summaryrefslogtreecommitdiff
path: root/thirdparty/mbedtls/include
diff options
context:
space:
mode:
authorFabio Alessandrelli <fabio.alessandrelli@gmail.com>2018-03-28 17:26:33 +0200
committerFabio Alessandrelli <fabio.alessandrelli@gmail.com>2018-04-03 19:25:24 +0200
commitfebec687639533570236e491fce464cd03eac1ae (patch)
treee640f49a8e84776ee5d08ff1d49da45bca447b35 /thirdparty/mbedtls/include
parent629783f3aaf9d6b489fe86c2057fb93f54fb5388 (diff)
Update mbedTLS to version 2.8.0
Diffstat (limited to 'thirdparty/mbedtls/include')
-rw-r--r--thirdparty/mbedtls/include/mbedtls/asn1.h15
-rw-r--r--thirdparty/mbedtls/include/mbedtls/ccm.h5
-rw-r--r--thirdparty/mbedtls/include/mbedtls/check_config.h4
-rw-r--r--thirdparty/mbedtls/include/mbedtls/config.h30
-rw-r--r--thirdparty/mbedtls/include/mbedtls/dhm.h2
-rw-r--r--thirdparty/mbedtls/include/mbedtls/md2.h44
-rw-r--r--thirdparty/mbedtls/include/mbedtls/md4.h46
-rw-r--r--thirdparty/mbedtls/include/mbedtls/md5.h46
-rw-r--r--thirdparty/mbedtls/include/mbedtls/oid.h18
-rw-r--r--thirdparty/mbedtls/include/mbedtls/ripemd160.h43
-rw-r--r--thirdparty/mbedtls/include/mbedtls/rsa.h12
-rw-r--r--thirdparty/mbedtls/include/mbedtls/sha1.h46
-rw-r--r--thirdparty/mbedtls/include/mbedtls/sha256.h50
-rw-r--r--thirdparty/mbedtls/include/mbedtls/sha512.h49
-rw-r--r--thirdparty/mbedtls/include/mbedtls/ssl.h18
-rw-r--r--thirdparty/mbedtls/include/mbedtls/ssl_internal.h3
-rw-r--r--thirdparty/mbedtls/include/mbedtls/version.h8
17 files changed, 186 insertions, 253 deletions
diff --git a/thirdparty/mbedtls/include/mbedtls/asn1.h b/thirdparty/mbedtls/include/mbedtls/asn1.h
index fde328a128..96c1c9a8ab 100644
--- a/thirdparty/mbedtls/include/mbedtls/asn1.h
+++ b/thirdparty/mbedtls/include/mbedtls/asn1.h
@@ -88,6 +88,21 @@
#define MBEDTLS_ASN1_PRIMITIVE 0x00
#define MBEDTLS_ASN1_CONSTRUCTED 0x20
#define MBEDTLS_ASN1_CONTEXT_SPECIFIC 0x80
+
+/*
+ * Bit masks for each of the components of an ASN.1 tag as specified in
+ * ITU X.690 (08/2015), section 8.1 "General rules for encoding",
+ * paragraph 8.1.2.2:
+ *
+ * Bit 8 7 6 5 1
+ * +-------+-----+------------+
+ * | Class | P/C | Tag number |
+ * +-------+-----+------------+
+ */
+#define MBEDTLS_ASN1_TAG_CLASS_MASK 0xC0
+#define MBEDTLS_ASN1_TAG_PC_MASK 0x20
+#define MBEDTLS_ASN1_TAG_VALUE_MASK 0x1F
+
/* \} name */
/* \} addtogroup asn1_module */
diff --git a/thirdparty/mbedtls/include/mbedtls/ccm.h b/thirdparty/mbedtls/include/mbedtls/ccm.h
index 5a9ee4a1cd..630b7fdf6c 100644
--- a/thirdparty/mbedtls/include/mbedtls/ccm.h
+++ b/thirdparty/mbedtls/include/mbedtls/ccm.h
@@ -105,7 +105,7 @@ void mbedtls_ccm_free( mbedtls_ccm_context *ctx );
* Must be at least \p length Bytes wide.
* \param tag The buffer holding the tag.
* \param tag_len The length of the tag to generate in Bytes:
- * 4, 6, 8, 10, 14 or 16.
+ * 4, 6, 8, 10, 12, 14 or 16.
*
* \note The tag is written to a separate buffer. To concatenate
* the \p tag with the \p output, as done in <em>RFC-3610:
@@ -131,10 +131,13 @@ int mbedtls_ccm_encrypt_and_tag( mbedtls_ccm_context *ctx, size_t length,
* \param iv_len The length of the IV in Bytes: 7, 8, 9, 10, 11, 12, or 13.
* \param add The additional data field.
* \param add_len The length of additional data in Bytes.
+ * Must be less than 2^16 - 2^8.
* \param input The buffer holding the input data.
* \param output The buffer holding the output data.
+ * Must be at least \p length Bytes wide.
* \param tag The buffer holding the tag.
* \param tag_len The length of the tag in Bytes.
+ * 4, 6, 8, 10, 12, 14 or 16.
