
memset( T->p, 0, T->n * ciL );
d = T->p;
else
/* prevent timing attacks */
mpi_sub_hlp( n, A->p, T->p );
+
+ return( 0 );
}
/*
* Montgomery reduction: A = A * R^-1 mod N
*/
-static void mpi_montred( mbedtls_mpi *A, const mbedtls_mpi *N, mbedtls_mpi_uint mm, const mbedtls_mpi *T )
+static int mpi_montred( mbedtls_mpi *A, const mbedtls_mpi *N, mbedtls_mpi_uint mm, const mbedtls_mpi *T )
{
mbedtls_mpi_uint z = 1;
mbedtls_mpi U;
U.n = U.s = (int) z;
U.p = &z;
- mpi_montmul( A, &U, N, mm, T );
+ return( mpi_montmul( A, &U, N, mm, T ) );
}
/*
else
MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &W[1], A ) );
- mpi_montmul( &W[1], &RR, N, mm, &T );
+ MBEDTLS_MPI_CHK( mpi_montmul( &W[1], &RR, N, mm, &T ) );
/*
* X = R^2 * R^-1 mod N = R mod N
*/
MBEDTLS_MPI_CHK( mbedtls_mpi_copy( X, &RR ) );
- mpi_montred( X, N, mm, &T );
+ MBEDTLS_MPI_CHK( mpi_montred( X, N, mm, &T ) );
if( wsize > 1 )
{
MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &W[j], &W[1] ) );
for( i = 0; i < wsize - 1; i++ )
- mpi_montmul( &W[j], &W[j], N, mm, &T );
+ MBEDTLS_MPI_CHK( mpi_montmul( &W[j], &W[j], N, mm, &T ) );
/*
* W[i] = W[i - 1] * W[1]
MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &W[i], N->n + 1 ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &W[i], &W[i - 1] ) );
- mpi_montmul( &W[i], &W[1], N, mm, &T );
+ MBEDTLS_MPI_CHK( mpi_montmul( &W[i], &W[1], N, mm, &T ) );
}
}
/*
* out of window, square X
*/
- mpi_montmul( X, X, N, mm, &T );
+ MBEDTLS_MPI_CHK( mpi_montmul( X, X, N, mm, &T ) );
continue;
}
* X = X^wsize R^-1 mod N
*/
for( i = 0; i < wsize; i++ )
- mpi_montmul( X, X, N, mm, &T );
+ MBEDTLS_MPI_CHK( mpi_montmul( X, X, N, mm, &T ) );
/*
* X = X * W[wbits] R^-1 mod N
*/
- mpi_montmul( X, &W[wbits], N, mm, &T );
+ MBEDTLS_MPI_CHK( mpi_montmul( X, &W[wbits], N, mm, &T ) );
state--;
nbits = 0;
*/
for( i = 0; i < nbits; i++ )
{
- mpi_montmul( X, X, N, mm, &T );
+ MBEDTLS_MPI_CHK( mpi_montmul( X, X, N, mm, &T ) );
wbits <<= 1;
if( ( wbits & ( one << wsize ) ) != 0 )
- mpi_montmul( X, &W[1], N, mm, &T );
+ MBEDTLS_MPI_CHK( mpi_montmul( X, &W[1], N, mm, &T ) );
}
/*
* X = A^E * R * R^-1 mod N = A^E mod N
*/
- mpi_montred( X, N, mm, &T );
+ MBEDTLS_MPI_CHK( mpi_montred( X, N, mm, &T ) );
if( neg )
{
/* Implementation that should never be optimized out by the compiler */
static void mbedtls_zeroize( void *v, size_t n ) {
- volatile unsigned char *p = v; while( n-- ) *p++ = 0;
+ volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0;
}
/*
/* Implementation that should never be optimized out by the compiler */
static void mbedtls_zeroize( void *v, size_t n ) {
- volatile unsigned char *p = v; while( n-- ) *p++ = 0;
+ volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0;
}
/*
mbedtls_printf( " CAMELLIA-CBC-%3d (%s): ", 128 + u * 64,
( v == MBEDTLS_CAMELLIA_DECRYPT ) ? "dec" : "enc" );
- memcpy( src, camellia_test_cbc_iv, 16 );
- memcpy( dst, camellia_test_cbc_iv, 16 );
- memcpy( key, camellia_test_cbc_key[u], 16 + 8 * u );
-
- if( v == MBEDTLS_CAMELLIA_DECRYPT ) {
- mbedtls_camellia_setkey_dec( &ctx, key, 128 + u * 64 );
- } else {
- mbedtls_camellia_setkey_enc( &ctx, key, 128 + u * 64 );
- }
-
- for( i = 0; i < CAMELLIA_TESTS_CBC; i++ ) {
+ memcpy( src, camellia_test_cbc_iv, 16 );
+ memcpy( dst, camellia_test_cbc_iv, 16 );
+ memcpy( key, camellia_test_cbc_key[u], 16 + 8 * u );
if( v == MBEDTLS_CAMELLIA_DECRYPT ) {
- memcpy( iv , src, 16 );
- memcpy( src, camellia_test_cbc_cipher[u][i], 16 );
- memcpy( dst, camellia_test_cbc_plain[i], 16 );
- } else { /* MBEDTLS_CAMELLIA_ENCRYPT */
- memcpy( iv , dst, 16 );
- memcpy( src, camellia_test_cbc_plain[i], 16 );
- memcpy( dst, camellia_test_cbc_cipher[u][i], 16 );
+ mbedtls_camellia_setkey_dec( &ctx, key, 128 + u * 64 );
+ } else {
+ mbedtls_camellia_setkey_enc( &ctx, key, 128 + u * 64 );
}
- mbedtls_camellia_crypt_cbc( &ctx, v, 16, iv, src, buf );
+ for( i = 0; i < CAMELLIA_TESTS_CBC; i++ ) {
- if( memcmp( buf, dst, 16 ) != 0 )
- {
- if( verbose != 0 )
- mbedtls_printf( "failed\n" );
+ if( v == MBEDTLS_CAMELLIA_DECRYPT ) {
+ memcpy( iv , src, 16 );
+ memcpy( src, camellia_test_cbc_cipher[u][i], 16 );
+ memcpy( dst, camellia_test_cbc_plain[i], 16 );
+ } else { /* MBEDTLS_CAMELLIA_ENCRYPT */
+ memcpy( iv , dst, 16 );
+ memcpy( src, camellia_test_cbc_plain[i], 16 );
+ memcpy( dst, camellia_test_cbc_cipher[u][i], 16 );
+ }
- return( 1 );
+ mbedtls_camellia_crypt_cbc( &ctx, v, 16, iv, src, buf );
+
+ if( memcmp( buf, dst, 16 ) != 0 )
+ {
+ if( verbose != 0 )
+ mbedtls_printf( "failed\n" );
+
+ return( 1 );
+ }
}
- }
if( verbose != 0 )
mbedtls_printf( "passed\n" );
/* Implementation that should never be optimized out by the compiler */
static void mbedtls_zeroize( void *v, size_t n ) {
- volatile unsigned char *p = v; while( n-- ) *p++ = 0;
+ volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0;
}
#define CCM_ENCRYPT 0
/* Implementation that should never be optimized out by the compiler */
static void mbedtls_zeroize( void *v, size_t n ) {
- volatile unsigned char *p = v; while( n-- ) *p++ = 0;
+ volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0;
}
static int supported_init = 0;
size_t ilen, unsigned char *output, size_t *olen )
{
int ret;
+ size_t block_size = 0;
if( NULL == ctx || NULL == ctx->cipher_info || NULL == olen )
{
}
*olen = 0;
+ block_size = mbedtls_cipher_get_block_size( ctx );
if( ctx->cipher_info->mode == MBEDTLS_MODE_ECB )
{
- if( ilen != mbedtls_cipher_get_block_size( ctx ) )
+ if( ilen != block_size )
return( MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED );
*olen = ilen;
}
#endif
+ if ( 0 == block_size )
+ {
+ return MBEDTLS_ERR_CIPHER_INVALID_CONTEXT;
+ }
+
if( input == output &&
- ( ctx->unprocessed_len != 0 || ilen % mbedtls_cipher_get_block_size( ctx ) ) )
+ ( ctx->unprocessed_len != 0 || ilen % block_size ) )
{
return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
}
* If there is not enough data for a full block, cache it.
*/
if( ( ctx->operation == MBEDTLS_DECRYPT &&
- ilen + ctx->unprocessed_len <= mbedtls_cipher_get_block_size( ctx ) ) ||
+ ilen + ctx->unprocessed_len <= block_size ) ||
( ctx->operation == MBEDTLS_ENCRYPT &&
- ilen + ctx->unprocessed_len < mbedtls_cipher_get_block_size( ctx ) ) )
+ ilen + ctx->unprocessed_len < block_size ) )
{
memcpy( &( ctx->unprocessed_data[ctx->unprocessed_len] ), input,
ilen );
/*
* Process cached data first
*/
- if( ctx->unprocessed_len != 0 )
+ if( 0 != ctx->unprocessed_len )
{
- copy_len = mbedtls_cipher_get_block_size( ctx ) - ctx->unprocessed_len;
+ copy_len = block_size - ctx->unprocessed_len;
memcpy( &( ctx->unprocessed_data[ctx->unprocessed_len] ), input,
copy_len );
if( 0 != ( ret = ctx->cipher_info->base->cbc_func( ctx->cipher_ctx,
- ctx->operation, mbedtls_cipher_get_block_size( ctx ), ctx->iv,
+ ctx->operation, block_size, ctx->iv,
ctx->unprocessed_data, output ) ) )
{
return( ret );
}
- *olen += mbedtls_cipher_get_block_size( ctx );
- output += mbedtls_cipher_get_block_size( ctx );
+ *olen += block_size;
+ output += block_size;
ctx->unprocessed_len = 0;
input += copy_len;
*/
if( 0 != ilen )
{
- copy_len = ilen % mbedtls_cipher_get_block_size( ctx );
+ if( 0 == block_size )
+ {
+ return MBEDTLS_ERR_CIPHER_INVALID_CONTEXT;
+ }
+
+ copy_len = ilen % block_size;
if( copy_len == 0 && ctx->operation == MBEDTLS_DECRYPT )
- copy_len = mbedtls_cipher_get_block_size( ctx );
+ copy_len = block_size;
memcpy( ctx->unprocessed_data, &( input[ilen - copy_len] ),
copy_len );
}
/*
- * Non-public function wrapped by ctr_crbg_init(). Necessary to allow NIST
- * tests to succeed (which require known length fixed entropy)
+ * Non-public function wrapped by mbedtls_ctr_drbg_seed(). Necessary to allow
+ * NIST tests to succeed (which require known length fixed entropy)
*/
int mbedtls_ctr_drbg_seed_entropy_len(
mbedtls_ctr_drbg_context *ctx,
#if defined(MBEDTLS_DEBUG_C)
-#include "mbedtls/debug.h"
-
-#include <stdarg.h>
-#include <stdio.h>
-#include <string.h>
-
#if defined(MBEDTLS_PLATFORM_C)
#include "mbedtls/platform.h"
#else
#include <stdlib.h>
#define mbedtls_calloc calloc
#define mbedtls_free free
+#define mbedtls_time_t time_t
#define mbedtls_snprintf snprintf
#endif
+#include "mbedtls/debug.h"
+
+#include <stdarg.h>
+#include <stdio.h>
+#include <string.h>
+
#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
!defined(inline) && !defined(__cplusplus)
#define inline __inline
char str[DEBUG_BUF_SIZE];
int ret;
- if( ssl->conf == NULL || ssl->conf->f_dbg == NULL || level > debug_threshold )
+ if( NULL == ssl || NULL == ssl->conf || NULL == ssl->conf->f_dbg || level > debug_threshold )
return;
va_start( argp, format );
/* Implementation that should never be optimized out by the compiler */
static void mbedtls_zeroize( void *v, size_t n ) {
- volatile unsigned char *p = v; while( n-- ) *p++ = 0;
+ volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0;
}
/*
* This file is part of mbed TLS (https://tls.mbed.org)
*/
/*
- * Reference:
+ * The following sources were referenced in the design of this implementation
+ * of the Diffie-Hellman-Merkle algorithm:
+ *
+ * [1] Handbook of Applied Cryptography - 1997, Chapter 12
+ * Menezes, van Oorschot and Vanstone
*
- * http://www.cacr.math.uwaterloo.ca/hac/ (chapter 12)
*/
#if !defined(MBEDTLS_CONFIG_FILE)
/* [M225] page 5 */
size_t b;
- MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( d, n_size, f_rng, p_rng ) );
+ do {
+ MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( d, n_size, f_rng, p_rng ) );
+ } while( mbedtls_mpi_bitlen( d ) == 0);
/* Make sure the most significant bit is nbits */
b = mbedtls_mpi_bitlen( d ) - 1; /* mbedtls_mpi_bitlen is one-based */
/*
* Entropy accumulator implementation
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ * Copyright (C) 2006-2016, ARM Limited, All Rights Reserved
* SPDX-License-Identifier: Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
#if defined(MBEDTLS_ENTROPY_C)
+#if defined(MBEDTLS_TEST_NULL_ENTROPY)
+#warning "**** WARNING! MBEDTLS_TEST_NULL_ENTROPY defined! "
+#warning "**** THIS BUILD HAS NO DEFINED ENTROPY SOURCES "
+#warning "**** THIS BUILD IS *NOT* SUITABLE FOR PRODUCTION USE "
+#endif
+
#include "mbedtls/entropy.h"
#include "mbedtls/entropy_poll.h"
mbedtls_havege_init( &ctx->havege_data );
#endif
+#if defined(MBEDTLS_TEST_NULL_ENTROPY)
+ mbedtls_entropy_add_source( ctx, mbedtls_null_entropy_poll, NULL,
+ 1, MBEDTLS_ENTROPY_SOURCE_STRONG );
+#endif
+
#if !defined(MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES)
#if !defined(MBEDTLS_NO_PLATFORM_ENTROPY)
mbedtls_entropy_add_source( ctx, mbedtls_platform_entropy_poll, NULL,
MBEDTLS_ENTROPY_MIN_HARDWARE,
MBEDTLS_ENTROPY_SOURCE_STRONG );
#endif
+#if defined(MBEDTLS_ENTROPY_NV_SEED)
+ mbedtls_entropy_add_source( ctx, mbedtls_nv_seed_poll, NULL,
+ MBEDTLS_ENTROPY_BLOCK_SIZE,
+ MBEDTLS_ENTROPY_SOURCE_STRONG );
+#endif
#endif /* MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES */
}
if( len > MBEDTLS_ENTROPY_BLOCK_SIZE )
return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED );
+#if defined(MBEDTLS_ENTROPY_NV_SEED)
+ /* Update the NV entropy seed before generating any entropy for outside
+ * use.
