From 878367b3acfde1a6dbc666dc69e630757d499610 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A9mi=20Verschelde?= Date: Tue, 18 Apr 2023 10:38:24 +0200 Subject: mbedtls: Update to upstream version 2.28.3 Rediff patch from PR 1453, lstrlenW is no longer used upstream so that part of the patch was dropped. (cherry picked from commit 1fde2092d0b6e840f026abaf438c4e591138125a) --- thirdparty/README.md | 4 +- thirdparty/mbedtls/include/mbedtls/aes.h | 146 +- thirdparty/mbedtls/include/mbedtls/aesni.h | 73 +- thirdparty/mbedtls/include/mbedtls/arc4.h | 17 +- thirdparty/mbedtls/include/mbedtls/aria.h | 69 +- thirdparty/mbedtls/include/mbedtls/asn1.h | 120 +- thirdparty/mbedtls/include/mbedtls/asn1write.h | 90 +- thirdparty/mbedtls/include/mbedtls/base64.h | 10 +- thirdparty/mbedtls/include/mbedtls/bignum.h | 245 +- thirdparty/mbedtls/include/mbedtls/blowfish.h | 61 +- thirdparty/mbedtls/include/mbedtls/bn_mul.h | 48 +- thirdparty/mbedtls/include/mbedtls/camellia.h | 71 +- thirdparty/mbedtls/include/mbedtls/ccm.h | 57 +- thirdparty/mbedtls/include/mbedtls/certs.h | 22 +- thirdparty/mbedtls/include/mbedtls/chacha20.h | 39 +- thirdparty/mbedtls/include/mbedtls/chachapoly.h | 72 +- thirdparty/mbedtls/include/mbedtls/check_config.h | 11 +- thirdparty/mbedtls/include/mbedtls/cipher.h | 228 +- .../mbedtls/include/mbedtls/cipher_internal.h | 64 +- thirdparty/mbedtls/include/mbedtls/cmac.h | 35 +- thirdparty/mbedtls/include/mbedtls/compat-1.3.h | 54 +- thirdparty/mbedtls/include/mbedtls/config.h | 61 +- thirdparty/mbedtls/include/mbedtls/constant_time.h | 6 +- thirdparty/mbedtls/include/mbedtls/ctr_drbg.h | 71 +- thirdparty/mbedtls/include/mbedtls/debug.h | 103 +- thirdparty/mbedtls/include/mbedtls/des.h | 142 +- thirdparty/mbedtls/include/mbedtls/dhm.h | 1095 ++-- thirdparty/mbedtls/include/mbedtls/ecdh.h | 95 +- thirdparty/mbedtls/include/mbedtls/ecdsa.h | 117 +- thirdparty/mbedtls/include/mbedtls/ecjpake.h | 59 +- thirdparty/mbedtls/include/mbedtls/ecp.h | 217 +- thirdparty/mbedtls/include/mbedtls/ecp_internal.h | 54 +- thirdparty/mbedtls/include/mbedtls/entropy.h | 38 +- thirdparty/mbedtls/include/mbedtls/entropy_poll.h | 24 +- thirdparty/mbedtls/include/mbedtls/error.h | 29 +- thirdparty/mbedtls/include/mbedtls/gcm.h | 89 +- thirdparty/mbedtls/include/mbedtls/havege.h | 9 +- thirdparty/mbedtls/include/mbedtls/hkdf.h | 22 +- thirdparty/mbedtls/include/mbedtls/hmac_drbg.h | 65 +- thirdparty/mbedtls/include/mbedtls/md.h | 66 +- thirdparty/mbedtls/include/mbedtls/md2.h | 53 +- thirdparty/mbedtls/include/mbedtls/md4.h | 57 +- thirdparty/mbedtls/include/mbedtls/md5.h | 57 +- thirdparty/mbedtls/include/mbedtls/md_internal.h | 5 +- .../mbedtls/include/mbedtls/memory_buffer_alloc.h | 21 +- thirdparty/mbedtls/include/mbedtls/net_sockets.h | 35 +- thirdparty/mbedtls/include/mbedtls/nist_kw.h | 31 +- thirdparty/mbedtls/include/mbedtls/oid.h | 69 +- thirdparty/mbedtls/include/mbedtls/padlock.h | 22 +- thirdparty/mbedtls/include/mbedtls/pem.h | 21 +- thirdparty/mbedtls/include/mbedtls/pk.h | 210 +- thirdparty/mbedtls/include/mbedtls/pk_internal.h | 72 +- thirdparty/mbedtls/include/mbedtls/pkcs11.h | 79 +- thirdparty/mbedtls/include/mbedtls/pkcs12.h | 26 +- thirdparty/mbedtls/include/mbedtls/pkcs5.h | 18 +- thirdparty/mbedtls/include/mbedtls/platform.h | 59 +- thirdparty/mbedtls/include/mbedtls/platform_time.h | 4 +- thirdparty/mbedtls/include/mbedtls/platform_util.h | 56 +- thirdparty/mbedtls/include/mbedtls/poly1305.h | 31 +- thirdparty/mbedtls/include/mbedtls/ripemd160.h | 57 +- thirdparty/mbedtls/include/mbedtls/rsa.h | 319 +- thirdparty/mbedtls/include/mbedtls/rsa_internal.h | 36 +- thirdparty/mbedtls/include/mbedtls/sha1.h | 57 +- thirdparty/mbedtls/include/mbedtls/sha256.h | 63 +- thirdparty/mbedtls/include/mbedtls/sha512.h | 65 +- thirdparty/mbedtls/include/mbedtls/ssl.h | 696 +-- thirdparty/mbedtls/include/mbedtls/ssl_cache.h | 18 +- .../mbedtls/include/mbedtls/ssl_ciphersuites.h | 92 +- thirdparty/mbedtls/include/mbedtls/ssl_cookie.h | 15 +- thirdparty/mbedtls/include/mbedtls/ssl_internal.h | 450 +- thirdparty/mbedtls/include/mbedtls/ssl_ticket.h | 18 +- thirdparty/mbedtls/include/mbedtls/threading.h | 21 +- thirdparty/mbedtls/include/mbedtls/timing.h | 18 +- thirdparty/mbedtls/include/mbedtls/version.h | 16 +- thirdparty/mbedtls/include/mbedtls/x509.h | 89 +- thirdparty/mbedtls/include/mbedtls/x509_crl.h | 34 +- thirdparty/mbedtls/include/mbedtls/x509_crt.h | 251 +- thirdparty/mbedtls/include/mbedtls/x509_csr.h | 66 +- thirdparty/mbedtls/include/mbedtls/xtea.h | 31 +- thirdparty/mbedtls/library/aes.c | 1776 +++--- thirdparty/mbedtls/library/aesni.c | 552 +- thirdparty/mbedtls/library/arc4.c | 82 +- thirdparty/mbedtls/library/aria.c | 686 +-- thirdparty/mbedtls/library/asn1parse.c | 455 +- thirdparty/mbedtls/library/asn1write.c | 410 +- thirdparty/mbedtls/library/base64.c | 197 +- thirdparty/mbedtls/library/bignum.c | 2466 +++++---- thirdparty/mbedtls/library/blowfish.c | 353 +- thirdparty/mbedtls/library/camellia.c | 822 +-- thirdparty/mbedtls/library/ccm.c | 437 +- thirdparty/mbedtls/library/certs.c | 1818 +++---- thirdparty/mbedtls/library/chacha20.c | 290 +- thirdparty/mbedtls/library/chachapoly.c | 438 +- thirdparty/mbedtls/library/check_crypto_config.h | 38 +- thirdparty/mbedtls/library/cipher.c | 1446 +++-- thirdparty/mbedtls/library/cipher_wrap.c | 693 +-- thirdparty/mbedtls/library/cmac.c | 748 ++- thirdparty/mbedtls/library/common.h | 201 +- thirdparty/mbedtls/library/constant_time.c | 447 +- .../mbedtls/library/constant_time_internal.h | 84 +- .../mbedtls/library/constant_time_invasive.h | 6 +- thirdparty/mbedtls/library/ctr_drbg.c | 738 +-- thirdparty/mbedtls/library/debug.c | 313 +- thirdparty/mbedtls/library/des.c | 675 +-- thirdparty/mbedtls/library/dhm.c | 636 +-- thirdparty/mbedtls/library/ecdh.c | 614 ++- thirdparty/mbedtls/library/ecdsa.c | 795 +-- thirdparty/mbedtls/library/ecjpake.c | 905 +-- thirdparty/mbedtls/library/ecp.c | 2648 ++++----- thirdparty/mbedtls/library/ecp_curves.c | 1221 +++-- thirdparty/mbedtls/library/ecp_invasive.h | 10 +- thirdparty/mbedtls/library/entropy.c | 504 +- thirdparty/mbedtls/library/entropy_poll.c | 138 +- thirdparty/mbedtls/library/error.c | 90 +- thirdparty/mbedtls/library/gcm.c | 779 +-- thirdparty/mbedtls/library/havege.c | 69 +- thirdparty/mbedtls/library/hkdf.c | 114 +- thirdparty/mbedtls/library/hmac_drbg.c | 462 +- thirdparty/mbedtls/library/md.c | 566 +- thirdparty/mbedtls/library/md2.c | 190 +- thirdparty/mbedtls/library/md4.c | 371 +- thirdparty/mbedtls/library/md5.c | 398 +- thirdparty/mbedtls/library/memory_buffer_alloc.c | 553 +- thirdparty/mbedtls/library/mps_common.h | 32 +- thirdparty/mbedtls/library/mps_error.h | 26 +- thirdparty/mbedtls/library/mps_reader.c | 327 +- thirdparty/mbedtls/library/mps_reader.h | 150 +- thirdparty/mbedtls/library/mps_trace.c | 45 +- thirdparty/mbedtls/library/mps_trace.h | 95 +- thirdparty/mbedtls/library/net_sockets.c | 485 +- thirdparty/mbedtls/library/nist_kw.c | 517 +- thirdparty/mbedtls/library/oid.c | 448 +- thirdparty/mbedtls/library/padlock.c | 76 +- thirdparty/mbedtls/library/pem.c | 449 +- thirdparty/mbedtls/library/pk.c | 579 +- thirdparty/mbedtls/library/pk_wrap.c | 788 +-- thirdparty/mbedtls/library/pkcs11.c | 171 +- thirdparty/mbedtls/library/pkcs12.c | 332 +- thirdparty/mbedtls/library/pkcs5.c | 309 +- thirdparty/mbedtls/library/pkparse.c | 1324 ++--- thirdparty/mbedtls/library/pkwrite.c | 450 +- thirdparty/mbedtls/library/platform.c | 200 +- thirdparty/mbedtls/library/platform_util.c | 50 +- thirdparty/mbedtls/library/poly1305.c | 339 +- thirdparty/mbedtls/library/ripemd160.c | 431 +- thirdparty/mbedtls/library/rsa.c | 2266 ++++---- thirdparty/mbedtls/library/rsa_internal.c | 337 +- thirdparty/mbedtls/library/sha1.c | 487 +- thirdparty/mbedtls/library/sha256.c | 432 +- thirdparty/mbedtls/library/sha512.c | 411 +- thirdparty/mbedtls/library/ssl_cache.c | 172 +- thirdparty/mbedtls/library/ssl_ciphersuites.c | 268 +- thirdparty/mbedtls/library/ssl_cli.c | 3776 ++++++------- thirdparty/mbedtls/library/ssl_cookie.c | 163 +- thirdparty/mbedtls/library/ssl_msg.c | 4763 ++++++++-------- thirdparty/mbedtls/library/ssl_srv.c | 3914 +++++++------ thirdparty/mbedtls/library/ssl_ticket.c | 310 +- thirdparty/mbedtls/library/ssl_tls.c | 5747 ++++++++++---------- thirdparty/mbedtls/library/ssl_tls13_keys.c | 302 +- thirdparty/mbedtls/library/ssl_tls13_keys.h | 90 +- thirdparty/mbedtls/library/threading.c | 98 +- thirdparty/mbedtls/library/timing.c | 324 +- thirdparty/mbedtls/library/version.c | 16 +- thirdparty/mbedtls/library/version_features.c | 24 +- thirdparty/mbedtls/library/x509.c | 834 +-- thirdparty/mbedtls/library/x509_create.c | 280 +- thirdparty/mbedtls/library/x509_crl.c | 606 +-- thirdparty/mbedtls/library/x509_crt.c | 2645 +++++---- thirdparty/mbedtls/library/x509_csr.c | 270 +- thirdparty/mbedtls/library/x509write_crt.c | 510 +- thirdparty/mbedtls/library/x509write_csr.c | 293 +- thirdparty/mbedtls/library/xtea.c | 157 +- thirdparty/mbedtls/patches/1453.diff | 95 +- .../mbedtls/patches/windows-arm64-hardclock.diff | 4 +- 174 files changed, 35966 insertions(+), 35721 deletions(-) diff --git a/thirdparty/README.md b/thirdparty/README.md index b015c2bd47..da160b65c5 100644 --- a/thirdparty/README.md +++ b/thirdparty/README.md @@ -363,7 +363,7 @@ Files extracted from upstream source: ## mbedtls - Upstream: https://github.com/Mbed-TLS/mbedtls -- Version: 2.18.2 (89f040a5c938985c5f30728baed21e49d0846a53, 2022) +- Version: 2.18.3 (981743de6fcdbe672e482b6fd724d31d0a0d2476, 2023) - License: Apache 2.0 File extracted from upstream release tarball: @@ -371,7 +371,7 @@ File extracted from upstream release tarball: - All `*.h` from `include/mbedtls/` to `thirdparty/mbedtls/include/mbedtls/` except `config_psa.h` and `psa_util.h`. - All `*.c` and `*.h` from `library/` to `thirdparty/mbedtls/library/` except those starting with `psa_*`. - The `LICENSE` file. -- Applied the patch in `patches/1453.diff` (upstream PR: +- Applied the patch in `patches/1453.diff` to fix UWP build (upstream PR: https://github.com/ARMmbed/mbedtls/pull/1453). Applied the patch in `patches/windows-arm64-hardclock.diff` - Added 2 files `godot_core_mbedtls_platform.c` and `godot_core_mbedtls_config.h` diff --git a/thirdparty/mbedtls/include/mbedtls/aes.h b/thirdparty/mbedtls/include/mbedtls/aes.h index 401ac39de8..fb2322a6bb 100644 --- a/thirdparty/mbedtls/include/mbedtls/aes.h +++ b/thirdparty/mbedtls/include/mbedtls/aes.h @@ -72,7 +72,7 @@ /** AES hardware accelerator failed. */ #define MBEDTLS_ERR_AES_HW_ACCEL_FAILED -0x0025 -#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \ +#if (defined(__ARMCC_VERSION) || defined(_MSC_VER)) && \ !defined(inline) && !defined(__cplusplus) #define inline __inline #endif @@ -88,8 +88,7 @@ extern "C" { /** * \brief The AES context-type definition. */ -typedef struct mbedtls_aes_context -{ +typedef struct mbedtls_aes_context { int nr; /*!< The number of rounds. */ uint32_t *rk; /*!< AES round keys. */ uint32_t buf[68]; /*!< Unaligned data buffer. This buffer can @@ -107,8 +106,7 @@ mbedtls_aes_context; /** * \brief The AES XTS context-type definition. */ -typedef struct mbedtls_aes_xts_context -{ +typedef struct mbedtls_aes_xts_context { mbedtls_aes_context crypt; /*!< The AES context to use for AES block encryption or decryption. */ mbedtls_aes_context tweak; /*!< The AES context used for tweak @@ -128,7 +126,7 @@ typedef struct mbedtls_aes_xts_context * * \param ctx The AES context to initialize. This must not be \c NULL. */ -void mbedtls_aes_init( mbedtls_aes_context *ctx ); +void mbedtls_aes_init(mbedtls_aes_context *ctx); /** * \brief This function releases and clears the specified AES context. @@ -137,7 +135,7 @@ void mbedtls_aes_init( mbedtls_aes_context *ctx ); * If this is \c NULL, this function does nothing. * Otherwise, the context must have been at least initialized. */ -void mbedtls_aes_free( mbedtls_aes_context *ctx ); +void mbedtls_aes_free(mbedtls_aes_context *ctx); #if defined(MBEDTLS_CIPHER_MODE_XTS) /** @@ -148,7 +146,7 @@ void mbedtls_aes_free( mbedtls_aes_context *ctx ); * * \param ctx The AES XTS context to initialize. This must not be \c NULL. */ -void mbedtls_aes_xts_init( mbedtls_aes_xts_context *ctx ); +void mbedtls_aes_xts_init(mbedtls_aes_xts_context *ctx); /** * \brief This function releases and clears the specified AES XTS context. @@ -157,7 +155,7 @@ void mbedtls_aes_xts_init( mbedtls_aes_xts_context *ctx ); * If this is \c NULL, this function does nothing. * Otherwise, the context must have been at least initialized. */ -void mbedtls_aes_xts_free( mbedtls_aes_xts_context *ctx ); +void mbedtls_aes_xts_free(mbedtls_aes_xts_context *ctx); #endif /* MBEDTLS_CIPHER_MODE_XTS */ /** @@ -176,8 +174,8 @@ void mbedtls_aes_xts_free( mbedtls_aes_xts_context *ctx ); * \return #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure. */ MBEDTLS_CHECK_RETURN_TYPICAL -int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key, - unsigned int keybits ); +int mbedtls_aes_setkey_enc(mbedtls_aes_context *ctx, const unsigned char *key, + unsigned int keybits); /** * \brief This function sets the decryption key. @@ -195,8 +193,8 @@ int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key, * \return #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure. */ MBEDTLS_CHECK_RETURN_TYPICAL -int mbedtls_aes_setkey_dec( mbedtls_aes_context *ctx, const unsigned char *key, - unsigned int keybits ); +int mbedtls_aes_setkey_dec(mbedtls_aes_context *ctx, const unsigned char *key, + unsigned int keybits); #if defined(MBEDTLS_CIPHER_MODE_XTS) /** @@ -216,9 +214,9 @@ int mbedtls_aes_setkey_dec( mbedtls_aes_context *ctx, const unsigned char *key, * \return #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure. */ MBEDTLS_CHECK_RETURN_TYPICAL -int mbedtls_aes_xts_setkey_enc( mbedtls_aes_xts_context *ctx, - const unsigned char *key, - unsigned int keybits ); +int mbedtls_aes_xts_setkey_enc(mbedtls_aes_xts_context *ctx, + const unsigned char *key, + unsigned int keybits); /** * \brief This function prepares an XTS context for decryption and @@ -237,9 +235,9 @@ int mbedtls_aes_xts_setkey_enc( mbedtls_aes_xts_context *ctx, * \return #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure. */ MBEDTLS_CHECK_RETURN_TYPICAL -int mbedtls_aes_xts_setkey_dec( mbedtls_aes_xts_context *ctx, - const unsigned char *key, - unsigned int keybits ); +int mbedtls_aes_xts_setkey_dec(mbedtls_aes_xts_context *ctx, + const unsigned char *key, + unsigned int keybits); #endif /* MBEDTLS_CIPHER_MODE_XTS */ /** @@ -266,10 +264,10 @@ int mbedtls_aes_xts_setkey_dec( mbedtls_aes_xts_context *ctx, * \return \c 0 on success. */ MBEDTLS_CHECK_RETURN_TYPICAL -int mbedtls_aes_crypt_ecb( mbedtls_aes_context *ctx, - int mode, - const unsigned char input[16], - unsigned char output[16] ); +int mbedtls_aes_crypt_ecb(mbedtls_aes_context *ctx, + int mode, + const unsigned char input[16], + unsigned char output[16]); #if defined(MBEDTLS_CIPHER_MODE_CBC) /** @@ -314,12 +312,12 @@ int mbedtls_aes_crypt_ecb( mbedtls_aes_context *ctx, * on failure. */ MBEDTLS_CHECK_RETURN_TYPICAL -int mbedtls_aes_crypt_cbc( mbedtls_aes_context *ctx, - int mode, - size_t length, - unsigned char iv[16], - const unsigned char *input, - unsigned char *output ); +int mbedtls_aes_crypt_cbc(mbedtls_aes_context *ctx, + int mode, + size_t length, + unsigned char iv[16], + const unsigned char *input, + unsigned char *output); #endif /* MBEDTLS_CIPHER_MODE_CBC */ #if defined(MBEDTLS_CIPHER_MODE_XTS) @@ -359,12 +357,12 @@ int mbedtls_aes_crypt_cbc( mbedtls_aes_context *ctx, * length is larger than 2^20 blocks (16 MiB). */ MBEDTLS_CHECK_RETURN_TYPICAL -int mbedtls_aes_crypt_xts( mbedtls_aes_xts_context *ctx, - int mode, - size_t length, - const unsigned char data_unit[16], - const unsigned char *input, - unsigned char *output ); +int mbedtls_aes_crypt_xts(mbedtls_aes_xts_context *ctx, + int mode, + size_t length, + const unsigned char data_unit[16], + const unsigned char *input, + unsigned char *output); #endif /* MBEDTLS_CIPHER_MODE_XTS */ #if defined(MBEDTLS_CIPHER_MODE_CFB) @@ -408,13 +406,13 @@ int mbedtls_aes_crypt_xts( mbedtls_aes_xts_context *ctx, * \return \c 0 on success. */ MBEDTLS_CHECK_RETURN_TYPICAL -int mbedtls_aes_crypt_cfb128( mbedtls_aes_context *ctx, - int mode, - size_t length, - size_t *iv_off, - unsigned char iv[16], - const unsigned char *input, - unsigned char *output ); +int mbedtls_aes_crypt_cfb128(mbedtls_aes_context *ctx, + int mode, + size_t length, + size_t *iv_off, + unsigned char iv[16], + const unsigned char *input, + unsigned char *output); /** * \brief This function performs an AES-CFB8 encryption or decryption @@ -453,12 +451,12 @@ int mbedtls_aes_crypt_cfb128( mbedtls_aes_context *ctx, * \return \c 0 on success. */ MBEDTLS_CHECK_RETURN_TYPICAL -int mbedtls_aes_crypt_cfb8( mbedtls_aes_context *ctx, - int mode, - size_t length, - unsigned char iv[16], - const unsigned char *input, - unsigned char *output ); +int mbedtls_aes_crypt_cfb8(mbedtls_aes_context *ctx, + int mode, + size_t length, + unsigned char iv[16], + const unsigned char *input, + unsigned char *output); #endif /*MBEDTLS_CIPHER_MODE_CFB */ #if defined(MBEDTLS_CIPHER_MODE_OFB) @@ -508,12 +506,12 @@ int mbedtls_aes_crypt_cfb8( mbedtls_aes_context *ctx, * \return \c 0 on success. */ MBEDTLS_CHECK_RETURN_TYPICAL -int mbedtls_aes_crypt_ofb( mbedtls_aes_context *ctx, - size_t length, - size_t *iv_off, - unsigned char iv[16], - const unsigned char *input, - unsigned char *output ); +int mbedtls_aes_crypt_ofb(mbedtls_aes_context *ctx, + size_t length, + size_t *iv_off, + unsigned char iv[16], + const unsigned char *input, + unsigned char *output); #endif /* MBEDTLS_CIPHER_MODE_OFB */ @@ -591,13 +589,13 @@ int mbedtls_aes_crypt_ofb( mbedtls_aes_context *ctx, * \return \c 0 on success. */ MBEDTLS_CHECK_RETURN_TYPICAL -int mbedtls_aes_crypt_ctr( mbedtls_aes_context *ctx, - size_t length, - size_t *nc_off, - unsigned char nonce_counter[16], - unsigned char stream_block[16], - const unsigned char *input, - unsigned char *output ); +int mbedtls_aes_crypt_ctr(mbedtls_aes_context *ctx, + size_t length, + size_t *nc_off, + unsigned char nonce_counter[16], + unsigned char stream_block[16], + const unsigned char *input, + unsigned char *output); #endif /* MBEDTLS_CIPHER_MODE_CTR */ /** @@ -612,9 +610,9 @@ int mbedtls_aes_crypt_ctr( mbedtls_aes_context *ctx, * \return \c 0 on success. */ MBEDTLS_CHECK_RETURN_TYPICAL -int mbedtls_internal_aes_encrypt( mbedtls_aes_context *ctx, - const unsigned char input[16], - unsigned char output[16] ); +int mbedtls_internal_aes_encrypt(mbedtls_aes_context *ctx, + const unsigned char input[16], + unsigned char output[16]); /** * \brief Internal AES block decryption function. This is only @@ -628,9 +626,9 @@ int mbedtls_internal_aes_encrypt( mbedtls_aes_context *ctx, * \return \c 0 on success. */ MBEDTLS_CHECK_RETURN_TYPICAL -int mbedtls_internal_aes_decrypt( mbedtls_aes_context *ctx, - const unsigned char input[16], - unsigned char output[16] ); +int mbedtls_internal_aes_decrypt(mbedtls_aes_context *ctx, + const unsigned char input[16], + unsigned char output[16]); #if !defined(MBEDTLS_DEPRECATED_REMOVED) #if defined(MBEDTLS_DEPRECATED_WARNING) @@ -648,9 +646,9 @@ int mbedtls_internal_aes_decrypt( mbedtls_aes_context *ctx, * \param input Plaintext block. * \param output Output (ciphertext) block. */ -MBEDTLS_DEPRECATED void mbedtls_aes_encrypt( mbedtls_aes_context *ctx, - const unsigned char input[16], - unsigned char output[16] ); +MBEDTLS_DEPRECATED void mbedtls_aes_encrypt(mbedtls_aes_context *ctx, + const unsigned char input[16], + unsigned char output[16]); /** * \brief Deprecated internal AES block decryption function @@ -662,9 +660,9 @@ MBEDTLS_DEPRECATED void mbedtls_aes_encrypt( mbedtls_aes_context *ctx, * \param input Ciphertext block. * \param output Output (plaintext) block. */ -MBEDTLS_DEPRECATED void mbedtls_aes_decrypt( mbedtls_aes_context *ctx, - const unsigned char input[16], - unsigned char output[16] ); +MBEDTLS_DEPRECATED void mbedtls_aes_decrypt(mbedtls_aes_context *ctx, + const unsigned char input[16], + unsigned char output[16]); #undef MBEDTLS_DEPRECATED #endif /* !MBEDTLS_DEPRECATED_REMOVED */ @@ -678,7 +676,7 @@ MBEDTLS_DEPRECATED void mbedtls_aes_decrypt( mbedtls_aes_context *ctx, * \return \c 1 on failure. */ MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_aes_self_test( int verbose ); +int mbedtls_aes_self_test(int verbose); #endif /* MBEDTLS_SELF_TEST */ diff --git a/thirdparty/mbedtls/include/mbedtls/aesni.h b/thirdparty/mbedtls/include/mbedtls/aesni.h index c1d22f59af..6741dead05 100644 --- a/thirdparty/mbedtls/include/mbedtls/aesni.h +++ b/thirdparty/mbedtls/include/mbedtls/aesni.h @@ -36,13 +36,49 @@ #define MBEDTLS_AESNI_AES 0x02000000u #define MBEDTLS_AESNI_CLMUL 0x00000002u -#if defined(MBEDTLS_HAVE_ASM) && defined(__GNUC__) && \ - ( defined(__amd64__) || defined(__x86_64__) ) && \ - ! defined(MBEDTLS_HAVE_X86_64) +/* Can we do AESNI with inline assembly? + * (Only implemented with gas syntax, only for 64-bit.) + */ +#if defined(MBEDTLS_HAVE_ASM) && defined(__GNUC__) && \ + (defined(__amd64__) || defined(__x86_64__)) && \ + !defined(MBEDTLS_HAVE_X86_64) #define MBEDTLS_HAVE_X86_64 #endif +#if defined(MBEDTLS_AESNI_C) + +/* Can we do AESNI with intrinsics? + * (Only implemented with certain compilers, only for certain targets.) + * + * NOTE: MBEDTLS_AESNI_HAVE_INTRINSICS and MBEDTLS_AESNI_HAVE_CODE are internal + * macros that may change in future releases. + */ +#undef MBEDTLS_AESNI_HAVE_INTRINSICS +#if defined(_MSC_VER) +/* Visual Studio supports AESNI intrinsics since VS 2008 SP1. We only support + * VS 2013 and up for other reasons anyway, so no need to check the version. */ +#define MBEDTLS_AESNI_HAVE_INTRINSICS +#endif +/* GCC-like compilers: currently, we only support intrinsics if the requisite + * target flag is enabled when building the library (e.g. `gcc -mpclmul -msse2` + * or `clang -maes -mpclmul`). */ +#if defined(__GNUC__) && defined(__AES__) && defined(__PCLMUL__) +#define MBEDTLS_AESNI_HAVE_INTRINSICS +#endif + +/* Choose the implementation of AESNI, if one is available. */ +#undef MBEDTLS_AESNI_HAVE_CODE +/* To minimize disruption when releasing the intrinsics-based implementation, + * favor the assembly-based implementation if it's available. We intend to + * revise this in a later release of Mbed TLS 3.x. In the long run, we will + * likely remove the assembly implementation. */ #if defined(MBEDTLS_HAVE_X86_64) +#define MBEDTLS_AESNI_HAVE_CODE 1 // via assembly +#elif defined(MBEDTLS_AESNI_HAVE_INTRINSICS) +#define MBEDTLS_AESNI_HAVE_CODE 2 // via intrinsics +#endif + +#if defined(MBEDTLS_AESNI_HAVE_CODE) #ifdef __cplusplus extern "C" { @@ -59,7 +95,7 @@ extern "C" { * * \return 1 if CPU has support for the feature, 0 otherwise */ -int mbedtls_aesni_has_support( unsigned int what ); +int mbedtls_aesni_has_support(unsigned int what); /** * \brief Internal AES-NI AES-ECB block encryption and decryption @@ -74,10 +110,10 @@ int mbedtls_aesni_has_support( unsigned int what ); * * \return 0 on success (cannot fail) */ -int mbedtls_aesni_crypt_ecb( mbedtls_aes_context *ctx, - int mode, - const unsigned char input[16], - unsigned char output[16] ); +int mbedtls_aesni_crypt_ecb(mbedtls_aes_context *ctx, + int mode, + const unsigned char input[16], + unsigned char output[16]); /** * \brief Internal GCM multiplication: c = a * b in GF(2^128) @@ -92,9 +128,9 @@ int mbedtls_aesni_crypt_ecb( mbedtls_aes_context *ctx, * \note Both operands and result are bit strings interpreted as * elements of GF(2^128) as per the GCM spec. */ -void mbedtls_aesni_gcm_mult( unsigned char c[16], - const unsigned char a[16], - const unsigned char b[16] ); +void mbedtls_aesni_gcm_mult(unsigned char c[16], + const unsigned char a[16], + const unsigned char b[16]); /** * \brief Internal round key inversion. This function computes @@ -107,9 +143,9 @@ void mbedtls_aesni_gcm_mult( unsigned char c[16], * \param fwdkey Original round keys (for encryption) * \param nr Number of rounds (that is, number of round keys minus one) */ -void mbedtls_aesni_inverse_key( unsigned char *invkey, - const unsigned char *fwdkey, - int nr ); +void mbedtls_aesni_inverse_key(unsigned char *invkey, + const unsigned char *fwdkey, + int nr); /** * \brief Internal key expansion for encryption @@ -123,14 +159,15 @@ void mbedtls_aesni_inverse_key( unsigned char *invkey, * * \return 0 if successful, or MBEDTLS_ERR_AES_INVALID_KEY_LENGTH */ -int mbedtls_aesni_setkey_enc( unsigned char *rk, - const unsigned char *key, - size_t bits ); +int mbedtls_aesni_setkey_enc(unsigned char *rk, + const unsigned char *key, + size_t bits); #ifdef __cplusplus } #endif -#endif /* MBEDTLS_HAVE_X86_64 */ +#endif /* MBEDTLS_AESNI_HAVE_CODE */ +#endif /* MBEDTLS_AESNI_C */ #endif /* MBEDTLS_AESNI_H */ diff --git a/thirdparty/mbedtls/include/mbedtls/arc4.h b/thirdparty/mbedtls/include/mbedtls/arc4.h index f4b0f9f350..d116dda4e9 100644 --- a/thirdparty/mbedtls/include/mbedtls/arc4.h +++ b/thirdparty/mbedtls/include/mbedtls/arc4.h @@ -53,8 +53,7 @@ extern "C" { * security risk. We recommend considering stronger ciphers instead. * */ -typedef struct mbedtls_arc4_context -{ +typedef struct mbedtls_arc4_context { int x; /*!< permutation index */ int y; /*!< permutation index */ unsigned char m[256]; /*!< permutation table */ @@ -75,7 +74,7 @@ mbedtls_arc4_context; * instead. * */ -void mbedtls_arc4_init( mbedtls_arc4_context *ctx ); +void mbedtls_arc4_init(mbedtls_arc4_context *ctx); /** * \brief Clear ARC4 context @@ -87,7 +86,7 @@ void mbedtls_arc4_init( mbedtls_arc4_context *ctx ); * instead. * */ -void mbedtls_arc4_free( mbedtls_arc4_context *ctx ); +void mbedtls_arc4_free(mbedtls_arc4_context *ctx); /** * \brief ARC4 key schedule @@ -101,8 +100,8 @@ void mbedtls_arc4_free( mbedtls_arc4_context *ctx ); * instead. * */ -void mbedtls_arc4_setup( mbedtls_arc4_context *ctx, const unsigned char *key, - unsigned int keylen ); +void mbedtls_arc4_setup(mbedtls_arc4_context *ctx, const unsigned char *key, + unsigned int keylen); /** * \brief ARC4 cipher function @@ -119,8 +118,8 @@ void mbedtls_arc4_setup( mbedtls_arc4_context *ctx, const unsigned char *key, * instead. * */ -int mbedtls_arc4_crypt( mbedtls_arc4_context *ctx, size_t length, const unsigned char *input, - unsigned char *output ); +int mbedtls_arc4_crypt(mbedtls_arc4_context *ctx, size_t length, const unsigned char *input, + unsigned char *output); #if defined(MBEDTLS_SELF_TEST) @@ -134,7 +133,7 @@ int mbedtls_arc4_crypt( mbedtls_arc4_context *ctx, size_t length, const unsigned * instead. * */ -int mbedtls_arc4_self_test( int verbose ); +int mbedtls_arc4_self_test(int verbose); #endif /* MBEDTLS_SELF_TEST */ diff --git a/thirdparty/mbedtls/include/mbedtls/aria.h b/thirdparty/mbedtls/include/mbedtls/aria.h index d294c47f2d..9856a1cae7 100644 --- a/thirdparty/mbedtls/include/mbedtls/aria.h +++ b/thirdparty/mbedtls/include/mbedtls/aria.h @@ -48,7 +48,7 @@ #define MBEDTLS_ARIA_MAX_KEYSIZE 32 /**< Maximum size of an ARIA key in bytes. */ #if !defined(MBEDTLS_DEPRECATED_REMOVED) -#define MBEDTLS_ERR_ARIA_INVALID_KEY_LENGTH MBEDTLS_DEPRECATED_NUMERIC_CONSTANT( -0x005C ) +#define MBEDTLS_ERR_ARIA_INVALID_KEY_LENGTH MBEDTLS_DEPRECATED_NUMERIC_CONSTANT(-0x005C) #endif /* !MBEDTLS_DEPRECATED_REMOVED */ /** Bad input data. */ #define MBEDTLS_ERR_ARIA_BAD_INPUT_DATA -0x005C @@ -76,8 +76,7 @@ extern "C" { /** * \brief The ARIA context-type definition. */ -typedef struct mbedtls_aria_context -{ +typedef struct mbedtls_aria_context { unsigned char nr; /*!< The number of rounds (12, 14 or 16) */ /*! The ARIA round keys. */ uint32_t rk[MBEDTLS_ARIA_MAX_ROUNDS + 1][MBEDTLS_ARIA_BLOCKSIZE / 4]; @@ -96,7 +95,7 @@ mbedtls_aria_context; * * \param ctx The ARIA context to initialize. This must not be \c NULL. */ -void mbedtls_aria_init( mbedtls_aria_context *ctx ); +void mbedtls_aria_init(mbedtls_aria_context *ctx); /** * \brief This function releases and clears the specified ARIA context. @@ -105,7 +104,7 @@ void mbedtls_aria_init( mbedtls_aria_context *ctx ); * case this function returns immediately. If it is not \c NULL, * it must point to an initialized ARIA context. */ -void mbedtls_aria_free( mbedtls_aria_context *ctx ); +void mbedtls_aria_free(mbedtls_aria_context *ctx); /** * \brief This function sets the encryption key. @@ -122,9 +121,9 @@ void mbedtls_aria_free( mbedtls_aria_context *ctx ); * \return \c 0 on success. * \return A negative error code on failure. */ -int mbedtls_aria_setkey_enc( mbedtls_aria_context *ctx, - const unsigned char *key, - unsigned int keybits ); +int mbedtls_aria_setkey_enc(mbedtls_aria_context *ctx, + const unsigned char *key, + unsigned int keybits); /** * \brief This function sets the decryption key. @@ -141,9 +140,9 @@ int mbedtls_aria_setkey_enc( mbedtls_aria_context *ctx, * \return \c 0 on success. * \return A negative error code on failure. */ -int mbedtls_aria_setkey_dec( mbedtls_aria_context *ctx, - const unsigned char *key, - unsigned int keybits ); +int mbedtls_aria_setkey_dec(mbedtls_aria_context *ctx, + const unsigned char *key, + unsigned int keybits); /** * \brief This function performs an ARIA single-block encryption or @@ -165,9 +164,9 @@ int mbedtls_aria_setkey_dec( mbedtls_aria_context *ctx, * \return \c 0 on success. * \return A negative error code on failure. */ -int mbedtls_aria_crypt_ecb( mbedtls_aria_context *ctx, - const unsigned char input[MBEDTLS_ARIA_BLOCKSIZE], - unsigned char output[MBEDTLS_ARIA_BLOCKSIZE] ); +int mbedtls_aria_crypt_ecb(mbedtls_aria_context *ctx, + const unsigned char input[MBEDTLS_ARIA_BLOCKSIZE], + unsigned char output[MBEDTLS_ARIA_BLOCKSIZE]); #if defined(MBEDTLS_CIPHER_MODE_CBC) /** @@ -211,12 +210,12 @@ int mbedtls_aria_crypt_ecb( mbedtls_aria_context *ctx, * \return \c 0 on success. * \return A negative error code on failure. */ -int mbedtls_aria_crypt_cbc( mbedtls_aria_context *ctx, - int mode, - size_t length, - unsigned char iv[MBEDTLS_ARIA_BLOCKSIZE], - const unsigned char *input, - unsigned char *output ); +int mbedtls_aria_crypt_cbc(mbedtls_aria_context *ctx, + int mode, + size_t length, + unsigned char iv[MBEDTLS_ARIA_BLOCKSIZE], + const unsigned char *input, + unsigned char *output); #endif /* MBEDTLS_CIPHER_MODE_CBC */ #if defined(MBEDTLS_CIPHER_MODE_CFB) @@ -261,13 +260,13 @@ int mbedtls_aria_crypt_cbc( mbedtls_aria_context *ctx, * \return \c 0 on success. * \return A negative error code on failure. */ -int mbedtls_aria_crypt_cfb128( mbedtls_aria_context *ctx, - int mode, - size_t length, - size_t *iv_off, - unsigned char iv[MBEDTLS_ARIA_BLOCKSIZE], - const unsigned char *input, - unsigned char *output ); +int mbedtls_aria_crypt_cfb128(mbedtls_aria_context *ctx, + int mode, + size_t length, + size_t *iv_off, + unsigned char iv[MBEDTLS_ARIA_BLOCKSIZE], + const unsigned char *input, + unsigned char *output); #endif /* MBEDTLS_CIPHER_MODE_CFB */ #if defined(MBEDTLS_CIPHER_MODE_CTR) @@ -348,13 +347,13 @@ int mbedtls_aria_crypt_cfb128( mbedtls_aria_context *ctx, * \return \c 0 on success. * \return A negative error code on failure. */ -int mbedtls_aria_crypt_ctr( mbedtls_aria_context *ctx, - size_t length, - size_t *nc_off, - unsigned char nonce_counter[MBEDTLS_ARIA_BLOCKSIZE], - unsigned char stream_block[MBEDTLS_ARIA_BLOCKSIZE], - const unsigned char *input, - unsigned char *output ); +int mbedtls_aria_crypt_ctr(mbedtls_aria_context *ctx, + size_t length, + size_t *nc_off, + unsigned char nonce_counter[MBEDTLS_ARIA_BLOCKSIZE], + unsigned char stream_block[MBEDTLS_ARIA_BLOCKSIZE], + const unsigned char *input, + unsigned char *output); #endif /* MBEDTLS_CIPHER_MODE_CTR */ #if defined(MBEDTLS_SELF_TEST) @@ -363,7 +362,7 @@ int mbedtls_aria_crypt_ctr( mbedtls_aria_context *ctx, * * \return \c 0 on success, or \c 1 on failure. */ -int mbedtls_aria_self_test( int verbose ); +int mbedtls_aria_self_test(int verbose); #endif /* MBEDTLS_SELF_TEST */ #ifdef __cplusplus diff --git a/thirdparty/mbedtls/include/mbedtls/asn1.h b/thirdparty/mbedtls/include/mbedtls/asn1.h index 5117fc7a41..540cdcc469 100644 --- a/thirdparty/mbedtls/include/mbedtls/asn1.h +++ b/thirdparty/mbedtls/include/mbedtls/asn1.h @@ -97,15 +97,15 @@ /* Slightly smaller way to check if tag is a string tag * compared to canonical implementation. */ -#define MBEDTLS_ASN1_IS_STRING_TAG( tag ) \ - ( ( tag ) < 32u && ( \ - ( ( 1u << ( tag ) ) & ( ( 1u << MBEDTLS_ASN1_BMP_STRING ) | \ - ( 1u << MBEDTLS_ASN1_UTF8_STRING ) | \ - ( 1u << MBEDTLS_ASN1_T61_STRING ) | \ - ( 1u << MBEDTLS_ASN1_IA5_STRING ) | \ - ( 1u << MBEDTLS_ASN1_UNIVERSAL_STRING ) | \ - ( 1u << MBEDTLS_ASN1_PRINTABLE_STRING ) | \ - ( 1u << MBEDTLS_ASN1_BIT_STRING ) ) ) != 0 ) ) +#define MBEDTLS_ASN1_IS_STRING_TAG(tag) \ + ((tag) < 32u && ( \ + ((1u << (tag)) & ((1u << MBEDTLS_ASN1_BMP_STRING) | \ + (1u << MBEDTLS_ASN1_UTF8_STRING) | \ + (1u << MBEDTLS_ASN1_T61_STRING) | \ + (1u << MBEDTLS_ASN1_IA5_STRING) | \ + (1u << MBEDTLS_ASN1_UNIVERSAL_STRING) | \ + (1u << MBEDTLS_ASN1_PRINTABLE_STRING) | \ + (1u << MBEDTLS_ASN1_BIT_STRING))) != 0)) /* * Bit masks for each of the components of an ASN.1 tag as specified in @@ -133,12 +133,12 @@ * 'unsigned char *oid' here! */ #define MBEDTLS_OID_CMP(oid_str, oid_buf) \ - ( ( MBEDTLS_OID_SIZE(oid_str) != (oid_buf)->len ) || \ - memcmp( (oid_str), (oid_buf)->p, (oid_buf)->len) != 0 ) + ((MBEDTLS_OID_SIZE(oid_str) != (oid_buf)->len) || \ + memcmp((oid_str), (oid_buf)->p, (oid_buf)->len) != 0) #define MBEDTLS_OID_CMP_RAW(oid_str, oid_buf, oid_buf_len) \ - ( ( MBEDTLS_OID_SIZE(oid_str) != (oid_buf_len) ) || \ - memcmp( (oid_str), (oid_buf), (oid_buf_len) ) != 0 ) + ((MBEDTLS_OID_SIZE(oid_str) != (oid_buf_len)) || \ + memcmp((oid_str), (oid_buf), (oid_buf_len)) != 0) #ifdef __cplusplus extern "C" { @@ -152,8 +152,7 @@ extern "C" { /** * Type-length-value structure that allows for ASN1 using DER. */ -typedef struct mbedtls_asn1_buf -{ +typedef struct mbedtls_asn1_buf { int tag; /**< ASN1 type, e.g. MBEDTLS_ASN1_UTF8_STRING. */ size_t len; /**< ASN1 length, in octets. */ unsigned char *p; /**< ASN1 data, e.g. in ASCII. */ @@ -163,8 +162,7 @@ mbedtls_asn1_buf; /** * Container for ASN1 bit strings. */ -typedef struct mbedtls_asn1_bitstring -{ +typedef struct mbedtls_asn1_bitstring { size_t len; /**< ASN1 length, in octets. */ unsigned char unused_bits; /**< Number of unused bits at the end of the string */ unsigned char *p; /**< Raw ASN1 data for the bit string */ @@ -174,8 +172,7 @@ mbedtls_asn1_bitstring; /** * Container for a sequence of ASN.1 items */ -typedef struct mbedtls_asn1_sequence -{ +typedef struct mbedtls_asn1_sequence { mbedtls_asn1_buf buf; /**< Buffer containing the given ASN.1 item. */ struct mbedtls_asn1_sequence *next; /**< The next entry in the sequence. */ } @@ -184,8 +181,7 @@ mbedtls_asn1_sequence; /** * Container for a sequence or list of 'named' ASN.1 data items */ -typedef struct mbedtls_asn1_named_data -{ +typedef struct mbedtls_asn1_named_data { mbedtls_asn1_buf oid; /**< The object identifier. */ mbedtls_asn1_buf val; /**< The named value. */ struct mbedtls_asn1_named_data *next; /**< The next entry in the sequence. */ @@ -211,9 +207,9 @@ mbedtls_asn1_named_data; * would end beyond \p end. * \return #MBEDTLS_ERR_ASN1_INVALID_LENGTH if the length is unparsable. */ -int mbedtls_asn1_get_len( unsigned char **p, - const unsigned char *end, - size_t *len ); +int mbedtls_asn1_get_len(unsigned char **p, + const unsigned char *end, + size_t *len); /** * \brief Get the tag and length of the element. @@ -236,9 +232,9 @@ int mbedtls_asn1_get_len( unsigned char **p, * would end beyond \p end. * \return #MBEDTLS_ERR_ASN1_INVALID_LENGTH if the length is unparsable. */ -int mbedtls_asn1_get_tag( unsigned char **p, - const unsigned char *end, - size_t *len, int tag ); +int mbedtls_asn1_get_tag(unsigned char **p, + const unsigned char *end, + size_t *len, int tag); /** * \brief Retrieve a boolean ASN.1 tag and its value. @@ -255,9 +251,9 @@ int mbedtls_asn1_get_tag( unsigned char **p, * \return An ASN.1 error code if the input does not start with * a valid ASN.1 BOOLEAN. */ -int mbedtls_asn1_get_bool( unsigned char **p, - const unsigned char *end, - int *val ); +int mbedtls_asn1_get_bool(unsigned char **p, + const unsigned char *end, + int *val); /** * \brief Retrieve an integer ASN.1 tag and its value. @@ -276,9 +272,9 @@ int mbedtls_asn1_get_bool( unsigned char **p, * \return #MBEDTLS_ERR_ASN1_INVALID_LENGTH if the parsed value does * not fit in an \c int. */ -int mbedtls_asn1_get_int( unsigned char **p, - const unsigned char *end, - int *val ); +int mbedtls_asn1_get_int(unsigned char **p, + const unsigned char *end, + int *val); /** * \brief Retrieve an enumerated ASN.1 tag and its value. @@ -297,9 +293,9 @@ int mbedtls_asn1_get_int( unsigned char **p, * \return #MBEDTLS_ERR_ASN1_INVALID_LENGTH if the parsed value does * not fit in an \c int. */ -int mbedtls_asn1_get_enum( unsigned char **p, - const unsigned char *end, - int *val ); +int mbedtls_asn1_get_enum(unsigned char **p, + const unsigned char *end, + int *val); /** * \brief Retrieve a bitstring ASN.1 tag and its value. @@ -318,8 +314,8 @@ int mbedtls_asn1_get_enum( unsigned char **p, * \return An ASN.1 error code if the input does not start with * a valid ASN.1 BIT STRING. */ -int mbedtls_asn1_get_bitstring( unsigned char **p, const unsigned char *end, - mbedtls_asn1_bitstring *bs ); +int mbedtls_asn1_get_bitstring(unsigned char **p, const unsigned char *end, + mbedtls_asn1_bitstring *bs); /** * \brief Retrieve a bitstring ASN.1 tag without unused bits and its @@ -339,9 +335,9 @@ int mbedtls_asn1_get_bitstring( unsigned char **p, const unsigned char *end, * \return An ASN.1 error code if the input does not start with * a valid ASN.1 BIT STRING. */ -int mbedtls_asn1_get_bitstring_null( unsigned char **p, - const unsigned char *end, - size_t *len ); +int mbedtls_asn1_get_bitstring_null(unsigned char **p, + const unsigned char *end, + size_t *len); /** * \brief Parses and splits an ASN.1 "SEQUENCE OF ". @@ -390,10 +386,10 @@ int mbedtls_asn1_get_bitstring_null( unsigned char **p, * \return An ASN.1 error code if the input does not start with * a valid ASN.1 SEQUENCE. */ -int mbedtls_asn1_get_sequence_of( unsigned char **p, - const unsigned char *end, - mbedtls_asn1_sequence *cur, - int tag ); +int mbedtls_asn1_get_sequence_of(unsigned char **p, + const unsigned char *end, + mbedtls_asn1_sequence *cur, + int tag); /** * \brief Free a heap-allocated linked list presentation of * an ASN.1 sequence, including the first element. @@ -415,7 +411,7 @@ int mbedtls_asn1_get_sequence_of( unsigned char **p, * be \c NULL, in which case this functions returns * immediately. */ -void mbedtls_asn1_sequence_free( mbedtls_asn1_sequence *seq ); +void mbedtls_asn1_sequence_free(mbedtls_asn1_sequence *seq); /** * \brief Traverse an ASN.1 SEQUENCE container and @@ -507,9 +503,9 @@ int mbedtls_asn1_traverse_sequence_of( const unsigned char *end, unsigned char tag_must_mask, unsigned char tag_must_val, unsigned char tag_may_mask, unsigned char tag_may_val, - int (*cb)( void *ctx, int tag, - unsigned char* start, size_t len ), - void *ctx ); + int (*cb)(void *ctx, int tag, + unsigned char *start, size_t len), + void *ctx); #if defined(MBEDTLS_BIGNUM_C) /** @@ -530,9 +526,9 @@ int mbedtls_asn1_traverse_sequence_of( * not fit in an \c int. * \return An MPI error code if the parsed value is too large. */ -int mbedtls_asn1_get_mpi( unsigned char **p, - const unsigned char *end, - mbedtls_mpi *X ); +int mbedtls_asn1_get_mpi(unsigned char **p, + const unsigned char *end, + mbedtls_mpi *X); #endif /* MBEDTLS_BIGNUM_C */ /** @@ -551,9 +547,9 @@ int mbedtls_asn1_get_mpi( unsigned char **p, * * \return 0 if successful or a specific ASN.1 or MPI error code. */ -int mbedtls_asn1_get_alg( unsigned char **p, - const unsigned char *end, - mbedtls_asn1_buf *alg, mbedtls_asn1_buf *params ); +int mbedtls_asn1_get_alg(unsigned char **p, + const unsigned char *end, + mbedtls_asn1_buf *alg, mbedtls_asn1_buf *params); /** * \brief Retrieve an AlgorithmIdentifier ASN.1 sequence with NULL or no @@ -570,9 +566,9 @@ int mbedtls_asn1_get_alg( unsigned char **p, * * \return 0 if successful or a specific ASN.1 or MPI error code. */ -int mbedtls_asn1_get_alg_null( unsigned char **p, - const unsigned char *end, - mbedtls_asn1_buf *alg ); +int mbedtls_asn1_get_alg_null(unsigned char **p, + const unsigned char *end, + mbedtls_asn1_buf *alg); /** * \brief Find a specific named_data entry in a sequence or list based on @@ -584,8 +580,8 @@ int mbedtls_asn1_get_alg_null( unsigned char **p, * * \return NULL if not found, or a pointer to the existing entry. */ -mbedtls_asn1_named_data *mbedtls_asn1_find_named_data( mbedtls_asn1_named_data *list, - const char *oid, size_t len ); +mbedtls_asn1_named_data *mbedtls_asn1_find_named_data(mbedtls_asn1_named_data *list, + const char *oid, size_t len); /** * \brief Free a mbedtls_asn1_named_data entry @@ -594,7 +590,7 @@ mbedtls_asn1_named_data *mbedtls_asn1_find_named_data( mbedtls_asn1_named_data * * This function calls mbedtls_free() on * `entry->oid.p` and `entry->val.p`. */ -void mbedtls_asn1_free_named_data( mbedtls_asn1_named_data *entry ); +void mbedtls_asn1_free_named_data(mbedtls_asn1_named_data *entry); /** * \brief Free all entries in a mbedtls_asn1_named_data list. @@ -604,7 +600,7 @@ void mbedtls_asn1_free_named_data( mbedtls_asn1_named_data *entry ); * mbedtls_free() on each list element and * sets \c *head to \c NULL. */ -void mbedtls_asn1_free_named_data_list( mbedtls_asn1_named_data **head ); +void mbedtls_asn1_free_named_data_list(mbedtls_asn1_named_data **head); /** \} name Functions to parse ASN.1 data structures */ /** \} addtogroup asn1_module */ diff --git a/thirdparty/mbedtls/include/mbedtls/asn1write.h b/thirdparty/mbedtls/include/mbedtls/asn1write.h index 5da7654bb4..a439268b0e 100644 --- a/thirdparty/mbedtls/include/mbedtls/asn1write.h +++ b/thirdparty/mbedtls/include/mbedtls/asn1write.h @@ -33,11 +33,11 @@ #define MBEDTLS_ASN1_CHK_ADD(g, f) \ do \ { \ - if( ( ret = (f) ) < 0 ) \ - return( ret ); \ + if ((ret = (f)) < 0) \ + return ret; \ else \ - (g) += ret; \ - } while( 0 ) + (g) += ret; \ + } while (0) #ifdef __cplusplus extern "C" { @@ -55,8 +55,8 @@ extern "C" { * \return The number of bytes written to \p p on success. * \return A negative \c MBEDTLS_ERR_ASN1_XXX error code on failure. */ -int mbedtls_asn1_write_len( unsigned char **p, unsigned char *start, - size_t len ); +int mbedtls_asn1_write_len(unsigned char **p, unsigned char *start, + size_t len); /** * \brief Write an ASN.1 tag in ASN.1 format. * @@ -69,8 +69,8 @@ int mbedtls_asn1_write_len( unsigned char **p, unsigned char *start, * \return The number of bytes written to \p p on success. * \return A negative \c MBEDTLS_ERR_ASN1_XXX error code on failure. */ -int mbedtls_asn1_write_tag( unsigned char **p, unsigned char *start, - unsigned char tag ); +int mbedtls_asn1_write_tag(unsigned char **p, unsigned char *start, + unsigned char tag); /** * \brief Write raw buffer data. @@ -85,8 +85,8 @@ int mbedtls_asn1_write_tag( unsigned char **p, unsigned char *start, * \return The number of bytes written to \p p on success. * \return A negative \c MBEDTLS_ERR_ASN1_XXX error code on failure. */ -int mbedtls_asn1_write_raw_buffer( unsigned char **p, unsigned char *start, - const unsigned char *buf, size_t size ); +int mbedtls_asn1_write_raw_buffer(unsigned char **p, unsigned char *start, + const unsigned char *buf, size_t size); #if defined(MBEDTLS_BIGNUM_C) /** @@ -103,8 +103,8 @@ int mbedtls_asn1_write_raw_buffer( unsigned char **p, unsigned char *start, * \return The number of bytes written to \p p on success. * \return A negative \c MBEDTLS_ERR_ASN1_XXX error code on failure. */ -int mbedtls_asn1_write_mpi( unsigned char **p, unsigned char *start, - const mbedtls_mpi *X ); +int mbedtls_asn1_write_mpi(unsigned char **p, unsigned char *start, + const mbedtls_mpi *X); #endif /* MBEDTLS_BIGNUM_C */ /** @@ -119,7 +119,7 @@ int mbedtls_asn1_write_mpi( unsigned char **p, unsigned char *start, * \return The number of bytes written to \p p on success. * \return A negative \c MBEDTLS_ERR_ASN1_XXX error code on failure. */ -int mbedtls_asn1_write_null( unsigned char **p, unsigned char *start ); +int mbedtls_asn1_write_null(unsigned char **p, unsigned char *start); /** * \brief Write an OID tag (#MBEDTLS_ASN1_OID) and data @@ -135,8 +135,8 @@ int mbedtls_asn1_write_null( unsigned char **p, unsigned char *start ); * \return The number of bytes written to \p p on success. * \return A negative \c MBEDTLS_ERR_ASN1_XXX error code on failure. */ -int mbedtls_asn1_write_oid( unsigned char **p, unsigned char *start, - const char *oid, size_t oid_len ); +int mbedtls_asn1_write_oid(unsigned char **p, unsigned char *start, + const char *oid, size_t oid_len); /** * \brief Write an AlgorithmIdentifier sequence in ASN.1 format. @@ -153,10 +153,10 @@ int mbedtls_asn1_write_oid( unsigned char **p, unsigned char *start, * \return The number of bytes written to \p p on success. * \return A negative \c MBEDTLS_ERR_ASN1_XXX error code on failure. */ -int mbedtls_asn1_write_algorithm_identifier( unsigned char **p, - unsigned char *start, - const char *oid, size_t oid_len, - size_t par_len ); +int mbedtls_asn1_write_algorithm_identifier(unsigned char **p, + unsigned char *start, + const char *oid, size_t oid_len, + size_t par_len); /** * \brief Write a boolean tag (#MBEDTLS_ASN1_BOOLEAN) and value @@ -171,8 +171,8 @@ int mbedtls_asn1_write_algorithm_identifier( unsigned char **p, * \return The number of bytes written to \p p on success. * \return A negative \c MBEDTLS_ERR_ASN1_XXX error code on failure. */ -int mbedtls_asn1_write_bool( unsigned char **p, unsigned char *start, - int boolean ); +int mbedtls_asn1_write_bool(unsigned char **p, unsigned char *start, + int boolean); /** * \brief Write an int tag (#MBEDTLS_ASN1_INTEGER) and value @@ -188,7 +188,7 @@ int mbedtls_asn1_write_bool( unsigned char **p, unsigned char *start, * \return The number of bytes written to \p p on success. * \return A negative \c MBEDTLS_ERR_ASN1_XXX error code on failure. */ -int mbedtls_asn1_write_int( unsigned char **p, unsigned char *start, int val ); +int mbedtls_asn1_write_int(unsigned char **p, unsigned char *start, int val); /** * \brief Write an enum tag (#MBEDTLS_ASN1_ENUMERATED) and value @@ -203,7 +203,7 @@ int mbedtls_asn1_write_int( unsigned char **p, unsigned char *start, int val ); * \return The number of bytes written to \p p on success. * \return A negative \c MBEDTLS_ERR_ASN1_XXX error code on failure. */ -int mbedtls_asn1_write_enum( unsigned char **p, unsigned char *start, int val ); +int mbedtls_asn1_write_enum(unsigned char **p, unsigned char *start, int val); /** * \brief Write a string in ASN.1 format using a specific @@ -222,9 +222,9 @@ int mbedtls_asn1_write_enum( unsigned char **p, unsigned char *start, int val ); * \return The number of bytes written to \p p on success. * \return A negative error code on failure. */ -int mbedtls_asn1_write_tagged_string( unsigned char **p, unsigned char *start, - int tag, const char *text, - size_t text_len ); +int mbedtls_asn1_write_tagged_string(unsigned char **p, unsigned char *start, + int tag, const char *text, + size_t text_len); /** * \brief Write a string in ASN.1 format using the PrintableString @@ -241,9 +241,9 @@ int mbedtls_asn1_write_tagged_string( unsigned char **p, unsigned char *start, * \return The number of bytes written to \p p on success. * \return A negative error code on failure. */ -int mbedtls_asn1_write_printable_string( unsigned char **p, - unsigned char *start, - const char *text, size_t text_len ); +int mbedtls_asn1_write_printable_string(unsigned char **p, + unsigned char *start, + const char *text, size_t text_len); /** * \brief Write a UTF8 string in ASN.1 format using the UTF8String @@ -260,8 +260,8 @@ int mbedtls_asn1_write_printable_string( unsigned char **p, * \return The number of bytes written to \p p on success. * \return A negative error code on failure. */ -int mbedtls_asn1_write_utf8_string( unsigned char **p, unsigned char *start, - const char *text, size_t text_len ); +int mbedtls_asn1_write_utf8_string(unsigned char **p, unsigned char *start, + const char *text, size_t text_len); /** * \brief Write a string in ASN.1 format using the IA5String @@ -278,8 +278,8 @@ int mbedtls_asn1_write_utf8_string( unsigned char **p, unsigned char *start, * \return The number of bytes written to \p p on success. * \return A negative error code on failure. */ -int mbedtls_asn1_write_ia5_string( unsigned char **p, unsigned char *start, - const char *text, size_t text_len ); +int mbedtls_asn1_write_ia5_string(unsigned char **p, unsigned char *start, + const char *text, size_t text_len); /** * \brief Write a bitstring tag (#MBEDTLS_ASN1_BIT_STRING) and @@ -295,8 +295,8 @@ int mbedtls_asn1_write_ia5_string( unsigned char **p, unsigned char *start, * \return The number of bytes written to \p p on success. * \return A negative error code on failure. */ -int mbedtls_asn1_write_bitstring( unsigned char **p, unsigned char *start, - const unsigned char *buf, size_t bits ); +int mbedtls_asn1_write_bitstring(unsigned char **p, unsigned char *start, + const unsigned char *buf, size_t bits); /** * \brief This function writes a named bitstring tag @@ -315,10 +315,10 @@ int mbedtls_asn1_write_bitstring( unsigned char **p, unsigned char *start, * \return The number of bytes written to \p p on success. * \return A negative error code on failure. */ -int mbedtls_asn1_write_named_bitstring( unsigned char **p, - unsigned char *start, - const unsigned char *buf, - size_t bits ); +int mbedtls_asn1_write_named_bitstring(unsigned char **p, + unsigned char *start, + const unsigned char *buf, + size_t bits); /** * \brief Write an octet string tag (#MBEDTLS_ASN1_OCTET_STRING) @@ -334,8 +334,8 @@ int mbedtls_asn1_write_named_bitstring( unsigned char **p, * \return The number of bytes written to \p p on success. * \return A negative error code on failure. */ -int mbedtls_asn1_write_octet_string( unsigned char **p, unsigned char *start, - const unsigned char *buf, size_t size ); +int mbedtls_asn1_write_octet_string(unsigned char **p, unsigned char *start, + const unsigned char *buf, size_t size); /** * \brief Create or find a specific named_data entry for writing in a @@ -358,10 +358,10 @@ int mbedtls_asn1_write_octet_string( unsigned char **p, unsigned char *start, * \return A pointer to the new / existing entry on success. * \return \c NULL if if there was a memory allocation error. */ -mbedtls_asn1_named_data *mbedtls_asn1_store_named_data( mbedtls_asn1_named_data **list, - const char *oid, size_t oid_len, - const unsigned char *val, - size_t val_len ); +mbedtls_asn1_named_data *mbedtls_asn1_store_named_data(mbedtls_asn1_named_data **list, + const char *oid, size_t oid_len, + const unsigned char *val, + size_t val_len); #ifdef __cplusplus } diff --git a/thirdparty/mbedtls/include/mbedtls/base64.h b/thirdparty/mbedtls/include/mbedtls/base64.h index cf4149e731..ec9c408f52 100644 --- a/thirdparty/mbedtls/include/mbedtls/base64.h +++ b/thirdparty/mbedtls/include/mbedtls/base64.h @@ -58,8 +58,8 @@ extern "C" { * \note Call this function with dlen = 0 to obtain the * required buffer size in *olen */ -int mbedtls_base64_encode( unsigned char *dst, size_t dlen, size_t *olen, - const unsigned char *src, size_t slen ); +int mbedtls_base64_encode(unsigned char *dst, size_t dlen, size_t *olen, + const unsigned char *src, size_t slen); /** * \brief Decode a base64-formatted buffer @@ -78,8 +78,8 @@ int mbedtls_base64_encode( unsigned char *dst, size_t dlen, size_t *olen, * \note Call this function with *dst = NULL or dlen = 0 to obtain * the required buffer size in *olen */ -int mbedtls_base64_decode( unsigned char *dst, size_t dlen, size_t *olen, - const unsigned char *src, size_t slen ); +int mbedtls_base64_decode(unsigned char *dst, size_t dlen, size_t *olen, + const unsigned char *src, size_t slen); #if defined(MBEDTLS_SELF_TEST) /** @@ -87,7 +87,7 @@ int mbedtls_base64_decode( unsigned char *dst, size_t dlen, size_t *olen, * * \return 0 if successful, or 1 if the test failed */ -int mbedtls_base64_self_test( int verbose ); +int mbedtls_base64_self_test(int verbose); #endif /* MBEDTLS_SELF_TEST */ diff --git a/thirdparty/mbedtls/include/mbedtls/bignum.h b/thirdparty/mbedtls/include/mbedtls/bignum.h index c61db82c6d..788ea21a8d 100644 --- a/thirdparty/mbedtls/include/mbedtls/bignum.h +++ b/thirdparty/mbedtls/include/mbedtls/bignum.h @@ -55,9 +55,9 @@ #define MBEDTLS_MPI_CHK(f) \ do \ { \ - if( ( ret = (f) ) != 0 ) \ - goto cleanup; \ - } while( 0 ) + if ((ret = (f)) != 0) \ + goto cleanup; \ + } while (0) /* * Maximum size MPIs are allowed to grow to in number of limbs. @@ -66,7 +66,7 @@ #if !defined(MBEDTLS_MPI_WINDOW_SIZE) /* - * Maximum window size used for modular exponentiation. Default: 6 + * Maximum window size used for modular exponentiation. Default: 2 * Minimum value: 1. Maximum value: 6. * * Result is an array of ( 2 ** MBEDTLS_MPI_WINDOW_SIZE ) MPIs used @@ -74,7 +74,7 @@ * * Reduction in size, reduces speed. */ -#define MBEDTLS_MPI_WINDOW_SIZE 6 /**< Maximum window size used. */ +#define MBEDTLS_MPI_WINDOW_SIZE 2 /**< Maximum window size used. */ #endif /* !MBEDTLS_MPI_WINDOW_SIZE */ #if !defined(MBEDTLS_MPI_MAX_SIZE) @@ -88,7 +88,7 @@ #define MBEDTLS_MPI_MAX_SIZE 1024 /**< Maximum number of bytes for usable MPIs. */ #endif /* !MBEDTLS_MPI_MAX_SIZE */ -#define MBEDTLS_MPI_MAX_BITS ( 8 * MBEDTLS_MPI_MAX_SIZE ) /**< Maximum number of bits for usable MPIs. */ +#define MBEDTLS_MPI_MAX_BITS (8 * MBEDTLS_MPI_MAX_SIZE) /**< Maximum number of bits for usable MPIs. */ /* * When reading from files with mbedtls_mpi_read_file() and writing to files with @@ -108,9 +108,11 @@ * MBEDTLS_MPI_RW_BUFFER_SIZE = ceil(MBEDTLS_MPI_MAX_BITS / ln(10) * ln(2)) + * LabelSize + 6 */ -#define MBEDTLS_MPI_MAX_BITS_SCALE100 ( 100 * MBEDTLS_MPI_MAX_BITS ) +#define MBEDTLS_MPI_MAX_BITS_SCALE100 (100 * MBEDTLS_MPI_MAX_BITS) #define MBEDTLS_LN_2_DIV_LN_10_SCALE100 332 -#define MBEDTLS_MPI_RW_BUFFER_SIZE ( ((MBEDTLS_MPI_MAX_BITS_SCALE100 + MBEDTLS_LN_2_DIV_LN_10_SCALE100 - 1) / MBEDTLS_LN_2_DIV_LN_10_SCALE100) + 10 + 6 ) +#define MBEDTLS_MPI_RW_BUFFER_SIZE (((MBEDTLS_MPI_MAX_BITS_SCALE100 + \ + MBEDTLS_LN_2_DIV_LN_10_SCALE100 - 1) / \ + MBEDTLS_LN_2_DIV_LN_10_SCALE100) + 10 + 6) /* * Define the base integer type, architecture-wise. @@ -124,60 +126,60 @@ */ #if !defined(MBEDTLS_HAVE_INT32) #if defined(_MSC_VER) && defined(_M_AMD64) - /* Always choose 64-bit when using MSC */ +/* Always choose 64-bit when using MSC */ #if !defined(MBEDTLS_HAVE_INT64) #define MBEDTLS_HAVE_INT64 #endif /* !MBEDTLS_HAVE_INT64 */ - typedef int64_t mbedtls_mpi_sint; - typedef uint64_t mbedtls_mpi_uint; +typedef int64_t mbedtls_mpi_sint; +typedef uint64_t mbedtls_mpi_uint; #elif defined(__GNUC__) && ( \ - defined(__amd64__) || defined(__x86_64__) || \ - defined(__ppc64__) || defined(__powerpc64__) || \ - defined(__ia64__) || defined(__alpha__) || \ - ( defined(__sparc__) && defined(__arch64__) ) || \ - defined(__s390x__) || defined(__mips64) || \ - defined(__aarch64__) ) + defined(__amd64__) || defined(__x86_64__) || \ + defined(__ppc64__) || defined(__powerpc64__) || \ + defined(__ia64__) || defined(__alpha__) || \ + (defined(__sparc__) && defined(__arch64__)) || \ + defined(__s390x__) || defined(__mips64) || \ + defined(__aarch64__)) #if !defined(MBEDTLS_HAVE_INT64) #define MBEDTLS_HAVE_INT64 #endif /* MBEDTLS_HAVE_INT64 */ - typedef int64_t mbedtls_mpi_sint; - typedef uint64_t mbedtls_mpi_uint; +typedef int64_t mbedtls_mpi_sint; +typedef uint64_t mbedtls_mpi_uint; #if !defined(MBEDTLS_NO_UDBL_DIVISION) - /* mbedtls_t_udbl defined as 128-bit unsigned int */ - typedef unsigned int mbedtls_t_udbl __attribute__((mode(TI))); +/* mbedtls_t_udbl defined as 128-bit unsigned int */ +typedef unsigned int mbedtls_t_udbl __attribute__((mode(TI))); #define MBEDTLS_HAVE_UDBL #endif /* !MBEDTLS_NO_UDBL_DIVISION */ #elif defined(__ARMCC_VERSION) && defined(__aarch64__) - /* - * __ARMCC_VERSION is defined for both armcc and armclang and - * __aarch64__ is only defined by armclang when compiling 64-bit code - */ +/* + * __ARMCC_VERSION is defined for both armcc and armclang and + * __aarch64__ is only defined by armclang when compiling 64-bit code + */ #if !defined(MBEDTLS_HAVE_INT64) #define MBEDTLS_HAVE_INT64 #endif /* !MBEDTLS_HAVE_INT64 */ - typedef int64_t mbedtls_mpi_sint; - typedef uint64_t mbedtls_mpi_uint; +typedef int64_t mbedtls_mpi_sint; +typedef uint64_t mbedtls_mpi_uint; #if !defined(MBEDTLS_NO_UDBL_DIVISION) - /* mbedtls_t_udbl defined as 128-bit unsigned int */ - typedef __uint128_t mbedtls_t_udbl; +/* mbedtls_t_udbl defined as 128-bit unsigned int */ +typedef __uint128_t mbedtls_t_udbl; #define MBEDTLS_HAVE_UDBL #endif /* !MBEDTLS_NO_UDBL_DIVISION */ #elif defined(MBEDTLS_HAVE_INT64) - /* Force 64-bit integers with unknown compiler */ - typedef int64_t mbedtls_mpi_sint; - typedef uint64_t mbedtls_mpi_uint; +/* Force 64-bit integers with unknown compiler */ +typedef int64_t mbedtls_mpi_sint; +typedef uint64_t mbedtls_mpi_uint; #endif #endif /* !MBEDTLS_HAVE_INT32 */ #if !defined(MBEDTLS_HAVE_INT64) - /* Default to 32-bit compilation */ +/* Default to 32-bit compilation */ #if !defined(MBEDTLS_HAVE_INT32) #define MBEDTLS_HAVE_INT32 #endif /* !MBEDTLS_HAVE_INT32 */ - typedef int32_t mbedtls_mpi_sint; - typedef uint32_t mbedtls_mpi_uint; +typedef int32_t mbedtls_mpi_sint; +typedef uint32_t mbedtls_mpi_uint; #if !defined(MBEDTLS_NO_UDBL_DIVISION) - typedef uint64_t mbedtls_t_udbl; +typedef uint64_t mbedtls_t_udbl; #define MBEDTLS_HAVE_UDBL #endif /* !MBEDTLS_NO_UDBL_DIVISION */ #endif /* !MBEDTLS_HAVE_INT64 */ @@ -203,8 +205,7 @@ extern "C" { /** * \brief MPI structure */ -typedef struct mbedtls_mpi -{ +typedef struct mbedtls_mpi { /** Sign: -1 if the mpi is negative, 1 otherwise. * * The number 0 must be represented with `s = +1`. Although many library @@ -237,7 +238,7 @@ mbedtls_mpi; * * \param X The MPI context to initialize. This must not be \c NULL. */ -void mbedtls_mpi_init( mbedtls_mpi *X ); +void mbedtls_mpi_init(mbedtls_mpi *X); /** * \brief This function frees the components of an MPI context. @@ -246,7 +247,7 @@ void mbedtls_mpi_init( mbedtls_mpi *X ); * in which case this function is a no-op. If it is * not \c NULL, it must point to an initialized MPI. */ -void mbedtls_mpi_free( mbedtls_mpi *X ); +void mbedtls_mpi_free(mbedtls_mpi *X); /** * \brief Enlarge an MPI to the specified number of limbs. @@ -261,7 +262,7 @@ void mbedtls_mpi_free( mbedtls_mpi *X ); * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed. * \return Another negative error code on other kinds of failure. */ -int mbedtls_mpi_grow( mbedtls_mpi *X, size_t nblimbs ); +int mbedtls_mpi_grow(mbedtls_mpi *X, size_t nblimbs); /** * \brief This function resizes an MPI downwards, keeping at least the @@ -278,7 +279,7 @@ int mbedtls_mpi_grow( mbedtls_mpi *X, size_t nblimbs ); * (this can only happen when resizing up). * \return Another negative error code on other kinds of failure. */ -int mbedtls_mpi_shrink( mbedtls_mpi *X, size_t nblimbs ); +int mbedtls_mpi_shrink(mbedtls_mpi *X, size_t nblimbs); /** * \brief Make a copy of an MPI. @@ -293,7 +294,7 @@ int mbedtls_mpi_shrink( mbedtls_mpi *X, size_t nblimbs ); * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed. * \return Another negative error code on other kinds of failure. */ -int mbedtls_mpi_copy( mbedtls_mpi *X, const mbedtls_mpi *Y ); +int mbedtls_mpi_copy(mbedtls_mpi *X, const mbedtls_mpi *Y); /** * \brief Swap the contents of two MPIs. @@ -301,7 +302,7 @@ int mbedtls_mpi_copy( mbedtls_mpi *X, const mbedtls_mpi *Y ); * \param X The first MPI. It must be initialized. * \param Y The second MPI. It must be initialized. */ -void mbedtls_mpi_swap( mbedtls_mpi *X, mbedtls_mpi *Y ); +void mbedtls_mpi_swap(mbedtls_mpi *X, mbedtls_mpi *Y); /** * \brief Perform a safe conditional copy of MPI which doesn't @@ -331,7 +332,7 @@ void mbedtls_mpi_swap( mbedtls_mpi *X, mbedtls_mpi *Y ); * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed. * \return Another negative error code on other kinds of failure. */ -int mbedtls_mpi_safe_cond_assign( mbedtls_mpi *X, const mbedtls_mpi *Y, unsigned char assign ); +int mbedtls_mpi_safe_cond_assign(mbedtls_mpi *X, const mbedtls_mpi *Y, unsigned char assign); /** * \brief Perform a safe conditional swap which doesn't @@ -360,7 +361,7 @@ int mbedtls_mpi_safe_cond_assign( mbedtls_mpi *X, const mbedtls_mpi *Y, unsigned * \return Another negative error code on other kinds of failure. * */ -int mbedtls_mpi_safe_cond_swap( mbedtls_mpi *X, mbedtls_mpi *Y, unsigned char swap ); +int mbedtls_mpi_safe_cond_swap(mbedtls_mpi *X, mbedtls_mpi *Y, unsigned char swap); /** * \brief Store integer value in MPI. @@ -372,7 +373,7 @@ int mbedtls_mpi_safe_cond_swap( mbedtls_mpi *X, mbedtls_mpi *Y, unsigned char sw * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed. * \return Another negative error code on other kinds of failure. */ -int mbedtls_mpi_lset( mbedtls_mpi *X, mbedtls_mpi_sint z ); +int mbedtls_mpi_lset(mbedtls_mpi *X, mbedtls_mpi_sint z); /** * \brief Get a specific bit from an MPI. @@ -384,7 +385,7 @@ int mbedtls_mpi_lset( mbedtls_mpi *X, mbedtls_mpi_sint z ); * of \c X is unset or set. * \return A negative error code on failure. */ -int mbedtls_mpi_get_bit( const mbedtls_mpi *X, size_t pos ); +int mbedtls_mpi_get_bit(const mbedtls_mpi *X, size_t pos); /** * \brief Modify a specific bit in an MPI. @@ -401,7 +402,7 @@ int mbedtls_mpi_get_bit( const mbedtls_mpi *X, size_t pos ); * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed. * \return Another negative error code on other kinds of failure. */ -int mbedtls_mpi_set_bit( mbedtls_mpi *X, size_t pos, unsigned char val ); +int mbedtls_mpi_set_bit(mbedtls_mpi *X, size_t pos, unsigned char val); /** * \brief Return the number of bits of value \c 0 before the @@ -415,7 +416,7 @@ int mbedtls_mpi_set_bit( mbedtls_mpi *X, size_t pos, unsigned char val ); * \return The number of bits of value \c 0 before the least significant * bit of value \c 1 in \p X. */ -size_t mbedtls_mpi_lsb( const mbedtls_mpi *X ); +size_t mbedtls_mpi_lsb(const mbedtls_mpi *X); /** * \brief Return the number of bits up to and including the most @@ -429,7 +430,7 @@ size_t mbedtls_mpi_lsb( const mbedtls_mpi *X ); * \return The number of bits up to and including the most * significant bit of value \c 1. */ -size_t mbedtls_mpi_bitlen( const mbedtls_mpi *X ); +size_t mbedtls_mpi_bitlen(const mbedtls_mpi *X); /** * \brief Return the total size of an MPI value in bytes. @@ -444,7 +445,7 @@ size_t mbedtls_mpi_bitlen( const mbedtls_mpi *X ); * \return The least number of bytes capable of storing * the absolute value of \p X. */ -size_t mbedtls_mpi_size( const mbedtls_mpi *X ); +size_t mbedtls_mpi_size(const mbedtls_mpi *X); /** * \brief Import an MPI from an ASCII string. @@ -456,7 +457,7 @@ size_t mbedtls_mpi_size( const mbedtls_mpi *X ); * \return \c 0 if successful. * \return A negative error code on failure. */ -int mbedtls_mpi_read_string( mbedtls_mpi *X, int radix, const char *s ); +int mbedtls_mpi_read_string(mbedtls_mpi *X, int radix, const char *s); /** * \brief Export an MPI to an ASCII string. @@ -480,8 +481,8 @@ int mbedtls_mpi_read_string( mbedtls_mpi *X, int radix, const char *s ); * size of \p buf required for a successful call. * \return Another negative error code on different kinds of failure. */ -int mbedtls_mpi_write_string( const mbedtls_mpi *X, int radix, - char *buf, size_t buflen, size_t *olen ); +int mbedtls_mpi_write_string(const mbedtls_mpi *X, int radix, + char *buf, size_t buflen, size_t *olen); #if defined(MBEDTLS_FS_IO) /** @@ -505,7 +506,7 @@ int mbedtls_mpi_write_string( const mbedtls_mpi *X, int radix, * is too small. * \return Another negative error code on failure. */ -int mbedtls_mpi_read_file( mbedtls_mpi *X, int radix, FILE *fin ); +int mbedtls_mpi_read_file(mbedtls_mpi *X, int radix, FILE *fin); /** * \brief Export an MPI into an opened file. @@ -522,8 +523,8 @@ int mbedtls_mpi_read_file( mbedtls_mpi *X, int radix, FILE *fin ); * \return \c 0 if successful. * \return A negative error code on failure. */ -int mbedtls_mpi_write_file( const char *p, const mbedtls_mpi *X, - int radix, FILE *fout ); +int mbedtls_mpi_write_file(const char *p, const mbedtls_mpi *X, + int radix, FILE *fout); #endif /* MBEDTLS_FS_IO */ /** @@ -538,8 +539,8 @@ int mbedtls_mpi_write_file( const char *p, const mbedtls_mpi *X, * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed. * \return Another negative error code on different kinds of failure. */ -int mbedtls_mpi_read_binary( mbedtls_mpi *X, const unsigned char *buf, - size_t buflen ); +int mbedtls_mpi_read_binary(mbedtls_mpi *X, const unsigned char *buf, + size_t buflen); /** * \brief Import X from unsigned binary data, little endian @@ -553,8 +554,8 @@ int mbedtls_mpi_read_binary( mbedtls_mpi *X, const unsigned char *buf, * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed. * \return Another negative error code on different kinds of failure. */ -int mbedtls_mpi_read_binary_le( mbedtls_mpi *X, - const unsigned char *buf, size_t buflen ); +int mbedtls_mpi_read_binary_le(mbedtls_mpi *X, + const unsigned char *buf, size_t buflen); /** * \brief Export X into unsigned binary data, big endian. @@ -571,8 +572,8 @@ int mbedtls_mpi_read_binary_le( mbedtls_mpi *X, * large enough to hold the value of \p X. * \return Another negative error code on different kinds of failure. */ -int mbedtls_mpi_write_binary( const mbedtls_mpi *X, unsigned char *buf, - size_t buflen ); +int mbedtls_mpi_write_binary(const mbedtls_mpi *X, unsigned char *buf, + size_t buflen); /** * \brief Export X into unsigned binary data, little endian. @@ -589,8 +590,8 @@ int mbedtls_mpi_write_binary( const mbedtls_mpi *X, unsigned char *buf, * large enough to hold the value of \p X. * \return Another negative error code on different kinds of failure. */ -int mbedtls_mpi_write_binary_le( const mbedtls_mpi *X, - unsigned char *buf, size_t buflen ); +int mbedtls_mpi_write_binary_le(const mbedtls_mpi *X, + unsigned char *buf, size_t buflen); /** * \brief Perform a left-shift on an MPI: X <<= count @@ -602,7 +603,7 @@ int mbedtls_mpi_write_binary_le( const mbedtls_mpi *X, * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed. * \return Another negative error code on different kinds of failure. */ -int mbedtls_mpi_shift_l( mbedtls_mpi *X, size_t count ); +int mbedtls_mpi_shift_l(mbedtls_mpi *X, size_t count); /** * \brief Perform a right-shift on an MPI: X >>= count @@ -614,7 +615,7 @@ int mbedtls_mpi_shift_l( mbedtls_mpi *X, size_t count ); * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed. * \return Another negative error code on different kinds of failure. */ -int mbedtls_mpi_shift_r( mbedtls_mpi *X, size_t count ); +int mbedtls_mpi_shift_r(mbedtls_mpi *X, size_t count); /** * \brief Compare the absolute values of two MPIs. @@ -626,7 +627,7 @@ int mbedtls_mpi_shift_r( mbedtls_mpi *X, size_t count ); * \return \c -1 if `|X|` is lesser than `|Y|`. * \return \c 0 if `|X|` is equal to `|Y|`. */ -int mbedtls_mpi_cmp_abs( const mbedtls_mpi *X, const mbedtls_mpi *Y ); +int mbedtls_mpi_cmp_abs(const mbedtls_mpi *X, const mbedtls_mpi *Y); /** * \brief Compare two MPIs. @@ -638,7 +639,7 @@ int mbedtls_mpi_cmp_abs( const mbedtls_mpi *X, const mbedtls_mpi *Y ); * \return \c -1 if \p X is lesser than \p Y. * \return \c 0 if \p X is equal to \p Y. */ -int mbedtls_mpi_cmp_mpi( const mbedtls_mpi *X, const mbedtls_mpi *Y ); +int mbedtls_mpi_cmp_mpi(const mbedtls_mpi *X, const mbedtls_mpi *Y); /** * \brief Check if an MPI is less than the other in constant time. @@ -655,8 +656,8 @@ int mbedtls_mpi_cmp_mpi( const mbedtls_mpi *X, const mbedtls_mpi *Y ); * \return MBEDTLS_ERR_MPI_BAD_INPUT_DATA if the allocated length of * the two input MPIs is not the same. */ -int mbedtls_mpi_lt_mpi_ct( const mbedtls_mpi *X, const mbedtls_mpi *Y, - unsigned *ret ); +int mbedtls_mpi_lt_mpi_ct(const mbedtls_mpi *X, const mbedtls_mpi *Y, + unsigned *ret); /** * \brief Compare an MPI with an integer. @@ -668,7 +669,7 @@ int mbedtls_mpi_lt_mpi_ct( const mbedtls_mpi *X, const mbedtls_mpi *Y, * \return \c -1 if \p X is lesser than \p z. * \return \c 0 if \p X is equal to \p z. */ -int mbedtls_mpi_cmp_int( const mbedtls_mpi *X, mbedtls_mpi_sint z ); +int mbedtls_mpi_cmp_int(const mbedtls_mpi *X, mbedtls_mpi_sint z); /** * \brief Perform an unsigned addition of MPIs: X = |A| + |B| @@ -681,8 +682,8 @@ int mbedtls_mpi_cmp_int( const mbedtls_mpi *X, mbedtls_mpi_sint z ); * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed. * \return Another negative error code on different kinds of failure. */ -int mbedtls_mpi_add_abs( mbedtls_mpi *X, const mbedtls_mpi *A, - const mbedtls_mpi *B ); +int mbedtls_mpi_add_abs(mbedtls_mpi *X, const mbedtls_mpi *A, + const mbedtls_mpi *B); /** * \brief Perform an unsigned subtraction of MPIs: X = |A| - |B| @@ -696,8 +697,8 @@ int mbedtls_mpi_add_abs( mbedtls_mpi *X, const mbedtls_mpi *A, * \return Another negative error code on different kinds of failure. * */ -int mbedtls_mpi_sub_abs( mbedtls_mpi *X, const mbedtls_mpi *A, - const mbedtls_mpi *B ); +int mbedtls_mpi_sub_abs(mbedtls_mpi *X, const mbedtls_mpi *A, + const mbedtls_mpi *B); /** * \brief Perform a signed addition of MPIs: X = A + B @@ -710,8 +711,8 @@ int mbedtls_mpi_sub_abs( mbedtls_mpi *X, const mbedtls_mpi *A, * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed. * \return Another negative error code on different kinds of failure. */ -int mbedtls_mpi_add_mpi( mbedtls_mpi *X, const mbedtls_mpi *A, - const mbedtls_mpi *B ); +int mbedtls_mpi_add_mpi(mbedtls_mpi *X, const mbedtls_mpi *A, + const mbedtls_mpi *B); /** * \brief Perform a signed subtraction of MPIs: X = A - B @@ -724,8 +725,8 @@ int mbedtls_mpi_add_mpi( mbedtls_mpi *X, const mbedtls_mpi *A, * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed. * \return Another negative error code on different kinds of failure. */ -int mbedtls_mpi_sub_mpi( mbedtls_mpi *X, const mbedtls_mpi *A, - const mbedtls_mpi *B ); +int mbedtls_mpi_sub_mpi(mbedtls_mpi *X, const mbedtls_mpi *A, + const mbedtls_mpi *B); /** * \brief Perform a signed addition of an MPI and an integer: X = A + b @@ -738,8 +739,8 @@ int mbedtls_mpi_sub_mpi( mbedtls_mpi *X, const mbedtls_mpi *A, * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed. * \return Another negative error code on different kinds of failure. */ -int mbedtls_mpi_add_int( mbedtls_mpi *X, const mbedtls_mpi *A, - mbedtls_mpi_sint b ); +int mbedtls_mpi_add_int(mbedtls_mpi *X, const mbedtls_mpi *A, + mbedtls_mpi_sint b); /** * \brief Perform a signed subtraction of an MPI and an integer: @@ -753,8 +754,8 @@ int mbedtls_mpi_add_int( mbedtls_mpi *X, const mbedtls_mpi *A, * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed. * \return Another negative error code on different kinds of failure. */ -int mbedtls_mpi_sub_int( mbedtls_mpi *X, const mbedtls_mpi *A, - mbedtls_mpi_sint b ); +int mbedtls_mpi_sub_int(mbedtls_mpi *X, const mbedtls_mpi *A, + mbedtls_mpi_sint b); /** * \brief Perform a multiplication of two MPIs: X = A * B @@ -768,8 +769,8 @@ int mbedtls_mpi_sub_int( mbedtls_mpi *X, const mbedtls_mpi *A, * \return Another negative error code on different kinds of failure. * */ -int mbedtls_mpi_mul_mpi( mbedtls_mpi *X, const mbedtls_mpi *A, - const mbedtls_mpi *B ); +int mbedtls_mpi_mul_mpi(mbedtls_mpi *X, const mbedtls_mpi *A, + const mbedtls_mpi *B); /** * \brief Perform a multiplication of an MPI with an unsigned integer: @@ -784,8 +785,8 @@ int mbedtls_mpi_mul_mpi( mbedtls_mpi *X, const mbedtls_mpi *A, * \return Another negative error code on different kinds of failure. * */ -int mbedtls_mpi_mul_int( mbedtls_mpi *X, const mbedtls_mpi *A, - mbedtls_mpi_uint b ); +int mbedtls_mpi_mul_int(mbedtls_mpi *X, const mbedtls_mpi *A, + mbedtls_mpi_uint b); /** * \brief Perform a division with remainder of two MPIs: @@ -805,8 +806,8 @@ int mbedtls_mpi_mul_int( mbedtls_mpi *X, const mbedtls_mpi *A, * \return #MBEDTLS_ERR_MPI_DIVISION_BY_ZERO if \p B equals zero. * \return Another negative error code on different kinds of failure. */ -int mbedtls_mpi_div_mpi( mbedtls_mpi *Q, mbedtls_mpi *R, const mbedtls_mpi *A, - const mbedtls_mpi *B ); +int mbedtls_mpi_div_mpi(mbedtls_mpi *Q, mbedtls_mpi *R, const mbedtls_mpi *A, + const mbedtls_mpi *B); /** * \brief Perform a division with remainder of an MPI by an integer: @@ -826,8 +827,8 @@ int mbedtls_mpi_div_mpi( mbedtls_mpi *Q, mbedtls_mpi *R, const mbedtls_mpi *A, * \return #MBEDTLS_ERR_MPI_DIVISION_BY_ZERO if \p b equals zero. * \return Another negative error code on different kinds of failure. */ -int mbedtls_mpi_div_int( mbedtls_mpi *Q, mbedtls_mpi *R, const mbedtls_mpi *A, - mbedtls_mpi_sint b ); +int mbedtls_mpi_div_int(mbedtls_mpi *Q, mbedtls_mpi *R, const mbedtls_mpi *A, + mbedtls_mpi_sint b); /** * \brief Perform a modular reduction. R = A mod B @@ -846,8 +847,8 @@ int mbedtls_mpi_div_int( mbedtls_mpi *Q, mbedtls_mpi *R, const mbedtls_mpi *A, * \return Another negative error code on different kinds of failure. * */ -int mbedtls_mpi_mod_mpi( mbedtls_mpi *R, const mbedtls_mpi *A, - const mbedtls_mpi *B ); +int mbedtls_mpi_mod_mpi(mbedtls_mpi *R, const mbedtls_mpi *A, + const mbedtls_mpi *B); /** * \brief Perform a modular reduction with respect to an integer. @@ -865,8 +866,8 @@ int mbedtls_mpi_mod_mpi( mbedtls_mpi *R, const mbedtls_mpi *A, * \return #MBEDTLS_ERR_MPI_NEGATIVE_VALUE if \p b is negative. * \return Another negative error code on different kinds of failure. */ -int mbedtls_mpi_mod_int( mbedtls_mpi_uint *r, const mbedtls_mpi *A, - mbedtls_mpi_sint b ); +int mbedtls_mpi_mod_int(mbedtls_mpi_uint *r, const mbedtls_mpi *A, + mbedtls_mpi_sint b); /** * \brief Perform a sliding-window exponentiation: X = A^E mod N @@ -895,9 +896,9 @@ int mbedtls_mpi_mod_int( mbedtls_mpi_uint *r, const mbedtls_mpi *A, * \return Another negative error code on different kinds of failures. * */ -int mbedtls_mpi_exp_mod( mbedtls_mpi *X, const mbedtls_mpi *A, - const mbedtls_mpi *E, const mbedtls_mpi *N, - mbedtls_mpi *prec_RR ); +int mbedtls_mpi_exp_mod(mbedtls_mpi *X, const mbedtls_mpi *A, + const mbedtls_mpi *E, const mbedtls_mpi *N, + mbedtls_mpi *prec_RR); /** * \brief Fill an MPI with a number of random bytes. @@ -916,9 +917,9 @@ int mbedtls_mpi_exp_mod( mbedtls_mpi *X, const mbedtls_mpi *A, * as a big-endian representation of an MPI; this can * be relevant in applications like deterministic ECDSA. */ -int mbedtls_mpi_fill_random( mbedtls_mpi *X, size_t size, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ); +int mbedtls_mpi_fill_random(mbedtls_mpi *X, size_t size, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng); /** Generate a random number uniformly in a range. * @@ -952,11 +953,11 @@ int mbedtls_mpi_fill_random( mbedtls_mpi *X, size_t size, * for all usual cryptographic applications. * \return Another negative error code on failure. */ -int mbedtls_mpi_random( mbedtls_mpi *X, - mbedtls_mpi_sint min, - const mbedtls_mpi *N, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ); +int mbedtls_mpi_random(mbedtls_mpi *X, + mbedtls_mpi_sint min, + const mbedtls_mpi *N, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng); /** * \brief Compute the greatest common divisor: G = gcd(A, B) @@ -969,8 +970,8 @@ int mbedtls_mpi_random( mbedtls_mpi *X, * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed. * \return Another negative error code on different kinds of failure. */ -int mbedtls_mpi_gcd( mbedtls_mpi *G, const mbedtls_mpi *A, - const mbedtls_mpi *B ); +int mbedtls_mpi_gcd(mbedtls_mpi *G, const mbedtls_mpi *A, + const mbedtls_mpi *B); /** * \brief Compute the modular inverse: X = A^-1 mod N @@ -988,8 +989,8 @@ int mbedtls_mpi_gcd( mbedtls_mpi *G, const mbedtls_mpi *A, * \return #MBEDTLS_ERR_MPI_NOT_ACCEPTABLE if \p has no modular inverse * with respect to \p N. */ -int mbedtls_mpi_inv_mod( mbedtls_mpi *X, const mbedtls_mpi *A, - const mbedtls_mpi *N ); +int mbedtls_mpi_inv_mod(mbedtls_mpi *X, const mbedtls_mpi *A, + const mbedtls_mpi *N); #if !defined(MBEDTLS_DEPRECATED_REMOVED) #if defined(MBEDTLS_DEPRECATED_WARNING) @@ -1016,9 +1017,9 @@ int mbedtls_mpi_inv_mod( mbedtls_mpi *X, const mbedtls_mpi *A, * \return #MBEDTLS_ERR_MPI_NOT_ACCEPTABLE if \p X is not prime. * \return Another negative error code on other kinds of failure. */ -MBEDTLS_DEPRECATED int mbedtls_mpi_is_prime( const mbedtls_mpi *X, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ); +MBEDTLS_DEPRECATED int mbedtls_mpi_is_prime(const mbedtls_mpi *X, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng); #undef MBEDTLS_DEPRECATED #endif /* !MBEDTLS_DEPRECATED_REMOVED */ @@ -1049,9 +1050,9 @@ MBEDTLS_DEPRECATED int mbedtls_mpi_is_prime( const mbedtls_mpi *X, * \return #MBEDTLS_ERR_MPI_NOT_ACCEPTABLE if \p X is not prime. * \return Another negative error code on other kinds of failure. */ -int mbedtls_mpi_is_prime_ext( const mbedtls_mpi *X, int rounds, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ); +int mbedtls_mpi_is_prime_ext(const mbedtls_mpi *X, int rounds, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng); /** * \brief Flags for mbedtls_mpi_gen_prime() * @@ -1082,9 +1083,9 @@ typedef enum { * \return #MBEDTLS_ERR_MPI_BAD_INPUT_DATA if `nbits` is not between * \c 3 and #MBEDTLS_MPI_MAX_BITS. */ -int mbedtls_mpi_gen_prime( mbedtls_mpi *X, size_t nbits, int flags, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ); +int mbedtls_mpi_gen_prime(mbedtls_mpi *X, size_t nbits, int flags, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng); #if defined(MBEDTLS_SELF_TEST) @@ -1093,7 +1094,7 @@ int mbedtls_mpi_gen_prime( mbedtls_mpi *X, size_t nbits, int flags, * * \return 0 if successful, or 1 if the test failed */ -int mbedtls_mpi_self_test( int verbose ); +int mbedtls_mpi_self_test(int verbose); #endif /* MBEDTLS_SELF_TEST */ diff --git a/thirdparty/mbedtls/include/mbedtls/blowfish.h b/thirdparty/mbedtls/include/mbedtls/blowfish.h index d5f809921f..7936d2f8a4 100644 --- a/thirdparty/mbedtls/include/mbedtls/blowfish.h +++ b/thirdparty/mbedtls/include/mbedtls/blowfish.h @@ -41,7 +41,7 @@ #define MBEDTLS_BLOWFISH_BLOCKSIZE 8 /* Blowfish uses 64 bit blocks */ #if !defined(MBEDTLS_DEPRECATED_REMOVED) -#define MBEDTLS_ERR_BLOWFISH_INVALID_KEY_LENGTH MBEDTLS_DEPRECATED_NUMERIC_CONSTANT( -0x0016 ) +#define MBEDTLS_ERR_BLOWFISH_INVALID_KEY_LENGTH MBEDTLS_DEPRECATED_NUMERIC_CONSTANT(-0x0016) #endif /* !MBEDTLS_DEPRECATED_REMOVED */ /** Bad input data. */ #define MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA -0x0016 @@ -65,8 +65,7 @@ extern "C" { /** * \brief Blowfish context structure */ -typedef struct mbedtls_blowfish_context -{ +typedef struct mbedtls_blowfish_context { uint32_t P[MBEDTLS_BLOWFISH_ROUNDS + 2]; /*!< Blowfish round keys */ uint32_t S[4][256]; /*!< key dependent S-boxes */ } @@ -82,7 +81,7 @@ mbedtls_blowfish_context; * \param ctx The Blowfish context to be initialized. * This must not be \c NULL. */ -void mbedtls_blowfish_init( mbedtls_blowfish_context *ctx ); +void mbedtls_blowfish_init(mbedtls_blowfish_context *ctx); /** * \brief Clear a Blowfish context. @@ -92,7 +91,7 @@ void mbedtls_blowfish_init( mbedtls_blowfish_context *ctx ); * returns immediately. If it is not \c NULL, it must * point to an initialized Blowfish context. */ -void mbedtls_blowfish_free( mbedtls_blowfish_context *ctx ); +void mbedtls_blowfish_free(mbedtls_blowfish_context *ctx); /** * \brief Perform a Blowfish key schedule operation. @@ -106,8 +105,8 @@ void mbedtls_blowfish_free( mbedtls_blowfish_context *ctx ); * \return \c 0 if successful. * \return A negative error code on failure. */ -int mbedtls_blowfish_setkey( mbedtls_blowfish_context *ctx, const unsigned char *key, - unsigned int keybits ); +int mbedtls_blowfish_setkey(mbedtls_blowfish_context *ctx, const unsigned char *key, + unsigned int keybits); /** * \brief Perform a Blowfish-ECB block encryption/decryption operation. @@ -125,10 +124,10 @@ int mbedtls_blowfish_setkey( mbedtls_blowfish_context *ctx, const unsigned char * \return \c 0 if successful. * \return A negative error code on failure. */ -int mbedtls_blowfish_crypt_ecb( mbedtls_blowfish_context *ctx, - int mode, - const unsigned char input[MBEDTLS_BLOWFISH_BLOCKSIZE], - unsigned char output[MBEDTLS_BLOWFISH_BLOCKSIZE] ); +int mbedtls_blowfish_crypt_ecb(mbedtls_blowfish_context *ctx, + int mode, + const unsigned char input[MBEDTLS_BLOWFISH_BLOCKSIZE], + unsigned char output[MBEDTLS_BLOWFISH_BLOCKSIZE]); #if defined(MBEDTLS_CIPHER_MODE_CBC) /** @@ -159,12 +158,12 @@ int mbedtls_blowfish_crypt_ecb( mbedtls_blowfish_context *ctx, * \return \c 0 if successful. * \return A negative error code on failure. */ -int mbedtls_blowfish_crypt_cbc( mbedtls_blowfish_context *ctx, - int mode, - size_t length, - unsigned char iv[MBEDTLS_BLOWFISH_BLOCKSIZE], - const unsigned char *input, - unsigned char *output ); +int mbedtls_blowfish_crypt_cbc(mbedtls_blowfish_context *ctx, + int mode, + size_t length, + unsigned char iv[MBEDTLS_BLOWFISH_BLOCKSIZE], + const unsigned char *input, + unsigned char *output); #endif /* MBEDTLS_CIPHER_MODE_CBC */ #if defined(MBEDTLS_CIPHER_MODE_CFB) @@ -199,13 +198,13 @@ int mbedtls_blowfish_crypt_cbc( mbedtls_blowfish_context *ctx, * \return \c 0 if successful. * \return A negative error code on failure. */ -int mbedtls_blowfish_crypt_cfb64( mbedtls_blowfish_context *ctx, - int mode, - size_t length, - size_t *iv_off, - unsigned char iv[MBEDTLS_BLOWFISH_BLOCKSIZE], - const unsigned char *input, - unsigned char *output ); +int mbedtls_blowfish_crypt_cfb64(mbedtls_blowfish_context *ctx, + int mode, + size_t length, + size_t *iv_off, + unsigned char iv[MBEDTLS_BLOWFISH_BLOCKSIZE], + const unsigned char *input, + unsigned char *output); #endif /*MBEDTLS_CIPHER_MODE_CFB */ #if defined(MBEDTLS_CIPHER_MODE_CTR) @@ -272,13 +271,13 @@ int mbedtls_blowfish_crypt_cfb64( mbedtls_blowfish_context *ctx, * \return \c 0 if successful. * \return A negative error code on failure. */ -int mbedtls_blowfish_crypt_ctr( mbedtls_blowfish_context *ctx, - size_t length, - size_t *nc_off, - unsigned char nonce_counter[MBEDTLS_BLOWFISH_BLOCKSIZE], - unsigned char stream_block[MBEDTLS_BLOWFISH_BLOCKSIZE], - const unsigned char *input, - unsigned char *output ); +int mbedtls_blowfish_crypt_ctr(mbedtls_blowfish_context *ctx, + size_t length, + size_t *nc_off, + unsigned char nonce_counter[MBEDTLS_BLOWFISH_BLOCKSIZE], + unsigned char stream_block[MBEDTLS_BLOWFISH_BLOCKSIZE], + const unsigned char *input, + unsigned char *output); #endif /* MBEDTLS_CIPHER_MODE_CTR */ #ifdef __cplusplus diff --git a/thirdparty/mbedtls/include/mbedtls/bn_mul.h b/thirdparty/mbedtls/include/mbedtls/bn_mul.h index a3fc363815..a0bc4d061d 100644 --- a/thirdparty/mbedtls/include/mbedtls/bn_mul.h +++ b/thirdparty/mbedtls/include/mbedtls/bn_mul.h @@ -51,39 +51,40 @@ */ #if defined(MBEDTLS_HAVE_INT32) -#define MBEDTLS_BYTES_TO_T_UINT_4( a, b, c, d ) \ - ( (mbedtls_mpi_uint) (a) << 0 ) | \ - ( (mbedtls_mpi_uint) (b) << 8 ) | \ - ( (mbedtls_mpi_uint) (c) << 16 ) | \ - ( (mbedtls_mpi_uint) (d) << 24 ) +#define MBEDTLS_BYTES_TO_T_UINT_4(a, b, c, d) \ + ((mbedtls_mpi_uint) (a) << 0) | \ + ((mbedtls_mpi_uint) (b) << 8) | \ + ((mbedtls_mpi_uint) (c) << 16) | \ + ((mbedtls_mpi_uint) (d) << 24) -#define MBEDTLS_BYTES_TO_T_UINT_2( a, b ) \ - MBEDTLS_BYTES_TO_T_UINT_4( a, b, 0, 0 ) +#define MBEDTLS_BYTES_TO_T_UINT_2(a, b) \ + MBEDTLS_BYTES_TO_T_UINT_4(a, b, 0, 0) -#define MBEDTLS_BYTES_TO_T_UINT_8( a, b, c, d, e, f, g, h ) \ - MBEDTLS_BYTES_TO_T_UINT_4( a, b, c, d ), \ - MBEDTLS_BYTES_TO_T_UINT_4( e, f, g, h ) +#define MBEDTLS_BYTES_TO_T_UINT_8(a, b, c, d, e, f, g, h) \ + MBEDTLS_BYTES_TO_T_UINT_4(a, b, c, d), \ + MBEDTLS_BYTES_TO_T_UINT_4(e, f, g, h) #else /* 64-bits */ -#define MBEDTLS_BYTES_TO_T_UINT_8( a, b, c, d, e, f, g, h ) \ - ( (mbedtls_mpi_uint) (a) << 0 ) | \ - ( (mbedtls_mpi_uint) (b) << 8 ) | \ - ( (mbedtls_mpi_uint) (c) << 16 ) | \ - ( (mbedtls_mpi_uint) (d) << 24 ) | \ - ( (mbedtls_mpi_uint) (e) << 32 ) | \ - ( (mbedtls_mpi_uint) (f) << 40 ) | \ - ( (mbedtls_mpi_uint) (g) << 48 ) | \ - ( (mbedtls_mpi_uint) (h) << 56 ) +#define MBEDTLS_BYTES_TO_T_UINT_8(a, b, c, d, e, f, g, h) \ + ((mbedtls_mpi_uint) (a) << 0) | \ + ((mbedtls_mpi_uint) (b) << 8) | \ + ((mbedtls_mpi_uint) (c) << 16) | \ + ((mbedtls_mpi_uint) (d) << 24) | \ + ((mbedtls_mpi_uint) (e) << 32) | \ + ((mbedtls_mpi_uint) (f) << 40) | \ + ((mbedtls_mpi_uint) (g) << 48) | \ + ((mbedtls_mpi_uint) (h) << 56) -#define MBEDTLS_BYTES_TO_T_UINT_4( a, b, c, d ) \ - MBEDTLS_BYTES_TO_T_UINT_8( a, b, c, d, 0, 0, 0, 0 ) +#define MBEDTLS_BYTES_TO_T_UINT_4(a, b, c, d) \ + MBEDTLS_BYTES_TO_T_UINT_8(a, b, c, d, 0, 0, 0, 0) -#define MBEDTLS_BYTES_TO_T_UINT_2( a, b ) \ - MBEDTLS_BYTES_TO_T_UINT_8( a, b, 0, 0, 0, 0, 0, 0 ) +#define MBEDTLS_BYTES_TO_T_UINT_2(a, b) \ + MBEDTLS_BYTES_TO_T_UINT_8(a, b, 0, 0, 0, 0, 0, 0) #endif /* bits in mbedtls_mpi_uint */ +/* *INDENT-OFF* */ #if defined(MBEDTLS_HAVE_ASM) #ifndef asm @@ -1001,4 +1002,5 @@ #endif /* C (generic) */ #endif /* C (longlong) */ +/* *INDENT-ON* */ #endif /* bn_mul.h */ diff --git a/thirdparty/mbedtls/include/mbedtls/camellia.h b/thirdparty/mbedtls/include/mbedtls/camellia.h index d39d932fa2..05397d2316 100644 --- a/thirdparty/mbedtls/include/mbedtls/camellia.h +++ b/thirdparty/mbedtls/include/mbedtls/camellia.h @@ -37,7 +37,7 @@ #define MBEDTLS_CAMELLIA_DECRYPT 0 #if !defined(MBEDTLS_DEPRECATED_REMOVED) -#define MBEDTLS_ERR_CAMELLIA_INVALID_KEY_LENGTH MBEDTLS_DEPRECATED_NUMERIC_CONSTANT( -0x0024 ) +#define MBEDTLS_ERR_CAMELLIA_INVALID_KEY_LENGTH MBEDTLS_DEPRECATED_NUMERIC_CONSTANT(-0x0024) #endif /* !MBEDTLS_DEPRECATED_REMOVED */ /** Bad input data. */ #define MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA -0x0024 @@ -61,8 +61,7 @@ extern "C" { /** * \brief CAMELLIA context structure */ -typedef struct mbedtls_camellia_context -{ +typedef struct mbedtls_camellia_context { int nr; /*!< number of rounds */ uint32_t rk[68]; /*!< CAMELLIA round keys */ } @@ -78,7 +77,7 @@ mbedtls_camellia_context; * \param ctx The CAMELLIA context to be initialized. * This must not be \c NULL. */ -void mbedtls_camellia_init( mbedtls_camellia_context *ctx ); +void mbedtls_camellia_init(mbedtls_camellia_context *ctx); /** * \brief Clear a CAMELLIA context. @@ -87,7 +86,7 @@ void mbedtls_camellia_init( mbedtls_camellia_context *ctx ); * in which case this function returns immediately. If it is not * \c NULL, it must be initialized. */ -void mbedtls_camellia_free( mbedtls_camellia_context *ctx ); +void mbedtls_camellia_free(mbedtls_camellia_context *ctx); /** * \brief Perform a CAMELLIA key schedule operation for encryption. @@ -101,9 +100,9 @@ void mbedtls_camellia_free( mbedtls_camellia_context *ctx ); * \return \c 0 if successful. * \return A negative error code on failure. */ -int mbedtls_camellia_setkey_enc( mbedtls_camellia_context *ctx, - const unsigned char *key, - unsigned int keybits ); +int mbedtls_camellia_setkey_enc(mbedtls_camellia_context *ctx, + const unsigned char *key, + unsigned int keybits); /** * \brief Perform a CAMELLIA key schedule operation for decryption. @@ -117,9 +116,9 @@ int mbedtls_camellia_setkey_enc( mbedtls_camellia_context *ctx, * \return \c 0 if successful. * \return A negative error code on failure. */ -int mbedtls_camellia_setkey_dec( mbedtls_camellia_context *ctx, - const unsigned char *key, - unsigned int keybits ); +int mbedtls_camellia_setkey_dec(mbedtls_camellia_context *ctx, + const unsigned char *key, + unsigned int keybits); /** * \brief Perform a CAMELLIA-ECB block encryption/decryption operation. @@ -136,10 +135,10 @@ int mbedtls_camellia_setkey_dec( mbedtls_camellia_context *ctx, * \return \c 0 if successful. * \return A negative error code on failure. */ -int mbedtls_camellia_crypt_ecb( mbedtls_camellia_context *ctx, - int mode, - const unsigned char input[16], - unsigned char output[16] ); +int mbedtls_camellia_crypt_ecb(mbedtls_camellia_context *ctx, + int mode, + const unsigned char input[16], + unsigned char output[16]); #if defined(MBEDTLS_CIPHER_MODE_CBC) /** @@ -170,12 +169,12 @@ int mbedtls_camellia_crypt_ecb( mbedtls_camellia_context *ctx, * \return \c 0 if successful. * \return A negative error code on failure. */ -int mbedtls_camellia_crypt_cbc( mbedtls_camellia_context *ctx, - int mode, - size_t length, - unsigned char iv[16], - const unsigned char *input, - unsigned char *output ); +int mbedtls_camellia_crypt_cbc(mbedtls_camellia_context *ctx, + int mode, + size_t length, + unsigned char iv[16], + const unsigned char *input, + unsigned char *output); #endif /* MBEDTLS_CIPHER_MODE_CBC */ #if defined(MBEDTLS_CIPHER_MODE_CFB) @@ -216,13 +215,13 @@ int mbedtls_camellia_crypt_cbc( mbedtls_camellia_context *ctx, * \return \c 0 if successful. * \return A negative error code on failure. */ -int mbedtls_camellia_crypt_cfb128( mbedtls_camellia_context *ctx, - int mode, - size_t length, - size_t *iv_off, - unsigned char iv[16], - const unsigned char *input, - unsigned char *output ); +int mbedtls_camellia_crypt_cfb128(mbedtls_camellia_context *ctx, + int mode, + size_t length, + size_t *iv_off, + unsigned char iv[16], + const unsigned char *input, + unsigned char *output); #endif /* MBEDTLS_CIPHER_MODE_CFB */ #if defined(MBEDTLS_CIPHER_MODE_CTR) @@ -300,13 +299,13 @@ int mbedtls_camellia_crypt_cfb128( mbedtls_camellia_context *ctx, * \return \c 0 if successful. * \return A negative error code on failure. */ -int mbedtls_camellia_crypt_ctr( mbedtls_camellia_context *ctx, - size_t length, - size_t *nc_off, - unsigned char nonce_counter[16], - unsigned char stream_block[16], - const unsigned char *input, - unsigned char *output ); +int mbedtls_camellia_crypt_ctr(mbedtls_camellia_context *ctx, + size_t length, + size_t *nc_off, + unsigned char nonce_counter[16], + unsigned char stream_block[16], + const unsigned char *input, + unsigned char *output); #endif /* MBEDTLS_CIPHER_MODE_CTR */ #if defined(MBEDTLS_SELF_TEST) @@ -316,7 +315,7 @@ int mbedtls_camellia_crypt_ctr( mbedtls_camellia_context *ctx, * * \return 0 if successful, or 1 if the test failed */ -int mbedtls_camellia_self_test( int verbose ); +int mbedtls_camellia_self_test(int verbose); #endif /* MBEDTLS_SELF_TEST */ diff --git a/thirdparty/mbedtls/include/mbedtls/ccm.h b/thirdparty/mbedtls/include/mbedtls/ccm.h index ece5a901cb..f082aba054 100644 --- a/thirdparty/mbedtls/include/mbedtls/ccm.h +++ b/thirdparty/mbedtls/include/mbedtls/ccm.h @@ -76,8 +76,7 @@ extern "C" { * \brief The CCM context-type definition. The CCM context is passed * to the APIs called. */ -typedef struct mbedtls_ccm_context -{ +typedef struct mbedtls_ccm_context { mbedtls_cipher_context_t cipher_ctx; /*!< The cipher context used. */ } mbedtls_ccm_context; @@ -93,7 +92,7 @@ mbedtls_ccm_context; * * \param ctx The CCM context to initialize. This must not be \c NULL. */ -void mbedtls_ccm_init( mbedtls_ccm_context *ctx ); +void mbedtls_ccm_init(mbedtls_ccm_context *ctx); /** * \brief This function initializes the CCM context set in the @@ -108,10 +107,10 @@ void mbedtls_ccm_init( mbedtls_ccm_context *ctx ); * \return \c 0 on success. * \return A CCM or cipher-specific error code on failure. */ -int mbedtls_ccm_setkey( mbedtls_ccm_context *ctx, - mbedtls_cipher_id_t cipher, - const unsigned char *key, - unsigned int keybits ); +int mbedtls_ccm_setkey(mbedtls_ccm_context *ctx, + mbedtls_cipher_id_t cipher, + const unsigned char *key, + unsigned int keybits); /** * \brief This function releases and clears the specified CCM context @@ -120,7 +119,7 @@ int mbedtls_ccm_setkey( mbedtls_ccm_context *ctx, * \param ctx The CCM context to clear. If this is \c NULL, the function * has no effect. Otherwise, this must be initialized. */ -void mbedtls_ccm_free( mbedtls_ccm_context *ctx ); +void mbedtls_ccm_free(mbedtls_ccm_context *ctx); /** * \brief This function encrypts a buffer using CCM. @@ -158,11 +157,11 @@ void mbedtls_ccm_free( mbedtls_ccm_context *ctx ); * \return \c 0 on success. * \return A CCM or cipher-specific error code on failure. */ -int mbedtls_ccm_encrypt_and_tag( mbedtls_ccm_context *ctx, size_t length, - const unsigned char *iv, size_t iv_len, - const unsigned char *add, size_t add_len, - const unsigned char *input, unsigned char *output, - unsigned char *tag, size_t tag_len ); +int mbedtls_ccm_encrypt_and_tag(mbedtls_ccm_context *ctx, size_t length, + const unsigned char *iv, size_t iv_len, + const unsigned char *add, size_t add_len, + const unsigned char *input, unsigned char *output, + unsigned char *tag, size_t tag_len); /** * \brief This function encrypts a buffer using CCM*. @@ -206,11 +205,11 @@ int mbedtls_ccm_encrypt_and_tag( mbedtls_ccm_context *ctx, size_t length, * \return \c 0 on success. * \return A CCM or cipher-specific error code on failure. */ -int mbedtls_ccm_star_encrypt_and_tag( mbedtls_ccm_context *ctx, size_t length, - const unsigned char *iv, size_t iv_len, - const unsigned char *add, size_t add_len, - const unsigned char *input, unsigned char *output, - unsigned char *tag, size_t tag_len ); +int mbedtls_ccm_star_encrypt_and_tag(mbedtls_ccm_context *ctx, size_t length, + const unsigned char *iv, size_t iv_len, + const unsigned char *add, size_t add_len, + const unsigned char *input, unsigned char *output, + unsigned char *tag, size_t tag_len); /** * \brief This function performs a CCM authenticated decryption of a @@ -243,11 +242,11 @@ int mbedtls_ccm_star_encrypt_and_tag( mbedtls_ccm_context *ctx, size_t length, * \return #MBEDTLS_ERR_CCM_AUTH_FAILED if the tag does not match. * \return A cipher-specific error code on calculation failure. */ -int mbedtls_ccm_auth_decrypt( mbedtls_ccm_context *ctx, size_t length, - const unsigned char *iv, size_t iv_len, - const unsigned char *add, size_t add_len, - const unsigned char *input, unsigned char *output, - const unsigned char *tag, size_t tag_len ); +int mbedtls_ccm_auth_decrypt(mbedtls_ccm_context *ctx, size_t length, + const unsigned char *iv, size_t iv_len, + const unsigned char *add, size_t add_len, + const unsigned char *input, unsigned char *output, + const unsigned char *tag, size_t tag_len); /** * \brief This function performs a CCM* authenticated decryption of a @@ -288,11 +287,11 @@ int mbedtls_ccm_auth_decrypt( mbedtls_ccm_context *ctx, size_t length, * \return #MBEDTLS_ERR_CCM_AUTH_FAILED if the tag does not match. * \return A cipher-specific error code on calculation failure. */ -int mbedtls_ccm_star_auth_decrypt( mbedtls_ccm_context *ctx, size_t length, - const unsigned char *iv, size_t iv_len, - const unsigned char *add, size_t add_len, - const unsigned char *input, unsigned char *output, - const unsigned char *tag, size_t tag_len ); +int mbedtls_ccm_star_auth_decrypt(mbedtls_ccm_context *ctx, size_t length, + const unsigned char *iv, size_t iv_len, + const unsigned char *add, size_t add_len, + const unsigned char *input, unsigned char *output, + const unsigned char *tag, size_t tag_len); #if defined(MBEDTLS_SELF_TEST) && defined(MBEDTLS_AES_C) /** @@ -301,7 +300,7 @@ int mbedtls_ccm_star_auth_decrypt( mbedtls_ccm_context *ctx, size_t length, * \return \c 0 on success. * \return \c 1 on failure. */ -int mbedtls_ccm_self_test( int verbose ); +int mbedtls_ccm_self_test(int verbose); #endif /* MBEDTLS_SELF_TEST && MBEDTLS_AES_C */ #ifdef __cplusplus diff --git a/thirdparty/mbedtls/include/mbedtls/certs.h b/thirdparty/mbedtls/include/mbedtls/certs.h index c93c741c7f..0ec6971e83 100644 --- a/thirdparty/mbedtls/include/mbedtls/certs.h +++ b/thirdparty/mbedtls/include/mbedtls/certs.h @@ -37,11 +37,11 @@ extern "C" { /* List of all PEM-encoded CA certificates, terminated by NULL; * PEM encoded if MBEDTLS_PEM_PARSE_C is enabled, DER encoded * otherwise. */ -extern const char * mbedtls_test_cas[]; +extern const char *mbedtls_test_cas[]; extern const size_t mbedtls_test_cas_len[]; /* List of all DER-encoded CA certificates, terminated by NULL */ -extern const unsigned char * mbedtls_test_cas_der[]; +extern const unsigned char *mbedtls_test_cas_der[]; extern const size_t mbedtls_test_cas_der_len[]; #if defined(MBEDTLS_PEM_PARSE_C) @@ -112,9 +112,9 @@ extern const size_t mbedtls_test_ca_crt_rsa_len; /* Config-dependent dispatch between EC and RSA * (RSA if enabled, otherwise EC) */ -extern const char * mbedtls_test_ca_crt; -extern const char * mbedtls_test_ca_key; -extern const char * mbedtls_test_ca_pwd; +extern const char *mbedtls_test_ca_crt; +extern const char *mbedtls_test_ca_key; +extern const char *mbedtls_test_ca_pwd; extern const size_t mbedtls_test_ca_crt_len; extern const size_t mbedtls_test_ca_key_len; extern const size_t mbedtls_test_ca_pwd_len; @@ -181,9 +181,9 @@ extern const size_t mbedtls_test_srv_crt_rsa_len; /* Config-dependent dispatch between EC and RSA * (RSA if enabled, otherwise EC) */ -extern const char * mbedtls_test_srv_crt; -extern const char * mbedtls_test_srv_key; -extern const char * mbedtls_test_srv_pwd; +extern const char *mbedtls_test_srv_crt; +extern const char *mbedtls_test_srv_key; +extern const char *mbedtls_test_srv_pwd; extern const size_t mbedtls_test_srv_crt_len; extern const size_t mbedtls_test_srv_key_len; extern const size_t mbedtls_test_srv_pwd_len; @@ -236,9 +236,9 @@ extern const size_t mbedtls_test_cli_crt_rsa_len; /* Config-dependent dispatch between EC and RSA * (RSA if enabled, otherwise EC) */ -extern const char * mbedtls_test_cli_crt; -extern const char * mbedtls_test_cli_key; -extern const char * mbedtls_test_cli_pwd; +extern const char *mbedtls_test_cli_crt; +extern const char *mbedtls_test_cli_key; +extern const char *mbedtls_test_cli_pwd; extern const size_t mbedtls_test_cli_crt_len; extern const size_t mbedtls_test_cli_key_len; extern const size_t mbedtls_test_cli_pwd_len; diff --git a/thirdparty/mbedtls/include/mbedtls/chacha20.h b/thirdparty/mbedtls/include/mbedtls/chacha20.h index 03b4871478..cd9f91a931 100644 --- a/thirdparty/mbedtls/include/mbedtls/chacha20.h +++ b/thirdparty/mbedtls/include/mbedtls/chacha20.h @@ -60,8 +60,7 @@ extern "C" { #if !defined(MBEDTLS_CHACHA20_ALT) -typedef struct mbedtls_chacha20_context -{ +typedef struct mbedtls_chacha20_context { uint32_t state[16]; /*! The state (before round operations). */ uint8_t keystream8[64]; /*! Leftover keystream bytes. */ size_t keystream_bytes_used; /*! Number of keystream bytes already used. */ @@ -87,7 +86,7 @@ mbedtls_chacha20_context; * \param ctx The ChaCha20 context to initialize. * This must not be \c NULL. */ -void mbedtls_chacha20_init( mbedtls_chacha20_context *ctx ); +void mbedtls_chacha20_init(mbedtls_chacha20_context *ctx); /** * \brief This function releases and clears the specified @@ -98,7 +97,7 @@ void mbedtls_chacha20_init( mbedtls_chacha20_context *ctx ); * \c NULL, it must point to an initialized context. * */ -void mbedtls_chacha20_free( mbedtls_chacha20_context *ctx ); +void mbedtls_chacha20_free(mbedtls_chacha20_context *ctx); /** * \brief This function sets the encryption/decryption key. @@ -116,8 +115,8 @@ void mbedtls_chacha20_free( mbedtls_chacha20_context *ctx ); * \return \c 0 on success. * \return #MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA if ctx or key is NULL. */ -int mbedtls_chacha20_setkey( mbedtls_chacha20_context *ctx, - const unsigned char key[32] ); +int mbedtls_chacha20_setkey(mbedtls_chacha20_context *ctx, + const unsigned char key[32]); /** * \brief This function sets the nonce and initial counter value. @@ -138,9 +137,9 @@ int mbedtls_chacha20_setkey( mbedtls_chacha20_context *ctx, * \return #MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA if ctx or nonce is * NULL. */ -int mbedtls_chacha20_starts( mbedtls_chacha20_context* ctx, - const unsigned char nonce[12], - uint32_t counter ); +int mbedtls_chacha20_starts(mbedtls_chacha20_context *ctx, + const unsigned char nonce[12], + uint32_t counter); /** * \brief This function encrypts or decrypts data. @@ -171,10 +170,10 @@ int mbedtls_chacha20_starts( mbedtls_chacha20_context* ctx, * \return \c 0 on success. * \return A negative error code on failure. */ -int mbedtls_chacha20_update( mbedtls_chacha20_context *ctx, - size_t size, - const unsigned char *input, - unsigned char *output ); +int mbedtls_chacha20_update(mbedtls_chacha20_context *ctx, + size_t size, + const unsigned char *input, + unsigned char *output); /** * \brief This function encrypts or decrypts data with ChaCha20 and @@ -204,12 +203,12 @@ int mbedtls_chacha20_update( mbedtls_chacha20_context *ctx, * \return \c 0 on success. * \return A negative error code on failure. */ -int mbedtls_chacha20_crypt( const unsigned char key[32], - const unsigned char nonce[12], - uint32_t counter, - size_t size, - const unsigned char* input, - unsigned char* output ); +int mbedtls_chacha20_crypt(const unsigned char key[32], + const unsigned char nonce[12], + uint32_t counter, + size_t size, + const unsigned char *input, + unsigned char *output); #if defined(MBEDTLS_SELF_TEST) /** @@ -218,7 +217,7 @@ int mbedtls_chacha20_crypt( const unsigned char key[32], * \return \c 0 on success. * \return \c 1 on failure. */ -int mbedtls_chacha20_self_test( int verbose ); +int mbedtls_chacha20_self_test(int verbose); #endif /* MBEDTLS_SELF_TEST */ #ifdef __cplusplus diff --git a/thirdparty/mbedtls/include/mbedtls/chachapoly.h b/thirdparty/mbedtls/include/mbedtls/chachapoly.h index ed568bc98b..c3f1720704 100644 --- a/thirdparty/mbedtls/include/mbedtls/chachapoly.h +++ b/thirdparty/mbedtls/include/mbedtls/chachapoly.h @@ -50,8 +50,7 @@ extern "C" { #endif -typedef enum -{ +typedef enum { MBEDTLS_CHACHAPOLY_ENCRYPT, /**< The mode value for performing encryption. */ MBEDTLS_CHACHAPOLY_DECRYPT /**< The mode value for performing decryption. */ } @@ -61,8 +60,7 @@ mbedtls_chachapoly_mode_t; #include "mbedtls/chacha20.h" -typedef struct mbedtls_chachapoly_context -{ +typedef struct mbedtls_chachapoly_context { mbedtls_chacha20_context chacha20_ctx; /**< The ChaCha20 context. */ mbedtls_poly1305_context poly1305_ctx; /**< The Poly1305 context. */ uint64_t aad_len; /**< The length (bytes) of the Additional Authenticated Data. */ @@ -118,7 +116,7 @@ mbedtls_chachapoly_context; * * \param ctx The ChachaPoly context to initialize. Must not be \c NULL. */ -void mbedtls_chachapoly_init( mbedtls_chachapoly_context *ctx ); +void mbedtls_chachapoly_init(mbedtls_chachapoly_context *ctx); /** * \brief This function releases and clears the specified @@ -127,7 +125,7 @@ void mbedtls_chachapoly_init( mbedtls_chachapoly_context *ctx ); * \param ctx The ChachaPoly context to clear. This may be \c NULL, in which * case this function is a no-op. */ -void mbedtls_chachapoly_free( mbedtls_chachapoly_context *ctx ); +void mbedtls_chachapoly_free(mbedtls_chachapoly_context *ctx); /** * \brief This function sets the ChaCha20-Poly1305 @@ -140,8 +138,8 @@ void mbedtls_chachapoly_free( mbedtls_chachapoly_context *ctx ); * \return \c 0 on success. * \return A negative error code on failure. */ -int mbedtls_chachapoly_setkey( mbedtls_chachapoly_context *ctx, - const unsigned char key[32] ); +int mbedtls_chachapoly_setkey(mbedtls_chachapoly_context *ctx, + const unsigned char key[32]); /** * \brief This function starts a ChaCha20-Poly1305 encryption or @@ -168,9 +166,9 @@ int mbedtls_chachapoly_setkey( mbedtls_chachapoly_context *ctx, * \return \c 0 on success. * \return A negative error code on failure. */ -int mbedtls_chachapoly_starts( mbedtls_chachapoly_context *ctx, - const unsigned char nonce[12], - mbedtls_chachapoly_mode_t mode ); +int mbedtls_chachapoly_starts(mbedtls_chachapoly_context *ctx, + const unsigned char nonce[12], + mbedtls_chachapoly_mode_t mode); /** * \brief This function feeds additional data to be authenticated @@ -211,9 +209,9 @@ int mbedtls_chachapoly_starts( mbedtls_chachapoly_context *ctx, * if the operations has not been started or has been * finished, or if the AAD has been finished. */ -int mbedtls_chachapoly_update_aad( mbedtls_chachapoly_context *ctx, - const unsigned char *aad, - size_t aad_len ); +int mbedtls_chachapoly_update_aad(mbedtls_chachapoly_context *ctx, + const unsigned char *aad, + size_t aad_len); /** * \brief Thus function feeds data to be encrypted or decrypted @@ -246,10 +244,10 @@ int mbedtls_chachapoly_update_aad( mbedtls_chachapoly_context *ctx, * finished. * \return Another negative error code on other kinds of failure. */ -int mbedtls_chachapoly_update( mbedtls_chachapoly_context *ctx, - size_t len, - const unsigned char *input, - unsigned char *output ); +int mbedtls_chachapoly_update(mbedtls_chachapoly_context *ctx, + size_t len, + const unsigned char *input, + unsigned char *output); /** * \brief This function finished the ChaCha20-Poly1305 operation and @@ -267,8 +265,8 @@ int mbedtls_chachapoly_update( mbedtls_chachapoly_context *ctx, * finished. * \return Another negative error code on other kinds of failure. */ -int mbedtls_chachapoly_finish( mbedtls_chachapoly_context *ctx, - unsigned char mac[16] ); +int mbedtls_chachapoly_finish(mbedtls_chachapoly_context *ctx, + unsigned char mac[16]); /** * \brief This function performs a complete ChaCha20-Poly1305 @@ -299,14 +297,14 @@ int mbedtls_chachapoly_finish( mbedtls_chachapoly_context *ctx, * \return \c 0 on success. * \return A negative error code on failure. */ -int mbedtls_chachapoly_encrypt_and_tag( mbedtls_chachapoly_context *ctx, - size_t length, - const unsigned char nonce[12], - const unsigned char *aad, - size_t aad_len, - const unsigned char *input, - unsigned char *output, - unsigned char tag[16] ); +int mbedtls_chachapoly_encrypt_and_tag(mbedtls_chachapoly_context *ctx, + size_t length, + const unsigned char nonce[12], + const unsigned char *aad, + size_t aad_len, + const unsigned char *input, + unsigned char *output, + unsigned char tag[16]); /** * \brief This function performs a complete ChaCha20-Poly1305 @@ -333,14 +331,14 @@ int mbedtls_chachapoly_encrypt_and_tag( mbedtls_chachapoly_context *ctx, * if the data was not authentic. * \return Another negative error code on other kinds of failure. */ -int mbedtls_chachapoly_auth_decrypt( mbedtls_chachapoly_context *ctx, - size_t length, - const unsigned char nonce[12], - const unsigned char *aad, - size_t aad_len, - const unsigned char tag[16], - const unsigned char *input, - unsigned char *output ); +int mbedtls_chachapoly_auth_decrypt(mbedtls_chachapoly_context *ctx, + size_t length, + const unsigned char nonce[12], + const unsigned char *aad, + size_t aad_len, + const unsigned char tag[16], + const unsigned char *input, + unsigned char *output); #if defined(MBEDTLS_SELF_TEST) /** @@ -349,7 +347,7 @@ int mbedtls_chachapoly_auth_decrypt( mbedtls_chachapoly_context *ctx, * \return \c 0 on success. * \return \c 1 on failure. */ -int mbedtls_chachapoly_self_test( int verbose ); +int mbedtls_chachapoly_self_test(int verbose); #endif /* MBEDTLS_SELF_TEST */ #ifdef __cplusplus diff --git a/thirdparty/mbedtls/include/mbedtls/check_config.h b/thirdparty/mbedtls/include/mbedtls/check_config.h index 7ae1ff94db..2cb36e9e17 100644 --- a/thirdparty/mbedtls/include/mbedtls/check_config.h +++ b/thirdparty/mbedtls/include/mbedtls/check_config.h @@ -28,6 +28,7 @@ #ifndef MBEDTLS_CHECK_CONFIG_H #define MBEDTLS_CHECK_CONFIG_H +/* *INDENT-OFF* */ /* * We assume CHAR_BIT is 8 in many places. In practice, this is true on our * target platforms, so not an issue, but let's just be extra sure. @@ -68,10 +69,6 @@ #error "MBEDTLS_HAVE_TIME_DATE without MBEDTLS_HAVE_TIME does not make sense" #endif -#if defined(MBEDTLS_AESNI_C) && !defined(MBEDTLS_HAVE_ASM) -#error "MBEDTLS_AESNI_C defined, but not all prerequisites" -#endif - #if defined(MBEDTLS_CTR_DRBG_C) && !defined(MBEDTLS_AES_C) #error "MBEDTLS_CTR_DRBG_C defined, but not all prerequisites" #endif @@ -143,6 +140,11 @@ #error "MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED defined, but MBEDTLS_ECDH_LEGACY_CONTEXT not disabled" #endif +#if defined(MBEDTLS_ECP_RESTARTABLE) && \ + !defined(MBEDTLS_ECP_C) +#error "MBEDTLS_ECP_RESTARTABLE defined, but not all prerequisites" +#endif + #if defined(MBEDTLS_ECDSA_DETERMINISTIC) && !defined(MBEDTLS_HMAC_DRBG_C) #error "MBEDTLS_ECDSA_DETERMINISTIC defined, but not all prerequisites" #endif @@ -955,4 +957,5 @@ */ typedef int mbedtls_iso_c_forbids_empty_translation_units; +/* *INDENT-ON* */ #endif /* MBEDTLS_CHECK_CONFIG_H */ diff --git a/thirdparty/mbedtls/include/mbedtls/cipher.h b/thirdparty/mbedtls/include/mbedtls/cipher.h index 6d83da8827..aa155d7bf8 100644 --- a/thirdparty/mbedtls/include/mbedtls/cipher.h +++ b/thirdparty/mbedtls/include/mbedtls/cipher.h @@ -49,7 +49,7 @@ #define MBEDTLS_CIPHER_MODE_STREAM #endif -#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \ +#if (defined(__ARMCC_VERSION) || defined(_MSC_VER)) && \ !defined(inline) && !defined(__cplusplus) #define inline __inline #endif @@ -83,16 +83,16 @@ extern "C" { /** * \brief Supported cipher types. * - * \warning RC4 and DES are considered weak ciphers and their use - * constitutes a security risk. Arm recommends considering stronger + * \warning RC4 and DES/3DES are considered weak ciphers and their use + * constitutes a security risk. We recommend considering stronger * ciphers instead. */ typedef enum { MBEDTLS_CIPHER_ID_NONE = 0, /**< Placeholder to mark the end of cipher ID lists. */ MBEDTLS_CIPHER_ID_NULL, /**< The identity cipher, treated as a stream cipher. */ MBEDTLS_CIPHER_ID_AES, /**< The AES cipher. */ - MBEDTLS_CIPHER_ID_DES, /**< The DES cipher. */ - MBEDTLS_CIPHER_ID_3DES, /**< The Triple DES cipher. */ + MBEDTLS_CIPHER_ID_DES, /**< The DES cipher. \warning DES is considered weak. */ + MBEDTLS_CIPHER_ID_3DES, /**< The Triple DES cipher. \warning 3DES is considered weak. */ MBEDTLS_CIPHER_ID_CAMELLIA, /**< The Camellia cipher. */ MBEDTLS_CIPHER_ID_BLOWFISH, /**< The Blowfish cipher. */ MBEDTLS_CIPHER_ID_ARC4, /**< The RC4 cipher. */ @@ -103,8 +103,8 @@ typedef enum { /** * \brief Supported {cipher type, cipher mode} pairs. * - * \warning RC4 and DES are considered weak ciphers and their use - * constitutes a security risk. Arm recommends considering stronger + * \warning RC4 and DES/3DES are considered weak ciphers and their use + * constitutes a security risk. We recommend considering stronger * ciphers instead. */ typedef enum { @@ -140,12 +140,12 @@ typedef enum { MBEDTLS_CIPHER_CAMELLIA_128_GCM, /**< Camellia cipher with 128-bit GCM mode. */ MBEDTLS_CIPHER_CAMELLIA_192_GCM, /**< Camellia cipher with 192-bit GCM mode. */ MBEDTLS_CIPHER_CAMELLIA_256_GCM, /**< Camellia cipher with 256-bit GCM mode. */ - MBEDTLS_CIPHER_DES_ECB, /**< DES cipher with ECB mode. */ - MBEDTLS_CIPHER_DES_CBC, /**< DES cipher with CBC mode. */ - MBEDTLS_CIPHER_DES_EDE_ECB, /**< DES cipher with EDE ECB mode. */ - MBEDTLS_CIPHER_DES_EDE_CBC, /**< DES cipher with EDE CBC mode. */ - MBEDTLS_CIPHER_DES_EDE3_ECB, /**< DES cipher with EDE3 ECB mode. */ - MBEDTLS_CIPHER_DES_EDE3_CBC, /**< DES cipher with EDE3 CBC mode. */ + MBEDTLS_CIPHER_DES_ECB, /**< DES cipher with ECB mode. \warning DES is considered weak. */ + MBEDTLS_CIPHER_DES_CBC, /**< DES cipher with CBC mode. \warning DES is considered weak. */ + MBEDTLS_CIPHER_DES_EDE_ECB, /**< DES cipher with EDE ECB mode. \warning 3DES is considered weak. */ + MBEDTLS_CIPHER_DES_EDE_CBC, /**< DES cipher with EDE CBC mode. \warning 3DES is considered weak. */ + MBEDTLS_CIPHER_DES_EDE3_ECB, /**< DES cipher with EDE3 ECB mode. \warning 3DES is considered weak. */ + MBEDTLS_CIPHER_DES_EDE3_CBC, /**< DES cipher with EDE3 CBC mode. \warning 3DES is considered weak. */ MBEDTLS_CIPHER_BLOWFISH_ECB, /**< Blowfish cipher with ECB mode. */ MBEDTLS_CIPHER_BLOWFISH_CBC, /**< Blowfish cipher with CBC mode. */ MBEDTLS_CIPHER_BLOWFISH_CFB64, /**< Blowfish cipher with CFB64 mode. */ @@ -226,11 +226,11 @@ typedef enum { enum { /** Undefined key length. */ MBEDTLS_KEY_LENGTH_NONE = 0, - /** Key length, in bits (including parity), for DES keys. */ + /** Key length, in bits (including parity), for DES keys. \warning DES is considered weak. */ MBEDTLS_KEY_LENGTH_DES = 64, - /** Key length in bits, including parity, for DES in two-key EDE. */ + /** Key length in bits, including parity, for DES in two-key EDE. \warning 3DES is considered weak. */ MBEDTLS_KEY_LENGTH_DES_EDE = 128, - /** Key length in bits, including parity, for DES in three-key EDE. */ + /** Key length in bits, including parity, for DES in three-key EDE. \warning 3DES is considered weak. */ MBEDTLS_KEY_LENGTH_DES_EDE3 = 192, }; @@ -273,8 +273,7 @@ typedef struct mbedtls_cmac_context_t mbedtls_cmac_context_t; * Cipher information. Allows calling cipher functions * in a generic way. */ -typedef struct mbedtls_cipher_info_t -{ +typedef struct mbedtls_cipher_info_t { /** Full cipher identifier. For example, * MBEDTLS_CIPHER_AES_256_CBC. */ @@ -290,7 +289,7 @@ typedef struct mbedtls_cipher_info_t unsigned int key_bitlen; /** Name of the cipher. */ - const char * name; + const char *name; /** IV or nonce size, in Bytes. * For ciphers that accept variable IV sizes, @@ -315,8 +314,7 @@ typedef struct mbedtls_cipher_info_t /** * Generic cipher context. */ -typedef struct mbedtls_cipher_context_t -{ +typedef struct mbedtls_cipher_context_t { /** Information about the associated cipher. */ const mbedtls_cipher_info_t *cipher_info; @@ -332,8 +330,8 @@ typedef struct mbedtls_cipher_context_t /** Padding functions to use, if relevant for * the specific cipher mode. */ - void (*add_padding)( unsigned char *output, size_t olen, size_t data_len ); - int (*get_padding)( unsigned char *input, size_t ilen, size_t *data_len ); + void (*add_padding)(unsigned char *output, size_t olen, size_t data_len); + int (*get_padding)(unsigned char *input, size_t ilen, size_t *data_len); #endif /** Buffer for input that has not been processed yet. */ @@ -383,7 +381,7 @@ typedef struct mbedtls_cipher_context_t * \return A statically-allocated array of cipher identifiers * of type cipher_type_t. The last entry is zero. */ -const int *mbedtls_cipher_list( void ); +const int *mbedtls_cipher_list(void); /** * \brief This function retrieves the cipher-information @@ -396,7 +394,7 @@ const int *mbedtls_cipher_list( void ); * given \p cipher_name. * \return \c NULL if the associated cipher information is not found. */ -const mbedtls_cipher_info_t *mbedtls_cipher_info_from_string( const char *cipher_name ); +const mbedtls_cipher_info_t *mbedtls_cipher_info_from_string(const char *cipher_name); /** * \brief This function retrieves the cipher-information @@ -408,7 +406,7 @@ const mbedtls_cipher_info_t *mbedtls_cipher_info_from_string( const char *cipher * given \p cipher_type. * \return \c NULL if the associated cipher information is not found. */ -const mbedtls_cipher_info_t *mbedtls_cipher_info_from_type( const mbedtls_cipher_type_t cipher_type ); +const mbedtls_cipher_info_t *mbedtls_cipher_info_from_type(const mbedtls_cipher_type_t cipher_type); /** * \brief This function retrieves the cipher-information @@ -424,16 +422,16 @@ const mbedtls_cipher_info_t *mbedtls_cipher_info_from_type( const mbedtls_cipher * given \p cipher_id. * \return \c NULL if the associated cipher information is not found. */ -const mbedtls_cipher_info_t *mbedtls_cipher_info_from_values( const mbedtls_cipher_id_t cipher_id, - int key_bitlen, - const mbedtls_cipher_mode_t mode ); +const mbedtls_cipher_info_t *mbedtls_cipher_info_from_values(const mbedtls_cipher_id_t cipher_id, + int key_bitlen, + const mbedtls_cipher_mode_t mode); /** * \brief This function initializes a \p cipher_context as NONE. * * \param ctx The context to be initialized. This must not be \c NULL. */ -void mbedtls_cipher_init( mbedtls_cipher_context_t *ctx ); +void mbedtls_cipher_init(mbedtls_cipher_context_t *ctx); /** * \brief This function frees and clears the cipher-specific @@ -444,7 +442,7 @@ void mbedtls_cipher_init( mbedtls_cipher_context_t *ctx ); * function has no effect, otherwise this must point to an * initialized context. */ -void mbedtls_cipher_free( mbedtls_cipher_context_t *ctx ); +void mbedtls_cipher_free(mbedtls_cipher_context_t *ctx); /** @@ -464,8 +462,8 @@ void mbedtls_cipher_free( mbedtls_cipher_context_t *ctx ); * In future versions, the caller will be required to call * mbedtls_cipher_init() on the structure first. */ -int mbedtls_cipher_setup( mbedtls_cipher_context_t *ctx, - const mbedtls_cipher_info_t *cipher_info ); +int mbedtls_cipher_setup(mbedtls_cipher_context_t *ctx, + const mbedtls_cipher_info_t *cipher_info); #if defined(MBEDTLS_USE_PSA_CRYPTO) /** @@ -489,9 +487,9 @@ int mbedtls_cipher_setup( mbedtls_cipher_context_t *ctx, * \return #MBEDTLS_ERR_CIPHER_ALLOC_FAILED if allocation of the * cipher-specific context fails. */ -int mbedtls_cipher_setup_psa( mbedtls_cipher_context_t *ctx, - const mbedtls_cipher_info_t *cipher_info, - size_t taglen ); +int mbedtls_cipher_setup_psa(mbedtls_cipher_context_t *ctx, + const mbedtls_cipher_info_t *cipher_info, + size_t taglen); #endif /* MBEDTLS_USE_PSA_CRYPTO */ /** @@ -503,11 +501,12 @@ int mbedtls_cipher_setup_psa( mbedtls_cipher_context_t *ctx, * \return \c 0 if \p ctx has not been initialized. */ static inline unsigned int mbedtls_cipher_get_block_size( - const mbedtls_cipher_context_t *ctx ) + const mbedtls_cipher_context_t *ctx) { - MBEDTLS_INTERNAL_VALIDATE_RET( ctx != NULL, 0 ); - if( ctx->cipher_info == NULL ) + MBEDTLS_INTERNAL_VALIDATE_RET(ctx != NULL, 0); + if (ctx->cipher_info == NULL) { return 0; + } return ctx->cipher_info->block_size; } @@ -522,11 +521,12 @@ static inline unsigned int mbedtls_cipher_get_block_size( * \return #MBEDTLS_MODE_NONE if \p ctx has not been initialized. */ static inline mbedtls_cipher_mode_t mbedtls_cipher_get_cipher_mode( - const mbedtls_cipher_context_t *ctx ) + const mbedtls_cipher_context_t *ctx) { - MBEDTLS_INTERNAL_VALIDATE_RET( ctx != NULL, MBEDTLS_MODE_NONE ); - if( ctx->cipher_info == NULL ) + MBEDTLS_INTERNAL_VALIDATE_RET(ctx != NULL, MBEDTLS_MODE_NONE); + if (ctx->cipher_info == NULL) { return MBEDTLS_MODE_NONE; + } return ctx->cipher_info->mode; } @@ -542,14 +542,16 @@ static inline mbedtls_cipher_mode_t mbedtls_cipher_get_cipher_mode( * \return The actual size if an IV has been set. */ static inline int mbedtls_cipher_get_iv_size( - const mbedtls_cipher_context_t *ctx ) + const mbedtls_cipher_context_t *ctx) { - MBEDTLS_INTERNAL_VALIDATE_RET( ctx != NULL, 0 ); - if( ctx->cipher_info == NULL ) + MBEDTLS_INTERNAL_VALIDATE_RET(ctx != NULL, 0); + if (ctx->cipher_info == NULL) { return 0; + } - if( ctx->iv_size != 0 ) + if (ctx->iv_size != 0) { return (int) ctx->iv_size; + } return (int) ctx->cipher_info->iv_size; } @@ -563,12 +565,13 @@ static inline int mbedtls_cipher_get_iv_size( * \return #MBEDTLS_CIPHER_NONE if \p ctx has not been initialized. */ static inline mbedtls_cipher_type_t mbedtls_cipher_get_type( - const mbedtls_cipher_context_t *ctx ) + const mbedtls_cipher_context_t *ctx) { MBEDTLS_INTERNAL_VALIDATE_RET( - ctx != NULL, MBEDTLS_CIPHER_NONE ); - if( ctx->cipher_info == NULL ) + ctx != NULL, MBEDTLS_CIPHER_NONE); + if (ctx->cipher_info == NULL) { return MBEDTLS_CIPHER_NONE; + } return ctx->cipher_info->type; } @@ -583,11 +586,12 @@ static inline mbedtls_cipher_type_t mbedtls_cipher_get_type( * \return NULL if \p ctx has not been not initialized. */ static inline const char *mbedtls_cipher_get_name( - const mbedtls_cipher_context_t *ctx ) + const mbedtls_cipher_context_t *ctx) { - MBEDTLS_INTERNAL_VALIDATE_RET( ctx != NULL, 0 ); - if( ctx->cipher_info == NULL ) + MBEDTLS_INTERNAL_VALIDATE_RET(ctx != NULL, 0); + if (ctx->cipher_info == NULL) { return 0; + } return ctx->cipher_info->name; } @@ -602,12 +606,13 @@ static inline const char *mbedtls_cipher_get_name( * initialized. */ static inline int mbedtls_cipher_get_key_bitlen( - const mbedtls_cipher_context_t *ctx ) + const mbedtls_cipher_context_t *ctx) { MBEDTLS_INTERNAL_VALIDATE_RET( - ctx != NULL, MBEDTLS_KEY_LENGTH_NONE ); - if( ctx->cipher_info == NULL ) + ctx != NULL, MBEDTLS_KEY_LENGTH_NONE); + if (ctx->cipher_info == NULL) { return MBEDTLS_KEY_LENGTH_NONE; + } return (int) ctx->cipher_info->key_bitlen; } @@ -621,12 +626,13 @@ static inline int mbedtls_cipher_get_key_bitlen( * \return #MBEDTLS_OPERATION_NONE if \p ctx has not been initialized. */ static inline mbedtls_operation_t mbedtls_cipher_get_operation( - const mbedtls_cipher_context_t *ctx ) + const mbedtls_cipher_context_t *ctx) { MBEDTLS_INTERNAL_VALIDATE_RET( - ctx != NULL, MBEDTLS_OPERATION_NONE ); - if( ctx->cipher_info == NULL ) + ctx != NULL, MBEDTLS_OPERATION_NONE); + if (ctx->cipher_info == NULL) { return MBEDTLS_OPERATION_NONE; + } return ctx->operation; } @@ -647,10 +653,10 @@ static inline mbedtls_operation_t mbedtls_cipher_get_operation( * parameter-verification failure. * \return A cipher-specific error code on failure. */ -int mbedtls_cipher_setkey( mbedtls_cipher_context_t *ctx, - const unsigned char *key, - int key_bitlen, - const mbedtls_operation_t operation ); +int mbedtls_cipher_setkey(mbedtls_cipher_context_t *ctx, + const unsigned char *key, + int key_bitlen, + const mbedtls_operation_t operation); #if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING) /** @@ -669,8 +675,8 @@ int mbedtls_cipher_setkey( mbedtls_cipher_context_t *ctx, * \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA if the cipher mode * does not support padding. */ -int mbedtls_cipher_set_padding_mode( mbedtls_cipher_context_t *ctx, - mbedtls_cipher_padding_t mode ); +int mbedtls_cipher_set_padding_mode(mbedtls_cipher_context_t *ctx, + mbedtls_cipher_padding_t mode); #endif /* MBEDTLS_CIPHER_MODE_WITH_PADDING */ /** @@ -691,9 +697,9 @@ int mbedtls_cipher_set_padding_mode( mbedtls_cipher_context_t *ctx, * \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on * parameter-verification failure. */ -int mbedtls_cipher_set_iv( mbedtls_cipher_context_t *ctx, - const unsigned char *iv, - size_t iv_len ); +int mbedtls_cipher_set_iv(mbedtls_cipher_context_t *ctx, + const unsigned char *iv, + size_t iv_len); /** * \brief This function resets the cipher state. @@ -704,7 +710,7 @@ int mbedtls_cipher_set_iv( mbedtls_cipher_context_t *ctx, * \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on * parameter-verification failure. */ -int mbedtls_cipher_reset( mbedtls_cipher_context_t *ctx ); +int mbedtls_cipher_reset(mbedtls_cipher_context_t *ctx); #if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) /** @@ -721,8 +727,8 @@ int mbedtls_cipher_reset( mbedtls_cipher_context_t *ctx ); * \return \c 0 on success. * \return A specific error code on failure. */ -int mbedtls_cipher_update_ad( mbedtls_cipher_context_t *ctx, - const unsigned char *ad, size_t ad_len ); +int mbedtls_cipher_update_ad(mbedtls_cipher_context_t *ctx, + const unsigned char *ad, size_t ad_len); #endif /* MBEDTLS_GCM_C || MBEDTLS_CHACHAPOLY_C */ /** @@ -759,10 +765,10 @@ int mbedtls_cipher_update_ad( mbedtls_cipher_context_t *ctx, * unsupported mode for a cipher. * \return A cipher-specific error code on failure. */ -int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx, - const unsigned char *input, - size_t ilen, unsigned char *output, - size_t *olen ); +int mbedtls_cipher_update(mbedtls_cipher_context_t *ctx, + const unsigned char *input, + size_t ilen, unsigned char *output, + size_t *olen); /** * \brief The generic cipher finalization function. If data still @@ -786,8 +792,8 @@ int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx, * while decrypting. * \return A cipher-specific error code on failure. */ -int mbedtls_cipher_finish( mbedtls_cipher_context_t *ctx, - unsigned char *output, size_t *olen ); +int mbedtls_cipher_finish(mbedtls_cipher_context_t *ctx, + unsigned char *output, size_t *olen); #if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) /** @@ -806,8 +812,8 @@ int mbedtls_cipher_finish( mbedtls_cipher_context_t *ctx, * \return \c 0 on success. * \return A specific error code on failure. */ -int mbedtls_cipher_write_tag( mbedtls_cipher_context_t *ctx, - unsigned char *tag, size_t tag_len ); +int mbedtls_cipher_write_tag(mbedtls_cipher_context_t *ctx, + unsigned char *tag, size_t tag_len); /** * \brief This function checks the tag for AEAD ciphers. @@ -822,8 +828,8 @@ int mbedtls_cipher_write_tag( mbedtls_cipher_context_t *ctx, * \return \c 0 on success. * \return A specific error code on failure. */ -int mbedtls_cipher_check_tag( mbedtls_cipher_context_t *ctx, - const unsigned char *tag, size_t tag_len ); +int mbedtls_cipher_check_tag(mbedtls_cipher_context_t *ctx, + const unsigned char *tag, size_t tag_len); #endif /* MBEDTLS_GCM_C || MBEDTLS_CHACHAPOLY_C */ /** @@ -859,13 +865,13 @@ int mbedtls_cipher_check_tag( mbedtls_cipher_context_t *ctx, * while decrypting. * \return A cipher-specific error code on failure. */ -int mbedtls_cipher_crypt( mbedtls_cipher_context_t *ctx, - const unsigned char *iv, size_t iv_len, - const unsigned char *input, size_t ilen, - unsigned char *output, size_t *olen ); +int mbedtls_cipher_crypt(mbedtls_cipher_context_t *ctx, + const unsigned char *iv, size_t iv_len, + const unsigned char *input, size_t ilen, + unsigned char *output, size_t *olen); #if defined(MBEDTLS_CIPHER_MODE_AEAD) -#if ! defined(MBEDTLS_DEPRECATED_REMOVED) +#if !defined(MBEDTLS_DEPRECATED_REMOVED) #if defined(MBEDTLS_DEPRECATED_WARNING) #define MBEDTLS_DEPRECATED __attribute__((deprecated)) #else @@ -917,13 +923,13 @@ int mbedtls_cipher_crypt( mbedtls_cipher_context_t *ctx, * parameter-verification failure. * \return A cipher-specific error code on failure. */ -int mbedtls_cipher_auth_encrypt( mbedtls_cipher_context_t *ctx, - const unsigned char *iv, size_t iv_len, - const unsigned char *ad, size_t ad_len, - const unsigned char *input, size_t ilen, - unsigned char *output, size_t *olen, - unsigned char *tag, size_t tag_len ) - MBEDTLS_DEPRECATED; +int MBEDTLS_DEPRECATED mbedtls_cipher_auth_encrypt( + mbedtls_cipher_context_t *ctx, + const unsigned char *iv, size_t iv_len, + const unsigned char *ad, size_t ad_len, + const unsigned char *input, size_t ilen, + unsigned char *output, size_t *olen, + unsigned char *tag, size_t tag_len); /** * \brief The generic authenticated decryption (AEAD) function. @@ -976,13 +982,13 @@ int mbedtls_cipher_auth_encrypt( mbedtls_cipher_context_t *ctx, * \return #MBEDTLS_ERR_CIPHER_AUTH_FAILED if data is not authentic. * \return A cipher-specific error code on failure. */ -int mbedtls_cipher_auth_decrypt( mbedtls_cipher_context_t *ctx, - const unsigned char *iv, size_t iv_len, - const unsigned char *ad, size_t ad_len, - const unsigned char *input, size_t ilen, - unsigned char *output, size_t *olen, - const unsigned char *tag, size_t tag_len ) - MBEDTLS_DEPRECATED; +int MBEDTLS_DEPRECATED mbedtls_cipher_auth_decrypt( + mbedtls_cipher_context_t *ctx, + const unsigned char *iv, size_t iv_len, + const unsigned char *ad, size_t ad_len, + const unsigned char *input, size_t ilen, + unsigned char *output, size_t *olen, + const unsigned char *tag, size_t tag_len); #undef MBEDTLS_DEPRECATED #endif /* MBEDTLS_DEPRECATED_REMOVED */ #endif /* MBEDTLS_CIPHER_MODE_AEAD */ @@ -1032,12 +1038,12 @@ int mbedtls_cipher_auth_decrypt( mbedtls_cipher_context_t *ctx, * parameter-verification failure. * \return A cipher-specific error code on failure. */ -int mbedtls_cipher_auth_encrypt_ext( mbedtls_cipher_context_t *ctx, - const unsigned char *iv, size_t iv_len, - const unsigned char *ad, size_t ad_len, - const unsigned char *input, size_t ilen, - unsigned char *output, size_t output_len, - size_t *olen, size_t tag_len ); +int mbedtls_cipher_auth_encrypt_ext(mbedtls_cipher_context_t *ctx, + const unsigned char *iv, size_t iv_len, + const unsigned char *ad, size_t ad_len, + const unsigned char *input, size_t ilen, + unsigned char *output, size_t output_len, + size_t *olen, size_t tag_len); /** * \brief The authenticated encryption (AEAD/NIST_KW) function. @@ -1088,12 +1094,12 @@ int mbedtls_cipher_auth_encrypt_ext( mbedtls_cipher_context_t *ctx, * \return #MBEDTLS_ERR_CIPHER_AUTH_FAILED if data is not authentic. * \return A cipher-specific error code on failure. */ -int mbedtls_cipher_auth_decrypt_ext( mbedtls_cipher_context_t *ctx, - const unsigned char *iv, size_t iv_len, - const unsigned char *ad, size_t ad_len, - const unsigned char *input, size_t ilen, - unsigned char *output, size_t output_len, - size_t *olen, size_t tag_len ); +int mbedtls_cipher_auth_decrypt_ext(mbedtls_cipher_context_t *ctx, + const unsigned char *iv, size_t iv_len, + const unsigned char *ad, size_t ad_len, + const unsigned char *input, size_t ilen, + unsigned char *output, size_t output_len, + size_t *olen, size_t tag_len); #endif /* MBEDTLS_CIPHER_MODE_AEAD || MBEDTLS_NIST_KW_C */ #ifdef __cplusplus } diff --git a/thirdparty/mbedtls/include/mbedtls/cipher_internal.h b/thirdparty/mbedtls/include/mbedtls/cipher_internal.h index 2484c01c7a..c77bb8cc9f 100644 --- a/thirdparty/mbedtls/include/mbedtls/cipher_internal.h +++ b/thirdparty/mbedtls/include/mbedtls/cipher_internal.h @@ -43,82 +43,79 @@ extern "C" { /** * Base cipher information. The non-mode specific functions and values. */ -struct mbedtls_cipher_base_t -{ +struct mbedtls_cipher_base_t { /** Base Cipher type (e.g. MBEDTLS_CIPHER_ID_AES) */ mbedtls_cipher_id_t cipher; /** Encrypt using ECB */ - int (*ecb_func)( void *ctx, mbedtls_operation_t mode, - const unsigned char *input, unsigned char *output ); + int (*ecb_func)(void *ctx, mbedtls_operation_t mode, + const unsigned char *input, unsigned char *output); #if defined(MBEDTLS_CIPHER_MODE_CBC) /** Encrypt using CBC */ - int (*cbc_func)( void *ctx, mbedtls_operation_t mode, size_t length, - unsigned char *iv, const unsigned char *input, - unsigned char *output ); + int (*cbc_func)(void *ctx, mbedtls_operation_t mode, size_t length, + unsigned char *iv, const unsigned char *input, + unsigned char *output); #endif #if defined(MBEDTLS_CIPHER_MODE_CFB) /** Encrypt using CFB (Full length) */ - int (*cfb_func)( void *ctx, mbedtls_operation_t mode, size_t length, size_t *iv_off, - unsigned char *iv, const unsigned char *input, - unsigned char *output ); + int (*cfb_func)(void *ctx, mbedtls_operation_t mode, size_t length, size_t *iv_off, + unsigned char *iv, const unsigned char *input, + unsigned char *output); #endif #if defined(MBEDTLS_CIPHER_MODE_OFB) /** Encrypt using OFB (Full length) */ - int (*ofb_func)( void *ctx, size_t length, size_t *iv_off, - unsigned char *iv, - const unsigned char *input, - unsigned char *output ); + int (*ofb_func)(void *ctx, size_t length, size_t *iv_off, + unsigned char *iv, + const unsigned char *input, + unsigned char *output); #endif #if defined(MBEDTLS_CIPHER_MODE_CTR) /** Encrypt using CTR */ - int (*ctr_func)( void *ctx, size_t length, size_t *nc_off, - unsigned char *nonce_counter, unsigned char *stream_block, - const unsigned char *input, unsigned char *output ); + int (*ctr_func)(void *ctx, size_t length, size_t *nc_off, + unsigned char *nonce_counter, unsigned char *stream_block, + const unsigned char *input, unsigned char *output); #endif #if defined(MBEDTLS_CIPHER_MODE_XTS) /** Encrypt or decrypt using XTS. */ - int (*xts_func)( void *ctx, mbedtls_operation_t mode, size_t length, - const unsigned char data_unit[16], - const unsigned char *input, unsigned char *output ); + int (*xts_func)(void *ctx, mbedtls_operation_t mode, size_t length, + const unsigned char data_unit[16], + const unsigned char *input, unsigned char *output); #endif #if defined(MBEDTLS_CIPHER_MODE_STREAM) /** Encrypt using STREAM */ - int (*stream_func)( void *ctx, size_t length, - const unsigned char *input, unsigned char *output ); + int (*stream_func)(void *ctx, size_t length, + const unsigned char *input, unsigned char *output); #endif /** Set key for encryption purposes */ - int (*setkey_enc_func)( void *ctx, const unsigned char *key, - unsigned int key_bitlen ); + int (*setkey_enc_func)(void *ctx, const unsigned char *key, + unsigned int key_bitlen); /** Set key for decryption purposes */ - int (*setkey_dec_func)( void *ctx, const unsigned char *key, - unsigned int key_bitlen); + int (*setkey_dec_func)(void *ctx, const unsigned char *key, + unsigned int key_bitlen); /** Allocate a new context */ - void * (*ctx_alloc_func)( void ); + void * (*ctx_alloc_func)(void); /** Free the given context */ - void (*ctx_free_func)( void *ctx ); + void (*ctx_free_func)(void *ctx); }; -typedef struct -{ +typedef struct { mbedtls_cipher_type_t type; const mbedtls_cipher_info_t *info; } mbedtls_cipher_definition_t; #if defined(MBEDTLS_USE_PSA_CRYPTO) -typedef enum -{ +typedef enum { MBEDTLS_CIPHER_PSA_KEY_UNSET = 0, MBEDTLS_CIPHER_PSA_KEY_OWNED, /* Used for PSA-based cipher contexts which */ /* use raw key material internally imported */ @@ -131,8 +128,7 @@ typedef enum /* destroyed when the context is freed. */ } mbedtls_cipher_psa_key_ownership; -typedef struct -{ +typedef struct { psa_algorithm_t alg; psa_key_id_t slot; mbedtls_cipher_psa_key_ownership slot_state; diff --git a/thirdparty/mbedtls/include/mbedtls/cmac.h b/thirdparty/mbedtls/include/mbedtls/cmac.h index 8934886af7..254995ca12 100644 --- a/thirdparty/mbedtls/include/mbedtls/cmac.h +++ b/thirdparty/mbedtls/include/mbedtls/cmac.h @@ -56,8 +56,7 @@ extern "C" { /** * The CMAC context structure. */ -struct mbedtls_cmac_context_t -{ +struct mbedtls_cmac_context_t { /** The internal state of the CMAC algorithm. */ unsigned char state[MBEDTLS_CIPHER_BLKSIZE_MAX]; @@ -103,8 +102,8 @@ struct mbedtls_cmac_context_t * \return \c 0 on success. * \return A cipher-specific error code on failure. */ -int mbedtls_cipher_cmac_starts( mbedtls_cipher_context_t *ctx, - const unsigned char *key, size_t keybits ); +int mbedtls_cipher_cmac_starts(mbedtls_cipher_context_t *ctx, + const unsigned char *key, size_t keybits); /** * \brief This function feeds an input buffer into an ongoing CMAC @@ -128,8 +127,8 @@ int mbedtls_cipher_cmac_starts( mbedtls_cipher_context_t *ctx, * \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA * if parameter verification fails. */ -int mbedtls_cipher_cmac_update( mbedtls_cipher_context_t *ctx, - const unsigned char *input, size_t ilen ); +int mbedtls_cipher_cmac_update(mbedtls_cipher_context_t *ctx, + const unsigned char *input, size_t ilen); /** * \brief This function finishes an ongoing CMAC operation, and @@ -147,8 +146,8 @@ int mbedtls_cipher_cmac_update( mbedtls_cipher_context_t *ctx, * \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA * if parameter verification fails. */ -int mbedtls_cipher_cmac_finish( mbedtls_cipher_context_t *ctx, - unsigned char *output ); +int mbedtls_cipher_cmac_finish(mbedtls_cipher_context_t *ctx, + unsigned char *output); /** * \brief This function starts a new CMAC operation with the same @@ -166,7 +165,7 @@ int mbedtls_cipher_cmac_finish( mbedtls_cipher_context_t *ctx, * \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA * if parameter verification fails. */ -int mbedtls_cipher_cmac_reset( mbedtls_cipher_context_t *ctx ); +int mbedtls_cipher_cmac_reset(mbedtls_cipher_context_t *ctx); /** * \brief This function calculates the full generic CMAC @@ -195,10 +194,10 @@ int mbedtls_cipher_cmac_reset( mbedtls_cipher_context_t *ctx ); * \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA * if parameter verification fails. */ -int mbedtls_cipher_cmac( const mbedtls_cipher_info_t *cipher_info, - const unsigned char *key, size_t keylen, - const unsigned char *input, size_t ilen, - unsigned char *output ); +int mbedtls_cipher_cmac(const mbedtls_cipher_info_t *cipher_info, + const unsigned char *key, size_t keylen, + const unsigned char *input, size_t ilen, + unsigned char *output); #if defined(MBEDTLS_AES_C) /** @@ -218,12 +217,12 @@ int mbedtls_cipher_cmac( const mbedtls_cipher_info_t *cipher_info, * * \return \c 0 on success. */ -int mbedtls_aes_cmac_prf_128( const unsigned char *key, size_t key_len, - const unsigned char *input, size_t in_len, - unsigned char output[16] ); +int mbedtls_aes_cmac_prf_128(const unsigned char *key, size_t key_len, + const unsigned char *input, size_t in_len, + unsigned char output[16]); #endif /* MBEDTLS_AES_C */ -#if defined(MBEDTLS_SELF_TEST) && ( defined(MBEDTLS_AES_C) || defined(MBEDTLS_DES_C) ) +#if defined(MBEDTLS_SELF_TEST) && (defined(MBEDTLS_AES_C) || defined(MBEDTLS_DES_C)) /** * \brief The CMAC checkup routine. * @@ -237,7 +236,7 @@ int mbedtls_aes_cmac_prf_128( const unsigned char *key, size_t key_len, * \return \c 0 on success. * \return \c 1 on failure. */ -int mbedtls_cmac_self_test( int verbose ); +int mbedtls_cmac_self_test(int verbose); #endif /* MBEDTLS_SELF_TEST && ( MBEDTLS_AES_C || MBEDTLS_DES_C ) */ #ifdef __cplusplus diff --git a/thirdparty/mbedtls/include/mbedtls/compat-1.3.h b/thirdparty/mbedtls/include/mbedtls/compat-1.3.h index 40177512ca..3a34cf6d26 100644 --- a/thirdparty/mbedtls/include/mbedtls/compat-1.3.h +++ b/thirdparty/mbedtls/include/mbedtls/compat-1.3.h @@ -29,7 +29,7 @@ #include MBEDTLS_CONFIG_FILE #endif -#if ! defined(MBEDTLS_DEPRECATED_REMOVED) +#if !defined(MBEDTLS_DEPRECATED_REMOVED) #if defined(MBEDTLS_DEPRECATED_WARNING) #warning "Including compat-1.3.h is deprecated" @@ -597,7 +597,8 @@ #define POLARSSL_X509_ALLOW_EXTENSIONS_NON_V3 MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3 #endif #if defined MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION -#define POLARSSL_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION +#define POLARSSL_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION \ + MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION #endif #if defined MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE #define POLARSSL_X509_CHECK_EXTENDED_KEY_USAGE MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE @@ -1382,8 +1383,8 @@ #define SSL_ANTI_REPLAY_ENABLED MBEDTLS_SSL_ANTI_REPLAY_ENABLED #define SSL_ARC4_DISABLED MBEDTLS_SSL_ARC4_DISABLED #define SSL_ARC4_ENABLED MBEDTLS_SSL_ARC4_ENABLED -#define SSL_BUFFER_LEN ( ( ( MBEDTLS_SSL_IN_BUFFER_LEN ) < ( MBEDTLS_SSL_OUT_BUFFER_LEN ) ) \ - ? ( MBEDTLS_SSL_IN_BUFFER_LEN ) : ( MBEDTLS_SSL_OUT_BUFFER_LEN ) ) +#define SSL_BUFFER_LEN (((MBEDTLS_SSL_IN_BUFFER_LEN) < (MBEDTLS_SSL_OUT_BUFFER_LEN)) \ + ? (MBEDTLS_SSL_IN_BUFFER_LEN) : (MBEDTLS_SSL_OUT_BUFFER_LEN)) #define SSL_CACHE_DEFAULT_MAX_ENTRIES MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES #define SSL_CACHE_DEFAULT_TIMEOUT MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT #define SSL_CBC_RECORD_SPLITTING_DISABLED MBEDTLS_SSL_CBC_RECORD_SPLITTING_DISABLED @@ -1554,10 +1555,14 @@ #define TLS_ECDHE_ECDSA_WITH_AES_256_CCM MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM #define TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 #define TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 -#define TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 -#define TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 -#define TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 -#define TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 +#define TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 \ + MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 +#define TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 \ + MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 +#define TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 \ + MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 +#define TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 \ + MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 #define TLS_ECDHE_ECDSA_WITH_NULL_SHA MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA #define TLS_ECDHE_ECDSA_WITH_RC4_128_SHA MBEDTLS_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA #define TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA @@ -1565,8 +1570,10 @@ #define TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 #define TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA #define TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 -#define TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 -#define TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 +#define TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 \ + MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 +#define TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 \ + MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 #define TLS_ECDHE_PSK_WITH_NULL_SHA MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA #define TLS_ECDHE_PSK_WITH_NULL_SHA256 MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256 #define TLS_ECDHE_PSK_WITH_NULL_SHA384 MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384 @@ -1578,10 +1585,14 @@ #define TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA #define TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 #define TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 -#define TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 -#define TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 -#define TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 -#define TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 +#define TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 \ + MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 +#define TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 \ + MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 +#define TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 \ + MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 +#define TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 \ + MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 #define TLS_ECDHE_RSA_WITH_NULL_SHA MBEDTLS_TLS_ECDHE_RSA_WITH_NULL_SHA #define TLS_ECDHE_RSA_WITH_RC4_128_SHA MBEDTLS_TLS_ECDHE_RSA_WITH_RC4_128_SHA #define TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA MBEDTLS_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA @@ -1591,10 +1602,14 @@ #define TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA #define TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 #define TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 -#define TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 -#define TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 -#define TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 -#define TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 +#define TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 \ + MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 +#define TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 \ + MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 +#define TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 \ + MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 +#define TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 \ + MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 #define TLS_ECDH_ECDSA_WITH_NULL_SHA MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA #define TLS_ECDH_ECDSA_WITH_RC4_128_SHA MBEDTLS_TLS_ECDH_ECDSA_WITH_RC4_128_SHA #define TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA MBEDTLS_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA @@ -2492,7 +2507,8 @@ #define x509write_crt_free mbedtls_x509write_crt_free #define x509write_crt_init mbedtls_x509write_crt_init #define x509write_crt_pem mbedtls_x509write_crt_pem -#define x509write_crt_set_authority_key_identifier mbedtls_x509write_crt_set_authority_key_identifier +#define x509write_crt_set_authority_key_identifier \ + mbedtls_x509write_crt_set_authority_key_identifier #define x509write_crt_set_basic_constraints mbedtls_x509write_crt_set_basic_constraints #define x509write_crt_set_extension mbedtls_x509write_crt_set_extension #define x509write_crt_set_issuer_key mbedtls_x509write_crt_set_issuer_key diff --git a/thirdparty/mbedtls/include/mbedtls/config.h b/thirdparty/mbedtls/include/mbedtls/config.h index 61db79362f..1381c1fd16 100644 --- a/thirdparty/mbedtls/include/mbedtls/config.h +++ b/thirdparty/mbedtls/include/mbedtls/config.h @@ -51,7 +51,7 @@ * include/mbedtls/bn_mul.h * * Required by: - * MBEDTLS_AESNI_C + * MBEDTLS_AESNI_C (on some platforms) * MBEDTLS_PADLOCK_C * * Comment to disable the use of assembly code. @@ -859,12 +859,37 @@ * This is useful in non-threaded environments if you want to avoid blocking * for too long on ECC (and, hence, X.509 or SSL/TLS) operations. * - * Uncomment this macro to enable restartable ECC computations. + * This option: + * - Adds xxx_restartable() variants of existing operations in the + * following modules, with corresponding restart context types: + * - ECP (for Short Weierstrass curves only): scalar multiplication (mul), + * linear combination (muladd); + * - ECDSA: signature generation & verification; + * - PK: signature generation & verification; + * - X509: certificate chain verification. + * - Adds mbedtls_ecdh_enable_restart() in the ECDH module. + * - Changes the behaviour of TLS 1.2 clients (not servers) when using the + * ECDHE-ECDSA key exchange (not other key exchanges) to make all ECC + * computations restartable: + * - ECDH operations from the key exchange, only for Short Weierstrass + * curves; + * - verification of the server's key exchange signature; + * - verification of the server's certificate chain; + * - generation of the client's signature if client authentication is used, + * with an ECC key/certificate. + * + * \note In the cases above, the usual SSL/TLS functions, such as + * mbedtls_ssl_handshake(), can now return + * MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS. * * \note This option only works with the default software implementation of * elliptic curve functionality. It is incompatible with - * MBEDTLS_ECP_ALT, MBEDTLS_ECDH_XXX_ALT, MBEDTLS_ECDSA_XXX_ALT - * and MBEDTLS_ECDH_LEGACY_CONTEXT. + * MBEDTLS_ECP_ALT, MBEDTLS_ECDH_XXX_ALT, MBEDTLS_ECDSA_XXX_ALT, + * MBEDTLS_ECDH_LEGACY_CONTEXT, and MBEDTLS_USE_PSA_CRYPTO. + * + * Requires: MBEDTLS_ECP_C + * + * Uncomment this macro to enable restartable ECC computations. */ //#define MBEDTLS_ECP_RESTARTABLE @@ -2319,14 +2344,32 @@ /** * \def MBEDTLS_AESNI_C * - * Enable AES-NI support on x86-64. + * Enable AES-NI support on x86-64 or x86-32. + * + * \note AESNI is only supported with certain compilers and target options: + * - Visual Studio 2013: supported. + * - GCC, x86-64, target not explicitly supporting AESNI: + * requires MBEDTLS_HAVE_ASM. + * - GCC, x86-32, target not explicitly supporting AESNI: + * not supported. + * - GCC, x86-64 or x86-32, target supporting AESNI: supported. + * For this assembly-less implementation, you must currently compile + * `library/aesni.c` and `library/aes.c` with machine options to enable + * SSE2 and AESNI instructions: `gcc -msse2 -maes -mpclmul` or + * `clang -maes -mpclmul`. + * - Non-x86 targets: this option is silently ignored. + * - Other compilers: this option is silently ignored. + * + * \note + * Above, "GCC" includes compatible compilers such as Clang. + * The limitations on target support are likely to be relaxed in the future. * * Module: library/aesni.c * Caller: library/aes.c * - * Requires: MBEDTLS_HAVE_ASM + * Requires: MBEDTLS_HAVE_ASM (on some platforms, see note) * - * This modules adds support for the AES-NI instructions on x86-64 + * This modules adds support for the AES-NI instructions on x86. */ #define MBEDTLS_AESNI_C @@ -2740,7 +2783,7 @@ * * PEM_PARSE uses DES/3DES for decrypting encrypted keys. * - * \warning DES is considered a weak cipher and its use constitutes a + * \warning DES/3DES are considered weak ciphers and their use constitutes a * security risk. We recommend considering stronger ciphers instead. */ #define MBEDTLS_DES_C @@ -3724,7 +3767,7 @@ * comment in the specific module. */ /* MPI / BIGNUM options */ -//#define MBEDTLS_MPI_WINDOW_SIZE 6 /**< Maximum window size used. */ +//#define MBEDTLS_MPI_WINDOW_SIZE 2 /**< Maximum window size used. */ //#define MBEDTLS_MPI_MAX_SIZE 1024 /**< Maximum number of bytes for usable MPIs. */ /* CTR_DRBG options */ diff --git a/thirdparty/mbedtls/include/mbedtls/constant_time.h b/thirdparty/mbedtls/include/mbedtls/constant_time.h index c5de57a01f..8419c99138 100644 --- a/thirdparty/mbedtls/include/mbedtls/constant_time.h +++ b/thirdparty/mbedtls/include/mbedtls/constant_time.h @@ -38,8 +38,8 @@ * \return Zero if the content of the two buffer is the same, * otherwise non-zero. */ -int mbedtls_ct_memcmp( const void *a, - const void *b, - size_t n ); +int mbedtls_ct_memcmp(const void *a, + const void *b, + size_t n); #endif /* MBEDTLS_CONSTANT_TIME_H */ diff --git a/thirdparty/mbedtls/include/mbedtls/ctr_drbg.h b/thirdparty/mbedtls/include/mbedtls/ctr_drbg.h index e68237a439..1bf427c437 100644 --- a/thirdparty/mbedtls/include/mbedtls/ctr_drbg.h +++ b/thirdparty/mbedtls/include/mbedtls/ctr_drbg.h @@ -80,8 +80,8 @@ */ #endif -#define MBEDTLS_CTR_DRBG_KEYBITS ( MBEDTLS_CTR_DRBG_KEYSIZE * 8 ) /**< The key size for the DRBG operation, in bits. */ -#define MBEDTLS_CTR_DRBG_SEEDLEN ( MBEDTLS_CTR_DRBG_KEYSIZE + MBEDTLS_CTR_DRBG_BLOCKSIZE ) /**< The seed length, calculated as (counter + AES key). */ +#define MBEDTLS_CTR_DRBG_KEYBITS (MBEDTLS_CTR_DRBG_KEYSIZE * 8) /**< The key size for the DRBG operation, in bits. */ +#define MBEDTLS_CTR_DRBG_SEEDLEN (MBEDTLS_CTR_DRBG_KEYSIZE + MBEDTLS_CTR_DRBG_BLOCKSIZE) /**< The seed length, calculated as (counter + AES key). */ /** * \name SECTION: Module settings @@ -164,14 +164,13 @@ extern "C" { * the entropy source does not provide enough material to form a nonce. * See the documentation of mbedtls_ctr_drbg_seed() for more information. */ -#define MBEDTLS_CTR_DRBG_ENTROPY_NONCE_LEN ( MBEDTLS_CTR_DRBG_ENTROPY_LEN + 1 ) / 2 +#define MBEDTLS_CTR_DRBG_ENTROPY_NONCE_LEN (MBEDTLS_CTR_DRBG_ENTROPY_LEN + 1) / 2 #endif /** * \brief The CTR_DRBG context structure. */ -typedef struct mbedtls_ctr_drbg_context -{ +typedef struct mbedtls_ctr_drbg_context { unsigned char counter[16]; /*!