*
* \return 0 if successful and authenticated, or
* #MBEDTLS_ERR_CCM_AUTH_FAILED if the tag does not match.
diff --git a/thirdparty/mbedtls/include/mbedtls/check_config.h b/thirdparty/mbedtls/include/mbedtls/check_config.h
index 1143aa2687..be80332963 100644
--- a/thirdparty/mbedtls/include/mbedtls/check_config.h
+++ b/thirdparty/mbedtls/include/mbedtls/check_config.h
@@ -78,6 +78,10 @@
#error "MBEDTLS_DHM_C defined, but not all prerequisites"
#endif
+#if defined(MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT) && !defined(MBEDTLS_SSL_TRUNCATED_HMAC)
+#error "MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT defined, but not all prerequisites"
+#endif
+
#if defined(MBEDTLS_CMAC_C) && \
!defined(MBEDTLS_AES_C) && !defined(MBEDTLS_DES_C)
#error "MBEDTLS_CMAC_C defined, but not all prerequisites"
diff --git a/thirdparty/mbedtls/include/mbedtls/config.h b/thirdparty/mbedtls/include/mbedtls/config.h
index 79eedffddd..b5905ef9d0 100644
--- a/thirdparty/mbedtls/include/mbedtls/config.h
+++ b/thirdparty/mbedtls/include/mbedtls/config.h
@@ -1049,7 +1049,8 @@
/**
* \def MBEDTLS_RSA_NO_CRT
*
- * Do not use the Chinese Remainder Theorem for the RSA private operation.
+ * Do not use the Chinese Remainder Theorem
+ * for the RSA private operation.
*
* Uncomment this macro to disable the use of CRT in RSA.
*
@@ -1412,6 +1413,30 @@
#define MBEDTLS_SSL_TRUNCATED_HMAC
/**
+ * \def MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT
+ *
+ * Fallback to old (pre-2.7), non-conforming implementation of the truncated
+ * HMAC extension which also truncates the HMAC key. Note that this option is
+ * only meant for a transitory upgrade period and is likely to be removed in
+ * a future version of the library.
+ *
+ * \warning The old implementation is non-compliant and has a security weakness
+ * (2^80 brute force attack on the HMAC key used for a single,
+ * uninterrupted connection). This should only be enabled temporarily
+ * when (1) the use of truncated HMAC is essential in order to save
+ * bandwidth, and (2) the peer is an Mbed TLS stack that doesn't use
+ * the fixed implementation yet (pre-2.7).
+ *
+ * \deprecated This option is deprecated and will likely be removed in a
+ * future version of Mbed TLS.
+ *
+ * Uncomment to fallback to old, non-compliant truncated HMAC implementation.
+ *
+ * Requires: MBEDTLS_SSL_TRUNCATED_HMAC
+ */
+//#define MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT
+
+/**
* \def MBEDTLS_THREADING_ALT
*
* Provide your own alternate threading implementation.
@@ -1517,6 +1542,9 @@
*
* \note Currently compression can't be used with DTLS.
*
+ * \deprecated This feature is deprecated and will be removed
+ * in the next major revision of the library.
+ *
* Used in: library/ssl_tls.c
* library/ssl_cli.c
* library/ssl_srv.c
diff --git a/thirdparty/mbedtls/include/mbedtls/dhm.h b/thirdparty/mbedtls/include/mbedtls/dhm.h
index da2e66b111..00fafd8d16 100644
--- a/thirdparty/mbedtls/include/mbedtls/dhm.h
+++ b/thirdparty/mbedtls/include/mbedtls/dhm.h
@@ -372,7 +372,7 @@ MBEDTLS_DEPRECATED typedef char const * mbedtls_deprecated_constant_t;
* in <em>RFC-5114: Additional Diffie-Hellman Groups for Use with
* IETF Standards</em>.
*/
-#define MBEDTLS_DHM_RFC5114_MODP_P \
+#define MBEDTLS_DHM_RFC5114_MODP_2048_P \
MBEDTLS_DEPRECATED_STRING_CONSTANT( \
"AD107E1E9123A9D0D660FAA79559C51FA20D64E5683B9FD1" \
"B54B1597B61D0A75E6FA141DF95A56DBAF9A3C407BA1DF15" \
diff --git a/thirdparty/mbedtls/include/mbedtls/md2.h b/thirdparty/mbedtls/include/mbedtls/md2.h
index 2ff3f171a3..0fd8b5afcc 100644
--- a/thirdparty/mbedtls/include/mbedtls/md2.h
+++ b/thirdparty/mbedtls/include/mbedtls/md2.h
@@ -39,11 +39,6 @@
#define MBEDTLS_ERR_MD2_HW_ACCEL_FAILED -0x002B /**< MD2 hardware accelerator failed */
-#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
- !defined(inline) && !defined(__cplusplus)
-#define inline __inline
-#endif
-
#if !defined(MBEDTLS_MD2_ALT)
// Regular implementation
//
@@ -187,11 +182,7 @@ int mbedtls_internal_md2_process( mbedtls_md2_context *ctx );
* stronger message digests instead.
*
*/
-MBEDTLS_DEPRECATED static inline void mbedtls_md2_starts(
- mbedtls_md2_context *ctx )
-{
- mbedtls_md2_starts_ret( ctx );
-}
+MBEDTLS_DEPRECATED void mbedtls_md2_starts( mbedtls_md2_context *ctx );
/**
* \brief MD2 process buffer
@@ -207,13 +198,9 @@ MBEDTLS_DEPRECATED static inline void mbedtls_md2_starts(
* stronger message digests instead.