+ */
+ if( ctx->initial_entropy_run == 0 )
+ {
+ ctx->initial_entropy_run = 1;
+ if( ( ret = mbedtls_entropy_update_nv_seed( ctx ) ) != 0 )
+ return( ret );
+ }
+#endif
+
#if defined(MBEDTLS_THREADING_C)
if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 )
return( ret );
return( ret );
}
+#if defined(MBEDTLS_ENTROPY_NV_SEED)
+int mbedtls_entropy_update_nv_seed( mbedtls_entropy_context *ctx )
+{
+ int ret = MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR;
+ unsigned char buf[ MBEDTLS_ENTROPY_MAX_SEED_SIZE ];
+
+ /* Read new seed and write it to NV */
+ if( ( ret = mbedtls_entropy_func( ctx, buf, MBEDTLS_ENTROPY_BLOCK_SIZE ) ) != 0 )
+ return( ret );
+
+ if( mbedtls_nv_seed_write( buf, MBEDTLS_ENTROPY_BLOCK_SIZE ) < 0 )
+ return( MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR );
+
+ /* Manually update the remaining stream with a separator value to diverge */
+ memset( buf, 0, MBEDTLS_ENTROPY_BLOCK_SIZE );
+ mbedtls_entropy_update_manual( ctx, buf, MBEDTLS_ENTROPY_BLOCK_SIZE );
+
+ return( 0 );
+}
+#endif /* MBEDTLS_ENTROPY_NV_SEED */
+
#if defined(MBEDTLS_FS_IO)
int mbedtls_entropy_write_seed_file( mbedtls_entropy_context *ctx, const char *path )
{
/*
* Platform-specific and custom entropy polling functions
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ * Copyright (C) 2006-2016, ARM Limited, All Rights Reserved
* SPDX-License-Identifier: Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
#if defined(MBEDTLS_HAVEGE_C)
#include "mbedtls/havege.h"
#endif
+#if defined(MBEDTLS_ENTROPY_NV_SEED)
+#include "mbedtls/platform.h"
+#endif
#if !defined(MBEDTLS_NO_PLATFORM_ENTROPY)
+
+#if !defined(unix) && !defined(__unix__) && !defined(__unix) && \
+ !defined(__APPLE__) && !defined(_WIN32)
+#error "Platform entropy sources only work on Unix and Windows, see MBEDTLS_NO_PLATFORM_ENTROPY in config.h"
+#endif
+
#if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
#if !defined(_WIN32_WINNT)
}
if( CryptGenRandom( provider, (DWORD) len, output ) == FALSE )
+ {
+ CryptReleaseContext( provider, 0 );
return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED );
+ }
CryptReleaseContext( provider, 0 );
*olen = len;
#endif /* _WIN32 && !EFIX64 && !EFI32 */
#endif /* !MBEDTLS_NO_PLATFORM_ENTROPY */
+#if defined(MBEDTLS_TEST_NULL_ENTROPY)
+int mbedtls_null_entropy_poll( void *data,
+ unsigned char *output, size_t len, size_t *olen )
+{
+ ((void) data);
+ ((void) output);
+ *olen = 0;
+
+ if( len < sizeof(unsigned char) )
+ return( 0 );
+
+ *olen = sizeof(unsigned char);
+
+ return( 0 );
+}
+#endif
+
#if defined(MBEDTLS_TIMING_C)
int mbedtls_hardclock_poll( void *data,
unsigned char *output, size_t len, size_t *olen )
}
#endif /* MBEDTLS_HAVEGE_C */
+#if defined(MBEDTLS_ENTROPY_NV_SEED)
+int mbedtls_nv_seed_poll( void *data,
+ unsigned char *output, size_t len, size_t *olen )
+{
+ unsigned char buf[MBEDTLS_ENTROPY_BLOCK_SIZE];
+ size_t use_len = MBEDTLS_ENTROPY_BLOCK_SIZE;
+ ((void) data);
+
+ memset( buf, 0, MBEDTLS_ENTROPY_BLOCK_SIZE );
+
+ if( mbedtls_nv_seed_read( buf, MBEDTLS_ENTROPY_BLOCK_SIZE ) < 0 )
+ return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED );
+
+ if( len < use_len )
+ use_len = len;
+
+ memcpy( output, buf, use_len );
+ *olen = use_len;
+
+ return( 0 );
+}
+#endif /* MBEDTLS_ENTROPY_NV_SEED */
+
#endif /* MBEDTLS_ENTROPY_C */
#include "mbedtls/platform.h"
#else
#define mbedtls_snprintf snprintf
+#define mbedtls_time_t time_t
#endif
#if defined(MBEDTLS_ERROR_C)
mbedtls_snprintf( buf, buflen, "CIPHER - Decryption of block requires a full block" );
if( use_ret == -(MBEDTLS_ERR_CIPHER_AUTH_FAILED) )
mbedtls_snprintf( buf, buflen, "CIPHER - Authentication failed (for AEAD modes)" );
+ if( use_ret == -(MBEDTLS_ERR_CIPHER_INVALID_CONTEXT) )
+ mbedtls_snprintf( buf, buflen, "CIPHER - The context is invalid, eg because it was free()ed" );
#endif /* MBEDTLS_CIPHER_C */
#if defined(MBEDTLS_DHM_C)
PTX = U1 = 0;
PTY = U2 = 0;
+ (void)PTX;
+
memset( RES, 0, sizeof( RES ) );
while( n < MBEDTLS_HAVEGE_COLLECT_SIZE * 4 )
heap.total_used -= hdr->size;
#endif
+#if defined(MBEDTLS_MEMORY_BACKTRACE)
+ free( hdr->trace );
+ hdr->trace = NULL;
+ hdr->trace_count = 0;
+#endif
+
// Regroup with block before
//
if( hdr->prev != NULL && hdr->prev->alloc == 0 )
if( hdr->next != NULL )
hdr->next->prev = hdr;
-#if defined(MBEDTLS_MEMORY_BACKTRACE)
- free( old->trace );
-#endif
memset( old, 0, sizeof(memory_header) );
}
if( hdr->next != NULL )
hdr->next->prev = hdr;
-#if defined(MBEDTLS_MEMORY_BACKTRACE)
- free( old->trace );
-#endif
memset( old, 0, sizeof(memory_header) );
}
heap.first_free = hdr;
}
-#if defined(MBEDTLS_MEMORY_BACKTRACE)
- hdr->trace = NULL;
- hdr->trace_count = 0;
-#endif
-
if( ( heap.verify & MBEDTLS_MEMORY_VERIFY_FREE ) && verify_chain() != 0 )
mbedtls_exit( 1 );
}
#if defined(MBEDTLS_NET_C)
+#if !defined(unix) && !defined(__unix__) && !defined(__unix) && \
+ !defined(__APPLE__) && !defined(_WIN32)
+#error "This module only works on Unix and Windows, see MBEDTLS_NET_C in config.h"
+#endif
+
+#if defined(MBEDTLS_PLATFORM_C)
+#include "mbedtls/platform.h"
+#else
+#include <stdlib.h>
+#define mbedtls_time_t time_t
+#endif
+
#include "mbedtls/net.h"
#include <string.h>
#define MSVC_INT_CAST
#endif
-#include <stdlib.h>
#include <stdio.h>
#include <time.h>
+++ /dev/null
-/**
- * \file pbkdf2.c
- *
- * \brief Password-Based Key Derivation Function 2 (from PKCS#5)
- * DEPRECATED: Use pkcs5.c instead
- *
- * \author Mathias Olsson <mathias@kompetensum.com>
- *
- * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
- *
- * This file is part of mbed TLS (https://polarssl.org)
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
- */
-/*
- * PBKDF2 is part of PKCS#5
- *
- * http://tools.ietf.org/html/rfc2898 (Specification)
- * http://tools.ietf.org/html/rfc6070 (Test vectors)
- */
-
-#if !defined(POLARSSL_CONFIG_FILE)
-#include "polarssl/config.h"
-#else
-#include POLARSSL_CONFIG_FILE
-#endif
-
-#if defined(POLARSSL_PBKDF2_C)
-
-#include "polarssl/pbkdf2.h"
-#include "polarssl/pkcs5.h"
-
-int pbkdf2_hmac( md_context_t *ctx, const unsigned char *password, size_t plen,
- const unsigned char *salt, size_t slen,
- unsigned int iteration_count,
- uint32_t key_length, unsigned char *output )
-{
- return pkcs5_pbkdf2_hmac( ctx, password, plen, salt, slen, iteration_count,
- key_length, output );
-}
-
-#if defined(POLARSSL_SELF_TEST)
-int pbkdf2_self_test( int verbose )
-{
- return pkcs5_self_test( verbose );
-}
-#endif /* POLARSSL_SELF_TEST */
-
-#endif /* POLARSSL_PBKDF2_C */
unsigned char *key, size_t keylen,
unsigned char *iv, size_t ivlen )
{
- int ret, iterations;
+ int ret, iterations = 0;
mbedtls_asn1_buf salt;
size_t i;
unsigned char unipwd[PKCS12_MAX_PWDLEN * 2 + 2];
/*
* Platform abstraction layer
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ * Copyright (C) 2006-2016, ARM Limited, All Rights Reserved
* SPDX-License-Identifier: Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
}
#endif /* MBEDTLS_PLATFORM_EXIT_ALT */
+#if defined(MBEDTLS_PLATFORM_TIME_ALT)
+#if !defined(MBEDTLS_PLATFORM_STD_TIME)
+/*
+ * Make dummy function to prevent NULL pointer dereferences
+ */
+static mbedtls_time_t platform_time_uninit( mbedtls_time_t* timer )
+{
+ ((void) timer);
+ return( 0 );
+}
+
+#define MBEDTLS_PLATFORM_STD_TIME platform_time_uninit
+#endif /* !MBEDTLS_PLATFORM_STD_TIME */
+
+mbedtls_time_t (*mbedtls_time)( mbedtls_time_t* timer ) = MBEDTLS_PLATFORM_STD_TIME;
+
+int mbedtls_platform_set_time( mbedtls_time_t (*time_func)( mbedtls_time_t* timer ) )
+{
+ mbedtls_time = time_func;
+ return( 0 );
+}
+#endif /* MBEDTLS_PLATFORM_TIME_ALT */
+
+#if defined(MBEDTLS_ENTROPY_NV_SEED)
+#if !defined(MBEDTLS_PLATFORM_NO_STD_FUNCTIONS) && defined(MBEDTLS_FS_IO)
+/* Default implementations for the platform independent seed functions use
+ * standard libc file functions to read from and write to a pre-defined filename
+ */
+int mbedtls_platform_std_nv_seed_read( unsigned char *buf, size_t buf_len )
+{
+ FILE *file;
+ size_t n;
+
+ if( ( file = fopen( MBEDTLS_PLATFORM_STD_NV_SEED_FILE, "rb" ) ) == NULL )
+ return -1;
+
+ if( ( n = fread( buf, 1, buf_len, file ) ) != buf_len )
+ {
+ fclose( file );
+ return -1;
+ }
+
+ fclose( file );
+ return( n );
+}
+
+int mbedtls_platform_std_nv_seed_write( unsigned char *buf, size_t buf_len )
+{
+ FILE *file;
+ size_t n;
+
+ if( ( file = fopen( MBEDTLS_PLATFORM_STD_NV_SEED_FILE, "w" ) ) == NULL )
+ return -1;
+
+ if( ( n = fwrite( buf, 1, buf_len, file ) ) != buf_len )
+ {
+ fclose( file );
+ return -1;
+ }
+
+ fclose( file );
+ return( n );
+}
+#endif /* MBEDTLS_PLATFORM_NO_STD_FUNCTIONS */
+
+#if defined(MBEDTLS_PLATFORM_NV_SEED_ALT)
+#if !defined(MBEDTLS_PLATFORM_STD_NV_SEED_READ)
+/*
+ * Make dummy function to prevent NULL pointer dereferences
+ */
+static int platform_nv_seed_read_uninit( unsigned char *buf, size_t buf_len )
+{
+ ((void) buf);
+ ((void) buf_len);
+ return( -1 );
+}
+
+#define MBEDTLS_PLATFORM_STD_NV_SEED_READ platform_nv_seed_read_uninit
+#endif /* !MBEDTLS_PLATFORM_STD_NV_SEED_READ */
+
+#if !defined(MBEDTLS_PLATFORM_STD_NV_SEED_WRITE)
+/*
+ * Make dummy function to prevent NULL pointer dereferences
+ */
+static int platform_nv_seed_write_uninit( unsigned char *buf, size_t buf_len )
+{
+ ((void) buf);
+ ((void) buf_len);
+ return( -1 );
+}
+
+#define MBEDTLS_PLATFORM_STD_NV_SEED_WRITE platform_nv_seed_write_uninit
+#endif /* !MBEDTLS_PLATFORM_STD_NV_SEED_WRITE */
+
+int (*mbedtls_nv_seed_read)( unsigned char *buf, size_t buf_len ) =
+ MBEDTLS_PLATFORM_STD_NV_SEED_READ;
+int (*mbedtls_nv_seed_write)( unsigned char *buf, size_t buf_len ) =
+ MBEDTLS_PLATFORM_STD_NV_SEED_WRITE;
+
+int mbedtls_platform_set_nv_seed(
+ int (*nv_seed_read_func)( unsigned char *buf, size_t buf_len ),
+ int (*nv_seed_write_func)( unsigned char *buf, size_t buf_len ) )
+{
+ mbedtls_nv_seed_read = nv_seed_read_func;
+ mbedtls_nv_seed_write = nv_seed_write_func;
+ return( 0 );
+}
+#endif /* MBEDTLS_PLATFORM_NV_SEED_ALT */
+#endif /* MBEDTLS_ENTROPY_NV_SEED */
+
#endif /* MBEDTLS_PLATFORM_C */
* This file is part of mbed TLS (https://tls.mbed.org)
*/
/*
- * RSA was designed by Ron Rivest, Adi Shamir and Len Adleman.
+ * The following sources were referenced in the design of this implementation
+ * of the RSA algorithm:
+ *
+ * [1] A method for obtaining digital signatures and public-key cryptosystems
+ * R Rivest, A Shamir, and L Adleman
+ * http://people.csail.mit.edu/rivest/pubs.html#RSA78
+ *
+ * [2] Handbook of Applied Cryptography - 1997, Chapter 8
+ * Menezes, van Oorschot and Vanstone
*
- * http://theory.lcs.mit.edu/~rivest/rsapaper.pdf
- * http://www.cacr.math.uwaterloo.ca/hac/about/chap8.pdf
*/
#if !defined(MBEDTLS_CONFIG_FILE)
if( f_rng == NULL || nbits < 128 || exponent < 3 )
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
- mbedtls_mpi_init( &P1 ); mbedtls_mpi_init( &Q1 ); mbedtls_mpi_init( &H ); mbedtls_mpi_init( &G );
+ mbedtls_mpi_init( &P1 ); mbedtls_mpi_init( &Q1 );
+ mbedtls_mpi_init( &H ); mbedtls_mpi_init( &G );
/*
* find primes P and Q with Q < P so that:
do
{
- MBEDTLS_MPI_CHK( mbedtls_mpi_gen_prime( &ctx->P, ( nbits + 1 ) >> 1, 0,
+ MBEDTLS_MPI_CHK( mbedtls_mpi_gen_prime( &ctx->P, nbits >> 1, 0,
f_rng, p_rng ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_gen_prime( &ctx->Q, ( nbits + 1 ) >> 1, 0,
+ if( nbits % 2 )
+ {
+ MBEDTLS_MPI_CHK( mbedtls_mpi_gen_prime( &ctx->Q, ( nbits >> 1 ) + 1, 0,
f_rng, p_rng ) );
-
- if( mbedtls_mpi_cmp_mpi( &ctx->P, &ctx->Q ) < 0 )
- mbedtls_mpi_swap( &ctx->P, &ctx->Q );
+ }
+ else
+ {
+ MBEDTLS_MPI_CHK( mbedtls_mpi_gen_prime( &ctx->Q, nbits >> 1, 0,
+ f_rng, p_rng ) );
+ }
if( mbedtls_mpi_cmp_mpi( &ctx->P, &ctx->Q ) == 0 )
continue;
hlen = mbedtls_md_get_size( md_ctx->md_info );
- // Generate and apply dbMask
- //
+ /* Generate and apply dbMask */
p = dst;
while( dlen > 0 )
olen = ctx->len;
hlen = mbedtls_md_get_size( md_info );
- if( olen < ilen + 2 * hlen + 2 )
+ /* first comparison checks for overflow */
+ if( ilen + 2 * hlen + 2 < ilen || olen < ilen + 2 * hlen + 2 )
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
memset( output, 0, olen );
*p++ = 0;
- // Generate a random octet string seed
- //
+ /* Generate a random octet string seed */
if( ( ret = f_rng( p_rng, p, hlen ) ) != 0 )
return( MBEDTLS_ERR_RSA_RNG_FAILED + ret );
p += hlen;
- // Construct DB
- //
+ /* Construct DB */
mbedtls_md( md_info, label, label_len, p );
p += hlen;
p += olen - 2 * hlen - 2 - ilen;
memcpy( p, input, ilen );
mbedtls_md_init( &md_ctx );
- mbedtls_md_setup( &md_ctx, md_info, 0 );
+ if( ( ret = mbedtls_md_setup( &md_ctx, md_info, 0 ) ) != 0 )
+ {
+ mbedtls_md_free( &md_ctx );
+ return( ret );
+ }
- // maskedDB: Apply dbMask to DB
- //
+ /* maskedDB: Apply dbMask to DB */
mgf_mask( output + hlen + 1, olen - hlen - 1, output + 1, hlen,
&md_ctx );
- // maskedSeed: Apply seedMask to seed
- //
+ /* maskedSeed: Apply seedMask to seed */
mgf_mask( output + 1, hlen, output + hlen + 1, olen - hlen - 1,
&md_ctx );
if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V15 )
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
- if( f_rng == NULL )
+ // We don't check p_rng because it won't be dereferenced here
+ if( f_rng == NULL || input == NULL || output == NULL )
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
olen = ctx->len;
- if( olen < ilen + 11 )
+ /* first comparison checks for overflow */
+ if( ilen + 11 < ilen || olen < ilen + 11 )
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
nb_pad = olen - 3 - ilen;
ret = f_rng( p_rng, p, 1 );
} while( *p == 0 && --rng_dl && ret == 0 );
- // Check if RNG failed to generate data
- //