< The counter (V). */ int reseed_counter; /*!< The reseed counter. * This is the number of requests that have @@ -199,7 +198,7 @@ typedef struct mbedtls_ctr_drbg_context * Callbacks (Entropy) */ int (*f_entropy)(void *, unsigned char *, size_t); - /*!< The entropy callback function. */ + /*!< The entropy callback function. */ void *p_entropy; /*!< The context for the entropy function. */ @@ -228,7 +227,7 @@ mbedtls_ctr_drbg_context; * * \param ctx The CTR_DRBG context to initialize. */ -void mbedtls_ctr_drbg_init( mbedtls_ctr_drbg_context *ctx ); +void mbedtls_ctr_drbg_init(mbedtls_ctr_drbg_context *ctx); /** * \brief This function seeds and sets up the CTR_DRBG @@ -329,11 +328,11 @@ void mbedtls_ctr_drbg_init( mbedtls_ctr_drbg_context *ctx ); * \return \c 0 on success. * \return #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED on failure. */ -int mbedtls_ctr_drbg_seed( mbedtls_ctr_drbg_context *ctx, - int (*f_entropy)(void *, unsigned char *, size_t), - void *p_entropy, - const unsigned char *custom, - size_t len ); +int mbedtls_ctr_drbg_seed(mbedtls_ctr_drbg_context *ctx, + int (*f_entropy)(void *, unsigned char *, size_t), + void *p_entropy, + const unsigned char *custom, + size_t len); /** * \brief This function resets CTR_DRBG context to the state immediately @@ -341,7 +340,7 @@ int mbedtls_ctr_drbg_seed( mbedtls_ctr_drbg_context *ctx, * * \param ctx The CTR_DRBG context to clear. */ -void mbedtls_ctr_drbg_free( mbedtls_ctr_drbg_context *ctx ); +void mbedtls_ctr_drbg_free(mbedtls_ctr_drbg_context *ctx); /** * \brief This function turns prediction resistance on or off. @@ -356,8 +355,8 @@ void mbedtls_ctr_drbg_free( mbedtls_ctr_drbg_context *ctx ); * \param ctx The CTR_DRBG context. * \param resistance #MBEDTLS_CTR_DRBG_PR_ON or #MBEDTLS_CTR_DRBG_PR_OFF. */ -void mbedtls_ctr_drbg_set_prediction_resistance( mbedtls_ctr_drbg_context *ctx, - int resistance ); +void mbedtls_ctr_drbg_set_prediction_resistance(mbedtls_ctr_drbg_context *ctx, + int resistance); /** * \brief This function sets the amount of entropy grabbed on each @@ -383,8 +382,8 @@ void mbedtls_ctr_drbg_set_prediction_resistance( mbedtls_ctr_drbg_context *ctx, * and at most the maximum length accepted by the * entropy function that is set in the context. */ -void mbedtls_ctr_drbg_set_entropy_len( mbedtls_ctr_drbg_context *ctx, - size_t len ); +void mbedtls_ctr_drbg_set_entropy_len(mbedtls_ctr_drbg_context *ctx, + size_t len); /** * \brief This function sets the amount of entropy grabbed @@ -405,8 +404,8 @@ void mbedtls_ctr_drbg_set_entropy_len( mbedtls_ctr_drbg_context *ctx, * \return #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED * if the initial seeding has already taken place. */ -int mbedtls_ctr_drbg_set_nonce_len( mbedtls_ctr_drbg_context *ctx, - size_t len ); +int mbedtls_ctr_drbg_set_nonce_len(mbedtls_ctr_drbg_context *ctx, + size_t len); /** * \brief This function sets the reseed interval. @@ -420,8 +419,8 @@ int mbedtls_ctr_drbg_set_nonce_len( mbedtls_ctr_drbg_context *ctx, * \param ctx The CTR_DRBG context. * \param interval The reseed interval. */ -void mbedtls_ctr_drbg_set_reseed_interval( mbedtls_ctr_drbg_context *ctx, - int interval ); +void mbedtls_ctr_drbg_set_reseed_interval(mbedtls_ctr_drbg_context *ctx, + int interval); /** * \brief This function reseeds the CTR_DRBG context, that is @@ -443,8 +442,8 @@ void mbedtls_ctr_drbg_set_reseed_interval( mbedtls_ctr_drbg_context *ctx, * \return \c 0 on success. * \return #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED on failure. */ -int mbedtls_ctr_drbg_reseed( mbedtls_ctr_drbg_context *ctx, - const unsigned char *additional, size_t len ); +int mbedtls_ctr_drbg_reseed(mbedtls_ctr_drbg_context *ctx, + const unsigned char *additional, size_t len); /** * \brief This function updates the state of the CTR_DRBG context. @@ -466,9 +465,9 @@ int mbedtls_ctr_drbg_reseed( mbedtls_ctr_drbg_context *ctx, * #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT. * \return An error from the underlying AES cipher on failure. */ -int mbedtls_ctr_drbg_update_ret( mbedtls_ctr_drbg_context *ctx, - const unsigned char *additional, - size_t add_len ); +int mbedtls_ctr_drbg_update_ret(mbedtls_ctr_drbg_context *ctx, + const unsigned char *additional, + size_t add_len); /** * \brief This function updates a CTR_DRBG instance with additional @@ -501,9 +500,9 @@ int mbedtls_ctr_drbg_update_ret( mbedtls_ctr_drbg_context *ctx, * \return #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED or * #MBEDTLS_ERR_CTR_DRBG_REQUEST_TOO_BIG on failure. */ -int mbedtls_ctr_drbg_random_with_add( void *p_rng, - unsigned char *output, size_t output_len, - const unsigned char *additional, size_t add_len ); +int mbedtls_ctr_drbg_random_with_add(void *p_rng, + unsigned char *output, size_t output_len, + const unsigned char *additional, size_t add_len); /** * \brief This function uses CTR_DRBG to generate random data. @@ -529,11 +528,11 @@ int mbedtls_ctr_drbg_random_with_add( void *p_rng, * \return #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED or * #MBEDTLS_ERR_CTR_DRBG_REQUEST_TOO_BIG on failure. */ -int mbedtls_ctr_drbg_random( void *p_rng, - unsigned char *output, size_t output_len ); +int mbedtls_ctr_drbg_random(void *p_rng, + unsigned char *output, size_t output_len); -#if ! defined(MBEDTLS_DEPRECATED_REMOVED) +#if !defined(MBEDTLS_DEPRECATED_REMOVED) #if defined(MBEDTLS_DEPRECATED_WARNING) #define MBEDTLS_DEPRECATED __attribute__((deprecated)) #else @@ -557,7 +556,7 @@ int mbedtls_ctr_drbg_random( void *p_rng, MBEDTLS_DEPRECATED void mbedtls_ctr_drbg_update( mbedtls_ctr_drbg_context *ctx, const unsigned char *additional, - size_t add_len ); + size_t add_len); #undef MBEDTLS_DEPRECATED #endif /* !MBEDTLS_DEPRECATED_REMOVED */ @@ -573,7 +572,7 @@ MBEDTLS_DEPRECATED void mbedtls_ctr_drbg_update( * \return #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED on reseed * failure. */ -int mbedtls_ctr_drbg_write_seed_file( mbedtls_ctr_drbg_context *ctx, const char *path ); +int mbedtls_ctr_drbg_write_seed_file(mbedtls_ctr_drbg_context *ctx, const char *path); /** * \brief This function reads and updates a seed file. The seed @@ -589,7 +588,7 @@ int mbedtls_ctr_drbg_write_seed_file( mbedtls_ctr_drbg_context *ctx, const char * \return #MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG if the existing * seed file is too large. */ -int mbedtls_ctr_drbg_update_seed_file( mbedtls_ctr_drbg_context *ctx, const char *path ); +int mbedtls_ctr_drbg_update_seed_file(mbedtls_ctr_drbg_context *ctx, const char *path); #endif /* MBEDTLS_FS_IO */ #if defined(MBEDTLS_SELF_TEST) @@ -600,7 +599,7 @@ int mbedtls_ctr_drbg_update_seed_file( mbedtls_ctr_drbg_context *ctx, const char * \return \c 0 on success. * \return \c 1 on failure. */ -int mbedtls_ctr_drbg_self_test( int verbose ); +int mbedtls_ctr_drbg_self_test(int verbose); #endif /* MBEDTLS_SELF_TEST */ diff --git a/thirdparty/mbedtls/include/mbedtls/debug.h b/thirdparty/mbedtls/include/mbedtls/debug.h index 4fc4662d9a..bcc640c611 100644 --- a/thirdparty/mbedtls/include/mbedtls/debug.h +++ b/thirdparty/mbedtls/include/mbedtls/debug.h @@ -36,47 +36,47 @@ #if defined(MBEDTLS_DEBUG_C) -#define MBEDTLS_DEBUG_STRIP_PARENS( ... ) __VA_ARGS__ +#define MBEDTLS_DEBUG_STRIP_PARENS(...) __VA_ARGS__ -#define MBEDTLS_SSL_DEBUG_MSG( level, args ) \ - mbedtls_debug_print_msg( ssl, level, __FILE__, __LINE__, \ - MBEDTLS_DEBUG_STRIP_PARENS args ) +#define MBEDTLS_SSL_DEBUG_MSG(level, args) \ + mbedtls_debug_print_msg(ssl, level, __FILE__, __LINE__, \ + MBEDTLS_DEBUG_STRIP_PARENS args) -#define MBEDTLS_SSL_DEBUG_RET( level, text, ret ) \ - mbedtls_debug_print_ret( ssl, level, __FILE__, __LINE__, text, ret ) +#define MBEDTLS_SSL_DEBUG_RET(level, text, ret) \ + mbedtls_debug_print_ret(ssl, level, __FILE__, __LINE__, text, ret) -#define MBEDTLS_SSL_DEBUG_BUF( level, text, buf, len ) \ - mbedtls_debug_print_buf( ssl, level, __FILE__, __LINE__, text, buf, len ) +#define MBEDTLS_SSL_DEBUG_BUF(level, text, buf, len) \ + mbedtls_debug_print_buf(ssl, level, __FILE__, __LINE__, text, buf, len) #if defined(MBEDTLS_BIGNUM_C) -#define MBEDTLS_SSL_DEBUG_MPI( level, text, X ) \ - mbedtls_debug_print_mpi( ssl, level, __FILE__, __LINE__, text, X ) +#define MBEDTLS_SSL_DEBUG_MPI(level, text, X) \ + mbedtls_debug_print_mpi(ssl, level, __FILE__, __LINE__, text, X) #endif #if defined(MBEDTLS_ECP_C) -#define MBEDTLS_SSL_DEBUG_ECP( level, text, X ) \ - mbedtls_debug_print_ecp( ssl, level, __FILE__, __LINE__, text, X ) +#define MBEDTLS_SSL_DEBUG_ECP(level, text, X) \ + mbedtls_debug_print_ecp(ssl, level, __FILE__, __LINE__, text, X) #endif #if defined(MBEDTLS_X509_CRT_PARSE_C) -#define MBEDTLS_SSL_DEBUG_CRT( level, text, crt ) \ - mbedtls_debug_print_crt( ssl, level, __FILE__, __LINE__, text, crt ) +#define MBEDTLS_SSL_DEBUG_CRT(level, text, crt) \ + mbedtls_debug_print_crt(ssl, level, __FILE__, __LINE__, text, crt) #endif #if defined(MBEDTLS_ECDH_C) -#define MBEDTLS_SSL_DEBUG_ECDH( level, ecdh, attr ) \ - mbedtls_debug_printf_ecdh( ssl, level, __FILE__, __LINE__, ecdh, attr ) +#define MBEDTLS_SSL_DEBUG_ECDH(level, ecdh, attr) \ + mbedtls_debug_printf_ecdh(ssl, level, __FILE__, __LINE__, ecdh, attr) #endif #else /* MBEDTLS_DEBUG_C */ -#define MBEDTLS_SSL_DEBUG_MSG( level, args ) do { } while( 0 ) -#define MBEDTLS_SSL_DEBUG_RET( level, text, ret ) do { } while( 0 ) -#define MBEDTLS_SSL_DEBUG_BUF( level, text, buf, len ) do { } while( 0 ) -#define MBEDTLS_SSL_DEBUG_MPI( level, text, X ) do { } while( 0 ) -#define MBEDTLS_SSL_DEBUG_ECP( level, text, X ) do { } while( 0 ) -#define MBEDTLS_SSL_DEBUG_CRT( level, text, crt ) do { } while( 0 ) -#define MBEDTLS_SSL_DEBUG_ECDH( level, ecdh, attr ) do { } while( 0 ) +#define MBEDTLS_SSL_DEBUG_MSG(level, args) do { } while (0) +#define MBEDTLS_SSL_DEBUG_RET(level, text, ret) do { } while (0) +#define MBEDTLS_SSL_DEBUG_BUF(level, text, buf, len) do { } while (0) +#define MBEDTLS_SSL_DEBUG_MPI(level, text, X) do { } while (0) +#define MBEDTLS_SSL_DEBUG_ECP(level, text, X) do { } while (0) +#define MBEDTLS_SSL_DEBUG_CRT(level, text, crt) do { } while (0) +#define MBEDTLS_SSL_DEBUG_ECDH(level, ecdh, attr) do { } while (0) #endif /* MBEDTLS_DEBUG_C */ @@ -96,7 +96,7 @@ #if __has_attribute(format) #if defined(__MINGW32__) && __USE_MINGW_ANSI_STDIO == 1 #define MBEDTLS_PRINTF_ATTRIBUTE(string_index, first_to_check) \ - __attribute__((__format__ (gnu_printf, string_index, first_to_check))) + __attribute__((__format__(gnu_printf, string_index, first_to_check))) #else /* defined(__MINGW32__) && __USE_MINGW_ANSI_STDIO == 1 */ #define MBEDTLS_PRINTF_ATTRIBUTE(string_index, first_to_check) \ __attribute__((format(printf, string_index, first_to_check))) @@ -124,10 +124,12 @@ #include #define MBEDTLS_PRINTF_SIZET PRIuPTR #define MBEDTLS_PRINTF_LONGLONG "I64d" -#else /* (defined(__MINGW32__) && __USE_MINGW_ANSI_STDIO == 0) || (defined(_MSC_VER) && _MSC_VER < 1800) */ +#else \ + /* (defined(__MINGW32__) && __USE_MINGW_ANSI_STDIO == 0) || (defined(_MSC_VER) && _MSC_VER < 1800) */ #define MBEDTLS_PRINTF_SIZET "zu" #define MBEDTLS_PRINTF_LONGLONG "lld" -#endif /* (defined(__MINGW32__) && __USE_MINGW_ANSI_STDIO == 0) || (defined(_MSC_VER) && _MSC_VER < 1800) */ +#endif \ + /* (defined(__MINGW32__) && __USE_MINGW_ANSI_STDIO == 0) || (defined(_MSC_VER) && _MSC_VER < 1800) */ #ifdef __cplusplus extern "C" { @@ -148,7 +150,7 @@ extern "C" { * - 3 Informational * - 4 Verbose */ -void mbedtls_debug_set_threshold( int threshold ); +void mbedtls_debug_set_threshold(int threshold); /** * \brief Print a message to the debug output. This function is always used @@ -165,9 +167,9 @@ void mbedtls_debug_set_threshold( int threshold ); * \attention This function is intended for INTERNAL usage within the * library only. */ -void mbedtls_debug_print_msg( const mbedtls_ssl_context *ssl, int level, - const char *file, int line, - const char *format, ... ) MBEDTLS_PRINTF_ATTRIBUTE(5, 6); +void mbedtls_debug_print_msg(const mbedtls_ssl_context *ssl, int level, + const char *file, int line, + const char *format, ...) MBEDTLS_PRINTF_ATTRIBUTE(5, 6); /** * \brief Print the return value of a function to the debug output. This @@ -184,9 +186,9 @@ void mbedtls_debug_print_msg( const mbedtls_ssl_context *ssl, int level, * \attention This function is intended for INTERNAL usage within the * library only. */ -void mbedtls_debug_print_ret( const mbedtls_ssl_context *ssl, int level, - const char *file, int line, - const char *text, int ret ); +void mbedtls_debug_print_ret(const mbedtls_ssl_context *ssl, int level, + const char *file, int line, + const char *text, int ret); /** * \brief Output a buffer of size len bytes to the debug output. This function @@ -205,9 +207,9 @@ void mbedtls_debug_print_ret( const mbedtls_ssl_context *ssl, int level, * \attention This function is intended for INTERNAL usage within the * library only. */ -void mbedtls_debug_print_buf( const mbedtls_ssl_context *ssl, int level, - const char *file, int line, const char *text, - const unsigned char *buf, size_t len ); +void mbedtls_debug_print_buf(const mbedtls_ssl_context *ssl, int level, + const char *file, int line, const char *text, + const unsigned char *buf, size_t len); #if defined(MBEDTLS_BIGNUM_C) /** @@ -226,9 +228,9 @@ void mbedtls_debug_print_buf( const mbedtls_ssl_context *ssl, int level, * \attention This function is intended for INTERNAL usage within the * library only. */ -void mbedtls_debug_print_mpi( const mbedtls_ssl_context *ssl, int level, - const char *file, int line, - const char *text, const mbedtls_mpi *X ); +void mbedtls_debug_print_mpi(const mbedtls_ssl_context *ssl, int level, + const char *file, int line, + const char *text, const mbedtls_mpi *X); #endif #if defined(MBEDTLS_ECP_C) @@ -248,9 +250,9 @@ void mbedtls_debug_print_mpi( const mbedtls_ssl_context *ssl, int level, * \attention This function is intended for INTERNAL usage within the * library only. */ -void mbedtls_debug_print_ecp( const mbedtls_ssl_context *ssl, int level, - const char *file, int line, - const char *text, const mbedtls_ecp_point *X ); +void mbedtls_debug_print_ecp(const mbedtls_ssl_context *ssl, int level, + const char *file, int line, + const char *text, const mbedtls_ecp_point *X); #endif #if defined(MBEDTLS_X509_CRT_PARSE_C) @@ -269,14 +271,13 @@ void mbedtls_debug_print_ecp( const mbedtls_ssl_context *ssl, int level, * \attention This function is intended for INTERNAL usage within the * library only. */ -void mbedtls_debug_print_crt( const mbedtls_ssl_context *ssl, int level, - const char *file, int line, - const char *text, const mbedtls_x509_crt *crt ); +void mbedtls_debug_print_crt(const mbedtls_ssl_context *ssl, int level, + const char *file, int line, + const char *text, const mbedtls_x509_crt *crt); #endif #if defined(MBEDTLS_ECDH_C) -typedef enum -{ +typedef enum { MBEDTLS_DEBUG_ECDH_Q, MBEDTLS_DEBUG_ECDH_QP, MBEDTLS_DEBUG_ECDH_Z, @@ -298,10 +299,10 @@ typedef enum * \attention This function is intended for INTERNAL usage within the * library only. */ -void mbedtls_debug_printf_ecdh( const mbedtls_ssl_context *ssl, int level, - const char *file, int line, - const mbedtls_ecdh_context *ecdh, - mbedtls_debug_ecdh_attr attr ); +void mbedtls_debug_printf_ecdh(const mbedtls_ssl_context *ssl, int level, + const char *file, int line, + const mbedtls_ecdh_context *ecdh, + mbedtls_debug_ecdh_attr attr); #endif #ifdef __cplusplus diff --git a/thirdparty/mbedtls/include/mbedtls/des.h b/thirdparty/mbedtls/include/mbedtls/des.h index 325aab5364..f2bc58138e 100644 --- a/thirdparty/mbedtls/include/mbedtls/des.h +++ b/thirdparty/mbedtls/include/mbedtls/des.h @@ -3,7 +3,7 @@ * * \brief DES block cipher * - * \warning DES is considered a weak cipher and its use constitutes a + * \warning DES/3DES are considered weak ciphers and their use constitutes a * security risk. We recommend considering stronger ciphers * instead. */ @@ -60,21 +60,23 @@ extern "C" { /** * \brief DES context structure * - * \warning DES is considered a weak cipher and its use constitutes a + * \warning DES/3DES are considered weak ciphers and their use constitutes a * security risk. We recommend considering stronger ciphers * instead. */ -typedef struct mbedtls_des_context -{ +typedef struct mbedtls_des_context { uint32_t sk[32]; /*!< DES subkeys */ } mbedtls_des_context; /** * \brief Triple-DES context structure + * + * \warning DES/3DES are considered weak ciphers and their use constitutes a + * security risk. We recommend considering stronger ciphers + * instead. */ -typedef struct mbedtls_des3_context -{ +typedef struct mbedtls_des3_context { uint32_t sk[96]; /*!< 3DES subkeys */ } mbedtls_des3_context; @@ -88,36 +90,44 @@ mbedtls_des3_context; * * \param ctx DES context to be initialized * - * \warning DES is considered a weak cipher and its use constitutes a + * \warning DES/3DES are considered weak ciphers and their use constitutes a * security risk. We recommend considering stronger ciphers * instead. */ -void mbedtls_des_init( mbedtls_des_context *ctx ); +void mbedtls_des_init(mbedtls_des_context *ctx); /** * \brief Clear DES context * * \param ctx DES context to be cleared * - * \warning DES is considered a weak cipher and its use constitutes a + * \warning DES/3DES are considered weak ciphers and their use constitutes a * security risk. We recommend considering stronger ciphers * instead. */ -void mbedtls_des_free( mbedtls_des_context *ctx ); +void mbedtls_des_free(mbedtls_des_context *ctx); /** * \brief Initialize Triple-DES context * * \param ctx DES3 context to be initialized + * + * \warning DES/3DES are considered weak ciphers and their use constitutes a + * security risk. We recommend considering stronger ciphers + * instead. */ -void mbedtls_des3_init( mbedtls_des3_context *ctx ); +void mbedtls_des3_init(mbedtls_des3_context *ctx); /** * \brief Clear Triple-DES context * * \param ctx DES3 context to be cleared + * + * \warning DES/3DES are considered weak ciphers and their use constitutes a + * security risk. We recommend considering stronger ciphers + * instead. */ -void mbedtls_des3_free( mbedtls_des3_context *ctx ); +void mbedtls_des3_free(mbedtls_des3_context *ctx); /** * \brief Set key parity on the given key to odd. @@ -127,11 +137,11 @@ void mbedtls_des3_free( mbedtls_des3_context *ctx ); * * \param key 8-byte secret key * - * \warning DES is considered a weak cipher and its use constitutes a + * \warning DES/3DES are considered weak ciphers and their use constitutes a * security risk. We recommend considering stronger ciphers * instead. */ -void mbedtls_des_key_set_parity( unsigned char key[MBEDTLS_DES_KEY_SIZE] ); +void mbedtls_des_key_set_parity(unsigned char key[MBEDTLS_DES_KEY_SIZE]); /** * \brief Check that key parity on the given key is odd. @@ -143,12 +153,12 @@ void mbedtls_des_key_set_parity( unsigned char key[MBEDTLS_DES_KEY_SIZE] ); * * \return 0 is parity was ok, 1 if parity was not correct. * - * \warning DES is considered a weak cipher and its use constitutes a + * \warning DES/3DES are considered weak ciphers and their use constitutes a * security risk. We recommend considering stronger ciphers * instead. */ MBEDTLS_CHECK_RETURN_TYPICAL -int mbedtls_des_key_check_key_parity( const unsigned char key[MBEDTLS_DES_KEY_SIZE] ); +int mbedtls_des_key_check_key_parity(const unsigned char key[MBEDTLS_DES_KEY_SIZE]); /** * \brief Check that key is not a weak or semi-weak DES key @@ -157,12 +167,12 @@ int mbedtls_des_key_check_key_parity( const unsigned char key[MBEDTLS_DES_KEY_SI * * \return 0 if no weak key was found, 1 if a weak key was identified. * - * \warning DES is considered a weak cipher and its use constitutes a + * \warning DES/3DES are considered weak ciphers and their use constitutes a * security risk. We recommend considering stronger ciphers * instead. */ MBEDTLS_CHECK_RETURN_TYPICAL -int mbedtls_des_key_check_weak( const unsigned char key[MBEDTLS_DES_KEY_SIZE] ); +int mbedtls_des_key_check_weak(const unsigned char key[MBEDTLS_DES_KEY_SIZE]); /** * \brief DES key schedule (56-bit, encryption) @@ -172,12 +182,12 @@ int mbedtls_des_key_check_weak( const unsigned char key[MBEDTLS_DES_KEY_SIZE] ); * * \return 0 * - * \warning DES is considered a weak cipher and its use constitutes a + * \warning DES/3DES are considered weak ciphers and their use constitutes a * security risk. We recommend considering stronger ciphers * instead. */ MBEDTLS_CHECK_RETURN_TYPICAL -int mbedtls_des_setkey_enc( mbedtls_des_context *ctx, const unsigned char key[MBEDTLS_DES_KEY_SIZE] ); +int mbedtls_des_setkey_enc(mbedtls_des_context *ctx, const unsigned char key[MBEDTLS_DES_KEY_SIZE]); /** * \brief DES key schedule (56-bit, decryption) @@ -187,12 +197,12 @@ int mbedtls_des_setkey_enc( mbedtls_des_context *ctx, const unsigned char key[MB * * \return 0 * - * \warning DES is considered a weak cipher and its use constitutes a + * \warning DES/3DES are considered weak ciphers and their use constitutes a * security risk. We recommend considering stronger ciphers * instead. */ MBEDTLS_CHECK_RETURN_TYPICAL -int mbedtls_des_setkey_dec( mbedtls_des_context *ctx, const unsigned char key[MBEDTLS_DES_KEY_SIZE] ); +int mbedtls_des_setkey_dec(mbedtls_des_context *ctx, const unsigned char key[MBEDTLS_DES_KEY_SIZE]); /** * \brief Triple-DES key schedule (112-bit, encryption) @@ -201,10 +211,14 @@ int mbedtls_des_setkey_dec( mbedtls_des_context *ctx, const unsigned char key[MB * \param key 16-byte secret key * * \return 0 + * + * \warning DES/3DES are considered weak ciphers and their use constitutes a + * security risk. We recommend considering stronger ciphers + * instead. */ MBEDTLS_CHECK_RETURN_TYPICAL -int mbedtls_des3_set2key_enc( mbedtls_des3_context *ctx, - const unsigned char key[MBEDTLS_DES_KEY_SIZE * 2] ); +int mbedtls_des3_set2key_enc(mbedtls_des3_context *ctx, + const unsigned char key[MBEDTLS_DES_KEY_SIZE * 2]); /** * \brief Triple-DES key schedule (112-bit, decryption) @@ -213,10 +227,14 @@ int mbedtls_des3_set2key_enc( mbedtls_des3_context *ctx, * \param key 16-byte secret key * * \return 0 + * + * \warning DES/3DES are considered weak ciphers and their use constitutes a + * security risk. We recommend considering stronger ciphers + * instead. */ MBEDTLS_CHECK_RETURN_TYPICAL -int mbedtls_des3_set2key_dec( mbedtls_des3_context *ctx, - const unsigned char key[MBEDTLS_DES_KEY_SIZE * 2] ); +int mbedtls_des3_set2key_dec(mbedtls_des3_context *ctx, + const unsigned char key[MBEDTLS_DES_KEY_SIZE * 2]); /** * \brief Triple-DES key schedule (168-bit, encryption) @@ -225,10 +243,14 @@ int mbedtls_des3_set2key_dec( mbedtls_des3_context *ctx, * \param key 24-byte secret key * * \return 0 + * + * \warning DES/3DES are considered weak ciphers and their use constitutes a + * security risk. We recommend considering stronger ciphers + * instead. */ MBEDTLS_CHECK_RETURN_TYPICAL -int mbedtls_des3_set3key_enc( mbedtls_des3_context *ctx, - const unsigned char key[MBEDTLS_DES_KEY_SIZE * 3] ); +int mbedtls_des3_set3key_enc(mbedtls_des3_context *ctx, + const unsigned char key[MBEDTLS_DES_KEY_SIZE * 3]); /** * \brief Triple-DES key schedule (168-bit, decryption) @@ -237,10 +259,14 @@ int mbedtls_des3_set3key_enc( mbedtls_des3_context *ctx, * \param key 24-byte secret key * * \return 0 + * + * \warning DES/3DES are considered weak ciphers and their use constitutes a + * security risk. We recommend considering stronger ciphers + * instead. */ MBEDTLS_CHECK_RETURN_TYPICAL -int mbedtls_des3_set3key_dec( mbedtls_des3_context *ctx, - const unsigned char key[MBEDTLS_DES_KEY_SIZE * 3] ); +int mbedtls_des3_set3key_dec(mbedtls_des3_context *ctx, + const unsigned char key[MBEDTLS_DES_KEY_SIZE * 3]); /** * \brief DES-ECB block encryption/decryption @@ -251,14 +277,14 @@ int mbedtls_des3_set3key_dec( mbedtls_des3_context *ctx, * * \return 0 if successful * - * \warning DES is considered a weak cipher and its use constitutes a + * \warning DES/3DES are considered weak ciphers and their use constitutes a * security risk. We recommend considering stronger ciphers * instead. */ MBEDTLS_CHECK_RETURN_TYPICAL -int mbedtls_des_crypt_ecb( mbedtls_des_context *ctx, - const unsigned char input[8], - unsigned char output[8] ); +int mbedtls_des_crypt_ecb(mbedtls_des_context *ctx, + const unsigned char input[8], + unsigned char output[8]); #if defined(MBEDTLS_CIPHER_MODE_CBC) /** @@ -279,17 +305,17 @@ int mbedtls_des_crypt_ecb( mbedtls_des_context *ctx, * \param input buffer holding the input data * \param output buffer holding the output data * - * \warning DES is considered a weak cipher and its use constitutes a + * \warning DES/3DES are considered weak ciphers and their use constitutes a * security risk. We recommend considering stronger ciphers * instead. */ MBEDTLS_CHECK_RETURN_TYPICAL -int mbedtls_des_crypt_cbc( mbedtls_des_context *ctx, - int mode, - size_t length, - unsigned char iv[8], - const unsigned char *input, - unsigned char *output ); +int mbedtls_des_crypt_cbc(mbedtls_des_context *ctx, + int mode, + size_t length, + unsigned char iv[8], + const unsigned char *input, + unsigned char *output); #endif /* MBEDTLS_CIPHER_MODE_CBC */ /** @@ -300,11 +326,15 @@ int mbedtls_des_crypt_cbc( mbedtls_des_context *ctx, * \param output 64-bit output block * * \return 0 if successful + * + * \warning DES/3DES are considered weak ciphers and their use constitutes a + * security risk. We recommend considering stronger ciphers + * instead. */ MBEDTLS_CHECK_RETURN_TYPICAL -int mbedtls_des3_crypt_ecb( mbedtls_des3_context *ctx, - const unsigned char input[8], - unsigned char output[8] ); +int mbedtls_des3_crypt_ecb(mbedtls_des3_context *ctx, + const unsigned char input[8], + unsigned char output[8]); #if defined(MBEDTLS_CIPHER_MODE_CBC) /** @@ -326,14 +356,18 @@ int mbedtls_des3_crypt_ecb( mbedtls_des3_context *ctx, * \param output buffer holding the output data * * \return 0 if successful, or MBEDTLS_ERR_DES_INVALID_INPUT_LENGTH + * + * \warning DES/3DES are considered weak ciphers and their use constitutes a + * security risk. We recommend considering stronger ciphers + * instead. */ MBEDTLS_CHECK_RETURN_TYPICAL -int mbedtls_des3_crypt_cbc( mbedtls_des3_context *ctx, - int mode, - size_t length, - unsigned char iv[8], - const unsigned char *input, - unsigned char *output ); +int mbedtls_des3_crypt_cbc(mbedtls_des3_context *ctx, + int mode, + size_t length, + unsigned char iv[8], + const unsigned char *input, + unsigned char *output); #endif /* MBEDTLS_CIPHER_MODE_CBC */ /** @@ -344,12 +378,12 @@ int mbedtls_des3_crypt_cbc( mbedtls_des3_context *ctx, * \param SK Round keys * \param key Base key * - * \warning DES is considered a weak cipher and its use constitutes a + * \warning DES/3DES are considered weak ciphers and their use constitutes a * security risk. We recommend considering stronger ciphers * instead. */ -void mbedtls_des_setkey( uint32_t SK[32], - const unsigned char key[MBEDTLS_DES_KEY_SIZE] ); +void mbedtls_des_setkey(uint32_t SK[32], + const unsigned char key[MBEDTLS_DES_KEY_SIZE]); #if defined(MBEDTLS_SELF_TEST) @@ -359,7 +393,7 @@ void mbedtls_des_setkey( uint32_t SK[32], * \return 0 if successful, or 1 if the test failed */ MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_des_self_test( int verbose ); +int mbedtls_des_self_test(int verbose); #endif /* MBEDTLS_SELF_TEST */ diff --git a/thirdparty/mbedtls/include/mbedtls/dhm.h b/thirdparty/mbedtls/include/mbedtls/dhm.h index c4b15a2c45..117af93400 100644 --- a/thirdparty/mbedtls/include/mbedtls/dhm.h +++ b/thirdparty/mbedtls/include/mbedtls/dhm.h @@ -108,8 +108,7 @@ extern "C" { /** * \brief The DHM context structure. */ -typedef struct mbedtls_dhm_context -{ +typedef struct mbedtls_dhm_context { size_t len; /*!< The size of \p P in Bytes. */ mbedtls_mpi P; /*!< The prime modulus. */ mbedtls_mpi G; /*!< The generator. */ @@ -133,7 +132,7 @@ mbedtls_dhm_context; * * \param ctx The DHM context to initialize. */ -void mbedtls_dhm_init( mbedtls_dhm_context *ctx ); +void mbedtls_dhm_init(mbedtls_dhm_context *ctx); /** * \brief This function parses the DHM parameters in a @@ -157,9 +156,9 @@ void mbedtls_dhm_init( mbedtls_dhm_context *ctx ); * \return \c 0 on success. * \return An \c MBEDTLS_ERR_DHM_XXX error code on failure. */ -int mbedtls_dhm_read_params( mbedtls_dhm_context *ctx, - unsigned char **p, - const unsigned char *end ); +int mbedtls_dhm_read_params(mbedtls_dhm_context *ctx, + unsigned char **p, + const unsigned char *end); /** * \brief This function generates a DHM key pair and exports its @@ -193,10 +192,10 @@ int mbedtls_dhm_read_params( mbedtls_dhm_context *ctx, * \return \c 0 on success. * \return An \c MBEDTLS_ERR_DHM_XXX error code on failure. */ -int mbedtls_dhm_make_params( mbedtls_dhm_context *ctx, int x_size, - unsigned char *output, size_t *olen, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ); +int mbedtls_dhm_make_params(mbedtls_dhm_context *ctx, int x_size, + unsigned char *output, size_t *olen, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng); /** * \brief This function sets the prime modulus and generator. @@ -213,9 +212,9 @@ int mbedtls_dhm_make_params( mbedtls_dhm_context *ctx, int x_size, * \return \c 0 if successful. * \return An \c MBEDTLS_ERR_DHM_XXX error code on failure. */ -int mbedtls_dhm_set_group( mbedtls_dhm_context *ctx, - const mbedtls_mpi *P, - const mbedtls_mpi *G ); +int mbedtls_dhm_set_group(mbedtls_dhm_context *ctx, + const mbedtls_mpi *P, + const mbedtls_mpi *G); /** * \brief This function imports the raw public value of the peer. @@ -233,8 +232,8 @@ int mbedtls_dhm_set_group( mbedtls_dhm_context *ctx, * \return \c 0 on success. * \return An \c MBEDTLS_ERR_DHM_XXX error code on failure. */ -int mbedtls_dhm_read_public( mbedtls_dhm_context *ctx, - const unsigned char *input, size_t ilen ); +int mbedtls_dhm_read_public(mbedtls_dhm_context *ctx, + const unsigned char *input, size_t ilen); /** * \brief This function creates a DHM key pair and exports @@ -260,10 +259,10 @@ int mbedtls_dhm_read_public( mbedtls_dhm_context *ctx, * \return \c 0 on success. * \return An \c MBEDTLS_ERR_DHM_XXX error code on failure. */ -int mbedtls_dhm_make_public( mbedtls_dhm_context *ctx, int x_size, - unsigned char *output, size_t olen, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ); +int mbedtls_dhm_make_public(mbedtls_dhm_context *ctx, int x_size, + unsigned char *output, size_t olen, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng); /** * \brief This function derives and exports the shared secret @@ -291,10 +290,10 @@ int mbedtls_dhm_make_public( mbedtls_dhm_context *ctx, int x_size, * \return \c 0 on success. * \return An \c MBEDTLS_ERR_DHM_XXX error code on failure. */ -int mbedtls_dhm_calc_secret( mbedtls_dhm_context *ctx, - unsigned char *output, size_t output_size, size_t *olen, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ); +int mbedtls_dhm_calc_secret(mbedtls_dhm_context *ctx, + unsigned char *output, size_t output_size, size_t *olen, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng); /** * \brief This function frees and clears the components @@ -304,7 +303,7 @@ int mbedtls_dhm_calc_secret( mbedtls_dhm_context *ctx, * in which case this function is a no-op. If it is not \c NULL, * it must point to an initialized DHM context. */ -void mbedtls_dhm_free( mbedtls_dhm_context *ctx ); +void mbedtls_dhm_free(mbedtls_dhm_context *ctx); #if defined(MBEDTLS_ASN1_PARSE_C) /** @@ -321,8 +320,8 @@ void mbedtls_dhm_free( mbedtls_dhm_context *ctx ); * \return An \c MBEDTLS_ERR_DHM_XXX or \c MBEDTLS_ERR_PEM_XXX error * code on failure. */ -int mbedtls_dhm_parse_dhm( mbedtls_dhm_context *dhm, const unsigned char *dhmin, - size_t dhminlen ); +int mbedtls_dhm_parse_dhm(mbedtls_dhm_context *dhm, const unsigned char *dhmin, + size_t dhminlen); #if defined(MBEDTLS_FS_IO) /** @@ -337,7 +336,7 @@ int mbedtls_dhm_parse_dhm( mbedtls_dhm_context *dhm, const unsigned char *dhmin, * \return An \c MBEDTLS_ERR_DHM_XXX or \c MBEDTLS_ERR_PEM_XXX * error code on failure. */ -int mbedtls_dhm_parse_dhmfile( mbedtls_dhm_context *dhm, const char *path ); +int mbedtls_dhm_parse_dhmfile(mbedtls_dhm_context *dhm, const char *path); #endif /* MBEDTLS_FS_IO */ #endif /* MBEDTLS_ASN1_PARSE_C */ @@ -349,7 +348,7 @@ int mbedtls_dhm_parse_dhmfile( mbedtls_dhm_context *dhm, const char *path ); * \return \c 0 on success. * \return \c 1 on failure. */ -int mbedtls_dhm_self_test( int verbose ); +int mbedtls_dhm_self_test(int verbose); #endif /* MBEDTLS_SELF_TEST */ #ifdef __cplusplus @@ -426,7 +425,7 @@ int mbedtls_dhm_self_test( int verbose ); "CDF93ACC44328387315D75E198C641A480CD86A1B9E587E8" \ "BE60E69CC928B2B9C52172E413042E9B23F10B0E16E79763" \ "C9B53DCF4BA80A29E3FB73C16B8E75B97EF363E2FFA31F71" \ - "CF9DE5384E71B81C0AC4DFFE0C10E64F" ) + "CF9DE5384E71B81C0AC4DFFE0C10E64F") /** * The hexadecimal presentation of the chosen generator of the 2048-bit MODP @@ -445,7 +444,7 @@ int mbedtls_dhm_self_test( int verbose ); "10E183EDD19963DDD9E263E4770589EF6AA21E7F5F2FF381" \ "B539CCE3409D13CD566AFBB48D6C019181E1BCFE94B30269" \ "EDFE72FE9B6AA4BD7B5A0F1C71CFFF4C19C418E1F6EC0179" \ - "81BC087F2A7065B384B890D3191F2BFA" ) + "81BC087F2A7065B384B890D3191F2BFA") /** * The hexadecimal presentation of the prime underlying the 2048-bit MODP @@ -470,7 +469,7 @@ int mbedtls_dhm_self_test( int verbose ); "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B" \ "E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9" \ "DE2BCBF6955817183995497CEA956AE515D2261898FA0510" \ - "15728E5A8AACAA68FFFFFFFFFFFFFFFF" ) + "15728E5A8AACAA68FFFFFFFFFFFFFFFF") /** * The hexadecimal presentation of the chosen generator of the 2048-bit MODP @@ -478,7 +477,7 @@ int mbedtls_dhm_self_test( int verbose ); * Diffie-Hellman groups for Internet Key Exchange (IKE). */ #define MBEDTLS_DHM_RFC3526_MODP_2048_G \ - MBEDTLS_DEPRECATED_STRING_CONSTANT( "02" ) + MBEDTLS_DEPRECATED_STRING_CONSTANT("02") /** * The hexadecimal presentation of the prime underlying the 3072-bit MODP @@ -502,7 +501,7 @@ int mbedtls_dhm_self_test( int verbose ); "ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6B" \ "F12FFA06D98A0864D87602733EC86A64521F2B18177B200C" \ "BBE117577A615D6C770988C0BAD946E208E24FA074E5AB31" \ - "43DB5BFCE0FD108E4B82D120A93AD2CAFFFFFFFFFFFFFFFF" ) + "43DB5BFCE0FD108E4B82D120A93AD2CAFFFFFFFFFFFFFFFF") /** * The hexadecimal presentation of the chosen generator of the 3072-bit MODP @@ -510,7 +509,7 @@ int mbedtls_dhm_self_test( int verbose ); * Diffie-Hellman groups for Internet Key Exchange (IKE). */ #define MBEDTLS_DHM_RFC3526_MODP_3072_G \ - MBEDTLS_DEPRECATED_STRING_CONSTANT( "02" ) + MBEDTLS_DEPRECATED_STRING_CONSTANT("02") /** * The hexadecimal presentation of the prime underlying the 4096-bit MODP @@ -540,7 +539,7 @@ int mbedtls_dhm_self_test( int verbose ); "287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED" \ "1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA9" \ "93B4EA988D8FDDC186FFB7DC90A6C08F4DF435C934063199" \ - "FFFFFFFFFFFFFFFF" ) + "FFFFFFFFFFFFFFFF") /** * The hexadecimal presentation of the chosen generator of the 4096-bit MODP @@ -548,7 +547,7 @@ int mbedtls_dhm_self_test( int verbose ); * Diffie-Hellman groups for Internet Key Exchange (IKE). */ #define MBEDTLS_DHM_RFC3526_MODP_4096_G \ - MBEDTLS_DEPRECATED_STRING_CONSTANT( "02" ) + MBEDTLS_DEPRECATED_STRING_CONSTANT("02") #endif /* MBEDTLS_DEPRECATED_REMOVED */ @@ -557,546 +556,546 @@ int mbedtls_dhm_self_test( int verbose ); */ #define MBEDTLS_DHM_RFC3526_MODP_2048_P_BIN { \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34, \ - 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1, \ - 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, \ - 0x02, 0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B, 0x22, \ - 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD, \ - 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, \ - 0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, 0x37, \ - 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45, \ - 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, \ - 0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x37, 0xED, 0x6B, \ - 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED, \ - 0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, \ - 0xAE, 0x9F, 0x24, 0x11, 0x7C, 0x4B, 0x1F, 0xE6, \ - 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D, \ - 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05, \ - 0x98, 0xDA, 0x48, 0x36, 0x1C, 0x55, 0xD3, 0x9A, \ - 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F, \ - 0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, \ - 0x1C, 0x62, 0xF3, 0x56, 0x20, 0x85, 0x52, 0xBB, \ - 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D, \ - 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04, \ - 0xF1, 0x74, 0x6C, 0x08, 0xCA, 0x18, 0x21, 0x7C, \ - 0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B, \ - 0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03, \ - 0x9B, 0x27, 0x83, 0xA2, 0xEC, 0x07, 0xA2, 0x8F, \ - 0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9, \ - 0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18, \ - 0x39, 0x95, 0x49, 0x7C, 0xEA, 0x95, 0x6A, 0xE5, \ - 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10, \ - 0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAC, 0xAA, 0x68, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF } + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ + 0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34, \ + 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1, \ + 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, \ + 0x02, 0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B, 0x22, \ + 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD, \ + 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, \ + 0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, 0x37, \ + 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45, \ + 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, \ + 0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x37, 0xED, 0x6B, \ + 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED, \ + 0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, \ + 0xAE, 0x9F, 0x24, 0x11, 0x7C, 0x4B, 0x1F, 0xE6, \ + 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D, \ + 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05, \ + 0x98, 0xDA, 0x48, 0x36, 0x1C, 0x55, 0xD3, 0x9A, \ + 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F, \ + 0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, \ + 0x1C, 0x62, 0xF3, 0x56, 0x20, 0x85, 0x52, 0xBB, \ + 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D, \ + 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04, \ + 0xF1, 0x74, 0x6C, 0x08, 0xCA, 0x18, 0x21, 0x7C, \ + 0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B, \ + 0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03, \ + 0x9B, 0x27, 0x83, 0xA2, 0xEC, 0x07, 0xA2, 0x8F, \ + 0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9, \ + 0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18, \ + 0x39, 0x95, 0x49, 0x7C, 0xEA, 0x95, 0x6A, 0xE5, \ + 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10, \ + 0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAC, 0xAA, 0x68, \ + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF } #define MBEDTLS_DHM_RFC3526_MODP_2048_G_BIN { 0x02 } #define MBEDTLS_DHM_RFC3526_MODP_3072_P_BIN { \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34, \ - 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1, \ - 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, \ - 0x02, 0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B, 0x22, \ - 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD, \ - 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, \ - 0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, 0x37, \ - 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45, \ - 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, \ - 0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x37, 0xED, 0x6B, \ - 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED, \ - 0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, \ - 0xAE, 0x9F, 0x24, 0x11, 0x7C, 0x4B, 0x1F, 0xE6, \ - 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D, \ - 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05, \ - 0x98, 0xDA, 0x48, 0x36, 0x1C, 0x55, 0xD3, 0x9A, \ - 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F, \ - 0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, \ - 0x1C, 0x62, 0xF3, 0x56, 0x20, 0x85, 0x52, 0xBB, \ - 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D, \ - 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04, \ - 0xF1, 0x74, 0x6C, 0x08, 0xCA, 0x18, 0x21, 0x7C, \ - 0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B, \ - 0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03, \ - 0x9B, 0x27, 0x83, 0xA2, 0xEC, 0x07, 0xA2, 0x8F, \ - 0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9, \ - 0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18, \ - 0x39, 0x95, 0x49, 0x7C, 0xEA, 0x95, 0x6A, 0xE5, \ - 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10, \ - 0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAA, 0xC4, 0x2D, \ - 0xAD, 0x33, 0x17, 0x0D, 0x04, 0x50, 0x7A, 0x33, \ - 0xA8, 0x55, 0x21, 0xAB, 0xDF, 0x1C, 0xBA, 0x64, \ - 0xEC, 0xFB, 0x85, 0x04, 0x58, 0xDB, 0xEF, 0x0A, \ - 0x8A, 0xEA, 0x71, 0x57, 0x5D, 0x06, 0x0C, 0x7D, \ - 0xB3, 0x97, 0x0F, 0x85, 0xA6, 0xE1, 0xE4, 0xC7, \ - 0xAB, 0xF5, 0xAE, 0x8C, 0xDB, 0x09, 0x33, 0xD7, \ - 0x1E, 0x8C, 0x94, 0xE0, 0x4A, 0x25, 0x61, 0x9D, \ - 0xCE, 0xE3, 0xD2, 0x26, 0x1A, 0xD2, 0xEE, 0x6B, \ - 0xF1, 0x2F, 0xFA, 0x06, 0xD9, 0x8A, 0x08, 0x64, \ - 0xD8, 0x76, 0x02, 0x73, 0x3E, 0xC8, 0x6A, 0x64, \ - 0x52, 0x1F, 0x2B, 0x18, 0x17, 0x7B, 0x20, 0x0C, \ - 0xBB, 0xE1, 0x17, 0x57, 0x7A, 0x61, 0x5D, 0x6C, \ - 0x77, 0x09, 0x88, 0xC0, 0xBA, 0xD9, 0x46, 0xE2, \ - 0x08, 0xE2, 0x4F, 0xA0, 0x74, 0xE5, 0xAB, 0x31, \ - 0x43, 0xDB, 0x5B, 0xFC, 0xE0, 0xFD, 0x10, 0x8E, \ - 0x4B, 0x82, 0xD1, 0x20, 0xA9, 0x3A, 0xD2, 0xCA, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF } + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ + 0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34, \ + 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1, \ + 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, \ + 0x02, 0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B, 0x22, \ + 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD, \ + 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, \ + 0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, 0x37, \ + 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45, \ + 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, \ + 0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x37, 0xED, 0x6B, \ + 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED, \ + 0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, \ + 0xAE, 0x9F, 0x24, 0x11, 0x7C, 0x4B, 0x1F, 0xE6, \ + 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D, \ + 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05, \ + 0x98, 0xDA, 0x48, 0x36, 0x1C, 0x55, 0xD3, 0x9A, \ + 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F, \ + 0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, \ + 0x1C, 0x62, 0xF3, 0x56, 0x20, 0x85, 0x52, 0xBB, \ + 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D, \ + 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04, \ + 0xF1, 0x74, 0x6C, 0x08, 0xCA, 0x18, 0x21, 0x7C, \ + 0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B, \ + 0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03, \ + 0x9B, 0x27, 0x83, 0xA2, 0xEC, 0x07, 0xA2, 0x8F, \ + 0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9, \ + 0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18, \ + 0x39, 0x95, 0x49, 0x7C, 0xEA, 0x95, 0x6A, 0xE5, \ + 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10, \ + 0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAA, 0xC4, 0x2D, \ + 0xAD, 0x33, 0x17, 0x0D, 0x04, 0x50, 0x7A, 0x33, \ + 0xA8, 0x55, 0x21, 0xAB, 0xDF, 0x1C, 0xBA, 0x64, \ + 0xEC, 0xFB, 0x85, 0x04, 0x58, 0xDB, 0xEF, 0x0A, \ + 0x8A, 0xEA, 0x71, 0x57, 0x5D, 0x06, 0x0C, 0x7D, \ + 0xB3, 0x97, 0x0F, 0x85, 0xA6, 0xE1, 0xE4, 0xC7, \ + 0xAB, 0xF5, 0xAE, 0x8C, 0xDB, 0x09, 0x33, 0xD7, \ + 0x1E, 0x8C, 0x94, 0xE0, 0x4A, 0x25, 0x61, 0x9D, \ + 0xCE, 0xE3, 0xD2, 0x26, 0x1A, 0xD2, 0xEE, 0x6B, \ + 0xF1, 0x2F, 0xFA, 0x06, 0xD9, 0x8A, 0x08, 0x64, \ + 0xD8, 0x76, 0x02, 0x73, 0x3E, 0xC8, 0x6A, 0x64, \ + 0x52, 0x1F, 0x2B, 0x18, 0x17, 0x7B, 0x20, 0x0C, \ + 0xBB, 0xE1, 0x17, 0x57, 0x7A, 0x61, 0x5D, 0x6C, \ + 0x77, 0x09, 0x88, 0xC0, 0xBA, 0xD9, 0x46, 0xE2, \ + 0x08, 0xE2, 0x4F, 0xA0, 0x74, 0xE5, 0xAB, 0x31, \ + 0x43, 0xDB, 0x5B, 0xFC, 0xE0, 0xFD, 0x10, 0x8E, \ + 0x4B, 0x82, 0xD1, 0x20, 0xA9, 0x3A, 0xD2, 0xCA, \ + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF } #define MBEDTLS_DHM_RFC3526_MODP_3072_G_BIN { 0x02 } #define MBEDTLS_DHM_RFC3526_MODP_4096_P_BIN { \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34, \ - 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1, \ - 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, \ - 0x02, 0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B, 0x22, \ - 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD, \ - 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, \ - 0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, 0x37, \ - 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45, \ - 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, \ - 0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x37, 0xED, 0x6B, \ - 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED, \ - 0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, \ - 0xAE, 0x9F, 0x24, 0x11, 0x7C, 0x4B, 0x1F, 0xE6, \ - 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D, \ - 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05, \ - 0x98, 0xDA, 0x48, 0x36, 0x1C, 0x55, 0xD3, 0x9A, \ - 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F, \ - 0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, \ - 0x1C, 0x62, 0xF3, 0x56, 0x20, 0x85, 0x52, 0xBB, \ - 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D, \ - 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04, \ - 0xF1, 0x74, 0x6C, 0x08, 0xCA, 0x18, 0x21, 0x7C, \ - 0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B, \ - 0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03, \ - 0x9B, 0x27, 0x83, 0xA2, 0xEC, 0x07, 0xA2, 0x8F, \ - 0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9, \ - 0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18, \ - 0x39, 0x95, 0x49, 0x7C, 0xEA, 0x95, 0x6A, 0xE5, \ - 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10, \ - 0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAA, 0xC4, 0x2D, \ - 0xAD, 0x33, 0x17, 0x0D, 0x04, 0x50, 0x7A, 0x33, \ - 0xA8, 0x55, 0x21, 0xAB, 0xDF, 0x1C, 0xBA, 0x64, \ - 0xEC, 0xFB, 0x85, 0x04, 0x58, 0xDB, 0xEF, 0x0A, \ - 0x8A, 0xEA, 0x71, 0x57, 0x5D, 0x06, 0x0C, 0x7D, \ - 0xB3, 0x97, 0x0F, 0x85, 0xA6, 0xE1, 0xE4, 0xC7, \ - 0xAB, 0xF5, 0xAE, 0x8C, 0xDB, 0x09, 0x33, 0xD7, \ - 0x1E, 0x8C, 0x94, 0xE0, 0x4A, 0x25, 0x61, 0x9D, \ - 0xCE, 0xE3, 0xD2, 0x26, 0x1A, 0xD2, 0xEE, 0x6B, \ - 0xF1, 0x2F, 0xFA, 0x06, 0xD9, 0x8A, 0x08, 0x64, \ - 0xD8, 0x76, 0x02, 0x73, 0x3E, 0xC8, 0x6A, 0x64, \ - 0x52, 0x1F, 0x2B, 0x18, 0x17, 0x7B, 0x20, 0x0C, \ - 0xBB, 0xE1, 0x17, 0x57, 0x7A, 0x61, 0x5D, 0x6C, \ - 0x77, 0x09, 0x88, 0xC0, 0xBA, 0xD9, 0x46, 0xE2, \ - 0x08, 0xE2, 0x4F, 0xA0, 0x74, 0xE5, 0xAB, 0x31, \ - 0x43, 0xDB, 0x5B, 0xFC, 0xE0, 0xFD, 0x10, 0x8E, \ - 0x4B, 0x82, 0xD1, 0x20, 0xA9, 0x21, 0x08, 0x01, \ - 0x1A, 0x72, 0x3C, 0x12, 0xA7, 0x87, 0xE6, 0xD7, \ - 0x88, 0x71, 0x9A, 0x10, 0xBD, 0xBA, 0x5B, 0x26, \ - 0x99, 0xC3, 0x27, 0x18, 0x6A, 0xF4, 0xE2, 0x3C, \ - 0x1A, 0x94, 0x68, 0x34, 0xB6, 0x15, 0x0B, 0xDA, \ - 0x25, 0x83, 0xE9, 0xCA, 0x2A, 0xD4, 0x4C, 0xE8, \ - 0xDB, 0xBB, 0xC2, 0xDB, 0x04, 0xDE, 0x8E, 0xF9, \ - 0x2E, 0x8E, 0xFC, 0x14, 0x1F, 0xBE, 0xCA, 0xA6, \ - 0x28, 0x7C, 0x59, 0x47, 0x4E, 0x6B, 0xC0, 0x5D, \ - 0x99, 0xB2, 0x96, 0x4F, 0xA0, 0x90, 0xC3, 0xA2, \ - 0x23, 0x3B, 0xA1, 0x86, 0x51, 0x5B, 0xE7, 0xED, \ - 0x1F, 0x61, 0x29, 0x70, 0xCE, 0xE2, 0xD7, 0xAF, \ - 0xB8, 0x1B, 0xDD, 0x76, 0x21, 0x70, 0x48, 0x1C, \ - 0xD0, 0x06, 0x91, 0x27, 0xD5, 0xB0, 0x5A, 0xA9, \ - 0x93, 0xB4, 0xEA, 0x98, 0x8D, 0x8F, 0xDD, 0xC1, \ - 0x86, 0xFF, 0xB7, 0xDC, 0x90, 0xA6, 0xC0, 0x8F, \ - 0x4D, 0xF4, 0x35, 0xC9, 0x34, 0x06, 0x31, 0x99, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF } + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ + 0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34, \ + 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1, \ + 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, \ + 0x02, 0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B, 0x22, \ + 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD, \ + 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, \ + 0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, 0x37, \ + 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45, \ + 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, \ + 0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x37, 0xED, 0x6B, \ + 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED, \ + 0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, \ + 0xAE, 0x9F, 0x24, 0x11, 0x7C, 0x4B, 0x1F, 0xE6, \ + 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D, \ + 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05, \ + 0x98, 0xDA, 0x48, 0x36, 0x1C, 0x55, 0xD3, 0x9A, \ + 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F, \ + 0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, \ + 0x1C, 0x62, 0xF3, 0x56, 0x20, 0x85, 0x52, 0xBB, \ + 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D, \ + 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04, \ + 0xF1, 0x74, 0x6C, 0x08, 0xCA, 0x18, 0x21, 0x7C, \ + 0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B, \ + 0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03, \ + 0x9B, 0x27, 0x83, 0xA2, 0xEC, 0x07, 0xA2, 0x8F, \ + 0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9, \ + 0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18, \ + 0x39, 0x95, 0x49, 0x7C, 0xEA, 0x95, 0x6A, 0xE5, \ + 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10, \ + 0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAA, 0xC4, 0x2D, \ + 0xAD, 0x33, 0x17, 0x0D, 0x04, 0x50, 0x7A, 0x33, \ + 0xA8, 0x55, 0x21, 0xAB, 0xDF, 0x1C, 0xBA, 0x64, \ + 0xEC, 0xFB, 0x85, 0x04, 0x58, 0xDB, 0xEF, 0x0A, \ + 0x8A, 0xEA, 0x71, 0x57, 0x5D, 0x06, 0x0C, 0x7D, \ + 0xB3, 0x97, 0x0F, 0x85, 0xA6, 0xE1, 0xE4, 0xC7, \ + 0xAB, 0xF5, 0xAE, 0x8C, 0xDB, 0x09, 0x33, 0xD7, \ + 0x1E, 0x8C, 0x94, 0xE0, 0x4A, 0x25, 0x61, 0x9D, \ + 0xCE, 0xE3, 0xD2, 0x26, 0x1A, 0xD2, 0xEE, 0x6B, \ + 0xF1, 0x2F, 0xFA, 0x06, 0xD9, 0x8A, 0x08, 0x64, \ + 0xD8, 0x76, 0x02, 0x73, 0x3E, 0xC8, 0x6A, 0x64, \ + 0x52, 0x1F, 0x2B, 0x18, 0x17, 0x7B, 0x20, 0x0C, \ + 0xBB, 0xE1, 0x17, 0x57, 0x7A, 0x61, 0x5D, 0x6C, \ + 0x77, 0x09, 0x88, 0xC0, 0xBA, 0xD9, 0x46, 0xE2, \ + 0x08, 0xE2, 0x4F, 0xA0, 0x74, 0xE5, 0xAB, 0x31, \ + 0x43, 0xDB, 0x5B, 0xFC, 0xE0, 0xFD, 0x10, 0x8E, \ + 0x4B, 0x82, 0xD1, 0x20, 0xA9, 0x21, 0x08, 0x01, \ + 0x1A, 0x72, 0x3C, 0x12, 0xA7, 0x87, 0xE6, 0xD7, \ + 0x88, 0x71, 0x9A, 0x10, 0xBD, 0xBA, 0x5B, 0x26, \ + 0x99, 0xC3, 0x27, 0x18, 0x6A, 0xF4, 0xE2, 0x3C, \ + 0x1A, 0x94, 0x68, 0x34, 0xB6, 0x15, 0x0B, 0xDA, \ + 0x25, 0x83, 0xE9, 0xCA, 0x2A, 0xD4, 0x4C, 0xE8, \ + 0xDB, 0xBB, 0xC2, 0xDB, 0x04, 0xDE, 0x8E, 0xF9, \ + 0x2E, 0x8E, 0xFC, 0x14, 0x1F, 0xBE, 0xCA, 0xA6, \ + 0x28, 0x7C, 0x59, 0x47, 0x4E, 0x6B, 0xC0, 0x5D, \ + 0x99, 0xB2, 0x96, 0x4F, 0xA0, 0x90, 0xC3, 0xA2, \ + 0x23, 0x3B, 0xA1, 0x86, 0x51, 0x5B, 0xE7, 0xED, \ + 0x1F, 0x61, 0x29, 0x70, 0xCE, 0xE2, 0xD7, 0xAF, \ + 0xB8, 0x1B, 0xDD, 0x76, 0x21, 0x70, 0x48, 0x1C, \ + 0xD0, 0x06, 0x91, 0x27, 0xD5, 0xB0, 0x5A, 0xA9, \ + 0x93, 0xB4, 0xEA, 0x98, 0x8D, 0x8F, 0xDD, 0xC1, \ + 0x86, 0xFF, 0xB7, 0xDC, 0x90, 0xA6, 0xC0, 0x8F, \ + 0x4D, 0xF4, 0x35, 0xC9, 0x34, 0x06, 0x31, 0x99, \ + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF } #define MBEDTLS_DHM_RFC3526_MODP_4096_G_BIN { 0x02 } #define MBEDTLS_DHM_RFC7919_FFDHE2048_P_BIN { \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xAD, 0xF8, 0x54, 0x58, 0xA2, 0xBB, 0x4A, 0x9A, \ - 0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, 0x3C, 0xF1, \ - 0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95, \ - 0xA9, 0xE1, 0x36, 0x41, 0x14, 0x64, 0x33, 0xFB, \ - 0xCC, 0x93, 0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9, \ - 0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8, \ - 0xF6, 0x81, 0xB2, 0x02, 0xAE, 0xC4, 0x61, 0x7A, \ - 0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61, \ - 0x24, 0x33, 0xF5, 0x1F, 0x5F, 0x06, 0x6E, 0xD0, \ - 0x85, 0x63, 0x65, 0x55, 0x3D, 0xED, 0x1A, 0xF3, \ - 0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35, \ - 0x98, 0x4F, 0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77, \ - 0xE2, 0xA6, 0x89, 0xDA, 0xF3, 0xEF, 0xE8, 0x72, \ - 0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35, \ - 0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A, \ - 0xBC, 0x0A, 0xB1, 0x82, 0xB3, 0x24, 0xFB, 0x61, \ - 0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, 0xFB, \ - 0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68, \ - 0x1D, 0x4F, 0x42, 0xA3, 0xDE, 0x39, 0x4D, 0xF4, \ - 0xAE, 0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19, \ - 0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70, \ - 0x9E, 0x02, 0xFC, 0xE1, 0xCD, 0xF7, 0xE2, 0xEC, \ - 0xC0, 0x34, 0x04, 0xCD, 0x28, 0x34, 0x2F, 0x61, \ - 0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, 0x83, 0xFF, \ - 0x8E, 0x4F, 0x12, 0x32, 0xEE, 0xF2, 0x81, 0x83, \ - 0xC3, 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73, \ - 0x3B, 0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05, \ - 0xC5, 0x8E, 0xF1, 0x83, 0x7D, 0x16, 0x83, 0xB2, \ - 0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA, \ - 0x88, 0x6B, 0x42, 0x38, 0x61, 0x28, 0x5C, 0x97, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, } + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ + 0xAD, 0xF8, 0x54, 0x58, 0xA2, 0xBB, 0x4A, 0x9A, \ + 0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, 0x3C, 0xF1, \ + 0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95, \ + 0xA9, 0xE1, 0x36, 0x41, 0x14, 0x64, 0x33, 0xFB, \ + 0xCC, 0x93, 0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9, \ + 0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8, \ + 0xF6, 0x81, 0xB2, 0x02, 0xAE, 0xC4, 0x61, 0x7A, \ + 0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61, \ + 0x24, 0x33, 0xF5, 0x1F, 0x5F, 0x06, 0x6E, 0xD0, \ + 0x85, 0x63, 0x65, 0x55, 0x3D, 0xED, 0x1A, 0xF3, \ + 0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35, \ + 0x98, 0x4F, 0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77, \ + 0xE2, 0xA6, 0x89, 0xDA, 0xF3, 0xEF, 0xE8, 0x72, \ + 0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35, \ + 0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A, \ + 0xBC, 0x0A, 0xB1, 0x82, 0xB3, 0x24, 0xFB, 0x61, \ + 0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, 0xFB, \ + 0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68, \ + 0x1D, 0x4F, 0x42, 0xA3, 0xDE, 0x39, 0x4D, 0xF4, \ + 0xAE, 0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19, \ + 0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70, \ + 0x9E, 0x02, 0xFC, 0xE1, 0xCD, 0xF7, 0xE2, 0xEC, \ + 0xC0, 0x34, 0x04, 0xCD, 0x28, 0x34, 0x2F, 0x61, \ + 0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, 0x83, 0xFF, \ + 0x8E, 0x4F, 0x12, 0x32, 0xEE, 0xF2, 0x81, 0x83, \ + 0xC3, 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73, \ + 0x3B, 0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05, \ + 0xC5, 0x8E, 0xF1, 0x83, 0x7D, 0x16, 0x83, 0xB2, \ + 0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA, \ + 0x88, 0x6B, 0x42, 0x38, 0x61, 0x28, 0x5C, 0x97, \ + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, } #define MBEDTLS_DHM_RFC7919_FFDHE2048_G_BIN { 0x02 } #define MBEDTLS_DHM_RFC7919_FFDHE3072_P_BIN { \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xAD, 0xF8, 0x54, 0x58, 0xA2, 0xBB, 0x4A, 0x9A, \ - 0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, 0x3C, 0xF1, \ - 0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95, \ - 0xA9, 0xE1, 0x36, 0x41, 0x14, 0x64, 0x33, 0xFB, \ - 0xCC, 0x93, 0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9, \ - 0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8, \ - 0xF6, 0x81, 0xB2, 0x02, 0xAE, 0xC4, 0x61, 0x7A, \ - 0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61, \ - 0x24, 0x33, 0xF5, 0x1F, 0x5F, 0x06, 0x6E, 0xD0, \ - 0x85, 0x63, 0x65, 0x55, 0x3D, 0xED, 0x1A, 0xF3, \ - 0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35, \ - 0x98, 0x4F, 0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77, \ - 0xE2, 0xA6, 0x89, 0xDA, 0xF3, 0xEF, 0xE8, 0x72, \ - 0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35, \ - 0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A, \ - 0xBC, 0x0A, 0xB1, 0x82, 0xB3, 0x24, 0xFB, 0x61, \ - 0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, 0xFB, \ - 0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68, \ - 0x1D, 0x4F, 0x42, 0xA3, 0xDE, 0x39, 0x4D, 0xF4, \ - 0xAE, 0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19, \ - 0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70, \ - 0x9E, 0x02, 0xFC, 0xE1, 0xCD, 0xF7, 0xE2, 0xEC, \ - 0xC0, 0x34, 0x04, 0xCD, 0x28, 0x34, 0x2F, 0x61, \ - 0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, 0x83, 0xFF, \ - 0x8E, 0x4F, 0x12, 0x32, 0xEE, 0xF2, 0x81, 0x83, \ - 0xC3, 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73, \ - 0x3B, 0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05, \ - 0xC5, 0x8E, 0xF1, 0x83, 0x7D, 0x16, 0x83, 0xB2, \ - 0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA, \ - 0x88, 0x6B, 0x42, 0x38, 0x61, 0x1F, 0xCF, 0xDC, \ - 0xDE, 0x35, 0x5B, 0x3B, 0x65, 0x19, 0x03, 0x5B, \ - 0xBC, 0x34, 0xF4, 0xDE, 0xF9, 0x9C, 0x02, 0x38, \ - 0x61, 0xB4, 0x6F, 0xC9, 0xD6, 0xE6, 0xC9, 0x07, \ - 0x7A, 0xD9, 0x1D, 0x26, 0x91, 0xF7, 0xF7, 0xEE, \ - 0x59, 0x8C, 0xB0, 0xFA, 0xC1, 0x86, 0xD9, 0x1C, \ - 0xAE, 0xFE, 0x13, 0x09, 0x85, 0x13, 0x92, 0x70, \ - 0xB4, 0x13, 0x0C, 0x93, 0xBC, 0x43, 0x79, 0x44, \ - 0xF4, 0xFD, 0x44, 0x52, 0xE2, 0xD7, 0x4D, 0xD3, \ - 0x64, 0xF2, 0xE2, 0x1E, 0x71, 0xF5, 0x4B, 0xFF, \ - 0x5C, 0xAE, 0x82, 0xAB, 0x9C, 0x9D, 0xF6, 0x9E, \ - 0xE8, 0x6D, 0x2B, 0xC5, 0x22, 0x36, 0x3A, 0x0D, \ - 0xAB, 0xC5, 0x21, 0x97, 0x9B, 0x0D, 0xEA, 0xDA, \ - 0x1D, 0xBF, 0x9A, 0x42, 0xD5, 0xC4, 0x48, 0x4E, \ - 0x0A, 0xBC, 0xD0, 0x6B, 0xFA, 0x53, 0xDD, 0xEF, \ - 0x3C, 0x1B, 0x20, 0xEE, 0x3F, 0xD5, 0x9D, 0x7C, \ - 0x25, 0xE4, 0x1D, 0x2B, 0x66, 0xC6, 0x2E, 0x37, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF } + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ + 0xAD, 0xF8, 0x54, 0x58, 0xA2, 0xBB, 0x4A, 0x9A, \ + 0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, 0x3C, 0xF1, \ + 0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95, \ + 0xA9, 0xE1, 0x36, 0x41, 0x14, 0x64, 0x33, 0xFB, \ + 0xCC, 0x93, 0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9, \ + 0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8, \ + 0xF6, 0x81, 0xB2, 0x02, 0xAE, 0xC4, 0x61, 0x7A, \ + 0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61, \ + 0x24, 0x33, 0xF5, 0x1F, 0x5F, 0x06, 0x6E, 0xD0, \ + 0x85, 0x63, 0x65, 0x55, 0x3D, 0xED, 0x1A, 0xF3, \ + 0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35, \ + 0x98, 0x4F, 0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77, \ + 0xE2, 0xA6, 0x89, 0xDA, 0xF3, 0xEF, 0xE8, 0x72, \ + 0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35, \ + 0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A, \ + 0xBC, 0x0A, 0xB1, 0x82, 0xB3, 0x24, 0xFB, 0x61, \ + 0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, 0xFB, \ + 0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68, \ + 0x1D, 0x4F, 0x42, 0xA3, 0xDE, 0x39, 0x4D, 0xF4, \ + 0xAE, 0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19, \ + 0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70, \ + 0x9E, 0x02, 0xFC, 0xE1, 0xCD, 0xF7, 0xE2, 0xEC, \ + 0xC0, 0x34, 0x04, 0xCD, 0x28, 0x34, 0x2F, 0x61, \ + 0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, 0x83, 0xFF, \ + 0x8E, 0x4F, 0x12, 0x32, 0xEE, 0xF2, 0x81, 0x83, \ + 0xC3, 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73, \ + 0x3B, 0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05, \ + 0xC5, 0x8E, 0xF1, 0x83, 0x7D, 0x16, 0x83, 0xB2, \ + 0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA, \ + 0x88, 0x6B, 0x42, 0x38, 0x61, 0x1F, 0xCF, 0xDC, \ + 0xDE, 0x35, 0x5B, 0x3B, 0x65, 0x19, 0x03, 0x5B, \ + 0xBC, 0x34, 0xF4, 0xDE, 0xF9, 0x9C, 0x02, 0x38, \ + 0x61, 0xB4, 0x6F, 0xC9, 0xD6, 0xE6, 0xC9, 0x07, \ + 0x7A, 0xD9, 0x1D, 0x26, 0x91, 0xF7, 0xF7, 0xEE, \ + 0x59, 0x8C, 0xB0, 0xFA, 0xC1, 0x86, 0xD9, 0x1C, \ + 0xAE, 0xFE, 0x13, 0x09, 0x85, 0x13, 0x92, 0x70, \ + 0xB4, 0x13, 0x0C, 0x93, 0xBC, 0x43, 0x79, 0x44, \ + 0xF4, 0xFD, 0x44, 0x52, 0xE2, 0xD7, 0x4D, 0xD3, \ + 0x64, 0xF2, 0xE2, 0x1E, 0x71, 0xF5, 0x4B, 0xFF, \ + 0x5C, 0xAE, 0x82, 0xAB, 0x9C, 0x9D, 0xF6, 0x9E, \ + 0xE8, 0x6D, 0x2B, 0xC5, 0x22, 0x36, 0x3A, 0x0D, \ + 0xAB, 0xC5, 0x21, 0x97, 0x9B, 0x0D, 0xEA, 0xDA, \ + 0x1D, 0xBF, 0x9A, 0x42, 0xD5, 0xC4, 0x48, 0x4E, \ + 0x0A, 0xBC, 0xD0, 0x6B, 0xFA, 0x53, 0xDD, 0xEF, \ + 0x3C, 0x1B, 0x20, 0xEE, 0x3F, 0xD5, 0x9D, 0x7C, \ + 0x25, 0xE4, 0x1D, 0x2B, 0x66, 0xC6, 0x2E, 0x37, \ + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF } #define MBEDTLS_DHM_RFC7919_FFDHE3072_G_BIN { 0x02 } #define MBEDTLS_DHM_RFC7919_FFDHE4096_P_BIN { \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xAD, 0xF8, 0x54, 0x58, 0xA2, 0xBB, 0x4A, 0x9A, \ - 0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, 0x3C, 0xF1, \ - 0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95, \ - 0xA9, 0xE1, 0x36, 0x41, 0x14, 0x64, 0x33, 0xFB, \ - 0xCC, 0x93, 0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9, \ - 0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8, \ - 0xF6, 0x81, 0xB2, 0x02, 0xAE, 0xC4, 0x61, 0x7A, \ - 0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61, \ - 0x24, 0x33, 0xF5, 0x1F, 0x5F, 0x06, 0x6E, 0xD0, \ - 0x85, 0x63, 0x65, 0x55, 0x3D, 0xED, 0x1A, 0xF3, \ - 0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35, \ - 0x98, 0x4F, 0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77, \ - 0xE2, 0xA6, 0x89, 0xDA, 0xF3, 0xEF, 0xE8, 0x72, \ - 0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35, \ - 0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A, \ - 0xBC, 0x0A, 0xB1, 0x82, 0xB3, 0x24, 0xFB, 0x61, \ - 0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, 0xFB, \ - 0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68, \ - 0x1D, 0x4F, 0x42, 0xA3, 0xDE, 0x39, 0x4D, 0xF4, \ - 0xAE, 0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19, \ - 0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70, \ - 0x9E, 0x02, 0xFC, 0xE1, 0xCD, 0xF7, 0xE2, 0xEC, \ - 0xC0, 0x34, 0x04, 0xCD, 0x28, 0x34, 0x2F, 0x61, \ - 0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, 0x83, 0xFF, \ - 0x8E, 0x4F, 0x12, 0x32, 0xEE, 0xF2, 0x81, 0x83, \ - 0xC3, 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73, \ - 0x3B, 0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05, \ - 0xC5, 0x8E, 0xF1, 0x83, 0x7D, 0x16, 0x83, 0xB2, \ - 0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA, \ - 0x88, 0x6B, 0x42, 0x38, 0x61, 0x1F, 0xCF, 0xDC, \ - 0xDE, 0x35, 0x5B, 0x3B, 0x65, 0x19, 0x03, 0x5B, \ - 0xBC, 0x34, 0xF4, 0xDE, 0xF9, 0x9C, 0x02, 0x38, \ - 0x61, 0xB4, 0x6F, 0xC9, 0xD6, 0xE6, 0xC9, 0x07, \ - 0x7A, 0xD9, 0x1D, 0x26, 0x91, 0xF7, 0xF7, 0xEE, \ - 0x59, 0x8C, 0xB0, 0xFA, 0xC1, 0x86, 0xD9, 0x1C, \ - 0xAE, 0xFE, 0x13, 0x09, 0x85, 0x13, 0x92, 0x70, \ - 0xB4, 0x13, 0x0C, 0x93, 0xBC, 0x43, 0x79, 0x44, \ - 0xF4, 0xFD, 0x44, 0x52, 0xE2, 0xD7, 0x4D, 0xD3, \ - 0x64, 0xF2, 0xE2, 0x1E, 0x71, 0xF5, 0x4B, 0xFF, \ - 0x5C, 0xAE, 0x82, 0xAB, 0x9C, 0x9D, 0xF6, 0x9E, \ - 0xE8, 0x6D, 0x2B, 0xC5, 0x22, 0x36, 0x3A, 0x0D, \ - 0xAB, 0xC5, 0x21, 0x97, 0x9B, 0x0D, 0xEA, 0xDA, \ - 0x1D, 0xBF, 0x9A, 0x42, 0xD5, 0xC4, 0x48, 0x4E, \ - 0x0A, 0xBC, 0xD0, 0x6B, 0xFA, 0x53, 0xDD, 0xEF, \ - 0x3C, 0x1B, 0x20, 0xEE, 0x3F, 0xD5, 0x9D, 0x7C, \ - 0x25, 0xE4, 0x1D, 0x2B, 0x66, 0x9E, 0x1E, 0xF1, \ - 0x6E, 0x6F, 0x52, 0xC3, 0x16, 0x4D, 0xF4, 0xFB, \ - 0x79, 0x30, 0xE9, 0xE4, 0xE5, 0x88, 0x57, 0xB6, \ - 0xAC, 0x7D, 0x5F, 0x42, 0xD6, 0x9F, 0x6D, 0x18, \ - 0x77, 0x63, 0xCF, 0x1D, 0x55, 0x03, 0x40, 0x04, \ - 0x87, 0xF5, 0x5B, 0xA5, 0x7E, 0x31, 0xCC, 0x7A, \ - 0x71, 0x35, 0xC8, 0x86, 0xEF, 0xB4, 0x31, 0x8A, \ - 0xED, 0x6A, 0x1E, 0x01, 0x2D, 0x9E, 0x68, 0x32, \ - 0xA9, 0x07, 0x60, 0x0A, 0x91, 0x81, 0x30, 0xC4, \ - 0x6D, 0xC7, 0x78, 0xF9, 0x71, 0xAD, 0x00, 0x38, \ - 0x09, 0x29, 0x99, 0xA3, 0x33, 0xCB, 0x8B, 0x7A, \ - 0x1A, 0x1D, 0xB9, 0x3D, 0x71, 0x40, 0x00, 0x3C, \ - 0x2A, 0x4E, 0xCE, 0xA9, 0xF9, 0x8D, 0x0A, 0xCC, \ - 0x0A, 0x82, 0x91, 0xCD, 0xCE, 0xC9, 0x7D, 0xCF, \ - 0x8E, 0xC9, 0xB5, 0x5A, 0x7F, 0x88, 0xA4, 0x6B, \ - 0x4D, 0xB5, 0xA8, 0x51, 0xF4, 0x41, 0x82, 0xE1, \ - 0xC6, 0x8A, 0x00, 0x7E, 0x5E, 0x65, 0x5F, 0x6A, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF } + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ + 0xAD, 0xF8, 0x54, 0x58, 0xA2, 0xBB, 0x4A, 0x9A, \ + 0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, 0x3C, 0xF1, \ + 0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95, \ + 0xA9, 0xE1, 0x36, 0x41, 0x14, 0x64, 0x33, 0xFB, \ + 0xCC, 0x93, 0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9, \ + 0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8, \ + 0xF6, 0x81, 0xB2, 0x02, 0xAE, 0xC4, 0x61, 0x7A, \ + 0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61, \ + 0x24, 0x33, 0xF5, 0x1F, 0x5F, 0x06, 0x6E, 0xD0, \ + 0x85, 0x63, 0x65, 0x55, 0x3D, 0xED, 0x1A, 0xF3, \ + 0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35, \ + 0x98, 0x4F, 0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77, \ + 0xE2, 0xA6, 0x89, 0xDA, 0xF3, 0xEF, 0xE8, 0x72, \ + 0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35, \ + 0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A, \ + 0xBC, 0x0A, 0xB1, 0x82, 0xB3, 0x24, 0xFB, 0x61, \ + 0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, 0xFB, \ + 0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68, \ + 0x1D, 0x4F, 0x42, 0xA3, 0xDE, 0x39, 0x4D, 0xF4, \ + 0xAE, 0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19, \ + 0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70, \ + 0x9E, 0x02, 0xFC, 0xE1, 0xCD, 0xF7, 0xE2, 0xEC, \ + 0xC0, 0x34, 0x04, 0xCD, 0x28, 0x34, 0x2F, 0x61, \ + 0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, 0x83, 0xFF, \ + 0x8E, 0x4F, 0x12, 0x32, 0xEE, 0xF2, 0x81, 0x83, \ + 0xC3, 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73, \ + 0x3B, 0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05, \ + 0xC5, 0x8E, 0xF1, 0x83, 0x7D, 0x16, 0x83, 0xB2, \ + 0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA, \ + 0x88, 0x6B, 0x42, 0x38, 0x61, 0x1F, 0xCF, 0xDC, \ + 0xDE, 0x35, 0x5B, 0x3B, 0x65, 0x19, 0x03, 0x5B, \ + 0xBC, 0x34, 0xF4, 0xDE, 0xF9, 0x9C, 0x02, 0x38, \ + 0x61, 0xB4, 0x6F, 0xC9, 0xD6, 0xE6, 0xC9, 0x07, \ + 0x7A, 0xD9, 0x1D, 0x26, 0x91, 0xF7, 0xF7, 0xEE, \ + 0x59, 0x8C, 0xB0, 0xFA, 0xC1, 0x86, 0xD9, 0x1C, \ + 0xAE, 0xFE, 0x13, 0x09, 0x85, 0x13, 0x92, 0x70, \ + 0xB4, 0x13, 0x0C, 0x93, 0xBC, 0x43, 0x79, 0x44, \ + 0xF4, 0xFD, 0x44, 0x52, 0xE2, 0xD7, 0x4D, 0xD3, \ + 0x64, 0xF2, 0xE2, 0x1E, 0x71, 0xF5, 0x4B, 0xFF, \ + 0x5C, 0xAE, 0x82, 0xAB, 0x9C, 0x9D, 0xF6, 0x9E, \ + 0xE8, 0x6D, 0x2B, 0xC5, 0x22, 0x36, 0x3A, 0x0D, \ + 0xAB, 0xC5, 0x21, 0x97, 0x9B, 0x0D, 0xEA, 0xDA, \ + 0x1D, 0xBF, 0x9A, 0x42, 0xD5, 0xC4, 0x48, 0x4E, \ + 0x0A, 0xBC, 0xD0, 0x6B, 0xFA, 0x53, 0xDD, 0xEF, \ + 0x3C, 0x1B, 0x20, 0xEE, 0x3F, 0xD5, 0x9D, 0x7C, \ + 0x25, 0xE4, 0x1D, 0x2B, 0x66, 0x9E, 0x1E, 0xF1, \ + 0x6E, 0x6F, 0x52, 0xC3, 0x16, 0x4D, 0xF4, 0xFB, \ + 0x79, 0x30, 0xE9, 0xE4, 0xE5, 0x88, 0x57, 0xB6, \ + 0xAC, 0x7D, 0x5F, 0x42, 0xD6, 0x9F, 0x6D, 0x18, \ + 0x77, 0x63, 0xCF, 0x1D, 0x55, 0x03, 0x40, 0x04, \ + 0x87, 0xF5, 0x5B, 0xA5, 0x7E, 0x31, 0xCC, 0x7A, \ + 0x71, 0x35, 0xC8, 0x86, 0xEF, 0xB4, 0x31, 0x8A, \ + 0xED, 0x6A, 0x1E, 0x01, 0x2D, 0x9E, 0x68, 0x32, \ + 0xA9, 0x07, 0x60, 0x0A, 0x91, 0x81, 0x30, 0xC4, \ + 0x6D, 0xC7, 0x78, 0xF9, 0x71, 0xAD, 0x00, 0x38, \ + 0x09, 0x29, 0x99, 0xA3, 0x33, 0xCB, 0x8B, 0x7A, \ + 0x1A, 0x1D, 0xB9, 0x3D, 0x71, 0x40, 0x00, 0x3C, \ + 0x2A, 0x4E, 0xCE, 0xA9, 0xF9, 0x8D, 0x0A, 0xCC, \ + 0x0A, 0x82, 0x91, 0xCD, 0xCE, 0xC9, 0x7D, 0xCF, \ + 0x8E, 0xC9, 0xB5, 0x5A, 0x7F, 0x88, 0xA4, 0x6B, \ + 0x4D, 0xB5, 0xA8, 0x51, 0xF4, 0x41, 0x82, 0xE1, \ + 0xC6, 0x8A, 0x00, 0x7E, 0x5E, 0x65, 0x5F, 0x6A, \ + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF } #define MBEDTLS_DHM_RFC7919_FFDHE4096_G_BIN { 0x02 } #define MBEDTLS_DHM_RFC7919_FFDHE6144_P_BIN { \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xAD, 0xF8, 0x54, 0x58, 0xA2, 0xBB, 0x4A, 0x9A, \ - 0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, 0x3C, 0xF1, \ - 0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95, \ - 0xA9, 0xE1, 0x36, 0x41, 0x14, 0x64, 0x33, 0xFB, \ - 0xCC, 0x93, 0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9, \ - 0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8, \ - 0xF6, 0x81, 0xB2, 0x02, 0xAE, 0xC4, 0x61, 0x7A, \ - 0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61, \ - 0x24, 0x33, 0xF5, 0x1F, 0x5F, 0x06, 0x6E, 0xD0, \ - 0x85, 0x63, 0x65, 0x55, 0x3D, 0xED, 0x1A, 0xF3, \ - 0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35, \ - 0x98, 0x4F, 0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77, \ - 0xE2, 0xA6, 0x89, 0xDA, 0xF3, 0xEF, 0xE8, 0x72, \ - 0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35, \ - 0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A, \ - 0xBC, 0x0A, 0xB1, 0x82, 0xB3, 0x24, 0xFB, 0x61, \ - 0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, 0xFB, \ - 0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68, \ - 0x1D, 0x4F, 0x42, 0xA3, 0xDE, 0x39, 0x4D, 0xF4, \ - 0xAE, 0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19, \ - 0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70, \ - 0x9E, 0x02, 0xFC, 0xE1, 0xCD, 0xF7, 0xE2, 0xEC, \ - 0xC0, 0x34, 0x04, 0xCD, 0x28, 0x34, 0x2F, 0x61, \ - 0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, 0x83, 0xFF, \ - 0x8E, 0x4F, 0x12, 0x32, 0xEE, 0xF2, 0x81, 0x83, \ - 0xC3, 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73, \ - 0x3B, 0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05, \ - 0xC5, 0x8E, 0xF1, 0x83, 0x7D, 0x16, 0x83, 0xB2, \ - 0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA, \ - 0x88, 0x6B, 0x42, 0x38, 0x61, 0x1F, 0xCF, 0xDC, \ - 0xDE, 0x35, 0x5B, 0x3B, 0x65, 0x19, 0x03, 0x5B, \ - 0xBC, 0x34, 0xF4, 0xDE, 0xF9, 0x9C, 0x02, 0x38, \ - 0x61, 0xB4, 0x6F, 0xC9, 0xD6, 0xE6, 0xC9, 0x07, \ - 0x7A, 0xD9, 0x1D, 0x26, 0x91, 0xF7, 0xF7, 0xEE, \ - 0x59, 0x8C, 0xB0, 0xFA, 0xC1, 0x86, 0xD9, 0x1C, \ - 0xAE, 0xFE, 0x13, 0x09, 0x85, 0x13, 0x92, 0x70, \ - 0xB4, 0x13, 0x0C, 0x93, 0xBC, 0x43, 0x79, 0x44, \ - 0xF4, 0xFD, 0x44, 0x52, 0xE2, 0xD7, 0x4D, 0xD3, \ - 0x64, 0xF2, 0xE2, 0x1E, 0x71, 0xF5, 0x4B, 0xFF, \ - 0x5C, 0xAE, 0x82, 0xAB, 0x9C, 0x9D, 0xF6, 0x9E, \ - 0xE8, 0x6D, 0x2B, 0xC5, 0x22, 0x36, 0x3A, 0x0D, \ - 0xAB, 0xC5, 0x21, 0x97, 0x9B, 0x0D, 0xEA, 0xDA, \ - 0x1D, 0xBF, 0x9A, 0x42, 0xD5, 0xC4, 0x48, 0x4E, \ - 0x0A, 0xBC, 0xD0, 0x6B, 0xFA, 0x53, 0xDD, 0xEF, \ - 0x3C, 0x1B, 0x20, 0xEE, 0x3F, 0xD5, 0x9D, 0x7C, \ - 0x25, 0xE4, 0x1D, 0x2B, 0x66, 0x9E, 0x1E, 0xF1, \ - 0x6E, 0x6F, 0x52, 0xC3, 0x16, 0x4D, 0xF4, 0xFB, \ - 0x79, 0x30, 0xE9, 0xE4, 0xE5, 0x88, 0x57, 0xB6, \ - 0xAC, 0x7D, 0x5F, 0x42, 0xD6, 0x9F, 0x6D, 0x18, \ - 0x77, 0x63, 0xCF, 0x1D, 0x55, 0x03, 0x40, 0x04, \ - 0x87, 0xF5, 0x5B, 0xA5, 0x7E, 0x31, 0xCC, 0x7A, \ - 0x71, 0x35, 0xC8, 0x86, 0xEF, 0xB4, 0x31, 0x8A, \ - 0xED, 0x6A, 0x1E, 0x01, 0x2D, 0x9E, 0x68, 0x32, \ - 0xA9, 0x07, 0x60, 0x0A, 0x91, 0x81, 0x30, 0xC4, \ - 0x6D, 0xC7, 0x78, 0xF9, 0x71, 0xAD, 0x00, 0x38, \ - 0x09, 0x29, 0x99, 0xA3, 0x33, 0xCB, 0x8B, 0x7A, \ - 0x1A, 0x1D, 0xB9, 0x3D, 0x71, 0x40, 0x00, 0x3C, \ - 0x2A, 0x4E, 0xCE, 0xA9, 0xF9, 0x8D, 0x0A, 0xCC, \ - 0x0A, 0x82, 0x91, 0xCD, 0xCE, 0xC9, 0x7D, 0xCF, \ - 0x8E, 0xC9, 0xB5, 0x5A, 0x7F, 0x88, 0xA4, 0x6B, \ - 0x4D, 0xB5, 0xA8, 0x51, 0xF4, 0x41, 0x82, 0xE1, \ - 0xC6, 0x8A, 0x00, 0x7E, 0x5E, 0x0D, 0xD9, 0x02, \ - 0x0B, 0xFD, 0x64, 0xB6, 0x45, 0x03, 0x6C, 0x7A, \ - 0x4E, 0x67, 0x7D, 0x2C, 0x38, 0x53, 0x2A, 0x3A, \ - 0x23, 0xBA, 0x44, 0x42, 0xCA, 0xF5, 0x3E, 0xA6, \ - 0x3B, 0xB4, 0x54, 0x32, 0x9B, 0x76, 0x24, 0xC8, \ - 0x91, 0x7B, 0xDD, 0x64, 0xB1, 0xC0, 0xFD, 0x4C, \ - 0xB3, 0x8E, 0x8C, 0x33, 0x4C, 0x70, 0x1C, 0x3A, \ - 0xCD, 0xAD, 0x06, 0x57, 0xFC, 0xCF, 0xEC, 0x71, \ - 0x9B, 0x1F, 0x5C, 0x3E, 0x4E, 0x46, 0x04, 0x1F, \ - 0x38, 0x81, 0x47, 0xFB, 0x4C, 0xFD, 0xB4, 0x77, \ - 0xA5, 0x24, 0x71, 0xF7, 0xA9, 0xA9, 0x69, 0x10, \ - 0xB8, 0x55, 0x32, 0x2E, 0xDB, 0x63, 0x40, 0xD8, \ - 0xA0, 0x0E, 0xF0, 0x92, 0x35, 0x05, 0x11, 0xE3, \ - 0x0A, 0xBE, 0xC1, 0xFF, 0xF9, 0xE3, 0xA2, 0x6E, \ - 0x7F, 0xB2, 0x9F, 0x8C, 0x18, 0x30, 0x23, 0xC3, \ - 0x58, 0x7E, 0x38, 0xDA, 0x00, 0x77, 0xD9, 0xB4, \ - 0x76, 0x3E, 0x4E, 0x4B, 0x94, 0xB2, 0xBB, 0xC1, \ - 0x94, 0xC6, 0x65, 0x1E, 0x77, 0xCA, 0xF9, 0x92, \ - 0xEE, 0xAA, 0xC0, 0x23, 0x2A, 0x28, 0x1B, 0xF6, \ - 0xB3, 0xA7, 0x39, 0xC1, 0x22, 0x61, 0x16, 0x82, \ - 0x0A, 0xE8, 0xDB, 0x58, 0x47, 0xA6, 0x7C, 0xBE, \ - 0xF9, 0xC9, 0x09, 0x1B, 0x46, 0x2D, 0x53, 0x8C, \ - 0xD7, 0x2B, 0x03, 0x74, 0x6A, 0xE7, 0x7F, 0x5E, \ - 0x62, 0x29, 0x2C, 0x31, 0x15, 0x62, 0xA8, 0x46, \ - 0x50, 0x5D, 0xC8, 0x2D, 0xB8, 0x54, 0x33, 0x8A, \ - 0xE4, 0x9F, 0x52, 0x35, 0xC9, 0x5B, 0x91, 0x17, \ - 0x8C, 0xCF, 0x2D, 0xD5, 0xCA, 0xCE, 0xF4, 0x03, \ - 0xEC, 0x9D, 0x18, 0x10, 0xC6, 0x27, 0x2B, 0x04, \ - 0x5B, 0x3B, 0x71, 0xF9, 0xDC, 0x6B, 0x80, 0xD6, \ - 0x3F, 0xDD, 0x4A, 0x8E, 0x9A, 0xDB, 0x1E, 0x69, \ - 0x62, 0xA6, 0x95, 0x26, 0xD4, 0x31, 0x61, 0xC1, \ - 0xA4, 0x1D, 0x57, 0x0D, 0x79, 0x38, 0xDA, 0xD4, \ - 0xA4, 0x0E, 0x32, 0x9C, 0xD0, 0xE4, 0x0E, 0x65, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF } + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ + 0xAD, 0xF8, 0x54, 0x58, 0xA2, 0xBB, 0x4A, 0x9A, \ + 0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, 0x3C, 0xF1, \ + 0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95, \ + 0xA9, 0xE1, 0x36, 0x41, 0x14, 0x64, 0x33, 0xFB, \ + 0xCC, 0x93, 0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9, \ + 0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8, \ + 0xF6, 0x81, 0xB2, 0x02, 0xAE, 0xC4, 0x61, 0x7A, \ + 0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61, \ + 0x24, 0x33, 0xF5, 0x1F, 0x5F, 0x06, 0x6E, 0xD0, \ + 0x85, 0x63, 0x65, 0x55, 0x3D, 0xED, 0x1A, 0xF3, \ + 0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35, \ + 0x98, 0x4F, 0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77, \ + 0xE2, 0xA6, 0x89, 0xDA, 0xF3, 0xEF, 0xE8, 0x72, \ + 0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35, \ + 0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A, \ + 0xBC, 0x0A, 0xB1, 0x82, 0xB3, 0x24, 0xFB, 0x61, \ + 0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, 0xFB, \ + 0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68, \ + 0x1D, 0x4F, 0x42, 0xA3, 0xDE, 0x39, 0x4D, 0xF4, \ + 0xAE, 0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19, \ + 0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70, \ + 0x9E, 0x02, 0xFC, 0xE1, 0xCD, 0xF7, 0xE2, 0xEC, \ + 0xC0, 0x34, 0x04, 0xCD, 0x28, 0x34, 0x2F, 0x61, \ + 0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, 0x83, 0xFF, \ + 0x8E, 0x4F, 0x12, 0x32, 0xEE, 0xF2, 0x81, 0x83, \ + 0xC3, 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73, \ + 0x3B, 0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05, \ + 0xC5, 0x8E, 0xF1, 0x83, 0x7D, 0x16, 0x83, 0xB2, \ + 0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA, \ + 0x88, 0x6B, 0x42, 0x38, 0x61, 0x1F, 0xCF, 0xDC, \ + 0xDE, 0x35, 0x5B, 0x3B, 0x65, 0x19, 0x03, 0x5B, \ + 0xBC, 0x34, 0xF4, 0xDE, 0xF9, 0x9C, 0x02, 0x38, \ + 0x61, 0xB4, 0x6F, 0xC9, 0xD6, 0xE6, 0xC9, 0x07, \ + 0x7A, 0xD9, 0x1D, 0x26, 0x91, 0xF7, 0xF7, 0xEE, \ + 0x59, 0x8C, 0xB0, 0xFA, 0xC1, 0x86, 0xD9, 0x1C, \ + 0xAE, 0xFE, 0x13, 0x09, 0x85, 0x13, 0x92, 0x70, \ + 0xB4, 0x13, 0x0C, 0x93, 0xBC, 0x43, 0x79, 0x44, \ + 0xF4, 0xFD, 0x44, 0x52, 0xE2, 0xD7, 0x4D, 0xD3, \ + 0x64, 0xF2, 0xE2, 0x1E, 0x71, 0xF5, 0x4B, 0xFF, \ + 0x5C, 0xAE, 0x82, 0xAB, 0x9C, 0x9D, 0xF6, 0x9E, \ + 0xE8, 0x6D, 0x2B, 0xC5, 0x22, 0x36, 0x3A, 0x0D, \ + 0xAB, 0xC5, 0x21, 0x97, 0x9B, 0x0D, 0xEA, 0xDA, \ + 0x1D, 0xBF, 0x9A, 0x42, 0xD5, 0xC4, 0x48, 0x4E, \ + 0x0A, 0xBC, 0xD0, 0x6B, 0xFA, 0x53, 0xDD, 0xEF, \ + 0x3C, 0x1B, 0x20, 0xEE, 0x3F, 0xD5, 0x9D, 0x7C, \ + 0x25, 0xE4, 0x1D, 0x2B, 0x66, 0x9E, 0x1E, 0xF1, \ + 0x6E, 0x6F, 0x52, 0xC3, 0x16, 0x4D, 0xF4, 0xFB, \ + 0x79, 0x30, 0xE9, 0xE4, 0xE5, 0x88, 0x57, 0xB6, \ + 0xAC, 0x7D, 0x5F, 0x42, 0xD6, 0x9F, 0x6D, 0x18, \ + 0x77, 0x63, 0xCF, 0x1D, 0x55, 0x03, 0x40, 0x04, \ + 0x87, 0xF5, 0x5B, 0xA5, 0x7E, 0x31, 0xCC, 0x7A, \ + 0x71, 0x35, 0xC8, 0x86, 0xEF, 0xB4, 0x31, 0x8A, \ + 0xED, 0x6A, 0x1E, 0x01, 0x2D, 0x9E, 0x68, 0x32, \ + 0xA9, 0x07, 0x60, 0x0A, 0x91, 0x81, 0x30, 0xC4, \ + 0x6D, 0xC7, 0x78, 0xF9, 0x71, 0xAD, 0x00, 0x38, \ + 0x09, 0x29, 0x99, 0xA3, 0x33, 0xCB, 0x8B, 0x7A, \ + 0x1A, 0x1D, 0xB9, 0x3D, 0x71, 0x40, 0x00, 0x3C, \ + 0x2A, 0x4E, 0xCE, 0xA9, 0xF9, 0x8D, 0x0A, 0xCC, \ + 0x0A, 0x82, 0x91, 0xCD, 0xCE, 0xC9, 0x7D, 0xCF, \ + 0x8E, 0xC9, 0xB5, 0x5A, 0x7F, 0x88, 0xA4, 0x6B, \ + 0x4D, 0xB5, 0xA8, 0x51, 0xF4, 0x41, 0x82, 0xE1, \ + 0xC6, 0x8A, 0x00, 0x7E, 0x5E, 0x0D, 0xD9, 0x02, \ + 0x0B, 0xFD, 0x64, 0xB6, 0x45, 0x03, 0x6C, 0x7A, \ + 0x4E, 0x67, 0x7D, 0x2C, 0x38, 0x53, 0x2A, 0x3A, \ + 0x23, 0xBA, 0x44, 0x42, 0xCA, 0xF5, 0x3E, 0xA6, \ + 0x3B, 0xB4, 0x54, 0x32, 0x9B, 0x76, 0x24, 0xC8, \ + 0x91, 0x7B, 0xDD, 0x64, 0xB1, 0xC0, 0xFD, 0x4C, \ + 0xB3, 0x8E, 0x8C, 0x33, 0x4C, 0x70, 0x1C, 0x3A, \ + 0xCD, 0xAD, 0x06, 0x57, 0xFC, 0xCF, 0xEC, 0x71, \ + 0x9B, 0x1F, 0x5C, 0x3E, 0x4E, 0x46, 0x04, 0x1F, \ + 0x38, 0x81, 0x47, 0xFB, 0x4C, 0xFD, 0xB4, 0x77, \ + 0xA5, 0x24, 0x71, 0xF7, 0xA9, 0xA9, 0x69, 0x10, \ + 0xB8, 0x55, 0x32, 0x2E, 0xDB, 0x63, 0x40, 0xD8, \ + 0xA0, 0x0E, 0xF0, 0x92, 0x35, 0x05, 0x11, 0xE3, \ + 0x0A, 0xBE, 0xC1, 0xFF, 0xF9, 0xE3, 0xA2, 0x6E, \ + 0x7F, 0xB2, 0x9F, 0x8C, 0x18, 0x30, 0x23, 0xC3, \ + 0x58, 0x7E, 0x38, 0xDA, 0x00, 0x77, 0xD9, 0xB4, \ + 0x76, 0x3E, 0x4E, 0x4B, 0x94, 0xB2, 0xBB, 0xC1, \ + 0x94, 0xC6, 0x65, 0x1E, 0x77, 0xCA, 0xF9, 0x92, \ + 0xEE, 0xAA, 0xC0, 0x23, 0x2A, 0x28, 0x1B, 0xF6, \ + 0xB3, 0xA7, 0x39, 0xC1, 0x22, 0x61, 0x16, 0x82, \ + 0x0A, 0xE8, 0xDB, 0x58, 0x47, 0xA6, 0x7C, 0xBE, \ + 0xF9, 0xC9, 0x09, 0x1B, 0x46, 0x2D, 0x53, 0x8C, \ + 0xD7, 0x2B, 0x03, 0x74, 0x6A, 0xE7, 0x7F, 0x5E, \ + 0x62, 0x29, 0x2C, 0x31, 0x15, 0x62, 0xA8, 0x46, \ + 0x50, 0x5D, 0xC8, 0x2D, 0xB8, 0x54, 0x33, 0x8A, \ + 0xE4, 0x9F, 0x52, 0x35, 0xC9, 0x5B, 0x91, 0x17, \ + 0x8C, 0xCF, 0x2D, 0xD5, 0xCA, 0xCE, 0xF4, 0x03, \ + 0xEC, 0x9D, 0x18, 0x10, 0xC6, 0x27, 0x2B, 0x04, \ + 0x5B, 0x3B, 0x71, 0xF9, 0xDC, 0x6B, 0x80, 0xD6, \ + 0x3F, 0xDD, 0x4A, 0x8E, 0x9A, 0xDB, 0x1E, 0x69, \ + 0x62, 0xA6, 0x95, 0x26, 0xD4, 0x31, 0x61, 0xC1, \ + 0xA4, 0x1D, 0x57, 0x0D, 0x79, 0x38, 0xDA, 0xD4, \ + 0xA4, 0x0E, 0x32, 0x9C, 0xD0, 0xE4, 0x0E, 0x65, \ + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF } #define MBEDTLS_DHM_RFC7919_FFDHE6144_G_BIN { 0x02 } #define MBEDTLS_DHM_RFC7919_FFDHE8192_P_BIN { \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xAD, 0xF8, 0x54, 0x58, 0xA2, 0xBB, 0x4A, 0x9A, \ - 0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, 0x3C, 0xF1, \ - 0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95, \ - 0xA9, 0xE1, 0x36, 0x41, 0x14, 0x64, 0x33, 0xFB, \ - 0xCC, 0x93, 0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9, \ - 0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8, \ - 0xF6, 0x81, 0xB2, 0x02, 0xAE, 0xC4, 0x61, 0x7A, \ - 0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61, \ - 0x24, 0x33, 0xF5, 0x1F, 0x5F, 0x06, 0x6E, 0xD0, \ - 0x85, 0x63, 0x65, 0x55, 0x3D, 0xED, 0x1A, 0xF3, \ - 0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35, \ - 0x98, 0x4F, 0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77, \ - 0xE2, 0xA6, 0x89, 0xDA, 0xF3, 0xEF, 0xE8, 0x72, \ - 0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35, \ - 0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A, \ - 0xBC, 0x0A, 0xB1, 0x82, 0xB3, 0x24, 0xFB, 0x61, \ - 0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, 0xFB, \ - 0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68, \ - 0x1D, 0x4F, 0x42, 0xA3, 0xDE, 0x39, 0x4D, 0xF4, \ - 0xAE, 0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19, \ - 0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70, \ - 0x9E, 0x02, 0xFC, 0xE1, 0xCD, 0xF7, 0xE2, 0xEC, \ - 0xC0, 0x34, 0x04, 0xCD, 0x28, 0x34, 0x2F, 0x61, \ - 0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, 0x83, 0xFF, \ - 0x8E, 0x4F, 0x12, 0x32, 0xEE, 0xF2, 0x81, 0x83, \ - 0xC3, 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73, \ - 0x3B, 0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05, \ - 0xC5, 0x8E, 0xF1, 0x83, 0x7D, 0x16, 0x83, 0xB2, \ - 0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA, \ - 0x88, 0x6B, 0x42, 0x38, 0x61, 0x1F, 0xCF, 0xDC, \ - 0xDE, 0x35, 0x5B, 0x3B, 0x65, 0x19, 0x03, 0x5B, \ - 0xBC, 0x34, 0xF4, 0xDE, 0xF9, 0x9C, 0x02, 0x38, \ - 0x61, 0xB4, 0x6F, 0xC9, 0xD6, 0xE6, 0xC9, 0x07, \ - 0x7A, 0xD9, 0x1D, 0x26, 0x91, 0xF7, 0xF7, 0xEE, \ - 0x59, 0x8C, 0xB0, 0xFA, 0xC1, 0x86, 0xD9, 0x1C, \ - 0xAE, 0xFE, 0x13, 0x09, 0x85, 0x13, 0x92, 0x70, \ - 0xB4, 0x13, 0x0C, 0x93, 0xBC, 0x43, 0x79, 0x44, \ - 0xF4, 0xFD, 0x44, 0x52, 0xE2, 0xD7, 0x4D, 0xD3, \ - 0x64, 0xF2, 0xE2, 0x1E, 0x71, 0xF5, 0x4B, 0xFF, \ - 0x5C, 0xAE, 0x82, 0xAB, 0x9C, 0x9D, 0xF6, 0x9E, \ - 0xE8, 0x6D, 0x2B, 0xC5, 0x22, 0x36, 0x3A, 0x0D, \ - 0xAB, 0xC5, 0x21, 0x97, 0x9B, 0x0D, 0xEA, 0xDA, \ - 0x1D, 0xBF, 0x9A, 0x42, 0xD5, 0xC4, 0x48, 0x4E, \ - 0x0A, 0xBC, 0xD0, 0x6B, 0xFA, 0x53, 0xDD, 0xEF, \ - 0x3C, 0x1B, 0x20, 0xEE, 0x3F, 0xD5, 0x9D, 0x7C, \ - 0x25, 0xE4, 0x1D, 0x2B, 0x66, 0x9E, 0x1E, 0xF1, \ - 0x6E, 0x6F, 0x52, 0xC3, 0x16, 0x4D, 0xF4, 0xFB, \ - 0x79, 0x30, 0xE9, 0xE4, 0xE5, 0x88, 0x57, 0xB6, \ - 0xAC, 0x7D, 0x5F, 0x42, 0xD6, 0x9F, 0x6D, 0x18, \ - 0x77, 0x63, 0xCF, 0x1D, 0x55, 0x03, 0x40, 0x04, \ - 0x87, 0xF5, 0x5B, 0xA5, 0x7E, 0x31, 0xCC, 0x7A, \ - 0x71, 0x35, 0xC8, 0x86, 0xEF, 0xB4, 0x31, 0x8A, \ - 0xED, 0x6A, 0x1E, 0x01, 0x2D, 0x9E, 0x68, 0x32, \ - 0xA9, 0x07, 0x60, 0x0A, 0x91, 0x81, 0x30, 0xC4, \ - 0x6D, 0xC7, 0x78, 0xF9, 0x71, 0xAD, 0x00, 0x38, \ - 0x09, 0x29, 0x99, 0xA3, 0x33, 0xCB, 0x8B, 0x7A, \ - 0x1A, 0x1D, 0xB9, 0x3D, 0x71, 0x40, 0x00, 0x3C, \ - 0x2A, 0x4E, 0xCE, 0xA9, 0xF9, 0x8D, 0x0A, 0xCC, \ - 0x0A, 0x82, 0x91, 0xCD, 0xCE, 0xC9, 0x7D, 0xCF, \ - 0x8E, 0xC9, 0xB5, 0x5A, 0x7F, 0x88, 0xA4, 0x6B, \ - 0x4D, 0xB5, 0xA8, 0x51, 0xF4, 0x41, 0x82, 0xE1, \ - 0xC6, 0x8A, 0x00, 0x7E, 0x5E, 0x0D, 0xD9, 0x02, \ - 0x0B, 0xFD, 0x64, 0xB6, 0x45, 0x03, 0x6C, 0x7A, \ - 0x4E, 0x67, 0x7D, 0x2C, 0x38, 0x53, 0x2A, 0x3A, \ - 0x23, 0xBA, 0x44, 0x42, 0xCA, 0xF5, 0x3E, 0xA6, \ - 0x3B, 0xB4, 0x54, 0x32, 0x9B, 0x76, 0x24, 0xC8, \ - 0x91, 0x7B, 0xDD, 0x64, 0xB1, 0xC0, 0xFD, 0x4C, \ - 0xB3, 0x8E, 0x8C, 0x33, 0x4C, 0x70, 0x1C, 0x3A, \ - 0xCD, 0xAD, 0x06, 0x57, 0xFC, 0xCF, 0xEC, 0x71, \ - 0x9B, 0x1F, 0x5C, 0x3E, 0x4E, 0x46, 0x04, 0x1F, \ - 0x38, 0x81, 0x47, 0xFB, 0x4C, 0xFD, 0xB4, 0x77, \ - 0xA5, 0x24, 0x71, 0xF7, 0xA9, 0xA9, 0x69, 0x10, \ - 0xB8, 0x55, 0x32, 0x2E, 0xDB, 0x63, 0x40, 0xD8, \ - 0xA0, 0x0E, 0xF0, 0x92, 0x35, 0x05, 0x11, 0xE3, \ - 0x0A, 0xBE, 0xC1, 0xFF, 0xF9, 0xE3, 0xA2, 0x6E, \ - 0x7F, 0xB2, 0x9F, 0x8C, 0x18, 0x30, 0x23, 0xC3, \ - 0x58, 0x7E, 0x38, 0xDA, 0x00, 0x77, 0xD9, 0xB4, \ - 0x76, 0x3E, 0x4E, 0x4B, 0x94, 0xB2, 0xBB, 0xC1, \ - 0x94, 0xC6, 0x65, 0x1E, 0x77, 0xCA, 0xF9, 0x92, \ - 0xEE, 0xAA, 0xC0, 0x23, 0x2A, 0x28, 0x1B, 0xF6, \ - 0xB3, 0xA7, 0x39, 0xC1, 0x22, 0x61, 0x16, 0x82, \ - 0x0A, 0xE8, 0xDB, 0x58, 0x47, 0xA6, 0x7C, 0xBE, \ - 0xF9, 0xC9, 0x09, 0x1B, 0x46, 0x2D, 0x53, 0x8C, \ - 0xD7, 0x2B, 0x03, 0x74, 0x6A, 0xE7, 0x7F, 0x5E, \ - 0x62, 0x29, 0x2C, 0x31, 0x15, 0x62, 0xA8, 0x46, \ - 0x50, 0x5D, 0xC8, 0x2D, 0xB8, 0x54, 0x33, 0x8A, \ - 0xE4, 0x9F, 0x52, 0x35, 0xC9, 0x5B, 0x91, 0x17, \ - 0x8C, 0xCF, 0x2D, 0xD5, 0xCA, 0xCE, 0xF4, 0x03, \ - 0xEC, 0x9D, 0x18, 0x10, 0xC6, 0x27, 0x2B, 0x04, \ - 0x5B, 0x3B, 0x71, 0xF9, 0xDC, 0x6B, 0x80, 0xD6, \ - 0x3F, 0xDD, 0x4A, 0x8E, 0x9A, 0xDB, 0x1E, 0x69, \ - 0x62, 0xA6, 0x95, 0x26, 0xD4, 0x31, 0x61, 0xC1, \ - 0xA4, 0x1D, 0x57, 0x0D, 0x79, 0x38, 0xDA, 0xD4, \ - 0xA4, 0x0E, 0x32, 0x9C, 0xCF, 0xF4, 0x6A, 0xAA, \ - 0x36, 0xAD, 0x00, 0x4C, 0xF6, 0x00, 0xC8, 0x38, \ - 0x1E, 0x42, 0x5A, 0x31, 0xD9, 0x51, 0xAE, 0x64, \ - 0xFD, 0xB2, 0x3F, 0xCE, 0xC9, 0x50, 0x9D, 0x43, \ - 0x68, 0x7F, 0xEB, 0x69, 0xED, 0xD1, 0xCC, 0x5E, \ - 0x0B, 0x8C, 0xC3, 0xBD, 0xF6, 0x4B, 0x10, 0xEF, \ - 0x86, 0xB6, 0x31, 0x42, 0xA3, 0xAB, 0x88, 0x29, \ - 0x55, 0x5B, 0x2F, 0x74, 0x7C, 0x93, 0x26, 0x65, \ - 0xCB, 0x2C, 0x0F, 0x1C, 0xC0, 0x1B, 0xD7, 0x02, \ - 0x29, 0x38, 0x88, 0x39, 0xD2, 0xAF, 0x05, 0xE4, \ - 0x54, 0x50, 0x4A, 0xC7, 0x8B, 0x75, 0x82, 0x82, \ - 0x28, 0x46, 0xC0, 0xBA, 0x35, 0xC3, 0x5F, 0x5C, \ - 0x59, 0x16, 0x0C, 0xC0, 0x46, 0xFD, 0x82, 0x51, \ - 0x54, 0x1F, 0xC6, 0x8C, 0x9C, 0x86, 0xB0, 0x22, \ - 0xBB, 0x70, 0x99, 0x87, 0x6A, 0x46, 0x0E, 0x74, \ - 0x51, 0xA8, 0xA9, 0x31, 0x09, 0x70, 0x3F, 0xEE, \ - 0x1C, 0x21, 0x7E, 0x6C, 0x38, 0x26, 0xE5, 0x2C, \ - 0x51, 0xAA, 0x69, 0x1E, 0x0E, 0x42, 0x3C, 0xFC, \ - 0x99, 0xE9, 0xE3, 0x16, 0x50, 0xC1, 0x21, 0x7B, \ - 0x62, 0x48, 0x16, 0xCD, 0xAD, 0x9A, 0x95, 0xF9, \ - 0xD5, 0xB8, 0x01, 0x94, 0x88, 0xD9, 0xC0, 0xA0, \ - 0xA1, 0xFE, 0x30, 0x75, 0xA5, 0x77, 0xE2, 0x31, \ - 0x83, 0xF8, 0x1D, 0x4A, 0x3F, 0x2F, 0xA4, 0x57, \ - 0x1E, 0xFC, 0x8C, 0xE0, 0xBA, 0x8A, 0x4F, 0xE8, \ - 0xB6, 0x85, 0x5D, 0xFE, 0x72, 0xB0, 0xA6, 0x6E, \ - 0xDE, 0xD2, 0xFB, 0xAB, 0xFB, 0xE5, 0x8A, 0x30, \ - 0xFA, 0xFA, 0xBE, 0x1C, 0x5D, 0x71, 0xA8, 0x7E, \ - 0x2F, 0x74, 0x1E, 0xF8, 0xC1, 0xFE, 0x86, 0xFE, \ - 0xA6, 0xBB, 0xFD, 0xE5, 0x30, 0x67, 0x7F, 0x0D, \ - 0x97, 0xD1, 0x1D, 0x49, 0xF7, 0xA8, 0x44, 0x3D, \ - 0x08, 0x22, 0xE5, 0x06, 0xA9, 0xF4, 0x61, 0x4E, \ - 0x01, 0x1E, 0x2A, 0x94, 0x83, 0x8F, 0xF8, 0x8C, \ - 0xD6, 0x8C, 0x8B, 0xB7, 0xC5, 0xC6, 0x42, 0x4C, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF } + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ + 0xAD, 0xF8, 0x54, 0x58, 0xA2, 0xBB, 0x4A, 0x9A, \ + 0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, 0x3C, 0xF1, \ + 0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95, \ + 0xA9, 0xE1, 0x36, 0x41, 0x14, 0x64, 0x33, 0xFB, \ + 0xCC, 0x93, 0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9, \ + 0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8, \ + 0xF6, 0x81, 0xB2, 0x02, 0xAE, 0xC4, 0x61, 0x7A, \ + 0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61, \ + 0x24, 0x33, 0xF5, 0x1F, 0x5F, 0x06, 0x6E, 0xD0, \ + 0x85, 0x63, 0x65, 0x55, 0x3D, 0xED, 0x1A, 0xF3, \ + 0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35, \ + 0x98, 0x4F, 0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77, \ + 0xE2, 0xA6, 0x89, 0xDA, 0xF3, 0xEF, 0xE8, 0x72, \ + 0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35, \ + 0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A, \ + 0xBC, 0x0A, 0xB1, 0x82, 0xB3, 0x24, 0xFB, 0x61, \ + 0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, 0xFB, \ + 0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68, \ + 0x1D, 0x4F, 0x42, 0xA3, 0xDE, 0x39, 0x4D, 0xF4, \ + 0xAE, 0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19, \ + 0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70, \ + 0x9E, 0x02, 0xFC, 0xE1, 0xCD, 0xF7, 0xE2, 0xEC, \ + 0xC0, 0x34, 0x04, 0xCD, 0x28, 0x34, 0x2F, 0x61, \ + 0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, 0x83, 0xFF, \ + 0x8E, 0x4F, 0x12, 0x32, 0xEE, 0xF2, 0x81, 0x83, \ + 0xC3, 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73, \ + 0x3B, 0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05, \ + 0xC5, 0x8E, 0xF1, 0x83, 0x7D, 0x16, 0x83, 0xB2, \ + 0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA, \ + 0x88, 0x6B, 0x42, 0x38, 0x61, 0x1F, 0xCF, 0xDC, \ + 0xDE, 0x35, 0x5B, 0x3B, 0x65, 0x19, 0x03, 0x5B, \ + 0xBC, 0x34, 0xF4, 0xDE, 0xF9, 0x9C, 0x02, 0x38, \ + 0x61, 0xB4, 0x6F, 0xC9, 0xD6, 0xE6, 0xC9, 0x07, \ + 0x7A, 0xD9, 0x1D, 0x26, 0x91, 0xF7, 0xF7, 0xEE, \ + 0x59, 0x8C, 0xB0, 0xFA, 0xC1, 0x86, 0xD9, 0x1C, \ + 0xAE, 0xFE, 0x13, 0x09, 0x85, 0x13, 0x92, 0x70, \ + 0xB4, 0x13, 0x0C, 0x93, 0xBC, 0x43, 0x79, 0x44, \ + 0xF4, 0xFD, 0x44, 0x52, 0xE2, 0xD7, 0x4D, 0xD3, \ + 0x64, 0xF2, 0xE2, 0x1E, 0x71, 0xF5, 0x4B, 0xFF, \ + 0x5C, 0xAE, 0x82, 0xAB, 0x9C, 0x9D, 0xF6, 0x9E, \ + 0xE8, 0x6D, 0x2B, 0xC5, 0x22, 0x36, 0x3A, 0x0D, \ + 0xAB, 0xC5, 0x21, 0x97, 0x9B, 0x0D, 0xEA, 0xDA, \ + 0x1D, 0xBF, 0x9A, 0x42, 0xD5, 0xC4, 0x48, 0x4E, \ + 0x0A, 0xBC, 0xD0, 0x6B, 0xFA, 0x53, 0xDD, 0xEF, \ + 0x3C, 0x1B, 0x20, 0xEE, 0x3F, 0xD5, 0x9D, 0x7C, \ + 0x25, 0xE4, 0x1D, 0x2B, 0x66, 0x9E, 0x1E, 0xF1, \ + 0x6E, 0x6F, 0x52, 0xC3, 0x16, 0x4D, 0xF4, 0xFB, \ + 0x79, 0x30, 0xE9, 0xE4, 0xE5, 0x88, 0x57, 0xB6, \ + 0xAC, 0x7D, 0x5F, 0x42, 0xD6, 0x9F, 0x6D, 0x18, \ + 0x77, 0x63, 0xCF, 0x1D, 0x55, 0x03, 0x40, 0x04, \ + 0x87, 0xF5, 0x5B, 0xA5, 0x7E, 0x31, 0xCC, 0x7A, \ + 0x71, 0x35, 0xC8, 0x86, 0xEF, 0xB4, 0x31, 0x8A, \ + 0xED, 0x6A, 0x1E, 0x01, 0x2D, 0x9E, 0x68, 0x32, \ + 0xA9, 0x07, 0x60, 0x0A, 0x91, 0x81, 0x30, 0xC4, \ + 0x6D, 0xC7, 0x78, 0xF9, 0x71, 0xAD, 0x00, 0x38, \ + 0x09, 0x29, 0x99, 0xA3, 0x33, 0xCB, 0x8B, 0x7A, \ + 0x1A, 0x1D, 0xB9, 0x3D, 0x71, 0x40, 0x00, 0x3C, \ + 0x2A, 0x4E, 0xCE, 0xA9, 0xF9, 0x8D, 0x0A, 0xCC, \ + 0x0A, 0x82, 0x91, 0xCD, 0xCE, 0xC9, 0x7D, 0xCF, \ + 0x8E, 0xC9, 0xB5, 0x5A, 0x7F, 0x88, 0xA4, 0x6B, \ + 0x4D, 0xB5, 0xA8, 0x51, 0xF4, 0x41, 0x82, 0xE1, \ + 0xC6, 0x8A, 0x00, 0x7E, 0x5E, 0x0D, 0xD9, 0x02, \ + 0x0B, 0xFD, 0x64, 0xB6, 0x45, 0x03, 0x6C, 0x7A, \ + 0x4E, 0x67, 0x7D, 0x2C, 0x38, 0x53, 0x2A, 0x3A, \ + 0x23, 0xBA, 0x44, 0x42, 0xCA, 0xF5, 0x3E, 0xA6, \ + 0x3B, 0xB4, 0x54, 0x32, 0x9B, 0x76, 0x24, 0xC8, \ + 0x91, 0x7B, 0xDD, 0x64, 0xB1, 0xC0, 0xFD, 0x4C, \ + 0xB3, 0x8E, 0x8C, 0x33, 0x4C, 0x70, 0x1C, 0x3A, \ + 0xCD, 0xAD, 0x06, 0x57, 0xFC, 0xCF, 0xEC, 0x71, \ + 0x9B, 0x1F, 0x5C, 0x3E, 0x4E, 0x46, 0x04, 0x1F, \ + 0x38, 0x81, 0x47, 0xFB, 0x4C, 0xFD, 0xB4, 0x77, \ + 0xA5, 0x24, 0x71, 0xF7, 0xA9, 0xA9, 0x69, 0x10, \ + 0xB8, 0x55, 0x32, 0x2E, 0xDB, 0x63, 0x40, 0xD8, \ + 0xA0, 0x0E, 0xF0, 0x92, 0x35, 0x05, 0x11, 0xE3, \ + 0x0A, 0xBE, 0xC1, 0xFF, 0xF9, 0xE3, 0xA2, 0x6E, \ + 0x7F, 0xB2, 0x9F, 0x8C, 0x18, 0x30, 0x23, 0xC3, \ + 0x58, 0x7E, 0x38, 0xDA, 0x00, 0x77, 0xD9, 0xB4, \ + 0x76, 0x3E, 0x4E, 0x4B, 0x94, 0xB2, 0xBB, 0xC1, \ + 0x94, 0xC6, 0x65, 0x1E, 0x77, 0xCA, 0xF9, 0x92, \ + 0xEE, 0xAA, 0xC0, 0x23, 0x2A, 0x28, 0x1B, 0xF6, \ + 0xB3, 0xA7, 0x39, 0xC1, 0x22, 0x61, 0x16, 0x82, \ + 0x0A, 0xE8, 0xDB, 0x58, 0x47, 0xA6, 0x7C, 0xBE, \ + 0xF9, 0xC9, 0x09, 0x1B, 0x46, 0x2D, 0x53, 0x8C, \ + 0xD7, 0x2B, 0x03, 0x74, 0x6A, 0xE7, 0x7F, 0x5E, \ + 0x62, 0x29, 0x2C, 0x31, 0x15, 0x62, 0xA8, 0x46, \ + 0x50, 0x5D, 0xC8, 0x2D, 0xB8, 0x54, 0x33, 0x8A, \ + 0xE4, 0x9F, 0x52, 0x35, 0xC9, 0x5B, 0x91, 0x17, \ + 0x8C, 0xCF, 0x2D, 0xD5, 0xCA, 0xCE, 0xF4, 0x03, \ + 0xEC, 0x9D, 0x18, 0x10, 0xC6, 0x27, 0x2B, 0x04, \ + 0x5B, 0x3B, 0x71, 0xF9, 0xDC, 0x6B, 0x80, 0xD6, \ + 0x3F, 0xDD, 0x4A, 0x8E, 0x9A, 0xDB, 0x1E, 0x69, \ + 0x62, 0xA6, 0x95, 0x26, 0xD4, 0x31, 0x61, 0xC1, \ + 0xA4, 0x1D, 0x57, 0x0D, 0x79, 0x38, 0xDA, 0xD4, \ + 0xA4, 0x0E, 0x32, 0x9C, 0xCF, 0xF4, 0x6A, 0xAA, \ + 0x36, 0xAD, 0x00, 0x4C, 0xF6, 0x00, 0xC8, 0x38, \ + 0x1E, 0x42, 0x5A, 0x31, 0xD9, 0x51, 0xAE, 0x64, \ + 0xFD, 0xB2, 0x3F, 0xCE, 0xC9, 0x50, 0x9D, 0x43, \ + 0x68, 0x7F, 0xEB, 0x69, 0xED, 0xD1, 0xCC, 0x5E, \ + 0x0B, 0x8C, 0xC3, 0xBD, 0xF6, 0x4B, 0x10, 0xEF, \ + 0x86, 0xB6, 0x31, 0x42, 0xA3, 0xAB, 0x88, 0x29, \ + 0x55, 0x5B, 0x2F, 0x74, 0x7C, 0x93, 0x26, 0x65, \ + 0xCB, 0x2C, 0x0F, 0x1C, 0xC0, 0x1B, 0xD7, 0x02, \ + 0x29, 0x38, 0x88, 0x39, 0xD2, 0xAF, 0x05, 0xE4, \ + 0x54, 0x50, 0x4A, 0xC7, 0x8B, 0x75, 0x82, 0x82, \ + 0x28, 0x46, 0xC0, 0xBA, 0x35, 0xC3, 0x5F, 0x5C, \ + 0x59, 0x16, 0x0C, 0xC0, 0x46, 0xFD, 0x82, 0x51, \ + 0x54, 0x1F, 0xC6, 0x8C, 0x9C, 0x86, 0xB0, 0x22, \ + 0xBB, 0x70, 0x99, 0x87, 0x6A, 0x46, 0x0E, 0x74, \ + 0x51, 0xA8, 0xA9, 0x31, 0x09, 0x70, 0x3F, 0xEE, \ + 0x1C, 0x21, 0x7E, 0x6C, 0x38, 0x26, 0xE5, 0x2C, \ + 0x51, 0xAA, 0x69, 0x1E, 0x0E, 0x42, 0x3C, 0xFC, \ + 0x99, 0xE9, 0xE3, 0x16, 0x50, 0xC1, 0x21, 0x7B, \ + 0x62, 0x48, 0x16, 0xCD, 0xAD, 0x9A, 0x95, 0xF9, \ + 0xD5, 0xB8, 0x01, 0x94, 0x88, 0xD9, 0xC0, 0xA0, \ + 0xA1, 0xFE, 0x30, 0x75, 0xA5, 0x77, 0xE2, 0x31, \ + 0x83, 0xF8, 0x1D, 0x4A, 0x3F, 0x2F, 0xA4, 0x57, \ + 0x1E, 0xFC, 0x8C, 0xE0, 0xBA, 0x8A, 0x4F, 0xE8, \ + 0xB6, 0x85, 0x5D, 0xFE, 0x72, 0xB0, 0xA6, 0x6E, \ + 0xDE, 0xD2, 0xFB, 0xAB, 0xFB, 0xE5, 0x8A, 0x30, \ + 0xFA, 0xFA, 0xBE, 0x1C, 0x5D, 0x71, 0xA8, 0x7E, \ + 0x2F, 0x74, 0x1E, 0xF8, 0xC1, 0xFE, 0x86, 0xFE, \ + 0xA6, 0xBB, 0xFD, 0xE5, 0x30, 0x67, 0x7F, 0x0D, \ + 0x97, 0xD1, 0x1D, 0x49, 0xF7, 0xA8, 0x44, 0x3D, \ + 0x08, 0x22, 0xE5, 0x06, 0xA9, 0xF4, 0x61, 0x4E, \ + 0x01, 0x1E, 0x2A, 0x94, 0x83, 0x8F, 0xF8, 0x8C, \ + 0xD6, 0x8C, 0x8B, 0xB7, 0xC5, 0xC6, 0x42, 0x4C, \ + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF } #define MBEDTLS_DHM_RFC7919_FFDHE8192_G_BIN { 0x02 } diff --git a/thirdparty/mbedtls/include/mbedtls/ecdh.h b/thirdparty/mbedtls/include/mbedtls/ecdh.h index 05855cdf10..aade25a42e 100644 --- a/thirdparty/mbedtls/include/mbedtls/ecdh.h +++ b/thirdparty/mbedtls/include/mbedtls/ecdh.h @@ -52,8 +52,7 @@ extern "C" { /** * Defines the source of the imported EC key. */ -typedef enum -{ +typedef enum { MBEDTLS_ECDH_OURS, /**< Our key. */ MBEDTLS_ECDH_THEIRS, /**< The key of the peer. */ } mbedtls_ecdh_side; @@ -65,8 +64,7 @@ typedef enum * Later versions of the library may add new variants, therefore users should * not make any assumptions about them. */ -typedef enum -{ +typedef enum { MBEDTLS_ECDH_VARIANT_NONE = 0, /*!< Implementation not defined. */ MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0,/*!< The default Mbed TLS implementation */ #if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED) @@ -81,8 +79,7 @@ typedef enum * should not make any assumptions about the structure of * mbedtls_ecdh_context_mbed. */ -typedef struct mbedtls_ecdh_context_mbed -{ +typedef struct mbedtls_ecdh_context_mbed { mbedtls_ecp_group grp; /*!< The elliptic curve used. */ mbedtls_mpi d; /*!< The private key. */ mbedtls_ecp_point Q; /*!< The public key. */ @@ -101,8 +98,7 @@ typedef struct mbedtls_ecdh_context_mbed * should not be shared between multiple threads. * \brief The ECDH context structure. */ -typedef struct mbedtls_ecdh_context -{ +typedef struct mbedtls_ecdh_context { #if defined(MBEDTLS_ECDH_LEGACY_CONTEXT) mbedtls_ecp_group grp; /*!< The elliptic curve used. */ mbedtls_mpi d; /*!< The private key. */ @@ -119,24 +115,23 @@ typedef struct mbedtls_ecdh_context #endif /* MBEDTLS_ECP_RESTARTABLE */ #else uint8_t point_format; /*!< The format of point export in TLS messages - as defined in RFC 4492. */ + as defined in RFC 4492. */ mbedtls_ecp_group_id grp_id;/*!< The elliptic curve used. */ mbedtls_ecdh_variant var; /*!< The ECDH implementation/structure used. */ - union - { + union { mbedtls_ecdh_context_mbed mbed_ecdh; #if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED) mbedtls_ecdh_context_everest everest_ecdh; #endif } ctx; /*!< Implementation-specific context. The - context in use is specified by the \c var - field. */ + context in use is specified by the \c var + field. */ #if defined(MBEDTLS_ECP_RESTARTABLE) uint8_t restart_enabled; /*!< The flag for restartable mode. Functions of - an alternative implementation not supporting - restartable mode must return - MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED error - if this flag is set. */ + an alternative implementation not supporting + restartable mode must return + MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED error + if this flag is set. */ #endif /* MBEDTLS_ECP_RESTARTABLE */ #endif /* MBEDTLS_ECDH_LEGACY_CONTEXT */ } @@ -149,7 +144,7 @@ mbedtls_ecdh_context; * * \return \c 1 if the group can be used, \c 0 otherwise */ -int mbedtls_ecdh_can_do( mbedtls_ecp_group_id gid ); +int mbedtls_ecdh_can_do(mbedtls_ecp_group_id gid); /** * \brief This function generates an ECDH keypair on an elliptic @@ -176,9 +171,9 @@ int mbedtls_ecdh_can_do( mbedtls_ecp_group_id gid ); * \return Another \c MBEDTLS_ERR_ECP_XXX or * \c MBEDTLS_MPI_XXX error code on failure. */ -int mbedtls_ecdh_gen_public( mbedtls_ecp_group *grp, mbedtls_mpi *d, mbedtls_ecp_point *Q, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ); +int mbedtls_ecdh_gen_public(mbedtls_ecp_group *grp, mbedtls_mpi *d, mbedtls_ecp_point *Q, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng); /** * \brief This function computes the shared secret. @@ -214,17 +209,17 @@ int mbedtls_ecdh_gen_public( mbedtls_ecp_group *grp, mbedtls_mpi *d, mbedtls_ecp * \return Another \c MBEDTLS_ERR_ECP_XXX or * \c MBEDTLS_MPI_XXX error code on failure. */ -int mbedtls_ecdh_compute_shared( mbedtls_ecp_group *grp, mbedtls_mpi *z, - const mbedtls_ecp_point *Q, const mbedtls_mpi *d, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ); +int mbedtls_ecdh_compute_shared(mbedtls_ecp_group *grp, mbedtls_mpi *z, + const mbedtls_ecp_point *Q, const mbedtls_mpi *d, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng); /** * \brief This function initializes an ECDH context. * * \param ctx The ECDH context to initialize. This must not be \c NULL. */ -void mbedtls_ecdh_init( mbedtls_ecdh_context *ctx ); +void mbedtls_ecdh_init(mbedtls_ecdh_context *ctx); /** * \brief This function sets up the ECDH context with the information @@ -242,8 +237,8 @@ void mbedtls_ecdh_init( mbedtls_ecdh_context *ctx ); * * \return \c 0 on success. */ -int mbedtls_ecdh_setup( mbedtls_ecdh_context *ctx, - mbedtls_ecp_group_id grp_id ); +int mbedtls_ecdh_setup(mbedtls_ecdh_context *ctx, + mbedtls_ecp_group_id grp_id); /** * \brief This function frees a context. @@ -252,7 +247,7 @@ int mbedtls_ecdh_setup( mbedtls_ecdh_context *ctx, * case this function does nothing. If it is not \c NULL, * it must point to an initialized ECDH context. */ -void mbedtls_ecdh_free( mbedtls_ecdh_context *ctx ); +void mbedtls_ecdh_free(mbedtls_ecdh_context *ctx); /** * \brief This function generates an EC key pair and exports its @@ -279,10 +274,10 @@ void mbedtls_ecdh_free( mbedtls_ecdh_context *ctx ); * operations was reached: see \c mbedtls_ecp_set_max_ops(). * \return Another \c MBEDTLS_ERR_ECP_XXX error code on failure. */ -int mbedtls_ecdh_make_params( mbedtls_ecdh_context *ctx, size_t *olen, - unsigned char *buf, size_t blen, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ); +int mbedtls_ecdh_make_params(mbedtls_ecdh_context *ctx, size_t *olen, + unsigned char *buf, size_t blen, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng); /** * \brief This function parses the ECDHE parameters in a @@ -308,9 +303,9 @@ int mbedtls_ecdh_make_params( mbedtls_ecdh_context *ctx, size_t *olen, * \return An \c MBEDTLS_ERR_ECP_XXX error code on failure. * */ -int mbedtls_ecdh_read_params( mbedtls_ecdh_context *ctx, - const unsigned char **buf, - const unsigned char *end ); +int mbedtls_ecdh_read_params(mbedtls_ecdh_context *ctx, + const unsigned char **buf, + const unsigned char *end); /** * \brief This function sets up an ECDH context from an EC key. @@ -331,9 +326,9 @@ int mbedtls_ecdh_read_params( mbedtls_ecdh_context *ctx, * \return Another \c MBEDTLS_ERR_ECP_XXX error code on failure. * */ -int mbedtls_ecdh_get_params( mbedtls_ecdh_context *ctx, - const mbedtls_ecp_keypair *key, - mbedtls_ecdh_side side ); +int mbedtls_ecdh_get_params(mbedtls_ecdh_context *ctx, + const mbedtls_ecp_keypair *key, + mbedtls_ecdh_side side); /** * \brief This function generates a public key and exports it @@ -361,10 +356,10 @@ int mbedtls_ecdh_get_params( mbedtls_ecdh_context *ctx, * operations was reached: see \c mbedtls_ecp_set_max_ops(). * \return Another \c MBEDTLS_ERR_ECP_XXX error code on failure. */ -int mbedtls_ecdh_make_public( mbedtls_ecdh_context *ctx, size_t *olen, - unsigned char *buf, size_t blen, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ); +int mbedtls_ecdh_make_public(mbedtls_ecdh_context *ctx, size_t *olen, + unsigned char *buf, size_t blen, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng); /** * \brief This function parses and processes the ECDHE payload of a @@ -385,8 +380,8 @@ int mbedtls_ecdh_make_public( mbedtls_ecdh_context *ctx, size_t *olen, * \return \c 0 on success. * \return An \c MBEDTLS_ERR_ECP_XXX error code on failure. */ -int mbedtls_ecdh_read_public( mbedtls_ecdh_context *ctx, - const unsigned char *buf, size_t blen ); +int mbedtls_ecdh_read_public(mbedtls_ecdh_context *ctx, + const unsigned char *buf, size_t blen); /** * \brief This function derives and exports the shared secret. @@ -418,10 +413,10 @@ int mbedtls_ecdh_read_public( mbedtls_ecdh_context *ctx, * operations was reached: see \c mbedtls_ecp_set_max_ops(). * \return Another \c MBEDTLS_ERR_ECP_XXX error code on failure. */ -int mbedtls_ecdh_calc_secret( mbedtls_ecdh_context *ctx, size_t *olen, - unsigned char *buf, size_t blen, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ); +int mbedtls_ecdh_calc_secret(mbedtls_ecdh_context *ctx, size_t *olen, + unsigned char *buf, size_t blen, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng); #if defined(MBEDTLS_ECP_RESTARTABLE) /** @@ -436,7 +431,7 @@ int mbedtls_ecdh_calc_secret( mbedtls_ecdh_context *ctx, size_t *olen, * * \param ctx The ECDH context to use. This must be initialized. */ -void mbedtls_ecdh_enable_restart( mbedtls_ecdh_context *ctx ); +void mbedtls_ecdh_enable_restart(mbedtls_ecdh_context *ctx); #endif /* MBEDTLS_ECP_RESTARTABLE */ #ifdef __cplusplus diff --git a/thirdparty/mbedtls/include/mbedtls/ecdsa.h b/thirdparty/mbedtls/include/mbedtls/ecdsa.h index 118f7cedb1..e42d114c42 100644 --- a/thirdparty/mbedtls/include/mbedtls/ecdsa.h +++ b/thirdparty/mbedtls/include/mbedtls/ecdsa.h @@ -56,13 +56,13 @@ * * For each of r and s, the value (V) may include an extra initial "0" bit. */ -#define MBEDTLS_ECDSA_MAX_SIG_LEN( bits ) \ - ( /*T,L of SEQUENCE*/ ( ( bits ) >= 61 * 8 ? 3 : 2 ) + \ - /*T,L of r,s*/ 2 * ( ( ( bits ) >= 127 * 8 ? 3 : 2 ) + \ - /*V of r,s*/ ( ( bits ) + 8 ) / 8 ) ) +#define MBEDTLS_ECDSA_MAX_SIG_LEN(bits) \ + (/*T,L of SEQUENCE*/ ((bits) >= 61 * 8 ? 3 : 2) + \ + /*T,L of r,s*/ 2 * (((bits) >= 127 * 8 ? 3 : 2) + \ + /*V of r,s*/ ((bits) + 8) / 8)) /** The maximal size of an ECDSA signature in Bytes. */ -#define MBEDTLS_ECDSA_MAX_LEN MBEDTLS_ECDSA_MAX_SIG_LEN( MBEDTLS_ECP_MAX_BITS ) +#define MBEDTLS_ECDSA_MAX_LEN MBEDTLS_ECDSA_MAX_SIG_LEN(MBEDTLS_ECP_MAX_BITS) #ifdef __cplusplus extern "C" { @@ -105,8 +105,7 @@ typedef struct mbedtls_ecdsa_restart_det mbedtls_ecdsa_restart_det_ctx; /** * \brief General context for resuming ECDSA operations */ -typedef struct -{ +typedef struct { mbedtls_ecp_restart_ctx ecp; /*!< base context for ECP restart and shared administrative info */ mbedtls_ecdsa_restart_ver_ctx *ver; /*!< ecdsa_verify() sub-context */ @@ -131,7 +130,7 @@ typedef void mbedtls_ecdsa_restart_ctx; * * \return \c 1 if the group can be used, \c 0 otherwise */ -int mbedtls_ecdsa_can_do( mbedtls_ecp_group_id gid ); +int mbedtls_ecdsa_can_do(mbedtls_ecp_group_id gid); /** * \brief This function computes the ECDSA signature of a @@ -169,12 +168,12 @@ int mbedtls_ecdsa_can_do( mbedtls_ecp_group_id gid ); * \return An \c MBEDTLS_ERR_ECP_XXX * or \c MBEDTLS_MPI_XXX error code on failure. */ -int mbedtls_ecdsa_sign( mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi *s, - const mbedtls_mpi *d, const unsigned char *buf, size_t blen, - int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ); +int mbedtls_ecdsa_sign(mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi *s, + const mbedtls_mpi *d, const unsigned char *buf, size_t blen, + int (*f_rng)(void *, unsigned char *, size_t), void *p_rng); #if defined(MBEDTLS_ECDSA_DETERMINISTIC) -#if ! defined(MBEDTLS_DEPRECATED_REMOVED) +#if !defined(MBEDTLS_DEPRECATED_REMOVED) #if defined(MBEDTLS_DEPRECATED_WARNING) #define MBEDTLS_DEPRECATED __attribute__((deprecated)) #else @@ -228,10 +227,10 @@ int mbedtls_ecdsa_sign( mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi *s, * \return An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX * error code on failure. */ -int mbedtls_ecdsa_sign_det( mbedtls_ecp_group *grp, mbedtls_mpi *r, - mbedtls_mpi *s, const mbedtls_mpi *d, - const unsigned char *buf, size_t blen, - mbedtls_md_type_t md_alg ) MBEDTLS_DEPRECATED; +int mbedtls_ecdsa_sign_det(mbedtls_ecp_group *grp, mbedtls_mpi *r, + mbedtls_mpi *s, const mbedtls_mpi *d, + const unsigned char *buf, size_t blen, + mbedtls_md_type_t md_alg) MBEDTLS_DEPRECATED; #undef MBEDTLS_DEPRECATED #endif /* MBEDTLS_DEPRECATED_REMOVED */ @@ -274,12 +273,12 @@ int mbedtls_ecdsa_sign_det( mbedtls_ecp_group *grp, mbedtls_mpi *r, * \return An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX * error code on failure. */ -int mbedtls_ecdsa_sign_det_ext( mbedtls_ecp_group *grp, mbedtls_mpi *r, - mbedtls_mpi *s, const mbedtls_mpi *d, - const unsigned char *buf, size_t blen, - mbedtls_md_type_t md_alg, - int (*f_rng_blind)(void *, unsigned char *, size_t), - void *p_rng_blind ); +int mbedtls_ecdsa_sign_det_ext(mbedtls_ecp_group *grp, mbedtls_mpi *r, + mbedtls_mpi *s, const mbedtls_mpi *d, + const unsigned char *buf, size_t blen, + mbedtls_md_type_t md_alg, + int (*f_rng_blind)(void *, unsigned char *, size_t), + void *p_rng_blind); #endif /* MBEDTLS_ECDSA_DETERMINISTIC */ /** @@ -312,10 +311,10 @@ int mbedtls_ecdsa_sign_det_ext( mbedtls_ecp_group *grp, mbedtls_mpi *r, * \return An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX * error code on failure. */ -int mbedtls_ecdsa_verify( mbedtls_ecp_group *grp, - const unsigned char *buf, size_t blen, - const mbedtls_ecp_point *Q, const mbedtls_mpi *r, - const mbedtls_mpi *s); +int mbedtls_ecdsa_verify(mbedtls_ecp_group *grp, + const unsigned char *buf, size_t blen, + const mbedtls_ecp_point *Q, const mbedtls_mpi *r, + const mbedtls_mpi *s); /** * \brief This function computes the ECDSA signature and writes it @@ -365,12 +364,12 @@ int mbedtls_ecdsa_verify( mbedtls_ecp_group *grp, * \return An \c MBEDTLS_ERR_ECP_XXX, \c MBEDTLS_ERR_MPI_XXX or * \c MBEDTLS_ERR_ASN1_XXX error code on failure. */ -int mbedtls_ecdsa_write_signature( mbedtls_ecdsa_context *ctx, - mbedtls_md_type_t md_alg, - const unsigned char *hash, size_t hlen, - unsigned char *sig, size_t *slen, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ); +int mbedtls_ecdsa_write_signature(mbedtls_ecdsa_context *ctx, + mbedtls_md_type_t md_alg, + const unsigned char *hash, size_t hlen, + unsigned char *sig, size_t *slen, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng); /** * \brief This function computes the ECDSA signature and writes it @@ -411,16 +410,16 @@ int mbedtls_ecdsa_write_signature( mbedtls_ecdsa_context *ctx, * \return Another \c MBEDTLS_ERR_ECP_XXX, \c MBEDTLS_ERR_MPI_XXX or * \c MBEDTLS_ERR_ASN1_XXX error code on failure. */ -int mbedtls_ecdsa_write_signature_restartable( mbedtls_ecdsa_context *ctx, - mbedtls_md_type_t md_alg, - const unsigned char *hash, size_t hlen, - unsigned char *sig, size_t *slen, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng, - mbedtls_ecdsa_restart_ctx *rs_ctx ); +int mbedtls_ecdsa_write_signature_restartable(mbedtls_ecdsa_context *ctx, + mbedtls_md_type_t md_alg, + const unsigned char *hash, size_t hlen, + unsigned char *sig, size_t *slen, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng, + mbedtls_ecdsa_restart_ctx *rs_ctx); #if defined(MBEDTLS_ECDSA_DETERMINISTIC) -#if ! defined(MBEDTLS_DEPRECATED_REMOVED) +#if !defined(MBEDTLS_DEPRECATED_REMOVED) #if defined(MBEDTLS_DEPRECATED_WARNING) #define MBEDTLS_DEPRECATED __attribute__((deprecated)) #else @@ -469,10 +468,10 @@ int mbedtls_ecdsa_write_signature_restartable( mbedtls_ecdsa_context *ctx, * \return An \c MBEDTLS_ERR_ECP_XXX, \c MBEDTLS_ERR_MPI_XXX or * \c MBEDTLS_ERR_ASN1_XXX error code on failure. */ -int mbedtls_ecdsa_write_signature_det( mbedtls_ecdsa_context *ctx, - const unsigned char *hash, size_t hlen, - unsigned char *sig, size_t *slen, - mbedtls_md_type_t md_alg ) MBEDTLS_DEPRECATED; +int mbedtls_ecdsa_write_signature_det(mbedtls_ecdsa_context *ctx, + const unsigned char *hash, size_t hlen, + unsigned char *sig, size_t *slen, + mbedtls_md_type_t md_alg) MBEDTLS_DEPRECATED; #undef MBEDTLS_DEPRECATED #endif /* MBEDTLS_DEPRECATED_REMOVED */ #endif /* MBEDTLS_ECDSA_DETERMINISTIC */ @@ -504,9 +503,9 @@ int mbedtls_ecdsa_write_signature_det( mbedtls_ecdsa_context *ctx, * \return An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_ERR_MPI_XXX * error code on failure for any other reason. */ -int mbedtls_ecdsa_read_signature( mbedtls_ecdsa_context *ctx, - const unsigned char *hash, size_t hlen, - const unsigned char *sig, size_t slen ); +int mbedtls_ecdsa_read_signature(mbedtls_ecdsa_context *ctx, + const unsigned char *hash, size_t hlen, + const unsigned char *sig, size_t slen); /** * \brief This function reads and verifies an ECDSA signature, @@ -539,10 +538,10 @@ int mbedtls_ecdsa_read_signature( mbedtls_ecdsa_context *ctx, * \return Another \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_ERR_MPI_XXX * error code on failure for any other reason. */ -int mbedtls_ecdsa_read_signature_restartable( mbedtls_ecdsa_context *ctx, - const unsigned char *hash, size_t hlen, - const unsigned char *sig, size_t slen, - mbedtls_ecdsa_restart_ctx *rs_ctx ); +int mbedtls_ecdsa_read_signature_restartable(mbedtls_ecdsa_context *ctx, + const unsigned char *hash, size_t hlen, + const unsigned char *sig, size_t slen, + mbedtls_ecdsa_restart_ctx *rs_ctx); /** * \brief This function generates an ECDSA keypair on the given curve. @@ -560,8 +559,8 @@ int mbedtls_ecdsa_read_signature_restartable( mbedtls_ecdsa_context *ctx, * \return \c 0 on success. * \return An \c MBEDTLS_ERR_ECP_XXX code on failure. */ -int mbedtls_ecdsa_genkey( mbedtls_ecdsa_context *ctx, mbedtls_ecp_group_id gid, - int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ); +int mbedtls_ecdsa_genkey(mbedtls_ecdsa_context *ctx, mbedtls_ecp_group_id gid, + int (*f_rng)(void *, unsigned char *, size_t), void *p_rng); /** * \brief This function sets up an ECDSA context from an EC key pair. @@ -578,8 +577,8 @@ int mbedtls_ecdsa_genkey( mbedtls_ecdsa_context *ctx, mbedtls_ecp_group_id gid, * \return \c 0 on success. * \return An \c MBEDTLS_ERR_ECP_XXX code on failure. */ -int mbedtls_ecdsa_from_keypair( mbedtls_ecdsa_context *ctx, - const mbedtls_ecp_keypair *key ); +int mbedtls_ecdsa_from_keypair(mbedtls_ecdsa_context *ctx, + const mbedtls_ecp_keypair *key); /** * \brief This function initializes an ECDSA context. @@ -587,7 +586,7 @@ int mbedtls_ecdsa_from_keypair( mbedtls_ecdsa_context *ctx, * \param ctx The ECDSA context to initialize. * This must not be \c NULL. */ -void mbedtls_ecdsa_init( mbedtls_ecdsa_context *ctx ); +void mbedtls_ecdsa_init(mbedtls_ecdsa_context *ctx); /** * \brief This function frees an ECDSA context. @@ -596,7 +595,7 @@ void mbedtls_ecdsa_init( mbedtls_ecdsa_context *ctx ); * in which case this function does nothing. If it * is not \c NULL, it must be initialized. */ -void mbedtls_ecdsa_free( mbedtls_ecdsa_context *ctx ); +void mbedtls_ecdsa_free(mbedtls_ecdsa_context *ctx); #if defined(MBEDTLS_ECP_RESTARTABLE) /** @@ -605,7 +604,7 @@ void mbedtls_ecdsa_free( mbedtls_ecdsa_context *ctx ); * \param ctx The restart context to initialize. * This must not be \c NULL. */ -void mbedtls_ecdsa_restart_init( mbedtls_ecdsa_restart_ctx *ctx ); +void mbedtls_ecdsa_restart_init(mbedtls_ecdsa_restart_ctx *ctx); /** * \brief Free the components of a restart context. @@ -614,7 +613,7 @@ void mbedtls_ecdsa_restart_init( mbedtls_ecdsa_restart_ctx *ctx ); * in which case this function does nothing. If it * is not \c NULL, it must be initialized. */ -void mbedtls_ecdsa_restart_free( mbedtls_ecdsa_restart_ctx *ctx ); +void mbedtls_ecdsa_restart_free(mbedtls_ecdsa_restart_ctx *ctx); #endif /* MBEDTLS_ECP_RESTARTABLE */ #ifdef __cplusplus diff --git a/thirdparty/mbedtls/include/mbedtls/ecjpake.h b/thirdparty/mbedtls/include/mbedtls/ecjpake.h index 3564ff8dd3..b9928386dc 100644 --- a/thirdparty/mbedtls/include/mbedtls/ecjpake.h +++ b/thirdparty/mbedtls/include/mbedtls/ecjpake.h @@ -71,8 +71,7 @@ typedef enum { * convention from the Thread v1.0 spec. Correspondence is indicated in the * description as a pair C: client name, S: server name */ -typedef struct mbedtls_ecjpake_context -{ +typedef struct mbedtls_ecjpake_context { const mbedtls_md_info_t *md_info; /**< Hash to use */ mbedtls_ecp_group grp; /**< Elliptic curve */ mbedtls_ecjpake_role role; /**< Are we client or server? */ @@ -100,7 +99,7 @@ typedef struct mbedtls_ecjpake_context * \param ctx The ECJPAKE context to initialize. * This must not be \c NULL. */ -void mbedtls_ecjpake_init( mbedtls_ecjpake_context *ctx ); +void mbedtls_ecjpake_init(mbedtls_ecjpake_context *ctx); /** * \brief Set up an ECJPAKE context for use. @@ -123,12 +122,12 @@ void mbedtls_ecjpake_init( mbedtls_ecjpake_context *ctx ); * \return \c 0 if successful. * \return A negative error code on failure. */ -int mbedtls_ecjpake_setup( mbedtls_ecjpake_context *ctx, - mbedtls_ecjpake_role role, - mbedtls_md_type_t hash, - mbedtls_ecp_group_id curve, - const unsigned char *secret, - size_t len ); +int mbedtls_ecjpake_setup(mbedtls_ecjpake_context *ctx, + mbedtls_ecjpake_role role, + mbedtls_md_type_t hash, + mbedtls_ecp_group_id curve, + const unsigned char *secret, + size_t len); /** * \brief Check if an ECJPAKE context is ready for use. @@ -139,7 +138,7 @@ int mbedtls_ecjpake_setup( mbedtls_ecjpake_context *ctx, * \return \c 0 if the context is ready for use. * \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA otherwise. */ -int mbedtls_ecjpake_check( const mbedtls_ecjpake_context *ctx ); +int mbedtls_ecjpake_check(const mbedtls_ecjpake_context *ctx); /** * \brief Generate and write the first round message @@ -160,10 +159,10 @@ int mbedtls_ecjpake_check( const mbedtls_ecjpake_context *ctx ); * \return \c 0 if successful. * \return A negative error code on failure. */ -int mbedtls_ecjpake_write_round_one( mbedtls_ecjpake_context *ctx, - unsigned char *buf, size_t len, size_t *olen, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ); +int mbedtls_ecjpake_write_round_one(mbedtls_ecjpake_context *ctx, + unsigned char *buf, size_t len, size_t *olen, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng); /** * \brief Read and process the first round message @@ -179,9 +178,9 @@ int mbedtls_ecjpake_write_round_one( mbedtls_ecjpake_context *ctx, * \return \c 0 if successful. * \return A negative error code on failure. */ -int mbedtls_ecjpake_read_round_one( mbedtls_ecjpake_context *ctx, - const unsigned char *buf, - size_t len ); +int mbedtls_ecjpake_read_round_one(mbedtls_ecjpake_context *ctx, + const unsigned char *buf, + size_t len); /** * \brief Generate and write the second round message @@ -201,10 +200,10 @@ int mbedtls_ecjpake_read_round_one( mbedtls_ecjpake_context *ctx, * \return \c 0 if successful. * \return A negative error code on failure. */ -int mbedtls_ecjpake_write_round_two( mbedtls_ecjpake_context *ctx, - unsigned char *buf, size_t len, size_t *olen, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ); +int mbedtls_ecjpake_write_round_two(mbedtls_ecjpake_context *ctx, + unsigned char *buf, size_t len, size_t *olen, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng); /** * \brief Read and process the second round message @@ -219,9 +218,9 @@ int mbedtls_ecjpake_write_round_two( mbedtls_ecjpake_context *ctx, * \return \c 0 if successful. * \return A negative error code on failure. */ -int mbedtls_ecjpake_read_round_two( mbedtls_ecjpake_context *ctx, - const unsigned char *buf, - size_t len ); +int mbedtls_ecjpake_read_round_two(mbedtls_ecjpake_context *ctx, + const unsigned char *buf, + size_t len); /** * \brief Derive the shared secret @@ -241,10 +240,10 @@ int mbedtls_ecjpake_read_round_two( mbedtls_ecjpake_context *ctx, * \return \c 0 if successful. * \return A negative error code on failure. */ -int mbedtls_ecjpake_derive_secret( mbedtls_ecjpake_context *ctx, - unsigned char *buf, size_t len, size_t *olen, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ); +int mbedtls_ecjpake_derive_secret(mbedtls_ecjpake_context *ctx, + unsigned char *buf, size_t len, size_t *olen, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng); /** * \brief This clears an ECJPAKE context and frees any @@ -254,7 +253,7 @@ int mbedtls_ecjpake_derive_secret( mbedtls_ecjpake_context *ctx, * in which case this function does nothing. If it is not * \c NULL, it must point to an initialized ECJPAKE context. */ -void mbedtls_ecjpake_free( mbedtls_ecjpake_context *ctx ); +void mbedtls_ecjpake_free(mbedtls_ecjpake_context *ctx); #if defined(MBEDTLS_SELF_TEST) @@ -263,7 +262,7 @@ void mbedtls_ecjpake_free( mbedtls_ecjpake_context *ctx ); * * \return 0 if successful, or 1 if a test failed */ -int mbedtls_ecjpake_self_test( int verbose ); +int mbedtls_ecjpake_self_test(int verbose); #endif /* MBEDTLS_SELF_TEST */ diff --git a/thirdparty/mbedtls/include/mbedtls/ecp.h b/thirdparty/mbedtls/include/mbedtls/ecp.h index 64a0bccda0..5402e74b00 100644 --- a/thirdparty/mbedtls/include/mbedtls/ecp.h +++ b/thirdparty/mbedtls/include/mbedtls/ecp.h @@ -117,8 +117,7 @@ extern "C" { * - Add the curve to the ecp_supported_curves array in ecp.c. * - Add the curve to applicable profiles in x509_crt.c if applicable. */ -typedef enum -{ +typedef enum { MBEDTLS_ECP_DP_NONE = 0, /*!