*
*/
-MBEDTLS_DEPRECATED static inline void mbedtls_md2_update(
- mbedtls_md2_context *ctx,
- const unsigned char *input,
- size_t ilen )
-{
- mbedtls_md2_update_ret( ctx, input, ilen );
-}
+MBEDTLS_DEPRECATED void mbedtls_md2_update( mbedtls_md2_context *ctx,
+ const unsigned char *input,
+ size_t ilen );
/**
* \brief MD2 final digest
@@ -228,12 +215,8 @@ MBEDTLS_DEPRECATED static inline void mbedtls_md2_update(
* stronger message digests instead.
*
*/
-MBEDTLS_DEPRECATED static inline void mbedtls_md2_finish(
- mbedtls_md2_context *ctx,
- unsigned char output[16] )
-{
- mbedtls_md2_finish_ret( ctx, output );
-}
+MBEDTLS_DEPRECATED void mbedtls_md2_finish( mbedtls_md2_context *ctx,
+ unsigned char output[16] );
/**
* \brief MD2 process data block (internal use only)
@@ -247,11 +230,7 @@ MBEDTLS_DEPRECATED static inline void mbedtls_md2_finish(
* stronger message digests instead.
*
*/
-MBEDTLS_DEPRECATED static inline void mbedtls_md2_process(
- mbedtls_md2_context *ctx )
-{
- mbedtls_internal_md2_process( ctx );
-}
+MBEDTLS_DEPRECATED void mbedtls_md2_process( mbedtls_md2_context *ctx );
#undef MBEDTLS_DEPRECATED
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
@@ -304,12 +283,9 @@ int mbedtls_md2_ret( const unsigned char *input,
* stronger message digests instead.
*
*/
-MBEDTLS_DEPRECATED static inline void mbedtls_md2( const unsigned char *input,
- size_t ilen,
- unsigned char output[16] )
-{
- mbedtls_md2_ret( input, ilen, output );
-}
+MBEDTLS_DEPRECATED void mbedtls_md2( const unsigned char *input,
+ size_t ilen,
+ unsigned char output[16] );
#undef MBEDTLS_DEPRECATED
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
diff --git a/thirdparty/mbedtls/include/mbedtls/md4.h b/thirdparty/mbedtls/include/mbedtls/md4.h
index a2ab57f078..23fa95e46a 100644
--- a/thirdparty/mbedtls/include/mbedtls/md4.h
+++ b/thirdparty/mbedtls/include/mbedtls/md4.h
@@ -40,11 +40,6 @@
#define MBEDTLS_ERR_MD4_HW_ACCEL_FAILED -0x002D /**< MD4 hardware accelerator failed */
-#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
- !defined(inline) && !defined(__cplusplus)
-#define inline __inline
-#endif
-
#if !defined(MBEDTLS_MD4_ALT)
// Regular implementation
//
@@ -188,11 +183,7 @@ int mbedtls_internal_md4_process( mbedtls_md4_context *ctx,
* stronger message digests instead.
*
*/
-MBEDTLS_DEPRECATED static inline void mbedtls_md4_starts(
- mbedtls_md4_context *ctx )
-{
- mbedtls_md4_starts_ret( ctx );
-}
+MBEDTLS_DEPRECATED void mbedtls_md4_starts( mbedtls_md4_context *ctx );
/**
* \brief MD4 process buffer
@@ -208,13 +199,9 @@ MBEDTLS_DEPRECATED static inline void mbedtls_md4_starts(
* stronger message digests instead.
*
*/
-MBEDTLS_DEPRECATED static inline void mbedtls_md4_update(
- mbedtls_md4_context *ctx,
- const unsigned char *input,
- size_t ilen )
-{
- mbedtls_md4_update_ret( ctx, input, ilen );
-}
+MBEDTLS_DEPRECATED void mbedtls_md4_update( mbedtls_md4_context *ctx,
+ const unsigned char *input,
+ size_t ilen );
/**
* \brief MD4 final digest
@@ -229,12 +216,8 @@ MBEDTLS_DEPRECATED static inline void mbedtls_md4_update(
* stronger message digests instead.
*
*/
-MBEDTLS_DEPRECATED static inline void mbedtls_md4_finish(
- mbedtls_md4_context *ctx,
- unsigned char output[16] )
-{
- mbedtls_md4_finish_ret( ctx, output );
-}
+MBEDTLS_DEPRECATED void mbedtls_md4_finish( mbedtls_md4_context *ctx,
+ unsigned char output[16] );
/**
* \brief MD4 process data block (internal use only)
@@ -249,12 +232,8 @@ MBEDTLS_DEPRECATED static inline void mbedtls_md4_finish(
* stronger message digests instead.
*
*/
-MBEDTLS_DEPRECATED static inline void mbedtls_md4_process(
- mbedtls_md4_context *ctx,
- const unsigned char data[64] )
-{
- mbedtls_internal_md4_process( ctx, data );
-}
+MBEDTLS_DEPRECATED void mbedtls_md4_process( mbedtls_md4_context *ctx,
+ const unsigned char data[64] );
#undef MBEDTLS_DEPRECATED
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
@@ -309,12 +288,9 @@ int mbedtls_md4_ret( const unsigned char *input,
* stronger message digests instead.