+ /* Check if RNG failed to generate data */
if( rng_dl == 0 || ret != 0 )
return( MBEDTLS_ERR_RSA_RNG_FAILED + ret );
if( md_info == NULL )
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+ hlen = mbedtls_md_get_size( md_info );
+
+ // checking for integer underflow
+ if( 2 * hlen + 2 > ilen )
+ return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+
/*
* RSA operation
*/
/*
* Unmask data and generate lHash
*/
- hlen = mbedtls_md_get_size( md_info );
-
mbedtls_md_init( &md_ctx );
- mbedtls_md_setup( &md_ctx, md_info, 0 );
+ if( ( ret = mbedtls_md_setup( &md_ctx, md_info, 0 ) ) != 0 )
+ {
+ mbedtls_md_free( &md_ctx );
+ return( ret );
+ }
+
/* Generate lHash */
mbedtls_md( md_info, label, label_len, lhash );
bad |= *p++; /* Must be zero */
}
+ bad |= ( pad_count < 8 );
+
if( bad )
return( MBEDTLS_ERR_RSA_INVALID_PADDING );
if( md_alg != MBEDTLS_MD_NONE )
{
- // Gather length of hash to sign
- //
+ /* Gather length of hash to sign */
md_info = mbedtls_md_info_from_type( md_alg );
if( md_info == NULL )
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
memset( sig, 0, olen );
- // Generate salt of length slen
- //
+ /* Generate salt of length slen */
if( ( ret = f_rng( p_rng, salt, slen ) ) != 0 )
return( MBEDTLS_ERR_RSA_RNG_FAILED + ret );
- // Note: EMSA-PSS encoding is over the length of N - 1 bits
- //
+ /* Note: EMSA-PSS encoding is over the length of N - 1 bits */
msb = mbedtls_mpi_bitlen( &ctx->N ) - 1;
p += olen - hlen * 2 - 2;
*p++ = 0x01;
p += slen;
mbedtls_md_init( &md_ctx );
- mbedtls_md_setup( &md_ctx, md_info, 0 );
+ if( ( ret = mbedtls_md_setup( &md_ctx, md_info, 0 ) ) != 0 )
+ {
+ mbedtls_md_free( &md_ctx );
+ return( ret );
+ }
- // Generate H = Hash( M' )
- //
+ /* Generate H = Hash( M' ) */
mbedtls_md_starts( &md_ctx );
mbedtls_md_update( &md_ctx, p, 8 );
mbedtls_md_update( &md_ctx, hash, hashlen );
mbedtls_md_update( &md_ctx, salt, slen );
mbedtls_md_finish( &md_ctx, p );
- // Compensate for boundary condition when applying mask
- //
+ /* Compensate for boundary condition when applying mask */
if( msb % 8 == 0 )
offset = 1;
- // maskedDB: Apply dbMask to DB
- //
+ /* maskedDB: Apply dbMask to DB */
mgf_mask( sig + offset, olen - hlen - 1 - offset, p, hlen, &md_ctx );
mbedtls_md_free( &md_ctx );
int ret;
size_t siglen;
unsigned char *p;
- unsigned char buf[MBEDTLS_MPI_MAX_SIZE];
unsigned char result[MBEDTLS_MD_MAX_SIZE];
unsigned char zeros[8];
unsigned int hlen;
size_t slen, msb;
const mbedtls_md_info_t *md_info;
mbedtls_md_context_t md_ctx;
+ unsigned char buf[MBEDTLS_MPI_MAX_SIZE];
if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V21 )
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
if( md_alg != MBEDTLS_MD_NONE )
{
- // Gather length of hash to sign
- //
+ /* Gather length of hash to sign */
md_info = mbedtls_md_info_from_type( md_alg );
if( md_info == NULL )
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
memset( zeros, 0, 8 );
- // Note: EMSA-PSS verification is over the length of N - 1 bits
- //
+ /*
+ * Note: EMSA-PSS verification is over the length of N - 1 bits
+ */
msb = mbedtls_mpi_bitlen( &ctx->N ) - 1;
- // Compensate for boundary condition when applying mask
- //
+ /* Compensate for boundary condition when applying mask */
if( msb % 8 == 0 )
{
p++;
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
mbedtls_md_init( &md_ctx );
- mbedtls_md_setup( &md_ctx, md_info, 0 );
+ if( ( ret = mbedtls_md_setup( &md_ctx, md_info, 0 ) ) != 0 )
+ {
+ mbedtls_md_free( &md_ctx );
+ return( ret );
+ }
mgf_mask( p, siglen - hlen - 1, p + siglen - hlen - 1, hlen, &md_ctx );
return( MBEDTLS_ERR_RSA_INVALID_PADDING );
}
- // Generate H = Hash( M' )
- //
+ /*
+ * Generate H = Hash( M' )
+ */
mbedtls_md_starts( &md_ctx );
mbedtls_md_update( &md_ctx, zeros, 8 );
mbedtls_md_update( &md_ctx, hash, hashlen );
int ret;
size_t len, siglen, asn1_len;
unsigned char *p, *end;
- unsigned char buf[MBEDTLS_MPI_MAX_SIZE];
mbedtls_md_type_t msg_md_alg;
const mbedtls_md_info_t *md_info;
mbedtls_asn1_buf oid;
+ unsigned char buf[MBEDTLS_MPI_MAX_SIZE];
if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V15 )
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
end = p + len;
- // Parse the ASN.1 structure inside the PKCS#1 v1.5 structure
- //
+ /*
+ * Parse the ASN.1 structure inside the PKCS#1 v1.5 structure
+ */
if( ( ret = mbedtls_asn1_get_tag( &p, end, &asn1_len,
MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
return( MBEDTLS_ERR_RSA_VERIFY_FAILED );
#if defined(MBEDTLS_SHA1_C)
if( verbose != 0 )
- mbedtls_printf( "PKCS#1 data sign : " );
+ mbedtls_printf( " PKCS#1 data sign : " );
mbedtls_sha1( rsa_plaintext, PT_LEN, sha1sum );
/* Implementation that should never be optimized out by the compiler */
static void mbedtls_zeroize( void *v, size_t n ) {
- volatile unsigned char *p = v; while( n-- ) *p++ = 0;
+ volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0;
}
/*
}
#endif /* PUT_UINT64_BE */
-/*
- * Round constants
- */
-static const uint64_t K[80] =
-{
- UL64(0x428A2F98D728AE22), UL64(0x7137449123EF65CD),
- UL64(0xB5C0FBCFEC4D3B2F), UL64(0xE9B5DBA58189DBBC),
- UL64(0x3956C25BF348B538), UL64(0x59F111F1B605D019),
- UL64(0x923F82A4AF194F9B), UL64(0xAB1C5ED5DA6D8118),
- UL64(0xD807AA98A3030242), UL64(0x12835B0145706FBE),
- UL64(0x243185BE4EE4B28C), UL64(0x550C7DC3D5FFB4E2),
- UL64(0x72BE5D74F27B896F), UL64(0x80DEB1FE3B1696B1),
- UL64(0x9BDC06A725C71235), UL64(0xC19BF174CF692694),
- UL64(0xE49B69C19EF14AD2), UL64(0xEFBE4786384F25E3),
- UL64(0x0FC19DC68B8CD5B5), UL64(0x240CA1CC77AC9C65),
- UL64(0x2DE92C6F592B0275), UL64(0x4A7484AA6EA6E483),
- UL64(0x5CB0A9DCBD41FBD4), UL64(0x76F988DA831153B5),
- UL64(0x983E5152EE66DFAB), UL64(0xA831C66D2DB43210),
- UL64(0xB00327C898FB213F), UL64(0xBF597FC7BEEF0EE4),
- UL64(0xC6E00BF33DA88FC2), UL64(0xD5A79147930AA725),
- UL64(0x06CA6351E003826F), UL64(0x142929670A0E6E70),
- UL64(0x27B70A8546D22FFC), UL64(0x2E1B21385C26C926),
- UL64(0x4D2C6DFC5AC42AED), UL64(0x53380D139D95B3DF),
- UL64(0x650A73548BAF63DE), UL64(0x766A0ABB3C77B2A8),
- UL64(0x81C2C92E47EDAEE6), UL64(0x92722C851482353B),
- UL64(0xA2BFE8A14CF10364), UL64(0xA81A664BBC423001),
- UL64(0xC24B8B70D0F89791), UL64(0xC76C51A30654BE30),
- UL64(0xD192E819D6EF5218), UL64(0xD69906245565A910),
- UL64(0xF40E35855771202A), UL64(0x106AA07032BBD1B8),
- UL64(0x19A4C116B8D2D0C8), UL64(0x1E376C085141AB53),
- UL64(0x2748774CDF8EEB99), UL64(0x34B0BCB5E19B48A8),
- UL64(0x391C0CB3C5C95A63), UL64(0x4ED8AA4AE3418ACB),
- UL64(0x5B9CCA4F7763E373), UL64(0x682E6FF3D6B2B8A3),
- UL64(0x748F82EE5DEFB2FC), UL64(0x78A5636F43172F60),
- UL64(0x84C87814A1F0AB72), UL64(0x8CC702081A6439EC),
- UL64(0x90BEFFFA23631E28), UL64(0xA4506CEBDE82BDE9),
- UL64(0xBEF9A3F7B2C67915), UL64(0xC67178F2E372532B),
- UL64(0xCA273ECEEA26619C), UL64(0xD186B8C721C0C207),
- UL64(0xEADA7DD6CDE0EB1E), UL64(0xF57D4F7FEE6ED178),
- UL64(0x06F067AA72176FBA), UL64(0x0A637DC5A2C898A6),
- UL64(0x113F9804BEF90DAE), UL64(0x1B710B35131C471B),
- UL64(0x28DB77F523047D84), UL64(0x32CAAB7B40C72493),
- UL64(0x3C9EBE0A15C9BEBC), UL64(0x431D67C49C100D4C),
- UL64(0x4CC5D4BECB3E42B6), UL64(0x597F299CFC657E2A),
- UL64(0x5FCB6FAB3AD6FAEC), UL64(0x6C44198C4A475817)
-};
-
void mbedtls_sha512_init( mbedtls_sha512_context *ctx )
{
memset( ctx, 0, sizeof( mbedtls_sha512_context ) );
}
#if !defined(MBEDTLS_SHA512_PROCESS_ALT)
+
+/*
+ * Round constants
+ */
+static const uint64_t K[80] =
+{
+ UL64(0x428A2F98D728AE22), UL64(0x7137449123EF65CD),
+ UL64(0xB5C0FBCFEC4D3B2F), UL64(0xE9B5DBA58189DBBC),
+ UL64(0x3956C25BF348B538), UL64(0x59F111F1B605D019),
+ UL64(0x923F82A4AF194F9B), UL64(0xAB1C5ED5DA6D8118),
+ UL64(0xD807AA98A3030242), UL64(0x12835B0145706FBE),
+ UL64(0x243185BE4EE4B28C), UL64(0x550C7DC3D5FFB4E2),
+ UL64(0x72BE5D74F27B896F), UL64(0x80DEB1FE3B1696B1),
+ UL64(0x9BDC06A725C71235), UL64(0xC19BF174CF692694),
+ UL64(0xE49B69C19EF14AD2), UL64(0xEFBE4786384F25E3),
+ UL64(0x0FC19DC68B8CD5B5), UL64(0x240CA1CC77AC9C65),
+ UL64(0x2DE92C6F592B0275), UL64(0x4A7484AA6EA6E483),
+ UL64(0x5CB0A9DCBD41FBD4), UL64(0x76F988DA831153B5),
+ UL64(0x983E5152EE66DFAB), UL64(0xA831C66D2DB43210),
+ UL64(0xB00327C898FB213F), UL64(0xBF597FC7BEEF0EE4),
+ UL64(0xC6E00BF33DA88FC2), UL64(0xD5A79147930AA725),
+ UL64(0x06CA6351E003826F), UL64(0x142929670A0E6E70),
+ UL64(0x27B70A8546D22FFC), UL64(0x2E1B21385C26C926),
+ UL64(0x4D2C6DFC5AC42AED), UL64(0x53380D139D95B3DF),
+ UL64(0x650A73548BAF63DE), UL64(0x766A0ABB3C77B2A8),
+ UL64(0x81C2C92E47EDAEE6), UL64(0x92722C851482353B),
+ UL64(0xA2BFE8A14CF10364), UL64(0xA81A664BBC423001),
+ UL64(0xC24B8B70D0F89791), UL64(0xC76C51A30654BE30),
+ UL64(0xD192E819D6EF5218), UL64(0xD69906245565A910),
+ UL64(0xF40E35855771202A), UL64(0x106AA07032BBD1B8),
+ UL64(0x19A4C116B8D2D0C8), UL64(0x1E376C085141AB53),
+ UL64(0x2748774CDF8EEB99), UL64(0x34B0BCB5E19B48A8),
+ UL64(0x391C0CB3C5C95A63), UL64(0x4ED8AA4AE3418ACB),
+ UL64(0x5B9CCA4F7763E373), UL64(0x682E6FF3D6B2B8A3),
+ UL64(0x748F82EE5DEFB2FC), UL64(0x78A5636F43172F60),
+ UL64(0x84C87814A1F0AB72), UL64(0x8CC702081A6439EC),
+ UL64(0x90BEFFFA23631E28), UL64(0xA4506CEBDE82BDE9),
+ UL64(0xBEF9A3F7B2C67915), UL64(0xC67178F2E372532B),
+ UL64(0xCA273ECEEA26619C), UL64(0xD186B8C721C0C207),
+ UL64(0xEADA7DD6CDE0EB1E), UL64(0xF57D4F7FEE6ED178),
+ UL64(0x06F067AA72176FBA), UL64(0x0A637DC5A2C898A6),
+ UL64(0x113F9804BEF90DAE), UL64(0x1B710B35131C471B),
+ UL64(0x28DB77F523047D84), UL64(0x32CAAB7B40C72493),
+ UL64(0x3C9EBE0A15C9BEBC), UL64(0x431D67C49C100D4C),
+ UL64(0x4CC5D4BECB3E42B6), UL64(0x597F299CFC657E2A),
+ UL64(0x5FCB6FAB3AD6FAEC), UL64(0x6C44198C4A475817)
+};
+
void mbedtls_sha512_process( mbedtls_sha512_context *ctx, const unsigned char data[128] )
{
int i;
#if defined(MBEDTLS_SSL_CACHE_C)
-#include "mbedtls/ssl_cache.h"
-
-#include <string.h>
-
#if defined(MBEDTLS_PLATFORM_C)
#include "mbedtls/platform.h"
#else
#include <stdlib.h>
#define mbedtls_calloc calloc
-#define mbedtls_free free
+#define mbedtls_free free
+#define mbedtls_time time
+#define mbedtls_time_t time_t
#endif
+#include "mbedtls/ssl_cache.h"
+
+#include <string.h>
+
void mbedtls_ssl_cache_init( mbedtls_ssl_cache_context *cache )
{
memset( cache, 0, sizeof( mbedtls_ssl_cache_context ) );
{
int ret = 1;
#if defined(MBEDTLS_HAVE_TIME)
- time_t t = time( NULL );
+ mbedtls_time_t t = mbedtls_time( NULL );
#endif
mbedtls_ssl_cache_context *cache = (mbedtls_ssl_cache_context *) data;
mbedtls_ssl_cache_entry *cur, *entry;
{
int ret = 1;
#if defined(MBEDTLS_HAVE_TIME)
- time_t t = time( NULL ), oldest = 0;
+ mbedtls_time_t t = time( NULL ), oldest = 0;
mbedtls_ssl_cache_entry *old = NULL;
#endif
mbedtls_ssl_cache_context *cache = (mbedtls_ssl_cache_context *) data;
#if defined(MBEDTLS_SSL_TLS_C)
+#if defined(MBEDTLS_PLATFORM_C)
+#include "mbedtls/platform.h"
+#else
+#include <stdlib.h>
+#define mbedtls_time_t time_t
+#endif
+
#include "mbedtls/ssl_ciphersuites.h"
#include "mbedtls/ssl.h"
-// #include <stdlib.h>
#include <string.h>
/*
#if defined(MBEDTLS_SSL_CLI_C)
-#include "mbedtls/debug.h"
-#include "mbedtls/ssl.h"
-#include "mbedtls/ssl_internal.h"
-
-#include <string.h>
-
#if defined(MBEDTLS_PLATFORM_C)
#include "mbedtls/platform.h"
#else
#include <stdlib.h>
#define mbedtls_calloc calloc
-#define mbedtls_free free
+#define mbedtls_free free
+#define mbedtls_time time
+#define mbedtls_time_t time_t
#endif
+#include "mbedtls/debug.h"
+#include "mbedtls/ssl.h"
+#include "mbedtls/ssl_internal.h"
+
+#include <string.h>
+
#include <stdint.h>
#if defined(MBEDTLS_HAVE_TIME)
for( info = mbedtls_ecp_curve_list(); info->grp_id != MBEDTLS_ECP_DP_NONE; info++ )
{
#endif
+ if( info == NULL )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "invalid curve in ssl configuration" ) );
+ return;
+ }
+
elliptic_curve_len += 2;
}
for( info = mbedtls_ecp_curve_list(); info->grp_id != MBEDTLS_ECP_DP_NONE; info++ )
{
#endif
-
elliptic_curve_list[elliptic_curve_len++] = info->tls_id >> 8;
elliptic_curve_list[elliptic_curve_len++] = info->tls_id & 0xFF;
}
int ret;
unsigned char *p = ssl->handshake->randbytes;
#if defined(MBEDTLS_HAVE_TIME)
- time_t t;
+ mbedtls_time_t t;
#endif
/*
#endif
#if defined(MBEDTLS_HAVE_TIME)
- t = time( NULL );
+ t = mbedtls_time( NULL );
*p++ = (unsigned char)( t >> 24 );
*p++ = (unsigned char)( t >> 16 );
*p++ = (unsigned char)( t >> 8 );
ssl->state++;
ssl->handshake->resume = 0;
#if defined(MBEDTLS_HAVE_TIME)
- ssl->session_negotiate->start = time( NULL );
+ ssl->session_negotiate->start = mbedtls_time( NULL );
#endif
ssl->session_negotiate->ciphersuite = i;
ssl->session_negotiate->compression = comp;
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
}
- // TODO: Retrieve PSK identity hint and callback to app
- //
+ /*
+ * Note: we currently ignore the PKS identity hint, as we only allow one
+ * PSK to be provisionned on the client. This could be changed later if
+ * someone needs that feature.
+ */
*p += len;
ret = 0;
static int ssl_parse_certificate_request( mbedtls_ssl_context *ssl )
{
int ret;
- unsigned char *buf, *p;
- size_t n = 0, m = 0;
+ unsigned char *buf;
+ size_t n = 0;
size_t cert_type_len = 0, dn_len = 0;
const mbedtls_ssl_ciphersuite_t *ciphersuite_info = ssl->transform_negotiate->ciphersuite_info;
ssl->record_read = 0;
- // TODO: handshake_failure alert for an anonymous server to request
- // client authentication
-
/*
* struct {
* ClientCertificateType certificate_types<1..2^8-1>;
* supported_signature_algorithms<2^16-1>; -- TLS 1.2 only
* DistinguishedName certificate_authorities<0..2^16-1>;
* } CertificateRequest;
+ *
+ * Since we only support a single certificate on clients, let's just
+ * ignore all the information that's supposed to help us pick a
+ * certificate.