< Curve not defined. */ MBEDTLS_ECP_DP_SECP192R1, /*!< Domain parameters for the 192-bit curve defined by FIPS 186-4 and SEC1. */ MBEDTLS_ECP_DP_SECP224R1, /*!< Domain parameters for the 224-bit curve defined by FIPS 186-4 and SEC1. */ @@ -145,8 +144,7 @@ typedef enum /* * Curve types */ -typedef enum -{ +typedef enum { MBEDTLS_ECP_TYPE_NONE = 0, MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS, /* y^2 = x^3 + a x + b */ MBEDTLS_ECP_TYPE_MONTGOMERY, /* y^2 = x^3 + a x^2 + x */ @@ -155,8 +153,7 @@ typedef enum /** * Curve information, for use by other modules. */ -typedef struct mbedtls_ecp_curve_info -{ +typedef struct mbedtls_ecp_curve_info { mbedtls_ecp_group_id grp_id; /*!< An internal identifier. */ uint16_t tls_id; /*!< The TLS NamedCurve identifier. */ uint16_t bit_size; /*!< The curve size in bits. */ @@ -174,8 +171,7 @@ typedef struct mbedtls_ecp_curve_info * Otherwise, \p X and \p Y are its standard (affine) * coordinates. */ -typedef struct mbedtls_ecp_point -{ +typedef struct mbedtls_ecp_point { mbedtls_mpi X; /*!< The X coordinate of the ECP point. */ mbedtls_mpi Y; /*!< The Y coordinate of the ECP point. */ mbedtls_mpi Z; /*!< The Z coordinate of the ECP point. */ @@ -257,8 +253,7 @@ mbedtls_ecp_point; * identical. * */ -typedef struct mbedtls_ecp_group -{ +typedef struct mbedtls_ecp_group { mbedtls_ecp_group_id id; /*!< An internal group identifier. */ mbedtls_mpi P; /*!< The prime modulus of the base field. */ mbedtls_mpi A; /*!< For Short Weierstrass: \p A in the equation. For @@ -309,8 +304,8 @@ mbedtls_ecp_group; #define MBEDTLS_ECP_MAX_BITS 1 #endif -#define MBEDTLS_ECP_MAX_BYTES ( ( MBEDTLS_ECP_MAX_BITS + 7 ) / 8 ) -#define MBEDTLS_ECP_MAX_PT_LEN ( 2 * MBEDTLS_ECP_MAX_BYTES + 1 ) +#define MBEDTLS_ECP_MAX_BYTES ((MBEDTLS_ECP_MAX_BITS + 7) / 8) +#define MBEDTLS_ECP_MAX_PT_LEN (2 * MBEDTLS_ECP_MAX_BYTES + 1) #if !defined(MBEDTLS_ECP_WINDOW_SIZE) /* @@ -376,8 +371,7 @@ typedef struct mbedtls_ecp_restart_muladd mbedtls_ecp_restart_muladd_ctx; /** * \brief General context for resuming ECC operations */ -typedef struct -{ +typedef struct { unsigned ops_done; /*!< current ops count */ unsigned depth; /*!< call depth (0 = top-level) */ mbedtls_ecp_restart_mul_ctx *rsm; /*!< ecp_mul_comb() sub-context */ @@ -403,18 +397,18 @@ typedef struct * \return \c 0 if doing \p ops basic ops is still allowed, * \return #MBEDTLS_ERR_ECP_IN_PROGRESS otherwise. */ -int mbedtls_ecp_check_budget( const mbedtls_ecp_group *grp, - mbedtls_ecp_restart_ctx *rs_ctx, - unsigned ops ); +int mbedtls_ecp_check_budget(const mbedtls_ecp_group *grp, + mbedtls_ecp_restart_ctx *rs_ctx, + unsigned ops); /* Utility macro for checking and updating ops budget */ -#define MBEDTLS_ECP_BUDGET( ops ) \ - MBEDTLS_MPI_CHK( mbedtls_ecp_check_budget( grp, rs_ctx, \ - (unsigned) (ops) ) ); +#define MBEDTLS_ECP_BUDGET(ops) \ + MBEDTLS_MPI_CHK(mbedtls_ecp_check_budget(grp, rs_ctx, \ + (unsigned) (ops))); #else /* MBEDTLS_ECP_RESTARTABLE */ -#define MBEDTLS_ECP_BUDGET( ops ) /* no-op; for compatibility */ +#define MBEDTLS_ECP_BUDGET(ops) /* no-op; for compatibility */ /* We want to declare restartable versions of existing functions anyway */ typedef void mbedtls_ecp_restart_ctx; @@ -429,8 +423,7 @@ typedef void mbedtls_ecp_restart_ctx; * \note Members are deliberately in the same order as in the * ::mbedtls_ecdsa_context structure. */ -typedef struct mbedtls_ecp_keypair -{ +typedef struct mbedtls_ecp_keypair { mbedtls_ecp_group grp; /*!< Elliptic curve and base point */ mbedtls_mpi d; /*!< our secret value */ mbedtls_ecp_point Q; /*!< our public value */ @@ -506,7 +499,7 @@ mbedtls_ecp_keypair; * * \note This setting is currently ignored by Curve25519. */ -void mbedtls_ecp_set_max_ops( unsigned max_ops ); +void mbedtls_ecp_set_max_ops(unsigned max_ops); /** * \brief Check if restart is enabled (max_ops != 0) @@ -514,13 +507,13 @@ void mbedtls_ecp_set_max_ops( unsigned max_ops ); * \return \c 0 if \c max_ops == 0 (restart disabled) * \return \c 1 otherwise (restart enabled) */ -int mbedtls_ecp_restart_is_enabled( void ); +int mbedtls_ecp_restart_is_enabled(void); #endif /* MBEDTLS_ECP_RESTARTABLE */ /* * Get the type of a curve */ -mbedtls_ecp_curve_type mbedtls_ecp_get_type( const mbedtls_ecp_group *grp ); +mbedtls_ecp_curve_type mbedtls_ecp_get_type(const mbedtls_ecp_group *grp); /** * \brief This function retrieves the information defined in @@ -534,7 +527,7 @@ mbedtls_ecp_curve_type mbedtls_ecp_get_type( const mbedtls_ecp_group *grp ); * * \return A statically allocated array. The last entry is 0. */ -const mbedtls_ecp_curve_info *mbedtls_ecp_curve_list( void ); +const mbedtls_ecp_curve_info *mbedtls_ecp_curve_list(void); /** * \brief This function retrieves the list of internal group @@ -550,7 +543,7 @@ const mbedtls_ecp_curve_info *mbedtls_ecp_curve_list( void ); * \return A statically allocated array, * terminated with MBEDTLS_ECP_DP_NONE. */ -const mbedtls_ecp_group_id *mbedtls_ecp_grp_id_list( void ); +const mbedtls_ecp_group_id *mbedtls_ecp_grp_id_list(void); /** * \brief This function retrieves curve information from an internal @@ -561,7 +554,7 @@ const mbedtls_ecp_group_id *mbedtls_ecp_grp_id_list( void ); * \return The associated curve information on success. * \return NULL on failure. */ -const mbedtls_ecp_curve_info *mbedtls_ecp_curve_info_from_grp_id( mbedtls_ecp_group_id grp_id ); +const mbedtls_ecp_curve_info *mbedtls_ecp_curve_info_from_grp_id(mbedtls_ecp_group_id grp_id); /** * \brief This function retrieves curve information from a TLS @@ -572,7 +565,7 @@ const mbedtls_ecp_curve_info *mbedtls_ecp_curve_info_from_grp_id( mbedtls_ecp_gr * \return The associated curve information on success. * \return NULL on failure. */ -const mbedtls_ecp_curve_info *mbedtls_ecp_curve_info_from_tls_id( uint16_t tls_id ); +const mbedtls_ecp_curve_info *mbedtls_ecp_curve_info_from_tls_id(uint16_t tls_id); /** * \brief This function retrieves curve information from a @@ -583,14 +576,14 @@ const mbedtls_ecp_curve_info *mbedtls_ecp_curve_info_from_tls_id( uint16_t tls_i * \return The associated curve information on success. * \return NULL on failure. */ -const mbedtls_ecp_curve_info *mbedtls_ecp_curve_info_from_name( const char *name ); +const mbedtls_ecp_curve_info *mbedtls_ecp_curve_info_from_name(const char *name); /** * \brief This function initializes a point as zero. * * \param pt The point to initialize. */ -void mbedtls_ecp_point_init( mbedtls_ecp_point *pt ); +void mbedtls_ecp_point_init(mbedtls_ecp_point *pt); /** * \brief This function initializes an ECP group context @@ -601,21 +594,21 @@ void mbedtls_ecp_point_init( mbedtls_ecp_point *pt ); * mbedtls_ecp_group_load() or mbedtls_ecp_tls_read_group() * functions. */ -void mbedtls_ecp_group_init( mbedtls_ecp_group *grp ); +void mbedtls_ecp_group_init(mbedtls_ecp_group *grp); /** * \brief This function initializes a key pair as an invalid one. * * \param key The key pair to initialize. */ -void mbedtls_ecp_keypair_init( mbedtls_ecp_keypair *key ); +void mbedtls_ecp_keypair_init(mbedtls_ecp_keypair *key); /** * \brief This function frees the components of a point. * * \param pt The point to free. */ -void mbedtls_ecp_point_free( mbedtls_ecp_point *pt ); +void mbedtls_ecp_point_free(mbedtls_ecp_point *pt); /** * \brief This function frees the components of an ECP group. @@ -624,7 +617,7 @@ void mbedtls_ecp_point_free( mbedtls_ecp_point *pt ); * case this function returns immediately. If it is not * \c NULL, it must point to an initialized ECP group. */ -void mbedtls_ecp_group_free( mbedtls_ecp_group *grp ); +void mbedtls_ecp_group_free(mbedtls_ecp_group *grp); /** * \brief This function frees the components of a key pair. @@ -633,7 +626,7 @@ void mbedtls_ecp_group_free( mbedtls_ecp_group *grp ); * case this function returns immediately. If it is not * \c NULL, it must point to an initialized ECP key pair. */ -void mbedtls_ecp_keypair_free( mbedtls_ecp_keypair *key ); +void mbedtls_ecp_keypair_free(mbedtls_ecp_keypair *key); #if defined(MBEDTLS_ECP_RESTARTABLE) /** @@ -642,7 +635,7 @@ void mbedtls_ecp_keypair_free( mbedtls_ecp_keypair *key ); * \param ctx The restart context to initialize. This must * not be \c NULL. */ -void mbedtls_ecp_restart_init( mbedtls_ecp_restart_ctx *ctx ); +void mbedtls_ecp_restart_init(mbedtls_ecp_restart_ctx *ctx); /** * \brief Free the components of a restart context. @@ -651,7 +644,7 @@ void mbedtls_ecp_restart_init( mbedtls_ecp_restart_ctx *ctx ); * case this function returns immediately. If it is not * \c NULL, it must point to an initialized restart context. */ -void mbedtls_ecp_restart_free( mbedtls_ecp_restart_ctx *ctx ); +void mbedtls_ecp_restart_free(mbedtls_ecp_restart_ctx *ctx); #endif /* MBEDTLS_ECP_RESTARTABLE */ /** @@ -665,7 +658,7 @@ void mbedtls_ecp_restart_free( mbedtls_ecp_restart_ctx *ctx ); * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure. * \return Another negative error code for other kinds of failure. */ -int mbedtls_ecp_copy( mbedtls_ecp_point *P, const mbedtls_ecp_point *Q ); +int mbedtls_ecp_copy(mbedtls_ecp_point *P, const mbedtls_ecp_point *Q); /** * \brief This function copies the contents of group \p src into @@ -678,8 +671,8 @@ int mbedtls_ecp_copy( mbedtls_ecp_point *P, const mbedtls_ecp_point *Q ); * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure. * \return Another negative error code on other kinds of failure. */ -int mbedtls_ecp_group_copy( mbedtls_ecp_group *dst, - const mbedtls_ecp_group *src ); +int mbedtls_ecp_group_copy(mbedtls_ecp_group *dst, + const mbedtls_ecp_group *src); /** * \brief This function sets a point to the point at infinity. @@ -690,7 +683,7 @@ int mbedtls_ecp_group_copy( mbedtls_ecp_group *dst, * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure. * \return Another negative error code on other kinds of failure. */ -int mbedtls_ecp_set_zero( mbedtls_ecp_point *pt ); +int mbedtls_ecp_set_zero(mbedtls_ecp_point *pt); /** * \brief This function checks if a point is the point at infinity. @@ -701,7 +694,7 @@ int mbedtls_ecp_set_zero( mbedtls_ecp_point *pt ); * \return \c 0 if the point is non-zero. * \return A negative error code on failure. */ -int mbedtls_ecp_is_zero( mbedtls_ecp_point *pt ); +int mbedtls_ecp_is_zero(mbedtls_ecp_point *pt); /** * \brief This function compares two points. @@ -715,8 +708,8 @@ int mbedtls_ecp_is_zero( mbedtls_ecp_point *pt ); * \return \c 0 if the points are equal. * \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if the points are not equal. */ -int mbedtls_ecp_point_cmp( const mbedtls_ecp_point *P, - const mbedtls_ecp_point *Q ); +int mbedtls_ecp_point_cmp(const mbedtls_ecp_point *P, + const mbedtls_ecp_point *Q); /** * \brief This function imports a non-zero point from two ASCII @@ -730,8 +723,8 @@ int mbedtls_ecp_point_cmp( const mbedtls_ecp_point *P, * \return \c 0 on success. * \return An \c MBEDTLS_ERR_MPI_XXX error code on failure. */ -int mbedtls_ecp_point_read_string( mbedtls_ecp_point *P, int radix, - const char *x, const char *y ); +int mbedtls_ecp_point_read_string(mbedtls_ecp_point *P, int radix, + const char *x, const char *y); /** * \brief This function exports a point into unsigned binary data. @@ -758,10 +751,10 @@ int mbedtls_ecp_point_read_string( mbedtls_ecp_point *P, int radix, * or the export for the given group is not implemented. * \return Another negative error code on other kinds of failure. */ -int mbedtls_ecp_point_write_binary( const mbedtls_ecp_group *grp, - const mbedtls_ecp_point *P, - int format, size_t *olen, - unsigned char *buf, size_t buflen ); +int mbedtls_ecp_point_write_binary(const mbedtls_ecp_group *grp, + const mbedtls_ecp_point *P, + int format, size_t *olen, + unsigned char *buf, size_t buflen); /** * \brief This function imports a point from unsigned binary data. @@ -785,9 +778,9 @@ int mbedtls_ecp_point_write_binary( const mbedtls_ecp_group *grp, * \return #MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE if the import for the * given group is not implemented. */ -int mbedtls_ecp_point_read_binary( const mbedtls_ecp_group *grp, - mbedtls_ecp_point *P, - const unsigned char *buf, size_t ilen ); +int mbedtls_ecp_point_read_binary(const mbedtls_ecp_group *grp, + mbedtls_ecp_point *P, + const unsigned char *buf, size_t ilen); /** * \brief This function imports a point from a TLS ECPoint record. @@ -807,9 +800,9 @@ int mbedtls_ecp_point_read_binary( const mbedtls_ecp_group *grp, * failure. * \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if input is invalid. */ -int mbedtls_ecp_tls_read_point( const mbedtls_ecp_group *grp, - mbedtls_ecp_point *pt, - const unsigned char **buf, size_t len ); +int mbedtls_ecp_tls_read_point(const mbedtls_ecp_group *grp, + mbedtls_ecp_point *pt, + const unsigned char **buf, size_t len); /** * \brief This function exports a point as a TLS ECPoint record @@ -833,10 +826,10 @@ int mbedtls_ecp_tls_read_point( const mbedtls_ecp_group *grp, * is too small to hold the exported point. * \return Another negative error code on other kinds of failure. */ -int mbedtls_ecp_tls_write_point( const mbedtls_ecp_group *grp, - const mbedtls_ecp_point *pt, - int format, size_t *olen, - unsigned char *buf, size_t blen ); +int mbedtls_ecp_tls_write_point(const mbedtls_ecp_group *grp, + const mbedtls_ecp_point *pt, + int format, size_t *olen, + unsigned char *buf, size_t blen); /** * \brief This function sets up an ECP group context @@ -855,7 +848,7 @@ int mbedtls_ecp_tls_write_point( const mbedtls_ecp_group *grp, * correspond to a known group. * \return Another negative error code on other kinds of failure. */ -int mbedtls_ecp_group_load( mbedtls_ecp_group *grp, mbedtls_ecp_group_id id ); +int mbedtls_ecp_group_load(mbedtls_ecp_group *grp, mbedtls_ecp_group_id id); /** * \brief This function sets up an ECP group context from a TLS @@ -874,8 +867,8 @@ int mbedtls_ecp_group_load( mbedtls_ecp_group *grp, mbedtls_ecp_group_id id ); * recognized. * \return Another negative error code on other kinds of failure. */ -int mbedtls_ecp_tls_read_group( mbedtls_ecp_group *grp, - const unsigned char **buf, size_t len ); +int mbedtls_ecp_tls_read_group(mbedtls_ecp_group *grp, + const unsigned char **buf, size_t len); /** * \brief This function extracts an elliptic curve group ID from a @@ -895,9 +888,9 @@ int mbedtls_ecp_tls_read_group( mbedtls_ecp_group *grp, * recognized. * \return Another negative error code on other kinds of failure. */ -int mbedtls_ecp_tls_read_group_id( mbedtls_ecp_group_id *grp, - const unsigned char **buf, - size_t len ); +int mbedtls_ecp_tls_read_group_id(mbedtls_ecp_group_id *grp, + const unsigned char **buf, + size_t len); /** * \brief This function exports an elliptic curve as a TLS * ECParameters record as defined in RFC 4492, Section 5.4. @@ -916,9 +909,9 @@ int mbedtls_ecp_tls_read_group_id( mbedtls_ecp_group_id *grp, * buffer is too small to hold the exported group. * \return Another negative error code on other kinds of failure. */ -int mbedtls_ecp_tls_write_group( const mbedtls_ecp_group *grp, - size_t *olen, - unsigned char *buf, size_t blen ); +int mbedtls_ecp_tls_write_group(const mbedtls_ecp_group *grp, + size_t *olen, + unsigned char *buf, size_t blen); /** * \brief This function performs a scalar multiplication of a point @@ -956,9 +949,9 @@ int mbedtls_ecp_tls_write_group( const mbedtls_ecp_group *grp, * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure. * \return Another negative error code on other kinds of failure. */ -int mbedtls_ecp_mul( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, - const mbedtls_mpi *m, const mbedtls_ecp_point *P, - int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ); +int mbedtls_ecp_mul(mbedtls_ecp_group *grp, mbedtls_ecp_point *R, + const mbedtls_mpi *m, const mbedtls_ecp_point *P, + int (*f_rng)(void *, unsigned char *, size_t), void *p_rng); /** * \brief This function performs multiplication of a point by @@ -990,10 +983,10 @@ int mbedtls_ecp_mul( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, * operations was reached: see \c mbedtls_ecp_set_max_ops(). * \return Another negative error code on other kinds of failure. */ -int mbedtls_ecp_mul_restartable( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, - const mbedtls_mpi *m, const mbedtls_ecp_point *P, - int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, - mbedtls_ecp_restart_ctx *rs_ctx ); +int mbedtls_ecp_mul_restartable(mbedtls_ecp_group *grp, mbedtls_ecp_point *R, + const mbedtls_mpi *m, const mbedtls_ecp_point *P, + int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, + mbedtls_ecp_restart_ctx *rs_ctx); #if defined(MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED) /** @@ -1031,9 +1024,9 @@ int mbedtls_ecp_mul_restartable( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, * designate a short Weierstrass curve. * \return Another negative error code on other kinds of failure. */ -int mbedtls_ecp_muladd( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, - const mbedtls_mpi *m, const mbedtls_ecp_point *P, - const mbedtls_mpi *n, const mbedtls_ecp_point *Q ); +int mbedtls_ecp_muladd(mbedtls_ecp_group *grp, mbedtls_ecp_point *R, + const mbedtls_mpi *m, const mbedtls_ecp_point *P, + const mbedtls_mpi *n, const mbedtls_ecp_point *Q); /** * \brief This function performs multiplication and addition of two @@ -1076,10 +1069,10 @@ int mbedtls_ecp_muladd( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, * \return Another negative error code on other kinds of failure. */ int mbedtls_ecp_muladd_restartable( - mbedtls_ecp_group *grp, mbedtls_ecp_point *R, - const mbedtls_mpi *m, const mbedtls_ecp_point *P, - const mbedtls_mpi *n, const mbedtls_ecp_point *Q, - mbedtls_ecp_restart_ctx *rs_ctx ); + mbedtls_ecp_group *grp, mbedtls_ecp_point *R, + const mbedtls_mpi *m, const mbedtls_ecp_point *P, + const mbedtls_mpi *n, const mbedtls_ecp_point *Q, + mbedtls_ecp_restart_ctx *rs_ctx); #endif /* MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED */ /** @@ -1109,8 +1102,8 @@ int mbedtls_ecp_muladd_restartable( * a valid public key for the given curve. * \return Another negative error code on other kinds of failure. */ -int mbedtls_ecp_check_pubkey( const mbedtls_ecp_group *grp, - const mbedtls_ecp_point *pt ); +int mbedtls_ecp_check_pubkey(const mbedtls_ecp_group *grp, + const mbedtls_ecp_point *pt); /** * \brief This function checks that an \p mbedtls_mpi is a @@ -1131,8 +1124,8 @@ int mbedtls_ecp_check_pubkey( const mbedtls_ecp_group *grp, * private key for the given curve. * \return Another negative error code on other kinds of failure. */ -int mbedtls_ecp_check_privkey( const mbedtls_ecp_group *grp, - const mbedtls_mpi *d ); +int mbedtls_ecp_check_privkey(const mbedtls_ecp_group *grp, + const mbedtls_mpi *d); /** * \brief This function generates a private key. @@ -1149,10 +1142,10 @@ int mbedtls_ecp_check_privkey( const mbedtls_ecp_group *grp, * \return An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX error code * on failure. */ -int mbedtls_ecp_gen_privkey( const mbedtls_ecp_group *grp, - mbedtls_mpi *d, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ); +int mbedtls_ecp_gen_privkey(const mbedtls_ecp_group *grp, + mbedtls_mpi *d, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng); /** * \brief This function generates a keypair with a configurable base @@ -1181,11 +1174,11 @@ int mbedtls_ecp_gen_privkey( const mbedtls_ecp_group *grp, * \return An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX error code * on failure. */ -int mbedtls_ecp_gen_keypair_base( mbedtls_ecp_group *grp, - const mbedtls_ecp_point *G, - mbedtls_mpi *d, mbedtls_ecp_point *Q, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ); +int mbedtls_ecp_gen_keypair_base(mbedtls_ecp_group *grp, + const mbedtls_ecp_point *G, + mbedtls_mpi *d, mbedtls_ecp_point *Q, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng); /** * \brief This function generates an ECP keypair. @@ -1210,10 +1203,10 @@ int mbedtls_ecp_gen_keypair_base( mbedtls_ecp_group *grp, * \return An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX error code * on failure. */ -int mbedtls_ecp_gen_keypair( mbedtls_ecp_group *grp, mbedtls_mpi *d, - mbedtls_ecp_point *Q, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ); +int mbedtls_ecp_gen_keypair(mbedtls_ecp_group *grp, mbedtls_mpi *d, + mbedtls_ecp_point *Q, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng); /** * \brief This function generates an ECP key. @@ -1228,9 +1221,9 @@ int mbedtls_ecp_gen_keypair( mbedtls_ecp_group *grp, mbedtls_mpi *d, * \return An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX error code * on failure. */ -int mbedtls_ecp_gen_key( mbedtls_ecp_group_id grp_id, mbedtls_ecp_keypair *key, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ); +int mbedtls_ecp_gen_key(mbedtls_ecp_group_id grp_id, mbedtls_ecp_keypair *key, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng); /** * \brief This function reads an elliptic curve private key. @@ -1250,8 +1243,8 @@ int mbedtls_ecp_gen_key( mbedtls_ecp_group_id grp_id, mbedtls_ecp_keypair *key, * the group is not implemented. * \return Another negative error code on different kinds of failure. */ -int mbedtls_ecp_read_key( mbedtls_ecp_group_id grp_id, mbedtls_ecp_keypair *key, - const unsigned char *buf, size_t buflen ); +int mbedtls_ecp_read_key(mbedtls_ecp_group_id grp_id, mbedtls_ecp_keypair *key, + const unsigned char *buf, size_t buflen); /** * \brief This function exports an elliptic curve private key. @@ -1269,8 +1262,8 @@ int mbedtls_ecp_read_key( mbedtls_ecp_group_id grp_id, mbedtls_ecp_keypair *key, * the group is not implemented. * \return Another negative error code on different kinds of failure. */ -int mbedtls_ecp_write_key( mbedtls_ecp_keypair *key, - unsigned char *buf, size_t buflen ); +int mbedtls_ecp_write_key(mbedtls_ecp_keypair *key, + unsigned char *buf, size_t buflen); /** * \brief This function checks that the keypair objects @@ -1289,8 +1282,8 @@ int mbedtls_ecp_write_key( mbedtls_ecp_keypair *key, * \return An \c MBEDTLS_ERR_ECP_XXX or an \c MBEDTLS_ERR_MPI_XXX * error code on calculation failure. */ -int mbedtls_ecp_check_pub_priv( const mbedtls_ecp_keypair *pub, - const mbedtls_ecp_keypair *prv ); +int mbedtls_ecp_check_pub_priv(const mbedtls_ecp_keypair *pub, + const mbedtls_ecp_keypair *prv); #if defined(MBEDTLS_SELF_TEST) @@ -1300,7 +1293,7 @@ int mbedtls_ecp_check_pub_priv( const mbedtls_ecp_keypair *pub, * \return \c 0 on success. * \return \c 1 on failure. */ -int mbedtls_ecp_self_test( int verbose ); +int mbedtls_ecp_self_test(int verbose); #endif /* MBEDTLS_SELF_TEST */ diff --git a/thirdparty/mbedtls/include/mbedtls/ecp_internal.h b/thirdparty/mbedtls/include/mbedtls/ecp_internal.h index 6a47a8ff27..acaaa087d6 100644 --- a/thirdparty/mbedtls/include/mbedtls/ecp_internal.h +++ b/thirdparty/mbedtls/include/mbedtls/ecp_internal.h @@ -76,7 +76,7 @@ * * \return Non-zero if successful. */ -unsigned char mbedtls_internal_ecp_grp_capable( const mbedtls_ecp_group *grp ); +unsigned char mbedtls_internal_ecp_grp_capable(const mbedtls_ecp_group *grp); /** * \brief Initialise the Elliptic Curve Point module extension. @@ -93,7 +93,7 @@ unsigned char mbedtls_internal_ecp_grp_capable( const mbedtls_ecp_group *grp ); * * \return 0 if successful. */ -int mbedtls_internal_ecp_init( const mbedtls_ecp_group *grp ); +int mbedtls_internal_ecp_init(const mbedtls_ecp_group *grp); /** * \brief Frees and deallocates the Elliptic Curve Point module @@ -101,7 +101,7 @@ int mbedtls_internal_ecp_init( const mbedtls_ecp_group *grp ); * * \param grp The pointer to the group the module was initialised for. */ -void mbedtls_internal_ecp_free( const mbedtls_ecp_group *grp ); +void mbedtls_internal_ecp_free(const mbedtls_ecp_group *grp); #if defined(MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED) @@ -121,9 +121,11 @@ void mbedtls_internal_ecp_free( const mbedtls_ecp_group *grp ); * * \return 0 if successful. */ -int mbedtls_internal_ecp_randomize_jac( const mbedtls_ecp_group *grp, - mbedtls_ecp_point *pt, int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ); +int mbedtls_internal_ecp_randomize_jac(const mbedtls_ecp_group *grp, + mbedtls_ecp_point *pt, int (*f_rng)(void *, + unsigned char *, + size_t), + void *p_rng); #endif #if defined(MBEDTLS_ECP_ADD_MIXED_ALT) @@ -166,9 +168,9 @@ int mbedtls_internal_ecp_randomize_jac( const mbedtls_ecp_group *grp, * * \return 0 if successful. */ -int mbedtls_internal_ecp_add_mixed( const mbedtls_ecp_group *grp, - mbedtls_ecp_point *R, const mbedtls_ecp_point *P, - const mbedtls_ecp_point *Q ); +int mbedtls_internal_ecp_add_mixed(const mbedtls_ecp_group *grp, + mbedtls_ecp_point *R, const mbedtls_ecp_point *P, + const mbedtls_ecp_point *Q); #endif /** @@ -191,8 +193,8 @@ int mbedtls_internal_ecp_add_mixed( const mbedtls_ecp_group *grp, * \return 0 if successful. */ #if defined(MBEDTLS_ECP_DOUBLE_JAC_ALT) -int mbedtls_internal_ecp_double_jac( const mbedtls_ecp_group *grp, - mbedtls_ecp_point *R, const mbedtls_ecp_point *P ); +int mbedtls_internal_ecp_double_jac(const mbedtls_ecp_group *grp, + mbedtls_ecp_point *R, const mbedtls_ecp_point *P); #endif /** @@ -221,8 +223,8 @@ int mbedtls_internal_ecp_double_jac( const mbedtls_ecp_group *grp, * an error if one of the points is zero. */ #if defined(MBEDTLS_ECP_NORMALIZE_JAC_MANY_ALT) -int mbedtls_internal_ecp_normalize_jac_many( const mbedtls_ecp_group *grp, - mbedtls_ecp_point *T[], size_t t_len ); +int mbedtls_internal_ecp_normalize_jac_many(const mbedtls_ecp_group *grp, + mbedtls_ecp_point *T[], size_t t_len); #endif /** @@ -239,8 +241,8 @@ int mbedtls_internal_ecp_normalize_jac_many( const mbedtls_ecp_group *grp, * \return 0 if successful. */ #if defined(MBEDTLS_ECP_NORMALIZE_JAC_ALT) -int mbedtls_internal_ecp_normalize_jac( const mbedtls_ecp_group *grp, - mbedtls_ecp_point *pt ); +int mbedtls_internal_ecp_normalize_jac(const mbedtls_ecp_group *grp, + mbedtls_ecp_point *pt); #endif #endif /* MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED */ @@ -248,9 +250,12 @@ int mbedtls_internal_ecp_normalize_jac( const mbedtls_ecp_group *grp, #if defined(MBEDTLS_ECP_MONTGOMERY_ENABLED) #if defined(MBEDTLS_ECP_DOUBLE_ADD_MXZ_ALT) -int mbedtls_internal_ecp_double_add_mxz( const mbedtls_ecp_group *grp, - mbedtls_ecp_point *R, mbedtls_ecp_point *S, const mbedtls_ecp_point *P, - const mbedtls_ecp_point *Q, const mbedtls_mpi *d ); +int mbedtls_internal_ecp_double_add_mxz(const mbedtls_ecp_group *grp, + mbedtls_ecp_point *R, + mbedtls_ecp_point *S, + const mbedtls_ecp_point *P, + const mbedtls_ecp_point *Q, + const mbedtls_mpi *d); #endif /** @@ -269,9 +274,11 @@ int mbedtls_internal_ecp_double_add_mxz( const mbedtls_ecp_group *grp, * \return 0 if successful */ #if defined(MBEDTLS_ECP_RANDOMIZE_MXZ_ALT) -int mbedtls_internal_ecp_randomize_mxz( const mbedtls_ecp_group *grp, - mbedtls_ecp_point *P, int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ); +int mbedtls_internal_ecp_randomize_mxz(const mbedtls_ecp_group *grp, + mbedtls_ecp_point *P, int (*f_rng)(void *, + unsigned char *, + size_t), + void *p_rng); #endif /** @@ -285,8 +292,8 @@ int mbedtls_internal_ecp_randomize_mxz( const mbedtls_ecp_group *grp, * \return 0 if successful */ #if defined(MBEDTLS_ECP_NORMALIZE_MXZ_ALT) -int mbedtls_internal_ecp_normalize_mxz( const mbedtls_ecp_group *grp, - mbedtls_ecp_point *P ); +int mbedtls_internal_ecp_normalize_mxz(const mbedtls_ecp_group *grp, + mbedtls_ecp_point *P); #endif #endif /* MBEDTLS_ECP_MONTGOMERY_ENABLED */ @@ -294,4 +301,3 @@ int mbedtls_internal_ecp_normalize_mxz( const mbedtls_ecp_group *grp, #endif /* MBEDTLS_ECP_INTERNAL_ALT */ #endif /* ecp_internal.h */ - diff --git a/thirdparty/mbedtls/include/mbedtls/entropy.h b/thirdparty/mbedtls/include/mbedtls/entropy.h index 40259ebc8a..4075d2ae60 100644 --- a/thirdparty/mbedtls/include/mbedtls/entropy.h +++ b/thirdparty/mbedtls/include/mbedtls/entropy.h @@ -105,15 +105,14 @@ extern "C" { * MBEDTLS_ERR_ENTROPY_SOURCE_FAILED otherwise */ typedef int (*mbedtls_entropy_f_source_ptr)(void *data, unsigned char *output, size_t len, - size_t *olen); + size_t *olen); /** * \brief Entropy source state */ -typedef struct mbedtls_entropy_source_state -{ +typedef struct mbedtls_entropy_source_state { mbedtls_entropy_f_source_ptr f_source; /**< The entropy source callback */ - void * p_source; /**< The callback data pointer */ + void *p_source; /**< The callback data pointer */ size_t size; /**< Amount received in bytes */ size_t threshold; /**< Minimum bytes required before release */ int strong; /**< Is the source strong? */ @@ -123,8 +122,7 @@ mbedtls_entropy_source_state; /** * \brief Entropy context structure */ -typedef struct mbedtls_entropy_context -{ +typedef struct mbedtls_entropy_context { int accumulator_started; /* 0 after init. * 1 after the first update. * -1 after free. */ @@ -152,14 +150,14 @@ mbedtls_entropy_context; * * \param ctx Entropy context to initialize */ -void mbedtls_entropy_init( mbedtls_entropy_context *ctx ); +void mbedtls_entropy_init(mbedtls_entropy_context *ctx); /** * \brief Free the data in the context * * \param ctx Entropy context to free */ -void mbedtls_entropy_free( mbedtls_entropy_context *ctx ); +void mbedtls_entropy_free(mbedtls_entropy_context *ctx); /** * \brief Adds an entropy source to poll @@ -178,9 +176,9 @@ void mbedtls_entropy_free( mbedtls_entropy_context *ctx ); * * \return 0 if successful or MBEDTLS_ERR_ENTROPY_MAX_SOURCES */ -int mbedtls_entropy_add_source( mbedtls_entropy_context *ctx, - mbedtls_entropy_f_source_ptr f_source, void *p_source, - size_t threshold, int strong ); +int mbedtls_entropy_add_source(mbedtls_entropy_context *ctx, + mbedtls_entropy_f_source_ptr f_source, void *p_source, + size_t threshold, int strong); /** * \brief Trigger an extra gather poll for the accumulator @@ -190,7 +188,7 @@ int mbedtls_entropy_add_source( mbedtls_entropy_context *ctx, * * \return 0 if successful, or MBEDTLS_ERR_ENTROPY_SOURCE_FAILED */ -int mbedtls_entropy_gather( mbedtls_entropy_context *ctx ); +int mbedtls_entropy_gather(mbedtls_entropy_context *ctx); /** * \brief Retrieve entropy from the accumulator @@ -203,7 +201,7 @@ int mbedtls_entropy_gather( mbedtls_entropy_context *ctx ); * * \return 0 if successful, or MBEDTLS_ERR_ENTROPY_SOURCE_FAILED */ -int mbedtls_entropy_func( void *data, unsigned char *output, size_t len ); +int mbedtls_entropy_func(void *data, unsigned char *output, size_t len); /** * \brief Add data to the accumulator manually @@ -215,8 +213,8 @@ int mbedtls_entropy_func( void *data, unsigned char *output, size_t len ); * * \return 0 if successful */ -int mbedtls_entropy_update_manual( mbedtls_entropy_context *ctx, - const unsigned char *data, size_t len ); +int mbedtls_entropy_update_manual(mbedtls_entropy_context *ctx, + const unsigned char *data, size_t len); #if defined(MBEDTLS_ENTROPY_NV_SEED) /** @@ -227,7 +225,7 @@ int mbedtls_entropy_update_manual( mbedtls_entropy_context *ctx, * * \return 0 if successful */ -int mbedtls_entropy_update_nv_seed( mbedtls_entropy_context *ctx ); +int mbedtls_entropy_update_nv_seed(mbedtls_entropy_context *ctx); #endif /* MBEDTLS_ENTROPY_NV_SEED */ #if defined(MBEDTLS_FS_IO) @@ -241,7 +239,7 @@ int mbedtls_entropy_update_nv_seed( mbedtls_entropy_context *ctx ); * MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR on file error, or * MBEDTLS_ERR_ENTROPY_SOURCE_FAILED */ -int mbedtls_entropy_write_seed_file( mbedtls_entropy_context *ctx, const char *path ); +int mbedtls_entropy_write_seed_file(mbedtls_entropy_context *ctx, const char *path); /** * \brief Read and update a seed file. Seed is added to this @@ -255,7 +253,7 @@ int mbedtls_entropy_write_seed_file( mbedtls_entropy_context *ctx, const char *p * MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR on file error, * MBEDTLS_ERR_ENTROPY_SOURCE_FAILED */ -int mbedtls_entropy_update_seed_file( mbedtls_entropy_context *ctx, const char *path ); +int mbedtls_entropy_update_seed_file(mbedtls_entropy_context *ctx, const char *path); #endif /* MBEDTLS_FS_IO */ #if defined(MBEDTLS_SELF_TEST) @@ -267,7 +265,7 @@ int mbedtls_entropy_update_seed_file( mbedtls_entropy_context *ctx, const char * * * \return 0 if successful, or 1 if a test failed */ -int mbedtls_entropy_self_test( int verbose ); +int mbedtls_entropy_self_test(int verbose); #if defined(MBEDTLS_ENTROPY_HARDWARE_ALT) /** @@ -283,7 +281,7 @@ int mbedtls_entropy_self_test( int verbose ); * * \return 0 if successful, or 1 if a test failed */ -int mbedtls_entropy_source_self_test( int verbose ); +int mbedtls_entropy_source_self_test(int verbose); #endif /* MBEDTLS_ENTROPY_HARDWARE_ALT */ #endif /* MBEDTLS_SELF_TEST */ diff --git a/thirdparty/mbedtls/include/mbedtls/entropy_poll.h b/thirdparty/mbedtls/include/mbedtls/entropy_poll.h index e1d7491aa2..eca3b5620c 100644 --- a/thirdparty/mbedtls/include/mbedtls/entropy_poll.h +++ b/thirdparty/mbedtls/include/mbedtls/entropy_poll.h @@ -48,16 +48,16 @@ extern "C" { * \brief Entropy poll callback that provides 0 entropy. */ #if defined(MBEDTLS_TEST_NULL_ENTROPY) - int mbedtls_null_entropy_poll( void *data, - unsigned char *output, size_t len, size_t *olen ); +int mbedtls_null_entropy_poll(void *data, + unsigned char *output, size_t len, size_t *olen); #endif #if !defined(MBEDTLS_NO_PLATFORM_ENTROPY) /** * \brief Platform-specific entropy poll callback */ -int mbedtls_platform_entropy_poll( void *data, - unsigned char *output, size_t len, size_t *olen ); +int mbedtls_platform_entropy_poll(void *data, + unsigned char *output, size_t len, size_t *olen); #endif #if defined(MBEDTLS_HAVEGE_C) @@ -66,16 +66,16 @@ int mbedtls_platform_entropy_poll( void *data, * * Requires an HAVEGE state as its data pointer. */ -int mbedtls_havege_poll( void *data, - unsigned char *output, size_t len, size_t *olen ); +int mbedtls_havege_poll(void *data, + unsigned char *output, size_t len, size_t *olen); #endif #if defined(MBEDTLS_TIMING_C) /** * \brief mbedtls_timing_hardclock-based entropy poll callback */ -int mbedtls_hardclock_poll( void *data, - unsigned char *output, size_t len, size_t *olen ); +int mbedtls_hardclock_poll(void *data, + unsigned char *output, size_t len, size_t *olen); #endif #if defined(MBEDTLS_ENTROPY_HARDWARE_ALT) @@ -87,8 +87,8 @@ int mbedtls_hardclock_poll( void *data, * * \note This must accept NULL as its first argument. */ -int mbedtls_hardware_poll( void *data, - unsigned char *output, size_t len, size_t *olen ); +int mbedtls_hardware_poll(void *data, + unsigned char *output, size_t len, size_t *olen); #endif #if defined(MBEDTLS_ENTROPY_NV_SEED) @@ -97,8 +97,8 @@ int mbedtls_hardware_poll( void *data, * * \note This must accept NULL as its first argument. */ -int mbedtls_nv_seed_poll( void *data, - unsigned char *output, size_t len, size_t *olen ); +int mbedtls_nv_seed_poll(void *data, + unsigned char *output, size_t len, size_t *olen); #endif #ifdef __cplusplus diff --git a/thirdparty/mbedtls/include/mbedtls/error.h b/thirdparty/mbedtls/include/mbedtls/error.h index 50f2538508..dd3c787d6c 100644 --- a/thirdparty/mbedtls/include/mbedtls/error.h +++ b/thirdparty/mbedtls/include/mbedtls/error.h @@ -30,7 +30,7 @@ #include -#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \ +#if (defined(__ARMCC_VERSION) || defined(_MSC_VER)) && \ !defined(inline) && !defined(__cplusplus) #define inline __inline #endif @@ -127,15 +127,15 @@ extern "C" { * Wrapper macro for mbedtls_error_add(). See that function for * more details. */ -#define MBEDTLS_ERROR_ADD( high, low ) \ - mbedtls_error_add( high, low, __FILE__, __LINE__ ) +#define MBEDTLS_ERROR_ADD(high, low) \ + mbedtls_error_add(high, low, __FILE__, __LINE__) #if defined(MBEDTLS_TEST_HOOKS) /** * \brief Testing hook called before adding/combining two error codes together. * Only used when invasive testing is enabled via MBEDTLS_TEST_HOOKS. */ -extern void (*mbedtls_test_hook_error_add)( int, int, const char *, int ); +extern void (*mbedtls_test_hook_error_add)(int, int, const char *, int); #endif /** @@ -156,17 +156,18 @@ extern void (*mbedtls_test_hook_error_add)( int, int, const char *, int ); * \param file file where this error code addition occurred. * \param line line where this error code addition occurred. */ -static inline int mbedtls_error_add( int high, int low, - const char *file, int line ) +static inline int mbedtls_error_add(int high, int low, + const char *file, int line) { #if defined(MBEDTLS_TEST_HOOKS) - if( *mbedtls_test_hook_error_add != NULL ) - ( *mbedtls_test_hook_error_add )( high, low, file, line ); + if (*mbedtls_test_hook_error_add != NULL) { + (*mbedtls_test_hook_error_add)(high, low, file, line); + } #endif - (void)file; - (void)line; + (void) file; + (void) line; - return( high + low ); + return high + low; } /** @@ -178,7 +179,7 @@ static inline int mbedtls_error_add( int high, int low, * \param buffer buffer to place representation in * \param buflen length of the buffer */ -void mbedtls_strerror( int errnum, char *buffer, size_t buflen ); +void mbedtls_strerror(int errnum, char *buffer, size_t buflen); /** * \brief Translate the high-level part of an Mbed TLS error code into a string @@ -193,7 +194,7 @@ void mbedtls_strerror( int errnum, char *buffer, size_t buflen ); * \return The string representation of the error code, or \c NULL if the error * code is unknown. */ -const char * mbedtls_high_level_strerr( int error_code ); +const char *mbedtls_high_level_strerr(int error_code); /** * \brief Translate the low-level part of an Mbed TLS error code into a string @@ -208,7 +209,7 @@ const char * mbedtls_high_level_strerr( int error_code ); * \return The string representation of the error code, or \c NULL if the error * code is unknown. */ -const char * mbedtls_low_level_strerr( int error_code ); +const char *mbedtls_low_level_strerr(int error_code); #ifdef __cplusplus } diff --git a/thirdparty/mbedtls/include/mbedtls/gcm.h b/thirdparty/mbedtls/include/mbedtls/gcm.h index 9723a17b65..c04088388c 100644 --- a/thirdparty/mbedtls/include/mbedtls/gcm.h +++ b/thirdparty/mbedtls/include/mbedtls/gcm.h @@ -63,8 +63,7 @@ extern "C" { /** * \brief The GCM context structure. */ -typedef struct mbedtls_gcm_context -{ +typedef struct mbedtls_gcm_context { mbedtls_cipher_context_t cipher_ctx; /*!< The cipher context used. */ uint64_t HL[16]; /*!< Precalculated HTable low. */ uint64_t HH[16]; /*!< Precalculated HTable high. */ @@ -74,8 +73,8 @@ typedef struct mbedtls_gcm_context unsigned char y[16]; /*!< The Y working value. */ unsigned char buf[16]; /*!< The buf working value. */ int mode; /*!< The operation to perform: - #MBEDTLS_GCM_ENCRYPT or - #MBEDTLS_GCM_DECRYPT. */ + #MBEDTLS_GCM_ENCRYPT or + #MBEDTLS_GCM_DECRYPT. */ } mbedtls_gcm_context; @@ -94,7 +93,7 @@ mbedtls_gcm_context; * * \param ctx The GCM context to initialize. This must not be \c NULL. */ -void mbedtls_gcm_init( mbedtls_gcm_context *ctx ); +void mbedtls_gcm_init(mbedtls_gcm_context *ctx); /** * \brief This function associates a GCM context with a @@ -112,10 +111,10 @@ void mbedtls_gcm_init( mbedtls_gcm_context *ctx ); * \return \c 0 on success. * \return A cipher-specific error code on failure. */ -int mbedtls_gcm_setkey( mbedtls_gcm_context *ctx, - mbedtls_cipher_id_t cipher, - const unsigned char *key, - unsigned int keybits ); +int mbedtls_gcm_setkey(mbedtls_gcm_context *ctx, + mbedtls_cipher_id_t cipher, + const unsigned char *key, + unsigned int keybits); /** * \brief This function performs GCM encryption or decryption of a buffer. @@ -168,17 +167,17 @@ int mbedtls_gcm_setkey( mbedtls_gcm_context *ctx, * not valid or a cipher-specific error code if the encryption * or decryption failed. */ -int mbedtls_gcm_crypt_and_tag( mbedtls_gcm_context *ctx, - int mode, - size_t length, - const unsigned char *iv, - size_t iv_len, - const unsigned char *add, - size_t add_len, - const unsigned char *input, - unsigned char *output, - size_t tag_len, - unsigned char *tag ); +int mbedtls_gcm_crypt_and_tag(mbedtls_gcm_context *ctx, + int mode, + size_t length, + const unsigned char *iv, + size_t iv_len, + const unsigned char *add, + size_t add_len, + const unsigned char *input, + unsigned char *output, + size_t tag_len, + unsigned char *tag); /** * \brief This function performs a GCM authenticated decryption of a @@ -213,16 +212,16 @@ int mbedtls_gcm_crypt_and_tag( mbedtls_gcm_context *ctx, * not valid or a cipher-specific error code if the decryption * failed. */ -int mbedtls_gcm_auth_decrypt( mbedtls_gcm_context *ctx, - size_t length, - const unsigned char *iv, - size_t iv_len, - const unsigned char *add, - size_t add_len, - const unsigned char *tag, - size_t tag_len, - const unsigned char *input, - unsigned char *output ); +int mbedtls_gcm_auth_decrypt(mbedtls_gcm_context *ctx, + size_t length, + const unsigned char *iv, + size_t iv_len, + const unsigned char *add, + size_t add_len, + const unsigned char *tag, + size_t tag_len, + const unsigned char *input, + unsigned char *output); /** * \brief This function starts a GCM encryption or decryption @@ -241,12 +240,12 @@ int mbedtls_gcm_auth_decrypt( mbedtls_gcm_context *ctx, * * \return \c 0 on success. */ -int mbedtls_gcm_starts( mbedtls_gcm_context *ctx, - int mode, - const unsigned char *iv, - size_t iv_len, - const unsigned char *add, - size_t add_len ); +int mbedtls_gcm_starts(mbedtls_gcm_context *ctx, + int mode, + const unsigned char *iv, + size_t iv_len, + const unsigned char *add, + size_t add_len); /** * \brief This function feeds an input buffer into an ongoing GCM @@ -273,10 +272,10 @@ int mbedtls_gcm_starts( mbedtls_gcm_context *ctx, * \return \c 0 on success. * \return #MBEDTLS_ERR_GCM_BAD_INPUT on failure. */ -int mbedtls_gcm_update( mbedtls_gcm_context *ctx, - size_t length, - const unsigned char *input, - unsigned char *output ); +int mbedtls_gcm_update(mbedtls_gcm_context *ctx, + size_t length, + const unsigned char *input, + unsigned char *output); /** * \brief This function finishes the GCM operation and generates @@ -294,9 +293,9 @@ int mbedtls_gcm_update( mbedtls_gcm_context *ctx, * \return \c 0 on success. * \return #MBEDTLS_ERR_GCM_BAD_INPUT on failure. */ -int mbedtls_gcm_finish( mbedtls_gcm_context *ctx, - unsigned char *tag, - size_t tag_len ); +int mbedtls_gcm_finish(mbedtls_gcm_context *ctx, + unsigned char *tag, + size_t tag_len); /** * \brief This function clears a GCM context and the underlying @@ -305,7 +304,7 @@ int mbedtls_gcm_finish( mbedtls_gcm_context *ctx, * \param ctx The GCM context to clear. If this is \c NULL, the call has * no effect. Otherwise, this must be initialized. */ -void mbedtls_gcm_free( mbedtls_gcm_context *ctx ); +void mbedtls_gcm_free(mbedtls_gcm_context *ctx); #if defined(MBEDTLS_SELF_TEST) @@ -315,7 +314,7 @@ void mbedtls_gcm_free( mbedtls_gcm_context *ctx ); * \return \c 0 on success. * \return \c 1 on failure. */ -int mbedtls_gcm_self_test( int verbose ); +int mbedtls_gcm_self_test(int verbose); #endif /* MBEDTLS_SELF_TEST */ diff --git a/thirdparty/mbedtls/include/mbedtls/havege.h b/thirdparty/mbedtls/include/mbedtls/havege.h index 7d27039e8c..7d042d1966 100644 --- a/thirdparty/mbedtls/include/mbedtls/havege.h +++ b/thirdparty/mbedtls/include/mbedtls/havege.h @@ -40,8 +40,7 @@ extern "C" { /** * \brief HAVEGE state structure */ -typedef struct mbedtls_havege_state -{ +typedef struct mbedtls_havege_state { uint32_t PT1, PT2, offset[2]; uint32_t pool[MBEDTLS_HAVEGE_COLLECT_SIZE]; uint32_t WALK[8192]; @@ -53,14 +52,14 @@ mbedtls_havege_state; * * \param hs HAVEGE state to be initialized */ -void mbedtls_havege_init( mbedtls_havege_state *hs ); +void mbedtls_havege_init(mbedtls_havege_state *hs); /** * \brief Clear HAVEGE state * * \param hs HAVEGE state to be cleared */ -void mbedtls_havege_free( mbedtls_havege_state *hs ); +void mbedtls_havege_free(mbedtls_havege_state *hs); /** * \brief HAVEGE rand function @@ -71,7 +70,7 @@ void mbedtls_havege_free( mbedtls_havege_state *hs ); * * \return 0 */ -int mbedtls_havege_random( void *p_rng, unsigned char *output, size_t len ); +int mbedtls_havege_random(void *p_rng, unsigned char *output, size_t len); #ifdef __cplusplus } diff --git a/thirdparty/mbedtls/include/mbedtls/hkdf.h b/thirdparty/mbedtls/include/mbedtls/hkdf.h index 111d960e56..3118369f0d 100644 --- a/thirdparty/mbedtls/include/mbedtls/hkdf.h +++ b/thirdparty/mbedtls/include/mbedtls/hkdf.h @@ -69,10 +69,10 @@ extern "C" { * \return An MBEDTLS_ERR_MD_* error for errors returned from the underlying * MD layer. */ -int mbedtls_hkdf( const mbedtls_md_info_t *md, const unsigned char *salt, - size_t salt_len, const unsigned char *ikm, size_t ikm_len, - const unsigned char *info, size_t info_len, - unsigned char *okm, size_t okm_len ); +int mbedtls_hkdf(const mbedtls_md_info_t *md, const unsigned char *salt, + size_t salt_len, const unsigned char *ikm, size_t ikm_len, + const unsigned char *info, size_t info_len, + unsigned char *okm, size_t okm_len); /** * \brief Take the input keying material \p ikm and extract from it a @@ -98,10 +98,10 @@ int mbedtls_hkdf( const mbedtls_md_info_t *md, const unsigned char *salt, * \return An MBEDTLS_ERR_MD_* error for errors returned from the underlying * MD layer. */ -int mbedtls_hkdf_extract( const mbedtls_md_info_t *md, - const unsigned char *salt, size_t salt_len, - const unsigned char *ikm, size_t ikm_len, - unsigned char *prk ); +int mbedtls_hkdf_extract(const mbedtls_md_info_t *md, + const unsigned char *salt, size_t salt_len, + const unsigned char *ikm, size_t ikm_len, + unsigned char *prk); /** * \brief Expand the supplied \p prk into several additional pseudorandom @@ -129,9 +129,9 @@ int mbedtls_hkdf_extract( const mbedtls_md_info_t *md, * \return An MBEDTLS_ERR_MD_* error for errors returned from the underlying * MD layer. */ -int mbedtls_hkdf_expand( const mbedtls_md_info_t *md, const unsigned char *prk, - size_t prk_len, const unsigned char *info, - size_t info_len, unsigned char *okm, size_t okm_len ); +int mbedtls_hkdf_expand(const mbedtls_md_info_t *md, const unsigned char *prk, + size_t prk_len, const unsigned char *info, + size_t info_len, unsigned char *okm, size_t okm_len); #ifdef __cplusplus } diff --git a/thirdparty/mbedtls/include/mbedtls/hmac_drbg.h b/thirdparty/mbedtls/include/mbedtls/hmac_drbg.h index 6d372b9788..3ccf61c7fd 100644 --- a/thirdparty/mbedtls/include/mbedtls/hmac_drbg.h +++ b/thirdparty/mbedtls/include/mbedtls/hmac_drbg.h @@ -86,8 +86,7 @@ extern "C" { /** * HMAC_DRBG context. */ -typedef struct mbedtls_hmac_drbg_context -{ +typedef struct mbedtls_hmac_drbg_context { /* Working state: the key K is not stored explicitly, * but is implied by the HMAC context */ mbedtls_md_context_t md_ctx; /*!< HMAC context (inc. K) */ @@ -129,7 +128,7 @@ typedef struct mbedtls_hmac_drbg_context * * \param ctx HMAC_DRBG context to be initialized. */ -void mbedtls_hmac_drbg_init( mbedtls_hmac_drbg_context *ctx ); +void mbedtls_hmac_drbg_init(mbedtls_hmac_drbg_context *ctx); /** * \brief HMAC_DRBG initial seeding. @@ -199,12 +198,12 @@ void mbedtls_hmac_drbg_init( mbedtls_hmac_drbg_context *ctx ); * \return #MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED * if the call to \p f_entropy failed. */ -int mbedtls_hmac_drbg_seed( mbedtls_hmac_drbg_context *ctx, - const mbedtls_md_info_t * md_info, - int (*f_entropy)(void *, unsigned char *, size_t), - void *p_entropy, - const unsigned char *custom, - size_t len ); +int mbedtls_hmac_drbg_seed(mbedtls_hmac_drbg_context *ctx, + const mbedtls_md_info_t *md_info, + int (*f_entropy)(void *, unsigned char *, size_t), + void *p_entropy, + const unsigned char *custom, + size_t len); /** * \brief Initialisation of simplified HMAC_DRBG (never reseeds). @@ -234,9 +233,9 @@ int mbedtls_hmac_drbg_seed( mbedtls_hmac_drbg_context *ctx, * \return #MBEDTLS_ERR_MD_ALLOC_FAILED if there was not enough * memory to allocate context data. */ -int mbedtls_hmac_drbg_seed_buf( mbedtls_hmac_drbg_context *ctx, - const mbedtls_md_info_t * md_info, - const unsigned char *data, size_t data_len ); +int mbedtls_hmac_drbg_seed_buf(mbedtls_hmac_drbg_context *ctx, + const mbedtls_md_info_t *md_info, + const unsigned char *data, size_t data_len); /** * \brief This function turns prediction resistance on or off. @@ -251,8 +250,8 @@ int mbedtls_hmac_drbg_seed_buf( mbedtls_hmac_drbg_context *ctx, * \param ctx The HMAC_DRBG context. * \param resistance #MBEDTLS_HMAC_DRBG_PR_ON or #MBEDTLS_HMAC_DRBG_PR_OFF. */ -void mbedtls_hmac_drbg_set_prediction_resistance( mbedtls_hmac_drbg_context *ctx, - int resistance ); +void mbedtls_hmac_drbg_set_prediction_resistance(mbedtls_hmac_drbg_context *ctx, + int resistance); /** * \brief This function sets the amount of entropy grabbed on each @@ -263,8 +262,8 @@ void mbedtls_hmac_drbg_set_prediction_resistance( mbedtls_hmac_drbg_context *ctx * \param ctx The HMAC_DRBG context. * \param len The amount of entropy to grab, in bytes. */ -void mbedtls_hmac_drbg_set_entropy_len( mbedtls_hmac_drbg_context *ctx, - size_t len ); +void mbedtls_hmac_drbg_set_entropy_len(mbedtls_hmac_drbg_context *ctx, + size_t len); /** * \brief Set the reseed interval. @@ -278,8 +277,8 @@ void mbedtls_hmac_drbg_set_entropy_len( mbedtls_hmac_drbg_context *ctx, * \param ctx The HMAC_DRBG context. * \param interval The reseed interval. */ -void mbedtls_hmac_drbg_set_reseed_interval( mbedtls_hmac_drbg_context *ctx, - int interval ); +void mbedtls_hmac_drbg_set_reseed_interval(mbedtls_hmac_drbg_context *ctx, + int interval); /** * \brief This function updates the state of the HMAC_DRBG context. @@ -298,8 +297,8 @@ void mbedtls_hmac_drbg_set_reseed_interval( mbedtls_hmac_drbg_context *ctx, * \return \c 0 on success, or an error from the underlying * hash calculation. */ -int mbedtls_hmac_drbg_update_ret( mbedtls_hmac_drbg_context *ctx, - const unsigned char *additional, size_t add_len ); +int mbedtls_hmac_drbg_update_ret(mbedtls_hmac_drbg_context *ctx, + const unsigned char *additional, size_t add_len); /** * \brief This function reseeds the HMAC_DRBG context, that is @@ -325,8 +324,8 @@ int mbedtls_hmac_drbg_update_ret( mbedtls_hmac_drbg_context *ctx, * \return #MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED * if a call to the entropy function failed. */ -int mbedtls_hmac_drbg_reseed( mbedtls_hmac_drbg_context *ctx, - const unsigned char *additional, size_t len ); +int mbedtls_hmac_drbg_reseed(mbedtls_hmac_drbg_context *ctx, + const unsigned char *additional, size_t len); /** * \brief This function updates an HMAC_DRBG instance with additional @@ -359,10 +358,10 @@ int mbedtls_hmac_drbg_reseed( mbedtls_hmac_drbg_context *ctx, * \return #MBEDTLS_ERR_HMAC_DRBG_INPUT_TOO_BIG if * \p add_len > #MBEDTLS_HMAC_DRBG_MAX_INPUT. */ -int mbedtls_hmac_drbg_random_with_add( void *p_rng, - unsigned char *output, size_t output_len, - const unsigned char *additional, - size_t add_len ); +int mbedtls_hmac_drbg_random_with_add(void *p_rng, + unsigned char *output, size_t output_len, + const unsigned char *additional, + size_t add_len); /** * \brief This function uses HMAC_DRBG to generate random data. @@ -391,7 +390,7 @@ int mbedtls_hmac_drbg_random_with_add( void *p_rng, * \return #MBEDTLS_ERR_HMAC_DRBG_REQUEST_TOO_BIG if * \p out_len > #MBEDTLS_HMAC_DRBG_MAX_REQUEST. */ -int mbedtls_hmac_drbg_random( void *p_rng, unsigned char *output, size_t out_len ); +int mbedtls_hmac_drbg_random(void *p_rng, unsigned char *output, size_t out_len); /** * \brief This function resets HMAC_DRBG context to the state immediately @@ -399,9 +398,9 @@ int mbedtls_hmac_drbg_random( void *p_rng, unsigned char *output, size_t out_len * * \param ctx The HMAC_DRBG context to free. */ -void mbedtls_hmac_drbg_free( mbedtls_hmac_drbg_context *ctx ); +void mbedtls_hmac_drbg_free(mbedtls_hmac_drbg_context *ctx); -#if ! defined(MBEDTLS_DEPRECATED_REMOVED) +#if !defined(MBEDTLS_DEPRECATED_REMOVED) #if defined(MBEDTLS_DEPRECATED_WARNING) #define MBEDTLS_DEPRECATED __attribute__((deprecated)) #else @@ -421,7 +420,7 @@ void mbedtls_hmac_drbg_free( mbedtls_hmac_drbg_context *ctx ); */ MBEDTLS_DEPRECATED void mbedtls_hmac_drbg_update( mbedtls_hmac_drbg_context *ctx, - const unsigned char *additional, size_t add_len ); + const unsigned char *additional, size_t add_len); #undef MBEDTLS_DEPRECATED #endif /* !MBEDTLS_DEPRECATED_REMOVED */ @@ -437,7 +436,7 @@ MBEDTLS_DEPRECATED void mbedtls_hmac_drbg_update( * \return #MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED on reseed * failure. */ -int mbedtls_hmac_drbg_write_seed_file( mbedtls_hmac_drbg_context *ctx, const char *path ); +int mbedtls_hmac_drbg_write_seed_file(mbedtls_hmac_drbg_context *ctx, const char *path); /** * \brief This function reads and updates a seed file. The seed @@ -453,7 +452,7 @@ int mbedtls_hmac_drbg_write_seed_file( mbedtls_hmac_drbg_context *ctx, const cha * \return #MBEDTLS_ERR_HMAC_DRBG_INPUT_TOO_BIG if the existing * seed file is too large. */ -int mbedtls_hmac_drbg_update_seed_file( mbedtls_hmac_drbg_context *ctx, const char *path ); +int mbedtls_hmac_drbg_update_seed_file(mbedtls_hmac_drbg_context *ctx, const char *path); #endif /* MBEDTLS_FS_IO */ @@ -464,7 +463,7 @@ int mbedtls_hmac_drbg_update_seed_file( mbedtls_hmac_drbg_context *ctx, const ch * \return \c 0 if successful. * \return \c 1 if the test failed. */ -int mbedtls_hmac_drbg_self_test( int verbose ); +int mbedtls_hmac_drbg_self_test(int verbose); #endif #ifdef __cplusplus diff --git a/thirdparty/mbedtls/include/mbedtls/md.h b/thirdparty/mbedtls/include/mbedtls/md.h index 9cea40a89c..db4d14c044 100644 --- a/thirdparty/mbedtls/include/mbedtls/md.h +++ b/thirdparty/mbedtls/include/mbedtls/md.h @@ -1,4 +1,4 @@ - /** +/** * \file md.h * * \brief This file contains the generic message-digest wrapper. @@ -92,8 +92,7 @@ typedef struct mbedtls_md_info_t mbedtls_md_info_t; /** * The generic message-digest context. */ -typedef struct mbedtls_md_context_t -{ +typedef struct mbedtls_md_context_t { /** Information about the associated message digest. */ const mbedtls_md_info_t *md_info; @@ -115,7 +114,7 @@ typedef struct mbedtls_md_context_t * message-digest enumeration #mbedtls_md_type_t. * The last entry is 0. */ -const int *mbedtls_md_list( void ); +const int *mbedtls_md_list(void); /** * \brief This function returns the message-digest information @@ -126,7 +125,7 @@ const int *mbedtls_md_list( void ); * \return The message-digest information associated with \p md_name. * \return NULL if the associated message-digest information is not found. */ -const mbedtls_md_info_t *mbedtls_md_info_from_string( const char *md_name ); +const mbedtls_md_info_t *mbedtls_md_info_from_string(const char *md_name); /** * \brief This function returns the message-digest information @@ -137,7 +136,7 @@ const mbedtls_md_info_t *mbedtls_md_info_from_string( const char *md_name ); * \return The message-digest information associated with \p md_type. * \return NULL if the associated message-digest information is not found. */ -const mbedtls_md_info_t *mbedtls_md_info_from_type( mbedtls_md_type_t md_type ); +const mbedtls_md_info_t *mbedtls_md_info_from_type(mbedtls_md_type_t md_type); /** * \brief This function initializes a message-digest context without @@ -147,7 +146,7 @@ const mbedtls_md_info_t *mbedtls_md_info_from_type( mbedtls_md_type_t md_type ); * context for mbedtls_md_setup() for binding it to a * message-digest algorithm. */ -void mbedtls_md_init( mbedtls_md_context_t *ctx ); +void mbedtls_md_init(mbedtls_md_context_t *ctx); /** * \brief This function clears the internal structure of \p ctx and @@ -162,9 +161,9 @@ void mbedtls_md_init( mbedtls_md_context_t *ctx ); * You must not call this function if you have not called * mbedtls_md_init(). */ -void mbedtls_md_free( mbedtls_md_context_t *ctx ); +void mbedtls_md_free(mbedtls_md_context_t *ctx); -#if ! defined(MBEDTLS_DEPRECATED_REMOVED) +#if !defined(MBEDTLS_DEPRECATED_REMOVED) #if defined(MBEDTLS_DEPRECATED_WARNING) #define MBEDTLS_DEPRECATED __attribute__((deprecated)) #else @@ -188,7 +187,8 @@ void mbedtls_md_free( mbedtls_md_context_t *ctx ); * failure. * \return #MBEDTLS_ERR_MD_ALLOC_FAILED on memory-allocation failure. */ -int mbedtls_md_init_ctx( mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_info ) MBEDTLS_DEPRECATED; +int mbedtls_md_init_ctx(mbedtls_md_context_t *ctx, + const mbedtls_md_info_t *md_info) MBEDTLS_DEPRECATED; #undef MBEDTLS_DEPRECATED #endif /* MBEDTLS_DEPRECATED_REMOVED */ @@ -212,7 +212,7 @@ int mbedtls_md_init_ctx( mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_ * \return #MBEDTLS_ERR_MD_ALLOC_FAILED on memory-allocation failure. */ MBEDTLS_CHECK_RETURN_TYPICAL -int mbedtls_md_setup( mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_info, int hmac ); +int mbedtls_md_setup(mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_info, int hmac); /** * \brief This function clones the state of a message-digest @@ -234,8 +234,8 @@ int mbedtls_md_setup( mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_inf * \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification failure. */ MBEDTLS_CHECK_RETURN_TYPICAL -int mbedtls_md_clone( mbedtls_md_context_t *dst, - const mbedtls_md_context_t *src ); +int mbedtls_md_clone(mbedtls_md_context_t *dst, + const mbedtls_md_context_t *src); /** * \brief This function extracts the message-digest size from the @@ -246,7 +246,7 @@ int mbedtls_md_clone( mbedtls_md_context_t *dst, * * \return The size of the message-digest output in Bytes. */ -unsigned char mbedtls_md_get_size( const mbedtls_md_info_t *md_info ); +unsigned char mbedtls_md_get_size(const mbedtls_md_info_t *md_info); /** * \brief This function extracts the message-digest type from the @@ -257,7 +257,7 @@ unsigned char mbedtls_md_get_size( const mbedtls_md_info_t *md_info ); * * \return The type of the message digest. */ -mbedtls_md_type_t mbedtls_md_get_type( const mbedtls_md_info_t *md_info ); +mbedtls_md_type_t mbedtls_md_get_type(const mbedtls_md_info_t *md_info); /** * \brief This function extracts the message-digest name from the @@ -268,7 +268,7 @@ mbedtls_md_type_t mbedtls_md_get_type( const mbedtls_md_info_t *md_info ); * * \return The name of the message digest. */ -const char *mbedtls_md_get_name( const mbedtls_md_info_t *md_info ); +const char *mbedtls_md_get_name(const mbedtls_md_info_t *md_info); /** * \brief This function starts a message-digest computation. @@ -284,7 +284,7 @@ const char *mbedtls_md_get_name( const mbedtls_md_info_t *md_info ); * failure. */ MBEDTLS_CHECK_RETURN_TYPICAL -int mbedtls_md_starts( mbedtls_md_context_t *ctx ); +int mbedtls_md_starts(mbedtls_md_context_t *ctx); /** * \brief This function feeds an input buffer into an ongoing @@ -303,7 +303,7 @@ int mbedtls_md_starts( mbedtls_md_context_t *ctx ); * failure. */ MBEDTLS_CHECK_RETURN_TYPICAL -int mbedtls_md_update( mbedtls_md_context_t *ctx, const unsigned char *input, size_t ilen ); +int mbedtls_md_update(mbedtls_md_context_t *ctx, const unsigned char *input, size_t ilen); /** * \brief This function finishes the digest operation, @@ -324,7 +324,7 @@ int mbedtls_md_update( mbedtls_md_context_t *ctx, const unsigned char *input, si * failure. */ MBEDTLS_CHECK_RETURN_TYPICAL -int mbedtls_md_finish( mbedtls_md_context_t *ctx, unsigned char *output ); +int mbedtls_md_finish(mbedtls_md_context_t *ctx, unsigned char *output); /** * \brief This function calculates the message-digest of a buffer, @@ -345,8 +345,8 @@ int mbedtls_md_finish( mbedtls_md_context_t *ctx, unsigned char *output ); * failure. */ MBEDTLS_CHECK_RETURN_TYPICAL -int mbedtls_md( const mbedtls_md_info_t *md_info, const unsigned char *input, size_t ilen, - unsigned char *output ); +int mbedtls_md(const mbedtls_md_info_t *md_info, const unsigned char *input, size_t ilen, + unsigned char *output); #if defined(MBEDTLS_FS_IO) /** @@ -367,8 +367,8 @@ int mbedtls_md( const mbedtls_md_info_t *md_info, const unsigned char *input, si * \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA if \p md_info was NULL. */ MBEDTLS_CHECK_RETURN_TYPICAL -int mbedtls_md_file( const mbedtls_md_info_t *md_info, const char *path, - unsigned char *output ); +int mbedtls_md_file(const mbedtls_md_info_t *md_info, const char *path, + unsigned char *output); #endif /* MBEDTLS_FS_IO */ /** @@ -390,8 +390,8 @@ int mbedtls_md_file( const mbedtls_md_info_t *md_info, const char *path, * failure. */ MBEDTLS_CHECK_RETURN_TYPICAL -int mbedtls_md_hmac_starts( mbedtls_md_context_t *ctx, const unsigned char *key, - size_t keylen ); +int mbedtls_md_hmac_starts(mbedtls_md_context_t *ctx, const unsigned char *key, + size_t keylen); /** * \brief This function feeds an input buffer into an ongoing HMAC @@ -413,8 +413,8 @@ int mbedtls_md_hmac_starts( mbedtls_md_context_t *ctx, const unsigned char *key, * failure. */ MBEDTLS_CHECK_RETURN_TYPICAL -int mbedtls_md_hmac_update( mbedtls_md_context_t *ctx, const unsigned char *input, - size_t ilen ); +int mbedtls_md_hmac_update(mbedtls_md_context_t *ctx, const unsigned char *input, + size_t ilen); /** * \brief This function finishes the HMAC operation, and writes @@ -435,7 +435,7 @@ int mbedtls_md_hmac_update( mbedtls_md_context_t *ctx, const unsigned char *inpu * failure. */ MBEDTLS_CHECK_RETURN_TYPICAL -int mbedtls_md_hmac_finish( mbedtls_md_context_t *ctx, unsigned char *output); +int mbedtls_md_hmac_finish(mbedtls_md_context_t *ctx, unsigned char *output); /** * \brief This function prepares to authenticate a new message with @@ -453,7 +453,7 @@ int mbedtls_md_hmac_finish( mbedtls_md_context_t *ctx, unsigned char *output); * failure. */ MBEDTLS_CHECK_RETURN_TYPICAL -int mbedtls_md_hmac_reset( mbedtls_md_context_t *ctx ); +int mbedtls_md_hmac_reset(mbedtls_md_context_t *ctx); /** * \brief This function calculates the full generic HMAC @@ -478,13 +478,13 @@ int mbedtls_md_hmac_reset( mbedtls_md_context_t *ctx ); * failure. */ MBEDTLS_CHECK_RETURN_TYPICAL -int mbedtls_md_hmac( const mbedtls_md_info_t *md_info, const unsigned char *key, size_t keylen, - const unsigned char *input, size_t ilen, - unsigned char *output ); +int mbedtls_md_hmac(const mbedtls_md_info_t *md_info, const unsigned char *key, size_t keylen, + const unsigned char *input, size_t ilen, + unsigned char *output); /* Internal use */ MBEDTLS_CHECK_RETURN_TYPICAL -int mbedtls_md_process( mbedtls_md_context_t *ctx, const unsigned char *data ); +int mbedtls_md_process(mbedtls_md_context_t *ctx, const unsigned char *data); #ifdef __cplusplus } diff --git a/thirdparty/mbedtls/include/mbedtls/md2.h b/thirdparty/mbedtls/include/mbedtls/md2.h index 7f3d5cf446..68b0d32712 100644 --- a/thirdparty/mbedtls/include/mbedtls/md2.h +++ b/thirdparty/mbedtls/include/mbedtls/md2.h @@ -55,8 +55,7 @@ extern "C" { * stronger message digests instead. * */ -typedef struct mbedtls_md2_context -{ +typedef struct mbedtls_md2_context { unsigned char cksum[16]; /*!< checksum of the data block */ unsigned char state[48]; /*!< intermediate digest state */ unsigned char buffer[16]; /*!< data block being processed */ @@ -78,7 +77,7 @@ mbedtls_md2_context; * stronger message digests instead. * */ -void mbedtls_md2_init( mbedtls_md2_context *ctx ); +void mbedtls_md2_init(mbedtls_md2_context *ctx); /** * \brief Clear MD2 context @@ -90,7 +89,7 @@ void mbedtls_md2_init( mbedtls_md2_context *ctx ); * stronger message digests instead. * */ -void mbedtls_md2_free( mbedtls_md2_context *ctx ); +void mbedtls_md2_free(mbedtls_md2_context *ctx); /** * \brief Clone (the state of) an MD2 context @@ -103,8 +102,8 @@ void mbedtls_md2_free( mbedtls_md2_context *ctx ); * stronger message digests instead. * */ -void mbedtls_md2_clone( mbedtls_md2_context *dst, - const mbedtls_md2_context *src ); +void mbedtls_md2_clone(mbedtls_md2_context *dst, + const mbedtls_md2_context *src); /** * \brief MD2 context setup @@ -118,7 +117,7 @@ void mbedtls_md2_clone( mbedtls_md2_context *dst, * stronger message digests instead. * */ -int mbedtls_md2_starts_ret( mbedtls_md2_context *ctx ); +int mbedtls_md2_starts_ret(mbedtls_md2_context *ctx); /** * \brief MD2 process buffer @@ -134,9 +133,9 @@ int mbedtls_md2_starts_ret( mbedtls_md2_context *ctx ); * stronger message digests instead. * */ -int mbedtls_md2_update_ret( mbedtls_md2_context *ctx, - const unsigned char *input, - size_t ilen ); +int mbedtls_md2_update_ret(mbedtls_md2_context *ctx, + const unsigned char *input, + size_t ilen); /** * \brief MD2 final digest @@ -151,8 +150,8 @@ int mbedtls_md2_update_ret( mbedtls_md2_context *ctx, * stronger message digests instead. * */ -int mbedtls_md2_finish_ret( mbedtls_md2_context *ctx, - unsigned char output[16] ); +int mbedtls_md2_finish_ret(mbedtls_md2_context *ctx, + unsigned char output[16]); /** * \brief MD2 process data block (internal use only) @@ -166,7 +165,7 @@ int mbedtls_md2_finish_ret( mbedtls_md2_context *ctx, * stronger message digests instead. * */ -int mbedtls_internal_md2_process( mbedtls_md2_context *ctx ); +int mbedtls_internal_md2_process(mbedtls_md2_context *ctx); #if !defined(MBEDTLS_DEPRECATED_REMOVED) #if defined(MBEDTLS_DEPRECATED_WARNING) @@ -186,7 +185,7 @@ int mbedtls_internal_md2_process( mbedtls_md2_context *ctx ); * stronger message digests instead. * */ -MBEDTLS_DEPRECATED void mbedtls_md2_starts( mbedtls_md2_context *ctx ); +MBEDTLS_DEPRECATED void mbedtls_md2_starts(mbedtls_md2_context *ctx); /** * \brief MD2 process buffer @@ -202,9 +201,9 @@ MBEDTLS_DEPRECATED void mbedtls_md2_starts( mbedtls_md2_context *ctx ); * stronger message digests instead. * */ -MBEDTLS_DEPRECATED void mbedtls_md2_update( mbedtls_md2_context *ctx, - const unsigned char *input, - size_t ilen ); +MBEDTLS_DEPRECATED void mbedtls_md2_update(mbedtls_md2_context *ctx, + const unsigned char *input, + size_t ilen); /** * \brief MD2 final digest @@ -219,8 +218,8 @@ MBEDTLS_DEPRECATED void mbedtls_md2_update( mbedtls_md2_context *ctx, * stronger message digests instead. * */ -MBEDTLS_DEPRECATED void mbedtls_md2_finish( mbedtls_md2_context *ctx, - unsigned char output[16] ); +MBEDTLS_DEPRECATED void mbedtls_md2_finish(mbedtls_md2_context *ctx, + unsigned char output[16]); /** * \brief MD2 process data block (internal use only) @@ -234,7 +233,7 @@ MBEDTLS_DEPRECATED void mbedtls_md2_finish( mbedtls_md2_context *ctx, * stronger message digests instead. * */ -MBEDTLS_DEPRECATED void mbedtls_md2_process( mbedtls_md2_context *ctx ); +MBEDTLS_DEPRECATED void mbedtls_md2_process(mbedtls_md2_context *ctx); #undef MBEDTLS_DEPRECATED #endif /* !MBEDTLS_DEPRECATED_REMOVED */ @@ -251,9 +250,9 @@ MBEDTLS_DEPRECATED void mbedtls_md2_process( mbedtls_md2_context *ctx ); * stronger message digests instead. * */ -int mbedtls_md2_ret( const unsigned char *input, - size_t ilen, - unsigned char output[16] ); +int mbedtls_md2_ret(const unsigned char *input, + size_t ilen, + unsigned char output[16]); #if !defined(MBEDTLS_DEPRECATED_REMOVED) #if defined(MBEDTLS_DEPRECATED_WARNING) @@ -275,9 +274,9 @@ int mbedtls_md2_ret( const unsigned char *input, * stronger message digests instead. * */ -MBEDTLS_DEPRECATED void mbedtls_md2( const unsigned char *input, - size_t ilen, - unsigned char output[16] ); +MBEDTLS_DEPRECATED void mbedtls_md2(const unsigned char *input, + size_t ilen, + unsigned char output[16]); #undef MBEDTLS_DEPRECATED #endif /* !MBEDTLS_DEPRECATED_REMOVED */ @@ -294,7 +293,7 @@ MBEDTLS_DEPRECATED void mbedtls_md2( const unsigned char *input, * stronger message digests instead. * */ -int mbedtls_md2_self_test( int verbose ); +int mbedtls_md2_self_test(int verbose); #endif /* MBEDTLS_SELF_TEST */ diff --git a/thirdparty/mbedtls/include/mbedtls/md4.h b/thirdparty/mbedtls/include/mbedtls/md4.h index 0238c6723a..fd64710a1b 100644 --- a/thirdparty/mbedtls/include/mbedtls/md4.h +++ b/thirdparty/mbedtls/include/mbedtls/md4.h @@ -56,8 +56,7 @@ extern "C" { * stronger message digests instead. * */ -typedef struct mbedtls_md4_context -{ +typedef struct mbedtls_md4_context { uint32_t total[2]; /*!< number of bytes processed */ uint32_t state[4]; /*!< intermediate digest state */ unsigned char buffer[64]; /*!< data block being processed */ @@ -78,7 +77,7 @@ mbedtls_md4_context; * stronger message digests instead. * */ -void mbedtls_md4_init( mbedtls_md4_context *ctx ); +void mbedtls_md4_init(mbedtls_md4_context *ctx); /** * \brief Clear MD4 context @@ -90,7 +89,7 @@ void mbedtls_md4_init( mbedtls_md4_context *ctx ); * stronger message digests instead. * */ -void mbedtls_md4_free( mbedtls_md4_context *ctx ); +void mbedtls_md4_free(mbedtls_md4_context *ctx); /** * \brief Clone (the state of) an MD4 context @@ -103,8 +102,8 @@ void mbedtls_md4_free( mbedtls_md4_context *ctx ); * stronger message digests instead. * */ -void mbedtls_md4_clone( mbedtls_md4_context *dst, - const mbedtls_md4_context *src ); +void mbedtls_md4_clone(mbedtls_md4_context *dst, + const mbedtls_md4_context *src); /** * \brief MD4 context setup @@ -117,7 +116,7 @@ void mbedtls_md4_clone( mbedtls_md4_context *dst, * constitutes a security risk. We recommend considering * stronger message digests instead. */ -int mbedtls_md4_starts_ret( mbedtls_md4_context *ctx ); +int mbedtls_md4_starts_ret(mbedtls_md4_context *ctx); /** * \brief MD4 process buffer @@ -133,9 +132,9 @@ int mbedtls_md4_starts_ret( mbedtls_md4_context *ctx ); * stronger message digests instead. * */ -int mbedtls_md4_update_ret( mbedtls_md4_context *ctx, - const unsigned char *input, - size_t ilen ); +int mbedtls_md4_update_ret(mbedtls_md4_context *ctx, + const unsigned char *input, + size_t ilen); /** * \brief MD4 final digest @@ -150,8 +149,8 @@ int mbedtls_md4_update_ret( mbedtls_md4_context *ctx, * stronger message digests instead. * */ -int mbedtls_md4_finish_ret( mbedtls_md4_context *ctx, - unsigned char output[16] ); +int mbedtls_md4_finish_ret(mbedtls_md4_context *ctx, + unsigned char output[16]); /** * \brief MD4 process data block (internal use only) @@ -166,8 +165,8 @@ int mbedtls_md4_finish_ret( mbedtls_md4_context *ctx, * stronger message digests instead. * */ -int mbedtls_internal_md4_process( mbedtls_md4_context *ctx, - const unsigned char data[64] ); +int mbedtls_internal_md4_process(mbedtls_md4_context *ctx, + const unsigned char data[64]); #if !defined(MBEDTLS_DEPRECATED_REMOVED) #if defined(MBEDTLS_DEPRECATED_WARNING) @@ -187,7 +186,7 @@ int mbedtls_internal_md4_process( mbedtls_md4_context *ctx, * stronger message digests instead. * */ -MBEDTLS_DEPRECATED void mbedtls_md4_starts( mbedtls_md4_context *ctx ); +MBEDTLS_DEPRECATED void mbedtls_md4_starts(mbedtls_md4_context *ctx); /** * \brief MD4 process buffer @@ -203,9 +202,9 @@ MBEDTLS_DEPRECATED void mbedtls_md4_starts( mbedtls_md4_context *ctx ); * stronger message digests instead. * */ -MBEDTLS_DEPRECATED void mbedtls_md4_update( mbedtls_md4_context *ctx, - const unsigned char *input, - size_t ilen ); +MBEDTLS_DEPRECATED void mbedtls_md4_update(mbedtls_md4_context *ctx, + const unsigned char *input, + size_t ilen); /** * \brief MD4 final digest @@ -220,8 +219,8 @@ MBEDTLS_DEPRECATED void mbedtls_md4_update( mbedtls_md4_context *ctx, * stronger message digests instead. * */ -MBEDTLS_DEPRECATED void mbedtls_md4_finish( mbedtls_md4_context *ctx, - unsigned char output[16] ); +MBEDTLS_DEPRECATED void mbedtls_md4_finish(mbedtls_md4_context *ctx, + unsigned char output[16]); /** * \brief MD4 process data block (internal use only) @@ -236,8 +235,8 @@ MBEDTLS_DEPRECATED void mbedtls_md4_finish( mbedtls_md4_context *ctx, * stronger message digests instead. * */ -MBEDTLS_DEPRECATED void mbedtls_md4_process( mbedtls_md4_context *ctx, - const unsigned char data[64] ); +MBEDTLS_DEPRECATED void mbedtls_md4_process(mbedtls_md4_context *ctx, + const unsigned char data[64]); #undef MBEDTLS_DEPRECATED #endif /* !MBEDTLS_DEPRECATED_REMOVED */ @@ -256,9 +255,9 @@ MBEDTLS_DEPRECATED void mbedtls_md4_process( mbedtls_md4_context *ctx, * stronger message digests instead. * */ -int mbedtls_md4_ret( const unsigned char *input, - size_t ilen, - unsigned char output[16] ); +int mbedtls_md4_ret(const unsigned char *input, + size_t ilen, + unsigned char output[16]); #if !defined(MBEDTLS_DEPRECATED_REMOVED) #if defined(MBEDTLS_DEPRECATED_WARNING) @@ -280,9 +279,9 @@ int mbedtls_md4_ret( const unsigned char *input, * stronger message digests instead. * */ -MBEDTLS_DEPRECATED void mbedtls_md4( const unsigned char *input, - size_t ilen, - unsigned char output[16] ); +MBEDTLS_DEPRECATED void mbedtls_md4(const unsigned char *input, + size_t ilen, + unsigned char output[16]); #undef MBEDTLS_DEPRECATED #endif /* !MBEDTLS_DEPRECATED_REMOVED */ @@ -299,7 +298,7 @@ MBEDTLS_DEPRECATED void mbedtls_md4( const unsigned char *input, * stronger message digests instead. * */ -int mbedtls_md4_self_test( int verbose ); +int mbedtls_md4_self_test(int verbose); #endif /* MBEDTLS_SELF_TEST */ diff --git a/thirdparty/mbedtls/include/mbedtls/md5.h b/thirdparty/mbedtls/include/mbedtls/md5.h index 73e4dd2c2a..04f71ee3f5 100644 --- a/thirdparty/mbedtls/include/mbedtls/md5.h +++ b/thirdparty/mbedtls/include/mbedtls/md5.h @@ -55,8 +55,7 @@ extern "C" { * stronger message digests instead. * */ -typedef struct mbedtls_md5_context -{ +typedef struct mbedtls_md5_context { uint32_t total[2]; /*!< number of bytes processed */ uint32_t state[4]; /*!< intermediate digest state */ unsigned char buffer[64]; /*!< data block being processed */ @@ -77,7 +76,7 @@ mbedtls_md5_context; * stronger message digests instead. * */ -void mbedtls_md5_init( mbedtls_md5_context *ctx ); +void mbedtls_md5_init(mbedtls_md5_context *ctx); /** * \brief Clear MD5 context @@ -89,7 +88,7 @@ void mbedtls_md5_init( mbedtls_md5_context *ctx ); * stronger message digests instead. * */ -void mbedtls_md5_free( mbedtls_md5_context *ctx ); +void mbedtls_md5_free(mbedtls_md5_context *ctx); /** * \brief Clone (the state of) an MD5 context @@ -102,8 +101,8 @@ void mbedtls_md5_free( mbedtls_md5_context *ctx ); * stronger message digests instead. * */ -void mbedtls_md5_clone( mbedtls_md5_context *dst, - const mbedtls_md5_context *src ); +void mbedtls_md5_clone(mbedtls_md5_context *dst, + const mbedtls_md5_context *src); /** * \brief MD5 context setup @@ -117,7 +116,7 @@ void mbedtls_md5_clone( mbedtls_md5_context *dst, * stronger message digests instead. * */ -int mbedtls_md5_starts_ret( mbedtls_md5_context *ctx ); +int mbedtls_md5_starts_ret(mbedtls_md5_context *ctx); /** * \brief MD5 process buffer @@ -133,9 +132,9 @@ int mbedtls_md5_starts_ret( mbedtls_md5_context *ctx ); * stronger message digests instead. * */ -int mbedtls_md5_update_ret( mbedtls_md5_context *ctx, - const unsigned char *input, - size_t ilen ); +int mbedtls_md5_update_ret(mbedtls_md5_context *ctx, + const unsigned char *input, + size_t ilen); /** * \brief MD5 final digest @@ -150,8 +149,8 @@ int mbedtls_md5_update_ret( mbedtls_md5_context *ctx, * stronger message digests instead. * */ -int mbedtls_md5_finish_ret( mbedtls_md5_context *ctx, - unsigned char output[16] ); +int mbedtls_md5_finish_ret(mbedtls_md5_context *ctx, + unsigned char output[16]); /** * \brief MD5 process data block (internal use only) @@ -166,8 +165,8 @@ int mbedtls_md5_finish_ret( mbedtls_md5_context *ctx, * stronger message digests instead. * */ -int mbedtls_internal_md5_process( mbedtls_md5_context *ctx, - const unsigned char data[64] ); +int mbedtls_internal_md5_process(mbedtls_md5_context *ctx, + const unsigned char data[64]); #if !defined(MBEDTLS_DEPRECATED_REMOVED) #if defined(MBEDTLS_DEPRECATED_WARNING) @@ -187,7 +186,7 @@ int mbedtls_internal_md5_process( mbedtls_md5_context *ctx, * stronger message digests instead. * */ -MBEDTLS_DEPRECATED void mbedtls_md5_starts( mbedtls_md5_context *ctx ); +MBEDTLS_DEPRECATED void mbedtls_md5_starts(mbedtls_md5_context *ctx); /** * \brief MD5 process buffer @@ -203,9 +202,9 @@ MBEDTLS_DEPRECATED void mbedtls_md5_starts( mbedtls_md5_context *ctx ); * stronger message digests instead. * */ -MBEDTLS_DEPRECATED void mbedtls_md5_update( mbedtls_md5_context *ctx, - const unsigned char *input, - size_t ilen ); +MBEDTLS_DEPRECATED void mbedtls_md5_update(mbedtls_md5_context *ctx, + const unsigned char *input, + size_t ilen); /** * \brief MD5 final digest @@ -220,8 +219,8 @@ MBEDTLS_DEPRECATED void mbedtls_md5_update( mbedtls_md5_context *ctx, * stronger message digests instead. * */ -MBEDTLS_DEPRECATED void mbedtls_md5_finish( mbedtls_md5_context *ctx, - unsigned char output[16] ); +MBEDTLS_DEPRECATED void mbedtls_md5_finish(mbedtls_md5_context *ctx, + unsigned char output[16]); /** * \brief MD5 process data block (internal use only) @@ -236,8 +235,8 @@ MBEDTLS_DEPRECATED void mbedtls_md5_finish( mbedtls_md5_context *ctx, * stronger message digests instead. * */ -MBEDTLS_DEPRECATED void mbedtls_md5_process( mbedtls_md5_context *ctx, - const unsigned char data[64] ); +MBEDTLS_DEPRECATED void mbedtls_md5_process(mbedtls_md5_context *ctx, + const unsigned char data[64]); #undef MBEDTLS_DEPRECATED #endif /* !MBEDTLS_DEPRECATED_REMOVED */ @@ -256,9 +255,9 @@ MBEDTLS_DEPRECATED void mbedtls_md5_process( mbedtls_md5_context *ctx, * stronger message digests instead. * */ -int mbedtls_md5_ret( const unsigned char *input, - size_t ilen, - unsigned char output[16] ); +int mbedtls_md5_ret(const unsigned char *input, + size_t ilen, + unsigned char output[16]); #if !defined(MBEDTLS_DEPRECATED_REMOVED) #if defined(MBEDTLS_DEPRECATED_WARNING) @@ -280,9 +279,9 @@ int mbedtls_md5_ret( const unsigned char *input, * stronger message digests instead. * */ -MBEDTLS_DEPRECATED void mbedtls_md5( const unsigned char *input, - size_t ilen, - unsigned char output[16] ); +MBEDTLS_DEPRECATED void mbedtls_md5(const unsigned char *input, + size_t ilen, + unsigned char output[16]); #undef MBEDTLS_DEPRECATED #endif /* !MBEDTLS_DEPRECATED_REMOVED */ @@ -299,7 +298,7 @@ MBEDTLS_DEPRECATED void mbedtls_md5( const unsigned char *input, * stronger message digests instead. * */ -int mbedtls_md5_self_test( int verbose ); +int mbedtls_md5_self_test(int verbose); #endif /* MBEDTLS_SELF_TEST */ diff --git a/thirdparty/mbedtls/include/mbedtls/md_internal.h b/thirdparty/mbedtls/include/mbedtls/md_internal.h index f33cdf6086..9e10f2409d 100644 --- a/thirdparty/mbedtls/include/mbedtls/md_internal.h +++ b/thirdparty/mbedtls/include/mbedtls/md_internal.h @@ -42,10 +42,9 @@ extern "C" { * Message digest information. * Allows message digest functions to be called in a generic way. */ -struct mbedtls_md_info_t -{ +struct mbedtls_md_info_t { /** Name of the message digest */ - const char * name; + const char *name; /** Digest identifier */ mbedtls_md_type_t type; diff --git a/thirdparty/mbedtls/include/mbedtls/memory_buffer_alloc.h b/thirdparty/mbedtls/include/mbedtls/memory_buffer_alloc.h index 3954b36ab5..bc28252113 100644 --- a/thirdparty/mbedtls/include/mbedtls/memory_buffer_alloc.h +++ b/thirdparty/mbedtls/include/mbedtls/memory_buffer_alloc.h @@ -47,7 +47,8 @@ #define MBEDTLS_MEMORY_VERIFY_NONE 0 #define MBEDTLS_MEMORY_VERIFY_ALLOC (1 << 0) #define MBEDTLS_MEMORY_VERIFY_FREE (1 << 1) -#define MBEDTLS_MEMORY_VERIFY_ALWAYS (MBEDTLS_MEMORY_VERIFY_ALLOC | MBEDTLS_MEMORY_VERIFY_FREE) +#define MBEDTLS_MEMORY_VERIFY_ALWAYS (MBEDTLS_MEMORY_VERIFY_ALLOC | \ + MBEDTLS_MEMORY_VERIFY_FREE) #ifdef __cplusplus extern "C" { @@ -68,12 +69,12 @@ extern "C" { * \param buf buffer to use as heap * \param len size of the buffer */ -void mbedtls_memory_buffer_alloc_init( unsigned char *buf, size_t len ); +void mbedtls_memory_buffer_alloc_init(unsigned char *buf, size_t len); /** * \brief Free the mutex for thread-safety and clear remaining memory */ -void mbedtls_memory_buffer_alloc_free( void ); +void mbedtls_memory_buffer_alloc_free(void); /** * \brief Determine when the allocator should automatically verify the state @@ -83,7 +84,7 @@ void mbedtls_memory_buffer_alloc_free( void ); * \param verify One of MBEDTLS_MEMORY_VERIFY_NONE, MBEDTLS_MEMORY_VERIFY_ALLOC, * MBEDTLS_MEMORY_VERIFY_FREE or MBEDTLS_MEMORY_VERIFY_ALWAYS */ -void mbedtls_memory_buffer_set_verify( int verify ); +void mbedtls_memory_buffer_set_verify(int verify); #if defined(MBEDTLS_MEMORY_DEBUG) /** @@ -92,7 +93,7 @@ void mbedtls_memory_buffer_set_verify( int verify ); * Prints out a list of 'still allocated' blocks and their stack * trace if MBEDTLS_MEMORY_BACKTRACE is defined. */ -void mbedtls_memory_buffer_alloc_status( void ); +void mbedtls_memory_buffer_alloc_status(void); /** * \brief Get the peak heap usage so far @@ -102,12 +103,12 @@ void mbedtls_memory_buffer_alloc_status( void ); * into smaller blocks but larger than the requested size. * \param max_blocks Peak number of blocks in use, including free and used */ -void mbedtls_memory_buffer_alloc_max_get( size_t *max_used, size_t *max_blocks ); +void mbedtls_memory_buffer_alloc_max_get(size_t *max_used, size_t *max_blocks); /** * \brief Reset peak statistics */ -void mbedtls_memory_buffer_alloc_max_reset( void ); +void mbedtls_memory_buffer_alloc_max_reset(void); /** * \brief Get the current heap usage @@ -117,7 +118,7 @@ void mbedtls_memory_buffer_alloc_max_reset( void ); * into smaller blocks but larger than the requested size. * \param cur_blocks Current number of blocks in use, including free and used */ -void mbedtls_memory_buffer_alloc_cur_get( size_t *cur_used, size_t *cur_blocks ); +void mbedtls_memory_buffer_alloc_cur_get(size_t *cur_used, size_t *cur_blocks); #endif /* MBEDTLS_MEMORY_DEBUG */ /** @@ -131,7 +132,7 @@ void mbedtls_memory_buffer_alloc_cur_get( size_t *cur_used, size_t *cur_blocks ) * * \return 0 if verified, 1 otherwise */ -int mbedtls_memory_buffer_alloc_verify( void ); +int mbedtls_memory_buffer_alloc_verify(void); #if defined(MBEDTLS_SELF_TEST) /** @@ -139,7 +140,7 @@ int mbedtls_memory_buffer_alloc_verify( void ); * * \return 0 if successful, or 1 if a test failed */ -int mbedtls_memory_buffer_alloc_self_test( int verbose ); +int mbedtls_memory_buffer_alloc_self_test(int verbose); #endif #ifdef __cplusplus diff --git a/thirdparty/mbedtls/include/mbedtls/net_sockets.h b/thirdparty/mbedtls/include/mbedtls/net_sockets.h index ceb7d5f652..c8bcde0698 100644 --- a/thirdparty/mbedtls/include/mbedtls/net_sockets.h +++ b/thirdparty/mbedtls/include/mbedtls/net_sockets.h @@ -95,8 +95,7 @@ extern "C" { * (eg two file descriptors for combined IPv4 + IPv6 support, or additional * structures for hand-made UDP demultiplexing). */ -typedef struct mbedtls_net_context -{ +typedef struct mbedtls_net_context { int fd; /**< The underlying file descriptor */ } mbedtls_net_context; @@ -107,7 +106,7 @@ mbedtls_net_context; * * \param ctx Context to initialize */ -void mbedtls_net_init( mbedtls_net_context *ctx ); +void mbedtls_net_init(mbedtls_net_context *ctx); /** * \brief Initiate a connection with host:port in the given protocol @@ -124,7 +123,7 @@ void mbedtls_net_init( mbedtls_net_context *ctx ); * * \note Sets the socket in connected mode even with UDP. */ -int mbedtls_net_connect( mbedtls_net_context *ctx, const char *host, const char *port, int proto ); +int mbedtls_net_connect(mbedtls_net_context *ctx, const char *host, const char *port, int proto); /** * \brief Create a receiving socket on bind_ip:port in the chosen @@ -144,7 +143,7 @@ int mbedtls_net_connect( mbedtls_net_context *ctx, const char *host, const char * \note Regardless of the protocol, opens the sockets and binds it. * In addition, make the socket listening if protocol is TCP. */ -int mbedtls_net_bind( mbedtls_net_context *ctx, const char *bind_ip, const char *port, int proto ); +int mbedtls_net_bind(mbedtls_net_context *ctx, const char *bind_ip, const char *port, int proto); /** * \brief Accept a connection from a remote client @@ -164,9 +163,9 @@ int mbedtls_net_bind( mbedtls_net_context *ctx, const char *bind_ip, const char * MBEDTLS_ERR_SSL_WANT_READ if bind_fd was set to * non-blocking and accept() would block. */ -int mbedtls_net_accept( mbedtls_net_context *bind_ctx, - mbedtls_net_context *client_ctx, - void *client_ip, size_t buf_size, size_t *ip_len ); +int mbedtls_net_accept(mbedtls_net_context *bind_ctx, + mbedtls_net_context *client_ctx, + void *client_ip, size_t buf_size, size_t *ip_len); /** * \brief Check and wait for the context to be ready for read/write @@ -193,7 +192,7 @@ int mbedtls_net_accept( mbedtls_net_context *bind_ctx, * \return Bitmask composed of MBEDTLS_NET_POLL_READ/WRITE * on success or timeout, or a negative return code otherwise. */ -int mbedtls_net_poll( mbedtls_net_context *ctx, uint32_t rw, uint32_t timeout ); +int mbedtls_net_poll(mbedtls_net_context *ctx, uint32_t rw, uint32_t timeout); /** * \brief Set the socket blocking @@ -202,7 +201,7 @@ int mbedtls_net_poll( mbedtls_net_context *ctx, uint32_t rw, uint32_t timeout ); * * \return 0 if successful, or a non-zero error code */ -int mbedtls_net_set_block( mbedtls_net_context *ctx ); +int mbedtls_net_set_block(mbedtls_net_context *ctx); /** * \brief Set the socket non-blocking @@ -211,7 +210,7 @@ int mbedtls_net_set_block( mbedtls_net_context *ctx ); * * \return 0 if successful, or a non-zero error code */ -int mbedtls_net_set_nonblock( mbedtls_net_context *ctx ); +int mbedtls_net_set_nonblock(mbedtls_net_context *ctx); /** * \brief Portable usleep helper @@ -221,7 +220,7 @@ int mbedtls_net_set_nonblock( mbedtls_net_context *ctx ); * \note Real amount of time slept will not be less than * select()'s timeout granularity (typically, 10ms). */ -void mbedtls_net_usleep( unsigned long usec ); +void mbedtls_net_usleep(unsigned long usec); /** * \brief Read at most 'len' characters. If no error occurs, @@ -235,7 +234,7 @@ void mbedtls_net_usleep( unsigned long usec ); * or a non-zero error code; with a non-blocking socket, * MBEDTLS_ERR_SSL_WANT_READ indicates read() would block. */ -int mbedtls_net_recv( void *ctx, unsigned char *buf, size_t len ); +int mbedtls_net_recv(void *ctx, unsigned char *buf, size_t len); /** * \brief Write at most 'len' characters. If no error occurs, @@ -249,7 +248,7 @@ int mbedtls_net_recv( void *ctx, unsigned char *buf, size_t len ); * or a non-zero error code; with a non-blocking socket, * MBEDTLS_ERR_SSL_WANT_WRITE indicates write() would block. */ -int mbedtls_net_send( void *ctx, const unsigned char *buf, size_t len ); +int mbedtls_net_send(void *ctx, const unsigned char *buf, size_t len); /** * \brief Read at most 'len' characters, blocking for at most @@ -277,22 +276,22 @@ int mbedtls_net_send( void *ctx, const unsigned char *buf, size_t len ); * non-blocking. Handling timeouts with non-blocking reads * requires a different strategy. */ -int mbedtls_net_recv_timeout( void *ctx, unsigned char *buf, size_t len, - uint32_t timeout ); +int mbedtls_net_recv_timeout(void *ctx, unsigned char *buf, size_t len, + uint32_t timeout); /** * \brief Closes down the connection and free associated data * * \param ctx The context to close */ -void mbedtls_net_close( mbedtls_net_context *ctx ); +void mbedtls_net_close(mbedtls_net_context *ctx); /** * \brief Gracefully shutdown the connection and free associated data * * \param ctx The context to free */ -void mbedtls_net_free( mbedtls_net_context *ctx ); +void mbedtls_net_free(mbedtls_net_context *ctx); #ifdef __cplusplus } diff --git a/thirdparty/mbedtls/include/mbedtls/nist_kw.h b/thirdparty/mbedtls/include/mbedtls/nist_kw.h index 7f3e64a525..8d3a4a53b1 100644 --- a/thirdparty/mbedtls/include/mbedtls/nist_kw.h +++ b/thirdparty/mbedtls/include/mbedtls/nist_kw.h @@ -47,8 +47,7 @@ extern "C" { #endif -typedef enum -{ +typedef enum { MBEDTLS_KW_MODE_KW = 0, MBEDTLS_KW_MODE_KWP = 1 } mbedtls_nist_kw_mode_t; @@ -80,7 +79,7 @@ typedef struct { * \param ctx The key wrapping context to initialize. * */ -void mbedtls_nist_kw_init( mbedtls_nist_kw_context *ctx ); +void mbedtls_nist_kw_init(mbedtls_nist_kw_context *ctx); /** * \brief This function initializes the key wrapping context set in the @@ -98,11 +97,11 @@ void mbedtls_nist_kw_init( mbedtls_nist_kw_context *ctx ); * which are not supported. * \return cipher-specific error code on failure of the underlying cipher. */ -int mbedtls_nist_kw_setkey( mbedtls_nist_kw_context *ctx, - mbedtls_cipher_id_t cipher, - const unsigned char *key, - unsigned int keybits, - const int is_wrap ); +int mbedtls_nist_kw_setkey(mbedtls_nist_kw_context *ctx, + mbedtls_cipher_id_t cipher, + const unsigned char *key, + unsigned int keybits, + const int is_wrap); /** * \brief This function releases and clears the specified key wrapping context @@ -110,7 +109,7 @@ int mbedtls_nist_kw_setkey( mbedtls_nist_kw_context *ctx, * * \param ctx The key wrapping context to clear. */ -void mbedtls_nist_kw_free( mbedtls_nist_kw_context *ctx ); +void mbedtls_nist_kw_free(mbedtls_nist_kw_context *ctx); /** * \brief This function encrypts a buffer using key wrapping. @@ -133,9 +132,9 @@ void mbedtls_nist_kw_free( mbedtls_nist_kw_context *ctx ); * \return \c MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA for invalid input length. * \return cipher-specific error code on failure of the underlying cipher. */ -int mbedtls_nist_kw_wrap( mbedtls_nist_kw_context *ctx, mbedtls_nist_kw_mode_t mode, - const unsigned char *input, size_t in_len, - unsigned char *output, size_t* out_len, size_t out_size ); +int mbedtls_nist_kw_wrap(mbedtls_nist_kw_context *ctx, mbedtls_nist_kw_mode_t mode, + const unsigned char *input, size_t in_len, + unsigned char *output, size_t *out_len, size_t out_size); /** * \brief This function decrypts a buffer using key wrapping. @@ -160,9 +159,9 @@ int mbedtls_nist_kw_wrap( mbedtls_nist_kw_context *ctx, mbedtls_nist_kw_mode_t m * \return \c MBEDTLS_ERR_CIPHER_AUTH_FAILED for verification failure of the ciphertext. * \return cipher-specific error code on failure of the underlying cipher. */ -int mbedtls_nist_kw_unwrap( mbedtls_nist_kw_context *ctx, mbedtls_nist_kw_mode_t mode, - const unsigned char *input, size_t in_len, - unsigned char *output, size_t* out_len, size_t out_size); +int mbedtls_nist_kw_unwrap(mbedtls_nist_kw_context *ctx, mbedtls_nist_kw_mode_t mode, + const unsigned char *input, size_t in_len, + unsigned char *output, size_t *out_len, size_t out_size); #if defined(MBEDTLS_SELF_TEST) && defined(MBEDTLS_AES_C) @@ -172,7 +171,7 @@ int mbedtls_nist_kw_unwrap( mbedtls_nist_kw_context *ctx, mbedtls_nist_kw_mode_t * \return \c 0 on success. * \return \c 1 on failure. */ -int mbedtls_nist_kw_self_test( int verbose ); +int mbedtls_nist_kw_self_test(int verbose); #endif /* MBEDTLS_SELF_TEST && MBEDTLS_AES_C */ #ifdef __cplusplus diff --git a/thirdparty/mbedtls/include/mbedtls/oid.h b/thirdparty/mbedtls/include/mbedtls/oid.h index 0186217804..a64eaebef2 100644 --- a/thirdparty/mbedtls/include/mbedtls/oid.h +++ b/thirdparty/mbedtls/include/mbedtls/oid.h @@ -82,10 +82,10 @@ #define MBEDTLS_OID_COUNTRY_US "\x86\x48" /* {us(840)} */ #define MBEDTLS_OID_ORG_RSA_DATA_SECURITY "\x86\xf7\x0d" /* {rsadsi(113549)} */ #define MBEDTLS_OID_RSA_COMPANY MBEDTLS_OID_ISO_MEMBER_BODIES MBEDTLS_OID_COUNTRY_US \ - MBEDTLS_OID_ORG_RSA_DATA_SECURITY /* {iso(1) member-body(2) us(840) rsadsi(113549)} */ + MBEDTLS_OID_ORG_RSA_DATA_SECURITY /* {iso(1) member-body(2) us(840) rsadsi(113549)} */ #define MBEDTLS_OID_ORG_ANSI_X9_62 "\xce\x3d" /* ansi-X9-62(10045) */ #define MBEDTLS_OID_ANSI_X9_62 MBEDTLS_OID_ISO_MEMBER_BODIES MBEDTLS_OID_COUNTRY_US \ - MBEDTLS_OID_ORG_ANSI_X9_62 + MBEDTLS_OID_ORG_ANSI_X9_62 /* * ISO Identified organization OID parts @@ -96,15 +96,18 @@ #define MBEDTLS_OID_OIW_SECSIG_ALG MBEDTLS_OID_OIW_SECSIG "\x02" #define MBEDTLS_OID_OIW_SECSIG_SHA1 MBEDTLS_OID_OIW_SECSIG_ALG "\x1a" #define MBEDTLS_OID_ORG_CERTICOM "\x81\x04" /* certicom(132) */ -#define MBEDTLS_OID_CERTICOM MBEDTLS_OID_ISO_IDENTIFIED_ORG MBEDTLS_OID_ORG_CERTICOM +#define MBEDTLS_OID_CERTICOM MBEDTLS_OID_ISO_IDENTIFIED_ORG \ + MBEDTLS_OID_ORG_CERTICOM #define MBEDTLS_OID_ORG_TELETRUST "\x24" /* teletrust(36) */ -#define MBEDTLS_OID_TELETRUST MBEDTLS_OID_ISO_IDENTIFIED_ORG MBEDTLS_OID_ORG_TELETRUST +#define MBEDTLS_OID_TELETRUST MBEDTLS_OID_ISO_IDENTIFIED_ORG \ + MBEDTLS_OID_ORG_TELETRUST /* * ISO ITU OID parts */ #define MBEDTLS_OID_ORGANIZATION "\x01" /* {organization(1)} */ -#define MBEDTLS_OID_ISO_ITU_US_ORG MBEDTLS_OID_ISO_ITU_COUNTRY MBEDTLS_OID_COUNTRY_US MBEDTLS_OID_ORGANIZATION /* {joint-iso-itu-t(2) country(16) us(840) organization(1)} */ +#define MBEDTLS_OID_ISO_ITU_US_ORG MBEDTLS_OID_ISO_ITU_COUNTRY MBEDTLS_OID_COUNTRY_US \ + MBEDTLS_OID_ORGANIZATION /* {joint-iso-itu-t(2) country(16) us(840) organization(1)} */ #define MBEDTLS_OID_ORG_GOV "\x65" /* {gov(101)} */ #define MBEDTLS_OID_GOV MBEDTLS_OID_ISO_ITU_US_ORG MBEDTLS_OID_ORG_GOV /* {joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101)} */ @@ -122,7 +125,8 @@ * { iso(1) identified-organization(3) dod(6) internet(1) * security(5) mechanisms(5) pkix(7) } */ -#define MBEDTLS_OID_INTERNET MBEDTLS_OID_ISO_IDENTIFIED_ORG MBEDTLS_OID_ORG_DOD "\x01" +#define MBEDTLS_OID_INTERNET MBEDTLS_OID_ISO_IDENTIFIED_ORG MBEDTLS_OID_ORG_DOD \ + "\x01" #define MBEDTLS_OID_PKIX MBEDTLS_OID_INTERNET "\x05\x05\x07" /* @@ -254,7 +258,8 @@ #define MBEDTLS_OID_DIGEST_ALG_MD2 MBEDTLS_OID_RSA_COMPANY "\x02\x02" /**< id-mbedtls_md2 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 2 } */ #define MBEDTLS_OID_DIGEST_ALG_MD4 MBEDTLS_OID_RSA_COMPANY "\x02\x04" /**< id-mbedtls_md4 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 4 } */ #define MBEDTLS_OID_DIGEST_ALG_MD5 MBEDTLS_OID_RSA_COMPANY "\x02\x05" /**< id-mbedtls_md5 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 5 } */ -#define MBEDTLS_OID_DIGEST_ALG_SHA1 MBEDTLS_OID_ISO_IDENTIFIED_ORG MBEDTLS_OID_OIW_SECSIG_SHA1 /**< id-mbedtls_sha1 OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) oiw(14) secsig(3) algorithms(2) 26 } */ +#define MBEDTLS_OID_DIGEST_ALG_SHA1 MBEDTLS_OID_ISO_IDENTIFIED_ORG \ + MBEDTLS_OID_OIW_SECSIG_SHA1 /**< id-mbedtls_sha1 OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) oiw(14) secsig(3) algorithms(2) 26 } */ #define MBEDTLS_OID_DIGEST_ALG_SHA224 MBEDTLS_OID_NIST_ALG "\x02\x04" /**< id-sha224 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistalgorithm(4) hashalgs(2) 4 } */ #define MBEDTLS_OID_DIGEST_ALG_SHA256 MBEDTLS_OID_NIST_ALG "\x02\x01" /**< id-mbedtls_sha256 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistalgorithm(4) hashalgs(2) 1 } */ @@ -277,7 +282,8 @@ /* * Encryption algorithms */ -#define MBEDTLS_OID_DES_CBC MBEDTLS_OID_ISO_IDENTIFIED_ORG MBEDTLS_OID_OIW_SECSIG_ALG "\x07" /**< desCBC OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) oiw(14) secsig(3) algorithms(2) 7 } */ +#define MBEDTLS_OID_DES_CBC MBEDTLS_OID_ISO_IDENTIFIED_ORG \ + MBEDTLS_OID_OIW_SECSIG_ALG "\x07" /**< desCBC OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) oiw(14) secsig(3) algorithms(2) 7 } */ #define MBEDTLS_OID_DES_EDE3_CBC MBEDTLS_OID_RSA_COMPANY "\x03\x07" /**< des-ede3-cbc OBJECT IDENTIFIER ::= { iso(1) member-body(2) -- us(840) rsadsi(113549) encryptionAlgorithm(3) 7 } */ #define MBEDTLS_OID_AES MBEDTLS_OID_NIST_ALG "\x01" /** aes OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithm(4) 1 } */ @@ -439,8 +445,7 @@ extern "C" { /** * \brief Base OID descriptor structure */ -typedef struct mbedtls_oid_descriptor_t -{ +typedef struct mbedtls_oid_descriptor_t { const char *asn1; /*!< OID ASN.1 representation */ size_t asn1_len; /*!< length of asn1 */ const char *name; /*!< official name (e.g. from RFC) */ @@ -458,7 +463,7 @@ typedef struct mbedtls_oid_descriptor_t * \return Length of the string written (excluding final NULL) or * MBEDTLS_ERR_OID_BUF_TOO_SMALL in case of error */ -int mbedtls_oid_get_numeric_string( char *buf, size_t size, const mbedtls_asn1_buf *oid ); +int mbedtls_oid_get_numeric_string(char *buf, size_t size, const mbedtls_asn1_buf *oid); /** * \brief Translate an X.509 extension OID into local values @@ -468,7 +473,7 @@ int mbedtls_oid_get_numeric_string( char *buf, size_t size, const mbedtls_asn1_b * * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND */ -int mbedtls_oid_get_x509_ext_type( const mbedtls_asn1_buf *oid, int *ext_type ); +int mbedtls_oid_get_x509_ext_type(const mbedtls_asn1_buf *oid, int *ext_type); /** * \brief Translate an X.509 attribute type OID into the short name @@ -479,7 +484,7 @@ int mbedtls_oid_get_x509_ext_type( const mbedtls_asn1_buf *oid, int *ext_type ); * * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND */ -int mbedtls_oid_get_attr_short_name( const mbedtls_asn1_buf *oid, const char **short_name ); +int mbedtls_oid_get_attr_short_name(const mbedtls_asn1_buf *oid, const char **short_name); /** * \brief Translate PublicKeyAlgorithm OID into pk_type @@ -489,7 +494,7 @@ int mbedtls_oid_get_attr_short_name( const mbedtls_asn1_buf *oid, const char **s * * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND */ -int mbedtls_oid_get_pk_alg( const mbedtls_asn1_buf *oid, mbedtls_pk_type_t *pk_alg ); +int mbedtls_oid_get_pk_alg(const mbedtls_asn1_buf *oid, mbedtls_pk_type_t *pk_alg); /** * \brief Translate pk_type into PublicKeyAlgorithm OID @@ -500,8 +505,8 @@ int mbedtls_oid_get_pk_alg( const mbedtls_asn1_buf *oid, mbedtls_pk_type_t *pk_a * * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND */ -int mbedtls_oid_get_oid_by_pk_alg( mbedtls_pk_type_t pk_alg, - const char **oid, size_t *olen ); +int mbedtls_oid_get_oid_by_pk_alg(mbedtls_pk_type_t pk_alg, + const char **oid, size_t *olen); #if defined(MBEDTLS_ECP_C) /** @@ -512,7 +517,7 @@ int mbedtls_oid_get_oid_by_pk_alg( mbedtls_pk_type_t pk_alg, * * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND */ -int mbedtls_oid_get_ec_grp( const mbedtls_asn1_buf *oid, mbedtls_ecp_group_id *grp_id ); +int mbedtls_oid_get_ec_grp(const mbedtls_asn1_buf *oid, mbedtls_ecp_group_id *grp_id); /** * \brief Translate EC group identifier into NamedCurve OID @@ -523,8 +528,8 @@ int mbedtls_oid_get_ec_grp( const mbedtls_asn1_buf *oid, mbedtls_ecp_group_id *g * * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND */ -int mbedtls_oid_get_oid_by_ec_grp( mbedtls_ecp_group_id grp_id, - const char **oid, size_t *olen ); +int mbedtls_oid_get_oid_by_ec_grp(mbedtls_ecp_group_id grp_id, + const char **oid, size_t *olen); #endif /* MBEDTLS_ECP_C */ #if defined(MBEDTLS_MD_C) @@ -537,8 +542,8 @@ int mbedtls_oid_get_oid_by_ec_grp( mbedtls_ecp_group_id grp_id, * * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND */ -int mbedtls_oid_get_sig_alg( const mbedtls_asn1_buf *oid, - mbedtls_md_type_t *md_alg, mbedtls_pk_type_t *pk_alg ); +int mbedtls_oid_get_sig_alg(const mbedtls_asn1_buf *oid, + mbedtls_md_type_t *md_alg, mbedtls_pk_type_t *pk_alg); /** * \brief Translate SignatureAlgorithm OID into description @@ -548,7 +553,7 @@ int mbedtls_oid_get_sig_alg( const mbedtls_asn1_buf *oid, * * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND */ -int mbedtls_oid_get_sig_alg_desc( const mbedtls_asn1_buf *oid, const char **desc ); +int mbedtls_oid_get_sig_alg_desc(const mbedtls_asn1_buf *oid, const char **desc); /** * \brief Translate md_type and pk_type into SignatureAlgorithm OID @@ -560,8 +565,8 @@ int mbedtls_oid_get_sig_alg_desc( const mbedtls_asn1_buf *oid, const char **desc * * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND */ -int mbedtls_oid_get_oid_by_sig_alg( mbedtls_pk_type_t pk_alg, mbedtls_md_type_t md_alg, - const char **oid, size_t *olen ); +int mbedtls_oid_get_oid_by_sig_alg(mbedtls_pk_type_t pk_alg, mbedtls_md_type_t md_alg, + const char **oid, size_t *olen); /** * \brief Translate hash algorithm OID into md_type @@ -571,7 +576,7 @@ int mbedtls_oid_get_oid_by_sig_alg( mbedtls_pk_type_t pk_alg, mbedtls_md_type_t * * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND */ -int mbedtls_oid_get_md_alg( const mbedtls_asn1_buf *oid, mbedtls_md_type_t *md_alg ); +int mbedtls_oid_get_md_alg(const mbedtls_asn1_buf *oid, mbedtls_md_type_t *md_alg); /** * \brief Translate hmac algorithm OID into md_type @@ -581,7 +586,7 @@ int mbedtls_oid_get_md_alg( const mbedtls_asn1_buf *oid, mbedtls_md_type_t *md_a * * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND */ -int mbedtls_oid_get_md_hmac( const mbedtls_asn1_buf *oid, mbedtls_md_type_t *md_hmac ); +int mbedtls_oid_get_md_hmac(const mbedtls_asn1_buf *oid, mbedtls_md_type_t *md_hmac); #endif /* MBEDTLS_MD_C */ /** @@ -592,7 +597,7 @@ int mbedtls_oid_get_md_hmac( const mbedtls_asn1_buf *oid, mbedtls_md_type_t *md_ * * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND */ -int mbedtls_oid_get_extended_key_usage( const mbedtls_asn1_buf *oid, const char **desc ); +int mbedtls_oid_get_extended_key_usage(const mbedtls_asn1_buf *oid, const char **desc); /** * \brief Translate certificate policies OID into description @@ -602,7 +607,7 @@ int mbedtls_oid_get_extended_key_usage( const mbedtls_asn1_buf *oid, const char * * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND */ -int mbedtls_oid_get_certificate_policies( const mbedtls_asn1_buf *oid, const char **desc ); +int mbedtls_oid_get_certificate_policies(const mbedtls_asn1_buf *oid, const char **desc); /** * \brief Translate md_type into hash algorithm OID @@ -613,7 +618,7 @@ int mbedtls_oid_get_certificate_policies( const mbedtls_asn1_buf *oid, const cha * * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND */ -int mbedtls_oid_get_oid_by_md( mbedtls_md_type_t md_alg, const char **oid, size_t *olen ); +int mbedtls_oid_get_oid_by_md(mbedtls_md_type_t md_alg, const char **oid, size_t *olen); #if defined(MBEDTLS_CIPHER_C) /** @@ -624,7 +629,7 @@ int mbedtls_oid_get_oid_by_md( mbedtls_md_type_t md_alg, const char **oid, size_ * * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND */ -int mbedtls_oid_get_cipher_alg( const mbedtls_asn1_buf *oid, mbedtls_cipher_type_t *cipher_alg ); +int mbedtls_oid_get_cipher_alg(const mbedtls_asn1_buf *oid, mbedtls_cipher_type_t *cipher_alg); #endif /* MBEDTLS_CIPHER_C */ #if defined(MBEDTLS_PKCS12_C) @@ -638,8 +643,8 @@ int mbedtls_oid_get_cipher_alg( const mbedtls_asn1_buf *oid, mbedtls_cipher_type * * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND */ -int mbedtls_oid_get_pkcs12_pbe_alg( const mbedtls_asn1_buf *oid, mbedtls_md_type_t *md_alg, - mbedtls_cipher_type_t *cipher_alg ); +int mbedtls_oid_get_pkcs12_pbe_alg(const mbedtls_asn1_buf *oid, mbedtls_md_type_t *md_alg, + mbedtls_cipher_type_t *cipher_alg); #endif /* MBEDTLS_PKCS12_C */ #ifdef __cplusplus diff --git a/thirdparty/mbedtls/include/mbedtls/padlock.h b/thirdparty/mbedtls/include/mbedtls/padlock.h index 624d02dff5..01069ea7dd 100644 --- a/thirdparty/mbedtls/include/mbedtls/padlock.h +++ b/thirdparty/mbedtls/include/mbedtls/padlock.h @@ -74,7 +74,7 @@ extern "C" { * * \return non-zero if CPU has support for the feature, 0 otherwise */ -int mbedtls_padlock_has_support( int feature ); +int mbedtls_padlock_has_support(int feature); /** * \brief Internal PadLock AES-ECB block en(de)cryption @@ -89,10 +89,10 @@ int mbedtls_padlock_has_support( int feature ); * * \return 0 if success, 1 if operation failed */ -int mbedtls_padlock_xcryptecb( mbedtls_aes_context *ctx, - int mode, - const unsigned char input[16], - unsigned char output[16] ); +int mbedtls_padlock_xcryptecb(mbedtls_aes_context *ctx, + int mode, + const unsigned char input[16], + unsigned char output[16]); /** * \brief Internal PadLock AES-CBC buffer en(de)cryption @@ -109,12 +109,12 @@ int mbedtls_padlock_xcryptecb( mbedtls_aes_context *ctx, * * \return 0 if success, 1 if operation failed */ -int mbedtls_padlock_xcryptcbc( mbedtls_aes_context *ctx, - int mode, - size_t length, - unsigned char iv[16], - const unsigned char *input, - unsigned char *output ); +int mbedtls_padlock_xcryptcbc(mbedtls_aes_context *ctx, + int mode, + size_t length, + unsigned char iv[16], + const unsigned char *input, + unsigned char *output); #ifdef __cplusplus } diff --git a/thirdparty/mbedtls/include/mbedtls/pem.h b/thirdparty/mbedtls/include/mbedtls/pem.h index daa71c886b..fee32a3bdb 100644 --- a/thirdparty/mbedtls/include/mbedtls/pem.h +++ b/thirdparty/mbedtls/include/mbedtls/pem.h @@ -64,8 +64,7 @@ extern "C" { /** * \brief PEM context structure */ -typedef struct mbedtls_pem_context -{ +typedef struct mbedtls_pem_context { unsigned char *buf; /*!< buffer for decoded data */ size_t buflen; /*!< length of the buffer */ unsigned char *info; /*!< buffer for extra header information */ @@ -77,7 +76,7 @@ mbedtls_pem_context; * * \param ctx context to be initialized */ -void mbedtls_pem_init( mbedtls_pem_context *ctx ); +void mbedtls_pem_init(mbedtls_pem_context *ctx); /** * \brief Read a buffer for PEM information and store the resulting @@ -101,17 +100,17 @@ void mbedtls_pem_init( mbedtls_pem_context *ctx ); * * \return 0 on success, or a specific PEM error code */ -int mbedtls_pem_read_buffer( mbedtls_pem_context *ctx, const char *header, const char *footer, - const unsigned char *data, - const unsigned char *pwd, - size_t pwdlen, size_t *use_len ); +int mbedtls_pem_read_buffer(mbedtls_pem_context *ctx, const char *header, const char *footer, + const unsigned char *data, + const unsigned char *pwd, + size_t pwdlen, size_t *use_len); /** * \brief PEM context memory freeing * * \param ctx context to be freed */ -void mbedtls_pem_free( mbedtls_pem_context *ctx ); +void mbedtls_pem_free(mbedtls_pem_context *ctx); #endif /* MBEDTLS_PEM_PARSE_C */ #if defined(MBEDTLS_PEM_WRITE_C) @@ -141,9 +140,9 @@ void mbedtls_pem_free( mbedtls_pem_context *ctx ); * the required minimum size of \p buf. * \return Another PEM or BASE64 error code on other kinds of failure. */ -int mbedtls_pem_write_buffer( const char *header, const char *footer, - const unsigned char *der_data, size_t der_len, - unsigned char *buf, size_t buf_len, size_t *olen ); +int mbedtls_pem_write_buffer(const char *header, const char *footer, + const unsigned char *der_data, size_t der_len, + unsigned char *buf, size_t buf_len, size_t *olen); #endif /* MBEDTLS_PEM_WRITE_C */ #ifdef __cplusplus diff --git a/thirdparty/mbedtls/include/mbedtls/pk.h b/thirdparty/mbedtls/include/mbedtls/pk.h index c9a13f484e..ec83551368 100644 --- a/thirdparty/mbedtls/include/mbedtls/pk.h +++ b/thirdparty/mbedtls/include/mbedtls/pk.h @@ -47,7 +47,7 @@ #include "psa/crypto.h" #endif -#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \ +#if (defined(__ARMCC_VERSION) || defined(_MSC_VER)) && \ !defined(inline) && !defined(__cplusplus) #define inline __inline #endif @@ -107,8 +107,7 @@ typedef enum { * \brief Options for RSASSA-PSS signature verification. * See \c mbedtls_rsa_rsassa_pss_verify_ext() */ -typedef struct mbedtls_pk_rsassa_pss_options -{ +typedef struct mbedtls_pk_rsassa_pss_options { mbedtls_md_type_t mgf1_hash_id; int expected_salt_len; @@ -128,7 +127,7 @@ typedef struct mbedtls_pk_rsassa_pss_options */ #define MBEDTLS_PK_SIGNATURE_MAX_SIZE 0 -#if ( defined(MBEDTLS_RSA_C) || defined(MBEDTLS_PK_RSA_ALT_SUPPORT) ) && \ +#if (defined(MBEDTLS_RSA_C) || defined(MBEDTLS_PK_RSA_ALT_SUPPORT)) && \ MBEDTLS_MPI_MAX_SIZE > MBEDTLS_PK_SIGNATURE_MAX_SIZE /* For RSA, the signature can be as large as the bignum module allows. * For RSA_ALT, the signature size is not necessarily tied to what the @@ -162,15 +161,14 @@ typedef struct mbedtls_pk_rsassa_pss_options * types, lengths (represented by up to 2 bytes), and potential leading * zeros of the INTEGERs and the SEQUENCE. */ #undef MBEDTLS_PK_SIGNATURE_MAX_SIZE -#define MBEDTLS_PK_SIGNATURE_MAX_SIZE ( PSA_VENDOR_ECDSA_SIGNATURE_MAX_SIZE + 11 ) +#define MBEDTLS_PK_SIGNATURE_MAX_SIZE (PSA_VENDOR_ECDSA_SIGNATURE_MAX_SIZE + 11) #endif #endif /* defined(MBEDTLS_USE_PSA_CRYPTO) */ /** * \brief Types for interfacing with the debug module */ -typedef enum -{ +typedef enum { MBEDTLS_PK_DEBUG_NONE = 0, MBEDTLS_PK_DEBUG_MPI, MBEDTLS_PK_DEBUG_ECP, @@ -179,8 +177,7 @@ typedef enum /** * \brief Item to send to the debug module */ -typedef struct mbedtls_pk_debug_item -{ +typedef struct mbedtls_pk_debug_item { mbedtls_pk_debug_type type; const char *name; void *value; @@ -197,20 +194,18 @@ typedef struct mbedtls_pk_info_t mbedtls_pk_info_t; /** * \brief Public key container */ -typedef struct mbedtls_pk_context -{ - const mbedtls_pk_info_t * pk_info; /**< Public key information */ - void * pk_ctx; /**< Underlying public key context */ +typedef struct mbedtls_pk_context { + const mbedtls_pk_info_t *pk_info; /**< Public key information */ + void *pk_ctx; /**< Underlying public key context */ } mbedtls_pk_context; #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) /** * \brief Context for resuming operations */ -typedef struct -{ - const mbedtls_pk_info_t * pk_info; /**< Public key information */ - void * rs_ctx; /**< Underlying restart context */ +typedef struct { + const mbedtls_pk_info_t *pk_info; /**< Public key information */ + void *rs_ctx; /**< Underlying restart context */ } mbedtls_pk_restart_ctx; #else /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */ /* Now we can declare functions that take a pointer to that */ @@ -221,14 +216,16 @@ typedef void mbedtls_pk_restart_ctx; /** * \brief Types for RSA-alt abstraction */ -typedef int (*mbedtls_pk_rsa_alt_decrypt_func)( void *ctx, int mode, size_t *olen, - const unsigned char *input, unsigned char *output, - size_t output_max_len ); -typedef int (*mbedtls_pk_rsa_alt_sign_func)( void *ctx, - int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, - int mode, mbedtls_md_type_t md_alg, unsigned int hashlen, - const unsigned char *hash, unsigned char *sig ); -typedef size_t (*mbedtls_pk_rsa_alt_key_len_func)( void *ctx ); +typedef int (*mbedtls_pk_rsa_alt_decrypt_func)(void *ctx, int mode, size_t *olen, + const unsigned char *input, unsigned char *output, + size_t output_max_len); +typedef int (*mbedtls_pk_rsa_alt_sign_func)(void *ctx, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng, + int mode, mbedtls_md_type_t md_alg, + unsigned int hashlen, + const unsigned char *hash, unsigned char *sig); +typedef size_t (*mbedtls_pk_rsa_alt_key_len_func)(void *ctx); #endif /* MBEDTLS_PK_RSA_ALT_SUPPORT */ /** @@ -238,7 +235,7 @@ typedef size_t (*mbedtls_pk_rsa_alt_key_len_func)( void *ctx ); * * \return The PK info associated with the type or NULL if not found. */ -const mbedtls_pk_info_t *mbedtls_pk_info_from_type( mbedtls_pk_type_t pk_type ); +const mbedtls_pk_info_t *mbedtls_pk_info_from_type(mbedtls_pk_type_t pk_type); /** * \brief Initialize a #mbedtls_pk_context (as NONE). @@ -246,7 +243,7 @@ const mbedtls_pk_info_t *mbedtls_pk_info_from_type( mbedtls_pk_type_t pk_type ); * \param ctx The context to initialize. * This must not be \c NULL. */ -void mbedtls_pk_init( mbedtls_pk_context *ctx ); +void mbedtls_pk_init(mbedtls_pk_context *ctx); /** * \brief Free the components of a #mbedtls_pk_context. @@ -259,7 +256,7 @@ void mbedtls_pk_init( mbedtls_pk_context *ctx ); * PSA key and you still need to call psa_destroy_key() * independently if you want to destroy that key. */ -void mbedtls_pk_free( mbedtls_pk_context *ctx ); +void mbedtls_pk_free(mbedtls_pk_context *ctx); #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) /** @@ -268,7 +265,7 @@ void mbedtls_pk_free( mbedtls_pk_context *ctx ); * \param ctx The context to initialize. * This must not be \c NULL. */ -void mbedtls_pk_restart_init( mbedtls_pk_restart_ctx *ctx ); +void mbedtls_pk_restart_init(mbedtls_pk_restart_ctx *ctx); /** * \brief Free the components of a restart context @@ -276,7 +273,7 @@ void mbedtls_pk_restart_init( mbedtls_pk_restart_ctx *ctx ); * \param ctx The context to clear. It must have been initialized. * If this is \c NULL, this function does nothing. */ -void mbedtls_pk_restart_free( mbedtls_pk_restart_ctx *ctx ); +void mbedtls_pk_restart_free(mbedtls_pk_restart_ctx *ctx); #endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */ /** @@ -294,7 +291,7 @@ void mbedtls_pk_restart_free( mbedtls_pk_restart_ctx *ctx ); * \note For contexts holding an RSA-alt key, use * \c mbedtls_pk_setup_rsa_alt() instead. */ -int mbedtls_pk_setup( mbedtls_pk_context *ctx, const mbedtls_pk_info_t *info ); +int mbedtls_pk_setup(mbedtls_pk_context *ctx, const mbedtls_pk_info_t *info); #if defined(MBEDTLS_USE_PSA_CRYPTO) /** @@ -325,8 +322,8 @@ int mbedtls_pk_setup( mbedtls_pk_context *ctx, const mbedtls_pk_info_t *info ); * ECC key pair. * \return #MBEDTLS_ERR_PK_ALLOC_FAILED on allocation failure. */ -int mbedtls_pk_setup_opaque( mbedtls_pk_context *ctx, - const psa_key_id_t key ); +int mbedtls_pk_setup_opaque(mbedtls_pk_context *ctx, + const psa_key_id_t key); #endif /* MBEDTLS_USE_PSA_CRYPTO */ #if defined(MBEDTLS_PK_RSA_ALT_SUPPORT) @@ -345,10 +342,10 @@ int mbedtls_pk_setup_opaque( mbedtls_pk_context *ctx, * * \note This function replaces \c mbedtls_pk_setup() for RSA-alt. */ -int mbedtls_pk_setup_rsa_alt( mbedtls_pk_context *ctx, void * key, - mbedtls_pk_rsa_alt_decrypt_func decrypt_func, - mbedtls_pk_rsa_alt_sign_func sign_func, - mbedtls_pk_rsa_alt_key_len_func key_len_func ); +int mbedtls_pk_setup_rsa_alt(mbedtls_pk_context *ctx, void *key, + mbedtls_pk_rsa_alt_decrypt_func decrypt_func, + mbedtls_pk_rsa_alt_sign_func sign_func, + mbedtls_pk_rsa_alt_key_len_func key_len_func); #endif /* MBEDTLS_PK_RSA_ALT_SUPPORT */ /** @@ -358,7 +355,7 @@ int mbedtls_pk_setup_rsa_alt( mbedtls_pk_context *ctx, void * key, * * \return Key size in bits, or 0 on error */ -size_t mbedtls_pk_get_bitlen( const mbedtls_pk_context *ctx ); +size_t mbedtls_pk_get_bitlen(const mbedtls_pk_context *ctx); /** * \brief Get the length in bytes of the underlying key @@ -367,9 +364,9 @@ size_t mbedtls_pk_get_bitlen( const mbedtls_pk_context *ctx ); * * \return Key length in bytes, or 0 on error */ -static inline size_t mbedtls_pk_get_len( const mbedtls_pk_context *ctx ) +static inline size_t mbedtls_pk_get_len(const mbedtls_pk_context *ctx) { - return( ( mbedtls_pk_get_bitlen( ctx ) + 7 ) / 8 ); + return (mbedtls_pk_get_bitlen(ctx) + 7) / 8; } /** @@ -384,7 +381,7 @@ static inline size_t mbedtls_pk_get_len( const mbedtls_pk_context *ctx ) * been initialized but not set up, or that has been * cleared with mbedtls_pk_free(). */ -int mbedtls_pk_can_do( const mbedtls_pk_context *ctx, mbedtls_pk_type_t type ); +int mbedtls_pk_can_do(const mbedtls_pk_context *ctx, mbedtls_pk_type_t type); /** * \brief Verify signature (including padding if relevant). @@ -405,14 +402,19 @@ int mbedtls_pk_can_do( const mbedtls_pk_context *ctx, mbedtls_pk_type_t type ); * Use \c mbedtls_pk_verify_ext( MBEDTLS_PK_RSASSA_PSS, ... ) * to verify RSASSA_PSS signatures. * + * \note If #MBEDTLS_USE_PSA_CRYPTO is enabled, the PSA crypto + * subsystem must have been initialized by calling + * psa_crypto_init() before calling this function, + * if the key might be an ECC (ECDSA) key. + * * \note If hash_len is 0, then the length associated with md_alg * is used instead, or an error returned if it is invalid. * * \note md_alg may be MBEDTLS_MD_NONE, only if hash_len != 0 */ -int mbedtls_pk_verify( mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg, - const unsigned char *hash, size_t hash_len, - const unsigned char *sig, size_t sig_len ); +int mbedtls_pk_verify(mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg, + const unsigned char *hash, size_t hash_len, + const unsigned char *sig, size_t sig_len); /** * \brief Restartable version of \c mbedtls_pk_verify() @@ -434,11 +436,11 @@ int mbedtls_pk_verify( mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg, * \return #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of * operations was reached: see \c mbedtls_ecp_set_max_ops(). */ -int mbedtls_pk_verify_restartable( mbedtls_pk_context *ctx, - mbedtls_md_type_t md_alg, - const unsigned char *hash, size_t hash_len, - const unsigned char *sig, size_t sig_len, - mbedtls_pk_restart_ctx *rs_ctx ); +int mbedtls_pk_verify_restartable(mbedtls_pk_context *ctx, + mbedtls_md_type_t md_alg, + const unsigned char *hash, size_t hash_len, + const unsigned char *sig, size_t sig_len, + mbedtls_pk_restart_ctx *rs_ctx); /** * \brief Verify signature, with options. @@ -469,10 +471,10 @@ int mbedtls_pk_verify_restartable( mbedtls_pk_context *ctx, * to a mbedtls_pk_rsassa_pss_options structure, * otherwise it must be NULL. */ -int mbedtls_pk_verify_ext( mbedtls_pk_type_t type, const void *options, - mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg, - const unsigned char *hash, size_t hash_len, - const unsigned char *sig, size_t sig_len ); +int mbedtls_pk_verify_ext(mbedtls_pk_type_t type, const void *options, + mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg, + const unsigned char *hash, size_t hash_len, + const unsigned char *sig, size_t sig_len); /** * \brief Make signature, including padding if relevant. @@ -504,10 +506,10 @@ int mbedtls_pk_verify_ext( mbedtls_pk_type_t type, const void *options, * \note For RSA, md_alg may be MBEDTLS_MD_NONE if hash_len != 0. * For ECDSA, md_alg may never be MBEDTLS_MD_NONE. */ -int mbedtls_pk_sign( mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg, - const unsigned char *hash, size_t hash_len, - unsigned char *sig, size_t *sig_len, - int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ); +int mbedtls_pk_sign(mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg, + const unsigned char *hash, size_t hash_len, + unsigned char *sig, size_t *sig_len, + int (*f_rng)(void *, unsigned char *, size_t), void *p_rng); /** * \brief Restartable version of \c mbedtls_pk_sign() @@ -537,12 +539,12 @@ int mbedtls_pk_sign( mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg, * \return #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of * operations was reached: see \c mbedtls_ecp_set_max_ops(). */ -int mbedtls_pk_sign_restartable( mbedtls_pk_context *ctx, - mbedtls_md_type_t md_alg, - const unsigned char *hash, size_t hash_len, - unsigned char *sig, size_t *sig_len, - int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, - mbedtls_pk_restart_ctx *rs_ctx ); +int mbedtls_pk_sign_restartable(mbedtls_pk_context *ctx, + mbedtls_md_type_t md_alg, + const unsigned char *hash, size_t hash_len, + unsigned char *sig, size_t *sig_len, + int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, + mbedtls_pk_restart_ctx *rs_ctx); /** * \brief Decrypt message (including padding if relevant). @@ -561,10 +563,10 @@ int mbedtls_pk_sign_restartable( mbedtls_pk_context *ctx, * * \return 0 on success, or a specific error code. */ -int mbedtls_pk_decrypt( mbedtls_pk_context *ctx, - const unsigned char *input, size_t ilen, - unsigned char *output, size_t *olen, size_t osize, - int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ); +int mbedtls_pk_decrypt(mbedtls_pk_context *ctx, + const unsigned char *input, size_t ilen, + unsigned char *output, size_t *olen, size_t osize, + int (*f_rng)(void *, unsigned char *, size_t), void *p_rng); /** * \brief Encrypt message (including padding if relevant). @@ -582,10 +584,10 @@ int mbedtls_pk_decrypt( mbedtls_pk_context *ctx, * * \return 0 on success, or a specific error code. */ -int mbedtls_pk_encrypt( mbedtls_pk_context *ctx, - const unsigned char *input, size_t ilen, - unsigned char *output, size_t *olen, size_t osize, - int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ); +int mbedtls_pk_encrypt(mbedtls_pk_context *ctx, + const unsigned char *input, size_t ilen, + unsigned char *output, size_t *olen, size_t osize, + int (*f_rng)(void *, unsigned char *, size_t), void *p_rng); /** * \brief Check if a public-private pair of keys matches. @@ -599,7 +601,7 @@ int mbedtls_pk_encrypt( mbedtls_pk_context *ctx, * \return #MBEDTLS_ERR_PK_BAD_INPUT_DATA if a context is invalid. * \return Another non-zero value if the keys do not match. */ -int mbedtls_pk_check_pair( const mbedtls_pk_context *pub, const mbedtls_pk_context *prv ); +int mbedtls_pk_check_pair(const mbedtls_pk_context *pub, const mbedtls_pk_context *prv); /** * \brief Export debug information @@ -609,7 +611,7 @@ int mbedtls_pk_check_pair( const mbedtls_pk_context *pub, const mbedtls_pk_conte * * \return 0 on success or MBEDTLS_ERR_PK_BAD_INPUT_DATA */ -int mbedtls_pk_debug( const mbedtls_pk_context *ctx, mbedtls_pk_debug_item *items ); +int mbedtls_pk_debug(const mbedtls_pk_context *ctx, mbedtls_pk_debug_item *items); /** * \brief Access the type name @@ -618,7 +620,7 @@ int mbedtls_pk_debug( const mbedtls_pk_context *ctx, mbedtls_pk_debug_item *item * * \return Type name on success, or "invalid PK" */ -const char * mbedtls_pk_get_name( const mbedtls_pk_context *ctx ); +const char *mbedtls_pk_get_name(const mbedtls_pk_context *ctx); /** * \brief Get the key type @@ -628,7 +630,7 @@ const char * mbedtls_pk_get_name( const mbedtls_pk_context *ctx ); * \return Type on success. * \return #MBEDTLS_PK_NONE for a context that has not been set up. */ -mbedtls_pk_type_t mbedtls_pk_get_type( const mbedtls_pk_context *ctx ); +mbedtls_pk_type_t mbedtls_pk_get_type(const mbedtls_pk_context *ctx); #if defined(MBEDTLS_RSA_C) /** @@ -641,14 +643,13 @@ mbedtls_pk_type_t mbedtls_pk_get_type( const mbedtls_pk_context *ctx ); * * \return The internal RSA context held by the PK context, or NULL. */ -static inline mbedtls_rsa_context *mbedtls_pk_rsa( const mbedtls_pk_context pk ) +static inline mbedtls_rsa_context *mbedtls_pk_rsa(const mbedtls_pk_context pk) { - switch( mbedtls_pk_get_type( &pk ) ) - { + switch (mbedtls_pk_get_type(&pk)) { case MBEDTLS_PK_RSA: - return( (mbedtls_rsa_context *) (pk).pk_ctx ); + return (mbedtls_rsa_context *) (pk).pk_ctx; default: - return( NULL ); + return NULL; } } #endif /* MBEDTLS_RSA_C */ @@ -665,16 +666,15 @@ static inline mbedtls_rsa_context *mbedtls_pk_rsa( const mbedtls_pk_context pk ) * * \return The internal EC context held by the PK context, or NULL. */ -static inline mbedtls_ecp_keypair *mbedtls_pk_ec( const mbedtls_pk_context pk ) +static inline mbedtls_ecp_keypair *mbedtls_pk_ec(const mbedtls_pk_context pk) { - switch( mbedtls_pk_get_type( &pk ) ) - { + switch (mbedtls_pk_get_type(&pk)) { case MBEDTLS_PK_ECKEY: case MBEDTLS_PK_ECKEY_DH: case MBEDTLS_PK_ECDSA: - return( (mbedtls_ecp_keypair *) (pk).pk_ctx ); + return (mbedtls_ecp_keypair *) (pk).pk_ctx; default: - return( NULL ); + return NULL; } } #endif /* MBEDTLS_ECP_C */ @@ -709,9 +709,9 @@ static inline mbedtls_ecp_keypair *mbedtls_pk_ec( const mbedtls_pk_context pk ) * * \return 0 if successful, or a specific PK or PEM error code */ -int mbedtls_pk_parse_key( mbedtls_pk_context *ctx, - const unsigned char *key, size_t keylen, - const unsigned char *pwd, size_t pwdlen ); +int mbedtls_pk_parse_key(mbedtls_pk_context *ctx, + const unsigned char *key, size_t keylen, + const unsigned char *pwd, size_t pwdlen); /** \ingroup pk_module */ /** @@ -735,8 +735,8 @@ int mbedtls_pk_parse_key( mbedtls_pk_context *ctx, * * \return 0 if successful, or a specific PK or PEM error code */ -int mbedtls_pk_parse_public_key( mbedtls_pk_context *ctx, - const unsigned char *key, size_t keylen ); +int mbedtls_pk_parse_public_key(mbedtls_pk_context *ctx, + const unsigned char *key, size_t keylen); #if defined(MBEDTLS_FS_IO) /** \ingroup pk_module */ @@ -760,8 +760,8 @@ int mbedtls_pk_parse_public_key( mbedtls_pk_context *ctx, * * \return 0 if successful, or a specific PK or PEM error code */ -int mbedtls_pk_parse_keyfile( mbedtls_pk_context *ctx, - const char *path, const char *password ); +int mbedtls_pk_parse_keyfile(mbedtls_pk_context *ctx, + const char *path, const char *password); /** \ingroup pk_module */ /** @@ -780,7 +780,7 @@ int mbedtls_pk_parse_keyfile( mbedtls_pk_context *ctx, * * \return 0 if successful, or a specific PK or PEM error code */ -int mbedtls_pk_parse_public_keyfile( mbedtls_pk_context *ctx, const char *path ); +int mbedtls_pk_parse_public_keyfile(mbedtls_pk_context *ctx, const char *path); #endif /* MBEDTLS_FS_IO */ #endif /* MBEDTLS_PK_PARSE_C */ @@ -798,7 +798,7 @@ int mbedtls_pk_parse_public_keyfile( mbedtls_pk_context *ctx, const char *path ) * \return length of data written if successful, or a specific * error code */ -int mbedtls_pk_write_key_der( mbedtls_pk_context *ctx, unsigned char *buf, size_t size ); +int mbedtls_pk_write_key_der(mbedtls_pk_context *ctx, unsigned char *buf, size_t size); /** * \brief Write a public key to a SubjectPublicKeyInfo DER structure @@ -813,7 +813,7 @@ int mbedtls_pk_write_key_der( mbedtls_pk_context *ctx, unsigned char *buf, size_ * \return length of data written if successful, or a specific * error code */ -int