*
*/
-MBEDTLS_DEPRECATED static inline void mbedtls_md4( const unsigned char *input,
- size_t ilen,
- unsigned char output[16] )
-{
- mbedtls_md4_ret( input, ilen, output );
-}
+MBEDTLS_DEPRECATED void mbedtls_md4( const unsigned char *input,
+ size_t ilen,
+ unsigned char output[16] );
#undef MBEDTLS_DEPRECATED
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
diff --git a/thirdparty/mbedtls/include/mbedtls/md5.h b/thirdparty/mbedtls/include/mbedtls/md5.h
index d49391f811..06ea4c5d44 100644
--- a/thirdparty/mbedtls/include/mbedtls/md5.h
+++ b/thirdparty/mbedtls/include/mbedtls/md5.h
@@ -43,11 +43,6 @@
// Regular implementation
//
-#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
- !defined(inline) && !defined(__cplusplus)
-#define inline __inline
-#endif
-
#ifdef __cplusplus
extern "C" {
#endif
@@ -188,11 +183,7 @@ int mbedtls_internal_md5_process( mbedtls_md5_context *ctx,
* stronger message digests instead.
*
*/
-MBEDTLS_DEPRECATED static inline void mbedtls_md5_starts(
- mbedtls_md5_context *ctx )
-{
- mbedtls_md5_starts_ret( ctx );
-}
+MBEDTLS_DEPRECATED void mbedtls_md5_starts( mbedtls_md5_context *ctx );
/**
* \brief MD5 process buffer
@@ -208,13 +199,9 @@ MBEDTLS_DEPRECATED static inline void mbedtls_md5_starts(
* stronger message digests instead.
*
*/
-MBEDTLS_DEPRECATED static inline void mbedtls_md5_update(
- mbedtls_md5_context *ctx,
- const unsigned char *input,
- size_t ilen )
-{
- mbedtls_md5_update_ret( ctx, input, ilen );
-}
+MBEDTLS_DEPRECATED void mbedtls_md5_update( mbedtls_md5_context *ctx,
+ const unsigned char *input,
+ size_t ilen );
/**
* \brief MD5 final digest
@@ -229,12 +216,8 @@ MBEDTLS_DEPRECATED static inline void mbedtls_md5_update(
* stronger message digests instead.
*
*/
-MBEDTLS_DEPRECATED static inline void mbedtls_md5_finish(
- mbedtls_md5_context *ctx,
- unsigned char output[16] )
-{
- mbedtls_md5_finish_ret( ctx, output );
-}
+MBEDTLS_DEPRECATED void mbedtls_md5_finish( mbedtls_md5_context *ctx,
+ unsigned char output[16] );
/**
* \brief MD5 process data block (internal use only)
@@ -249,12 +232,8 @@ MBEDTLS_DEPRECATED static inline void mbedtls_md5_finish(
* stronger message digests instead.
*
*/
-MBEDTLS_DEPRECATED static inline void mbedtls_md5_process(
- mbedtls_md5_context *ctx,
- const unsigned char data[64] )
-{
- mbedtls_internal_md5_process( ctx, data );
-}
+MBEDTLS_DEPRECATED void mbedtls_md5_process( mbedtls_md5_context *ctx,
+ const unsigned char data[64] );
#undef MBEDTLS_DEPRECATED
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
@@ -309,12 +288,9 @@ int mbedtls_md5_ret( const unsigned char *input,
* stronger message digests instead.
*
*/
-MBEDTLS_DEPRECATED static inline void mbedtls_md5( const unsigned char *input,
- size_t ilen,
- unsigned char output[16] )
-{
- mbedtls_md5_ret( input, ilen, output );
-}
+MBEDTLS_DEPRECATED void mbedtls_md5( const unsigned char *input,
+ size_t ilen,
+ unsigned char output[16] );
#undef MBEDTLS_DEPRECATED
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
diff --git a/thirdparty/mbedtls/include/mbedtls/oid.h b/thirdparty/mbedtls/include/mbedtls/oid.h
index bf2ef5ece4..408645ece7 100644
--- a/thirdparty/mbedtls/include/mbedtls/oid.h
+++ b/thirdparty/mbedtls/include/mbedtls/oid.h
@@ -228,6 +228,14 @@
#define MBEDTLS_OID_HMAC_SHA1 MBEDTLS_OID_RSA_COMPANY "\x02\x07" /**< id-hmacWithSHA1 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 7 } */
+#define MBEDTLS_OID_HMAC_SHA224 MBEDTLS_OID_RSA_COMPANY "\x02\x08" /**< id-hmacWithSHA224 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 8 } */
+
+#define MBEDTLS_OID_HMAC_SHA256 MBEDTLS_OID_RSA_COMPANY "\x02\x09" /**< id-hmacWithSHA256 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 9 } */
+
+#define MBEDTLS_OID_HMAC_SHA384 MBEDTLS_OID_RSA_COMPANY "\x02\x0A" /**< id-hmacWithSHA384 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 10 } */
+
+#define MBEDTLS_OID_HMAC_SHA512 MBEDTLS_OID_RSA_COMPANY "\x02\x0B" /**< id-hmacWithSHA512 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 11 } */
+
/*
* Encryption algorithms
*/
@@ -514,6 +522,16 @@ int mbedtls_oid_get_oid_by_sig_alg( mbedtls_pk_type_t pk_alg, mbedtls_md_type_t