+ *
+ * We could check that our certificate matches the request, and bail out
+ * if it doesn't, but it's simpler to just send the certificate anyway,
+ * and give the server the opportunity to decide if it should terminate
+ * the connection when it doesn't like our certificate.
+ *
+ * Same goes for the hash in TLS 1.2's signature_algorithms: at this
+ * point we only have one hash available (see comments in
+ * write_certificate_verify), so let's just use what we have.
+ *
+ * However, we still minimally parse the message to check it is at least
+ * superficially sane.
*/
buf = ssl->in_msg;
- // Retrieve cert types
- //
+ /* certificate_types */
cert_type_len = buf[mbedtls_ssl_hs_hdr_len( ssl )];
n = cert_type_len;
return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST );
}
- p = buf + mbedtls_ssl_hs_hdr_len( ssl ) + 1;
- while( cert_type_len > 0 )
- {
-#if defined(MBEDTLS_RSA_C)
- if( *p == MBEDTLS_SSL_CERT_TYPE_RSA_SIGN &&
- mbedtls_pk_can_do( mbedtls_ssl_own_key( ssl ), MBEDTLS_PK_RSA ) )
- {
- ssl->handshake->cert_type = MBEDTLS_SSL_CERT_TYPE_RSA_SIGN;
- break;
- }
- else
-#endif
-#if defined(MBEDTLS_ECDSA_C)
- if( *p == MBEDTLS_SSL_CERT_TYPE_ECDSA_SIGN &&
- mbedtls_pk_can_do( mbedtls_ssl_own_key( ssl ), MBEDTLS_PK_ECDSA ) )
- {
- ssl->handshake->cert_type = MBEDTLS_SSL_CERT_TYPE_ECDSA_SIGN;
- break;
- }
- else
-#endif
- {
- ; /* Unsupported cert type, ignore */
- }
-
- cert_type_len--;
- p++;
- }
-
+ /* supported_signature_algorithms */
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 )
{
- /* Ignored, see comments about hash in write_certificate_verify */
- // TODO: should check the signature part against our pk_key though
size_t sig_alg_len = ( ( buf[mbedtls_ssl_hs_hdr_len( ssl ) + 1 + n] << 8 )
| ( buf[mbedtls_ssl_hs_hdr_len( ssl ) + 2 + n] ) );
- m += 2;
- n += sig_alg_len;
+ n += 2 + sig_alg_len;
if( ssl->in_hslen < mbedtls_ssl_hs_hdr_len( ssl ) + 2 + n )
{
}
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
- /* Ignore certificate_authorities, we only have one cert anyway */
- // TODO: should not send cert if no CA matches
- dn_len = ( ( buf[mbedtls_ssl_hs_hdr_len( ssl ) + 1 + m + n] << 8 )
- | ( buf[mbedtls_ssl_hs_hdr_len( ssl ) + 2 + m + n] ) );
+ /* certificate_authorities */
+ dn_len = ( ( buf[mbedtls_ssl_hs_hdr_len( ssl ) + 1 + n] << 8 )
+ | ( buf[mbedtls_ssl_hs_hdr_len( ssl ) + 2 + n] ) );
n += dn_len;
- if( ssl->in_hslen != mbedtls_ssl_hs_hdr_len( ssl ) + 3 + m + n )
+ if( ssl->in_hslen != mbedtls_ssl_hs_hdr_len( ssl ) + 3 + n )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate request message" ) );
return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST );
#if defined(MBEDTLS_SSL_COOKIE_C)
-#include "mbedtls/ssl_cookie.h"
-#include "mbedtls/ssl_internal.h"
-
#if defined(MBEDTLS_PLATFORM_C)
#include "mbedtls/platform.h"
#else
#define mbedtls_calloc calloc
-#define mbedtls_free free
+#define mbedtls_free free
+#define mbedtls_time time
+#define mbedtls_time_t time_t
#endif
+#include "mbedtls/ssl_cookie.h"
+#include "mbedtls/ssl_internal.h"
+
#include <string.h>
/* Implementation that should never be optimized out by the compiler */
return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
#if defined(MBEDTLS_HAVE_TIME)
- t = (unsigned long) time( NULL );
+ t = (unsigned long) mbedtls_time( NULL );
#else
t = ctx->serial++;
#endif
return( -1 );
#if defined(MBEDTLS_HAVE_TIME)
- cur_time = (unsigned long) time( NULL );
+ cur_time = (unsigned long) mbedtls_time( NULL );
#else
cur_time = ctx->serial;
#endif
#if defined(MBEDTLS_SSL_SRV_C)
+#if defined(MBEDTLS_PLATFORM_C)
+#include "mbedtls/platform.h"
+#else
+#include <stdlib.h>
+#define mbedtls_calloc calloc
+#define mbedtls_free free
+#define mbedtls_time time
+#define mbedtls_time_t time_t
+#endif
+
#include "mbedtls/debug.h"
#include "mbedtls/ssl.h"
#include "mbedtls/ssl_internal.h"
#include "mbedtls/ecp.h"
#endif
-#if defined(MBEDTLS_PLATFORM_C)
-#include "mbedtls/platform.h"
-#else
-#include <stdlib.h>
-#define mbedtls_calloc calloc
-#define mbedtls_free free
-#endif
-
#if defined(MBEDTLS_HAVE_TIME)
#include <time.h>
#endif
ssl->session_negotiate->compression = MBEDTLS_SSL_COMPRESS_NULL;
#endif
- /*
- * Check the extension length
- */
- ext_offset = comp_offset + 1 + comp_len;
- if( msg_len > ext_offset )
+ /* Do not parse the extensions if the protocol is SSLv3 */
+#if defined(MBEDTLS_SSL_PROTO_SSL3)
+ if( ( ssl->major_ver != 3 ) || ( ssl->minor_ver != 0 ) )
{
- if( msg_len < ext_offset + 2 )
+#endif
+ /*
+ * Check the extension length
+ */
+ ext_offset = comp_offset + 1 + comp_len;
+ if( msg_len > ext_offset )
{
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
- return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
- }
+ if( msg_len < ext_offset + 2 )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
+ return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
+ }
- ext_len = ( buf[ext_offset + 0] << 8 )
- | ( buf[ext_offset + 1] );
+ ext_len = ( buf[ext_offset + 0] << 8 )
+ | ( buf[ext_offset + 1] );
- if( ( ext_len > 0 && ext_len < 4 ) ||
- msg_len != ext_offset + 2 + ext_len )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
- return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
+ if( ( ext_len > 0 && ext_len < 4 ) ||
+ msg_len != ext_offset + 2 + ext_len )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
+ return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
+ }
}
- }
- else
- ext_len = 0;
-
- ext = buf + ext_offset + 2;
- MBEDTLS_SSL_DEBUG_BUF( 3, "client hello extensions", ext, ext_len );
+ else
+ ext_len = 0;
- while( ext_len != 0 )
- {
- unsigned int ext_id = ( ( ext[0] << 8 )
- | ( ext[1] ) );
- unsigned int ext_size = ( ( ext[2] << 8 )
- | ( ext[3] ) );
+ ext = buf + ext_offset + 2;
+ MBEDTLS_SSL_DEBUG_BUF( 3, "client hello extensions", ext, ext_len );
- if( ext_size + 4 > ext_len )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
- return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
- }
- switch( ext_id )
+ while( ext_len != 0 )
{
+ unsigned int ext_id = ( ( ext[0] << 8 )
+ | ( ext[1] ) );
+ unsigned int ext_size = ( ( ext[2] << 8 )
+ | ( ext[3] ) );
+
+ if( ext_size + 4 > ext_len )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
+ return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
+ }
+ switch( ext_id )
+ {
#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
- case MBEDTLS_TLS_EXT_SERVERNAME:
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "found ServerName extension" ) );
- if( ssl->conf->f_sni == NULL )
- break;
+ case MBEDTLS_TLS_EXT_SERVERNAME:
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "found ServerName extension" ) );
+ if( ssl->conf->f_sni == NULL )
+ break;
- ret = ssl_parse_servername_ext( ssl, ext + 4, ext_size );
- if( ret != 0 )
- return( ret );
- break;
+ ret = ssl_parse_servername_ext( ssl, ext + 4, ext_size );
+ if( ret != 0 )
+ return( ret );
+ break;
#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */
- case MBEDTLS_TLS_EXT_RENEGOTIATION_INFO:
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "found renegotiation extension" ) );
+ case MBEDTLS_TLS_EXT_RENEGOTIATION_INFO:
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "found renegotiation extension" ) );
#if defined(MBEDTLS_SSL_RENEGOTIATION)
- renegotiation_info_seen = 1;
+ renegotiation_info_seen = 1;
#endif
- ret = ssl_parse_renegotiation_info( ssl, ext + 4, ext_size );
- if( ret != 0 )
- return( ret );
- break;
+ ret = ssl_parse_renegotiation_info( ssl, ext + 4, ext_size );
+ if( ret != 0 )
+ return( ret );
+ break;
#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
- case MBEDTLS_TLS_EXT_SIG_ALG:
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "found signature_algorithms extension" ) );
+ case MBEDTLS_TLS_EXT_SIG_ALG:
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "found signature_algorithms extension" ) );
#if defined(MBEDTLS_SSL_RENEGOTIATION)
- if( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS )
- break;
+ if( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS )
+ break;
#endif
- ret = ssl_parse_signature_algorithms_ext( ssl, ext + 4, ext_size );
- if( ret != 0 )
- return( ret );
- break;
+ ret = ssl_parse_signature_algorithms_ext( ssl, ext + 4, ext_size );
+ if( ret != 0 )
+ return( ret );
+ break;
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 &&
MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED */
#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
- case MBEDTLS_TLS_EXT_SUPPORTED_ELLIPTIC_CURVES:
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "found supported elliptic curves extension" ) );
+ case MBEDTLS_TLS_EXT_SUPPORTED_ELLIPTIC_CURVES:
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "found supported elliptic curves extension" ) );
- ret = ssl_parse_supported_elliptic_curves( ssl, ext + 4, ext_size );
- if( ret != 0 )
- return( ret );
- break;
+ ret = ssl_parse_supported_elliptic_curves( ssl, ext + 4, ext_size );
+ if( ret != 0 )
+ return( ret );
+ break;
- case MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS:
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "found supported point formats extension" ) );
- ssl->handshake->cli_exts |= MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS_PRESENT;
+ case MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS:
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "found supported point formats extension" ) );
+ ssl->handshake->cli_exts |= MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS_PRESENT;
- ret = ssl_parse_supported_point_formats( ssl, ext + 4, ext_size );
- if( ret != 0 )
- return( ret );
- break;
+ ret = ssl_parse_supported_point_formats( ssl, ext + 4, ext_size );
+ if( ret != 0 )
+ return( ret );
+ break;
#endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C ||
MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
- case MBEDTLS_TLS_EXT_ECJPAKE_KKPP:
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "found ecjpake kkpp extension" ) );
+ case MBEDTLS_TLS_EXT_ECJPAKE_KKPP:
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "found ecjpake kkpp extension" ) );
- ret = ssl_parse_ecjpake_kkpp( ssl, ext + 4, ext_size );
- if( ret != 0 )
- return( ret );
- break;
+ ret = ssl_parse_ecjpake_kkpp( ssl, ext + 4, ext_size );
+ if( ret != 0 )
+ return( ret );
+ break;
#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
- case MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH:
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "found max fragment length extension" ) );
+ case MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH:
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "found max fragment length extension" ) );
- ret = ssl_parse_max_fragment_length_ext( ssl, ext + 4, ext_size );
- if( ret != 0 )
- return( ret );
- break;
+ ret = ssl_parse_max_fragment_length_ext( ssl, ext + 4, ext_size );
+ if( ret != 0 )
+ return( ret );
+ break;
#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
- case MBEDTLS_TLS_EXT_TRUNCATED_HMAC:
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "found truncated hmac extension" ) );
+ case MBEDTLS_TLS_EXT_TRUNCATED_HMAC:
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "found truncated hmac extension" ) );
- ret = ssl_parse_truncated_hmac_ext( ssl, ext + 4, ext_size );
- if( ret != 0 )
- return( ret );
- break;
+ ret = ssl_parse_truncated_hmac_ext( ssl, ext + 4, ext_size );
+ if( ret != 0 )
+ return( ret );
+ break;
#endif /* MBEDTLS_SSL_TRUNCATED_HMAC */
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
- case MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC:
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "found encrypt then mac extension" ) );
+ case MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC:
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "found encrypt then mac extension" ) );
- ret = ssl_parse_encrypt_then_mac_ext( ssl, ext + 4, ext_size );
- if( ret != 0 )
- return( ret );
- break;
+ ret = ssl_parse_encrypt_then_mac_ext( ssl, ext + 4, ext_size );
+ if( ret != 0 )
+ return( ret );
+ break;
#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */
#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
- case MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET:
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "found extended master secret extension" ) );
+ case MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET:
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "found extended master secret extension" ) );
- ret = ssl_parse_extended_ms_ext( ssl, ext + 4, ext_size );
- if( ret != 0 )
- return( ret );
- break;
+ ret = ssl_parse_extended_ms_ext( ssl, ext + 4, ext_size );
+ if( ret != 0 )
+ return( ret );
+ break;
#endif /* MBEDTLS_SSL_EXTENDED_MASTER_SECRET */
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
- case MBEDTLS_TLS_EXT_SESSION_TICKET:
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "found session ticket extension" ) );
+ case MBEDTLS_TLS_EXT_SESSION_TICKET:
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "found session ticket extension" ) );
- ret = ssl_parse_session_ticket_ext( ssl, ext + 4, ext_size );
- if( ret != 0 )
- return( ret );
- break;
+ ret = ssl_parse_session_ticket_ext( ssl, ext + 4, ext_size );
+ if( ret != 0 )
+ return( ret );
+ break;
#endif /* MBEDTLS_SSL_SESSION_TICKETS */
#if defined(MBEDTLS_SSL_ALPN)
- case MBEDTLS_TLS_EXT_ALPN:
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "found alpn extension" ) );
+ case MBEDTLS_TLS_EXT_ALPN:
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "found alpn extension" ) );
- ret = ssl_parse_alpn_ext( ssl, ext + 4, ext_size );
- if( ret != 0 )
- return( ret );
- break;
+ ret = ssl_parse_alpn_ext( ssl, ext + 4, ext_size );
+ if( ret != 0 )
+ return( ret );
+ break;
#endif /* MBEDTLS_SSL_SESSION_TICKETS */
- default:
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "unknown extension found: %d (ignoring)",
- ext_id ) );
- }
+ default:
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "unknown extension found: %d (ignoring)",
+ ext_id ) );
+ }
- ext_len -= 4 + ext_size;
- ext += 4 + ext_size;
+ ext_len -= 4 + ext_size;
+ ext += 4 + ext_size;
- if( ext_len > 0 && ext_len < 4 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
- return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
+ if( ext_len > 0 && ext_len < 4 )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
+ return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
+ }
}
+#if defined(MBEDTLS_SSL_PROTO_SSL3)
}
+#endif
#if defined(MBEDTLS_SSL_FALLBACK_SCSV)
for( i = 0, p = buf + 41 + sess_len; i < ciph_len; i += 2, p += 2 )
static int ssl_write_server_hello( mbedtls_ssl_context *ssl )
{
#if defined(MBEDTLS_HAVE_TIME)
- time_t t;
+ mbedtls_time_t t;
#endif
int ret;
size_t olen, ext_len = 0, n;
buf[4], buf[5] ) );
#if defined(MBEDTLS_HAVE_TIME)
- t = time( NULL );
+ t = mbedtls_time( NULL );
*p++ = (unsigned char)( t >> 24 );
*p++ = (unsigned char)( t >> 16 );
*p++ = (unsigned char)( t >> 8 );
ssl->state++;
#if defined(MBEDTLS_HAVE_TIME)
- ssl->session_negotiate->start = time( NULL );
+ ssl->session_negotiate->start = mbedtls_time( NULL );
#endif
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, compress alg.: 0x%02X",
ssl->session_negotiate->compression ) );
+ /* Do not write the extensions if the protocol is SSLv3 */
+#if defined(MBEDTLS_SSL_PROTO_SSL3)
+ if( ( ssl->major_ver != 3 ) || ( ssl->minor_ver != 0 ) )
+ {
+#endif
+
/*
* First write extensions, then the total length
*/
p += ext_len;
}
+#if defined(MBEDTLS_SSL_PROTO_SSL3)
+ }
+#endif
+
ssl->out_msglen = p - buf;
ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE;
ssl->out_msg[0] = MBEDTLS_SSL_HS_SERVER_HELLO;
if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK ||
ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK )
{
- /* TODO: Support identity hints */
+ /* Note: we don't support identity hints, until someone asks
+ * for them. */
*(p++) = 0x00;
*(p++) = 0x00;
#if defined(MBEDTLS_SSL_TICKET_C)
-#include "mbedtls/ssl_ticket.h"
-
#if defined(MBEDTLS_PLATFORM_C)
#include "mbedtls/platform.h"
#else
#include <stdlib.h>
#define mbedtls_calloc calloc
-#define mbedtls_free free
+#define mbedtls_free free
+#define mbedtls_time time
+#define mbedtls_time_t time_t
#endif
+#include "mbedtls/ssl_ticket.h"
+
#include <string.h>
/* Implementation that should never be optimized out by the compiler */
mbedtls_ssl_ticket_key *key = ctx->keys + index;
#if defined(MBEDTLS_HAVE_TIME)
- key->generation_time = (uint32_t) time( NULL );
+ key->generation_time = (uint32_t) mbedtls_time( NULL );
#endif
if( ( ret = ctx->f_rng( ctx->p_rng, key->name, sizeof( key->name ) ) ) != 0 )
#else
if( ctx->ticket_lifetime != 0 )
{
- uint32_t current_time = (uint32_t) time( NULL );
+ uint32_t current_time = (uint32_t) mbedtls_time( NULL );
uint32_t key_time = ctx->keys[ctx->active].generation_time;
if( current_time > key_time &&
#if defined(MBEDTLS_HAVE_TIME)
{
/* Check for expiration */
- time_t current_time = time( NULL );
+ mbedtls_time_t current_time = mbedtls_time( NULL );
if( current_time < session->start ||
(uint32_t)( current_time - session->start ) > ctx->ticket_lifetime )
#if defined(MBEDTLS_SSL_TLS_C)
+#if defined(MBEDTLS_PLATFORM_C)
+#include "mbedtls/platform.h"
+#else
+#include <stdlib.h>
+#define mbedtls_calloc calloc
+#define mbedtls_free free
+#define mbedtls_time_t time_t
+#endif
+
#include "mbedtls/debug.h"
#include "mbedtls/ssl.h"
#include "mbedtls/ssl_internal.h"
#include "mbedtls/oid.h"
#endif
-#if defined(MBEDTLS_PLATFORM_C)
-#include "mbedtls/platform.h"
-#else
-#include <stdlib.h>
-#define mbedtls_calloc calloc
-#define mbedtls_free free
-#endif
-
/* Implementation that should never be optimized out by the compiler */
static void mbedtls_zeroize( void *v, size_t n ) {
volatile unsigned char *p = v; while( n-- ) *p++ = 0;
*/
int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl )
{
- int ret, done = 0;
+ int ret, done = 0, out_msg_type;
size_t len = ssl->out_msglen;
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write record" ) );
#endif
if( ssl->out_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE )
{
- if( ssl->out_msg[0] != MBEDTLS_SSL_HS_HELLO_REQUEST &&
+ out_msg_type = ssl->out_msg[0];
+
+ if( out_msg_type != MBEDTLS_SSL_HS_HELLO_REQUEST &&
ssl->handshake == NULL )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
len += 8;
/* Write message_seq and update it, except for HelloRequest */
- if( ssl->out_msg[0] != MBEDTLS_SSL_HS_HELLO_REQUEST )
+ if( out_msg_type != MBEDTLS_SSL_HS_HELLO_REQUEST )
{
ssl->out_msg[4] = ( ssl->handshake->out_msg_seq >> 8 ) & 0xFF;
ssl->out_msg[5] = ( ssl->handshake->out_msg_seq ) & 0xFF;
}
#endif /* MBEDTLS_SSL_PROTO_DTLS */
- if( ssl->out_msg[0] != MBEDTLS_SSL_HS_HELLO_REQUEST )
+ if( out_msg_type != MBEDTLS_SSL_HS_HELLO_REQUEST )
ssl->handshake->update_checksum( ssl, ssl->out_msg, len );
}
MBEDTLS_SSL_DEBUG_RET( 1, "ssl_decompress_buf", ret );
return( ret );
}
-
- // TODO: what's the purpose of these lines? is in_len used?