mbedtls_pk_write_pubkey_der( mbedtls_pk_context *ctx, unsigned char *buf, size_t size ); +int mbedtls_pk_write_pubkey_der(mbedtls_pk_context *ctx, unsigned char *buf, size_t size); #if defined(MBEDTLS_PEM_WRITE_C) /** @@ -826,7 +826,7 @@ int mbedtls_pk_write_pubkey_der( mbedtls_pk_context *ctx, unsigned char *buf, si * * \return 0 if successful, or a specific error code */ -int mbedtls_pk_write_pubkey_pem( mbedtls_pk_context *ctx, unsigned char *buf, size_t size ); +int mbedtls_pk_write_pubkey_pem(mbedtls_pk_context *ctx, unsigned char *buf, size_t size); /** * \brief Write a private key to a PKCS#1 or SEC1 PEM string @@ -838,7 +838,7 @@ int mbedtls_pk_write_pubkey_pem( mbedtls_pk_context *ctx, unsigned char *buf, si * * \return 0 if successful, or a specific error code */ -int mbedtls_pk_write_key_pem( mbedtls_pk_context *ctx, unsigned char *buf, size_t size ); +int mbedtls_pk_write_key_pem(mbedtls_pk_context *ctx, unsigned char *buf, size_t size); #endif /* MBEDTLS_PEM_WRITE_C */ #endif /* MBEDTLS_PK_WRITE_C */ @@ -858,8 +858,8 @@ int mbedtls_pk_write_key_pem( mbedtls_pk_context *ctx, unsigned char *buf, size_ * * \return 0 if successful, or a specific PK error code */ -int mbedtls_pk_parse_subpubkey( unsigned char **p, const unsigned char *end, - mbedtls_pk_context *pk ); +int mbedtls_pk_parse_subpubkey(unsigned char **p, const unsigned char *end, + mbedtls_pk_context *pk); #endif /* MBEDTLS_PK_PARSE_C */ #if defined(MBEDTLS_PK_WRITE_C) @@ -873,8 +873,8 @@ int mbedtls_pk_parse_subpubkey( unsigned char **p, const unsigned char *end, * * \return the length written or a negative error code */ -int mbedtls_pk_write_pubkey( unsigned char **p, unsigned char *start, - const mbedtls_pk_context *key ); +int mbedtls_pk_write_pubkey(unsigned char **p, unsigned char *start, + const mbedtls_pk_context *key); #endif /* MBEDTLS_PK_WRITE_C */ /* @@ -882,7 +882,7 @@ int mbedtls_pk_write_pubkey( unsigned char **p, unsigned char *start, * know you do. */ #if defined(MBEDTLS_FS_IO) -int mbedtls_pk_load_file( const char *path, unsigned char **buf, size_t *n ); +int mbedtls_pk_load_file(const char *path, unsigned char **buf, size_t *n); #endif #if defined(MBEDTLS_USE_PSA_CRYPTO) @@ -906,9 +906,9 @@ int mbedtls_pk_load_file( const char *path, unsigned char **buf, size_t *n ); * \return \c 0 if successful. * \return An Mbed TLS error code otherwise. */ -int mbedtls_pk_wrap_as_opaque( mbedtls_pk_context *pk, - psa_key_id_t *key, - psa_algorithm_t hash_alg ); +int mbedtls_pk_wrap_as_opaque(mbedtls_pk_context *pk, + psa_key_id_t *key, + psa_algorithm_t hash_alg); #endif /* MBEDTLS_USE_PSA_CRYPTO */ #ifdef __cplusplus diff --git a/thirdparty/mbedtls/include/mbedtls/pk_internal.h b/thirdparty/mbedtls/include/mbedtls/pk_internal.h index 47f7767700..8a0c30f5ff 100644 --- a/thirdparty/mbedtls/include/mbedtls/pk_internal.h +++ b/thirdparty/mbedtls/include/mbedtls/pk_internal.h @@ -31,8 +31,7 @@ #include "mbedtls/pk.h" -struct mbedtls_pk_info_t -{ +struct mbedtls_pk_info_t { /** Public key type */ mbedtls_pk_type_t type; @@ -40,75 +39,74 @@ struct mbedtls_pk_info_t const char *name; /** Get key size in bits */ - size_t (*get_bitlen)( const void * ); + size_t (*get_bitlen)(const void *); /** Tell if the context implements this type (e.g. ECKEY can do ECDSA) */ - int (*can_do)( mbedtls_pk_type_t type ); + int (*can_do)(mbedtls_pk_type_t type); /** Verify signature */ - int (*verify_func)( void *ctx, mbedtls_md_type_t md_alg, - const unsigned char *hash, size_t hash_len, - const unsigned char *sig, size_t sig_len ); + int (*verify_func)(void *ctx, mbedtls_md_type_t md_alg, + const unsigned char *hash, size_t hash_len, + const unsigned char *sig, size_t sig_len); /** Make signature */ - int (*sign_func)( void *ctx, mbedtls_md_type_t md_alg, - const unsigned char *hash, size_t hash_len, - unsigned char *sig, size_t *sig_len, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ); + int (*sign_func)(void *ctx, mbedtls_md_type_t md_alg, + const unsigned char *hash, size_t hash_len, + unsigned char *sig, size_t *sig_len, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng); #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) /** Verify signature (restartable) */ - int (*verify_rs_func)( void *ctx, mbedtls_md_type_t md_alg, - const unsigned char *hash, size_t hash_len, - const unsigned char *sig, size_t sig_len, - void *rs_ctx ); + int (*verify_rs_func)(void *ctx, mbedtls_md_type_t md_alg, + const unsigned char *hash, size_t hash_len, + const unsigned char *sig, size_t sig_len, + void *rs_ctx); /** Make signature (restartable) */ - int (*sign_rs_func)( void *ctx, mbedtls_md_type_t md_alg, - const unsigned char *hash, size_t hash_len, - unsigned char *sig, size_t *sig_len, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng, void *rs_ctx ); + int (*sign_rs_func)(void *ctx, mbedtls_md_type_t md_alg, + const unsigned char *hash, size_t hash_len, + unsigned char *sig, size_t *sig_len, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng, void *rs_ctx); #endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */ /** Decrypt message */ - int (*decrypt_func)( void *ctx, const unsigned char *input, size_t ilen, - unsigned char *output, size_t *olen, size_t osize, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ); + int (*decrypt_func)(void *ctx, const unsigned char *input, size_t ilen, + unsigned char *output, size_t *olen, size_t osize, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng); /** Encrypt message */ - int (*encrypt_func)( void *ctx, const unsigned char *input, size_t ilen, - unsigned char *output, size_t *olen, size_t osize, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ); + int (*encrypt_func)(void *ctx, const unsigned char *input, size_t ilen, + unsigned char *output, size_t *olen, size_t osize, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng); /** Check public-private key pair */ - int (*check_pair_func)( const void *pub, const void *prv ); + int (*check_pair_func)(const void *pub, const void *prv); /** Allocate a new context */ - void * (*ctx_alloc_func)( void ); + void * (*ctx_alloc_func)(void); /** Free the given context */ - void (*ctx_free_func)( void *ctx ); + void (*ctx_free_func)(void *ctx); #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) /** Allocate the restart context */ - void * (*rs_alloc_func)( void ); + void *(*rs_alloc_func)(void); /** Free the restart context */ - void (*rs_free_func)( void *rs_ctx ); + void (*rs_free_func)(void *rs_ctx); #endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */ /** Interface with the debug module */ - void (*debug_func)( const void *ctx, mbedtls_pk_debug_item *items ); + void (*debug_func)(const void *ctx, mbedtls_pk_debug_item *items); }; #if defined(MBEDTLS_PK_RSA_ALT_SUPPORT) /* Container for RSA-alt */ -typedef struct -{ +typedef struct { void *key; mbedtls_pk_rsa_alt_decrypt_func decrypt_func; mbedtls_pk_rsa_alt_sign_func sign_func; diff --git a/thirdparty/mbedtls/include/mbedtls/pkcs11.h b/thirdparty/mbedtls/include/mbedtls/pkcs11.h index 3530ee1688..80a8a9c423 100644 --- a/thirdparty/mbedtls/include/mbedtls/pkcs11.h +++ b/thirdparty/mbedtls/include/mbedtls/pkcs11.h @@ -36,7 +36,7 @@ #include -#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \ +#if (defined(__ARMCC_VERSION) || defined(_MSC_VER)) && \ !defined(inline) && !defined(__cplusplus) #define inline __inline #endif @@ -50,10 +50,9 @@ extern "C" { /** * Context for PKCS #11 private keys. */ -typedef struct mbedtls_pkcs11_context -{ - pkcs11h_certificate_t pkcs11h_cert; - int len; +typedef struct mbedtls_pkcs11_context { + pkcs11h_certificate_t pkcs11h_cert; + int len; } mbedtls_pkcs11_context; #if defined(MBEDTLS_DEPRECATED_WARNING) @@ -69,7 +68,7 @@ typedef struct mbedtls_pkcs11_context * \deprecated This function is deprecated and will be removed in a * future version of the library. */ -MBEDTLS_DEPRECATED void mbedtls_pkcs11_init( mbedtls_pkcs11_context *ctx ); +MBEDTLS_DEPRECATED void mbedtls_pkcs11_init(mbedtls_pkcs11_context *ctx); /** * Fill in a mbed TLS certificate, based on the given PKCS11 helper certificate. @@ -82,8 +81,8 @@ MBEDTLS_DEPRECATED void mbedtls_pkcs11_init( mbedtls_pkcs11_context *ctx ); * * \return 0 on success. */ -MBEDTLS_DEPRECATED int mbedtls_pkcs11_x509_cert_bind( mbedtls_x509_crt *cert, - pkcs11h_certificate_t pkcs11h_cert ); +MBEDTLS_DEPRECATED int mbedtls_pkcs11_x509_cert_bind(mbedtls_x509_crt *cert, + pkcs11h_certificate_t pkcs11h_cert); /** * Set up a mbedtls_pkcs11_context storing the given certificate. Note that the @@ -99,8 +98,8 @@ MBEDTLS_DEPRECATED int mbedtls_pkcs11_x509_cert_bind( mbedtls_x509_crt *cert, * \return 0 on success */ MBEDTLS_DEPRECATED int mbedtls_pkcs11_priv_key_bind( - mbedtls_pkcs11_context *priv_key, - pkcs11h_certificate_t pkcs11_cert ); + mbedtls_pkcs11_context *priv_key, + pkcs11h_certificate_t pkcs11_cert); /** * Free the contents of the given private key context. Note that the structure @@ -112,7 +111,7 @@ MBEDTLS_DEPRECATED int mbedtls_pkcs11_priv_key_bind( * \param priv_key Private key structure to cleanup */ MBEDTLS_DEPRECATED void mbedtls_pkcs11_priv_key_free( - mbedtls_pkcs11_context *priv_key ); + mbedtls_pkcs11_context *priv_key); /** * \brief Do an RSA private key decrypt, then remove the message @@ -134,11 +133,11 @@ MBEDTLS_DEPRECATED void mbedtls_pkcs11_priv_key_free( * of ctx->N (eg. 128 bytes if RSA-1024 is used) otherwise * an error is thrown. */ -MBEDTLS_DEPRECATED int mbedtls_pkcs11_decrypt( mbedtls_pkcs11_context *ctx, - int mode, size_t *olen, - const unsigned char *input, - unsigned char *output, - size_t output_max_len ); +MBEDTLS_DEPRECATED int mbedtls_pkcs11_decrypt(mbedtls_pkcs11_context *ctx, + int mode, size_t *olen, + const unsigned char *input, + unsigned char *output, + size_t output_max_len); /** * \brief Do a private RSA to sign a message digest @@ -159,12 +158,12 @@ MBEDTLS_DEPRECATED int mbedtls_pkcs11_decrypt( mbedtls_pkcs11_context *ctx, * \note The "sig" buffer must be as large as the size * of ctx->N (eg. 128 bytes if RSA-1024 is used). */ -MBEDTLS_DEPRECATED int mbedtls_pkcs11_sign( mbedtls_pkcs11_context *ctx, - int mode, - mbedtls_md_type_t md_alg, - unsigned int hashlen, - const unsigned char *hash, - unsigned char *sig ); +MBEDTLS_DEPRECATED int mbedtls_pkcs11_sign(mbedtls_pkcs11_context *ctx, + int mode, + mbedtls_md_type_t md_alg, + unsigned int hashlen, + const unsigned char *hash, + unsigned char *sig); /** * SSL/TLS wrappers for PKCS#11 functions @@ -172,13 +171,15 @@ MBEDTLS_DEPRECATED int mbedtls_pkcs11_sign( mbedtls_pkcs11_context *ctx, * \deprecated This function is deprecated and will be removed in a future * version of the library. */ -MBEDTLS_DEPRECATED static inline int mbedtls_ssl_pkcs11_decrypt( void *ctx, - int mode, size_t *olen, - const unsigned char *input, unsigned char *output, - size_t output_max_len ) +MBEDTLS_DEPRECATED static inline int mbedtls_ssl_pkcs11_decrypt(void *ctx, + int mode, + size_t *olen, + const unsigned char *input, + unsigned char *output, + size_t output_max_len) { - return mbedtls_pkcs11_decrypt( (mbedtls_pkcs11_context *) ctx, mode, olen, input, output, - output_max_len ); + return mbedtls_pkcs11_decrypt((mbedtls_pkcs11_context *) ctx, mode, olen, input, output, + output_max_len); } /** @@ -207,15 +208,21 @@ MBEDTLS_DEPRECATED static inline int mbedtls_ssl_pkcs11_decrypt( void *ctx, * ctx->N. For example, 128 bytes if RSA-1024 is * used. */ -MBEDTLS_DEPRECATED static inline int mbedtls_ssl_pkcs11_sign( void *ctx, - int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, - int mode, mbedtls_md_type_t md_alg, unsigned int hashlen, - const unsigned char *hash, unsigned char *sig ) +MBEDTLS_DEPRECATED static inline int mbedtls_ssl_pkcs11_sign(void *ctx, + int (*f_rng)(void *, + unsigned char *, + size_t), + void *p_rng, + int mode, + mbedtls_md_type_t md_alg, + unsigned int hashlen, + const unsigned char *hash, + unsigned char *sig) { ((void) f_rng); ((void) p_rng); - return mbedtls_pkcs11_sign( (mbedtls_pkcs11_context *) ctx, mode, md_alg, - hashlen, hash, sig ); + return mbedtls_pkcs11_sign((mbedtls_pkcs11_context *) ctx, mode, md_alg, + hashlen, hash, sig); } /** @@ -228,9 +235,9 @@ MBEDTLS_DEPRECATED static inline int mbedtls_ssl_pkcs11_sign( void *ctx, * * \return The length of the private key. */ -MBEDTLS_DEPRECATED static inline size_t mbedtls_ssl_pkcs11_key_len( void *ctx ) +MBEDTLS_DEPRECATED static inline size_t mbedtls_ssl_pkcs11_key_len(void *ctx) { - return ( (mbedtls_pkcs11_context *) ctx )->len; + return ((mbedtls_pkcs11_context *) ctx)->len; } #undef MBEDTLS_DEPRECATED diff --git a/thirdparty/mbedtls/include/mbedtls/pkcs12.h b/thirdparty/mbedtls/include/mbedtls/pkcs12.h index d9e85b1d12..cd13852779 100644 --- a/thirdparty/mbedtls/include/mbedtls/pkcs12.h +++ b/thirdparty/mbedtls/include/mbedtls/pkcs12.h @@ -70,10 +70,10 @@ extern "C" { * * \return 0 if successful, or a MBEDTLS_ERR_XXX code */ -int mbedtls_pkcs12_pbe_sha1_rc4_128( mbedtls_asn1_buf *pbe_params, int mode, - const unsigned char *pwd, size_t pwdlen, - const unsigned char *input, size_t len, - unsigned char *output ); +int mbedtls_pkcs12_pbe_sha1_rc4_128(mbedtls_asn1_buf *pbe_params, int mode, + const unsigned char *pwd, size_t pwdlen, + const unsigned char *input, size_t len, + unsigned char *output); /** * \brief PKCS12 Password Based function (encryption / decryption) @@ -93,11 +93,11 @@ int mbedtls_pkcs12_pbe_sha1_rc4_128( mbedtls_asn1_buf *pbe_params, int mode, * * \return 0 if successful, or a MBEDTLS_ERR_XXX code */ -int mbedtls_pkcs12_pbe( mbedtls_asn1_buf *pbe_params, int mode, - mbedtls_cipher_type_t cipher_type, mbedtls_md_type_t md_type, - const unsigned char *pwd, size_t pwdlen, - const unsigned char *input, size_t len, - unsigned char *output ); +int mbedtls_pkcs12_pbe(mbedtls_asn1_buf *pbe_params, int mode, + mbedtls_cipher_type_t cipher_type, mbedtls_md_type_t md_type, + const unsigned char *pwd, size_t pwdlen, + const unsigned char *input, size_t len, + unsigned char *output); #endif /* MBEDTLS_ASN1_PARSE_C */ @@ -128,10 +128,10 @@ int mbedtls_pkcs12_pbe( mbedtls_asn1_buf *pbe_params, int mode, * * \return 0 if successful, or a MD, BIGNUM type error. */ -int mbedtls_pkcs12_derivation( unsigned char *data, size_t datalen, - const unsigned char *pwd, size_t pwdlen, - const unsigned char *salt, size_t saltlen, - mbedtls_md_type_t mbedtls_md, int id, int iterations ); +int mbedtls_pkcs12_derivation(unsigned char *data, size_t datalen, + const unsigned char *pwd, size_t pwdlen, + const unsigned char *salt, size_t saltlen, + mbedtls_md_type_t mbedtls_md, int id, int iterations); #ifdef __cplusplus } diff --git a/thirdparty/mbedtls/include/mbedtls/pkcs5.h b/thirdparty/mbedtls/include/mbedtls/pkcs5.h index 696930f745..12dec0547f 100644 --- a/thirdparty/mbedtls/include/mbedtls/pkcs5.h +++ b/thirdparty/mbedtls/include/mbedtls/pkcs5.h @@ -67,10 +67,10 @@ extern "C" { * * \returns 0 on success, or a MBEDTLS_ERR_XXX code if verification fails. */ -int mbedtls_pkcs5_pbes2( const mbedtls_asn1_buf *pbe_params, int mode, - const unsigned char *pwd, size_t pwdlen, - const unsigned char *data, size_t datalen, - unsigned char *output ); +int mbedtls_pkcs5_pbes2(const mbedtls_asn1_buf *pbe_params, int mode, + const unsigned char *pwd, size_t pwdlen, + const unsigned char *data, size_t datalen, + unsigned char *output); #endif /* MBEDTLS_ASN1_PARSE_C */ @@ -88,10 +88,10 @@ int mbedtls_pkcs5_pbes2( const mbedtls_asn1_buf *pbe_params, int mode, * * \returns 0 on success, or a MBEDTLS_ERR_XXX code if verification fails. */ -int mbedtls_pkcs5_pbkdf2_hmac( mbedtls_md_context_t *ctx, const unsigned char *password, - size_t plen, const unsigned char *salt, size_t slen, - unsigned int iteration_count, - uint32_t key_length, unsigned char *output ); +int mbedtls_pkcs5_pbkdf2_hmac(mbedtls_md_context_t *ctx, const unsigned char *password, + size_t plen, const unsigned char *salt, size_t slen, + unsigned int iteration_count, + uint32_t key_length, unsigned char *output); #if defined(MBEDTLS_SELF_TEST) @@ -100,7 +100,7 @@ int mbedtls_pkcs5_pbkdf2_hmac( mbedtls_md_context_t *ctx, const unsigned char *p * * \return 0 if successful, or 1 if the test failed */ -int mbedtls_pkcs5_self_test( int verbose ); +int mbedtls_pkcs5_self_test(int verbose); #endif /* MBEDTLS_SELF_TEST */ diff --git a/thirdparty/mbedtls/include/mbedtls/platform.h b/thirdparty/mbedtls/include/mbedtls/platform.h index eaf5122bec..9033852be1 100644 --- a/thirdparty/mbedtls/include/mbedtls/platform.h +++ b/thirdparty/mbedtls/include/mbedtls/platform.h @@ -149,8 +149,8 @@ extern "C" { #else /* For size_t */ #include -extern void *mbedtls_calloc( size_t n, size_t size ); -extern void mbedtls_free( void *ptr ); +extern void *mbedtls_calloc(size_t n, size_t size); +extern void mbedtls_free(void *ptr); /** * \brief This function dynamically sets the memory-management @@ -161,8 +161,8 @@ extern void mbedtls_free( void *ptr ); * * \return \c 0. */ -int mbedtls_platform_set_calloc_free( void * (*calloc_func)( size_t, size_t ), - void (*free_func)( void * ) ); +int mbedtls_platform_set_calloc_free(void *(*calloc_func)(size_t, size_t), + void (*free_func)(void *)); #endif /* MBEDTLS_PLATFORM_FREE_MACRO && MBEDTLS_PLATFORM_CALLOC_MACRO */ #else /* !MBEDTLS_PLATFORM_MEMORY */ #define mbedtls_free free @@ -175,7 +175,7 @@ int mbedtls_platform_set_calloc_free( void * (*calloc_func)( size_t, size_t ), #if defined(MBEDTLS_PLATFORM_FPRINTF_ALT) /* We need FILE * */ #include -extern int (*mbedtls_fprintf)( FILE *stream, const char *format, ... ); +extern int (*mbedtls_fprintf)(FILE *stream, const char *format, ...); /** * \brief This function dynamically configures the fprintf @@ -186,8 +186,8 @@ extern int (*mbedtls_fprintf)( FILE *stream, const char *format, ... ); * * \return \c 0. */ -int mbedtls_platform_set_fprintf( int (*fprintf_func)( FILE *stream, const char *, - ... ) ); +int mbedtls_platform_set_fprintf(int (*fprintf_func)(FILE *stream, const char *, + ...)); #else #if defined(MBEDTLS_PLATFORM_FPRINTF_MACRO) #define mbedtls_fprintf MBEDTLS_PLATFORM_FPRINTF_MACRO @@ -200,7 +200,7 @@ int mbedtls_platform_set_fprintf( int (*fprintf_func)( FILE *stream, const char * The function pointers for printf */ #if defined(MBEDTLS_PLATFORM_PRINTF_ALT) -extern int (*mbedtls_printf)( const char *format, ... ); +extern int (*mbedtls_printf)(const char *format, ...); /** * \brief This function dynamically configures the snprintf @@ -211,7 +211,7 @@ extern int (*mbedtls_printf)( const char *format, ... ); * * \return \c 0 on success. */ -int mbedtls_platform_set_printf( int (*printf_func)( const char *, ... ) ); +int mbedtls_platform_set_printf(int (*printf_func)(const char *, ...)); #else /* !MBEDTLS_PLATFORM_PRINTF_ALT */ #if defined(MBEDTLS_PLATFORM_PRINTF_MACRO) #define mbedtls_printf MBEDTLS_PLATFORM_PRINTF_MACRO @@ -231,11 +231,11 @@ int mbedtls_platform_set_printf( int (*printf_func)( const char *, ... ) ); */ #if defined(MBEDTLS_PLATFORM_HAS_NON_CONFORMING_SNPRINTF) /* For Windows (inc. MSYS2), we provide our own fixed implementation */ -int mbedtls_platform_win32_snprintf( char *s, size_t n, const char *fmt, ... ); +int mbedtls_platform_win32_snprintf(char *s, size_t n, const char *fmt, ...); #endif #if defined(MBEDTLS_PLATFORM_SNPRINTF_ALT) -extern int (*mbedtls_snprintf)( char * s, size_t n, const char * format, ... ); +extern int (*mbedtls_snprintf)(char *s, size_t n, const char *format, ...); /** * \brief This function allows configuring a custom @@ -245,8 +245,8 @@ extern int (*mbedtls_snprintf)( char * s, size_t n, const char * format, ... ); * * \return \c 0 on success. */ -int mbedtls_platform_set_snprintf( int (*snprintf_func)( char * s, size_t n, - const char * format, ... ) ); +int mbedtls_platform_set_snprintf(int (*snprintf_func)(char *s, size_t n, + const char *format, ...)); #else /* MBEDTLS_PLATFORM_SNPRINTF_ALT */ #if defined(MBEDTLS_PLATFORM_SNPRINTF_MACRO) #define mbedtls_snprintf MBEDTLS_PLATFORM_SNPRINTF_MACRO @@ -267,12 +267,12 @@ int mbedtls_platform_set_snprintf( int (*snprintf_func)( char * s, size_t n, #if defined(MBEDTLS_PLATFORM_HAS_NON_CONFORMING_VSNPRINTF) #include /* For Older Windows (inc. MSYS2), we provide our own fixed implementation */ -int mbedtls_platform_win32_vsnprintf( char *s, size_t n, const char *fmt, va_list arg ); +int mbedtls_platform_win32_vsnprintf(char *s, size_t n, const char *fmt, va_list arg); #endif #if defined(MBEDTLS_PLATFORM_VSNPRINTF_ALT) #include -extern int (*mbedtls_vsnprintf)( char * s, size_t n, const char * format, va_list arg ); +extern int (*mbedtls_vsnprintf)(char *s, size_t n, const char *format, va_list arg); /** * \brief Set your own snprintf function pointer @@ -281,8 +281,8 @@ extern int (*mbedtls_vsnprintf)( char * s, size_t n, const char * format, va_lis * * \return \c 0 */ -int mbedtls_platform_set_vsnprintf( int (*vsnprintf_func)( char * s, size_t n, - const char * format, va_list arg ) ); +int mbedtls_platform_set_vsnprintf(int (*vsnprintf_func)(char *s, size_t n, + const char *format, va_list arg)); #else /* MBEDTLS_PLATFORM_VSNPRINTF_ALT */ #if defined(MBEDTLS_PLATFORM_VSNPRINTF_MACRO) #define mbedtls_vsnprintf MBEDTLS_PLATFORM_VSNPRINTF_MACRO @@ -295,7 +295,7 @@ int mbedtls_platform_set_vsnprintf( int (*vsnprintf_func)( char * s, size_t n, * The function pointers for exit */ #if defined(MBEDTLS_PLATFORM_EXIT_ALT) -extern void (*mbedtls_exit)( int status ); +extern void (*mbedtls_exit)(int status); /** * \brief This function dynamically configures the exit @@ -306,7 +306,7 @@ extern void (*mbedtls_exit)( int status ); * * \return \c 0 on success. */ -int mbedtls_platform_set_exit( void (*exit_func)( int status ) ); +int mbedtls_platform_set_exit(void (*exit_func)(int status)); #else #if defined(MBEDTLS_PLATFORM_EXIT_MACRO) #define mbedtls_exit MBEDTLS_PLATFORM_EXIT_MACRO @@ -338,13 +338,13 @@ int mbedtls_platform_set_exit( void (*exit_func)( int status ) ); #if defined(MBEDTLS_ENTROPY_NV_SEED) #if !defined(MBEDTLS_PLATFORM_NO_STD_FUNCTIONS) && defined(MBEDTLS_FS_IO) /* Internal standard platform definitions */ -int mbedtls_platform_std_nv_seed_read( unsigned char *buf, size_t buf_len ); -int mbedtls_platform_std_nv_seed_write( unsigned char *buf, size_t buf_len ); +int mbedtls_platform_std_nv_seed_read(unsigned char *buf, size_t buf_len); +int mbedtls_platform_std_nv_seed_write(unsigned char *buf, size_t buf_len); #endif #if defined(MBEDTLS_PLATFORM_NV_SEED_ALT) -extern int (*mbedtls_nv_seed_read)( unsigned char *buf, size_t buf_len ); -extern int (*mbedtls_nv_seed_write)( unsigned char *buf, size_t buf_len ); +extern int (*mbedtls_nv_seed_read)(unsigned char *buf, size_t buf_len); +extern int (*mbedtls_nv_seed_write)(unsigned char *buf, size_t buf_len); /** * \brief This function allows configuring custom seed file writing and @@ -356,9 +356,9 @@ extern int (*mbedtls_nv_seed_write)( unsigned char *buf, size_t buf_len ); * \return \c 0 on success. */ int mbedtls_platform_set_nv_seed( - int (*nv_seed_read_func)( unsigned char *buf, size_t buf_len ), - int (*nv_seed_write_func)( unsigned char *buf, size_t buf_len ) - ); + int (*nv_seed_read_func)(unsigned char *buf, size_t buf_len), + int (*nv_seed_write_func)(unsigned char *buf, size_t buf_len) + ); #else #if defined(MBEDTLS_PLATFORM_NV_SEED_READ_MACRO) && \ defined(MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO) @@ -379,8 +379,7 @@ int mbedtls_platform_set_nv_seed( * \note This structure may be used to assist platform-specific * setup or teardown operations. */ -typedef struct mbedtls_platform_context -{ +typedef struct mbedtls_platform_context { char dummy; /**< A placeholder member, as empty structs are not portable. */ } mbedtls_platform_context; @@ -404,7 +403,7 @@ mbedtls_platform_context; * * \return \c 0 on success. */ -int mbedtls_platform_setup( mbedtls_platform_context *ctx ); +int mbedtls_platform_setup(mbedtls_platform_context *ctx); /** * \brief This function performs any platform teardown operations. * @@ -419,7 +418,7 @@ int mbedtls_platform_setup( mbedtls_platform_context *ctx ); * \param ctx The platform context. * */ -void mbedtls_platform_teardown( mbedtls_platform_context *ctx ); +void mbedtls_platform_teardown(mbedtls_platform_context *ctx); #ifdef __cplusplus } diff --git a/thirdparty/mbedtls/include/mbedtls/platform_time.h b/thirdparty/mbedtls/include/mbedtls/platform_time.h index 94055711b2..eee61d695a 100644 --- a/thirdparty/mbedtls/include/mbedtls/platform_time.h +++ b/thirdparty/mbedtls/include/mbedtls/platform_time.h @@ -47,7 +47,7 @@ typedef time_t mbedtls_time_t; * The function pointers for time */ #if defined(MBEDTLS_PLATFORM_TIME_ALT) -extern mbedtls_time_t (*mbedtls_time)( mbedtls_time_t* time ); +extern mbedtls_time_t (*mbedtls_time)(mbedtls_time_t *time); /** * \brief Set your own time function pointer @@ -56,7 +56,7 @@ extern mbedtls_time_t (*mbedtls_time)( mbedtls_time_t* time ); * * \return 0 */ -int mbedtls_platform_set_time( mbedtls_time_t (*time_func)( mbedtls_time_t* time ) ); +int mbedtls_platform_set_time(mbedtls_time_t (*time_func)(mbedtls_time_t *time)); #else #if defined(MBEDTLS_PLATFORM_TIME_MACRO) #define mbedtls_time MBEDTLS_PLATFORM_TIME_MACRO diff --git a/thirdparty/mbedtls/include/mbedtls/platform_util.h b/thirdparty/mbedtls/include/mbedtls/platform_util.h index cd112ab58e..55fc431131 100644 --- a/thirdparty/mbedtls/include/mbedtls/platform_util.h +++ b/thirdparty/mbedtls/include/mbedtls/platform_util.h @@ -56,12 +56,12 @@ extern "C" { #define MBEDTLS_PARAM_FAILED_ALT #elif defined(MBEDTLS_CHECK_PARAMS_ASSERT) -#define MBEDTLS_PARAM_FAILED( cond ) assert( cond ) +#define MBEDTLS_PARAM_FAILED(cond) assert(cond) #define MBEDTLS_PARAM_FAILED_ALT #else /* MBEDTLS_PARAM_FAILED */ -#define MBEDTLS_PARAM_FAILED( cond ) \ - mbedtls_param_failed( #cond, __FILE__, __LINE__ ) +#define MBEDTLS_PARAM_FAILED(cond) \ + mbedtls_param_failed( #cond, __FILE__, __LINE__) /** * \brief User supplied callback function for parameter validation failure. @@ -78,36 +78,36 @@ extern "C" { * \param file The file where the assertion failed. * \param line The line in the file where the assertion failed. */ -void mbedtls_param_failed( const char *failure_condition, - const char *file, - int line ); +void mbedtls_param_failed(const char *failure_condition, + const char *file, + int line); #endif /* MBEDTLS_PARAM_FAILED */ /* Internal macro meant to be called only from within the library. */ -#define MBEDTLS_INTERNAL_VALIDATE_RET( cond, ret ) \ +#define MBEDTLS_INTERNAL_VALIDATE_RET(cond, ret) \ do { \ - if( !(cond) ) \ + if (!(cond)) \ { \ - MBEDTLS_PARAM_FAILED( cond ); \ - return( ret ); \ + MBEDTLS_PARAM_FAILED(cond); \ + return ret; \ } \ - } while( 0 ) + } while (0) /* Internal macro meant to be called only from within the library. */ -#define MBEDTLS_INTERNAL_VALIDATE( cond ) \ +#define MBEDTLS_INTERNAL_VALIDATE(cond) \ do { \ - if( !(cond) ) \ + if (!(cond)) \ { \ - MBEDTLS_PARAM_FAILED( cond ); \ + MBEDTLS_PARAM_FAILED(cond); \ return; \ } \ - } while( 0 ) + } while (0) #else /* MBEDTLS_CHECK_PARAMS */ /* Internal macros meant to be called only from within the library. */ -#define MBEDTLS_INTERNAL_VALIDATE_RET( cond, ret ) do { } while( 0 ) -#define MBEDTLS_INTERNAL_VALIDATE( cond ) do { } while( 0 ) +#define MBEDTLS_INTERNAL_VALIDATE_RET(cond, ret) do { } while (0) +#define MBEDTLS_INTERNAL_VALIDATE(cond) do { } while (0) #endif /* MBEDTLS_CHECK_PARAMS */ @@ -119,16 +119,16 @@ void mbedtls_param_failed( const char *failure_condition, * it, too. We might want to move all these definitions here at * some point for uniformity. */ #define MBEDTLS_DEPRECATED __attribute__((deprecated)) -MBEDTLS_DEPRECATED typedef char const * mbedtls_deprecated_string_constant_t; -#define MBEDTLS_DEPRECATED_STRING_CONSTANT( VAL ) \ - ( (mbedtls_deprecated_string_constant_t) ( VAL ) ) +MBEDTLS_DEPRECATED typedef char const *mbedtls_deprecated_string_constant_t; +#define MBEDTLS_DEPRECATED_STRING_CONSTANT(VAL) \ + ((mbedtls_deprecated_string_constant_t) (VAL)) MBEDTLS_DEPRECATED typedef int mbedtls_deprecated_numeric_constant_t; -#define MBEDTLS_DEPRECATED_NUMERIC_CONSTANT( VAL ) \ - ( (mbedtls_deprecated_numeric_constant_t) ( VAL ) ) +#define MBEDTLS_DEPRECATED_NUMERIC_CONSTANT(VAL) \ + ((mbedtls_deprecated_numeric_constant_t) (VAL)) #undef MBEDTLS_DEPRECATED #else /* MBEDTLS_DEPRECATED_WARNING */ -#define MBEDTLS_DEPRECATED_STRING_CONSTANT( VAL ) VAL -#define MBEDTLS_DEPRECATED_NUMERIC_CONSTANT( VAL ) VAL +#define MBEDTLS_DEPRECATED_STRING_CONSTANT(VAL) VAL +#define MBEDTLS_DEPRECATED_NUMERIC_CONSTANT(VAL) VAL #endif /* MBEDTLS_DEPRECATED_WARNING */ #endif /* MBEDTLS_DEPRECATED_REMOVED */ @@ -218,7 +218,7 @@ MBEDTLS_DEPRECATED typedef int mbedtls_deprecated_numeric_constant_t; * https://stackoverflow.com/questions/40576003/ignoring-warning-wunused-result * https://gcc.gnu.org/bugzilla/show_bug.cgi?id=66425#c34 */ -#define MBEDTLS_IGNORE_RETURN(result) ( (void) !( result ) ) +#define MBEDTLS_IGNORE_RETURN(result) ((void) !(result)) #endif /** @@ -243,7 +243,7 @@ MBEDTLS_DEPRECATED typedef int mbedtls_deprecated_numeric_constant_t; * \param len Length of the buffer in bytes * */ -void mbedtls_platform_zeroize( void *buf, size_t len ); +void mbedtls_platform_zeroize(void *buf, size_t len); #if defined(MBEDTLS_HAVE_TIME_DATE) /** @@ -272,8 +272,8 @@ void mbedtls_platform_zeroize( void *buf, size_t len ); * \return Pointer to an object of type struct tm on success, otherwise * NULL */ -struct tm *mbedtls_platform_gmtime_r( const mbedtls_time_t *tt, - struct tm *tm_buf ); +struct tm *mbedtls_platform_gmtime_r(const mbedtls_time_t *tt, + struct tm *tm_buf); #endif /* MBEDTLS_HAVE_TIME_DATE */ #ifdef __cplusplus diff --git a/thirdparty/mbedtls/include/mbedtls/poly1305.h b/thirdparty/mbedtls/include/mbedtls/poly1305.h index a69ede98b5..7b1faa51f3 100644 --- a/thirdparty/mbedtls/include/mbedtls/poly1305.h +++ b/thirdparty/mbedtls/include/mbedtls/poly1305.h @@ -60,8 +60,7 @@ extern "C" { #if !defined(MBEDTLS_POLY1305_ALT) -typedef struct mbedtls_poly1305_context -{ +typedef struct mbedtls_poly1305_context { uint32_t r[4]; /** The value for 'r' (low 128 bits of the key). */ uint32_t s[4]; /** The value for 's' (high 128 bits of the key). */ uint32_t acc[5]; /** The accumulator number. */ @@ -89,7 +88,7 @@ mbedtls_poly1305_context; * \param ctx The Poly1305 context to initialize. This must * not be \c NULL. */ -void mbedtls_poly1305_init( mbedtls_poly1305_context *ctx ); +void mbedtls_poly1305_init(mbedtls_poly1305_context *ctx); /** * \brief This function releases and clears the specified @@ -99,7 +98,7 @@ void mbedtls_poly1305_init( mbedtls_poly1305_context *ctx ); * case this function is a no-op. If it is not \c NULL, it must * point to an initialized Poly1305 context. */ -void mbedtls_poly1305_free( mbedtls_poly1305_context *ctx ); +void mbedtls_poly1305_free(mbedtls_poly1305_context *ctx); /** * \brief This function sets the one-time authentication key. @@ -114,8 +113,8 @@ void mbedtls_poly1305_free( mbedtls_poly1305_context *ctx ); * \return \c 0 on success. * \return A negative error code on failure. */ -int mbedtls_poly1305_starts( mbedtls_poly1305_context *ctx, - const unsigned char key[32] ); +int mbedtls_poly1305_starts(mbedtls_poly1305_context *ctx, + const unsigned char key[32]); /** * \brief This functions feeds an input buffer into an ongoing @@ -135,9 +134,9 @@ int mbedtls_poly1305_starts( mbedtls_poly1305_context *ctx, * \return \c 0 on success. * \return A negative error code on failure. */ -int mbedtls_poly1305_update( mbedtls_poly1305_context *ctx, - const unsigned char *input, - size_t ilen ); +int mbedtls_poly1305_update(mbedtls_poly1305_context *ctx, + const unsigned char *input, + size_t ilen); /** * \brief This function generates the Poly1305 Message @@ -151,8 +150,8 @@ int mbedtls_poly1305_update( mbedtls_poly1305_context *ctx, * \return \c 0 on success. * \return A negative error code on failure. */ -int mbedtls_poly1305_finish( mbedtls_poly1305_context *ctx, - unsigned char mac[16] ); +int mbedtls_poly1305_finish(mbedtls_poly1305_context *ctx, + unsigned char mac[16]); /** * \brief This function calculates the Poly1305 MAC of the input @@ -172,10 +171,10 @@ int mbedtls_poly1305_finish( mbedtls_poly1305_context *ctx, * \return \c 0 on success. * \return A negative error code on failure. */ -int mbedtls_poly1305_mac( const unsigned char key[32], - const unsigned char *input, - size_t ilen, - unsigned char mac[16] ); +int mbedtls_poly1305_mac(const unsigned char key[32], + const unsigned char *input, + size_t ilen, + unsigned char mac[16]); #if defined(MBEDTLS_SELF_TEST) /** @@ -184,7 +183,7 @@ int mbedtls_poly1305_mac( const unsigned char key[32], * \return \c 0 on success. * \return \c 1 on failure. */ -int mbedtls_poly1305_self_test( int verbose ); +int mbedtls_poly1305_self_test(int verbose); #endif /* MBEDTLS_SELF_TEST */ #ifdef __cplusplus diff --git a/thirdparty/mbedtls/include/mbedtls/ripemd160.h b/thirdparty/mbedtls/include/mbedtls/ripemd160.h index f890aefaee..6d9a1a2a32 100644 --- a/thirdparty/mbedtls/include/mbedtls/ripemd160.h +++ b/thirdparty/mbedtls/include/mbedtls/ripemd160.h @@ -47,8 +47,7 @@ extern "C" { /** * \brief RIPEMD-160 context structure */ -typedef struct mbedtls_ripemd160_context -{ +typedef struct mbedtls_ripemd160_context { uint32_t total[2]; /*!< number of bytes processed */ uint32_t state[5]; /*!< intermediate digest state */ unsigned char buffer[64]; /*!< data block being processed */ @@ -64,14 +63,14 @@ mbedtls_ripemd160_context; * * \param ctx RIPEMD-160 context to be initialized */ -void mbedtls_ripemd160_init( mbedtls_ripemd160_context *ctx ); +void mbedtls_ripemd160_init(mbedtls_ripemd160_context *ctx); /** * \brief Clear RIPEMD-160 context * * \param ctx RIPEMD-160 context to be cleared */ -void mbedtls_ripemd160_free( mbedtls_ripemd160_context *ctx ); +void mbedtls_ripemd160_free(mbedtls_ripemd160_context *ctx); /** * \brief Clone (the state of) a RIPEMD-160 context @@ -79,8 +78,8 @@ void mbedtls_ripemd160_free( mbedtls_ripemd160_context *ctx ); * \param dst The destination context * \param src The context to be cloned */ -void mbedtls_ripemd160_clone( mbedtls_ripemd160_context *dst, - const mbedtls_ripemd160_context *src ); +void mbedtls_ripemd160_clone(mbedtls_ripemd160_context *dst, + const mbedtls_ripemd160_context *src); /** * \brief RIPEMD-160 context setup @@ -89,7 +88,7 @@ void mbedtls_ripemd160_clone( mbedtls_ripemd160_context *dst, * * \return 0 if successful */ -int mbedtls_ripemd160_starts_ret( mbedtls_ripemd160_context *ctx ); +int mbedtls_ripemd160_starts_ret(mbedtls_ripemd160_context *ctx); /** * \brief RIPEMD-160 process buffer @@ -100,9 +99,9 @@ int mbedtls_ripemd160_starts_ret( mbedtls_ripemd160_context *ctx ); * * \return 0 if successful */ -int mbedtls_ripemd160_update_ret( mbedtls_ripemd160_context *ctx, - const unsigned char *input, - size_t ilen ); +int mbedtls_ripemd160_update_ret(mbedtls_ripemd160_context *ctx, + const unsigned char *input, + size_t ilen); /** * \brief RIPEMD-160 final digest @@ -112,8 +111,8 @@ int mbedtls_ripemd160_update_ret( mbedtls_ripemd160_context *ctx, * * \return 0 if successful */ -int mbedtls_ripemd160_finish_ret( mbedtls_ripemd160_context *ctx, - unsigned char output[20] ); +int mbedtls_ripemd160_finish_ret(mbedtls_ripemd160_context *ctx, + unsigned char output[20]); /** * \brief RIPEMD-160 process data block (internal use only) @@ -123,8 +122,8 @@ int mbedtls_ripemd160_finish_ret( mbedtls_ripemd160_context *ctx, * * \return 0 if successful */ -int mbedtls_internal_ripemd160_process( mbedtls_ripemd160_context *ctx, - const unsigned char data[64] ); +int mbedtls_internal_ripemd160_process(mbedtls_ripemd160_context *ctx, + const unsigned char data[64]); #if !defined(MBEDTLS_DEPRECATED_REMOVED) #if defined(MBEDTLS_DEPRECATED_WARNING) @@ -140,7 +139,7 @@ int mbedtls_internal_ripemd160_process( mbedtls_ripemd160_context *ctx, * \param ctx context to be initialized */ MBEDTLS_DEPRECATED void mbedtls_ripemd160_starts( - mbedtls_ripemd160_context *ctx ); + mbedtls_ripemd160_context *ctx); /** * \brief RIPEMD-160 process buffer @@ -152,9 +151,9 @@ MBEDTLS_DEPRECATED void mbedtls_ripemd160_starts( * \param ilen length of the input data */ MBEDTLS_DEPRECATED void mbedtls_ripemd160_update( - mbedtls_ripemd160_context *ctx, - const unsigned char *input, - size_t ilen ); + mbedtls_ripemd160_context *ctx, + const unsigned char *input, + size_t ilen); /** * \brief RIPEMD-160 final digest @@ -165,8 +164,8 @@ MBEDTLS_DEPRECATED void mbedtls_ripemd160_update( * \param output RIPEMD-160 checksum result */ MBEDTLS_DEPRECATED void mbedtls_ripemd160_finish( - mbedtls_ripemd160_context *ctx, - unsigned char output[20] ); + mbedtls_ripemd160_context *ctx, + unsigned char output[20]); /** * \brief RIPEMD-160 process data block (internal use only) @@ -177,8 +176,8 @@ MBEDTLS_DEPRECATED void mbedtls_ripemd160_finish( * \param data buffer holding one block of data */ MBEDTLS_DEPRECATED void mbedtls_ripemd160_process( - mbedtls_ripemd160_context *ctx, - const unsigned char data[64] ); + mbedtls_ripemd160_context *ctx, + const unsigned char data[64]); #undef MBEDTLS_DEPRECATED #endif /* !MBEDTLS_DEPRECATED_REMOVED */ @@ -192,9 +191,9 @@ MBEDTLS_DEPRECATED void mbedtls_ripemd160_process( * * \return 0 if successful */ -int mbedtls_ripemd160_ret( const unsigned char *input, - size_t ilen, - unsigned char output[20] ); +int mbedtls_ripemd160_ret(const unsigned char *input, + size_t ilen, + unsigned char output[20]); #if !defined(MBEDTLS_DEPRECATED_REMOVED) #if defined(MBEDTLS_DEPRECATED_WARNING) @@ -211,9 +210,9 @@ int mbedtls_ripemd160_ret( const unsigned char *input, * \param ilen length of the input data * \param output RIPEMD-160 checksum result */ -MBEDTLS_DEPRECATED void mbedtls_ripemd160( const unsigned char *input, - size_t ilen, - unsigned char output[20] ); +MBEDTLS_DEPRECATED void mbedtls_ripemd160(const unsigned char *input, + size_t ilen, + unsigned char output[20]); #undef MBEDTLS_DEPRECATED #endif /* !MBEDTLS_DEPRECATED_REMOVED */ @@ -225,7 +224,7 @@ MBEDTLS_DEPRECATED void mbedtls_ripemd160( const unsigned char *input, * * \return 0 if successful, or 1 if the test failed */ -int mbedtls_ripemd160_self_test( int verbose ); +int mbedtls_ripemd160_self_test(int verbose); #endif /* MBEDTLS_SELF_TEST */ diff --git a/thirdparty/mbedtls/include/mbedtls/rsa.h b/thirdparty/mbedtls/include/mbedtls/rsa.h index 8559f67bb9..f8725ffb1e 100644 --- a/thirdparty/mbedtls/include/mbedtls/rsa.h +++ b/thirdparty/mbedtls/include/mbedtls/rsa.h @@ -106,8 +106,7 @@ extern "C" { * is deprecated. All manipulation should instead be done through * the public interface functions. */ -typedef struct mbedtls_rsa_context -{ +typedef struct mbedtls_rsa_context { int ver; /*!< Reserved for internal purposes. * Do not set this field in application * code. Its meaning might change without @@ -134,8 +133,8 @@ typedef struct mbedtls_rsa_context mbedtls_mpi Vf; /*!< The cached un-blinding value. */ int padding; /*!< Selects padding mode: - #MBEDTLS_RSA_PKCS_V15 for 1.5 padding and - #MBEDTLS_RSA_PKCS_V21 for OAEP or PSS. */ + #MBEDTLS_RSA_PKCS_V15 for 1.5 padding and + #MBEDTLS_RSA_PKCS_V21 for OAEP or PSS. */ int hash_id; /*!< Hash identifier of mbedtls_md_type_t type, as specified in md.h for use in the MGF mask generating function used in the @@ -178,9 +177,9 @@ mbedtls_rsa_context; * \p padding is #MBEDTLS_RSA_PKCS_V21. It is unused * otherwise. */ -void mbedtls_rsa_init( mbedtls_rsa_context *ctx, - int padding, - int hash_id ); +void mbedtls_rsa_init(mbedtls_rsa_context *ctx, + int padding, + int hash_id); /** * \brief This function imports a set of core parameters into an @@ -211,10 +210,10 @@ void mbedtls_rsa_init( mbedtls_rsa_context *ctx, * \return \c 0 on success. * \return A non-zero error code on failure. */ -int mbedtls_rsa_import( mbedtls_rsa_context *ctx, - const mbedtls_mpi *N, - const mbedtls_mpi *P, const mbedtls_mpi *Q, - const mbedtls_mpi *D, const mbedtls_mpi *E ); +int mbedtls_rsa_import(mbedtls_rsa_context *ctx, + const mbedtls_mpi *N, + const mbedtls_mpi *P, const mbedtls_mpi *Q, + const mbedtls_mpi *D, const mbedtls_mpi *E); /** * \brief This function imports core RSA parameters, in raw big-endian @@ -250,12 +249,12 @@ int mbedtls_rsa_import( mbedtls_rsa_context *ctx, * \return \c 0 on success. * \return A non-zero error code on failure. */ -int mbedtls_rsa_import_raw( mbedtls_rsa_context *ctx, - unsigned char const *N, size_t N_len, - unsigned char const *P, size_t P_len, - unsigned char const *Q, size_t Q_len, - unsigned char const *D, size_t D_len, - unsigned char const *E, size_t E_len ); +int mbedtls_rsa_import_raw(mbedtls_rsa_context *ctx, + unsigned char const *N, size_t N_len, + unsigned char const *P, size_t P_len, + unsigned char const *Q, size_t Q_len, + unsigned char const *D, size_t D_len, + unsigned char const *E, size_t E_len); /** * \brief This function completes an RSA context from @@ -289,7 +288,7 @@ int mbedtls_rsa_import_raw( mbedtls_rsa_context *ctx, * failed. * */ -int mbedtls_rsa_complete( mbedtls_rsa_context *ctx ); +int mbedtls_rsa_complete(mbedtls_rsa_context *ctx); /** * \brief This function exports the core parameters of an RSA key. @@ -331,9 +330,9 @@ int mbedtls_rsa_complete( mbedtls_rsa_context *ctx ); * \return A non-zero return code on any other failure. * */ -int mbedtls_rsa_export( const mbedtls_rsa_context *ctx, - mbedtls_mpi *N, mbedtls_mpi *P, mbedtls_mpi *Q, - mbedtls_mpi *D, mbedtls_mpi *E ); +int mbedtls_rsa_export(const mbedtls_rsa_context *ctx, + mbedtls_mpi *N, mbedtls_mpi *P, mbedtls_mpi *Q, + mbedtls_mpi *D, mbedtls_mpi *E); /** * \brief This function exports core parameters of an RSA key @@ -382,12 +381,12 @@ int mbedtls_rsa_export( const mbedtls_rsa_context *ctx, * functionality or because of security policies. * \return A non-zero return code on any other failure. */ -int mbedtls_rsa_export_raw( const mbedtls_rsa_context *ctx, - unsigned char *N, size_t N_len, - unsigned char *P, size_t P_len, - unsigned char *Q, size_t Q_len, - unsigned char *D, size_t D_len, - unsigned char *E, size_t E_len ); +int mbedtls_rsa_export_raw(const mbedtls_rsa_context *ctx, + unsigned char *N, size_t N_len, + unsigned char *P, size_t P_len, + unsigned char *Q, size_t Q_len, + unsigned char *D, size_t D_len, + unsigned char *E, size_t E_len); /** * \brief This function exports CRT parameters of a private RSA key. @@ -408,8 +407,8 @@ int mbedtls_rsa_export_raw( const mbedtls_rsa_context *ctx, * \return A non-zero error code on failure. * */ -int mbedtls_rsa_export_crt( const mbedtls_rsa_context *ctx, - mbedtls_mpi *DP, mbedtls_mpi *DQ, mbedtls_mpi *QP ); +int mbedtls_rsa_export_crt(const mbedtls_rsa_context *ctx, + mbedtls_mpi *DP, mbedtls_mpi *DQ, mbedtls_mpi *QP); /** * \brief This function sets padding for an already initialized RSA @@ -420,8 +419,8 @@ int mbedtls_rsa_export_crt( const mbedtls_rsa_context *ctx, * #MBEDTLS_RSA_PKCS_V15 or #MBEDTLS_RSA_PKCS_V21. * \param hash_id The #MBEDTLS_RSA_PKCS_V21 hash identifier. */ -void mbedtls_rsa_set_padding( mbedtls_rsa_context *ctx, int padding, - int hash_id ); +void mbedtls_rsa_set_padding(mbedtls_rsa_context *ctx, int padding, + int hash_id); /** * \brief This function retrieves the length of RSA modulus in Bytes. @@ -431,7 +430,7 @@ void mbedtls_rsa_set_padding( mbedtls_rsa_context *ctx, int padding, * \return The length of the RSA modulus in Bytes. * */ -size_t mbedtls_rsa_get_len( const mbedtls_rsa_context *ctx ); +size_t mbedtls_rsa_get_len(const mbedtls_rsa_context *ctx); /** * \brief This function generates an RSA keypair. @@ -451,10 +450,10 @@ size_t mbedtls_rsa_get_len( const mbedtls_rsa_context *ctx ); * \return \c 0 on success. * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure. */ -int mbedtls_rsa_gen_key( mbedtls_rsa_context *ctx, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng, - unsigned int nbits, int exponent ); +int mbedtls_rsa_gen_key(mbedtls_rsa_context *ctx, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng, + unsigned int nbits, int exponent); /** * \brief This function checks if a context contains at least an RSA @@ -470,7 +469,7 @@ int mbedtls_rsa_gen_key( mbedtls_rsa_context *ctx, * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure. * */ -int mbedtls_rsa_check_pubkey( const mbedtls_rsa_context *ctx ); +int mbedtls_rsa_check_pubkey(const mbedtls_rsa_context *ctx); /** * \brief This function checks if a context contains an RSA private key @@ -508,7 +507,7 @@ int mbedtls_rsa_check_pubkey( const mbedtls_rsa_context *ctx ); * \return \c 0 on success. * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure. */ -int mbedtls_rsa_check_privkey( const mbedtls_rsa_context *ctx ); +int mbedtls_rsa_check_privkey(const mbedtls_rsa_context *ctx); /** * \brief This function checks a public-private RSA key pair. @@ -521,8 +520,8 @@ int mbedtls_rsa_check_privkey( const mbedtls_rsa_context *ctx ); * \return \c 0 on success. * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure. */ -int mbedtls_rsa_check_pub_priv( const mbedtls_rsa_context *pub, - const mbedtls_rsa_context *prv ); +int mbedtls_rsa_check_pub_priv(const mbedtls_rsa_context *pub, + const mbedtls_rsa_context *prv); /** * \brief This function performs an RSA public key operation. @@ -543,9 +542,9 @@ int mbedtls_rsa_check_pub_priv( const mbedtls_rsa_context *pub, * \return \c 0 on success. * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure. */ -int mbedtls_rsa_public( mbedtls_rsa_context *ctx, - const unsigned char *input, - unsigned char *output ); +int mbedtls_rsa_public(mbedtls_rsa_context *ctx, + const unsigned char *input, + unsigned char *output); /** * \brief This function performs an RSA private key operation. @@ -578,11 +577,11 @@ int mbedtls_rsa_public( mbedtls_rsa_context *ctx, * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure. * */ -int mbedtls_rsa_private( mbedtls_rsa_context *ctx, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng, - const unsigned char *input, - unsigned char *output ); +int mbedtls_rsa_private(mbedtls_rsa_context *ctx, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng, + const unsigned char *input, + unsigned char *output); /** * \brief This function adds the message padding, then performs an RSA @@ -623,12 +622,12 @@ int mbedtls_rsa_private( mbedtls_rsa_context *ctx, * \return \c 0 on success. * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure. */ -int mbedtls_rsa_pkcs1_encrypt( mbedtls_rsa_context *ctx, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng, - int mode, size_t ilen, - const unsigned char *input, - unsigned char *output ); +int mbedtls_rsa_pkcs1_encrypt(mbedtls_rsa_context *ctx, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng, + int mode, size_t ilen, + const unsigned char *input, + unsigned char *output); /** * \brief This function performs a PKCS#1 v1.5 encryption operation @@ -664,12 +663,12 @@ int mbedtls_rsa_pkcs1_encrypt( mbedtls_rsa_context *ctx, * \return \c 0 on success. * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure. */ -int mbedtls_rsa_rsaes_pkcs1_v15_encrypt( mbedtls_rsa_context *ctx, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng, - int mode, size_t ilen, - const unsigned char *input, - unsigned char *output ); +int mbedtls_rsa_rsaes_pkcs1_v15_encrypt(mbedtls_rsa_context *ctx, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng, + int mode, size_t ilen, + const unsigned char *input, + unsigned char *output); /** * \brief This function performs a PKCS#1 v2.1 OAEP encryption @@ -709,14 +708,14 @@ int mbedtls_rsa_rsaes_pkcs1_v15_encrypt( mbedtls_rsa_context *ctx, * \return \c 0 on success. * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure. */ -int mbedtls_rsa_rsaes_oaep_encrypt( mbedtls_rsa_context *ctx, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng, - int mode, - const unsigned char *label, size_t label_len, - size_t ilen, - const unsigned char *input, - unsigned char *output ); +int mbedtls_rsa_rsaes_oaep_encrypt(mbedtls_rsa_context *ctx, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng, + int mode, + const unsigned char *label, size_t label_len, + size_t ilen, + const unsigned char *input, + unsigned char *output); /** * \brief This function performs an RSA operation, then removes the @@ -762,13 +761,13 @@ int mbedtls_rsa_rsaes_oaep_encrypt( mbedtls_rsa_context *ctx, * \return \c 0 on success. * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure. */ -int mbedtls_rsa_pkcs1_decrypt( mbedtls_rsa_context *ctx, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng, - int mode, size_t *olen, - const unsigned char *input, - unsigned char *output, - size_t output_max_len ); +int mbedtls_rsa_pkcs1_decrypt(mbedtls_rsa_context *ctx, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng, + int mode, size_t *olen, + const unsigned char *input, + unsigned char *output, + size_t output_max_len); /** * \brief This function performs a PKCS#1 v1.5 decryption @@ -812,13 +811,13 @@ int mbedtls_rsa_pkcs1_decrypt( mbedtls_rsa_context *ctx, * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure. * */ -int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng, - int mode, size_t *olen, - const unsigned char *input, - unsigned char *output, - size_t output_max_len ); +int mbedtls_rsa_rsaes_pkcs1_v15_decrypt(mbedtls_rsa_context *ctx, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng, + int mode, size_t *olen, + const unsigned char *input, + unsigned char *output, + size_t output_max_len); /** * \brief This function performs a PKCS#1 v2.1 OAEP decryption @@ -866,15 +865,15 @@ int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx, * \return \c 0 on success. * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure. */ -int mbedtls_rsa_rsaes_oaep_decrypt( mbedtls_rsa_context *ctx, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng, - int mode, - const unsigned char *label, size_t label_len, - size_t *olen, - const unsigned char *input, - unsigned char *output, - size_t output_max_len ); +int mbedtls_rsa_rsaes_oaep_decrypt(mbedtls_rsa_context *ctx, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng, + int mode, + const unsigned char *label, size_t label_len, + size_t *olen, + const unsigned char *input, + unsigned char *output, + size_t output_max_len); /** * \brief This function performs a private RSA operation to sign @@ -926,14 +925,14 @@ int mbedtls_rsa_rsaes_oaep_decrypt( mbedtls_rsa_context *ctx, * \return \c 0 if the signing operation was successful. * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure. */ -int mbedtls_rsa_pkcs1_sign( mbedtls_rsa_context *ctx, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng, - int mode, - mbedtls_md_type_t md_alg, - unsigned int hashlen, - const unsigned char *hash, - unsigned char *sig ); +int mbedtls_rsa_pkcs1_sign(mbedtls_rsa_context *ctx, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng, + int mode, + mbedtls_md_type_t md_alg, + unsigned int hashlen, + const unsigned char *hash, + unsigned char *sig); /** * \brief This function performs a PKCS#1 v1.5 signature @@ -974,14 +973,14 @@ int mbedtls_rsa_pkcs1_sign( mbedtls_rsa_context *ctx, * \return \c 0 if the signing operation was successful. * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure. */ -int mbedtls_rsa_rsassa_pkcs1_v15_sign( mbedtls_rsa_context *ctx, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng, - int mode, - mbedtls_md_type_t md_alg, - unsigned int hashlen, - const unsigned char *hash, - unsigned char *sig ); +int mbedtls_rsa_rsassa_pkcs1_v15_sign(mbedtls_rsa_context *ctx, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng, + int mode, + mbedtls_md_type_t md_alg, + unsigned int hashlen, + const unsigned char *hash, + unsigned char *sig); /** * \brief This function performs a PKCS#1 v2.1 PSS signature @@ -1029,14 +1028,14 @@ int mbedtls_rsa_rsassa_pkcs1_v15_sign( mbedtls_rsa_context *ctx, * \return \c 0 if the signing operation was successful. * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure. */ -int mbedtls_rsa_rsassa_pss_sign_ext( mbedtls_rsa_context *ctx, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng, - mbedtls_md_type_t md_alg, - unsigned int hashlen, - const unsigned char *hash, - int saltlen, - unsigned char *sig ); +int mbedtls_rsa_rsassa_pss_sign_ext(mbedtls_rsa_context *ctx, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng, + mbedtls_md_type_t md_alg, + unsigned int hashlen, + const unsigned char *hash, + int saltlen, + unsigned char *sig); /** * \brief This function performs a PKCS#1 v2.1 PSS signature @@ -1093,14 +1092,14 @@ int mbedtls_rsa_rsassa_pss_sign_ext( mbedtls_rsa_context *ctx, * \return \c 0 if the signing operation was successful. * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure. */ -int mbedtls_rsa_rsassa_pss_sign( mbedtls_rsa_context *ctx, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng, - int mode, - mbedtls_md_type_t md_alg, - unsigned int hashlen, - const unsigned char *hash, - unsigned char *sig ); +int mbedtls_rsa_rsassa_pss_sign(mbedtls_rsa_context *ctx, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng, + int mode, + mbedtls_md_type_t md_alg, + unsigned int hashlen, + const unsigned char *hash, + unsigned char *sig); /** * \brief This function performs a public RSA operation and checks @@ -1146,14 +1145,14 @@ int mbedtls_rsa_rsassa_pss_sign( mbedtls_rsa_context *ctx, * \return \c 0 if the verify operation was successful. * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure. */ -int mbedtls_rsa_pkcs1_verify( mbedtls_rsa_context *ctx, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng, - int mode, - mbedtls_md_type_t md_alg, - unsigned int hashlen, - const unsigned char *hash, - const unsigned char *sig ); +int mbedtls_rsa_pkcs1_verify(mbedtls_rsa_context *ctx, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng, + int mode, + mbedtls_md_type_t md_alg, + unsigned int hashlen, + const unsigned char *hash, + const unsigned char *sig); /** * \brief This function performs a PKCS#1 v1.5 verification @@ -1192,14 +1191,14 @@ int mbedtls_rsa_pkcs1_verify( mbedtls_rsa_context *ctx, * \return \c 0 if the verify operation was successful. * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure. */ -int mbedtls_rsa_rsassa_pkcs1_v15_verify( mbedtls_rsa_context *ctx, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng, - int mode, - mbedtls_md_type_t md_alg, - unsigned int hashlen, - const unsigned char *hash, - const unsigned char *sig ); +int mbedtls_rsa_rsassa_pkcs1_v15_verify(mbedtls_rsa_context *ctx, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng, + int mode, + mbedtls_md_type_t md_alg, + unsigned int hashlen, + const unsigned char *hash, + const unsigned char *sig); /** * \brief This function performs a PKCS#1 v2.1 PSS verification @@ -1248,14 +1247,14 @@ int mbedtls_rsa_rsassa_pkcs1_v15_verify( mbedtls_rsa_context *ctx, * \return \c 0 if the verify operation was successful. * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure. */ -int mbedtls_rsa_rsassa_pss_verify( mbedtls_rsa_context *ctx, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng, - int mode, - mbedtls_md_type_t md_alg, - unsigned int hashlen, - const unsigned char *hash, - const unsigned char *sig ); +int mbedtls_rsa_rsassa_pss_verify(mbedtls_rsa_context *ctx, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng, + int mode, + mbedtls_md_type_t md_alg, + unsigned int hashlen, + const unsigned char *hash, + const unsigned char *sig); /** * \brief This function performs a PKCS#1 v2.1 PSS verification @@ -1301,16 +1300,16 @@ int mbedtls_rsa_rsassa_pss_verify( mbedtls_rsa_context *ctx, * \return \c 0 if the verify operation was successful. * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure. */ -int mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_rsa_context *ctx, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng, - int mode, - mbedtls_md_type_t md_alg, - unsigned int hashlen, - const unsigned char *hash, - mbedtls_md_type_t mgf1_hash_id, - int expected_salt_len, - const unsigned char *sig ); +int mbedtls_rsa_rsassa_pss_verify_ext(mbedtls_rsa_context *ctx, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng, + int mode, + mbedtls_md_type_t md_alg, + unsigned int hashlen, + const unsigned char *hash, + mbedtls_md_type_t mgf1_hash_id, + int expected_salt_len, + const unsigned char *sig); /** * \brief This function copies the components of an RSA context. @@ -1321,7 +1320,7 @@ int mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_rsa_context *ctx, * \return \c 0 on success. * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory allocation failure. */ -int mbedtls_rsa_copy( mbedtls_rsa_context *dst, const mbedtls_rsa_context *src ); +int mbedtls_rsa_copy(mbedtls_rsa_context *dst, const mbedtls_rsa_context *src); /** * \brief This function frees the components of an RSA key. @@ -1330,7 +1329,7 @@ int mbedtls_rsa_copy( mbedtls_rsa_context *dst, const mbedtls_rsa_context *src ) * this function is a no-op. If it is not \c NULL, it must * point to an initialized RSA context. */ -void mbedtls_rsa_free( mbedtls_rsa_context *ctx ); +void mbedtls_rsa_free(mbedtls_rsa_context *ctx); #if defined(MBEDTLS_SELF_TEST) @@ -1340,7 +1339,7 @@ void mbedtls_rsa_free( mbedtls_rsa_context *ctx ); * \return \c 0 on success. * \return \c 1 on failure. */ -int mbedtls_rsa_self_test( int verbose ); +int mbedtls_rsa_self_test(int verbose); #endif /* MBEDTLS_SELF_TEST */ diff --git a/thirdparty/mbedtls/include/mbedtls/rsa_internal.h b/thirdparty/mbedtls/include/mbedtls/rsa_internal.h index d55492bb16..017018bca9 100644 --- a/thirdparty/mbedtls/include/mbedtls/rsa_internal.h +++ b/thirdparty/mbedtls/include/mbedtls/rsa_internal.h @@ -92,9 +92,9 @@ extern "C" { * use the helper function \c mbedtls_rsa_validate_params. * */ -int mbedtls_rsa_deduce_primes( mbedtls_mpi const *N, mbedtls_mpi const *E, - mbedtls_mpi const *D, - mbedtls_mpi *P, mbedtls_mpi *Q ); +int mbedtls_rsa_deduce_primes(mbedtls_mpi const *N, mbedtls_mpi const *E, + mbedtls_mpi const *D, + mbedtls_mpi *P, mbedtls_mpi *Q); /** * \brief Compute RSA private exponent from @@ -117,10 +117,10 @@ int mbedtls_rsa_deduce_primes( mbedtls_mpi const *N, mbedtls_mpi const *E, * \note This function does not check whether P and Q are primes. * */ -int mbedtls_rsa_deduce_private_exponent( mbedtls_mpi const *P, - mbedtls_mpi const *Q, - mbedtls_mpi const *E, - mbedtls_mpi *D ); +int mbedtls_rsa_deduce_private_exponent(mbedtls_mpi const *P, + mbedtls_mpi const *Q, + mbedtls_mpi const *E, + mbedtls_mpi *D); /** @@ -143,9 +143,9 @@ int mbedtls_rsa_deduce_private_exponent( mbedtls_mpi const *P, * prime and whether D is a valid private exponent. * */ -int mbedtls_rsa_deduce_crt( const mbedtls_mpi *P, const mbedtls_mpi *Q, - const mbedtls_mpi *D, mbedtls_mpi *DP, - mbedtls_mpi *DQ, mbedtls_mpi *QP ); +int mbedtls_rsa_deduce_crt(const mbedtls_mpi *P, const mbedtls_mpi *Q, + const mbedtls_mpi *D, mbedtls_mpi *DP, + mbedtls_mpi *DQ, mbedtls_mpi *QP); /** @@ -178,11 +178,11 @@ int mbedtls_rsa_deduce_crt( const mbedtls_mpi *P, const mbedtls_mpi *Q, * to perform specific checks only. E.g., calling it with * (-,P,-,-,-) and a PRNG amounts to a primality check for P. */ -int mbedtls_rsa_validate_params( const mbedtls_mpi *N, const mbedtls_mpi *P, - const mbedtls_mpi *Q, const mbedtls_mpi *D, - const mbedtls_mpi *E, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ); +int mbedtls_rsa_validate_params(const mbedtls_mpi *N, const mbedtls_mpi *P, + const mbedtls_mpi *Q, const mbedtls_mpi *D, + const mbedtls_mpi *E, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng); /** * \brief Check validity of RSA CRT parameters @@ -213,9 +213,9 @@ int mbedtls_rsa_validate_params( const mbedtls_mpi *N, const mbedtls_mpi *P, * to perform specific checks only. E.g., calling it with the * parameters (P, -, D, DP, -, -) will check DP = D mod P-1. */ -int mbedtls_rsa_validate_crt( const mbedtls_mpi *P, const mbedtls_mpi *Q, - const mbedtls_mpi *D, const mbedtls_mpi *DP, - const mbedtls_mpi *DQ, const mbedtls_mpi *QP ); +int mbedtls_rsa_validate_crt(const mbedtls_mpi *P, const mbedtls_mpi *Q, + const mbedtls_mpi *D, const mbedtls_mpi *DP, + const mbedtls_mpi *DQ, const mbedtls_mpi *QP); #ifdef __cplusplus } diff --git a/thirdparty/mbedtls/include/mbedtls/sha1.h b/thirdparty/mbedtls/include/mbedtls/sha1.h index 4c3251b4a1..7a7319f26a 100644 --- a/thirdparty/mbedtls/include/mbedtls/sha1.h +++ b/thirdparty/mbedtls/include/mbedtls/sha1.h @@ -60,8 +60,7 @@ extern "C" { * stronger message digests instead. * */ -typedef struct mbedtls_sha1_context -{ +typedef struct mbedtls_sha1_context { uint32_t total[2]; /*!< The number of Bytes processed. */ uint32_t state[5]; /*!< The intermediate digest state. */ unsigned char buffer[64]; /*!< The data block being processed. */ @@ -83,7 +82,7 @@ mbedtls_sha1_context; * This must not be \c NULL. * */ -void mbedtls_sha1_init( mbedtls_sha1_context *ctx ); +void mbedtls_sha1_init(mbedtls_sha1_context *ctx); /** * \brief This function clears a SHA-1 context. @@ -98,7 +97,7 @@ void mbedtls_sha1_init( mbedtls_sha1_context *ctx ); * SHA-1 context. * */ -void mbedtls_sha1_free( mbedtls_sha1_context *ctx ); +void mbedtls_sha1_free(mbedtls_sha1_context *ctx); /** * \brief This function clones the state of a SHA-1 context. @@ -111,8 +110,8 @@ void mbedtls_sha1_free( mbedtls_sha1_context *ctx ); * \param src The SHA-1 context to clone from. This must be initialized. * */ -void mbedtls_sha1_clone( mbedtls_sha1_context *dst, - const mbedtls_sha1_context *src ); +void mbedtls_sha1_clone(mbedtls_sha1_context *dst, + const mbedtls_sha1_context *src); /** * \brief This function starts a SHA-1 checksum calculation. @@ -127,7 +126,7 @@ void mbedtls_sha1_clone( mbedtls_sha1_context *dst, * \return A negative error code on failure. * */ -int mbedtls_sha1_starts_ret( mbedtls_sha1_context *ctx ); +int mbedtls_sha1_starts_ret(mbedtls_sha1_context *ctx); /** * \brief This function feeds an input buffer into an ongoing SHA-1 @@ -146,9 +145,9 @@ int mbedtls_sha1_starts_ret( mbedtls_sha1_context *ctx ); * \return \c 0 on success. * \return A negative error code on failure. */ -int mbedtls_sha1_update_ret( mbedtls_sha1_context *ctx, - const unsigned char *input, - size_t ilen ); +int mbedtls_sha1_update_ret(mbedtls_sha1_context *ctx, + const unsigned char *input, + size_t ilen); /** * \brief This function finishes the SHA-1 operation, and writes @@ -166,8 +165,8 @@ int mbedtls_sha1_update_ret( mbedtls_sha1_context *ctx, * \return \c 0 on success. * \return A negative error code on failure. */ -int mbedtls_sha1_finish_ret( mbedtls_sha1_context *ctx, - unsigned char output[20] ); +int mbedtls_sha1_finish_ret(mbedtls_sha1_context *ctx, + unsigned char output[20]); /** * \brief SHA-1 process data block (internal use only). @@ -184,8 +183,8 @@ int mbedtls_sha1_finish_ret( mbedtls_sha1_context *ctx, * \return A negative error code on failure. * */ -int mbedtls_internal_sha1_process( mbedtls_sha1_context *ctx, - const unsigned char data[64] ); +int mbedtls_internal_sha1_process(mbedtls_sha1_context *ctx, + const unsigned char data[64]); #if !defined(MBEDTLS_DEPRECATED_REMOVED) #if defined(MBEDTLS_DEPRECATED_WARNING) @@ -205,7 +204,7 @@ int mbedtls_internal_sha1_process( mbedtls_sha1_context *ctx, * \param ctx The SHA-1 context to initialize. This must be initialized. * */ -MBEDTLS_DEPRECATED void mbedtls_sha1_starts( mbedtls_sha1_context *ctx ); +MBEDTLS_DEPRECATED void mbedtls_sha1_starts(mbedtls_sha1_context *ctx); /** * \brief This function feeds an input buffer into an ongoing SHA-1 @@ -224,9 +223,9 @@ MBEDTLS_DEPRECATED void mbedtls_sha1_starts( mbedtls_sha1_context *ctx ); * \param ilen The length of the input data \p input in Bytes. * */ -MBEDTLS_DEPRECATED void mbedtls_sha1_update( mbedtls_sha1_context *ctx, - const unsigned char *input, - size_t ilen ); +MBEDTLS_DEPRECATED void mbedtls_sha1_update(mbedtls_sha1_context *ctx, + const unsigned char *input, + size_t ilen); /** * \brief This function finishes the SHA-1 operation, and writes @@ -243,8 +242,8 @@ MBEDTLS_DEPRECATED void mbedtls_sha1_update( mbedtls_sha1_context *ctx, * \param output The SHA-1 checksum result. * This must be a writable buffer of length \c 20 Bytes. */ -MBEDTLS_DEPRECATED void mbedtls_sha1_finish( mbedtls_sha1_context *ctx, - unsigned char output[20] ); +MBEDTLS_DEPRECATED void mbedtls_sha1_finish(mbedtls_sha1_context *ctx, + unsigned char output[20]); /** * \brief SHA-1 process data block (internal use only). @@ -260,8 +259,8 @@ MBEDTLS_DEPRECATED void mbedtls_sha1_finish( mbedtls_sha1_context *ctx, * This must be a readable buffer of length \c 64 bytes. * */ -MBEDTLS_DEPRECATED void mbedtls_sha1_process( mbedtls_sha1_context *ctx, - const unsigned char data[64] ); +MBEDTLS_DEPRECATED void mbedtls_sha1_process(mbedtls_sha1_context *ctx, + const unsigned char data[64]); #undef MBEDTLS_DEPRECATED #endif /* !MBEDTLS_DEPRECATED_REMOVED */ @@ -289,9 +288,9 @@ MBEDTLS_DEPRECATED void mbedtls_sha1_process( mbedtls_sha1_context *ctx, * \return A negative error code on failure. * */ -int mbedtls_sha1_ret( const unsigned char *input, - size_t ilen, - unsigned char output[20] ); +int mbedtls_sha1_ret(const unsigned char *input, + size_t ilen, + unsigned char output[20]); #if !defined(MBEDTLS_DEPRECATED_REMOVED) #if defined(MBEDTLS_DEPRECATED_WARNING) @@ -321,9 +320,9 @@ int mbedtls_sha1_ret( const unsigned char *input, * buffer of size \c 20 Bytes. * */ -MBEDTLS_DEPRECATED void mbedtls_sha1( const unsigned char *input, - size_t ilen, - unsigned char output[20] ); +MBEDTLS_DEPRECATED void mbedtls_sha1(const unsigned char *input, + size_t ilen, + unsigned char output[20]); #undef MBEDTLS_DEPRECATED #endif /* !MBEDTLS_DEPRECATED_REMOVED */ @@ -341,7 +340,7 @@ MBEDTLS_DEPRECATED void mbedtls_sha1( const unsigned char *input, * \return \c 1 on failure. * */ -int mbedtls_sha1_self_test( int verbose ); +int mbedtls_sha1_self_test(int verbose); #endif /* MBEDTLS_SELF_TEST */ diff --git a/thirdparty/mbedtls/include/mbedtls/sha256.h b/thirdparty/mbedtls/include/mbedtls/sha256.h index 5b54be2142..00bd17d0cf 100644 --- a/thirdparty/mbedtls/include/mbedtls/sha256.h +++ b/thirdparty/mbedtls/include/mbedtls/sha256.h @@ -55,8 +55,7 @@ extern "C" { * checksum calculations. The choice between these two is * made in the call to mbedtls_sha256_starts_ret(). */ -typedef struct mbedtls_sha256_context -{ +typedef struct mbedtls_sha256_context { uint32_t total[2]; /*!< The number of Bytes processed. */ uint32_t state[8]; /*!< The intermediate digest state. */ unsigned char buffer[64]; /*!< The data block being processed. */ @@ -74,7 +73,7 @@ mbedtls_sha256_context; * * \param ctx The SHA-256 context to initialize. This must not be \c NULL. */ -void mbedtls_sha256_init( mbedtls_sha256_context *ctx ); +void mbedtls_sha256_init(mbedtls_sha256_context *ctx); /** * \brief This function clears a SHA-256 context. @@ -83,7 +82,7 @@ void mbedtls_sha256_init( mbedtls_sha256_context *ctx ); * case this function returns immediately. If it is not \c NULL, * it must point to an initialized SHA-256 context. */ -void mbedtls_sha256_free( mbedtls_sha256_context *ctx ); +void mbedtls_sha256_free(mbedtls_sha256_context *ctx); /** * \brief This function clones the state of a SHA-256 context. @@ -91,8 +90,8 @@ void mbedtls_sha256_free( mbedtls_sha256_context *ctx ); * \param dst The destination context. This must be initialized. * \param src The context to clone. This must be initialized. */ -void mbedtls_sha256_clone( mbedtls_sha256_context *dst, - const mbedtls_sha256_context *src ); +void mbedtls_sha256_clone(mbedtls_sha256_context *dst, + const mbedtls_sha256_context *src); /** * \brief This function starts a SHA-224 or SHA-256 checksum @@ -105,7 +104,7 @@ void mbedtls_sha256_clone( mbedtls_sha256_context *dst, * \return \c 0 on success. * \return A negative error code on failure. */ -int mbedtls_sha256_starts_ret( mbedtls_sha256_context *ctx, int is224 ); +int mbedtls_sha256_starts_ret(mbedtls_sha256_context *ctx, int is224); /** * \brief This function feeds an input buffer into an ongoing @@ -120,9 +119,9 @@ int mbedtls_sha256_starts_ret( mbedtls_sha256_context *ctx, int is224 ); * \return \c 0 on success. * \return A negative error code on failure. */ -int mbedtls_sha256_update_ret( mbedtls_sha256_context *ctx, - const unsigned char *input, - size_t ilen ); +int mbedtls_sha256_update_ret(mbedtls_sha256_context *ctx, + const unsigned char *input, + size_t ilen); /** * \brief This function finishes the SHA-256 operation, and writes @@ -136,8 +135,8 @@ int mbedtls_sha256_update_ret( mbedtls_sha256_context *ctx, * \return \c 0 on success. * \return A negative error code on failure. */ -int mbedtls_sha256_finish_ret( mbedtls_sha256_context *ctx, - unsigned char output[32] ); +int mbedtls_sha256_finish_ret(mbedtls_sha256_context *ctx, + unsigned char output[32]); /** * \brief This function processes a single data block within @@ -151,8 +150,8 @@ int mbedtls_sha256_finish_ret( mbedtls_sha256_context *ctx, * \return \c 0 on success. * \return A negative error code on failure. */ -int mbedtls_internal_sha256_process( mbedtls_sha256_context *ctx, - const unsigned char data[64] ); +int mbedtls_internal_sha256_process(mbedtls_sha256_context *ctx, + const unsigned char data[64]); #if !defined(MBEDTLS_DEPRECATED_REMOVED) #if defined(MBEDTLS_DEPRECATED_WARNING) @@ -170,8 +169,8 @@ int mbedtls_internal_sha256_process( mbedtls_sha256_context *ctx, * \param is224 Determines which function to use. This must be * either \c 0 for SHA-256, or \c 1 for SHA-224. */ -MBEDTLS_DEPRECATED void mbedtls_sha256_starts( mbedtls_sha256_context *ctx, - int is224 ); +MBEDTLS_DEPRECATED void mbedtls_sha256_starts(mbedtls_sha256_context *ctx, + int is224); /** * \brief This function feeds an input buffer into an ongoing @@ -185,9 +184,9 @@ MBEDTLS_DEPRECATED void mbedtls_sha256_starts( mbedtls_sha256_context *ctx, * buffer of length \p ilen Bytes. * \param ilen The length of the input data in Bytes. */ -MBEDTLS_DEPRECATED void mbedtls_sha256_update( mbedtls_sha256_context *ctx, - const unsigned char *input, - size_t ilen ); +MBEDTLS_DEPRECATED void mbedtls_sha256_update(mbedtls_sha256_context *ctx, + const unsigned char *input, + size_t ilen); /** * \brief This function finishes the SHA-256 operation, and writes @@ -200,8 +199,8 @@ MBEDTLS_DEPRECATED void mbedtls_sha256_update( mbedtls_sha256_context *ctx, * \param output The SHA-224 or SHA-256 checksum result. This must be * a writable buffer of length \c 32 Bytes. */ -MBEDTLS_DEPRECATED void mbedtls_sha256_finish( mbedtls_sha256_context *ctx, - unsigned char output[32] ); +MBEDTLS_DEPRECATED void mbedtls_sha256_finish(mbedtls_sha256_context *ctx, + unsigned char output[32]); /** * \brief This function processes a single data block within @@ -214,8 +213,8 @@ MBEDTLS_DEPRECATED void mbedtls_sha256_finish( mbedtls_sha256_context *ctx, * \param data The buffer holding one block of data. This must be * a readable buffer of size \c 64 Bytes. */ -MBEDTLS_DEPRECATED void mbedtls_sha256_process( mbedtls_sha256_context *ctx, - const unsigned char data[64] ); +MBEDTLS_DEPRECATED void mbedtls_sha256_process(mbedtls_sha256_context *ctx, + const unsigned char data[64]); #undef MBEDTLS_DEPRECATED #endif /* !MBEDTLS_DEPRECATED_REMOVED */ @@ -241,10 +240,10 @@ MBEDTLS_DEPRECATED void mbedtls_sha256_process( mbedtls_sha256_context *ctx, * \return \c 0 on success. * \return A negative error code on failure. */ -int mbedtls_sha256_ret( const unsigned char *input, - size_t ilen, - unsigned char output[32], - int is224 ); +int mbedtls_sha256_ret(const unsigned char *input, + size_t ilen, + unsigned char output[32], + int is224); #if !defined(MBEDTLS_DEPRECATED_REMOVED) #if defined(MBEDTLS_DEPRECATED_WARNING) @@ -273,10 +272,10 @@ int mbedtls_sha256_ret( const unsigned char *input, * \param is224 Determines which function to use. This must be either * \c 0 for SHA-256, or \c 1 for SHA-224. */ -MBEDTLS_DEPRECATED void mbedtls_sha256( const unsigned char *input, - size_t ilen, - unsigned char output[32], - int is224 ); +MBEDTLS_DEPRECATED void mbedtls_sha256(const unsigned char *input, + size_t ilen, + unsigned char output[32], + int is224); #undef MBEDTLS_DEPRECATED #endif /* !MBEDTLS_DEPRECATED_REMOVED */ @@ -289,7 +288,7 @@ MBEDTLS_DEPRECATED void mbedtls_sha256( const unsigned char *input, * \return \c 0 on success. * \return \c 1 on failure. */ -int mbedtls_sha256_self_test( int verbose ); +int mbedtls_sha256_self_test(int verbose); #endif /* MBEDTLS_SELF_TEST */ diff --git a/thirdparty/mbedtls/include/mbedtls/sha512.h b/thirdparty/mbedtls/include/mbedtls/sha512.h index cca47c2fe6..1df87f99f7 100644 --- a/thirdparty/mbedtls/include/mbedtls/sha512.h +++ b/thirdparty/mbedtls/include/mbedtls/sha512.h @@ -54,8 +54,7 @@ extern "C" { * checksum calculations. The choice between these two is * made in the call to mbedtls_sha512_starts_ret(). */ -typedef struct mbedtls_sha512_context -{ +typedef struct mbedtls_sha512_context { uint64_t total[2]; /*!< The number of Bytes processed. */ uint64_t state[8]; /*!< The intermediate digest state. */ unsigned char buffer[128]; /*!< The data block being processed. */ @@ -76,7 +75,7 @@ mbedtls_sha512_context; * \param ctx The SHA-512 context to initialize. This must * not be \c NULL. */ -void mbedtls_sha512_init( mbedtls_sha512_context *ctx ); +void mbedtls_sha512_init(mbedtls_sha512_context *ctx); /** * \brief This function clears a SHA-512 context. @@ -86,7 +85,7 @@ void mbedtls_sha512_init( mbedtls_sha512_context *ctx ); * is not \c NULL, it must point to an initialized * SHA-512 context. */ -void mbedtls_sha512_free( mbedtls_sha512_context *ctx ); +void mbedtls_sha512_free(mbedtls_sha512_context *ctx); /** * \brief This function clones the state of a SHA-512 context. @@ -94,8 +93,8 @@ void mbedtls_sha512_free( mbedtls_sha512_context *ctx ); * \param dst The destination context. This must be initialized. * \param src The context to clone. This must be initialized. */ -void mbedtls_sha512_clone( mbedtls_sha512_context *dst, - const mbedtls_sha512_context *src ); +void mbedtls_sha512_clone(mbedtls_sha512_context *dst, + const mbedtls_sha512_context *src); /** * \brief This function starts a SHA-384 or SHA-512 checksum @@ -112,7 +111,7 @@ void mbedtls_sha512_clone( mbedtls_sha512_context *dst, * \return \c 0 on success. * \return A negative error code on failure. */ -int mbedtls_sha512_starts_ret( mbedtls_sha512_context *ctx, int is384 ); +int mbedtls_sha512_starts_ret(mbedtls_sha512_context *ctx, int is384); /** * \brief This function feeds an input buffer into an ongoing @@ -127,9 +126,9 @@ int mbedtls_sha512_starts_ret( mbedtls_sha512_context *ctx, int is384 ); * \return \c 0 on success. * \return A negative error code on failure. */ -int mbedtls_sha512_update_ret( mbedtls_sha512_context *ctx, - const unsigned char *input, - size_t ilen ); +int mbedtls_sha512_update_ret(mbedtls_sha512_context *ctx, + const unsigned char *input, + size_t ilen); /** * \brief This function finishes the SHA-512 operation, and writes @@ -143,8 +142,8 @@ int mbedtls_sha512_update_ret( mbedtls_sha512_context *ctx, * \return \c 0 on success. * \return A negative error code on failure. */ -int mbedtls_sha512_finish_ret( mbedtls_sha512_context *ctx, - unsigned char output[64] ); +int mbedtls_sha512_finish_ret(mbedtls_sha512_context *ctx, + unsigned char output[64]); /** * \brief This function processes a single data block within @@ -158,8 +157,8 @@ int mbedtls_sha512_finish_ret( mbedtls_sha512_context *ctx, * \return \c 0 on success. * \return A negative error code on failure. */ -int mbedtls_internal_sha512_process( mbedtls_sha512_context *ctx, - const unsigned char data[128] ); +int mbedtls_internal_sha512_process(mbedtls_sha512_context *ctx, + const unsigned char data[128]); #if !defined(MBEDTLS_DEPRECATED_REMOVED) #if defined(MBEDTLS_DEPRECATED_WARNING) #define MBEDTLS_DEPRECATED __attribute__((deprecated)) @@ -179,8 +178,8 @@ int mbedtls_internal_sha512_process( mbedtls_sha512_context *ctx, * \note When \c MBEDTLS_SHA512_NO_SHA384 is defined, \p is384 must * be \c 0, or the function will fail to work. */ -MBEDTLS_DEPRECATED void mbedtls_sha512_starts( mbedtls_sha512_context *ctx, - int is384 ); +MBEDTLS_DEPRECATED void mbedtls_sha512_starts(mbedtls_sha512_context *ctx, + int is384); /** * \brief This function feeds an input buffer into an ongoing @@ -194,9 +193,9 @@ MBEDTLS_DEPRECATED void mbedtls_sha512_starts( mbedtls_sha512_context *ctx, * buffer of length \p ilen Bytes. * \param ilen The length of the input data in Bytes. */ -MBEDTLS_DEPRECATED void mbedtls_sha512_update( mbedtls_sha512_context *ctx, - const unsigned char *input, - size_t ilen ); +MBEDTLS_DEPRECATED void mbedtls_sha512_update(mbedtls_sha512_context *ctx, + const unsigned char *input, + size_t ilen); /** * \brief This function finishes the SHA-512 operation, and writes @@ -209,8 +208,8 @@ MBEDTLS_DEPRECATED void mbedtls_sha512_update( mbedtls_sha512_context *ctx, * \param output The SHA-384 or SHA-512 checksum result. This must * be a writable buffer of size \c 64 Bytes. */ -MBEDTLS_DEPRECATED void mbedtls_sha512_finish( mbedtls_sha512_context *ctx, - unsigned char output[64] ); +MBEDTLS_DEPRECATED void mbedtls_sha512_finish(mbedtls_sha512_context *ctx, + unsigned char output[64]); /** * \brief This function processes a single data block within @@ -224,8 +223,8 @@ MBEDTLS_DEPRECATED void mbedtls_sha512_finish( mbedtls_sha512_context *ctx, * a readable buffer of length \c 128 Bytes. */ MBEDTLS_DEPRECATED void mbedtls_sha512_process( - mbedtls_sha512_context *ctx, - const unsigned char data[128] ); + mbedtls_sha512_context *ctx, + const unsigned char data[128]); #undef MBEDTLS_DEPRECATED #endif /* !MBEDTLS_DEPRECATED_REMOVED */ @@ -255,10 +254,10 @@ MBEDTLS_DEPRECATED void mbedtls_sha512_process( * \return \c 0 on success. * \return A negative error code on failure. */ -int mbedtls_sha512_ret( const unsigned char *input, - size_t ilen, - unsigned char output[64], - int is384 ); +int mbedtls_sha512_ret(const unsigned char *input, + size_t ilen, + unsigned char output[64], + int is384); #if !defined(MBEDTLS_DEPRECATED_REMOVED) #if defined(MBEDTLS_DEPRECATED_WARNING) @@ -290,23 +289,23 @@ int mbedtls_sha512_ret( const unsigned char *input, * \note When \c MBEDTLS_SHA512_NO_SHA384 is defined, \p is384 must * be \c 0, or the function will fail to work. */ -MBEDTLS_DEPRECATED void mbedtls_sha512( const unsigned char *input, - size_t ilen, - unsigned char output[64], - int is384 ); +MBEDTLS_DEPRECATED void mbedtls_sha512(const unsigned char *input, + size_t ilen, + unsigned char output[64], + int is384); #undef MBEDTLS_DEPRECATED #endif /* !MBEDTLS_DEPRECATED_REMOVED */ #if defined(MBEDTLS_SELF_TEST) - /** +/** * \brief The SHA-384 or SHA-512 checkup routine. * * \return \c 0 on success. * \return \c 1 on failure. */ -int mbedtls_sha512_self_test( int verbose ); +int mbedtls_sha512_self_test(int verbose); #endif /* MBEDTLS_SELF_TEST */ #ifdef __cplusplus diff --git a/thirdparty/mbedtls/include/mbedtls/ssl.h b/thirdparty/mbedtls/include/mbedtls/ssl.h index aecac93f33..26e4ec400c 100644 --- a/thirdparty/mbedtls/include/mbedtls/ssl.h +++ b/thirdparty/mbedtls/include/mbedtls/ssl.h @@ -54,11 +54,13 @@ #if defined(MBEDTLS_ZLIB_SUPPORT) #if defined(MBEDTLS_DEPRECATED_WARNING) -#warning "Record compression support via MBEDTLS_ZLIB_SUPPORT is deprecated and will be removed in the next major revision of the library" +#warning \ + "Record compression support via MBEDTLS_ZLIB_SUPPORT is deprecated and will be removed in the next major revision of the library" #endif #if defined(MBEDTLS_DEPRECATED_REMOVED) -#error "Record compression support via MBEDTLS_ZLIB_SUPPORT is deprecated and cannot be used if MBEDTLS_DEPRECATED_REMOVED is set" +#error \ + "Record compression support via MBEDTLS_ZLIB_SUPPORT is deprecated and cannot be used if MBEDTLS_DEPRECATED_REMOVED is set" #endif #include "zlib.h" @@ -491,8 +493,7 @@ #endif /* Dummy type used only for its size */ -union mbedtls_ssl_premaster_secret -{ +union mbedtls_ssl_premaster_secret { #if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) unsigned char _pms_rsa[48]; /* RFC 5246 8.1.1 */ #endif @@ -510,21 +511,21 @@ union mbedtls_ssl_premaster_secret #endif #if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) unsigned char _pms_dhe_psk[4 + MBEDTLS_MPI_MAX_SIZE - + MBEDTLS_PSK_MAX_LEN]; /* RFC 4279 3 */ + + MBEDTLS_PSK_MAX_LEN]; /* RFC 4279 3 */ #endif #if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) unsigned char _pms_rsa_psk[52 + MBEDTLS_PSK_MAX_LEN]; /* RFC 4279 4 */ #endif #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) unsigned char _pms_ecdhe_psk[4 + MBEDTLS_ECP_MAX_BYTES - + MBEDTLS_PSK_MAX_LEN]; /* RFC 5489 2 */ + + MBEDTLS_PSK_MAX_LEN]; /* RFC 5489 2 */ #endif #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) unsigned char _pms_ecjpake[32]; /* Thread spec: SHA-256 output */ #endif }; -#define MBEDTLS_PREMASTER_SIZE sizeof( union mbedtls_ssl_premaster_secret ) +#define MBEDTLS_PREMASTER_SIZE sizeof(union mbedtls_ssl_premaster_secret) #ifdef __cplusplus extern "C" { @@ -533,8 +534,7 @@ extern "C" { /* * SSL state machine */ -typedef enum -{ +typedef enum { MBEDTLS_SSL_HELLO_REQUEST, MBEDTLS_SSL_CLIENT_HELLO, MBEDTLS_SSL_SERVER_HELLO, @@ -560,13 +560,12 @@ mbedtls_ssl_states; /* * The tls_prf function types. */ -typedef enum -{ - MBEDTLS_SSL_TLS_PRF_NONE, - MBEDTLS_SSL_TLS_PRF_SSL3, - MBEDTLS_SSL_TLS_PRF_TLS1, - MBEDTLS_SSL_TLS_PRF_SHA384, - MBEDTLS_SSL_TLS_PRF_SHA256 +typedef enum { + MBEDTLS_SSL_TLS_PRF_NONE, + MBEDTLS_SSL_TLS_PRF_SSL3, + MBEDTLS_SSL_TLS_PRF_TLS1, + MBEDTLS_SSL_TLS_PRF_SHA384, + MBEDTLS_SSL_TLS_PRF_SHA256 } mbedtls_tls_prf_types; /** @@ -586,9 +585,9 @@ mbedtls_tls_prf_types; * \note The callback is allowed to send fewer bytes than requested. * It must always return the number of bytes actually sent. */ -typedef int mbedtls_ssl_send_t( void *ctx, - const unsigned char *buf, - size_t len ); +typedef int mbedtls_ssl_send_t(void *ctx, + const unsigned char *buf, + size_t len); /** * \brief Callback type: receive data from the network. @@ -610,9 +609,9 @@ typedef int mbedtls_ssl_send_t( void *ctx, * buffer. It must always return the number of bytes actually * received and written to the buffer. */ -typedef int mbedtls_ssl_recv_t( void *ctx, - unsigned char *buf, - size_t len ); +typedef int mbedtls_ssl_recv_t(void *ctx, + unsigned char *buf, + size_t len); /** * \brief Callback type: receive data from the network, with timeout @@ -636,10 +635,10 @@ typedef int mbedtls_ssl_recv_t( void *ctx, * buffer. It must always return the number of bytes actually * received and written to the buffer. */ -typedef int mbedtls_ssl_recv_timeout_t( void *ctx, - unsigned char *buf, - size_t len, - uint32_t timeout ); +typedef int mbedtls_ssl_recv_timeout_t(void *ctx, + unsigned char *buf, + size_t len, + uint32_t timeout); /** * \brief Callback type: set a pair of timers/delays to watch * @@ -662,9 +661,9 @@ typedef int mbedtls_ssl_recv_timeout_t( void *ctx, * function while a timer is running must cancel it. Cancelled * timers must not generate any event. */ -typedef void mbedtls_ssl_set_timer_t( void * ctx, - uint32_t int_ms, - uint32_t fin_ms ); +typedef void mbedtls_ssl_set_timer_t(void *ctx, + uint32_t int_ms, + uint32_t fin_ms); /** * \brief Callback type: get status of timers/delays @@ -677,7 +676,7 @@ typedef void mbedtls_ssl_set_timer_t( void * ctx, * 1 if only the intermediate delay has passed, * 2 if the final delay has passed. */ -typedef int mbedtls_ssl_get_timer_t( void * ctx ); +typedef int mbedtls_ssl_get_timer_t(void *ctx); /* Defined below */ typedef struct mbedtls_ssl_session mbedtls_ssl_session; @@ -768,11 +767,11 @@ typedef struct mbedtls_ssl_flight_item mbedtls_ssl_flight_item; * use \c MBEDTLS_ERR_SSL_xxx error codes except as * directed in the documentation of this callback. */ -typedef int mbedtls_ssl_async_sign_t( mbedtls_ssl_context *ssl, - mbedtls_x509_crt *cert, - mbedtls_md_type_t md_alg, - const unsigned char *hash, - size_t hash_len ); +typedef int mbedtls_ssl_async_sign_t(mbedtls_ssl_context *ssl, + mbedtls_x509_crt *cert, + mbedtls_md_type_t md_alg, + const unsigned char *hash, + size_t hash_len); /** * \brief Callback type: start external decryption operation. @@ -834,10 +833,10 @@ typedef int mbedtls_ssl_async_sign_t( mbedtls_ssl_context *ssl, * use \c MBEDTLS_ERR_SSL_xxx error codes except as * directed in the documentation of this callback. */ -typedef int mbedtls_ssl_async_decrypt_t( mbedtls_ssl_context *ssl, - mbedtls_x509_crt *cert, - const unsigned char *input, - size_t input_len ); +typedef int mbedtls_ssl_async_decrypt_t(mbedtls_ssl_context *ssl, + mbedtls_x509_crt *cert, + const unsigned char *input, + size_t input_len); #endif /* MBEDTLS_X509_CRT_PARSE_C */ /** @@ -882,10 +881,10 @@ typedef int mbedtls_ssl_async_decrypt_t( mbedtls_ssl_context *ssl, * use \c MBEDTLS_ERR_SSL_xxx error codes except as * directed in the documentation of this callback. */ -typedef int mbedtls_ssl_async_resume_t( mbedtls_ssl_context *ssl, - unsigned char *output, - size_t *output_len, - size_t output_size ); +typedef int mbedtls_ssl_async_resume_t(mbedtls_ssl_context *ssl, + unsigned char *output, + size_t *output_len, + size_t output_size); /** * \brief Callback type: cancel external operation. @@ -904,7 +903,7 @@ typedef int mbedtls_ssl_async_resume_t( mbedtls_ssl_context *ssl, * \param ssl The SSL connection instance. It should not be * modified. */ -typedef void mbedtls_ssl_async_cancel_t( mbedtls_ssl_context *ssl ); +typedef void mbedtls_ssl_async_cancel_t(mbedtls_ssl_context *ssl); #endif /* MBEDTLS_SSL_ASYNC_PRIVATE */ #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) && \ @@ -939,17 +938,16 @@ typedef void mbedtls_ssl_async_cancel_t( mbedtls_ssl_context *ssl ); * Reminder: if this list is expanded mbedtls_ssl_check_srtp_profile_value * must be updated too. */ -#define MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_80 ( (uint16_t) 0x0001) -#define MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32 ( (uint16_t) 0x0002) -#define MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_80 ( (uint16_t) 0x0005) -#define MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_32 ( (uint16_t) 0x0006) +#define MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_80 ((uint16_t) 0x0001) +#define MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32 ((uint16_t) 0x0002) +#define MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_80 ((uint16_t) 0x0005) +#define MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_32 ((uint16_t) 0x0006) /* This one is not iana defined, but for code readability. */ -#define MBEDTLS_TLS_SRTP_UNSET ( (uint16_t) 0x0000) +#define MBEDTLS_TLS_SRTP_UNSET ((uint16_t) 0x0000) typedef uint16_t mbedtls_ssl_srtp_profile; -typedef struct mbedtls_dtls_srtp_info_t -{ +typedef struct mbedtls_dtls_srtp_info_t { /*! The SRTP profile that was negotiated. */ mbedtls_ssl_srtp_profile chosen_dtls_srtp_profile; /*! The length of mki_value. */ @@ -972,8 +970,7 @@ mbedtls_dtls_srtp_info; * mbedtls_ssl_session_save() and ssl_session_load() * ssl_session_copy() */ -struct mbedtls_ssl_session -{ +struct mbedtls_ssl_session { #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) unsigned char mfl_code; /*!< MaxFragmentLength negotiated by peer */ #endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */ @@ -1018,8 +1015,7 @@ struct mbedtls_ssl_session /** * SSL/TLS configuration to be shared between mbedtls_ssl_context structures. */ -struct mbedtls_ssl_config -{ +struct mbedtls_ssl_config { /* Group items by size and reorder them to maximize usage of immediate offset access. */ /* @@ -1074,7 +1070,7 @@ struct mbedtls_ssl_config #endif #if defined(MBEDTLS_SSL_SRV_C) uint8_t cert_req_ca_list /*bool*/; /*!< enable sending CA list in - Certificate Request messages? */ + Certificate Request messages? */ #endif #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) uint8_t ignore_unexpected_cid /*bool*/; /*!< Determines whether DTLS @@ -1153,33 +1149,33 @@ struct mbedtls_ssl_config #if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C) /** Callback to create & write a cookie for ClientHello verification */ - int (*f_cookie_write)( void *, unsigned char **, unsigned char *, - const unsigned char *, size_t ); + int (*f_cookie_write)(void *, unsigned char **, unsigned char *, + const unsigned char *, size_t); /** Callback to verify validity of a ClientHello cookie */ - int (*f_cookie_check)( void *, const unsigned char *, size_t, - const unsigned char *, size_t ); + int (*f_cookie_check)(void *, const unsigned char *, size_t, + const unsigned char *, size_t); void *p_cookie; /*!< context for the cookie callbacks */ #endif #if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_SRV_C) /** Callback to create & write a session ticket */ - int (*f_ticket_write)( void *, const mbedtls_ssl_session *, - unsigned char *, const unsigned char *, size_t *, uint32_t * ); + int (*f_ticket_write)(void *, const mbedtls_ssl_session *, + unsigned char *, const unsigned char *, size_t *, uint32_t *); /** Callback to parse a session ticket into a session structure */ - int (*f_ticket_parse)( void *, mbedtls_ssl_session *, unsigned char *, size_t); + int (*f_ticket_parse)(void *, mbedtls_ssl_session *, unsigned char *, size_t); void *p_ticket; /*!< context for the ticket callbacks */ #endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_SRV_C */ #if defined(MBEDTLS_SSL_EXPORT_KEYS) /** Callback to export key block and master secret */ - int (*f_export_keys)( void *, const unsigned char *, - const unsigned char *, size_t, size_t, size_t ); + int (*f_export_keys)(void *, const unsigned char *, + const unsigned char *, size_t, size_t, size_t); /** Callback to export key block, master secret, * tls_prf and random bytes. Should replace f_export_keys */ - int (*f_export_keys_ext)( void *, const unsigned char *, - const unsigned char *, size_t, size_t, size_t, - const unsigned char[32], const unsigned char[32], - mbedtls_tls_prf_types ); + int (*f_export_keys_ext)(void *, const unsigned char *, + const unsigned char *, size_t, size_t, size_t, + const unsigned char[32], const unsigned char[32], + mbedtls_tls_prf_types); void *p_export_keys; /*!< context for key export callback */ #endif @@ -1267,8 +1263,7 @@ struct mbedtls_ssl_config #endif /* MBEDTLS_SSL_DTLS_SRTP */ }; -struct mbedtls_ssl_context -{ +struct mbedtls_ssl_context { const mbedtls_ssl_config *conf; /*!< configuration information */ /* @@ -1278,8 +1273,8 @@ struct mbedtls_ssl_context #if defined(MBEDTLS_SSL_RENEGOTIATION) int renego_status; /*!< Initial, in progress, pending? */ int renego_records_seen; /*!< Records since renego request, or with DTLS, - number of retransmissions of request if - renego_max_records is < 0 */ + number of retransmissions of request if + renego_max_records is < 0 */ #endif /* MBEDTLS_SSL_RENEGOTIATION */ int major_ver; /*!< equal to MBEDTLS_SSL_MAJOR_VERSION_3 */ @@ -1298,7 +1293,7 @@ struct mbedtls_ssl_context mbedtls_ssl_send_t *f_send; /*!< Callback for network send */ mbedtls_ssl_recv_t *f_recv; /*!< Callback for network receive */ mbedtls_ssl_recv_timeout_t *f_recv_timeout; - /*!< Callback for network receive with timeout */ + /*!< Callback for network receive with timeout */ void *p_bio; /*!< context for I/O operations */ @@ -1311,7 +1306,7 @@ struct mbedtls_ssl_context mbedtls_ssl_session *session_negotiate; /*!< session data in negotiation */ mbedtls_ssl_handshake_params *handshake; /*!< params required only during - the handshake process */ + the handshake process */ /* * Record layer transformations @@ -1459,7 +1454,7 @@ struct mbedtls_ssl_context * all subsequent handshakes. This may be different from the * CID currently used in case the user has re-configured the CID * after an initial handshake. */ - unsigned char own_cid[ MBEDTLS_SSL_CID_IN_LEN_MAX ]; + unsigned char own_cid[MBEDTLS_SSL_CID_IN_LEN_MAX]; uint8_t own_cid_len; /*!< The length of \c own_cid. */ uint8_t negotiate_cid; /*!< This indicates whether the CID extension should * be negotiated in the next handshake or not. @@ -1472,8 +1467,8 @@ struct mbedtls_ssl_context #if !defined(MBEDTLS_DEPRECATED_REMOVED) -#define MBEDTLS_SSL_CHANNEL_OUTBOUND MBEDTLS_DEPRECATED_NUMERIC_CONSTANT( 0 ) -#define MBEDTLS_SSL_CHANNEL_INBOUND MBEDTLS_DEPRECATED_NUMERIC_CONSTANT( 1 ) +#define MBEDTLS_SSL_CHANNEL_OUTBOUND MBEDTLS_DEPRECATED_NUMERIC_CONSTANT(0) +#define MBEDTLS_SSL_CHANNEL_INBOUND MBEDTLS_DEPRECATED_NUMERIC_CONSTANT(1) #if defined(MBEDTLS_DEPRECATED_WARNING) #define MBEDTLS_DEPRECATED __attribute__((deprecated)) @@ -1482,24 +1477,24 @@ struct mbedtls_ssl_context #endif /* MBEDTLS_DEPRECATED_WARNING */ MBEDTLS_DEPRECATED extern int (*mbedtls_ssl_hw_record_init)( - mbedtls_ssl_context *ssl, - const unsigned char *key_enc, const unsigned char *key_dec, - size_t keylen, - const unsigned char *iv_enc, const unsigned char *iv_dec, - size_t ivlen, - const unsigned char *mac_enc, const unsigned char *mac_dec, - size_t maclen); + mbedtls_ssl_context *ssl, + const unsigned char *key_enc, const unsigned char *key_dec, + size_t keylen, + const unsigned char *iv_enc, const unsigned char *iv_dec, + size_t ivlen, + const unsigned char *mac_enc, const unsigned char *mac_dec, + size_t maclen); MBEDTLS_DEPRECATED extern int (*mbedtls_ssl_hw_record_activate)( - mbedtls_ssl_context *ssl, - int direction ); + mbedtls_ssl_context *ssl, + int direction); MBEDTLS_DEPRECATED extern int (*mbedtls_ssl_hw_record_reset)( - mbedtls_ssl_context *ssl ); + mbedtls_ssl_context *ssl); MBEDTLS_DEPRECATED extern int (*mbedtls_ssl_hw_record_write)( - mbedtls_ssl_context *ssl ); + mbedtls_ssl_context *ssl); MBEDTLS_DEPRECATED extern int (*mbedtls_ssl_hw_record_read)( - mbedtls_ssl_context *ssl ); + mbedtls_ssl_context *ssl); MBEDTLS_DEPRECATED extern int (*mbedtls_ssl_hw_record_finish)( - mbedtls_ssl_context *ssl ); + mbedtls_ssl_context *ssl); #undef MBEDTLS_DEPRECATED #endif /* !MBEDTLS_DEPRECATED_REMOVED */ @@ -1514,7 +1509,7 @@ MBEDTLS_DEPRECATED extern int (*mbedtls_ssl_hw_record_finish)( * * \return a string containing the ciphersuite name */ -const char *mbedtls_ssl_get_ciphersuite_name( const int ciphersuite_id ); +const char *mbedtls_ssl_get_ciphersuite_name(const int ciphersuite_id); /** * \brief Return the ID of the ciphersuite associated with the @@ -1524,7 +1519,7 @@ const char *mbedtls_ssl_get_ciphersuite_name( const int ciphersuite_id ); * * \return the ID with the ciphersuite or 0 if not found */ -int mbedtls_ssl_get_ciphersuite_id( const char *ciphersuite_name ); +int mbedtls_ssl_get_ciphersuite_id(const char *ciphersuite_name); /** * \brief Initialize an SSL context @@ -1533,7 +1528,7 @@ int mbedtls_ssl_get_ciphersuite_id( const char *ciphersuite_name ); * * \param ssl SSL context */ -void mbedtls_ssl_init( mbedtls_ssl_context *ssl ); +void mbedtls_ssl_init(mbedtls_ssl_context *ssl); /** * \brief Set up an SSL context for use @@ -1549,14 +1544,18 @@ void mbedtls_ssl_init( mbedtls_ssl_context *ssl ); * Calling mbedtls_ssl_setup again is not supported, even * if no session is active. * + * \note If #MBEDTLS_USE_PSA_CRYPTO is enabled, the PSA crypto + * subsystem must have been initialized by calling + * psa_crypto_init() before calling this function. + * * \param ssl SSL context * \param conf SSL configuration to use * * \return 0 if successful, or MBEDTLS_ERR_SSL_ALLOC_FAILED if * memory allocation failed */ -int mbedtls_ssl_setup( mbedtls_ssl_context *ssl, - const mbedtls_ssl_config *conf ); +int mbedtls_ssl_setup(mbedtls_ssl_context *ssl, + const mbedtls_ssl_config *conf); /** * \brief Reset an already initialized SSL context for re-use @@ -1568,7 +1567,7 @@ int mbedtls_ssl_setup( mbedtls_ssl_context *ssl, MBEDTLS_ERR_SSL_HW_ACCEL_FAILED or * MBEDTLS_ERR_SSL_COMPRESSION_FAILED */ -int mbedtls_ssl_session_reset( mbedtls_ssl_context *ssl ); +int mbedtls_ssl_session_reset(mbedtls_ssl_context *ssl); /** * \brief Set the current endpoint type @@ -1576,7 +1575,7 @@ int mbedtls_ssl_session_reset( mbedtls_ssl_context *ssl ); * \param conf SSL configuration * \param endpoint must be MBEDTLS_SSL_IS_CLIENT or MBEDTLS_SSL_IS_SERVER */ -void mbedtls_ssl_conf_endpoint( mbedtls_ssl_config *conf, int endpoint ); +void mbedtls_ssl_conf_endpoint(mbedtls_ssl_config *conf, int endpoint); /** * \brief Set the transport type (TLS or DTLS). @@ -1592,7 +1591,7 @@ void mbedtls_ssl_conf_endpoint( mbedtls_ssl_config *conf, int endpoint ); * MBEDTLS_SSL_TRANSPORT_STREAM for TLS, * MBEDTLS_SSL_TRANSPORT_DATAGRAM for DTLS. */ -void mbedtls_ssl_conf_transport( mbedtls_ssl_config *conf, int transport ); +void mbedtls_ssl_conf_transport(mbedtls_ssl_config *conf, int transport); /** * \brief Set the certificate verification mode @@ -1620,7 +1619,7 @@ void mbedtls_ssl_conf_transport( mbedtls_ssl_config *conf, int transport ); * the verification as soon as possible. For example, REQUIRED was protecting * against the "triple handshake" attack even before it was found. */ -void mbedtls_ssl_conf_authmode( mbedtls_ssl_config *conf, int authmode ); +void mbedtls_ssl_conf_authmode(mbedtls_ssl_config *conf, int authmode); #if defined(MBEDTLS_X509_CRT_PARSE_C) /** @@ -1638,9 +1637,9 @@ void mbedtls_ssl_conf_authmode( mbedtls_ssl_config *conf, int authmode ); * \param f_vrfy The verification callback to use during CRT verification. * \param p_vrfy The opaque context to be passed to the callback. */ -void mbedtls_ssl_conf_verify( mbedtls_ssl_config *conf, - int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), - void *p_vrfy ); +void mbedtls_ssl_conf_verify(mbedtls_ssl_config *conf, + int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), + void *p_vrfy); #endif /* MBEDTLS_X509_CRT_PARSE_C */ /** @@ -1650,9 +1649,9 @@ void mbedtls_ssl_conf_verify( mbedtls_ssl_config *conf, * \param f_rng RNG function * \param p_rng RNG parameter */ -void mbedtls_ssl_conf_rng( mbedtls_ssl_config *conf, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ); +void mbedtls_ssl_conf_rng(mbedtls_ssl_config *conf, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng); /** * \brief Set the debug callback @@ -1668,9 +1667,9 @@ void mbedtls_ssl_conf_rng( mbedtls_ssl_config *conf, * \param f_dbg debug function * \param p_dbg debug parameter */ -void mbedtls_ssl_conf_dbg( mbedtls_ssl_config *conf, - void (*f_dbg)(void *, int, const char *, int, const char *), - void *p_dbg ); +void mbedtls_ssl_conf_dbg(mbedtls_ssl_config *conf, + void (*f_dbg)(void *, int, const char *, int, const char *), + void *p_dbg); /** * \brief Set the underlying BIO callbacks for write, read and @@ -1702,11 +1701,11 @@ void mbedtls_ssl_conf_dbg( mbedtls_ssl_config *conf, * \c mbedtls_net_recv_timeout() that are suitable to be used * here. */ -void mbedtls_ssl_set_bio( mbedtls_ssl_context *ssl, - void *p_bio, - mbedtls_ssl_send_t *f_send, - mbedtls_ssl_recv_t *f_recv, - mbedtls_ssl_recv_timeout_t *f_recv_timeout ); +void mbedtls_ssl_set_bio(mbedtls_ssl_context *ssl, + void *p_bio, + mbedtls_ssl_send_t *f_send, + mbedtls_ssl_recv_t *f_recv, + mbedtls_ssl_recv_timeout_t *f_recv_timeout); #if defined(MBEDTLS_SSL_PROTO_DTLS) @@ -1796,10 +1795,10 @@ void mbedtls_ssl_set_bio( mbedtls_ssl_context *ssl, * applies to the next handshake. * \return A negative error code on failure. */ -int mbedtls_ssl_set_cid( mbedtls_ssl_context *ssl, - int enable, - unsigned char const *own_cid, - size_t own_cid_len ); +int mbedtls_ssl_set_cid(mbedtls_ssl_context *ssl, + int enable, + unsigned char const *own_cid, + size_t own_cid_len); /** * \brief Get information about the use of the CID extension @@ -1838,10 +1837,10 @@ int mbedtls_ssl_set_cid( mbedtls_ssl_context *ssl, * \return \c 0 on success. * \return A negative error code on failure. */ -int mbedtls_ssl_get_peer_cid( mbedtls_ssl_context *ssl, - int *enabled, - unsigned char peer_cid[ MBEDTLS_SSL_CID_OUT_LEN_MAX ], - size_t *peer_cid_len ); +int mbedtls_ssl_get_peer_cid(mbedtls_ssl_context *ssl, + int *enabled, + unsigned char peer_cid[MBEDTLS_SSL_CID_OUT_LEN_MAX], + size_t *peer_cid_len); #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ @@ -1887,7 +1886,7 @@ int mbedtls_ssl_get_peer_cid( mbedtls_ssl_context *ssl, * \param ssl SSL context * \param mtu Value of the path MTU in bytes */ -void mbedtls_ssl_set_mtu( mbedtls_ssl_context *ssl, uint16_t mtu ); +void mbedtls_ssl_set_mtu(mbedtls_ssl_context *ssl, uint16_t mtu); #endif /* MBEDTLS_SSL_PROTO_DTLS */ #if defined(MBEDTLS_X509_CRT_PARSE_C) @@ -1909,9 +1908,9 @@ void mbedtls_ssl_set_mtu( mbedtls_ssl_context *ssl, uint16_t mtu ); * \param f_vrfy The verification callback to use during CRT verification. * \param p_vrfy The opaque context to be passed to the callback. */ -void mbedtls_ssl_set_verify( mbedtls_ssl_context *ssl, - int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), - void *p_vrfy ); +void mbedtls_ssl_set_verify(mbedtls_ssl_context *ssl, + int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), + void *p_vrfy); #endif /* MBEDTLS_X509_CRT_PARSE_C */ /** @@ -1930,7 +1929,7 @@ void mbedtls_ssl_set_verify( mbedtls_ssl_context *ssl, * \note With non-blocking I/O, you may also skip this function * altogether and handle timeouts at the application layer. */ -void mbedtls_ssl_conf_read_timeout( mbedtls_ssl_config *conf, uint32_t timeout ); +void mbedtls_ssl_conf_read_timeout(mbedtls_ssl_config *conf, uint32_t timeout); #if defined(MBEDTLS_SSL_RECORD_CHECKING) /** @@ -1977,9 +1976,9 @@ void mbedtls_ssl_conf_read_timeout( mbedtls_ssl_config *conf, uint32_t timeout ) * In this case, the SSL context becomes unusable and needs * to be freed or reset before reuse. */ -int mbedtls_ssl_check_record( mbedtls_ssl_context const *ssl, - unsigned char *buf, - size_t buflen ); +int mbedtls_ssl_check_record(mbedtls_ssl_context const *ssl, + unsigned char *buf, + size_t buflen); #endif /* MBEDTLS_SSL_RECORD_CHECKING */ /** @@ -2002,10 +2001,10 @@ int mbedtls_ssl_check_record( mbedtls_ssl_context const *ssl, * \note See also the "DTLS tutorial" article in our knowledge base. * https://mbed-tls.readthedocs.io/en/latest/kb/how-to/dtls-tutorial */ -void mbedtls_ssl_set_timer_cb( mbedtls_ssl_context *ssl, - void *p_timer, - mbedtls_ssl_set_timer_t *f_set_timer, - mbedtls_ssl_get_timer_t *f_get_timer ); +void mbedtls_ssl_set_timer_cb(mbedtls_ssl_context *ssl, + void *p_timer, + mbedtls_ssl_set_timer_t *f_set_timer, + mbedtls_ssl_get_timer_t *f_get_timer); /** * \brief Callback type: generate and write session ticket @@ -2026,12 +2025,12 @@ void mbedtls_ssl_set_timer_cb( mbedtls_ssl_context *ssl, * \return 0 if successful, or * a specific MBEDTLS_ERR_XXX code. */ -typedef int mbedtls_ssl_ticket_write_t( void *p_ticket, - const mbedtls_ssl_session *session, - unsigned char *start, - const unsigned char *end, - size_t *tlen, - uint32_t *lifetime ); +typedef int mbedtls_ssl_ticket_write_t(void *p_ticket, + const mbedtls_ssl_session *session, + unsigned char *start, + const unsigned char *end, + size_t *tlen, + uint32_t *lifetime); #if defined(MBEDTLS_SSL_EXPORT_KEYS) /** @@ -2054,12 +2053,12 @@ typedef int mbedtls_ssl_ticket_write_t( void *p_ticket, * \return 0 if successful, or * a specific MBEDTLS_ERR_XXX code. */ -typedef int mbedtls_ssl_export_keys_t( void *p_expkey, - const unsigned char *ms, - const unsigned char *kb, - size_t maclen, - size_t keylen, - size_t ivlen ); +typedef int mbedtls_ssl_export_keys_t(void *p_expkey, + const unsigned char *ms, + const unsigned char *kb, + size_t maclen, + size_t keylen, + size_t ivlen); /** * \brief Callback type: Export key block, master secret, @@ -2086,15 +2085,15 @@ typedef int mbedtls_ssl_export_keys_t( void *p_expkey, * \return 0 if successful, or * a specific MBEDTLS_ERR_XXX code. */ -typedef int mbedtls_ssl_export_keys_ext_t( void *p_expkey, - const unsigned char *ms, - const unsigned char *kb, - size_t maclen, - size_t keylen, - size_t ivlen, - const unsigned char client_random[32], - const unsigned char server_random[32], - mbedtls_tls_prf_types tls_prf_type ); +typedef int mbedtls_ssl_export_keys_ext_t(void *p_expkey, + const unsigned char *ms, + const unsigned char *kb, + size_t maclen, + size_t keylen, + size_t ivlen, + const unsigned char client_random[32], + const unsigned char server_random[32], + mbedtls_tls_prf_types tls_prf_type); #endif /* MBEDTLS_SSL_EXPORT_KEYS */ /** @@ -2120,10 +2119,10 @@ typedef int mbedtls_ssl_export_keys_ext_t( void *p_expkey, * MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED if expired, or * any other non-zero code for other failures. */ -typedef int mbedtls_ssl_ticket_parse_t( void *p_ticket, - mbedtls_ssl_session *session, - unsigned char *buf, - size_t len ); +typedef int mbedtls_ssl_ticket_parse_t(void *p_ticket, + mbedtls_ssl_session *session, + unsigned char *buf, + size_t len); #if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_SRV_C) /** @@ -2140,10 +2139,10 @@ typedef int mbedtls_ssl_ticket_parse_t( void *p_ticket, * \param f_ticket_parse Callback for parsing a ticket * \param p_ticket Context shared by the two callbacks */ -void mbedtls_ssl_conf_session_tickets_cb( mbedtls_ssl_config *conf, - mbedtls_ssl_ticket_write_t *f_ticket_write, - mbedtls_ssl_ticket_parse_t *f_ticket_parse, - void *p_ticket ); +void mbedtls_ssl_conf_session_tickets_cb(mbedtls_ssl_config *conf, + mbedtls_ssl_ticket_write_t *f_ticket_write, + mbedtls_ssl_ticket_parse_t *f_ticket_parse, + void *p_ticket); #endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_SRV_C */ #if defined(MBEDTLS_SSL_EXPORT_KEYS) @@ -2157,9 +2156,9 @@ void mbedtls_ssl_conf_session_tickets_cb( mbedtls_ssl_config *conf, * \param f_export_keys Callback for exporting keys * \param p_export_keys Context for the callback */ -void mbedtls_ssl_conf_export_keys_cb( mbedtls_ssl_config *conf, - mbedtls_ssl_export_keys_t *f_export_keys, - void *p_export_keys ); +void mbedtls_ssl_conf_export_keys_cb(mbedtls_ssl_config *conf, + mbedtls_ssl_export_keys_t *f_export_keys, + void *p_export_keys); /** * \brief Configure extended key export callback. @@ -2173,9 +2172,9 @@ void mbedtls_ssl_conf_export_keys_cb( mbedtls_ssl_config *conf, * \param f_export_keys_ext Callback for exporting keys * \param p_export_keys Context for the callback */ -void mbedtls_ssl_conf_export_keys_ext_cb( mbedtls_ssl_config *conf, - mbedtls_ssl_export_keys_ext_t *f_export_keys_ext, - void *p_export_keys ); +void mbedtls_ssl_conf_export_keys_ext_cb(mbedtls_ssl_config *conf, + mbedtls_ssl_export_keys_ext_t *f_export_keys_ext, + void *p_export_keys); #endif /* MBEDTLS_SSL_EXPORT_KEYS */ #if defined(MBEDTLS_SSL_ASYNC_PRIVATE) @@ -2209,12 +2208,12 @@ void mbedtls_ssl_conf_export_keys_ext_cb( mbedtls_ssl_config *conf, * mbedtls_ssl_conf_get_async_config_data(). The * library stores this value without dereferencing it. */ -void mbedtls_ssl_conf_async_private_cb( mbedtls_ssl_config *conf, - mbedtls_ssl_async_sign_t *f_async_sign, - mbedtls_ssl_async_decrypt_t *f_async_decrypt, - mbedtls_ssl_async_resume_t *f_async_resume, - mbedtls_ssl_async_cancel_t *f_async_cancel, - void *config_data ); +void mbedtls_ssl_conf_async_private_cb(mbedtls_ssl_config *conf, + mbedtls_ssl_async_sign_t *f_async_sign, + mbedtls_ssl_async_decrypt_t *f_async_decrypt, + mbedtls_ssl_async_resume_t *f_async_resume, + mbedtls_ssl_async_cancel_t *f_async_cancel, + void *config_data); /** * \brief Retrieve the configuration data set by @@ -2224,7 +2223,7 @@ void mbedtls_ssl_conf_async_private_cb( mbedtls_ssl_config *conf, * \return The configuration data set by * mbedtls_ssl_conf_async_private_cb(). */ -void *mbedtls_ssl_conf_get_async_config_data( const mbedtls_ssl_config *conf ); +void *mbedtls_ssl_conf_get_async_config_data(const mbedtls_ssl_config *conf); /** * \brief Retrieve the asynchronous operation user context. @@ -2240,7 +2239,7 @@ void *mbedtls_ssl_conf_get_async_config_data( const mbedtls_ssl_config *conf ); * called during the current handshake, this function returns * \c NULL. */ -void *mbedtls_ssl_get_async_operation_data( const mbedtls_ssl_context *ssl ); +void *mbedtls_ssl_get_async_operation_data(const mbedtls_ssl_context *ssl); /** * \brief Retrieve the asynchronous operation user context. @@ -2253,8 +2252,8 @@ void *mbedtls_ssl_get_async_operation_data( const mbedtls_ssl_context *ssl ); * Call mbedtls_ssl_get_async_operation_data() later during the * same handshake to retrieve this value. */ -void mbedtls_ssl_set_async_operation_data( mbedtls_ssl_context *ssl, - void *ctx ); +void mbedtls_ssl_set_async_operation_data(mbedtls_ssl_context *ssl, + void *ctx); #endif /* MBEDTLS_SSL_ASYNC_PRIVATE */ /** @@ -2271,9 +2270,9 @@ void mbedtls_ssl_set_async_operation_data( mbedtls_ssl_context *ssl, * \return The callback must return 0 on success, * or a negative error code. */ -typedef int mbedtls_ssl_cookie_write_t( void *ctx, - unsigned char **p, unsigned char *end, - const unsigned char *info, size_t ilen ); +typedef int mbedtls_ssl_cookie_write_t(void *ctx, + unsigned char **p, unsigned char *end, + const unsigned char *info, size_t ilen); /** * \brief Callback type: verify a cookie @@ -2288,9 +2287,9 @@ typedef int mbedtls_ssl_cookie_write_t( void *ctx, * \return The callback must return 0 if cookie is valid, * or a negative error code. */ -typedef int mbedtls_ssl_cookie_check_t( void *ctx, - const unsigned char *cookie, size_t clen, - const unsigned char *info, size_t ilen ); +typedef int mbedtls_ssl_cookie_check_t(void *ctx, + const unsigned char *cookie, size_t clen, + const unsigned char *info, size_t ilen); #if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C) /** @@ -2321,10 +2320,10 @@ typedef int mbedtls_ssl_cookie_check_t( void *ctx, * \param f_cookie_check Cookie check callback * \param p_cookie Context for both callbacks */ -void mbedtls_ssl_conf_dtls_cookies( mbedtls_ssl_config *conf, - mbedtls_ssl_cookie_write_t *f_cookie_write, - mbedtls_ssl_cookie_check_t *f_cookie_check, - void *p_cookie ); +void mbedtls_ssl_conf_dtls_cookies(mbedtls_ssl_config *conf, + mbedtls_ssl_cookie_write_t *f_cookie_write, + mbedtls_ssl_cookie_check_t *f_cookie_check, + void *p_cookie); /** * \brief Set client's transport-level identification info. @@ -2345,9 +2344,9 @@ void mbedtls_ssl_conf_dtls_cookies( mbedtls_ssl_config *conf, * MBEDTLS_ERR_SSL_BAD_INPUT_DATA if used on client, * MBEDTLS_ERR_SSL_ALLOC_FAILED if out of memory. */ -int mbedtls_ssl_set_client_transport_id( mbedtls_ssl_context *ssl, - const unsigned char *info, - size_t ilen ); +int mbedtls_ssl_set_client_transport_id(mbedtls_ssl_context *ssl, + const unsigned char *info, + size_t ilen); #endif /* MBEDTLS_SSL_DTLS_HELLO_VERIFY && MBEDTLS_SSL_SRV_C */ @@ -2367,7 +2366,7 @@ int mbedtls_ssl_set_client_transport_id( mbedtls_ssl_context *ssl, * packets and needs information about them to adjust its * transmission strategy, then you'll want to disable this. */ -void mbedtls_ssl_conf_dtls_anti_replay( mbedtls_ssl_config *conf, char mode ); +void mbedtls_ssl_conf_dtls_anti_replay(mbedtls_ssl_config *conf, char mode); #endif /* MBEDTLS_SSL_DTLS_ANTI_REPLAY */ #if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT) @@ -2394,7 +2393,7 @@ void mbedtls_ssl_conf_dtls_anti_replay( mbedtls_ssl_config *conf, char mode ); * might make us waste resources checking authentication on * many bogus packets. */ -void mbedtls_ssl_conf_dtls_badmac_limit( mbedtls_ssl_config *conf, unsigned limit ); +void mbedtls_ssl_conf_dtls_badmac_limit(mbedtls_ssl_config *conf, unsigned limit); #endif /* MBEDTLS_SSL_DTLS_BADMAC_LIMIT */ #if defined(MBEDTLS_SSL_PROTO_DTLS) @@ -2427,8 +2426,8 @@ void mbedtls_ssl_conf_dtls_badmac_limit( mbedtls_ssl_config *conf, unsigned limi * are currently always sent in separate datagrams. * */ -void mbedtls_ssl_set_datagram_packing( mbedtls_ssl_context *ssl, - unsigned allow_packing ); +void mbedtls_ssl_set_datagram_packing(mbedtls_ssl_context *ssl, + unsigned allow_packing); /** * \brief Set retransmit timeout values for the DTLS handshake. @@ -2461,7 +2460,7 @@ void mbedtls_ssl_set_datagram_packing( mbedtls_ssl_context *ssl, * goes: send ... 1s -> resend ... 2s -> resend ... 4s -> * resend ... 5s -> give up and return a timeout error. */ -void mbedtls_ssl_conf_handshake_timeout( mbedtls_ssl_config *conf, uint32_t min, uint32_t max ); +void mbedtls_ssl_conf_handshake_timeout(mbedtls_ssl_config *conf, uint32_t min, uint32_t max); #endif /* MBEDTLS_SSL_PROTO_DTLS */ #if defined(MBEDTLS_SSL_SRV_C) @@ -2502,10 +2501,10 @@ void mbedtls_ssl_conf_handshake_timeout( mbedtls_ssl_config *conf, uint32_t min, * \param f_get_cache session get callback * \param f_set_cache session set callback */ -void mbedtls_ssl_conf_session_cache( mbedtls_ssl_config *conf, - void *p_cache, - int (*f_get_cache)(void *, mbedtls_ssl_session *), - int (*f_set_cache)(void *, const mbedtls_ssl_session *) ); +void mbedtls_ssl_conf_session_cache(mbedtls_ssl_config *conf, + void *p_cache, + int (*f_get_cache)(void *, mbedtls_ssl_session *), + int (*f_set_cache)(void *, const mbedtls_ssl_session *)); #endif /* MBEDTLS_SSL_SRV_C */ #if defined(MBEDTLS_SSL_CLI_C) @@ -2523,7 +2522,7 @@ void mbedtls_ssl_conf_session_cache( mbedtls_ssl_config *conf, * * \sa mbedtls_ssl_get_session() */ -int mbedtls_ssl_set_session( mbedtls_ssl_context *ssl, const mbedtls_ssl_session *session ); +int mbedtls_ssl_set_session(mbedtls_ssl_context *ssl, const mbedtls_ssl_session *session); #endif /* MBEDTLS_SSL_CLI_C */ /** @@ -2558,9 +2557,9 @@ int mbedtls_ssl_set_session( mbedtls_ssl_context *ssl, const mbedtls_ssl_session * \return Another negative value for other kinds of errors (for * example, unsupported features in the embedded certificate). */ -int mbedtls_ssl_session_load( mbedtls_ssl_session *session, - const unsigned char *buf, - size_t len ); +int mbedtls_ssl_session_load(mbedtls_ssl_session *session, + const unsigned char *buf, + size_t len); /** * \brief Save session structure as serialized data in a buffer. @@ -2588,10 +2587,10 @@ int mbedtls_ssl_session_load( mbedtls_ssl_session *session, * \return \c 0 if successful. * \return #MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL if \p buf is too small. */ -int mbedtls_ssl_session_save( const mbedtls_ssl_session *session, - unsigned char *buf, - size_t buf_len, - size_t *olen ); +int mbedtls_ssl_session_save(const mbedtls_ssl_session *session, + unsigned char *buf, + size_t buf_len, + size_t *olen); /** * \brief Get a pointer to the current session structure, for example @@ -2608,7 +2607,7 @@ int mbedtls_ssl_session_save( const mbedtls_ssl_session *session, * \return A pointer to the current session if successful. * \return \c NULL if no session is active. */ -const mbedtls_ssl_session *mbedtls_ssl_get_session_pointer( const mbedtls_ssl_context *ssl ); +const mbedtls_ssl_session *mbedtls_ssl_get_session_pointer(const mbedtls_ssl_context *ssl); /** * \brief Set the list of allowed ciphersuites and the preference @@ -2625,8 +2624,8 @@ const mbedtls_ssl_session *mbedtls_ssl_get_session_pointer( const mbedtls_ssl_co * \param conf SSL configuration * \param ciphersuites 0-terminated list of allowed ciphersuites */ -void mbedtls_ssl_conf_ciphersuites( mbedtls_ssl_config *conf, - const int *ciphersuites ); +void mbedtls_ssl_conf_ciphersuites(mbedtls_ssl_config *conf, + const int *ciphersuites); #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) #define MBEDTLS_SSL_UNEXPECTED_CID_IGNORE 0 @@ -2663,8 +2662,8 @@ void mbedtls_ssl_conf_ciphersuites( mbedtls_ssl_config *conf, * \return #MBEDTLS_ERR_SSL_BAD_INPUT_DATA if \p own_cid_len * is too large. */ -int mbedtls_ssl_conf_cid( mbedtls_ssl_config *conf, size_t len, - int ignore_other_cids ); +int mbedtls_ssl_conf_cid(mbedtls_ssl_config *conf, size_t len, + int ignore_other_cids); #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ /** @@ -2686,9 +2685,9 @@ int mbedtls_ssl_conf_cid( mbedtls_ssl_config *conf, size_t len, * \note With DTLS, use MBEDTLS_SSL_MINOR_VERSION_2 for DTLS 1.0 * and MBEDTLS_SSL_MINOR_VERSION_3 for DTLS 1.2 */ -void mbedtls_ssl_conf_ciphersuites_for_version( mbedtls_ssl_config *conf, - const int *ciphersuites, - int major, int minor ); +void mbedtls_ssl_conf_ciphersuites_for_version(mbedtls_ssl_config *conf, + const int *ciphersuites, + int major, int minor); #if defined(MBEDTLS_X509_CRT_PARSE_C) /** @@ -2701,8 +2700,8 @@ void mbedtls_ssl_conf_ciphersuites_for_version( mbedtls_ssl_config *conf, * \param conf SSL configuration * \param profile Profile to use */ -void mbedtls_ssl_conf_cert_profile( mbedtls_ssl_config *conf, - const mbedtls_x509_crt_profile *profile ); +void mbedtls_ssl_conf_cert_profile(mbedtls_ssl_config *conf, + const mbedtls_x509_crt_profile *profile); /** * \brief Set the data required to verify peer certificate @@ -2715,9 +2714,9 @@ void mbedtls_ssl_conf_cert_profile( mbedtls_ssl_config *conf, * \param ca_chain trusted CA chain (meaning all fully trusted top-level CAs) * \param ca_crl trusted CA CRLs */ -void mbedtls_ssl_conf_ca_chain( mbedtls_ssl_config *conf, +void mbedtls_ssl_conf_ca_chain(mbedtls_ssl_config *conf, mbedtls_x509_crt *ca_chain, - mbedtls_x509_crl *ca_crl ); + mbedtls_x509_crl *ca_crl); #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) /** @@ -2771,9 +2770,9 @@ void mbedtls_ssl_conf_ca_chain( mbedtls_ssl_config *conf, * to guarantee this (for example through a mutex * contained in the callback context pointed to by \p p_ca_cb). */ -void mbedtls_ssl_conf_ca_cb( mbedtls_ssl_config *conf, - mbedtls_x509_crt_ca_cb_t f_ca_cb, - void *p_ca_cb ); +void mbedtls_ssl_conf_ca_cb(mbedtls_ssl_config *conf, + mbedtls_x509_crt_ca_cb_t f_ca_cb, + void *p_ca_cb); #endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */ /** @@ -2812,9 +2811,9 @@ void mbedtls_ssl_conf_ca_cb( mbedtls_ssl_config *conf, * * \return 0 on success or MBEDTLS_ERR_SSL_ALLOC_FAILED */ -int mbedtls_ssl_conf_own_cert( mbedtls_ssl_config *conf, +int mbedtls_ssl_conf_own_cert(mbedtls_ssl_config *conf, mbedtls_x509_crt *own_cert, - mbedtls_pk_context *pk_key ); + mbedtls_pk_context *pk_key); #endif /* MBEDTLS_X509_CRT_PARSE_C */ #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) @@ -2849,9 +2848,9 @@ int mbedtls_ssl_conf_own_cert( mbedtls_ssl_config *conf, * \return \c 0 if successful. * \return An \c MBEDTLS_ERR_SSL_XXX error code on failure. */ -int mbedtls_ssl_conf_psk( mbedtls_ssl_config *conf, - const unsigned char *psk, size_t psk_len, - const unsigned char *psk_identity, size_t psk_identity_len ); +int mbedtls_ssl_conf_psk(mbedtls_ssl_config *conf, + const unsigned char *psk, size_t psk_len, + const unsigned char *psk_identity, size_t psk_identity_len); #if defined(MBEDTLS_USE_PSA_CRYPTO) /** @@ -2890,10 +2889,10 @@ int mbedtls_ssl_conf_psk( mbedtls_ssl_config *conf, * \return \c 0 if successful. * \return An \c MBEDTLS_ERR_SSL_XXX error code on failure. */ -int mbedtls_ssl_conf_psk_opaque( mbedtls_ssl_config *conf, - psa_key_id_t psk, - const unsigned char *psk_identity, - size_t psk_identity_len ); +int mbedtls_ssl_conf_psk_opaque(mbedtls_ssl_config *conf, + psa_key_id_t psk, + const unsigned char *psk_identity, + size_t psk_identity_len); #endif /* MBEDTLS_USE_PSA_CRYPTO */ /** @@ -2912,8 +2911,8 @@ int mbedtls_ssl_conf_psk_opaque( mbedtls_ssl_config *conf, * \return \c 0 if successful. * \return An \c MBEDTLS_ERR_SSL_XXX error code on failure. */ -int mbedtls_ssl_set_hs_psk( mbedtls_ssl_context *ssl, - const unsigned char *psk, size_t psk_len ); +int mbedtls_ssl_set_hs_psk(mbedtls_ssl_context *ssl, + const unsigned char *psk, size_t psk_len); #if defined(MBEDTLS_USE_PSA_CRYPTO) /** @@ -2932,12 +2931,12 @@ int mbedtls_ssl_set_hs_psk( mbedtls_ssl_context *ssl, * PSA_ALG_CATEGORY_KEY_DERIVATION whose policy allows its * use for the key derivation algorithm * applied in the handshake. - * + * * \return \c 0 if successful. * \return An \c MBEDTLS_ERR_SSL_XXX error code on failure. */ -int mbedtls_ssl_set_hs_psk_opaque( mbedtls_ssl_context *ssl, - psa_key_id_t psk ); +int mbedtls_ssl_set_hs_psk_opaque(mbedtls_ssl_context *ssl, + psa_key_id_t psk); #endif /* MBEDTLS_USE_PSA_CRYPTO */ /** @@ -2978,10 +2977,10 @@ int mbedtls_ssl_set_hs_psk_opaque( mbedtls_ssl_context *ssl, * \param p_psk A pointer to an opaque structure to be passed to * the callback, for example a PSK store. */ -void mbedtls_ssl_conf_psk_cb( mbedtls_ssl_config *conf, - int (*f_psk)(void *, mbedtls_ssl_context *, const unsigned char *, - size_t), - void *p_psk ); +void mbedtls_ssl_conf_psk_cb(mbedtls_ssl_config *conf, + int (*f_psk)(void *, mbedtls_ssl_context *, const unsigned char *, + size_t), + void *p_psk); #endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ #if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_SRV_C) @@ -3007,9 +3006,9 @@ void mbedtls_ssl_conf_psk_cb( mbedtls_ssl_config *conf, * * \return 0 if successful */ -MBEDTLS_DEPRECATED int mbedtls_ssl_conf_dh_param( mbedtls_ssl_config *conf, - const char *dhm_P, - const char *dhm_G ); +MBEDTLS_DEPRECATED int mbedtls_ssl_conf_dh_param(mbedtls_ssl_config *conf, + const char *dhm_P, + const char *dhm_G); #endif /* MBEDTLS_DEPRECATED_REMOVED */ @@ -3026,9 +3025,9 @@ MBEDTLS_DEPRECATED int mbedtls_ssl_conf_dh_param( mbedtls_ssl_config *conf, * * \return 0 if successful */ -int mbedtls_ssl_conf_dh_param_bin( mbedtls_ssl_config *conf, - const unsigned char *dhm_P, size_t P_len, - const unsigned char *dhm_G, size_t G_len ); +int mbedtls_ssl_conf_dh_param_bin(mbedtls_ssl_config *conf, + const unsigned char *dhm_P, size_t P_len, + const unsigned char *dhm_G, size_t G_len); /** * \brief Set the Diffie-Hellman public P and G values, @@ -3039,7 +3038,7 @@ int mbedtls_ssl_conf_dh_param_bin( mbedtls_ssl_config *conf, * * \return 0 if successful */ -int mbedtls_ssl_conf_dh_param_ctx( mbedtls_ssl_config *conf, mbedtls_dhm_context *dhm_ctx ); +int mbedtls_ssl_conf_dh_param_ctx(mbedtls_ssl_config *conf, mbedtls_dhm_context *dhm_ctx); #endif /* MBEDTLS_DHM_C && defined(MBEDTLS_SSL_SRV_C) */ #if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_CLI_C) @@ -3051,8 +3050,8 @@ int mbedtls_ssl_conf_dh_param_ctx( mbedtls_ssl_config *conf, mbedtls_dhm_context * \param conf SSL configuration * \param bitlen Minimum bit length of the DHM prime */ -void mbedtls_ssl_conf_dhm_min_bitlen( mbedtls_ssl_config *conf, - unsigned int bitlen ); +void mbedtls_ssl_conf_dhm_min_bitlen(mbedtls_ssl_config *conf, + unsigned int bitlen); #endif /* MBEDTLS_DHM_C && MBEDTLS_SSL_CLI_C */ #if defined(MBEDTLS_ECP_C) @@ -3085,8 +3084,8 @@ void mbedtls_ssl_conf_dhm_min_bitlen( mbedtls_ssl_config *conf, * \param curves Ordered list of allowed curves, * terminated by MBEDTLS_ECP_DP_NONE. */ -void mbedtls_ssl_conf_curves( mbedtls_ssl_config *conf, - const mbedtls_ecp_group_id *curves ); +void mbedtls_ssl_conf_curves(mbedtls_ssl_config *conf, + const mbedtls_ecp_group_id *curves); #endif /* MBEDTLS_ECP_C */ #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) @@ -3110,8 +3109,8 @@ void mbedtls_ssl_conf_curves( mbedtls_ssl_config *conf, * \param hashes Ordered list of allowed signature hashes, * terminated by \c MBEDTLS_MD_NONE. */ -void mbedtls_ssl_conf_sig_hashes( mbedtls_ssl_config *conf, - const int *hashes ); +void mbedtls_ssl_conf_sig_hashes(mbedtls_ssl_config *conf, + const int *hashes); #endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ #if defined(MBEDTLS_X509_CRT_PARSE_C) @@ -3133,7 +3132,7 @@ void mbedtls_ssl_conf_sig_hashes( mbedtls_ssl_config *conf, * when NULL). On allocation failure hostname is cleared. * On too long input failure, old hostname is unchanged. */ -int mbedtls_ssl_set_hostname( mbedtls_ssl_context *ssl, const char *hostname ); +int mbedtls_ssl_set_hostname(mbedtls_ssl_context *ssl, const char *hostname); #endif /* MBEDTLS_X509_CRT_PARSE_C */ #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) @@ -3149,9 +3148,9 @@ int mbedtls_ssl_set_hostname( mbedtls_ssl_context *ssl, const char *hostname ); * * \return 0 on success or MBEDTLS_ERR_SSL_ALLOC_FAILED */ -int mbedtls_ssl_set_hs_own_cert( mbedtls_ssl_context *ssl, - mbedtls_x509_crt *own_cert, - mbedtls_pk_context *pk_key ); +int mbedtls_ssl_set_hs_own_cert(mbedtls_ssl_context *ssl, + mbedtls_x509_crt *own_cert, + mbedtls_pk_context *pk_key); /** * \brief Set the data required to verify peer certificate for the @@ -3164,9 +3163,9 @@ int mbedtls_ssl_set_hs_own_cert( mbedtls_ssl_context *ssl, * \param ca_chain trusted CA chain (meaning all fully trusted top-level CAs) * \param ca_crl trusted CA CRLs */ -void mbedtls_ssl_set_hs_ca_chain( mbedtls_ssl_context *ssl, - mbedtls_x509_crt *ca_chain, - mbedtls_x509_crl *ca_crl ); +void mbedtls_ssl_set_hs_ca_chain(mbedtls_ssl_context *ssl, + mbedtls_x509_crt *ca_chain, + mbedtls_x509_crl *ca_crl); /** * \brief Set authmode for the current handshake. @@ -3178,8 +3177,8 @@ void mbedtls_ssl_set_hs_ca_chain( mbedtls_ssl_context *ssl, * \param authmode MBEDTLS_SSL_VERIFY_NONE, MBEDTLS_SSL_VERIFY_OPTIONAL or * MBEDTLS_SSL_VERIFY_REQUIRED */ -void mbedtls_ssl_set_hs_authmode( mbedtls_ssl_context *ssl, - int authmode ); +void mbedtls_ssl_set_hs_authmode(mbedtls_ssl_context *ssl, + int authmode); /** * \brief Set server side ServerName TLS extension callback @@ -3204,10 +3203,10 @@ void mbedtls_ssl_set_hs_authmode( mbedtls_ssl_context *ssl, * \param f_sni verification function * \param p_sni verification parameter */ -void mbedtls_ssl_conf_sni( mbedtls_ssl_config *conf, - int (*f_sni)(void *, mbedtls_ssl_context *, const unsigned char *, - size_t), - void *p_sni ); +void mbedtls_ssl_conf_sni(mbedtls_ssl_config *conf, + int (*f_sni)(void *, mbedtls_ssl_context *, const unsigned char *, + size_t), + void *p_sni); #endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */ #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) @@ -3228,9 +3227,9 @@ void mbedtls_ssl_conf_sni( mbedtls_ssl_config *conf, * * \return 0 on success, or a negative error code. */ -int mbedtls_ssl_set_hs_ecjpake_password( mbedtls_ssl_context *ssl, - const unsigned char *pw, - size_t pw_len ); +int mbedtls_ssl_set_hs_ecjpake_password(mbedtls_ssl_context *ssl, + const unsigned char *pw, + size_t pw_len); #endif /*MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ #if defined(MBEDTLS_SSL_ALPN) @@ -3246,7 +3245,7 @@ int mbedtls_ssl_set_hs_ecjpake_password( mbedtls_ssl_context *ssl, * * \return 0 on success, or MBEDTLS_ERR_SSL_BAD_INPUT_DATA. */ -int mbedtls_ssl_conf_alpn_protocols( mbedtls_ssl_config *conf, const char **protos ); +int mbedtls_ssl_conf_alpn_protocols(mbedtls_ssl_config *conf, const char **protos); /** * \brief Get the name of the negotiated Application Layer Protocol. @@ -3257,26 +3256,25 @@ int mbedtls_ssl_conf_alpn_protocols( mbedtls_ssl_config *conf, const char **prot * * \return Protocol name, or NULL if no protocol was negotiated. */ -const char *mbedtls_ssl_get_alpn_protocol( const mbedtls_ssl_context *ssl ); +const char *mbedtls_ssl_get_alpn_protocol(const mbedtls_ssl_context *ssl); #endif /* MBEDTLS_SSL_ALPN */ #if defined(MBEDTLS_SSL_DTLS_SRTP) #if defined(MBEDTLS_DEBUG_C) -static inline const char *mbedtls_ssl_get_srtp_profile_as_string( mbedtls_ssl_srtp_profile profile ) +static inline const char *mbedtls_ssl_get_srtp_profile_as_string(mbedtls_ssl_srtp_profile profile) { - switch( profile ) - { + switch (profile) { case MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_80: - return( "MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_80" ); + return "MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_80"; case MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32: - return( "MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32" ); + return "MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32"; case MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_80: - return( "MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_80" ); + return "MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_80"; case MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_32: - return( "MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_32" ); + return "MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_32"; default: break; } - return( "" ); + return ""; } #endif /* MBEDTLS_DEBUG_C */ /** @@ -3292,8 +3290,8 @@ static inline const char *mbedtls_ssl_get_srtp_profile_as_string( mbedtls_ssl_sr * #MBEDTLS_SSL_DTLS_SRTP_MKI_UNSUPPORTED * or #MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED. */ -void mbedtls_ssl_conf_srtp_mki_value_supported( mbedtls_ssl_config *conf, - int support_mki_value ); +void mbedtls_ssl_conf_srtp_mki_value_supported(mbedtls_ssl_config *conf, + int support_mki_value); /** * \brief Set the supported DTLS-SRTP protection profiles. @@ -3315,8 +3313,8 @@ void mbedtls_ssl_conf_srtp_mki_value_supported( mbedtls_ssl_config *conf, * protection profiles is incorrect. */ int mbedtls_ssl_conf_dtls_srtp_protection_profiles - ( mbedtls_ssl_config *conf, - const mbedtls_ssl_srtp_profile *profiles ); + (mbedtls_ssl_config *conf, + const mbedtls_ssl_srtp_profile *profiles); /** * \brief Set the mki_value for the current DTLS-SRTP session. @@ -3334,9 +3332,9 @@ int mbedtls_ssl_conf_dtls_srtp_protection_profiles * \return #MBEDTLS_ERR_SSL_BAD_INPUT_DATA * \return #MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE */ -int mbedtls_ssl_dtls_srtp_set_mki_value( mbedtls_ssl_context *ssl, - unsigned char *mki_value, - uint16_t mki_len ); +int mbedtls_ssl_dtls_srtp_set_mki_value(mbedtls_ssl_context *ssl, + unsigned char *mki_value, + uint16_t mki_len); /** * \brief Get the negotiated DTLS-SRTP information: * Protection profile and MKI value. @@ -3355,8 +3353,8 @@ int mbedtls_ssl_dtls_srtp_set_mki_value( mbedtls_ssl_context *ssl, * or peer's Hello packet was not parsed yet. * - mki size and value( if size is > 0 ). */ -void mbedtls_ssl_get_dtls_srtp_negotiation_result( const mbedtls_ssl_context *ssl, - mbedtls_dtls_srtp_info *dtls_srtp_info ); +void mbedtls_ssl_get_dtls_srtp_negotiation_result(const mbedtls_ssl_context *ssl, + mbedtls_dtls_srtp_info *dtls_srtp_info); #endif /* MBEDTLS_SSL_DTLS_SRTP */ /** @@ -3375,7 +3373,7 @@ void mbedtls_ssl_get_dtls_srtp_negotiation_result( const mbedtls_ssl_context *ss * MBEDTLS_SSL_MINOR_VERSION_1 and MBEDTLS_SSL_MINOR_VERSION_2, * MBEDTLS_SSL_MINOR_VERSION_3 supported) */ -void mbedtls_ssl_conf_max_version( mbedtls_ssl_config *conf, int major, int minor ); +void mbedtls_ssl_conf_max_version(mbedtls_ssl_config *conf, int major, int minor); /** * \brief Set the minimum accepted SSL/TLS protocol version @@ -3395,7 +3393,7 @@ void mbedtls_ssl_conf_max_version( mbedtls_ssl_config *conf, int major, int mino * MBEDTLS_SSL_MINOR_VERSION_1 and MBEDTLS_SSL_MINOR_VERSION_2, * MBEDTLS_SSL_MINOR_VERSION_3 supported) */ -void mbedtls_ssl_conf_min_version( mbedtls_ssl_config *conf, int major, int minor ); +void mbedtls_ssl_conf_min_version(mbedtls_ssl_config *conf, int major, int minor); #if defined(MBEDTLS_SSL_FALLBACK_SCSV) && defined(MBEDTLS_SSL_CLI_C) /** @@ -3417,7 +3415,7 @@ void mbedtls_ssl_conf_min_version( mbedtls_ssl_config *conf, int major, int mino * \param conf SSL configuration * \param fallback MBEDTLS_SSL_IS_NOT_FALLBACK or MBEDTLS_SSL_IS_FALLBACK */ -void mbedtls_ssl_conf_fallback( mbedtls_ssl_config *conf, char fallback ); +void mbedtls_ssl_conf_fallback(mbedtls_ssl_config *conf, char fallback); #endif /* MBEDTLS_SSL_FALLBACK_SCSV && MBEDTLS_SSL_CLI_C */ #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) @@ -3432,7 +3430,7 @@ void mbedtls_ssl_conf_fallback( mbedtls_ssl_config *conf, char fallback ); * \param conf SSL configuration * \param etm MBEDTLS_SSL_ETM_ENABLED or MBEDTLS_SSL_ETM_DISABLED */ -void mbedtls_ssl_conf_encrypt_then_mac( mbedtls_ssl_config *conf, char etm ); +void mbedtls_ssl_conf_encrypt_then_mac(mbedtls_ssl_config *conf, char etm); #endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */ #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) @@ -3447,7 +3445,7 @@ void mbedtls_ssl_conf_encrypt_then_mac( mbedtls_ssl_config *conf, char etm ); * \param conf SSL configuration * \param ems MBEDTLS_SSL_EXTENDED_MS_ENABLED or MBEDTLS_SSL_EXTENDED_MS_DISABLED */ -void mbedtls_ssl_conf_extended_master_secret( mbedtls_ssl_config *conf, char ems ); +void mbedtls_ssl_conf_extended_master_secret(mbedtls_ssl_config *conf, char ems); #endif /* MBEDTLS_SSL_EXTENDED_MASTER_SECRET */ #if defined(MBEDTLS_ARC4_C) @@ -3466,7 +3464,7 @@ void mbedtls_ssl_conf_extended_master_secret( mbedtls_ssl_config *conf, char ems * \param conf SSL configuration * \param arc4 MBEDTLS_SSL_ARC4_ENABLED or MBEDTLS_SSL_ARC4_DISABLED */ -void mbedtls_ssl_conf_arc4_support( mbedtls_ssl_config *conf, char arc4 ); +void mbedtls_ssl_conf_arc4_support(mbedtls_ssl_config *conf, char arc4); #endif /* MBEDTLS_ARC4_C */ #if defined(MBEDTLS_SSL_SRV_C) @@ -3479,8 +3477,8 @@ void mbedtls_ssl_conf_arc4_support( mbedtls_ssl_config *conf, char arc4 ); * \param cert_req_ca_list MBEDTLS_SSL_CERT_REQ_CA_LIST_ENABLED or * MBEDTLS_SSL_CERT_REQ_CA_LIST_DISABLED */ -void mbedtls_ssl_conf_cert_req_ca_list( mbedtls_ssl_config *conf, - char cert_req_ca_list ); +void mbedtls_ssl_conf_cert_req_ca_list(mbedtls_ssl_config *conf, + char cert_req_ca_list); #endif /* MBEDTLS_SSL_SRV_C */ #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) @@ -3518,7 +3516,7 @@ void mbedtls_ssl_conf_cert_req_ca_list( mbedtls_ssl_config *conf, * * \return 0 if successful or MBEDTLS_ERR_SSL_BAD_INPUT_DATA */ -int mbedtls_ssl_conf_max_frag_len( mbedtls_ssl_config *conf, unsigned char mfl_code ); +int mbedtls_ssl_conf_max_frag_len(mbedtls_ssl_config *conf, unsigned char mfl_code); #endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */ #if defined(MBEDTLS_SSL_TRUNCATED_HMAC) @@ -3530,7 +3528,7 @@ int mbedtls_ssl_conf_max_frag_len( mbedtls_ssl_config *conf, unsigned char mfl_c * \param truncate Enable or disable (MBEDTLS_SSL_TRUNC_HMAC_ENABLED or * MBEDTLS_SSL_TRUNC_HMAC_DISABLED) */ -void mbedtls_ssl_conf_truncated_hmac( mbedtls_ssl_config *conf, int truncate ); +void mbedtls_ssl_conf_truncated_hmac(mbedtls_ssl_config *conf, int truncate); #endif /* MBEDTLS_SSL_TRUNCATED_HMAC */ #if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING) @@ -3545,7 +3543,7 @@ void mbedtls_ssl_conf_truncated_hmac( mbedtls_ssl_config *conf, int truncate ); * \param split MBEDTLS_SSL_CBC_RECORD_SPLITTING_ENABLED or * MBEDTLS_SSL_CBC_RECORD_SPLITTING_DISABLED */ -void mbedtls_ssl_conf_cbc_record_splitting( mbedtls_ssl_config *conf, char split ); +void mbedtls_ssl_conf_cbc_record_splitting(mbedtls_ssl_config *conf, char split); #endif /* MBEDTLS_SSL_CBC_RECORD_SPLITTING */ #if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C) @@ -3559,7 +3557,7 @@ void mbedtls_ssl_conf_cbc_record_splitting( mbedtls_ssl_config *conf, char split * \param use_tickets Enable or disable (MBEDTLS_SSL_SESSION_TICKETS_ENABLED or * MBEDTLS_SSL_SESSION_TICKETS_DISABLED) */ -void mbedtls_ssl_conf_session_tickets( mbedtls_ssl_config *conf, int use_tickets ); +void mbedtls_ssl_conf_session_tickets(mbedtls_ssl_config *conf, int use_tickets); #endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_CLI_C */ #if defined(MBEDTLS_SSL_RENEGOTIATION) @@ -3580,7 +3578,7 @@ void mbedtls_ssl_conf_session_tickets( mbedtls_ssl_config *conf, int use_tickets * \param renegotiation Enable or disable (MBEDTLS_SSL_RENEGOTIATION_ENABLED or * MBEDTLS_SSL_RENEGOTIATION_DISABLED) */ -void mbedtls_ssl_conf_renegotiation( mbedtls_ssl_config *conf, int renegotiation ); +void mbedtls_ssl_conf_renegotiation(mbedtls_ssl_config *conf, int renegotiation); #endif /* MBEDTLS_SSL_RENEGOTIATION */ /** @@ -3610,7 +3608,7 @@ void mbedtls_ssl_conf_renegotiation( mbedtls_ssl_config *conf, int renegotiation * SSL_ALLOW_LEGACY_RENEGOTIATION or * MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE) */ -void mbedtls_ssl_conf_legacy_renegotiation( mbedtls_ssl_config *conf, int allow_legacy ); +void mbedtls_ssl_conf_legacy_renegotiation(mbedtls_ssl_config *conf, int allow_legacy); #if defined(MBEDTLS_SSL_RENEGOTIATION) /** @@ -3650,7 +3648,7 @@ void mbedtls_ssl_conf_legacy_renegotiation( mbedtls_ssl_config *conf, int allow_ * enforce renegotiation, or a non-negative value to enforce * it but allow for a grace period of max_records records. */ -void mbedtls_ssl_conf_renegotiation_enforced( mbedtls_ssl_config *conf, int max_records ); +void mbedtls_ssl_conf_renegotiation_enforced(mbedtls_ssl_config *conf, int max_records); /** * \brief Set record counter threshold for periodic renegotiation. @@ -3677,8 +3675,8 @@ void mbedtls_ssl_conf_renegotiation_enforced( mbedtls_ssl_config *conf, int max_ * \param conf SSL configuration * \param period The threshold value: a big-endian 64-bit number. */ -void mbedtls_ssl_conf_renegotiation_period( mbedtls_ssl_config *conf, - const unsigned char period[8] ); +void mbedtls_ssl_conf_renegotiation_period(mbedtls_ssl_config *conf, + const unsigned char period[8]); #endif /* MBEDTLS_SSL_RENEGOTIATION */ /** @@ -3719,7 +3717,7 @@ void mbedtls_ssl_conf_renegotiation_period( mbedtls_ssl_config *conf, * that all internal data has been processed. * */ -int mbedtls_ssl_check_pending( const mbedtls_ssl_context *ssl ); +int mbedtls_ssl_check_pending(const mbedtls_ssl_context *ssl); /** * \brief Return the number of application data bytes @@ -3736,7 +3734,7 @@ int mbedtls_ssl_check_pending( const mbedtls_ssl_context *ssl ); * amount of data fitting into the input buffer. * */ -size_t mbedtls_ssl_get_bytes_avail( const mbedtls_ssl_context *ssl ); +size_t mbedtls_ssl_get_bytes_avail(const mbedtls_ssl_context *ssl); /** * \brief Return the result of the certificate verification @@ -3750,7 +3748,7 @@ size_t mbedtls_ssl_get_bytes_avail( const mbedtls_ssl_context *ssl ); * \return A bitwise combination of \c MBEDTLS_X509_BADCERT_XXX * and \c MBEDTLS_X509_BADCRL_XXX failure flags; see x509.h. */ -uint32_t mbedtls_ssl_get_verify_result( const mbedtls_ssl_context *ssl ); +uint32_t mbedtls_ssl_get_verify_result(const mbedtls_ssl_context *ssl); /** * \brief Return the name of the current ciphersuite @@ -3759,7 +3757,7 @@ uint32_t mbedtls_ssl_get_verify_result( const mbedtls_ssl_context *ssl ); * * \return a string containing the ciphersuite name */ -const char *mbedtls_ssl_get_ciphersuite( const mbedtls_ssl_context *ssl ); +const char *mbedtls_ssl_get_ciphersuite(const mbedtls_ssl_context *ssl); /** * \brief Return the current SSL version (SSLv3/TLSv1/etc) @@ -3768,7 +3766,7 @@ const char *mbedtls_ssl_get_ciphersuite( const mbedtls_ssl_context *ssl ); * * \return a string containing the SSL version */ -const char *mbedtls_ssl_get_version( const mbedtls_ssl_context *ssl ); +const char *mbedtls_ssl_get_version(const mbedtls_ssl_context *ssl); /** * \brief Return the (maximum) number of bytes added by the record @@ -3783,7 +3781,7 @@ const char *mbedtls_ssl_get_version( const mbedtls_ssl_context *ssl ); * MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE if compression is * enabled, which makes expansion much less predictable */ -int mbedtls_ssl_get_record_expansion( const mbedtls_ssl_context *ssl ); +int mbedtls_ssl_get_record_expansion(const mbedtls_ssl_context *ssl); #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) /** @@ -3799,7 +3797,7 @@ int mbedtls_ssl_get_record_expansion( const mbedtls_ssl_context *ssl ); * * \return Current maximum fragment length for the output buffer. */ -size_t mbedtls_ssl_get_output_max_frag_len( const mbedtls_ssl_context *ssl ); +size_t mbedtls_ssl_get_output_max_frag_len(const mbedtls_ssl_context *ssl); /** * \brief Return the maximum fragment length (payload, in bytes) for @@ -3815,7 +3813,7 @@ size_t mbedtls_ssl_get_output_max_frag_len( const mbedtls_ssl_context *ssl ); * * \return Current maximum fragment length for the output buffer. */ -size_t mbedtls_ssl_get_input_max_frag_len( const mbedtls_ssl_context *ssl ); +size_t mbedtls_ssl_get_input_max_frag_len(const mbedtls_ssl_context *ssl); #if !defined(MBEDTLS_DEPRECATED_REMOVED) @@ -3840,7 +3838,7 @@ size_t mbedtls_ssl_get_input_max_frag_len( const mbedtls_ssl_context *ssl ); * \return Current maximum fragment length for the output buffer. */ MBEDTLS_DEPRECATED size_t mbedtls_ssl_get_max_frag_len( - const mbedtls_ssl_context *ssl ); + const mbedtls_ssl_context *ssl); #endif /* MBEDTLS_DEPRECATED_REMOVED */ #endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */ @@ -3871,7 +3869,7 @@ MBEDTLS_DEPRECATED size_t mbedtls_ssl_get_max_frag_len( * \return Current maximum payload for an outgoing record, * or a negative error code. */ -int mbedtls_ssl_get_max_out_record_payload( const mbedtls_ssl_context *ssl ); +int mbedtls_ssl_get_max_out_record_payload(const mbedtls_ssl_context *ssl); #if defined(MBEDTLS_X509_CRT_PARSE_C) /** @@ -3904,7 +3902,7 @@ int mbedtls_ssl_get_max_out_record_payload( const mbedtls_ssl_context *ssl ); * If you want to use the certificate across API calls, * you must make a copy. */ -const mbedtls_x509_crt *mbedtls_ssl_get_peer_cert( const mbedtls_ssl_context *ssl ); +const mbedtls_x509_crt *mbedtls_ssl_get_peer_cert(const mbedtls_ssl_context *ssl); #endif /* MBEDTLS_X509_CRT_PARSE_C */ #if defined(MBEDTLS_SSL_CLI_C) @@ -3934,7 +3932,7 @@ const mbedtls_x509_crt *mbedtls_ssl_get_peer_cert( const mbedtls_ssl_context *ss * * \sa mbedtls_ssl_set_session() */ -int mbedtls_ssl_get_session( const mbedtls_ssl_context *ssl, mbedtls_ssl_session *session ); +int mbedtls_ssl_get_session(const mbedtls_ssl_context *ssl, mbedtls_ssl_session *session); #endif /* MBEDTLS_SSL_CLI_C */ /** @@ -3986,8 +3984,12 @@ int mbedtls_ssl_get_session( const mbedtls_ssl_context *ssl, mbedtls_ssl_session * in which case the datagram of the underlying transport that is * currently being processed might or might not contain further * DTLS records. + * + * \note If #MBEDTLS_USE_PSA_CRYPTO is enabled, the PSA crypto + * subsystem must have been initialized by calling + * psa_crypto_init() before calling this function. */ -int mbedtls_ssl_handshake( mbedtls_ssl_context *ssl ); +int mbedtls_ssl_handshake(mbedtls_ssl_context *ssl); /** * \brief Perform a single step of the SSL handshake @@ -4009,7 +4011,7 @@ int mbedtls_ssl_handshake( mbedtls_ssl_context *ssl ); * re-using it for a new connection; the current connection * must be closed. */ -int mbedtls_ssl_handshake_step( mbedtls_ssl_context *ssl ); +int mbedtls_ssl_handshake_step(mbedtls_ssl_context *ssl); #if defined(MBEDTLS_SSL_RENEGOTIATION) /** @@ -4035,7 +4037,7 @@ int mbedtls_ssl_handshake_step( mbedtls_ssl_context *ssl ); * must be closed. * */ -int mbedtls_ssl_renegotiate( mbedtls_ssl_context *ssl ); +int mbedtls_ssl_renegotiate(mbedtls_ssl_context *ssl); #endif /* MBEDTLS_SSL_RENEGOTIATION */ /** @@ -4115,7 +4117,7 @@ int mbedtls_ssl_renegotiate( mbedtls_ssl_context *ssl ); * \c mbedtls_ssl_check_pending to check for remaining records. * */ -int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len ); +int mbedtls_ssl_read(mbedtls_ssl_context *ssl, unsigned char *buf, size_t len); /** * \brief Try to write exactly 'len' application data bytes @@ -4177,7 +4179,7 @@ int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len ) * \note Attempting to write 0 bytes will result in an empty TLS * application record being sent. */ -int mbedtls_ssl_write( mbedtls_ssl_context *ssl, const unsigned char *buf, size_t len ); +int mbedtls_ssl_write(mbedtls_ssl_context *ssl, const unsigned char *buf, size_t len); /** * \brief Send an alert message @@ -4195,9 +4197,9 @@ int mbedtls_ssl_write( mbedtls_ssl_context *ssl, const unsigned char *buf, size_ * call \c mbedtls_ssl_session_reset() on it before re-using it * for a new connection; the current connection must be closed. */ -int mbedtls_ssl_send_alert_message( mbedtls_ssl_context *ssl, - unsigned char level, - unsigned char message ); +int mbedtls_ssl_send_alert_message(mbedtls_ssl_context *ssl, + unsigned char level, + unsigned char message); /** * \brief Notify the peer that the connection is being closed * @@ -4211,14 +4213,14 @@ int mbedtls_ssl_send_alert_message( mbedtls_ssl_context *ssl, * call \c mbedtls_ssl_session_reset() on it before re-using it * for a new connection; the current connection must be closed. */ -int mbedtls_ssl_close_notify( mbedtls_ssl_context *ssl ); +int mbedtls_ssl_close_notify(mbedtls_ssl_context *ssl); /** * \brief Free referenced items in an SSL context and clear memory * * \param ssl SSL context */ -void mbedtls_ssl_free( mbedtls_ssl_context *ssl ); +void mbedtls_ssl_free(mbedtls_ssl_context *ssl); #if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) /** @@ -4269,10 +4271,10 @@ void mbedtls_ssl_free( mbedtls_ssl_context *ssl ); * or the connection does not use DTLS 1.2 with an AEAD * ciphersuite, or renegotiation is enabled. */ -int mbedtls_ssl_context_save( mbedtls_ssl_context *ssl, - unsigned char *buf, - size_t buf_len, - size_t *olen ); +int mbedtls_ssl_context_save(mbedtls_ssl_context *ssl, + unsigned char *buf, + size_t buf_len, + size_t *olen); /** * \brief Load serialized connection data to an SSL context. @@ -4339,9 +4341,9 @@ int mbedtls_ssl_context_save( mbedtls_ssl_context *ssl, * comes from a different Mbed TLS version or build. * \return #MBEDTLS_ERR_SSL_BAD_INPUT_DATA if input data is invalid. */ -int mbedtls_ssl_context_load( mbedtls_ssl_context *ssl, - const unsigned char *buf, - size_t len ); +int mbedtls_ssl_context_load(mbedtls_ssl_context *ssl, + const unsigned char *buf, + size_t len); #endif /* MBEDTLS_SSL_CONTEXT_SERIALIZATION */ /** @@ -4354,7 +4356,7 @@ int mbedtls_ssl_context_load( mbedtls_ssl_context *ssl, * * \param conf SSL configuration context */ -void mbedtls_ssl_config_init( mbedtls_ssl_config *conf ); +void mbedtls_ssl_config_init(mbedtls_ssl_config *conf); /** * \brief Load reasonable default SSL configuration values. @@ -4371,22 +4373,22 @@ void mbedtls_ssl_config_init( mbedtls_ssl_config *conf ); * \return 0 if successful, or * MBEDTLS_ERR_XXX_ALLOC_FAILED on memory allocation error. */ -int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf, - int endpoint, int transport, int preset ); +int mbedtls_ssl_config_defaults(mbedtls_ssl_config *conf, + int endpoint, int transport, int preset); /** * \brief Free an SSL configuration context * * \param conf SSL configuration context */ -void mbedtls_ssl_config_free( mbedtls_ssl_config *conf ); +void mbedtls_ssl_config_free(mbedtls_ssl_config *conf); /** * \brief Initialize SSL session structure * * \param session SSL session */ -void mbedtls_ssl_session_init( mbedtls_ssl_session *session ); +void mbedtls_ssl_session_init(mbedtls_ssl_session *session); /** * \brief Free referenced items in an SSL session including the @@ -4397,7 +4399,7 @@ void mbedtls_ssl_session_init( mbedtls_ssl_session *session ); * * \param session SSL session */ -void mbedtls_ssl_session_free( mbedtls_ssl_session *session ); +void mbedtls_ssl_session_free(mbedtls_ssl_session *session); /** * \brief TLS-PRF function for key derivation. @@ -4414,11 +4416,11 @@ void mbedtls_ssl_session_free( mbedtls_ssl_session *session ); * * \return 0 on success. An SSL specific error on failure. */ -int mbedtls_ssl_tls_prf( const mbedtls_tls_prf_types prf, - const unsigned char *secret, size_t slen, - const char *label, - const unsigned char *random, size_t rlen, - unsigned char *dstbuf, size_t dlen ); +int mbedtls_ssl_tls_prf(const mbedtls_tls_prf_types prf, + const unsigned char *secret, size_t slen, + const char *label, + const unsigned char *random, size_t rlen, + unsigned char *dstbuf, size_t dlen); #ifdef __cplusplus } diff --git a/thirdparty/mbedtls/include/mbedtls/ssl_cache.h b/thirdparty/mbedtls/include/mbedtls/ssl_cache.h index 02eab96d45..e358c6c7e0 100644 --- a/thirdparty/mbedtls/include/mbedtls/ssl_cache.h +++ b/thirdparty/mbedtls/include/mbedtls/ssl_cache.h @@ -62,8 +62,7 @@ typedef struct mbedtls_ssl_cache_entry mbedtls_ssl_cache_entry; /** * \brief This structure is used for storing cache entries */ -struct mbedtls_ssl_cache_entry -{ +struct mbedtls_ssl_cache_entry { #if defined(MBEDTLS_HAVE_TIME) mbedtls_time_t timestamp; /*!