* \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
*/
int mbedtls_oid_get_md_alg( const mbedtls_asn1_buf *oid, mbedtls_md_type_t *md_alg );
+
+/**
+ * \brief Translate hmac algorithm OID into md_type
+ *
+ * \param oid OID to use
+ * \param md_hmac place to store message hmac algorithm
+ *
+ * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
+ */
+int mbedtls_oid_get_md_hmac( const mbedtls_asn1_buf *oid, mbedtls_md_type_t *md_hmac );
#endif /* MBEDTLS_MD_C */
/**
diff --git a/thirdparty/mbedtls/include/mbedtls/ripemd160.h b/thirdparty/mbedtls/include/mbedtls/ripemd160.h
index c21868b185..3a8b50a621 100644
--- a/thirdparty/mbedtls/include/mbedtls/ripemd160.h
+++ b/thirdparty/mbedtls/include/mbedtls/ripemd160.h
@@ -35,11 +35,6 @@
#define MBEDTLS_ERR_RIPEMD160_HW_ACCEL_FAILED -0x0031 /**< RIPEMD160 hardware accelerator failed */
-#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
- !defined(inline) && !defined(__cplusplus)
-#define inline __inline
-#endif
-
#if !defined(MBEDTLS_RIPEMD160_ALT)
// Regular implementation
//
@@ -139,11 +134,8 @@ int mbedtls_internal_ripemd160_process( mbedtls_ripemd160_context *ctx,
*
* \param ctx context to be initialized
*/
-MBEDTLS_DEPRECATED static inline void mbedtls_ripemd160_starts(
- mbedtls_ripemd160_context *ctx )
-{
- mbedtls_ripemd160_starts_ret( ctx );
-}
+MBEDTLS_DEPRECATED void mbedtls_ripemd160_starts(
+ mbedtls_ripemd160_context *ctx );
/**
* \brief RIPEMD-160 process buffer
@@ -154,13 +146,10 @@ MBEDTLS_DEPRECATED static inline void mbedtls_ripemd160_starts(
* \param input buffer holding the data
* \param ilen length of the input data
*/
-MBEDTLS_DEPRECATED static inline void mbedtls_ripemd160_update(
+MBEDTLS_DEPRECATED void mbedtls_ripemd160_update(
mbedtls_ripemd160_context *ctx,
const unsigned char *input,
- size_t ilen )
-{
- mbedtls_ripemd160_update_ret( ctx, input, ilen );
-}
+ size_t ilen );
/**
* \brief RIPEMD-160 final digest
@@ -170,12 +159,9 @@ MBEDTLS_DEPRECATED static inline void mbedtls_ripemd160_update(
* \param ctx RIPEMD-160 context
* \param output RIPEMD-160 checksum result
*/
-MBEDTLS_DEPRECATED static inline void mbedtls_ripemd160_finish(
+MBEDTLS_DEPRECATED void mbedtls_ripemd160_finish(
mbedtls_ripemd160_context *ctx,
- unsigned char output[20] )
-{
- mbedtls_ripemd160_finish_ret( ctx, output );
-}
+ unsigned char output[20] );
/**
* \brief RIPEMD-160 process data block (internal use only)
@@ -185,12 +171,9 @@ MBEDTLS_DEPRECATED static inline void mbedtls_ripemd160_finish(
* \param ctx RIPEMD-160 context
* \param data buffer holding one block of data
*/
-MBEDTLS_DEPRECATED static inline void mbedtls_ripemd160_process(
+MBEDTLS_DEPRECATED void mbedtls_ripemd160_process(
mbedtls_ripemd160_context *ctx,
- const unsigned char data[64] )
-{
- mbedtls_internal_ripemd160_process( ctx, data );
-}
+ const unsigned char data[64] );
#undef MBEDTLS_DEPRECATED
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
@@ -235,13 +218,9 @@ int mbedtls_ripemd160_ret( const unsigned char *input,
* \param ilen length of the input data
* \param output RIPEMD-160 checksum result
*/
-MBEDTLS_DEPRECATED static inline void mbedtls_ripemd160(
- const unsigned char *input,
- size_t ilen,
- unsigned char output[20] )
-{
- mbedtls_ripemd160_ret( input, ilen, output );
-}
+MBEDTLS_DEPRECATED void mbedtls_ripemd160( const unsigned char *input,
+ size_t ilen,
+ unsigned char output[20] );
#undef MBEDTLS_DEPRECATED
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
diff --git a/thirdparty/mbedtls/include/mbedtls/rsa.h b/thirdparty/mbedtls/include/mbedtls/rsa.h
index fb2f77f94f..5548f3c127 100644
--- a/thirdparty/mbedtls/include/mbedtls/rsa.h
+++ b/thirdparty/mbedtls/include/mbedtls/rsa.h
@@ -518,6 +518,18 @@ int mbedtls_rsa_public( mbedtls_rsa_context *ctx,
*
* \note The input and output buffers must be large
* enough. For example, 128 Bytes if RSA-1024 is used.
+ *
+ * \note Blinding is used if and only if a PRNG is provided.
+ *
+ * \note If blinding is used, both the base of exponentation
+ * and the exponent are blinded, providing protection
+ * against some side-channel attacks.