- ssl->in_len[0] = (unsigned char)( ssl->in_msglen >> 8 );
- ssl->in_len[1] = (unsigned char)( ssl->in_msglen );
}
#endif /* MBEDTLS_ZLIB_SUPPORT */
ssl->handshake->calc_finished( ssl, ssl->out_msg + 4, ssl->conf->endpoint );
- // TODO TLS/1.2 Hash length is determined by cipher suite (Page 63)
+ /*
+ * RFC 5246 7.4.9 (Page 63) says 12 is the default length and ciphersuites
+ * may define some other value. Currently (early 2016), no defined
+ * ciphersuite does this (and this is unlikely to change as activity has
+ * moved to TLS 1.3 now) so we can keep the hardcoded 12 here.
+ */
hash_len = ( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ) ? 36 : 12;
#if defined(MBEDTLS_SSL_RENEGOTIATION)
void mbedtls_ssl_set_bio( mbedtls_ssl_context *ssl,
void *p_bio,
- int (*f_send)(void *, const unsigned char *, size_t),
- int (*f_recv)(void *, unsigned char *, size_t),
- int (*f_recv_timeout)(void *, unsigned char *, size_t, uint32_t) )
+ mbedtls_ssl_send_t *f_send,
+ mbedtls_ssl_recv_t *f_recv,
+ mbedtls_ssl_recv_timeout_t *f_recv_timeout )
{
ssl->p_bio = p_bio;
ssl->f_send = f_send;
void mbedtls_ssl_set_timer_cb( mbedtls_ssl_context *ssl,
void *p_timer,
- void (*f_set_timer)(void *, uint32_t int_ms, uint32_t fin_ms),
- int (*f_get_timer)(void *) )
+ mbedtls_ssl_set_timer_t *f_set_timer,
+ mbedtls_ssl_get_timer_t *f_get_timer )
{
ssl->p_timer = p_timer;
ssl->f_set_timer = f_set_timer;
{
mbedtls_ecjpake_role role;
- if( ssl->handshake == NULL && ssl->conf == NULL )
+ if( ssl->handshake == NULL || ssl->conf == NULL )
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER )
#endif
#endif
-#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C)
+#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
+ defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
/* explicit void pointer cast for buggy MS compiler */
mbedtls_free( (void *) handshake->curves );
#endif
#if !defined(MBEDTLS_TIMING_ALT)
+#if !defined(unix) && !defined(__unix__) && !defined(__unix) && \
+ !defined(__APPLE__) && !defined(_WIN32)
+#error "This module only works on Unix and Windows, see MBEDTLS_TIMING_C in config.h"
+#endif
+
#ifndef asm
#define asm __asm
#endif
#if defined(MBEDTLS_PLATFORM_EXIT_ALT)
"MBEDTLS_PLATFORM_EXIT_ALT",
#endif /* MBEDTLS_PLATFORM_EXIT_ALT */
+#if defined(MBEDTLS_PLATFORM_TIME_ALT)
+ "MBEDTLS_PLATFORM_TIME_ALT",
+#endif /* MBEDTLS_PLATFORM_TIME_ALT */
#if defined(MBEDTLS_PLATFORM_FPRINTF_ALT)
"MBEDTLS_PLATFORM_FPRINTF_ALT",
#endif /* MBEDTLS_PLATFORM_FPRINTF_ALT */
#if defined(MBEDTLS_PLATFORM_SNPRINTF_ALT)
"MBEDTLS_PLATFORM_SNPRINTF_ALT",
#endif /* MBEDTLS_PLATFORM_SNPRINTF_ALT */
+#if defined(MBEDTLS_PLATFORM_NV_SEED_ALT)
+ "MBEDTLS_PLATFORM_NV_SEED_ALT",
+#endif /* MBEDTLS_PLATFORM_NV_SEED_ALT */
#if defined(MBEDTLS_DEPRECATED_WARNING)
"MBEDTLS_DEPRECATED_WARNING",
#endif /* MBEDTLS_DEPRECATED_WARNING */
#if defined(MBEDTLS_AES_DECRYPT_ALT)
"MBEDTLS_AES_DECRYPT_ALT",
#endif /* MBEDTLS_AES_DECRYPT_ALT */
+#if defined(MBEDTLS_TEST_NULL_ENTROPY)
+ "MBEDTLS_TEST_NULL_ENTROPY",
+#endif /* MBEDTLS_TEST_NULL_ENTROPY */
#if defined(MBEDTLS_ENTROPY_HARDWARE_ALT)
"MBEDTLS_ENTROPY_HARDWARE_ALT",
#endif /* MBEDTLS_ENTROPY_HARDWARE_ALT */
#if defined(MBEDTLS_ENTROPY_FORCE_SHA256)
"MBEDTLS_ENTROPY_FORCE_SHA256",
#endif /* MBEDTLS_ENTROPY_FORCE_SHA256 */
+#if defined(MBEDTLS_ENTROPY_NV_SEED)
+ "MBEDTLS_ENTROPY_NV_SEED",
+#endif /* MBEDTLS_ENTROPY_NV_SEED */
#if defined(MBEDTLS_MEMORY_DEBUG)
"MBEDTLS_MEMORY_DEBUG",
#endif /* MBEDTLS_MEMORY_DEBUG */
#else
#include <stdio.h>
#include <stdlib.h>
-#define mbedtls_free free
+#define mbedtls_free free
#define mbedtls_calloc calloc
-#define mbedtls_printf printf
-#define mbedtls_snprintf snprintf
+#define mbedtls_time time
+#define mbedtls_time_t time_t
+#define mbedtls_printf printf
+#define mbedtls_snprintf snprintf
#endif
#if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
static int x509_get_current_time( mbedtls_x509_time *now )
{
struct tm *lt;
- time_t tt;
+ mbedtls_time_t tt;
int ret = 0;
#if defined(MBEDTLS_THREADING_C)
return( MBEDTLS_ERR_THREADING_MUTEX_ERROR );
#endif
- tt = time( NULL );
+ tt = mbedtls_time( NULL );
lt = gmtime( &tt );
if( lt == NULL )
{
mbedtls_pem_init( &pem );
- /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */
- if( buflen == 0 || buf[buflen - 1] != '\0' )
- ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT;
- else
- ret = mbedtls_pem_read_buffer( &pem,
- "-----BEGIN X509 CRL-----",
- "-----END X509 CRL-----",
- buf, NULL, 0, &use_len );
+ // Avoid calling mbedtls_pem_read_buffer() on non-null-terminated
+ // string
+ if( buflen == 0 || buf[buflen - 1] != '\0' )
+ ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT;
+ else
+ ret = mbedtls_pem_read_buffer( &pem,
+ "-----BEGIN X509 CRL-----",
+ "-----END X509 CRL-----",
+ buf, NULL, 0, &use_len );
if( ret == 0 )
{
/*
* X.509 v3 extensions
*
- * TODO: Perform all of the basic constraints tests required by the RFC
- * TODO: Set values for undetected extensions to a sane default?
- *
*/
static int x509_get_crt_ext( unsigned char **p,
const unsigned char *end,
if( crt == NULL || buf == NULL )
return( MBEDTLS_ERR_X509_BAD_INPUT_DATA );
- p = mbedtls_calloc( 1, len = buflen );
- if( p == NULL )
- return( MBEDTLS_ERR_X509_ALLOC_FAILED );
-
- memcpy( p, buf, buflen );
-
- crt->raw.p = p;
- crt->raw.len = len;
+ // Use the original buffer until we figure out actual length
+ p = (unsigned char*) buf;
+ len = buflen;
end = p + len;
/*
}
crt_end = p + len;
+ // Create and populate a new buffer for the raw field
+ crt->raw.len = crt_end - buf;
+ crt->raw.p = p = mbedtls_calloc( 1, crt->raw.len );
+ if( p == NULL )
+ return( MBEDTLS_ERR_X509_ALLOC_FAILED );
+
+ memcpy( p, buf, crt->raw.len );
+
+ // Direct pointers to the new buffer
+ p += crt->raw.len - len;
+ end = crt_end = p + len;
+
/*
* TBSCertificate ::= SEQUENCE {
*/
*/
int mbedtls_x509_crt_parse( mbedtls_x509_crt *chain, const unsigned char *buf, size_t buflen )
{
+#ifndef __REACTOS__
int success = 0, first_error = 0, total_failed = 0;
+#endif
+#if defined(MBEDTLS_PEM_PARSE_C)
int buf_format = MBEDTLS_X509_FORMAT_DER;
+#endif
/*
* Check for valid input
{
buf_format = MBEDTLS_X509_FORMAT_PEM;
}
-#endif
if( buf_format == MBEDTLS_X509_FORMAT_DER )
return mbedtls_x509_crt_parse_der( chain, buf, buflen );
+#else
+ return mbedtls_x509_crt_parse_der( chain, buf, buflen );
+#endif
#if defined(MBEDTLS_PEM_PARSE_C)
if( buf_format == MBEDTLS_X509_FORMAT_PEM )
success = 1;
}
}
-#endif /* MBEDTLS_PEM_PARSE_C */
if( success )
return( total_failed );
return( first_error );
else
return( MBEDTLS_ERR_X509_CERT_UNKNOWN_FORMAT );
+#endif /* MBEDTLS_PEM_PARSE_C */
}
#if defined(MBEDTLS_FS_IO)
p = buf;
n = size;
+ if( NULL == crt )
+ {
+ ret = mbedtls_snprintf( p, n, "\nCertificate is uninitialised!\n" );
+ MBEDTLS_X509_SAFE_SNPRINTF;
+
+ return( (int) ( size - n ) );
+ }
+
ret = mbedtls_snprintf( p, n, "%scert. version : %d\n",
prefix, crt->version );
MBEDTLS_X509_SAFE_SNPRINTF;
}
/*
- * Check that the given certificate is valid according to the CRL.
+ * Check that the given certificate is not revoked according to the CRL.
+ * Skip validation is no CRL for the given CA is present.
*/
static int x509_crt_verifycrl( mbedtls_x509_crt *crt, mbedtls_x509_crt *ca,
mbedtls_x509_crl *crl_list,
if( ca == NULL )
return( flags );
- /*
- * TODO: What happens if no CRL is present?
- * Suggestion: Revocation state should be unknown if no CRL is present.
- * For backwards compatibility this is not yet implemented.
- */
-
while( crl_list != NULL )
{
if( crl_list->version == 0 ||
continue;
}
+ if( mbedtls_x509_time_is_past( &trust_ca->valid_to ) )
+ {
+ continue;
+ }
+
+ if( mbedtls_x509_time_is_future( &trust_ca->valid_from ) )
+ {
+ continue;
+ }
+
if( mbedtls_pk_verify_ext( child->sig_pk, child->sig_opts, &trust_ca->pk,
child->sig_md, hash, mbedtls_md_get_size( md_info ),
child->sig.p, child->sig.len ) != 0 )
((void) ca_crl);
#endif
- if( mbedtls_x509_time_is_past( &trust_ca->valid_to ) )
- ca_flags |= MBEDTLS_X509_BADCERT_EXPIRED;
-
- if( mbedtls_x509_time_is_future( &trust_ca->valid_from ) )
- ca_flags |= MBEDTLS_X509_BADCERT_FUTURE;
-
if( NULL != f_vrfy )
{
if( ( ret = f_vrfy( p_vrfy, trust_ca, path_cnt + 1,
/*
* Check for valid input
*/
- if( csr == NULL || buf == NULL )
+ if( csr == NULL || buf == NULL || buflen == 0 )
return( MBEDTLS_ERR_X509_BAD_INPUT_DATA );
mbedtls_x509_csr_init( csr );
/*
* attributes [0] Attributes
+ *
+ * The list of possible attributes is open-ended, though RFC 2985
+ * (PKCS#9) defines a few in section 5.4. We currently don't support any,
+ * so we just ignore them. This is a safe thing to do as the worst thing
+ * that could happen is that we issue a certificate that does not match
+ * the requester's expectations - this cannot cause a violation of our
+ * signature policies.
*/
if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_CONTEXT_SPECIFIC ) ) != 0 )
mbedtls_x509_csr_free( csr );
return( MBEDTLS_ERR_X509_INVALID_FORMAT + ret );
}
- // TODO Parse Attributes / extension requests
p += len;
/*
* Check for valid input
*/
- if( csr == NULL || buf == NULL )
+ if( csr == NULL || buf == NULL || buflen == 0 )
return( MBEDTLS_ERR_X509_BAD_INPUT_DATA );
#if defined(MBEDTLS_PEM_PARSE_C)
mbedtls_pem_init( &pem );
/* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */
- if( buflen == 0 || buf[buflen - 1] != '\0' )
+ if( buf[buflen - 1] != '\0' )
ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT;
else
ret = mbedtls_pem_read_buffer( &pem,
Website: http://www.ijg.org/
Title: mbed TLS
-Used Version: 2.2.1
+Used Version: 2.3.0
Website: https://tls.mbed.org/
Title: libpng
#define MULADDC_INIT \
asm( \
- "movq %3, %%rsi \n\t" \
- "movq %4, %%rdi \n\t" \
- "movq %5, %%rcx \n\t" \
- "movq %6, %%rbx \n\t" \
"xorq %%r8, %%r8 \n\t"
#define MULADDC_CORE \
"addq $8, %%rdi \n\t"
#define MULADDC_STOP \
- "movq %%rcx, %0 \n\t" \
- "movq %%rdi, %1 \n\t" \
- "movq %%rsi, %2 \n\t" \
- : "=m" (c), "=m" (d), "=m" (s) \
- : "m" (s), "m" (d), "m" (c), "m" (b) \
- : "rax", "rcx", "rdx", "rbx", "rsi", "rdi", "r8" \
+ : "+c" (c), "+D" (d), "+S" (s) \
+ : "b" (b) \
+ : "rax", "rdx", "r8" \
);
#endif /* AMD64 */
#endif /* TriCore */
-#if defined(__arm__)
+/*
+ * gcc -O0 by default uses r7 for the frame pointer, so it complains about our
+ * use of r7 below, unless -fomit-frame-pointer is passed. Unfortunately,
+ * passing that option is not easy when building with yotta.