< entry timestamp */ #endif @@ -78,8 +77,7 @@ struct mbedtls_ssl_cache_entry /** * \brief Cache context */ -struct mbedtls_ssl_cache_context -{ +struct mbedtls_ssl_cache_context { mbedtls_ssl_cache_entry *chain; /*!< start of the chain */ int timeout; /*!< cache entry timeout */ int max_entries; /*!< maximum entries */ @@ -93,7 +91,7 @@ struct mbedtls_ssl_cache_context * * \param cache SSL cache context */ -void mbedtls_ssl_cache_init( mbedtls_ssl_cache_context *cache ); +void mbedtls_ssl_cache_init(mbedtls_ssl_cache_context *cache); /** * \brief Cache get callback implementation @@ -102,7 +100,7 @@ void mbedtls_ssl_cache_init( mbedtls_ssl_cache_context *cache ); * \param data SSL cache context * \param session session to retrieve entry for */ -int mbedtls_ssl_cache_get( void *data, mbedtls_ssl_session *session ); +int mbedtls_ssl_cache_get(void *data, mbedtls_ssl_session *session); /** * \brief Cache set callback implementation @@ -111,7 +109,7 @@ int mbedtls_ssl_cache_get( void *data, mbedtls_ssl_session *session ); * \param data SSL cache context * \param session session to store entry for */ -int mbedtls_ssl_cache_set( void *data, const mbedtls_ssl_session *session ); +int mbedtls_ssl_cache_set(void *data, const mbedtls_ssl_session *session); #if defined(MBEDTLS_HAVE_TIME) /** @@ -123,7 +121,7 @@ int mbedtls_ssl_cache_set( void *data, const mbedtls_ssl_session *session ); * \param cache SSL cache context * \param timeout cache entry timeout in seconds */ -void mbedtls_ssl_cache_set_timeout( mbedtls_ssl_cache_context *cache, int timeout ); +void mbedtls_ssl_cache_set_timeout(mbedtls_ssl_cache_context *cache, int timeout); #endif /* MBEDTLS_HAVE_TIME */ /** @@ -133,14 +131,14 @@ void mbedtls_ssl_cache_set_timeout( mbedtls_ssl_cache_context *cache, int timeou * \param cache SSL cache context * \param max cache entry maximum */ -void mbedtls_ssl_cache_set_max_entries( mbedtls_ssl_cache_context *cache, int max ); +void mbedtls_ssl_cache_set_max_entries(mbedtls_ssl_cache_context *cache, int max); /** * \brief Free referenced items in a cache context and clear memory * * \param cache SSL cache context */ -void mbedtls_ssl_cache_free( mbedtls_ssl_cache_context *cache ); +void mbedtls_ssl_cache_free(mbedtls_ssl_cache_context *cache); #ifdef __cplusplus } diff --git a/thirdparty/mbedtls/include/mbedtls/ssl_ciphersuites.h b/thirdparty/mbedtls/include/mbedtls/ssl_ciphersuites.h index 93c32a5eda..5300125f94 100644 --- a/thirdparty/mbedtls/include/mbedtls/ssl_ciphersuites.h +++ b/thirdparty/mbedtls/include/mbedtls/ssl_ciphersuites.h @@ -385,10 +385,9 @@ typedef struct mbedtls_ssl_ciphersuite_t mbedtls_ssl_ciphersuite_t; /** * \brief This structure is used for storing ciphersuite information */ -struct mbedtls_ssl_ciphersuite_t -{ +struct mbedtls_ssl_ciphersuite_t { int id; - const char * name; + const char *name; mbedtls_cipher_type_t cipher; mbedtls_md_type_t mac; @@ -402,92 +401,87 @@ struct mbedtls_ssl_ciphersuite_t unsigned char flags; }; -const int *mbedtls_ssl_list_ciphersuites( void ); +const int *mbedtls_ssl_list_ciphersuites(void); -const mbedtls_ssl_ciphersuite_t *mbedtls_ssl_ciphersuite_from_string( const char *ciphersuite_name ); -const mbedtls_ssl_ciphersuite_t *mbedtls_ssl_ciphersuite_from_id( int ciphersuite_id ); +const mbedtls_ssl_ciphersuite_t *mbedtls_ssl_ciphersuite_from_string(const char *ciphersuite_name); +const mbedtls_ssl_ciphersuite_t *mbedtls_ssl_ciphersuite_from_id(int ciphersuite_id); #if defined(MBEDTLS_PK_C) -mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_pk_alg( const mbedtls_ssl_ciphersuite_t *info ); -mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_alg( const mbedtls_ssl_ciphersuite_t *info ); +mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_pk_alg(const mbedtls_ssl_ciphersuite_t *info); +mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_alg(const mbedtls_ssl_ciphersuite_t *info); #endif -int mbedtls_ssl_ciphersuite_uses_ec( const mbedtls_ssl_ciphersuite_t *info ); -int mbedtls_ssl_ciphersuite_uses_psk( const mbedtls_ssl_ciphersuite_t *info ); +int mbedtls_ssl_ciphersuite_uses_ec(const mbedtls_ssl_ciphersuite_t *info); +int mbedtls_ssl_ciphersuite_uses_psk(const mbedtls_ssl_ciphersuite_t *info); #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PFS_ENABLED) -static inline int mbedtls_ssl_ciphersuite_has_pfs( const mbedtls_ssl_ciphersuite_t *info ) +static inline int mbedtls_ssl_ciphersuite_has_pfs(const mbedtls_ssl_ciphersuite_t *info) { - switch( info->key_exchange ) - { + switch (info->key_exchange) { case MBEDTLS_KEY_EXCHANGE_DHE_RSA: case MBEDTLS_KEY_EXCHANGE_DHE_PSK: case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA: case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK: case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA: case MBEDTLS_KEY_EXCHANGE_ECJPAKE: - return( 1 ); + return 1; default: - return( 0 ); + return 0; } } #endif /* MBEDTLS_KEY_EXCHANGE_SOME_PFS_ENABLED */ #if defined(MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED) -static inline int mbedtls_ssl_ciphersuite_no_pfs( const mbedtls_ssl_ciphersuite_t *info ) +static inline int mbedtls_ssl_ciphersuite_no_pfs(const mbedtls_ssl_ciphersuite_t *info) { - switch( info->key_exchange ) - { + switch (info->key_exchange) { case MBEDTLS_KEY_EXCHANGE_ECDH_RSA: case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA: case MBEDTLS_KEY_EXCHANGE_RSA: case MBEDTLS_KEY_EXCHANGE_PSK: case MBEDTLS_KEY_EXCHANGE_RSA_PSK: - return( 1 ); + return 1; default: - return( 0 ); + return 0; } } #endif /* MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED */ #if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_ENABLED) -static inline int mbedtls_ssl_ciphersuite_uses_ecdh( const mbedtls_ssl_ciphersuite_t *info ) +static inline int mbedtls_ssl_ciphersuite_uses_ecdh(const mbedtls_ssl_ciphersuite_t *info) { - switch( info->key_exchange ) - { + switch (info->key_exchange) { case MBEDTLS_KEY_EXCHANGE_ECDH_RSA: case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA: - return( 1 ); + return 1; default: - return( 0 ); + return 0; } } #endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDH_ENABLED */ -static inline int mbedtls_ssl_ciphersuite_cert_req_allowed( const mbedtls_ssl_ciphersuite_t *info ) +static inline int mbedtls_ssl_ciphersuite_cert_req_allowed(const mbedtls_ssl_ciphersuite_t *info) { - switch( info->key_exchange ) - { + switch (info->key_exchange) { case MBEDTLS_KEY_EXCHANGE_RSA: case MBEDTLS_KEY_EXCHANGE_DHE_RSA: case MBEDTLS_KEY_EXCHANGE_ECDH_RSA: case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA: case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA: case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA: - return( 1 ); + return 1; default: - return( 0 ); + return 0; } } -static inline int mbedtls_ssl_ciphersuite_uses_srv_cert( const mbedtls_ssl_ciphersuite_t *info ) +static inline int mbedtls_ssl_ciphersuite_uses_srv_cert(const mbedtls_ssl_ciphersuite_t *info) { - switch( info->key_exchange ) - { + switch (info->key_exchange) { case MBEDTLS_KEY_EXCHANGE_RSA: case MBEDTLS_KEY_EXCHANGE_RSA_PSK: case MBEDTLS_KEY_EXCHANGE_DHE_RSA: @@ -495,56 +489,54 @@ static inline int mbedtls_ssl_ciphersuite_uses_srv_cert( const mbedtls_ssl_ciphe case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA: case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA: case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA: - return( 1 ); + return 1; default: - return( 0 ); + return 0; } } #if defined(MBEDTLS_KEY_EXCHANGE_SOME_DHE_ENABLED) -static inline int mbedtls_ssl_ciphersuite_uses_dhe( const mbedtls_ssl_ciphersuite_t *info ) +static inline int mbedtls_ssl_ciphersuite_uses_dhe(const mbedtls_ssl_ciphersuite_t *info) { - switch( info->key_exchange ) - { + switch (info->key_exchange) { case MBEDTLS_KEY_EXCHANGE_DHE_RSA: case MBEDTLS_KEY_EXCHANGE_DHE_PSK: - return( 1 ); + return 1; default: - return( 0 ); + return 0; } } #endif /* MBEDTLS_KEY_EXCHANGE_SOME_DHE_ENABLED) */ #if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED) -static inline int mbedtls_ssl_ciphersuite_uses_ecdhe( const mbedtls_ssl_ciphersuite_t *info ) +static inline int mbedtls_ssl_ciphersuite_uses_ecdhe(const mbedtls_ssl_ciphersuite_t *info) { - switch( info->key_exchange ) - { + switch (info->key_exchange) { case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA: case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA: case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK: - return( 1 ); + return 1; default: - return( 0 ); + return 0; } } #endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED) */ #if defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED) -static inline int mbedtls_ssl_ciphersuite_uses_server_signature( const mbedtls_ssl_ciphersuite_t *info ) +static inline int mbedtls_ssl_ciphersuite_uses_server_signature( + const mbedtls_ssl_ciphersuite_t *info) { - switch( info->key_exchange ) - { + switch (info->key_exchange) { case MBEDTLS_KEY_EXCHANGE_DHE_RSA: case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA: case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA: - return( 1 ); + return 1; default: - return( 0 ); + return 0; } } #endif /* MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED */ diff --git a/thirdparty/mbedtls/include/mbedtls/ssl_cookie.h b/thirdparty/mbedtls/include/mbedtls/ssl_cookie.h index 2aa373177b..334c005a82 100644 --- a/thirdparty/mbedtls/include/mbedtls/ssl_cookie.h +++ b/thirdparty/mbedtls/include/mbedtls/ssl_cookie.h @@ -54,8 +54,7 @@ extern "C" { /** * \brief Context for the default cookie functions. */ -typedef struct mbedtls_ssl_cookie_ctx -{ +typedef struct mbedtls_ssl_cookie_ctx { mbedtls_md_context_t hmac_ctx; /*!< context for the HMAC portion */ #if !defined(MBEDTLS_HAVE_TIME) unsigned long serial; /*!< serial number for expiration */ @@ -71,14 +70,14 @@ typedef struct mbedtls_ssl_cookie_ctx /** * \brief Initialize cookie context */ -void mbedtls_ssl_cookie_init( mbedtls_ssl_cookie_ctx *ctx ); +void mbedtls_ssl_cookie_init(mbedtls_ssl_cookie_ctx *ctx); /** * \brief Setup cookie context (generate keys) */ -int mbedtls_ssl_cookie_setup( mbedtls_ssl_cookie_ctx *ctx, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ); +int mbedtls_ssl_cookie_setup(mbedtls_ssl_cookie_ctx *ctx, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng); /** * \brief Set expiration delay for cookies @@ -89,12 +88,12 @@ int mbedtls_ssl_cookie_setup( mbedtls_ssl_cookie_ctx *ctx, * issued in the meantime. * 0 to disable expiration (NOT recommended) */ -void mbedtls_ssl_cookie_set_timeout( mbedtls_ssl_cookie_ctx *ctx, unsigned long delay ); +void mbedtls_ssl_cookie_set_timeout(mbedtls_ssl_cookie_ctx *ctx, unsigned long delay); /** * \brief Free cookie context */ -void mbedtls_ssl_cookie_free( mbedtls_ssl_cookie_ctx *ctx ); +void mbedtls_ssl_cookie_free(mbedtls_ssl_cookie_ctx *ctx); /** * \brief Generate cookie, see \c mbedtls_ssl_cookie_write_t diff --git a/thirdparty/mbedtls/include/mbedtls/ssl_internal.h b/thirdparty/mbedtls/include/mbedtls/ssl_internal.h index 77ad755477..b1915c8a1b 100644 --- a/thirdparty/mbedtls/include/mbedtls/ssl_internal.h +++ b/thirdparty/mbedtls/include/mbedtls/ssl_internal.h @@ -60,7 +60,7 @@ #include "mbedtls/psa_util.h" #endif /* MBEDTLS_USE_PSA_CRYPTO */ -#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \ +#if (defined(__ARMCC_VERSION) || defined(_MSC_VER)) && \ !defined(inline) && !defined(__cplusplus) #define inline __inline #endif @@ -146,19 +146,19 @@ /* This macro determines whether CBC is supported. */ #if defined(MBEDTLS_CIPHER_MODE_CBC) && \ - ( defined(MBEDTLS_AES_C) || \ - defined(MBEDTLS_CAMELLIA_C) || \ - defined(MBEDTLS_ARIA_C) || \ - defined(MBEDTLS_DES_C) ) + (defined(MBEDTLS_AES_C) || \ + defined(MBEDTLS_CAMELLIA_C) || \ + defined(MBEDTLS_ARIA_C) || \ + defined(MBEDTLS_DES_C)) #define MBEDTLS_SSL_SOME_SUITES_USE_CBC #endif /* This macro determines whether the CBC construct used in TLS 1.0-1.2 (as * opposed to the very different CBC construct used in SSLv3) is supported. */ #if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC) && \ - ( defined(MBEDTLS_SSL_PROTO_TLS1) || \ - defined(MBEDTLS_SSL_PROTO_TLS1_1) || \ - defined(MBEDTLS_SSL_PROTO_TLS1_2) ) + (defined(MBEDTLS_SSL_PROTO_TLS1) || \ + defined(MBEDTLS_SSL_PROTO_TLS1_1) || \ + defined(MBEDTLS_SSL_PROTO_TLS1_2)) #define MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC #endif @@ -193,18 +193,18 @@ #define MBEDTLS_SSL_MAX_CID_EXPANSION 0 #endif -#define MBEDTLS_SSL_PAYLOAD_OVERHEAD ( MBEDTLS_SSL_COMPRESSION_ADD + \ - MBEDTLS_MAX_IV_LENGTH + \ - MBEDTLS_SSL_MAC_ADD + \ - MBEDTLS_SSL_PADDING_ADD + \ - MBEDTLS_SSL_MAX_CID_EXPANSION \ - ) +#define MBEDTLS_SSL_PAYLOAD_OVERHEAD (MBEDTLS_SSL_COMPRESSION_ADD + \ + MBEDTLS_MAX_IV_LENGTH + \ + MBEDTLS_SSL_MAC_ADD + \ + MBEDTLS_SSL_PADDING_ADD + \ + MBEDTLS_SSL_MAX_CID_EXPANSION \ + ) -#define MBEDTLS_SSL_IN_PAYLOAD_LEN ( MBEDTLS_SSL_PAYLOAD_OVERHEAD + \ - ( MBEDTLS_SSL_IN_CONTENT_LEN ) ) +#define MBEDTLS_SSL_IN_PAYLOAD_LEN (MBEDTLS_SSL_PAYLOAD_OVERHEAD + \ + (MBEDTLS_SSL_IN_CONTENT_LEN)) -#define MBEDTLS_SSL_OUT_PAYLOAD_LEN ( MBEDTLS_SSL_PAYLOAD_OVERHEAD + \ - ( MBEDTLS_SSL_OUT_CONTENT_LEN ) ) +#define MBEDTLS_SSL_OUT_PAYLOAD_LEN (MBEDTLS_SSL_PAYLOAD_OVERHEAD + \ + (MBEDTLS_SSL_OUT_CONTENT_LEN)) /* The maximum number of buffered handshake messages. */ #define MBEDTLS_SSL_MAX_BUFFERED_HS 4 @@ -215,8 +215,8 @@ */ #define MBEDTLS_TLS_EXT_ADV_CONTENT_LEN ( \ (MBEDTLS_SSL_IN_CONTENT_LEN > MBEDTLS_SSL_OUT_CONTENT_LEN) \ - ? ( MBEDTLS_SSL_OUT_CONTENT_LEN ) \ - : ( MBEDTLS_SSL_IN_CONTENT_LEN ) \ + ? (MBEDTLS_SSL_OUT_CONTENT_LEN) \ + : (MBEDTLS_SSL_IN_CONTENT_LEN) \ ) /* Maximum size in bytes of list in sig-hash algorithm ext., RFC 5246 */ @@ -234,11 +234,13 @@ #endif #if MBEDTLS_SSL_IN_CONTENT_LEN > MBEDTLS_SSL_MAX_CONTENT_LEN -#error "Bad configuration - incoming record content should not be larger than MBEDTLS_SSL_MAX_CONTENT_LEN." +#error \ + "Bad configuration - incoming record content should not be larger than MBEDTLS_SSL_MAX_CONTENT_LEN." #endif #if MBEDTLS_SSL_OUT_CONTENT_LEN > MBEDTLS_SSL_MAX_CONTENT_LEN -#error "Bad configuration - outgoing record content should not be larger than MBEDTLS_SSL_MAX_CONTENT_LEN." +#error \ + "Bad configuration - outgoing record content should not be larger than MBEDTLS_SSL_MAX_CONTENT_LEN." #endif #if MBEDTLS_SSL_IN_PAYLOAD_LEN > MBEDTLS_SSL_MAX_CONTENT_LEN + 2048 @@ -258,44 +260,44 @@ #if !defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) #define MBEDTLS_SSL_IN_BUFFER_LEN \ - ( ( MBEDTLS_SSL_HEADER_LEN ) + ( MBEDTLS_SSL_IN_PAYLOAD_LEN ) ) + ((MBEDTLS_SSL_HEADER_LEN) + (MBEDTLS_SSL_IN_PAYLOAD_LEN)) #else #define MBEDTLS_SSL_IN_BUFFER_LEN \ - ( ( MBEDTLS_SSL_HEADER_LEN ) + ( MBEDTLS_SSL_IN_PAYLOAD_LEN ) \ - + ( MBEDTLS_SSL_CID_IN_LEN_MAX ) ) + ((MBEDTLS_SSL_HEADER_LEN) + (MBEDTLS_SSL_IN_PAYLOAD_LEN) \ + + (MBEDTLS_SSL_CID_IN_LEN_MAX)) #endif #if !defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) #define MBEDTLS_SSL_OUT_BUFFER_LEN \ - ( ( MBEDTLS_SSL_HEADER_LEN ) + ( MBEDTLS_SSL_OUT_PAYLOAD_LEN ) ) + ((MBEDTLS_SSL_HEADER_LEN) + (MBEDTLS_SSL_OUT_PAYLOAD_LEN)) #else #define MBEDTLS_SSL_OUT_BUFFER_LEN \ - ( ( MBEDTLS_SSL_HEADER_LEN ) + ( MBEDTLS_SSL_OUT_PAYLOAD_LEN ) \ - + ( MBEDTLS_SSL_CID_OUT_LEN_MAX ) ) + ((MBEDTLS_SSL_HEADER_LEN) + (MBEDTLS_SSL_OUT_PAYLOAD_LEN) \ + + (MBEDTLS_SSL_CID_OUT_LEN_MAX)) #endif #if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) -static inline size_t mbedtls_ssl_get_output_buflen( const mbedtls_ssl_context *ctx ) +static inline size_t mbedtls_ssl_get_output_buflen(const mbedtls_ssl_context *ctx) { -#if defined (MBEDTLS_SSL_DTLS_CONNECTION_ID) - return mbedtls_ssl_get_output_max_frag_len( ctx ) - + MBEDTLS_SSL_HEADER_LEN + MBEDTLS_SSL_PAYLOAD_OVERHEAD - + MBEDTLS_SSL_CID_OUT_LEN_MAX; +#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) + return mbedtls_ssl_get_output_max_frag_len(ctx) + + MBEDTLS_SSL_HEADER_LEN + MBEDTLS_SSL_PAYLOAD_OVERHEAD + + MBEDTLS_SSL_CID_OUT_LEN_MAX; #else - return mbedtls_ssl_get_output_max_frag_len( ctx ) - + MBEDTLS_SSL_HEADER_LEN + MBEDTLS_SSL_PAYLOAD_OVERHEAD; + return mbedtls_ssl_get_output_max_frag_len(ctx) + + MBEDTLS_SSL_HEADER_LEN + MBEDTLS_SSL_PAYLOAD_OVERHEAD; #endif } -static inline size_t mbedtls_ssl_get_input_buflen( const mbedtls_ssl_context *ctx ) +static inline size_t mbedtls_ssl_get_input_buflen(const mbedtls_ssl_context *ctx) { -#if defined (MBEDTLS_SSL_DTLS_CONNECTION_ID) - return mbedtls_ssl_get_input_max_frag_len( ctx ) - + MBEDTLS_SSL_HEADER_LEN + MBEDTLS_SSL_PAYLOAD_OVERHEAD - + MBEDTLS_SSL_CID_IN_LEN_MAX; +#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) + return mbedtls_ssl_get_input_max_frag_len(ctx) + + MBEDTLS_SSL_HEADER_LEN + MBEDTLS_SSL_PAYLOAD_OVERHEAD + + MBEDTLS_SSL_CID_IN_LEN_MAX; #else - return mbedtls_ssl_get_input_max_frag_len( ctx ) - + MBEDTLS_SSL_HEADER_LEN + MBEDTLS_SSL_PAYLOAD_OVERHEAD; + return mbedtls_ssl_get_input_max_frag_len(ctx) + + MBEDTLS_SSL_HEADER_LEN + MBEDTLS_SSL_PAYLOAD_OVERHEAD; #endif } #endif @@ -303,7 +305,7 @@ static inline size_t mbedtls_ssl_get_input_buflen( const mbedtls_ssl_context *ct #ifdef MBEDTLS_ZLIB_SUPPORT /* Compression buffer holds both IN and OUT buffers, so should be size of the larger */ #define MBEDTLS_SSL_COMPRESS_BUFFER_LEN ( \ - ( MBEDTLS_SSL_IN_BUFFER_LEN > MBEDTLS_SSL_OUT_BUFFER_LEN ) \ + (MBEDTLS_SSL_IN_BUFFER_LEN > MBEDTLS_SSL_OUT_BUFFER_LEN) \ ? MBEDTLS_SSL_IN_BUFFER_LEN \ : MBEDTLS_SSL_OUT_BUFFER_LEN \ ) @@ -328,10 +330,10 @@ static inline size_t mbedtls_ssl_get_input_buflen( const mbedtls_ssl_context *ct * \return Zero if the needed space is available in the buffer, non-zero * otherwise. */ -static inline int mbedtls_ssl_chk_buf_ptr( const uint8_t *cur, - const uint8_t *end, size_t need ) +static inline int mbedtls_ssl_chk_buf_ptr(const uint8_t *cur, + const uint8_t *end, size_t need) { - return( ( cur > end ) || ( need > (size_t)( end - cur ) ) ); + return (cur > end) || (need > (size_t) (end - cur)); } /** @@ -344,13 +346,13 @@ static inline int mbedtls_ssl_chk_buf_ptr( const uint8_t *cur, * \param need Needed space in bytes. * */ -#define MBEDTLS_SSL_CHK_BUF_PTR( cur, end, need ) \ +#define MBEDTLS_SSL_CHK_BUF_PTR(cur, end, need) \ do { \ - if( mbedtls_ssl_chk_buf_ptr( ( cur ), ( end ), ( need ) ) != 0 ) \ + if (mbedtls_ssl_chk_buf_ptr((cur), (end), (need)) != 0) \ { \ - return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL ); \ + return MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL; \ } \ - } while( 0 ) + } while (0) #ifdef __cplusplus extern "C" { @@ -361,8 +363,7 @@ extern "C" { /* * Abstraction for a grid of allowed signature-hash-algorithm pairs. */ -struct mbedtls_ssl_sig_hash_set_t -{ +struct mbedtls_ssl_sig_hash_set_t { /* At the moment, we only need to remember a single suitable * hash algorithm per signature algorithm. As long as that's * the case - and we don't need a general lookup function - @@ -374,10 +375,10 @@ struct mbedtls_ssl_sig_hash_set_t #endif /* MBEDTLS_SSL_PROTO_TLS1_2 && MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ -typedef int mbedtls_ssl_tls_prf_cb( const unsigned char *secret, size_t slen, - const char *label, - const unsigned char *random, size_t rlen, - unsigned char *dstbuf, size_t dlen ); +typedef int mbedtls_ssl_tls_prf_cb(const unsigned char *secret, size_t slen, + const char *label, + const unsigned char *random, size_t rlen, + unsigned char *dstbuf, size_t dlen); /* cipher.h exports the maximum IV, key and block length from * all ciphers enabled in the config, regardless of whether those @@ -403,16 +404,15 @@ typedef int mbedtls_ssl_tls_prf_cb( const unsigned char *secret, size_t slen, * \brief The data structure holding the cryptographic material (key and IV) * used for record protection in TLS 1.3. */ -struct mbedtls_ssl_key_set -{ +struct mbedtls_ssl_key_set { /*! The key for client->server records. */ - unsigned char client_write_key[ MBEDTLS_SSL_MAX_KEY_LENGTH ]; + unsigned char client_write_key[MBEDTLS_SSL_MAX_KEY_LENGTH]; /*! The key for server->client records. */ - unsigned char server_write_key[ MBEDTLS_SSL_MAX_KEY_LENGTH ]; + unsigned char server_write_key[MBEDTLS_SSL_MAX_KEY_LENGTH]; /*! The IV for client->server records. */ - unsigned char client_write_iv[ MBEDTLS_SSL_MAX_IV_LENGTH ]; + unsigned char client_write_iv[MBEDTLS_SSL_MAX_IV_LENGTH]; /*! The IV for server->client records. */ - unsigned char server_write_iv[ MBEDTLS_SSL_MAX_IV_LENGTH ]; + unsigned char server_write_iv[MBEDTLS_SSL_MAX_IV_LENGTH]; size_t key_len; /*!< The length of client_write_key and * server_write_key, in Bytes. */ @@ -424,8 +424,7 @@ typedef struct mbedtls_ssl_key_set mbedtls_ssl_key_set; /* * This structure contains the parameters only needed during handshake. */ -struct mbedtls_ssl_handshake_params -{ +struct mbedtls_ssl_handshake_params { /* * Handshake specific crypto variables */ @@ -544,16 +543,14 @@ struct mbedtls_ssl_handshake_params #endif /* MBEDTLS_X509_CRT_PARSE_C && !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ #if defined(MBEDTLS_SSL_PROTO_DTLS) - struct - { + struct { size_t total_bytes_buffered; /*!< Cumulative size of heap allocated * buffers used for message buffering. */ uint8_t seen_ccs; /*!< Indicates if a CCS message has * been seen in the current flight. */ - struct mbedtls_ssl_hs_buffer - { + struct mbedtls_ssl_hs_buffer { unsigned is_valid : 1; unsigned is_fragmented : 1; unsigned is_complete : 1; @@ -561,8 +558,7 @@ struct mbedtls_ssl_handshake_params size_t data_len; } hs[MBEDTLS_SSL_MAX_BUFFERED_HS]; - struct - { + struct { unsigned char *data; size_t len; unsigned epoch; @@ -585,7 +581,7 @@ struct mbedtls_ssl_handshake_params unsigned int in_flight_start_seq; /*!< Minimum message sequence in the flight being received */ mbedtls_ssl_transform *alt_transform_out; /*!< Alternative transform for - resending messages */ + resending messages */ unsigned char alt_out_ctr[8]; /*!< Alternative record epoch/counter for resending messages */ @@ -596,7 +592,7 @@ struct mbedtls_ssl_handshake_params * has been negotiated. Possible values are * #MBEDTLS_SSL_CID_ENABLED and * #MBEDTLS_SSL_CID_DISABLED. */ - unsigned char peer_cid[ MBEDTLS_SSL_CID_OUT_LEN_MAX ]; /*! The peer's CID */ + unsigned char peer_cid[MBEDTLS_SSL_CID_OUT_LEN_MAX]; /*! The peer's CID */ uint8_t peer_cid_len; /*!< The length of * \c peer_cid. */ #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ @@ -631,7 +627,7 @@ struct mbedtls_ssl_handshake_params unsigned char randbytes[64]; /*!< random bytes */ unsigned char premaster[MBEDTLS_PREMASTER_SIZE]; - /*!< premaster secret */ + /*!< premaster secret */ #if defined(MBEDTLS_SSL_ASYNC_PRIVATE) /** Asynchronous operation context. This field is meant for use by the @@ -744,8 +740,7 @@ typedef struct mbedtls_ssl_hs_buffer mbedtls_ssl_hs_buffer; * in other transformations. * */ -struct mbedtls_ssl_transform -{ +struct mbedtls_ssl_transform { /* * Session specific crypto layer */ @@ -782,8 +777,8 @@ struct mbedtls_ssl_transform #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) uint8_t in_cid_len; uint8_t out_cid_len; - unsigned char in_cid [ MBEDTLS_SSL_CID_IN_LEN_MAX ]; - unsigned char out_cid[ MBEDTLS_SSL_CID_OUT_LEN_MAX ]; + unsigned char in_cid[MBEDTLS_SSL_CID_IN_LEN_MAX]; + unsigned char out_cid[MBEDTLS_SSL_CID_OUT_LEN_MAX]; #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ /* @@ -806,13 +801,13 @@ struct mbedtls_ssl_transform * Equivalently, return 0 if a separate MAC is used, 1 otherwise. */ static inline int mbedtls_ssl_transform_uses_aead( - const mbedtls_ssl_transform *transform ) + const mbedtls_ssl_transform *transform) { #if defined(MBEDTLS_SSL_SOME_MODES_USE_MAC) - return( transform->maclen == 0 && transform->taglen != 0 ); + return transform->maclen == 0 && transform->taglen != 0; #else (void) transform; - return( 1 ); + return 1; #endif } @@ -842,8 +837,7 @@ static inline int mbedtls_ssl_transform_uses_aead( #define MBEDTLS_SSL_CID_LEN_MAX MBEDTLS_SSL_CID_IN_LEN_MAX #endif -typedef struct -{ +typedef struct { uint8_t ctr[8]; /* In TLS: The implicit record sequence number. * In DTLS: The 2-byte epoch followed by * the 6-byte sequence number. @@ -866,7 +860,7 @@ typedef struct #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) uint8_t cid_len; /* Length of the CID (0 if not present) */ - unsigned char cid[ MBEDTLS_SSL_CID_LEN_MAX ]; /* The CID */ + unsigned char cid[MBEDTLS_SSL_CID_LEN_MAX]; /* The CID */ #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ } mbedtls_record; @@ -874,8 +868,7 @@ typedef struct /* * List of certificate + private key pairs */ -struct mbedtls_ssl_key_cert -{ +struct mbedtls_ssl_key_cert { mbedtls_x509_crt *cert; /*!< cert */ mbedtls_pk_context *key; /*!< private key */ mbedtls_ssl_key_cert *next; /*!< next key/cert pair */ @@ -886,8 +879,7 @@ struct mbedtls_ssl_key_cert /* * List of handshake messages kept around for resending */ -struct mbedtls_ssl_flight_item -{ +struct mbedtls_ssl_flight_item { unsigned char *p; /*!< message, including handshake headers */ size_t len; /*!< length of p */ unsigned char type; /*!< type of the message: handshake or CCS */ @@ -899,20 +891,20 @@ struct mbedtls_ssl_flight_item defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) /* Find an entry in a signature-hash set matching a given hash algorithm. */ -mbedtls_md_type_t mbedtls_ssl_sig_hash_set_find( mbedtls_ssl_sig_hash_set_t *set, - mbedtls_pk_type_t sig_alg ); +mbedtls_md_type_t mbedtls_ssl_sig_hash_set_find(mbedtls_ssl_sig_hash_set_t *set, + mbedtls_pk_type_t sig_alg); /* Add a signature-hash-pair to a signature-hash set */ -void mbedtls_ssl_sig_hash_set_add( mbedtls_ssl_sig_hash_set_t *set, - mbedtls_pk_type_t sig_alg, - mbedtls_md_type_t md_alg ); +void mbedtls_ssl_sig_hash_set_add(mbedtls_ssl_sig_hash_set_t *set, + mbedtls_pk_type_t sig_alg, + mbedtls_md_type_t md_alg); /* Allow exactly one hash algorithm for each signature. */ -void mbedtls_ssl_sig_hash_set_const_hash( mbedtls_ssl_sig_hash_set_t *set, - mbedtls_md_type_t md_alg ); +void mbedtls_ssl_sig_hash_set_const_hash(mbedtls_ssl_sig_hash_set_t *set, + mbedtls_md_type_t md_alg); /* Setup an empty signature-hash set */ -static inline void mbedtls_ssl_sig_hash_set_init( mbedtls_ssl_sig_hash_set_t *set ) +static inline void mbedtls_ssl_sig_hash_set_init(mbedtls_ssl_sig_hash_set_t *set) { - mbedtls_ssl_sig_hash_set_const_hash( set, MBEDTLS_MD_NONE ); + mbedtls_ssl_sig_hash_set_const_hash(set, MBEDTLS_MD_NONE); } #endif /* MBEDTLS_SSL_PROTO_TLS1_2) && @@ -924,7 +916,7 @@ static inline void mbedtls_ssl_sig_hash_set_init( mbedtls_ssl_sig_hash_set_t *se * * \param transform SSL transform context */ -void mbedtls_ssl_transform_free( mbedtls_ssl_transform *transform ); +void mbedtls_ssl_transform_free(mbedtls_ssl_transform *transform); /** * \brief Free referenced items in an SSL handshake context and clear @@ -932,26 +924,26 @@ void mbedtls_ssl_transform_free( mbedtls_ssl_transform *transform ); * * \param ssl SSL context */ -void mbedtls_ssl_handshake_free( mbedtls_ssl_context *ssl ); +void mbedtls_ssl_handshake_free(mbedtls_ssl_context *ssl); MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_handshake_client_step( mbedtls_ssl_context *ssl ); +int mbedtls_ssl_handshake_client_step(mbedtls_ssl_context *ssl); MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_handshake_server_step( mbedtls_ssl_context *ssl ); -void mbedtls_ssl_handshake_wrapup( mbedtls_ssl_context *ssl ); +int mbedtls_ssl_handshake_server_step(mbedtls_ssl_context *ssl); +void mbedtls_ssl_handshake_wrapup(mbedtls_ssl_context *ssl); MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_send_fatal_handshake_failure( mbedtls_ssl_context *ssl ); +int mbedtls_ssl_send_fatal_handshake_failure(mbedtls_ssl_context *ssl); -void mbedtls_ssl_reset_checksum( mbedtls_ssl_context *ssl ); +void mbedtls_ssl_reset_checksum(mbedtls_ssl_context *ssl); MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl ); +int mbedtls_ssl_derive_keys(mbedtls_ssl_context *ssl); MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_handle_message_type( mbedtls_ssl_context *ssl ); +int mbedtls_ssl_handle_message_type(mbedtls_ssl_context *ssl); MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_prepare_handshake_record( mbedtls_ssl_context *ssl ); -void mbedtls_ssl_update_handshake_status( mbedtls_ssl_context *ssl ); +int mbedtls_ssl_prepare_handshake_record(mbedtls_ssl_context *ssl); +void mbedtls_ssl_update_handshake_status(mbedtls_ssl_context *ssl); /** * \brief Update record layer @@ -1030,39 +1022,39 @@ void mbedtls_ssl_update_handshake_status( mbedtls_ssl_context *ssl ); * */ MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_read_record( mbedtls_ssl_context *ssl, - unsigned update_hs_digest ); +int mbedtls_ssl_read_record(mbedtls_ssl_context *ssl, + unsigned update_hs_digest); MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want ); +int mbedtls_ssl_fetch_input(mbedtls_ssl_context *ssl, size_t nb_want); MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_write_handshake_msg( mbedtls_ssl_context *ssl ); +int mbedtls_ssl_write_handshake_msg(mbedtls_ssl_context *ssl); MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl, uint8_t force_flush ); +int mbedtls_ssl_write_record(mbedtls_ssl_context *ssl, uint8_t force_flush); MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_flush_output( mbedtls_ssl_context *ssl ); +int mbedtls_ssl_flush_output(mbedtls_ssl_context *ssl); MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl ); +int mbedtls_ssl_parse_certificate(mbedtls_ssl_context *ssl); MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_write_certificate( mbedtls_ssl_context *ssl ); +int mbedtls_ssl_write_certificate(mbedtls_ssl_context *ssl); MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_parse_change_cipher_spec( mbedtls_ssl_context *ssl ); +int mbedtls_ssl_parse_change_cipher_spec(mbedtls_ssl_context *ssl); MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_write_change_cipher_spec( mbedtls_ssl_context *ssl ); +int mbedtls_ssl_write_change_cipher_spec(mbedtls_ssl_context *ssl); MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_parse_finished( mbedtls_ssl_context *ssl ); +int mbedtls_ssl_parse_finished(mbedtls_ssl_context *ssl); MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_write_finished( mbedtls_ssl_context *ssl ); +int mbedtls_ssl_write_finished(mbedtls_ssl_context *ssl); -void mbedtls_ssl_optimize_checksum( mbedtls_ssl_context *ssl, - const mbedtls_ssl_ciphersuite_t *ciphersuite_info ); +void mbedtls_ssl_optimize_checksum(mbedtls_ssl_context *ssl, + const mbedtls_ssl_ciphersuite_t *ciphersuite_info); #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl, mbedtls_key_exchange_type_t key_ex ); +int mbedtls_ssl_psk_derive_premaster(mbedtls_ssl_context *ssl, mbedtls_key_exchange_type_t key_ex); /** * Get the first defined PSK by order of precedence: @@ -1070,29 +1062,22 @@ int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl, mbedtls_key_exch * 2. static PSK configured by \c mbedtls_ssl_conf_psk() * Return a code and update the pair (PSK, PSK length) passed to this function */ -static inline int mbedtls_ssl_get_psk( const mbedtls_ssl_context *ssl, - const unsigned char **psk, size_t *psk_len ) +static inline int mbedtls_ssl_get_psk(const mbedtls_ssl_context *ssl, + const unsigned char **psk, size_t *psk_len) { - if( ssl->handshake->psk != NULL && ssl->handshake->psk_len > 0 ) - { + if (ssl->handshake->psk != NULL && ssl->handshake->psk_len > 0) { *psk = ssl->handshake->psk; *psk_len = ssl->handshake->psk_len; - } - - else if( ssl->conf->psk != NULL && ssl->conf->psk_len > 0 ) - { + } else if (ssl->conf->psk != NULL && ssl->conf->psk_len > 0) { *psk = ssl->conf->psk; *psk_len = ssl->conf->psk_len; - } - - else - { + } else { *psk = NULL; *psk_len = 0; - return( MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED ); + return MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED; } - return( 0 ); + return 0; } #if defined(MBEDTLS_USE_PSA_CRYPTO) @@ -1104,50 +1089,51 @@ static inline int mbedtls_ssl_get_psk( const mbedtls_ssl_context *ssl, * Return an opaque PSK */ static inline psa_key_id_t mbedtls_ssl_get_opaque_psk( - const mbedtls_ssl_context *ssl ) + const mbedtls_ssl_context *ssl) { - if( ! mbedtls_svc_key_id_is_null( ssl->handshake->psk_opaque ) ) - return( ssl->handshake->psk_opaque ); + if (!mbedtls_svc_key_id_is_null(ssl->handshake->psk_opaque)) { + return ssl->handshake->psk_opaque; + } - if( ! mbedtls_svc_key_id_is_null( ssl->conf->psk_opaque ) ) - return( ssl->conf->psk_opaque ); + if (!mbedtls_svc_key_id_is_null(ssl->conf->psk_opaque)) { + return ssl->conf->psk_opaque; + } - return( MBEDTLS_SVC_KEY_ID_INIT ); + return MBEDTLS_SVC_KEY_ID_INIT; } #endif /* MBEDTLS_USE_PSA_CRYPTO */ #endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ #if defined(MBEDTLS_PK_C) -unsigned char mbedtls_ssl_sig_from_pk( mbedtls_pk_context *pk ); -unsigned char mbedtls_ssl_sig_from_pk_alg( mbedtls_pk_type_t type ); -mbedtls_pk_type_t mbedtls_ssl_pk_alg_from_sig( unsigned char sig ); +unsigned char mbedtls_ssl_sig_from_pk(mbedtls_pk_context *pk); +unsigned char mbedtls_ssl_sig_from_pk_alg(mbedtls_pk_type_t type); +mbedtls_pk_type_t mbedtls_ssl_pk_alg_from_sig(unsigned char sig); #endif -mbedtls_md_type_t mbedtls_ssl_md_alg_from_hash( unsigned char hash ); -unsigned char mbedtls_ssl_hash_from_md_alg( int md ); +mbedtls_md_type_t mbedtls_ssl_md_alg_from_hash(unsigned char hash); +unsigned char mbedtls_ssl_hash_from_md_alg(int md); MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_set_calc_verify_md( mbedtls_ssl_context *ssl, int md ); +int mbedtls_ssl_set_calc_verify_md(mbedtls_ssl_context *ssl, int md); #if defined(MBEDTLS_ECP_C) MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_check_curve( const mbedtls_ssl_context *ssl, mbedtls_ecp_group_id grp_id ); +int mbedtls_ssl_check_curve(const mbedtls_ssl_context *ssl, mbedtls_ecp_group_id grp_id); MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_check_curve_tls_id( const mbedtls_ssl_context *ssl, uint16_t tls_id ); +int mbedtls_ssl_check_curve_tls_id(const mbedtls_ssl_context *ssl, uint16_t tls_id); #endif #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_check_sig_hash( const mbedtls_ssl_context *ssl, - mbedtls_md_type_t md ); +int mbedtls_ssl_check_sig_hash(const mbedtls_ssl_context *ssl, + mbedtls_md_type_t md); #endif #if defined(MBEDTLS_SSL_DTLS_SRTP) static inline mbedtls_ssl_srtp_profile mbedtls_ssl_check_srtp_profile_value - ( const uint16_t srtp_profile_value ) + (const uint16_t srtp_profile_value) { - switch( srtp_profile_value ) - { + switch (srtp_profile_value) { case MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_80: case MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32: case MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_80: @@ -1155,33 +1141,35 @@ static inline mbedtls_ssl_srtp_profile mbedtls_ssl_check_srtp_profile_value return srtp_profile_value; default: break; } - return( MBEDTLS_TLS_SRTP_UNSET ); + return MBEDTLS_TLS_SRTP_UNSET; } #endif #if defined(MBEDTLS_X509_CRT_PARSE_C) -static inline mbedtls_pk_context *mbedtls_ssl_own_key( mbedtls_ssl_context *ssl ) +static inline mbedtls_pk_context *mbedtls_ssl_own_key(mbedtls_ssl_context *ssl) { mbedtls_ssl_key_cert *key_cert; - if( ssl->handshake != NULL && ssl->handshake->key_cert != NULL ) + if (ssl->handshake != NULL && ssl->handshake->key_cert != NULL) { key_cert = ssl->handshake->key_cert; - else + } else { key_cert = ssl->conf->key_cert; + } - return( key_cert == NULL ? NULL : key_cert->key ); + return key_cert == NULL ? NULL : key_cert->key; } -static inline mbedtls_x509_crt *mbedtls_ssl_own_cert( mbedtls_ssl_context *ssl ) +static inline mbedtls_x509_crt *mbedtls_ssl_own_cert(mbedtls_ssl_context *ssl) { mbedtls_ssl_key_cert *key_cert; - if( ssl->handshake != NULL && ssl->handshake->key_cert != NULL ) + if (ssl->handshake != NULL && ssl->handshake->key_cert != NULL) { key_cert = ssl->handshake->key_cert; - else + } else { key_cert = ssl->conf->key_cert; + } - return( key_cert == NULL ? NULL : key_cert->cert ); + return key_cert == NULL ? NULL : key_cert->cert; } /* @@ -1194,77 +1182,76 @@ static inline mbedtls_x509_crt *mbedtls_ssl_own_cert( mbedtls_ssl_context *ssl ) * Return 0 if everything is OK, -1 if not. */ MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_check_cert_usage( const mbedtls_x509_crt *cert, - const mbedtls_ssl_ciphersuite_t *ciphersuite, - int cert_endpoint, - uint32_t *flags ); +int mbedtls_ssl_check_cert_usage(const mbedtls_x509_crt *cert, + const mbedtls_ssl_ciphersuite_t *ciphersuite, + int cert_endpoint, + uint32_t *flags); #endif /* MBEDTLS_X509_CRT_PARSE_C */ -void mbedtls_ssl_write_version( int major, int minor, int transport, - unsigned char ver[2] ); -void mbedtls_ssl_read_version( int *major, int *minor, int transport, - const unsigned char ver[2] ); +void mbedtls_ssl_write_version(int major, int minor, int transport, + unsigned char ver[2]); +void mbedtls_ssl_read_version(int *major, int *minor, int transport, + const unsigned char ver[2]); -static inline size_t mbedtls_ssl_in_hdr_len( const mbedtls_ssl_context *ssl ) +static inline size_t mbedtls_ssl_in_hdr_len(const mbedtls_ssl_context *ssl) { #if !defined(MBEDTLS_SSL_PROTO_DTLS) ((void) ssl); #endif #if defined(MBEDTLS_SSL_PROTO_DTLS) - if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) - { - return( 13 ); - } - else + if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { + return 13; + } else #endif /* MBEDTLS_SSL_PROTO_DTLS */ { - return( 5 ); + return 5; } } -static inline size_t mbedtls_ssl_out_hdr_len( const mbedtls_ssl_context *ssl ) +static inline size_t mbedtls_ssl_out_hdr_len(const mbedtls_ssl_context *ssl) { - return( (size_t) ( ssl->out_iv - ssl->out_hdr ) ); + return (size_t) (ssl->out_iv - ssl->out_hdr); } -static inline size_t mbedtls_ssl_hs_hdr_len( const mbedtls_ssl_context *ssl ) +static inline size_t mbedtls_ssl_hs_hdr_len(const mbedtls_ssl_context *ssl) { #if defined(MBEDTLS_SSL_PROTO_DTLS) - if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) - return( 12 ); + if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { + return 12; + } #else ((void) ssl); #endif - return( 4 ); + return 4; } #if defined(MBEDTLS_SSL_PROTO_DTLS) -void mbedtls_ssl_send_flight_completed( mbedtls_ssl_context *ssl ); -void mbedtls_ssl_recv_flight_completed( mbedtls_ssl_context *ssl ); +void mbedtls_ssl_send_flight_completed(mbedtls_ssl_context *ssl); +void mbedtls_ssl_recv_flight_completed(mbedtls_ssl_context *ssl); MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_resend( mbedtls_ssl_context *ssl ); +int mbedtls_ssl_resend(mbedtls_ssl_context *ssl); MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_flight_transmit( mbedtls_ssl_context *ssl ); +int mbedtls_ssl_flight_transmit(mbedtls_ssl_context *ssl); #endif /* Visible for testing purposes only */ #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_dtls_replay_check( mbedtls_ssl_context const *ssl ); -void mbedtls_ssl_dtls_replay_update( mbedtls_ssl_context *ssl ); +int mbedtls_ssl_dtls_replay_check(mbedtls_ssl_context const *ssl); +void mbedtls_ssl_dtls_replay_update(mbedtls_ssl_context *ssl); #endif MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_session_copy( mbedtls_ssl_session *dst, - const mbedtls_ssl_session *src ); +int mbedtls_ssl_session_copy(mbedtls_ssl_session *dst, + const mbedtls_ssl_session *src); #if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \ defined(MBEDTLS_SSL_PROTO_TLS1_1) MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_get_key_exchange_md_ssl_tls( mbedtls_ssl_context *ssl, - unsigned char *output, - unsigned char *data, size_t data_len ); +int mbedtls_ssl_get_key_exchange_md_ssl_tls(mbedtls_ssl_context *ssl, + unsigned char *output, + unsigned char *data, size_t data_len); #endif /* MBEDTLS_SSL_PROTO_SSL3 || MBEDTLS_SSL_PROTO_TLS1 || \ MBEDTLS_SSL_PROTO_TLS1_1 */ @@ -1272,10 +1259,10 @@ int mbedtls_ssl_get_key_exchange_md_ssl_tls( mbedtls_ssl_context *ssl, defined(MBEDTLS_SSL_PROTO_TLS1_2) /* The hash buffer must have at least MBEDTLS_MD_MAX_SIZE bytes of length. */ MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_get_key_exchange_md_tls1_2( mbedtls_ssl_context *ssl, - unsigned char *hash, size_t *hashlen, - unsigned char *data, size_t data_len, - mbedtls_md_type_t md_alg ); +int mbedtls_ssl_get_key_exchange_md_tls1_2(mbedtls_ssl_context *ssl, + unsigned char *hash, size_t *hashlen, + unsigned char *data, size_t data_len, + mbedtls_md_type_t md_alg); #endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 || \ MBEDTLS_SSL_PROTO_TLS1_2 */ @@ -1283,70 +1270,71 @@ int mbedtls_ssl_get_key_exchange_md_tls1_2( mbedtls_ssl_context *ssl, } #endif -void mbedtls_ssl_transform_init( mbedtls_ssl_transform *transform ); +void mbedtls_ssl_transform_init(mbedtls_ssl_transform *transform); MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl, - mbedtls_ssl_transform *transform, - mbedtls_record *rec, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ); +int mbedtls_ssl_encrypt_buf(mbedtls_ssl_context *ssl, + mbedtls_ssl_transform *transform, + mbedtls_record *rec, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng); MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl, - mbedtls_ssl_transform *transform, - mbedtls_record *rec ); +int mbedtls_ssl_decrypt_buf(mbedtls_ssl_context const *ssl, + mbedtls_ssl_transform *transform, + mbedtls_record *rec); /* Length of the "epoch" field in the record header */ -static inline size_t mbedtls_ssl_ep_len( const mbedtls_ssl_context *ssl ) +static inline size_t mbedtls_ssl_ep_len(const mbedtls_ssl_context *ssl) { #if defined(MBEDTLS_SSL_PROTO_DTLS) - if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) - return( 2 ); + if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { + return 2; + } #else ((void) ssl); #endif - return( 0 ); + return 0; } #if defined(MBEDTLS_SSL_PROTO_DTLS) MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_resend_hello_request( mbedtls_ssl_context *ssl ); +int mbedtls_ssl_resend_hello_request(mbedtls_ssl_context *ssl); #endif /* MBEDTLS_SSL_PROTO_DTLS */ -void mbedtls_ssl_set_timer( mbedtls_ssl_context *ssl, uint32_t millisecs ); +void mbedtls_ssl_set_timer(mbedtls_ssl_context *ssl, uint32_t millisecs); MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_check_timer( mbedtls_ssl_context *ssl ); +int mbedtls_ssl_check_timer(mbedtls_ssl_context *ssl); -void mbedtls_ssl_reset_in_out_pointers( mbedtls_ssl_context *ssl ); -void mbedtls_ssl_update_out_pointers( mbedtls_ssl_context *ssl, - mbedtls_ssl_transform *transform ); -void mbedtls_ssl_update_in_pointers( mbedtls_ssl_context *ssl ); +void mbedtls_ssl_reset_in_out_pointers(mbedtls_ssl_context *ssl); +void mbedtls_ssl_update_out_pointers(mbedtls_ssl_context *ssl, + mbedtls_ssl_transform *transform); +void mbedtls_ssl_update_in_pointers(mbedtls_ssl_context *ssl); MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_session_reset_int( mbedtls_ssl_context *ssl, int partial ); +int mbedtls_ssl_session_reset_int(mbedtls_ssl_context *ssl, int partial); #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) -void mbedtls_ssl_dtls_replay_reset( mbedtls_ssl_context *ssl ); +void mbedtls_ssl_dtls_replay_reset(mbedtls_ssl_context *ssl); #endif -void mbedtls_ssl_handshake_wrapup_free_hs_transform( mbedtls_ssl_context *ssl ); +void mbedtls_ssl_handshake_wrapup_free_hs_transform(mbedtls_ssl_context *ssl); #if defined(MBEDTLS_SSL_RENEGOTIATION) MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_start_renegotiation( mbedtls_ssl_context *ssl ); +int mbedtls_ssl_start_renegotiation(mbedtls_ssl_context *ssl); #endif /* MBEDTLS_SSL_RENEGOTIATION */ #if defined(MBEDTLS_SSL_PROTO_DTLS) -size_t mbedtls_ssl_get_current_mtu( const mbedtls_ssl_context *ssl ); -void mbedtls_ssl_buffering_free( mbedtls_ssl_context *ssl ); -void mbedtls_ssl_flight_free( mbedtls_ssl_flight_item *flight ); +size_t mbedtls_ssl_get_current_mtu(const mbedtls_ssl_context *ssl); +void mbedtls_ssl_buffering_free(mbedtls_ssl_context *ssl); +void mbedtls_ssl_flight_free(mbedtls_ssl_flight_item *flight); #endif /* MBEDTLS_SSL_PROTO_DTLS */ #if defined(MBEDTLS_TEST_HOOKS) int mbedtls_ssl_check_dtls_clihlo_cookie( - mbedtls_ssl_context *ssl, - const unsigned char *cli_id, size_t cli_id_len, - const unsigned char *in, size_t in_len, - unsigned char *obuf, size_t buf_len, size_t *olen ); + mbedtls_ssl_context *ssl, + const unsigned char *cli_id, size_t cli_id_len, + const unsigned char *in, size_t in_len, + unsigned char *obuf, size_t buf_len, size_t *olen); #endif #endif /* ssl_internal.h */ diff --git a/thirdparty/mbedtls/include/mbedtls/ssl_ticket.h b/thirdparty/mbedtls/include/mbedtls/ssl_ticket.h index 8221051b24..401df7c854 100644 --- a/thirdparty/mbedtls/include/mbedtls/ssl_ticket.h +++ b/thirdparty/mbedtls/include/mbedtls/ssl_ticket.h @@ -48,8 +48,7 @@ extern "C" { /** * \brief Information for session ticket protection */ -typedef struct mbedtls_ssl_ticket_key -{ +typedef struct mbedtls_ssl_ticket_key { unsigned char name[4]; /*!< random key identifier */ uint32_t generation_time; /*!< key generation timestamp (seconds) */ mbedtls_cipher_context_t ctx; /*!< context for auth enc/decryption */ @@ -59,8 +58,7 @@ mbedtls_ssl_ticket_key; /** * \brief Context for session ticket handling functions */ -typedef struct mbedtls_ssl_ticket_context -{ +typedef struct mbedtls_ssl_ticket_context { mbedtls_ssl_ticket_key keys[2]; /*!< ticket protection keys */ unsigned char active; /*!< index of the currently active key */ @@ -83,7 +81,7 @@ mbedtls_ssl_ticket_context; * * \param ctx Context to be initialized */ -void mbedtls_ssl_ticket_init( mbedtls_ssl_ticket_context *ctx ); +void mbedtls_ssl_ticket_init(mbedtls_ssl_ticket_context *ctx); /** * \brief Prepare context to be actually used @@ -107,10 +105,10 @@ void mbedtls_ssl_ticket_init( mbedtls_ssl_ticket_context *ctx ); * \return 0 if successful, * or a specific MBEDTLS_ERR_XXX error code */ -int mbedtls_ssl_ticket_setup( mbedtls_ssl_ticket_context *ctx, - int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, - mbedtls_cipher_type_t cipher, - uint32_t lifetime ); +int mbedtls_ssl_ticket_setup(mbedtls_ssl_ticket_context *ctx, + int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, + mbedtls_cipher_type_t cipher, + uint32_t lifetime); /** * \brief Implementation of the ticket write callback @@ -131,7 +129,7 @@ mbedtls_ssl_ticket_parse_t mbedtls_ssl_ticket_parse; * * \param ctx Context to be cleaned up */ -void mbedtls_ssl_ticket_free( mbedtls_ssl_ticket_context *ctx ); +void mbedtls_ssl_ticket_free(mbedtls_ssl_ticket_context *ctx); #ifdef __cplusplus } diff --git a/thirdparty/mbedtls/include/mbedtls/threading.h b/thirdparty/mbedtls/include/mbedtls/threading.h index d147c73f06..25de77e7d4 100644 --- a/thirdparty/mbedtls/include/mbedtls/threading.h +++ b/thirdparty/mbedtls/include/mbedtls/threading.h @@ -46,8 +46,7 @@ extern "C" { #if defined(MBEDTLS_THREADING_PTHREAD) #include -typedef struct mbedtls_threading_mutex_t -{ +typedef struct mbedtls_threading_mutex_t { pthread_mutex_t mutex; /* is_valid is 0 after a failed init or a free, and nonzero after a * successful init. This field is not considered part of the public @@ -78,15 +77,15 @@ typedef struct mbedtls_threading_mutex_t * \param mutex_lock the lock function implementation * \param mutex_unlock the unlock function implementation */ -void mbedtls_threading_set_alt( void (*mutex_init)( mbedtls_threading_mutex_t * ), - void (*mutex_free)( mbedtls_threading_mutex_t * ), - int (*mutex_lock)( mbedtls_threading_mutex_t * ), - int (*mutex_unlock)( mbedtls_threading_mutex_t * ) ); +void mbedtls_threading_set_alt(void (*mutex_init)(mbedtls_threading_mutex_t *), + void (*mutex_free)(mbedtls_threading_mutex_t *), + int (*mutex_lock)(mbedtls_threading_mutex_t *), + int (*mutex_unlock)(mbedtls_threading_mutex_t *)); /** * \brief Free global mutexes. */ -void mbedtls_threading_free_alt( void ); +void mbedtls_threading_free_alt(void); #endif /* MBEDTLS_THREADING_ALT */ #if defined(MBEDTLS_THREADING_C) @@ -95,10 +94,10 @@ void mbedtls_threading_free_alt( void ); * * All these functions are expected to work or the result will be undefined. */ -extern void (*mbedtls_mutex_init)( mbedtls_threading_mutex_t *mutex ); -extern void (*mbedtls_mutex_free)( mbedtls_threading_mutex_t *mutex ); -extern int (*mbedtls_mutex_lock)( mbedtls_threading_mutex_t *mutex ); -extern int (*mbedtls_mutex_unlock)( mbedtls_threading_mutex_t *mutex ); +extern void (*mbedtls_mutex_init)(mbedtls_threading_mutex_t *mutex); +extern void (*mbedtls_mutex_free)(mbedtls_threading_mutex_t *mutex); +extern int (*mbedtls_mutex_lock)(mbedtls_threading_mutex_t *mutex); +extern int (*mbedtls_mutex_unlock)(mbedtls_threading_mutex_t *mutex); /* * Global mutexes diff --git a/thirdparty/mbedtls/include/mbedtls/timing.h b/thirdparty/mbedtls/include/mbedtls/timing.h index b7290cfcab..597ef75211 100644 --- a/thirdparty/mbedtls/include/mbedtls/timing.h +++ b/thirdparty/mbedtls/include/mbedtls/timing.h @@ -41,16 +41,14 @@ extern "C" { /** * \brief timer structure */ -struct mbedtls_timing_hr_time -{ +struct mbedtls_timing_hr_time { unsigned char opaque[32]; }; /** * \brief Context for mbedtls_timing_set/get_delay() */ -typedef struct mbedtls_timing_delay_context -{ +typedef struct mbedtls_timing_delay_context { struct mbedtls_timing_hr_time timer; uint32_t int_ms; uint32_t fin_ms; @@ -72,7 +70,7 @@ extern volatile int mbedtls_timing_alarmed; * \note This value starts at an unspecified origin and * may wrap around. */ -unsigned long mbedtls_timing_hardclock( void ); +unsigned long mbedtls_timing_hardclock(void); /** * \brief Return the elapsed time in milliseconds @@ -91,7 +89,7 @@ unsigned long mbedtls_timing_hardclock( void ); * get_timer(0) }` the value time1+time2 is only approximately * the delay since the first reset. */ -unsigned long mbedtls_timing_get_timer( struct mbedtls_timing_hr_time *val, int reset ); +unsigned long mbedtls_timing_get_timer(struct mbedtls_timing_hr_time *val, int reset); /** * \brief Setup an alarm clock @@ -103,7 +101,7 @@ unsigned long mbedtls_timing_get_timer( struct mbedtls_timing_hr_time *val, int * context, this means one for the whole process, not one per * thread. */ -void mbedtls_set_alarm( int seconds ); +void mbedtls_set_alarm(int seconds); /** * \brief Set a pair of delays to watch @@ -119,7 +117,7 @@ void mbedtls_set_alarm( int seconds ); * \note To set a single delay, either use \c mbedtls_timing_set_timer * directly or use this function with int_ms == fin_ms. */ -void mbedtls_timing_set_delay( void *data, uint32_t int_ms, uint32_t fin_ms ); +void mbedtls_timing_set_delay(void *data, uint32_t int_ms, uint32_t fin_ms); /** * \brief Get the status of delays @@ -133,7 +131,7 @@ void mbedtls_timing_set_delay( void *data, uint32_t int_ms, uint32_t fin_ms ); * 1 if only the intermediate delay is passed, * 2 if the final delay is passed. */ -int mbedtls_timing_get_delay( void *data ); +int mbedtls_timing_get_delay(void *data); #if defined(MBEDTLS_SELF_TEST) /** @@ -141,7 +139,7 @@ int mbedtls_timing_get_delay( void *data ); * * \return 0 if successful, or 1 if a test failed */ -int mbedtls_timing_self_test( int verbose ); +int mbedtls_timing_self_test(int verbose); #endif #ifdef __cplusplus diff --git a/thirdparty/mbedtls/include/mbedtls/version.h b/thirdparty/mbedtls/include/mbedtls/version.h index b3b441d46b..0ef52138fd 100644 --- a/thirdparty/mbedtls/include/mbedtls/version.h +++ b/thirdparty/mbedtls/include/mbedtls/version.h @@ -38,16 +38,16 @@ */ #define MBEDTLS_VERSION_MAJOR 2 #define MBEDTLS_VERSION_MINOR 28 -#define MBEDTLS_VERSION_PATCH 2 +#define MBEDTLS_VERSION_PATCH 3 /** * The single version number has the following structure: * MMNNPP00 * Major version | Minor version | Patch version */ -#define MBEDTLS_VERSION_NUMBER 0x021C0200 -#define MBEDTLS_VERSION_STRING "2.28.2" -#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 2.28.2" +#define MBEDTLS_VERSION_NUMBER 0x021C0300 +#define MBEDTLS_VERSION_STRING "2.28.3" +#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 2.28.3" #if defined(MBEDTLS_VERSION_C) @@ -61,7 +61,7 @@ extern "C" { * \return The constructed version number in the format * MMNNPP00 (Major, Minor, Patch). */ -unsigned int mbedtls_version_get_number( void ); +unsigned int mbedtls_version_get_number(void); /** * Get the version string ("x.y.z"). @@ -69,7 +69,7 @@ unsigned int mbedtls_version_get_number( void ); * \param string The string that will receive the value. * (Should be at least 9 bytes in size) */ -void mbedtls_version_get_string( char *string ); +void mbedtls_version_get_string(char *string); /** * Get the full version string ("mbed TLS x.y.z"). @@ -80,7 +80,7 @@ void mbedtls_version_get_string( char *string ); * (So the buffer should be at least 18 bytes to receive this * version string). */ -void mbedtls_version_get_string_full( char *string ); +void mbedtls_version_get_string_full(char *string); /** * \brief Check if support for a feature was compiled into this @@ -99,7 +99,7 @@ void mbedtls_version_get_string_full( char *string ); * -2 if support for feature checking as a whole was not * compiled in. */ -int mbedtls_version_check_feature( const char *feature ); +int mbedtls_version_check_feature(const char *feature); #ifdef __cplusplus } diff --git a/thirdparty/mbedtls/include/mbedtls/x509.h b/thirdparty/mbedtls/include/mbedtls/x509.h index 31b78df32f..8fd321a020 100644 --- a/thirdparty/mbedtls/include/mbedtls/x509.h +++ b/thirdparty/mbedtls/include/mbedtls/x509.h @@ -247,8 +247,7 @@ typedef mbedtls_asn1_named_data mbedtls_x509_name; typedef mbedtls_asn1_sequence mbedtls_x509_sequence; /** Container for date and time (precision in seconds). */ -typedef struct mbedtls_x509_time -{ +typedef struct mbedtls_x509_time { int year, mon, day; /**< Date. */ int hour, min, sec; /**< Time. */ } @@ -267,7 +266,7 @@ mbedtls_x509_time; * \return The length of the string written (not including the * terminated nul byte), or a negative error code. */ -int mbedtls_x509_dn_gets( char *buf, size_t size, const mbedtls_x509_name *dn ); +int mbedtls_x509_dn_gets(char *buf, size_t size, const mbedtls_x509_name *dn); /** * \brief Store the certificate serial in printable form into buf; @@ -280,7 +279,7 @@ int mbedtls_x509_dn_gets( char *buf, size_t size, const mbedtls_x509_name *dn ); * \return The length of the string written (not including the * terminated nul byte), or a negative error code. */ -int mbedtls_x509_serial_gets( char *buf, size_t size, const mbedtls_x509_buf *serial ); +int mbedtls_x509_serial_gets(char *buf, size_t size, const mbedtls_x509_buf *serial); /** * \brief Check a given mbedtls_x509_time against the system time @@ -294,7 +293,7 @@ int mbedtls_x509_serial_gets( char *buf, size_t size, const mbedtls_x509_buf *se * \return 1 if the given time is in the past or an error occurred, * 0 otherwise. */ -int mbedtls_x509_time_is_past( const mbedtls_x509_time *to ); +int mbedtls_x509_time_is_past(const mbedtls_x509_time *to); /** * \brief Check a given mbedtls_x509_time against the system time @@ -308,7 +307,7 @@ int mbedtls_x509_time_is_past( const mbedtls_x509_time *to ); * \return 1 if the given time is in the future or an error occurred, * 0 otherwise. */ -int mbedtls_x509_time_is_future( const mbedtls_x509_time *from ); +int mbedtls_x509_time_is_future(const mbedtls_x509_time *from); /** \} addtogroup x509_module */ @@ -319,7 +318,7 @@ int mbedtls_x509_time_is_future( const mbedtls_x509_time *from ); * * \return 0 if successful, or 1 if the test failed */ -int mbedtls_x509_self_test( int verbose ); +int mbedtls_x509_self_test(int verbose); #endif /* MBEDTLS_SELF_TEST */ @@ -327,51 +326,51 @@ int mbedtls_x509_self_test( int verbose ); * Internal module functions. You probably do not want to use these unless you * know you do. */ -int mbedtls_x509_get_name( unsigned char **p, const unsigned char *end, - mbedtls_x509_name *cur ); -int mbedtls_x509_get_alg_null( unsigned char **p, const unsigned char *end, - mbedtls_x509_buf *alg ); -int mbedtls_x509_get_alg( unsigned char **p, const unsigned char *end, - mbedtls_x509_buf *alg, mbedtls_x509_buf *params ); +int mbedtls_x509_get_name(unsigned char **p, const unsigned char *end, + mbedtls_x509_name *cur); +int mbedtls_x509_get_alg_null(unsigned char **p, const unsigned char *end, + mbedtls_x509_buf *alg); +int mbedtls_x509_get_alg(unsigned char **p, const unsigned char *end, + mbedtls_x509_buf *alg, mbedtls_x509_buf *params); #if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) -int mbedtls_x509_get_rsassa_pss_params( const mbedtls_x509_buf *params, - mbedtls_md_type_t *md_alg, mbedtls_md_type_t *mgf_md, - int *salt_len ); +int mbedtls_x509_get_rsassa_pss_params(const mbedtls_x509_buf *params, + mbedtls_md_type_t *md_alg, mbedtls_md_type_t *mgf_md, + int *salt_len); #endif -int mbedtls_x509_get_sig( unsigned char **p, const unsigned char *end, mbedtls_x509_buf *sig ); -int mbedtls_x509_get_sig_alg( const mbedtls_x509_buf *sig_oid, const mbedtls_x509_buf *sig_params, - mbedtls_md_type_t *md_alg, mbedtls_pk_type_t *pk_alg, - void **sig_opts ); -int mbedtls_x509_get_time( unsigned char **p, const unsigned char *end, - mbedtls_x509_time *t ); -int mbedtls_x509_get_serial( unsigned char **p, const unsigned char *end, - mbedtls_x509_buf *serial ); -int mbedtls_x509_get_ext( unsigned char **p, const unsigned char *end, - mbedtls_x509_buf *ext, int tag ); -int mbedtls_x509_sig_alg_gets( char *buf, size_t size, const mbedtls_x509_buf *sig_oid, - mbedtls_pk_type_t pk_alg, mbedtls_md_type_t md_alg, - const void *sig_opts ); -int mbedtls_x509_key_size_helper( char *buf, size_t buf_size, const char *name ); -int mbedtls_x509_string_to_names( mbedtls_asn1_named_data **head, const char *name ); -int mbedtls_x509_set_extension( mbedtls_asn1_named_data **head, const char *oid, size_t oid_len, - int critical, const unsigned char *val, - size_t val_len ); -int mbedtls_x509_write_extensions( unsigned char **p, unsigned char *start, - mbedtls_asn1_named_data *first ); -int mbedtls_x509_write_names( unsigned char **p, unsigned char *start, - mbedtls_asn1_named_data *first ); -int mbedtls_x509_write_sig( unsigned char **p, unsigned char *start, - const char *oid, size_t oid_len, - unsigned char *sig, size_t size ); +int mbedtls_x509_get_sig(unsigned char **p, const unsigned char *end, mbedtls_x509_buf *sig); +int mbedtls_x509_get_sig_alg(const mbedtls_x509_buf *sig_oid, const mbedtls_x509_buf *sig_params, + mbedtls_md_type_t *md_alg, mbedtls_pk_type_t *pk_alg, + void **sig_opts); +int mbedtls_x509_get_time(unsigned char **p, const unsigned char *end, + mbedtls_x509_time *t); +int mbedtls_x509_get_serial(unsigned char **p, const unsigned char *end, + mbedtls_x509_buf *serial); +int mbedtls_x509_get_ext(unsigned char **p, const unsigned char *end, + mbedtls_x509_buf *ext, int tag); +int mbedtls_x509_sig_alg_gets(char *buf, size_t size, const mbedtls_x509_buf *sig_oid, + mbedtls_pk_type_t pk_alg, mbedtls_md_type_t md_alg, + const void *sig_opts); +int mbedtls_x509_key_size_helper(char *buf, size_t buf_size, const char *name); +int mbedtls_x509_string_to_names(mbedtls_asn1_named_data **head, const char *name); +int mbedtls_x509_set_extension(mbedtls_asn1_named_data **head, const char *oid, size_t oid_len, + int critical, const unsigned char *val, + size_t val_len); +int mbedtls_x509_write_extensions(unsigned char **p, unsigned char *start, + mbedtls_asn1_named_data *first); +int mbedtls_x509_write_names(unsigned char **p, unsigned char *start, + mbedtls_asn1_named_data *first); +int mbedtls_x509_write_sig(unsigned char **p, unsigned char *start, + const char *oid, size_t oid_len, + unsigned char *sig, size_t size); #define MBEDTLS_X509_SAFE_SNPRINTF \ do { \ - if( ret < 0 || (size_t) ret >= n ) \ - return( MBEDTLS_ERR_X509_BUFFER_TOO_SMALL ); \ - \ + if (ret < 0 || (size_t) ret >= n) \ + return MBEDTLS_ERR_X509_BUFFER_TOO_SMALL; \ + \ n -= (size_t) ret; \ p += (size_t) ret; \ - } while( 0 ) + } while (0) #ifdef __cplusplus } diff --git a/thirdparty/mbedtls/include/mbedtls/x509_crl.h b/thirdparty/mbedtls/include/mbedtls/x509_crl.h index 9222009019..1405021407 100644 --- a/thirdparty/mbedtls/include/mbedtls/x509_crl.h +++ b/thirdparty/mbedtls/include/mbedtls/x509_crl.h @@ -47,8 +47,7 @@ extern "C" { * Certificate revocation list entry. * Contains the CA-specific serial numbers and revocation dates. */ -typedef struct mbedtls_x509_crl_entry -{ +typedef struct mbedtls_x509_crl_entry { mbedtls_x509_buf raw; mbedtls_x509_buf serial; @@ -65,8 +64,7 @@ mbedtls_x509_crl_entry; * Certificate revocation list structure. * Every CRL may have multiple entries. */ -typedef struct mbedtls_x509_crl -{ +typedef struct mbedtls_x509_crl { mbedtls_x509_buf raw; /**< The raw certificate data (DER). */ mbedtls_x509_buf tbs; /**< The raw certificate body (DER). The part that is To Be Signed. */ @@ -97,6 +95,10 @@ mbedtls_x509_crl; /** * \brief Parse a DER-encoded CRL and append it to the chained list * + * \note If #MBEDTLS_USE_PSA_CRYPTO is enabled, the PSA crypto + * subsystem must have been initialized by calling + * psa_crypto_init() before calling this function. + * * \param chain points to the start of the chain * \param buf buffer holding the CRL data in DER format * \param buflen size of the buffer @@ -104,13 +106,17 @@ mbedtls_x509_crl; * * \return 0 if successful, or a specific X509 or PEM error code */ -int mbedtls_x509_crl_parse_der( mbedtls_x509_crl *chain, - const unsigned char *buf, size_t buflen ); +int mbedtls_x509_crl_parse_der(mbedtls_x509_crl *chain, + const unsigned char *buf, size_t buflen); /** * \brief Parse one or more CRLs and append them to the chained list * * \note Multiple CRLs are accepted only if using PEM format * + * \note If #MBEDTLS_USE_PSA_CRYPTO is enabled, the PSA crypto + * subsystem must have been initialized by calling + * psa_crypto_init() before calling this function. + * * \param chain points to the start of the chain * \param buf buffer holding the CRL data in PEM or DER format * \param buflen size of the buffer @@ -118,7 +124,7 @@ int mbedtls_x509_crl_parse_der( mbedtls_x509_crl *chain, * * \return 0 if successful, or a specific X509 or PEM error code */ -int mbedtls_x509_crl_parse( mbedtls_x509_crl *chain, const unsigned char *buf, size_t buflen ); +int mbedtls_x509_crl_parse(mbedtls_x509_crl *chain, const unsigned char *buf, size_t buflen); #if defined(MBEDTLS_FS_IO) /** @@ -126,12 +132,16 @@ int mbedtls_x509_crl_parse( mbedtls_x509_crl *chain, const unsigned char *buf, s * * \note Multiple CRLs are accepted only if using PEM format * + * \note If #MBEDTLS_USE_PSA_CRYPTO is enabled, the PSA crypto + * subsystem must have been initialized by calling + * psa_crypto_init() before calling this function. + * * \param chain points to the start of the chain * \param path filename to read the CRLs from (in PEM or DER encoding) * * \return 0 if successful, or a specific X509 or PEM error code */ -int mbedtls_x509_crl_parse_file( mbedtls_x509_crl *chain, const char *path ); +int mbedtls_x509_crl_parse_file(mbedtls_x509_crl *chain, const char *path); #endif /* MBEDTLS_FS_IO */ /** @@ -145,22 +155,22 @@ int mbedtls_x509_crl_parse_file( mbedtls_x509_crl *chain, const char *path ); * \return The length of the string written (not including the * terminated nul byte), or a negative error code. */ -int mbedtls_x509_crl_info( char *buf, size_t size, const char *prefix, - const mbedtls_x509_crl *crl ); +int mbedtls_x509_crl_info(char *buf, size_t size, const char *prefix, + const mbedtls_x509_crl *crl); /** * \brief Initialize a CRL (chain) * * \param crl CRL chain to initialize */ -void mbedtls_x509_crl_init( mbedtls_x509_crl *crl ); +void mbedtls_x509_crl_init(mbedtls_x509_crl *crl); /** * \brief Unallocate all CRL data * * \param crl CRL chain to free */ -void mbedtls_x509_crl_free( mbedtls_x509_crl *crl ); +void mbedtls_x509_crl_free(mbedtls_x509_crl *crl); /** \} name Structures and functions for parsing CRLs */ /** \} addtogroup x509_module */ diff --git a/thirdparty/mbedtls/include/mbedtls/x509_crt.h b/thirdparty/mbedtls/include/mbedtls/x509_crt.h index 0f2885a7ee..466611f797 100644 --- a/thirdparty/mbedtls/include/mbedtls/x509_crt.h +++ b/thirdparty/mbedtls/include/mbedtls/x509_crt.h @@ -49,8 +49,7 @@ extern "C" { /** * Container for an X.509 certificate. The certificate may be chained. */ -typedef struct mbedtls_x509_crt -{ +typedef struct mbedtls_x509_crt { int own_buffer; /**< Indicates if \c raw is owned * by the structure or not. */ mbedtls_x509_buf raw; /**< The raw certificate data (DER). */ @@ -104,24 +103,21 @@ mbedtls_x509_crt; * type-id OBJECT IDENTIFIER, * value [0] EXPLICIT ANY DEFINED BY type-id } */ -typedef struct mbedtls_x509_san_other_name -{ +typedef struct mbedtls_x509_san_other_name { /** * The type_id is an OID as defined in RFC 5280. * To check the value of the type id, you should use * \p MBEDTLS_OID_CMP with a known OID mbedtls_x509_buf. */ mbedtls_x509_buf type_id; /**< The type id. */ - union - { + union { /** * From RFC 4108 section 5: * HardwareModuleName ::= SEQUENCE { * hwType OBJECT IDENTIFIER, * hwSerialNum OCTET STRING } */ - struct - { + struct { mbedtls_x509_buf oid; /**< The object identifier. */ mbedtls_x509_buf val; /**< The named value. */ } @@ -134,8 +130,7 @@ mbedtls_x509_san_other_name; /** * A structure for holding the parsed Subject Alternative Name, according to type */ -typedef struct mbedtls_x509_subject_alternative_name -{ +typedef struct mbedtls_x509_subject_alternative_name { int type; /**< The SAN type, value of MBEDTLS_X509_SAN_XXX. */ union { mbedtls_x509_san_other_name other_name; /**< The otherName supported type. */ @@ -149,15 +144,14 @@ mbedtls_x509_subject_alternative_name; * Build flag from an algorithm/curve identifier (pk, md, ecp) * Since 0 is always XXX_NONE, ignore it. */ -#define MBEDTLS_X509_ID_FLAG( id ) ( 1 << ( (id) - 1 ) ) +#define MBEDTLS_X509_ID_FLAG(id) (1 << ((id) - 1)) /** * Security profile for certificate verification. * * All lists are bitfields, built by ORing flags from MBEDTLS_X509_ID_FLAG(). */ -typedef struct mbedtls_x509_crt_profile -{ +typedef struct mbedtls_x509_crt_profile { uint32_t allowed_mds; /**< MDs for signatures */ uint32_t allowed_pks; /**< PK algs for public keys; * this applies to all certificates @@ -174,15 +168,14 @@ mbedtls_x509_crt_profile; #define MBEDTLS_X509_RFC5280_MAX_SERIAL_LEN 32 #define MBEDTLS_X509_RFC5280_UTC_TIME_LEN 15 -#if !defined( MBEDTLS_X509_MAX_FILE_PATH_LEN ) +#if !defined(MBEDTLS_X509_MAX_FILE_PATH_LEN) #define MBEDTLS_X509_MAX_FILE_PATH_LEN 512 #endif /** * Container for writing a certificate (CRT) */ -typedef struct mbedtls_x509write_cert -{ +typedef struct mbedtls_x509write_cert { int version; mbedtls_mpi serial; mbedtls_pk_context *subject_key; @@ -207,13 +200,12 @@ typedef struct { /** * Max size of verification chain: end-entity + intermediates + trusted root */ -#define MBEDTLS_X509_MAX_VERIFY_CHAIN_SIZE ( MBEDTLS_X509_MAX_INTERMEDIATE_CA + 2 ) +#define MBEDTLS_X509_MAX_VERIFY_CHAIN_SIZE (MBEDTLS_X509_MAX_INTERMEDIATE_CA + 2) /** * Verification chain as built by \c mbedtls_crt_verify_chain() */ -typedef struct -{ +typedef struct { mbedtls_x509_crt_verify_chain_item items[MBEDTLS_X509_MAX_VERIFY_CHAIN_SIZE]; unsigned len; @@ -231,8 +223,7 @@ typedef struct /** * \brief Context for resuming X.509 verify operations */ -typedef struct -{ +typedef struct { /* for check_signature() */ mbedtls_pk_restart_ctx pk; @@ -292,6 +283,10 @@ extern const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_suiteb; * \brief Parse a single DER formatted certificate and add it * to the end of the provided chained list. * + * \note If #MBEDTLS_USE_PSA_CRYPTO is enabled, the PSA crypto + * subsystem must have been initialized by calling + * psa_crypto_init() before calling this function. + * * \param chain The pointer to the start of the CRT chain to attach to. * When parsing the first CRT in a chain, this should point * to an instance of ::mbedtls_x509_crt initialized through @@ -308,9 +303,9 @@ extern const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_suiteb; * \return \c 0 if successful. * \return A negative error code on failure. */ -int mbedtls_x509_crt_parse_der( mbedtls_x509_crt *chain, - const unsigned char *buf, - size_t buflen ); +int mbedtls_x509_crt_parse_der(mbedtls_x509_crt *chain, + const unsigned char *buf, + size_t buflen); /** * \brief The type of certificate extension callbacks. @@ -342,17 +337,21 @@ int mbedtls_x509_crt_parse_der( mbedtls_x509_crt *chain, * \return \c 0 on success. * \return A negative error code on failure. */ -typedef int (*mbedtls_x509_crt_ext_cb_t)( void *p_ctx, - mbedtls_x509_crt const *crt, - mbedtls_x509_buf const *oid, - int critical, - const unsigned char *p, - const unsigned char *end ); +typedef int (*mbedtls_x509_crt_ext_cb_t)(void *p_ctx, + mbedtls_x509_crt const *crt, + mbedtls_x509_buf const *oid, + int critical, + const unsigned char *p, + const unsigned char *end); /** * \brief Parse a single DER formatted certificate and add it * to the end of the provided chained list. * + * \note If #MBEDTLS_USE_PSA_CRYPTO is enabled, the PSA crypto + * subsystem must have been initialized by calling + * psa_crypto_init() before calling this function. + * * \param chain The pointer to the start of the CRT chain to attach to. * When parsing the first CRT in a chain, this should point * to an instance of ::mbedtls_x509_crt initialized through @@ -389,12 +388,12 @@ typedef int (*mbedtls_x509_crt_ext_cb_t)( void *p_ctx, * \return \c 0 if successful. * \return A negative error code on failure. */ -int mbedtls_x509_crt_parse_der_with_ext_cb( mbedtls_x509_crt *chain, - const unsigned char *buf, - size_t buflen, - int make_copy, - mbedtls_x509_crt_ext_cb_t cb, - void *p_ctx ); +int mbedtls_x509_crt_parse_der_with_ext_cb(mbedtls_x509_crt *chain, + const unsigned char *buf, + size_t buflen, + int make_copy, + mbedtls_x509_crt_ext_cb_t cb, + void *p_ctx); /** * \brief Parse a single DER formatted certificate and add it @@ -403,6 +402,10 @@ int mbedtls_x509_crt_parse_der_with_ext_cb( mbedtls_x509_crt *chain, * temporary ownership of the CRT buffer until the CRT * is destroyed. * + * \note If #MBEDTLS_USE_PSA_CRYPTO is enabled, the PSA crypto + * subsystem must have been initialized by calling + * psa_crypto_init() before calling this function. + * * \param chain The pointer to the start of the CRT chain to attach to. * When parsing the first CRT in a chain, this should point * to an instance of ::mbedtls_x509_crt initialized through @@ -423,9 +426,9 @@ int mbedtls_x509_crt_parse_der_with_ext_cb( mbedtls_x509_crt *chain, * \return \c 0 if successful. * \return A negative error code on failure. */ -int mbedtls_x509_crt_parse_der_nocopy( mbedtls_x509_crt *chain, - const unsigned char *buf, - size_t buflen ); +int mbedtls_x509_crt_parse_der_nocopy(mbedtls_x509_crt *chain, + const unsigned char *buf, + size_t buflen); /** * \brief Parse one DER-encoded or one or more concatenated PEM-encoded @@ -443,6 +446,10 @@ int mbedtls_x509_crt_parse_der_nocopy( mbedtls_x509_crt *chain, * long as the certificates are enclosed in the PEM specific * '-----{BEGIN/END} CERTIFICATE-----' delimiters. * + * \note If #MBEDTLS_USE_PSA_CRYPTO is enabled, the PSA crypto + * subsystem must have been initialized by calling + * psa_crypto_init() before calling this function. + * * \param chain The chain to which to add the parsed certificates. * \param buf The buffer holding the certificate data in PEM or DER format. * For certificates in PEM encoding, this may be a concatenation @@ -457,7 +464,7 @@ int mbedtls_x509_crt_parse_der_nocopy( mbedtls_x509_crt *chain, * \return A negative X509 or PEM error code otherwise. * */ -int mbedtls_x509_crt_parse( mbedtls_x509_crt *chain, const unsigned char *buf, size_t buflen ); +int mbedtls_x509_crt_parse(mbedtls_x509_crt *chain, const unsigned char *buf, size_t buflen); #if defined(MBEDTLS_FS_IO) /** @@ -467,13 +474,17 @@ int mbedtls_x509_crt_parse( mbedtls_x509_crt *chain, const unsigned char *buf, s * of failed certificates it encountered. If none complete * correctly, the first error is returned. * + * \note If #MBEDTLS_USE_PSA_CRYPTO is enabled, the PSA crypto + * subsystem must have been initialized by calling + * psa_crypto_init() before calling this function. + * * \param chain points to the start of the chain * \param path filename to read the certificates from * * \return 0 if all certificates parsed successfully, a positive number * if partly successful or a specific X509 or PEM error code */ -int mbedtls_x509_crt_parse_file( mbedtls_x509_crt *chain, const char *path ); +int mbedtls_x509_crt_parse_file(mbedtls_x509_crt *chain, const char *path); /** * \brief Load one or more certificate files from a path and add them @@ -488,7 +499,7 @@ int mbedtls_x509_crt_parse_file( mbedtls_x509_crt *chain, const char *path ); * \return 0 if all certificates parsed successfully, a positive number * if partly successful or a specific X509 or PEM error code */ -int mbedtls_x509_crt_parse_path( mbedtls_x509_crt *chain, const char *path ); +int mbedtls_x509_crt_parse_path(mbedtls_x509_crt *chain, const char *path); #endif /* MBEDTLS_FS_IO */ /** @@ -518,8 +529,8 @@ int mbedtls_x509_crt_parse_path( mbedtls_x509_crt *chain, const char *path ); * SAN type. * \return Another negative value for any other failure. */ -int mbedtls_x509_parse_subject_alt_name( const mbedtls_x509_buf *san_buf, - mbedtls_x509_subject_alternative_name *san ); +int mbedtls_x509_parse_subject_alt_name(const mbedtls_x509_buf *san_buf, + mbedtls_x509_subject_alternative_name *san); /** * \brief Returns an informational string about the * certificate. @@ -532,8 +543,8 @@ int mbedtls_x509_parse_subject_alt_name( const mbedtls_x509_buf *san_buf, * \return The length of the string written (not including the * terminated nul byte), or a negative error code. */ -int mbedtls_x509_crt_info( char *buf, size_t size, const char *prefix, - const mbedtls_x509_crt *crt ); +int mbedtls_x509_crt_info(char *buf, size_t size, const char *prefix, + const mbedtls_x509_crt *crt); /** * \brief Returns an informational string about the @@ -547,8 +558,8 @@ int mbedtls_x509_crt_info( char *buf, size_t size, const char *prefix, * \return The length of the string written (not including the * terminated nul byte), or a negative error code. */ -int mbedtls_x509_crt_verify_info( char *buf, size_t size, const char *prefix, - uint32_t flags ); +int mbedtls_x509_crt_verify_info(char *buf, size_t size, const char *prefix, + uint32_t flags); /** * \brief Verify a chain of certificates. @@ -616,12 +627,12 @@ int mbedtls_x509_crt_verify_info( char *buf, size_t size, const char *prefix, * \return Another negative error code in case of a fatal error * encountered during the verification process. */ -int mbedtls_x509_crt_verify( mbedtls_x509_crt *crt, - mbedtls_x509_crt *trust_ca, - mbedtls_x509_crl *ca_crl, - const char *cn, uint32_t *flags, - int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), - void *p_vrfy ); +int mbedtls_x509_crt_verify(mbedtls_x509_crt *crt, + mbedtls_x509_crt *trust_ca, + mbedtls_x509_crl *ca_crl, + const char *cn, uint32_t *flags, + int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), + void *p_vrfy); /** * \brief Verify a chain of certificates with respect to @@ -657,13 +668,13 @@ int mbedtls_x509_crt_verify( mbedtls_x509_crt *crt, * \return Another negative error code in case of a fatal error * encountered during the verification process. */ -int mbedtls_x509_crt_verify_with_profile( mbedtls_x509_crt *crt, - mbedtls_x509_crt *trust_ca, - mbedtls_x509_crl *ca_crl, - const mbedtls_x509_crt_profile *profile, - const char *cn, uint32_t *flags, - int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), - void *p_vrfy ); +int mbedtls_x509_crt_verify_with_profile(mbedtls_x509_crt *crt, + mbedtls_x509_crt *trust_ca, + mbedtls_x509_crl *ca_crl, + const mbedtls_x509_crt_profile *profile, + const char *cn, uint32_t *flags, + int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), + void *p_vrfy); /** * \brief Restartable version of \c mbedtls_crt_verify_with_profile() @@ -691,14 +702,14 @@ int mbedtls_x509_crt_verify_with_profile( mbedtls_x509_crt *crt, * \return #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of * operations was reached: see \c mbedtls_ecp_set_max_ops(). */ -int mbedtls_x509_crt_verify_restartable( mbedtls_x509_crt *crt, - mbedtls_x509_crt *trust_ca, - mbedtls_x509_crl *ca_crl, - const mbedtls_x509_crt_profile *profile, - const char *cn, uint32_t *flags, - int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), - void *p_vrfy, - mbedtls_x509_crt_restart_ctx *rs_ctx ); +int mbedtls_x509_crt_verify_restartable(mbedtls_x509_crt *crt, + mbedtls_x509_crt *trust_ca, + mbedtls_x509_crl *ca_crl, + const mbedtls_x509_crt_profile *profile, + const char *cn, uint32_t *flags, + int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), + void *p_vrfy, + mbedtls_x509_crt_restart_ctx *rs_ctx); /** * \brief The type of trusted certificate callbacks. @@ -730,9 +741,9 @@ int mbedtls_x509_crt_verify_restartable( mbedtls_x509_crt *crt, * to the caller. * \return A negative error code on failure. */ -typedef int (*mbedtls_x509_crt_ca_cb_t)( void *p_ctx, - mbedtls_x509_crt const *child, - mbedtls_x509_crt **candidate_cas ); +typedef int (*mbedtls_x509_crt_ca_cb_t)(void *p_ctx, + mbedtls_x509_crt const *child, + mbedtls_x509_crt **candidate_cas); #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) /** @@ -757,13 +768,13 @@ typedef int (*mbedtls_x509_crt_ca_cb_t)( void *p_ctx, * * \return See \c mbedtls_crt_verify_with_profile(). */ -int mbedtls_x509_crt_verify_with_ca_cb( mbedtls_x509_crt *crt, - mbedtls_x509_crt_ca_cb_t f_ca_cb, - void *p_ca_cb, - const mbedtls_x509_crt_profile *profile, - const char *cn, uint32_t *flags, - int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), - void *p_vrfy ); +int mbedtls_x509_crt_verify_with_ca_cb(mbedtls_x509_crt *crt, + mbedtls_x509_crt_ca_cb_t f_ca_cb, + void *p_ca_cb, + const mbedtls_x509_crt_profile *profile, + const char *cn, uint32_t *flags, + int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), + void *p_vrfy); #endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */ @@ -789,8 +800,8 @@ int mbedtls_x509_crt_verify_with_ca_cb( mbedtls_x509_crt *crt, * (intermediate) CAs the keyUsage extension is automatically * checked by \c mbedtls_x509_crt_verify(). */ -int mbedtls_x509_crt_check_key_usage( const mbedtls_x509_crt *crt, - unsigned int usage ); +int mbedtls_x509_crt_check_key_usage(const mbedtls_x509_crt *crt, + unsigned int usage); #endif /* MBEDTLS_X509_CHECK_KEY_USAGE) */ #if defined(MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE) @@ -807,9 +818,9 @@ int mbedtls_x509_crt_check_key_usage( const mbedtls_x509_crt *crt, * * \note Usually only makes sense on leaf certificates. */ -int mbedtls_x509_crt_check_extended_key_usage( const mbedtls_x509_crt *crt, - const char *usage_oid, - size_t usage_len ); +int mbedtls_x509_crt_check_extended_key_usage(const mbedtls_x509_crt *crt, + const char *usage_oid, + size_t usage_len); #endif /* MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE */ #if defined(MBEDTLS_X509_CRL_PARSE_C) @@ -822,7 +833,7 @@ int mbedtls_x509_crt_check_extended_key_usage( const mbedtls_x509_crt *crt, * \return 1 if the certificate is revoked, 0 otherwise * */ -int mbedtls_x509_crt_is_revoked( const mbedtls_x509_crt *crt, const mbedtls_x509_crl *crl ); +int mbedtls_x509_crt_is_revoked(const mbedtls_x509_crt *crt, const mbedtls_x509_crl *crl); #endif /* MBEDTLS_X509_CRL_PARSE_C */ /** @@ -830,25 +841,25 @@ int mbedtls_x509_crt_is_revoked( const mbedtls_x509_crt *crt, const mbedtls_x509 * * \param crt Certificate chain to initialize */ -void mbedtls_x509_crt_init( mbedtls_x509_crt *crt ); +void mbedtls_x509_crt_init(mbedtls_x509_crt *crt); /** * \brief Unallocate all certificate data * * \param crt Certificate chain to free */ -void mbedtls_x509_crt_free( mbedtls_x509_crt *crt ); +void mbedtls_x509_crt_free(mbedtls_x509_crt *crt); #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) /** * \brief Initialize a restart context */ -void mbedtls_x509_crt_restart_init( mbedtls_x509_crt_restart_ctx *ctx ); +void mbedtls_x509_crt_restart_init(mbedtls_x509_crt_restart_ctx *ctx); /** * \brief Free the components of a restart context */ -void mbedtls_x509_crt_restart_free( mbedtls_x509_crt_restart_ctx *ctx ); +void mbedtls_x509_crt_restart_free(mbedtls_x509_crt_restart_ctx *ctx); #endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */ #endif /* MBEDTLS_X509_CRT_PARSE_C */ @@ -860,7 +871,7 @@ void mbedtls_x509_crt_restart_free( mbedtls_x509_crt_restart_ctx *ctx ); * * \param ctx CRT context to initialize */ -void mbedtls_x509write_crt_init( mbedtls_x509write_cert *ctx ); +void mbedtls_x509write_crt_init(mbedtls_x509write_cert *ctx); /** * \brief Set the version for a Certificate @@ -870,7 +881,7 @@ void mbedtls_x509write_crt_init( mbedtls_x509write_cert *ctx ); * \param version version to set (MBEDTLS_X509_CRT_VERSION_1, MBEDTLS_X509_CRT_VERSION_2 or * MBEDTLS_X509_CRT_VERSION_3) */ -void mbedtls_x509write_crt_set_version( mbedtls_x509write_cert *ctx, int version ); +void mbedtls_x509write_crt_set_version(mbedtls_x509write_cert *ctx, int version); /** * \brief Set the serial number for a Certificate. @@ -880,7 +891,7 @@ void mbedtls_x509write_crt_set_version( mbedtls_x509write_cert *ctx, int version * * \return 0 if successful */ -int mbedtls_x509write_crt_set_serial( mbedtls_x509write_cert *ctx, const mbedtls_mpi *serial ); +int mbedtls_x509write_crt_set_serial(mbedtls_x509write_cert *ctx, const mbedtls_mpi *serial); /** * \brief Set the validity period for a Certificate @@ -896,8 +907,8 @@ int mbedtls_x509write_crt_set_serial( mbedtls_x509write_cert *ctx, const mbedtls * \return 0 if timestamp was parsed successfully, or * a specific error code */ -int mbedtls_x509write_crt_set_validity( mbedtls_x509write_cert *ctx, const char *not_before, - const char *not_after ); +int mbedtls_x509write_crt_set_validity(mbedtls_x509write_cert *ctx, const char *not_before, + const char *not_after); /** * \brief Set the issuer name for a Certificate @@ -911,8 +922,8 @@ int mbedtls_x509write_crt_set_validity( mbedtls_x509write_cert *ctx, const char * \return 0 if issuer name was parsed successfully, or * a specific error code */ -int mbedtls_x509write_crt_set_issuer_name( mbedtls_x509write_cert *ctx, - const char *issuer_name ); +int mbedtls_x509write_crt_set_issuer_name(mbedtls_x509write_cert *ctx, + const char *issuer_name); /** * \brief Set the subject name for a Certificate @@ -926,8 +937,8 @@ int mbedtls_x509write_crt_set_issuer_name( mbedtls_x509write_cert *ctx, * \return 0 if subject name was parsed successfully, or * a specific error code */ -int mbedtls_x509write_crt_set_subject_name( mbedtls_x509write_cert *ctx, - const char *subject_name ); +int mbedtls_x509write_crt_set_subject_name(mbedtls_x509write_cert *ctx, + const char *subject_name); /** * \brief Set the subject public key for the certificate @@ -935,7 +946,7 @@ int mbedtls_x509write_crt_set_subject_name( mbedtls_x509write_cert *ctx, * \param ctx CRT context to use * \param key public key to include */ -void mbedtls_x509write_crt_set_subject_key( mbedtls_x509write_cert *ctx, mbedtls_pk_context *key ); +void mbedtls_x509write_crt_set_subject_key(mbedtls_x509write_cert *ctx, mbedtls_pk_context *key); /** * \brief Set the issuer key used for signing the certificate @@ -943,7 +954,7 @@ void mbedtls_x509write_crt_set_subject_key( mbedtls_x509write_cert *ctx, mbedtls * \param ctx CRT context to use * \param key private key to sign with */ -void mbedtls_x509write_crt_set_issuer_key( mbedtls_x509write_cert *ctx, mbedtls_pk_context *key ); +void mbedtls_x509write_crt_set_issuer_key(mbedtls_x509write_cert *ctx, mbedtls_pk_context *key); /** * \brief Set the MD algorithm to use for the signature @@ -952,7 +963,7 @@ void mbedtls_x509write_crt_set_issuer_key( mbedtls_x509write_cert *ctx, mbedtls_ * \param ctx CRT context to use * \param md_alg MD algorithm to use */ -void mbedtls_x509write_crt_set_md_alg( mbedtls_x509write_cert *ctx, mbedtls_md_type_t md_alg ); +void mbedtls_x509write_crt_set_md_alg(mbedtls_x509write_cert *ctx, mbedtls_md_type_t md_alg); /** * \brief Generic function to add to or replace an extension in the @@ -967,10 +978,10 @@ void mbedtls_x509write_crt_set_md_alg( mbedtls_x509write_cert *ctx, mbedtls_md_t * * \return 0 if successful, or a MBEDTLS_ERR_X509_ALLOC_FAILED */ -int mbedtls_x509write_crt_set_extension( mbedtls_x509write_cert *ctx, - const char *oid, size_t oid_len, - int critical, - const unsigned char *val, size_t val_len ); +int mbedtls_x509write_crt_set_extension(mbedtls_x509write_cert *ctx, + const char *oid, size_t oid_len, + int critical, + const unsigned char *val, size_t val_len); /** * \brief Set the basicConstraints extension for a CRT @@ -983,8 +994,8 @@ int mbedtls_x509write_crt_set_extension( mbedtls_x509write_cert *ctx, * * \return 0 if successful, or a MBEDTLS_ERR_X509_ALLOC_FAILED */ -int mbedtls_x509write_crt_set_basic_constraints( mbedtls_x509write_cert *ctx, - int is_ca, int max_pathlen ); +int mbedtls_x509write_crt_set_basic_constraints(mbedtls_x509write_cert *ctx, + int is_ca, int max_pathlen); #if defined(MBEDTLS_SHA1_C) /** @@ -996,7 +1007,7 @@ int mbedtls_x509write_crt_set_basic_constraints( mbedtls_x509write_cert *ctx, * * \return 0 if successful, or a MBEDTLS_ERR_X509_ALLOC_FAILED */ -int mbedtls_x509write_crt_set_subject_key_identifier( mbedtls_x509write_cert *ctx ); +int mbedtls_x509write_crt_set_subject_key_identifier(mbedtls_x509write_cert *ctx); /** * \brief Set the authorityKeyIdentifier extension for a CRT @@ -1007,7 +1018,7 @@ int mbedtls_x509write_crt_set_subject_key_identifier( mbedtls_x509write_cert *ct * * \return 0 if successful, or a MBEDTLS_ERR_X509_ALLOC_FAILED */ -int mbedtls_x509write_crt_set_authority_key_identifier( mbedtls_x509write_cert *ctx ); +int mbedtls_x509write_crt_set_authority_key_identifier(mbedtls_x509write_cert *ctx); #endif /* MBEDTLS_SHA1_C */ /** @@ -1019,8 +1030,8 @@ int mbedtls_x509write_crt_set_authority_key_identifier( mbedtls_x509write_cert * * * \return 0 if successful, or MBEDTLS_ERR_X509_ALLOC_FAILED */ -int mbedtls_x509write_crt_set_key_usage( mbedtls_x509write_cert *ctx, - unsigned int key_usage ); +int mbedtls_x509write_crt_set_key_usage(mbedtls_x509write_cert *ctx, + unsigned int key_usage); /** * \brief Set the Netscape Cert Type flags @@ -1031,15 +1042,15 @@ int mbedtls_x509write_crt_set_key_usage( mbedtls_x509write_cert *ctx, * * \return 0 if successful, or MBEDTLS_ERR_X509_ALLOC_FAILED */ -int mbedtls_x509write_crt_set_ns_cert_type( mbedtls_x509write_cert *ctx, - unsigned char ns_cert_type ); +int mbedtls_x509write_crt_set_ns_cert_type(mbedtls_x509write_cert *ctx, + unsigned char ns_cert_type); /** * \brief Free the contents of a CRT write context * * \param ctx CRT context to free */ -void mbedtls_x509write_crt_free( mbedtls_x509write_cert *ctx ); +void mbedtls_x509write_crt_free(mbedtls_x509write_cert *ctx); /** * \brief Write a built up certificate to a X509 DER structure @@ -1061,9 +1072,9 @@ void mbedtls_x509write_crt_free( mbedtls_x509write_cert *ctx ); * for countermeasures against timing attacks). * ECDSA signatures always require a non-NULL f_rng. */ -int mbedtls_x509write_crt_der( mbedtls_x509write_cert *ctx, unsigned char *buf, size_t size, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ); +int mbedtls_x509write_crt_der(mbedtls_x509write_cert *ctx, unsigned char *buf, size_t size, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng); #if defined(MBEDTLS_PEM_WRITE_C) /** @@ -1082,9 +1093,9 @@ int mbedtls_x509write_crt_der( mbedtls_x509write_cert *ctx, unsigned char *buf, * for countermeasures against timing attacks). * ECDSA signatures always require a non-NULL f_rng. */ -int mbedtls_x509write_crt_pem( mbedtls_x509write_cert *ctx, unsigned char *buf, size_t size, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ); +int mbedtls_x509write_crt_pem(mbedtls_x509write_cert *ctx, unsigned char *buf, size_t size, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng); #endif /* MBEDTLS_PEM_WRITE_C */ #endif /* MBEDTLS_X509_CRT_WRITE_C */ diff --git a/thirdparty/mbedtls/include/mbedtls/x509_csr.h b/thirdparty/mbedtls/include/mbedtls/x509_csr.h index 2a1c046131..5975584da2 100644 --- a/thirdparty/mbedtls/include/mbedtls/x509_csr.h +++ b/thirdparty/mbedtls/include/mbedtls/x509_csr.h @@ -46,8 +46,7 @@ extern "C" { /** * Certificate Signing Request (CSR) structure. */ -typedef struct mbedtls_x509_csr -{ +typedef struct mbedtls_x509_csr { mbedtls_x509_buf raw; /**< The raw CSR data (DER). */ mbedtls_x509_buf cri; /**< The raw CertificateRequestInfo body (DER). */ @@ -69,8 +68,7 @@ mbedtls_x509_csr; /** * Container for writing a CSR */ -typedef struct mbedtls_x509write_csr -{ +typedef struct mbedtls_x509write_csr { mbedtls_pk_context *key; mbedtls_asn1_named_data *subject; mbedtls_md_type_t md_alg; @@ -84,20 +82,28 @@ mbedtls_x509write_csr; * * \note CSR attributes (if any) are currently silently ignored. * + * \note If #MBEDTLS_USE_PSA_CRYPTO is enabled, the PSA crypto + * subsystem must have been initialized by calling + * psa_crypto_init() before calling this function. + * * \param csr CSR context to fill * \param buf buffer holding the CRL data * \param buflen size of the buffer * * \return 0 if successful, or a specific X509 error code */ -int mbedtls_x509_csr_parse_der( mbedtls_x509_csr *csr, - const unsigned char *buf, size_t buflen ); +int mbedtls_x509_csr_parse_der(mbedtls_x509_csr *csr, + const unsigned char *buf, size_t buflen); /** * \brief Load a Certificate Signing Request (CSR), DER or PEM format * * \note See notes for \c mbedtls_x509_csr_parse_der() * + * \note If #MBEDTLS_USE_PSA_CRYPTO is enabled, the PSA crypto + * subsystem must have been initialized by calling + * psa_crypto_init() before calling this function. + * * \param csr CSR context to fill * \param buf buffer holding the CRL data * \param buflen size of the buffer @@ -105,7 +111,7 @@ int mbedtls_x509_csr_parse_der( mbedtls_x509_csr *csr, * * \return 0 if successful, or a specific X509 or PEM error code */ -int mbedtls_x509_csr_parse( mbedtls_x509_csr *csr, const unsigned char *buf, size_t buflen ); +int mbedtls_x509_csr_parse(mbedtls_x509_csr *csr, const unsigned char *buf, size_t buflen); #if defined(MBEDTLS_FS_IO) /** @@ -118,7 +124,7 @@ int mbedtls_x509_csr_parse( mbedtls_x509_csr *csr, const unsigned char *buf, siz * * \return 0 if successful, or a specific X509 or PEM error code */ -int mbedtls_x509_csr_parse_file( mbedtls_x509_csr *csr, const char *path ); +int mbedtls_x509_csr_parse_file(mbedtls_x509_csr *csr, const char *path); #endif /* MBEDTLS_FS_IO */ /** @@ -133,22 +139,22 @@ int mbedtls_x509_csr_parse_file( mbedtls_x509_csr *csr, const char *path ); * \return The length of the string written (not including the * terminated nul byte), or a negative error code. */ -int mbedtls_x509_csr_info( char *buf, size_t size, const char *prefix, - const mbedtls_x509_csr *csr ); +int mbedtls_x509_csr_info(char *buf, size_t size, const char *prefix, + const mbedtls_x509_csr *csr); /** * \brief Initialize a CSR * * \param csr CSR to initialize */ -void mbedtls_x509_csr_init( mbedtls_x509_csr *csr ); +void mbedtls_x509_csr_init(mbedtls_x509_csr *csr); /** * \brief Unallocate all CSR data * * \param csr CSR to free */ -void mbedtls_x509_csr_free( mbedtls_x509_csr *csr ); +void mbedtls_x509_csr_free(mbedtls_x509_csr *csr); #endif /* MBEDTLS_X509_CSR_PARSE_C */ /** \} name Structures and functions for X.509 Certificate Signing Requests (CSR) */ @@ -159,7 +165,7 @@ void mbedtls_x509_csr_free( mbedtls_x509_csr *csr ); * * \param ctx CSR context to initialize */ -void mbedtls_x509write_csr_init( mbedtls_x509write_csr *ctx ); +void mbedtls_x509write_csr_init(mbedtls_x509write_csr *ctx); /** * \brief Set the subject name for a CSR @@ -173,8 +179,8 @@ void mbedtls_x509write_csr_init( mbedtls_x509write_csr *ctx ); * \return 0 if subject name was parsed successfully, or * a specific error code */ -int mbedtls_x509write_csr_set_subject_name( mbedtls_x509write_csr *ctx, - const char *subject_name ); +int mbedtls_x509write_csr_set_subject_name(mbedtls_x509write_csr *ctx, + const char *subject_name); /** * \brief Set the key for a CSR (public key will be included, @@ -183,7 +189,7 @@ int mbedtls_x509write_csr_set_subject_name( mbedtls_x509write_csr *ctx, * \param ctx CSR context to use * \param key Asymmetric key to include */ -void mbedtls_x509write_csr_set_key( mbedtls_x509write_csr *ctx, mbedtls_pk_context *key ); +void mbedtls_x509write_csr_set_key(mbedtls_x509write_csr *ctx, mbedtls_pk_context *key); /** * \brief Set the MD algorithm to use for the signature @@ -192,7 +198,7 @@ void mbedtls_x509write_csr_set_key( mbedtls_x509write_csr *ctx, mbedtls_pk_conte * \param ctx CSR context to use * \param md_alg MD algorithm to use */ -void mbedtls_x509write_csr_set_md_alg( mbedtls_x509write_csr *ctx, mbedtls_md_type_t md_alg ); +void mbedtls_x509write_csr_set_md_alg(mbedtls_x509write_csr *ctx, mbedtls_md_type_t md_alg); /** * \brief Set the Key Usage Extension flags @@ -211,7 +217,7 @@ void mbedtls_x509write_csr_set_md_alg( mbedtls_x509write_csr *ctx, mbedtls_md_ty * #MBEDTLS_X509_KU_DECIPHER_ONLY) cannot be set using this * function. */ -int mbedtls_x509write_csr_set_key_usage( mbedtls_x509write_csr *ctx, unsigned char key_usage ); +int mbedtls_x509write_csr_set_key_usage(mbedtls_x509write_csr *ctx, unsigned char key_usage); /** * \brief Set the Netscape Cert Type flags @@ -222,8 +228,8 @@ int mbedtls_x509write_csr_set_key_usage( mbedtls_x509write_csr *ctx, unsigned ch * * \return 0 if successful, or MBEDTLS_ERR_X509_ALLOC_FAILED */ -int mbedtls_x509write_csr_set_ns_cert_type( mbedtls_x509write_csr *ctx, - unsigned char ns_cert_type ); +int mbedtls_x509write_csr_set_ns_cert_type(mbedtls_x509write_csr *ctx, + unsigned char ns_cert_type); /** * \brief Generic function to add to or replace an extension in the @@ -237,16 +243,16 @@ int mbedtls_x509write_csr_set_ns_cert_type( mbedtls_x509write_csr *ctx, * * \return 0 if successful, or a MBEDTLS_ERR_X509_ALLOC_FAILED */ -int mbedtls_x509write_csr_set_extension( mbedtls_x509write_csr *ctx, - const char *oid, size_t oid_len, - const unsigned char *val, size_t val_len ); +int mbedtls_x509write_csr_set_extension(mbedtls_x509write_csr *ctx, + const char *oid, size_t oid_len, + const unsigned char *val, size_t val_len); /** * \brief Free the contents of a CSR context * * \param ctx CSR context to free */ -void mbedtls_x509write_csr_free( mbedtls_x509write_csr *ctx ); +void mbedtls_x509write_csr_free(mbedtls_x509write_csr *ctx); /** * \brief Write a CSR (Certificate Signing Request) to a @@ -269,9 +275,9 @@ void mbedtls_x509write_csr_free( mbedtls_x509write_csr *ctx ); * for countermeasures against timing attacks). * ECDSA signatures always require a non-NULL f_rng. */ -int mbedtls_x509write_csr_der( mbedtls_x509write_csr *ctx, unsigned char *buf, size_t size, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ); +int mbedtls_x509write_csr_der(mbedtls_x509write_csr *ctx, unsigned char *buf, size_t size, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng); #if defined(MBEDTLS_PEM_WRITE_C) /** @@ -291,9 +297,9 @@ int mbedtls_x509write_csr_der( mbedtls_x509write_csr *ctx, unsigned char *buf, s * for countermeasures against timing attacks). * ECDSA signatures always require a non-NULL f_rng. */ -int mbedtls_x509write_csr_pem( mbedtls_x509write_csr *ctx, unsigned char *buf, size_t size, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ); +int mbedtls_x509write_csr_pem(mbedtls_x509write_csr *ctx, unsigned char *buf, size_t size, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng); #endif /* MBEDTLS_PEM_WRITE_C */ #endif /* MBEDTLS_X509_CSR_WRITE_C */ diff --git a/thirdparty/mbedtls/include/mbedtls/xtea.h b/thirdparty/mbedtls/include/mbedtls/xtea.h index 4bdc711fda..9b12a1bb52 100644 --- a/thirdparty/mbedtls/include/mbedtls/xtea.h +++ b/thirdparty/mbedtls/include/mbedtls/xtea.h @@ -52,8 +52,7 @@ extern "C" { /** * \brief XTEA context structure */ -typedef struct mbedtls_xtea_context -{ +typedef struct mbedtls_xtea_context { uint32_t k[4]; /*!< key */ } mbedtls_xtea_context; @@ -67,14 +66,14 @@ mbedtls_xtea_context; * * \param ctx XTEA context to be initialized */ -void mbedtls_xtea_init( mbedtls_xtea_context *ctx ); +void mbedtls_xtea_init(mbedtls_xtea_context *ctx); /** * \brief Clear XTEA context * * \param ctx XTEA context to be cleared */ -void mbedtls_xtea_free( mbedtls_xtea_context *ctx ); +void mbedtls_xtea_free(mbedtls_xtea_context *ctx); /** * \brief XTEA key schedule @@ -82,7 +81,7 @@ void mbedtls_xtea_free( mbedtls_xtea_context *ctx ); * \param ctx XTEA context to be initialized * \param key the secret key */ -void mbedtls_xtea_setup( mbedtls_xtea_context *ctx, const unsigned char key[16] ); +void mbedtls_xtea_setup(mbedtls_xtea_context *ctx, const unsigned char key[16]); /** * \brief XTEA cipher function @@ -94,10 +93,10 @@ void mbedtls_xtea_setup( mbedtls_xtea_context *ctx, const unsigned char key[16] * * \return 0 if successful */ -int mbedtls_xtea_crypt_ecb( mbedtls_xtea_context *ctx, - int mode, - const unsigned char input[8], - unsigned char output[8] ); +int mbedtls_xtea_crypt_ecb(mbedtls_xtea_context *ctx, + int mode, + const unsigned char input[8], + unsigned char output[8]); #if defined(MBEDTLS_CIPHER_MODE_CBC) /** @@ -113,12 +112,12 @@ int mbedtls_xtea_crypt_ecb( mbedtls_xtea_context *ctx, * \return 0 if successful, * MBEDTLS_ERR_XTEA_INVALID_INPUT_LENGTH if the length % 8 != 0 */ -int mbedtls_xtea_crypt_cbc( mbedtls_xtea_context *ctx, - int mode, - size_t length, - unsigned char iv[8], - const unsigned char *input, - unsigned char *output); +int mbedtls_xtea_crypt_cbc(mbedtls_xtea_context *ctx, + int mode, + size_t length, + unsigned char iv[8], + const unsigned char *input, + unsigned char *output); #endif /* MBEDTLS_CIPHER_MODE_CBC */ #if defined(MBEDTLS_SELF_TEST) @@ -128,7 +127,7 @@ int mbedtls_xtea_crypt_cbc( mbedtls_xtea_context *ctx, * * \return 0 if successful, or 1 if the test failed */ -int mbedtls_xtea_self_test( int verbose ); +int mbedtls_xtea_self_test(int verbose); #endif /* MBEDTLS_SELF_TEST */ diff --git a/thirdparty/mbedtls/library/aes.c b/thirdparty/mbedtls/library/aes.c index 74ea2672b0..f08a21f595 100644 --- a/thirdparty/mbedtls/library/aes.c +++ b/thirdparty/mbedtls/library/aes.c @@ -45,13 +45,12 @@ #if !defined(MBEDTLS_AES_ALT) /* Parameter validation macros based on platform_util.h */ -#define AES_VALIDATE_RET( cond ) \ - MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_AES_BAD_INPUT_DATA ) -#define AES_VALIDATE( cond ) \ - MBEDTLS_INTERNAL_VALIDATE( cond ) +#define AES_VALIDATE_RET(cond) \ + MBEDTLS_INTERNAL_VALIDATE_RET(cond, MBEDTLS_ERR_AES_BAD_INPUT_DATA) +#define AES_VALIDATE(cond) \ + MBEDTLS_INTERNAL_VALIDATE(cond) -#if defined(MBEDTLS_PADLOCK_C) && \ - ( defined(MBEDTLS_HAVE_X86) || defined(MBEDTLS_PADLOCK_ALIGN16) ) +#if defined(MBEDTLS_PADLOCK_C) && defined(MBEDTLS_HAVE_X86) static int aes_padlock_ace = -1; #endif @@ -100,86 +99,86 @@ static const unsigned char FSb[256] = */ #define FT \ \ - V(A5,63,63,C6), V(84,7C,7C,F8), V(99,77,77,EE), V(8D,7B,7B,F6), \ - V(0D,F2,F2,FF), V(BD,6B,6B,D6), V(B1,6F,6F,DE), V(54,C5,C5,91), \ - V(50,30,30,60), V(03,01,01,02), V(A9,67,67,CE), V(7D,2B,2B,56), \ - V(19,FE,FE,E7), V(62,D7,D7,B5), V(E6,AB,AB,4D), V(9A,76,76,EC), \ - V(45,CA,CA,8F), V(9D,82,82,1F), V(40,C9,C9,89), V(87,7D,7D,FA), \ - V(15,FA,FA,EF), V(EB,59,59,B2), V(C9,47,47,8E), V(0B,F0,F0,FB), \ - V(EC,AD,AD,41), V(67,D4,D4,B3), V(FD,A2,A2,5F), V(EA,AF,AF,45), \ - V(BF,9C,9C,23), V(F7,A4,A4,53), V(96,72,72,E4), V(5B,C0,C0,9B), \ - V(C2,B7,B7,75), V(1C,FD,FD,E1), V(AE,93,93,3D), V(6A,26,26,4C), \ - V(5A,36,36,6C), V(41,3F,3F,7E), V(02,F7,F7,F5), V(4F,CC,CC,83), \ - V(5C,34,34,68), V(F4,A5,A5,51), V(34,E5,E5,D1), V(08,F1,F1,F9), \ - V(93,71,71,E2), V(73,D8,D8,AB), V(53,31,31,62), V(3F,15,15,2A), \ - V(0C,04,04,08), V(52,C7,C7,95), V(65,23,23,46), V(5E,C3,C3,9D), \ - V(28,18,18,30), V(A1,96,96,37), V(0F,05,05,0A), V(B5,9A,9A,2F), \ - V(09,07,07,0E), V(36,12,12,24), V(9B,80,80,1B), V(3D,E2,E2,DF), \ - V(26,EB,EB,CD), V(69,27,27,4E), V(CD,B2,B2,7F), V(9F,75,75,EA), \ - V(1B,09,09,12), V(9E,83,83,1D), V(74,2C,2C,58), V(2E,1A,1A,34), \ - V(2D,1B,1B,36), V(B2,6E,6E,DC), V(EE,5A,5A,B4), V(FB,A0,A0,5B), \ - V(F6,52,52,A4), V(4D,3B,3B,76), V(61,D6,D6,B7), V(CE,B3,B3,7D), \ - V(7B,29,29,52), V(3E,E3,E3,DD), V(71,2F,2F,5E), V(97,84,84,13), \ - V(F5,53,53,A6), V(68,D1,D1,B9), V(00,00,00,00), V(2C,ED,ED,C1), \ - V(60,20,20,40), V(1F,FC,FC,E3), V(C8,B1,B1,79), V(ED,5B,5B,B6), \ - V(BE,6A,6A,D4), V(46,CB,CB,8D), V(D9,BE,BE,67), V(4B,39,39,72), \ - V(DE,4A,4A,94), V(D4,4C,4C,98), V(E8,58,58,B0), V(4A,CF,CF,85), \ - V(6B,D0,D0,BB), V(2A,EF,EF,C5), V(E5,AA,AA,4F), V(16,FB,FB,ED), \ - V(C5,43,43,86), V(D7,4D,4D,9A), V(55,33,33,66), V(94,85,85,11), \ - V(CF,45,45,8A), V(10,F9,F9,E9), V(06,02,02,04), V(81,7F,7F,FE), \ - V(F0,50,50,A0), V(44,3C,3C,78), V(BA,9F,9F,25), V(E3,A8,A8,4B), \ - V(F3,51,51,A2), V(FE,A3,A3,5D), V(C0,40,40,80), V(8A,8F,8F,05), \ - V(AD,92,92,3F), V(BC,9D,9D,21), V(48,38,38,70), V(04,F5,F5,F1), \ - V(DF,BC,BC,63), V(C1,B6,B6,77), V(75,DA,DA,AF), V(63,21,21,42), \ - V(30,10,10,20), V(1A,FF,FF,E5), V(0E,F3,F3,FD), V(6D,D2,D2,BF), \ - V(4C,CD,CD,81), V(14,0C,0C,18), V(35,13,13,26), V(2F,EC,EC,C3), \ - V(E1,5F,5F,BE), V(A2,97,97,35), V(CC,44,44,88), V(39,17,17,2E), \ - V(57,C4,C4,93), V(F2,A7,A7,55), V(82,7E,7E,FC), V(47,3D,3D,7A), \ - V(AC,64,64,C8), V(E7,5D,5D,BA), V(2B,19,19,32), V(95,73,73,E6), \ - V(A0,60,60,C0), V(98,81,81,19), V(D1,4F,4F,9E), V(7F,DC,DC,A3), \ - V(66,22,22,44), V(7E,2A,2A,54), V(AB,90,90,3B), V(83,88,88,0B), \ - V(CA,46,46,8C), V(29,EE,EE,C7), V(D3,B8,B8,6B), V(3C,14,14,28), \ - V(79,DE,DE,A7), V(E2,5E,5E,BC), V(1D,0B,0B,16), V(76,DB,DB,AD), \ - V(3B,E0,E0,DB), V(56,32,32,64), V(4E,3A,3A,74), V(1E,0A,0A,14), \ - V(DB,49,49,92), V(0A,06,06,0C), V(6C,24,24,48), V(E4,5C,5C,B8), \ - V(5D,C2,C2,9F), V(6E,D3,D3,BD), V(EF,AC,AC,43), V(A6,62,62,C4), \ - V(A8,91,91,39), V(A4,95,95,31), V(37,E4,E4,D3), V(8B,79,79,F2), \ - V(32,E7,E7,D5), V(43,C8,C8,8B), V(59,37,37,6E), V(B7,6D,6D,DA), \ - V(8C,8D,8D,01), V(64,D5,D5,B1), V(D2,4E,4E,9C), V(E0,A9,A9,49), \ - V(B4,6C,6C,D8), V(FA,56,56,AC), V(07,F4,F4,F3), V(25,EA,EA,CF), \ - V(AF,65,65,CA), V(8E,7A,7A,F4), V(E9,AE,AE,47), V(18,08,08,10), \ - V(D5,BA,BA,6F), V(88,78,78,F0), V(6F,25,25,4A), V(72,2E,2E,5C), \ - V(24,1C,1C,38), V(F1,A6,A6,57), V(C7,B4,B4,73), V(51,C6,C6,97), \ - V(23,E8,E8,CB), V(7C,DD,DD,A1), V(9C,74,74,E8), V(21,1F,1F,3E), \ - V(DD,4B,4B,96), V(DC,BD,BD,61), V(86,8B,8B,0D), V(85,8A,8A,0F), \ - V(90,70,70,E0), V(42,3E,3E,7C), V(C4,B5,B5,71), V(AA,66,66,CC), \ - V(D8,48,48,90), V(05,03,03,06), V(01,F6,F6,F7), V(12,0E,0E,1C), \ - V(A3,61,61,C2), V(5F,35,35,6A), V(F9,57,57,AE), V(D0,B9,B9,69), \ - V(91,86,86,17), V(58,C1,C1,99), V(27,1D,1D,3A), V(B9,9E,9E,27), \ - V(38,E1,E1,D9), V(13,F8,F8,EB), V(B3,98,98,2B), V(33,11,11,22), \ - V(BB,69,69,D2), V(70,D9,D9,A9), V(89,8E,8E,07), V(A7,94,94,33), \ - V(B6,9B,9B,2D), V(22,1E,1E,3C), V(92,87,87,15), V(20,E9,E9,C9), \ - V(49,CE,CE,87), V(FF,55,55,AA), V(78,28,28,50), V(7A,DF,DF,A5), \ - V(8F,8C,8C,03), V(F8,A1,A1,59), V(80,89,89,09), V(17,0D,0D,1A), \ - V(DA,BF,BF,65), V(31,E6,E6,D7), V(C6,42,42,84), V(B8,68,68,D0), \ - V(C3,41,41,82), V(B0,99,99,29), V(77,2D,2D,5A), V(11,0F,0F,1E), \ - V(CB,B0,B0,7B), V(FC,54,54,A8), V(D6,BB,BB,6D), V(3A,16,16,2C) - -#define V(a,b,c,d) 0x##a##b##c##d + V(A5, 63, 63, C6), V(84, 7C, 7C, F8), V(99, 77, 77, EE), V(8D, 7B, 7B, F6), \ + V(0D, F2, F2, FF), V(BD, 6B, 6B, D6), V(B1, 6F, 6F, DE), V(54, C5, C5, 91), \ + V(50, 30, 30, 60), V(03, 01, 01, 02), V(A9, 67, 67, CE), V(7D, 2B, 2B, 56), \ + V(19, FE, FE, E7), V(62, D7, D7, B5), V(E6, AB, AB, 4D), V(9A, 76, 76, EC), \ + V(45, CA, CA, 8F), V(9D, 82, 82, 1F), V(40, C9, C9, 89), V(87, 7D, 7D, FA), \ + V(15, FA, FA, EF), V(EB, 59, 59, B2), V(C9, 47, 47, 8E), V(0B, F0, F0, FB), \ + V(EC, AD, AD, 41), V(67, D4, D4, B3), V(FD, A2, A2, 5F), V(EA, AF, AF, 45), \ + V(BF, 9C, 9C, 23), V(F7, A4, A4, 53), V(96, 72, 72, E4), V(5B, C0, C0, 9B), \ + V(C2, B7, B7, 75), V(1C, FD, FD, E1), V(AE, 93, 93, 3D), V(6A, 26, 26, 4C), \ + V(5A, 36, 36, 6C), V(41, 3F, 3F, 7E), V(02, F7, F7, F5), V(4F, CC, CC, 83), \ + V(5C, 34, 34, 68), V(F4, A5, A5, 51), V(34, E5, E5, D1), V(08, F1, F1, F9), \ + V(93, 71, 71, E2), V(73, D8, D8, AB), V(53, 31, 31, 62), V(3F, 15, 15, 2A), \ + V(0C, 04, 04, 08), V(52, C7, C7, 95), V(65, 23, 23, 46), V(5E, C3, C3, 9D), \ + V(28, 18, 18, 30), V(A1, 96, 96, 37), V(0F, 05, 05, 0A), V(B5, 9A, 9A, 2F), \ + V(09, 07, 07, 0E), V(36, 12, 12, 24), V(9B, 80, 80, 1B), V(3D, E2, E2, DF), \ + V(26, EB, EB, CD), V(69, 27, 27, 4E), V(CD, B2, B2, 7F), V(9F, 75, 75, EA), \ + V(1B, 09, 09, 12), V(9E, 83, 83, 1D), V(74, 2C, 2C, 58), V(2E, 1A, 1A, 34), \ + V(2D, 1B, 1B, 36), V(B2, 6E, 6E, DC), V(EE, 5A, 5A, B4), V(FB, A0, A0, 5B), \ + V(F6, 52, 52, A4), V(4D, 3B, 3B, 76), V(61, D6, D6, B7), V(CE, B3, B3, 7D), \ + V(7B, 29, 29, 52), V(3E, E3, E3, DD), V(71, 2F, 2F, 5E), V(97, 84, 84, 13), \ + V(F5, 53, 53, A6), V(68, D1, D1, B9), V(00, 00, 00, 00), V(2C, ED, ED, C1), \ + V(60, 20, 20, 40), V(1F, FC, FC, E3), V(C8, B1, B1, 79), V(ED, 5B, 5B, B6), \ + V(BE, 6A, 6A, D4), V(46, CB, CB, 8D), V(D9, BE, BE, 67), V(4B, 39, 39, 72), \ + V(DE, 4A, 4A, 94), V(D4, 4C, 4C, 98), V(E8, 58, 58, B0), V(4A, CF, CF, 85), \ + V(6B, D0, D0, BB), V(2A, EF, EF, C5), V(E5, AA, AA, 4F), V(16, FB, FB, ED), \ + V(C5, 43, 43, 86), V(D7, 4D, 4D, 9A), V(55, 33, 33, 66), V(94, 85, 85, 11), \ + V(CF, 45, 45, 8A), V(10, F9, F9, E9), V(06, 02, 02, 04), V(81, 7F, 7F, FE), \ + V(F0, 50, 50, A0), V(44, 3C, 3C, 78), V(BA, 9F, 9F, 25), V(E3, A8, A8, 4B), \ + V(F3, 51, 51, A2), V(FE, A3, A3, 5D), V(C0, 40, 40, 80), V(8A, 8F, 8F, 05), \ + V(AD, 92, 92, 3F), V(BC, 9D, 9D, 21), V(48, 38, 38, 70), V(04, F5, F5, F1), \ + V(DF, BC, BC, 63), V(C1, B6, B6, 77), V(75, DA, DA, AF), V(63, 21, 21, 42), \ + V(30, 10, 10, 20), V(1A, FF, FF, E5), V(0E, F3, F3, FD), V(6D, D2, D2, BF), \ + V(4C, CD, CD, 81), V(14, 0C, 0C, 18), V(35, 13, 13, 26), V(2F, EC, EC, C3), \ + V(E1, 5F, 5F, BE), V(A2, 97, 97, 35), V(CC, 44, 44, 88), V(39, 17, 17, 2E), \ + V(57, C4, C4, 93), V(F2, A7, A7, 55), V(82, 7E, 7E, FC), V(47, 3D, 3D, 7A), \ + V(AC, 64, 64, C8), V(E7, 5D, 5D, BA), V(2B, 19, 19, 32), V(95, 73, 73, E6), \ + V(A0, 60, 60, C0), V(98, 81, 81, 19), V(D1, 4F, 4F, 9E), V(7F, DC, DC, A3), \ + V(66, 22, 22, 44), V(7E, 2A, 2A, 54), V(AB, 90, 90, 3B), V(83, 88, 88, 0B), \ + V(CA, 46, 46, 8C), V(29, EE, EE, C7), V(D3, B8, B8, 6B), V(3C, 14, 14, 28), \ + V(79, DE, DE, A7), V(E2, 5E, 5E, BC), V(1D, 0B, 0B, 16), V(76, DB, DB, AD), \ + V(3B, E0, E0, DB), V(56, 32, 32, 64), V(4E, 3A, 3A, 74), V(1E, 0A, 0A, 14), \ + V(DB, 49, 49, 92), V(0A, 06, 06, 0C), V(6C, 24, 24, 48), V(E4, 5C, 5C, B8), \ + V(5D, C2, C2, 9F), V(6E, D3, D3, BD), V(EF, AC, AC, 43), V(A6, 62, 62, C4), \ + V(A8, 91, 91, 39), V(A4, 95, 95, 31), V(37, E4, E4, D3), V(8B, 79, 79, F2), \ + V(32, E7, E7, D5), V(43, C8, C8, 8B), V(59, 37, 37, 6E), V(B7, 6D, 6D, DA), \ + V(8C, 8D, 8D, 01), V(64, D5, D5, B1), V(D2, 4E, 4E, 9C), V(E0, A9, A9, 49), \ + V(B4, 6C, 6C, D8), V(FA, 56, 56, AC), V(07, F4, F4, F3), V(25, EA, EA, CF), \ + V(AF, 65, 65, CA), V(8E, 7A, 7A, F4), V(E9, AE, AE, 47), V(18, 08, 08, 10), \ + V(D5, BA, BA, 6F), V(88, 78, 78, F0), V(6F, 25, 25, 4A), V(72, 2E, 2E, 5C), \ + V(24, 1C, 1C, 38), V(F1, A6, A6, 57), V(C7, B4, B4, 73), V(51, C6, C6, 97), \ + V(23, E8, E8, CB), V(7C, DD, DD, A1), V(9C, 74, 74, E8), V(21, 1F, 1F, 3E), \ + V(DD, 4B, 4B, 96), V(DC, BD, BD, 61), V(86, 8B, 8B, 0D), V(85, 8A, 8A, 0F), \ + V(90, 70, 70, E0), V(42, 3E, 3E, 7C), V(C4, B5, B5, 71), V(AA, 66, 66, CC), \ + V(D8, 48, 48, 90), V(05, 03, 03, 06), V(01, F6, F6, F7), V(12, 0E, 0E, 1C), \ + V(A3, 61, 61, C2), V(5F, 35, 35, 6A), V(F9, 57, 57, AE), V(D0, B9, B9, 69), \ + V(91, 86, 86, 17), V(58, C1, C1, 99), V(27, 1D, 1D, 3A), V(B9, 9E, 9E, 27), \ + V(38, E1, E1, D9), V(13, F8, F8, EB), V(B3, 98, 98, 2B), V(33, 11, 11, 22), \ + V(BB, 69, 69, D2), V(70, D9, D9, A9), V(89, 8E, 8E, 07), V(A7, 94, 94, 33), \ + V(B6, 9B, 9B, 2D), V(22, 1E, 1E, 3C), V(92, 87, 87, 15), V(20, E9, E9, C9), \ + V(49, CE, CE, 87), V(FF, 55, 55, AA), V(78, 28, 28, 50), V(7A, DF, DF, A5), \ + V(8F, 8C, 8C, 03), V(F8, A1, A1, 59), V(80, 89, 89, 09), V(17, 0D, 0D, 1A), \ + V(DA, BF, BF, 65), V(31, E6, E6, D7), V(C6, 42, 42, 84), V(B8, 68, 68, D0), \ + V(C3, 41, 41, 82), V(B0, 99, 99, 29), V(77, 2D, 2D, 5A), V(11, 0F, 0F, 1E), \ + V(CB, B0, B0, 7B), V(FC, 54, 54, A8), V(D6, BB, BB, 6D), V(3A, 16, 16, 2C) + +#define V(a, b, c, d) 0x##a##b##c##d static const uint32_t FT0[256] = { FT }; #undef V #if !defined(MBEDTLS_AES_FEWER_TABLES) -#define V(a,b,c,d) 0x##b##c##d##a +#define V(a, b, c, d) 0x##b##c##d##a static const uint32_t FT1[256] = { FT }; #undef V -#define V(a,b,c,d) 0x##c##d##a##b +#define V(a, b, c, d) 0x##c##d##a##b static const uint32_t FT2[256] = { FT }; #undef V -#define V(a,b,c,d) 0x##d##a##b##c +#define V(a, b, c, d) 0x##d##a##b##c static const uint32_t FT3[256] = { FT }; #undef V @@ -231,86 +230,86 @@ static const unsigned char RSb[256] = */ #define RT \ \ - V(50,A7,F4,51), V(53,65,41,7E), V(C3,A4,17,1A), V(96,5E,27,3A), \ - V(CB,6B,AB,3B), V(F1,45,9D,1F), V(AB,58,FA,AC), V(93,03,E3,4B), \ - V(55,FA,30,20), V(F6,6D,76,AD), V(91,76,CC,88), V(25,4C,02,F5), \ - V(FC,D7,E5,4F), V(D7,CB,2A,C5), V(80,44,35,26), V(8F,A3,62,B5), \ - V(49,5A,B1,DE), V(67,1B,BA,25), V(98,0E,EA,45), V(E1,C0,FE,5D), \ - V(02,75,2F,C3), V(12,F0,4C,81), V(A3,97,46,8D), V(C6,F9,D3,6B), \ - V(E7,5F,8F,03), V(95,9C,92,15), V(EB,7A,6D,BF), V(DA,59,52,95), \ - V(2D,83,BE,D4), V(D3,21,74,58), V(29,69,E0,49), V(44,C8,C9,8E), \ - V(6A,89,C2,75), V(78,79,8E,F4), V(6B,3E,58,99), V(DD,71,B9,27), \ - V(B6,4F,E1,BE), V(17,AD,88,F0), V(66,AC,20,C9), V(B4,3A,CE,7D), \ - V(18,4A,DF,63), V(82,31,1A,E5), V(60,33,51,97), V(45,7F,53,62), \ - V(E0,77,64,B1), V(84,AE,6B,BB), V(1C,A0,81,FE), V(94,2B,08,F9), \ - V(58,68,48,70), V(19,FD,45,8F), V(87,6C,DE,94), V(B7,F8,7B,52), \ - V(23,D3,73,AB), V(E2,02,4B,72), V(57,8F,1F,E3), V(2A,AB,55,66), \ - V(07,28,EB,B2), V(03,C2,B5,2F), V(9A,7B,C5,86), V(A5,08,37,D3), \ - V(F2,87,28,30), V(B2,A5,BF,23), V(BA,6A,03,02), V(5C,82,16,ED), \ - V(2B,1C,CF,8A), V(92,B4,79,A7), V(F0,F2,07,F3), V(A1,E2,69,4E), \ - V(CD,F4,DA,65), V(D5,BE,05,06), V(1F,62,34,D1), V(8A,FE,A6,C4), \ - V(9D,53,2E,34), V(A0,55,F3,A2), V(32,E1,8A,05), V(75,EB,F6,A4), \ - V(39,EC,83,0B), V(AA,EF,60,40), V(06,9F,71,5E), V(51,10,6E,BD), \ - V(F9,8A,21,3E), V(3D,06,DD,96), V(AE,05,3E,DD), V(46,BD,E6,4D), \ - V(B5,8D,54,91), V(05,5D,C4,71), V(6F,D4,06,04), V(FF,15,50,60), \ - V(24,FB,98,19), V(97,E9,BD,D6), V(CC,43,40,89), V(77,9E,D9,67), \ - V(BD,42,E8,B0), V(88,8B,89,07), V(38,5B,19,E7), V(DB,EE,C8,79), \ - V(47,0A,7C,A1), V(E9,0F,42,7C), V(C9,1E,84,F8), V(00,00,00,00), \ - V(83,86,80,09), V(48,ED,2B,32), V(AC,70,11,1E), V(4E,72,5A,6C), \ - V(FB,FF,0E,FD), V(56,38,85,0F), V(1E,D5,AE,3D), V(27,39,2D,36), \ - V(64,D9,0F,0A), V(21,A6,5C,68), V(D1,54,5B,9B), V(3A,2E,36,24), \ - V(B1,67,0A,0C), V(0F,E7,57,93), V(D2,96,EE,B4), V(9E,91,9B,1B), \ - V(4F,C5,C0,80), V(A2,20,DC,61), V(69,4B,77,5A), V(16,1A,12,1C), \ - V(0A,BA,93,E2), V(E5,2A,A0,C0), V(43,E0,22,3C), V(1D,17,1B,12), \ - V(0B,0D,09,0E), V(AD,C7,8B,F2), V(B9,A8,B6,2D), V(C8,A9,1E,14), \ - V(85,19,F1,57), V(4C,07,75,AF), V(BB,DD,99,EE), V(FD,60,7F,A3), \ - V(9F,26,01,F7), V(BC,F5,72,5C), V(C5,3B,66,44), V(34,7E,FB,5B), \ - V(76,29,43,8B), V(DC,C6,23,CB), V(68,FC,ED,B6), V(63,F1,E4,B8), \ - V(CA,DC,31,D7), V(10,85,63,42), V(40,22,97,13), V(20,11,C6,84), \ - V(7D,24,4A,85), V(F8,3D,BB,D2), V(11,32,F9,AE), V(6D,A1,29,C7), \ - V(4B,2F,9E,1D), V(F3,30,B2,DC), V(EC,52,86,0D), V(D0,E3,C1,77), \ - V(6C,16,B3,2B), V(99,B9,70,A9), V(FA,48,94,11), V(22,64,E9,47), \ - V(C4,8C,FC,A8), V(1A,3F,F0,A0), V(D8,2C,7D,56), V(EF,90,33,22), \ - V(C7,4E,49,87), V(C1,D1,38,D9), V(FE,A2,CA,8C), V(36,0B,D4,98), \ - V(CF,81,F5,A6), V(28,DE,7A,A5), V(26,8E,B7,DA), V(A4,BF,AD,3F), \ - V(E4,9D,3A,2C), V(0D,92,78,50), V(9B,CC,5F,6A), V(62,46,7E,54), \ - V(C2,13,8D,F6), V(E8,B8,D8,90), V(5E,F7,39,2E), V(F5,AF,C3,82), \ - V(BE,80,5D,9F), V(7C,93,D0,69), V(A9,2D,D5,6F), V(B3,12,25,CF), \ - V(3B,99,AC,C8), V(A7,7D,18,10), V(6E,63,9C,E8), V(7B,BB,3B,DB), \ - V(09,78,26,CD), V(F4,18,59,6E), V(01,B7,9A,EC), V(A8,9A,4F,83), \ - V(65,6E,95,E6), V(7E,E6,FF,AA), V(08,CF,BC,21), V(E6,E8,15,EF), \ - V(D9,9B,E7,BA), V(CE,36,6F,4A), V(D4,09,9F,EA), V(D6,7C,B0,29), \ - V(AF,B2,A4,31), V(31,23,3F,2A), V(30,94,A5,C6), V(C0,66,A2,35), \ - V(37,BC,4E,74), V(A6,CA,82,FC), V(B0,D0,90,E0), V(15,D8,A7,33), \ - V(4A,98,04,F1), V(F7,DA,EC,41), V(0E,50,CD,7F), V(2F,F6,91,17), \ - V(8D,D6,4D,76), V(4D,B0,EF,43), V(54,4D,AA,CC), V(DF,04,96,E4), \ - V(E3,B5,D1,9E), V(1B,88,6A,4C), V(B8,1F,2C,C1), V(7F,51,65,46), \ - V(04,EA,5E,9D), V(5D,35,8C,01), V(73,74,87,FA), V(2E,41,0B,FB), \ - V(5A,1D,67,B3), V(52,D2,DB,92), V(33,56,10,E9), V(13,47,D6,6D), \ - V(8C,61,D7,9A), V(7A,0C,A1,37), V(8E,14,F8,59), V(89,3C,13,EB), \ - V(EE,27,A9,CE), V(35,C9,61,B7), V(ED,E5,1C,E1), V(3C,B1,47,7A), \ - V(59,DF,D2,9C), V(3F,73,F2,55), V(79,CE,14,18), V(BF,37,C7,73), \ - V(EA,CD,F7,53), V(5B,AA,FD,5F), V(14,6F,3D,DF), V(86,DB,44,78), \ - V(81,F3,AF,CA), V(3E,C4,68,B9), V(2C,34,24,38), V(5F,40,A3,C2), \ - V(72,C3,1D,16), V(0C,25,E2,BC), V(8B,49,3C,28), V(41,95,0D,FF), \ - V(71,01,A8,39), V(DE,B3,0C,08), V(9C,E4,B4,D8), V(90,C1,56,64), \ - V(61,84,CB,7B), V(70,B6,32,D5), V(74,5C,6C,48), V(42,57,B8,D0) - -#define V(a,b,c,d) 0x##a##b##c##d + V(50, A7, F4, 51), V(53, 65, 41, 7E), V(C3, A4, 17, 1A), V(96, 5E, 27, 3A), \ + V(CB, 6B, AB, 3B), V(F1, 45, 9D, 1F), V(AB, 58, FA, AC), V(93, 03, E3, 4B), \ + V(55, FA, 30, 20), V(F6, 6D, 76, AD), V(91, 76, CC, 88), V(25, 4C, 02, F5), \ + V(FC, D7, E5, 4F), V(D7, CB, 2A, C5), V(80, 44, 35, 26), V(8F, A3, 62, B5), \ + V(49, 5A, B1, DE), V(67, 1B, BA, 25), V(98, 0E, EA, 45), V(E1, C0, FE, 5D), \ + V(02, 75, 2F, C3), V(12, F0, 4C, 81), V(A3, 97, 46, 8D), V(C6, F9, D3, 6B), \ + V(E7, 5F, 8F, 03), V(95, 9C, 92, 15), V(EB, 7A, 6D, BF), V(DA, 59, 52, 95), \ + V(2D, 83, BE, D4), V(D3, 21, 74, 58), V(29, 69, E0, 49), V(44, C8, C9, 8E), \ + V(6A, 89, C2, 75), V(78, 79, 8E, F4), V(6B, 3E, 58, 99), V(DD, 71, B9, 27), \ + V(B6, 4F, E1, BE), V(17, AD, 88, F0), V(66, AC, 20, C9), V(B4, 3A, CE, 7D), \ + V(18, 4A, DF, 63), V(82, 31, 1A, E5), V(60, 33, 51, 97), V(45, 7F, 53, 62), \ + V(E0, 77, 64, B1), V(84, AE, 6B, BB), V(1C, A0, 81, FE), V(94, 2B, 08, F9), \ + V(58, 68, 48, 70), V(19, FD, 45, 8F), V(87, 6C, DE, 94), V(B7, F8, 7B, 52), \ + V(23, D3, 73, AB), V(E2, 02, 4B, 72), V(57, 8F, 1F, E3), V(2A, AB, 55, 66), \ + V(07, 28, EB, B2), V(03, C2, B5, 2F), V(9A, 7B, C5, 86), V(A5, 08, 37, D3), \ + V(F2, 87, 28, 30), V(B2, A5, BF, 23), V(BA, 6A, 03, 02), V(5C, 82, 16, ED), \ + V(2B, 1C, CF, 8A), V(92, B4, 79, A7), V(F0, F2, 07, F3), V(A1, E2, 69, 4E), \ + V(CD, F4, DA, 65), V(D5, BE, 05, 06), V(1F, 62, 34, D1), V(8A, FE, A6, C4), \ + V(9D, 53, 2E, 34), V(A0, 55, F3, A2), V(32, E1, 8A, 05), V(75, EB, F6, A4), \ + V(39, EC, 83, 0B), V(AA, EF, 60, 40), V(06, 9F, 71, 5E), V(51, 10, 6E, BD), \ + V(F9, 8A, 21, 3E), V(3D, 06, DD, 96), V(AE, 05, 3E, DD), V(46, BD, E6, 4D), \ + V(B5, 8D, 54, 91), V(05, 5D, C4, 71), V(6F, D4, 06, 04), V(FF, 15, 50, 60), \ + V(24, FB, 98, 19), V(97, E9, BD, D6), V(CC, 43, 40, 89), V(77, 9E, D9, 67), \ + V(BD, 42, E8, B0), V(88, 8B, 89, 07), V(38, 5B, 19, E7), V(DB, EE, C8, 79), \ + V(47, 0A, 7C, A1), V(E9, 0F, 42, 7C), V(C9, 1E, 84, F8), V(00, 00, 00, 00), \ + V(83, 86, 80, 09), V(48, ED, 2B, 32), V(AC, 70, 11, 1E), V(4E, 72, 5A, 6C), \ + V(FB, FF, 0E, FD), V(56, 38, 85, 0F), V(1E, D5, AE, 3D), V(27, 39, 2D, 36), \ + V(64, D9, 0F, 0A), V(21, A6, 5C, 68), V(D1, 54, 5B, 9B), V(3A, 2E, 36, 24), \ + V(B1, 67, 0A, 0C), V(0F, E7, 57, 93), V(D2, 96, EE, B4), V(9E, 91, 9B, 1B), \ + V(4F, C5, C0, 80), V(A2, 20, DC, 61), V(69, 4B, 77, 5A), V(16, 1A, 12, 1C), \ + V(0A, BA, 93, E2), V(E5, 2A, A0, C0), V(43, E0, 22, 3C), V(1D, 17, 1B, 12), \ + V(0B, 0D, 09, 0E), V(AD, C7, 8B, F2), V(B9, A8, B6, 2D), V(C8, A9, 1E, 14), \ + V(85, 19, F1, 57), V(4C, 07, 75, AF), V(BB, DD, 99, EE), V(FD, 60, 7F, A3), \ + V(9F, 26, 01, F7), V(BC, F5, 72, 5C), V(C5, 3B, 66, 44), V(34, 7E, FB, 5B), \ + V(76, 29, 43, 8B), V(DC, C6, 23, CB), V(68, FC, ED, B6), V(63, F1, E4, B8), \ + V(CA, DC, 31, D7), V(10, 85, 63, 42), V(40, 22, 97, 13), V(20, 11, C6, 84), \ + V(7D, 24, 4A, 85), V(F8, 3D, BB, D2), V(11, 32, F9, AE), V(6D, A1, 29, C7), \ + V(4B, 2F, 9E, 1D), V(F3, 30, B2, DC), V(EC, 52, 86, 0D), V(D0, E3, C1, 77), \ + V(6C, 16, B3, 2B), V(99, B9, 70, A9), V(FA, 48, 94, 11), V(22, 64, E9, 47), \ + V(C4, 8C, FC, A8), V(1A, 3F, F0, A0), V(D8, 2C, 7D, 56), V(EF, 90, 33, 22), \ + V(C7, 4E, 49, 87), V(C1, D1, 38, D9), V(FE, A2, CA, 8C), V(36, 0B, D4, 98), \ + V(CF, 81, F5, A6), V(28, DE, 7A, A5), V(26, 8E, B7, DA), V(A4, BF, AD, 3F), \ + V(E4, 9D, 3A, 2C), V(0D, 92, 78, 50), V(9B, CC, 5F, 6A), V(62, 46, 7E, 54), \ + V(C2, 13, 8D, F6), V(E8, B8, D8, 90), V(5E, F7, 39, 2E), V(F5, AF, C3, 82), \ + V(BE, 80, 5D, 9F), V(7C, 93, D0, 69), V(A9, 2D, D5, 6F), V(B3, 12, 25, CF), \ + V(3B, 99, AC, C8), V(A7, 7D, 18, 10), V(6E, 63, 9C, E8), V(7B, BB, 3B, DB), \ + V(09, 78, 26, CD), V(F4, 18, 59, 6E), V(01, B7, 9A, EC), V(A8, 9A, 4F, 83), \ + V(65, 6E, 95, E6), V(7E, E6, FF, AA), V(08, CF, BC, 21), V(E6, E8, 15, EF), \ + V(D9, 9B, E7, BA), V(CE, 36, 6F, 4A), V(D4, 09, 9F, EA), V(D6, 7C, B0, 29), \ + V(AF, B2, A4, 31), V(31, 23, 3F, 2A), V(30, 94, A5, C6), V(C0, 66, A2, 35), \ + V(37, BC, 4E, 74), V(A6, CA, 82, FC), V(B0, D0, 90, E0), V(15, D8, A7, 33), \ + V(4A, 98, 04, F1), V(F7, DA, EC, 41), V(0E, 50, CD, 7F), V(2F, F6, 91, 17), \ + V(8D, D6, 4D, 76), V(4D, B0, EF, 43), V(54, 4D, AA, CC), V(DF, 04, 96, E4), \ + V(E3, B5, D1, 9E), V(1B, 88, 6A, 4C), V(B8, 1F, 2C, C1), V(7F, 51, 65, 46), \ + V(04, EA, 5E, 9D), V(5D, 35, 8C, 01), V(73, 74, 87, FA), V(2E, 41, 0B, FB), \ + V(5A, 1D, 67, B3), V(52, D2, DB, 92), V(33, 56, 10, E9), V(13, 47, D6, 6D), \ + V(8C, 61, D7, 9A), V(7A, 0C, A1, 37), V(8E, 14, F8, 59), V(89, 3C, 13, EB), \ + V(EE, 27, A9, CE), V(35, C9, 61, B7), V(ED, E5, 1C, E1), V(3C, B1, 47, 7A), \ + V(59, DF, D2, 9C), V(3F, 73, F2, 55), V(79, CE, 14, 18), V(BF, 37, C7, 73), \ + V(EA, CD, F7, 53), V(5B, AA, FD, 5F), V(14, 6F, 3D, DF), V(86, DB, 44, 78), \ + V(81, F3, AF, CA), V(3E, C4, 68, B9), V(2C, 34, 24, 38), V(5F, 40, A3, C2), \ + V(72, C3, 1D, 16), V(0C, 25, E2, BC), V(8B, 49, 3C, 28), V(41, 95, 0D, FF), \ + V(71, 01, A8, 39), V(DE, B3, 0C, 08), V(9C, E4, B4, D8), V(90, C1, 56, 64), \ + V(61, 84, CB, 7B), V(70, B6, 32, D5), V(74, 5C, 6C, 48), V(42, 57, B8, D0) + +#define V(a, b, c, d) 0x##a##b##c##d static const uint32_t RT0[256] = { RT }; #undef V #if !defined(MBEDTLS_AES_FEWER_TABLES) -#define V(a,b,c,d) 0x##b##c##d##a +#define V(a, b, c, d) 0x##b##c##d##a static const uint32_t RT1[256] = { RT }; #undef V -#define V(a,b,c,d) 0x##c##d##a##b +#define V(a, b, c, d) 0x##c##d##a##b static const uint32_t RT2[256] = { RT }; #undef V -#define V(a,b,c,d) 0x##d##a##b##c +#define V(a, b, c, d) 0x##d##a##b##c static const uint32_t RT3[256] = { RT }; #undef V @@ -360,13 +359,13 @@ static uint32_t RCON[10]; /* * Tables generation code */ -#define ROTL8(x) ( ( (x) << 8 ) & 0xFFFFFFFF ) | ( (x) >> 24 ) -#define XTIME(x) ( ( (x) << 1 ) ^ ( ( (x) & 0x80 ) ? 