+ *
+ * \warning It is deprecated and a security risk to not provide
+ * a PRNG here and thereby prevent the use of blinding.
+ * Future versions of the library may enforce the presence
+ * of a PRNG.
+ *
*/
int mbedtls_rsa_private( mbedtls_rsa_context *ctx,
int (*f_rng)(void *, unsigned char *, size_t),
diff --git a/thirdparty/mbedtls/include/mbedtls/sha1.h b/thirdparty/mbedtls/include/mbedtls/sha1.h
index e4f8650216..05540cde12 100644
--- a/thirdparty/mbedtls/include/mbedtls/sha1.h
+++ b/thirdparty/mbedtls/include/mbedtls/sha1.h
@@ -39,11 +39,6 @@
#define MBEDTLS_ERR_SHA1_HW_ACCEL_FAILED -0x0035 /**< SHA-1 hardware accelerator failed */
-#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
- !defined(inline) && !defined(__cplusplus)
-#define inline __inline
-#endif
-
#if !defined(MBEDTLS_SHA1_ALT)
// Regular implementation
//
@@ -190,11 +185,7 @@ int mbedtls_internal_sha1_process( mbedtls_sha1_context *ctx,
* stronger message digests instead.
*
*/
-MBEDTLS_DEPRECATED static inline void mbedtls_sha1_starts(
- mbedtls_sha1_context *ctx )
-{
- mbedtls_sha1_starts_ret( ctx );
-}
+MBEDTLS_DEPRECATED void mbedtls_sha1_starts( mbedtls_sha1_context *ctx );
/**
* \brief SHA-1 process buffer
@@ -210,13 +201,9 @@ MBEDTLS_DEPRECATED static inline void mbedtls_sha1_starts(
* stronger message digests instead.
*
*/
-MBEDTLS_DEPRECATED static inline void mbedtls_sha1_update(
- mbedtls_sha1_context *ctx,
- const unsigned char *input,
- size_t ilen )
-{
- mbedtls_sha1_update_ret( ctx, input, ilen );
-}
+MBEDTLS_DEPRECATED void mbedtls_sha1_update( mbedtls_sha1_context *ctx,
+ const unsigned char *input,
+ size_t ilen );
/**
* \brief SHA-1 final digest
@@ -231,12 +218,8 @@ MBEDTLS_DEPRECATED static inline void mbedtls_sha1_update(
* stronger message digests instead.
*
*/
-MBEDTLS_DEPRECATED static inline void mbedtls_sha1_finish(
- mbedtls_sha1_context *ctx,
- unsigned char output[20] )
-{
- mbedtls_sha1_finish_ret( ctx, output );
-}
+MBEDTLS_DEPRECATED void mbedtls_sha1_finish( mbedtls_sha1_context *ctx,
+ unsigned char output[20] );
/**
* \brief SHA-1 process data block (internal use only)
@@ -251,12 +234,8 @@ MBEDTLS_DEPRECATED static inline void mbedtls_sha1_finish(
* stronger message digests instead.
*
*/
-MBEDTLS_DEPRECATED static inline void mbedtls_sha1_process(
- mbedtls_sha1_context *ctx,
- const unsigned char data[64] )
-{
- mbedtls_internal_sha1_process( ctx, data );
-}
+MBEDTLS_DEPRECATED void mbedtls_sha1_process( mbedtls_sha1_context *ctx,
+ const unsigned char data[64] );
#undef MBEDTLS_DEPRECATED
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
@@ -317,12 +296,9 @@ int mbedtls_sha1_ret( const unsigned char *input,
* stronger message digests instead.
*
*/
-MBEDTLS_DEPRECATED static inline void mbedtls_sha1( const unsigned char *input,
- size_t ilen,
- unsigned char output[20] )
-{
- mbedtls_sha1_ret( input, ilen, output );
-}
+MBEDTLS_DEPRECATED void mbedtls_sha1( const unsigned char *input,
+ size_t ilen,
+ unsigned char output[20] );
#undef MBEDTLS_DEPRECATED
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
diff --git a/thirdparty/mbedtls/include/mbedtls/sha256.h b/thirdparty/mbedtls/include/mbedtls/sha256.h
index a2b6e11644..ffb16c277a 100644
--- a/thirdparty/mbedtls/include/mbedtls/sha256.h
+++ b/thirdparty/mbedtls/include/mbedtls/sha256.h
@@ -35,10 +35,6 @@
#define MBEDTLS_ERR_SHA256_HW_ACCEL_FAILED -0x0037 /**< SHA-256 hardware accelerator failed */
-#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
- !defined(inline) && !defined(__cplusplus)
-#define inline __inline
-#endif
#if !defined(MBEDTLS_SHA256_ALT)
// Regular implementation
//
@@ -156,12 +152,8 @@ int mbedtls_internal_sha256_process( mbedtls_sha256_context *ctx,
* <ul><li>0: Use SHA-256.</li>
* <li>1: Use SHA-224.</li></ul>
*/
-MBEDTLS_DEPRECATED static inline void mbedtls_sha256_starts(
- mbedtls_sha256_context *ctx,
- int is224 )
-{
- mbedtls_sha256_starts_ret( ctx, is224 );
-}
+MBEDTLS_DEPRECATED void mbedtls_sha256_starts( mbedtls_sha256_context *ctx,
+ int is224 );
/**
* \brief This function feeds an input buffer into an ongoing
@@ -173,13 +165,9 @@ MBEDTLS_DEPRECATED static inline void mbedtls_sha256_starts(
* \param input The buffer holding the data.