+ *
+ * On the other hand, -fomit-frame-pointer is implied by any -Ox options with
+ * x !=0, which we can detect using __OPTIMIZE__ (which is also defined by
+ * clang and armcc5 under the same conditions).
+ *
+ * So, only use the optimized assembly below for optimized build, which avoids
+ * the build error and is pretty reasonable anyway.
+ */
+#if defined(__GNUC__) && !defined(__OPTIMIZE__)
+#define MULADDC_CANNOT_USE_R7
+#endif
+
+#if defined(__arm__) && !defined(MULADDC_CANNOT_USE_R7)
#if defined(__thumb__) && !defined(__thumb2__)
*
* \brief Consistency checks for configuration options
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ * Copyright (C) 2006-2016, ARM Limited, All Rights Reserved
* SPDX-License-Identifier: Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
#error "MBEDTLS_ENTROPY_FORCE_SHA256 defined, but not all prerequisites"
#endif
+#if defined(MBEDTLS_TEST_NULL_ENTROPY) && \
+ ( !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES) )
+#error "MBEDTLS_TEST_NULL_ENTROPY defined, but not all prerequisites"
+#endif
+#if defined(MBEDTLS_TEST_NULL_ENTROPY) && \
+ ( defined(MBEDTLS_ENTROPY_NV_SEED) || defined(MBEDTLS_ENTROPY_HARDWARE_ALT) || \
+ defined(MBEDTLS_HAVEGE_C) )
+#error "MBEDTLS_TEST_NULL_ENTROPY defined, but entropy sources too"
+#endif
+
#if defined(MBEDTLS_GCM_C) && ( \
!defined(MBEDTLS_AES_C) && !defined(MBEDTLS_CAMELLIA_C) )
#error "MBEDTLS_GCM_C defined, but not all prerequisites"
#error "MBEDTLS_PLATFORM_STD_SNPRINTF defined, but not all prerequisites"
#endif
+#if defined(MBEDTLS_ENTROPY_NV_SEED) &&\
+ ( !defined(MBEDTLS_PLATFORM_C) || !defined(MBEDTLS_ENTROPY_C) )
+#error "MBEDTLS_ENTROPY_NV_SEED defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_PLATFORM_NV_SEED_ALT) &&\
+ !defined(MBEDTLS_ENTROPY_NV_SEED)
+#error "MBEDTLS_PLATFORM_NV_SEED_ALT defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_PLATFORM_STD_NV_SEED_READ) &&\
+ !defined(MBEDTLS_PLATFORM_NV_SEED_ALT)
+#error "MBEDTLS_PLATFORM_STD_NV_SEED_READ defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_PLATFORM_STD_NV_SEED_WRITE) &&\
+ !defined(MBEDTLS_PLATFORM_NV_SEED_ALT)
+#error "MBEDTLS_PLATFORM_STD_NV_SEED_WRITE defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_PLATFORM_NV_SEED_READ_MACRO) &&\
+ ( defined(MBEDTLS_PLATFORM_STD_NV_SEED_READ) ||\
+ defined(MBEDTLS_PLATFORM_NV_SEED_ALT) )
+#error "MBEDTLS_PLATFORM_NV_SEED_READ_MACRO and MBEDTLS_PLATFORM_STD_NV_SEED_READ cannot be defined simultaneously"
+#endif
+
+#if defined(MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO) &&\
+ ( defined(MBEDTLS_PLATFORM_STD_NV_SEED_WRITE) ||\
+ defined(MBEDTLS_PLATFORM_NV_SEED_ALT) )
+#error "MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO and MBEDTLS_PLATFORM_STD_NV_SEED_WRITE cannot be defined simultaneously"
+#endif
+
#if defined(MBEDTLS_RSA_C) && ( !defined(MBEDTLS_BIGNUM_C) || \
!defined(MBEDTLS_OID_C) )
#error "MBEDTLS_RSA_C defined, but not all prerequisites"
#endif
+#if defined(MBEDTLS_RSA_C) && ( !defined(MBEDTLS_PKCS1_V21) && \
+ !defined(MBEDTLS_PKCS1_V15) )
+#error "MBEDTLS_RSA_C defined, but none of the PKCS1 versions enabled"
+#endif
+
#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) && \
( !defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_PKCS1_V21) )
#error "MBEDTLS_X509_RSASSA_PSS_SUPPORT defined, but not all prerequisites"
#define MBEDTLS_ERR_CIPHER_INVALID_PADDING -0x6200 /**< Input data contains invalid padding and is rejected. */
#define MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED -0x6280 /**< Decryption of block requires a full block. */
#define MBEDTLS_ERR_CIPHER_AUTH_FAILED -0x6300 /**< Authentication failed (for AEAD modes). */
+#define MBEDTLS_ERR_CIPHER_INVALID_CONTEXT -0x6380 /**< The context is invalid, eg because it was free()ed. */
#define MBEDTLS_CIPHER_VARIABLE_IV_LEN 0x01 /**< Cipher accepts IVs of variable length */
#define MBEDTLS_CIPHER_VARIABLE_KEY_LEN 0x02 /**< Cipher accepts keys of variable length */
#ifndef MBEDTLS_CONFIG_H
#define MBEDTLS_CONFIG_H
+#if defined(_MSC_VER) && !defined(_CRT_SECURE_NO_DEPRECATE)
+//#define _CRT_SECURE_NO_DEPRECATE 1
+#endif
+
/**
* \name SECTION: System support
*
*
* Comment if your system does not support time functions
*/
-#define MBEDTLS_HAVE_TIME
+//#define MBEDTLS_HAVE_TIME
/**
* \def MBEDTLS_HAVE_TIME_DATE
*
* Comment if your system does not have a correct clock.
*/
-#define MBEDTLS_HAVE_TIME_DATE
+//#define MBEDTLS_HAVE_TIME_DATE
/**
* \def MBEDTLS_PLATFORM_MEMORY
* platform function
*/
//#define MBEDTLS_PLATFORM_EXIT_ALT
+//#define MBEDTLS_PLATFORM_TIME_ALT
//#define MBEDTLS_PLATFORM_FPRINTF_ALT
//#define MBEDTLS_PLATFORM_PRINTF_ALT
//#define MBEDTLS_PLATFORM_SNPRINTF_ALT
+//#define MBEDTLS_PLATFORM_NV_SEED_ALT
/**
* \def MBEDTLS_DEPRECATED_WARNING
//#define MBEDTLS_AES_ENCRYPT_ALT
//#define MBEDTLS_AES_DECRYPT_ALT
+/**
+ * \def MBEDTLS_TEST_NULL_ENTROPY
+ *
+ * Enables testing and use of mbed TLS without any configured entropy sources.
+ * This permits use of the library on platforms before an entropy source has
+ * been integrated (see for example the MBEDTLS_ENTROPY_HARDWARE_ALT or the
+ * MBEDTLS_ENTROPY_NV_SEED switches).
+ *
+ * WARNING! This switch MUST be disabled in production builds, and is suitable
+ * only for development.
+ * Enabling the switch negates any security provided by the library.
+ *
+ * Requires MBEDTLS_ENTROPY_C, MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
+ *
+ */
+//#define MBEDTLS_TEST_NULL_ENTROPY
+
/**
* \def MBEDTLS_ENTROPY_HARDWARE_ALT
*
*/
#define MBEDTLS_ENTROPY_FORCE_SHA256 /* swyter: ReactOS is primarily 32-bit only, this speeds it up notably */
+/**
+ * \def MBEDTLS_ENTROPY_NV_SEED
+ *
+ * Enable the non-volatile (NV) seed file-based entropy source.
+ * (Also enables the NV seed read/write functions in the platform layer)
+ *
+ * This is crucial (if not required) on systems that do not have a
+ * cryptographic entropy source (in hardware or kernel) available.
+ *
+ * Requires: MBEDTLS_ENTROPY_C, MBEDTLS_PLATFORM_C
+ *
+ * \note The read/write functions that are used by the entropy source are
+ * determined in the platform layer, and can be modified at runtime and/or
+ * compile-time depending on the flags (MBEDTLS_PLATFORM_NV_SEED_*) used.
+ *
+ * \note If you use the default implementation functions that read a seedfile
+ * with regular fopen(), please make sure you make a seedfile with the
+ * proper name (defined in MBEDTLS_PLATFORM_STD_NV_SEED_FILE) and at
+ * least MBEDTLS_ENTROPY_BLOCK_SIZE bytes in size that can be read from
+ * and written to or you will get an entropy source error! The default
+ * implementation will only use the first MBEDTLS_ENTROPY_BLOCK_SIZE
+ * bytes from the file.
+ *
+ * \note The entropy collector will write to the seed file before entropy is
+ * given to an external source, to update it.
+ */
+//#define MBEDTLS_ENTROPY_NV_SEED
+
/**
* \def MBEDTLS_MEMORY_DEBUG
*
/**
* \def MBEDTLS_NET_C
*
- * Enable the TCP/IP networking routines.
+ * Enable the TCP and UDP over IPv6/IPv4 networking routines.
+ *
+ * \note This module only works on POSIX/Unix (including Linux, BSD and OS X)
+ * and Windows. For other platforms, you'll want to disable it, and write your
+ * own networking callbacks to be passed to \c mbedtls_ssl_set_bio().
+ *
+ * \note See also our Knowledge Base article about porting to a new
+ * environment:
+ * https://tls.mbed.org/kb/how-to/how-do-i-port-mbed-tls-to-a-new-environment-OS
*
* Module: library/net.c
*
- * This module provides TCP/IP networking routines.
+ * This module provides networking routines.
*/
//#define MBEDTLS_NET_C /* swyter: we don't use the network routines, in fact in schannel we replace them with our own shim to forward the managed network buffers */
* By default mbed TLS assumes it is used in a non-threaded environment or that
* contexts are not shared between threads. If you do intend to use contexts
* between threads, you will need to enable this layer to prevent race
- * conditions.
+ * conditions. See also our Knowledge Base article about threading:
+ * https://tls.mbed.org/kb/development/thread-safety-and-multi-threading
*
* Module: library/threading.c
*
/**
* \def MBEDTLS_TIMING_C
*
- * Enable the portable timing interface.
+ * Enable the semi-portable timing interface.
+ *
+ * \note The provided implementation only works on POSIX/Unix (including Linux,
+ * BSD and OS X) and Windows. On other platforms, you can either disable that
+ * module and provide your own implementations of the callbacks needed by
+ * \c mbedtls_ssl_set_timer_cb() for DTLS, or leave it enabled and provide
+ * your own implementation of the whole module by setting
+ * \c MBEDTLS_TIMING_ALT in the current file.
+ *
+ * \note See also our Knowledge Base article about porting to a new
+ * environment:
+ * https://tls.mbed.org/kb/how-to/how-do-i-port-mbed-tls-to-a-new-environment-OS
*
* Module: library/timing.c
* Caller: library/havege.c
//#define MBEDTLS_PLATFORM_STD_CALLOC calloc /**< Default allocator to use, can be undefined */
//#define MBEDTLS_PLATFORM_STD_FREE free /**< Default free to use, can be undefined */
//#define MBEDTLS_PLATFORM_STD_EXIT exit /**< Default exit to use, can be undefined */
+//#define MBEDTLS_PLATFORM_STD_TIME time /**< Default time to use, can be undefined */
//#define MBEDTLS_PLATFORM_STD_FPRINTF fprintf /**< Default fprintf to use, can be undefined */
//#define MBEDTLS_PLATFORM_STD_PRINTF printf /**< Default printf to use, can be undefined */
/* Note: your snprintf must correclty zero-terminate the buffer! */
//#define MBEDTLS_PLATFORM_STD_SNPRINTF snprintf /**< Default snprintf to use, can be undefined */
+//#define MBEDTLS_PLATFORM_STD_EXIT_SUCCESS 0 /**< Default exit value to use, can be undefined */
+//#define MBEDTLS_PLATFORM_STD_EXIT_FAILURE 1 /**< Default exit value to use, can be undefined */
+//#define MBEDTLS_PLATFORM_STD_NV_SEED_READ mbedtls_platform_std_nv_seed_read /**< Default nv_seed_read function to use, can be undefined */
+//#define MBEDTLS_PLATFORM_STD_NV_SEED_WRITE mbedtls_platform_std_nv_seed_write /**< Default nv_seed_write function to use, can be undefined */
+//#define MBEDTLS_PLATFORM_STD_NV_SEED_FILE "seedfile" /**< Seed file to read/write with default implementation */
/* To Use Function Macros MBEDTLS_PLATFORM_C must be enabled */
/* MBEDTLS_PLATFORM_XXX_MACRO and MBEDTLS_PLATFORM_XXX_ALT cannot both be defined */
//#define MBEDTLS_PLATFORM_CALLOC_MACRO calloc /**< Default allocator macro to use, can be undefined */
//#define MBEDTLS_PLATFORM_FREE_MACRO free /**< Default free macro to use, can be undefined */
//#define MBEDTLS_PLATFORM_EXIT_MACRO exit /**< Default exit macro to use, can be undefined */
+//#define MBEDTLS_PLATFORM_TIME_MACRO time /**< Default time macro to use, can be undefined */
+//#define MBEDTLS_PLATFORM_TIME_TYPE_MACRO time_t /**< Default time macro to use, can be undefined */
//#define MBEDTLS_PLATFORM_FPRINTF_MACRO fprintf /**< Default fprintf macro to use, can be undefined */
//#define MBEDTLS_PLATFORM_PRINTF_MACRO printf /**< Default printf macro to use, can be undefined */
/* Note: your snprintf must correclty zero-terminate the buffer! */
//#define MBEDTLS_PLATFORM_SNPRINTF_MACRO snprintf /**< Default snprintf macro to use, can be undefined */
+//#define MBEDTLS_PLATFORM_NV_SEED_READ_MACRO mbedtls_platform_std_nv_seed_read /**< Default nv_seed_read function to use, can be undefined */
+//#define MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO mbedtls_platform_std_nv_seed_write /**< Default nv_seed_write function to use, can be undefined */
/* SSL Cache options */
//#define MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT 86400 /**< 1 day */
/* X509 options */
//#define MBEDTLS_X509_MAX_INTERMEDIATE_CA 8 /**< Maximum number of intermediate CAs in a verification chain. */
-/* \} name SECTION: Module configuration options */
+/* \} name SECTION: Customisation configuration options */
-#if defined(TARGET_LIKE_MBED)
-#include "mbedtls/target_config.h"
-#endif
+/* Target and application specific configurations */
+//#define YOTTA_CFG_MBEDTLS_USER_CONFIG_FILE "target_config.h"
/*
* Allow user to override any previous default.
/**
* \file debug.h
*
- * \brief Debug functions
+ * \brief Functions for controlling and providing debug output from the library.
*
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
* SPDX-License-Identifier: Apache-2.0
#endif
/**
- * \brief Set the level threshold to handle globally. Messages that have a
- * level over the threshold value are ignored.
- * (Default value: 0 (No debug))
+ * \brief Set the threshold error level to handle globally all debug output.
+ * Debug messages that have a level over the threshold value are
+ * discarded.
+ * (Default value: 0 = No debug )
*
- * \param threshold maximum level of messages to pass on
+ * \param threshold theshold level of messages to filter on. Messages at a
+ * higher level will be discarded.
+ * - Debug levels
+ * - 0 No debug
+ * - 1 Error
+ * - 2 State change
+ * - 3 Informational
+ * - 4 Verbose
*/
void mbedtls_debug_set_threshold( int threshold );
+/**
+ * \brief Print a message to the debug output. This function is always used
+ * through the MBEDTLS_SSL_DEBUG_MSG() macro, which supplies the ssl
+ * context, file and line number parameters.
+ *
+ * \param ssl SSL context
+ * \param level error level of the debug message
+ * \param file file the message has occurred in
+ * \param line line number the message has occurred at
+ * \param format format specifier, in printf format
+ * \param ... variables used by the format specifier
+ *
+ * \attention This function is intended for INTERNAL usage within the
+ * library only.
+ */
void mbedtls_debug_print_msg( const mbedtls_ssl_context *ssl, int level,
const char *file, int line,
const char *format, ... );
+/**
+ * \brief Print the return value of a function to the debug output. This
+ * function is always used through the MBEDTLS_SSL_DEBUG_RET() macro,
+ * which supplies the ssl context, file and line number parameters.
+ *
+ * \param ssl SSL context
+ * \param level error level of the debug message
+ * \param file file the error has occurred in
+ * \param line line number the error has occurred in
+ * \param text the name of the function that returned the error
+ * \param ret the return code value
+ *
+ * \attention This function is intended for INTERNAL usage within the
+ * library only.
+ */
void mbedtls_debug_print_ret( const mbedtls_ssl_context *ssl, int level,
const char *file, int line,
const char *text, int ret );
+/**
+ * \brief Output a buffer of size len bytes to the debug output. This function
+ * is always used through the MBEDTLS_SSL_DEBUG_BUF() macro,
+ * which supplies the ssl context, file and line number parameters.