0x1B : 0x00 ) ) -#define MUL(x,y) ( ( (x) && (y) ) ? pow[(log[(x)]+log[(y)]) % 255] : 0 ) +#define ROTL8(x) (((x) << 8) & 0xFFFFFFFF) | ((x) >> 24) +#define XTIME(x) (((x) << 1) ^ (((x) & 0x80) ? 0x1B : 0x00)) +#define MUL(x, y) (((x) && (y)) ? pow[(log[(x)]+log[(y)]) % 255] : 0) static int aes_init_done = 0; -static void aes_gen_tables( void ) +static void aes_gen_tables(void) { int i, x, y, z; int pow[256]; @@ -375,20 +374,18 @@ static void aes_gen_tables( void ) /* * compute pow and log tables over GF(2^8) */ - for( i = 0, x = 1; i < 256; i++ ) - { + for (i = 0, x = 1; i < 256; i++) { pow[i] = x; log[x] = i; - x = MBEDTLS_BYTE_0( x ^ XTIME( x ) ); + x = MBEDTLS_BYTE_0(x ^ XTIME(x)); } /* * calculate the round constants */ - for( i = 0, x = 1; i < 10; i++ ) - { + for (i = 0, x = 1; i < 10; i++) { RCON[i] = (uint32_t) x; - x = MBEDTLS_BYTE_0( XTIME( x ) ); + x = MBEDTLS_BYTE_0(XTIME(x)); } /* @@ -397,14 +394,13 @@ static void aes_gen_tables( void ) FSb[0x00] = 0x63; RSb[0x63] = 0x00; - for( i = 1; i < 256; i++ ) - { + for (i = 1; i < 256; i++) { x = pow[255 - log[i]]; - y = x; y = MBEDTLS_BYTE_0( ( y << 1 ) | ( y >> 7 ) ); - x ^= y; y = MBEDTLS_BYTE_0( ( y << 1 ) | ( y >> 7 ) ); - x ^= y; y = MBEDTLS_BYTE_0( ( y << 1 ) | ( y >> 7 ) ); - x ^= y; y = MBEDTLS_BYTE_0( ( y << 1 ) | ( y >> 7 ) ); + y = x; y = MBEDTLS_BYTE_0((y << 1) | (y >> 7)); + x ^= y; y = MBEDTLS_BYTE_0((y << 1) | (y >> 7)); + x ^= y; y = MBEDTLS_BYTE_0((y << 1) | (y >> 7)); + x ^= y; y = MBEDTLS_BYTE_0((y << 1) | (y >> 7)); x ^= y ^ 0x63; FSb[i] = (unsigned char) x; @@ -414,34 +410,33 @@ static void aes_gen_tables( void ) /* * generate the forward and reverse tables */ - for( i = 0; i < 256; i++ ) - { + for (i = 0; i < 256; i++) { x = FSb[i]; - y = MBEDTLS_BYTE_0( XTIME( x ) ); - z = MBEDTLS_BYTE_0( y ^ x ); + y = MBEDTLS_BYTE_0(XTIME(x)); + z = MBEDTLS_BYTE_0(y ^ x); - FT0[i] = ( (uint32_t) y ) ^ - ( (uint32_t) x << 8 ) ^ - ( (uint32_t) x << 16 ) ^ - ( (uint32_t) z << 24 ); + FT0[i] = ((uint32_t) y) ^ + ((uint32_t) x << 8) ^ + ((uint32_t) x << 16) ^ + ((uint32_t) z << 24); #if !defined(MBEDTLS_AES_FEWER_TABLES) - FT1[i] = ROTL8( FT0[i] ); - FT2[i] = ROTL8( FT1[i] ); - FT3[i] = ROTL8( FT2[i] ); + FT1[i] = ROTL8(FT0[i]); + FT2[i] = ROTL8(FT1[i]); + FT3[i] = ROTL8(FT2[i]); #endif /* !MBEDTLS_AES_FEWER_TABLES */ x = RSb[i]; - RT0[i] = ( (uint32_t) MUL( 0x0E, x ) ) ^ - ( (uint32_t) MUL( 0x09, x ) << 8 ) ^ - ( (uint32_t) MUL( 0x0D, x ) << 16 ) ^ - ( (uint32_t) MUL( 0x0B, x ) << 24 ); + RT0[i] = ((uint32_t) MUL(0x0E, x)) ^ + ((uint32_t) MUL(0x09, x) << 8) ^ + ((uint32_t) MUL(0x0D, x) << 16) ^ + ((uint32_t) MUL(0x0B, x) << 24); #if !defined(MBEDTLS_AES_FEWER_TABLES) - RT1[i] = ROTL8( RT0[i] ); - RT2[i] = ROTL8( RT1[i] ); - RT3[i] = ROTL8( RT2[i] ); + RT1[i] = ROTL8(RT0[i]); + RT2[i] = ROTL8(RT1[i]); + RT3[i] = ROTL8(RT2[i]); #endif /* !MBEDTLS_AES_FEWER_TABLES */ } } @@ -452,19 +447,19 @@ static void aes_gen_tables( void ) #if defined(MBEDTLS_AES_FEWER_TABLES) -#define ROTL8(x) ( (uint32_t)( ( x ) << 8 ) + (uint32_t)( ( x ) >> 24 ) ) -#define ROTL16(x) ( (uint32_t)( ( x ) << 16 ) + (uint32_t)( ( x ) >> 16 ) ) -#define ROTL24(x) ( (uint32_t)( ( x ) << 24 ) + (uint32_t)( ( x ) >> 8 ) ) +#define ROTL8(x) ((uint32_t) ((x) << 8) + (uint32_t) ((x) >> 24)) +#define ROTL16(x) ((uint32_t) ((x) << 16) + (uint32_t) ((x) >> 16)) +#define ROTL24(x) ((uint32_t) ((x) << 24) + (uint32_t) ((x) >> 8)) #define AES_RT0(idx) RT0[idx] -#define AES_RT1(idx) ROTL8( RT0[idx] ) -#define AES_RT2(idx) ROTL16( RT0[idx] ) -#define AES_RT3(idx) ROTL24( RT0[idx] ) +#define AES_RT1(idx) ROTL8(RT0[idx]) +#define AES_RT2(idx) ROTL16(RT0[idx]) +#define AES_RT3(idx) ROTL24(RT0[idx]) #define AES_FT0(idx) FT0[idx] -#define AES_FT1(idx) ROTL8( FT0[idx] ) -#define AES_FT2(idx) ROTL16( FT0[idx] ) -#define AES_FT3(idx) ROTL24( FT0[idx] ) +#define AES_FT1(idx) ROTL8(FT0[idx]) +#define AES_FT2(idx) ROTL16(FT0[idx]) +#define AES_FT3(idx) ROTL24(FT0[idx]) #else /* MBEDTLS_AES_FEWER_TABLES */ @@ -480,100 +475,137 @@ static void aes_gen_tables( void ) #endif /* MBEDTLS_AES_FEWER_TABLES */ -void mbedtls_aes_init( mbedtls_aes_context *ctx ) +void mbedtls_aes_init(mbedtls_aes_context *ctx) { - AES_VALIDATE( ctx != NULL ); + AES_VALIDATE(ctx != NULL); - memset( ctx, 0, sizeof( mbedtls_aes_context ) ); + memset(ctx, 0, sizeof(mbedtls_aes_context)); } -void mbedtls_aes_free( mbedtls_aes_context *ctx ) +void mbedtls_aes_free(mbedtls_aes_context *ctx) { - if( ctx == NULL ) + if (ctx == NULL) { return; + } - mbedtls_platform_zeroize( ctx, sizeof( mbedtls_aes_context ) ); + mbedtls_platform_zeroize(ctx, sizeof(mbedtls_aes_context)); } #if defined(MBEDTLS_CIPHER_MODE_XTS) -void mbedtls_aes_xts_init( mbedtls_aes_xts_context *ctx ) +void mbedtls_aes_xts_init(mbedtls_aes_xts_context *ctx) { - AES_VALIDATE( ctx != NULL ); + AES_VALIDATE(ctx != NULL); - mbedtls_aes_init( &ctx->crypt ); - mbedtls_aes_init( &ctx->tweak ); + mbedtls_aes_init(&ctx->crypt); + mbedtls_aes_init(&ctx->tweak); } -void mbedtls_aes_xts_free( mbedtls_aes_xts_context *ctx ) +void mbedtls_aes_xts_free(mbedtls_aes_xts_context *ctx) { - if( ctx == NULL ) + if (ctx == NULL) { return; + } - mbedtls_aes_free( &ctx->crypt ); - mbedtls_aes_free( &ctx->tweak ); + mbedtls_aes_free(&ctx->crypt); + mbedtls_aes_free(&ctx->tweak); } #endif /* MBEDTLS_CIPHER_MODE_XTS */ +/* Some implementations need the round keys to be aligned. + * Return an offset to be added to buf, such that (buf + offset) is + * correctly aligned. + * Note that the offset is in units of elements of buf, i.e. 32-bit words, + * i.e. an offset of 1 means 4 bytes and so on. + */ +#if (defined(MBEDTLS_PADLOCK_C) && defined(MBEDTLS_HAVE_X86)) || \ + (defined(MBEDTLS_AESNI_C) && MBEDTLS_AESNI_HAVE_CODE == 2) +#define MAY_NEED_TO_ALIGN +#endif +static unsigned mbedtls_aes_rk_offset(uint32_t *buf) +{ +#if defined(MAY_NEED_TO_ALIGN) + int align_16_bytes = 0; + +#if defined(MBEDTLS_PADLOCK_C) && defined(MBEDTLS_HAVE_X86) + if (aes_padlock_ace == -1) { + aes_padlock_ace = mbedtls_padlock_has_support(MBEDTLS_PADLOCK_ACE); + } + if (aes_padlock_ace) { + align_16_bytes = 1; + } +#endif + +#if defined(MBEDTLS_AESNI_C) && MBEDTLS_AESNI_HAVE_CODE == 2 + if (mbedtls_aesni_has_support(MBEDTLS_AESNI_AES)) { + align_16_bytes = 1; + } +#endif + + if (align_16_bytes) { + /* These implementations needs 16-byte alignment + * for the round key array. */ + unsigned delta = ((uintptr_t) buf & 0x0000000fU) / 4; + if (delta == 0) { + return 0; + } else { + return 4 - delta; // 16 bytes = 4 uint32_t + } + } +#else /* MAY_NEED_TO_ALIGN */ + (void) buf; +#endif /* MAY_NEED_TO_ALIGN */ + + return 0; +} + /* * AES key schedule (encryption) */ #if !defined(MBEDTLS_AES_SETKEY_ENC_ALT) -int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key, - unsigned int keybits ) +int mbedtls_aes_setkey_enc(mbedtls_aes_context *ctx, const unsigned char *key, + unsigned int keybits) { unsigned int i; uint32_t *RK; - AES_VALIDATE_RET( ctx != NULL ); - AES_VALIDATE_RET( key != NULL ); + AES_VALIDATE_RET(ctx != NULL); + AES_VALIDATE_RET(key != NULL); - switch( keybits ) - { + switch (keybits) { case 128: ctx->nr = 10; break; case 192: ctx->nr = 12; break; case 256: ctx->nr = 14; break; - default : return( MBEDTLS_ERR_AES_INVALID_KEY_LENGTH ); + default: return MBEDTLS_ERR_AES_INVALID_KEY_LENGTH; } #if !defined(MBEDTLS_AES_ROM_TABLES) - if( aes_init_done == 0 ) - { + if (aes_init_done == 0) { aes_gen_tables(); aes_init_done = 1; } #endif -#if defined(MBEDTLS_PADLOCK_C) && defined(MBEDTLS_PADLOCK_ALIGN16) - if( aes_padlock_ace == -1 ) - aes_padlock_ace = mbedtls_padlock_has_support( MBEDTLS_PADLOCK_ACE ); + ctx->rk = RK = ctx->buf + mbedtls_aes_rk_offset(ctx->buf); - if( aes_padlock_ace ) - ctx->rk = RK = MBEDTLS_PADLOCK_ALIGN16( ctx->buf ); - else -#endif - ctx->rk = RK = ctx->buf; - -#if defined(MBEDTLS_AESNI_C) && defined(MBEDTLS_HAVE_X86_64) - if( mbedtls_aesni_has_support( MBEDTLS_AESNI_AES ) ) - return( mbedtls_aesni_setkey_enc( (unsigned char *) ctx->rk, key, keybits ) ); +#if defined(MBEDTLS_AESNI_HAVE_CODE) + if (mbedtls_aesni_has_support(MBEDTLS_AESNI_AES)) { + return mbedtls_aesni_setkey_enc((unsigned char *) ctx->rk, key, keybits); + } #endif - for( i = 0; i < ( keybits >> 5 ); i++ ) - { - RK[i] = MBEDTLS_GET_UINT32_LE( key, i << 2 ); + for (i = 0; i < (keybits >> 5); i++) { + RK[i] = MBEDTLS_GET_UINT32_LE(key, i << 2); } - switch( ctx->nr ) - { + switch (ctx->nr) { case 10: - for( i = 0; i < 10; i++, RK += 4 ) - { + for (i = 0; i < 10; i++, RK += 4) { RK[4] = RK[0] ^ RCON[i] ^ - ( (uint32_t) FSb[ MBEDTLS_BYTE_1( RK[3] ) ] ) ^ - ( (uint32_t) FSb[ MBEDTLS_BYTE_2( RK[3] ) ] << 8 ) ^ - ( (uint32_t) FSb[ MBEDTLS_BYTE_3( RK[3] ) ] << 16 ) ^ - ( (uint32_t) FSb[ MBEDTLS_BYTE_0( RK[3] ) ] << 24 ); + ((uint32_t) FSb[MBEDTLS_BYTE_1(RK[3])]) ^ + ((uint32_t) FSb[MBEDTLS_BYTE_2(RK[3])] << 8) ^ + ((uint32_t) FSb[MBEDTLS_BYTE_3(RK[3])] << 16) ^ + ((uint32_t) FSb[MBEDTLS_BYTE_0(RK[3])] << 24); RK[5] = RK[1] ^ RK[4]; RK[6] = RK[2] ^ RK[5]; @@ -583,13 +615,12 @@ int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key, case 12: - for( i = 0; i < 8; i++, RK += 6 ) - { + for (i = 0; i < 8; i++, RK += 6) { RK[6] = RK[0] ^ RCON[i] ^ - ( (uint32_t) FSb[ MBEDTLS_BYTE_1( RK[5] ) ] ) ^ - ( (uint32_t) FSb[ MBEDTLS_BYTE_2( RK[5] ) ] << 8 ) ^ - ( (uint32_t) FSb[ MBEDTLS_BYTE_3( RK[5] ) ] << 16 ) ^ - ( (uint32_t) FSb[ MBEDTLS_BYTE_0( RK[5] ) ] << 24 ); + ((uint32_t) FSb[MBEDTLS_BYTE_1(RK[5])]) ^ + ((uint32_t) FSb[MBEDTLS_BYTE_2(RK[5])] << 8) ^ + ((uint32_t) FSb[MBEDTLS_BYTE_3(RK[5])] << 16) ^ + ((uint32_t) FSb[MBEDTLS_BYTE_0(RK[5])] << 24); RK[7] = RK[1] ^ RK[6]; RK[8] = RK[2] ^ RK[7]; @@ -601,23 +632,22 @@ int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key, case 14: - for( i = 0; i < 7; i++, RK += 8 ) - { + for (i = 0; i < 7; i++, RK += 8) { RK[8] = RK[0] ^ RCON[i] ^ - ( (uint32_t) FSb[ MBEDTLS_BYTE_1( RK[7] ) ] ) ^ - ( (uint32_t) FSb[ MBEDTLS_BYTE_2( RK[7] ) ] << 8 ) ^ - ( (uint32_t) FSb[ MBEDTLS_BYTE_3( RK[7] ) ] << 16 ) ^ - ( (uint32_t) FSb[ MBEDTLS_BYTE_0( RK[7] ) ] << 24 ); + ((uint32_t) FSb[MBEDTLS_BYTE_1(RK[7])]) ^ + ((uint32_t) FSb[MBEDTLS_BYTE_2(RK[7])] << 8) ^ + ((uint32_t) FSb[MBEDTLS_BYTE_3(RK[7])] << 16) ^ + ((uint32_t) FSb[MBEDTLS_BYTE_0(RK[7])] << 24); RK[9] = RK[1] ^ RK[8]; RK[10] = RK[2] ^ RK[9]; RK[11] = RK[3] ^ RK[10]; RK[12] = RK[4] ^ - ( (uint32_t) FSb[ MBEDTLS_BYTE_0( RK[11] ) ] ) ^ - ( (uint32_t) FSb[ MBEDTLS_BYTE_1( RK[11] ) ] << 8 ) ^ - ( (uint32_t) FSb[ MBEDTLS_BYTE_2( RK[11] ) ] << 16 ) ^ - ( (uint32_t) FSb[ MBEDTLS_BYTE_3( RK[11] ) ] << 24 ); + ((uint32_t) FSb[MBEDTLS_BYTE_0(RK[11])]) ^ + ((uint32_t) FSb[MBEDTLS_BYTE_1(RK[11])] << 8) ^ + ((uint32_t) FSb[MBEDTLS_BYTE_2(RK[11])] << 16) ^ + ((uint32_t) FSb[MBEDTLS_BYTE_3(RK[11])] << 24); RK[13] = RK[5] ^ RK[12]; RK[14] = RK[6] ^ RK[13]; @@ -626,7 +656,7 @@ int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key, break; } - return( 0 ); + return 0; } #endif /* !MBEDTLS_AES_SETKEY_ENC_ALT */ @@ -634,40 +664,32 @@ int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key, * AES key schedule (decryption) */ #if !defined(MBEDTLS_AES_SETKEY_DEC_ALT) -int mbedtls_aes_setkey_dec( mbedtls_aes_context *ctx, const unsigned char *key, - unsigned int keybits ) +int mbedtls_aes_setkey_dec(mbedtls_aes_context *ctx, const unsigned char *key, + unsigned int keybits) { int i, j, ret; mbedtls_aes_context cty; uint32_t *RK; uint32_t *SK; - AES_VALIDATE_RET( ctx != NULL ); - AES_VALIDATE_RET( key != NULL ); + AES_VALIDATE_RET(ctx != NULL); + AES_VALIDATE_RET(key != NULL); - mbedtls_aes_init( &cty ); + mbedtls_aes_init(&cty); -#if defined(MBEDTLS_PADLOCK_C) && defined(MBEDTLS_PADLOCK_ALIGN16) - if( aes_padlock_ace == -1 ) - aes_padlock_ace = mbedtls_padlock_has_support( MBEDTLS_PADLOCK_ACE ); - - if( aes_padlock_ace ) - ctx->rk = RK = MBEDTLS_PADLOCK_ALIGN16( ctx->buf ); - else -#endif - ctx->rk = RK = ctx->buf; + ctx->rk = RK = ctx->buf + mbedtls_aes_rk_offset(ctx->buf); /* Also checks keybits */ - if( ( ret = mbedtls_aes_setkey_enc( &cty, key, keybits ) ) != 0 ) + if ((ret = mbedtls_aes_setkey_enc(&cty, key, keybits)) != 0) { goto exit; + } ctx->nr = cty.nr; -#if defined(MBEDTLS_AESNI_C) && defined(MBEDTLS_HAVE_X86_64) - if( mbedtls_aesni_has_support( MBEDTLS_AESNI_AES ) ) - { - mbedtls_aesni_inverse_key( (unsigned char *) ctx->rk, - (const unsigned char *) cty.rk, ctx->nr ); +#if defined(MBEDTLS_AESNI_HAVE_CODE) + if (mbedtls_aesni_has_support(MBEDTLS_AESNI_AES)) { + mbedtls_aesni_inverse_key((unsigned char *) ctx->rk, + (const unsigned char *) cty.rk, ctx->nr); goto exit; } #endif @@ -679,14 +701,12 @@ int mbedtls_aes_setkey_dec( mbedtls_aes_context *ctx, const unsigned char *key, *RK++ = *SK++; *RK++ = *SK++; - for( i = ctx->nr - 1, SK -= 8; i > 0; i--, SK -= 8 ) - { - for( j = 0; j < 4; j++, SK++ ) - { - *RK++ = AES_RT0( FSb[ MBEDTLS_BYTE_0( *SK ) ] ) ^ - AES_RT1( FSb[ MBEDTLS_BYTE_1( *SK ) ] ) ^ - AES_RT2( FSb[ MBEDTLS_BYTE_2( *SK ) ] ) ^ - AES_RT3( FSb[ MBEDTLS_BYTE_3( *SK ) ] ); + for (i = ctx->nr - 1, SK -= 8; i > 0; i--, SK -= 8) { + for (j = 0; j < 4; j++, SK++) { + *RK++ = AES_RT0(FSb[MBEDTLS_BYTE_0(*SK)]) ^ + AES_RT1(FSb[MBEDTLS_BYTE_1(*SK)]) ^ + AES_RT2(FSb[MBEDTLS_BYTE_2(*SK)]) ^ + AES_RT3(FSb[MBEDTLS_BYTE_3(*SK)]); } } @@ -696,28 +716,27 @@ int mbedtls_aes_setkey_dec( mbedtls_aes_context *ctx, const unsigned char *key, *RK++ = *SK++; exit: - mbedtls_aes_free( &cty ); + mbedtls_aes_free(&cty); - return( ret ); + return ret; } #endif /* !MBEDTLS_AES_SETKEY_DEC_ALT */ #if defined(MBEDTLS_CIPHER_MODE_XTS) -static int mbedtls_aes_xts_decode_keys( const unsigned char *key, - unsigned int keybits, - const unsigned char **key1, - unsigned int *key1bits, - const unsigned char **key2, - unsigned int *key2bits ) +static int mbedtls_aes_xts_decode_keys(const unsigned char *key, + unsigned int keybits, + const unsigned char **key1, + unsigned int *key1bits, + const unsigned char **key2, + unsigned int *key2bits) { const unsigned int half_keybits = keybits / 2; const unsigned int half_keybytes = half_keybits / 8; - switch( keybits ) - { + switch (keybits) { case 256: break; case 512: break; - default : return( MBEDTLS_ERR_AES_INVALID_KEY_LENGTH ); + default: return MBEDTLS_ERR_AES_INVALID_KEY_LENGTH; } *key1bits = half_keybits; @@ -728,175 +747,177 @@ static int mbedtls_aes_xts_decode_keys( const unsigned char *key, return 0; } -int mbedtls_aes_xts_setkey_enc( mbedtls_aes_xts_context *ctx, - const unsigned char *key, - unsigned int keybits) +int mbedtls_aes_xts_setkey_enc(mbedtls_aes_xts_context *ctx, + const unsigned char *key, + unsigned int keybits) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; const unsigned char *key1, *key2; unsigned int key1bits, key2bits; - AES_VALIDATE_RET( ctx != NULL ); - AES_VALIDATE_RET( key != NULL ); + AES_VALIDATE_RET(ctx != NULL); + AES_VALIDATE_RET(key != NULL); - ret = mbedtls_aes_xts_decode_keys( key, keybits, &key1, &key1bits, - &key2, &key2bits ); - if( ret != 0 ) - return( ret ); + ret = mbedtls_aes_xts_decode_keys(key, keybits, &key1, &key1bits, + &key2, &key2bits); + if (ret != 0) { + return ret; + } /* Set the tweak key. Always set tweak key for the encryption mode. */ - ret = mbedtls_aes_setkey_enc( &ctx->tweak, key2, key2bits ); - if( ret != 0 ) - return( ret ); + ret = mbedtls_aes_setkey_enc(&ctx->tweak, key2, key2bits); + if (ret != 0) { + return ret; + } /* Set crypt key for encryption. */ - return mbedtls_aes_setkey_enc( &ctx->crypt, key1, key1bits ); + return mbedtls_aes_setkey_enc(&ctx->crypt, key1, key1bits); } -int mbedtls_aes_xts_setkey_dec( mbedtls_aes_xts_context *ctx, - const unsigned char *key, - unsigned int keybits) +int mbedtls_aes_xts_setkey_dec(mbedtls_aes_xts_context *ctx, + const unsigned char *key, + unsigned int keybits) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; const unsigned char *key1, *key2; unsigned int key1bits, key2bits; - AES_VALIDATE_RET( ctx != NULL ); - AES_VALIDATE_RET( key != NULL ); + AES_VALIDATE_RET(ctx != NULL); + AES_VALIDATE_RET(key != NULL); - ret = mbedtls_aes_xts_decode_keys( key, keybits, &key1, &key1bits, - &key2, &key2bits ); - if( ret != 0 ) - return( ret ); + ret = mbedtls_aes_xts_decode_keys(key, keybits, &key1, &key1bits, + &key2, &key2bits); + if (ret != 0) { + return ret; + } /* Set the tweak key. Always set tweak key for encryption. */ - ret = mbedtls_aes_setkey_enc( &ctx->tweak, key2, key2bits ); - if( ret != 0 ) - return( ret ); + ret = mbedtls_aes_setkey_enc(&ctx->tweak, key2, key2bits); + if (ret != 0) { + return ret; + } /* Set crypt key for decryption. */ - return mbedtls_aes_setkey_dec( &ctx->crypt, key1, key1bits ); + return mbedtls_aes_setkey_dec(&ctx->crypt, key1, key1bits); } #endif /* MBEDTLS_CIPHER_MODE_XTS */ -#define AES_FROUND(X0,X1,X2,X3,Y0,Y1,Y2,Y3) \ +#define AES_FROUND(X0, X1, X2, X3, Y0, Y1, Y2, Y3) \ do \ { \ - (X0) = *RK++ ^ AES_FT0( MBEDTLS_BYTE_0( Y0 ) ) ^ \ - AES_FT1( MBEDTLS_BYTE_1( Y1 ) ) ^ \ - AES_FT2( MBEDTLS_BYTE_2( Y2 ) ) ^ \ - AES_FT3( MBEDTLS_BYTE_3( Y3 ) ); \ + (X0) = *RK++ ^ AES_FT0(MBEDTLS_BYTE_0(Y0)) ^ \ + AES_FT1(MBEDTLS_BYTE_1(Y1)) ^ \ + AES_FT2(MBEDTLS_BYTE_2(Y2)) ^ \ + AES_FT3(MBEDTLS_BYTE_3(Y3)); \ \ - (X1) = *RK++ ^ AES_FT0( MBEDTLS_BYTE_0( Y1 ) ) ^ \ - AES_FT1( MBEDTLS_BYTE_1( Y2 ) ) ^ \ - AES_FT2( MBEDTLS_BYTE_2( Y3 ) ) ^ \ - AES_FT3( MBEDTLS_BYTE_3( Y0 ) ); \ + (X1) = *RK++ ^ AES_FT0(MBEDTLS_BYTE_0(Y1)) ^ \ + AES_FT1(MBEDTLS_BYTE_1(Y2)) ^ \ + AES_FT2(MBEDTLS_BYTE_2(Y3)) ^ \ + AES_FT3(MBEDTLS_BYTE_3(Y0)); \ \ - (X2) = *RK++ ^ AES_FT0( MBEDTLS_BYTE_0( Y2 ) ) ^ \ - AES_FT1( MBEDTLS_BYTE_1( Y3 ) ) ^ \ - AES_FT2( MBEDTLS_BYTE_2( Y0 ) ) ^ \ - AES_FT3( MBEDTLS_BYTE_3( Y1 ) ); \ + (X2) = *RK++ ^ AES_FT0(MBEDTLS_BYTE_0(Y2)) ^ \ + AES_FT1(MBEDTLS_BYTE_1(Y3)) ^ \ + AES_FT2(MBEDTLS_BYTE_2(Y0)) ^ \ + AES_FT3(MBEDTLS_BYTE_3(Y1)); \ \ - (X3) = *RK++ ^ AES_FT0( MBEDTLS_BYTE_0( Y3 ) ) ^ \ - AES_FT1( MBEDTLS_BYTE_1( Y0 ) ) ^ \ - AES_FT2( MBEDTLS_BYTE_2( Y1 ) ) ^ \ - AES_FT3( MBEDTLS_BYTE_3( Y2 ) ); \ - } while( 0 ) + (X3) = *RK++ ^ AES_FT0(MBEDTLS_BYTE_0(Y3)) ^ \ + AES_FT1(MBEDTLS_BYTE_1(Y0)) ^ \ + AES_FT2(MBEDTLS_BYTE_2(Y1)) ^ \ + AES_FT3(MBEDTLS_BYTE_3(Y2)); \ + } while (0) -#define AES_RROUND(X0,X1,X2,X3,Y0,Y1,Y2,Y3) \ +#define AES_RROUND(X0, X1, X2, X3, Y0, Y1, Y2, Y3) \ do \ { \ - (X0) = *RK++ ^ AES_RT0( MBEDTLS_BYTE_0( Y0 ) ) ^ \ - AES_RT1( MBEDTLS_BYTE_1( Y3 ) ) ^ \ - AES_RT2( MBEDTLS_BYTE_2( Y2 ) ) ^ \ - AES_RT3( MBEDTLS_BYTE_3( Y1 ) ); \ + (X0) = *RK++ ^ AES_RT0(MBEDTLS_BYTE_0(Y0)) ^ \ + AES_RT1(MBEDTLS_BYTE_1(Y3)) ^ \ + AES_RT2(MBEDTLS_BYTE_2(Y2)) ^ \ + AES_RT3(MBEDTLS_BYTE_3(Y1)); \ \ - (X1) = *RK++ ^ AES_RT0( MBEDTLS_BYTE_0( Y1 ) ) ^ \ - AES_RT1( MBEDTLS_BYTE_1( Y0 ) ) ^ \ - AES_RT2( MBEDTLS_BYTE_2( Y3 ) ) ^ \ - AES_RT3( MBEDTLS_BYTE_3( Y2 ) ); \ + (X1) = *RK++ ^ AES_RT0(MBEDTLS_BYTE_0(Y1)) ^ \ + AES_RT1(MBEDTLS_BYTE_1(Y0)) ^ \ + AES_RT2(MBEDTLS_BYTE_2(Y3)) ^ \ + AES_RT3(MBEDTLS_BYTE_3(Y2)); \ \ - (X2) = *RK++ ^ AES_RT0( MBEDTLS_BYTE_0( Y2 ) ) ^ \ - AES_RT1( MBEDTLS_BYTE_1( Y1 ) ) ^ \ - AES_RT2( MBEDTLS_BYTE_2( Y0 ) ) ^ \ - AES_RT3( MBEDTLS_BYTE_3( Y3 ) ); \ + (X2) = *RK++ ^ AES_RT0(MBEDTLS_BYTE_0(Y2)) ^ \ + AES_RT1(MBEDTLS_BYTE_1(Y1)) ^ \ + AES_RT2(MBEDTLS_BYTE_2(Y0)) ^ \ + AES_RT3(MBEDTLS_BYTE_3(Y3)); \ \ - (X3) = *RK++ ^ AES_RT0( MBEDTLS_BYTE_0( Y3 ) ) ^ \ - AES_RT1( MBEDTLS_BYTE_1( Y2 ) ) ^ \ - AES_RT2( MBEDTLS_BYTE_2( Y1 ) ) ^ \ - AES_RT3( MBEDTLS_BYTE_3( Y0 ) ); \ - } while( 0 ) + (X3) = *RK++ ^ AES_RT0(MBEDTLS_BYTE_0(Y3)) ^ \ + AES_RT1(MBEDTLS_BYTE_1(Y2)) ^ \ + AES_RT2(MBEDTLS_BYTE_2(Y1)) ^ \ + AES_RT3(MBEDTLS_BYTE_3(Y0)); \ + } while (0) /* * AES-ECB block encryption */ #if !defined(MBEDTLS_AES_ENCRYPT_ALT) -int mbedtls_internal_aes_encrypt( mbedtls_aes_context *ctx, - const unsigned char input[16], - unsigned char output[16] ) +int mbedtls_internal_aes_encrypt(mbedtls_aes_context *ctx, + const unsigned char input[16], + unsigned char output[16]) { int i; uint32_t *RK = ctx->rk; - struct - { + struct { uint32_t X[4]; uint32_t Y[4]; } t; - t.X[0] = MBEDTLS_GET_UINT32_LE( input, 0 ); t.X[0] ^= *RK++; - t.X[1] = MBEDTLS_GET_UINT32_LE( input, 4 ); t.X[1] ^= *RK++; - t.X[2] = MBEDTLS_GET_UINT32_LE( input, 8 ); t.X[2] ^= *RK++; - t.X[3] = MBEDTLS_GET_UINT32_LE( input, 12 ); t.X[3] ^= *RK++; + t.X[0] = MBEDTLS_GET_UINT32_LE(input, 0); t.X[0] ^= *RK++; + t.X[1] = MBEDTLS_GET_UINT32_LE(input, 4); t.X[1] ^= *RK++; + t.X[2] = MBEDTLS_GET_UINT32_LE(input, 8); t.X[2] ^= *RK++; + t.X[3] = MBEDTLS_GET_UINT32_LE(input, 12); t.X[3] ^= *RK++; - for( i = ( ctx->nr >> 1 ) - 1; i > 0; i-- ) - { - AES_FROUND( t.Y[0], t.Y[1], t.Y[2], t.Y[3], t.X[0], t.X[1], t.X[2], t.X[3] ); - AES_FROUND( t.X[0], t.X[1], t.X[2], t.X[3], t.Y[0], t.Y[1], t.Y[2], t.Y[3] ); + for (i = (ctx->nr >> 1) - 1; i > 0; i--) { + AES_FROUND(t.Y[0], t.Y[1], t.Y[2], t.Y[3], t.X[0], t.X[1], t.X[2], t.X[3]); + AES_FROUND(t.X[0], t.X[1], t.X[2], t.X[3], t.Y[0], t.Y[1], t.Y[2], t.Y[3]); } - AES_FROUND( t.Y[0], t.Y[1], t.Y[2], t.Y[3], t.X[0], t.X[1], t.X[2], t.X[3] ); + AES_FROUND(t.Y[0], t.Y[1], t.Y[2], t.Y[3], t.X[0], t.X[1], t.X[2], t.X[3]); t.X[0] = *RK++ ^ \ - ( (uint32_t) FSb[ MBEDTLS_BYTE_0( t.Y[0] ) ] ) ^ - ( (uint32_t) FSb[ MBEDTLS_BYTE_1( t.Y[1] ) ] << 8 ) ^ - ( (uint32_t) FSb[ MBEDTLS_BYTE_2( t.Y[2] ) ] << 16 ) ^ - ( (uint32_t) FSb[ MBEDTLS_BYTE_3( t.Y[3] ) ] << 24 ); + ((uint32_t) FSb[MBEDTLS_BYTE_0(t.Y[0])]) ^ + ((uint32_t) FSb[MBEDTLS_BYTE_1(t.Y[1])] << 8) ^ + ((uint32_t) FSb[MBEDTLS_BYTE_2(t.Y[2])] << 16) ^ + ((uint32_t) FSb[MBEDTLS_BYTE_3(t.Y[3])] << 24); t.X[1] = *RK++ ^ \ - ( (uint32_t) FSb[ MBEDTLS_BYTE_0( t.Y[1] ) ] ) ^ - ( (uint32_t) FSb[ MBEDTLS_BYTE_1( t.Y[2] ) ] << 8 ) ^ - ( (uint32_t) FSb[ MBEDTLS_BYTE_2( t.Y[3] ) ] << 16 ) ^ - ( (uint32_t) FSb[ MBEDTLS_BYTE_3( t.Y[0] ) ] << 24 ); + ((uint32_t) FSb[MBEDTLS_BYTE_0(t.Y[1])]) ^ + ((uint32_t) FSb[MBEDTLS_BYTE_1(t.Y[2])] << 8) ^ + ((uint32_t) FSb[MBEDTLS_BYTE_2(t.Y[3])] << 16) ^ + ((uint32_t) FSb[MBEDTLS_BYTE_3(t.Y[0])] << 24); t.X[2] = *RK++ ^ \ - ( (uint32_t) FSb[ MBEDTLS_BYTE_0( t.Y[2] ) ] ) ^ - ( (uint32_t) FSb[ MBEDTLS_BYTE_1( t.Y[3] ) ] << 8 ) ^ - ( (uint32_t) FSb[ MBEDTLS_BYTE_2( t.Y[0] ) ] << 16 ) ^ - ( (uint32_t) FSb[ MBEDTLS_BYTE_3( t.Y[1] ) ] << 24 ); + ((uint32_t) FSb[MBEDTLS_BYTE_0(t.Y[2])]) ^ + ((uint32_t) FSb[MBEDTLS_BYTE_1(t.Y[3])] << 8) ^ + ((uint32_t) FSb[MBEDTLS_BYTE_2(t.Y[0])] << 16) ^ + ((uint32_t) FSb[MBEDTLS_BYTE_3(t.Y[1])] << 24); t.X[3] = *RK++ ^ \ - ( (uint32_t) FSb[ MBEDTLS_BYTE_0( t.Y[3] ) ] ) ^ - ( (uint32_t) FSb[ MBEDTLS_BYTE_1( t.Y[0] ) ] << 8 ) ^ - ( (uint32_t) FSb[ MBEDTLS_BYTE_2( t.Y[1] ) ] << 16 ) ^ - ( (uint32_t) FSb[ MBEDTLS_BYTE_3( t.Y[2] ) ] << 24 ); + ((uint32_t) FSb[MBEDTLS_BYTE_0(t.Y[3])]) ^ + ((uint32_t) FSb[MBEDTLS_BYTE_1(t.Y[0])] << 8) ^ + ((uint32_t) FSb[MBEDTLS_BYTE_2(t.Y[1])] << 16) ^ + ((uint32_t) FSb[MBEDTLS_BYTE_3(t.Y[2])] << 24); - MBEDTLS_PUT_UINT32_LE( t.X[0], output, 0 ); - MBEDTLS_PUT_UINT32_LE( t.X[1], output, 4 ); - MBEDTLS_PUT_UINT32_LE( t.X[2], output, 8 ); - MBEDTLS_PUT_UINT32_LE( t.X[3], output, 12 ); + MBEDTLS_PUT_UINT32_LE(t.X[0], output, 0); + MBEDTLS_PUT_UINT32_LE(t.X[1], output, 4); + MBEDTLS_PUT_UINT32_LE(t.X[2], output, 8); + MBEDTLS_PUT_UINT32_LE(t.X[3], output, 12); - mbedtls_platform_zeroize( &t, sizeof( t ) ); + mbedtls_platform_zeroize(&t, sizeof(t)); - return( 0 ); + return 0; } #endif /* !MBEDTLS_AES_ENCRYPT_ALT */ #if !defined(MBEDTLS_DEPRECATED_REMOVED) -void mbedtls_aes_encrypt( mbedtls_aes_context *ctx, - const unsigned char input[16], - unsigned char output[16] ) +void mbedtls_aes_encrypt(mbedtls_aes_context *ctx, + const unsigned char input[16], + unsigned char output[16]) { - MBEDTLS_IGNORE_RETURN( mbedtls_internal_aes_encrypt( ctx, input, output ) ); + MBEDTLS_IGNORE_RETURN(mbedtls_internal_aes_encrypt(ctx, input, output)); } #endif /* !MBEDTLS_DEPRECATED_REMOVED */ @@ -904,142 +925,165 @@ void mbedtls_aes_encrypt( mbedtls_aes_context *ctx, * AES-ECB block decryption */ #if !defined(MBEDTLS_AES_DECRYPT_ALT) -int mbedtls_internal_aes_decrypt( mbedtls_aes_context *ctx, - const unsigned char input[16], - unsigned char output[16] ) +int mbedtls_internal_aes_decrypt(mbedtls_aes_context *ctx, + const unsigned char input[16], + unsigned char output[16]) { int i; uint32_t *RK = ctx->rk; - struct - { + struct { uint32_t X[4]; uint32_t Y[4]; } t; - t.X[0] = MBEDTLS_GET_UINT32_LE( input, 0 ); t.X[0] ^= *RK++; - t.X[1] = MBEDTLS_GET_UINT32_LE( input, 4 ); t.X[1] ^= *RK++; - t.X[2] = MBEDTLS_GET_UINT32_LE( input, 8 ); t.X[2] ^= *RK++; - t.X[3] = MBEDTLS_GET_UINT32_LE( input, 12 ); t.X[3] ^= *RK++; + t.X[0] = MBEDTLS_GET_UINT32_LE(input, 0); t.X[0] ^= *RK++; + t.X[1] = MBEDTLS_GET_UINT32_LE(input, 4); t.X[1] ^= *RK++; + t.X[2] = MBEDTLS_GET_UINT32_LE(input, 8); t.X[2] ^= *RK++; + t.X[3] = MBEDTLS_GET_UINT32_LE(input, 12); t.X[3] ^= *RK++; - for( i = ( ctx->nr >> 1 ) - 1; i > 0; i-- ) - { - AES_RROUND( t.Y[0], t.Y[1], t.Y[2], t.Y[3], t.X[0], t.X[1], t.X[2], t.X[3] ); - AES_RROUND( t.X[0], t.X[1], t.X[2], t.X[3], t.Y[0], t.Y[1], t.Y[2], t.Y[3] ); + for (i = (ctx->nr >> 1) - 1; i > 0; i--) { + AES_RROUND(t.Y[0], t.Y[1], t.Y[2], t.Y[3], t.X[0], t.X[1], t.X[2], t.X[3]); + AES_RROUND(t.X[0], t.X[1], t.X[2], t.X[3], t.Y[0], t.Y[1], t.Y[2], t.Y[3]); } - AES_RROUND( t.Y[0], t.Y[1], t.Y[2], t.Y[3], t.X[0], t.X[1], t.X[2], t.X[3] ); + AES_RROUND(t.Y[0], t.Y[1], t.Y[2], t.Y[3], t.X[0], t.X[1], t.X[2], t.X[3]); t.X[0] = *RK++ ^ \ - ( (uint32_t) RSb[ MBEDTLS_BYTE_0( t.Y[0] ) ] ) ^ - ( (uint32_t) RSb[ MBEDTLS_BYTE_1( t.Y[3] ) ] << 8 ) ^ - ( (uint32_t) RSb[ MBEDTLS_BYTE_2( t.Y[2] ) ] << 16 ) ^ - ( (uint32_t) RSb[ MBEDTLS_BYTE_3( t.Y[1] ) ] << 24 ); + ((uint32_t) RSb[MBEDTLS_BYTE_0(t.Y[0])]) ^ + ((uint32_t) RSb[MBEDTLS_BYTE_1(t.Y[3])] << 8) ^ + ((uint32_t) RSb[MBEDTLS_BYTE_2(t.Y[2])] << 16) ^ + ((uint32_t) RSb[MBEDTLS_BYTE_3(t.Y[1])] << 24); t.X[1] = *RK++ ^ \ - ( (uint32_t) RSb[ MBEDTLS_BYTE_0( t.Y[1] ) ] ) ^ - ( (uint32_t) RSb[ MBEDTLS_BYTE_1( t.Y[0] ) ] << 8 ) ^ - ( (uint32_t) RSb[ MBEDTLS_BYTE_2( t.Y[3] ) ] << 16 ) ^ - ( (uint32_t) RSb[ MBEDTLS_BYTE_3( t.Y[2] ) ] << 24 ); + ((uint32_t) RSb[MBEDTLS_BYTE_0(t.Y[1])]) ^ + ((uint32_t) RSb[MBEDTLS_BYTE_1(t.Y[0])] << 8) ^ + ((uint32_t) RSb[MBEDTLS_BYTE_2(t.Y[3])] << 16) ^ + ((uint32_t) RSb[MBEDTLS_BYTE_3(t.Y[2])] << 24); t.X[2] = *RK++ ^ \ - ( (uint32_t) RSb[ MBEDTLS_BYTE_0( t.Y[2] ) ] ) ^ - ( (uint32_t) RSb[ MBEDTLS_BYTE_1( t.Y[1] ) ] << 8 ) ^ - ( (uint32_t) RSb[ MBEDTLS_BYTE_2( t.Y[0] ) ] << 16 ) ^ - ( (uint32_t) RSb[ MBEDTLS_BYTE_3( t.Y[3] ) ] << 24 ); + ((uint32_t) RSb[MBEDTLS_BYTE_0(t.Y[2])]) ^ + ((uint32_t) RSb[MBEDTLS_BYTE_1(t.Y[1])] << 8) ^ + ((uint32_t) RSb[MBEDTLS_BYTE_2(t.Y[0])] << 16) ^ + ((uint32_t) RSb[MBEDTLS_BYTE_3(t.Y[3])] << 24); t.X[3] = *RK++ ^ \ - ( (uint32_t) RSb[ MBEDTLS_BYTE_0( t.Y[3] ) ] ) ^ - ( (uint32_t) RSb[ MBEDTLS_BYTE_1( t.Y[2] ) ] << 8 ) ^ - ( (uint32_t) RSb[ MBEDTLS_BYTE_2( t.Y[1] ) ] << 16 ) ^ - ( (uint32_t) RSb[ MBEDTLS_BYTE_3( t.Y[0] ) ] << 24 ); + ((uint32_t) RSb[MBEDTLS_BYTE_0(t.Y[3])]) ^ + ((uint32_t) RSb[MBEDTLS_BYTE_1(t.Y[2])] << 8) ^ + ((uint32_t) RSb[MBEDTLS_BYTE_2(t.Y[1])] << 16) ^ + ((uint32_t) RSb[MBEDTLS_BYTE_3(t.Y[0])] << 24); - MBEDTLS_PUT_UINT32_LE( t.X[0], output, 0 ); - MBEDTLS_PUT_UINT32_LE( t.X[1], output, 4 ); - MBEDTLS_PUT_UINT32_LE( t.X[2], output, 8 ); - MBEDTLS_PUT_UINT32_LE( t.X[3], output, 12 ); + MBEDTLS_PUT_UINT32_LE(t.X[0], output, 0); + MBEDTLS_PUT_UINT32_LE(t.X[1], output, 4); + MBEDTLS_PUT_UINT32_LE(t.X[2], output, 8); + MBEDTLS_PUT_UINT32_LE(t.X[3], output, 12); - mbedtls_platform_zeroize( &t, sizeof( t ) ); + mbedtls_platform_zeroize(&t, sizeof(t)); - return( 0 ); + return 0; } #endif /* !MBEDTLS_AES_DECRYPT_ALT */ #if !defined(MBEDTLS_DEPRECATED_REMOVED) -void mbedtls_aes_decrypt( mbedtls_aes_context *ctx, - const unsigned char input[16], - unsigned char output[16] ) +void mbedtls_aes_decrypt(mbedtls_aes_context *ctx, + const unsigned char input[16], + unsigned char output[16]) { - MBEDTLS_IGNORE_RETURN( mbedtls_internal_aes_decrypt( ctx, input, output ) ); + MBEDTLS_IGNORE_RETURN(mbedtls_internal_aes_decrypt(ctx, input, output)); } #endif /* !MBEDTLS_DEPRECATED_REMOVED */ +#if defined(MAY_NEED_TO_ALIGN) +/* VIA Padlock and our intrinsics-based implementation of AESNI require + * the round keys to be aligned on a 16-byte boundary. We take care of this + * before creating them, but the AES context may have moved (this can happen + * if the library is called from a language with managed memory), and in later + * calls it might have a different alignment with respect to 16-byte memory. + * So we may need to realign. + * NOTE: In the LTS branch, the context contains a pointer to within itself, + * so if it has been moved, things will probably go pear-shaped. We keep this + * code for compatibility with the development branch, in case of future changes. + */ +static void aes_maybe_realign(mbedtls_aes_context *ctx) +{ + unsigned current_offset = (unsigned) (ctx->rk - ctx->buf); + unsigned new_offset = mbedtls_aes_rk_offset(ctx->buf); + if (new_offset != current_offset) { + memmove(ctx->buf + new_offset, // new address + ctx->buf + current_offset, // current address + (ctx->nr + 1) * 16); // number of round keys * bytes per rk + ctx->rk = ctx->buf + new_offset; + } +} +#endif + /* * AES-ECB block encryption/decryption */ -int mbedtls_aes_crypt_ecb( mbedtls_aes_context *ctx, - int mode, - const unsigned char input[16], - unsigned char output[16] ) +int mbedtls_aes_crypt_ecb(mbedtls_aes_context *ctx, + int mode, + const unsigned char input[16], + unsigned char output[16]) { - AES_VALIDATE_RET( ctx != NULL ); - AES_VALIDATE_RET( input != NULL ); - AES_VALIDATE_RET( output != NULL ); - AES_VALIDATE_RET( mode == MBEDTLS_AES_ENCRYPT || - mode == MBEDTLS_AES_DECRYPT ); - -#if defined(MBEDTLS_AESNI_C) && defined(MBEDTLS_HAVE_X86_64) - if( mbedtls_aesni_has_support( MBEDTLS_AESNI_AES ) ) - return( mbedtls_aesni_crypt_ecb( ctx, mode, input, output ) ); + AES_VALIDATE_RET(ctx != NULL); + AES_VALIDATE_RET(input != NULL); + AES_VALIDATE_RET(output != NULL); + AES_VALIDATE_RET(mode == MBEDTLS_AES_ENCRYPT || + mode == MBEDTLS_AES_DECRYPT); + +#if defined(MAY_NEED_TO_ALIGN) + aes_maybe_realign(ctx); #endif -#if defined(MBEDTLS_PADLOCK_C) && defined(MBEDTLS_HAVE_X86) - if( aes_padlock_ace ) - { - if( mbedtls_padlock_xcryptecb( ctx, mode, input, output ) == 0 ) - return( 0 ); +#if defined(MBEDTLS_AESNI_HAVE_CODE) + if (mbedtls_aesni_has_support(MBEDTLS_AESNI_AES)) { + return mbedtls_aesni_crypt_ecb(ctx, mode, input, output); + } +#endif - // If padlock data misaligned, we just fall back to - // unaccelerated mode - // +#if defined(MBEDTLS_PADLOCK_C) && defined(MBEDTLS_HAVE_X86) + if (aes_padlock_ace) { + return mbedtls_padlock_xcryptecb(ctx, mode, input, output); } #endif - if( mode == MBEDTLS_AES_ENCRYPT ) - return( mbedtls_internal_aes_encrypt( ctx, input, output ) ); - else - return( mbedtls_internal_aes_decrypt( ctx, input, output ) ); + if (mode == MBEDTLS_AES_ENCRYPT) { + return mbedtls_internal_aes_encrypt(ctx, input, output); + } else { + return mbedtls_internal_aes_decrypt(ctx, input, output); + } } #if defined(MBEDTLS_CIPHER_MODE_CBC) /* * AES-CBC buffer encryption/decryption */ -int mbedtls_aes_crypt_cbc( mbedtls_aes_context *ctx, - int mode, - size_t length, - unsigned char iv[16], - const unsigned char *input, - unsigned char *output ) +int mbedtls_aes_crypt_cbc(mbedtls_aes_context *ctx, + int mode, + size_t length, + unsigned char iv[16], + const unsigned char *input, + unsigned char *output) { int i; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char temp[16]; - AES_VALIDATE_RET( ctx != NULL ); - AES_VALIDATE_RET( mode == MBEDTLS_AES_ENCRYPT || - mode == MBEDTLS_AES_DECRYPT ); - AES_VALIDATE_RET( iv != NULL ); - AES_VALIDATE_RET( input != NULL ); - AES_VALIDATE_RET( output != NULL ); + AES_VALIDATE_RET(ctx != NULL); + AES_VALIDATE_RET(mode == MBEDTLS_AES_ENCRYPT || + mode == MBEDTLS_AES_DECRYPT); + AES_VALIDATE_RET(iv != NULL); + AES_VALIDATE_RET(input != NULL); + AES_VALIDATE_RET(output != NULL); - if( length % 16 ) - return( MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH ); + if (length % 16) { + return MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH; + } #if defined(MBEDTLS_PADLOCK_C) && defined(MBEDTLS_HAVE_X86) - if( aes_padlock_ace ) - { - if( mbedtls_padlock_xcryptcbc( ctx, mode, length, iv, input, output ) == 0 ) - return( 0 ); + if (aes_padlock_ace) { + if (mbedtls_padlock_xcryptcbc(ctx, mode, length, iv, input, output) == 0) { + return 0; + } // If padlock data misaligned, we just fall back to // unaccelerated mode @@ -1047,36 +1091,35 @@ int mbedtls_aes_crypt_cbc( mbedtls_aes_context *ctx, } #endif - if( mode == MBEDTLS_AES_DECRYPT ) - { - while( length > 0 ) - { - memcpy( temp, input, 16 ); - ret = mbedtls_aes_crypt_ecb( ctx, mode, input, output ); - if( ret != 0 ) + if (mode == MBEDTLS_AES_DECRYPT) { + while (length > 0) { + memcpy(temp, input, 16); + ret = mbedtls_aes_crypt_ecb(ctx, mode, input, output); + if (ret != 0) { goto exit; + } - for( i = 0; i < 16; i++ ) - output[i] = (unsigned char)( output[i] ^ iv[i] ); + for (i = 0; i < 16; i++) { + output[i] = (unsigned char) (output[i] ^ iv[i]); + } - memcpy( iv, temp, 16 ); + memcpy(iv, temp, 16); input += 16; output += 16; length -= 16; } - } - else - { - while( length > 0 ) - { - for( i = 0; i < 16; i++ ) - output[i] = (unsigned char)( input[i] ^ iv[i] ); + } else { + while (length > 0) { + for (i = 0; i < 16; i++) { + output[i] = (unsigned char) (input[i] ^ iv[i]); + } - ret = mbedtls_aes_crypt_ecb( ctx, mode, output, output ); - if( ret != 0 ) + ret = mbedtls_aes_crypt_ecb(ctx, mode, output, output); + if (ret != 0) { goto exit; - memcpy( iv, output, 16 ); + } + memcpy(iv, output, 16); input += 16; output += 16; @@ -1086,7 +1129,7 @@ int mbedtls_aes_crypt_cbc( mbedtls_aes_context *ctx, ret = 0; exit: - return( ret ); + return ret; } #endif /* MBEDTLS_CIPHER_MODE_CBC */ @@ -1102,30 +1145,30 @@ typedef unsigned char mbedtls_be128[16]; * for machine endianness and hence works correctly on both big and little * endian machines. */ -static void mbedtls_gf128mul_x_ble( unsigned char r[16], - const unsigned char x[16] ) +static void mbedtls_gf128mul_x_ble(unsigned char r[16], + const unsigned char x[16]) { uint64_t a, b, ra, rb; - a = MBEDTLS_GET_UINT64_LE( x, 0 ); - b = MBEDTLS_GET_UINT64_LE( x, 8 ); + a = MBEDTLS_GET_UINT64_LE(x, 0); + b = MBEDTLS_GET_UINT64_LE(x, 8); - ra = ( a << 1 ) ^ 0x0087 >> ( 8 - ( ( b >> 63 ) << 3 ) ); - rb = ( a >> 63 ) | ( b << 1 ); + ra = (a << 1) ^ 0x0087 >> (8 - ((b >> 63) << 3)); + rb = (a >> 63) | (b << 1); - MBEDTLS_PUT_UINT64_LE( ra, r, 0 ); - MBEDTLS_PUT_UINT64_LE( rb, r, 8 ); + MBEDTLS_PUT_UINT64_LE(ra, r, 0); + MBEDTLS_PUT_UINT64_LE(rb, r, 8); } /* * AES-XTS buffer encryption/decryption */ -int mbedtls_aes_crypt_xts( mbedtls_aes_xts_context *ctx, - int mode, - size_t length, - const unsigned char data_unit[16], - const unsigned char *input, - unsigned char *output ) +int mbedtls_aes_crypt_xts(mbedtls_aes_xts_context *ctx, + int mode, + size_t length, + const unsigned char data_unit[16], + const unsigned char *input, + unsigned char *output) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t blocks = length / 16; @@ -1134,61 +1177,64 @@ int mbedtls_aes_crypt_xts( mbedtls_aes_xts_context *ctx, unsigned char prev_tweak[16]; unsigned char tmp[16]; - AES_VALIDATE_RET( ctx != NULL ); - AES_VALIDATE_RET( mode == MBEDTLS_AES_ENCRYPT || - mode == MBEDTLS_AES_DECRYPT ); - AES_VALIDATE_RET( data_unit != NULL ); - AES_VALIDATE_RET( input != NULL ); - AES_VALIDATE_RET( output != NULL ); + AES_VALIDATE_RET(ctx != NULL); + AES_VALIDATE_RET(mode == MBEDTLS_AES_ENCRYPT || + mode == MBEDTLS_AES_DECRYPT); + AES_VALIDATE_RET(data_unit != NULL); + AES_VALIDATE_RET(input != NULL); + AES_VALIDATE_RET(output != NULL); /* Data units must be at least 16 bytes long. */ - if( length < 16 ) + if (length < 16) { return MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH; + } /* NIST SP 800-38E disallows data units larger than 2**20 blocks. */ - if( length > ( 1 << 20 ) * 16 ) + if (length > (1 << 20) * 16) { return MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH; + } /* Compute the tweak. */ - ret = mbedtls_aes_crypt_ecb( &ctx->tweak, MBEDTLS_AES_ENCRYPT, - data_unit, tweak ); - if( ret != 0 ) - return( ret ); + ret = mbedtls_aes_crypt_ecb(&ctx->tweak, MBEDTLS_AES_ENCRYPT, + data_unit, tweak); + if (ret != 0) { + return ret; + } - while( blocks-- ) - { + while (blocks--) { size_t i; - if( leftover && ( mode == MBEDTLS_AES_DECRYPT ) && blocks == 0 ) - { + if (leftover && (mode == MBEDTLS_AES_DECRYPT) && blocks == 0) { /* We are on the last block in a decrypt operation that has * leftover bytes, so we need to use the next tweak for this block, * and this tweak for the leftover bytes. Save the current tweak for * the leftovers and then update the current tweak for use on this, * the last full block. */ - memcpy( prev_tweak, tweak, sizeof( tweak ) ); - mbedtls_gf128mul_x_ble( tweak, tweak ); + memcpy(prev_tweak, tweak, sizeof(tweak)); + mbedtls_gf128mul_x_ble(tweak, tweak); } - for( i = 0; i < 16; i++ ) + for (i = 0; i < 16; i++) { tmp[i] = input[i] ^ tweak[i]; + } - ret = mbedtls_aes_crypt_ecb( &ctx->crypt, mode, tmp, tmp ); - if( ret != 0 ) - return( ret ); + ret = mbedtls_aes_crypt_ecb(&ctx->crypt, mode, tmp, tmp); + if (ret != 0) { + return ret; + } - for( i = 0; i < 16; i++ ) + for (i = 0; i < 16; i++) { output[i] = tmp[i] ^ tweak[i]; + } /* Update the tweak for the next block. */ - mbedtls_gf128mul_x_ble( tweak, tweak ); + mbedtls_gf128mul_x_ble(tweak, tweak); output += 16; input += 16; } - if( leftover ) - { + if (leftover) { /* If we are on the leftover bytes in a decrypt operation, we need to * use the previous tweak for these bytes (as saved in prev_tweak). */ unsigned char *t = mode == MBEDTLS_AES_DECRYPT ? prev_tweak : tweak; @@ -1202,28 +1248,30 @@ int mbedtls_aes_crypt_xts( mbedtls_aes_xts_context *ctx, * byte of ciphertext we won't steal. At the same time, copy the * remainder of the input for this final round (since the loop bounds * are the same). */ - for( i = 0; i < leftover; i++ ) - { + for (i = 0; i < leftover; i++) { output[i] = prev_output[i]; tmp[i] = input[i] ^ t[i]; } /* Copy ciphertext bytes from the previous block for input in this * round. */ - for( ; i < 16; i++ ) + for (; i < 16; i++) { tmp[i] = prev_output[i] ^ t[i]; + } - ret = mbedtls_aes_crypt_ecb( &ctx->crypt, mode, tmp, tmp ); - if( ret != 0 ) + ret = mbedtls_aes_crypt_ecb(&ctx->crypt, mode, tmp, tmp); + if (ret != 0) { return ret; + } /* Write the result back to the previous block, overriding the previous * output we copied. */ - for( i = 0; i < 16; i++ ) + for (i = 0; i < 16; i++) { prev_output[i] = tmp[i] ^ t[i]; + } } - return( 0 ); + return 0; } #endif /* MBEDTLS_CIPHER_MODE_XTS */ @@ -1231,63 +1279,59 @@ int mbedtls_aes_crypt_xts( mbedtls_aes_xts_context *ctx, /* * AES-CFB128 buffer encryption/decryption */ -int mbedtls_aes_crypt_cfb128( mbedtls_aes_context *ctx, - int mode, - size_t length, - size_t *iv_off, - unsigned char iv[16], - const unsigned char *input, - unsigned char *output ) +int mbedtls_aes_crypt_cfb128(mbedtls_aes_context *ctx, + int mode, + size_t length, + size_t *iv_off, + unsigned char iv[16], + const unsigned char *input, + unsigned char *output) { int c; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t n; - AES_VALIDATE_RET( ctx != NULL ); - AES_VALIDATE_RET( mode == MBEDTLS_AES_ENCRYPT || - mode == MBEDTLS_AES_DECRYPT ); - AES_VALIDATE_RET( iv_off != NULL ); - AES_VALIDATE_RET( iv != NULL ); - AES_VALIDATE_RET( input != NULL ); - AES_VALIDATE_RET( output != NULL ); + AES_VALIDATE_RET(ctx != NULL); + AES_VALIDATE_RET(mode == MBEDTLS_AES_ENCRYPT || + mode == MBEDTLS_AES_DECRYPT); + AES_VALIDATE_RET(iv_off != NULL); + AES_VALIDATE_RET(iv != NULL); + AES_VALIDATE_RET(input != NULL); + AES_VALIDATE_RET(output != NULL); n = *iv_off; - if( n > 15 ) - return( MBEDTLS_ERR_AES_BAD_INPUT_DATA ); + if (n > 15) { + return MBEDTLS_ERR_AES_BAD_INPUT_DATA; + } - if( mode == MBEDTLS_AES_DECRYPT ) - { - while( length-- ) - { - if( n == 0 ) - { - ret = mbedtls_aes_crypt_ecb( ctx, MBEDTLS_AES_ENCRYPT, iv, iv ); - if( ret != 0 ) + if (mode == MBEDTLS_AES_DECRYPT) { + while (length--) { + if (n == 0) { + ret = mbedtls_aes_crypt_ecb(ctx, MBEDTLS_AES_ENCRYPT, iv, iv); + if (ret != 0) { goto exit; + } } c = *input++; - *output++ = (unsigned char)( c ^ iv[n] ); + *output++ = (unsigned char) (c ^ iv[n]); iv[n] = (unsigned char) c; - n = ( n + 1 ) & 0x0F; + n = (n + 1) & 0x0F; } - } - else - { - while( length-- ) - { - if( n == 0 ) - { - ret = mbedtls_aes_crypt_ecb( ctx, MBEDTLS_AES_ENCRYPT, iv, iv ); - if( ret != 0 ) + } else { + while (length--) { + if (n == 0) { + ret = mbedtls_aes_crypt_ecb(ctx, MBEDTLS_AES_ENCRYPT, iv, iv); + if (ret != 0) { goto exit; + } } - iv[n] = *output++ = (unsigned char)( iv[n] ^ *input++ ); + iv[n] = *output++ = (unsigned char) (iv[n] ^ *input++); - n = ( n + 1 ) & 0x0F; + n = (n + 1) & 0x0F; } } @@ -1295,50 +1339,52 @@ int mbedtls_aes_crypt_cfb128( mbedtls_aes_context *ctx, ret = 0; exit: - return( ret ); + return ret; } /* * AES-CFB8 buffer encryption/decryption */ -int mbedtls_aes_crypt_cfb8( mbedtls_aes_context *ctx, - int mode, - size_t length, - unsigned char iv[16], - const unsigned char *input, - unsigned char *output ) +int mbedtls_aes_crypt_cfb8(mbedtls_aes_context *ctx, + int mode, + size_t length, + unsigned char iv[16], + const unsigned char *input, + unsigned char *output) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char c; unsigned char ov[17]; - AES_VALIDATE_RET( ctx != NULL ); - AES_VALIDATE_RET( mode == MBEDTLS_AES_ENCRYPT || - mode == MBEDTLS_AES_DECRYPT ); - AES_VALIDATE_RET( iv != NULL ); - AES_VALIDATE_RET( input != NULL ); - AES_VALIDATE_RET( output != NULL ); - while( length-- ) - { - memcpy( ov, iv, 16 ); - ret = mbedtls_aes_crypt_ecb( ctx, MBEDTLS_AES_ENCRYPT, iv, iv ); - if( ret != 0 ) + AES_VALIDATE_RET(ctx != NULL); + AES_VALIDATE_RET(mode == MBEDTLS_AES_ENCRYPT || + mode == MBEDTLS_AES_DECRYPT); + AES_VALIDATE_RET(iv != NULL); + AES_VALIDATE_RET(input != NULL); + AES_VALIDATE_RET(output != NULL); + while (length--) { + memcpy(ov, iv, 16); + ret = mbedtls_aes_crypt_ecb(ctx, MBEDTLS_AES_ENCRYPT, iv, iv); + if (ret != 0) { goto exit; + } - if( mode == MBEDTLS_AES_DECRYPT ) + if (mode == MBEDTLS_AES_DECRYPT) { ov[16] = *input; + } - c = *output++ = (unsigned char)( iv[0] ^ *input++ ); + c = *output++ = (unsigned char) (iv[0] ^ *input++); - if( mode == MBEDTLS_AES_ENCRYPT ) + if (mode == MBEDTLS_AES_ENCRYPT) { ov[16] = c; + } - memcpy( iv, ov + 1, 16 ); + memcpy(iv, ov + 1, 16); } ret = 0; exit: - return( ret ); + return ret; } #endif /* MBEDTLS_CIPHER_MODE_CFB */ @@ -1346,44 +1392,44 @@ exit: /* * AES-OFB (Output Feedback Mode) buffer encryption/decryption */ -int mbedtls_aes_crypt_ofb( mbedtls_aes_context *ctx, - size_t length, - size_t *iv_off, - unsigned char iv[16], - const unsigned char *input, - unsigned char *output ) +int mbedtls_aes_crypt_ofb(mbedtls_aes_context *ctx, + size_t length, + size_t *iv_off, + unsigned char iv[16], + const unsigned char *input, + unsigned char *output) { int ret = 0; size_t n; - AES_VALIDATE_RET( ctx != NULL ); - AES_VALIDATE_RET( iv_off != NULL ); - AES_VALIDATE_RET( iv != NULL ); - AES_VALIDATE_RET( input != NULL ); - AES_VALIDATE_RET( output != NULL ); + AES_VALIDATE_RET(ctx != NULL); + AES_VALIDATE_RET(iv_off != NULL); + AES_VALIDATE_RET(iv != NULL); + AES_VALIDATE_RET(input != NULL); + AES_VALIDATE_RET(output != NULL); n = *iv_off; - if( n > 15 ) - return( MBEDTLS_ERR_AES_BAD_INPUT_DATA ); + if (n > 15) { + return MBEDTLS_ERR_AES_BAD_INPUT_DATA; + } - while( length-- ) - { - if( n == 0 ) - { - ret = mbedtls_aes_crypt_ecb( ctx, MBEDTLS_AES_ENCRYPT, iv, iv ); - if( ret != 0 ) + while (length--) { + if (n == 0) { + ret = mbedtls_aes_crypt_ecb(ctx, MBEDTLS_AES_ENCRYPT, iv, iv); + if (ret != 0) { goto exit; + } } *output++ = *input++ ^ iv[n]; - n = ( n + 1 ) & 0x0F; + n = (n + 1) & 0x0F; } *iv_off = n; exit: - return( ret ); + return ret; } #endif /* MBEDTLS_CIPHER_MODE_OFB */ @@ -1391,52 +1437,55 @@ exit: /* * AES-CTR buffer encryption/decryption */ -int mbedtls_aes_crypt_ctr( mbedtls_aes_context *ctx, - size_t length, - size_t *nc_off, - unsigned char nonce_counter[16], - unsigned char stream_block[16], - const unsigned char *input, - unsigned char *output ) +int mbedtls_aes_crypt_ctr(mbedtls_aes_context *ctx, + size_t length, + size_t *nc_off, + unsigned char nonce_counter[16], + unsigned char stream_block[16], + const unsigned char *input, + unsigned char *output) { int c, i; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t n; - AES_VALIDATE_RET( ctx != NULL ); - AES_VALIDATE_RET( nc_off != NULL ); - AES_VALIDATE_RET( nonce_counter != NULL ); - AES_VALIDATE_RET( stream_block != NULL ); - AES_VALIDATE_RET( input != NULL ); - AES_VALIDATE_RET( output != NULL ); + AES_VALIDATE_RET(ctx != NULL); + AES_VALIDATE_RET(nc_off != NULL); + AES_VALIDATE_RET(nonce_counter != NULL); + AES_VALIDATE_RET(stream_block != NULL); + AES_VALIDATE_RET(input != NULL); + AES_VALIDATE_RET(output != NULL); n = *nc_off; - if ( n > 0x0F ) - return( MBEDTLS_ERR_AES_BAD_INPUT_DATA ); + if (n > 0x0F) { + return MBEDTLS_ERR_AES_BAD_INPUT_DATA; + } - while( length-- ) - { - if( n == 0 ) { - ret = mbedtls_aes_crypt_ecb( ctx, MBEDTLS_AES_ENCRYPT, nonce_counter, stream_block ); - if( ret != 0 ) + while (length--) { + if (n == 0) { + ret = mbedtls_aes_crypt_ecb(ctx, MBEDTLS_AES_ENCRYPT, nonce_counter, stream_block); + if (ret != 0) { goto exit; + } - for( i = 16; i > 0; i-- ) - if( ++nonce_counter[i - 1] != 0 ) + for (i = 16; i > 0; i--) { + if (++nonce_counter[i - 1] != 0) { break; + } + } } c = *input++; - *output++ = (unsigned char)( c ^ stream_block[n] ); + *output++ = (unsigned char) (c ^ stream_block[n]); - n = ( n + 1 ) & 0x0F; + n = (n + 1) & 0x0F; } *nc_off = n; ret = 0; exit: - return( ret ); + return ret; } #endif /* MBEDTLS_CIPHER_MODE_CTR */ @@ -1682,7 +1731,7 @@ static const unsigned char aes_test_ctr_ct[3][48] = }; static const int aes_test_ctr_len[3] = - { 16, 32, 36 }; +{ 16, 32, 36 }; #endif /* MBEDTLS_CIPHER_MODE_CTR */ #if defined(MBEDTLS_CIPHER_MODE_XTS) @@ -1743,12 +1792,12 @@ static const unsigned char aes_test_xts_ct32[][32] = static const unsigned char aes_test_xts_data_unit[][16] = { - { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, - { 0x33, 0x33, 0x33, 0x33, 0x33, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, - { 0x33, 0x33, 0x33, 0x33, 0x33, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, + { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, + { 0x33, 0x33, 0x33, 0x33, 0x33, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, + { 0x33, 0x33, 0x33, 0x33, 0x33, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, }; #endif /* MBEDTLS_CIPHER_MODE_XTS */ @@ -1756,7 +1805,7 @@ static const unsigned char aes_test_xts_data_unit[][16] = /* * Checkup routine */ -int mbedtls_aes_self_test( int verbose ) +int mbedtls_aes_self_test(int verbose) { int ret = 0, i, j, u, mode; unsigned int keybits; @@ -1783,32 +1832,55 @@ int mbedtls_aes_self_test( int verbose ) #endif mbedtls_aes_context ctx; - memset( key, 0, 32 ); - mbedtls_aes_init( &ctx ); + memset(key, 0, 32); + mbedtls_aes_init(&ctx); + + if (verbose != 0) { +#if defined(MBEDTLS_AES_ALT) + mbedtls_printf(" AES note: alternative implementation.\n"); +#else /* MBEDTLS_AES_ALT */ +#if defined(MBEDTLS_PADLOCK_C) && defined(MBEDTLS_HAVE_X86) + if (mbedtls_padlock_has_support(MBEDTLS_PADLOCK_ACE)) { + mbedtls_printf(" AES note: using VIA Padlock.\n"); + } else +#endif +#if defined(MBEDTLS_AESNI_HAVE_CODE) + if (mbedtls_aesni_has_support(MBEDTLS_AESNI_AES)) { + mbedtls_printf(" AES note: using AESNI via "); +#if MBEDTLS_AESNI_HAVE_CODE == 1 + mbedtls_printf("assembly"); +#elif MBEDTLS_AESNI_HAVE_CODE == 2 + mbedtls_printf("intrinsics"); +#else + mbedtls_printf("(unknown)"); +#endif + mbedtls_printf(".\n"); + } else +#endif + mbedtls_printf(" AES note: built-in implementation.\n"); +#endif /* MBEDTLS_AES_ALT */ + } /* * ECB mode */ - for( i = 0; i < 6; i++ ) - { + for (i = 0; i < 6; i++) { u = i >> 1; keybits = 128 + u * 64; mode = i & 1; - if( verbose != 0 ) - mbedtls_printf( " AES-ECB-%3u (%s): ", keybits, - ( mode == MBEDTLS_AES_DECRYPT ) ? "dec" : "enc" ); + if (verbose != 0) { + mbedtls_printf(" AES-ECB-%3u (%s): ", keybits, + (mode == MBEDTLS_AES_DECRYPT) ? "dec" : "enc"); + } - memset( buf, 0, 16 ); + memset(buf, 0, 16); - if( mode == MBEDTLS_AES_DECRYPT ) - { - ret = mbedtls_aes_setkey_dec( &ctx, key, keybits ); + if (mode == MBEDTLS_AES_DECRYPT) { + ret = mbedtls_aes_setkey_dec(&ctx, key, keybits); aes_tests = aes_test_ecb_dec[u]; - } - else - { - ret = mbedtls_aes_setkey_enc( &ctx, key, keybits ); + } else { + ret = mbedtls_aes_setkey_enc(&ctx, key, keybits); aes_tests = aes_test_ecb_enc[u]; } @@ -1817,62 +1889,57 @@ int mbedtls_aes_self_test( int verbose ) * there is an alternative underlying implementation i.e. when * MBEDTLS_AES_ALT is defined. */ - if( ret == MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED && keybits == 192 ) - { - mbedtls_printf( "skipped\n" ); + if (ret == MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED && keybits == 192) { + mbedtls_printf("skipped\n"); continue; - } - else if( ret != 0 ) - { + } else if (ret != 0) { goto exit; } - for( j = 0; j < 10000; j++ ) - { - ret = mbedtls_aes_crypt_ecb( &ctx, mode, buf, buf ); - if( ret != 0 ) + for (j = 0; j < 10000; j++) { + ret = mbedtls_aes_crypt_ecb(&ctx, mode, buf, buf); + if (ret != 0) { goto exit; + } } - if( memcmp( buf, aes_tests, 16 ) != 0 ) - { + if (memcmp(buf, aes_tests, 16) != 0) { ret = 1; goto exit; } - if( verbose != 0 ) - mbedtls_printf( "passed\n" ); + if (verbose != 0) { + mbedtls_printf("passed\n"); + } } - if( verbose != 0 ) - mbedtls_printf( "\n" ); + if (verbose != 0) { + mbedtls_printf("\n"); + } #if defined(MBEDTLS_CIPHER_MODE_CBC) /* * CBC mode */ - for( i = 0; i < 6; i++ ) - { + for (i = 0; i < 6; i++) { u = i >> 1; keybits = 128 + u * 64; mode = i & 1; - if( verbose != 0 ) - mbedtls_printf( " AES-CBC-%3u (%s): ", keybits, - ( mode == MBEDTLS_AES_DECRYPT ) ? "dec" : "enc" ); + if (verbose != 0) { + mbedtls_printf(" AES-CBC-%3u (%s): ", keybits, + (mode == MBEDTLS_AES_DECRYPT) ? "dec" : "enc"); + } - memset( iv , 0, 16 ); - memset( prv, 0, 16 ); - memset( buf, 0, 16 ); + memset(iv, 0, 16); + memset(prv, 0, 16); + memset(buf, 0, 16); - if( mode == MBEDTLS_AES_DECRYPT ) - { - ret = mbedtls_aes_setkey_dec( &ctx, key, keybits ); + if (mode == MBEDTLS_AES_DECRYPT) { + ret = mbedtls_aes_setkey_dec(&ctx, key, keybits); aes_tests = aes_test_cbc_dec[u]; - } - else - { - ret = mbedtls_aes_setkey_enc( &ctx, key, keybits ); + } else { + ret = mbedtls_aes_setkey_enc(&ctx, key, keybits); aes_tests = aes_test_cbc_enc[u]; } @@ -1881,301 +1948,292 @@ int mbedtls_aes_self_test( int verbose ) * there is an alternative underlying implementation i.e. when * MBEDTLS_AES_ALT is defined. */ - if( ret == MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED && keybits == 192 ) - { - mbedtls_printf( "skipped\n" ); + if (ret == MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED && keybits == 192) { + mbedtls_printf("skipped\n"); continue; - } - else if( ret != 0 ) - { + } else if (ret != 0) { goto exit; } - for( j = 0; j < 10000; j++ ) - { - if( mode == MBEDTLS_AES_ENCRYPT ) - { + for (j = 0; j < 10000; j++) { + if (mode == MBEDTLS_AES_ENCRYPT) { unsigned char tmp[16]; - memcpy( tmp, prv, 16 ); - memcpy( prv, buf, 16 ); - memcpy( buf, tmp, 16 ); + memcpy(tmp, prv, 16); + memcpy(prv, buf, 16); + memcpy(buf, tmp, 16); } - ret = mbedtls_aes_crypt_cbc( &ctx, mode, 16, iv, buf, buf ); - if( ret != 0 ) + ret = mbedtls_aes_crypt_cbc(&ctx, mode, 16, iv, buf, buf); + if (ret != 0) { goto exit; + } } - if( memcmp( buf, aes_tests, 16 ) != 0 ) - { + if (memcmp(buf, aes_tests, 16) != 0) { ret = 1; goto exit; } - if( verbose != 0 ) - mbedtls_printf( "passed\n" ); + if (verbose != 0) { + mbedtls_printf("passed\n"); + } } - if( verbose != 0 ) - mbedtls_printf( "\n" ); + if (verbose != 0) { + mbedtls_printf("\n"); + } #endif /* MBEDTLS_CIPHER_MODE_CBC */ #if defined(MBEDTLS_CIPHER_MODE_CFB) /* * CFB128 mode */ - for( i = 0; i < 6; i++ ) - { + for (i = 0; i < 6; i++) { u = i >> 1; keybits = 128 + u * 64; mode = i & 1; - if( verbose != 0 ) - mbedtls_printf( " AES-CFB128-%3u (%s): ", keybits, - ( mode == MBEDTLS_AES_DECRYPT ) ? "dec" : "enc" ); + if (verbose != 0) { + mbedtls_printf(" AES-CFB128-%3u (%s): ", keybits, + (mode == MBEDTLS_AES_DECRYPT) ? "dec" : "enc"); + } - memcpy( iv, aes_test_cfb128_iv, 16 ); - memcpy( key, aes_test_cfb128_key[u], keybits / 8 ); + memcpy(iv, aes_test_cfb128_iv, 16); + memcpy(key, aes_test_cfb128_key[u], keybits / 8); offset = 0; - ret = mbedtls_aes_setkey_enc( &ctx, key, keybits ); + ret = mbedtls_aes_setkey_enc(&ctx, key, keybits); /* * AES-192 is an optional feature that may be unavailable when * there is an alternative underlying implementation i.e. when * MBEDTLS_AES_ALT is defined. */ - if( ret == MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED && keybits == 192 ) - { - mbedtls_printf( "skipped\n" ); + if (ret == MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED && keybits == 192) { + mbedtls_printf("skipped\n"); continue; - } - else if( ret != 0 ) - { + } else if (ret != 0) { goto exit; } - if( mode == MBEDTLS_AES_DECRYPT ) - { - memcpy( buf, aes_test_cfb128_ct[u], 64 ); + if (mode == MBEDTLS_AES_DECRYPT) { + memcpy(buf, aes_test_cfb128_ct[u], 64); aes_tests = aes_test_cfb128_pt; - } - else - { - memcpy( buf, aes_test_cfb128_pt, 64 ); + } else { + memcpy(buf, aes_test_cfb128_pt, 64); aes_tests = aes_test_cfb128_ct[u]; } - ret = mbedtls_aes_crypt_cfb128( &ctx, mode, 64, &offset, iv, buf, buf ); - if( ret != 0 ) + ret = mbedtls_aes_crypt_cfb128(&ctx, mode, 64, &offset, iv, buf, buf); + if (ret != 0) { goto exit; + } - if( memcmp( buf, aes_tests, 64 ) != 0 ) - { + if (memcmp(buf, aes_tests, 64) != 0) { ret = 1; goto exit; } - if( verbose != 0 ) - mbedtls_printf( "passed\n" ); + if (verbose != 0) { + mbedtls_printf("passed\n"); + } } - if( verbose != 0 ) - mbedtls_printf( "\n" ); + if (verbose != 0) { + mbedtls_printf("\n"); + } #endif /* MBEDTLS_CIPHER_MODE_CFB */ #if defined(MBEDTLS_CIPHER_MODE_OFB) /* * OFB mode */ - for( i = 0; i < 6; i++ ) - { + for (i = 0; i < 6; i++) { u = i >> 1; keybits = 128 + u * 64; mode = i & 1; - if( verbose != 0 ) - mbedtls_printf( " AES-OFB-%3u (%s): ", keybits, - ( mode == MBEDTLS_AES_DECRYPT ) ? "dec" : "enc" ); + if (verbose != 0) { + mbedtls_printf(" AES-OFB-%3u (%s): ", keybits, + (mode == MBEDTLS_AES_DECRYPT) ? "dec" : "enc"); + } - memcpy( iv, aes_test_ofb_iv, 16 ); - memcpy( key, aes_test_ofb_key[u], keybits / 8 ); + memcpy(iv, aes_test_ofb_iv, 16); + memcpy(key, aes_test_ofb_key[u], keybits / 8); offset = 0; - ret = mbedtls_aes_setkey_enc( &ctx, key, keybits ); + ret = mbedtls_aes_setkey_enc(&ctx, key, keybits); /* * AES-192 is an optional feature that may be unavailable when * there is an alternative underlying implementation i.e. when * MBEDTLS_AES_ALT is defined. */ - if( ret == MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED && keybits == 192 ) - { - mbedtls_printf( "skipped\n" ); + if (ret == MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED && keybits == 192) { + mbedtls_printf("skipped\n"); continue; - } - else if( ret != 0 ) - { + } else if (ret != 0) { goto exit; } - if( mode == MBEDTLS_AES_DECRYPT ) - { - memcpy( buf, aes_test_ofb_ct[u], 64 ); + if (mode == MBEDTLS_AES_DECRYPT) { + memcpy(buf, aes_test_ofb_ct[u], 64); aes_tests = aes_test_ofb_pt; - } - else - { - memcpy( buf, aes_test_ofb_pt, 64 ); + } else { + memcpy(buf, aes_test_ofb_pt, 64); aes_tests = aes_test_ofb_ct[u]; } - ret = mbedtls_aes_crypt_ofb( &ctx, 64, &offset, iv, buf, buf ); - if( ret != 0 ) + ret = mbedtls_aes_crypt_ofb(&ctx, 64, &offset, iv, buf, buf); + if (ret != 0) { goto exit; + } - if( memcmp( buf, aes_tests, 64 ) != 0 ) - { + if (memcmp(buf, aes_tests, 64) != 0) { ret = 1; goto exit; } - if( verbose != 0 ) - mbedtls_printf( "passed\n" ); + if (verbose != 0) { + mbedtls_printf("passed\n"); + } } - if( verbose != 0 ) - mbedtls_printf( "\n" ); + if (verbose != 0) { + mbedtls_printf("\n"); + } #endif /* MBEDTLS_CIPHER_MODE_OFB */ #if defined(MBEDTLS_CIPHER_MODE_CTR) /* * CTR mode */ - for( i = 0; i < 6; i++ ) - { + for (i = 0; i < 6; i++) { u = i >> 1; mode = i & 1; - if( verbose != 0 ) - mbedtls_printf( " AES-CTR-128 (%s): ", - ( mode == MBEDTLS_AES_DECRYPT ) ? "dec" : "enc" ); + if (verbose != 0) { + mbedtls_printf(" AES-CTR-128 (%s): ", + (mode == MBEDTLS_AES_DECRYPT) ? "dec" : "enc"); + } - memcpy( nonce_counter, aes_test_ctr_nonce_counter[u], 16 ); - memcpy( key, aes_test_ctr_key[u], 16 ); + memcpy(nonce_counter, aes_test_ctr_nonce_counter[u], 16); + memcpy(key, aes_test_ctr_key[u], 16); offset = 0; - if( ( ret = mbedtls_aes_setkey_enc( &ctx, key, 128 ) ) != 0 ) + if ((ret = mbedtls_aes_setkey_enc(&ctx, key, 128)) != 0) { goto exit; + } len = aes_test_ctr_len[u]; - if( mode == MBEDTLS_AES_DECRYPT ) - { - memcpy( buf, aes_test_ctr_ct[u], len ); + if (mode == MBEDTLS_AES_DECRYPT) { + memcpy(buf, aes_test_ctr_ct[u], len); aes_tests = aes_test_ctr_pt[u]; - } - else - { - memcpy( buf, aes_test_ctr_pt[u], len ); + } else { + memcpy(buf, aes_test_ctr_pt[u], len); aes_tests = aes_test_ctr_ct[u]; } - ret = mbedtls_aes_crypt_ctr( &ctx, len, &offset, nonce_counter, - stream_block, buf, buf ); - if( ret != 0 ) + ret = mbedtls_aes_crypt_ctr(&ctx, len, &offset, nonce_counter, + stream_block, buf, buf); + if (ret != 0) { goto exit; + } - if( memcmp( buf, aes_tests, len ) != 0 ) - { + if (memcmp(buf, aes_tests, len) != 0) { ret = 1; goto exit; } - if( verbose != 0 ) - mbedtls_printf( "passed\n" ); + if (verbose != 0) { + mbedtls_printf("passed\n"); + } } - if( verbose != 0 ) - mbedtls_printf( "\n" ); + if (verbose != 0) { + mbedtls_printf("\n"); + } #endif /* MBEDTLS_CIPHER_MODE_CTR */ #if defined(MBEDTLS_CIPHER_MODE_XTS) { - static const int num_tests = - sizeof(aes_test_xts_key) / sizeof(*aes_test_xts_key); - mbedtls_aes_xts_context ctx_xts; + static const int num_tests = + sizeof(aes_test_xts_key) / sizeof(*aes_test_xts_key); + mbedtls_aes_xts_context ctx_xts; - /* - * XTS mode - */ - mbedtls_aes_xts_init( &ctx_xts ); + /* + * XTS mode + */ + mbedtls_aes_xts_init(&ctx_xts); - for( i = 0; i < num_tests << 1; i++ ) - { - const unsigned char *data_unit; - u = i >> 1; - mode = i & 1; + for (i = 0; i < num_tests << 1; i++) { + const unsigned char *data_unit; + u = i >> 1; + mode = i & 1; - if( verbose != 0 ) - mbedtls_printf( " AES-XTS-128 (%s): ", - ( mode == MBEDTLS_AES_DECRYPT ) ? "dec" : "enc" ); + if (verbose != 0) { + mbedtls_printf(" AES-XTS-128 (%s): ", + (mode == MBEDTLS_AES_DECRYPT) ? "dec" : "enc"); + } - memset( key, 0, sizeof( key ) ); - memcpy( key, aes_test_xts_key[u], 32 ); - data_unit = aes_test_xts_data_unit[u]; + memset(key, 0, sizeof(key)); + memcpy(key, aes_test_xts_key[u], 32); + data_unit = aes_test_xts_data_unit[u]; - len = sizeof( *aes_test_xts_ct32 ); + len = sizeof(*aes_test_xts_ct32); - if( mode == MBEDTLS_AES_DECRYPT ) - { - ret = mbedtls_aes_xts_setkey_dec( &ctx_xts, key, 256 ); - if( ret != 0) - goto exit; - memcpy( buf, aes_test_xts_ct32[u], len ); - aes_tests = aes_test_xts_pt32[u]; - } - else - { - ret = mbedtls_aes_xts_setkey_enc( &ctx_xts, key, 256 ); - if( ret != 0) - goto exit; - memcpy( buf, aes_test_xts_pt32[u], len ); - aes_tests = aes_test_xts_ct32[u]; - } + if (mode == MBEDTLS_AES_DECRYPT) { + ret = mbedtls_aes_xts_setkey_dec(&ctx_xts, key, 256); + if (ret != 0) { + goto exit; + } + memcpy(buf, aes_test_xts_ct32[u], len); + aes_tests = aes_test_xts_pt32[u]; + } else { + ret = mbedtls_aes_xts_setkey_enc(&ctx_xts, key, 256); + if (ret != 0) { + goto exit; + } + memcpy(buf, aes_test_xts_pt32[u], len); + aes_tests = aes_test_xts_ct32[u]; + } - ret = mbedtls_aes_crypt_xts( &ctx_xts, mode, len, data_unit, - buf, buf ); - if( ret != 0 ) - goto exit; + ret = mbedtls_aes_crypt_xts(&ctx_xts, mode, len, data_unit, + buf, buf); + if (ret != 0) { + goto exit; + } - if( memcmp( buf, aes_tests, len ) != 0 ) - { - ret = 1; - goto exit; - } + if (memcmp(buf, aes_tests, len) != 0) { + ret = 1; + goto exit; + } - if( verbose != 0 ) - mbedtls_printf( "passed\n" ); - } + if (verbose != 0) { + mbedtls_printf("passed\n"); + } + } - if( verbose != 0 ) - mbedtls_printf( "\n" ); + if (verbose != 0) { + mbedtls_printf("\n"); + } - mbedtls_aes_xts_free( &ctx_xts ); + mbedtls_aes_xts_free(&ctx_xts); } #endif /* MBEDTLS_CIPHER_MODE_XTS */ ret = 0; exit: - if( ret != 0 && verbose != 0 ) - mbedtls_printf( "failed\n" ); + if (ret != 0 && verbose != 0) { + mbedtls_printf("failed\n"); + } - mbedtls_aes_free( &ctx ); + mbedtls_aes_free(&ctx); - return( ret ); + return ret; } #endif /* MBEDTLS_SELF_TEST */ diff --git a/thirdparty/mbedtls/library/aesni.c b/thirdparty/mbedtls/library/aesni.c index 996292ff6d..c909f654c6 100644 --- a/thirdparty/mbedtls/library/aesni.c +++ b/thirdparty/mbedtls/library/aesni.c @@ -18,51 +18,391 @@ */ /* - * [AES-WP] http://software.intel.com/en-us/articles/intel-advanced-encryption-standard-aes-instructions-set - * [CLMUL-WP] http://software.intel.com/en-us/articles/intel-carry-less-multiplication-instruction-and-its-usage-for-computing-the-gcm-mode/ + * [AES-WP] https://www.intel.com/content/www/us/en/developer/articles/tool/intel-advanced-encryption-standard-aes-instructions-set.html + * [CLMUL-WP] https://www.intel.com/content/www/us/en/develop/download/intel-carry-less-multiplication-instruction-and-its-usage-for-computing-the-gcm-mode.html */ #include "common.h" #if defined(MBEDTLS_AESNI_C) -#if defined(__has_feature) -#if __has_feature(memory_sanitizer) -#warning "MBEDTLS_AESNI_C is known to cause spurious error reports with some memory sanitizers as they do not understand the assembly code." -#endif -#endif - #include "mbedtls/aesni.h" #include +/* *INDENT-OFF* */ #ifndef asm #define asm __asm #endif +/* *INDENT-ON* */ + +#if defined(MBEDTLS_AESNI_HAVE_CODE) -#if defined(MBEDTLS_HAVE_X86_64) +#if MBEDTLS_AESNI_HAVE_CODE == 2 +#if !defined(_WIN32) +#include +#endif +#include +#endif /* * AES-NI support detection routine */ -int mbedtls_aesni_has_support( unsigned int what ) +int mbedtls_aesni_has_support(unsigned int what) { static int done = 0; static unsigned int c = 0; - if( ! done ) - { - asm( "movl $1, %%eax \n\t" + if (!done) { +#if MBEDTLS_AESNI_HAVE_CODE == 2 + static unsigned info[4] = { 0, 0, 0, 0 }; +#if defined(_MSC_VER) + __cpuid(info, 1); +#else + __cpuid(1, info[0], info[1], info[2], info[3]); +#endif + c = info[2]; +#else /* AESNI using asm */ + asm ("movl $1, %%eax \n\t" "cpuid \n\t" : "=c" (c) : - : "eax", "ebx", "edx" ); + : "eax", "ebx", "edx"); +#endif /* MBEDTLS_AESNI_HAVE_CODE */ done = 1; } - return( ( c & what ) != 0 ); + return (c & what) != 0; } +#if MBEDTLS_AESNI_HAVE_CODE == 2 + +/* + * AES-NI AES-ECB block en(de)cryption + */ +int mbedtls_aesni_crypt_ecb(mbedtls_aes_context *ctx, + int mode, + const unsigned char input[16], + unsigned char output[16]) +{ + const __m128i *rk = (const __m128i *) (ctx->rk); + unsigned nr = ctx->nr; // Number of remaining rounds + + // Load round key 0 + __m128i state; + memcpy(&state, input, 16); + state = _mm_xor_si128(state, rk[0]); // state ^= *rk; + ++rk; + --nr; + + if (mode == 0) { + while (nr != 0) { + state = _mm_aesdec_si128(state, *rk); + ++rk; + --nr; + } + state = _mm_aesdeclast_si128(state, *rk); + } else { + while (nr != 0) { + state = _mm_aesenc_si128(state, *rk); + ++rk; + --nr; + } + state = _mm_aesenclast_si128(state, *rk); + } + + memcpy(output, &state, 16); + return 0; +} + +/* + * GCM multiplication: c = a times b in GF(2^128) + * Based on [CLMUL-WP] algorithms 1 (with equation 27) and 5. + */ + +static void gcm_clmul(const __m128i aa, const __m128i bb, + __m128i *cc, __m128i *dd) +{ + /* + * Caryless multiplication dd:cc = aa * bb + * using [CLMUL-WP] algorithm 1 (p. 12). + */ + *cc = _mm_clmulepi64_si128(aa, bb, 0x00); // a0*b0 = c1:c0 + *dd = _mm_clmulepi64_si128(aa, bb, 0x11); // a1*b1 = d1:d0 + __m128i ee = _mm_clmulepi64_si128(aa, bb, 0x10); // a0*b1 = e1:e0 + __m128i ff = _mm_clmulepi64_si128(aa, bb, 0x01); // a1*b0 = f1:f0 + ff = _mm_xor_si128(ff, ee); // e1+f1:e0+f0 + ee = ff; // e1+f1:e0+f0 + ff = _mm_srli_si128(ff, 8); // 0:e1+f1 + ee = _mm_slli_si128(ee, 8); // e0+f0:0 + *dd = _mm_xor_si128(*dd, ff); // d1:d0+e1+f1 + *cc = _mm_xor_si128(*cc, ee); // c1+e0+f0:c0 +} + +static void gcm_shift(__m128i *cc, __m128i *dd) +{ + /* [CMUCL-WP] Algorithm 5 Step 1: shift cc:dd one bit to the left, + * taking advantage of [CLMUL-WP] eq 27 (p. 18). */ + // // *cc = r1:r0 + // // *dd = r3:r2 + __m128i cc_lo = _mm_slli_epi64(*cc, 1); // r1<<1:r0<<1 + __m128i dd_lo = _mm_slli_epi64(*dd, 1); // r3<<1:r2<<1 + __m128i cc_hi = _mm_srli_epi64(*cc, 63); // r1>>63:r0>>63 + __m128i dd_hi = _mm_srli_epi64(*dd, 63); // r3>>63:r2>>63 + __m128i xmm5 = _mm_srli_si128(cc_hi, 8); // 0:r1>>63 + cc_hi = _mm_slli_si128(cc_hi, 8); // r0>>63:0 + dd_hi = _mm_slli_si128(dd_hi, 8); // 0:r1>>63 + + *cc = _mm_or_si128(cc_lo, cc_hi); // r1<<1|r0>>63:r0<<1 + *dd = _mm_or_si128(_mm_or_si128(dd_lo, dd_hi), xmm5); // r3<<1|r2>>62:r2<<1|r1>>63 +} + +static __m128i gcm_reduce(__m128i xx) +{ + // // xx = x1:x0 + /* [CLMUL-WP] Algorithm 5 Step 2 */ + __m128i aa = _mm_slli_epi64(xx, 63); // x1<<63:x0<<63 = stuff:a + __m128i bb = _mm_slli_epi64(xx, 62); // x1<<62:x0<<62 = stuff:b + __m128i cc = _mm_slli_epi64(xx, 57); // x1<<57:x0<<57 = stuff:c + __m128i dd = _mm_slli_si128(_mm_xor_si128(_mm_xor_si128(aa, bb), cc), 8); // a+b+c:0 + return _mm_xor_si128(dd, xx); // x1+a+b+c:x0 = d:x0 +} + +static __m128i gcm_mix(__m128i dx) +{ + /* [CLMUL-WP] Algorithm 5 Steps 3 and 4 */ + __m128i ee = _mm_srli_epi64(dx, 1); // e1:x0>>1 = e1:e0' + __m128i ff = _mm_srli_epi64(dx, 2); // f1:x0>>2 = f1:f0' + __m128i gg = _mm_srli_epi64(dx, 7); // g1:x0>>7 = g1:g0' + + // e0'+f0'+g0' is almost e0+f0+g0, except for some missing + // bits carried from d. Now get those bits back in. + __m128i eh = _mm_slli_epi64(dx, 63); // d<<63:stuff + __m128i fh = _mm_slli_epi64(dx, 62); // d<<62:stuff + __m128i gh = _mm_slli_epi64(dx, 57); // d<<57:stuff + __m128i hh = _mm_srli_si128(_mm_xor_si128(_mm_xor_si128(eh, fh), gh), 8); // 0:missing bits of d + + return _mm_xor_si128(_mm_xor_si128(_mm_xor_si128(_mm_xor_si128(ee, ff), gg), hh), dx); +} + +void mbedtls_aesni_gcm_mult(unsigned char c[16], + const unsigned char a[16], + const unsigned char b[16]) +{ + __m128i aa, bb, cc, dd; + + /* The inputs are in big-endian order, so byte-reverse them */ + for (size_t i = 0; i < 16; i++) { + ((uint8_t *) &aa)[i] = a[15 - i]; + ((uint8_t *) &bb)[i] = b[15 - i]; + } + + gcm_clmul(aa, bb, &cc, &dd); + gcm_shift(&cc, &dd); + /* + * Now reduce modulo the GCM polynomial x^128 + x^7 + x^2 + x + 1 + * using [CLMUL-WP] algorithm 5 (p. 18). + * Currently dd:cc holds x3:x2:x1:x0 (already shifted). + */ + __m128i dx = gcm_reduce(cc); + __m128i xh = gcm_mix(dx); + cc = _mm_xor_si128(xh, dd); // x3+h1:x2+h0 + + /* Now byte-reverse the outputs */ + for (size_t i = 0; i < 16; i++) { + c[i] = ((uint8_t *) &cc)[15 - i]; + } + + return; +} + +/* + * Compute decryption round keys from encryption round keys + */ +void mbedtls_aesni_inverse_key(unsigned char *invkey, + const unsigned char *fwdkey, int nr) +{ + __m128i *ik = (__m128i *) invkey; + const __m128i *fk = (const __m128i *) fwdkey + nr; + + *ik = *fk; + for (--fk, ++ik; fk > (const __m128i *) fwdkey; --fk, ++ik) { + *ik = _mm_aesimc_si128(*fk); + } + *ik = *fk; +} + +/* + * Key expansion, 128-bit case + */ +static __m128i aesni_set_rk_128(__m128i state, __m128i xword) +{ + /* + * Finish generating the next round key. + * + * On entry state is r3:r2:r1:r0 and xword is X:stuff:stuff:stuff + * with X = rot( sub( r3 ) ) ^ RCON (obtained with AESKEYGENASSIST). + * + * On exit, xword is r7:r6:r5:r4 + * with r4 = X + r0, r5 = r4 + r1, r6 = r5 + r2, r7 = r6 + r3 + * and this is returned, to be written to the round key buffer. + */ + xword = _mm_shuffle_epi32(xword, 0xff); // X:X:X:X + xword = _mm_xor_si128(xword, state); // X+r3:X+r2:X+r1:r4 + state = _mm_slli_si128(state, 4); // r2:r1:r0:0 + xword = _mm_xor_si128(xword, state); // X+r3+r2:X+r2+r1:r5:r4 + state = _mm_slli_si128(state, 4); // r1:r0:0:0 + xword = _mm_xor_si128(xword, state); // X+r3+r2+r1:r6:r5:r4 + state = _mm_slli_si128(state, 4); // r0:0:0:0 + state = _mm_xor_si128(xword, state); // r7:r6:r5:r4 + return state; +} + +static void aesni_setkey_enc_128(unsigned char *rk_bytes, + const unsigned char *key) +{ + __m128i *rk = (__m128i *) rk_bytes; + + memcpy(&rk[0], key, 16); + rk[1] = aesni_set_rk_128(rk[0], _mm_aeskeygenassist_si128(rk[0], 0x01)); + rk[2] = aesni_set_rk_128(rk[1], _mm_aeskeygenassist_si128(rk[1], 0x02)); + rk[3] = aesni_set_rk_128(rk[2], _mm_aeskeygenassist_si128(rk[2], 0x04)); + rk[4] = aesni_set_rk_128(rk[3], _mm_aeskeygenassist_si128(rk[3], 0x08)); + rk[5] = aesni_set_rk_128(rk[4], _mm_aeskeygenassist_si128(rk[4], 0x10)); + rk[6] = aesni_set_rk_128(rk[5], _mm_aeskeygenassist_si128(rk[5], 0x20)); + rk[7] = aesni_set_rk_128(rk[6], _mm_aeskeygenassist_si128(rk[6], 0x40)); + rk[8] = aesni_set_rk_128(rk[7], _mm_aeskeygenassist_si128(rk[7], 0x80)); + rk[9] = aesni_set_rk_128(rk[8], _mm_aeskeygenassist_si128(rk[8], 0x1B)); + rk[10] = aesni_set_rk_128(rk[9], _mm_aeskeygenassist_si128(rk[9], 0x36)); +} + +/* + * Key expansion, 192-bit case + */ +static void aesni_set_rk_192(__m128i *state0, __m128i *state1, __m128i xword, + unsigned char *rk) +{ + /* + * Finish generating the next 6 quarter-keys. + * + * On entry state0 is r3:r2:r1:r0, state1 is stuff:stuff:r5:r4 + * and xword is stuff:stuff:X:stuff with X = rot( sub( r3 ) ) ^ RCON + * (obtained with AESKEYGENASSIST). + * + * On exit, state0 is r9:r8:r7:r6 and state1 is stuff:stuff:r11:r10 + * and those are written to the round key buffer. + */ + xword = _mm_shuffle_epi32(xword, 0x55); // X:X:X:X + xword = _mm_xor_si128(xword, *state0); // X+r3:X+r2:X+r1:X+r0 + *state0 = _mm_slli_si128(*state0, 4); // r2:r1:r0:0 + xword = _mm_xor_si128(xword, *state0); // X+r3+r2:X+r2+r1:X+r1+r0:X+r0 + *state0 = _mm_slli_si128(*state0, 4); // r1:r0:0:0 + xword = _mm_xor_si128(xword, *state0); // X+r3+r2+r1:X+r2+r1+r0:X+r1+r0:X+r0 + *state0 = _mm_slli_si128(*state0, 4); // r0:0:0:0 + xword = _mm_xor_si128(xword, *state0); // X+r3+r2+r1+r0:X+r2+r1+r0:X+r1+r0:X+r0 + *state0 = xword; // = r9:r8:r7:r6 + + xword = _mm_shuffle_epi32(xword, 0xff); // r9:r9:r9:r9 + xword = _mm_xor_si128(xword, *state1); // stuff:stuff:r9+r5:r9+r4 + *state1 = _mm_slli_si128(*state1, 4); // stuff:stuff:r4:0 + xword = _mm_xor_si128(xword, *state1); // stuff:stuff:r9+r5+r4:r9+r4 + *state1 = xword; // = stuff:stuff:r11:r10 + + /* Store state0 and the low half of state1 into rk, which is conceptually + * an array of 24-byte elements. Since 24 is not a multiple of 16, + * rk is not necessarily aligned so just `*rk = *state0` doesn't work. */ + memcpy(rk, state0, 16); + memcpy(rk + 16, state1, 8); +} + +static void aesni_setkey_enc_192(unsigned char *rk, + const unsigned char *key) +{ + /* First round: use original key */ + memcpy(rk, key, 24); + /* aes.c guarantees that rk is aligned on a 16-byte boundary. */ + __m128i state0 = ((__m128i *) rk)[0]; + __m128i state1 = _mm_loadl_epi64(((__m128i *) rk) + 1); + + aesni_set_rk_192(&state0, &state1, _mm_aeskeygenassist_si128(state1, 0x01), rk + 24 * 1); + aesni_set_rk_192(&state0, &state1, _mm_aeskeygenassist_si128(state1, 0x02), rk + 24 * 2); + aesni_set_rk_192(&state0, &state1, _mm_aeskeygenassist_si128(state1, 0x04), rk + 24 * 3); + aesni_set_rk_192(&state0, &state1, _mm_aeskeygenassist_si128(state1, 0x08), rk + 24 * 4); + aesni_set_rk_192(&state0, &state1, _mm_aeskeygenassist_si128(state1, 0x10), rk + 24 * 5); + aesni_set_rk_192(&state0, &state1, _mm_aeskeygenassist_si128(state1, 0x20), rk + 24 * 6); + aesni_set_rk_192(&state0, &state1, _mm_aeskeygenassist_si128(state1, 0x40), rk + 24 * 7); + aesni_set_rk_192(&state0, &state1, _mm_aeskeygenassist_si128(state1, 0x80), rk + 24 * 8); +} + +/* + * Key expansion, 256-bit case + */ +static void aesni_set_rk_256(__m128i state0, __m128i state1, __m128i xword, + __m128i *rk0, __m128i *rk1) +{ + /* + * Finish generating the next two round keys. + * + * On entry state0 is r3:r2:r1:r0, state1 is r7:r6:r5:r4 and + * xword is X:stuff:stuff:stuff with X = rot( sub( r7 )) ^ RCON + * (obtained with AESKEYGENASSIST). + * + * On exit, *rk0 is r11:r10:r9:r8 and *rk1 is r15:r14:r13:r12 + */ + xword = _mm_shuffle_epi32(xword, 0xff); + xword = _mm_xor_si128(xword, state0); + state0 = _mm_slli_si128(state0, 4); + xword = _mm_xor_si128(xword, state0); + state0 = _mm_slli_si128(state0, 4); + xword = _mm_xor_si128(xword, state0); + state0 = _mm_slli_si128(state0, 4); + state0 = _mm_xor_si128(state0, xword); + *rk0 = state0; + + /* Set xword to stuff:Y:stuff:stuff with Y = subword( r11 ) + * and proceed to generate next round key from there */ + xword = _mm_aeskeygenassist_si128(state0, 0x00); + xword = _mm_shuffle_epi32(xword, 0xaa); + xword = _mm_xor_si128(xword, state1); + state1 = _mm_slli_si128(state1, 4); + xword = _mm_xor_si128(xword, state1); + state1 = _mm_slli_si128(state1, 4); + xword = _mm_xor_si128(xword, state1); + state1 = _mm_slli_si128(state1, 4); + state1 = _mm_xor_si128(state1, xword); + *rk1 = state1; +} + +static void aesni_setkey_enc_256(unsigned char *rk_bytes, + const unsigned char *key) +{ + __m128i *rk = (__m128i *) rk_bytes; + + memcpy(&rk[0], key, 16); + memcpy(&rk[1], key + 16, 16); + + /* + * Main "loop" - Generating one more key than necessary, + * see definition of mbedtls_aes_context.buf + */ + aesni_set_rk_256(rk[0], rk[1], _mm_aeskeygenassist_si128(rk[1], 0x01), &rk[2], &rk[3]); + aesni_set_rk_256(rk[2], rk[3], _mm_aeskeygenassist_si128(rk[3], 0x02), &rk[4], &rk[5]); + aesni_set_rk_256(rk[4], rk[5], _mm_aeskeygenassist_si128(rk[5], 0x04), &rk[6], &rk[7]); + aesni_set_rk_256(rk[6], rk[7], _mm_aeskeygenassist_si128(rk[7], 0x08), &rk[8], &rk[9]); + aesni_set_rk_256(rk[8], rk[9], _mm_aeskeygenassist_si128(rk[9], 0x10), &rk[10], &rk[11]); + aesni_set_rk_256(rk[10], rk[11], _mm_aeskeygenassist_si128(rk[11], 0x20), &rk[12], &rk[13]); + aesni_set_rk_256(rk[12], rk[13], _mm_aeskeygenassist_si128(rk[13], 0x40), &rk[14], &rk[15]); +} + +#else /* MBEDTLS_AESNI_HAVE_CODE == 1 */ + +#if defined(__has_feature) +#if __has_feature(memory_sanitizer) +#warning \ + "MBEDTLS_AESNI_C is known to cause spurious error reports with some memory sanitizers as they do not understand the assembly code." +#endif +#endif + /* * Binutils needs to be at least 2.19 to support AES-NI instructions. * Unfortunately, a lot of users have a lower version now (2014-04). @@ -73,13 +413,13 @@ int mbedtls_aesni_has_support( unsigned int what ) * Operand macros are in gas order (src, dst) as opposed to Intel order * (dst, src) in order to blend better into the surrounding assembly code. */ -#define AESDEC ".byte 0x66,0x0F,0x38,0xDE," -#define AESDECLAST ".byte 0x66,0x0F,0x38,0xDF," -#define AESENC ".byte 0x66,0x0F,0x38,0xDC," -#define AESENCLAST ".byte 0x66,0x0F,0x38,0xDD," -#define AESIMC ".byte 0x66,0x0F,0x38,0xDB," -#define AESKEYGENA ".byte 0x66,0x0F,0x3A,0xDF," -#define PCLMULQDQ ".byte 0x66,0x0F,0x3A,0x44," +#define AESDEC(regs) ".byte 0x66,0x0F,0x38,0xDE," regs "\n\t" +#define AESDECLAST(regs) ".byte 0x66,0x0F,0x38,0xDF," regs "\n\t" +#define AESENC(regs) ".byte 0x66,0x0F,0x38,0xDC," regs "\n\t" +#define AESENCLAST(regs) ".byte 0x66,0x0F,0x38,0xDD," regs "\n\t" +#define AESIMC(regs) ".byte 0x66,0x0F,0x38,0xDB," regs "\n\t" +#define AESKEYGENA(regs, imm) ".byte 0x66,0x0F,0x3A,0xDF," regs "," imm "\n\t" +#define PCLMULQDQ(regs, imm) ".byte 0x66,0x0F,0x3A,0x44," regs "," imm "\n\t" #define xmm0_xmm0 "0xC0" #define xmm0_xmm1 "0xC8" @@ -92,12 +432,12 @@ int mbedtls_aesni_has_support( unsigned int what ) /* * AES-NI AES-ECB block en(de)cryption */ -int mbedtls_aesni_crypt_ecb( mbedtls_aes_context *ctx, - int mode, - const unsigned char input[16], - unsigned char output[16] ) +int mbedtls_aesni_crypt_ecb(mbedtls_aes_context *ctx, + int mode, + const unsigned char input[16], + unsigned char output[16]) { - asm( "movdqu (%3), %%xmm0 \n\t" // load input + asm ("movdqu (%3), %%xmm0 \n\t" // load input "movdqu (%1), %%xmm1 \n\t" // load round key 0 "pxor %%xmm1, %%xmm0 \n\t" // round 0 "add $16, %1 \n\t" // point to next round key @@ -107,65 +447,64 @@ int mbedtls_aesni_crypt_ecb( mbedtls_aes_context *ctx, "1: \n\t" // encryption loop "movdqu (%1), %%xmm1 \n\t" // load round key - AESENC xmm1_xmm0 "\n\t" // do round + AESENC(xmm1_xmm0) // do round "add $16, %1 \n\t" // point to next round key "subl $1, %0 \n\t" // loop "jnz 1b \n\t" "movdqu (%1), %%xmm1 \n\t" // load round key - AESENCLAST xmm1_xmm0 "\n\t" // last round + AESENCLAST(xmm1_xmm0) // last round "jmp 3f \n\t" "2: \n\t" // decryption loop "movdqu (%1), %%xmm1 \n\t" - AESDEC xmm1_xmm0 "\n\t" // do round + AESDEC(xmm1_xmm0) // do round "add $16, %1 \n\t" "subl $1, %0 \n\t" "jnz 2b \n\t" "movdqu (%1), %%xmm1 \n\t" // load round key - AESDECLAST xmm1_xmm0 "\n\t" // last round + AESDECLAST(xmm1_xmm0) // last round "3: \n\t" "movdqu %%xmm0, (%4) \n\t" // export output : : "r" (ctx->nr), "r" (ctx->rk), "r" (mode), "r" (input), "r" (output) - : "memory", "cc", "xmm0", "xmm1" ); + : "memory", "cc", "xmm0", "xmm1"); - return( 0 ); + return 0; } /* * GCM multiplication: c = a times b in GF(2^128) * Based on [CLMUL-WP] algorithms 1 (with equation 27) and 5. */ -void mbedtls_aesni_gcm_mult( unsigned char c[16], - const unsigned char a[16], - const unsigned char b[16] ) +void mbedtls_aesni_gcm_mult(unsigned char c[16], + const unsigned char a[16], + const unsigned char b[16]) { unsigned char aa[16], bb[16], cc[16]; size_t i; /* The inputs are in big-endian order, so byte-reverse them */ - for( i = 0; i < 16; i++ ) - { + for (i = 0; i < 16; i++) { aa[i] = a[15 - i]; bb[i] = b[15 - i]; } - asm( "movdqu (%0), %%xmm0 \n\t" // a1:a0 + asm ("movdqu (%0), %%xmm0 \n\t" // a1:a0 "movdqu (%1), %%xmm1 \n\t" // b1:b0 /* * Caryless multiplication xmm2:xmm1 = xmm0 * xmm1 - * using [CLMUL-WP] algorithm 1 (p. 13). + * using [CLMUL-WP] algorithm 1 (p. 12). */ "movdqa %%xmm1, %%xmm2 \n\t" // copy of b1:b0 "movdqa %%xmm1, %%xmm3 \n\t" // same "movdqa %%xmm1, %%xmm4 \n\t" // same - PCLMULQDQ xmm0_xmm1 ",0x00 \n\t" // a0*b0 = c1:c0 - PCLMULQDQ xmm0_xmm2 ",0x11 \n\t" // a1*b1 = d1:d0 - PCLMULQDQ xmm0_xmm3 ",0x10 \n\t" // a0*b1 = e1:e0 - PCLMULQDQ xmm0_xmm4 ",0x01 \n\t" // a1*b0 = f1:f0 + PCLMULQDQ(xmm0_xmm1, "0x00") // a0*b0 = c1:c0 + PCLMULQDQ(xmm0_xmm2, "0x11") // a1*b1 = d1:d0 + PCLMULQDQ(xmm0_xmm3, "0x10") // a0*b1 = e1:e0 + PCLMULQDQ(xmm0_xmm4, "0x01") // a1*b0 = f1:f0 "pxor %%xmm3, %%xmm4 \n\t" // e1+f1:e0+f0 "movdqa %%xmm4, %%xmm3 \n\t" // same "psrldq $8, %%xmm4 \n\t" // 0:e1+f1 @@ -175,7 +514,7 @@ void mbedtls_aesni_gcm_mult( unsigned char c[16], /* * Now shift the result one bit to the left, - * taking advantage of [CLMUL-WP] eq 27 (p. 20) + * taking advantage of [CLMUL-WP] eq 27 (p. 18) */ "movdqa %%xmm1, %%xmm3 \n\t" // r1:r0 "movdqa %%xmm2, %%xmm4 \n\t" // r3:r2 @@ -193,7 +532,7 @@ void mbedtls_aesni_gcm_mult( unsigned char c[16], /* * Now reduce modulo the GCM polynomial x^128 + x^7 + x^2 + x + 1 - * using [CLMUL-WP] algorithm 5 (p. 20). + * using [CLMUL-WP] algorithm 5 (p. 18). * Currently xmm2:xmm1 holds x3:x2:x1:x0 (already shifted). */ /* Step 2 (1) */ @@ -237,11 +576,12 @@ void mbedtls_aesni_gcm_mult( unsigned char c[16], "movdqu %%xmm0, (%2) \n\t" // done : : "r" (aa), "r" (bb), "r" (cc) - : "memory", "cc", "xmm0", "xmm1", "xmm2", "xmm3", "xmm4", "xmm5" ); + : "memory", "cc", "xmm0", "xmm1", "xmm2", "xmm3", "xmm4", "xmm5"); /* Now byte-reverse the outputs */ - for( i = 0; i < 16; i++ ) + for (i = 0; i < 16; i++) { c[i] = cc[15 - i]; + } return; } @@ -249,32 +589,33 @@ void mbedtls_aesni_gcm_mult( unsigned char c[16], /* * Compute decryption round keys from encryption round keys */ -void mbedtls_aesni_inverse_key( unsigned char *invkey, - const unsigned char *fwdkey, int nr ) +void mbedtls_aesni_inverse_key(unsigned char *invkey, + const unsigned char *fwdkey, int nr) { unsigned char *ik = invkey; const unsigned char *fk = fwdkey + 16 * nr; - memcpy( ik, fk, 16 ); + memcpy(ik, fk, 16); - for( fk -= 16, ik += 16; fk > fwdkey; fk -= 16, ik += 16 ) - asm( "movdqu (%0), %%xmm0 \n\t" - AESIMC xmm0_xmm0 "\n\t" + for (fk -= 16, ik += 16; fk > fwdkey; fk -= 16, ik += 16) { + asm ("movdqu (%0), %%xmm0 \n\t" + AESIMC(xmm0_xmm0) "movdqu %%xmm0, (%1) \n\t" : : "r" (fk), "r" (ik) - : "memory", "xmm0" ); + : "memory", "xmm0"); + } - memcpy( ik, fk, 16 ); + memcpy(ik, fk, 16); } /* * Key expansion, 128-bit case */ -static void aesni_setkey_enc_128( unsigned char *rk, - const unsigned char *key ) +static void aesni_setkey_enc_128(unsigned char *rk, + const unsigned char *key) { - asm( "movdqu (%1), %%xmm0 \n\t" // copy the original key + asm ("movdqu (%1), %%xmm0 \n\t" // copy the original key "movdqu %%xmm0, (%0) \n\t" // as round key 0 "jmp 2f \n\t" // skip auxiliary routine @@ -303,28 +644,28 @@ static void aesni_setkey_enc_128( unsigned char *rk, /* Main "loop" */ "2: \n\t" - AESKEYGENA xmm0_xmm1 ",0x01 \n\tcall 1b \n\t" - AESKEYGENA xmm0_xmm1 ",0x02 \n\tcall 1b \n\t" - AESKEYGENA xmm0_xmm1 ",0x04 \n\tcall 1b \n\t" - AESKEYGENA xmm0_xmm1 ",0x08 \n\tcall 1b \n\t" - AESKEYGENA xmm0_xmm1 ",0x10 \n\tcall 1b \n\t" - AESKEYGENA xmm0_xmm1 ",0x20 \n\tcall 1b \n\t" - AESKEYGENA xmm0_xmm1 ",0x40 \n\tcall 1b \n\t" - AESKEYGENA xmm0_xmm1 ",0x80 \n\tcall 1b \n\t" - AESKEYGENA xmm0_xmm1 ",0x1B \n\tcall 1b \n\t" - AESKEYGENA xmm0_xmm1 ",0x36 \n\tcall 1b \n\t" + AESKEYGENA(xmm0_xmm1, "0x01") "call 1b \n\t" + AESKEYGENA(xmm0_xmm1, "0x02") "call 1b \n\t" + AESKEYGENA(xmm0_xmm1, "0x04") "call 1b \n\t" + AESKEYGENA(xmm0_xmm1, "0x08") "call 1b \n\t" + AESKEYGENA(xmm0_xmm1, "0x10") "call 1b \n\t" + AESKEYGENA(xmm0_xmm1, "0x20") "call 1b \n\t" + AESKEYGENA(xmm0_xmm1, "0x40") "call 1b \n\t" + AESKEYGENA(xmm0_xmm1, "0x80") "call 1b \n\t" + AESKEYGENA(xmm0_xmm1, "0x1B") "call 1b \n\t" + AESKEYGENA(xmm0_xmm1, "0x36") "call 1b \n\t" : : "r" (rk), "r" (key) - : "memory", "cc", "0" ); + : "memory", "cc", "0"); } /* * Key expansion, 192-bit case */ -static void aesni_setkey_enc_192( unsigned char *rk, - const unsigned char *key ) +static void aesni_setkey_enc_192(unsigned char *rk, + const unsigned char *key) { - asm( "movdqu (%1), %%xmm0 \n\t" // copy original round key + asm ("movdqu (%1), %%xmm0 \n\t" // copy original round key "movdqu %%xmm0, (%0) \n\t" "add $16, %0 \n\t" "movq 16(%1), %%xmm1 \n\t" @@ -361,27 +702,27 @@ static void aesni_setkey_enc_192( unsigned char *rk, "ret \n\t" "2: \n\t" - AESKEYGENA xmm1_xmm2 ",0x01 \n\tcall 1b \n\t" - AESKEYGENA xmm1_xmm2 ",0x02 \n\tcall 1b \n\t" - AESKEYGENA xmm1_xmm2 ",0x04 \n\tcall 1b \n\t" - AESKEYGENA xmm1_xmm2 ",0x08 \n\tcall 1b \n\t" - AESKEYGENA xmm1_xmm2 ",0x10 \n\tcall 1b \n\t" - AESKEYGENA xmm1_xmm2 ",0x20 \n\tcall 1b \n\t" - AESKEYGENA xmm1_xmm2 ",0x40 \n\tcall 1b \n\t" - AESKEYGENA xmm1_xmm2 ",0x80 \n\tcall 1b \n\t" + AESKEYGENA(xmm1_xmm2, "0x01") "call 1b \n\t" + AESKEYGENA(xmm1_xmm2, "0x02") "call 1b \n\t" + AESKEYGENA(xmm1_xmm2, "0x04") "call 1b \n\t" + AESKEYGENA(xmm1_xmm2, "0x08") "call 1b \n\t" + AESKEYGENA(xmm1_xmm2, "0x10") "call 1b \n\t" + AESKEYGENA(xmm1_xmm2, "0x20") "call 1b \n\t" + AESKEYGENA(xmm1_xmm2, "0x40") "call 1b \n\t" + AESKEYGENA(xmm1_xmm2, "0x80") "call 1b \n\t" : : "r" (rk), "r" (key) - : "memory", "cc", "0" ); + : "memory", "cc", "0"); } /* * Key expansion, 256-bit case */ -static void aesni_setkey_enc_256( unsigned char *rk, - const unsigned char *key ) +static void aesni_setkey_enc_256(unsigned char *rk, + const unsigned char *key) { - asm( "movdqu (%1), %%xmm0 \n\t" + asm ("movdqu (%1), %%xmm0 \n\t" "movdqu %%xmm0, (%0) \n\t" "add $16, %0 \n\t" "movdqu 16(%1), %%xmm1 \n\t" @@ -411,7 +752,7 @@ static void aesni_setkey_enc_256( unsigned char *rk, /* Set xmm2 to stuff:Y:stuff:stuff with Y = subword( r11 ) * and proceed to generate next round key from there */ - AESKEYGENA xmm0_xmm2 ",0x00 \n\t" + AESKEYGENA(xmm0_xmm2, "0x00") "pshufd $0xaa, %%xmm2, %%xmm2 \n\t" "pxor %%xmm1, %%xmm2 \n\t" "pslldq $4, %%xmm1 \n\t" @@ -429,36 +770,37 @@ static void aesni_setkey_enc_256( unsigned char *rk, * see definition of mbedtls_aes_context.buf */ "2: \n\t" - AESKEYGENA xmm1_xmm2 ",0x01 \n\tcall 1b \n\t" - AESKEYGENA xmm1_xmm2 ",0x02 \n\tcall 1b \n\t" - AESKEYGENA xmm1_xmm2 ",0x04 \n\tcall 1b \n\t" - AESKEYGENA xmm1_xmm2 ",0x08 \n\tcall 1b \n\t" - AESKEYGENA xmm1_xmm2 ",0x10 \n\tcall 1b \n\t" - AESKEYGENA xmm1_xmm2 ",0x20 \n\tcall 1b \n\t" - AESKEYGENA xmm1_xmm2 ",0x40 \n\tcall 1b \n\t" + AESKEYGENA(xmm1_xmm2, "0x01") "call 1b \n\t" + AESKEYGENA(xmm1_xmm2, "0x02") "call 1b \n\t" + AESKEYGENA(xmm1_xmm2, "0x04") "call 1b \n\t" + AESKEYGENA(xmm1_xmm2, "0x08") "call 1b \n\t" + AESKEYGENA(xmm1_xmm2, "0x10") "call 1b \n\t" + AESKEYGENA(xmm1_xmm2, "0x20") "call 1b \n\t" + AESKEYGENA(xmm1_xmm2, "0x40") "call 1b \n\t" : : "r" (rk), "r" (key) - : "memory", "cc", "0" ); + : "memory", "cc", "0"); } +#endif /* MBEDTLS_AESNI_HAVE_CODE */ + /* * Key expansion, wrapper */ -int mbedtls_aesni_setkey_enc( unsigned char *rk, - const unsigned char *key, - size_t bits ) +int mbedtls_aesni_setkey_enc(unsigned char *rk, + const unsigned char *key, + size_t bits) { - switch( bits ) - { - case 128: aesni_setkey_enc_128( rk, key ); break; - case 192: aesni_setkey_enc_192( rk, key ); break; - case 256: aesni_setkey_enc_256( rk, key ); break; - default : return( MBEDTLS_ERR_AES_INVALID_KEY_LENGTH ); + switch (bits) { + case 128: aesni_setkey_enc_128(rk, key); break; + case 192: aesni_setkey_enc_192(rk, key); break; + case 256: aesni_setkey_enc_256(rk, key); break; + default: return MBEDTLS_ERR_AES_INVALID_KEY_LENGTH; } - return( 0 ); + return 0; } -#endif /* MBEDTLS_HAVE_X86_64 */ +#endif /* MBEDTLS_AESNI_HAVE_CODE */ #endif /* MBEDTLS_AESNI_C */ diff --git a/thirdparty/mbedtls/library/arc4.c b/thirdparty/mbedtls/library/arc4.c index dcc13d539a..aa5e3a2b3a 100644 --- a/thirdparty/mbedtls/library/arc4.c +++ b/thirdparty/mbedtls/library/arc4.c @@ -35,24 +35,25 @@ #if !defined(MBEDTLS_ARC4_ALT) -void mbedtls_arc4_init( mbedtls_arc4_context *ctx ) +void mbedtls_arc4_init(mbedtls_arc4_context *ctx) { - memset( ctx, 0, sizeof( mbedtls_arc4_context ) ); + memset(ctx, 0, sizeof(mbedtls_arc4_context)); } -void mbedtls_arc4_free( mbedtls_arc4_context *ctx ) +void mbedtls_arc4_free(mbedtls_arc4_context *ctx) { - if( ctx == NULL ) + if (ctx == NULL) { return; + } - mbedtls_platform_zeroize( ctx, sizeof( mbedtls_arc4_context ) ); + mbedtls_platform_zeroize(ctx, sizeof(mbedtls_arc4_context)); } /* * ARC4 key schedule */ -void mbedtls_arc4_setup( mbedtls_arc4_context *ctx, const unsigned char *key, - unsigned int keylen ) +void mbedtls_arc4_setup(mbedtls_arc4_context *ctx, const unsigned char *key, + unsigned int keylen) { int i, j, a; unsigned int k; @@ -62,17 +63,19 @@ void mbedtls_arc4_setup( mbedtls_arc4_context *ctx, const unsigned char *key, ctx->y = 0; m = ctx->m; - for( i = 0; i < 256; i++ ) + for (i = 0; i < 256; i++) { m[i] = (unsigned char) i; + } j = k = 0; - for( i = 0; i < 256; i++, k++ ) - { - if( k >= keylen ) k = 0; + for (i = 0; i < 256; i++, k++) { + if (k >= keylen) { + k = 0; + } a = m[i]; - j = ( j + a + key[k] ) & 0xFF; + j = (j + a + key[k]) & 0xFF; m[i] = m[j]; m[j] = (unsigned char) a; } @@ -81,8 +84,8 @@ void mbedtls_arc4_setup( mbedtls_arc4_context *ctx, const unsigned char *key, /* * ARC4 cipher function */ -int mbedtls_arc4_crypt( mbedtls_arc4_context *ctx, size_t length, const unsigned char *input, - unsigned char *output ) +int mbedtls_arc4_crypt(mbedtls_arc4_context *ctx, size_t length, const unsigned char *input, + unsigned char *output) { int x, y, a, b; size_t i; @@ -92,22 +95,21 @@ int mbedtls_arc4_crypt( mbedtls_arc4_context *ctx, size_t length, const unsigned y = ctx->y; m = ctx->m; - for( i = 0; i < length; i++ ) - { - x = ( x + 1 ) & 0xFF; a = m[x]; - y = ( y + a ) & 0xFF; b = m[y]; + for (i = 0; i < length; i++) { + x = (x + 1) & 0xFF; a = m[x]; + y = (y + a) & 0xFF; b = m[y]; m[x] = (unsigned char) b; m[y] = (unsigned char) a; output[i] = (unsigned char) - ( input[i] ^ m[(unsigned char)( a + b )] ); + (input[i] ^ m[(unsigned char) (a + b)]); } ctx->x = x; ctx->y = y; - return( 0 ); + return 0; } #endif /* !MBEDTLS_ARC4_ALT */ @@ -142,45 +144,47 @@ static const unsigned char arc4_test_ct[3][8] = /* * Checkup routine */ -int mbedtls_arc4_self_test( int verbose ) +int mbedtls_arc4_self_test(int verbose) { int i, ret = 0; unsigned char ibuf[8]; unsigned char obuf[8]; mbedtls_arc4_context ctx; - mbedtls_arc4_init( &ctx ); + mbedtls_arc4_init(&ctx); - for( i = 0; i < 3; i++ ) - { - if( verbose != 0 ) - mbedtls_printf( " ARC4 test #%d: ", i + 1 ); + for (i = 0; i < 3; i++) { + if (verbose != 0) { + mbedtls_printf(" ARC4 test #%d: ", i + 1); + } - memcpy( ibuf, arc4_test_pt[i], 8 ); + memcpy(ibuf, arc4_test_pt[i], 8); - mbedtls_arc4_setup( &ctx, arc4_test_key[i], 8 ); - mbedtls_arc4_crypt( &ctx, 8, ibuf, obuf ); + mbedtls_arc4_setup(&ctx, arc4_test_key[i], 8); + mbedtls_arc4_crypt(&ctx, 8, ibuf, obuf); - if( memcmp( obuf, arc4_test_ct[i], 8 ) != 0 ) - { - if( verbose != 0 ) - mbedtls_printf( "failed\n" ); + if (memcmp(obuf, arc4_test_ct[i], 8) != 0) { + if (verbose != 0) { + mbedtls_printf("failed\n"); + } ret = 1; goto exit; } - if( verbose != 0 ) - mbedtls_printf( "passed\n" ); + if (verbose != 0) { + mbedtls_printf("passed\n"); + } } - if( verbose != 0 ) - mbedtls_printf( "\n" ); + if (verbose != 0) { + mbedtls_printf("\n"); + } exit: - mbedtls_arc4_free( &ctx ); + mbedtls_arc4_free(&ctx); - return( ret ); + return ret; } #endif /* MBEDTLS_SELF_TEST */ diff --git a/thirdparty/mbedtls/library/aria.c b/thirdparty/mbedtls/library/aria.c index 5e52eea91e..d958ef615d 100644 --- a/thirdparty/mbedtls/library/aria.c +++ b/thirdparty/mbedtls/library/aria.c @@ -38,10 +38,10 @@ #include "mbedtls/platform_util.h" /* Parameter validation macros */ -#define ARIA_VALIDATE_RET( cond ) \ - MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_ARIA_BAD_INPUT_DATA ) -#define ARIA_VALIDATE( cond ) \ - MBEDTLS_INTERNAL_VALIDATE( cond ) +#define ARIA_VALIDATE_RET(cond) \ + MBEDTLS_INTERNAL_VALIDATE_RET(cond, MBEDTLS_ERR_ARIA_BAD_INPUT_DATA) +#define ARIA_VALIDATE(cond) \ + MBEDTLS_INTERNAL_VALIDATE(cond) /* * modify byte order: ( A B C D ) -> ( B A D C ), i.e. swap pairs of bytes @@ -55,30 +55,30 @@ #if defined(__arm__) /* rev16 available from v6 up */ /* armcc5 --gnu defines __GNUC__ but doesn't support GNU's extended asm */ #if defined(__GNUC__) && \ - ( !defined(__ARMCC_VERSION) || __ARMCC_VERSION >= 6000000 ) && \ + (!defined(__ARMCC_VERSION) || __ARMCC_VERSION >= 6000000) && \ __ARM_ARCH >= 6 -static inline uint32_t aria_p1( uint32_t x ) +static inline uint32_t aria_p1(uint32_t x) { uint32_t r; - __asm( "rev16 %0, %1" : "=l" (r) : "l" (x) ); - return( r ); + __asm("rev16 %0, %1" : "=l" (r) : "l" (x)); + return r; } #define ARIA_P1 aria_p1 #elif defined(__ARMCC_VERSION) && __ARMCC_VERSION < 6000000 && \ - ( __TARGET_ARCH_ARM >= 6 || __TARGET_ARCH_THUMB >= 3 ) -static inline uint32_t aria_p1( uint32_t x ) + (__TARGET_ARCH_ARM >= 6 || __TARGET_ARCH_THUMB >= 3) +static inline uint32_t aria_p1(uint32_t x) { uint32_t r; - __asm( "rev16 r, x" ); - return( r ); + __asm("rev16 r, x"); + return r; } #define ARIA_P1 aria_p1 #endif #endif /* arm */ #if defined(__GNUC__) && \ - defined(__i386__) || defined(__amd64__) || defined( __x86_64__) + defined(__i386__) || defined(__amd64__) || defined(__x86_64__) /* I couldn't find an Intel equivalent of rev16, so two instructions */ -#define ARIA_P1(x) ARIA_P2( ARIA_P3( x ) ) +#define ARIA_P1(x) ARIA_P2(ARIA_P3(x)) #endif /* x86 gnuc */ #endif /* MBEDTLS_HAVE_ASM && GNUC */ #if !defined(ARIA_P1) @@ -106,38 +106,38 @@ static inline uint32_t aria_p1( uint32_t x ) #if defined(__arm__) /* rev available from v6 up */ /* armcc5 --gnu defines __GNUC__ but doesn't support GNU's extended asm */ #if defined(__GNUC__) && \ - ( !defined(__ARMCC_VERSION) || __ARMCC_VERSION >= 6000000 ) && \ + (!defined(__ARMCC_VERSION) || __ARMCC_VERSION >= 6000000) && \ __ARM_ARCH >= 6 -static inline uint32_t aria_p3( uint32_t x ) +static inline uint32_t aria_p3(uint32_t x) { uint32_t r; - __asm( "rev %0, %1" : "=l" (r) : "l" (x) ); - return( r ); + __asm("rev %0, %1" : "=l" (r) : "l" (x)); + return r; } #define ARIA_P3 aria_p3 #elif defined(__ARMCC_VERSION) && __ARMCC_VERSION < 6000000 && \ - ( __TARGET_ARCH_ARM >= 6 || __TARGET_ARCH_THUMB >= 3 ) -static inline uint32_t aria_p3( uint32_t x ) + (__TARGET_ARCH_ARM >= 6 || __TARGET_ARCH_THUMB >= 3) +static inline uint32_t aria_p3(uint32_t x) { uint32_t r; - __asm( "rev r, x" ); - return( r ); + __asm("rev r, x"); + return r; } #define ARIA_P3 aria_p3 #endif #endif /* arm */ #if defined(__GNUC__) && \ - defined(__i386__) || defined(__amd64__) || defined( __x86_64__) -static inline uint32_t aria_p3( uint32_t x ) + defined(__i386__) || defined(__amd64__) || defined(__x86_64__) +static inline uint32_t aria_p3(uint32_t x) { - __asm( "bswap %0" : "=r" (x) : "0" (x) ); - return( x ); + __asm("bswap %0" : "=r" (x) : "0" (x)); + return x; } #define ARIA_P3 aria_p3 #endif /* x86 gnuc */ #endif /* MBEDTLS_HAVE_ASM && GNUC */ #if !defined(ARIA_P3) -#define ARIA_P3(x) ARIA_P2( ARIA_P1 ( x ) ) +#define ARIA_P3(x) ARIA_P2(ARIA_P1(x)) #endif /* @@ -163,28 +163,28 @@ static inline uint32_t aria_p3( uint32_t x ) * half of App. B.1 in [1] in terms of 4-byte operators P1, P2, P3 and P4. * The implementation below uses only P1 and P2 as they are sufficient. */ -static inline void aria_a( uint32_t *a, uint32_t *b, - uint32_t *c, uint32_t *d ) +static inline void aria_a(uint32_t *a, uint32_t *b, + uint32_t *c, uint32_t *d) { uint32_t ta, tb, tc; ta = *b; // 4567 *b = *a; // 0123 - *a = ARIA_P2( ta ); // 6745 - tb = ARIA_P2( *d ); // efcd - *d = ARIA_P1( *c ); // 98ba - *c = ARIA_P1( tb ); // fedc + *a = ARIA_P2(ta); // 6745 + tb = ARIA_P2(*d); // efcd + *d = ARIA_P1(*c); // 98ba + *c = ARIA_P1(tb); // fedc ta ^= *d; // 4567+98ba - tc = ARIA_P2( *b ); // 2301 - ta = ARIA_P1( ta ) ^ tc ^ *c; // 2301+5476+89ab+fedc - tb ^= ARIA_P2( *d ); // ba98+efcd - tc ^= ARIA_P1( *a ); // 2301+7654 + tc = ARIA_P2(*b); // 2301 + ta = ARIA_P1(ta) ^ tc ^ *c; // 2301+5476+89ab+fedc + tb ^= ARIA_P2(*d); // ba98+efcd + tc ^= ARIA_P1(*a); // 2301+7654 *b ^= ta ^ tb; // 0123+2301+5476+89ab+ba98+efcd+fedc OUT - tb = ARIA_P2( tb ) ^ ta; // 2301+5476+89ab+98ba+cdef+fedc - *a ^= ARIA_P1( tb ); // 3210+4567+6745+89ab+98ba+dcfe+efcd OUT - ta = ARIA_P2( ta ); // 0123+7654+ab89+dcfe - *d ^= ARIA_P1( ta ) ^ tc; // 1032+2301+6745+7654+98ba+ba98+cdef OUT - tc = ARIA_P2( tc ); // 0123+5476 - *c ^= ARIA_P1( tc ) ^ ta; // 0123+1032+4567+7654+ab89+dcfe+fedc OUT + tb = ARIA_P2(tb) ^ ta; // 2301+5476+89ab+98ba+cdef+fedc + *a ^= ARIA_P1(tb); // 3210+4567+6745+89ab+98ba+dcfe+efcd OUT + ta = ARIA_P2(ta); // 0123+7654+ab89+dcfe + *d ^= ARIA_P1(ta) ^ tc; // 1032+2301+6745+7654+98ba+ba98+cdef OUT + tc = ARIA_P2(tc); // 0123+5476 + *c ^= ARIA_P1(tc) ^ ta; // 0123+1032+4567+7654+ab89+dcfe+fedc OUT } /* @@ -195,27 +195,27 @@ static inline void aria_a( uint32_t *a, uint32_t *b, * By passing sb1, sb2, is1, is2 as S-Boxes you get SL1 * By passing is1, is2, sb1, sb2 as S-Boxes you get SL2 */ -static inline void aria_sl( uint32_t *a, uint32_t *b, - uint32_t *c, uint32_t *d, - const uint8_t sa[256], const uint8_t sb[256], - const uint8_t sc[256], const uint8_t sd[256] ) +static inline void aria_sl(uint32_t *a, uint32_t *b, + uint32_t *c, uint32_t *d, + const uint8_t sa[256], const uint8_t sb[256], + const uint8_t sc[256], const uint8_t sd[256]) { - *a = ( (uint32_t) sa[ MBEDTLS_BYTE_0( *a ) ] ) ^ - (((uint32_t) sb[ MBEDTLS_BYTE_1( *a ) ]) << 8) ^ - (((uint32_t) sc[ MBEDTLS_BYTE_2( *a ) ]) << 16) ^ - (((uint32_t) sd[ MBEDTLS_BYTE_3( *a ) ]) << 24); - *b = ( (uint32_t) sa[ MBEDTLS_BYTE_0( *b ) ] ) ^ - (((uint32_t) sb[ MBEDTLS_BYTE_1( *b ) ]) << 8) ^ - (((uint32_t) sc[ MBEDTLS_BYTE_2( *b ) ]) << 16) ^ - (((uint32_t) sd[ MBEDTLS_BYTE_3( *b ) ]) << 24); - *c = ( (uint32_t) sa[ MBEDTLS_BYTE_0( *c ) ] ) ^ - (((uint32_t) sb[ MBEDTLS_BYTE_1( *c ) ]) << 8) ^ - (((uint32_t) sc[ MBEDTLS_BYTE_2( *c ) ]) << 16) ^ - (((uint32_t) sd[ MBEDTLS_BYTE_3( *c ) ]) << 24); - *d = ( (uint32_t) sa[ MBEDTLS_BYTE_0( *d ) ] ) ^ - (((uint32_t) sb[ MBEDTLS_BYTE_1( *d ) ]) << 8) ^ - (((uint32_t) sc[ MBEDTLS_BYTE_2( *d ) ]) << 16) ^ - (((uint32_t) sd[ MBEDTLS_BYTE_3( *d ) ]) << 24); + *a = ((uint32_t) sa[MBEDTLS_BYTE_0(*a)]) ^ + (((uint32_t) sb[MBEDTLS_BYTE_1(*a)]) << 8) ^ + (((uint32_t) sc[MBEDTLS_BYTE_2(*a)]) << 16) ^ + (((uint32_t) sd[MBEDTLS_BYTE_3(*a)]) << 24); + *b = ((uint32_t) sa[MBEDTLS_BYTE_0(*b)]) ^ + (((uint32_t) sb[MBEDTLS_BYTE_1(*b)]) << 8) ^ + (((uint32_t) sc[MBEDTLS_BYTE_2(*b)]) << 16) ^ + (((uint32_t) sd[MBEDTLS_BYTE_3(*b)]) << 24); + *c = ((uint32_t) sa[MBEDTLS_BYTE_0(*c)]) ^ + (((uint32_t) sb[MBEDTLS_BYTE_1(*c)]) << 8) ^ + (((uint32_t) sc[MBEDTLS_BYTE_2(*c)]) << 16) ^ + (((uint32_t) sd[MBEDTLS_BYTE_3(*c)]) << 24); + *d = ((uint32_t) sa[MBEDTLS_BYTE_0(*d)]) ^ + (((uint32_t) sb[MBEDTLS_BYTE_1(*d)]) << 8) ^ + (((uint32_t) sc[MBEDTLS_BYTE_2(*d)]) << 16) ^ + (((uint32_t) sd[MBEDTLS_BYTE_3(*d)]) << 24); } /* @@ -328,8 +328,8 @@ static const uint8_t aria_is2[256] = /* * Helper for key schedule: r = FO( p, k ) ^ x */ -static void aria_fo_xor( uint32_t r[4], const uint32_t p[4], - const uint32_t k[4], const uint32_t x[4] ) +static void aria_fo_xor(uint32_t r[4], const uint32_t p[4], + const uint32_t k[4], const uint32_t x[4]) { uint32_t a, b, c, d; @@ -338,8 +338,8 @@ static void aria_fo_xor( uint32_t r[4], const uint32_t p[4], c = p[2] ^ k[2]; d = p[3] ^ k[3]; - aria_sl( &a, &b, &c, &d, aria_sb1, aria_sb2, aria_is1, aria_is2 ); - aria_a( &a, &b, &c, &d ); + aria_sl(&a, &b, &c, &d, aria_sb1, aria_sb2, aria_is1, aria_is2); + aria_a(&a, &b, &c, &d); r[0] = a ^ x[0]; r[1] = b ^ x[1]; @@ -350,8 +350,8 @@ static void aria_fo_xor( uint32_t r[4], const uint32_t p[4], /* * Helper for key schedule: r = FE( p, k ) ^ x */ -static void aria_fe_xor( uint32_t r[4], const uint32_t p[4], - const uint32_t k[4], const uint32_t x[4] ) +static void aria_fe_xor(uint32_t r[4], const uint32_t p[4], + const uint32_t k[4], const uint32_t x[4]) { uint32_t a, b, c, d; @@ -360,8 +360,8 @@ static void aria_fe_xor( uint32_t r[4], const uint32_t p[4], c = p[2] ^ k[2]; d = p[3] ^ k[3]; - aria_sl( &a, &b, &c, &d, aria_is1, aria_is2, aria_sb1, aria_sb2 ); - aria_a( &a, &b, &c, &d ); + aria_sl(&a, &b, &c, &d, aria_is1, aria_is2, aria_sb1, aria_sb2); + aria_a(&a, &b, &c, &d); r[0] = a ^ x[0]; r[1] = b ^ x[1]; @@ -376,8 +376,8 @@ static void aria_fe_xor( uint32_t r[4], const uint32_t p[4], * MBEDTLS_GET_UINT32_LE / MBEDTLS_PUT_UINT32_LE ) so we need to reverse * bytes here. */ -static void aria_rot128( uint32_t r[4], const uint32_t a[4], - const uint32_t b[4], uint8_t n ) +static void aria_rot128(uint32_t r[4], const uint32_t a[4], + const uint32_t b[4], uint8_t n) { uint8_t i, j; uint32_t t, u; @@ -385,15 +385,14 @@ static void aria_rot128( uint32_t r[4], const uint32_t a[4], const uint8_t n1 = n % 32; // bit offset const uint8_t n2 = n1 ? 32 - n1 : 0; // reverse bit offset - j = ( n / 32 ) % 4; // initial word offset - t = ARIA_P3( b[j] ); // big endian - for( i = 0; i < 4; i++ ) - { - j = ( j + 1 ) % 4; // get next word, big endian - u = ARIA_P3( b[j] ); + j = (n / 32) % 4; // initial word offset + t = ARIA_P3(b[j]); // big endian + for (i = 0; i < 4; i++) { + j = (j + 1) % 4; // get next word, big endian + u = ARIA_P3(b[j]); t <<= n1; // rotate t |= u >> n2; - t = ARIA_P3( t ); // back to little endian + t = ARIA_P3(t); // back to little endian r[i] = a[i] ^ t; // store t = u; // move to next word } @@ -402,8 +401,8 @@ static void aria_rot128( uint32_t r[4], const uint32_t a[4], /* * Set encryption key */ -int mbedtls_aria_setkey_enc( mbedtls_aria_context *ctx, - const unsigned char *key, unsigned int keybits ) +int mbedtls_aria_setkey_enc(mbedtls_aria_context *ctx, + const unsigned char *key, unsigned int keybits) { /* round constant masks */ const uint32_t rc[3][4] = @@ -415,74 +414,71 @@ int mbedtls_aria_setkey_enc( mbedtls_aria_context *ctx, int i; uint32_t w[4][4], *w2; - ARIA_VALIDATE_RET( ctx != NULL ); - ARIA_VALIDATE_RET( key != NULL ); + ARIA_VALIDATE_RET(ctx != NULL); + ARIA_VALIDATE_RET(key != NULL); - if( keybits != 128 && keybits != 192 && keybits != 256 ) - return( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA ); + if (keybits != 128 && keybits != 192 && keybits != 256) { + return MBEDTLS_ERR_ARIA_BAD_INPUT_DATA; + } /* Copy key to W0 (and potential remainder to W1) */ - w[0][0] = MBEDTLS_GET_UINT32_LE( key, 0 ); - w[0][1] = MBEDTLS_GET_UINT32_LE( key, 4 ); - w[0][2] = MBEDTLS_GET_UINT32_LE( key, 8 ); - w[0][3] = MBEDTLS_GET_UINT32_LE( key, 12 ); - - memset( w[1], 0, 16 ); - if( keybits >= 192 ) - { - w[1][0] = MBEDTLS_GET_UINT32_LE( key, 16 ); // 192 bit key - w[1][1] = MBEDTLS_GET_UINT32_LE( key, 20 ); + w[0][0] = MBEDTLS_GET_UINT32_LE(key, 0); + w[0][1] = MBEDTLS_GET_UINT32_LE(key, 4); + w[0][2] = MBEDTLS_GET_UINT32_LE(key, 8); + w[0][3] = MBEDTLS_GET_UINT32_LE(key, 12); + + memset(w[1], 0, 16); + if (keybits >= 192) { + w[1][0] = MBEDTLS_GET_UINT32_LE(key, 16); // 192 bit key + w[1][1] = MBEDTLS_GET_UINT32_LE(key, 20); } - if( keybits == 256 ) - { - w[1][2] = MBEDTLS_GET_UINT32_LE( key, 24 ); // 256 bit key - w[1][3] = MBEDTLS_GET_UINT32_LE( key, 28 ); + if (keybits == 256) { + w[1][2] = MBEDTLS_GET_UINT32_LE(key, 24); // 256 bit key + w[1][3] = MBEDTLS_GET_UINT32_LE(key, 28); } - i = ( keybits - 128 ) >> 6; // index: 0, 1, 2 + i = (keybits - 128) >> 6; // index: 0, 1, 2 ctx->nr = 12 + 2 * i; // no. rounds: 12, 14, 16 - aria_fo_xor( w[1], w[0], rc[i], w[1] ); // W1 = FO(W0, CK1) ^ KR + aria_fo_xor(w[1], w[0], rc[i], w[1]); // W1 = FO(W0, CK1) ^ KR i = i < 2 ? i + 1 : 0; - aria_fe_xor( w[2], w[1], rc[i], w[0] ); // W2 = FE(W1, CK2) ^ W0 + aria_fe_xor(w[2], w[1], rc[i], w[0]); // W2 = FE(W1, CK2) ^ W0 i = i < 2 ? i + 1 : 0; - aria_fo_xor( w[3], w[2], rc[i], w[1] ); // W3 = FO(W2, CK3) ^ W1 + aria_fo_xor(w[3], w[2], rc[i], w[1]); // W3 = FO(W2, CK3) ^ W1 - for( i = 0; i < 4; i++ ) // create round keys - { + for (i = 0; i < 4; i++) { // create round keys w2 = w[(i + 1) & 3]; - aria_rot128( ctx->rk[i ], w[i], w2, 128 - 19 ); - aria_rot128( ctx->rk[i + 4], w[i], w2, 128 - 31 ); - aria_rot128( ctx->rk[i + 8], w[i], w2, 61 ); - aria_rot128( ctx->rk[i + 12], w[i], w2, 31 ); + aria_rot128(ctx->rk[i], w[i], w2, 128 - 19); + aria_rot128(ctx->rk[i + 4], w[i], w2, 128 - 31); + aria_rot128(ctx->rk[i + 8], w[i], w2, 61); + aria_rot128(ctx->rk[i + 12], w[i], w2, 31); } - aria_rot128( ctx->rk[16], w[0], w[1], 19 ); + aria_rot128(ctx->rk[16], w[0], w[1], 19); /* w holds enough info to reconstruct the round keys */ - mbedtls_platform_zeroize( w, sizeof( w ) ); + mbedtls_platform_zeroize(w, sizeof(w)); - return( 0 ); + return 0; } /* * Set decryption key */ -int mbedtls_aria_setkey_dec( mbedtls_aria_context *ctx, - const unsigned char *key, unsigned int keybits ) +int mbedtls_aria_setkey_dec(mbedtls_aria_context *ctx, + const unsigned char *key, unsigned int keybits) { int i, j, k, ret; - ARIA_VALIDATE_RET( ctx != NULL ); - ARIA_VALIDATE_RET( key != NULL ); + ARIA_VALIDATE_RET(ctx != NULL); + ARIA_VALIDATE_RET(key != NULL); - ret = mbedtls_aria_setkey_enc( ctx, key, keybits ); - if( ret != 0 ) - return( ret ); + ret = mbedtls_aria_setkey_enc(ctx, key, keybits); + if (ret != 0) { + return ret; + } /* flip the order of round keys */ - for( i = 0, j = ctx->nr; i < j; i++, j-- ) - { - for( k = 0; k < 4; k++ ) - { + for (i = 0, j = ctx->nr; i < j; i++, j--) { + for (k = 0; k < 4; k++) { uint32_t t = ctx->rk[i][k]; ctx->rk[i][k] = ctx->rk[j][k]; ctx->rk[j][k] = t; @@ -490,45 +486,43 @@ int mbedtls_aria_setkey_dec( mbedtls_aria_context *ctx, } /* apply affine transform to middle keys */ - for( i = 1; i < ctx->nr; i++ ) - { - aria_a( &ctx->rk[i][0], &ctx->rk[i][1], - &ctx->rk[i][2], &ctx->rk[i][3] ); + for (i = 1; i < ctx->nr; i++) { + aria_a(&ctx->rk[i][0], &ctx->rk[i][1], + &ctx->rk[i][2], &ctx->rk[i][3]); } - return( 0 ); + return 0; } /* * Encrypt a block */ -int mbedtls_aria_crypt_ecb( mbedtls_aria_context *ctx, - const unsigned char input[MBEDTLS_ARIA_BLOCKSIZE], - unsigned char output[MBEDTLS_ARIA_BLOCKSIZE] ) +int mbedtls_aria_crypt_ecb(mbedtls_aria_context *ctx, + const unsigned char input[MBEDTLS_ARIA_BLOCKSIZE], + unsigned char output[MBEDTLS_ARIA_BLOCKSIZE]) { int i; uint32_t a, b, c, d; - ARIA_VALIDATE_RET( ctx != NULL ); - ARIA_VALIDATE_RET( input != NULL ); - ARIA_VALIDATE_RET( output != NULL ); + ARIA_VALIDATE_RET(ctx != NULL); + ARIA_VALIDATE_RET(input != NULL); + ARIA_VALIDATE_RET(output != NULL); - a = MBEDTLS_GET_UINT32_LE( input, 0 ); - b = MBEDTLS_GET_UINT32_LE( input, 4 ); - c = MBEDTLS_GET_UINT32_LE( input, 8 ); - d = MBEDTLS_GET_UINT32_LE( input, 12 ); + a = MBEDTLS_GET_UINT32_LE(input, 0); + b = MBEDTLS_GET_UINT32_LE(input, 4); + c = MBEDTLS_GET_UINT32_LE(input, 8); + d = MBEDTLS_GET_UINT32_LE(input, 12); i = 0; - while( 1 ) - { + while (1) { a ^= ctx->rk[i][0]; b ^= ctx->rk[i][1]; c ^= ctx->rk[i][2]; d ^= ctx->rk[i][3]; i++; - aria_sl( &a, &b, &c, &d, aria_sb1, aria_sb2, aria_is1, aria_is2 ); - aria_a( &a, &b, &c, &d ); + aria_sl(&a, &b, &c, &d, aria_sb1, aria_sb2, aria_is1, aria_is2); + aria_a(&a, &b, &c, &d); a ^= ctx->rk[i][0]; b ^= ctx->rk[i][1]; @@ -536,10 +530,11 @@ int mbedtls_aria_crypt_ecb( mbedtls_aria_context *ctx, d ^= ctx->rk[i][3]; i++; - aria_sl( &a, &b, &c, &d, aria_is1, aria_is2, aria_sb1, aria_sb2 ); - if( i >= ctx->nr ) + aria_sl(&a, &b, &c, &d, aria_is1, aria_is2, aria_sb1, aria_sb2); + if (i >= ctx->nr) { break; - aria_a( &a, &b, &c, &d ); + } + aria_a(&a, &b, &c, &d); } /* final key mixing */ @@ -548,80 +543,79 @@ int mbedtls_aria_crypt_ecb( mbedtls_aria_context *ctx, c ^= ctx->rk[i][2]; d ^= ctx->rk[i][3]; - MBEDTLS_PUT_UINT32_LE( a, output, 0 ); - MBEDTLS_PUT_UINT32_LE( b, output, 4 ); - MBEDTLS_PUT_UINT32_LE( c, output, 8 ); - MBEDTLS_PUT_UINT32_LE( d, output, 12 ); + MBEDTLS_PUT_UINT32_LE(a, output, 0); + MBEDTLS_PUT_UINT32_LE(b, output, 4); + MBEDTLS_PUT_UINT32_LE(c, output, 8); + MBEDTLS_PUT_UINT32_LE(d, output, 12); - return( 0 ); + return 0; } /* Initialize context */ -void mbedtls_aria_init( mbedtls_aria_context *ctx ) +void mbedtls_aria_init(mbedtls_aria_context *ctx) { - ARIA_VALIDATE( ctx != NULL ); - memset( ctx, 0, sizeof( mbedtls_aria_context ) ); + ARIA_VALIDATE(ctx != NULL); + memset(ctx, 0, sizeof(mbedtls_aria_context)); } /* Clear context */ -void mbedtls_aria_free( mbedtls_aria_context *ctx ) +void mbedtls_aria_free(mbedtls_aria_context *ctx) { - if( ctx == NULL ) + if (ctx == NULL) { return; + } - mbedtls_platform_zeroize( ctx, sizeof( mbedtls_aria_context ) ); + mbedtls_platform_zeroize(ctx, sizeof(mbedtls_aria_context)); } #if defined(MBEDTLS_CIPHER_MODE_CBC) /* * ARIA-CBC buffer encryption/decryption */ -int mbedtls_aria_crypt_cbc( mbedtls_aria_context *ctx, - int mode, - size_t length, - unsigned char iv[MBEDTLS_ARIA_BLOCKSIZE], - const unsigned char *input, - unsigned char *output ) +int mbedtls_aria_crypt_cbc(mbedtls_aria_context *ctx, + int mode, + size_t length, + unsigned char iv[MBEDTLS_ARIA_BLOCKSIZE], + const unsigned char *input, + unsigned char *output) { int i; unsigned char temp[MBEDTLS_ARIA_BLOCKSIZE]; - ARIA_VALIDATE_RET( ctx != NULL ); - ARIA_VALIDATE_RET( mode == MBEDTLS_ARIA_ENCRYPT || - mode == MBEDTLS_ARIA_DECRYPT ); - ARIA_VALIDATE_RET( length == 0 || input != NULL ); - ARIA_VALIDATE_RET( length == 0 || output != NULL ); - ARIA_VALIDATE_RET( iv != NULL ); + ARIA_VALIDATE_RET(ctx != NULL); + ARIA_VALIDATE_RET(mode == MBEDTLS_ARIA_ENCRYPT || + mode == MBEDTLS_ARIA_DECRYPT); + ARIA_VALIDATE_RET(length == 0 || input != NULL); + ARIA_VALIDATE_RET(length == 0 || output != NULL); + ARIA_VALIDATE_RET(iv != NULL); - if( length % MBEDTLS_ARIA_BLOCKSIZE ) - return( MBEDTLS_ERR_ARIA_INVALID_INPUT_LENGTH ); + if (length % MBEDTLS_ARIA_BLOCKSIZE) { + return MBEDTLS_ERR_ARIA_INVALID_INPUT_LENGTH; + } - if( mode == MBEDTLS_ARIA_DECRYPT ) - { - while( length > 0 ) - { - memcpy( temp, input, MBEDTLS_ARIA_BLOCKSIZE ); - mbedtls_aria_crypt_ecb( ctx, input, output ); + if (mode == MBEDTLS_ARIA_DECRYPT) { + while (length > 0) { + memcpy(temp, input, MBEDTLS_ARIA_BLOCKSIZE); + mbedtls_aria_crypt_ecb(ctx, input, output); - for( i = 0; i < MBEDTLS_ARIA_BLOCKSIZE; i++ ) - output[i] = (unsigned char)( output[i] ^ iv[i] ); + for (i = 0; i < MBEDTLS_ARIA_BLOCKSIZE; i++) { + output[i] = (unsigned char) (output[i] ^ iv[i]); + } - memcpy( iv, temp, MBEDTLS_ARIA_BLOCKSIZE ); + memcpy(iv, temp, MBEDTLS_ARIA_BLOCKSIZE); input += MBEDTLS_ARIA_BLOCKSIZE; output += MBEDTLS_ARIA_BLOCKSIZE; length -= MBEDTLS_ARIA_BLOCKSIZE; } - } - else - { - while( length > 0 ) - { - for( i = 0; i < MBEDTLS_ARIA_BLOCKSIZE; i++ ) - output[i] = (unsigned char)( input[i] ^ iv[i] ); + } else { + while (length > 0) { + for (i = 0; i < MBEDTLS_ARIA_BLOCKSIZE; i++) { + output[i] = (unsigned char) (input[i] ^ iv[i]); + } - mbedtls_aria_crypt_ecb( ctx, output, output ); - memcpy( iv, output, MBEDTLS_ARIA_BLOCKSIZE ); + mbedtls_aria_crypt_ecb(ctx, output, output); + memcpy(iv, output, MBEDTLS_ARIA_BLOCKSIZE); input += MBEDTLS_ARIA_BLOCKSIZE; output += MBEDTLS_ARIA_BLOCKSIZE; @@ -629,7 +623,7 @@ int mbedtls_aria_crypt_cbc( mbedtls_aria_context *ctx, } } - return( 0 ); + return 0; } #endif /* MBEDTLS_CIPHER_MODE_CBC */ @@ -637,63 +631,61 @@ int mbedtls_aria_crypt_cbc( mbedtls_aria_context *ctx, /* * ARIA-CFB128 buffer encryption/decryption */ -int mbedtls_aria_crypt_cfb128( mbedtls_aria_context *ctx, - int mode, - size_t length, - size_t *iv_off, - unsigned char iv[MBEDTLS_ARIA_BLOCKSIZE], - const unsigned char *input, - unsigned char *output ) +int mbedtls_aria_crypt_cfb128(mbedtls_aria_context *ctx, + int mode, + size_t length, + size_t *iv_off, + unsigned char iv[MBEDTLS_ARIA_BLOCKSIZE], + const unsigned char *input, + unsigned char *output) { unsigned char c; size_t n; - ARIA_VALIDATE_RET( ctx != NULL ); - ARIA_VALIDATE_RET( mode == MBEDTLS_ARIA_ENCRYPT || - mode == MBEDTLS_ARIA_DECRYPT ); - ARIA_VALIDATE_RET( length == 0 || input != NULL ); - ARIA_VALIDATE_RET( length == 0 || output != NULL ); - ARIA_VALIDATE_RET( iv != NULL ); - ARIA_VALIDATE_RET( iv_off != NULL ); + ARIA_VALIDATE_RET(ctx != NULL); + ARIA_VALIDATE_RET(mode == MBEDTLS_ARIA_ENCRYPT || + mode == MBEDTLS_ARIA_DECRYPT); + ARIA_VALIDATE_RET(length == 0 || input != NULL); + ARIA_VALIDATE_RET(length == 0 || output != NULL); + ARIA_VALIDATE_RET(iv != NULL); + ARIA_VALIDATE_RET(iv_off != NULL); n = *iv_off; /* An overly large value of n can lead to an unlimited * buffer overflow. Therefore, guard against this * outside of parameter validation. */ - if( n >= MBEDTLS_ARIA_BLOCKSIZE ) - return( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA ); + if (n >= MBEDTLS_ARIA_BLOCKSIZE) { + return MBEDTLS_ERR_ARIA_BAD_INPUT_DATA; + } - if( mode == MBEDTLS_ARIA_DECRYPT ) - { - while( length-- ) - { - if( n == 0 ) - mbedtls_aria_crypt_ecb( ctx, iv, iv ); + if (mode == MBEDTLS_ARIA_DECRYPT) { + while (length--) { + if (n == 0) { + mbedtls_aria_crypt_ecb(ctx, iv, iv); + } c = *input++; *output++ = c ^ iv[n]; iv[n] = c; - n = ( n + 1 ) & 0x0F; + n = (n + 1) & 0x0F; } - } - else - { - while( length-- ) - { - if( n == 0 ) - mbedtls_aria_crypt_ecb( ctx, iv, iv ); + } else { + while (length--) { + if (n == 0) { + mbedtls_aria_crypt_ecb(ctx, iv, iv); + } - iv[n] = *output++ = (unsigned char)( iv[n] ^ *input++ ); + iv[n] = *output++ = (unsigned char) (iv[n] ^ *input++); - n = ( n + 1 ) & 0x0F; + n = (n + 1) & 0x0F; } } *iv_off = n; - return( 0 ); + return 0; } #endif /* MBEDTLS_CIPHER_MODE_CFB */ @@ -701,50 +693,52 @@ int mbedtls_aria_crypt_cfb128( mbedtls_aria_context *ctx, /* * ARIA-CTR buffer encryption/decryption */ -int mbedtls_aria_crypt_ctr( mbedtls_aria_context *ctx, - size_t length, - size_t *nc_off, - unsigned char nonce_counter[MBEDTLS_ARIA_BLOCKSIZE], - unsigned char stream_block[MBEDTLS_ARIA_BLOCKSIZE], - const unsigned char *input, - unsigned char *output ) +int mbedtls_aria_crypt_ctr(mbedtls_aria_context *ctx, + size_t length, + size_t *nc_off, + unsigned char nonce_counter[MBEDTLS_ARIA_BLOCKSIZE], + unsigned char stream_block[MBEDTLS_ARIA_BLOCKSIZE], + const unsigned char *input, + unsigned char *output) { int c, i; size_t n; - ARIA_VALIDATE_RET( ctx != NULL ); - ARIA_VALIDATE_RET( length == 0 || input != NULL ); - ARIA_VALIDATE_RET( length == 0 || output != NULL ); - ARIA_VALIDATE_RET( nonce_counter != NULL ); - ARIA_VALIDATE_RET( stream_block != NULL ); - ARIA_VALIDATE_RET( nc_off != NULL ); + ARIA_VALIDATE_RET(ctx != NULL); + ARIA_VALIDATE_RET(length == 0 || input != NULL); + ARIA_VALIDATE_RET(length == 0 || output != NULL); + ARIA_VALIDATE_RET(nonce_counter != NULL); + ARIA_VALIDATE_RET(stream_block != NULL); + ARIA_VALIDATE_RET(nc_off != NULL); n = *nc_off; /* An overly large value of n can lead to an unlimited * buffer overflow. Therefore, guard against this * outside of parameter validation. */ - if( n >= MBEDTLS_ARIA_BLOCKSIZE ) - return( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA ); + if (n >= MBEDTLS_ARIA_BLOCKSIZE) { + return MBEDTLS_ERR_ARIA_BAD_INPUT_DATA; + } - while( length-- ) - { - if( n == 0 ) { - mbedtls_aria_crypt_ecb( ctx, nonce_counter, - stream_block ); + while (length--) { + if (n == 0) { + mbedtls_aria_crypt_ecb(ctx, nonce_counter, + stream_block); - for( i = MBEDTLS_ARIA_BLOCKSIZE; i > 0; i-- ) - if( ++nonce_counter[i - 1] != 0 ) + for (i = MBEDTLS_ARIA_BLOCKSIZE; i > 0; i--) { + if (++nonce_counter[i - 1] != 0) { break; + } + } } c = *input++; - *output++ = (unsigned char)( c ^ stream_block[n] ); + *output++ = (unsigned char) (c ^ stream_block[n]); - n = ( n + 1 ) & 0x0F; + n = (n + 1) & 0x0F; } *nc_off = n; - return( 0 ); + return 0; } #endif /* MBEDTLS_CIPHER_MODE_CTR */ #endif /* !MBEDTLS_ARIA_ALT */ @@ -883,22 +877,22 @@ static const uint8_t aria_test2_ctr_ct[3][48] = // CTR ciphertext }; #endif /* MBEDTLS_CIPHER_MODE_CFB */ -#define ARIA_SELF_TEST_ASSERT( cond ) \ - do { \ - if( cond ) { \ - if( verbose ) \ - mbedtls_printf( "failed\n" ); \ - goto exit; \ - } else { \ - if( verbose ) \ - mbedtls_printf( "passed\n" ); \ - } \ - } while( 0 ) +#define ARIA_SELF_TEST_ASSERT(cond) \ + do { \ + if (cond) { \ + if (verbose) \ + mbedtls_printf("failed\n"); \ + goto exit; \ + } else { \ + if (verbose) \ + mbedtls_printf("passed\n"); \ + } \ + } while (0) /* * Checkup routine */ -int mbedtls_aria_self_test( int verbose ) +int mbedtls_aria_self_test(int verbose) { int i; uint8_t blk[MBEDTLS_ARIA_BLOCKSIZE]; @@ -910,134 +904,142 @@ int mbedtls_aria_self_test( int verbose ) #endif #if (defined(MBEDTLS_CIPHER_MODE_CBC) || \ - defined(MBEDTLS_CIPHER_MODE_CFB) || \ - defined(MBEDTLS_CIPHER_MODE_CTR)) + defined(MBEDTLS_CIPHER_MODE_CFB) || \ + defined(MBEDTLS_CIPHER_MODE_CTR)) uint8_t buf[48], iv[MBEDTLS_ARIA_BLOCKSIZE]; #endif - mbedtls_aria_init( &ctx ); + mbedtls_aria_init(&ctx); /* * Test set 1 */ - for( i = 0; i < 3; i++ ) - { + for (i = 0; i < 3; i++) { /* test ECB encryption */ - if( verbose ) - mbedtls_printf( " ARIA-ECB-%d (enc): ", 128 + 64 * i ); - mbedtls_aria_setkey_enc( &ctx, aria_test1_ecb_key, 128 + 64 * i ); - mbedtls_aria_crypt_ecb( &ctx, aria_test1_ecb_pt, blk ); + if (verbose) { + mbedtls_printf(" ARIA-ECB-%d (enc): ", 128 + 64 * i); + } + mbedtls_aria_setkey_enc(&ctx, aria_test1_ecb_key, 128 + 64 * i); + mbedtls_aria_crypt_ecb(&ctx, aria_test1_ecb_pt, blk); ARIA_SELF_TEST_ASSERT( - memcmp( blk, aria_test1_ecb_ct[i], MBEDTLS_ARIA_BLOCKSIZE ) - != 0 ); + memcmp(blk, aria_test1_ecb_ct[i], MBEDTLS_ARIA_BLOCKSIZE) + != 0); /* test ECB decryption */ - if( verbose ) - mbedtls_printf( " ARIA-ECB-%d (dec): ", 128 + 64 * i ); - mbedtls_aria_setkey_dec( &ctx, aria_test1_ecb_key, 128 + 64 * i ); - mbedtls_aria_crypt_ecb( &ctx, aria_test1_ecb_ct[i], blk ); + if (verbose) { + mbedtls_printf(" ARIA-ECB-%d (dec): ", 128 + 64 * i); + } + mbedtls_aria_setkey_dec(&ctx, aria_test1_ecb_key, 128 + 64 * i); + mbedtls_aria_crypt_ecb(&ctx, aria_test1_ecb_ct[i], blk); ARIA_SELF_TEST_ASSERT( - memcmp( blk, aria_test1_ecb_pt, MBEDTLS_ARIA_BLOCKSIZE ) - != 0 ); + memcmp(blk, aria_test1_ecb_pt, MBEDTLS_ARIA_BLOCKSIZE) + != 0); + } + if (verbose) { + mbedtls_printf("\n"); } - if( verbose ) - mbedtls_printf( "\n" ); /* * Test set 2 */ #if defined(MBEDTLS_CIPHER_MODE_CBC) - for( i = 0; i < 3; i++ ) - { + for (i = 0; i < 3; i++) { /* Test CBC encryption */ - if( verbose ) - mbedtls_printf( " ARIA-CBC-%d (enc): ", 128 + 64 * i ); - mbedtls_aria_setkey_enc( &ctx, aria_test2_key, 128 + 64 * i ); - memcpy( iv, aria_test2_iv, MBEDTLS_ARIA_BLOCKSIZE ); - memset( buf, 0x55, sizeof( buf ) ); - mbedtls_aria_crypt_cbc( &ctx, MBEDTLS_ARIA_ENCRYPT, 48, iv, - aria_test2_pt, buf ); - ARIA_SELF_TEST_ASSERT( memcmp( buf, aria_test2_cbc_ct[i], 48 ) - != 0 ); + if (verbose) { + mbedtls_printf(" ARIA-CBC-%d (enc): ", 128 + 64 * i); + } + mbedtls_aria_setkey_enc(&ctx, aria_test2_key, 128 + 64 * i); + memcpy(iv, aria_test2_iv, MBEDTLS_ARIA_BLOCKSIZE); + memset(buf, 0x55, sizeof(buf)); + mbedtls_aria_crypt_cbc(&ctx, MBEDTLS_ARIA_ENCRYPT, 48, iv, + aria_test2_pt, buf); + ARIA_SELF_TEST_ASSERT(memcmp(buf, aria_test2_cbc_ct[i], 48) + != 0); /* Test CBC decryption */ - if( verbose ) - mbedtls_printf( " ARIA-CBC-%d (dec): ", 128 + 64 * i ); - mbedtls_aria_setkey_dec( &ctx, aria_test2_key, 128 + 64 * i ); - memcpy( iv, aria_test2_iv, MBEDTLS_ARIA_BLOCKSIZE ); - memset( buf, 0xAA, sizeof( buf ) ); - mbedtls_aria_crypt_cbc( &ctx, MBEDTLS_ARIA_DECRYPT, 48, iv, - aria_test2_cbc_ct[i], buf ); - ARIA_SELF_TEST_ASSERT( memcmp( buf, aria_test2_pt, 48 ) != 0 ); + if (verbose) { + mbedtls_printf(" ARIA-CBC-%d (dec): ", 128 + 64 * i); + } + mbedtls_aria_setkey_dec(&ctx, aria_test2_key, 128 + 64 * i); + memcpy(iv, aria_test2_iv, MBEDTLS_ARIA_BLOCKSIZE); + memset(buf, 0xAA, sizeof(buf)); + mbedtls_aria_crypt_cbc(&ctx, MBEDTLS_ARIA_DECRYPT, 48, iv, + aria_test2_cbc_ct[i], buf); + ARIA_SELF_TEST_ASSERT(memcmp(buf, aria_test2_pt, 48) != 0); + } + if (verbose) { + mbedtls_printf("\n"); } - if( verbose ) - mbedtls_printf( "\n" ); #endif /* MBEDTLS_CIPHER_MODE_CBC */ #if defined(MBEDTLS_CIPHER_MODE_CFB) - for( i = 0; i < 3; i++ ) - { + for (i = 0; i < 3; i++) { /* Test CFB encryption */ - if( verbose ) - mbedtls_printf( " ARIA-CFB-%d (enc): ", 128 + 64 * i ); - mbedtls_aria_setkey_enc( &ctx, aria_test2_key, 128 + 64 * i ); - memcpy( iv, aria_test2_iv, MBEDTLS_ARIA_BLOCKSIZE ); - memset( buf, 0x55, sizeof( buf ) ); + if (verbose) { + mbedtls_printf(" ARIA-CFB-%d (enc): ", 128 + 64 * i); + } + mbedtls_aria_setkey_enc(&ctx, aria_test2_key, 128 + 64 * i); + memcpy(iv, aria_test2_iv, MBEDTLS_ARIA_BLOCKSIZE); + memset(buf, 0x55, sizeof(buf)); j = 0; - mbedtls_aria_crypt_cfb128( &ctx, MBEDTLS_ARIA_ENCRYPT, 48, &j, iv, - aria_test2_pt, buf ); - ARIA_SELF_TEST_ASSERT( memcmp( buf, aria_test2_cfb_ct[i], 48 ) != 0 ); + mbedtls_aria_crypt_cfb128(&ctx, MBEDTLS_ARIA_ENCRYPT, 48, &j, iv, + aria_test2_pt, buf); + ARIA_SELF_TEST_ASSERT(memcmp(buf, aria_test2_cfb_ct[i], 48) != 0); /* Test CFB decryption */ - if( verbose ) - mbedtls_printf( " ARIA-CFB-%d (dec): ", 128 + 64 * i ); - mbedtls_aria_setkey_enc( &ctx, aria_test2_key, 128 + 64 * i ); - memcpy( iv, aria_test2_iv, MBEDTLS_ARIA_BLOCKSIZE ); - memset( buf, 0xAA, sizeof( buf ) ); + if (verbose) { + mbedtls_printf(" ARIA-CFB-%d (dec): ", 128 + 64 * i); + } + mbedtls_aria_setkey_enc(&ctx, aria_test2_key, 128 + 64 * i); + memcpy(iv, aria_test2_iv, MBEDTLS_ARIA_BLOCKSIZE); + memset(buf, 0xAA, sizeof(buf)); j = 0; - mbedtls_aria_crypt_cfb128( &ctx, MBEDTLS_ARIA_DECRYPT, 48, &j, - iv, aria_test2_cfb_ct[i], buf ); - ARIA_SELF_TEST_ASSERT( memcmp( buf, aria_test2_pt, 48 ) != 0 ); + mbedtls_aria_crypt_cfb128(&ctx, MBEDTLS_ARIA_DECRYPT, 48, &j, + iv, aria_test2_cfb_ct[i], buf); + ARIA_SELF_TEST_ASSERT(memcmp(buf, aria_test2_pt, 48) != 0); + } + if (verbose) { + mbedtls_printf("\n"); } - if( verbose ) - mbedtls_printf( "\n" ); #endif /* MBEDTLS_CIPHER_MODE_CFB */ #if defined(MBEDTLS_CIPHER_MODE_CTR) - for( i = 0; i < 3; i++ ) - { + for (i = 0; i < 3; i++) { /* Test CTR encryption */ - if( verbose ) - mbedtls_printf( " ARIA-CTR-%d (enc): ", 128 + 64 * i ); - mbedtls_aria_setkey_enc( &ctx, aria_test2_key, 128 + 64 * i ); - memset( iv, 0, MBEDTLS_ARIA_BLOCKSIZE ); // IV = 0 - memset( buf, 0x55, sizeof( buf ) ); + if (verbose) { + mbedtls_printf(" ARIA-CTR-%d (enc): ", 128 + 64 * i); + } + mbedtls_aria_setkey_enc(&ctx, aria_test2_key, 128 + 64 * i); + memset(iv, 0, MBEDTLS_ARIA_BLOCKSIZE); // IV = 0 + memset(buf, 0x55, sizeof(buf)); j = 0; - mbedtls_aria_crypt_ctr( &ctx, 48, &j, iv, blk, - aria_test2_pt, buf ); - ARIA_SELF_TEST_ASSERT( memcmp( buf, aria_test2_ctr_ct[i], 48 ) != 0 ); + mbedtls_aria_crypt_ctr(&ctx, 48, &j, iv, blk, + aria_test2_pt, buf); + ARIA_SELF_TEST_ASSERT(memcmp(buf, aria_test2_ctr_ct[i], 48) != 0); /* Test CTR decryption */ - if( verbose ) - mbedtls_printf( " ARIA-CTR-%d (dec): ", 128 + 64 * i ); - mbedtls_aria_setkey_enc( &ctx, aria_test2_key, 128 + 64 * i ); - memset( iv, 0, MBEDTLS_ARIA_BLOCKSIZE ); // IV = 0 - memset( buf, 0xAA, sizeof( buf ) ); + if (verbose) { + mbedtls_printf(" ARIA-CTR-%d (dec): ", 128 + 64 * i); + } + mbedtls_aria_setkey_enc(&ctx, aria_test2_key, 128 + 64 * i); + memset(iv, 0, MBEDTLS_ARIA_BLOCKSIZE); // IV = 0 + memset(buf, 0xAA, sizeof(buf)); j = 0; - mbedtls_aria_crypt_ctr( &ctx, 48, &j, iv, blk, - aria_test2_ctr_ct[i], buf ); - ARIA_SELF_TEST_ASSERT( memcmp( buf, aria_test2_pt, 48 ) != 0 ); + mbedtls_aria_crypt_ctr(&ctx, 48, &j, iv, blk, + aria_test2_ctr_ct[i], buf); + ARIA_SELF_TEST_ASSERT(memcmp(buf, aria_test2_pt, 48) != 0); + } + if (verbose) { + mbedtls_printf("\n"); } - if( verbose ) - mbedtls_printf( "\n" ); #endif /* MBEDTLS_CIPHER_MODE_CTR */ ret = 0; exit: - mbedtls_aria_free( &ctx ); - return( ret ); + mbedtls_aria_free(&ctx); + return ret; } #endif /* MBEDTLS_SELF_TEST */ diff --git a/thirdparty/mbedtls/library/asn1parse.c b/thirdparty/mbedtls/library/asn1parse.c index bf97585289..6a8cd6c545 100644 --- a/thirdparty/mbedtls/library/asn1parse.c +++ b/thirdparty/mbedtls/library/asn1parse.c @@ -36,203 +36,219 @@ /* * ASN.1 DER decoding routines */ -int mbedtls_asn1_get_len( unsigned char **p, - const unsigned char *end, - size_t *len ) +int mbedtls_asn1_get_len(unsigned char **p, + const unsigned char *end, + size_t *len) { - if( ( end - *p ) < 1 ) - return( MBEDTLS_ERR_ASN1_OUT_OF_DATA ); + if ((end - *p) < 1) { + return MBEDTLS_ERR_ASN1_OUT_OF_DATA; + } - if( ( **p & 0x80 ) == 0 ) + if ((**p & 0x80) == 0) { *len = *(*p)++; - else - { - switch( **p & 0x7F ) - { - case 1: - if( ( end - *p ) < 2 ) - return( MBEDTLS_ERR_ASN1_OUT_OF_DATA ); - - *len = (*p)[1]; - (*p) += 2; - break; - - case 2: - if( ( end - *p ) < 3 ) - return( MBEDTLS_ERR_ASN1_OUT_OF_DATA ); - - *len = ( (size_t)(*p)[1] << 8 ) | (*p)[2]; - (*p) += 3; - break; - - case 3: - if( ( end - *p ) < 4 ) - return( MBEDTLS_ERR_ASN1_OUT_OF_DATA ); - - *len = ( (size_t)(*p)[1] << 16 ) | - ( (size_t)(*p)[2] << 8 ) | (*p)[3]; - (*p) += 4; - break; - - case 4: - if( ( end - *p ) < 5 ) - return( MBEDTLS_ERR_ASN1_OUT_OF_DATA ); - - *len = ( (size_t)(*p)[1] << 24 ) | ( (size_t)(*p)[2] << 16 ) | - ( (size_t)(*p)[3] << 8 ) | (*p)[4]; - (*p) += 5; - break; - - default: - return( MBEDTLS_ERR_ASN1_INVALID_LENGTH ); + } else { + switch (**p & 0x7F) { + case 1: + if ((end - *p) < 2) { + return MBEDTLS_ERR_ASN1_OUT_OF_DATA; + } + + *len = (*p)[1]; + (*p) += 2; + break; + + case 2: + if ((end - *p) < 3) { + return MBEDTLS_ERR_ASN1_OUT_OF_DATA; + } + + *len = ((size_t) (*p)[1] << 8) | (*p)[2]; + (*p) += 3; + break; + + case 3: + if ((end - *p) < 4) { + return MBEDTLS_ERR_ASN1_OUT_OF_DATA; + } + + *len = ((size_t) (*p)[1] << 16) | + ((size_t) (*p)[2] << 8) | (*p)[3]; + (*p) += 4; + break; + + case 4: + if ((end - *p) < 5) { + return MBEDTLS_ERR_ASN1_OUT_OF_DATA; + } + + *len = ((size_t) (*p)[1] << 24) | ((size_t) (*p)[2] << 16) | + ((size_t) (*p)[3] << 8) | (*p)[4]; + (*p) += 5; + break; + + default: + return MBEDTLS_ERR_ASN1_INVALID_LENGTH; } } - if( *len > (size_t) ( end - *p ) ) - return( MBEDTLS_ERR_ASN1_OUT_OF_DATA ); + if (*len > (size_t) (end - *p)) { + return MBEDTLS_ERR_ASN1_OUT_OF_DATA; + } - return( 0 ); + return 0; } -int mbedtls_asn1_get_tag( unsigned char **p, - const unsigned char *end, - size_t *len, int tag ) +int mbedtls_asn1_get_tag(unsigned char **p, + const unsigned char *end, + size_t *len, int tag) { - if( ( end - *p ) < 1 ) - return( MBEDTLS_ERR_ASN1_OUT_OF_DATA ); + if ((end - *p) < 1) { + return MBEDTLS_ERR_ASN1_OUT_OF_DATA; + } - if( **p != tag ) - return( MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ); + if (**p != tag) { + return MBEDTLS_ERR_ASN1_UNEXPECTED_TAG; + } (*p)++; - return( mbedtls_asn1_get_len( p, end, len ) ); + return mbedtls_asn1_get_len(p, end, len); } -int mbedtls_asn1_get_bool( unsigned char **p, - const unsigned char *end, - int *val ) +int mbedtls_asn1_get_bool(unsigned char **p, + const unsigned char *end, + int *val) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len; - if( ( ret = mbedtls_asn1_get_tag( p, end, &len, MBEDTLS_ASN1_BOOLEAN ) ) != 0 ) - return( ret ); + if ((ret = mbedtls_asn1_get_tag(p, end, &len, MBEDTLS_ASN1_BOOLEAN)) != 0) { + return ret; + } - if( len != 1 ) - return( MBEDTLS_ERR_ASN1_INVALID_LENGTH ); + if (len != 1) { + return MBEDTLS_ERR_ASN1_INVALID_LENGTH; + } - *val = ( **p != 0 ) ? 