* \param ilen The length of the input data.
*/
-MBEDTLS_DEPRECATED static inline void mbedtls_sha256_update(
- mbedtls_sha256_context *ctx,
- const unsigned char *input,
- size_t ilen )
-{
- mbedtls_sha256_update_ret( ctx, input, ilen );
-}
+MBEDTLS_DEPRECATED void mbedtls_sha256_update( mbedtls_sha256_context *ctx,
+ const unsigned char *input,
+ size_t ilen );
/**
* \brief This function finishes the SHA-256 operation, and writes
@@ -190,12 +178,8 @@ MBEDTLS_DEPRECATED static inline void mbedtls_sha256_update(
* \param ctx The SHA-256 context.
* \param output The SHA-224or SHA-256 checksum result.
*/
-MBEDTLS_DEPRECATED static inline void mbedtls_sha256_finish(
- mbedtls_sha256_context *ctx,
- unsigned char output[32] )
-{
- mbedtls_sha256_finish_ret( ctx, output );
-}
+MBEDTLS_DEPRECATED void mbedtls_sha256_finish( mbedtls_sha256_context *ctx,
+ unsigned char output[32] );
/**
* \brief This function processes a single data block within
@@ -207,12 +191,8 @@ MBEDTLS_DEPRECATED static inline void mbedtls_sha256_finish(
* \param ctx The SHA-256 context.
* \param data The buffer holding one block of data.
*/
-MBEDTLS_DEPRECATED static inline void mbedtls_sha256_process(
- mbedtls_sha256_context *ctx,
- const unsigned char data[64] )
-{
- mbedtls_internal_sha256_process( ctx, data );
-}
+MBEDTLS_DEPRECATED void mbedtls_sha256_process( mbedtls_sha256_context *ctx,
+ const unsigned char data[64] );
#undef MBEDTLS_DEPRECATED
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
@@ -276,14 +256,10 @@ int mbedtls_sha256_ret( const unsigned char *input,
* <ul><li>0: Use SHA-256.</li>
* <li>1: Use SHA-224.</li></ul>
*/
-MBEDTLS_DEPRECATED static inline void mbedtls_sha256(
- const unsigned char *input,
- size_t ilen,
- unsigned char output[32],
- int is224 )
-{
- mbedtls_sha256_ret( input, ilen, output, is224 );
-}
+MBEDTLS_DEPRECATED void mbedtls_sha256( const unsigned char *input,
+ size_t ilen,
+ unsigned char output[32],
+ int is224 );
#undef MBEDTLS_DEPRECATED
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
diff --git a/thirdparty/mbedtls/include/mbedtls/sha512.h b/thirdparty/mbedtls/include/mbedtls/sha512.h
index 52ae204d44..8404a2d599 100644
--- a/thirdparty/mbedtls/include/mbedtls/sha512.h
+++ b/thirdparty/mbedtls/include/mbedtls/sha512.h
@@ -35,10 +35,6 @@
#define MBEDTLS_ERR_SHA512_HW_ACCEL_FAILED -0x0039 /**< SHA-512 hardware accelerator failed */
-#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
- !defined(inline) && !defined(__cplusplus)
-#define inline __inline
-#endif
#if !defined(MBEDTLS_SHA512_ALT)
// Regular implementation
//
@@ -156,12 +152,8 @@ int mbedtls_internal_sha512_process( mbedtls_sha512_context *ctx,
* <ul><li>0: Use SHA-512.</li>
* <li>1: Use SHA-384.</li></ul>
*/
-MBEDTLS_DEPRECATED static inline void mbedtls_sha512_starts(
- mbedtls_sha512_context *ctx,
- int is384 )
-{
- mbedtls_sha512_starts_ret( ctx, is384 );
-}
+MBEDTLS_DEPRECATED void mbedtls_sha512_starts( mbedtls_sha512_context *ctx,
+ int is384 );
/**
* \brief This function feeds an input buffer into an ongoing
@@ -173,13 +165,9 @@ MBEDTLS_DEPRECATED static inline void mbedtls_sha512_starts(
* \param input The buffer holding the data.
* \param ilen The length of the input data.
*/
-MBEDTLS_DEPRECATED static inline void mbedtls_sha512_update(
- mbedtls_sha512_context *ctx,
- const unsigned char *input,
- size_t ilen )
-{
- mbedtls_sha512_update_ret( ctx, input, ilen );
-}
+MBEDTLS_DEPRECATED void mbedtls_sha512_update( mbedtls_sha512_context *ctx,
+ const unsigned char *input,
+ size_t ilen );
/**
* \brief This function finishes the SHA-512 operation, and writes
@@ -190,12 +178,8 @@ MBEDTLS_DEPRECATED static inline void mbedtls_sha512_update(
* \param ctx The SHA-512 context.
* \param output The SHA-384 or SHA-512 checksum result.