+ *
+ * \param ssl SSL context
+ * \param level error level of the debug message
+ * \param file file the error has occurred in
+ * \param line line number the error has occurred in
+ * \param text a name or label for the buffer being dumped. Normally the
+ * variable or buffer name
+ * \param buf the buffer to be outputted
+ * \param len length of the buffer
+ *
+ * \attention This function is intended for INTERNAL usage within the
+ * library only.
+ */
void mbedtls_debug_print_buf( const mbedtls_ssl_context *ssl, int level,
const char *file, int line, const char *text,
const unsigned char *buf, size_t len );
#if defined(MBEDTLS_BIGNUM_C)
+/**
+ * \brief Print a MPI variable to the debug output. This function is always
+ * used through the MBEDTLS_SSL_DEBUG_MPI() macro, which supplies the
+ * ssl context, file and line number parameters.
+ *
+ * \param ssl SSL context
+ * \param level error level of the debug message
+ * \param file file the error has occurred in
+ * \param line line number the error has occurred in
+ * \param text a name or label for the MPI being output. Normally the
+ * variable name
+ * \param X the MPI variable
+ *
+ * \attention This function is intended for INTERNAL usage within the
+ * library only.
+ */
void mbedtls_debug_print_mpi( const mbedtls_ssl_context *ssl, int level,
const char *file, int line,
const char *text, const mbedtls_mpi *X );
#endif
#if defined(MBEDTLS_ECP_C)
+/**
+ * \brief Print an ECP point to the debug output. This function is always
+ * used through the MBEDTLS_SSL_DEBUG_ECP() macro, which supplies the
+ * ssl context, file and line number parameters.
+ *
+ * \param ssl SSL context
+ * \param level error level of the debug message
+ * \param file file the error has occurred in
+ * \param line line number the error has occurred in
+ * \param text a name or label for the ECP point being output. Normally the
+ * variable name
+ * \param X the ECP point
+ *
+ * \attention This function is intended for INTERNAL usage within the
+ * library only.
+ */
void mbedtls_debug_print_ecp( const mbedtls_ssl_context *ssl, int level,
const char *file, int line,
const char *text, const mbedtls_ecp_point *X );
#endif
#if defined(MBEDTLS_X509_CRT_PARSE_C)
+/**
+ * \brief Print a X.509 certificate structure to the debug output. This
+ * function is always used through the MBEDTLS_SSL_DEBUG_CRT() macro,
+ * which supplies the ssl context, file and line number parameters.
+ *
+ * \param ssl SSL context
+ * \param level error level of the debug message
+ * \param file file the error has occurred in
+ * \param line line number the error has occurred in
+ * \param text a name or label for the certificate being output
+ * \param crt X.509 certificate structure
+ *
+ * \attention This function is intended for INTERNAL usage within the
+ * library only.
+ */
void mbedtls_debug_print_crt( const mbedtls_ssl_context *ssl, int level,
const char *file, int line,
const char *text, const mbedtls_x509_crt *crt );
#endif
#endif /* debug.h */
+
* \param ctx DHM context
* \param x_size private value size in bytes
* \param output destination buffer
- * \param olen must be equal to ctx->P.len
+ * \param olen must be at least equal to the size of P, ctx->len
* \param f_rng RNG function
* \param p_rng RNG parameter
*
*
* \brief Entropy accumulator implementation
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ * Copyright (C) 2006-2016, ARM Limited, All Rights Reserved
* SPDX-License-Identifier: Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
#if defined(MBEDTLS_THREADING_C)
mbedtls_threading_mutex_t mutex; /*!< mutex */
#endif
+#if defined(MBEDTLS_ENTROPY_NV_SEED)
+ int initial_entropy_run;
+#endif
}
mbedtls_entropy_context;
int mbedtls_entropy_update_manual( mbedtls_entropy_context *ctx,
const unsigned char *data, size_t len );
+#if defined(MBEDTLS_ENTROPY_NV_SEED)
+/**
+ * \brief Trigger an update of the seed file in NV by using the
+ * current entropy pool.
+ *
+ * \param ctx Entropy context
+ *
+ * \return 0 if successful
+ */
+int mbedtls_entropy_update_nv_seed( mbedtls_entropy_context *ctx );
+#endif /* MBEDTLS_ENTROPY_NV_SEED */
+
#if defined(MBEDTLS_FS_IO)
/**
* \brief Write a seed file
*
* \brief Platform-specific and custom entropy polling functions
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ * Copyright (C) 2006-2016, ARM Limited, All Rights Reserved
* SPDX-License-Identifier: Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
#define MBEDTLS_ENTROPY_MIN_HARDCLOCK 4 /**< Minimum for mbedtls_timing_hardclock() */
#define MBEDTLS_ENTROPY_MIN_HARDWARE 32 /**< Minimum for the hardware source */
+/**
+ * \brief Entropy poll callback that provides 0 entropy.
+ */
+#if defined(MBEDTLS_TEST_NULL_ENTROPY)
+ int mbedtls_null_entropy_poll( void *data,
+ unsigned char *output, size_t len, size_t *olen );
+#endif
+
#if !defined(MBEDTLS_NO_PLATFORM_ENTROPY)
/**
* \brief Platform-specific entropy poll callback
unsigned char *output, size_t len, size_t *olen );
#endif
+#if defined(MBEDTLS_ENTROPY_NV_SEED)
+/**
+ * \brief Entropy poll callback for a non-volatile seed file
+ *
+ * \note This must accept NULL as its first argument.
+ */
+int mbedtls_nv_seed_poll( void *data,
+ unsigned char *output, size_t len, size_t *olen );
+#endif
+
#ifdef __cplusplus
}
#endif
/**
* \brief Get the peak heap usage so far
*
- * \param max_used Peak number of bytes reauested by the application
- * \param max_blocks Peak number of blocks reauested by the application
+ * \param max_used Peak number of bytes in use or committed. This
+ * includes bytes in allocated blocks too small to split
+ * into smaller blocks but larger than the requested size.
+ * \param max_blocks Peak number of blocks in use, including free and used
*/
void mbedtls_memory_buffer_alloc_max_get( size_t *max_used, size_t *max_blocks );
/**
* \brief Get the current heap usage
*
- * \param cur_used Number of bytes reauested by the application
- * \param cur_blocks Number of blocks reauested by the application
+ * \param cur_used Current number of bytes in use or committed. This
+ * includes bytes in allocated blocks too small to split
+ * into smaller blocks but larger than the requested size.
+ * \param cur_blocks Current number of blocks in use, including free and used
*/
void mbedtls_memory_buffer_alloc_cur_get( size_t *cur_used, size_t *cur_blocks );
#endif /* MBEDTLS_MEMORY_DEBUG */
* \brief Load and parse a public key
*
* \param ctx key to be initialized
- * \param path filename to read the private key from
+ * \param path filename to read the public key from
*
* \note On entry, ctx must be empty, either freshly initialised
- * with mbedtls_pk_init() or reset with mbedtls_pk_free(). If you need a
- * specific key type, check the result with mbedtls_pk_can_do().
+ * with mbedtls_pk_init() or reset with mbedtls_pk_free(). If
+ * you need a specific key type, check the result with
+ * mbedtls_pk_can_do().
*
* \note The key is also checked for correctness.
*
*
* \brief mbed TLS Platform abstraction layer
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ * Copyright (C) 2006-2016, ARM Limited, All Rights Reserved
* SPDX-License-Identifier: Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
#if !defined(MBEDTLS_PLATFORM_NO_STD_FUNCTIONS)
#include <stdio.h>
#include <stdlib.h>
+#include <time.h>
#if !defined(MBEDTLS_PLATFORM_STD_SNPRINTF)
#if defined(_WIN32)
#define MBEDTLS_PLATFORM_STD_SNPRINTF mbedtls_platform_win32_snprintf /**< Default snprintf to use */
#define MBEDTLS_PLATFORM_STD_FREE free /**< Default free to use */
#endif
#if !defined(MBEDTLS_PLATFORM_STD_EXIT)
-#define MBEDTLS_PLATFORM_STD_EXIT exit /**< Default free to use */
+#define MBEDTLS_PLATFORM_STD_EXIT exit /**< Default exit to use */
#endif
+#if !defined(MBEDTLS_PLATFORM_STD_TIME)
+#define MBEDTLS_PLATFORM_STD_TIME time /**< Default time to use */
+#endif
+#if !defined(MBEDTLS_PLATFORM_STD_EXIT_SUCCESS)
+#define MBEDTLS_PLATFORM_STD_EXIT_SUCCESS EXIT_SUCCESS /**< Default exit value to use */
+#endif
+#if !defined(MBEDTLS_PLATFORM_STD_EXIT_FAILURE)
+#define MBEDTLS_PLATFORM_STD_EXIT_FAILURE EXIT_FAILURE /**< Default exit value to use */
+#endif
+#if defined(MBEDTLS_FS_IO)
+#if !defined(MBEDTLS_PLATFORM_STD_NV_SEED_READ)
+#define MBEDTLS_PLATFORM_STD_NV_SEED_READ mbedtls_platform_std_nv_seed_read
+#endif
+#if !defined(MBEDTLS_PLATFORM_STD_NV_SEED_WRITE)
+#define MBEDTLS_PLATFORM_STD_NV_SEED_WRITE mbedtls_platform_std_nv_seed_write
+#endif
+#if !defined(MBEDTLS_PLATFORM_STD_NV_SEED_FILE)
+#define MBEDTLS_PLATFORM_STD_NV_SEED_FILE "seedfile"
+#endif
+#endif /* MBEDTLS_FS_IO */
#else /* MBEDTLS_PLATFORM_NO_STD_FUNCTIONS */
#if defined(MBEDTLS_PLATFORM_STD_MEM_HDR)
#include MBEDTLS_PLATFORM_STD_MEM_HDR
#endif
#endif /* MBEDTLS_PLATFORM_NO_STD_FUNCTIONS */
+
/* \} name SECTION: Module settings */
/*
#endif /* MBEDTLS_PLATFORM_EXIT_MACRO */
#endif /* MBEDTLS_PLATFORM_EXIT_ALT */
+/*
+ * The default exit values
+ */
+#if defined(MBEDTLS_PLATFORM_STD_EXIT_SUCCESS)
+#define MBEDTLS_EXIT_SUCCESS MBEDTLS_PLATFORM_STD_EXIT_SUCCESS
+#else
+#define MBEDTLS_EXIT_SUCCESS 0
+#endif
+#if defined(MBEDTLS_PLATFORM_STD_EXIT_FAILURE)
+#define MBEDTLS_EXIT_FAILURE MBEDTLS_PLATFORM_STD_EXIT_FAILURE
+#else
+#define MBEDTLS_EXIT_FAILURE 1
+#endif
+
+/*
+ * The time_t datatype
+ */
+#if defined(MBEDTLS_PLATFORM_TIME_TYPE_MACRO)
+typedef MBEDTLS_PLATFORM_TIME_TYPE_MACRO mbedtls_time_t;
+#else
+/* For time_t */
+#include <time.h>
+typedef time_t mbedtls_time_t;
+#endif /* MBEDTLS_PLATFORM_TIME_TYPE_MACRO */
+
+/*
+ * The function pointers for time
+ */
+#if defined(MBEDTLS_PLATFORM_TIME_ALT)
+extern mbedtls_time_t (*mbedtls_time)( mbedtls_time_t* time );
+
+/**
+ * \brief Set your own time function pointer
+ *
+ * \param time_func the time function implementation
+ *
+ * \return 0
+ */
+int mbedtls_platform_set_time( mbedtls_time_t (*time_func)( mbedtls_time_t* time ) );
+#else
+#if defined(MBEDTLS_PLATFORM_TIME_MACRO)
+#define mbedtls_time MBEDTLS_PLATFORM_TIME_MACRO
+#else
+#define mbedtls_time time
+#endif /* MBEDTLS_PLATFORM_TIME_MACRO */
+#endif /* MBEDTLS_PLATFORM_TIME_ALT */
+
+/*
+ * The function pointers for reading from and writing a seed file to
+ * Non-Volatile storage (NV) in a platform-independent way
+ *
+ * Only enabled when the NV seed entropy source is enabled
+ */
+#if defined(MBEDTLS_ENTROPY_NV_SEED)
+#if !defined(MBEDTLS_PLATFORM_NO_STD_FUNCTIONS) && defined(MBEDTLS_FS_IO)
+/* Internal standard platform definitions */
+int mbedtls_platform_std_nv_seed_read( unsigned char *buf, size_t buf_len );
+int mbedtls_platform_std_nv_seed_write( unsigned char *buf, size_t buf_len );
+#endif
+
+#if defined(MBEDTLS_PLATFORM_NV_SEED_ALT)
+extern int (*mbedtls_nv_seed_read)( unsigned char *buf, size_t buf_len );
+extern int (*mbedtls_nv_seed_write)( unsigned char *buf, size_t buf_len );
+
+/**
+ * \brief Set your own seed file writing/reading functions
+ *
+ * \param nv_seed_read_func the seed reading function implementation
+ * \param nv_seed_write_func the seed writing function implementation
+ *
+ * \return 0
+ */
+int mbedtls_platform_set_nv_seed(
+ int (*nv_seed_read_func)( unsigned char *buf, size_t buf_len ),
+ int (*nv_seed_write_func)( unsigned char *buf, size_t buf_len )
+ );
+#else
+#if defined(MBEDTLS_PLATFORM_NV_SEED_READ_MACRO) && \
+ defined(MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO)
+#define mbedtls_nv_seed_read MBEDTLS_PLATFORM_NV_SEED_READ_MACRO
+#define mbedtls_nv_seed_write MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO
+#else
+#define mbedtls_nv_seed_read mbedtls_platform_std_nv_seed_read
+#define mbedtls_nv_seed_write mbedtls_platform_std_nv_seed_write
+#endif
+#endif /* MBEDTLS_PLATFORM_NV_SEED_ALT */
+#endif /* MBEDTLS_ENTROPY_NV_SEED */
+
#ifdef __cplusplus
}
#endif
* Signaling ciphersuite values (SCSV)
*/
#define MBEDTLS_SSL_EMPTY_RENEGOTIATION_INFO 0xFF /**< renegotiation info ext */
-#define MBEDTLS_SSL_FALLBACK_SCSV_VALUE 0x5600 /**< draft-ietf-tls-downgrade-scsv-00 */
+#define MBEDTLS_SSL_FALLBACK_SCSV_VALUE 0x5600 /**< RFC 7507 section 2 */
/*
* Supported Signature and Hash algorithms (For TLS 1.2)
}
mbedtls_ssl_states;
+/**
+ * \brief Callback type: send data on the network.
+ *
+ * \note That callback may be either blocking or non-blocking.
+ *
+ * \param ctx Context for the send callback (typically a file descriptor)
+ * \param buf Buffer holding the data to send
+ * \param len Length of the data to send
+ *
+ * \return The callback must return the number of bytes sent if any,
+ * or a non-zero error code.
+ * If performing non-blocking I/O, \c MBEDTLS_ERR_SSL_WANT_WRITE
+ * must be returned when the operation would block.
+ *
+ * \note The callback is allowed to send fewer bytes than requested.
+ * It must always return the number of bytes actually sent.
+ */
+typedef int mbedtls_ssl_send_t( void *ctx,
+ const unsigned char *buf,
+ size_t len );
+
+/**
+ * \brief Callback type: receive data from the network.
+ *
+ * \note That callback may be either blocking or non-blocking.
+ *
+ * \param ctx Context for the receive callback (typically a file
+ * descriptor)
+ * \param buf Buffer to write the received data to
+ * \param len Length of the receive buffer
+ *
+ * \return The callback must return the number of bytes received,
+ * or a non-zero error code.
+ * If performing non-blocking I/O, \c MBEDTLS_ERR_SSL_WANT_READ
+ * must be returned when the operation would block.
+ *
+ * \note The callback may receive fewer bytes than the length of the
+ * buffer. It must always return the number of bytes actually
+ * received and written to the buffer.
+ */
+typedef int mbedtls_ssl_recv_t( void *ctx,
+ unsigned char *buf,
+ size_t len );
+
+/**
+ * \brief Callback type: receive data from the network, with timeout
+ *
+ * \note That callback must block until data is received, or the
+ * timeout delay expires, or the operation is interrupted by a
+ * signal.
+ *
+ * \param ctx Context for the receive callback (typically a file descriptor)
+ * \param buf Buffer to write the received data to
+ * \param len Length of the receive buffer
+ * \param timeout Maximum nomber of millisecondes to wait for data
+ * 0 means no timeout (potentially waiting forever)
+ *
+ * \return The callback must return the number of bytes received,
+ * or a non-zero error code:
+ * \c MBEDTLS_ERR_SSL_TIMEOUT if the operation timed out,
+ * \c MBEDTLS_ERR_SSL_WANT_READ if interrupted by a signal.
+ *
+ * \note The callback may receive fewer bytes than the length of the
+ * buffer. It must always return the number of bytes actually
+ * received and written to the buffer.
+ */
+typedef int mbedtls_ssl_recv_timeout_t( void *ctx,
+ unsigned char *buf,
+ size_t len,
+ uint32_t timeout );
+/**
+ * \brief Callback type: set a pair of timers/delays to watch
+ *
+ * \param ctx Context pointer
+ * \param int_ms Intermediate delay in milliseconds
+ * \param fin_ms Final delay in milliseconds
+ * 0 cancels the current timer.
+ *
+ * \note This callback must at least store the necessary information
+ * for the associated \c mbedtls_ssl_get_timer_t callback to
+ * return correct information.