1 : 0; + *val = (**p != 0) ? 1 : 0; (*p)++; - return( 0 ); + return 0; } -static int asn1_get_tagged_int( unsigned char **p, - const unsigned char *end, - int tag, int *val ) +static int asn1_get_tagged_int(unsigned char **p, + const unsigned char *end, + int tag, int *val) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len; - if( ( ret = mbedtls_asn1_get_tag( p, end, &len, tag ) ) != 0 ) - return( ret ); + if ((ret = mbedtls_asn1_get_tag(p, end, &len, tag)) != 0) { + return ret; + } /* * len==0 is malformed (0 must be represented as 020100 for INTEGER, * or 0A0100 for ENUMERATED tags */ - if( len == 0 ) - return( MBEDTLS_ERR_ASN1_INVALID_LENGTH ); + if (len == 0) { + return MBEDTLS_ERR_ASN1_INVALID_LENGTH; + } /* This is a cryptography library. Reject negative integers. */ - if( ( **p & 0x80 ) != 0 ) - return( MBEDTLS_ERR_ASN1_INVALID_LENGTH ); + if ((**p & 0x80) != 0) { + return MBEDTLS_ERR_ASN1_INVALID_LENGTH; + } /* Skip leading zeros. */ - while( len > 0 && **p == 0 ) - { - ++( *p ); + while (len > 0 && **p == 0) { + ++(*p); --len; } /* Reject integers that don't fit in an int. This code assumes that * the int type has no padding bit. */ - if( len > sizeof( int ) ) - return( MBEDTLS_ERR_ASN1_INVALID_LENGTH ); - if( len == sizeof( int ) && ( **p & 0x80 ) != 0 ) - return( MBEDTLS_ERR_ASN1_INVALID_LENGTH ); + if (len > sizeof(int)) { + return MBEDTLS_ERR_ASN1_INVALID_LENGTH; + } + if (len == sizeof(int) && (**p & 0x80) != 0) { + return MBEDTLS_ERR_ASN1_INVALID_LENGTH; + } *val = 0; - while( len-- > 0 ) - { - *val = ( *val << 8 ) | **p; + while (len-- > 0) { + *val = (*val << 8) | **p; (*p)++; } - return( 0 ); + return 0; } -int mbedtls_asn1_get_int( unsigned char **p, - const unsigned char *end, - int *val ) +int mbedtls_asn1_get_int(unsigned char **p, + const unsigned char *end, + int *val) { - return( asn1_get_tagged_int( p, end, MBEDTLS_ASN1_INTEGER, val) ); + return asn1_get_tagged_int(p, end, MBEDTLS_ASN1_INTEGER, val); } -int mbedtls_asn1_get_enum( unsigned char **p, - const unsigned char *end, - int *val ) +int mbedtls_asn1_get_enum(unsigned char **p, + const unsigned char *end, + int *val) { - return( asn1_get_tagged_int( p, end, MBEDTLS_ASN1_ENUMERATED, val) ); + return asn1_get_tagged_int(p, end, MBEDTLS_ASN1_ENUMERATED, val); } #if defined(MBEDTLS_BIGNUM_C) -int mbedtls_asn1_get_mpi( unsigned char **p, - const unsigned char *end, - mbedtls_mpi *X ) +int mbedtls_asn1_get_mpi(unsigned char **p, + const unsigned char *end, + mbedtls_mpi *X) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len; - if( ( ret = mbedtls_asn1_get_tag( p, end, &len, MBEDTLS_ASN1_INTEGER ) ) != 0 ) - return( ret ); + if ((ret = mbedtls_asn1_get_tag(p, end, &len, MBEDTLS_ASN1_INTEGER)) != 0) { + return ret; + } - ret = mbedtls_mpi_read_binary( X, *p, len ); + ret = mbedtls_mpi_read_binary(X, *p, len); *p += len; - return( ret ); + return ret; } #endif /* MBEDTLS_BIGNUM_C */ -int mbedtls_asn1_get_bitstring( unsigned char **p, const unsigned char *end, - mbedtls_asn1_bitstring *bs) +int mbedtls_asn1_get_bitstring(unsigned char **p, const unsigned char *end, + mbedtls_asn1_bitstring *bs) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; /* Certificate type is a single byte bitstring */ - if( ( ret = mbedtls_asn1_get_tag( p, end, &bs->len, MBEDTLS_ASN1_BIT_STRING ) ) != 0 ) - return( ret ); + if ((ret = mbedtls_asn1_get_tag(p, end, &bs->len, MBEDTLS_ASN1_BIT_STRING)) != 0) { + return ret; + } /* Check length, subtract one for actual bit string length */ - if( bs->len < 1 ) - return( MBEDTLS_ERR_ASN1_OUT_OF_DATA ); + if (bs->len < 1) { + return MBEDTLS_ERR_ASN1_OUT_OF_DATA; + } bs->len -= 1; /* Get number of unused bits, ensure unused bits <= 7 */ bs->unused_bits = **p; - if( bs->unused_bits > 7 ) - return( MBEDTLS_ERR_ASN1_INVALID_LENGTH ); + if (bs->unused_bits > 7) { + return MBEDTLS_ERR_ASN1_INVALID_LENGTH; + } (*p)++; /* Get actual bitstring */ bs->p = *p; *p += bs->len; - if( *p != end ) - return( MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); + if (*p != end) { + return MBEDTLS_ERR_ASN1_LENGTH_MISMATCH; + } - return( 0 ); + return 0; } /* @@ -244,105 +260,106 @@ int mbedtls_asn1_traverse_sequence_of( const unsigned char *end, unsigned char tag_must_mask, unsigned char tag_must_val, unsigned char tag_may_mask, unsigned char tag_may_val, - int (*cb)( void *ctx, int tag, - unsigned char *start, size_t len ), - void *ctx ) + int (*cb)(void *ctx, int tag, + unsigned char *start, size_t len), + void *ctx) { int ret; size_t len; /* Get main sequence tag */ - if( ( ret = mbedtls_asn1_get_tag( p, end, &len, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) - { - return( ret ); + if ((ret = mbedtls_asn1_get_tag(p, end, &len, + MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { + return ret; } - if( *p + len != end ) - return( MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); + if (*p + len != end) { + return MBEDTLS_ERR_ASN1_LENGTH_MISMATCH; + } - while( *p < end ) - { + while (*p < end) { unsigned char const tag = *(*p)++; - if( ( tag & tag_must_mask ) != tag_must_val ) - return( MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ); + if ((tag & tag_must_mask) != tag_must_val) { + return MBEDTLS_ERR_ASN1_UNEXPECTED_TAG; + } - if( ( ret = mbedtls_asn1_get_len( p, end, &len ) ) != 0 ) - return( ret ); + if ((ret = mbedtls_asn1_get_len(p, end, &len)) != 0) { + return ret; + } - if( ( tag & tag_may_mask ) == tag_may_val ) - { - if( cb != NULL ) - { - ret = cb( ctx, tag, *p, len ); - if( ret != 0 ) - return( ret ); + if ((tag & tag_may_mask) == tag_may_val) { + if (cb != NULL) { + ret = cb(ctx, tag, *p, len); + if (ret != 0) { + return ret; + } } } *p += len; } - return( 0 ); + return 0; } /* * Get a bit string without unused bits */ -int mbedtls_asn1_get_bitstring_null( unsigned char **p, const unsigned char *end, - size_t *len ) +int mbedtls_asn1_get_bitstring_null(unsigned char **p, const unsigned char *end, + size_t *len) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - if( ( ret = mbedtls_asn1_get_tag( p, end, len, MBEDTLS_ASN1_BIT_STRING ) ) != 0 ) - return( ret ); + if ((ret = mbedtls_asn1_get_tag(p, end, len, MBEDTLS_ASN1_BIT_STRING)) != 0) { + return ret; + } - if( *len == 0 ) - return( MBEDTLS_ERR_ASN1_INVALID_DATA ); - --( *len ); + if (*len == 0) { + return MBEDTLS_ERR_ASN1_INVALID_DATA; + } + --(*len); - if( **p != 0 ) - return( MBEDTLS_ERR_ASN1_INVALID_DATA ); - ++( *p ); + if (**p != 0) { + return MBEDTLS_ERR_ASN1_INVALID_DATA; + } + ++(*p); - return( 0 ); + return 0; } -void mbedtls_asn1_sequence_free( mbedtls_asn1_sequence *seq ) +void mbedtls_asn1_sequence_free(mbedtls_asn1_sequence *seq) { - while( seq != NULL ) - { + while (seq != NULL) { mbedtls_asn1_sequence *next = seq->next; - mbedtls_platform_zeroize( seq, sizeof( *seq ) ); - mbedtls_free( seq ); + mbedtls_platform_zeroize(seq, sizeof(*seq)); + mbedtls_free(seq); seq = next; } } -typedef struct -{ +typedef struct { int tag; mbedtls_asn1_sequence *cur; } asn1_get_sequence_of_cb_ctx_t; -static int asn1_get_sequence_of_cb( void *ctx, - int tag, - unsigned char *start, - size_t len ) +static int asn1_get_sequence_of_cb(void *ctx, + int tag, + unsigned char *start, + size_t len) { asn1_get_sequence_of_cb_ctx_t *cb_ctx = (asn1_get_sequence_of_cb_ctx_t *) ctx; mbedtls_asn1_sequence *cur = cb_ctx->cur; - if( cur->buf.p != NULL ) - { + if (cur->buf.p != NULL) { cur->next = - mbedtls_calloc( 1, sizeof( mbedtls_asn1_sequence ) ); + mbedtls_calloc(1, sizeof(mbedtls_asn1_sequence)); - if( cur->next == NULL ) - return( MBEDTLS_ERR_ASN1_ALLOC_FAILED ); + if (cur->next == NULL) { + return MBEDTLS_ERR_ASN1_ALLOC_FAILED; + } cur = cur->next; } @@ -352,124 +369,128 @@ static int asn1_get_sequence_of_cb( void *ctx, cur->buf.tag = tag; cb_ctx->cur = cur; - return( 0 ); + return 0; } /* * Parses and splits an ASN.1 "SEQUENCE OF " */ -int mbedtls_asn1_get_sequence_of( unsigned char **p, - const unsigned char *end, - mbedtls_asn1_sequence *cur, - int tag) +int mbedtls_asn1_get_sequence_of(unsigned char **p, + const unsigned char *end, + mbedtls_asn1_sequence *cur, + int tag) { asn1_get_sequence_of_cb_ctx_t cb_ctx = { tag, cur }; - memset( cur, 0, sizeof( mbedtls_asn1_sequence ) ); - return( mbedtls_asn1_traverse_sequence_of( - p, end, 0xFF, tag, 0, 0, - asn1_get_sequence_of_cb, &cb_ctx ) ); + memset(cur, 0, sizeof(mbedtls_asn1_sequence)); + return mbedtls_asn1_traverse_sequence_of( + p, end, 0xFF, tag, 0, 0, + asn1_get_sequence_of_cb, &cb_ctx); } -int mbedtls_asn1_get_alg( unsigned char **p, - const unsigned char *end, - mbedtls_asn1_buf *alg, mbedtls_asn1_buf *params ) +int mbedtls_asn1_get_alg(unsigned char **p, + const unsigned char *end, + mbedtls_asn1_buf *alg, mbedtls_asn1_buf *params) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len; - if( ( ret = mbedtls_asn1_get_tag( p, end, &len, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) - return( ret ); + if ((ret = mbedtls_asn1_get_tag(p, end, &len, + MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { + return ret; + } - if( ( end - *p ) < 1 ) - return( MBEDTLS_ERR_ASN1_OUT_OF_DATA ); + if ((end - *p) < 1) { + return MBEDTLS_ERR_ASN1_OUT_OF_DATA; + } alg->tag = **p; end = *p + len; - if( ( ret = mbedtls_asn1_get_tag( p, end, &alg->len, MBEDTLS_ASN1_OID ) ) != 0 ) - return( ret ); + if ((ret = mbedtls_asn1_get_tag(p, end, &alg->len, MBEDTLS_ASN1_OID)) != 0) { + return ret; + } alg->p = *p; *p += alg->len; - if( *p == end ) - { - mbedtls_platform_zeroize( params, sizeof(mbedtls_asn1_buf) ); - return( 0 ); + if (*p == end) { + mbedtls_platform_zeroize(params, sizeof(mbedtls_asn1_buf)); + return 0; } params->tag = **p; (*p)++; - if( ( ret = mbedtls_asn1_get_len( p, end, ¶ms->len ) ) != 0 ) - return( ret ); + if ((ret = mbedtls_asn1_get_len(p, end, ¶ms->len)) != 0) { + return ret; + } params->p = *p; *p += params->len; - if( *p != end ) - return( MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); + if (*p != end) { + return MBEDTLS_ERR_ASN1_LENGTH_MISMATCH; + } - return( 0 ); + return 0; } -int mbedtls_asn1_get_alg_null( unsigned char **p, - const unsigned char *end, - mbedtls_asn1_buf *alg ) +int mbedtls_asn1_get_alg_null(unsigned char **p, + const unsigned char *end, + mbedtls_asn1_buf *alg) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_asn1_buf params; - memset( ¶ms, 0, sizeof(mbedtls_asn1_buf) ); + memset(¶ms, 0, sizeof(mbedtls_asn1_buf)); - if( ( ret = mbedtls_asn1_get_alg( p, end, alg, ¶ms ) ) != 0 ) - return( ret ); + if ((ret = mbedtls_asn1_get_alg(p, end, alg, ¶ms)) != 0) { + return ret; + } - if( ( params.tag != MBEDTLS_ASN1_NULL && params.tag != 0 ) || params.len != 0 ) - return( MBEDTLS_ERR_ASN1_INVALID_DATA ); + if ((params.tag != MBEDTLS_ASN1_NULL && params.tag != 0) || params.len != 0) { + return MBEDTLS_ERR_ASN1_INVALID_DATA; + } - return( 0 ); + return 0; } -void mbedtls_asn1_free_named_data( mbedtls_asn1_named_data *cur ) +void mbedtls_asn1_free_named_data(mbedtls_asn1_named_data *cur) { - if( cur == NULL ) + if (cur == NULL) { return; + } - mbedtls_free( cur->oid.p ); - mbedtls_free( cur->val.p ); + mbedtls_free(cur->oid.p); + mbedtls_free(cur->val.p); - mbedtls_platform_zeroize( cur, sizeof( mbedtls_asn1_named_data ) ); + mbedtls_platform_zeroize(cur, sizeof(mbedtls_asn1_named_data)); } -void mbedtls_asn1_free_named_data_list( mbedtls_asn1_named_data **head ) +void mbedtls_asn1_free_named_data_list(mbedtls_asn1_named_data **head) { mbedtls_asn1_named_data *cur; - while( ( cur = *head ) != NULL ) - { + while ((cur = *head) != NULL) { *head = cur->next; - mbedtls_asn1_free_named_data( cur ); - mbedtls_free( cur ); + mbedtls_asn1_free_named_data(cur); + mbedtls_free(cur); } } -mbedtls_asn1_named_data *mbedtls_asn1_find_named_data( mbedtls_asn1_named_data *list, - const char *oid, size_t len ) +mbedtls_asn1_named_data *mbedtls_asn1_find_named_data(mbedtls_asn1_named_data *list, + const char *oid, size_t len) { - while( list != NULL ) - { - if( list->oid.len == len && - memcmp( list->oid.p, oid, len ) == 0 ) - { + while (list != NULL) { + if (list->oid.len == len && + memcmp(list->oid.p, oid, len) == 0) { break; } list = list->next; } - return( list ); + return list; } #endif /* MBEDTLS_ASN1_PARSE_C */ diff --git a/thirdparty/mbedtls/library/asn1write.c b/thirdparty/mbedtls/library/asn1write.c index 4b59927cbb..0b487dceaa 100644 --- a/thirdparty/mbedtls/library/asn1write.c +++ b/thirdparty/mbedtls/library/asn1write.c @@ -28,452 +28,454 @@ #include "mbedtls/platform.h" -int mbedtls_asn1_write_len( unsigned char **p, unsigned char *start, size_t len ) +int mbedtls_asn1_write_len(unsigned char **p, unsigned char *start, size_t len) { - if( len < 0x80 ) - { - if( *p - start < 1 ) - return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL ); + if (len < 0x80) { + if (*p - start < 1) { + return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL; + } *--(*p) = (unsigned char) len; - return( 1 ); + return 1; } - if( len <= 0xFF ) - { - if( *p - start < 2 ) - return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL ); + if (len <= 0xFF) { + if (*p - start < 2) { + return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL; + } *--(*p) = (unsigned char) len; *--(*p) = 0x81; - return( 2 ); + return 2; } - if( len <= 0xFFFF ) - { - if( *p - start < 3 ) - return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL ); + if (len <= 0xFFFF) { + if (*p - start < 3) { + return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL; + } - *--(*p) = MBEDTLS_BYTE_0( len ); - *--(*p) = MBEDTLS_BYTE_1( len ); + *--(*p) = MBEDTLS_BYTE_0(len); + *--(*p) = MBEDTLS_BYTE_1(len); *--(*p) = 0x82; - return( 3 ); + return 3; } - if( len <= 0xFFFFFF ) - { - if( *p - start < 4 ) - return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL ); + if (len <= 0xFFFFFF) { + if (*p - start < 4) { + return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL; + } - *--(*p) = MBEDTLS_BYTE_0( len ); - *--(*p) = MBEDTLS_BYTE_1( len ); - *--(*p) = MBEDTLS_BYTE_2( len ); + *--(*p) = MBEDTLS_BYTE_0(len); + *--(*p) = MBEDTLS_BYTE_1(len); + *--(*p) = MBEDTLS_BYTE_2(len); *--(*p) = 0x83; - return( 4 ); + return 4; } int len_is_valid = 1; #if SIZE_MAX > 0xFFFFFFFF - len_is_valid = ( len <= 0xFFFFFFFF ); + len_is_valid = (len <= 0xFFFFFFFF); #endif - if( len_is_valid ) - { - if( *p - start < 5 ) - return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL ); - - *--(*p) = MBEDTLS_BYTE_0( len ); - *--(*p) = MBEDTLS_BYTE_1( len ); - *--(*p) = MBEDTLS_BYTE_2( len ); - *--(*p) = MBEDTLS_BYTE_3( len ); + if (len_is_valid) { + if (*p - start < 5) { + return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL; + } + + *--(*p) = MBEDTLS_BYTE_0(len); + *--(*p) = MBEDTLS_BYTE_1(len); + *--(*p) = MBEDTLS_BYTE_2(len); + *--(*p) = MBEDTLS_BYTE_3(len); *--(*p) = 0x84; - return( 5 ); + return 5; } - return( MBEDTLS_ERR_ASN1_INVALID_LENGTH ); + return MBEDTLS_ERR_ASN1_INVALID_LENGTH; } -int mbedtls_asn1_write_tag( unsigned char **p, unsigned char *start, unsigned char tag ) +int mbedtls_asn1_write_tag(unsigned char **p, unsigned char *start, unsigned char tag) { - if( *p - start < 1 ) - return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL ); + if (*p - start < 1) { + return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL; + } *--(*p) = tag; - return( 1 ); + return 1; } -int mbedtls_asn1_write_raw_buffer( unsigned char **p, unsigned char *start, - const unsigned char *buf, size_t size ) +int mbedtls_asn1_write_raw_buffer(unsigned char **p, unsigned char *start, + const unsigned char *buf, size_t size) { size_t len = 0; - if( *p < start || (size_t)( *p - start ) < size ) - return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL ); + if (*p < start || (size_t) (*p - start) < size) { + return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL; + } len = size; (*p) -= len; - memcpy( *p, buf, len ); + memcpy(*p, buf, len); - return( (int) len ); + return (int) len; } #if defined(MBEDTLS_BIGNUM_C) -int mbedtls_asn1_write_mpi( unsigned char **p, unsigned char *start, const mbedtls_mpi *X ) +int mbedtls_asn1_write_mpi(unsigned char **p, unsigned char *start, const mbedtls_mpi *X) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len = 0; // Write the MPI // - len = mbedtls_mpi_size( X ); + len = mbedtls_mpi_size(X); /* DER represents 0 with a sign bit (0=nonnegative) and 7 value bits, not * as 0 digits. We need to end up with 020100, not with 0200. */ - if( len == 0 ) + if (len == 0) { len = 1; + } - if( *p < start || (size_t)( *p - start ) < len ) - return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL ); + if (*p < start || (size_t) (*p - start) < len) { + return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL; + } (*p) -= len; - MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( X, *p, len ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_write_binary(X, *p, len)); // DER format assumes 2s complement for numbers, so the leftmost bit // should be 0 for positive numbers and 1 for negative numbers. // - if( X->s ==1 && **p & 0x80 ) - { - if( *p - start < 1 ) - return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL ); + if (X->s == 1 && **p & 0x80) { + if (*p - start < 1) { + return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL; + } *--(*p) = 0x00; len += 1; } - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) ); - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start, MBEDTLS_ASN1_INTEGER ) ); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, len)); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start, MBEDTLS_ASN1_INTEGER)); ret = (int) len; cleanup: - return( ret ); + return ret; } #endif /* MBEDTLS_BIGNUM_C */ -int mbedtls_asn1_write_null( unsigned char **p, unsigned char *start ) +int mbedtls_asn1_write_null(unsigned char **p, unsigned char *start) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len = 0; // Write NULL // - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, 0) ); - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start, MBEDTLS_ASN1_NULL ) ); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, 0)); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start, MBEDTLS_ASN1_NULL)); - return( (int) len ); + return (int) len; } -int mbedtls_asn1_write_oid( unsigned char **p, unsigned char *start, - const char *oid, size_t oid_len ) +int mbedtls_asn1_write_oid(unsigned char **p, unsigned char *start, + const char *oid, size_t oid_len) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len = 0; - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_raw_buffer( p, start, - (const unsigned char *) oid, oid_len ) ); - MBEDTLS_ASN1_CHK_ADD( len , mbedtls_asn1_write_len( p, start, len ) ); - MBEDTLS_ASN1_CHK_ADD( len , mbedtls_asn1_write_tag( p, start, MBEDTLS_ASN1_OID ) ); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_raw_buffer(p, start, + (const unsigned char *) oid, oid_len)); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, len)); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start, MBEDTLS_ASN1_OID)); - return( (int) len ); + return (int) len; } -int mbedtls_asn1_write_algorithm_identifier( unsigned char **p, unsigned char *start, - const char *oid, size_t oid_len, - size_t par_len ) +int mbedtls_asn1_write_algorithm_identifier(unsigned char **p, unsigned char *start, + const char *oid, size_t oid_len, + size_t par_len) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len = 0; - if( par_len == 0 ) - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_null( p, start ) ); - else + if (par_len == 0) { + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_null(p, start)); + } else { len += par_len; + } - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_oid( p, start, oid, oid_len ) ); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_oid(p, start, oid, oid_len)); - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) ); - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, len)); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start, + MBEDTLS_ASN1_CONSTRUCTED | + MBEDTLS_ASN1_SEQUENCE)); - return( (int) len ); + return (int) len; } -int mbedtls_asn1_write_bool( unsigned char **p, unsigned char *start, int boolean ) +int mbedtls_asn1_write_bool(unsigned char **p, unsigned char *start, int boolean) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len = 0; - if( *p - start < 1 ) - return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL ); + if (*p - start < 1) { + return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL; + } *--(*p) = (boolean) ? 255 : 0; len++; - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) ); - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start, MBEDTLS_ASN1_BOOLEAN ) ); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, len)); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start, MBEDTLS_ASN1_BOOLEAN)); - return( (int) len ); + return (int) len; } -static int asn1_write_tagged_int( unsigned char **p, unsigned char *start, int val, int tag ) +static int asn1_write_tagged_int(unsigned char **p, unsigned char *start, int val, int tag) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len = 0; - do - { - if( *p - start < 1 ) - return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL ); + do { + if (*p - start < 1) { + return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL; + } len += 1; *--(*p) = val & 0xff; val >>= 8; - } - while( val > 0 ); + } while (val > 0); - if( **p & 0x80 ) - { - if( *p - start < 1 ) - return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL ); + if (**p & 0x80) { + if (*p - start < 1) { + return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL; + } *--(*p) = 0x00; len += 1; } - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) ); - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start, tag ) ); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, len)); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start, tag)); - return( (int) len ); + return (int) len; } -int mbedtls_asn1_write_int( unsigned char **p, unsigned char *start, int val ) +int mbedtls_asn1_write_int(unsigned char **p, unsigned char *start, int val) { - return( asn1_write_tagged_int( p, start, val, MBEDTLS_ASN1_INTEGER ) ); + return asn1_write_tagged_int(p, start, val, MBEDTLS_ASN1_INTEGER); } -int mbedtls_asn1_write_enum( unsigned char **p, unsigned char *start, int val ) +int mbedtls_asn1_write_enum(unsigned char **p, unsigned char *start, int val) { - return( asn1_write_tagged_int( p, start, val, MBEDTLS_ASN1_ENUMERATED ) ); + return asn1_write_tagged_int(p, start, val, MBEDTLS_ASN1_ENUMERATED); } -int mbedtls_asn1_write_tagged_string( unsigned char **p, unsigned char *start, int tag, - const char *text, size_t text_len ) +int mbedtls_asn1_write_tagged_string(unsigned char **p, unsigned char *start, int tag, + const char *text, size_t text_len) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len = 0; - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_raw_buffer( p, start, - (const unsigned char *) text, text_len ) ); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_raw_buffer(p, start, + (const unsigned char *) text, + text_len)); - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) ); - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start, tag ) ); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, len)); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start, tag)); - return( (int) len ); + return (int) len; } -int mbedtls_asn1_write_utf8_string( unsigned char **p, unsigned char *start, - const char *text, size_t text_len ) +int mbedtls_asn1_write_utf8_string(unsigned char **p, unsigned char *start, + const char *text, size_t text_len) { - return( mbedtls_asn1_write_tagged_string(p, start, MBEDTLS_ASN1_UTF8_STRING, text, text_len) ); + return mbedtls_asn1_write_tagged_string(p, start, MBEDTLS_ASN1_UTF8_STRING, text, text_len); } -int mbedtls_asn1_write_printable_string( unsigned char **p, unsigned char *start, - const char *text, size_t text_len ) +int mbedtls_asn1_write_printable_string(unsigned char **p, unsigned char *start, + const char *text, size_t text_len) { - return( mbedtls_asn1_write_tagged_string(p, start, MBEDTLS_ASN1_PRINTABLE_STRING, text, text_len) ); + return mbedtls_asn1_write_tagged_string(p, start, MBEDTLS_ASN1_PRINTABLE_STRING, text, + text_len); } -int mbedtls_asn1_write_ia5_string( unsigned char **p, unsigned char *start, - const char *text, size_t text_len ) +int mbedtls_asn1_write_ia5_string(unsigned char **p, unsigned char *start, + const char *text, size_t text_len) { - return( mbedtls_asn1_write_tagged_string(p, start, MBEDTLS_ASN1_IA5_STRING, text, text_len) ); + return mbedtls_asn1_write_tagged_string(p, start, MBEDTLS_ASN1_IA5_STRING, text, text_len); } -int mbedtls_asn1_write_named_bitstring( unsigned char **p, - unsigned char *start, - const unsigned char *buf, - size_t bits ) +int mbedtls_asn1_write_named_bitstring(unsigned char **p, + unsigned char *start, + const unsigned char *buf, + size_t bits) { size_t unused_bits, byte_len; const unsigned char *cur_byte; unsigned char cur_byte_shifted; unsigned char bit; - byte_len = ( bits + 7 ) / 8; - unused_bits = ( byte_len * 8 ) - bits; + byte_len = (bits + 7) / 8; + unused_bits = (byte_len * 8) - bits; /* * Named bitstrings require that trailing 0s are excluded in the encoding * of the bitstring. Trailing 0s are considered part of the 'unused' bits * when encoding this value in the first content octet */ - if( bits != 0 ) - { + if (bits != 0) { cur_byte = buf + byte_len - 1; cur_byte_shifted = *cur_byte >> unused_bits; - for( ; ; ) - { + for (;;) { bit = cur_byte_shifted & 0x1; cur_byte_shifted >>= 1; - if( bit != 0 ) + if (bit != 0) { break; + } bits--; - if( bits == 0 ) + if (bits == 0) { break; + } - if( bits % 8 == 0 ) + if (bits % 8 == 0) { cur_byte_shifted = *--cur_byte; + } } } - return( mbedtls_asn1_write_bitstring( p, start, buf, bits ) ); + return mbedtls_asn1_write_bitstring(p, start, buf, bits); } -int mbedtls_asn1_write_bitstring( unsigned char **p, unsigned char *start, - const unsigned char *buf, size_t bits ) +int mbedtls_asn1_write_bitstring(unsigned char **p, unsigned char *start, + const unsigned char *buf, size_t bits) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len = 0; size_t unused_bits, byte_len; - byte_len = ( bits + 7 ) / 8; - unused_bits = ( byte_len * 8 ) - bits; + byte_len = (bits + 7) / 8; + unused_bits = (byte_len * 8) - bits; - if( *p < start || (size_t)( *p - start ) < byte_len + 1 ) - return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL ); + if (*p < start || (size_t) (*p - start) < byte_len + 1) { + return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL; + } len = byte_len + 1; /* Write the bitstring. Ensure the unused bits are zeroed */ - if( byte_len > 0 ) - { + if (byte_len > 0) { byte_len--; - *--( *p ) = buf[byte_len] & ~( ( 0x1 << unused_bits ) - 1 ); - ( *p ) -= byte_len; - memcpy( *p, buf, byte_len ); + *--(*p) = buf[byte_len] & ~((0x1 << unused_bits) - 1); + (*p) -= byte_len; + memcpy(*p, buf, byte_len); } /* Write unused bits */ - *--( *p ) = (unsigned char)unused_bits; + *--(*p) = (unsigned char) unused_bits; - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) ); - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start, MBEDTLS_ASN1_BIT_STRING ) ); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, len)); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start, MBEDTLS_ASN1_BIT_STRING)); - return( (int) len ); + return (int) len; } -int mbedtls_asn1_write_octet_string( unsigned char **p, unsigned char *start, - const unsigned char *buf, size_t size ) +int mbedtls_asn1_write_octet_string(unsigned char **p, unsigned char *start, + const unsigned char *buf, size_t size) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len = 0; - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_raw_buffer( p, start, buf, size ) ); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_raw_buffer(p, start, buf, size)); - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) ); - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start, MBEDTLS_ASN1_OCTET_STRING ) ); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, len)); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start, MBEDTLS_ASN1_OCTET_STRING)); - return( (int) len ); + return (int) len; } /* This is a copy of the ASN.1 parsing function mbedtls_asn1_find_named_data(), * which is replicated to avoid a dependency ASN1_WRITE_C on ASN1_PARSE_C. */ static mbedtls_asn1_named_data *asn1_find_named_data( - mbedtls_asn1_named_data *list, - const char *oid, size_t len ) + mbedtls_asn1_named_data *list, + const char *oid, size_t len) { - while( list != NULL ) - { - if( list->oid.len == len && - memcmp( list->oid.p, oid, len ) == 0 ) - { + while (list != NULL) { + if (list->oid.len == len && + memcmp(list->oid.p, oid, len) == 0) { break; } list = list->next; } - return( list ); + return list; } mbedtls_asn1_named_data *mbedtls_asn1_store_named_data( - mbedtls_asn1_named_data **head, - const char *oid, size_t oid_len, - const unsigned char *val, - size_t val_len ) + mbedtls_asn1_named_data **head, + const char *oid, size_t oid_len, + const unsigned char *val, + size_t val_len) { mbedtls_asn1_named_data *cur; - if( ( cur = asn1_find_named_data( *head, oid, oid_len ) ) == NULL ) - { + if ((cur = asn1_find_named_data(*head, oid, oid_len)) == NULL) { // Add new entry if not present yet based on OID // - cur = (mbedtls_asn1_named_data*)mbedtls_calloc( 1, - sizeof(mbedtls_asn1_named_data) ); - if( cur == NULL ) - return( NULL ); + cur = (mbedtls_asn1_named_data *) mbedtls_calloc(1, + sizeof(mbedtls_asn1_named_data)); + if (cur == NULL) { + return NULL; + } cur->oid.len = oid_len; - cur->oid.p = mbedtls_calloc( 1, oid_len ); - if( cur->oid.p == NULL ) - { - mbedtls_free( cur ); - return( NULL ); + cur->oid.p = mbedtls_calloc(1, oid_len); + if (cur->oid.p == NULL) { + mbedtls_free(cur); + return NULL; } - memcpy( cur->oid.p, oid, oid_len ); + memcpy(cur->oid.p, oid, oid_len); cur->val.len = val_len; - if( val_len != 0 ) - { - cur->val.p = mbedtls_calloc( 1, val_len ); - if( cur->val.p == NULL ) - { - mbedtls_free( cur->oid.p ); - mbedtls_free( cur ); - return( NULL ); + if (val_len != 0) { + cur->val.p = mbedtls_calloc(1, val_len); + if (cur->val.p == NULL) { + mbedtls_free(cur->oid.p); + mbedtls_free(cur); + return NULL; } } cur->next = *head; *head = cur; - } - else if( val_len == 0 ) - { - mbedtls_free( cur->val.p ); + } else if (val_len == 0) { + mbedtls_free(cur->val.p); cur->val.p = NULL; - } - else if( cur->val.len != val_len ) - { + } else if (cur->val.len != val_len) { /* * Enlarge existing value buffer if needed * Preserve old data until the allocation succeeded, to leave list in * a consistent state in case allocation fails. */ - void *p = mbedtls_calloc( 1, val_len ); - if( p == NULL ) - return( NULL ); + void *p = mbedtls_calloc(1, val_len); + if (p == NULL) { + return NULL; + } - mbedtls_free( cur->val.p ); + mbedtls_free(cur->val.p); cur->val.p = p; cur->val.len = val_len; } - if( val != NULL && val_len != 0 ) - memcpy( cur->val.p, val, val_len ); + if (val != NULL && val_len != 0) { + memcpy(cur->val.p, val, val_len); + } - return( cur ); + return cur; } #endif /* MBEDTLS_ASN1_WRITE_C */ diff --git a/thirdparty/mbedtls/library/base64.c b/thirdparty/mbedtls/library/base64.c index 9021a041bb..4170610642 100644 --- a/thirdparty/mbedtls/library/base64.c +++ b/thirdparty/mbedtls/library/base64.c @@ -31,68 +31,65 @@ #include "mbedtls/platform.h" #endif /* MBEDTLS_SELF_TEST */ -#define BASE64_SIZE_T_MAX ( (size_t) -1 ) /* SIZE_T_MAX is not standard */ +#define BASE64_SIZE_T_MAX ((size_t) -1) /* SIZE_T_MAX is not standard */ /* * Encode a buffer into base64 format */ -int mbedtls_base64_encode( unsigned char *dst, size_t dlen, size_t *olen, - const unsigned char *src, size_t slen ) +int mbedtls_base64_encode(unsigned char *dst, size_t dlen, size_t *olen, + const unsigned char *src, size_t slen) { size_t i, n; int C1, C2, C3; unsigned char *p; - if( slen == 0 ) - { + if (slen == 0) { *olen = 0; - return( 0 ); + return 0; } - n = slen / 3 + ( slen % 3 != 0 ); + n = slen / 3 + (slen % 3 != 0); - if( n > ( BASE64_SIZE_T_MAX - 1 ) / 4 ) - { + if (n > (BASE64_SIZE_T_MAX - 1) / 4) { *olen = BASE64_SIZE_T_MAX; - return( MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL ); + return MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL; } n *= 4; - if( ( dlen < n + 1 ) || ( NULL == dst ) ) - { + if ((dlen < n + 1) || (NULL == dst)) { *olen = n + 1; - return( MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL ); + return MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL; } - n = ( slen / 3 ) * 3; + n = (slen / 3) * 3; - for( i = 0, p = dst; i < n; i += 3 ) - { + for (i = 0, p = dst; i < n; i += 3) { C1 = *src++; C2 = *src++; C3 = *src++; - *p++ = mbedtls_ct_base64_enc_char( ( C1 >> 2 ) & 0x3F ); - *p++ = mbedtls_ct_base64_enc_char( ( ( ( C1 & 3 ) << 4 ) + ( C2 >> 4 ) ) - & 0x3F ); - *p++ = mbedtls_ct_base64_enc_char( ( ( ( C2 & 15 ) << 2 ) + ( C3 >> 6 ) ) - & 0x3F ); - *p++ = mbedtls_ct_base64_enc_char( C3 & 0x3F ); + *p++ = mbedtls_ct_base64_enc_char((C1 >> 2) & 0x3F); + *p++ = mbedtls_ct_base64_enc_char((((C1 & 3) << 4) + (C2 >> 4)) + & 0x3F); + *p++ = mbedtls_ct_base64_enc_char((((C2 & 15) << 2) + (C3 >> 6)) + & 0x3F); + *p++ = mbedtls_ct_base64_enc_char(C3 & 0x3F); } - if( i < slen ) - { + if (i < slen) { C1 = *src++; - C2 = ( ( i + 1 ) < slen ) ? *src++ : 0; + C2 = ((i + 1) < slen) ? *src++ : 0; - *p++ = mbedtls_ct_base64_enc_char( ( C1 >> 2 ) & 0x3F ); - *p++ = mbedtls_ct_base64_enc_char( ( ( ( C1 & 3 ) << 4 ) + ( C2 >> 4 ) ) - & 0x3F ); + *p++ = mbedtls_ct_base64_enc_char((C1 >> 2) & 0x3F); + *p++ = mbedtls_ct_base64_enc_char((((C1 & 3) << 4) + (C2 >> 4)) + & 0x3F); - if( ( i + 1 ) < slen ) - *p++ = mbedtls_ct_base64_enc_char( ( ( C2 & 15 ) << 2 ) & 0x3F ); - else *p++ = '='; + if ((i + 1) < slen) { + *p++ = mbedtls_ct_base64_enc_char(((C2 & 15) << 2) & 0x3F); + } else { + *p++ = '='; + } *p++ = '='; } @@ -100,14 +97,14 @@ int mbedtls_base64_encode( unsigned char *dst, size_t dlen, size_t *olen, *olen = p - dst; *p = 0; - return( 0 ); + return 0; } /* * Decode a base64-formatted buffer */ -int mbedtls_base64_decode( unsigned char *dst, size_t dlen, size_t *olen, - const unsigned char *src, size_t slen ) +int mbedtls_base64_decode(unsigned char *dst, size_t dlen, size_t *olen, + const unsigned char *src, size_t slen) { size_t i; /* index in source */ size_t n; /* number of digits or trailing = in source */ @@ -118,92 +115,97 @@ int mbedtls_base64_decode( unsigned char *dst, size_t dlen, size_t *olen, unsigned char *p; /* First pass: check for validity and get output length */ - for( i = n = 0; i < slen; i++ ) - { + for (i = n = 0; i < slen; i++) { /* Skip spaces before checking for EOL */ spaces_present = 0; - while( i < slen && src[i] == ' ' ) - { + while (i < slen && src[i] == ' ') { ++i; spaces_present = 1; } /* Spaces at end of buffer are OK */ - if( i == slen ) + if (i == slen) { break; + } - if( ( slen - i ) >= 2 && - src[i] == '\r' && src[i + 1] == '\n' ) + if ((slen - i) >= 2 && + src[i] == '\r' && src[i + 1] == '\n') { continue; + } - if( src[i] == '\n' ) + if (src[i] == '\n') { continue; + } /* Space inside a line is an error */ - if( spaces_present ) - return( MBEDTLS_ERR_BASE64_INVALID_CHARACTER ); - - if( src[i] > 127 ) - return( MBEDTLS_ERR_BASE64_INVALID_CHARACTER ); + if (spaces_present) { + return MBEDTLS_ERR_BASE64_INVALID_CHARACTER; + } - if( src[i] == '=' ) - { - if( ++equals > 2 ) - return( MBEDTLS_ERR_BASE64_INVALID_CHARACTER ); + if (src[i] > 127) { + return MBEDTLS_ERR_BASE64_INVALID_CHARACTER; } - else - { - if( equals != 0 ) - return( MBEDTLS_ERR_BASE64_INVALID_CHARACTER ); - if( mbedtls_ct_base64_dec_value( src[i] ) < 0 ) - return( MBEDTLS_ERR_BASE64_INVALID_CHARACTER ); + + if (src[i] == '=') { + if (++equals > 2) { + return MBEDTLS_ERR_BASE64_INVALID_CHARACTER; + } + } else { + if (equals != 0) { + return MBEDTLS_ERR_BASE64_INVALID_CHARACTER; + } + if (mbedtls_ct_base64_dec_value(src[i]) < 0) { + return MBEDTLS_ERR_BASE64_INVALID_CHARACTER; + } } n++; } - if( n == 0 ) - { + if (n == 0) { *olen = 0; - return( 0 ); + return 0; } /* The following expression is to calculate the following formula without * risk of integer overflow in n: * n = ( ( n * 6 ) + 7 ) >> 3; */ - n = ( 6 * ( n >> 3 ) ) + ( ( 6 * ( n & 0x7 ) + 7 ) >> 3 ); + n = (6 * (n >> 3)) + ((6 * (n & 0x7) + 7) >> 3); n -= equals; - if( dst == NULL || dlen < n ) - { + if (dst == NULL || dlen < n) { *olen = n; - return( MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL ); + return MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL; } equals = 0; - for( x = 0, p = dst; i > 0; i--, src++ ) - { - if( *src == '\r' || *src == '\n' || *src == ' ' ) + for (x = 0, p = dst; i > 0; i--, src++) { + if (*src == '\r' || *src == '\n' || *src == ' ') { continue; + } x = x << 6; - if( *src == '=' ) + if (*src == '=') { ++equals; - else - x |= mbedtls_ct_base64_dec_value( *src ); + } else { + x |= mbedtls_ct_base64_dec_value(*src); + } - if( ++accumulated_digits == 4 ) - { + if (++accumulated_digits == 4) { accumulated_digits = 0; - *p++ = MBEDTLS_BYTE_2( x ); - if( equals <= 1 ) *p++ = MBEDTLS_BYTE_1( x ); - if( equals <= 0 ) *p++ = MBEDTLS_BYTE_0( x ); + *p++ = MBEDTLS_BYTE_2(x); + if (equals <= 1) { + *p++ = MBEDTLS_BYTE_1(x); + } + if (equals <= 0) { + *p++ = MBEDTLS_BYTE_0(x); + } } } *olen = p - dst; - return( 0 ); + return 0; } #if defined(MBEDTLS_SELF_TEST) @@ -227,44 +229,47 @@ static const unsigned char base64_test_enc[] = /* * Checkup routine */ -int mbedtls_base64_self_test( int verbose ) +int mbedtls_base64_self_test(int verbose) { size_t len; const unsigned char *src; unsigned char buffer[128]; - if( verbose != 0 ) - mbedtls_printf( " Base64 encoding test: " ); + if (verbose != 0) { + mbedtls_printf(" Base64 encoding test: "); + } src = base64_test_dec; - if( mbedtls_base64_encode( buffer, sizeof( buffer ), &len, src, 64 ) != 0 || - memcmp( base64_test_enc, buffer, 88 ) != 0 ) - { - if( verbose != 0 ) - mbedtls_printf( "failed\n" ); + if (mbedtls_base64_encode(buffer, sizeof(buffer), &len, src, 64) != 0 || + memcmp(base64_test_enc, buffer, 88) != 0) { + if (verbose != 0) { + mbedtls_printf("failed\n"); + } - return( 1 ); + return 1; } - if( verbose != 0 ) - mbedtls_printf( "passed\n Base64 decoding test: " ); + if (verbose != 0) { + mbedtls_printf("passed\n Base64 decoding test: "); + } src = base64_test_enc; - if( mbedtls_base64_decode( buffer, sizeof( buffer ), &len, src, 88 ) != 0 || - memcmp( base64_test_dec, buffer, 64 ) != 0 ) - { - if( verbose != 0 ) - mbedtls_printf( "failed\n" ); + if (mbedtls_base64_decode(buffer, sizeof(buffer), &len, src, 88) != 0 || + memcmp(base64_test_dec, buffer, 64) != 0) { + if (verbose != 0) { + mbedtls_printf("failed\n"); + } - return( 1 ); + return 1; } - if( verbose != 0 ) - mbedtls_printf( "passed\n\n" ); + if (verbose != 0) { + mbedtls_printf("passed\n\n"); + } - return( 0 ); + return 0; } #endif /* MBEDTLS_SELF_TEST */ diff --git a/thirdparty/mbedtls/library/bignum.c b/thirdparty/mbedtls/library/bignum.c index 37193f55a8..5dca3a9177 100644 --- a/thirdparty/mbedtls/library/bignum.c +++ b/thirdparty/mbedtls/library/bignum.c @@ -48,36 +48,36 @@ #include "mbedtls/platform.h" -#define MPI_VALIDATE_RET( cond ) \ - MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_MPI_BAD_INPUT_DATA ) -#define MPI_VALIDATE( cond ) \ - MBEDTLS_INTERNAL_VALIDATE( cond ) +#define MPI_VALIDATE_RET(cond) \ + MBEDTLS_INTERNAL_VALIDATE_RET(cond, MBEDTLS_ERR_MPI_BAD_INPUT_DATA) +#define MPI_VALIDATE(cond) \ + MBEDTLS_INTERNAL_VALIDATE(cond) #define ciL (sizeof(mbedtls_mpi_uint)) /* chars in limb */ #define biL (ciL << 3) /* bits in limb */ #define biH (ciL << 2) /* half limb size */ -#define MPI_SIZE_T_MAX ( (size_t) -1 ) /* SIZE_T_MAX is not standard */ +#define MPI_SIZE_T_MAX ((size_t) -1) /* SIZE_T_MAX is not standard */ /* * Convert between bits/chars and number of limbs * Divide first in order to avoid potential overflows */ -#define BITS_TO_LIMBS(i) ( (i) / biL + ( (i) % biL != 0 ) ) -#define CHARS_TO_LIMBS(i) ( (i) / ciL + ( (i) % ciL != 0 ) ) +#define BITS_TO_LIMBS(i) ((i) / biL + ((i) % biL != 0)) +#define CHARS_TO_LIMBS(i) ((i) / ciL + ((i) % ciL != 0)) /* Implementation that should never be optimized out by the compiler */ -static void mbedtls_mpi_zeroize( mbedtls_mpi_uint *v, size_t n ) +static void mbedtls_mpi_zeroize(mbedtls_mpi_uint *v, size_t n) { - mbedtls_platform_zeroize( v, ciL * n ); + mbedtls_platform_zeroize(v, ciL * n); } /* * Initialize one MPI */ -void mbedtls_mpi_init( mbedtls_mpi *X ) +void mbedtls_mpi_init(mbedtls_mpi *X) { - MPI_VALIDATE( X != NULL ); + MPI_VALIDATE(X != NULL); X->s = 1; X->n = 0; @@ -87,15 +87,15 @@ void mbedtls_mpi_init( mbedtls_mpi *X ) /* * Unallocate one MPI */ -void mbedtls_mpi_free( mbedtls_mpi *X ) +void mbedtls_mpi_free(mbedtls_mpi *X) { - if( X == NULL ) + if (X == NULL) { return; + } - if( X->p != NULL ) - { - mbedtls_mpi_zeroize( X->p, X->n ); - mbedtls_free( X->p ); + if (X->p != NULL) { + mbedtls_mpi_zeroize(X->p, X->n); + mbedtls_free(X->p); } X->s = 1; @@ -106,93 +106,93 @@ void mbedtls_mpi_free( mbedtls_mpi *X ) /* * Enlarge to the specified number of limbs */ -int mbedtls_mpi_grow( mbedtls_mpi *X, size_t nblimbs ) +int mbedtls_mpi_grow(mbedtls_mpi *X, size_t nblimbs) { mbedtls_mpi_uint *p; - MPI_VALIDATE_RET( X != NULL ); + MPI_VALIDATE_RET(X != NULL); - if( nblimbs > MBEDTLS_MPI_MAX_LIMBS ) - return( MBEDTLS_ERR_MPI_ALLOC_FAILED ); + if (nblimbs > MBEDTLS_MPI_MAX_LIMBS) { + return MBEDTLS_ERR_MPI_ALLOC_FAILED; + } - if( X->n < nblimbs ) - { - if( ( p = (mbedtls_mpi_uint*)mbedtls_calloc( nblimbs, ciL ) ) == NULL ) - return( MBEDTLS_ERR_MPI_ALLOC_FAILED ); + if (X->n < nblimbs) { + if ((p = (mbedtls_mpi_uint *) mbedtls_calloc(nblimbs, ciL)) == NULL) { + return MBEDTLS_ERR_MPI_ALLOC_FAILED; + } - if( X->p != NULL ) - { - memcpy( p, X->p, X->n * ciL ); - mbedtls_mpi_zeroize( X->p, X->n ); - mbedtls_free( X->p ); + if (X->p != NULL) { + memcpy(p, X->p, X->n * ciL); + mbedtls_mpi_zeroize(X->p, X->n); + mbedtls_free(X->p); } X->n = nblimbs; X->p = p; } - return( 0 ); + return 0; } /* * Resize down as much as possible, * while keeping at least the specified number of limbs */ -int mbedtls_mpi_shrink( mbedtls_mpi *X, size_t nblimbs ) +int mbedtls_mpi_shrink(mbedtls_mpi *X, size_t nblimbs) { mbedtls_mpi_uint *p; size_t i; - MPI_VALIDATE_RET( X != NULL ); + MPI_VALIDATE_RET(X != NULL); - if( nblimbs > MBEDTLS_MPI_MAX_LIMBS ) - return( MBEDTLS_ERR_MPI_ALLOC_FAILED ); + if (nblimbs > MBEDTLS_MPI_MAX_LIMBS) { + return MBEDTLS_ERR_MPI_ALLOC_FAILED; + } /* Actually resize up if there are currently fewer than nblimbs limbs. */ - if( X->n <= nblimbs ) - return( mbedtls_mpi_grow( X, nblimbs ) ); + if (X->n <= nblimbs) { + return mbedtls_mpi_grow(X, nblimbs); + } /* After this point, then X->n > nblimbs and in particular X->n > 0. */ - for( i = X->n - 1; i > 0; i-- ) - if( X->p[i] != 0 ) + for (i = X->n - 1; i > 0; i--) { + if (X->p[i] != 0) { break; + } + } i++; - if( i < nblimbs ) + if (i < nblimbs) { i = nblimbs; + } - if( ( p = (mbedtls_mpi_uint*)mbedtls_calloc( i, ciL ) ) == NULL ) - return( MBEDTLS_ERR_MPI_ALLOC_FAILED ); + if ((p = (mbedtls_mpi_uint *) mbedtls_calloc(i, ciL)) == NULL) { + return MBEDTLS_ERR_MPI_ALLOC_FAILED; + } - if( X->p != NULL ) - { - memcpy( p, X->p, i * ciL ); - mbedtls_mpi_zeroize( X->p, X->n ); - mbedtls_free( X->p ); + if (X->p != NULL) { + memcpy(p, X->p, i * ciL); + mbedtls_mpi_zeroize(X->p, X->n); + mbedtls_free(X->p); } X->n = i; X->p = p; - return( 0 ); + return 0; } /* Resize X to have exactly n limbs and set it to 0. */ -static int mbedtls_mpi_resize_clear( mbedtls_mpi *X, size_t limbs ) +static int mbedtls_mpi_resize_clear(mbedtls_mpi *X, size_t limbs) { - if( limbs == 0 ) - { - mbedtls_mpi_free( X ); - return( 0 ); - } - else if( X->n == limbs ) - { - memset( X->p, 0, limbs * ciL ); + if (limbs == 0) { + mbedtls_mpi_free(X); + return 0; + } else if (X->n == limbs) { + memset(X->p, 0, limbs * ciL); X->s = 1; - return( 0 ); - } - else - { - mbedtls_mpi_free( X ); - return( mbedtls_mpi_grow( X, limbs ) ); + return 0; + } else { + mbedtls_mpi_free(X); + return mbedtls_mpi_grow(X, limbs); } } @@ -205,166 +205,171 @@ static int mbedtls_mpi_resize_clear( mbedtls_mpi *X, size_t limbs ) * but some code in the bignum module relies on this property, for example * in mbedtls_mpi_exp_mod(). */ -int mbedtls_mpi_copy( mbedtls_mpi *X, const mbedtls_mpi *Y ) +int mbedtls_mpi_copy(mbedtls_mpi *X, const mbedtls_mpi *Y) { int ret = 0; size_t i; - MPI_VALIDATE_RET( X != NULL ); - MPI_VALIDATE_RET( Y != NULL ); + MPI_VALIDATE_RET(X != NULL); + MPI_VALIDATE_RET(Y != NULL); - if( X == Y ) - return( 0 ); + if (X == Y) { + return 0; + } - if( Y->n == 0 ) - { - if( X->n != 0 ) - { + if (Y->n == 0) { + if (X->n != 0) { X->s = 1; - memset( X->p, 0, X->n * ciL ); + memset(X->p, 0, X->n * ciL); } - return( 0 ); + return 0; } - for( i = Y->n - 1; i > 0; i-- ) - if( Y->p[i] != 0 ) + for (i = Y->n - 1; i > 0; i--) { + if (Y->p[i] != 0) { break; + } + } i++; X->s = Y->s; - if( X->n < i ) - { - MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, i ) ); - } - else - { - memset( X->p + i, 0, ( X->n - i ) * ciL ); + if (X->n < i) { + MBEDTLS_MPI_CHK(mbedtls_mpi_grow(X, i)); + } else { + memset(X->p + i, 0, (X->n - i) * ciL); } - memcpy( X->p, Y->p, i * ciL ); + memcpy(X->p, Y->p, i * ciL); cleanup: - return( ret ); + return ret; } /* * Swap the contents of X and Y */ -void mbedtls_mpi_swap( mbedtls_mpi *X, mbedtls_mpi *Y ) +void mbedtls_mpi_swap(mbedtls_mpi *X, mbedtls_mpi *Y) { mbedtls_mpi T; - MPI_VALIDATE( X != NULL ); - MPI_VALIDATE( Y != NULL ); + MPI_VALIDATE(X != NULL); + MPI_VALIDATE(Y != NULL); - memcpy( &T, X, sizeof( mbedtls_mpi ) ); - memcpy( X, Y, sizeof( mbedtls_mpi ) ); - memcpy( Y, &T, sizeof( mbedtls_mpi ) ); + memcpy(&T, X, sizeof(mbedtls_mpi)); + memcpy(X, Y, sizeof(mbedtls_mpi)); + memcpy(Y, &T, sizeof(mbedtls_mpi)); } -static inline mbedtls_mpi_uint mpi_sint_abs( mbedtls_mpi_sint z ) +static inline mbedtls_mpi_uint mpi_sint_abs(mbedtls_mpi_sint z) { - if( z >= 0 ) - return( z ); + if (z >= 0) { + return z; + } /* Take care to handle the most negative value (-2^(biL-1)) correctly. * A naive -z would have undefined behavior. * Write this in a way that makes popular compilers happy (GCC, Clang, * MSVC). */ - return( (mbedtls_mpi_uint) 0 - (mbedtls_mpi_uint) z ); + return (mbedtls_mpi_uint) 0 - (mbedtls_mpi_uint) z; } /* * Set value from integer */ -int mbedtls_mpi_lset( mbedtls_mpi *X, mbedtls_mpi_sint z ) +int mbedtls_mpi_lset(mbedtls_mpi *X, mbedtls_mpi_sint z) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - MPI_VALIDATE_RET( X != NULL ); + MPI_VALIDATE_RET(X != NULL); - MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, 1 ) ); - memset( X->p, 0, X->n * ciL ); + MBEDTLS_MPI_CHK(mbedtls_mpi_grow(X, 1)); + memset(X->p, 0, X->n * ciL); - X->p[0] = mpi_sint_abs( z ); - X->s = ( z < 0 ) ? -1 : 1; + X->p[0] = mpi_sint_abs(z); + X->s = (z < 0) ? -1 : 1; cleanup: - return( ret ); + return ret; } /* * Get a specific bit */ -int mbedtls_mpi_get_bit( const mbedtls_mpi *X, size_t pos ) +int mbedtls_mpi_get_bit(const mbedtls_mpi *X, size_t pos) { - MPI_VALIDATE_RET( X != NULL ); + MPI_VALIDATE_RET(X != NULL); - if( X->n * biL <= pos ) - return( 0 ); + if (X->n * biL <= pos) { + return 0; + } - return( ( X->p[pos / biL] >> ( pos % biL ) ) & 0x01 ); + return (X->p[pos / biL] >> (pos % biL)) & 0x01; } /* Get a specific byte, without range checks. */ -#define GET_BYTE( X, i ) \ - ( ( ( X )->p[( i ) / ciL] >> ( ( ( i ) % ciL ) * 8 ) ) & 0xff ) +#define GET_BYTE(X, i) \ + (((X)->p[(i) / ciL] >> (((i) % ciL) * 8)) & 0xff) /* * Set a bit to a specific value of 0 or 1 */ -int mbedtls_mpi_set_bit( mbedtls_mpi *X, size_t pos, unsigned char val ) +int mbedtls_mpi_set_bit(mbedtls_mpi *X, size_t pos, unsigned char val) { int ret = 0; size_t off = pos / biL; size_t idx = pos % biL; - MPI_VALIDATE_RET( X != NULL ); + MPI_VALIDATE_RET(X != NULL); - if( val != 0 && val != 1 ) - return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA ); + if (val != 0 && val != 1) { + return MBEDTLS_ERR_MPI_BAD_INPUT_DATA; + } - if( X->n * biL <= pos ) - { - if( val == 0 ) - return( 0 ); + if (X->n * biL <= pos) { + if (val == 0) { + return 0; + } - MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, off + 1 ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_grow(X, off + 1)); } - X->p[off] &= ~( (mbedtls_mpi_uint) 0x01 << idx ); + X->p[off] &= ~((mbedtls_mpi_uint) 0x01 << idx); X->p[off] |= (mbedtls_mpi_uint) val << idx; cleanup: - return( ret ); + return ret; } /* * Return the number of less significant zero-bits */ -size_t mbedtls_mpi_lsb( const mbedtls_mpi *X ) +size_t mbedtls_mpi_lsb(const mbedtls_mpi *X) { size_t i, j, count = 0; - MBEDTLS_INTERNAL_VALIDATE_RET( X != NULL, 0 ); + MBEDTLS_INTERNAL_VALIDATE_RET(X != NULL, 0); - for( i = 0; i < X->n; i++ ) - for( j = 0; j < biL; j++, count++ ) - if( ( ( X->p[i] >> j ) & 1 ) != 0 ) - return( count ); + for (i = 0; i < X->n; i++) { + for (j = 0; j < biL; j++, count++) { + if (((X->p[i] >> j) & 1) != 0) { + return count; + } + } + } - return( 0 ); + return 0; } /* * Count leading zero bits in a given integer */ -static size_t mbedtls_clz( const mbedtls_mpi_uint x ) +static size_t mbedtls_clz(const mbedtls_mpi_uint x) { size_t j; mbedtls_mpi_uint mask = (mbedtls_mpi_uint) 1 << (biL - 1); - for( j = 0; j < biL; j++ ) - { - if( x & mask ) break; + for (j = 0; j < biL; j++) { + if (x & mask) { + break; + } mask >>= 1; } @@ -375,231 +380,236 @@ static size_t mbedtls_clz( const mbedtls_mpi_uint x ) /* * Return the number of bits */ -size_t mbedtls_mpi_bitlen( const mbedtls_mpi *X ) +size_t mbedtls_mpi_bitlen(const mbedtls_mpi *X) { size_t i, j; - if( X->n == 0 ) - return( 0 ); + if (X->n == 0) { + return 0; + } - for( i = X->n - 1; i > 0; i-- ) - if( X->p[i] != 0 ) + for (i = X->n - 1; i > 0; i--) { + if (X->p[i] != 0) { break; + } + } - j = biL - mbedtls_clz( X->p[i] ); + j = biL - mbedtls_clz(X->p[i]); - return( ( i * biL ) + j ); + return (i * biL) + j; } /* * Return the total size in bytes */ -size_t mbedtls_mpi_size( const mbedtls_mpi *X ) +size_t mbedtls_mpi_size(const mbedtls_mpi *X) { - return( ( mbedtls_mpi_bitlen( X ) + 7 ) >> 3 ); + return (mbedtls_mpi_bitlen(X) + 7) >> 3; } /* * Convert an ASCII character to digit value */ -static int mpi_get_digit( mbedtls_mpi_uint *d, int radix, char c ) +static int mpi_get_digit(mbedtls_mpi_uint *d, int radix, char c) { *d = 255; - if( c >= 0x30 && c <= 0x39 ) *d = c - 0x30; - if( c >= 0x41 && c <= 0x46 ) *d = c - 0x37; - if( c >= 0x61 && c <= 0x66 ) *d = c - 0x57; + if (c >= 0x30 && c <= 0x39) { + *d = c - 0x30; + } + if (c >= 0x41 && c <= 0x46) { + *d = c - 0x37; + } + if (c >= 0x61 && c <= 0x66) { + *d = c - 0x57; + } - if( *d >= (mbedtls_mpi_uint) radix ) - return( MBEDTLS_ERR_MPI_INVALID_CHARACTER ); + if (*d >= (mbedtls_mpi_uint) radix) { + return MBEDTLS_ERR_MPI_INVALID_CHARACTER; + } - return( 0 ); + return 0; } /* * Import from an ASCII string */ -int mbedtls_mpi_read_string( mbedtls_mpi *X, int radix, const char *s ) +int mbedtls_mpi_read_string(mbedtls_mpi *X, int radix, const char *s) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t i, j, slen, n; int sign = 1; mbedtls_mpi_uint d; mbedtls_mpi T; - MPI_VALIDATE_RET( X != NULL ); - MPI_VALIDATE_RET( s != NULL ); + MPI_VALIDATE_RET(X != NULL); + MPI_VALIDATE_RET(s != NULL); - if( radix < 2 || radix > 16 ) - return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA ); + if (radix < 2 || radix > 16) { + return MBEDTLS_ERR_MPI_BAD_INPUT_DATA; + } - mbedtls_mpi_init( &T ); + mbedtls_mpi_init(&T); - if( s[0] == 0 ) - { - mbedtls_mpi_free( X ); - return( 0 ); + if (s[0] == 0) { + mbedtls_mpi_free(X); + return 0; } - if( s[0] == '-' ) - { + if (s[0] == '-') { ++s; sign = -1; } - slen = strlen( s ); + slen = strlen(s); - if( radix == 16 ) - { - if( slen > MPI_SIZE_T_MAX >> 2 ) - return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA ); + if (radix == 16) { + if (slen > MPI_SIZE_T_MAX >> 2) { + return MBEDTLS_ERR_MPI_BAD_INPUT_DATA; + } - n = BITS_TO_LIMBS( slen << 2 ); + n = BITS_TO_LIMBS(slen << 2); - MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, n ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_lset( X, 0 ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_grow(X, n)); + MBEDTLS_MPI_CHK(mbedtls_mpi_lset(X, 0)); - for( i = slen, j = 0; i > 0; i--, j++ ) - { - MBEDTLS_MPI_CHK( mpi_get_digit( &d, radix, s[i - 1] ) ); - X->p[j / ( 2 * ciL )] |= d << ( ( j % ( 2 * ciL ) ) << 2 ); + for (i = slen, j = 0; i > 0; i--, j++) { + MBEDTLS_MPI_CHK(mpi_get_digit(&d, radix, s[i - 1])); + X->p[j / (2 * ciL)] |= d << ((j % (2 * ciL)) << 2); } - } - else - { - MBEDTLS_MPI_CHK( mbedtls_mpi_lset( X, 0 ) ); + } else { + MBEDTLS_MPI_CHK(mbedtls_mpi_lset(X, 0)); - for( i = 0; i < slen; i++ ) - { - MBEDTLS_MPI_CHK( mpi_get_digit( &d, radix, s[i] ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_int( &T, X, radix ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( X, &T, d ) ); + for (i = 0; i < slen; i++) { + MBEDTLS_MPI_CHK(mpi_get_digit(&d, radix, s[i])); + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_int(&T, X, radix)); + MBEDTLS_MPI_CHK(mbedtls_mpi_add_int(X, &T, d)); } } - if( sign < 0 && mbedtls_mpi_bitlen( X ) != 0 ) + if (sign < 0 && mbedtls_mpi_bitlen(X) != 0) { X->s = -1; + } cleanup: - mbedtls_mpi_free( &T ); + mbedtls_mpi_free(&T); - return( ret ); + return ret; } /* * Helper to write the digits high-order first. */ -static int mpi_write_hlp( mbedtls_mpi *X, int radix, - char **p, const size_t buflen ) +static int mpi_write_hlp(mbedtls_mpi *X, int radix, + char **p, const size_t buflen) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_mpi_uint r; size_t length = 0; char *p_end = *p + buflen; - do - { - if( length >= buflen ) - { - return( MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL ); + do { + if (length >= buflen) { + return MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL; } - MBEDTLS_MPI_CHK( mbedtls_mpi_mod_int( &r, X, radix ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_div_int( X, NULL, X, radix ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_mod_int(&r, X, radix)); + MBEDTLS_MPI_CHK(mbedtls_mpi_div_int(X, NULL, X, radix)); /* * Write the residue in the current position, as an ASCII character. */ - if( r < 0xA ) - *(--p_end) = (char)( '0' + r ); - else - *(--p_end) = (char)( 'A' + ( r - 0xA ) ); + if (r < 0xA) { + *(--p_end) = (char) ('0' + r); + } else { + *(--p_end) = (char) ('A' + (r - 0xA)); + } length++; - } while( mbedtls_mpi_cmp_int( X, 0 ) != 0 ); + } while (mbedtls_mpi_cmp_int(X, 0) != 0); - memmove( *p, p_end, length ); + memmove(*p, p_end, length); *p += length; cleanup: - return( ret ); + return ret; } /* * Export into an ASCII string */ -int mbedtls_mpi_write_string( const mbedtls_mpi *X, int radix, - char *buf, size_t buflen, size_t *olen ) +int mbedtls_mpi_write_string(const mbedtls_mpi *X, int radix, + char *buf, size_t buflen, size_t *olen) { int ret = 0; size_t n; char *p; mbedtls_mpi T; - MPI_VALIDATE_RET( X != NULL ); - MPI_VALIDATE_RET( olen != NULL ); - MPI_VALIDATE_RET( buflen == 0 || buf != NULL ); + MPI_VALIDATE_RET(X != NULL); + MPI_VALIDATE_RET(olen != NULL); + MPI_VALIDATE_RET(buflen == 0 || buf != NULL); - if( radix < 2 || radix > 16 ) - return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA ); + if (radix < 2 || radix > 16) { + return MBEDTLS_ERR_MPI_BAD_INPUT_DATA; + } - n = mbedtls_mpi_bitlen( X ); /* Number of bits necessary to present `n`. */ - if( radix >= 4 ) n >>= 1; /* Number of 4-adic digits necessary to present + n = mbedtls_mpi_bitlen(X); /* Number of bits necessary to present `n`. */ + if (radix >= 4) { + n >>= 1; /* Number of 4-adic digits necessary to present * `n`. If radix > 4, this might be a strict * overapproximation of the number of * radix-adic digits needed to present `n`. */ - if( radix >= 16 ) n >>= 1; /* Number of hexadecimal digits necessary to + } + if (radix >= 16) { + n >>= 1; /* Number of hexadecimal digits necessary to * present `n`. */ + } n += 1; /* Terminating null byte */ n += 1; /* Compensate for the divisions above, which round down `n` * in case it's not even. */ n += 1; /* Potential '-'-sign. */ - n += ( n & 1 ); /* Make n even to have enough space for hexadecimal writing, + n += (n & 1); /* Make n even to have enough space for hexadecimal writing, * which always uses an even number of hex-digits. */ - if( buflen < n ) - { + if (buflen < n) { *olen = n; - return( MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL ); + return MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL; } p = buf; - mbedtls_mpi_init( &T ); + mbedtls_mpi_init(&T); - if( X->s == -1 ) - { + if (X->s == -1) { *p++ = '-'; buflen--; } - if( radix == 16 ) - { + if (radix == 16) { int c; size_t i, j, k; - for( i = X->n, k = 0; i > 0; i-- ) - { - for( j = ciL; j > 0; j-- ) - { - c = ( X->p[i - 1] >> ( ( j - 1 ) << 3) ) & 0xFF; + for (i = X->n, k = 0; i > 0; i--) { + for (j = ciL; j > 0; j--) { + c = (X->p[i - 1] >> ((j - 1) << 3)) & 0xFF; - if( c == 0 && k == 0 && ( i + j ) != 2 ) + if (c == 0 && k == 0 && (i + j) != 2) { continue; + } *(p++) = "0123456789ABCDEF" [c / 16]; *(p++) = "0123456789ABCDEF" [c % 16]; k = 1; } } - } - else - { - MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &T, X ) ); + } else { + MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&T, X)); - if( T.s == -1 ) + if (T.s == -1) { T.s = 1; + } - MBEDTLS_MPI_CHK( mpi_write_hlp( &T, radix, &p, buflen ) ); + MBEDTLS_MPI_CHK(mpi_write_hlp(&T, radix, &p, buflen)); } *p++ = '\0'; @@ -607,16 +617,16 @@ int mbedtls_mpi_write_string( const mbedtls_mpi *X, int radix, cleanup: - mbedtls_mpi_free( &T ); + mbedtls_mpi_free(&T); - return( ret ); + return ret; } #if defined(MBEDTLS_FS_IO) /* * Read X from an opened file */ -int mbedtls_mpi_read_file( mbedtls_mpi *X, int radix, FILE *fin ) +int mbedtls_mpi_read_file(mbedtls_mpi *X, int radix, FILE *fin) { mbedtls_mpi_uint d; size_t slen; @@ -625,37 +635,46 @@ int mbedtls_mpi_read_file( mbedtls_mpi *X, int radix, FILE *fin ) * Buffer should have space for (short) label and decimal formatted MPI, * newline characters and '\0' */ - char s[ MBEDTLS_MPI_RW_BUFFER_SIZE ]; + char s[MBEDTLS_MPI_RW_BUFFER_SIZE]; - MPI_VALIDATE_RET( X != NULL ); - MPI_VALIDATE_RET( fin != NULL ); + MPI_VALIDATE_RET(X != NULL); + MPI_VALIDATE_RET(fin != NULL); - if( radix < 2 || radix > 16 ) - return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA ); + if (radix < 2 || radix > 16) { + return MBEDTLS_ERR_MPI_BAD_INPUT_DATA; + } - memset( s, 0, sizeof( s ) ); - if( fgets( s, sizeof( s ) - 1, fin ) == NULL ) - return( MBEDTLS_ERR_MPI_FILE_IO_ERROR ); + memset(s, 0, sizeof(s)); + if (fgets(s, sizeof(s) - 1, fin) == NULL) { + return MBEDTLS_ERR_MPI_FILE_IO_ERROR; + } - slen = strlen( s ); - if( slen == sizeof( s ) - 2 ) - return( MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL ); + slen = strlen(s); + if (slen == sizeof(s) - 2) { + return MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL; + } - if( slen > 0 && s[slen - 1] == '\n' ) { slen--; s[slen] = '\0'; } - if( slen > 0 && s[slen - 1] == '\r' ) { slen--; s[slen] = '\0'; } + if (slen > 0 && s[slen - 1] == '\n') { + slen--; s[slen] = '\0'; + } + if (slen > 0 && s[slen - 1] == '\r') { + slen--; s[slen] = '\0'; + } p = s + slen; - while( p-- > s ) - if( mpi_get_digit( &d, radix, *p ) != 0 ) + while (p-- > s) { + if (mpi_get_digit(&d, radix, *p) != 0) { break; + } + } - return( mbedtls_mpi_read_string( X, radix, p + 1 ) ); + return mbedtls_mpi_read_string(X, radix, p + 1); } /* * Write X into an opened file (or stdout if fout == NULL) */ -int mbedtls_mpi_write_file( const char *p, const mbedtls_mpi *X, int radix, FILE *fout ) +int mbedtls_mpi_write_file(const char *p, const mbedtls_mpi *X, int radix, FILE *fout) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t n, slen, plen; @@ -663,35 +682,38 @@ int mbedtls_mpi_write_file( const char *p, const mbedtls_mpi *X, int radix, FILE * Buffer should have space for (short) label and decimal formatted MPI, * newline characters and '\0' */ - char s[ MBEDTLS_MPI_RW_BUFFER_SIZE ]; - MPI_VALIDATE_RET( X != NULL ); + char s[MBEDTLS_MPI_RW_BUFFER_SIZE]; + MPI_VALIDATE_RET(X != NULL); - if( radix < 2 || radix > 16 ) - return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA ); + if (radix < 2 || radix > 16) { + return MBEDTLS_ERR_MPI_BAD_INPUT_DATA; + } - memset( s, 0, sizeof( s ) ); + memset(s, 0, sizeof(s)); - MBEDTLS_MPI_CHK( mbedtls_mpi_write_string( X, radix, s, sizeof( s ) - 2, &n ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_write_string(X, radix, s, sizeof(s) - 2, &n)); - if( p == NULL ) p = ""; + if (p == NULL) { + p = ""; + } - plen = strlen( p ); - slen = strlen( s ); + plen = strlen(p); + slen = strlen(s); s[slen++] = '\r'; s[slen++] = '\n'; - if( fout != NULL ) - { - if( fwrite( p, 1, plen, fout ) != plen || - fwrite( s, 1, slen, fout ) != slen ) - return( MBEDTLS_ERR_MPI_FILE_IO_ERROR ); + if (fout != NULL) { + if (fwrite(p, 1, plen, fout) != plen || + fwrite(s, 1, slen, fout) != slen) { + return MBEDTLS_ERR_MPI_FILE_IO_ERROR; + } + } else { + mbedtls_printf("%s%s", p, s); } - else - mbedtls_printf( "%s%s", p, s ); cleanup: - return( ret ); + return ret; } #endif /* MBEDTLS_FS_IO */ @@ -699,35 +721,34 @@ cleanup: /* Convert a big-endian byte array aligned to the size of mbedtls_mpi_uint * into the storage form used by mbedtls_mpi. */ -static mbedtls_mpi_uint mpi_uint_bigendian_to_host_c( mbedtls_mpi_uint x ) +static mbedtls_mpi_uint mpi_uint_bigendian_to_host_c(mbedtls_mpi_uint x) { uint8_t i; unsigned char *x_ptr; mbedtls_mpi_uint tmp = 0; - for( i = 0, x_ptr = (unsigned char*) &x; i < ciL; i++, x_ptr++ ) - { + for (i = 0, x_ptr = (unsigned char *) &x; i < ciL; i++, x_ptr++) { tmp <<= CHAR_BIT; tmp |= (mbedtls_mpi_uint) *x_ptr; } - return( tmp ); + return tmp; } -static mbedtls_mpi_uint mpi_uint_bigendian_to_host( mbedtls_mpi_uint x ) +static mbedtls_mpi_uint mpi_uint_bigendian_to_host(mbedtls_mpi_uint x) { #if defined(__BYTE_ORDER__) /* Nothing to do on bigendian systems. */ -#if ( __BYTE_ORDER__ == __ORDER_BIG_ENDIAN__ ) - return( x ); +#if (__BYTE_ORDER__ == __ORDER_BIG_ENDIAN__) + return x; #endif /* __BYTE_ORDER__ == __ORDER_BIG_ENDIAN__ */ -#if ( __BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__ ) +#if (__BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__) /* For GCC and Clang, have builtins for byte swapping. */ #if defined(__GNUC__) && defined(__GNUC_PREREQ) -#if __GNUC_PREREQ(4,3) +#if __GNUC_PREREQ(4, 3) #define have_bswap #endif #endif @@ -741,12 +762,11 @@ static mbedtls_mpi_uint mpi_uint_bigendian_to_host( mbedtls_mpi_uint x ) #if defined(have_bswap) /* The compiler is hopefully able to statically evaluate this! */ - switch( sizeof(mbedtls_mpi_uint) ) - { + switch (sizeof(mbedtls_mpi_uint)) { case 4: - return( __builtin_bswap32(x) ); + return __builtin_bswap32(x); case 8: - return( __builtin_bswap64(x) ); + return __builtin_bswap64(x); } #endif #endif /* __BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__ */ @@ -754,15 +774,16 @@ static mbedtls_mpi_uint mpi_uint_bigendian_to_host( mbedtls_mpi_uint x ) /* Fall back to C-based reordering if we don't know the byte order * or we couldn't use a compiler-specific builtin. */ - return( mpi_uint_bigendian_to_host_c( x ) ); + return mpi_uint_bigendian_to_host_c(x); } -static void mpi_bigendian_to_host( mbedtls_mpi_uint * const p, size_t limbs ) +static void mpi_bigendian_to_host(mbedtls_mpi_uint * const p, size_t limbs) { mbedtls_mpi_uint *cur_limb_left; mbedtls_mpi_uint *cur_limb_right; - if( limbs == 0 ) + if (limbs == 0) { return; + } /* * Traverse limbs and @@ -773,15 +794,14 @@ static void mpi_bigendian_to_host( mbedtls_mpi_uint * const p, size_t limbs ) * than the right index (it's not a problem if limbs is odd and the * indices coincide in the last iteration). */ - for( cur_limb_left = p, cur_limb_right = p + ( limbs - 1 ); + for (cur_limb_left = p, cur_limb_right = p + (limbs - 1); cur_limb_left <= cur_limb_right; - cur_limb_left++, cur_limb_right-- ) - { + cur_limb_left++, cur_limb_right--) { mbedtls_mpi_uint tmp; /* Note that if cur_limb_left == cur_limb_right, * this code effectively swaps the bytes only once. */ - tmp = mpi_uint_bigendian_to_host( *cur_limb_left ); - *cur_limb_left = mpi_uint_bigendian_to_host( *cur_limb_right ); + tmp = mpi_uint_bigendian_to_host(*cur_limb_left); + *cur_limb_left = mpi_uint_bigendian_to_host(*cur_limb_right); *cur_limb_right = tmp; } } @@ -789,18 +809,19 @@ static void mpi_bigendian_to_host( mbedtls_mpi_uint * const p, size_t limbs ) /* * Import X from unsigned binary data, little endian */ -int mbedtls_mpi_read_binary_le( mbedtls_mpi *X, - const unsigned char *buf, size_t buflen ) +int mbedtls_mpi_read_binary_le(mbedtls_mpi *X, + const unsigned char *buf, size_t buflen) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t i; - size_t const limbs = CHARS_TO_LIMBS( buflen ); + size_t const limbs = CHARS_TO_LIMBS(buflen); /* Ensure that target MPI has exactly the necessary number of limbs */ - MBEDTLS_MPI_CHK( mbedtls_mpi_resize_clear( X, limbs ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_resize_clear(X, limbs)); - for( i = 0; i < buflen; i++ ) + for (i = 0; i < buflen; i++) { X->p[i / ciL] |= ((mbedtls_mpi_uint) buf[i]) << ((i % ciL) << 3); + } cleanup: @@ -809,33 +830,32 @@ cleanup: * upon failure is not necessary because failure only can happen before any * input is copied. */ - return( ret ); + return ret; } /* * Import X from unsigned binary data, big endian */ -int mbedtls_mpi_read_binary( mbedtls_mpi *X, const unsigned char *buf, size_t buflen ) +int mbedtls_mpi_read_binary(mbedtls_mpi *X, const unsigned char *buf, size_t buflen) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t const limbs = CHARS_TO_LIMBS( buflen ); - size_t const overhead = ( limbs * ciL ) - buflen; + size_t const limbs = CHARS_TO_LIMBS(buflen); + size_t const overhead = (limbs * ciL) - buflen; unsigned char *Xp; - MPI_VALIDATE_RET( X != NULL ); - MPI_VALIDATE_RET( buflen == 0 || buf != NULL ); + MPI_VALIDATE_RET(X != NULL); + MPI_VALIDATE_RET(buflen == 0 || buf != NULL); /* Ensure that target MPI has exactly the necessary number of limbs */ - MBEDTLS_MPI_CHK( mbedtls_mpi_resize_clear( X, limbs ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_resize_clear(X, limbs)); /* Avoid calling `memcpy` with NULL source or destination argument, * even if buflen is 0. */ - if( buflen != 0 ) - { - Xp = (unsigned char*) X->p; - memcpy( Xp + overhead, buf, buflen ); + if (buflen != 0) { + Xp = (unsigned char *) X->p; + memcpy(Xp + overhead, buf, buflen); - mpi_bigendian_to_host( X->p, limbs ); + mpi_bigendian_to_host(X->p, limbs); } cleanup: @@ -845,66 +865,62 @@ cleanup: * upon failure is not necessary because failure only can happen before any * input is copied. */ - return( ret ); + return ret; } /* * Export X into unsigned binary data, little endian */ -int mbedtls_mpi_write_binary_le( const mbedtls_mpi *X, - unsigned char *buf, size_t buflen ) +int mbedtls_mpi_write_binary_le(const mbedtls_mpi *X, + unsigned char *buf, size_t buflen) { size_t stored_bytes = X->n * ciL; size_t bytes_to_copy; size_t i; - if( stored_bytes < buflen ) - { + if (stored_bytes < buflen) { bytes_to_copy = stored_bytes; - } - else - { + } else { bytes_to_copy = buflen; /* The output buffer is smaller than the allocated size of X. * However X may fit if its leading bytes are zero. */ - for( i = bytes_to_copy; i < stored_bytes; i++ ) - { - if( GET_BYTE( X, i ) != 0 ) - return( MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL ); + for (i = bytes_to_copy; i < stored_bytes; i++) { + if (GET_BYTE(X, i) != 0) { + return MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL; + } } } - for( i = 0; i < bytes_to_copy; i++ ) - buf[i] = GET_BYTE( X, i ); + for (i = 0; i < bytes_to_copy; i++) { + buf[i] = GET_BYTE(X, i); + } - if( stored_bytes < buflen ) - { + if (stored_bytes < buflen) { /* Write trailing 0 bytes */ - memset( buf + stored_bytes, 0, buflen - stored_bytes ); + memset(buf + stored_bytes, 0, buflen - stored_bytes); } - return( 0 ); + return 0; } /* * Export X into unsigned binary data, big endian */ -int mbedtls_mpi_write_binary( const mbedtls_mpi *X, - unsigned char *buf, size_t buflen ) +int mbedtls_mpi_write_binary(const mbedtls_mpi *X, + unsigned char *buf, size_t buflen) { size_t stored_bytes; size_t bytes_to_copy; unsigned char *p; size_t i; - MPI_VALIDATE_RET( X != NULL ); - MPI_VALIDATE_RET( buflen == 0 || buf != NULL ); + MPI_VALIDATE_RET(X != NULL); + MPI_VALIDATE_RET(buflen == 0 || buf != NULL); stored_bytes = X->n * ciL; - if( stored_bytes < buflen ) - { + if (stored_bytes < buflen) { /* There is enough space in the output buffer. Write initial * null bytes and record the position at which to start * writing the significant bytes. In this case, the execution @@ -912,66 +928,65 @@ int mbedtls_mpi_write_binary( const mbedtls_mpi *X, * number. */ bytes_to_copy = stored_bytes; p = buf + buflen - stored_bytes; - memset( buf, 0, buflen - stored_bytes ); - } - else - { + memset(buf, 0, buflen - stored_bytes); + } else { /* The output buffer is smaller than the allocated size of X. * However X may fit if its leading bytes are zero. */ bytes_to_copy = buflen; p = buf; - for( i = bytes_to_copy; i < stored_bytes; i++ ) - { - if( GET_BYTE( X, i ) != 0 ) - return( MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL ); + for (i = bytes_to_copy; i < stored_bytes; i++) { + if (GET_BYTE(X, i) != 0) { + return MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL; + } } } - for( i = 0; i < bytes_to_copy; i++ ) - p[bytes_to_copy - i - 1] = GET_BYTE( X, i ); + for (i = 0; i < bytes_to_copy; i++) { + p[bytes_to_copy - i - 1] = GET_BYTE(X, i); + } - return( 0 ); + return 0; } /* * Left-shift: X <<= count */ -int mbedtls_mpi_shift_l( mbedtls_mpi *X, size_t count ) +int mbedtls_mpi_shift_l(mbedtls_mpi *X, size_t count) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t i, v0, t1; mbedtls_mpi_uint r0 = 0, r1; - MPI_VALIDATE_RET( X != NULL ); + MPI_VALIDATE_RET(X != NULL); - v0 = count / (biL ); + v0 = count / (biL); t1 = count & (biL - 1); - i = mbedtls_mpi_bitlen( X ) + count; + i = mbedtls_mpi_bitlen(X) + count; - if( X->n * biL < i ) - MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, BITS_TO_LIMBS( i ) ) ); + if (X->n * biL < i) { + MBEDTLS_MPI_CHK(mbedtls_mpi_grow(X, BITS_TO_LIMBS(i))); + } ret = 0; /* * shift by count / limb_size */ - if( v0 > 0 ) - { - for( i = X->n; i > v0; i-- ) + if (v0 > 0) { + for (i = X->n; i > v0; i--) { X->p[i - 1] = X->p[i - v0 - 1]; + } - for( ; i > 0; i-- ) + for (; i > 0; i--) { X->p[i - 1] = 0; + } } /* * shift by count % limb_size */ - if( t1 > 0 ) - { - for( i = v0; i < X->n; i++ ) - { + if (t1 > 0) { + for (i = v0; i < X->n; i++) { r1 = X->p[i] >> (biL - t1); X->p[i] <<= t1; X->p[i] |= r0; @@ -981,43 +996,43 @@ int mbedtls_mpi_shift_l( mbedtls_mpi *X, size_t count ) cleanup: - return( ret ); + return ret; } /* * Right-shift: X >>= count */ -int mbedtls_mpi_shift_r( mbedtls_mpi *X, size_t count ) +int mbedtls_mpi_shift_r(mbedtls_mpi *X, size_t count) { size_t i, v0, v1; mbedtls_mpi_uint r0 = 0, r1; - MPI_VALIDATE_RET( X != NULL ); + MPI_VALIDATE_RET(X != NULL); v0 = count / biL; v1 = count & (biL - 1); - if( v0 > X->n || ( v0 == X->n && v1 > 0 ) ) - return mbedtls_mpi_lset( X, 0 ); + if (v0 > X->n || (v0 == X->n && v1 > 0)) { + return mbedtls_mpi_lset(X, 0); + } /* * shift by count / limb_size */ - if( v0 > 0 ) - { - for( i = 0; i < X->n - v0; i++ ) + if (v0 > 0) { + for (i = 0; i < X->n - v0; i++) { X->p[i] = X->p[i + v0]; + } - for( ; i < X->n; i++ ) + for (; i < X->n; i++) { X->p[i] = 0; + } } /* * shift by count % limb_size */ - if( v1 > 0 ) - { - for( i = X->n; i > 0; i-- ) - { + if (v1 > 0) { + for (i = X->n; i > 0; i--) { r1 = X->p[i - 1] << (biL - v1); X->p[i - 1] >>= v1; X->p[i - 1] |= r0; @@ -1025,155 +1040,183 @@ int mbedtls_mpi_shift_r( mbedtls_mpi *X, size_t count ) } } - return( 0 ); + return 0; } /* * Compare unsigned values */ -int mbedtls_mpi_cmp_abs( const mbedtls_mpi *X, const mbedtls_mpi *Y ) +int mbedtls_mpi_cmp_abs(const mbedtls_mpi *X, const mbedtls_mpi *Y) { size_t i, j; - MPI_VALIDATE_RET( X != NULL ); - MPI_VALIDATE_RET( Y != NULL ); + MPI_VALIDATE_RET(X != NULL); + MPI_VALIDATE_RET(Y != NULL); - for( i = X->n; i > 0; i-- ) - if( X->p[i - 1] != 0 ) + for (i = X->n; i > 0; i--) { + if (X->p[i - 1] != 0) { break; + } + } - for( j = Y->n; j > 0; j-- ) - if( Y->p[j - 1] != 0 ) + for (j = Y->n; j > 0; j--) { + if (Y->p[j - 1] != 0) { break; + } + } - if( i == 0 && j == 0 ) - return( 0 ); + if (i == 0 && j == 0) { + return 0; + } - if( i > j ) return( 1 ); - if( j > i ) return( -1 ); + if (i > j) { + return 1; + } + if (j > i) { + return -1; + } - for( ; i > 0; i-- ) - { - if( X->p[i - 1] > Y->p[i - 1] ) return( 1 ); - if( X->p[i - 1] < Y->p[i - 1] ) return( -1 ); + for (; i > 0; i--) { + if (X->p[i - 1] > Y->p[i - 1]) { + return 1; + } + if (X->p[i - 1] < Y->p[i - 1]) { + return -1; + } } - return( 0 ); + return 0; } /* * Compare signed values */ -int mbedtls_mpi_cmp_mpi( const mbedtls_mpi *X, const mbedtls_mpi *Y ) +int mbedtls_mpi_cmp_mpi(const mbedtls_mpi *X, const mbedtls_mpi *Y) { size_t i, j; - MPI_VALIDATE_RET( X != NULL ); - MPI_VALIDATE_RET( Y != NULL ); + MPI_VALIDATE_RET(X != NULL); + MPI_VALIDATE_RET(Y != NULL); - for( i = X->n; i > 0; i-- ) - if( X->p[i - 1] != 0 ) + for (i = X->n; i > 0; i--) { + if (X->p[i - 1] != 0) { break; + } + } - for( j = Y->n; j > 0; j-- ) - if( Y->p[j - 1] != 0 ) + for (j = Y->n; j > 0; j--) { + if (Y->p[j - 1] != 0) { break; + } + } - if( i == 0 && j == 0 ) - return( 0 ); + if (i == 0 && j == 0) { + return 0; + } - if( i > j ) return( X->s ); - if( j > i ) return( -Y->s ); + if (i > j) { + return X->s; + } + if (j > i) { + return -Y->s; + } - if( X->s > 0 && Y->s < 0 ) return( 1 ); - if( Y->s > 0 && X->s < 0 ) return( -1 ); + if (X->s > 0 && Y->s < 0) { + return 1; + } + if (Y->s > 0 && X->s < 0) { + return -1; + } - for( ; i > 0; i-- ) - { - if( X->p[i - 1] > Y->p[i - 1] ) return( X->s ); - if( X->p[i - 1] < Y->p[i - 1] ) return( -X->s ); + for (; i > 0; i--) { + if (X->p[i - 1] > Y->p[i - 1]) { + return X->s; + } + if (X->p[i - 1] < Y->p[i - 1]) { + return -X->s; + } } - return( 0 ); + return 0; } /* * Compare signed values */ -int mbedtls_mpi_cmp_int( const mbedtls_mpi *X, mbedtls_mpi_sint z ) +int mbedtls_mpi_cmp_int(const mbedtls_mpi *X, mbedtls_mpi_sint z) { mbedtls_mpi Y; mbedtls_mpi_uint p[1]; - MPI_VALIDATE_RET( X != NULL ); + MPI_VALIDATE_RET(X != NULL); - *p = mpi_sint_abs( z ); - Y.s = ( z < 0 ) ? -1 : 1; + *p = mpi_sint_abs(z); + Y.s = (z < 0) ? -1 : 1; Y.n = 1; Y.p = p; - return( mbedtls_mpi_cmp_mpi( X, &Y ) ); + return mbedtls_mpi_cmp_mpi(X, &Y); } /* * Unsigned addition: X = |A| + |B| (HAC 14.7) */ -int mbedtls_mpi_add_abs( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B ) +int mbedtls_mpi_add_abs(mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t i, j; mbedtls_mpi_uint *o, *p, c, tmp; - MPI_VALIDATE_RET( X != NULL ); - MPI_VALIDATE_RET( A != NULL ); - MPI_VALIDATE_RET( B != NULL ); + MPI_VALIDATE_RET(X != NULL); + MPI_VALIDATE_RET(A != NULL); + MPI_VALIDATE_RET(B != NULL); - if( X == B ) - { + if (X == B) { const mbedtls_mpi *T = A; A = X; B = T; } - if( X != A ) - MBEDTLS_MPI_CHK( mbedtls_mpi_copy( X, A ) ); + if (X != A) { + MBEDTLS_MPI_CHK(mbedtls_mpi_copy(X, A)); + } /* * X should always be positive as a result of unsigned additions. */ X->s = 1; - for( j = B->n; j > 0; j-- ) - if( B->p[j - 1] != 0 ) + for (j = B->n; j > 0; j--) { + if (B->p[j - 1] != 0) { break; + } + } /* Exit early to avoid undefined behavior on NULL+0 when X->n == 0 * and B is 0 (of any size). */ - if( j == 0 ) - return( 0 ); + if (j == 0) { + return 0; + } - MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, j ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_grow(X, j)); o = B->p; p = X->p; c = 0; /* * tmp is used because it might happen that p == o */ - for( i = 0; i < j; i++, o++, p++ ) - { - tmp= *o; - *p += c; c = ( *p < c ); - *p += tmp; c += ( *p < tmp ); - } - - while( c != 0 ) - { - if( i >= X->n ) - { - MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, i + 1 ) ); + for (i = 0; i < j; i++, o++, p++) { + tmp = *o; + *p += c; c = (*p < c); + *p += tmp; c += (*p < tmp); + } + + while (c != 0) { + if (i >= X->n) { + MBEDTLS_MPI_CHK(mbedtls_mpi_grow(X, i + 1)); p = X->p + i; } - *p += c; c = ( *p < c ); i++; p++; + *p += c; c = (*p < c); i++; p++; } cleanup: - return( ret ); + return ret; } /** @@ -1193,65 +1236,66 @@ cleanup: * \return 1 if `l < r`. * 0 if `l >= r`. */ -static mbedtls_mpi_uint mpi_sub_hlp( size_t n, - mbedtls_mpi_uint *d, - const mbedtls_mpi_uint *l, - const mbedtls_mpi_uint *r ) +static mbedtls_mpi_uint mpi_sub_hlp(size_t n, + mbedtls_mpi_uint *d, + const mbedtls_mpi_uint *l, + const mbedtls_mpi_uint *r) { size_t i; mbedtls_mpi_uint c = 0, t, z; - for( i = 0; i < n; i++ ) - { - z = ( l[i] < c ); t = l[i] - c; - c = ( t < r[i] ) + z; d[i] = t - r[i]; + for (i = 0; i < n; i++) { + z = (l[i] < c); t = l[i] - c; + c = (t < r[i]) + z; d[i] = t - r[i]; } - return( c ); + return c; } /* * Unsigned subtraction: X = |A| - |B| (HAC 14.9, 14.10) */ -int mbedtls_mpi_sub_abs( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B ) +int mbedtls_mpi_sub_abs(mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t n; mbedtls_mpi_uint carry; - MPI_VALIDATE_RET( X != NULL ); - MPI_VALIDATE_RET( A != NULL ); - MPI_VALIDATE_RET( B != NULL ); + MPI_VALIDATE_RET(X != NULL); + MPI_VALIDATE_RET(A != NULL); + MPI_VALIDATE_RET(B != NULL); - for( n = B->n; n > 0; n-- ) - if( B->p[n - 1] != 0 ) + for (n = B->n; n > 0; n--) { + if (B->p[n - 1] != 0) { break; - if( n > A->n ) - { + } + } + if (n > A->n) { /* B >= (2^ciL)^n > A */ ret = MBEDTLS_ERR_MPI_NEGATIVE_VALUE; goto cleanup; } - MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, A->n ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_grow(X, A->n)); /* Set the high limbs of X to match A. Don't touch the lower limbs * because X might be aliased to B, and we must not overwrite the * significant digits of B. */ - if( A->n > n ) - memcpy( X->p + n, A->p + n, ( A->n - n ) * ciL ); - if( X->n > A->n ) - memset( X->p + A->n, 0, ( X->n - A->n ) * ciL ); - - carry = mpi_sub_hlp( n, X->p, A->p, B->p ); - if( carry != 0 ) - { + if (A->n > n && A != X) { + memcpy(X->p + n, A->p + n, (A->n - n) * ciL); + } + if (X->n > A->n) { + memset(X->p + A->n, 0, (X->n - A->n) * ciL); + } + + carry = mpi_sub_hlp(n, X->p, A->p, B->p); + if (carry != 0) { /* Propagate the carry to the first nonzero limb of X. */ - for( ; n < X->n && X->p[n] == 0; n++ ) + for (; n < X->n && X->p[n] == 0; n++) { --X->p[n]; + } /* If we ran out of space for the carry, it means that the result * is negative. */ - if( n == X->n ) - { + if (n == X->n) { ret = MBEDTLS_ERR_MPI_NEGATIVE_VALUE; goto cleanup; } @@ -1262,101 +1306,95 @@ int mbedtls_mpi_sub_abs( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi X->s = 1; cleanup: - return( ret ); + return ret; } /* Common function for signed addition and subtraction. * Calculate A + B * flip_B where flip_B is 1 or -1. */ -static int add_sub_mpi( mbedtls_mpi *X, - const mbedtls_mpi *A, const mbedtls_mpi *B, - int flip_B ) +static int add_sub_mpi(mbedtls_mpi *X, + const mbedtls_mpi *A, const mbedtls_mpi *B, + int flip_B) { int ret, s; - MPI_VALIDATE_RET( X != NULL ); - MPI_VALIDATE_RET( A != NULL ); - MPI_VALIDATE_RET( B != NULL ); + MPI_VALIDATE_RET(X != NULL); + MPI_VALIDATE_RET(A != NULL); + MPI_VALIDATE_RET(B != NULL); s = A->s; - if( A->s * B->s * flip_B < 0 ) - { - int cmp = mbedtls_mpi_cmp_abs( A, B ); - if( cmp >= 0 ) - { - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_abs( X, A, B ) ); + if (A->s * B->s * flip_B < 0) { + int cmp = mbedtls_mpi_cmp_abs(A, B); + if (cmp >= 0) { + MBEDTLS_MPI_CHK(mbedtls_mpi_sub_abs(X, A, B)); /* If |A| = |B|, the result is 0 and we must set the sign bit * to +1 regardless of which of A or B was negative. Otherwise, * since |A| > |B|, the sign is the sign of A. */ X->s = cmp == 0 ? 1 : s; - } - else - { - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_abs( X, B, A ) ); + } else { + MBEDTLS_MPI_CHK(mbedtls_mpi_sub_abs(X, B, A)); /* Since |A| < |B|, the sign is the opposite of A. */ X->s = -s; } - } - else - { - MBEDTLS_MPI_CHK( mbedtls_mpi_add_abs( X, A, B ) ); + } else { + MBEDTLS_MPI_CHK(mbedtls_mpi_add_abs(X, A, B)); X->s = s; } cleanup: - return( ret ); + return ret; } /* * Signed addition: X = A + B */ -int mbedtls_mpi_add_mpi( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B ) +int mbedtls_mpi_add_mpi(mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B) { - return( add_sub_mpi( X, A, B, 1 ) ); + return add_sub_mpi(X, A, B, 1); } /* * Signed subtraction: X = A - B */ -int mbedtls_mpi_sub_mpi( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B ) +int mbedtls_mpi_sub_mpi(mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B) { - return( add_sub_mpi( X, A, B, -1 ) ); + return add_sub_mpi(X, A, B, -1); } /* * Signed addition: X = A + b */ -int mbedtls_mpi_add_int( mbedtls_mpi *X, const mbedtls_mpi *A, mbedtls_mpi_sint b ) +int mbedtls_mpi_add_int(mbedtls_mpi *X, const mbedtls_mpi *A, mbedtls_mpi_sint b) { mbedtls_mpi B; mbedtls_mpi_uint p[1]; - MPI_VALIDATE_RET( X != NULL ); - MPI_VALIDATE_RET( A != NULL ); + MPI_VALIDATE_RET(X != NULL); + MPI_VALIDATE_RET(A != NULL); - p[0] = mpi_sint_abs( b ); - B.s = ( b < 0 ) ? -1 : 1; + p[0] = mpi_sint_abs(b); + B.s = (b < 0) ? -1 : 1; B.n = 1; B.p = p; - return( mbedtls_mpi_add_mpi( X, A, &B ) ); + return mbedtls_mpi_add_mpi(X, A, &B); } /* * Signed subtraction: X = A - b */ -int mbedtls_mpi_sub_int( mbedtls_mpi *X, const mbedtls_mpi *A, mbedtls_mpi_sint b ) +int mbedtls_mpi_sub_int(mbedtls_mpi *X, const mbedtls_mpi *A, mbedtls_mpi_sint b) { mbedtls_mpi B; mbedtls_mpi_uint p[1]; - MPI_VALIDATE_RET( X != NULL ); - MPI_VALIDATE_RET( A != NULL ); + MPI_VALIDATE_RET(X != NULL); + MPI_VALIDATE_RET(A != NULL); - p[0] = mpi_sint_abs( b ); - B.s = ( b < 0 ) ? -1 : 1; + p[0] = mpi_sint_abs(b); + B.s = (b < 0) ? -1 : 1; B.n = 1; B.p = p; - return( mbedtls_mpi_sub_mpi( X, A, &B ) ); + return mbedtls_mpi_sub_mpi(X, A, &B); } /** Helper for mbedtls_mpi multiplication. @@ -1381,32 +1419,30 @@ static * Apple LLVM version 4.2 (clang-425.0.24) (based on LLVM 3.2svn) * appears to need this to prevent bad ARM code generation at -O3. */ -__attribute__ ((noinline)) +__attribute__((noinline)) #endif -void mpi_mul_hlp( size_t i, - const mbedtls_mpi_uint *s, - mbedtls_mpi_uint *d, - mbedtls_mpi_uint b ) +void mpi_mul_hlp(size_t i, + const mbedtls_mpi_uint *s, + mbedtls_mpi_uint *d, + mbedtls_mpi_uint b) { mbedtls_mpi_uint c = 0, t = 0; + (void) t; /* Unused in some architectures */ #if defined(MULADDC_HUIT) - for( ; i >= 8; i -= 8 ) - { + for (; i >= 8; i -= 8) { MULADDC_INIT MULADDC_HUIT - MULADDC_STOP + MULADDC_STOP } - for( ; i > 0; i-- ) - { + for (; i > 0; i--) { MULADDC_INIT MULADDC_CORE - MULADDC_STOP + MULADDC_STOP } #else /* MULADDC_HUIT */ - for( ; i >= 16; i -= 16 ) - { + for (; i >= 16; i -= 16) { MULADDC_INIT MULADDC_CORE MULADDC_CORE MULADDC_CORE MULADDC_CORE @@ -1417,106 +1453,113 @@ void mpi_mul_hlp( size_t i, MULADDC_CORE MULADDC_CORE MULADDC_CORE MULADDC_CORE MULADDC_CORE MULADDC_CORE - MULADDC_STOP + MULADDC_STOP } - for( ; i >= 8; i -= 8 ) - { + for (; i >= 8; i -= 8) { MULADDC_INIT MULADDC_CORE MULADDC_CORE MULADDC_CORE MULADDC_CORE MULADDC_CORE MULADDC_CORE MULADDC_CORE MULADDC_CORE - MULADDC_STOP + MULADDC_STOP } - for( ; i > 0; i-- ) - { + for (; i > 0; i--) { MULADDC_INIT MULADDC_CORE - MULADDC_STOP + MULADDC_STOP } #endif /* MULADDC_HUIT */ - t++; - - while( c != 0 ) - { - *d += c; c = ( *d < c ); d++; + while (c != 0) { + *d += c; c = (*d < c); d++; } } /* * Baseline multiplication: X = A * B (HAC 14.12) */ -int mbedtls_mpi_mul_mpi( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B ) +int mbedtls_mpi_mul_mpi(mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t i, j; mbedtls_mpi TA, TB; int result_is_zero = 0; - MPI_VALIDATE_RET( X != NULL ); - MPI_VALIDATE_RET( A != NULL ); - MPI_VALIDATE_RET( B != NULL ); + MPI_VALIDATE_RET(X != NULL); + MPI_VALIDATE_RET(A != NULL); + MPI_VALIDATE_RET(B != NULL); - mbedtls_mpi_init( &TA ); mbedtls_mpi_init( &TB ); + mbedtls_mpi_init(&TA); mbedtls_mpi_init(&TB); - if( X == A ) { MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &TA, A ) ); A = &TA; } - if( X == B ) { MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &TB, B ) ); B = &TB; } + if (X == A) { + MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&TA, A)); A = &TA; + } + if (X == B) { + MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&TB, B)); B = &TB; + } - for( i = A->n; i > 0; i-- ) - if( A->p[i - 1] != 0 ) + for (i = A->n; i > 0; i--) { + if (A->p[i - 1] != 0) { break; - if( i == 0 ) + } + } + if (i == 0) { result_is_zero = 1; + } - for( j = B->n; j > 0; j-- ) - if( B->p[j - 1] != 0 ) + for (j = B->n; j > 0; j--) { + if (B->p[j - 1] != 0) { break; - if( j == 0 ) + } + } + if (j == 0) { result_is_zero = 1; + } - MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, i + j ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_lset( X, 0 ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_grow(X, i + j)); + MBEDTLS_MPI_CHK(mbedtls_mpi_lset(X, 0)); - for( ; j > 0; j-- ) - mpi_mul_hlp( i, A->p, X->p + j - 1, B->p[j - 1] ); + for (; j > 0; j--) { + mpi_mul_hlp(i, A->p, X->p + j - 1, B->p[j - 1]); + } /* If the result is 0, we don't shortcut the operation, which reduces * but does not eliminate side channels leaking the zero-ness. We do * need to take care to set the sign bit properly since the library does * not fully support an MPI object with a value of 0 and s == -1. */ - if( result_is_zero ) + if (result_is_zero) { X->s = 1; - else + } else { X->s = A->s * B->s; + } cleanup: - mbedtls_mpi_free( &TB ); mbedtls_mpi_free( &TA ); + mbedtls_mpi_free(&TB); mbedtls_mpi_free(&TA); - return( ret ); + return ret; } /* * Baseline multiplication: X = A * b */ -int mbedtls_mpi_mul_int( mbedtls_mpi *X, const mbedtls_mpi *A, mbedtls_mpi_uint b ) +int mbedtls_mpi_mul_int(mbedtls_mpi *X, const mbedtls_mpi *A, mbedtls_mpi_uint b) { - MPI_VALIDATE_RET( X != NULL ); - MPI_VALIDATE_RET( A != NULL ); + MPI_VALIDATE_RET(X != NULL); + MPI_VALIDATE_RET(A != NULL); /* mpi_mul_hlp can't deal with a leading 0. */ size_t n = A->n; - while( n > 0 && A->p[n - 1] == 0 ) + while (n > 0 && A->p[n - 1] == 0) { --n; + } /* The general method below doesn't work if n==0 or b==0. By chance * calculating the result is trivial in those cases. */ - if( b == 0 || n == 0 ) - { - return( mbedtls_mpi_lset( X, 0 ) ); + if (b == 0 || n == 0) { + return mbedtls_mpi_lset(X, 0); } /* Calculate A*b as A + A*(b-1) to take advantage of mpi_mul_hlp */ @@ -1529,26 +1572,28 @@ int mbedtls_mpi_mul_int( mbedtls_mpi *X, const mbedtls_mpi *A, mbedtls_mpi_uint * calls to calloc() in ECP code, presumably because it reuses the * same mpi for a while and this way the mpi is more likely to directly * grow to its final size. */ - MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, n + 1 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_copy( X, A ) ); - mpi_mul_hlp( n, A->p, X->p, b - 1 ); + MBEDTLS_MPI_CHK(mbedtls_mpi_grow(X, n + 1)); + MBEDTLS_MPI_CHK(mbedtls_mpi_copy(X, A)); + mpi_mul_hlp(n, A->p, X->p, b - 1); cleanup: - return( ret ); + return ret; } /* * Unsigned integer divide - double mbedtls_mpi_uint dividend, u1/u0, and * mbedtls_mpi_uint divisor, d */ -static mbedtls_mpi_uint mbedtls_int_div_int( mbedtls_mpi_uint u1, - mbedtls_mpi_uint u0, mbedtls_mpi_uint d, mbedtls_mpi_uint *r ) +static mbedtls_mpi_uint mbedtls_int_div_int(mbedtls_mpi_uint u1, + mbedtls_mpi_uint u0, + mbedtls_mpi_uint d, + mbedtls_mpi_uint *r) { #if defined(MBEDTLS_HAVE_UDBL) mbedtls_t_udbl dividend, quotient; #else const mbedtls_mpi_uint radix = (mbedtls_mpi_uint) 1 << biH; - const mbedtls_mpi_uint uint_halfword_mask = ( (mbedtls_mpi_uint) 1 << biH ) - 1; + const mbedtls_mpi_uint uint_halfword_mask = ((mbedtls_mpi_uint) 1 << biH) - 1; mbedtls_mpi_uint d0, d1, q0, q1, rAX, r0, quotient; mbedtls_mpi_uint u0_msw, u0_lsw; size_t s; @@ -1557,22 +1602,25 @@ static mbedtls_mpi_uint mbedtls_int_div_int( mbedtls_mpi_uint u1, /* * Check for overflow */ - if( 0 == d || u1 >= d ) - { - if (r != NULL) *r = ~0; + if (0 == d || u1 >= d) { + if (r != NULL) { + *r = ~(mbedtls_mpi_uint) 0u; + } - return ( ~0 ); + return ~(mbedtls_mpi_uint) 0u; } #if defined(MBEDTLS_HAVE_UDBL) dividend = (mbedtls_t_udbl) u1 << biL; dividend |= (mbedtls_t_udbl) u0; quotient = dividend / d; - if( quotient > ( (mbedtls_t_udbl) 1 << biL ) - 1 ) - quotient = ( (mbedtls_t_udbl) 1 << biL ) - 1; + if (quotient > ((mbedtls_t_udbl) 1 << biL) - 1) { + quotient = ((mbedtls_t_udbl) 1 << biL) - 1; + } - if( r != NULL ) - *r = (mbedtls_mpi_uint)( dividend - (quotient * d ) ); + if (r != NULL) { + *r = (mbedtls_mpi_uint) (dividend - (quotient * d)); + } return (mbedtls_mpi_uint) quotient; #else @@ -1585,11 +1633,11 @@ static mbedtls_mpi_uint mbedtls_int_div_int( mbedtls_mpi_uint u1, /* * Normalize the divisor, d, and dividend, u0, u1 */ - s = mbedtls_clz( d ); + s = mbedtls_clz(d); d = d << s; u1 = u1 << s; - u1 |= ( u0 >> ( biL - s ) ) & ( -(mbedtls_mpi_sint)s >> ( biL - 1 ) ); + u1 |= (u0 >> (biL - s)) & (-(mbedtls_mpi_sint) s >> (biL - 1)); u0 = u0 << s; d1 = d >> biH; @@ -1604,28 +1652,31 @@ static mbedtls_mpi_uint mbedtls_int_div_int( mbedtls_mpi_uint u1, q1 = u1 / d1; r0 = u1 - d1 * q1; - while( q1 >= radix || ( q1 * d0 > radix * r0 + u0_msw ) ) - { + while (q1 >= radix || (q1 * d0 > radix * r0 + u0_msw)) { q1 -= 1; r0 += d1; - if ( r0 >= radix ) break; + if (r0 >= radix) { + break; + } } - rAX = ( u1 * radix ) + ( u0_msw - q1 * d ); + rAX = (u1 * radix) + (u0_msw - q1 * d); q0 = rAX / d1; r0 = rAX - q0 * d1; - while( q0 >= radix || ( q0 * d0 > radix * r0 + u0_lsw ) ) - { + while (q0 >= radix || (q0 * d0 > radix * r0 + u0_lsw)) { q0 -= 1; r0 += d1; - if ( r0 >= radix ) break; + if (r0 >= radix) { + break; + } } - if (r != NULL) - *r = ( rAX * radix + u0_lsw - q0 * d ) >> s; + if (r != NULL) { + *r = (rAX * radix + u0_lsw - q0 * d) >> s; + } quotient = q1 * radix + q0; @@ -1636,21 +1687,22 @@ static mbedtls_mpi_uint mbedtls_int_div_int( mbedtls_mpi_uint u1, /* * Division by mbedtls_mpi: A = Q * B + R (HAC 14.20) */ -int mbedtls_mpi_div_mpi( mbedtls_mpi *Q, mbedtls_mpi *R, const mbedtls_mpi *A, - const mbedtls_mpi *B ) +int mbedtls_mpi_div_mpi(mbedtls_mpi *Q, mbedtls_mpi *R, const mbedtls_mpi *A, + const mbedtls_mpi *B) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t i, n, t, k; mbedtls_mpi X, Y, Z, T1, T2; mbedtls_mpi_uint TP2[3]; - MPI_VALIDATE_RET( A != NULL ); - MPI_VALIDATE_RET( B != NULL ); + MPI_VALIDATE_RET(A != NULL); + MPI_VALIDATE_RET(B != NULL); - if( mbedtls_mpi_cmp_int( B, 0 ) == 0 ) - return( MBEDTLS_ERR_MPI_DIVISION_BY_ZERO ); + if (mbedtls_mpi_cmp_int(B, 0) == 0) { + return MBEDTLS_ERR_MPI_DIVISION_BY_ZERO; + } - mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y ); mbedtls_mpi_init( &Z ); - mbedtls_mpi_init( &T1 ); + mbedtls_mpi_init(&X); mbedtls_mpi_init(&Y); mbedtls_mpi_init(&Z); + mbedtls_mpi_init(&T1); /* * Avoid dynamic memory allocations for constant-size T2. * @@ -1659,196 +1711,194 @@ int mbedtls_mpi_div_mpi( mbedtls_mpi *Q, mbedtls_mpi *R, const mbedtls_mpi *A, * buffer. */ T2.s = 1; - T2.n = sizeof( TP2 ) / sizeof( *TP2 ); + T2.n = sizeof(TP2) / sizeof(*TP2); T2.p = TP2; - if( mbedtls_mpi_cmp_abs( A, B ) < 0 ) - { - if( Q != NULL ) MBEDTLS_MPI_CHK( mbedtls_mpi_lset( Q, 0 ) ); - if( R != NULL ) MBEDTLS_MPI_CHK( mbedtls_mpi_copy( R, A ) ); - return( 0 ); + if (mbedtls_mpi_cmp_abs(A, B) < 0) { + if (Q != NULL) { + MBEDTLS_MPI_CHK(mbedtls_mpi_lset(Q, 0)); + } + if (R != NULL) { + MBEDTLS_MPI_CHK(mbedtls_mpi_copy(R, A)); + } + return 0; } - MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &X, A ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &Y, B ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&X, A)); + MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&Y, B)); X.s = Y.s = 1; - MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &Z, A->n + 2 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &Z, 0 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &T1, A->n + 2 ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_grow(&Z, A->n + 2)); + MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&Z, 0)); + MBEDTLS_MPI_CHK(mbedtls_mpi_grow(&T1, A->n + 2)); - k = mbedtls_mpi_bitlen( &Y ) % biL; - if( k < biL - 1 ) - { + k = mbedtls_mpi_bitlen(&Y) % biL; + if (k < biL - 1) { k = biL - 1 - k; - MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l( &X, k ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l( &Y, k ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_shift_l(&X, k)); + MBEDTLS_MPI_CHK(mbedtls_mpi_shift_l(&Y, k)); + } else { + k = 0; } - else k = 0; n = X.n - 1; t = Y.n - 1; - MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l( &Y, biL * ( n - t ) ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_shift_l(&Y, biL * (n - t))); - while( mbedtls_mpi_cmp_mpi( &X, &Y ) >= 0 ) - { + while (mbedtls_mpi_cmp_mpi(&X, &Y) >= 0) { Z.p[n - t]++; - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &X, &X, &Y ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mpi(&X, &X, &Y)); } - MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &Y, biL * ( n - t ) ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_shift_r(&Y, biL * (n - t))); - for( i = n; i > t ; i-- ) - { - if( X.p[i] >= Y.p[t] ) - Z.p[i - t - 1] = ~0; - else - { - Z.p[i - t - 1] = mbedtls_int_div_int( X.p[i], X.p[i - 1], - Y.p[t], NULL); + for (i = n; i > t; i--) { + if (X.p[i] >= Y.p[t]) { + Z.p[i - t - 1] = ~(mbedtls_mpi_uint) 0u; + } else { + Z.p[i - t - 1] = mbedtls_int_div_int(X.p[i], X.p[i - 1], + Y.p[t], NULL); } - T2.p[0] = ( i < 2 ) ? 0 : X.p[i - 2]; - T2.p[1] = ( i < 1 ) ? 0 : X.p[i - 1]; + T2.p[0] = (i < 2) ? 0 : X.p[i - 2]; + T2.p[1] = (i < 1) ? 0 : X.p[i - 1]; T2.p[2] = X.p[i]; Z.p[i - t - 1]++; - do - { + do { Z.p[i - t - 1]--; - MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &T1, 0 ) ); - T1.p[0] = ( t < 1 ) ? 0 : Y.p[t - 1]; + MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&T1, 0)); + T1.p[0] = (t < 1) ? 0 : Y.p[t - 1]; T1.p[1] = Y.p[t]; - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_int( &T1, &T1, Z.p[i - t - 1] ) ); - } - while( mbedtls_mpi_cmp_mpi( &T1, &T2 ) > 0 ); + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_int(&T1, &T1, Z.p[i - t - 1])); + } while (mbedtls_mpi_cmp_mpi(&T1, &T2) > 0); - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_int( &T1, &Y, Z.p[i - t - 1] ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l( &T1, biL * ( i - t - 1 ) ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &X, &X, &T1 ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_int(&T1, &Y, Z.p[i - t - 1])); + MBEDTLS_MPI_CHK(mbedtls_mpi_shift_l(&T1, biL * (i - t - 1))); + MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mpi(&X, &X, &T1)); - if( mbedtls_mpi_cmp_int( &X, 0 ) < 0 ) - { - MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &T1, &Y ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l( &T1, biL * ( i - t - 1 ) ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &X, &X, &T1 ) ); + if (mbedtls_mpi_cmp_int(&X, 0) < 0) { + MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&T1, &Y)); + MBEDTLS_MPI_CHK(mbedtls_mpi_shift_l(&T1, biL * (i - t - 1))); + MBEDTLS_MPI_CHK(mbedtls_mpi_add_mpi(&X, &X, &T1)); Z.p[i - t - 1]--; } } - if( Q != NULL ) - { - MBEDTLS_MPI_CHK( mbedtls_mpi_copy( Q, &Z ) ); + if (Q != NULL) { + MBEDTLS_MPI_CHK(mbedtls_mpi_copy(Q, &Z)); Q->s = A->s * B->s; } - if( R != NULL ) - { - MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &X, k ) ); + if (R != NULL) { + MBEDTLS_MPI_CHK(mbedtls_mpi_shift_r(&X, k)); X.s = A->s; - MBEDTLS_MPI_CHK( mbedtls_mpi_copy( R, &X ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_copy(R, &X)); - if( mbedtls_mpi_cmp_int( R, 0 ) == 0 ) + if (mbedtls_mpi_cmp_int(R, 0) == 0) { R->s = 1; + } } cleanup: - mbedtls_mpi_free( &X ); mbedtls_mpi_free( &Y ); mbedtls_mpi_free( &Z ); - mbedtls_mpi_free( &T1 ); - mbedtls_platform_zeroize( TP2, sizeof( TP2 ) ); + mbedtls_mpi_free(&X); mbedtls_mpi_free(&Y); mbedtls_mpi_free(&Z); + mbedtls_mpi_free(&T1); + mbedtls_platform_zeroize(TP2, sizeof(TP2)); - return( ret ); + return ret; } /* * Division by int: A = Q * b + R */ -int mbedtls_mpi_div_int( mbedtls_mpi *Q, mbedtls_mpi *R, - const mbedtls_mpi *A, - mbedtls_mpi_sint b ) +int mbedtls_mpi_div_int(mbedtls_mpi *Q, mbedtls_mpi *R, + const mbedtls_mpi *A, + mbedtls_mpi_sint b) { mbedtls_mpi B; mbedtls_mpi_uint p[1]; - MPI_VALIDATE_RET( A != NULL ); + MPI_VALIDATE_RET(A != NULL); - p[0] = mpi_sint_abs( b ); - B.s = ( b < 0 ) ? -1 : 1; + p[0] = mpi_sint_abs(b); + B.s = (b < 0) ? -1 : 1; B.n = 1; B.p = p; - return( mbedtls_mpi_div_mpi( Q, R, A, &B ) ); + return mbedtls_mpi_div_mpi(Q, R, A, &B); } /* * Modulo: R = A mod B */ -int mbedtls_mpi_mod_mpi( mbedtls_mpi *R, const mbedtls_mpi *A, const mbedtls_mpi *B ) +int mbedtls_mpi_mod_mpi(mbedtls_mpi *R, const mbedtls_mpi *A, const mbedtls_mpi *B) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - MPI_VALIDATE_RET( R != NULL ); - MPI_VALIDATE_RET( A != NULL ); - MPI_VALIDATE_RET( B != NULL ); + MPI_VALIDATE_RET(R != NULL); + MPI_VALIDATE_RET(A != NULL); + MPI_VALIDATE_RET(B != NULL); - if( mbedtls_mpi_cmp_int( B, 0 ) < 0 ) - return( MBEDTLS_ERR_MPI_NEGATIVE_VALUE ); + if (mbedtls_mpi_cmp_int(B, 0) < 0) { + return MBEDTLS_ERR_MPI_NEGATIVE_VALUE; + } - MBEDTLS_MPI_CHK( mbedtls_mpi_div_mpi( NULL, R, A, B ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_div_mpi(NULL, R, A, B)); - while( mbedtls_mpi_cmp_int( R, 0 ) < 0 ) - MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( R, R, B ) ); + while (mbedtls_mpi_cmp_int(R, 0) < 0) { + MBEDTLS_MPI_CHK(mbedtls_mpi_add_mpi(R, R, B)); + } - while( mbedtls_mpi_cmp_mpi( R, B ) >= 0 ) - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( R, R, B ) ); + while (mbedtls_mpi_cmp_mpi(R, B) >= 0) { + MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mpi(R, R, B)); + } cleanup: - return( ret ); + return ret; } /* * Modulo: r = A mod b */ -int mbedtls_mpi_mod_int( mbedtls_mpi_uint *r, const mbedtls_mpi *A, mbedtls_mpi_sint b ) +int mbedtls_mpi_mod_int(mbedtls_mpi_uint *r, const mbedtls_mpi *A, mbedtls_mpi_sint b) { size_t i; mbedtls_mpi_uint x, y, z; - MPI_VALIDATE_RET( r != NULL ); - MPI_VALIDATE_RET( A != NULL ); + MPI_VALIDATE_RET(r != NULL); + MPI_VALIDATE_RET(A != NULL); - if( b == 0 ) - return( MBEDTLS_ERR_MPI_DIVISION_BY_ZERO ); + if (b == 0) { + return MBEDTLS_ERR_MPI_DIVISION_BY_ZERO; + } - if( b < 0 ) - return( MBEDTLS_ERR_MPI_NEGATIVE_VALUE ); + if (b < 0) { + return MBEDTLS_ERR_MPI_NEGATIVE_VALUE; + } /* * handle trivial cases */ - if( b == 1 || A->n == 0 ) - { + if (b == 1 || A->n == 0) { *r = 0; - return( 0 ); + return 0; } - if( b == 2 ) - { + if (b == 2) { *r = A->p[0] & 1; - return( 0 ); + return 0; } /* * general case */ - for( i = A->n, y = 0; i > 0; i-- ) - { + for (i = A->n, y = 0; i > 0; i--) { x = A->p[i - 1]; - y = ( y << biH ) | ( x >> biH ); + y = (y << biH) | (x >> biH); z = y / b; y -= z * b; x <<= biH; - y = ( y << biH ) | ( x >> biH ); + y = (y << biH) | (x >> biH); z = y / b; y -= z * b; } @@ -1857,27 +1907,29 @@ int mbedtls_mpi_mod_int( mbedtls_mpi_uint *r, const mbedtls_mpi *A, mbedtls_mpi_ * If A is negative, then the current y represents a negative value. * Flipping it to the positive side. */ - if( A->s < 0 && y != 0 ) + if (A->s < 0 && y != 0) { y = b - y; + } *r = y; - return( 0 ); + return 0; } /* * Fast Montgomery initialization (thanks to Tom St Denis) */ -static void mpi_montg_init( mbedtls_mpi_uint *mm, const mbedtls_mpi *N ) +static void mpi_montg_init(mbedtls_mpi_uint *mm, const mbedtls_mpi *N) { mbedtls_mpi_uint x, m0 = N->p[0]; unsigned int i; x = m0; - x += ( ( m0 + 2 ) & 4 ) << 1; + x += ((m0 + 2) & 4) << 1; - for( i = biL; i >= 8; i /= 2 ) - x *= ( 2 - ( m0 * x ) ); + for (i = biL; i >= 8; i /= 2) { + x *= (2 - (m0 * x)); + } *mm = ~x + 1; } @@ -1904,28 +1956,30 @@ static void mpi_montg_init( mbedtls_mpi_uint *mm, const mbedtls_mpi *N ) * Note that unlike the usual convention in the library * for `const mbedtls_mpi*`, the content of T can change. */ -static void mpi_montmul( mbedtls_mpi *A, const mbedtls_mpi *B, const mbedtls_mpi *N, mbedtls_mpi_uint mm, - const mbedtls_mpi *T ) +static void mpi_montmul(mbedtls_mpi *A, + const mbedtls_mpi *B, + const mbedtls_mpi *N, + mbedtls_mpi_uint mm, + const mbedtls_mpi *T) { size_t i, n, m; mbedtls_mpi_uint u0, u1, *d; - memset( T->p, 0, T->n * ciL ); + memset(T->p, 0, T->n * ciL); d = T->p; n = N->n; - m = ( B->n < n ) ? B->n : n; + m = (B->n < n) ? B->n : n; - for( i = 0; i < n; i++ ) - { + for (i = 0; i < n; i++) { /* * T = (T + u0*B + u1*N) / 2^biL */ u0 = A->p[i]; - u1 = ( d[0] + u0 * B->p[0] ) * mm; + u1 = (d[0] + u0 * B->p[0]) * mm; - mpi_mul_hlp( m, B->p, d, u0 ); - mpi_mul_hlp( n, N->p, d, u1 ); + mpi_mul_hlp(m, B->p, d, u0); + mpi_mul_hlp(n, N->p, d, u1); *d++ = u0; d[n + 1] = 0; } @@ -1936,19 +1990,19 @@ static void mpi_montmul( mbedtls_mpi *A, const mbedtls_mpi *B, const mbedtls_mpi /* Copy the n least significant limbs of d to A, so that * A = d if d < N (recall that N has n limbs). */ - memcpy( A->p, d, n * ciL ); + memcpy(A->p, d, n * ciL); /* If d >= N then we want to set A to d - N. To prevent timing attacks, * do the calculation without using conditional tests. */ /* Set d to d0 + (2^biL)^n - N where d0 is the current value of d. */ d[n] += 1; - d[n] -= mpi_sub_hlp( n, d, d, N->p ); + d[n] -= mpi_sub_hlp(n, d, d, N->p); /* If d0 < N then d < (2^biL)^n * so d[n] == 0 and we want to keep A as it is. * If d0 >= N then d >= (2^biL)^n, and d <= (2^biL)^n + N < 2 * (2^biL)^n * so d[n] == 1 and we want to set A to the result of the subtraction * which is d - (2^biL)^n, i.e. the n least significant limbs of d. * This exactly corresponds to a conditional assignment. */ - mbedtls_ct_mpi_uint_cond_assign( n, A->p, d, (unsigned char) d[n] ); + mbedtls_ct_mpi_uint_cond_assign(n, A->p, d, (unsigned char) d[n]); } /* @@ -1956,8 +2010,8 @@ static void mpi_montmul( mbedtls_mpi *A, const mbedtls_mpi *B, const mbedtls_mpi * * See mpi_montmul() regarding constraints and guarantees on the parameters. */ -static void mpi_montred( mbedtls_mpi *A, const mbedtls_mpi *N, - mbedtls_mpi_uint mm, const mbedtls_mpi *T ) +static void mpi_montred(mbedtls_mpi *A, const mbedtls_mpi *N, + mbedtls_mpi_uint mm, const mbedtls_mpi *T) { mbedtls_mpi_uint z = 1; mbedtls_mpi U; @@ -1965,7 +2019,7 @@ static void mpi_montred( mbedtls_mpi *A, const mbedtls_mpi *N, U.n = U.s = (int) z; U.p = &z; - mpi_montmul( A, &U, N, mm, T ); + mpi_montmul(A, &U, N, mm, T); } /** @@ -1983,67 +2037,72 @@ static void mpi_montred( mbedtls_mpi *A, const mbedtls_mpi *N, * * \return \c 0 on success, or a negative error code. */ -static int mpi_select( mbedtls_mpi *R, const mbedtls_mpi *T, size_t T_size, size_t idx ) +static int mpi_select(mbedtls_mpi *R, const mbedtls_mpi *T, size_t T_size, size_t idx) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - for( size_t i = 0; i < T_size; i++ ) - { - MBEDTLS_MPI_CHK( mbedtls_mpi_safe_cond_assign( R, &T[i], - (unsigned char) mbedtls_ct_size_bool_eq( i, idx ) ) ); + for (size_t i = 0; i < T_size; i++) { + MBEDTLS_MPI_CHK(mbedtls_mpi_safe_cond_assign(R, &T[i], + (unsigned char) mbedtls_ct_size_bool_eq(i, + idx))); } cleanup: - return( ret ); + return ret; } /* * Sliding-window exponentiation: X = A^E mod N (HAC 14.85) */ -int mbedtls_mpi_exp_mod( mbedtls_mpi *X, const mbedtls_mpi *A, - const mbedtls_mpi *E, const mbedtls_mpi *N, - mbedtls_mpi *prec_RR ) +int mbedtls_mpi_exp_mod(mbedtls_mpi *X, const mbedtls_mpi *A, + const mbedtls_mpi *E, const mbedtls_mpi *N, + mbedtls_mpi *prec_RR) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t window_bitsize; size_t i, j, nblimbs; size_t bufsize, nbits; + size_t exponent_bits_in_window = 0; mbedtls_mpi_uint ei, mm, state; - mbedtls_mpi RR, T, W[ (size_t) 1 << MBEDTLS_MPI_WINDOW_SIZE ], WW, Apos; + mbedtls_mpi RR, T, W[(size_t) 1 << MBEDTLS_MPI_WINDOW_SIZE], WW, Apos; int neg; - MPI_VALIDATE_RET( X != NULL ); - MPI_VALIDATE_RET( A != NULL ); - MPI_VALIDATE_RET( E != NULL ); - MPI_VALIDATE_RET( N != NULL ); + MPI_VALIDATE_RET(X != NULL); + MPI_VALIDATE_RET(A != NULL); + MPI_VALIDATE_RET(E != NULL); + MPI_VALIDATE_RET(N != NULL); - if( mbedtls_mpi_cmp_int( N, 0 ) <= 0 || ( N->p[0] & 1 ) == 0 ) - return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA ); + if (mbedtls_mpi_cmp_int(N, 0) <= 0 || (N->p[0] & 1) == 0) { + return MBEDTLS_ERR_MPI_BAD_INPUT_DATA; + } - if( mbedtls_mpi_cmp_int( E, 0 ) < 0 ) - return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA ); + if (mbedtls_mpi_cmp_int(E, 0) < 0) { + return MBEDTLS_ERR_MPI_BAD_INPUT_DATA; + } - if( mbedtls_mpi_bitlen( E ) > MBEDTLS_MPI_MAX_BITS || - mbedtls_mpi_bitlen( N ) > MBEDTLS_MPI_MAX_BITS ) - return ( MBEDTLS_ERR_MPI_BAD_INPUT_DATA ); + if (mbedtls_mpi_bitlen(E) > MBEDTLS_MPI_MAX_BITS || + mbedtls_mpi_bitlen(N) > MBEDTLS_MPI_MAX_BITS) { + return MBEDTLS_ERR_MPI_BAD_INPUT_DATA; + } /* * Init temps and window size */ - mpi_montg_init( &mm, N ); - mbedtls_mpi_init( &RR ); mbedtls_mpi_init( &T ); - mbedtls_mpi_init( &Apos ); - mbedtls_mpi_init( &WW ); - memset( W, 0, sizeof( W ) ); + mpi_montg_init(&mm, N); + mbedtls_mpi_init(&RR); mbedtls_mpi_init(&T); + mbedtls_mpi_init(&Apos); + mbedtls_mpi_init(&WW); + memset(W, 0, sizeof(W)); - i = mbedtls_mpi_bitlen( E ); + i = mbedtls_mpi_bitlen(E); - window_bitsize = ( i > 671 ) ? 6 : ( i > 239 ) ? 5 : - ( i > 79 ) ? 4 : ( i > 23 ) ? 3 : 1; + window_bitsize = (i > 671) ? 6 : (i > 239) ? 5 : + (i > 79) ? 4 : (i > 23) ? 3 : 1; -#if( MBEDTLS_MPI_WINDOW_SIZE < 6 ) - if( window_bitsize > MBEDTLS_MPI_WINDOW_SIZE ) +#if (MBEDTLS_MPI_WINDOW_SIZE < 6) + if (window_bitsize > MBEDTLS_MPI_WINDOW_SIZE) { window_bitsize = MBEDTLS_MPI_WINDOW_SIZE; + } #endif const size_t w_table_used_size = (size_t) 1 << window_bitsize; @@ -2081,8 +2140,8 @@ int mbedtls_mpi_exp_mod( mbedtls_mpi *X, const mbedtls_mpi *A, * calculation from this point on. */ const size_t x_index = 0; - mbedtls_mpi_init( &W[x_index] ); - mbedtls_mpi_copy( &W[x_index], X ); + mbedtls_mpi_init(&W[x_index]); + mbedtls_mpi_copy(&W[x_index], X); j = N->n + 1; /* All W[i] and X must have at least N->n limbs for the mpi_montmul() @@ -2090,17 +2149,16 @@ int mbedtls_mpi_exp_mod( mbedtls_mpi *X, const mbedtls_mpi *A, * large enough, and later we'll grow other W[i] to the same length. * They must not be shrunk midway through this function! */ - MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &W[x_index], j ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &W[1], j ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &T, j * 2 ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_grow(&W[x_index], j)); + MBEDTLS_MPI_CHK(mbedtls_mpi_grow(&W[1], j)); + MBEDTLS_MPI_CHK(mbedtls_mpi_grow(&T, j * 2)); /* * Compensate for negative A (and correct at the end) */ - neg = ( A->s == -1 ); - if( neg ) - { - MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &Apos, A ) ); + neg = (A->s == -1); + if (neg) { + MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&Apos, A)); Apos.s = 1; A = &Apos; } @@ -2108,45 +2166,43 @@ int mbedtls_mpi_exp_mod( mbedtls_mpi *X, const mbedtls_mpi *A, /* * If 1st call, pre-compute R^2 mod N */ - if( prec_RR == NULL || prec_RR->p == NULL ) - { - MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &RR, 1 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l( &RR, N->n * 2 * biL ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &RR, &RR, N ) ); + if (prec_RR == NULL || prec_RR->p == NULL) { + MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&RR, 1)); + MBEDTLS_MPI_CHK(mbedtls_mpi_shift_l(&RR, N->n * 2 * biL)); + MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(&RR, &RR, N)); - if( prec_RR != NULL ) - memcpy( prec_RR, &RR, sizeof( mbedtls_mpi ) ); + if (prec_RR != NULL) { + memcpy(prec_RR, &RR, sizeof(mbedtls_mpi)); + } + } else { + memcpy(&RR, prec_RR, sizeof(mbedtls_mpi)); } - else - memcpy( &RR, prec_RR, sizeof( mbedtls_mpi ) ); /* * W[1] = A * R^2 * R^-1 mod N = A * R mod N */ - if( mbedtls_mpi_cmp_mpi( A, N ) >= 0 ) - { - MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &W[1], A, N ) ); + if (mbedtls_mpi_cmp_mpi(A, N) >= 0) { + MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(&W[1], A, N)); /* This should be a no-op because W[1] is already that large before * mbedtls_mpi_mod_mpi(), but it's necessary to avoid an overflow * in mpi_montmul() below, so let's make sure. */ - MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &W[1], N->n + 1 ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_grow(&W[1], N->n + 1)); + } else { + MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&W[1], A)); } - else - MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &W[1], A ) ); /* Note that this is safe because W[1] always has at least N->n limbs * (it grew above and was preserved by mbedtls_mpi_copy()). */ - mpi_montmul( &W[1], &RR, N, mm, &T ); + mpi_montmul(&W[1], &RR, N, mm, &T); /* * W[x_index] = R^2 * R^-1 mod N = R mod N */ - MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &W[x_index], &RR ) ); - mpi_montred( &W[x_index], N, mm, &T ); + MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&W[x_index], &RR)); + mpi_montred(&W[x_index], N, mm, &T); - if( window_bitsize > 1 ) - { + if (window_bitsize > 1) { /* * W[i] = W[1] ^ i * @@ -2159,40 +2215,38 @@ int mbedtls_mpi_exp_mod( mbedtls_mpi *X, const mbedtls_mpi *A, */ j = w_table_used_size / 2; - MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &W[j], N->n + 1 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &W[j], &W[1] ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_grow(&W[j], N->n + 1)); + MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&W[j], &W[1])); - for( i = 0; i < window_bitsize - 1; i++ ) - mpi_montmul( &W[j], &W[j], N, mm, &T ); + for (i = 0; i < window_bitsize - 1; i++) { + mpi_montmul(&W[j], &W[j], N, mm, &T); + } /* * W[i] = W[i - 1] * W[1] */ - for( i = j + 1; i < w_table_used_size; i++ ) - { - MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &W[i], N->n + 1 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &W[i], &W[i - 1] ) ); + for (i = j + 1; i < w_table_used_size; i++) { + MBEDTLS_MPI_CHK(mbedtls_mpi_grow(&W[i], N->n + 1)); + MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&W[i], &W[i - 1])); - mpi_montmul( &W[i], &W[1], N, mm, &T ); + mpi_montmul(&W[i], &W[1], N, mm, &T); } } nblimbs = E->n; bufsize = 0; nbits = 0; - size_t exponent_bits_in_window = 0; state = 0; - while( 1 ) - { - if( bufsize == 0 ) - { - if( nblimbs == 0 ) + while (1) { + if (bufsize == 0) { + if (nblimbs == 0) { break; + } nblimbs--; - bufsize = sizeof( mbedtls_mpi_uint ) << 3; + bufsize = sizeof(mbedtls_mpi_uint) << 3; } bufsize--; @@ -2202,16 +2256,16 @@ int mbedtls_mpi_exp_mod( mbedtls_mpi *X, const mbedtls_mpi *A, /* * skip leading 0s */ - if( ei == 0 && state == 0 ) + if (ei == 0 && state == 0) { continue; + } - if( ei == 0 && state == 1 ) - { + if (ei == 0 && state == 1) { /* * out of window, square W[x_index] */ - MBEDTLS_MPI_CHK( mpi_select( &WW, W, w_table_used_size, x_index ) ); - mpi_montmul( &W[x_index], &WW, N, mm, &T ); + MBEDTLS_MPI_CHK(mpi_select(&WW, W, w_table_used_size, x_index)); + mpi_montmul(&W[x_index], &WW, N, mm, &T); continue; } @@ -2221,26 +2275,24 @@ int mbedtls_mpi_exp_mod( mbedtls_mpi *X, const mbedtls_mpi *A, state = 2; nbits++; - exponent_bits_in_window |= ( ei << ( window_bitsize - nbits ) ); + exponent_bits_in_window |= (ei << (window_bitsize - nbits)); - if( nbits == window_bitsize ) - { + if (nbits == window_bitsize) { /* * W[x_index] = W[x_index]^window_bitsize R^-1 mod N */ - for( i = 0; i < window_bitsize; i++ ) - { - MBEDTLS_MPI_CHK( mpi_select( &WW, W, w_table_used_size, - x_index ) ); - mpi_montmul( &W[x_index], &WW, N, mm, &T ); + for (i = 0; i < window_bitsize; i++) { + MBEDTLS_MPI_CHK(mpi_select(&WW, W, w_table_used_size, + x_index)); + mpi_montmul(&W[x_index], &WW, N, mm, &T); } /* * W[x_index] = W[x_index] * W[exponent_bits_in_window] R^-1 mod N */ - MBEDTLS_MPI_CHK( mpi_select( &WW, W, w_table_used_size, - exponent_bits_in_window ) ); - mpi_montmul( &W[x_index], &WW, N, mm, &T ); + MBEDTLS_MPI_CHK(mpi_select(&WW, W, w_table_used_size, + exponent_bits_in_window)); + mpi_montmul(&W[x_index], &WW, N, mm, &T); state--; nbits = 0; @@ -2251,88 +2303,87 @@ int mbedtls_mpi_exp_mod( mbedtls_mpi *X, const mbedtls_mpi *A, /* * process the remaining bits */ - for( i = 0; i < nbits; i++ ) - { - MBEDTLS_MPI_CHK( mpi_select( &WW, W, w_table_used_size, x_index ) ); - mpi_montmul( &W[x_index], &WW, N, mm, &T ); + for (i = 0; i < nbits; i++) { + MBEDTLS_MPI_CHK(mpi_select(&WW, W, w_table_used_size, x_index)); + mpi_montmul(&W[x_index], &WW, N, mm, &T); exponent_bits_in_window <<= 1; - if( ( exponent_bits_in_window & ( (size_t) 1 << window_bitsize ) ) != 0 ) - { - MBEDTLS_MPI_CHK( mpi_select( &WW, W, w_table_used_size, 1 ) ); - mpi_montmul( &W[x_index], &WW, N, mm, &T ); + if ((exponent_bits_in_window & ((size_t) 1 << window_bitsize)) != 0) { + MBEDTLS_MPI_CHK(mpi_select(&WW, W, w_table_used_size, 1)); + mpi_montmul(&W[x_index], &WW, N, mm, &T); } } /* * W[x_index] = A^E * R * R^-1 mod N = A^E mod N */ - mpi_montred( &W[x_index], N, mm, &T ); + mpi_montred(&W[x_index], N, mm, &T); - if( neg && E->n != 0 && ( E->p[0] & 1 ) != 0 ) - { + if (neg && E->n != 0 && (E->p[0] & 1) != 0) { W[x_index].s = -1; - MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &W[x_index], N, &W[x_index] ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_add_mpi(&W[x_index], N, &W[x_index])); } /* * Load the result in the output variable. */ - mbedtls_mpi_copy( X, &W[x_index] ); + mbedtls_mpi_copy(X, &W[x_index]); cleanup: /* The first bit of the sliding window is always 1 and therefore the first * half of the table was unused. */ - for( i = w_table_used_size/2; i < w_table_used_size; i++ ) - mbedtls_mpi_free( &W[i] ); + for (i = w_table_used_size/2; i < w_table_used_size; i++) { + mbedtls_mpi_free(&W[i]); + } - mbedtls_mpi_free( &W[x_index] ); - mbedtls_mpi_free( &W[1] ); - mbedtls_mpi_free( &T ); - mbedtls_mpi_free( &Apos ); - mbedtls_mpi_free( &WW ); + mbedtls_mpi_free(&W[x_index]); + mbedtls_mpi_free(&W[1]); + mbedtls_mpi_free(&T); + mbedtls_mpi_free(&Apos); + mbedtls_mpi_free(&WW); - if( prec_RR == NULL || prec_RR->p == NULL ) - mbedtls_mpi_free( &RR ); + if (prec_RR == NULL || prec_RR->p == NULL) { + mbedtls_mpi_free(&RR); + } - return( ret ); + return ret; } /* * Greatest common divisor: G = gcd(A, B) (HAC 14.54) */ -int mbedtls_mpi_gcd( mbedtls_mpi *G, const mbedtls_mpi *A, const mbedtls_mpi *B ) +int mbedtls_mpi_gcd(mbedtls_mpi *G, const mbedtls_mpi *A, const mbedtls_mpi *B) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t lz, lzt; mbedtls_mpi TA, TB; - MPI_VALIDATE_RET( G != NULL ); - MPI_VALIDATE_RET( A != NULL ); - MPI_VALIDATE_RET( B != NULL ); + MPI_VALIDATE_RET(G != NULL); + MPI_VALIDATE_RET(A != NULL); + MPI_VALIDATE_RET(B != NULL); - mbedtls_mpi_init( &TA ); mbedtls_mpi_init( &TB ); + mbedtls_mpi_init(&TA); mbedtls_mpi_init(&TB); - MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &TA, A ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &TB, B ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&TA, A)); + MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&TB, B)); - lz = mbedtls_mpi_lsb( &TA ); - lzt = mbedtls_mpi_lsb( &TB ); + lz = mbedtls_mpi_lsb(&TA); + lzt = mbedtls_mpi_lsb(&TB); /* The loop below gives the correct result when A==0 but not when B==0. * So have a special case for B==0. Leverage the fact that we just * calculated the lsb and lsb(B)==0 iff B is odd or 0 to make the test * slightly more efficient than cmp_int(). */ - if( lzt == 0 && mbedtls_mpi_get_bit( &TB, 0 ) == 0 ) - { - ret = mbedtls_mpi_copy( G, A ); + if (lzt == 0 && mbedtls_mpi_get_bit(&TB, 0) == 0) { + ret = mbedtls_mpi_copy(G, A); goto cleanup; } - if( lzt < lz ) + if (lzt < lz) { lz = lzt; + } TA.s = TB.s = 1; @@ -2369,11 +2420,10 @@ int mbedtls_mpi_gcd( mbedtls_mpi *G, const mbedtls_mpi *A, const mbedtls_mpi *B * TA becomes 0 which ends the loop (TB cannot be 0 if it is right-shifted * since in that case TB is calculated from TB-TA with the condition TB>TA). */ - while( mbedtls_mpi_cmp_int( &TA, 0 ) != 0 ) - { + while (mbedtls_mpi_cmp_int(&TA, 0) != 0) { /* Divisions by 2 preserve the invariant (I). */ - MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &TA, mbedtls_mpi_lsb( &TA ) ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &TB, mbedtls_mpi_lsb( &TB ) ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_shift_r(&TA, mbedtls_mpi_lsb(&TA))); + MBEDTLS_MPI_CHK(mbedtls_mpi_shift_r(&TB, mbedtls_mpi_lsb(&TB))); /* Set either TA or TB to |TA-TB|/2. Since TA and TB are both odd, * TA-TB is even so the division by 2 has an integer result. @@ -2382,15 +2432,12 @@ int mbedtls_mpi_gcd( mbedtls_mpi *G, const mbedtls_mpi *A, const mbedtls_mpi *B * also divides TB, and any odd divisor of both TB and |TA-TB|/2 also * divides TA. */ - if( mbedtls_mpi_cmp_mpi( &TA, &TB ) >= 0 ) - { - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_abs( &TA, &TA, &TB ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &TA, 1 ) ); - } - else - { - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_abs( &TB, &TB, &TA ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &TB, 1 ) ); + if (mbedtls_mpi_cmp_mpi(&TA, &TB) >= 0) { + MBEDTLS_MPI_CHK(mbedtls_mpi_sub_abs(&TA, &TA, &TB)); + MBEDTLS_MPI_CHK(mbedtls_mpi_shift_r(&TA, 1)); + } else { + MBEDTLS_MPI_CHK(mbedtls_mpi_sub_abs(&TB, &TB, &TA)); + MBEDTLS_MPI_CHK(mbedtls_mpi_shift_r(&TB, 1)); } /* Note that one of TA or TB is still odd. */ } @@ -2404,14 +2451,14 @@ int mbedtls_mpi_gcd( mbedtls_mpi *G, const mbedtls_mpi *A, const mbedtls_mpi *B * In this case, lz = 0 and B = TB so gcd(A,B) = B = 2^lz * TB as well. */ - MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l( &TB, lz ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_copy( G, &TB ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_shift_l(&TB, lz)); + MBEDTLS_MPI_CHK(mbedtls_mpi_copy(G, &TB)); cleanup: - mbedtls_mpi_free( &TA ); mbedtls_mpi_free( &TB ); + mbedtls_mpi_free(&TA); mbedtls_mpi_free(&TB); - return( ret ); + return ret; } /* Fill X with n_bytes random bytes. @@ -2423,22 +2470,23 @@ cleanup: */ static int mpi_fill_random_internal( mbedtls_mpi *X, size_t n_bytes, - int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) + int (*f_rng)(void *, unsigned char *, size_t), void *p_rng) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - const size_t limbs = CHARS_TO_LIMBS( n_bytes ); - const size_t overhead = ( limbs * ciL ) - n_bytes; + const size_t limbs = CHARS_TO_LIMBS(n_bytes); + const size_t overhead = (limbs * ciL) - n_bytes; - if( X->n < limbs ) - return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA ); + if (X->n < limbs) { + return MBEDTLS_ERR_MPI_BAD_INPUT_DATA; + } - memset( X->p, 0, overhead ); - memset( (unsigned char *) X->p + limbs * ciL, 0, ( X->n - limbs ) * ciL ); - MBEDTLS_MPI_CHK( f_rng( p_rng, (unsigned char *) X->p + overhead, n_bytes ) ); - mpi_bigendian_to_host( X->p, limbs ); + memset(X->p, 0, overhead); + memset((unsigned char *) X->p + limbs * ciL, 0, (X->n - limbs) * ciL); + MBEDTLS_MPI_CHK(f_rng(p_rng, (unsigned char *) X->p + overhead, n_bytes)); + mpi_bigendian_to_host(X->p, limbs); cleanup: - return( ret ); + return ret; } /* @@ -2448,44 +2496,47 @@ cleanup: * regardless of the platform endianness (useful when f_rng is actually * deterministic, eg for tests). */ -int mbedtls_mpi_fill_random( mbedtls_mpi *X, size_t size, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ) +int mbedtls_mpi_fill_random(mbedtls_mpi *X, size_t size, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t const limbs = CHARS_TO_LIMBS( size ); + size_t const limbs = CHARS_TO_LIMBS(size); - MPI_VALIDATE_RET( X != NULL ); - MPI_VALIDATE_RET( f_rng != NULL ); + MPI_VALIDATE_RET(X != NULL); + MPI_VALIDATE_RET(f_rng != NULL); /* Ensure that target MPI has exactly the necessary number of limbs */ - MBEDTLS_MPI_CHK( mbedtls_mpi_resize_clear( X, limbs ) ); - if( size == 0 ) - return( 0 ); + MBEDTLS_MPI_CHK(mbedtls_mpi_resize_clear(X, limbs)); + if (size == 0) { + return 0; + } - ret = mpi_fill_random_internal( X, size, f_rng, p_rng ); + ret = mpi_fill_random_internal(X, size, f_rng, p_rng); cleanup: - return( ret ); + return ret; } -int mbedtls_mpi_random( mbedtls_mpi *X, - mbedtls_mpi_sint min, - const mbedtls_mpi *N, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ) +int mbedtls_mpi_random(mbedtls_mpi *X, + mbedtls_mpi_sint min, + const mbedtls_mpi *N, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng) { int ret = MBEDTLS_ERR_MPI_BAD_INPUT_DATA; int count; unsigned lt_lower = 1, lt_upper = 0; - size_t n_bits = mbedtls_mpi_bitlen( N ); - size_t n_bytes = ( n_bits + 7 ) / 8; + size_t n_bits = mbedtls_mpi_bitlen(N); + size_t n_bytes = (n_bits + 7) / 8; mbedtls_mpi lower_bound; - if( min < 0 ) - return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA ); - if( mbedtls_mpi_cmp_int( N, min ) <= 0 ) - return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA ); + if (min < 0) { + return MBEDTLS_ERR_MPI_BAD_INPUT_DATA; + } + if (mbedtls_mpi_cmp_int(N, min) <= 0) { + return MBEDTLS_ERR_MPI_BAD_INPUT_DATA; + } /* * When min == 0, each try has at worst a probability 1/2 of failing @@ -2504,16 +2555,16 @@ int mbedtls_mpi_random( mbedtls_mpi *X, * is small, use a higher repeat count, otherwise the probability of * failure is macroscopic. */ - count = ( n_bytes > 4 ? 30 : 250 ); + count = (n_bytes > 4 ? 