*/
-MBEDTLS_DEPRECATED static inline void mbedtls_sha512_finish(
- mbedtls_sha512_context *ctx,
- unsigned char output[64] )
-{
- mbedtls_sha512_finish_ret( ctx, output );
-}
+MBEDTLS_DEPRECATED void mbedtls_sha512_finish( mbedtls_sha512_context *ctx,
+ unsigned char output[64] );
/**
* \brief This function processes a single data block within
@@ -207,12 +191,9 @@ MBEDTLS_DEPRECATED static inline void mbedtls_sha512_finish(
* \param ctx The SHA-512 context.
* \param data The buffer holding one block of data.
*/
-MBEDTLS_DEPRECATED static inline void mbedtls_sha512_process(
+MBEDTLS_DEPRECATED void mbedtls_sha512_process(
mbedtls_sha512_context *ctx,
- const unsigned char data[128] )
-{
- mbedtls_internal_sha512_process( ctx, data );
-}
+ const unsigned char data[128] );
#undef MBEDTLS_DEPRECATED
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
@@ -278,14 +259,10 @@ int mbedtls_sha512_ret( const unsigned char *input,
* <ul><li>0: Use SHA-512.</li>
* <li>1: Use SHA-384.</li></ul>
*/
-MBEDTLS_DEPRECATED static inline void mbedtls_sha512(
- const unsigned char *input,
- size_t ilen,
- unsigned char output[64],
- int is384 )
-{
- mbedtls_sha512_ret( input, ilen, output, is384 );
-}
+MBEDTLS_DEPRECATED void mbedtls_sha512( const unsigned char *input,
+ size_t ilen,
+ unsigned char output[64],
+ int is384 );
#undef MBEDTLS_DEPRECATED
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
diff --git a/thirdparty/mbedtls/include/mbedtls/ssl.h b/thirdparty/mbedtls/include/mbedtls/ssl.h
index 51e843ae24..dffc162191 100644
--- a/thirdparty/mbedtls/include/mbedtls/ssl.h
+++ b/thirdparty/mbedtls/include/mbedtls/ssl.h
@@ -49,6 +49,15 @@
#endif
#if defined(MBEDTLS_ZLIB_SUPPORT)
+
+#if defined(MBEDTLS_DEPRECATED_WARNING)
+#warning "Record compression support via MBEDTLS_ZLIB_SUPPORT is deprecated and will be removed in the next major revision of the library"
+#endif
+
+#if defined(MBEDTLS_DEPRECATED_REMOVED)
+#error "Record compression support via MBEDTLS_ZLIB_SUPPORT is deprecated and cannot be used if MBEDTLS_DEPRECATED_REMOVED is set"
+#endif
+
#include "zlib.h"
#endif
@@ -971,8 +980,13 @@ void mbedtls_ssl_init( mbedtls_ssl_context *ssl );
* \note No copy of the configuration context is made, it can be
* shared by many mbedtls_ssl_context structures.
*
- * \warning Modifying the conf structure after it has been used in this
- * function is unsupported!
+ * \warning The conf structure will be accessed during the session.
+ * It must not be modified or freed as long as the session
+ * is active.
+ *
+ * \warning This function must be called exactly once per context.
+ * Calling mbedtls_ssl_setup again is not supported, even
+ * if no session is active.
*
* \param ssl SSL context
* \param conf SSL configuration to use
diff --git a/thirdparty/mbedtls/include/mbedtls/ssl_internal.h b/thirdparty/mbedtls/include/mbedtls/ssl_internal.h
index 9f583a8777..60b431a0f4 100644
--- a/thirdparty/mbedtls/include/mbedtls/ssl_internal.h
+++ b/thirdparty/mbedtls/include/mbedtls/ssl_internal.h
@@ -71,6 +71,9 @@
#endif /* MBEDTLS_SSL_PROTO_TLS1 */
#endif /* MBEDTLS_SSL_PROTO_SSL3 */
+#define MBEDTLS_SSL_MIN_VALID_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_1
+#define MBEDTLS_SSL_MIN_VALID_MAJOR_VERSION MBEDTLS_SSL_MAJOR_VERSION_3
+
/* Determine maximum supported version */
#define MBEDTLS_SSL_MAX_MAJOR_VERSION MBEDTLS_SSL_MAJOR_VERSION_3
diff --git a/thirdparty/mbedtls/include/mbedtls/version.h b/thirdparty/mbedtls/include/mbedtls/version.h
index 961be59c35..c3ee649f5c 100644
--- a/thirdparty/mbedtls/include/mbedtls/version.h
+++ b/thirdparty/mbedtls/include/mbedtls/version.h
@@ -39,7 +39,7 @@
* Major, Minor, Patchlevel
*/
#define MBEDTLS_VERSION_MAJOR 2
-#define MBEDTLS_VERSION_MINOR 7
+#define MBEDTLS_VERSION_MINOR 8
#define MBEDTLS_VERSION_PATCH 0
/**
@@ -47,9 +47,9 @@
* MMNNPP00
* Major version | Minor version | Patch version
*/
-#define MBEDTLS_VERSION_NUMBER 0x02070000
-#define MBEDTLS_VERSION_STRING "2.7.0"
-#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 2.7.0"
+#define MBEDTLS_VERSION_NUMBER 0x02080000
+#define MBEDTLS_VERSION_STRING "2.8.0"
+#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 2.8.0"
#if defined(MBEDTLS_VERSION_C)
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-22 01:17:04 +0000