+ *
+ * \note If using a event-driven style of programming, an event must
+ * be generated when the final delay is passed. The event must
+ * cause a call to \c mbedtls_ssl_handshake() with the proper
+ * SSL context to be scheduled. Care must be taken to ensure
+ * that at most one such call happens at a time.
+ *
+ * \note Only one timer at a time must be running. Calling this
+ * function while a timer is running must cancel it. Cancelled
+ * timers must not generate any event.
+ */
+typedef void mbedtls_ssl_set_timer_t( void * ctx,
+ uint32_t int_ms,
+ uint32_t fin_ms );
+
+/**
+ * \brief Callback type: get status of timers/delays
+ *
+ * \param ctx Context pointer
+ *
+ * \return This callback must return:
+ * -1 if cancelled (fin_ms == 0),
+ * 0 if none of the delays have passed,
+ * 1 if only the intermediate delay has passed,
+ * 2 if the final delay has passed.
+ */
+typedef int mbedtls_ssl_get_timer_t( void * ctx );
+
+
/* Defined below */
typedef struct mbedtls_ssl_session mbedtls_ssl_session;
typedef struct mbedtls_ssl_context mbedtls_ssl_context;
struct mbedtls_ssl_session
{
#if defined(MBEDTLS_HAVE_TIME)
- time_t start; /*!< starting time */
+ mbedtls_time_t start; /*!< starting time */
#endif
int ciphersuite; /*!< chosen ciphersuite */
int compression; /*!< chosen compression */
unsigned badmac_seen; /*!< records with a bad MAC received */
#endif
- /*
- * Callbacks
- */
- int (*f_send)(void *, const unsigned char *, size_t);
- int (*f_recv)(void *, unsigned char *, size_t);
- int (*f_recv_timeout)(void *, unsigned char *, size_t, uint32_t);
+ mbedtls_ssl_send_t *f_send; /*!< Callback for network send */
+ mbedtls_ssl_recv_t *f_recv; /*!< Callback for network receive */
+ mbedtls_ssl_recv_timeout_t *f_recv_timeout;
+ /*!< Callback for network receive with timeout */
+
void *p_bio; /*!< context for I/O operations */
/*
* Timers
*/
void *p_timer; /*!< context for the timer callbacks */
- void (*f_set_timer)(void *, uint32_t, uint32_t); /*!< set timer callback */
- int (*f_get_timer)(void *); /*!< get timer callback */
+
+ mbedtls_ssl_set_timer_t *f_set_timer; /*!< set timer callback */
+ mbedtls_ssl_get_timer_t *f_get_timer; /*!< get timer callback */
/*
* Record layer (incoming data)
* \note No copy of the configuration context is made, it can be
* shared by many mbedtls_ssl_context structures.
*
- * \warning Modifying the conf structure after is has been used in this
+ * \warning Modifying the conf structure after it has been used in this
* function is unsupported!
*
* \param ssl SSL context
* pointers and data.
*
* \param ssl SSL context
- * \return 0 if successful, or POLASSL_ERR_SSL_MALLOC_FAILED,
+ * \return 0 if successful, or MBEDTLS_ERR_SSL_ALLOC_FAILED,
MBEDTLS_ERR_SSL_HW_ACCEL_FAILED or
* MBEDTLS_ERR_SSL_COMPRESSION_FAILED
*/
*
* MBEDTLS_SSL_VERIFY_REQUIRED: peer *must* present a valid certificate,
* handshake is aborted if verification failed.
+ * (default on client)
*
* \note On client, MBEDTLS_SSL_VERIFY_REQUIRED is the recommended mode.
* With MBEDTLS_SSL_VERIFY_OPTIONAL, the user needs to call mbedtls_ssl_get_verify_result() at
* \param f_send write callback
* \param f_recv read callback
* \param f_recv_timeout blocking read callback with timeout.
- * The last argument is the timeout in milliseconds,
- * 0 means no timeout (block forever until a message comes)
*
* \note One of f_recv or f_recv_timeout can be NULL, in which case
* the other is used. If both are non-NULL, f_recv_timeout is
*
* \note For DTLS, you need to provide either a non-NULL
* f_recv_timeout callback, or a f_recv that doesn't block.
+ *
+ * \note See the documentations of \c mbedtls_ssl_sent_t,
+ * \c mbedtls_ssl_recv_t and \c mbedtls_ssl_recv_timeout_t for
+ * the conventions those callbacks must follow.
+ *
+ * \note On some platforms, net.c provides \c mbedtls_net_send(),
+ * \c mbedtls_net_recv() and \c mbedtls_net_recv_timeout()
+ * that are suitable to be used here.
*/
void mbedtls_ssl_set_bio( mbedtls_ssl_context *ssl,
- void *p_bio,
- int (*f_send)(void *, const unsigned char *, size_t),
- int (*f_recv)(void *, unsigned char *, size_t),
- int (*f_recv_timeout)(void *, unsigned char *, size_t, uint32_t) );
+ void *p_bio,
+ mbedtls_ssl_send_t *f_send,
+ mbedtls_ssl_recv_t *f_recv,
+ mbedtls_ssl_recv_timeout_t *f_recv_timeout );
/**
* \brief Set the timeout period for mbedtls_ssl_read()
void mbedtls_ssl_conf_read_timeout( mbedtls_ssl_config *conf, uint32_t timeout );
/**
- * \brief Set the timer callbacks
- * (Mandatory for DTLS.)
+ * \brief Set the timer callbacks (Mandatory for DTLS.)
*
* \param ssl SSL context
- * \param p_timer parameter (context) shared by timer callback
+ * \param p_timer parameter (context) shared by timer callbacks
* \param f_set_timer set timer callback
- * Accepts an intermediate and a final delay in milliseconcs
- * If the final delay is 0, cancels the running timer.
* \param f_get_timer get timer callback. Must return:
- * -1 if cancelled
- * 0 if none of the delays is expired
- * 1 if the intermediate delay only is expired
- * 2 if the final delay is expired
+ *
+ * \note See the documentation of \c mbedtls_ssl_set_timer_t and
+ * \c mbedtls_ssl_get_timer_t for the conventions this pair of
+ * callbacks must fallow.
+ *
+ * \note On some platforms, timing.c provides
+ * \c mbedtls_timing_set_delay() and
+ * \c mbedtls_timing_get_delay() that are suitable for using
+ * here, except if using an event-driven style.
+ *
+ * \note See also the "DTLS tutorial" article in our knowledge base.
+ * https://tls.mbed.org/kb/how-to/dtls-tutorial
*/
void mbedtls_ssl_set_timer_cb( mbedtls_ssl_context *ssl,
void *p_timer,
- void (*f_set_timer)(void *, uint32_t int_ms, uint32_t fin_ms),
- int (*f_get_timer)(void *) );
+ mbedtls_ssl_set_timer_t *f_set_timer,
+ mbedtls_ssl_get_timer_t *f_get_timer );
/**
* \brief Callback type: generate and write session ticket
*
* \note This describes what a callback implementation should do.
- * This callback should generate and encrypted and
+ * This callback should generate an encrypted and
* authenticated ticket for the session and write it to the
* output buffer. Here, ticket means the opaque ticket part
* of the NewSessionTicket structure of RFC 5077.
*
* \param p_ticket Context for the callback
- * \param session SSL session to bo written in the ticket
- * \param start Start of the outpur buffer
+ * \param session SSL session to be written in the ticket
+ * \param start Start of the output buffer
* \param end End of the output buffer
* \param tlen On exit, holds the length written
* \param lifetime On exit, holds the lifetime of the ticket in seconds
#if defined(MBEDTLS_SSL_PROTO_DTLS)
/**
- * \brief Set retransmit timeout values for the DTLS handshale.
+ * \brief Set retransmit timeout values for the DTLS handshake.
* (DTLS only, no effect on TLS.)
*
* \param conf SSL configuration
*
* \note Default values are from RFC 6347 section 4.2.4.1.
*
- * \note Higher values for initial timeout may increase average
- * handshake latency. Lower values may increase the risk of
- * network congestion by causing more retransmissions.
+ * \note The 'min' value should typically be slightly above the
+ * expected round-trip time to your peer, plus whatever time
+ * it takes for the peer to process the message. For example,
+ * if your RTT is about 600ms and you peer needs up to 1s to
+ * do the cryptographic operations in the handshake, then you
+ * should set 'min' slightly above 1600. Lower values of 'min'
+ * might cause spurious resends which waste network resources,
+ * while larger value of 'min' will increase overall latency
+ * on unreliable network links.
+ *
+ * \note The more unreliable your network connection is, the larger
+ * your max / min ratio needs to be in order to achieve
+ * reliable handshakes.
+ *
+ * \note Messages are retransmitted up to log2(ceil(max/min)) times.
+ * For example, if min = 1s and max = 5s, the retransmit plan
+ * goes: send ... 1s -> resend ... 2s -> resend ... 4s ->
+ * resend ... 5s -> give up and return a timeout error.
*/
void mbedtls_ssl_conf_handshake_timeout( mbedtls_ssl_config *conf, uint32_t min, uint32_t max );
#endif /* MBEDTLS_SSL_PROTO_DTLS */
/**
* \brief Set the list of allowed ciphersuites and the preference
* order. First in the list has the highest preference.
- * (Overrides all version specific lists)
+ * (Overrides all version-specific lists)
*
* The ciphersuites array is not copied, and must remain
* valid for the lifetime of the ssl_config.
* adequate, preference is given to the one set by the first
* call to this function, then second, etc.
*
- * \note On client, only the first call has any effect.
+ * \note On client, only the first call has any effect. That is,
+ * only one client certificate can be provisioned. The
+ * server's preferences in its CertficateRequest message will
+ * be ignored and our only cert will be sent regardless of
+ * whether it matches those preferences - the server can then
+ * decide what it wants to do with it.
*
* \param conf SSL configuration
* \param own_cert own public certificate chain
* \note This is mainly useful for clients. Servers will usually
* want to use \c mbedtls_ssl_conf_psk_cb() instead.
*
+ * \note Currently clients can only register one pre-shared key.
+ * In other words, the servers' identity hint is ignored.
+ * Support for setting multiple PSKs on clients and selecting
+ * one based on the identity hint is not a planned feature but
+ * feedback is welcomed.
+ *
* \param conf SSL configuration
* \param psk pointer to the pre-shared key
* \param psk_len pre-shared key length
#if defined(MBEDTLS_X509_CRT_PARSE_C)
/**
- * \brief Set hostname for ServerName TLS extension
+ * \brief Set the hostname to check against the received server
+ * certificate. It sets the ServerName TLS extension too,
+ * if the extension is enabled.
* (client-side only)
*
- *
* \param ssl SSL context
* \param hostname the server hostname
*
* \brief Set the supported Application Layer Protocols.
*
* \param conf SSL configuration
- * \param protos NULL-terminated list of supported protocols,
- * in decreasing preference order.
+ * \param protos Pointer to a NULL-terminated list of supported protocols,
+ * in decreasing preference order. The pointer to the list is
+ * recorded by the library for later reference as required, so
+ * the lifetime of the table must be atleast as long as the
+ * lifetime of the SSL configuration structure.
*
* \return 0 on success, or MBEDTLS_ERR_SSL_BAD_INPUT_DATA.
*/
* \brief Disable or enable support for RC4
* (Default: MBEDTLS_SSL_ARC4_DISABLED)
*
- * \warning Use of RC4 in (D)TLS has been prohibited by RFC ????
- * for security reasons. Use at your own risks.
+ * \warning Use of RC4 in DTLS/TLS has been prohibited by RFC 7465
+ * for security reasons. Use at your own risk.
*
- * \note This function will likely be removed in future versions as
- * RC4 will then be disabled by default at compile time.
+ * \note This function is deprecated and will likely be removed in
+ * a future version of the library.
+ * RC4 is disabled by default at compile time and needs to be
+ * actively enabled for use with legacy systems.
*
* \param conf SSL configuration
* \param arc4 MBEDTLS_SSL_ARC4_ENABLED or MBEDTLS_SSL_ARC4_DISABLED
*
* \warning It is recommended to always disable renegotation unless you
* know you need it and you know what you're doing. In the
- * past, there has been several issues associated with
+ * past, there have been several issues associated with
* renegotiation or a poor understanding of its properties.
*
* \note Server-side, enabling renegotiation also makes the server
* \brief Perform a single step of the SSL handshake
*
* \note The state of the context (ssl->state) will be at
- * the following state after execution of this function.
- * Do not call this function if state is MBEDTLS_SSL_HANDSHAKE_OVER.
+ * the next state after execution of this function. Do not
+ * call this function if state is MBEDTLS_SSL_HANDSHAKE_OVER.
*
* \note If this function returns something other than 0 or
* MBEDTLS_ERR_SSL_WANT_READ/WRITE, then the ssl context
* \brief Initiate an SSL renegotiation on the running connection.
* Client: perform the renegotiation right now.
* Server: request renegotiation, which will be performed
- * during the next call to mbedtls_ssl_read() if honored by client.
+ * during the next call to mbedtls_ssl_read() if honored by
+ * client.
*
* \param ssl SSL context
*
- * \return 0 if successful, or any mbedtls_ssl_handshake() return value.
+ * \return 0 if successful, or any mbedtls_ssl_handshake() return
+ * value.
*
* \note If this function returns something other than 0 or
* MBEDTLS_ERR_SSL_WANT_READ/WRITE, then the ssl context
struct mbedtls_ssl_cache_entry
{
#if defined(MBEDTLS_HAVE_TIME)
- time_t timestamp; /*!< entry timestamp */
+ mbedtls_time_t timestamp; /*!< entry timestamp */
#endif
mbedtls_ssl_session session; /*!< entry session */
#if defined(MBEDTLS_X509_CRT_PARSE_C)
* Handshake specific crypto variables
*/
int sig_alg; /*!< Hash algorithm for signature */
- int cert_type; /*!< Requested cert type */
int verify_sig_alg; /*!< Signature algorithm for verify */
#if defined(MBEDTLS_DHM_C)
mbedtls_dhm_context dhm_ctx; /*!< DHM key exchange */
void mbedtls_threading_free_alt( void );
#endif /* MBEDTLS_THREADING_ALT */
+#if defined(MBEDTLS_THREADING_C)
/*
* The function pointers for mutex_init, mutex_free, mutex_ and mutex_unlock
*
*/
extern mbedtls_threading_mutex_t mbedtls_threading_readdir_mutex;
extern mbedtls_threading_mutex_t mbedtls_threading_gmtime_mutex;
+#endif /* MBEDTLS_THREADING_C */
#ifdef __cplusplus
}
* Major, Minor, Patchlevel
*/
#define MBEDTLS_VERSION_MAJOR 2
-#define MBEDTLS_VERSION_MINOR 2
-#define MBEDTLS_VERSION_PATCH 1
+#define MBEDTLS_VERSION_MINOR 3
+#define MBEDTLS_VERSION_PATCH 0
/**
* The single version number has the following structure:
* MMNNPP00
* Major version | Minor version | Patch version
*/
-#define MBEDTLS_VERSION_NUMBER 0x02020100
-#define MBEDTLS_VERSION_STRING "2.2.1"
-#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 2.2.1"
+#define MBEDTLS_VERSION_NUMBER 0x02030000
+#define MBEDTLS_VERSION_STRING "2.3.0"
+#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 2.3.0"
#if defined(MBEDTLS_VERSION_C)
* \note Same as \c mbedtls_x509_crt_verify_with_profile() with the
* default security profile.
*
- * \param crt a certificate to be verified
- * \param trust_ca the trusted CA chain
- * \param ca_crl the CRL chain for trusted CA's
+ * \note It is your responsibility to provide up-to-date CRLs for
+ * all trusted CAs. If no CRL is provided for the CA that was
+ * used to sign the certificate, CRL verification is skipped
+ * silently, that is *without* setting any flag.
+ *
+ * \param crt a certificate (chain) to be verified
+ * \param trust_ca the list of trusted CAs
+ * \param ca_crl the list of CRLs for trusted CAs (see note above)
* \param cn expected Common Name (can be set to
* NULL if the CN must not be verified)
* \param flags result of the verification
* for ECDSA) apply to all certificates: trusted root,
* intermediate CAs if any, and end entity certificate.
*
- * \param crt a certificate to be verified
- * \param trust_ca the trusted CA chain
- * \param ca_crl the CRL chain for trusted CA's
+ * \param crt a certificate (chain) to be verified
+ * \param trust_ca the list of trusted CAs
+ * \param ca_crl the list of CRLs for trusted CAs
* \param profile security profile for verification
* \param cn expected Common Name (can be set to
* NULL if the CN must not be verified)
/**
* \brief Load a Certificate Signing Request (CSR) in DER format
*
+ * \note CSR attributes (if any) are currently silently ignored.
+ *
* \param csr CSR context to fill
* \param buf buffer holding the CRL data
* \param buflen size of the buffer
/**
* \brief Load a Certificate Signing Request (CSR), DER or PEM format
*
+ * \note See notes for \c mbedtls_x509_csr_parse_der()
+ *
* \param csr CSR context to fill
* \param buf buffer holding the CRL data
* \param buflen size of the buffer
/**
* \brief Load a Certificate Signing Request (CSR)
*
+ * \note See notes for \c mbedtls_x509_csr_parse()
+ *
* \param csr CSR context to fill
* \param path filename to read the CSR from
*
projects / reactos.git / commitdiff