30 : 250); - mbedtls_mpi_init( &lower_bound ); + mbedtls_mpi_init(&lower_bound); /* Ensure that target MPI has exactly the same number of limbs * as the upper bound, even if the upper bound has leading zeros. * This is necessary for the mbedtls_mpi_lt_mpi_ct() check. */ - MBEDTLS_MPI_CHK( mbedtls_mpi_resize_clear( X, N->n ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &lower_bound, N->n ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &lower_bound, min ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_resize_clear(X, N->n)); + MBEDTLS_MPI_CHK(mbedtls_mpi_grow(&lower_bound, N->n)); + MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&lower_bound, min)); /* * Match the procedure given in RFC 6979 §3.3 (deterministic ECDSA) @@ -2523,150 +2574,140 @@ int mbedtls_mpi_random( mbedtls_mpi *X, * - try until result is in the desired range. * This also avoids any bias, which is especially important for ECDSA. */ - do - { - MBEDTLS_MPI_CHK( mpi_fill_random_internal( X, n_bytes, f_rng, p_rng ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( X, 8 * n_bytes - n_bits ) ); + do { + MBEDTLS_MPI_CHK(mpi_fill_random_internal(X, n_bytes, f_rng, p_rng)); + MBEDTLS_MPI_CHK(mbedtls_mpi_shift_r(X, 8 * n_bytes - n_bits)); - if( --count == 0 ) - { + if (--count == 0) { ret = MBEDTLS_ERR_MPI_NOT_ACCEPTABLE; goto cleanup; } - MBEDTLS_MPI_CHK( mbedtls_mpi_lt_mpi_ct( X, &lower_bound, <_lower ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_lt_mpi_ct( X, N, <_upper ) ); - } - while( lt_lower != 0 || lt_upper == 0 ); + MBEDTLS_MPI_CHK(mbedtls_mpi_lt_mpi_ct(X, &lower_bound, <_lower)); + MBEDTLS_MPI_CHK(mbedtls_mpi_lt_mpi_ct(X, N, <_upper)); + } while (lt_lower != 0 || lt_upper == 0); cleanup: - mbedtls_mpi_free( &lower_bound ); - return( ret ); + mbedtls_mpi_free(&lower_bound); + return ret; } /* * Modular inverse: X = A^-1 mod N (HAC 14.61 / 14.64) */ -int mbedtls_mpi_inv_mod( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *N ) +int mbedtls_mpi_inv_mod(mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *N) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_mpi G, TA, TU, U1, U2, TB, TV, V1, V2; - MPI_VALIDATE_RET( X != NULL ); - MPI_VALIDATE_RET( A != NULL ); - MPI_VALIDATE_RET( N != NULL ); + MPI_VALIDATE_RET(X != NULL); + MPI_VALIDATE_RET(A != NULL); + MPI_VALIDATE_RET(N != NULL); - if( mbedtls_mpi_cmp_int( N, 1 ) <= 0 ) - return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA ); + if (mbedtls_mpi_cmp_int(N, 1) <= 0) { + return MBEDTLS_ERR_MPI_BAD_INPUT_DATA; + } - mbedtls_mpi_init( &TA ); mbedtls_mpi_init( &TU ); mbedtls_mpi_init( &U1 ); mbedtls_mpi_init( &U2 ); - mbedtls_mpi_init( &G ); mbedtls_mpi_init( &TB ); mbedtls_mpi_init( &TV ); - mbedtls_mpi_init( &V1 ); mbedtls_mpi_init( &V2 ); + mbedtls_mpi_init(&TA); mbedtls_mpi_init(&TU); mbedtls_mpi_init(&U1); mbedtls_mpi_init(&U2); + mbedtls_mpi_init(&G); mbedtls_mpi_init(&TB); mbedtls_mpi_init(&TV); + mbedtls_mpi_init(&V1); mbedtls_mpi_init(&V2); - MBEDTLS_MPI_CHK( mbedtls_mpi_gcd( &G, A, N ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_gcd(&G, A, N)); - if( mbedtls_mpi_cmp_int( &G, 1 ) != 0 ) - { + if (mbedtls_mpi_cmp_int(&G, 1) != 0) { ret = MBEDTLS_ERR_MPI_NOT_ACCEPTABLE; goto cleanup; } - MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &TA, A, N ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &TU, &TA ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &TB, N ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &TV, N ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(&TA, A, N)); + MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&TU, &TA)); + MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&TB, N)); + MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&TV, N)); - MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &U1, 1 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &U2, 0 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &V1, 0 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &V2, 1 ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&U1, 1)); + MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&U2, 0)); + MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&V1, 0)); + MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&V2, 1)); - do - { - while( ( TU.p[0] & 1 ) == 0 ) - { - MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &TU, 1 ) ); + do { + while ((TU.p[0] & 1) == 0) { + MBEDTLS_MPI_CHK(mbedtls_mpi_shift_r(&TU, 1)); - if( ( U1.p[0] & 1 ) != 0 || ( U2.p[0] & 1 ) != 0 ) - { - MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &U1, &U1, &TB ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &U2, &U2, &TA ) ); + if ((U1.p[0] & 1) != 0 || (U2.p[0] & 1) != 0) { + MBEDTLS_MPI_CHK(mbedtls_mpi_add_mpi(&U1, &U1, &TB)); + MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mpi(&U2, &U2, &TA)); } - MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &U1, 1 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &U2, 1 ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_shift_r(&U1, 1)); + MBEDTLS_MPI_CHK(mbedtls_mpi_shift_r(&U2, 1)); } - while( ( TV.p[0] & 1 ) == 0 ) - { - MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &TV, 1 ) ); + while ((TV.p[0] & 1) == 0) { + MBEDTLS_MPI_CHK(mbedtls_mpi_shift_r(&TV, 1)); - if( ( V1.p[0] & 1 ) != 0 || ( V2.p[0] & 1 ) != 0 ) - { - MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &V1, &V1, &TB ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &V2, &V2, &TA ) ); + if ((V1.p[0] & 1) != 0 || (V2.p[0] & 1) != 0) { + MBEDTLS_MPI_CHK(mbedtls_mpi_add_mpi(&V1, &V1, &TB)); + MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mpi(&V2, &V2, &TA)); } - MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &V1, 1 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &V2, 1 ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_shift_r(&V1, 1)); + MBEDTLS_MPI_CHK(mbedtls_mpi_shift_r(&V2, 1)); } - if( mbedtls_mpi_cmp_mpi( &TU, &TV ) >= 0 ) - { - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &TU, &TU, &TV ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &U1, &U1, &V1 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &U2, &U2, &V2 ) ); + if (mbedtls_mpi_cmp_mpi(&TU, &TV) >= 0) { + MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mpi(&TU, &TU, &TV)); + MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mpi(&U1, &U1, &V1)); + MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mpi(&U2, &U2, &V2)); + } else { + MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mpi(&TV, &TV, &TU)); + MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mpi(&V1, &V1, &U1)); + MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mpi(&V2, &V2, &U2)); } - else - { - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &TV, &TV, &TU ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &V1, &V1, &U1 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &V2, &V2, &U2 ) ); - } - } - while( mbedtls_mpi_cmp_int( &TU, 0 ) != 0 ); + } while (mbedtls_mpi_cmp_int(&TU, 0) != 0); - while( mbedtls_mpi_cmp_int( &V1, 0 ) < 0 ) - MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &V1, &V1, N ) ); + while (mbedtls_mpi_cmp_int(&V1, 0) < 0) { + MBEDTLS_MPI_CHK(mbedtls_mpi_add_mpi(&V1, &V1, N)); + } - while( mbedtls_mpi_cmp_mpi( &V1, N ) >= 0 ) - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &V1, &V1, N ) ); + while (mbedtls_mpi_cmp_mpi(&V1, N) >= 0) { + MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mpi(&V1, &V1, N)); + } - MBEDTLS_MPI_CHK( mbedtls_mpi_copy( X, &V1 ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_copy(X, &V1)); cleanup: - mbedtls_mpi_free( &TA ); mbedtls_mpi_free( &TU ); mbedtls_mpi_free( &U1 ); mbedtls_mpi_free( &U2 ); - mbedtls_mpi_free( &G ); mbedtls_mpi_free( &TB ); mbedtls_mpi_free( &TV ); - mbedtls_mpi_free( &V1 ); mbedtls_mpi_free( &V2 ); + mbedtls_mpi_free(&TA); mbedtls_mpi_free(&TU); mbedtls_mpi_free(&U1); mbedtls_mpi_free(&U2); + mbedtls_mpi_free(&G); mbedtls_mpi_free(&TB); mbedtls_mpi_free(&TV); + mbedtls_mpi_free(&V1); mbedtls_mpi_free(&V2); - return( ret ); + return ret; } #if defined(MBEDTLS_GENPRIME) static const int small_prime[] = { - 3, 5, 7, 11, 13, 17, 19, 23, - 29, 31, 37, 41, 43, 47, 53, 59, - 61, 67, 71, 73, 79, 83, 89, 97, - 101, 103, 107, 109, 113, 127, 131, 137, - 139, 149, 151, 157, 163, 167, 173, 179, - 181, 191, 193, 197, 199, 211, 223, 227, - 229, 233, 239, 241, 251, 257, 263, 269, - 271, 277, 281, 283, 293, 307, 311, 313, - 317, 331, 337, 347, 349, 353, 359, 367, - 373, 379, 383, 389, 397, 401, 409, 419, - 421, 431, 433, 439, 443, 449, 457, 461, - 463, 467, 479, 487, 491, 499, 503, 509, - 521, 523, 541, 547, 557, 563, 569, 571, - 577, 587, 593, 599, 601, 607, 613, 617, - 619, 631, 641, 643, 647, 653, 659, 661, - 673, 677, 683, 691, 701, 709, 719, 727, - 733, 739, 743, 751, 757, 761, 769, 773, - 787, 797, 809, 811, 821, 823, 827, 829, - 839, 853, 857, 859, 863, 877, 881, 883, - 887, 907, 911, 919, 929, 937, 941, 947, - 953, 967, 971, 977, 983, 991, 997, -103 + 3, 5, 7, 11, 13, 17, 19, 23, + 29, 31, 37, 41, 43, 47, 53, 59, + 61, 67, 71, 73, 79, 83, 89, 97, + 101, 103, 107, 109, 113, 127, 131, 137, + 139, 149, 151, 157, 163, 167, 173, 179, + 181, 191, 193, 197, 199, 211, 223, 227, + 229, 233, 239, 241, 251, 257, 263, 269, + 271, 277, 281, 283, 293, 307, 311, 313, + 317, 331, 337, 347, 349, 353, 359, 367, + 373, 379, 383, 389, 397, 401, 409, 419, + 421, 431, 433, 439, 443, 449, 457, 461, + 463, 467, 479, 487, 491, 499, 503, 509, + 521, 523, 541, 547, 557, 563, 569, 571, + 577, 587, 593, 599, 601, 607, 613, 617, + 619, 631, 641, 643, 647, 653, 659, 661, + 673, 677, 683, 691, 701, 709, 719, 727, + 733, 739, 743, 751, 757, 761, 769, 773, + 787, 797, 809, 811, 821, 823, 827, 829, + 839, 853, 857, 859, 863, 877, 881, 883, + 887, 907, 911, 919, 929, 937, 941, 947, + 953, 967, 971, 977, 983, 991, 997, -103 }; /* @@ -2678,70 +2719,71 @@ static const int small_prime[] = * MBEDTLS_ERR_MPI_NOT_ACCEPTABLE: certain non-prime * other negative: error */ -static int mpi_check_small_factors( const mbedtls_mpi *X ) +static int mpi_check_small_factors(const mbedtls_mpi *X) { int ret = 0; size_t i; mbedtls_mpi_uint r; - if( ( X->p[0] & 1 ) == 0 ) - return( MBEDTLS_ERR_MPI_NOT_ACCEPTABLE ); + if ((X->p[0] & 1) == 0) { + return MBEDTLS_ERR_MPI_NOT_ACCEPTABLE; + } - for( i = 0; small_prime[i] > 0; i++ ) - { - if( mbedtls_mpi_cmp_int( X, small_prime[i] ) <= 0 ) - return( 1 ); + for (i = 0; small_prime[i] > 0; i++) { + if (mbedtls_mpi_cmp_int(X, small_prime[i]) <= 0) { + return 1; + } - MBEDTLS_MPI_CHK( mbedtls_mpi_mod_int( &r, X, small_prime[i] ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_mod_int(&r, X, small_prime[i])); - if( r == 0 ) - return( MBEDTLS_ERR_MPI_NOT_ACCEPTABLE ); + if (r == 0) { + return MBEDTLS_ERR_MPI_NOT_ACCEPTABLE; + } } cleanup: - return( ret ); + return ret; } /* * Miller-Rabin pseudo-primality test (HAC 4.24) */ -static int mpi_miller_rabin( const mbedtls_mpi *X, size_t rounds, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ) +static int mpi_miller_rabin(const mbedtls_mpi *X, size_t rounds, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng) { int ret, count; size_t i, j, k, s; mbedtls_mpi W, R, T, A, RR; - MPI_VALIDATE_RET( X != NULL ); - MPI_VALIDATE_RET( f_rng != NULL ); + MPI_VALIDATE_RET(X != NULL); + MPI_VALIDATE_RET(f_rng != NULL); - mbedtls_mpi_init( &W ); mbedtls_mpi_init( &R ); - mbedtls_mpi_init( &T ); mbedtls_mpi_init( &A ); - mbedtls_mpi_init( &RR ); + mbedtls_mpi_init(&W); mbedtls_mpi_init(&R); + mbedtls_mpi_init(&T); mbedtls_mpi_init(&A); + mbedtls_mpi_init(&RR); /* * W = |X| - 1 * R = W >> lsb( W ) */ - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &W, X, 1 ) ); - s = mbedtls_mpi_lsb( &W ); - MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &R, &W ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &R, s ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_sub_int(&W, X, 1)); + s = mbedtls_mpi_lsb(&W); + MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&R, &W)); + MBEDTLS_MPI_CHK(mbedtls_mpi_shift_r(&R, s)); - for( i = 0; i < rounds; i++ ) - { + for (i = 0; i < rounds; i++) { /* * pick a random A, 1 < A < |X| - 1 */ count = 0; do { - MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( &A, X->n * ciL, f_rng, p_rng ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_fill_random(&A, X->n * ciL, f_rng, p_rng)); - j = mbedtls_mpi_bitlen( &A ); - k = mbedtls_mpi_bitlen( &W ); + j = mbedtls_mpi_bitlen(&A); + k = mbedtls_mpi_bitlen(&W); if (j > k) { - A.p[A.n - 1] &= ( (mbedtls_mpi_uint) 1 << ( k - ( A.n - 1 ) * biL - 1 ) ) - 1; + A.p[A.n - 1] &= ((mbedtls_mpi_uint) 1 << (k - (A.n - 1) * biL - 1)) - 1; } if (count++ > 30) { @@ -2749,29 +2791,30 @@ static int mpi_miller_rabin( const mbedtls_mpi *X, size_t rounds, goto cleanup; } - } while ( mbedtls_mpi_cmp_mpi( &A, &W ) >= 0 || - mbedtls_mpi_cmp_int( &A, 1 ) <= 0 ); + } while (mbedtls_mpi_cmp_mpi(&A, &W) >= 0 || + mbedtls_mpi_cmp_int(&A, 1) <= 0); /* * A = A^R mod |X| */ - MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &A, &A, &R, X, &RR ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_exp_mod(&A, &A, &R, X, &RR)); - if( mbedtls_mpi_cmp_mpi( &A, &W ) == 0 || - mbedtls_mpi_cmp_int( &A, 1 ) == 0 ) + if (mbedtls_mpi_cmp_mpi(&A, &W) == 0 || + mbedtls_mpi_cmp_int(&A, 1) == 0) { continue; + } j = 1; - while( j < s && mbedtls_mpi_cmp_mpi( &A, &W ) != 0 ) - { + while (j < s && mbedtls_mpi_cmp_mpi(&A, &W) != 0) { /* * A = A * A mod |X| */ - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &T, &A, &A ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &A, &T, X ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&T, &A, &A)); + MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(&A, &T, X)); - if( mbedtls_mpi_cmp_int( &A, 1 ) == 0 ) + if (mbedtls_mpi_cmp_int(&A, 1) == 0) { break; + } j++; } @@ -2779,73 +2822,74 @@ static int mpi_miller_rabin( const mbedtls_mpi *X, size_t rounds, /* * not prime if A != |X| - 1 or A == 1 */ - if( mbedtls_mpi_cmp_mpi( &A, &W ) != 0 || - mbedtls_mpi_cmp_int( &A, 1 ) == 0 ) - { + if (mbedtls_mpi_cmp_mpi(&A, &W) != 0 || + mbedtls_mpi_cmp_int(&A, 1) == 0) { ret = MBEDTLS_ERR_MPI_NOT_ACCEPTABLE; break; } } cleanup: - mbedtls_mpi_free( &W ); mbedtls_mpi_free( &R ); - mbedtls_mpi_free( &T ); mbedtls_mpi_free( &A ); - mbedtls_mpi_free( &RR ); + mbedtls_mpi_free(&W); mbedtls_mpi_free(&R); + mbedtls_mpi_free(&T); mbedtls_mpi_free(&A); + mbedtls_mpi_free(&RR); - return( ret ); + return ret; } /* * Pseudo-primality test: small factors, then Miller-Rabin */ -int mbedtls_mpi_is_prime_ext( const mbedtls_mpi *X, int rounds, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ) +int mbedtls_mpi_is_prime_ext(const mbedtls_mpi *X, int rounds, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_mpi XX; - MPI_VALIDATE_RET( X != NULL ); - MPI_VALIDATE_RET( f_rng != NULL ); + MPI_VALIDATE_RET(X != NULL); + MPI_VALIDATE_RET(f_rng != NULL); XX.s = 1; XX.n = X->n; XX.p = X->p; - if( mbedtls_mpi_cmp_int( &XX, 0 ) == 0 || - mbedtls_mpi_cmp_int( &XX, 1 ) == 0 ) - return( MBEDTLS_ERR_MPI_NOT_ACCEPTABLE ); + if (mbedtls_mpi_cmp_int(&XX, 0) == 0 || + mbedtls_mpi_cmp_int(&XX, 1) == 0) { + return MBEDTLS_ERR_MPI_NOT_ACCEPTABLE; + } - if( mbedtls_mpi_cmp_int( &XX, 2 ) == 0 ) - return( 0 ); + if (mbedtls_mpi_cmp_int(&XX, 2) == 0) { + return 0; + } - if( ( ret = mpi_check_small_factors( &XX ) ) != 0 ) - { - if( ret == 1 ) - return( 0 ); + if ((ret = mpi_check_small_factors(&XX)) != 0) { + if (ret == 1) { + return 0; + } - return( ret ); + return ret; } - return( mpi_miller_rabin( &XX, rounds, f_rng, p_rng ) ); + return mpi_miller_rabin(&XX, rounds, f_rng, p_rng); } #if !defined(MBEDTLS_DEPRECATED_REMOVED) /* * Pseudo-primality test, error probability 2^-80 */ -int mbedtls_mpi_is_prime( const mbedtls_mpi *X, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ) +int mbedtls_mpi_is_prime(const mbedtls_mpi *X, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng) { - MPI_VALIDATE_RET( X != NULL ); - MPI_VALIDATE_RET( f_rng != NULL ); + MPI_VALIDATE_RET(X != NULL); + MPI_VALIDATE_RET(f_rng != NULL); /* * In the past our key generation aimed for an error rate of at most * 2^-80. Since this function is deprecated, aim for the same certainty * here as well. */ - return( mbedtls_mpi_is_prime_ext( X, 40, f_rng, p_rng ) ); + return mbedtls_mpi_is_prime_ext(X, 40, f_rng, p_rng); } #endif @@ -2856,9 +2900,9 @@ int mbedtls_mpi_is_prime( const mbedtls_mpi *X, * be either 1024 bits or 1536 bits long, and flags must contain * MBEDTLS_MPI_GEN_PRIME_FLAG_LOW_ERR. */ -int mbedtls_mpi_gen_prime( mbedtls_mpi *X, size_t nbits, int flags, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ) +int mbedtls_mpi_gen_prime(mbedtls_mpi *X, size_t nbits, int flags, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng) { #ifdef MBEDTLS_HAVE_INT64 // ceil(2^63.5) @@ -2873,56 +2917,55 @@ int mbedtls_mpi_gen_prime( mbedtls_mpi *X, size_t nbits, int flags, mbedtls_mpi_uint r; mbedtls_mpi Y; - MPI_VALIDATE_RET( X != NULL ); - MPI_VALIDATE_RET( f_rng != NULL ); + MPI_VALIDATE_RET(X != NULL); + MPI_VALIDATE_RET(f_rng != NULL); - if( nbits < 3 || nbits > MBEDTLS_MPI_MAX_BITS ) - return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA ); + if (nbits < 3 || nbits > MBEDTLS_MPI_MAX_BITS) { + return MBEDTLS_ERR_MPI_BAD_INPUT_DATA; + } - mbedtls_mpi_init( &Y ); + mbedtls_mpi_init(&Y); - n = BITS_TO_LIMBS( nbits ); + n = BITS_TO_LIMBS(nbits); - if( ( flags & MBEDTLS_MPI_GEN_PRIME_FLAG_LOW_ERR ) == 0 ) - { + if ((flags & MBEDTLS_MPI_GEN_PRIME_FLAG_LOW_ERR) == 0) { /* * 2^-80 error probability, number of rounds chosen per HAC, table 4.4 */ - rounds = ( ( nbits >= 1300 ) ? 2 : ( nbits >= 850 ) ? 3 : - ( nbits >= 650 ) ? 4 : ( nbits >= 350 ) ? 8 : - ( nbits >= 250 ) ? 12 : ( nbits >= 150 ) ? 18 : 27 ); - } - else - { + rounds = ((nbits >= 1300) ? 2 : (nbits >= 850) ? 3 : + (nbits >= 650) ? 4 : (nbits >= 350) ? 8 : + (nbits >= 250) ? 12 : (nbits >= 150) ? 18 : 27); + } else { /* * 2^-100 error probability, number of rounds computed based on HAC, * fact 4.48 */ - rounds = ( ( nbits >= 1450 ) ? 4 : ( nbits >= 1150 ) ? 5 : - ( nbits >= 1000 ) ? 6 : ( nbits >= 850 ) ? 7 : - ( nbits >= 750 ) ? 8 : ( nbits >= 500 ) ? 13 : - ( nbits >= 250 ) ? 28 : ( nbits >= 150 ) ? 40 : 51 ); + rounds = ((nbits >= 1450) ? 4 : (nbits >= 1150) ? 5 : + (nbits >= 1000) ? 6 : (nbits >= 850) ? 7 : + (nbits >= 750) ? 8 : (nbits >= 500) ? 13 : + (nbits >= 250) ? 28 : (nbits >= 150) ? 40 : 51); } - while( 1 ) - { - MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( X, n * ciL, f_rng, p_rng ) ); + while (1) { + MBEDTLS_MPI_CHK(mbedtls_mpi_fill_random(X, n * ciL, f_rng, p_rng)); /* make sure generated number is at least (nbits-1)+0.5 bits (FIPS 186-4 §B.3.3 steps 4.4, 5.5) */ - if( X->p[n-1] < CEIL_MAXUINT_DIV_SQRT2 ) continue; + if (X->p[n-1] < CEIL_MAXUINT_DIV_SQRT2) { + continue; + } k = n * biL; - if( k > nbits ) MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( X, k - nbits ) ); + if (k > nbits) { + MBEDTLS_MPI_CHK(mbedtls_mpi_shift_r(X, k - nbits)); + } X->p[0] |= 1; - if( ( flags & MBEDTLS_MPI_GEN_PRIME_FLAG_DH ) == 0 ) - { - ret = mbedtls_mpi_is_prime_ext( X, rounds, f_rng, p_rng ); + if ((flags & MBEDTLS_MPI_GEN_PRIME_FLAG_DH) == 0) { + ret = mbedtls_mpi_is_prime_ext(X, rounds, f_rng, p_rng); - if( ret != MBEDTLS_ERR_MPI_NOT_ACCEPTABLE ) + if (ret != MBEDTLS_ERR_MPI_NOT_ACCEPTABLE) { goto cleanup; - } - else - { + } + } else { /* * A necessary condition for Y and X = 2Y + 1 to be prime * is X = 2 mod 3 (which is equivalent to Y = 2 mod 3). @@ -2931,49 +2974,51 @@ int mbedtls_mpi_gen_prime( mbedtls_mpi *X, size_t nbits, int flags, X->p[0] |= 2; - MBEDTLS_MPI_CHK( mbedtls_mpi_mod_int( &r, X, 3 ) ); - if( r == 0 ) - MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( X, X, 8 ) ); - else if( r == 1 ) - MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( X, X, 4 ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_mod_int(&r, X, 3)); + if (r == 0) { + MBEDTLS_MPI_CHK(mbedtls_mpi_add_int(X, X, 8)); + } else if (r == 1) { + MBEDTLS_MPI_CHK(mbedtls_mpi_add_int(X, X, 4)); + } /* Set Y = (X-1) / 2, which is X / 2 because X is odd */ - MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &Y, X ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &Y, 1 ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&Y, X)); + MBEDTLS_MPI_CHK(mbedtls_mpi_shift_r(&Y, 1)); - while( 1 ) - { + while (1) { /* * First, check small factors for X and Y * before doing Miller-Rabin on any of them */ - if( ( ret = mpi_check_small_factors( X ) ) == 0 && - ( ret = mpi_check_small_factors( &Y ) ) == 0 && - ( ret = mpi_miller_rabin( X, rounds, f_rng, p_rng ) ) - == 0 && - ( ret = mpi_miller_rabin( &Y, rounds, f_rng, p_rng ) ) - == 0 ) + if ((ret = mpi_check_small_factors(X)) == 0 && + (ret = mpi_check_small_factors(&Y)) == 0 && + (ret = mpi_miller_rabin(X, rounds, f_rng, p_rng)) + == 0 && + (ret = mpi_miller_rabin(&Y, rounds, f_rng, p_rng)) + == 0) { goto cleanup; + } - if( ret != MBEDTLS_ERR_MPI_NOT_ACCEPTABLE ) + if (ret != MBEDTLS_ERR_MPI_NOT_ACCEPTABLE) { goto cleanup; + } /* * Next candidates. We want to preserve Y = (X-1) / 2 and * Y = 1 mod 2 and Y = 2 mod 3 (eq X = 3 mod 4 and X = 2 mod 3) * so up Y by 6 and X by 12. */ - MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( X, X, 12 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( &Y, &Y, 6 ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_add_int(X, X, 12)); + MBEDTLS_MPI_CHK(mbedtls_mpi_add_int(&Y, &Y, 6)); } } } cleanup: - mbedtls_mpi_free( &Y ); + mbedtls_mpi_free(&Y); - return( ret ); + return ret; } #endif /* MBEDTLS_GENPRIME */ @@ -2992,162 +3037,173 @@ static const int gcd_pairs[GCD_PAIR_COUNT][3] = /* * Checkup routine */ -int mbedtls_mpi_self_test( int verbose ) +int mbedtls_mpi_self_test(int verbose) { int ret, i; mbedtls_mpi A, E, N, X, Y, U, V; - mbedtls_mpi_init( &A ); mbedtls_mpi_init( &E ); mbedtls_mpi_init( &N ); mbedtls_mpi_init( &X ); - mbedtls_mpi_init( &Y ); mbedtls_mpi_init( &U ); mbedtls_mpi_init( &V ); - - MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &A, 16, - "EFE021C2645FD1DC586E69184AF4A31E" \ - "D5F53E93B5F123FA41680867BA110131" \ - "944FE7952E2517337780CB0DB80E61AA" \ - "E7C8DDC6C5C6AADEB34EB38A2F40D5E6" ) ); - - MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &E, 16, - "B2E7EFD37075B9F03FF989C7C5051C20" \ - "34D2A323810251127E7BF8625A4F49A5" \ - "F3E27F4DA8BD59C47D6DAABA4C8127BD" \ - "5B5C25763222FEFCCFC38B832366C29E" ) ); - - MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &N, 16, - "0066A198186C18C10B2F5ED9B522752A" \ - "9830B69916E535C8F047518A889A43A5" \ - "94B6BED27A168D31D4A52F88925AA8F5" ) ); - - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &X, &A, &N ) ); - - MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &U, 16, - "602AB7ECA597A3D6B56FF9829A5E8B85" \ - "9E857EA95A03512E2BAE7391688D264A" \ - "A5663B0341DB9CCFD2C4C5F421FEC814" \ - "8001B72E848A38CAE1C65F78E56ABDEF" \ - "E12D3C039B8A02D6BE593F0BBBDA56F1" \ - "ECF677152EF804370C1A305CAF3B5BF1" \ - "30879B56C61DE584A0F53A2447A51E" ) ); - - if( verbose != 0 ) - mbedtls_printf( " MPI test #1 (mul_mpi): " ); - - if( mbedtls_mpi_cmp_mpi( &X, &U ) != 0 ) - { - if( verbose != 0 ) - mbedtls_printf( "failed\n" ); + mbedtls_mpi_init(&A); mbedtls_mpi_init(&E); mbedtls_mpi_init(&N); mbedtls_mpi_init(&X); + mbedtls_mpi_init(&Y); mbedtls_mpi_init(&U); mbedtls_mpi_init(&V); + + MBEDTLS_MPI_CHK(mbedtls_mpi_read_string(&A, 16, + "EFE021C2645FD1DC586E69184AF4A31E" \ + "D5F53E93B5F123FA41680867BA110131" \ + "944FE7952E2517337780CB0DB80E61AA" \ + "E7C8DDC6C5C6AADEB34EB38A2F40D5E6")); + + MBEDTLS_MPI_CHK(mbedtls_mpi_read_string(&E, 16, + "B2E7EFD37075B9F03FF989C7C5051C20" \ + "34D2A323810251127E7BF8625A4F49A5" \ + "F3E27F4DA8BD59C47D6DAABA4C8127BD" \ + "5B5C25763222FEFCCFC38B832366C29E")); + + MBEDTLS_MPI_CHK(mbedtls_mpi_read_string(&N, 16, + "0066A198186C18C10B2F5ED9B522752A" \ + "9830B69916E535C8F047518A889A43A5" \ + "94B6BED27A168D31D4A52F88925AA8F5")); + + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&X, &A, &N)); + + MBEDTLS_MPI_CHK(mbedtls_mpi_read_string(&U, 16, + "602AB7ECA597A3D6B56FF9829A5E8B85" \ + "9E857EA95A03512E2BAE7391688D264A" \ + "A5663B0341DB9CCFD2C4C5F421FEC814" \ + "8001B72E848A38CAE1C65F78E56ABDEF" \ + "E12D3C039B8A02D6BE593F0BBBDA56F1" \ + "ECF677152EF804370C1A305CAF3B5BF1" \ + "30879B56C61DE584A0F53A2447A51E")); + + if (verbose != 0) { + mbedtls_printf(" MPI test #1 (mul_mpi): "); + } + + if (mbedtls_mpi_cmp_mpi(&X, &U) != 0) { + if (verbose != 0) { + mbedtls_printf("failed\n"); + } ret = 1; goto cleanup; } - if( verbose != 0 ) - mbedtls_printf( "passed\n" ); + if (verbose != 0) { + mbedtls_printf("passed\n"); + } - MBEDTLS_MPI_CHK( mbedtls_mpi_div_mpi( &X, &Y, &A, &N ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_div_mpi(&X, &Y, &A, &N)); - MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &U, 16, - "256567336059E52CAE22925474705F39A94" ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_read_string(&U, 16, + "256567336059E52CAE22925474705F39A94")); - MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &V, 16, - "6613F26162223DF488E9CD48CC132C7A" \ - "0AC93C701B001B092E4E5B9F73BCD27B" \ - "9EE50D0657C77F374E903CDFA4C642" ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_read_string(&V, 16, + "6613F26162223DF488E9CD48CC132C7A" \ + "0AC93C701B001B092E4E5B9F73BCD27B" \ + "9EE50D0657C77F374E903CDFA4C642")); - if( verbose != 0 ) - mbedtls_printf( " MPI test #2 (div_mpi): " ); + if (verbose != 0) { + mbedtls_printf(" MPI test #2 (div_mpi): "); + } - if( mbedtls_mpi_cmp_mpi( &X, &U ) != 0 || - mbedtls_mpi_cmp_mpi( &Y, &V ) != 0 ) - { - if( verbose != 0 ) - mbedtls_printf( "failed\n" ); + if (mbedtls_mpi_cmp_mpi(&X, &U) != 0 || + mbedtls_mpi_cmp_mpi(&Y, &V) != 0) { + if (verbose != 0) { + mbedtls_printf("failed\n"); + } ret = 1; goto cleanup; } - if( verbose != 0 ) - mbedtls_printf( "passed\n" ); + if (verbose != 0) { + mbedtls_printf("passed\n"); + } - MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &X, &A, &E, &N, NULL ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_exp_mod(&X, &A, &E, &N, NULL)); - MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &U, 16, - "36E139AEA55215609D2816998ED020BB" \ - "BD96C37890F65171D948E9BC7CBAA4D9" \ - "325D24D6A3C12710F10A09FA08AB87" ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_read_string(&U, 16, + "36E139AEA55215609D2816998ED020BB" \ + "BD96C37890F65171D948E9BC7CBAA4D9" \ + "325D24D6A3C12710F10A09FA08AB87")); - if( verbose != 0 ) - mbedtls_printf( " MPI test #3 (exp_mod): " ); + if (verbose != 0) { + mbedtls_printf(" MPI test #3 (exp_mod): "); + } - if( mbedtls_mpi_cmp_mpi( &X, &U ) != 0 ) - { - if( verbose != 0 ) - mbedtls_printf( "failed\n" ); + if (mbedtls_mpi_cmp_mpi(&X, &U) != 0) { + if (verbose != 0) { + mbedtls_printf("failed\n"); + } ret = 1; goto cleanup; } - if( verbose != 0 ) - mbedtls_printf( "passed\n" ); + if (verbose != 0) { + mbedtls_printf("passed\n"); + } - MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( &X, &A, &N ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_inv_mod(&X, &A, &N)); - MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &U, 16, - "003A0AAEDD7E784FC07D8F9EC6E3BFD5" \ - "C3DBA76456363A10869622EAC2DD84EC" \ - "C5B8A74DAC4D09E03B5E0BE779F2DF61" ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_read_string(&U, 16, + "003A0AAEDD7E784FC07D8F9EC6E3BFD5" \ + "C3DBA76456363A10869622EAC2DD84EC" \ + "C5B8A74DAC4D09E03B5E0BE779F2DF61")); - if( verbose != 0 ) - mbedtls_printf( " MPI test #4 (inv_mod): " ); + if (verbose != 0) { + mbedtls_printf(" MPI test #4 (inv_mod): "); + } - if( mbedtls_mpi_cmp_mpi( &X, &U ) != 0 ) - { - if( verbose != 0 ) - mbedtls_printf( "failed\n" ); + if (mbedtls_mpi_cmp_mpi(&X, &U) != 0) { + if (verbose != 0) { + mbedtls_printf("failed\n"); + } ret = 1; goto cleanup; } - if( verbose != 0 ) - mbedtls_printf( "passed\n" ); + if (verbose != 0) { + mbedtls_printf("passed\n"); + } - if( verbose != 0 ) - mbedtls_printf( " MPI test #5 (simple gcd): " ); + if (verbose != 0) { + mbedtls_printf(" MPI test #5 (simple gcd): "); + } - for( i = 0; i < GCD_PAIR_COUNT; i++ ) - { - MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &X, gcd_pairs[i][0] ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &Y, gcd_pairs[i][1] ) ); + for (i = 0; i < GCD_PAIR_COUNT; i++) { + MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&X, gcd_pairs[i][0])); + MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&Y, gcd_pairs[i][1])); - MBEDTLS_MPI_CHK( mbedtls_mpi_gcd( &A, &X, &Y ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_gcd(&A, &X, &Y)); - if( mbedtls_mpi_cmp_int( &A, gcd_pairs[i][2] ) != 0 ) - { - if( verbose != 0 ) - mbedtls_printf( "failed at %d\n", i ); + if (mbedtls_mpi_cmp_int(&A, gcd_pairs[i][2]) != 0) { + if (verbose != 0) { + mbedtls_printf("failed at %d\n", i); + } ret = 1; goto cleanup; } } - if( verbose != 0 ) - mbedtls_printf( "passed\n" ); + if (verbose != 0) { + mbedtls_printf("passed\n"); + } cleanup: - if( ret != 0 && verbose != 0 ) - mbedtls_printf( "Unexpected error, return code = %08X\n", (unsigned int) ret ); + if (ret != 0 && verbose != 0) { + mbedtls_printf("Unexpected error, return code = %08X\n", (unsigned int) ret); + } - mbedtls_mpi_free( &A ); mbedtls_mpi_free( &E ); mbedtls_mpi_free( &N ); mbedtls_mpi_free( &X ); - mbedtls_mpi_free( &Y ); mbedtls_mpi_free( &U ); mbedtls_mpi_free( &V ); + mbedtls_mpi_free(&A); mbedtls_mpi_free(&E); mbedtls_mpi_free(&N); mbedtls_mpi_free(&X); + mbedtls_mpi_free(&Y); mbedtls_mpi_free(&U); mbedtls_mpi_free(&V); - if( verbose != 0 ) - mbedtls_printf( "\n" ); + if (verbose != 0) { + mbedtls_printf("\n"); + } - return( ret ); + return ret; } #endif /* MBEDTLS_SELF_TEST */ diff --git a/thirdparty/mbedtls/library/blowfish.c b/thirdparty/mbedtls/library/blowfish.c index 621e9f76cd..f56bb65bfd 100644 --- a/thirdparty/mbedtls/library/blowfish.c +++ b/thirdparty/mbedtls/library/blowfish.c @@ -35,42 +35,42 @@ #if !defined(MBEDTLS_BLOWFISH_ALT) /* Parameter validation macros */ -#define BLOWFISH_VALIDATE_RET( cond ) \ - MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA ) -#define BLOWFISH_VALIDATE( cond ) \ - MBEDTLS_INTERNAL_VALIDATE( cond ) +#define BLOWFISH_VALIDATE_RET(cond) \ + MBEDTLS_INTERNAL_VALIDATE_RET(cond, MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA) +#define BLOWFISH_VALIDATE(cond) \ + MBEDTLS_INTERNAL_VALIDATE(cond) static const uint32_t P[MBEDTLS_BLOWFISH_ROUNDS + 2] = { - 0x243F6A88L, 0x85A308D3L, 0x13198A2EL, 0x03707344L, - 0xA4093822L, 0x299F31D0L, 0x082EFA98L, 0xEC4E6C89L, - 0x452821E6L, 0x38D01377L, 0xBE5466CFL, 0x34E90C6CL, - 0xC0AC29B7L, 0xC97C50DDL, 0x3F84D5B5L, 0xB5470917L, - 0x9216D5D9L, 0x8979FB1BL + 0x243F6A88L, 0x85A308D3L, 0x13198A2EL, 0x03707344L, + 0xA4093822L, 0x299F31D0L, 0x082EFA98L, 0xEC4E6C89L, + 0x452821E6L, 0x38D01377L, 0xBE5466CFL, 0x34E90C6CL, + 0xC0AC29B7L, 0xC97C50DDL, 0x3F84D5B5L, 0xB5470917L, + 0x9216D5D9L, 0x8979FB1BL }; /* declarations of data at the end of this file */ static const uint32_t S[4][256]; -static uint32_t F( mbedtls_blowfish_context *ctx, uint32_t x ) +static uint32_t F(mbedtls_blowfish_context *ctx, uint32_t x) { - unsigned short a, b, c, d; - uint32_t y; - - d = MBEDTLS_BYTE_0( x ); - x >>= 8; - c = MBEDTLS_BYTE_0( x ); - x >>= 8; - b = MBEDTLS_BYTE_0( x ); - x >>= 8; - a = MBEDTLS_BYTE_0( x ); - y = ctx->S[0][a] + ctx->S[1][b]; - y = y ^ ctx->S[2][c]; - y = y + ctx->S[3][d]; - - return( y ); + unsigned short a, b, c, d; + uint32_t y; + + d = MBEDTLS_BYTE_0(x); + x >>= 8; + c = MBEDTLS_BYTE_0(x); + x >>= 8; + b = MBEDTLS_BYTE_0(x); + x >>= 8; + a = MBEDTLS_BYTE_0(x); + y = ctx->S[0][a] + ctx->S[1][b]; + y = y ^ ctx->S[2][c]; + y = y + ctx->S[3][d]; + + return y; } -static void blowfish_enc( mbedtls_blowfish_context *ctx, uint32_t *xl, uint32_t *xr ) +static void blowfish_enc(mbedtls_blowfish_context *ctx, uint32_t *xl, uint32_t *xr) { uint32_t Xl, Xr, temp; short i; @@ -78,10 +78,9 @@ static void blowfish_enc( mbedtls_blowfish_context *ctx, uint32_t *xl, uint32_t Xl = *xl; Xr = *xr; - for( i = 0; i < MBEDTLS_BLOWFISH_ROUNDS; ++i ) - { + for (i = 0; i < MBEDTLS_BLOWFISH_ROUNDS; ++i) { Xl = Xl ^ ctx->P[i]; - Xr = F( ctx, Xl ) ^ Xr; + Xr = F(ctx, Xl) ^ Xr; temp = Xl; Xl = Xr; @@ -99,7 +98,7 @@ static void blowfish_enc( mbedtls_blowfish_context *ctx, uint32_t *xl, uint32_t *xr = Xr; } -static void blowfish_dec( mbedtls_blowfish_context *ctx, uint32_t *xl, uint32_t *xr ) +static void blowfish_dec(mbedtls_blowfish_context *ctx, uint32_t *xl, uint32_t *xr) { uint32_t Xl, Xr, temp; short i; @@ -107,10 +106,9 @@ static void blowfish_dec( mbedtls_blowfish_context *ctx, uint32_t *xl, uint32_t Xl = *xl; Xr = *xr; - for( i = MBEDTLS_BLOWFISH_ROUNDS + 1; i > 1; --i ) - { + for (i = MBEDTLS_BLOWFISH_ROUNDS + 1; i > 1; --i) { Xl = Xl ^ ctx->P[i]; - Xr = F( ctx, Xl ) ^ Xr; + Xr = F(ctx, Xl) ^ Xr; temp = Xl; Xl = Xr; @@ -128,56 +126,55 @@ static void blowfish_dec( mbedtls_blowfish_context *ctx, uint32_t *xl, uint32_t *xr = Xr; } -void mbedtls_blowfish_init( mbedtls_blowfish_context *ctx ) +void mbedtls_blowfish_init(mbedtls_blowfish_context *ctx) { - BLOWFISH_VALIDATE( ctx != NULL ); - memset( ctx, 0, sizeof( mbedtls_blowfish_context ) ); + BLOWFISH_VALIDATE(ctx != NULL); + memset(ctx, 0, sizeof(mbedtls_blowfish_context)); } -void mbedtls_blowfish_free( mbedtls_blowfish_context *ctx ) +void mbedtls_blowfish_free(mbedtls_blowfish_context *ctx) { - if( ctx == NULL ) + if (ctx == NULL) { return; + } - mbedtls_platform_zeroize( ctx, sizeof( mbedtls_blowfish_context ) ); + mbedtls_platform_zeroize(ctx, sizeof(mbedtls_blowfish_context)); } /* * Blowfish key schedule */ -int mbedtls_blowfish_setkey( mbedtls_blowfish_context *ctx, - const unsigned char *key, - unsigned int keybits ) +int mbedtls_blowfish_setkey(mbedtls_blowfish_context *ctx, + const unsigned char *key, + unsigned int keybits) { unsigned int i, j, k; uint32_t data, datal, datar; - BLOWFISH_VALIDATE_RET( ctx != NULL ); - BLOWFISH_VALIDATE_RET( key != NULL ); + BLOWFISH_VALIDATE_RET(ctx != NULL); + BLOWFISH_VALIDATE_RET(key != NULL); - if( keybits < MBEDTLS_BLOWFISH_MIN_KEY_BITS || + if (keybits < MBEDTLS_BLOWFISH_MIN_KEY_BITS || keybits > MBEDTLS_BLOWFISH_MAX_KEY_BITS || - keybits % 8 != 0 ) - { - return( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA ); + keybits % 8 != 0) { + return MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA; } keybits >>= 3; - for( i = 0; i < 4; i++ ) - { - for( j = 0; j < 256; j++ ) + for (i = 0; i < 4; i++) { + for (j = 0; j < 256; j++) { ctx->S[i][j] = S[i][j]; + } } j = 0; - for( i = 0; i < MBEDTLS_BLOWFISH_ROUNDS + 2; ++i ) - { + for (i = 0; i < MBEDTLS_BLOWFISH_ROUNDS + 2; ++i) { data = 0x00000000; - for( k = 0; k < 4; ++k ) - { - data = ( data << 8 ) | key[j++]; - if( j >= keybits ) + for (k = 0; k < 4; ++k) { + data = (data << 8) | key[j++]; + if (j >= keybits) { j = 0; + } } ctx->P[i] = P[i] ^ data; } @@ -185,107 +182,99 @@ int mbedtls_blowfish_setkey( mbedtls_blowfish_context *ctx, datal = 0x00000000; datar = 0x00000000; - for( i = 0; i < MBEDTLS_BLOWFISH_ROUNDS + 2; i += 2 ) - { - blowfish_enc( ctx, &datal, &datar ); + for (i = 0; i < MBEDTLS_BLOWFISH_ROUNDS + 2; i += 2) { + blowfish_enc(ctx, &datal, &datar); ctx->P[i] = datal; ctx->P[i + 1] = datar; } - for( i = 0; i < 4; i++ ) - { - for( j = 0; j < 256; j += 2 ) - { - blowfish_enc( ctx, &datal, &datar ); + for (i = 0; i < 4; i++) { + for (j = 0; j < 256; j += 2) { + blowfish_enc(ctx, &datal, &datar); ctx->S[i][j] = datal; ctx->S[i][j + 1] = datar; } } - return( 0 ); + return 0; } /* * Blowfish-ECB block encryption/decryption */ -int mbedtls_blowfish_crypt_ecb( mbedtls_blowfish_context *ctx, - int mode, - const unsigned char input[MBEDTLS_BLOWFISH_BLOCKSIZE], - unsigned char output[MBEDTLS_BLOWFISH_BLOCKSIZE] ) +int mbedtls_blowfish_crypt_ecb(mbedtls_blowfish_context *ctx, + int mode, + const unsigned char input[MBEDTLS_BLOWFISH_BLOCKSIZE], + unsigned char output[MBEDTLS_BLOWFISH_BLOCKSIZE]) { uint32_t X0, X1; - BLOWFISH_VALIDATE_RET( ctx != NULL ); - BLOWFISH_VALIDATE_RET( mode == MBEDTLS_BLOWFISH_ENCRYPT || - mode == MBEDTLS_BLOWFISH_DECRYPT ); - BLOWFISH_VALIDATE_RET( input != NULL ); - BLOWFISH_VALIDATE_RET( output != NULL ); - - X0 = MBEDTLS_GET_UINT32_BE( input, 0 ); - X1 = MBEDTLS_GET_UINT32_BE( input, 4 ); - - if( mode == MBEDTLS_BLOWFISH_DECRYPT ) - { - blowfish_dec( ctx, &X0, &X1 ); - } - else /* MBEDTLS_BLOWFISH_ENCRYPT */ - { - blowfish_enc( ctx, &X0, &X1 ); + BLOWFISH_VALIDATE_RET(ctx != NULL); + BLOWFISH_VALIDATE_RET(mode == MBEDTLS_BLOWFISH_ENCRYPT || + mode == MBEDTLS_BLOWFISH_DECRYPT); + BLOWFISH_VALIDATE_RET(input != NULL); + BLOWFISH_VALIDATE_RET(output != NULL); + + X0 = MBEDTLS_GET_UINT32_BE(input, 0); + X1 = MBEDTLS_GET_UINT32_BE(input, 4); + + if (mode == MBEDTLS_BLOWFISH_DECRYPT) { + blowfish_dec(ctx, &X0, &X1); + } else { /* MBEDTLS_BLOWFISH_ENCRYPT */ + blowfish_enc(ctx, &X0, &X1); } - MBEDTLS_PUT_UINT32_BE( X0, output, 0 ); - MBEDTLS_PUT_UINT32_BE( X1, output, 4 ); + MBEDTLS_PUT_UINT32_BE(X0, output, 0); + MBEDTLS_PUT_UINT32_BE(X1, output, 4); - return( 0 ); + return 0; } #if defined(MBEDTLS_CIPHER_MODE_CBC) /* * Blowfish-CBC buffer encryption/decryption */ -int mbedtls_blowfish_crypt_cbc( mbedtls_blowfish_context *ctx, - int mode, - size_t length, - unsigned char iv[MBEDTLS_BLOWFISH_BLOCKSIZE], - const unsigned char *input, - unsigned char *output ) +int mbedtls_blowfish_crypt_cbc(mbedtls_blowfish_context *ctx, + int mode, + size_t length, + unsigned char iv[MBEDTLS_BLOWFISH_BLOCKSIZE], + const unsigned char *input, + unsigned char *output) { int i; unsigned char temp[MBEDTLS_BLOWFISH_BLOCKSIZE]; - BLOWFISH_VALIDATE_RET( ctx != NULL ); - BLOWFISH_VALIDATE_RET( mode == MBEDTLS_BLOWFISH_ENCRYPT || - mode == MBEDTLS_BLOWFISH_DECRYPT ); - BLOWFISH_VALIDATE_RET( iv != NULL ); - BLOWFISH_VALIDATE_RET( length == 0 || input != NULL ); - BLOWFISH_VALIDATE_RET( length == 0 || output != NULL ); - - if( length % MBEDTLS_BLOWFISH_BLOCKSIZE ) - return( MBEDTLS_ERR_BLOWFISH_INVALID_INPUT_LENGTH ); + BLOWFISH_VALIDATE_RET(ctx != NULL); + BLOWFISH_VALIDATE_RET(mode == MBEDTLS_BLOWFISH_ENCRYPT || + mode == MBEDTLS_BLOWFISH_DECRYPT); + BLOWFISH_VALIDATE_RET(iv != NULL); + BLOWFISH_VALIDATE_RET(length == 0 || input != NULL); + BLOWFISH_VALIDATE_RET(length == 0 || output != NULL); + + if (length % MBEDTLS_BLOWFISH_BLOCKSIZE) { + return MBEDTLS_ERR_BLOWFISH_INVALID_INPUT_LENGTH; + } - if( mode == MBEDTLS_BLOWFISH_DECRYPT ) - { - while( length > 0 ) - { - memcpy( temp, input, MBEDTLS_BLOWFISH_BLOCKSIZE ); - mbedtls_blowfish_crypt_ecb( ctx, mode, input, output ); + if (mode == MBEDTLS_BLOWFISH_DECRYPT) { + while (length > 0) { + memcpy(temp, input, MBEDTLS_BLOWFISH_BLOCKSIZE); + mbedtls_blowfish_crypt_ecb(ctx, mode, input, output); - for( i = 0; i < MBEDTLS_BLOWFISH_BLOCKSIZE;i++ ) - output[i] = (unsigned char)( output[i] ^ iv[i] ); + for (i = 0; i < MBEDTLS_BLOWFISH_BLOCKSIZE; i++) { + output[i] = (unsigned char) (output[i] ^ iv[i]); + } - memcpy( iv, temp, MBEDTLS_BLOWFISH_BLOCKSIZE ); + memcpy(iv, temp, MBEDTLS_BLOWFISH_BLOCKSIZE); input += MBEDTLS_BLOWFISH_BLOCKSIZE; output += MBEDTLS_BLOWFISH_BLOCKSIZE; length -= MBEDTLS_BLOWFISH_BLOCKSIZE; } - } - else - { - while( length > 0 ) - { - for( i = 0; i < MBEDTLS_BLOWFISH_BLOCKSIZE; i++ ) - output[i] = (unsigned char)( input[i] ^ iv[i] ); + } else { + while (length > 0) { + for (i = 0; i < MBEDTLS_BLOWFISH_BLOCKSIZE; i++) { + output[i] = (unsigned char) (input[i] ^ iv[i]); + } - mbedtls_blowfish_crypt_ecb( ctx, mode, output, output ); - memcpy( iv, output, MBEDTLS_BLOWFISH_BLOCKSIZE ); + mbedtls_blowfish_crypt_ecb(ctx, mode, output, output); + memcpy(iv, output, MBEDTLS_BLOWFISH_BLOCKSIZE); input += MBEDTLS_BLOWFISH_BLOCKSIZE; output += MBEDTLS_BLOWFISH_BLOCKSIZE; @@ -293,7 +282,7 @@ int mbedtls_blowfish_crypt_cbc( mbedtls_blowfish_context *ctx, } } - return( 0 ); + return 0; } #endif /* MBEDTLS_CIPHER_MODE_CBC */ @@ -301,59 +290,57 @@ int mbedtls_blowfish_crypt_cbc( mbedtls_blowfish_context *ctx, /* * Blowfish CFB buffer encryption/decryption */ -int mbedtls_blowfish_crypt_cfb64( mbedtls_blowfish_context *ctx, - int mode, - size_t length, - size_t *iv_off, - unsigned char iv[MBEDTLS_BLOWFISH_BLOCKSIZE], - const unsigned char *input, - unsigned char *output ) +int mbedtls_blowfish_crypt_cfb64(mbedtls_blowfish_context *ctx, + int mode, + size_t length, + size_t *iv_off, + unsigned char iv[MBEDTLS_BLOWFISH_BLOCKSIZE], + const unsigned char *input, + unsigned char *output) { int c; size_t n; - BLOWFISH_VALIDATE_RET( ctx != NULL ); - BLOWFISH_VALIDATE_RET( mode == MBEDTLS_BLOWFISH_ENCRYPT || - mode == MBEDTLS_BLOWFISH_DECRYPT ); - BLOWFISH_VALIDATE_RET( iv != NULL ); - BLOWFISH_VALIDATE_RET( iv_off != NULL ); - BLOWFISH_VALIDATE_RET( length == 0 || input != NULL ); - BLOWFISH_VALIDATE_RET( length == 0 || output != NULL ); + BLOWFISH_VALIDATE_RET(ctx != NULL); + BLOWFISH_VALIDATE_RET(mode == MBEDTLS_BLOWFISH_ENCRYPT || + mode == MBEDTLS_BLOWFISH_DECRYPT); + BLOWFISH_VALIDATE_RET(iv != NULL); + BLOWFISH_VALIDATE_RET(iv_off != NULL); + BLOWFISH_VALIDATE_RET(length == 0 || input != NULL); + BLOWFISH_VALIDATE_RET(length == 0 || output != NULL); n = *iv_off; - if( n >= 8 ) - return( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA ); + if (n >= 8) { + return MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA; + } - if( mode == MBEDTLS_BLOWFISH_DECRYPT ) - { - while( length-- ) - { - if( n == 0 ) - mbedtls_blowfish_crypt_ecb( ctx, MBEDTLS_BLOWFISH_ENCRYPT, iv, iv ); + if (mode == MBEDTLS_BLOWFISH_DECRYPT) { + while (length--) { + if (n == 0) { + mbedtls_blowfish_crypt_ecb(ctx, MBEDTLS_BLOWFISH_ENCRYPT, iv, iv); + } c = *input++; - *output++ = (unsigned char)( c ^ iv[n] ); + *output++ = (unsigned char) (c ^ iv[n]); iv[n] = (unsigned char) c; - n = ( n + 1 ) % MBEDTLS_BLOWFISH_BLOCKSIZE; + n = (n + 1) % MBEDTLS_BLOWFISH_BLOCKSIZE; } - } - else - { - while( length-- ) - { - if( n == 0 ) - mbedtls_blowfish_crypt_ecb( ctx, MBEDTLS_BLOWFISH_ENCRYPT, iv, iv ); + } else { + while (length--) { + if (n == 0) { + mbedtls_blowfish_crypt_ecb(ctx, MBEDTLS_BLOWFISH_ENCRYPT, iv, iv); + } - iv[n] = *output++ = (unsigned char)( iv[n] ^ *input++ ); + iv[n] = *output++ = (unsigned char) (iv[n] ^ *input++); - n = ( n + 1 ) % MBEDTLS_BLOWFISH_BLOCKSIZE; + n = (n + 1) % MBEDTLS_BLOWFISH_BLOCKSIZE; } } *iv_off = n; - return( 0 ); + return 0; } #endif /*MBEDTLS_CIPHER_MODE_CFB */ @@ -361,46 +348,48 @@ int mbedtls_blowfish_crypt_cfb64( mbedtls_blowfish_context *ctx, /* * Blowfish CTR buffer encryption/decryption */ -int mbedtls_blowfish_crypt_ctr( mbedtls_blowfish_context *ctx, - size_t length, - size_t *nc_off, - unsigned char nonce_counter[MBEDTLS_BLOWFISH_BLOCKSIZE], - unsigned char stream_block[MBEDTLS_BLOWFISH_BLOCKSIZE], - const unsigned char *input, - unsigned char *output ) +int mbedtls_blowfish_crypt_ctr(mbedtls_blowfish_context *ctx, + size_t length, + size_t *nc_off, + unsigned char nonce_counter[MBEDTLS_BLOWFISH_BLOCKSIZE], + unsigned char stream_block[MBEDTLS_BLOWFISH_BLOCKSIZE], + const unsigned char *input, + unsigned char *output) { int c, i; size_t n; - BLOWFISH_VALIDATE_RET( ctx != NULL ); - BLOWFISH_VALIDATE_RET( nonce_counter != NULL ); - BLOWFISH_VALIDATE_RET( stream_block != NULL ); - BLOWFISH_VALIDATE_RET( nc_off != NULL ); - BLOWFISH_VALIDATE_RET( length == 0 || input != NULL ); - BLOWFISH_VALIDATE_RET( length == 0 || output != NULL ); + BLOWFISH_VALIDATE_RET(ctx != NULL); + BLOWFISH_VALIDATE_RET(nonce_counter != NULL); + BLOWFISH_VALIDATE_RET(stream_block != NULL); + BLOWFISH_VALIDATE_RET(nc_off != NULL); + BLOWFISH_VALIDATE_RET(length == 0 || input != NULL); + BLOWFISH_VALIDATE_RET(length == 0 || output != NULL); n = *nc_off; - if( n >= 8 ) - return( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA ); + if (n >= 8) { + return MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA; + } - while( length-- ) - { - if( n == 0 ) { - mbedtls_blowfish_crypt_ecb( ctx, MBEDTLS_BLOWFISH_ENCRYPT, nonce_counter, - stream_block ); + while (length--) { + if (n == 0) { + mbedtls_blowfish_crypt_ecb(ctx, MBEDTLS_BLOWFISH_ENCRYPT, nonce_counter, + stream_block); - for( i = MBEDTLS_BLOWFISH_BLOCKSIZE; i > 0; i-- ) - if( ++nonce_counter[i - 1] != 0 ) + for (i = MBEDTLS_BLOWFISH_BLOCKSIZE; i > 0; i--) { + if (++nonce_counter[i - 1] != 0) { break; + } + } } c = *input++; - *output++ = (unsigned char)( c ^ stream_block[n] ); + *output++ = (unsigned char) (c ^ stream_block[n]); - n = ( n + 1 ) % MBEDTLS_BLOWFISH_BLOCKSIZE; + n = (n + 1) % MBEDTLS_BLOWFISH_BLOCKSIZE; } *nc_off = n; - return( 0 ); + return 0; } #endif /* MBEDTLS_CIPHER_MODE_CTR */ diff --git a/thirdparty/mbedtls/library/camellia.c b/thirdparty/mbedtls/library/camellia.c index e90cd7f134..ce034d74fb 100644 --- a/thirdparty/mbedtls/library/camellia.c +++ b/thirdparty/mbedtls/library/camellia.c @@ -37,10 +37,10 @@ #if !defined(MBEDTLS_CAMELLIA_ALT) /* Parameter validation macros */ -#define CAMELLIA_VALIDATE_RET( cond ) \ - MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA ) -#define CAMELLIA_VALIDATE( cond ) \ - MBEDTLS_INTERNAL_VALIDATE( cond ) +#define CAMELLIA_VALIDATE_RET(cond) \ + MBEDTLS_INTERNAL_VALIDATE_RET(cond, MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA) +#define CAMELLIA_VALIDATE(cond) \ + MBEDTLS_INTERNAL_VALIDATE(cond) static const unsigned char SIGMA_CHARS[6][8] = { @@ -56,109 +56,109 @@ static const unsigned char SIGMA_CHARS[6][8] = static const unsigned char FSb[256] = { - 112,130, 44,236,179, 39,192,229,228,133, 87, 53,234, 12,174, 65, - 35,239,107,147, 69, 25,165, 33,237, 14, 79, 78, 29,101,146,189, - 134,184,175,143,124,235, 31,206, 62, 48,220, 95, 94,197, 11, 26, - 166,225, 57,202,213, 71, 93, 61,217, 1, 90,214, 81, 86,108, 77, - 139, 13,154,102,251,204,176, 45,116, 18, 43, 32,240,177,132,153, - 223, 76,203,194, 52,126,118, 5,109,183,169, 49,209, 23, 4,215, - 20, 88, 58, 97,222, 27, 17, 28, 50, 15,156, 22, 83, 24,242, 34, - 254, 68,207,178,195,181,122,145, 36, 8,232,168, 96,252,105, 80, - 170,208,160,125,161,137, 98,151, 84, 91, 30,149,224,255,100,210, - 16,196, 0, 72,163,247,117,219,138, 3,230,218, 9, 63,221,148, - 135, 92,131, 2,205, 74,144, 51,115,103,246,243,157,127,191,226, - 82,155,216, 38,200, 55,198, 59,129,150,111, 75, 19,190, 99, 46, - 233,121,167,140,159,110,188,142, 41,245,249,182, 47,253,180, 89, - 120,152, 6,106,231, 70,113,186,212, 37,171, 66,136,162,141,250, - 114, 7,185, 85,248,238,172, 10, 54, 73, 42,104, 60, 56,241,164, - 64, 40,211,123,187,201, 67,193, 21,227,173,244,119,199,128,158 + 112, 130, 44, 236, 179, 39, 192, 229, 228, 133, 87, 53, 234, 12, 174, 65, + 35, 239, 107, 147, 69, 25, 165, 33, 237, 14, 79, 78, 29, 101, 146, 189, + 134, 184, 175, 143, 124, 235, 31, 206, 62, 48, 220, 95, 94, 197, 11, 26, + 166, 225, 57, 202, 213, 71, 93, 61, 217, 1, 90, 214, 81, 86, 108, 77, + 139, 13, 154, 102, 251, 204, 176, 45, 116, 18, 43, 32, 240, 177, 132, 153, + 223, 76, 203, 194, 52, 126, 118, 5, 109, 183, 169, 49, 209, 23, 4, 215, + 20, 88, 58, 97, 222, 27, 17, 28, 50, 15, 156, 22, 83, 24, 242, 34, + 254, 68, 207, 178, 195, 181, 122, 145, 36, 8, 232, 168, 96, 252, 105, 80, + 170, 208, 160, 125, 161, 137, 98, 151, 84, 91, 30, 149, 224, 255, 100, 210, + 16, 196, 0, 72, 163, 247, 117, 219, 138, 3, 230, 218, 9, 63, 221, 148, + 135, 92, 131, 2, 205, 74, 144, 51, 115, 103, 246, 243, 157, 127, 191, 226, + 82, 155, 216, 38, 200, 55, 198, 59, 129, 150, 111, 75, 19, 190, 99, 46, + 233, 121, 167, 140, 159, 110, 188, 142, 41, 245, 249, 182, 47, 253, 180, 89, + 120, 152, 6, 106, 231, 70, 113, 186, 212, 37, 171, 66, 136, 162, 141, 250, + 114, 7, 185, 85, 248, 238, 172, 10, 54, 73, 42, 104, 60, 56, 241, 164, + 64, 40, 211, 123, 187, 201, 67, 193, 21, 227, 173, 244, 119, 199, 128, 158 }; #define SBOX1(n) FSb[(n)] -#define SBOX2(n) (unsigned char)((FSb[(n)] >> 7 ^ FSb[(n)] << 1) & 0xff) -#define SBOX3(n) (unsigned char)((FSb[(n)] >> 1 ^ FSb[(n)] << 7) & 0xff) +#define SBOX2(n) (unsigned char) ((FSb[(n)] >> 7 ^ FSb[(n)] << 1) & 0xff) +#define SBOX3(n) (unsigned char) ((FSb[(n)] >> 1 ^ FSb[(n)] << 7) & 0xff) #define SBOX4(n) FSb[((n) << 1 ^ (n) >> 7) &0xff] #else /* MBEDTLS_CAMELLIA_SMALL_MEMORY */ static const unsigned char FSb[256] = { - 112, 130, 44, 236, 179, 39, 192, 229, 228, 133, 87, 53, 234, 12, 174, 65, - 35, 239, 107, 147, 69, 25, 165, 33, 237, 14, 79, 78, 29, 101, 146, 189, - 134, 184, 175, 143, 124, 235, 31, 206, 62, 48, 220, 95, 94, 197, 11, 26, - 166, 225, 57, 202, 213, 71, 93, 61, 217, 1, 90, 214, 81, 86, 108, 77, - 139, 13, 154, 102, 251, 204, 176, 45, 116, 18, 43, 32, 240, 177, 132, 153, - 223, 76, 203, 194, 52, 126, 118, 5, 109, 183, 169, 49, 209, 23, 4, 215, - 20, 88, 58, 97, 222, 27, 17, 28, 50, 15, 156, 22, 83, 24, 242, 34, - 254, 68, 207, 178, 195, 181, 122, 145, 36, 8, 232, 168, 96, 252, 105, 80, - 170, 208, 160, 125, 161, 137, 98, 151, 84, 91, 30, 149, 224, 255, 100, 210, - 16, 196, 0, 72, 163, 247, 117, 219, 138, 3, 230, 218, 9, 63, 221, 148, - 135, 92, 131, 2, 205, 74, 144, 51, 115, 103, 246, 243, 157, 127, 191, 226, - 82, 155, 216, 38, 200, 55, 198, 59, 129, 150, 111, 75, 19, 190, 99, 46, - 233, 121, 167, 140, 159, 110, 188, 142, 41, 245, 249, 182, 47, 253, 180, 89, - 120, 152, 6, 106, 231, 70, 113, 186, 212, 37, 171, 66, 136, 162, 141, 250, - 114, 7, 185, 85, 248, 238, 172, 10, 54, 73, 42, 104, 60, 56, 241, 164, - 64, 40, 211, 123, 187, 201, 67, 193, 21, 227, 173, 244, 119, 199, 128, 158 + 112, 130, 44, 236, 179, 39, 192, 229, 228, 133, 87, 53, 234, 12, 174, 65, + 35, 239, 107, 147, 69, 25, 165, 33, 237, 14, 79, 78, 29, 101, 146, 189, + 134, 184, 175, 143, 124, 235, 31, 206, 62, 48, 220, 95, 94, 197, 11, 26, + 166, 225, 57, 202, 213, 71, 93, 61, 217, 1, 90, 214, 81, 86, 108, 77, + 139, 13, 154, 102, 251, 204, 176, 45, 116, 18, 43, 32, 240, 177, 132, 153, + 223, 76, 203, 194, 52, 126, 118, 5, 109, 183, 169, 49, 209, 23, 4, 215, + 20, 88, 58, 97, 222, 27, 17, 28, 50, 15, 156, 22, 83, 24, 242, 34, + 254, 68, 207, 178, 195, 181, 122, 145, 36, 8, 232, 168, 96, 252, 105, 80, + 170, 208, 160, 125, 161, 137, 98, 151, 84, 91, 30, 149, 224, 255, 100, 210, + 16, 196, 0, 72, 163, 247, 117, 219, 138, 3, 230, 218, 9, 63, 221, 148, + 135, 92, 131, 2, 205, 74, 144, 51, 115, 103, 246, 243, 157, 127, 191, 226, + 82, 155, 216, 38, 200, 55, 198, 59, 129, 150, 111, 75, 19, 190, 99, 46, + 233, 121, 167, 140, 159, 110, 188, 142, 41, 245, 249, 182, 47, 253, 180, 89, + 120, 152, 6, 106, 231, 70, 113, 186, 212, 37, 171, 66, 136, 162, 141, 250, + 114, 7, 185, 85, 248, 238, 172, 10, 54, 73, 42, 104, 60, 56, 241, 164, + 64, 40, 211, 123, 187, 201, 67, 193, 21, 227, 173, 244, 119, 199, 128, 158 }; static const unsigned char FSb2[256] = { - 224, 5, 88, 217, 103, 78, 129, 203, 201, 11, 174, 106, 213, 24, 93, 130, - 70, 223, 214, 39, 138, 50, 75, 66, 219, 28, 158, 156, 58, 202, 37, 123, - 13, 113, 95, 31, 248, 215, 62, 157, 124, 96, 185, 190, 188, 139, 22, 52, - 77, 195, 114, 149, 171, 142, 186, 122, 179, 2, 180, 173, 162, 172, 216, 154, - 23, 26, 53, 204, 247, 153, 97, 90, 232, 36, 86, 64, 225, 99, 9, 51, - 191, 152, 151, 133, 104, 252, 236, 10, 218, 111, 83, 98, 163, 46, 8, 175, - 40, 176, 116, 194, 189, 54, 34, 56, 100, 30, 57, 44, 166, 48, 229, 68, - 253, 136, 159, 101, 135, 107, 244, 35, 72, 16, 209, 81, 192, 249, 210, 160, - 85, 161, 65, 250, 67, 19, 196, 47, 168, 182, 60, 43, 193, 255, 200, 165, - 32, 137, 0, 144, 71, 239, 234, 183, 21, 6, 205, 181, 18, 126, 187, 41, - 15, 184, 7, 4, 155, 148, 33, 102, 230, 206, 237, 231, 59, 254, 127, 197, - 164, 55, 177, 76, 145, 110, 141, 118, 3, 45, 222, 150, 38, 125, 198, 92, - 211, 242, 79, 25, 63, 220, 121, 29, 82, 235, 243, 109, 94, 251, 105, 178, - 240, 49, 12, 212, 207, 140, 226, 117, 169, 74, 87, 132, 17, 69, 27, 245, - 228, 14, 115, 170, 241, 221, 89, 20, 108, 146, 84, 208, 120, 112, 227, 73, - 128, 80, 167, 246, 119, 147, 134, 131, 42, 199, 91, 233, 238, 143, 1, 61 + 224, 5, 88, 217, 103, 78, 129, 203, 201, 11, 174, 106, 213, 24, 93, 130, + 70, 223, 214, 39, 138, 50, 75, 66, 219, 28, 158, 156, 58, 202, 37, 123, + 13, 113, 95, 31, 248, 215, 62, 157, 124, 96, 185, 190, 188, 139, 22, 52, + 77, 195, 114, 149, 171, 142, 186, 122, 179, 2, 180, 173, 162, 172, 216, 154, + 23, 26, 53, 204, 247, 153, 97, 90, 232, 36, 86, 64, 225, 99, 9, 51, + 191, 152, 151, 133, 104, 252, 236, 10, 218, 111, 83, 98, 163, 46, 8, 175, + 40, 176, 116, 194, 189, 54, 34, 56, 100, 30, 57, 44, 166, 48, 229, 68, + 253, 136, 159, 101, 135, 107, 244, 35, 72, 16, 209, 81, 192, 249, 210, 160, + 85, 161, 65, 250, 67, 19, 196, 47, 168, 182, 60, 43, 193, 255, 200, 165, + 32, 137, 0, 144, 71, 239, 234, 183, 21, 6, 205, 181, 18, 126, 187, 41, + 15, 184, 7, 4, 155, 148, 33, 102, 230, 206, 237, 231, 59, 254, 127, 197, + 164, 55, 177, 76, 145, 110, 141, 118, 3, 45, 222, 150, 38, 125, 198, 92, + 211, 242, 79, 25, 63, 220, 121, 29, 82, 235, 243, 109, 94, 251, 105, 178, + 240, 49, 12, 212, 207, 140, 226, 117, 169, 74, 87, 132, 17, 69, 27, 245, + 228, 14, 115, 170, 241, 221, 89, 20, 108, 146, 84, 208, 120, 112, 227, 73, + 128, 80, 167, 246, 119, 147, 134, 131, 42, 199, 91, 233, 238, 143, 1, 61 }; static const unsigned char FSb3[256] = { - 56, 65, 22, 118, 217, 147, 96, 242, 114, 194, 171, 154, 117, 6, 87, 160, - 145, 247, 181, 201, 162, 140, 210, 144, 246, 7, 167, 39, 142, 178, 73, 222, - 67, 92, 215, 199, 62, 245, 143, 103, 31, 24, 110, 175, 47, 226, 133, 13, - 83, 240, 156, 101, 234, 163, 174, 158, 236, 128, 45, 107, 168, 43, 54, 166, - 197, 134, 77, 51, 253, 102, 88, 150, 58, 9, 149, 16, 120, 216, 66, 204, - 239, 38, 229, 97, 26, 63, 59, 130, 182, 219, 212, 152, 232, 139, 2, 235, - 10, 44, 29, 176, 111, 141, 136, 14, 25, 135, 78, 11, 169, 12, 121, 17, - 127, 34, 231, 89, 225, 218, 61, 200, 18, 4, 116, 84, 48, 126, 180, 40, - 85, 104, 80, 190, 208, 196, 49, 203, 42, 173, 15, 202, 112, 255, 50, 105, - 8, 98, 0, 36, 209, 251, 186, 237, 69, 129, 115, 109, 132, 159, 238, 74, - 195, 46, 193, 1, 230, 37, 72, 153, 185, 179, 123, 249, 206, 191, 223, 113, - 41, 205, 108, 19, 100, 155, 99, 157, 192, 75, 183, 165, 137, 95, 177, 23, - 244, 188, 211, 70, 207, 55, 94, 71, 148, 250, 252, 91, 151, 254, 90, 172, - 60, 76, 3, 53, 243, 35, 184, 93, 106, 146, 213, 33, 68, 81, 198, 125, - 57, 131, 220, 170, 124, 119, 86, 5, 27, 164, 21, 52, 30, 28, 248, 82, - 32, 20, 233, 189, 221, 228, 161, 224, 138, 241, 214, 122, 187, 227, 64, 79 + 56, 65, 22, 118, 217, 147, 96, 242, 114, 194, 171, 154, 117, 6, 87, 160, + 145, 247, 181, 201, 162, 140, 210, 144, 246, 7, 167, 39, 142, 178, 73, 222, + 67, 92, 215, 199, 62, 245, 143, 103, 31, 24, 110, 175, 47, 226, 133, 13, + 83, 240, 156, 101, 234, 163, 174, 158, 236, 128, 45, 107, 168, 43, 54, 166, + 197, 134, 77, 51, 253, 102, 88, 150, 58, 9, 149, 16, 120, 216, 66, 204, + 239, 38, 229, 97, 26, 63, 59, 130, 182, 219, 212, 152, 232, 139, 2, 235, + 10, 44, 29, 176, 111, 141, 136, 14, 25, 135, 78, 11, 169, 12, 121, 17, + 127, 34, 231, 89, 225, 218, 61, 200, 18, 4, 116, 84, 48, 126, 180, 40, + 85, 104, 80, 190, 208, 196, 49, 203, 42, 173, 15, 202, 112, 255, 50, 105, + 8, 98, 0, 36, 209, 251, 186, 237, 69, 129, 115, 109, 132, 159, 238, 74, + 195, 46, 193, 1, 230, 37, 72, 153, 185, 179, 123, 249, 206, 191, 223, 113, + 41, 205, 108, 19, 100, 155, 99, 157, 192, 75, 183, 165, 137, 95, 177, 23, + 244, 188, 211, 70, 207, 55, 94, 71, 148, 250, 252, 91, 151, 254, 90, 172, + 60, 76, 3, 53, 243, 35, 184, 93, 106, 146, 213, 33, 68, 81, 198, 125, + 57, 131, 220, 170, 124, 119, 86, 5, 27, 164, 21, 52, 30, 28, 248, 82, + 32, 20, 233, 189, 221, 228, 161, 224, 138, 241, 214, 122, 187, 227, 64, 79 }; static const unsigned char FSb4[256] = { - 112, 44, 179, 192, 228, 87, 234, 174, 35, 107, 69, 165, 237, 79, 29, 146, - 134, 175, 124, 31, 62, 220, 94, 11, 166, 57, 213, 93, 217, 90, 81, 108, - 139, 154, 251, 176, 116, 43, 240, 132, 223, 203, 52, 118, 109, 169, 209, 4, - 20, 58, 222, 17, 50, 156, 83, 242, 254, 207, 195, 122, 36, 232, 96, 105, - 170, 160, 161, 98, 84, 30, 224, 100, 16, 0, 163, 117, 138, 230, 9, 221, - 135, 131, 205, 144, 115, 246, 157, 191, 82, 216, 200, 198, 129, 111, 19, 99, - 233, 167, 159, 188, 41, 249, 47, 180, 120, 6, 231, 113, 212, 171, 136, 141, - 114, 185, 248, 172, 54, 42, 60, 241, 64, 211, 187, 67, 21, 173, 119, 128, - 130, 236, 39, 229, 133, 53, 12, 65, 239, 147, 25, 33, 14, 78, 101, 189, - 184, 143, 235, 206, 48, 95, 197, 26, 225, 202, 71, 61, 1, 214, 86, 77, - 13, 102, 204, 45, 18, 32, 177, 153, 76, 194, 126, 5, 183, 49, 23, 215, - 88, 97, 27, 28, 15, 22, 24, 34, 68, 178, 181, 145, 8, 168, 252, 80, - 208, 125, 137, 151, 91, 149, 255, 210, 196, 72, 247, 219, 3, 218, 63, 148, - 92, 2, 74, 51, 103, 243, 127, 226, 155, 38, 55, 59, 150, 75, 190, 46, - 121, 140, 110, 142, 245, 182, 253, 89, 152, 106, 70, 186, 37, 66, 162, 250, - 7, 85, 238, 10, 73, 104, 56, 164, 40, 123, 201, 193, 227, 244, 199, 158 + 112, 44, 179, 192, 228, 87, 234, 174, 35, 107, 69, 165, 237, 79, 29, 146, + 134, 175, 124, 31, 62, 220, 94, 11, 166, 57, 213, 93, 217, 90, 81, 108, + 139, 154, 251, 176, 116, 43, 240, 132, 223, 203, 52, 118, 109, 169, 209, 4, + 20, 58, 222, 17, 50, 156, 83, 242, 254, 207, 195, 122, 36, 232, 96, 105, + 170, 160, 161, 98, 84, 30, 224, 100, 16, 0, 163, 117, 138, 230, 9, 221, + 135, 131, 205, 144, 115, 246, 157, 191, 82, 216, 200, 198, 129, 111, 19, 99, + 233, 167, 159, 188, 41, 249, 47, 180, 120, 6, 231, 113, 212, 171, 136, 141, + 114, 185, 248, 172, 54, 42, 60, 241, 64, 211, 187, 67, 21, 173, 119, 128, + 130, 236, 39, 229, 133, 53, 12, 65, 239, 147, 25, 33, 14, 78, 101, 189, + 184, 143, 235, 206, 48, 95, 197, 26, 225, 202, 71, 61, 1, 214, 86, 77, + 13, 102, 204, 45, 18, 32, 177, 153, 76, 194, 126, 5, 183, 49, 23, 215, + 88, 97, 27, 28, 15, 22, 24, 34, 68, 178, 181, 145, 8, 168, 252, 80, + 208, 125, 137, 151, 91, 149, 255, 210, 196, 72, 247, 219, 3, 218, 63, 148, + 92, 2, 74, 51, 103, 243, 127, 226, 155, 38, 55, 59, 150, 75, 190, 46, + 121, 140, 110, 142, 245, 182, 253, 89, 152, 106, 70, 186, 37, 66, 162, 250, + 7, 85, 238, 10, 73, 104, 56, 164, 40, 123, 201, 193, 227, 244, 199, 158 }; #define SBOX1(n) FSb[(n)] @@ -188,23 +188,23 @@ static const signed char indexes[2][4][20] = { { { 0, 1, 2, 3, 8, 9, 10, 11, 38, 39, - 36, 37, 23, 20, 21, 22, 27, -1, -1, 26 }, /* KL -> RK */ + 36, 37, 23, 20, 21, 22, 27, -1, -1, 26 }, /* KL -> RK */ { -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1 }, /* KR -> RK */ { 4, 5, 6, 7, 12, 13, 14, 15, 16, 17, - 18, 19, -1, 24, 25, -1, 31, 28, 29, 30 }, /* KA -> RK */ + 18, 19, -1, 24, 25, -1, 31, 28, 29, 30 }, /* KA -> RK */ { -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1 } /* KB -> RK */ }, { { 0, 1, 2, 3, 61, 62, 63, 60, -1, -1, - -1, -1, 27, 24, 25, 26, 35, 32, 33, 34 }, /* KL -> RK */ + -1, -1, 27, 24, 25, 26, 35, 32, 33, 34 }, /* KL -> RK */ { -1, -1, -1, -1, 8, 9, 10, 11, 16, 17, 18, 19, -1, -1, -1, -1, 39, 36, 37, 38 }, /* KR -> RK */ { -1, -1, -1, -1, 12, 13, 14, 15, 58, 59, 56, 57, 31, 28, 29, 30, -1, -1, -1, -1 }, /* KA -> RK */ { 4, 5, 6, 7, 65, 66, 67, 64, 20, 21, - 22, 23, -1, -1, -1, -1, 43, 40, 41, 42 } /* KB -> RK */ + 22, 23, -1, -1, -1, -1, 43, 40, 41, 42 } /* KB -> RK */ } }; @@ -228,57 +228,57 @@ static const signed char transposes[2][20] = /* Shift macro for 128 bit strings with rotation smaller than 32 bits (!) */ #define ROTL(DEST, SRC, SHIFT) \ -{ \ - (DEST)[0] = (SRC)[0] << (SHIFT) ^ (SRC)[1] >> (32 - (SHIFT)); \ - (DEST)[1] = (SRC)[1] << (SHIFT) ^ (SRC)[2] >> (32 - (SHIFT)); \ - (DEST)[2] = (SRC)[2] << (SHIFT) ^ (SRC)[3] >> (32 - (SHIFT)); \ - (DEST)[3] = (SRC)[3] << (SHIFT) ^ (SRC)[0] >> (32 - (SHIFT)); \ -} + { \ + (DEST)[0] = (SRC)[0] << (SHIFT) ^ (SRC)[1] >> (32 - (SHIFT)); \ + (DEST)[1] = (SRC)[1] << (SHIFT) ^ (SRC)[2] >> (32 - (SHIFT)); \ + (DEST)[2] = (SRC)[2] << (SHIFT) ^ (SRC)[3] >> (32 - (SHIFT)); \ + (DEST)[3] = (SRC)[3] << (SHIFT) ^ (SRC)[0] >> (32 - (SHIFT)); \ + } #define FL(XL, XR, KL, KR) \ -{ \ - (XR) = ((((XL) & (KL)) << 1) | (((XL) & (KL)) >> 31)) ^ (XR); \ - (XL) = ((XR) | (KR)) ^ (XL); \ -} + { \ + (XR) = ((((XL) &(KL)) << 1) | (((XL) &(KL)) >> 31)) ^ (XR); \ + (XL) = ((XR) | (KR)) ^ (XL); \ + } #define FLInv(YL, YR, KL, KR) \ -{ \ - (YL) = ((YR) | (KR)) ^ (YL); \ - (YR) = ((((YL) & (KL)) << 1) | (((YL) & (KL)) >> 31)) ^ (YR); \ -} + { \ + (YL) = ((YR) | (KR)) ^ (YL); \ + (YR) = ((((YL) &(KL)) << 1) | (((YL) &(KL)) >> 31)) ^ (YR); \ + } #define SHIFT_AND_PLACE(INDEX, OFFSET) \ -{ \ - TK[0] = KC[(OFFSET) * 4 + 0]; \ - TK[1] = KC[(OFFSET) * 4 + 1]; \ - TK[2] = KC[(OFFSET) * 4 + 2]; \ - TK[3] = KC[(OFFSET) * 4 + 3]; \ + { \ + TK[0] = KC[(OFFSET) * 4 + 0]; \ + TK[1] = KC[(OFFSET) * 4 + 1]; \ + TK[2] = KC[(OFFSET) * 4 + 2]; \ + TK[3] = KC[(OFFSET) * 4 + 3]; \ \ - for( i = 1; i <= 4; i++ ) \ - if( shifts[(INDEX)][(OFFSET)][i -1] ) \ - ROTL(TK + i * 4, TK, ( 15 * i ) % 32); \ + for (i = 1; i <= 4; i++) \ + if (shifts[(INDEX)][(OFFSET)][i -1]) \ + ROTL(TK + i * 4, TK, (15 * i) % 32); \ \ - for( i = 0; i < 20; i++ ) \ - if( indexes[(INDEX)][(OFFSET)][i] != -1 ) { \ - RK[indexes[(INDEX)][(OFFSET)][i]] = TK[ i ]; \ + for (i = 0; i < 20; i++) \ + if (indexes[(INDEX)][(OFFSET)][i] != -1) { \ + RK[indexes[(INDEX)][(OFFSET)][i]] = TK[i]; \ } \ -} + } -static void camellia_feistel( const uint32_t x[2], const uint32_t k[2], - uint32_t z[2]) +static void camellia_feistel(const uint32_t x[2], const uint32_t k[2], + uint32_t z[2]) { uint32_t I0, I1; I0 = x[0] ^ k[0]; I1 = x[1] ^ k[1]; - I0 = ((uint32_t) SBOX1( MBEDTLS_BYTE_3( I0 )) << 24) | - ((uint32_t) SBOX2( MBEDTLS_BYTE_2( I0 )) << 16) | - ((uint32_t) SBOX3( MBEDTLS_BYTE_1( I0 )) << 8) | - ((uint32_t) SBOX4( MBEDTLS_BYTE_0( I0 )) ); - I1 = ((uint32_t) SBOX2( MBEDTLS_BYTE_3( I1 )) << 24) | - ((uint32_t) SBOX3( MBEDTLS_BYTE_2( I1 )) << 16) | - ((uint32_t) SBOX4( MBEDTLS_BYTE_1( I1 )) << 8) | - ((uint32_t) SBOX1( MBEDTLS_BYTE_0( I1 )) ); + I0 = ((uint32_t) SBOX1(MBEDTLS_BYTE_3(I0)) << 24) | + ((uint32_t) SBOX2(MBEDTLS_BYTE_2(I0)) << 16) | + ((uint32_t) SBOX3(MBEDTLS_BYTE_1(I0)) << 8) | + ((uint32_t) SBOX4(MBEDTLS_BYTE_0(I0))); + I1 = ((uint32_t) SBOX2(MBEDTLS_BYTE_3(I1)) << 24) | + ((uint32_t) SBOX3(MBEDTLS_BYTE_2(I1)) << 16) | + ((uint32_t) SBOX4(MBEDTLS_BYTE_1(I1)) << 8) | + ((uint32_t) SBOX1(MBEDTLS_BYTE_0(I1))); I0 ^= (I1 << 8) | (I1 >> 24); I1 ^= (I0 << 16) | (I0 >> 16); @@ -289,26 +289,27 @@ static void camellia_feistel( const uint32_t x[2], const uint32_t k[2], z[1] ^= I0; } -void mbedtls_camellia_init( mbedtls_camellia_context *ctx ) +void mbedtls_camellia_init(mbedtls_camellia_context *ctx) { - CAMELLIA_VALIDATE( ctx != NULL ); - memset( ctx, 0, sizeof( mbedtls_camellia_context ) ); + CAMELLIA_VALIDATE(ctx != NULL); + memset(ctx, 0, sizeof(mbedtls_camellia_context)); } -void mbedtls_camellia_free( mbedtls_camellia_context *ctx ) +void mbedtls_camellia_free(mbedtls_camellia_context *ctx) { - if( ctx == NULL ) + if (ctx == NULL) { return; + } - mbedtls_platform_zeroize( ctx, sizeof( mbedtls_camellia_context ) ); + mbedtls_platform_zeroize(ctx, sizeof(mbedtls_camellia_context)); } /* * Camellia key schedule (encryption) */ -int mbedtls_camellia_setkey_enc( mbedtls_camellia_context *ctx, - const unsigned char *key, - unsigned int keybits ) +int mbedtls_camellia_setkey_enc(mbedtls_camellia_context *ctx, + const unsigned char *key, + unsigned int keybits) { int idx; size_t i; @@ -318,68 +319,73 @@ int mbedtls_camellia_setkey_enc( mbedtls_camellia_context *ctx, uint32_t KC[16]; uint32_t TK[20]; - CAMELLIA_VALIDATE_RET( ctx != NULL ); - CAMELLIA_VALIDATE_RET( key != NULL ); + CAMELLIA_VALIDATE_RET(ctx != NULL); + CAMELLIA_VALIDATE_RET(key != NULL); RK = ctx->rk; - memset( t, 0, 64 ); - memset( RK, 0, sizeof(ctx->rk) ); + memset(t, 0, 64); + memset(RK, 0, sizeof(ctx->rk)); - switch( keybits ) - { + switch (keybits) { case 128: ctx->nr = 3; idx = 0; break; case 192: case 256: ctx->nr = 4; idx = 1; break; - default : return( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA ); + default: return MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA; } - for( i = 0; i < keybits / 8; ++i ) + for (i = 0; i < keybits / 8; ++i) { t[i] = key[i]; + } - if( keybits == 192 ) { - for( i = 0; i < 8; i++ ) + if (keybits == 192) { + for (i = 0; i < 8; i++) { t[24 + i] = ~t[16 + i]; + } } /* * Prepare SIGMA values */ - for( i = 0; i < 6; i++ ) { - SIGMA[i][0] = MBEDTLS_GET_UINT32_BE( SIGMA_CHARS[i], 0 ); - SIGMA[i][1] = MBEDTLS_GET_UINT32_BE( SIGMA_CHARS[i], 4 ); + for (i = 0; i < 6; i++) { + SIGMA[i][0] = MBEDTLS_GET_UINT32_BE(SIGMA_CHARS[i], 0); + SIGMA[i][1] = MBEDTLS_GET_UINT32_BE(SIGMA_CHARS[i], 4); } /* * Key storage in KC * Order: KL, KR, KA, KB */ - memset( KC, 0, sizeof(KC) ); + memset(KC, 0, sizeof(KC)); /* Store KL, KR */ - for( i = 0; i < 8; i++ ) - KC[i] = MBEDTLS_GET_UINT32_BE( t, i * 4 ); + for (i = 0; i < 8; i++) { + KC[i] = MBEDTLS_GET_UINT32_BE(t, i * 4); + } /* Generate KA */ - for( i = 0; i < 4; ++i ) + for (i = 0; i < 4; ++i) { KC[8 + i] = KC[i] ^ KC[4 + i]; + } - camellia_feistel( KC + 8, SIGMA[0], KC + 10 ); - camellia_feistel( KC + 10, SIGMA[1], KC + 8 ); + camellia_feistel(KC + 8, SIGMA[0], KC + 10); + camellia_feistel(KC + 10, SIGMA[1], KC + 8); - for( i = 0; i < 4; ++i ) + for (i = 0; i < 4; ++i) { KC[8 + i] ^= KC[i]; + } - camellia_feistel( KC + 8, SIGMA[2], KC + 10 ); - camellia_feistel( KC + 10, SIGMA[3], KC + 8 ); + camellia_feistel(KC + 8, SIGMA[2], KC + 10); + camellia_feistel(KC + 10, SIGMA[3], KC + 8); - if( keybits > 128 ) { + if (keybits > 128) { /* Generate KB */ - for( i = 0; i < 4; ++i ) + for (i = 0; i < 4; ++i) { KC[12 + i] = KC[4 + i] ^ KC[8 + i]; + } - camellia_feistel( KC + 12, SIGMA[4], KC + 14 ); - camellia_feistel( KC + 14, SIGMA[5], KC + 12 ); + camellia_feistel(KC + 12, SIGMA[4], KC + 14); + camellia_feistel(KC + 14, SIGMA[5], KC + 12); } /* @@ -387,54 +393,55 @@ int mbedtls_camellia_setkey_enc( mbedtls_camellia_context *ctx, */ /* Manipulating KL */ - SHIFT_AND_PLACE( idx, 0 ); + SHIFT_AND_PLACE(idx, 0); /* Manipulating KR */ - if( keybits > 128 ) { - SHIFT_AND_PLACE( idx, 1 ); + if (keybits > 128) { + SHIFT_AND_PLACE(idx, 1); } /* Manipulating KA */ - SHIFT_AND_PLACE( idx, 2 ); + SHIFT_AND_PLACE(idx, 2); /* Manipulating KB */ - if( keybits > 128 ) { - SHIFT_AND_PLACE( idx, 3 ); + if (keybits > 128) { + SHIFT_AND_PLACE(idx, 3); } /* Do transpositions */ - for( i = 0; i < 20; i++ ) { - if( transposes[idx][i] != -1 ) { + for (i = 0; i < 20; i++) { + if (transposes[idx][i] != -1) { RK[32 + 12 * idx + i] = RK[transposes[idx][i]]; } } - return( 0 ); + return 0; } /* * Camellia key schedule (decryption) */ -int mbedtls_camellia_setkey_dec( mbedtls_camellia_context *ctx, - const unsigned char *key, - unsigned int keybits ) +int mbedtls_camellia_setkey_dec(mbedtls_camellia_context *ctx, + const unsigned char *key, + unsigned int keybits) { int idx, ret; size_t i; mbedtls_camellia_context cty; uint32_t *RK; uint32_t *SK; - CAMELLIA_VALIDATE_RET( ctx != NULL ); - CAMELLIA_VALIDATE_RET( key != NULL ); + CAMELLIA_VALIDATE_RET(ctx != NULL); + CAMELLIA_VALIDATE_RET(key != NULL); - mbedtls_camellia_init( &cty ); + mbedtls_camellia_init(&cty); /* Also checks keybits */ - if( ( ret = mbedtls_camellia_setkey_enc( &cty, key, keybits ) ) != 0 ) + if ((ret = mbedtls_camellia_setkey_enc(&cty, key, keybits)) != 0) { goto exit; + } ctx->nr = cty.nr; - idx = ( ctx->nr == 4 ); + idx = (ctx->nr == 4); RK = ctx->rk; SK = cty.rk + 24 * 2 + 8 * idx * 2; @@ -444,8 +451,7 @@ int mbedtls_camellia_setkey_dec( mbedtls_camellia_context *ctx, *RK++ = *SK++; *RK++ = *SK++; - for( i = 22 + 8 * idx, SK -= 6; i > 0; i--, SK -= 4 ) - { + for (i = 22 + 8 * idx, SK -= 6; i > 0; i--, SK -= 4) { *RK++ = *SK++; *RK++ = *SK++; } @@ -458,58 +464,58 @@ int mbedtls_camellia_setkey_dec( mbedtls_camellia_context *ctx, *RK++ = *SK++; exit: - mbedtls_camellia_free( &cty ); + mbedtls_camellia_free(&cty); - return( ret ); + return ret; } /* * Camellia-ECB block encryption/decryption */ -int mbedtls_camellia_crypt_ecb( mbedtls_camellia_context *ctx, - int mode, - const unsigned char input[16], - unsigned char output[16] ) +int mbedtls_camellia_crypt_ecb(mbedtls_camellia_context *ctx, + int mode, + const unsigned char input[16], + unsigned char output[16]) { int NR; uint32_t *RK, X[4]; - CAMELLIA_VALIDATE_RET( ctx != NULL ); - CAMELLIA_VALIDATE_RET( mode == MBEDTLS_CAMELLIA_ENCRYPT || - mode == MBEDTLS_CAMELLIA_DECRYPT ); - CAMELLIA_VALIDATE_RET( input != NULL ); - CAMELLIA_VALIDATE_RET( output != NULL ); + CAMELLIA_VALIDATE_RET(ctx != NULL); + CAMELLIA_VALIDATE_RET(mode == MBEDTLS_CAMELLIA_ENCRYPT || + mode == MBEDTLS_CAMELLIA_DECRYPT); + CAMELLIA_VALIDATE_RET(input != NULL); + CAMELLIA_VALIDATE_RET(output != NULL); - ( (void) mode ); + ((void) mode); NR = ctx->nr; RK = ctx->rk; - X[0] = MBEDTLS_GET_UINT32_BE( input, 0 ); - X[1] = MBEDTLS_GET_UINT32_BE( input, 4 ); - X[2] = MBEDTLS_GET_UINT32_BE( input, 8 ); - X[3] = MBEDTLS_GET_UINT32_BE( input, 12 ); + X[0] = MBEDTLS_GET_UINT32_BE(input, 0); + X[1] = MBEDTLS_GET_UINT32_BE(input, 4); + X[2] = MBEDTLS_GET_UINT32_BE(input, 8); + X[3] = MBEDTLS_GET_UINT32_BE(input, 12); X[0] ^= *RK++; X[1] ^= *RK++; X[2] ^= *RK++; X[3] ^= *RK++; - while( NR ) { + while (NR) { --NR; - camellia_feistel( X, RK, X + 2 ); + camellia_feistel(X, RK, X + 2); RK += 2; - camellia_feistel( X + 2, RK, X ); + camellia_feistel(X + 2, RK, X); RK += 2; - camellia_feistel( X, RK, X + 2 ); + camellia_feistel(X, RK, X + 2); RK += 2; - camellia_feistel( X + 2, RK, X ); + camellia_feistel(X + 2, RK, X); RK += 2; - camellia_feistel( X, RK, X + 2 ); + camellia_feistel(X, RK, X + 2); RK += 2; - camellia_feistel( X + 2, RK, X ); + camellia_feistel(X + 2, RK, X); RK += 2; - if( NR ) { + if (NR) { FL(X[0], X[1], RK[0], RK[1]); RK += 2; FLInv(X[2], X[3], RK[0], RK[1]); @@ -522,63 +528,61 @@ int mbedtls_camellia_crypt_ecb( mbedtls_camellia_context *ctx, X[0] ^= *RK++; X[1] ^= *RK++; - MBEDTLS_PUT_UINT32_BE( X[2], output, 0 ); - MBEDTLS_PUT_UINT32_BE( X[3], output, 4 ); - MBEDTLS_PUT_UINT32_BE( X[0], output, 8 ); - MBEDTLS_PUT_UINT32_BE( X[1], output, 12 ); + MBEDTLS_PUT_UINT32_BE(X[2], output, 0); + MBEDTLS_PUT_UINT32_BE(X[3], output, 4); + MBEDTLS_PUT_UINT32_BE(X[0], output, 8); + MBEDTLS_PUT_UINT32_BE(X[1], output, 12); - return( 0 ); + return 0; } #if defined(MBEDTLS_CIPHER_MODE_CBC) /* * Camellia-CBC buffer encryption/decryption */ -int mbedtls_camellia_crypt_cbc( mbedtls_camellia_context *ctx, - int mode, - size_t length, - unsigned char iv[16], - const unsigned char *input, - unsigned char *output ) +int mbedtls_camellia_crypt_cbc(mbedtls_camellia_context *ctx, + int mode, + size_t length, + unsigned char iv[16], + const unsigned char *input, + unsigned char *output) { int i; unsigned char temp[16]; - CAMELLIA_VALIDATE_RET( ctx != NULL ); - CAMELLIA_VALIDATE_RET( mode == MBEDTLS_CAMELLIA_ENCRYPT || - mode == MBEDTLS_CAMELLIA_DECRYPT ); - CAMELLIA_VALIDATE_RET( iv != NULL ); - CAMELLIA_VALIDATE_RET( length == 0 || input != NULL ); - CAMELLIA_VALIDATE_RET( length == 0 || output != NULL ); - - if( length % 16 ) - return( MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH ); + CAMELLIA_VALIDATE_RET(ctx != NULL); + CAMELLIA_VALIDATE_RET(mode == MBEDTLS_CAMELLIA_ENCRYPT || + mode == MBEDTLS_CAMELLIA_DECRYPT); + CAMELLIA_VALIDATE_RET(iv != NULL); + CAMELLIA_VALIDATE_RET(length == 0 || input != NULL); + CAMELLIA_VALIDATE_RET(length == 0 || output != NULL); + + if (length % 16) { + return MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH; + } - if( mode == MBEDTLS_CAMELLIA_DECRYPT ) - { - while( length > 0 ) - { - memcpy( temp, input, 16 ); - mbedtls_camellia_crypt_ecb( ctx, mode, input, output ); + if (mode == MBEDTLS_CAMELLIA_DECRYPT) { + while (length > 0) { + memcpy(temp, input, 16); + mbedtls_camellia_crypt_ecb(ctx, mode, input, output); - for( i = 0; i < 16; i++ ) - output[i] = (unsigned char)( output[i] ^ iv[i] ); + for (i = 0; i < 16; i++) { + output[i] = (unsigned char) (output[i] ^ iv[i]); + } - memcpy( iv, temp, 16 ); + memcpy(iv, temp, 16); input += 16; output += 16; length -= 16; } - } - else - { - while( length > 0 ) - { - for( i = 0; i < 16; i++ ) - output[i] = (unsigned char)( input[i] ^ iv[i] ); + } else { + while (length > 0) { + for (i = 0; i < 16; i++) { + output[i] = (unsigned char) (input[i] ^ iv[i]); + } - mbedtls_camellia_crypt_ecb( ctx, mode, output, output ); - memcpy( iv, output, 16 ); + mbedtls_camellia_crypt_ecb(ctx, mode, output, output); + memcpy(iv, output, 16); input += 16; output += 16; @@ -586,7 +590,7 @@ int mbedtls_camellia_crypt_cbc( mbedtls_camellia_context *ctx, } } - return( 0 ); + return 0; } #endif /* MBEDTLS_CIPHER_MODE_CBC */ @@ -594,58 +598,56 @@ int mbedtls_camellia_crypt_cbc( mbedtls_camellia_context *ctx, /* * Camellia-CFB128 buffer encryption/decryption */ -int mbedtls_camellia_crypt_cfb128( mbedtls_camellia_context *ctx, - int mode, - size_t length, - size_t *iv_off, - unsigned char iv[16], - const unsigned char *input, - unsigned char *output ) +int mbedtls_camellia_crypt_cfb128(mbedtls_camellia_context *ctx, + int mode, + size_t length, + size_t *iv_off, + unsigned char iv[16], + const unsigned char *input, + unsigned char *output) { int c; size_t n; - CAMELLIA_VALIDATE_RET( ctx != NULL ); - CAMELLIA_VALIDATE_RET( mode == MBEDTLS_CAMELLIA_ENCRYPT || - mode == MBEDTLS_CAMELLIA_DECRYPT ); - CAMELLIA_VALIDATE_RET( iv != NULL ); - CAMELLIA_VALIDATE_RET( iv_off != NULL ); - CAMELLIA_VALIDATE_RET( length == 0 || input != NULL ); - CAMELLIA_VALIDATE_RET( length == 0 || output != NULL ); + CAMELLIA_VALIDATE_RET(ctx != NULL); + CAMELLIA_VALIDATE_RET(mode == MBEDTLS_CAMELLIA_ENCRYPT || + mode == MBEDTLS_CAMELLIA_DECRYPT); + CAMELLIA_VALIDATE_RET(iv != NULL); + CAMELLIA_VALIDATE_RET(iv_off != NULL); + CAMELLIA_VALIDATE_RET(length == 0 || input != NULL); + CAMELLIA_VALIDATE_RET(length == 0 || output != NULL); n = *iv_off; - if( n >= 16 ) - return( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA ); + if (n >= 16) { + return MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA; + } - if( mode == MBEDTLS_CAMELLIA_DECRYPT ) - { - while( length-- ) - { - if( n == 0 ) - mbedtls_camellia_crypt_ecb( ctx, MBEDTLS_CAMELLIA_ENCRYPT, iv, iv ); + if (mode == MBEDTLS_CAMELLIA_DECRYPT) { + while (length--) { + if (n == 0) { + mbedtls_camellia_crypt_ecb(ctx, MBEDTLS_CAMELLIA_ENCRYPT, iv, iv); + } c = *input++; - *output++ = (unsigned char)( c ^ iv[n] ); + *output++ = (unsigned char) (c ^ iv[n]); iv[n] = (unsigned char) c; - n = ( n + 1 ) & 0x0F; + n = (n + 1) & 0x0F; } - } - else - { - while( length-- ) - { - if( n == 0 ) - mbedtls_camellia_crypt_ecb( ctx, MBEDTLS_CAMELLIA_ENCRYPT, iv, iv ); + } else { + while (length--) { + if (n == 0) { + mbedtls_camellia_crypt_ecb(ctx, MBEDTLS_CAMELLIA_ENCRYPT, iv, iv); + } - iv[n] = *output++ = (unsigned char)( iv[n] ^ *input++ ); + iv[n] = *output++ = (unsigned char) (iv[n] ^ *input++); - n = ( n + 1 ) & 0x0F; + n = (n + 1) & 0x0F; } } *iv_off = n; - return( 0 ); + return 0; } #endif /* MBEDTLS_CIPHER_MODE_CFB */ @@ -653,46 +655,48 @@ int mbedtls_camellia_crypt_cfb128( mbedtls_camellia_context *ctx, /* * Camellia-CTR buffer encryption/decryption */ -int mbedtls_camellia_crypt_ctr( mbedtls_camellia_context *ctx, - size_t length, - size_t *nc_off, - unsigned char nonce_counter[16], - unsigned char stream_block[16], - const unsigned char *input, - unsigned char *output ) +int mbedtls_camellia_crypt_ctr(mbedtls_camellia_context *ctx, + size_t length, + size_t *nc_off, + unsigned char nonce_counter[16], + unsigned char stream_block[16], + const unsigned char *input, + unsigned char *output) { int c, i; size_t n; - CAMELLIA_VALIDATE_RET( ctx != NULL ); - CAMELLIA_VALIDATE_RET( nonce_counter != NULL ); - CAMELLIA_VALIDATE_RET( stream_block != NULL ); - CAMELLIA_VALIDATE_RET( nc_off != NULL ); - CAMELLIA_VALIDATE_RET( length == 0 || input != NULL ); - CAMELLIA_VALIDATE_RET( length == 0 || output != NULL ); + CAMELLIA_VALIDATE_RET(ctx != NULL); + CAMELLIA_VALIDATE_RET(nonce_counter != NULL); + CAMELLIA_VALIDATE_RET(stream_block != NULL); + CAMELLIA_VALIDATE_RET(nc_off != NULL); + CAMELLIA_VALIDATE_RET(length == 0 || input != NULL); + CAMELLIA_VALIDATE_RET(length == 0 || output != NULL); n = *nc_off; - if( n >= 16 ) - return( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA ); + if (n >= 16) { + return MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA; + } - while( length-- ) - { - if( n == 0 ) { - mbedtls_camellia_crypt_ecb( ctx, MBEDTLS_CAMELLIA_ENCRYPT, nonce_counter, - stream_block ); + while (length--) { + if (n == 0) { + mbedtls_camellia_crypt_ecb(ctx, MBEDTLS_CAMELLIA_ENCRYPT, nonce_counter, + stream_block); - for( i = 16; i > 0; i-- ) - if( ++nonce_counter[i - 1] != 0 ) + for (i = 16; i > 0; i--) { + if (++nonce_counter[i - 1] != 0) { break; + } + } } c = *input++; - *output++ = (unsigned char)( c ^ stream_block[n] ); + *output++ = (unsigned char) (c ^ stream_block[n]); - n = ( n + 1 ) & 0x0F; + n = (n + 1) & 0x0F; } *nc_off = n; - return( 0 ); + return 0; } #endif /* MBEDTLS_CIPHER_MODE_CTR */ #endif /* !MBEDTLS_CAMELLIA_ALT */ @@ -772,23 +776,23 @@ static const unsigned char camellia_test_ecb_cipher[3][CAMELLIA_TESTS_ECB][16] = static const unsigned char camellia_test_cbc_key[3][32] = { - { 0x2B, 0x7E, 0x15, 0x16, 0x28, 0xAE, 0xD2, 0xA6, - 0xAB, 0xF7, 0x15, 0x88, 0x09, 0xCF, 0x4F, 0x3C } + { 0x2B, 0x7E, 0x15, 0x16, 0x28, 0xAE, 0xD2, 0xA6, + 0xAB, 0xF7, 0x15, 0x88, 0x09, 0xCF, 0x4F, 0x3C } , - { 0x8E, 0x73, 0xB0, 0xF7, 0xDA, 0x0E, 0x64, 0x52, - 0xC8, 0x10, 0xF3, 0x2B, 0x80, 0x90, 0x79, 0xE5, - 0x62, 0xF8, 0xEA, 0xD2, 0x52, 0x2C, 0x6B, 0x7B } + { 0x8E, 0x73, 0xB0, 0xF7, 0xDA, 0x0E, 0x64, 0x52, + 0xC8, 0x10, 0xF3, 0x2B, 0x80, 0x90, 0x79, 0xE5, + 0x62, 0xF8, 0xEA, 0xD2, 0x52, 0x2C, 0x6B, 0x7B } , - { 0x60, 0x3D, 0xEB, 0x10, 0x15, 0xCA, 0x71, 0xBE, - 0x2B, 0x73, 0xAE, 0xF0, 0x85, 0x7D, 0x77, 0x81, - 0x1F, 0x35, 0x2C, 0x07, 0x3B, 0x61, 0x08, 0xD7, - 0x2D, 0x98, 0x10, 0xA3, 0x09, 0x14, 0xDF, 0xF4 } + { 0x60, 0x3D, 0xEB, 0x10, 0x15, 0xCA, 0x71, 0xBE, + 0x2B, 0x73, 0xAE, 0xF0, 0x85, 0x7D, 0x77, 0x81, + 0x1F, 0x35, 0x2C, 0x07, 0x3B, 0x61, 0x08, 0xD7, + 0x2D, 0x98, 0x10, 0xA3, 0x09, 0x14, 0xDF, 0xF4 } }; static const unsigned char camellia_test_cbc_iv[16] = - { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F } +{ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F } ; static const unsigned char camellia_test_cbc_plain[CAMELLIA_TESTS_CBC][16] = @@ -891,13 +895,13 @@ static const unsigned char camellia_test_ctr_ct[3][48] = }; static const int camellia_test_ctr_len[3] = - { 16, 32, 36 }; +{ 16, 32, 36 }; #endif /* MBEDTLS_CIPHER_MODE_CTR */ /* * Checkup routine */ -int mbedtls_camellia_self_test( int verbose ) +int mbedtls_camellia_self_test(int verbose) { int i, j, u, v; unsigned char key[32]; @@ -916,163 +920,167 @@ int mbedtls_camellia_self_test( int verbose ) mbedtls_camellia_context ctx; - mbedtls_camellia_init( &ctx ); - memset( key, 0, 32 ); + mbedtls_camellia_init(&ctx); + memset(key, 0, 32); - for( j = 0; j < 6; j++ ) { + for (j = 0; j < 6; j++) { u = j >> 1; - v = j & 1; - - if( verbose != 0 ) - mbedtls_printf( " CAMELLIA-ECB-%3d (%s): ", 128 + u * 64, - (v == MBEDTLS_CAMELLIA_DECRYPT) ? "dec" : "enc"); - - for( i = 0; i < CAMELLIA_TESTS_ECB; i++ ) { - memcpy( key, camellia_test_ecb_key[u][i], 16 + 8 * u ); - - if( v == MBEDTLS_CAMELLIA_DECRYPT ) { - mbedtls_camellia_setkey_dec( &ctx, key, 128 + u * 64 ); - memcpy( src, camellia_test_ecb_cipher[u][i], 16 ); - memcpy( dst, camellia_test_ecb_plain[i], 16 ); - } else { /* MBEDTLS_CAMELLIA_ENCRYPT */ - mbedtls_camellia_setkey_enc( &ctx, key, 128 + u * 64 ); - memcpy( src, camellia_test_ecb_plain[i], 16 ); - memcpy( dst, camellia_test_ecb_cipher[u][i], 16 ); + v = j & 1; + + if (verbose != 0) { + mbedtls_printf(" CAMELLIA-ECB-%3d (%s): ", 128 + u * 64, + (v == MBEDTLS_CAMELLIA_DECRYPT) ? "dec" : "enc"); } - mbedtls_camellia_crypt_ecb( &ctx, v, src, buf ); + for (i = 0; i < CAMELLIA_TESTS_ECB; i++) { + memcpy(key, camellia_test_ecb_key[u][i], 16 + 8 * u); + + if (v == MBEDTLS_CAMELLIA_DECRYPT) { + mbedtls_camellia_setkey_dec(&ctx, key, 128 + u * 64); + memcpy(src, camellia_test_ecb_cipher[u][i], 16); + memcpy(dst, camellia_test_ecb_plain[i], 16); + } else { /* MBEDTLS_CAMELLIA_ENCRYPT */ + mbedtls_camellia_setkey_enc(&ctx, key, 128 + u * 64); + memcpy(src, camellia_test_ecb_plain[i], 16); + memcpy(dst, camellia_test_ecb_cipher[u][i], 16); + } - if( memcmp( buf, dst, 16 ) != 0 ) - { - if( verbose != 0 ) - mbedtls_printf( "failed\n" ); - goto exit; + mbedtls_camellia_crypt_ecb(&ctx, v, src, buf); + + if (memcmp(buf, dst, 16) != 0) { + if (verbose != 0) { + mbedtls_printf("failed\n"); + } + goto exit; + } } - } - if( verbose != 0 ) - mbedtls_printf( "passed\n" ); + if (verbose != 0) { + mbedtls_printf("passed\n"); + } } - if( verbose != 0 ) - mbedtls_printf( "\n" ); + if (verbose != 0) { + mbedtls_printf("\n"); + } #if defined(MBEDTLS_CIPHER_MODE_CBC) /* * CBC mode */ - for( j = 0; j < 6; j++ ) - { + for (j = 0; j < 6; j++) { u = j >> 1; v = j & 1; - if( verbose != 0 ) - mbedtls_printf( " CAMELLIA-CBC-%3d (%s): ", 128 + u * 64, - ( v == MBEDTLS_CAMELLIA_DECRYPT ) ? "dec" : "enc" ); + if (verbose != 0) { + mbedtls_printf(" CAMELLIA-CBC-%3d (%s): ", 128 + u * 64, + (v == MBEDTLS_CAMELLIA_DECRYPT) ? "dec" : "enc"); + } - memcpy( src, camellia_test_cbc_iv, 16 ); - memcpy( dst, camellia_test_cbc_iv, 16 ); - memcpy( key, camellia_test_cbc_key[u], 16 + 8 * u ); + memcpy(src, camellia_test_cbc_iv, 16); + memcpy(dst, camellia_test_cbc_iv, 16); + memcpy(key, camellia_test_cbc_key[u], 16 + 8 * u); - if( v == MBEDTLS_CAMELLIA_DECRYPT ) { - mbedtls_camellia_setkey_dec( &ctx, key, 128 + u * 64 ); + if (v == MBEDTLS_CAMELLIA_DECRYPT) { + mbedtls_camellia_setkey_dec(&ctx, key, 128 + u * 64); } else { - mbedtls_camellia_setkey_enc( &ctx, key, 128 + u * 64 ); + mbedtls_camellia_setkey_enc(&ctx, key, 128 + u * 64); } - for( i = 0; i < CAMELLIA_TESTS_CBC; i++ ) { + for (i = 0; i < CAMELLIA_TESTS_CBC; i++) { - if( v == MBEDTLS_CAMELLIA_DECRYPT ) { - memcpy( iv , src, 16 ); - memcpy( src, camellia_test_cbc_cipher[u][i], 16 ); - memcpy( dst, camellia_test_cbc_plain[i], 16 ); + if (v == MBEDTLS_CAMELLIA_DECRYPT) { + memcpy(iv, src, 16); + memcpy(src, camellia_test_cbc_cipher[u][i], 16); + memcpy(dst, camellia_test_cbc_plain[i], 16); } else { /* MBEDTLS_CAMELLIA_ENCRYPT */ - memcpy( iv , dst, 16 ); - memcpy( src, camellia_test_cbc_plain[i], 16 ); - memcpy( dst, camellia_test_cbc_cipher[u][i], 16 ); + memcpy(iv, dst, 16); + memcpy(src, camellia_test_cbc_plain[i], 16); + memcpy(dst, camellia_test_cbc_cipher[u][i], 16); } - mbedtls_camellia_crypt_cbc( &ctx, v, 16, iv, src, buf ); + mbedtls_camellia_crypt_cbc(&ctx, v, 16, iv, src, buf); - if( memcmp( buf, dst, 16 ) != 0 ) - { - if( verbose != 0 ) - mbedtls_printf( "failed\n" ); + if (memcmp(buf, dst, 16) != 0) { + if (verbose != 0) { + mbedtls_printf("failed\n"); + } goto exit; } } - if( verbose != 0 ) - mbedtls_printf( "passed\n" ); + if (verbose != 0) { + mbedtls_printf("passed\n"); + } } #endif /* MBEDTLS_CIPHER_MODE_CBC */ - if( verbose != 0 ) - mbedtls_printf( "\n" ); + if (verbose != 0) { + mbedtls_printf("\n"); + } #if defined(MBEDTLS_CIPHER_MODE_CTR) /* * CTR mode */ - for( i = 0; i < 6; i++ ) - { + for (i = 0; i < 6; i++) { u = i >> 1; v = i & 1; - if( verbose != 0 ) - mbedtls_printf( " CAMELLIA-CTR-128 (%s): ", - ( v == MBEDTLS_CAMELLIA_DECRYPT ) ? "dec" : "enc" ); + if (verbose != 0) { + mbedtls_printf(" CAMELLIA-CTR-128 (%s): ", + (v == MBEDTLS_CAMELLIA_DECRYPT) ? "dec" : "enc"); + } - memcpy( nonce_counter, camellia_test_ctr_nonce_counter[u], 16 ); - memcpy( key, camellia_test_ctr_key[u], 16 ); + memcpy(nonce_counter, camellia_test_ctr_nonce_counter[u], 16); + memcpy(key, camellia_test_ctr_key[u], 16); offset = 0; - mbedtls_camellia_setkey_enc( &ctx, key, 128 ); + mbedtls_camellia_setkey_enc(&ctx, key, 128); - if( v == MBEDTLS_CAMELLIA_DECRYPT ) - { + if (v == MBEDTLS_CAMELLIA_DECRYPT) { len = camellia_test_ctr_len[u]; - memcpy( buf, camellia_test_ctr_ct[u], len ); + memcpy(buf, camellia_test_ctr_ct[u], len); - mbedtls_camellia_crypt_ctr( &ctx, len, &offset, nonce_counter, stream_block, - buf, buf ); + mbedtls_camellia_crypt_ctr(&ctx, len, &offset, nonce_counter, stream_block, + buf, buf); - if( memcmp( buf, camellia_test_ctr_pt[u], len ) != 0 ) - { - if( verbose != 0 ) - mbedtls_printf( "failed\n" ); + if (memcmp(buf, camellia_test_ctr_pt[u], len) != 0) { + if (verbose != 0) { + mbedtls_printf("failed\n"); + } goto exit; } - } - else - { + } else { len = camellia_test_ctr_len[u]; - memcpy( buf, camellia_test_ctr_pt[u], len ); + memcpy(buf, camellia_test_ctr_pt[u], len); - mbedtls_camellia_crypt_ctr( &ctx, len, &offset, nonce_counter, stream_block, - buf, buf ); + mbedtls_camellia_crypt_ctr(&ctx, len, &offset, nonce_counter, stream_block, + buf, buf); - if( memcmp( buf, camellia_test_ctr_ct[u], len ) != 0 ) - { - if( verbose != 0 ) - mbedtls_printf( "failed\n" ); + if (memcmp(buf, camellia_test_ctr_ct[u], len) != 0) { + if (verbose != 0) { + mbedtls_printf("failed\n"); + } goto exit; } } - if( verbose != 0 ) - mbedtls_printf( "passed\n" ); + if (verbose != 0) { + mbedtls_printf("passed\n"); + } } - if( verbose != 0 ) - mbedtls_printf( "\n" ); + if (verbose != 0) { + mbedtls_printf("\n"); + } #endif /* MBEDTLS_CIPHER_MODE_CTR */ ret = 0; exit: - mbedtls_camellia_free( &ctx ); - return( ret ); + mbedtls_camellia_free(&ctx); + return ret; } #endif /* MBEDTLS_SELF_TEST */ diff --git a/thirdparty/mbedtls/library/ccm.c b/thirdparty/mbedtls/library/ccm.c index e0d43334f9..2d2695e979 100644 --- a/thirdparty/mbedtls/library/ccm.c +++ b/thirdparty/mbedtls/library/ccm.c @@ -40,10 +40,10 @@ #if !defined(MBEDTLS_CCM_ALT) -#define CCM_VALIDATE_RET( cond ) \ - MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_CCM_BAD_INPUT ) -#define CCM_VALIDATE( cond ) \ - MBEDTLS_INTERNAL_VALIDATE( cond ) +#define CCM_VALIDATE_RET(cond) \ + MBEDTLS_INTERNAL_VALIDATE_RET(cond, MBEDTLS_ERR_CCM_BAD_INPUT) +#define CCM_VALIDATE(cond) \ + MBEDTLS_INTERNAL_VALIDATE(cond) #define CCM_ENCRYPT 0 #define CCM_DECRYPT 1 @@ -51,54 +51,57 @@ /* * Initialize context */ -void mbedtls_ccm_init( mbedtls_ccm_context *ctx ) +void mbedtls_ccm_init(mbedtls_ccm_context *ctx) { - CCM_VALIDATE( ctx != NULL ); - memset( ctx, 0, sizeof( mbedtls_ccm_context ) ); + CCM_VALIDATE(ctx != NULL); + memset(ctx, 0, sizeof(mbedtls_ccm_context)); } -int mbedtls_ccm_setkey( mbedtls_ccm_context *ctx, - mbedtls_cipher_id_t cipher, - const unsigned char *key, - unsigned int keybits ) +int mbedtls_ccm_setkey(mbedtls_ccm_context *ctx, + mbedtls_cipher_id_t cipher, + const unsigned char *key, + unsigned int keybits) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; const mbedtls_cipher_info_t *cipher_info; - CCM_VALIDATE_RET( ctx != NULL ); - CCM_VALIDATE_RET( key != NULL ); + CCM_VALIDATE_RET(ctx != NULL); + CCM_VALIDATE_RET(key != NULL); - cipher_info = mbedtls_cipher_info_from_values( cipher, keybits, - MBEDTLS_MODE_ECB ); - if( cipher_info == NULL ) - return( MBEDTLS_ERR_CCM_BAD_INPUT ); + cipher_info = mbedtls_cipher_info_from_values(cipher, keybits, + MBEDTLS_MODE_ECB); + if (cipher_info == NULL) { + return MBEDTLS_ERR_CCM_BAD_INPUT; + } - if( cipher_info->block_size != 16 ) - return( MBEDTLS_ERR_CCM_BAD_INPUT ); + if (cipher_info->block_size != 16) { + return MBEDTLS_ERR_CCM_BAD_INPUT; + } - mbedtls_cipher_free( &ctx->cipher_ctx ); + mbedtls_cipher_free(&ctx->cipher_ctx); - if( ( ret = mbedtls_cipher_setup( &ctx->cipher_ctx, cipher_info ) ) != 0 ) - return( ret ); + if ((ret = mbedtls_cipher_setup(&ctx->cipher_ctx, cipher_info)) != 0) { + return ret; + } - if( ( ret = mbedtls_cipher_setkey( &ctx->cipher_ctx, key, keybits, - MBEDTLS_ENCRYPT ) ) != 0 ) - { - return( ret ); + if ((ret = mbedtls_cipher_setkey(&ctx->cipher_ctx, key, keybits, + MBEDTLS_ENCRYPT)) != 0) { + return ret; } - return( 0 ); + return 0; } /* * Free context */ -void mbedtls_ccm_free( mbedtls_ccm_context *ctx ) +void mbedtls_ccm_free(mbedtls_ccm_context *ctx) { - if( ctx == NULL ) + if (ctx == NULL) { return; - mbedtls_cipher_free( &ctx->cipher_ctx ); - mbedtls_platform_zeroize( ctx, sizeof( mbedtls_ccm_context ) ); + } + mbedtls_cipher_free(&ctx->cipher_ctx); + mbedtls_platform_zeroize(ctx, sizeof(mbedtls_ccm_context)); } /* @@ -111,38 +114,38 @@ void mbedtls_ccm_free( mbedtls_ccm_context *ctx ) * (Always using b as the source helps the compiler optimise a bit better.) */ #define UPDATE_CBC_MAC \ - for( i = 0; i < 16; i++ ) \ - y[i] ^= b[i]; \ + for (i = 0; i < 16; i++) \ + y[i] ^= b[i]; \ \ - if( ( ret = mbedtls_cipher_update( &ctx->cipher_ctx, y, 16, y, &olen ) ) != 0 ) \ - return( ret ); + if ((ret = mbedtls_cipher_update(&ctx->cipher_ctx, y, 16, y, &olen)) != 0) \ + return ret; /* * Encrypt or decrypt a partial block with CTR * Warning: using b for temporary storage! src and dst must not be b! * This avoids allocating one more 16 bytes buffer while allowing src == dst. */ -#define CTR_CRYPT( dst, src, len ) \ +#define CTR_CRYPT(dst, src, len) \ do \ { \ - if( ( ret = mbedtls_cipher_update( &ctx->cipher_ctx, ctr, \ - 16, b, &olen ) ) != 0 ) \ + if ((ret = mbedtls_cipher_update(&ctx->cipher_ctx, ctr, \ + 16, b, &olen)) != 0) \ { \ - return( ret ); \ + return ret; \ } \ - \ - for( i = 0; i < (len); i++ ) \ - (dst)[i] = (src)[i] ^ b[i]; \ - } while( 0 ) + \ + for (i = 0; i < (len); i++) \ + (dst)[i] = (src)[i] ^ b[i]; \ + } while (0) /* * Authenticated encryption or decryption */ -static int ccm_auth_crypt( mbedtls_ccm_context *ctx, int mode, size_t length, - const unsigned char *iv, size_t iv_len, - const unsigned char *add, size_t add_len, - const unsigned char *input, unsigned char *output, - unsigned char *tag, size_t tag_len ) +static int ccm_auth_crypt(mbedtls_ccm_context *ctx, int mode, size_t length, + const unsigned char *iv, size_t iv_len, + const unsigned char *add, size_t add_len, + const unsigned char *input, unsigned char *output, + unsigned char *tag, size_t tag_len) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char i; @@ -161,15 +164,18 @@ static int ccm_auth_crypt( mbedtls_ccm_context *ctx, int mode, size_t length, * * Also, loosen the requirements to enable support for CCM* (IEEE 802.15.4). */ - if( tag_len == 2 || tag_len > 16 || tag_len % 2 != 0 ) - return( MBEDTLS_ERR_CCM_BAD_INPUT ); + if (tag_len == 2 || tag_len > 16 || tag_len % 2 != 0) { + return MBEDTLS_ERR_CCM_BAD_INPUT; + } /* Also implies q is within bounds */ - if( iv_len < 7 || iv_len > 13 ) - return( MBEDTLS_ERR_CCM_BAD_INPUT ); + if (iv_len < 7 || iv_len > 13) { + return MBEDTLS_ERR_CCM_BAD_INPUT; + } - if( add_len >= 0xFF00 ) - return( MBEDTLS_ERR_CCM_BAD_INPUT ); + if (add_len >= 0xFF00) { + return MBEDTLS_ERR_CCM_BAD_INPUT; + } q = 16 - 1 - (unsigned char) iv_len; @@ -186,49 +192,49 @@ static int ccm_auth_crypt( mbedtls_ccm_context *ctx, int mode, size_t length, * 2 .. 0 q - 1 */ b[0] = 0; - b[0] |= ( add_len > 0 ) << 6; - b[0] |= ( ( tag_len - 2 ) / 2 ) << 3; + b[0] |= (add_len > 0) << 6; + b[0] |= ((tag_len - 2) / 2) << 3; b[0] |= q - 1; - memcpy( b + 1, iv, iv_len ); + memcpy(b + 1, iv, iv_len); - for( i = 0, len_left = length; i < q; i++, len_left >>= 8 ) - b[15-i] = MBEDTLS_BYTE_0( len_left ); + for (i = 0, len_left = length; i < q; i++, len_left >>= 8) { + b[15-i] = MBEDTLS_BYTE_0(len_left); + } - if( len_left > 0 ) - return( MBEDTLS_ERR_CCM_BAD_INPUT ); + if (len_left > 0) { + return MBEDTLS_ERR_CCM_BAD_INPUT; + } /* Start CBC-MAC with first block */ - memset( y, 0, 16 ); + memset(y, 0, 16); UPDATE_CBC_MAC; /* * If there is additional data, update CBC-MAC with * add_len, add, 0 (padding to a block boundary) */ - if( add_len > 0 ) - { + if (add_len > 0) { size_t use_len; len_left = add_len; src = add; - memset( b, 0, 16 ); - MBEDTLS_PUT_UINT16_BE( add_len, b, 0 ); + memset(b, 0, 16); + MBEDTLS_PUT_UINT16_BE(add_len, b, 0); use_len = len_left < 16 - 2 ? len_left : 16 - 2; - memcpy( b + 2, src, use_len ); + memcpy(b + 2, src, use_len); len_left -= use_len; src += use_len; UPDATE_CBC_MAC; - while( len_left > 0 ) - { + while (len_left > 0) { use_len = len_left > 16 ? 16 : len_left; - memset( b, 0, 16 ); - memcpy( b, src, use_len ); + memset(b, 0, 16); + memcpy(b, src, use_len); UPDATE_CBC_MAC; len_left -= use_len; @@ -247,8 +253,8 @@ static int ccm_auth_crypt( mbedtls_ccm_context *ctx, int mode, size_t length, * 2 .. 0 q - 1 */ ctr[0] = q - 1; - memcpy( ctr + 1, iv, iv_len ); - memset( ctr + 1 + iv_len, 0, q ); + memcpy(ctr + 1, iv, iv_len); + memset(ctr + 1 + iv_len, 0, q); ctr[15] = 1; /* @@ -261,23 +267,20 @@ static int ccm_auth_crypt( mbedtls_ccm_context *ctx, int mode, size_t length, src = input; dst = output; - while( len_left > 0 ) - { + while (len_left > 0) { size_t use_len = len_left > 16 ? 16 : len_left; - if( mode == CCM_ENCRYPT ) - { - memset( b, 0, 16 ); - memcpy( b, src, use_len ); + if (mode == CCM_ENCRYPT) { + memset(b, 0, 16); + memcpy(b, src, use_len); UPDATE_CBC_MAC; } - CTR_CRYPT( dst, src, use_len ); + CTR_CRYPT(dst, src, use_len); - if( mode == CCM_DECRYPT ) - { - memset( b, 0, 16 ); - memcpy( b, dst, use_len ); + if (mode == CCM_DECRYPT) { + memset(b, 0, 16); + memcpy(b, dst, use_len); UPDATE_CBC_MAC; } @@ -289,120 +292,124 @@ static int ccm_auth_crypt( mbedtls_ccm_context *ctx, int mode, size_t length, * Increment counter. * No need to check for overflow thanks to the length check above. */ - for( i = 0; i < q; i++ ) - if( ++ctr[15-i] != 0 ) + for (i = 0; i < q; i++) { + if (++ctr[15-i] != 0) { break; + } + } } /* * Authentication: reset counter and crypt/mask internal tag */ - for( i = 0; i < q; i++ ) + for (i = 0; i < q; i++) { ctr[15-i] = 0; + } - CTR_CRYPT( y, y, 16 ); - memcpy( tag, y, tag_len ); + CTR_CRYPT(y, y, 16); + memcpy(tag, y, tag_len); - return( 0 ); + return 0; } /* * Authenticated encryption */ -int mbedtls_ccm_star_encrypt_and_tag( mbedtls_ccm_context *ctx, size_t length, - const unsigned char *iv, size_t iv_len, - const unsigned char *add, size_t add_len, - const unsigned char *input, unsigned char *output, - unsigned char *tag, size_t tag_len ) +int mbedtls_ccm_star_encrypt_and_tag(mbedtls_ccm_context *ctx, size_t length, + const unsigned char *iv, size_t iv_len, + const unsigned char *add, size_t add_len, + const unsigned char *input, unsigned char *output, + unsigned char *tag, size_t tag_len) { - CCM_VALIDATE_RET( ctx != NULL ); - CCM_VALIDATE_RET( iv != NULL ); - CCM_VALIDATE_RET( add_len == 0 || add != NULL ); - CCM_VALIDATE_RET( length == 0 || input != NULL ); - CCM_VALIDATE_RET( length == 0 || output != NULL ); - CCM_VALIDATE_RET( tag_len == 0 || tag != NULL ); - return( ccm_auth_crypt( ctx, CCM_ENCRYPT, length, iv, iv_len, - add, add_len, input, output, tag, tag_len ) ); + CCM_VALIDATE_RET(ctx != NULL); + CCM_VALIDATE_RET(iv != NULL); + CCM_VALIDATE_RET(add_len == 0 || add != NULL); + CCM_VALIDATE_RET(length == 0 || input != NULL); + CCM_VALIDATE_RET(length == 0 || output != NULL); + CCM_VALIDATE_RET(tag_len == 0 || tag != NULL); + return ccm_auth_crypt(ctx, CCM_ENCRYPT, length, iv, iv_len, + add, add_len, input, output, tag, tag_len); } -int mbedtls_ccm_encrypt_and_tag( mbedtls_ccm_context *ctx, size_t length, - const unsigned char *iv, size_t iv_len, - const unsigned char *add, size_t add_len, - const unsigned char *input, unsigned char *output, - unsigned char *tag, size_t tag_len ) +int mbedtls_ccm_encrypt_and_tag(mbedtls_ccm_context *ctx, size_t length, + const unsigned char *iv, size_t iv_len, + const unsigned char *add, size_t add_len, + const unsigned char *input, unsigned char *output, + unsigned char *tag, size_t tag_len) { - CCM_VALIDATE_RET( ctx != NULL ); - CCM_VALIDATE_RET( iv != NULL ); - CCM_VALIDATE_RET( add_len == 0 || add != NULL ); - CCM_VALIDATE_RET( length == 0 || input != NULL ); - CCM_VALIDATE_RET( length == 0 || output != NULL ); - CCM_VALIDATE_RET( tag_len == 0 || tag != NULL ); - if( tag_len == 0 ) - return( MBEDTLS_ERR_CCM_BAD_INPUT ); - - return( mbedtls_ccm_star_encrypt_and_tag( ctx, length, iv, iv_len, add, - add_len, input, output, tag, tag_len ) ); + CCM_VALIDATE_RET(ctx != NULL); + CCM_VALIDATE_RET(iv != NULL); + CCM_VALIDATE_RET(add_len == 0 || add != NULL); + CCM_VALIDATE_RET(length == 0 || input != NULL); + CCM_VALIDATE_RET(length == 0 || output != NULL); + CCM_VALIDATE_RET(tag_len == 0 || tag != NULL); + if (tag_len == 0) { + return MBEDTLS_ERR_CCM_BAD_INPUT; + } + + return mbedtls_ccm_star_encrypt_and_tag(ctx, length, iv, iv_len, add, + add_len, input, output, tag, tag_len); } /* * Authenticated decryption */ -int mbedtls_ccm_star_auth_decrypt( mbedtls_ccm_context *ctx, size_t length, - const unsigned char *iv, size_t iv_len, - const unsigned char *add, size_t add_len, - const unsigned char *input, unsigned char *output, - const unsigned char *tag, size_t tag_len ) +int mbedtls_ccm_star_auth_decrypt(mbedtls_ccm_context *ctx, size_t length, + const unsigned char *iv, size_t iv_len, + const unsigned char *add, size_t add_len, + const unsigned char *input, unsigned char *output, + const unsigned char *tag, size_t tag_len) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char check_tag[16]; unsigned char i; int diff; - CCM_VALIDATE_RET( ctx != NULL ); - CCM_VALIDATE_RET( iv != NULL ); - CCM_VALIDATE_RET( add_len == 0 || add != NULL ); - CCM_VALIDATE_RET( length == 0 || input != NULL ); - CCM_VALIDATE_RET( length == 0 || output != NULL ); - CCM_VALIDATE_RET( tag_len == 0 || tag != NULL ); - - if( ( ret = ccm_auth_crypt( ctx, CCM_DECRYPT, length, - iv, iv_len, add, add_len, - input, output, check_tag, tag_len ) ) != 0 ) - { - return( ret ); + CCM_VALIDATE_RET(ctx != NULL); + CCM_VALIDATE_RET(iv != NULL); + CCM_VALIDATE_RET(add_len == 0 || add != NULL); + CCM_VALIDATE_RET(length == 0 || input != NULL); + CCM_VALIDATE_RET(length == 0 || output != NULL); + CCM_VALIDATE_RET(tag_len == 0 || tag != NULL); + + if ((ret = ccm_auth_crypt(ctx, CCM_DECRYPT, length, + iv, iv_len, add, add_len, + input, output, check_tag, tag_len)) != 0) { + return ret; } /* Check tag in "constant-time" */ - for( diff = 0, i = 0; i < tag_len; i++ ) + for (diff = 0, i = 0; i < tag_len; i++) { diff |= tag[i] ^ check_tag[i]; + } - if( diff != 0 ) - { - mbedtls_platform_zeroize( output, length ); - return( MBEDTLS_ERR_CCM_AUTH_FAILED ); + if (diff != 0) { + mbedtls_platform_zeroize(output, length); + return MBEDTLS_ERR_CCM_AUTH_FAILED; } - return( 0 ); + return 0; } -int mbedtls_ccm_auth_decrypt( mbedtls_ccm_context *ctx, size_t length, - const unsigned char *iv, size_t iv_len, - const unsigned char *add, size_t add_len, - const unsigned char *input, unsigned char *output, - const unsigned char *tag, size_t tag_len ) +int mbedtls_ccm_auth_decrypt(mbedtls_ccm_context *ctx, size_t length, + const unsigned char *iv, size_t iv_len, + const unsigned char *add, size_t add_len, + const unsigned char *input, unsigned char *output, + const unsigned char *tag, size_t tag_len) { - CCM_VALIDATE_RET( ctx != NULL ); - CCM_VALIDATE_RET( iv != NULL ); - CCM_VALIDATE_RET( add_len == 0 || add != NULL ); - CCM_VALIDATE_RET( length == 0 || input != NULL ); - CCM_VALIDATE_RET( length == 0 || output != NULL ); - CCM_VALIDATE_RET( tag_len == 0 || tag != NULL ); - - if( tag_len == 0 ) - return( MBEDTLS_ERR_CCM_BAD_INPUT ); - - return( mbedtls_ccm_star_auth_decrypt( ctx, length, iv, iv_len, add, - add_len, input, output, tag, tag_len ) ); + CCM_VALIDATE_RET(ctx != NULL); + CCM_VALIDATE_RET(iv != NULL); + CCM_VALIDATE_RET(add_len == 0 || add != NULL); + CCM_VALIDATE_RET(length == 0 || input != NULL); + CCM_VALIDATE_RET(length == 0 || output != NULL); + CCM_VALIDATE_RET(tag_len == 0 || tag != NULL); + + if (tag_len == 0) { + return MBEDTLS_ERR_CCM_BAD_INPUT; + } + + return mbedtls_ccm_star_auth_decrypt(ctx, length, iv, iv_len, add, + add_len, input, output, tag, tag_len); } #endif /* !MBEDTLS_CCM_ALT */ @@ -439,7 +446,7 @@ static const unsigned char msg_test_data[CCM_SELFTEST_PT_MAX_LEN] = { 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, }; -static const size_t iv_len_test_data [NB_TESTS] = { 7, 8, 12 }; +static const size_t iv_len_test_data[NB_TESTS] = { 7, 8, 12 }; static const size_t add_len_test_data[NB_TESTS] = { 8, 16, 20 }; static const size_t msg_len_test_data[NB_TESTS] = { 4, 16, 24 }; static const size_t tag_len_test_data[NB_TESTS] = { 4, 6, 8 }; @@ -455,7 +462,7 @@ static const unsigned char res_test_data[NB_TESTS][CCM_SELFTEST_CT_MAX_LEN] = { 0x48, 0x43, 0x92, 0xfb, 0xc1, 0xb0, 0x99, 0x51 } }; -int mbedtls_ccm_self_test( int verbose ) +int mbedtls_ccm_self_test(int verbose) { mbedtls_ccm_context ctx; /* @@ -468,70 +475,72 @@ int mbedtls_ccm_self_test( int verbose ) size_t i; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - mbedtls_ccm_init( &ctx ); + mbedtls_ccm_init(&ctx); - if( mbedtls_ccm_setkey( &ctx, MBEDTLS_CIPHER_ID_AES, key_test_data, - 8 * sizeof key_test_data ) != 0 ) - { - if( verbose != 0 ) - mbedtls_printf( " CCM: setup failed" ); + if (mbedtls_ccm_setkey(&ctx, MBEDTLS_CIPHER_ID_AES, key_test_data, + 8 * sizeof(key_test_data)) != 0) { + if (verbose != 0) { + mbedtls_printf(" CCM: setup failed"); + } - return( 1 ); + return 1; } - for( i = 0; i < NB_TESTS; i++ ) - { - if( verbose != 0 ) - mbedtls_printf( " CCM-AES #%u: ", (unsigned int) i + 1 ); - - memset( plaintext, 0, CCM_SELFTEST_PT_MAX_LEN ); - memset( ciphertext, 0, CCM_SELFTEST_CT_MAX_LEN ); - memcpy( plaintext, msg_test_data, msg_len_test_data[i] ); - - ret = mbedtls_ccm_encrypt_and_tag( &ctx, msg_len_test_data[i], - iv_test_data, iv_len_test_data[i], - ad_test_data, add_len_test_data[i], - plaintext, ciphertext, - ciphertext + msg_len_test_data[i], - tag_len_test_data[i] ); - - if( ret != 0 || - memcmp( ciphertext, res_test_data[i], - msg_len_test_data[i] + tag_len_test_data[i] ) != 0 ) - { - if( verbose != 0 ) - mbedtls_printf( "failed\n" ); - - return( 1 ); + for (i = 0; i < NB_TESTS; i++) { + if (verbose != 0) { + mbedtls_printf(" CCM-AES #%u: ", (unsigned int) i + 1); + } + + memset(plaintext, 0, CCM_SELFTEST_PT_MAX_LEN); + memset(ciphertext, 0, CCM_SELFTEST_CT_MAX_LEN); + memcpy(plaintext, msg_test_data, msg_len_test_data[i]); + + ret = mbedtls_ccm_encrypt_and_tag(&ctx, msg_len_test_data[i], + iv_test_data, iv_len_test_data[i], + ad_test_data, add_len_test_data[i], + plaintext, ciphertext, + ciphertext + msg_len_test_data[i], + tag_len_test_data[i]); + + if (ret != 0 || + memcmp(ciphertext, res_test_data[i], + msg_len_test_data[i] + tag_len_test_data[i]) != 0) { + if (verbose != 0) { + mbedtls_printf("failed\n"); + } + + return 1; } - memset( plaintext, 0, CCM_SELFTEST_PT_MAX_LEN ); - - ret = mbedtls_ccm_auth_decrypt( &ctx, msg_len_test_data[i], - iv_test_data, iv_len_test_data[i], - ad_test_data, add_len_test_data[i], - ciphertext, plaintext, - ciphertext + msg_len_test_data[i], - tag_len_test_data[i] ); - - if( ret != 0 || - memcmp( plaintext, msg_test_data, msg_len_test_data[i] ) != 0 ) - { - if( verbose != 0 ) - mbedtls_printf( "failed\n" ); - - return( 1 ); + memset(plaintext, 0, CCM_SELFTEST_PT_MAX_LEN); + + ret = mbedtls_ccm_auth_decrypt(&ctx, msg_len_test_data[i], + iv_test_data, iv_len_test_data[i], + ad_test_data, add_len_test_data[i], + ciphertext, plaintext, + ciphertext + msg_len_test_data[i], + tag_len_test_data[i]); + + if (ret != 0 || + memcmp(plaintext, msg_test_data, msg_len_test_data[i]) != 0) { + if (verbose != 0) { + mbedtls_printf("failed\n"); + } + + return 1; } - if( verbose != 0 ) - mbedtls_printf( "passed\n" ); + if (verbose != 0) { + mbedtls_printf("passed\n"); + } } - mbedtls_ccm_free( &ctx ); + mbedtls_ccm_free(&ctx); - if( verbose != 0 ) - mbedtls_printf( "\n" ); + if (verbose != 0) { + mbedtls_printf("\n"); + } - return( 0 ); + return 0; } #endif /* MBEDTLS_SELF_TEST && MBEDTLS_AES_C */ diff --git a/thirdparty/mbedtls/library/certs.c b/thirdparty/mbedtls/library/certs.c index a5695e3c8e..af1f98cb02 100644 --- a/thirdparty/mbedtls/library/certs.c +++ b/thirdparty/mbedtls/library/certs.c @@ -57,50 +57,50 @@ /* This is generated from tests/data_files/test-ca2.crt.der using `xxd -i`. */ /* BEGIN FILE binary macro TEST_CA_CRT_EC_DER tests/data_files/test-ca2.crt.der */ #define TEST_CA_CRT_EC_DER { \ - 0x30, 0x82, 0x02, 0x04, 0x30, 0x82, 0x01, 0x88, 0xa0, 0x03, 0x02, 0x01, \ - 0x02, 0x02, 0x09, 0x00, 0xc1, 0x43, 0xe2, 0x7e, 0x62, 0x43, 0xcc, 0xe8, \ - 0x30, 0x0c, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, \ - 0x05, 0x00, 0x30, 0x3e, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, \ - 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, \ - 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, \ - 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x13, 0x50, \ - 0x6f, 0x6c, 0x61, 0x72, 0x73, 0x73, 0x6c, 0x20, 0x54, 0x65, 0x73, 0x74, \ - 0x20, 0x45, 0x43, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x39, \ - 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, 0x34, 0x30, 0x30, 0x5a, 0x17, \ - 0x0d, 0x32, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, 0x34, 0x30, \ - 0x30, 0x5a, 0x30, 0x3e, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, \ - 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, \ - 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, \ - 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x13, 0x50, \ - 0x6f, 0x6c, 0x61, 0x72, 0x73, 0x73, 0x6c, 0x20, 0x54, 0x65, 0x73, 0x74, \ - 0x20, 0x45, 0x43, 0x20, 0x43, 0x41, 0x30, 0x76, 0x30, 0x10, 0x06, 0x07, \ - 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, \ - 0x00, 0x22, 0x03, 0x62, 0x00, 0x04, 0xc3, 0xda, 0x2b, 0x34, 0x41, 0x37, \ - 0x58, 0x2f, 0x87, 0x56, 0xfe, 0xfc, 0x89, 0xba, 0x29, 0x43, 0x4b, 0x4e, \ - 0xe0, 0x6e, 0xc3, 0x0e, 0x57, 0x53, 0x33, 0x39, 0x58, 0xd4, 0x52, 0xb4, \ - 0x91, 0x95, 0x39, 0x0b, 0x23, 0xdf, 0x5f, 0x17, 0x24, 0x62, 0x48, 0xfc, \ - 0x1a, 0x95, 0x29, 0xce, 0x2c, 0x2d, 0x87, 0xc2, 0x88, 0x52, 0x80, 0xaf, \ - 0xd6, 0x6a, 0xab, 0x21, 0xdd, 0xb8, 0xd3, 0x1c, 0x6e, 0x58, 0xb8, 0xca, \ - 0xe8, 0xb2, 0x69, 0x8e, 0xf3, 0x41, 0xad, 0x29, 0xc3, 0xb4, 0x5f, 0x75, \ - 0xa7, 0x47, 0x6f, 0xd5, 0x19, 0x29, 0x55, 0x69, 0x9a, 0x53, 0x3b, 0x20, \ - 0xb4, 0x66, 0x16, 0x60, 0x33, 0x1e, 0xa3, 0x50, 0x30, 0x4e, 0x30, 0x0c, \ - 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, \ - 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x9d, \ - 0x6d, 0x20, 0x24, 0x49, 0x01, 0x3f, 0x2b, 0xcb, 0x78, 0xb5, 0x19, 0xbc, \ - 0x7e, 0x24, 0xc9, 0xdb, 0xfb, 0x36, 0x7c, 0x30, 0x1f, 0x06, 0x03, 0x55, \ - 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x9d, 0x6d, 0x20, 0x24, \ - 0x49, 0x01, 0x3f, 0x2b, 0xcb, 0x78, 0xb5, 0x19, 0xbc, 0x7e, 0x24, 0xc9, \ - 0xdb, 0xfb, 0x36, 0x7c, 0x30, 0x0c, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, \ - 0x3d, 0x04, 0x03, 0x02, 0x05, 0x00, 0x03, 0x68, 0x00, 0x30, 0x65, 0x02, \ - 0x30, 0x51, 0xca, 0xae, 0x30, 0x0f, 0xa4, 0x70, 0x74, 0x04, 0xdd, 0x5a, \ - 0x2c, 0x7f, 0x13, 0xc1, 0xc2, 0x77, 0xbe, 0x1d, 0x00, 0xc5, 0xe2, 0x99, \ - 0x8f, 0x7d, 0x26, 0x45, 0xd3, 0x8a, 0x06, 0x68, 0x3f, 0x8c, 0xb4, 0xb7, \ - 0xad, 0x4d, 0xe0, 0xf1, 0x54, 0x01, 0x1e, 0x99, 0xfc, 0xb0, 0xe4, 0xd3, \ - 0x07, 0x02, 0x31, 0x00, 0xdc, 0x4f, 0x3b, 0x90, 0x1e, 0xae, 0x29, 0x99, \ - 0x84, 0x28, 0xcc, 0x7b, 0x47, 0x78, 0x09, 0x31, 0xdf, 0xd6, 0x01, 0x59, \ - 0x30, 0x5e, 0xf4, 0xf8, 0x8a, 0x84, 0x3f, 0xea, 0x39, 0x54, 0x7b, 0x08, \ - 0xa7, 0x60, 0xaa, 0xbd, 0xf9, 0x5b, 0xd1, 0x51, 0x96, 0x14, 0x2e, 0x65, \ - 0xf5, 0xae, 0x1c, 0x42 \ + 0x30, 0x82, 0x02, 0x04, 0x30, 0x82, 0x01, 0x88, 0xa0, 0x03, 0x02, 0x01, \ + 0x02, 0x02, 0x09, 0x00, 0xc1, 0x43, 0xe2, 0x7e, 0x62, 0x43, 0xcc, 0xe8, \ + 0x30, 0x0c, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, \ + 0x05, 0x00, 0x30, 0x3e, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, \ + 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, \ + 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, \ + 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x13, 0x50, \ + 0x6f, 0x6c, 0x61, 0x72, 0x73, 0x73, 0x6c, 0x20, 0x54, 0x65, 0x73, 0x74, \ + 0x20, 0x45, 0x43, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x39, \ + 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, 0x34, 0x30, 0x30, 0x5a, 0x17, \ + 0x0d, 0x32, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, 0x34, 0x30, \ + 0x30, 0x5a, 0x30, 0x3e, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, \ + 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, \ + 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, \ + 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x13, 0x50, \ + 0x6f, 0x6c, 0x61, 0x72, 0x73, 0x73, 0x6c, 0x20, 0x54, 0x65, 0x73, 0x74, \ + 0x20, 0x45, 0x43, 0x20, 0x43, 0x41, 0x30, 0x76, 0x30, 0x10, 0x06, 0x07, \ + 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, \ + 0x00, 0x22, 0x03, 0x62, 0x00, 0x04, 0xc3, 0xda, 0x2b, 0x34, 0x41, 0x37, \ + 0x58, 0x2f, 0x87, 0x56, 0xfe, 0xfc, 0x89, 0xba, 0x29, 0x43, 0x4b, 0x4e, \ + 0xe0, 0x6e, 0xc3, 0x0e, 0x57, 0x53, 0x33, 0x39, 0x58, 0xd4, 0x52, 0xb4, \ + 0x91, 0x95, 0x39, 0x0b, 0x23, 0xdf, 0x5f, 0x17, 0x24, 0x62, 0x48, 0xfc, \ + 0x1a, 0x95, 0x29, 0xce, 0x2c, 0x2d, 0x87, 0xc2, 0x88, 0x52, 0x80, 0xaf, \ + 0xd6, 0x6a, 0xab, 0x21, 0xdd, 0xb8, 0xd3, 0x1c, 0x6e, 0x58, 0xb8, 0xca, \ + 0xe8, 0xb2, 0x69, 0x8e, 0xf3, 0x41, 0xad, 0x29, 0xc3, 0xb4, 0x5f, 0x75, \ + 0xa7, 0x47, 0x6f, 0xd5, 0x19, 0x29, 0x55, 0x69, 0x9a, 0x53, 0x3b, 0x20, \ + 0xb4, 0x66, 0x16, 0x60, 0x33, 0x1e, 0xa3, 0x50, 0x30, 0x4e, 0x30, 0x0c, \ + 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, \ + 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x9d, \ + 0x6d, 0x20, 0x24, 0x49, 0x01, 0x3f, 0x2b, 0xcb, 0x78, 0xb5, 0x19, 0xbc, \ + 0x7e, 0x24, 0xc9, 0xdb, 0xfb, 0x36, 0x7c, 0x30, 0x1f, 0x06, 0x03, 0x55, \ + 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x9d, 0x6d, 0x20, 0x24, \ + 0x49, 0x01, 0x3f, 0x2b, 0xcb, 0x78, 0xb5, 0x19, 0xbc, 0x7e, 0x24, 0xc9, \ + 0xdb, 0xfb, 0x36, 0x7c, 0x30, 0x0c, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, \ + 0x3d, 0x04, 0x03, 0x02, 0x05, 0x00, 0x03, 0x68, 0x00, 0x30, 0x65, 0x02, \ + 0x30, 0x51, 0xca, 0xae, 0x30, 0x0f, 0xa4, 0x70, 0x74, 0x04, 0xdd, 0x5a, \ + 0x2c, 0x7f, 0x13, 0xc1, 0xc2, 0x77, 0xbe, 0x1d, 0x00, 0xc5, 0xe2, 0x99, \ + 0x8f, 0x7d, 0x26, 0x45, 0xd3, 0x8a, 0x06, 0x68, 0x3f, 0x8c, 0xb4, 0xb7, \ + 0xad, 0x4d, 0xe0, 0xf1, 0x54, 0x01, 0x1e, 0x99, 0xfc, 0xb0, 0xe4, 0xd3, \ + 0x07, 0x02, 0x31, 0x00, 0xdc, 0x4f, 0x3b, 0x90, 0x1e, 0xae, 0x29, 0x99, \ + 0x84, 0x28, 0xcc, 0x7b, 0x47, 0x78, 0x09, 0x31, 0xdf, 0xd6, 0x01, 0x59, \ + 0x30, 0x5e, 0xf4, 0xf8, 0x8a, 0x84, 0x3f, 0xea, 0x39, 0x54, 0x7b, 0x08, \ + 0xa7, 0x60, 0xaa, 0xbd, 0xf9, 0x5b, 0xd1, 0x51, 0x96, 0x14, 0x2e, 0x65, \ + 0xf5, 0xae, 0x1c, 0x42 \ } /* END FILE */ @@ -123,20 +123,20 @@ /* This is generated from tests/data_files/test-ca2.key.der using `xxd -i`. */ /* BEGIN FILE binary macro TEST_CA_KEY_EC_DER tests/data_files/test-ca2.key.der */ #define TEST_CA_KEY_EC_DER { \ - 0x30, 0x81, 0xa4, 0x02, 0x01, 0x01, 0x04, 0x30, 0x83, 0xd9, 0x15, 0x0e, \ - 0xa0, 0x71, 0xf0, 0x57, 0x10, 0x33, 0xa3, 0x38, 0xb8, 0x86, 0xc1, 0xa6, \ - 0x11, 0x5d, 0x6d, 0xb4, 0x03, 0xe1, 0x29, 0x76, 0x45, 0xd7, 0x87, 0x6f, \ - 0x23, 0xab, 0x44, 0x20, 0xea, 0x64, 0x7b, 0x85, 0xb1, 0x76, 0xe7, 0x85, \ - 0x95, 0xaa, 0x74, 0xd6, 0xd1, 0xa4, 0x5e, 0xea, 0xa0, 0x07, 0x06, 0x05, \ - 0x2b, 0x81, 0x04, 0x00, 0x22, 0xa1, 0x64, 0x03, 0x62, 0x00, 0x04, 0xc3, \ - 0xda, 0x2b, 0x34, 0x41, 0x37, 0x58, 0x2f, 0x87, 0x56, 0xfe, 0xfc, 0x89, \ - 0xba, 0x29, 0x43, 0x4b, 0x4e, 0xe0, 0x6e, 0xc3, 0x0e, 0x57, 0x53, 0x33, \ - 0x39, 0x58, 0xd4, 0x52, 0xb4, 0x91, 0x95, 0x39, 0x0b, 0x23, 0xdf, 0x5f, \ - 0x17, 0x24, 0x62, 0x48, 0xfc, 0x1a, 0x95, 0x29, 0xce, 0x2c, 0x2d, 0x87, \ - 0xc2, 0x88, 0x52, 0x80, 0xaf, 0xd6, 0x6a, 0xab, 0x21, 0xdd, 0xb8, 0xd3, \ - 0x1c, 0x6e, 0x58, 0xb8, 0xca, 0xe8, 0xb2, 0x69, 0x8e, 0xf3, 0x41, 0xad, \ - 0x29, 0xc3, 0xb4, 0x5f, 0x75, 0xa7, 0x47, 0x6f, 0xd5, 0x19, 0x29, 0x55, \ - 0x69, 0x9a, 0x53, 0x3b, 0x20, 0xb4, 0x66, 0x16, 0x60, 0x33, 0x1e \ + 0x30, 0x81, 0xa4, 0x02, 0x01, 0x01, 0x04, 0x30, 0x83, 0xd9, 0x15, 0x0e, \ + 0xa0, 0x71, 0xf0, 0x57, 0x10, 0x33, 0xa3, 0x38, 0xb8, 0x86, 0xc1, 0xa6, \ + 0x11, 0x5d, 0x6d, 0xb4, 0x03, 0xe1, 0x29, 0x76, 0x45, 0xd7, 0x87, 0x6f, \ + 0x23, 0xab, 0x44, 0x20, 0xea, 0x64, 0x7b, 0x85, 0xb1, 0x76, 0xe7, 0x85, \ + 0x95, 0xaa, 0x74, 0xd6, 0xd1, 0xa4, 0x5e, 0xea, 0xa0, 0x07, 0x06, 0x05, \ + 0x2b, 0x81, 0x04, 0x00, 0x22, 0xa1, 0x64, 0x03, 0x62, 0x00, 0x04, 0xc3, \ + 0xda, 0x2b, 0x34, 0x41, 0x37, 0x58, 0x2f, 0x87, 0x56, 0xfe, 0xfc, 0x89, \ + 0xba, 0x29, 0x43, 0x4b, 0x4e, 0xe0, 0x6e, 0xc3, 0x0e, 0x57, 0x53, 0x33, \ + 0x39, 0x58, 0xd4, 0x52, 0xb4, 0x91, 0x95, 0x39, 0x0b, 0x23, 0xdf, 0x5f, \ + 0x17, 0x24, 0x62, 0x48, 0xfc, 0x1a, 0x95, 0x29, 0xce, 0x2c, 0x2d, 0x87, \ + 0xc2, 0x88, 0x52, 0x80, 0xaf, 0xd6, 0x6a, 0xab, 0x21, 0xdd, 0xb8, 0xd3, \ + 0x1c, 0x6e, 0x58, 0xb8, 0xca, 0xe8, 0xb2, 0x69, 0x8e, 0xf3, 0x41, 0xad, \ + 0x29, 0xc3, 0xb4, 0x5f, 0x75, 0xa7, 0x47, 0x6f, 0xd5, 0x19, 0x29, 0x55, \ + 0x69, 0x9a, 0x53, 0x3b, 0x20, 0xb4, 0x66, 0x16, 0x60, 0x33, 0x1e \ } /* END FILE */ @@ -169,76 +169,76 @@ * using `xxd -i`. */ /* BEGIN FILE binary macro TEST_CA_CRT_RSA_SHA256_DER tests/data_files/test-ca-sha256.crt.der */ #define TEST_CA_CRT_RSA_SHA256_DER { \ - 0x30, 0x82, 0x03, 0x41, 0x30, 0x82, 0x02, 0x29, 0xa0, 0x03, 0x02, 0x01, \ - 0x02, 0x02, 0x01, 0x03, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, \ - 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x3b, 0x31, 0x0b, 0x30, \ - 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, \ - 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, \ - 0x61, 0x72, 0x53, 0x53, 0x4c, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, \ - 0x04, 0x03, 0x0c, 0x10, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, \ - 0x20, 0x54, 0x65, 0x73, 0x74, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, \ - 0x31, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, 0x34, 0x30, 0x30, \ - 0x5a, 0x17, 0x0d, 0x32, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, \ - 0x34, 0x30, 0x30, 0x5a, 0x30, 0x3b, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, \ - 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, \ - 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, \ - 0x53, 0x4c, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, \ - 0x10, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, 0x20, 0x54, 0x65, \ - 0x73, 0x74, 0x20, 0x43, 0x41, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, \ - 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, \ - 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, \ - 0x01, 0x00, 0xc0, 0xdf, 0x37, 0xfc, 0x17, 0xbb, 0xe0, 0x96, 0x9d, 0x3f, \ - 0x86, 0xde, 0x96, 0x32, 0x7d, 0x44, 0xa5, 0x16, 0xa0, 0xcd, 0x21, 0xf1, \ - 0x99, 0xd4, 0xec, 0xea, 0xcb, 0x7c, 0x18, 0x58, 0x08, 0x94, 0xa5, 0xec, \ - 0x9b, 0xc5, 0x8b, 0xdf, 0x1a, 0x1e, 0x99, 0x38, 0x99, 0x87, 0x1e, 0x7b, \ - 0xc0, 0x8d, 0x39, 0xdf, 0x38, 0x5d, 0x70, 0x78, 0x07, 0xd3, 0x9e, 0xd9, \ - 0x93, 0xe8, 0xb9, 0x72, 0x51, 0xc5, 0xce, 0xa3, 0x30, 0x52, 0xa9, 0xf2, \ - 0xe7, 0x40, 0x70, 0x14, 0xcb, 0x44, 0xa2, 0x72, 0x0b, 0xc2, 0xe5, 0x40, \ - 0xf9, 0x3e, 0xe5, 0xa6, 0x0e, 0xb3, 0xf9, 0xec, 0x4a, 0x63, 0xc0, 0xb8, \ - 0x29, 0x00, 0x74, 0x9c, 0x57, 0x3b, 0xa8, 0xa5, 0x04, 0x90, 0x71, 0xf1, \ - 0xbd, 0x83, 0xd9, 0x3f, 0xd6, 0xa5, 0xe2, 0x3c, 0x2a, 0x8f, 0xef, 0x27, \ - 0x60, 0xc3, 0xc6, 0x9f, 0xcb, 0xba, 0xec, 0x60, 0x7d, 0xb7, 0xe6, 0x84, \ - 0x32, 0xbe, 0x4f, 0xfb, 0x58, 0x26, 0x22, 0x03, 0x5b, 0xd4, 0xb4, 0xd5, \ - 0xfb, 0xf5, 0xe3, 0x96, 0x2e, 0x70, 0xc0, 0xe4, 0x2e, 0xbd, 0xfc, 0x2e, \ - 0xee, 0xe2, 0x41, 0x55, 0xc0, 0x34, 0x2e, 0x7d, 0x24, 0x72, 0x69, 0xcb, \ - 0x47, 0xb1, 0x14, 0x40, 0x83, 0x7d, 0x67, 0xf4, 0x86, 0xf6, 0x31, 0xab, \ - 0xf1, 0x79, 0xa4, 0xb2, 0xb5, 0x2e, 0x12, 0xf9, 0x84, 0x17, 0xf0, 0x62, \ - 0x6f, 0x27, 0x3e, 0x13, 0x58, 0xb1, 0x54, 0x0d, 0x21, 0x9a, 0x73, 0x37, \ - 0xa1, 0x30, 0xcf, 0x6f, 0x92, 0xdc, 0xf6, 0xe9, 0xfc, 0xac, 0xdb, 0x2e, \ - 0x28, 0xd1, 0x7e, 0x02, 0x4b, 0x23, 0xa0, 0x15, 0xf2, 0x38, 0x65, 0x64, \ - 0x09, 0xea, 0x0c, 0x6e, 0x8e, 0x1b, 0x17, 0xa0, 0x71, 0xc8, 0xb3, 0x9b, \ - 0xc9, 0xab, 0xe9, 0xc3, 0xf2, 0xcf, 0x87, 0x96, 0x8f, 0x80, 0x02, 0x32, \ - 0x9e, 0x99, 0x58, 0x6f, 0xa2, 0xd5, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, \ - 0x50, 0x30, 0x4e, 0x30, 0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x05, \ - 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, \ - 0x04, 0x16, 0x04, 0x14, 0xb4, 0x5a, 0xe4, 0xa5, 0xb3, 0xde, 0xd2, 0x52, \ - 0xf6, 0xb9, 0xd5, 0xa6, 0x95, 0x0f, 0xeb, 0x3e, 0xbc, 0xc7, 0xfd, 0xff, \ - 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, \ - 0x14, 0xb4, 0x5a, 0xe4, 0xa5, 0xb3, 0xde, 0xd2, 0x52, 0xf6, 0xb9, 0xd5, \ - 0xa6, 0x95, 0x0f, 0xeb, 0x3e, 0xbc, 0xc7, 0xfd, 0xff, 0x30, 0x0d, 0x06, \ - 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, \ - 0x03, 0x82, 0x01, 0x01, 0x00, 0x38, 0xa8, 0x54, 0x82, 0xb6, 0x1d, 0xaa, \ - 0xdb, 0x6b, 0x89, 0x21, 0xd1, 0x38, 0x28, 0x61, 0xc9, 0xb0, 0x98, 0xd5, \ - 0x11, 0xfc, 0x36, 0xff, 0x19, 0xfe, 0x32, 0x44, 0xef, 0x08, 0xc7, 0xf1, \ - 0x56, 0xbb, 0xe6, 0x46, 0xfa, 0x82, 0xb6, 0x31, 0x38, 0xb4, 0xa0, 0xe5, \ - 0xa0, 0xae, 0x0c, 0xc4, 0x53, 0x9e, 0x93, 0x4e, 0xe8, 0x0d, 0x9c, 0x2f, \ - 0xb4, 0x04, 0xfd, 0x8a, 0x39, 0xf5, 0x84, 0x77, 0xed, 0x4c, 0xd4, 0xbb, \ - 0x44, 0x7f, 0x73, 0x77, 0xf7, 0xf1, 0x36, 0x97, 0xdc, 0x1e, 0x73, 0x19, \ - 0x5d, 0x50, 0xb8, 0xc3, 0x80, 0xcd, 0x03, 0x57, 0xd2, 0x00, 0xdb, 0x56, \ - 0xe6, 0xc6, 0x35, 0x24, 0x1e, 0x49, 0x7b, 0xd8, 0xd2, 0x72, 0xbb, 0x0b, \ - 0x49, 0x2f, 0xa6, 0x02, 0x3c, 0xaf, 0xd0, 0xec, 0x37, 0x1d, 0xbd, 0x81, \ - 0x8b, 0x1f, 0x30, 0xbb, 0xbc, 0x4d, 0x36, 0xb5, 0x79, 0x7c, 0x87, 0xfb, \ - 0x51, 0xb9, 0xbe, 0xc2, 0xde, 0x92, 0xa8, 0x40, 0x71, 0xbb, 0x72, 0x9b, \ - 0xf8, 0x47, 0xce, 0x6c, 0x04, 0xf8, 0x86, 0xe7, 0xf7, 0x73, 0x3c, 0xe7, \ - 0x84, 0x7d, 0xc2, 0xd7, 0xb7, 0x9d, 0xe8, 0xd4, 0x9b, 0x5f, 0x0a, 0x17, \ - 0x7d, 0xbc, 0xbb, 0xb2, 0xd5, 0x94, 0x0d, 0xe4, 0x49, 0xbf, 0x4f, 0x11, \ - 0x68, 0x53, 0xb2, 0x91, 0xff, 0xc0, 0x69, 0xee, 0xdb, 0x63, 0x93, 0xcb, \ - 0xc9, 0x35, 0x6b, 0x90, 0x09, 0xe2, 0x90, 0xc9, 0xed, 0x27, 0xd6, 0x08, \ - 0xfa, 0x13, 0x4d, 0x62, 0xdd, 0xe2, 0x9e, 0xaa, 0xb5, 0xd4, 0x0e, 0x5c, \ - 0x37, 0x4f, 0xab, 0x55, 0x3b, 0x2d, 0xf1, 0x42, 0x82, 0xc7, 0x34, 0x38, \ - 0x1a, 0x9b, 0xeb, 0xa1, 0x2c, 0x0f, 0x29, 0x31, 0x64, 0x6c, 0xcc, 0x38, \ - 0xfd, 0xa9, 0xd3, 0xd5, 0xd5, 0x71, 0xaf, 0xf0, 0x6d, 0xc0, 0x97, 0xe2, \ - 0x11, 0x2a, 0x0a, 0xdf, 0xfe, 0x02, 0x79, 0x74, 0x75 \ + 0x30, 0x82, 0x03, 0x41, 0x30, 0x82, 0x02, 0x29, 0xa0, 0x03, 0x02, 0x01, \ + 0x02, 0x02, 0x01, 0x03, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, \ + 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x3b, 0x31, 0x0b, 0x30, \ + 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, \ + 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, \ + 0x61, 0x72, 0x53, 0x53, 0x4c, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, \ + 0x04, 0x03, 0x0c, 0x10, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, \ + 0x20, 0x54, 0x65, 0x73, 0x74, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, \ + 0x31, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, 0x34, 0x30, 0x30, \ + 0x5a, 0x17, 0x0d, 0x32, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, \ + 0x34, 0x30, 0x30, 0x5a, 0x30, 0x3b, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, \ + 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, \ + 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, \ + 0x53, 0x4c, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, \ + 0x10, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, 0x20, 0x54, 0x65, \ + 0x73, 0x74, 0x20, 0x43, 0x41, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, \ + 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, \ + 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, \ + 0x01, 0x00, 0xc0, 0xdf, 0x37, 0xfc, 0x17, 0xbb, 0xe0, 0x96, 0x9d, 0x3f, \ + 0x86, 0xde, 0x96, 0x32, 0x7d, 0x44, 0xa5, 0x16, 0xa0, 0xcd, 0x21, 0xf1, \ + 0x99, 0xd4, 0xec, 0xea, 0xcb, 0x7c, 0x18, 0x58, 0x08, 0x94, 0xa5, 0xec, \ + 0x9b, 0xc5, 0x8b, 0xdf, 0x1a, 0x1e, 0x99, 0x38, 0x99, 0x87, 0x1e, 0x7b, \ + 0xc0, 0x8d, 0x39, 0xdf, 0x38, 0x5d, 0x70, 0x78, 0x07, 0xd3, 0x9e, 0xd9, \ + 0x93, 0xe8, 0xb9, 0x72, 0x51, 0xc5, 0xce, 0xa3, 0x30, 0x52, 0xa9, 0xf2, \ + 0xe7, 0x40, 0x70, 0x14, 0xcb, 0x44, 0xa2, 0x72, 0x0b, 0xc2, 0xe5, 0x40, \ + 0xf9, 0x3e, 0xe5, 0xa6, 0x0e, 0xb3, 0xf9, 0xec, 0x4a, 0x63, 0xc0, 0xb8, \ + 0x29, 0x00, 0x74, 0x9c, 0x57, 0x3b, 0xa8, 0xa5, 0x04, 0x90, 0x71, 0xf1, \ + 0xbd, 0x83, 0xd9, 0x3f, 0xd6, 0xa5, 0xe2, 0x3c, 0x2a, 0x8f, 0xef, 0x27, \ + 0x60, 0xc3, 0xc6, 0x9f, 0xcb, 0xba, 0xec, 0x60, 0x7d, 0xb7, 0xe6, 0x84, \ + 0x32, 0xbe, 0x4f, 0xfb, 0x58, 0x26, 0x22, 0x03, 0x5b, 0xd4, 0xb4, 0xd5, \ + 0xfb, 0xf5, 0xe3, 0x96, 0x2e, 0x70, 0xc0, 0xe4, 0x2e, 0xbd, 0xfc, 0x2e, \ + 0xee, 0xe2, 0x41, 0x55, 0xc0, 0x34, 0x2e, 0x7d, 0x24, 0x72, 0x69, 0xcb, \ + 0x47, 0xb1, 0x14, 0x40, 0x83, 0x7d, 0x67, 0xf4, 0x86, 0xf6, 0x31, 0xab, \ + 0xf1, 0x79, 0xa4, 0xb2, 0xb5, 0x2e, 0x12, 0xf9, 0x84, 0x17, 0xf0, 0x62, \ + 0x6f, 0x27, 0x3e, 0x13, 0x58, 0xb1, 0x54, 0x0d, 0x21, 0x9a, 0x73, 0x37, \ + 0xa1, 0x30, 0xcf, 0x6f, 0x92, 0xdc, 0xf6, 0xe9, 0xfc, 0xac, 0xdb, 0x2e, \ + 0x28, 0xd1, 0x7e, 0x02, 0x4b, 0x23, 0xa0, 0x15, 0xf2, 0x38, 0x65, 0x64, \ + 0x09, 0xea, 0x0c, 0x6e, 0x8e, 0x1b, 0x17, 0xa0, 0x71, 0xc8, 0xb3, 0x9b, \ + 0xc9, 0xab, 0xe9, 0xc3, 0xf2, 0xcf, 0x87, 0x96, 0x8f, 0x80, 0x02, 0x32, \ + 0x9e, 0x99, 0x58, 0x6f, 0xa2, 0xd5, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, \ + 0x50, 0x30, 0x4e, 0x30, 0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x05, \ + 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, \ + 0x04, 0x16, 0x04, 0x14, 0xb4, 0x5a, 0xe4, 0xa5, 0xb3, 0xde, 0xd2, 0x52, \ + 0xf6, 0xb9, 0xd5, 0xa6, 0x95, 0x0f, 0xeb, 0x3e, 0xbc, 0xc7, 0xfd, 0xff, \ + 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, \ + 0x14, 0xb4, 0x5a, 0xe4, 0xa5, 0xb3, 0xde, 0xd2, 0x52, 0xf6, 0xb9, 0xd5, \ + 0xa6, 0x95, 0x0f, 0xeb, 0x3e, 0xbc, 0xc7, 0xfd, 0xff, 0x30, 0x0d, 0x06, \ + 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, \ + 0x03, 0x82, 0x01, 0x01, 0x00, 0x38, 0xa8, 0x54, 0x82, 0xb6, 0x1d, 0xaa, \ + 0xdb, 0x6b, 0x89, 0x21, 0xd1, 0x38, 0x28, 0x61, 0xc9, 0xb0, 0x98, 0xd5, \ + 0x11, 0xfc, 0x36, 0xff, 0x19, 0xfe, 0x32, 0x44, 0xef, 0x08, 0xc7, 0xf1, \ + 0x56, 0xbb, 0xe6, 0x46, 0xfa, 0x82, 0xb6, 0x31, 0x38, 0xb4, 0xa0, 0xe5, \ + 0xa0, 0xae, 0x0c, 0xc4, 0x53, 0x9e, 0x93, 0x4e, 0xe8, 0x0d, 0x9c, 0x2f, \ + 0xb4, 0x04, 0xfd, 0x8a, 0x39, 0xf5, 0x84, 0x77, 0xed, 0x4c, 0xd4, 0xbb, \ + 0x44, 0x7f, 0x73, 0x77, 0xf7, 0xf1, 0x36, 0x97, 0xdc, 0x1e, 0x73, 0x19, \ + 0x5d, 0x50, 0xb8, 0xc3, 0x80, 0xcd, 0x03, 0x57, 0xd2, 0x00, 0xdb, 0x56, \ + 0xe6, 0xc6, 0x35, 0x24, 0x1e, 0x49, 0x7b, 0xd8, 0xd2, 0x72, 0xbb, 0x0b, \ + 0x49, 0x2f, 0xa6, 0x02, 0x3c, 0xaf, 0xd0, 0xec, 0x37, 0x1d, 0xbd, 0x81, \ + 0x8b, 0x1f, 0x30, 0xbb, 0xbc, 0x4d, 0x36, 0xb5, 0x79, 0x7c, 0x87, 0xfb, \ + 0x51, 0xb9, 0xbe, 0xc2, 0xde, 0x92, 0xa8, 0x40, 0x71, 0xbb, 0x72, 0x9b, \ + 0xf8, 0x47, 0xce, 0x6c, 0x04, 0xf8, 0x86, 0xe7, 0xf7, 0x73, 0x3c, 0xe7, \ + 0x84, 0x7d, 0xc2, 0xd7, 0xb7, 0x9d, 0xe8, 0xd4, 0x9b, 0x5f, 0x0a, 0x17, \ + 0x7d, 0xbc, 0xbb, 0xb2, 0xd5, 0x94, 0x0d, 0xe4, 0x49, 0xbf, 0x4f, 0x11, \ + 0x68, 0x53, 0xb2, 0x91, 0xff, 0xc0, 0x69, 0xee, 0xdb, 0x63, 0x93, 0xcb, \ + 0xc9, 0x35, 0x6b, 0x90, 0x09, 0xe2, 0x90, 0xc9, 0xed, 0x27, 0xd6, 0x08, \ + 0xfa, 0x13, 0x4d, 0x62, 0xdd, 0xe2, 0x9e, 0xaa, 0xb5, 0xd4, 0x0e, 0x5c, \ + 0x37, 0x4f, 0xab, 0x55, 0x3b, 0x2d, 0xf1, 0x42, 0x82, 0xc7, 0x34, 0x38, \ + 0x1a, 0x9b, 0xeb, 0xa1, 0x2c, 0x0f, 0x29, 0x31, 0x64, 0x6c, 0xcc, 0x38, \ + 0xfd, 0xa9, 0xd3, 0xd5, 0xd5, 0x71, 0xaf, 0xf0, 0x6d, 0xc0, 0x97, 0xe2, \ + 0x11, 0x2a, 0x0a, 0xdf, 0xfe, 0x02, 0x79, 0x74, 0x75 \ } /* END FILE */ @@ -270,76 +270,76 @@ /* This is taken from tests/data_files/test-ca-sha1.crt.der. */ /* BEGIN FILE binary macro TEST_CA_CRT_RSA_SHA1_DER tests/data_files/test-ca-sha1.crt.der */ #define TEST_CA_CRT_RSA_SHA1_DER { \ - 0x30, 0x82, 0x03, 0x41, 0x30, 0x82, 0x02, 0x29, 0xa0, 0x03, 0x02, 0x01, \ - 0x02, 0x02, 0x01, 0x03, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, \ - 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30, 0x3b, 0x31, 0x0b, 0x30, \ - 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, \ - 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, \ - 0x61, 0x72, 0x53, 0x53, 0x4c, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, \ - 0x04, 0x03, 0x0c, 0x10, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, \ - 0x20, 0x54, 0x65, 0x73, 0x74, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, \ - 0x31, 0x31, 0x30, 0x32, 0x31, 0x32, 0x31, 0x34, 0x34, 0x34, 0x30, 0x30, \ - 0x5a, 0x17, 0x0d, 0x32, 0x31, 0x30, 0x32, 0x31, 0x32, 0x31, 0x34, 0x34, \ - 0x34, 0x30, 0x30, 0x5a, 0x30, 0x3b, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, \ - 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, \ - 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, \ - 0x53, 0x4c, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, \ - 0x10, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, 0x20, 0x54, 0x65, \ - 0x73, 0x74, 0x20, 0x43, 0x41, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, \ - 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, \ - 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, \ - 0x01, 0x00, 0xc0, 0xdf, 0x37, 0xfc, 0x17, 0xbb, 0xe0, 0x96, 0x9d, 0x3f, \ - 0x86, 0xde, 0x96, 0x32, 0x7d, 0x44, 0xa5, 0x16, 0xa0, 0xcd, 0x21, 0xf1, \ - 0x99, 0xd4, 0xec, 0xea, 0xcb, 0x7c, 0x18, 0x58, 0x08, 0x94, 0xa5, 0xec, \ - 0x9b, 0xc5, 0x8b, 0xdf, 0x1a, 0x1e, 0x99, 0x38, 0x99, 0x87, 0x1e, 0x7b, \ - 0xc0, 0x8d, 0x39, 0xdf, 0x38, 0x5d, 0x70, 0x78, 0x07, 0xd3, 0x9e, 0xd9, \ - 0x93, 0xe8, 0xb9, 0x72, 0x51, 0xc5, 0xce, 0xa3, 0x30, 0x52, 0xa9, 0xf2, \ - 0xe7, 0x40, 0x70, 0x14, 0xcb, 0x44, 0xa2, 0x72, 0x0b, 0xc2, 0xe5, 0x40, \ - 0xf9, 0x3e, 0xe5, 0xa6, 0x0e, 0xb3, 0xf9, 0xec, 0x4a, 0x63, 0xc0, 0xb8, \ - 0x29, 0x00, 0x74, 0x9c, 0x57, 0x3b, 0xa8, 0xa5, 0x04, 0x90, 0x71, 0xf1, \ - 0xbd, 0x83, 0xd9, 0x3f, 0xd6, 0xa5, 0xe2, 0x3c, 0x2a, 0x8f, 0xef, 0x27, \ - 0x60, 0xc3, 0xc6, 0x9f, 0xcb, 0xba, 0xec, 0x60, 0x7d, 0xb7, 0xe6, 0x84, \ - 0x32, 0xbe, 0x4f, 0xfb, 0x58, 0x26, 0x22, 0x03, 0x5b, 0xd4, 0xb4, 0xd5, \ - 0xfb, 0xf5, 0xe3, 0x96, 0x2e, 0x70, 0xc0, 0xe4, 0x2e, 0xbd, 0xfc, 0x2e, \ - 0xee, 0xe2, 0x41, 0x55, 0xc0, 0x34, 0x2e, 0x7d, 0x24, 0x72, 0x69, 0xcb, \ - 0x47, 0xb1, 0x14, 0x40, 0x83, 0x7d, 0x67, 0xf4, 0x86, 0xf6, 0x31, 0xab, \ - 0xf1, 0x79, 0xa4, 0xb2, 0xb5, 0x2e, 0x12, 0xf9, 0x84, 0x17, 0xf0, 0x62, \ - 0x6f, 0x27, 0x3e, 0x13, 0x58, 0xb1, 0x54, 0x0d, 0x21, 0x9a, 0x73, 0x37, \ - 0xa1, 0x30, 0xcf, 0x6f, 0x92, 0xdc, 0xf6, 0xe9, 0xfc, 0xac, 0xdb, 0x2e, \ - 0x28, 0xd1, 0x7e, 0x02, 0x4b, 0x23, 0xa0, 0x15, 0xf2, 0x38, 0x65, 0x64, \ - 0x09, 0xea, 0x0c, 0x6e, 0x8e, 0x1b, 0x17, 0xa0, 0x71, 0xc8, 0xb3, 0x9b, \ - 0xc9, 0xab, 0xe9, 0xc3, 0xf2, 0xcf, 0x87, 0x96, 0x8f, 0x80, 0x02, 0x32, \ - 0x9e, 0x99, 0x58, 0x6f, 0xa2, 0xd5, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, \ - 0x50, 0x30, 0x4e, 0x30, 0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x05, \ - 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, \ - 0x04, 0x16, 0x04, 0x14, 0xb4, 0x5a, 0xe4, 0xa5, 0xb3, 0xde, 0xd2, 0x52, \ - 0xf6, 0xb9, 0xd5, 0xa6, 0x95, 0x0f, 0xeb, 0x3e, 0xbc, 0xc7, 0xfd, 0xff, \ - 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, \ - 0x14, 0xb4, 0x5a, 0xe4, 0xa5, 0xb3, 0xde, 0xd2, 0x52, 0xf6, 0xb9, 0xd5, \ - 0xa6, 0x95, 0x0f, 0xeb, 0x3e, 0xbc, 0xc7, 0xfd, 0xff, 0x30, 0x0d, 0x06, \ - 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, \ - 0x03, 0x82, 0x01, 0x01, 0x00, 0x01, 0x13, 0x73, 0x84, 0x3d, 0xf1, 0x1d, \ - 0xfd, 0xb7, 0x09, 0x5b, 0x96, 0x5d, 0x53, 0x7f, 0xd5, 0x80, 0xf3, 0x52, \ - 0xe2, 0xd3, 0x33, 0x87, 0xc8, 0x27, 0x24, 0xff, 0xd5, 0xd8, 0x57, 0x2f, \ - 0x16, 0xd1, 0xb2, 0x94, 0xca, 0x50, 0xab, 0xa6, 0x27, 0x10, 0x16, 0x08, \ - 0xc8, 0x11, 0xc0, 0x2f, 0x80, 0xd1, 0xbe, 0x53, 0x18, 0xe6, 0xb9, 0xd7, \ - 0x18, 0x1a, 0x77, 0x38, 0x34, 0x7c, 0x32, 0x9a, 0x87, 0x0b, 0xa0, 0x2a, \ - 0xb9, 0x14, 0xc2, 0x2f, 0x38, 0xd2, 0xe7, 0xb8, 0x98, 0x7d, 0xff, 0xff, \ - 0xe1, 0x01, 0x50, 0xa9, 0x6f, 0x67, 0xf7, 0x6c, 0xdc, 0xb6, 0xca, 0x6f, \ - 0x73, 0x39, 0x1a, 0x3c, 0xa8, 0x23, 0xaa, 0x8d, 0x4d, 0xa3, 0x75, 0x2a, \ - 0xd1, 0x76, 0xb3, 0xd7, 0x4a, 0xdc, 0xc7, 0x24, 0xd4, 0x3e, 0xb7, 0xf9, \ - 0xc0, 0xd5, 0x51, 0x67, 0x65, 0x74, 0x2a, 0xf9, 0x65, 0xbc, 0x00, 0x15, \ - 0x4b, 0x36, 0xc8, 0xe2, 0x6a, 0x5d, 0x51, 0x7c, 0xed, 0x8e, 0x14, 0x93, \ - 0x4b, 0x90, 0x36, 0x05, 0xe5, 0x90, 0x00, 0x03, 0xab, 0xd3, 0x3a, 0xb5, \ - 0x17, 0xb4, 0xd2, 0x45, 0x52, 0x69, 0x26, 0xce, 0xe3, 0x98, 0x1d, 0x9a, \ - 0x8b, 0xf8, 0xa0, 0x92, 0x1d, 0x48, 0x02, 0x37, 0x2e, 0xc1, 0x5e, 0x95, \ - 0xc2, 0x53, 0xfe, 0xb1, 0xbc, 0x34, 0x82, 0x34, 0x34, 0x36, 0x91, 0x8c, \ - 0x88, 0x7a, 0x67, 0x97, 0x34, 0x40, 0x8b, 0xfb, 0x48, 0x6e, 0xd3, 0xaf, \ - 0x30, 0x81, 0x8e, 0x05, 0x4d, 0x93, 0x21, 0xf6, 0xb1, 0xff, 0x98, 0xea, \ - 0xd5, 0xa8, 0x14, 0xc7, 0x96, 0x8f, 0x99, 0x3e, 0x53, 0x58, 0x08, 0x89, \ - 0x3c, 0xe3, 0x8f, 0xea, 0x5e, 0x71, 0x5e, 0x70, 0xf0, 0xc5, 0xe6, 0x12, \ - 0x35, 0x6a, 0xa2, 0x5f, 0xd1, 0xb2, 0xba, 0xc0, 0x59, 0x8d, 0xec, 0xda, \ - 0x09, 0xa1, 0xda, 0x6e, 0x30, 0xcb, 0x53, 0x4a, 0x90 \ + 0x30, 0x82, 0x03, 0x41, 0x30, 0x82, 0x02, 0x29, 0xa0, 0x03, 0x02, 0x01, \ + 0x02, 0x02, 0x01, 0x03, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, \ + 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30, 0x3b, 0x31, 0x0b, 0x30, \ + 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, \ + 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, \ + 0x61, 0x72, 0x53, 0x53, 0x4c, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, \ + 0x04, 0x03, 0x0c, 0x10, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, \ + 0x20, 0x54, 0x65, 0x73, 0x74, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, \ + 0x31, 0x31, 0x30, 0x32, 0x31, 0x32, 0x31, 0x34, 0x34, 0x34, 0x30, 0x30, \ + 0x5a, 0x17, 0x0d, 0x32, 0x31, 0x30, 0x32, 0x31, 0x32, 0x31, 0x34, 0x34, \ + 0x34, 0x30, 0x30, 0x5a, 0x30, 0x3b, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, \ + 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, \ + 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, \ + 0x53, 0x4c, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, \ + 0x10, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, 0x20, 0x54, 0x65, \ + 0x73, 0x74, 0x20, 0x43, 0x41, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, \ + 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, \ + 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, \ + 0x01, 0x00, 0xc0, 0xdf, 0x37, 0xfc, 0x17, 0xbb, 0xe0, 0x96, 0x9d, 0x3f, \ + 0x86, 0xde, 0x96, 0x32, 0x7d, 0x44, 0xa5, 0x16, 0xa0, 0xcd, 0x21, 0xf1, \ + 0x99, 0xd4, 0xec, 0xea, 0xcb, 0x7c, 0x18, 0x58, 0x08, 0x94, 0xa5, 0xec, \ + 0x9b, 0xc5, 0x8b, 0xdf, 0x1a, 0x1e, 0x99, 0x38, 0x99, 0x87, 0x1e, 0x7b, \ + 0xc0, 0x8d, 0x39, 0xdf, 0x38, 0x5d, 0x70, 0x78, 0x07, 0xd3, 0x9e, 0xd9, \ + 0x93, 0xe8, 0xb9, 0x72, 0x51, 0xc5, 0xce, 0xa3, 0x30, 0x52, 0xa9, 0xf2, \ + 0xe7, 0x40, 0x70, 0x14, 0xcb, 0x44, 0xa2, 0x72, 0x0b, 0xc2, 0xe5, 0x40, \ + 0xf9, 0x3e, 0xe5, 0xa6, 0x0e, 0xb3, 0xf9, 0xec, 0x4a, 0x63, 0xc0, 0xb8, \ + 0x29, 0x00, 0x74, 0x9c, 0x57, 0x3b, 0xa8, 0xa5, 0x04, 0x90, 0x71, 0xf1, \ + 0xbd, 0x83, 0xd9, 0x3f, 0xd6, 0xa5, 0xe2, 0x3c, 0x2a, 0x8f, 0xef, 0x27, \ + 0x60, 0xc3, 0xc6, 0x9f, 0xcb, 0xba, 0xec, 0x60, 0x7d, 0xb7, 0xe6, 0x84, \ + 0x32, 0xbe, 0x4f, 0xfb, 0x58, 0x26, 0x22, 0x03, 0x5b, 0xd4, 0xb4, 0xd5, \ + 0xfb, 0xf5, 0xe3, 0x96, 0x2e, 0x70, 0xc0, 0xe4, 0x2e, 0xbd, 0xfc, 0x2e, \ + 0xee, 0xe2, 0x41, 0x55, 0xc0, 0x34, 0x2e, 0x7d, 0x24, 0x72, 0x69, 0xcb, \ + 0x47, 0xb1, 0x14, 0x40, 0x83, 0x7d, 0x67, 0xf4, 0x86, 0xf6, 0x31, 0xab, \ + 0xf1, 0x79, 0xa4, 0xb2, 0xb5, 0x2e, 0x12, 0xf9, 0x84, 0x17, 0xf0, 0x62, \ + 0x6f, 0x27, 0x3e, 0x13, 0x58, 0xb1, 0x54, 0x0d, 0x21, 0x9a, 0x73, 0x37, \ + 0xa1, 0x30, 0xcf, 0x6f, 0x92, 0xdc, 0xf6, 0xe9, 0xfc, 0xac, 0xdb, 0x2e, \ + 0x28, 0xd1, 0x7e, 0x02, 0x4b, 0x23, 0xa0, 0x15, 0xf2, 0x38, 0x65, 0x64, \ + 0x09, 0xea, 0x0c, 0x6e, 0x8e, 0x1b, 0x17, 0xa0, 0x71, 0xc8, 0xb3, 0x9b, \ + 0xc9, 0xab, 0xe9, 0xc3, 0xf2, 0xcf, 0x87, 0x96, 0x8f, 0x80, 0x02, 0x32, \ + 0x9e, 0x99, 0x58, 0x6f, 0xa2, 0xd5, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, \ + 0x50, 0x30, 0x4e, 0x30, 0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x05, \ + 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, \ + 0x04, 0x16, 0x04, 0x14, 0xb4, 0x5a, 0xe4, 0xa5, 0xb3, 0xde, 0xd2, 0x52, \ + 0xf6, 0xb9, 0xd5, 0xa6, 0x95, 0x0f, 0xeb, 0x3e, 0xbc, 0xc7, 0xfd, 0xff, \ + 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, \ + 0x14, 0xb4, 0x5a, 0xe4, 0xa5, 0xb3, 0xde, 0xd2, 0x52, 0xf6, 0xb9, 0xd5, \ + 0xa6, 0x95, 0x0f, 0xeb, 0x3e, 0xbc, 0xc7, 0xfd, 0xff, 0x30, 0x0d, 0x06, \ + 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, \ + 0x03, 0x82, 0x01, 0x01, 0x00, 0x01, 0x13, 0x73, 0x84, 0x3d, 0xf1, 0x1d, \ + 0xfd, 0xb7, 0x09, 0x5b, 0x96, 0x5d, 0x53, 0x7f, 0xd5, 0x80, 0xf3, 0x52, \ + 0xe2, 0xd3, 0x33, 0x87, 0xc8, 0x27, 0x24, 0xff, 0xd5, 0xd8, 0x57, 0x2f, \ + 0x16, 0xd1, 0xb2, 0x94, 0xca, 0x50, 0xab, 0xa6, 0x27, 0x10, 0x16, 0x08, \ + 0xc8, 0x11, 0xc0, 0x2f, 0x80, 0xd1, 0xbe, 0x53, 0x18, 0xe6, 0xb9, 0xd7, \ + 0x18, 0x1a, 0x77, 0x38, 0x34, 0x7c, 0x32, 0x9a, 0x87, 0x0b, 0xa0, 0x2a, \ + 0xb9, 0x14, 0xc2, 0x2f, 0x38, 0xd2, 0xe7, 0xb8, 0x98, 0x7d, 0xff, 0xff, \ + 0xe1, 0x01, 0x50, 0xa9, 0x6f, 0x67, 0xf7, 0x6c, 0xdc, 0xb6, 0xca, 0x6f, \ + 0x73, 0x39, 0x1a, 0x3c, 0xa8, 0x23, 0xaa, 0x8d, 0x4d, 0xa3, 0x75, 0x2a, \ + 0xd1, 0x76, 0xb3, 0xd7, 0x4a, 0xdc, 0xc7, 0x24, 0xd4, 0x3e, 0xb7, 0xf9, \ + 0xc0, 0xd5, 0x51, 0x67, 0x65, 0x74, 0x2a, 0xf9, 0x65, 0xbc, 0x00, 0x15, \ + 0x4b, 0x36, 0xc8, 0xe2, 0x6a, 0x5d, 0x51, 0x7c, 0xed, 0x8e, 0x14, 0x93, \ + 0x4b, 0x90, 0x36, 0x05, 0xe5, 0x90, 0x00, 0x03, 0xab, 0xd3, 0x3a, 0xb5, \ + 0x17, 0xb4, 0xd2, 0x45, 0x52, 0x69, 0x26, 0xce, 0xe3, 0x98, 0x1d, 0x9a, \ + 0x8b, 0xf8, 0xa0, 0x92, 0x1d, 0x48, 0x02, 0x37, 0x2e, 0xc1, 0x5e, 0x95, \ + 0xc2, 0x53, 0xfe, 0xb1, 0xbc, 0x34, 0x82, 0x34, 0x34, 0x36, 0x91, 0x8c, \ + 0x88, 0x7a, 0x67, 0x97, 0x34, 0x40, 0x8b, 0xfb, 0x48, 0x6e, 0xd3, 0xaf, \ + 0x30, 0x81, 0x8e, 0x05, 0x4d, 0x93, 0x21, 0xf6, 0xb1, 0xff, 0x98, 0xea, \ + 0xd5, 0xa8, 0x14, 0xc7, 0x96, 0x8f, 0x99, 0x3e, 0x53, 0x58, 0x08, 0x89, \ + 0x3c, 0xe3, 0x8f, 0xea, 0x5e, 0x71, 0x5e, 0x70, 0xf0, 0xc5, 0xe6, 0x12, \ + 0x35, 0x6a, 0xa2, 0x5f, 0xd1, 0xb2, 0xba, 0xc0, 0x59, 0x8d, 0xec, 0xda, \ + 0x09, 0xa1, 0xda, 0x6e, 0x30, 0xcb, 0x53, 0x4a, 0x90 \ } /* END FILE */ @@ -383,106 +383,106 @@ /* This was generated from test-ca.key.der using `xxd -i`. */ /* BEGIN FILE binary macro TEST_CA_KEY_RSA_DER tests/data_files/test-ca.key.der */ #define TEST_CA_KEY_RSA_DER { \ - 0x30, 0x82, 0x04, 0xa4, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00, \ - 0xc0, 0xdf, 0x37, 0xfc, 0x17, 0xbb, 0xe0, 0x96, 0x9d, 0x3f, 0x86, 0xde, \ - 0x96, 0x32, 0x7d, 0x44, 0xa5, 0x16, 0xa0, 0xcd, 0x21, 0xf1, 0x99, 0xd4, \ - 0xec, 0xea, 0xcb, 0x7c, 0x18, 0x58, 0x08, 0x94, 0xa5, 0xec, 0x9b, 0xc5, \ - 0x8b, 0xdf, 0x1a, 0x1e, 0x99, 0x38, 0x99, 0x87, 0x1e, 0x7b, 0xc0, 0x8d, \ - 0x39, 0xdf, 0x38, 0x5d, 0x70, 0x78, 0x07, 0xd3, 0x9e, 0xd9, 0x93, 0xe8, \ - 0xb9, 0x72, 0x51, 0xc5, 0xce, 0xa3, 0x30, 0x52, 0xa9, 0xf2, 0xe7, 0x40, \ - 0x70, 0x14, 0xcb, 0x44, 0xa2, 0x72, 0x0b, 0xc2, 0xe5, 0x40, 0xf9, 0x3e, \ - 0xe5, 0xa6, 0x0e, 0xb3, 0xf9, 0xec, 0x4a, 0x63, 0xc0, 0xb8, 0x29, 0x00, \ - 0x74, 0x9c, 0x57, 0x3b, 0xa8, 0xa5, 0x04, 0x90, 0x71, 0xf1, 0xbd, 0x83, \ - 0xd9, 0x3f, 0xd6, 0xa5, 0xe2, 0x3c, 0x2a, 0x8f, 0xef, 0x27, 0x60, 0xc3, \ - 0xc6, 0x9f, 0xcb, 0xba, 0xec, 0x60, 0x7d, 0xb7, 0xe6, 0x84, 0x32, 0xbe, \ - 0x4f, 0xfb, 0x58, 0x26, 0x22, 0x03, 0x5b, 0xd4, 0xb4, 0xd5, 0xfb, 0xf5, \ - 0xe3, 0x96, 0x2e, 0x70, 0xc0, 0xe4, 0x2e, 0xbd, 0xfc, 0x2e, 0xee, 0xe2, \ - 0x41, 0x55, 0xc0, 0x34, 0x2e, 0x7d, 0x24, 0x72, 0x69, 0xcb, 0x47, 0xb1, \ - 0x14, 0x40, 0x83, 0x7d, 0x67, 0xf4, 0x86, 0xf6, 0x31, 0xab, 0xf1, 0x79, \ - 0xa4, 0xb2, 0xb5, 0x2e, 0x12, 0xf9, 0x84, 0x17, 0xf0, 0x62, 0x6f, 0x27, \ - 0x3e, 0x13, 0x58, 0xb1, 0x54, 0x0d, 0x21, 0x9a, 0x73, 0x37, 0xa1, 0x30, \ - 0xcf, 0x6f, 0x92, 0xdc, 0xf6, 0xe9, 0xfc, 0xac, 0xdb, 0x2e, 0x28, 0xd1, \ - 0x7e, 0x02, 0x4b, 0x23, 0xa0, 0x15, 0xf2, 0x38, 0x65, 0x64, 0x09, 0xea, \ - 0x0c, 0x6e, 0x8e, 0x1b, 0x17, 0xa0, 0x71, 0xc8, 0xb3, 0x9b, 0xc9, 0xab, \ - 0xe9, 0xc3, 0xf2, 0xcf, 0x87, 0x96, 0x8f, 0x80, 0x02, 0x32, 0x9e, 0x99, \ - 0x58, 0x6f, 0xa2, 0xd5, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01, \ - 0x00, 0x3f, 0xf7, 0x07, 0xd3, 0x34, 0x6f, 0xdb, 0xc9, 0x37, 0xb7, 0x84, \ - 0xdc, 0x37, 0x45, 0xe1, 0x63, 0xad, 0xb8, 0xb6, 0x75, 0xb1, 0xc7, 0x35, \ - 0xb4, 0x77, 0x2a, 0x5b, 0x77, 0xf9, 0x7e, 0xe0, 0xc1, 0xa3, 0xd1, 0xb7, \ - 0xcb, 0xa9, 0x5a, 0xc1, 0x87, 0xda, 0x5a, 0xfa, 0x17, 0xe4, 0xd5, 0x38, \ - 0x03, 0xde, 0x68, 0x98, 0x81, 0xec, 0xb5, 0xf2, 0x2a, 0x8d, 0xe9, 0x2c, \ - 0xf3, 0xa6, 0xe5, 0x32, 0x17, 0x7f, 0x33, 0x81, 0xe8, 0x38, 0x72, 0xd5, \ - 0x9c, 0xfa, 0x4e, 0xfb, 0x26, 0xf5, 0x15, 0x0b, 0xaf, 0x84, 0x66, 0xab, \ - 0x02, 0xe0, 0x18, 0xd5, 0x91, 0x7c, 0xd6, 0x8f, 0xc9, 0x4b, 0x76, 0x08, \ - 0x2b, 0x1d, 0x81, 0x68, 0x30, 0xe1, 0xfa, 0x70, 0x6c, 0x13, 0x4e, 0x10, \ - 0x03, 0x35, 0x3e, 0xc5, 0xca, 0x58, 0x20, 0x8a, 0x21, 0x18, 0x38, 0xa0, \ - 0x0f, 0xed, 0xc4, 0xbb, 0x45, 0x6f, 0xf5, 0x84, 0x5b, 0xb0, 0xcf, 0x4e, \ - 0x9d, 0x58, 0x13, 0x6b, 0x35, 0x35, 0x69, 0xa1, 0xd2, 0xc4, 0xf2, 0xc1, \ - 0x48, 0x04, 0x20, 0x51, 0xb9, 0x6b, 0xa4, 0x5d, 0xa5, 0x4b, 0x84, 0x88, \ - 0x43, 0x48, 0x99, 0x2c, 0xbb, 0xa4, 0x97, 0xd6, 0xd6, 0x18, 0xf6, 0xec, \ - 0x5c, 0xd1, 0x31, 0x49, 0xc9, 0xf2, 0x8f, 0x0b, 0x4d, 0xef, 0x09, 0x02, \ - 0xfe, 0x7d, 0xfd, 0xbb, 0xaf, 0x2b, 0x83, 0x94, 0x22, 0xc4, 0xa7, 0x3e, \ - 0x66, 0xf5, 0xe0, 0x57, 0xdc, 0xf2, 0xed, 0x2c, 0x3e, 0x81, 0x74, 0x76, \ - 0x1e, 0x96, 0x6f, 0x74, 0x1e, 0x32, 0x0e, 0x14, 0x31, 0xd0, 0x74, 0xf0, \ - 0xf4, 0x07, 0xbd, 0xc3, 0xd1, 0x22, 0xc2, 0xa8, 0x95, 0x92, 0x06, 0x7f, \ - 0x43, 0x02, 0x91, 0xbc, 0xdd, 0x23, 0x01, 0x89, 0x94, 0x20, 0x44, 0x64, \ - 0xf5, 0x1d, 0x67, 0xd2, 0x8f, 0xe8, 0x69, 0xa5, 0x29, 0x25, 0xe6, 0x50, \ - 0x9c, 0xe3, 0xe9, 0xcb, 0x75, 0x02, 0x81, 0x81, 0x00, 0xe2, 0x29, 0x3e, \ - 0xaa, 0x6b, 0xd5, 0x59, 0x1e, 0x9c, 0xe6, 0x47, 0xd5, 0xb6, 0xd7, 0xe3, \ - 0xf1, 0x8e, 0x9e, 0xe9, 0x83, 0x5f, 0x10, 0x9f, 0x63, 0xec, 0x04, 0x44, \ - 0xcc, 0x3f, 0xf8, 0xd9, 0x3a, 0x17, 0xe0, 0x4f, 0xfe, 0xd8, 0x4d, 0xcd, \ - 0x46, 0x54, 0x74, 0xbf, 0x0a, 0xc4, 0x67, 0x9c, 0xa7, 0xd8, 0x89, 0x65, \ - 0x4c, 0xfd, 0x58, 0x2a, 0x47, 0x0f, 0xf4, 0x37, 0xb6, 0x55, 0xb0, 0x1d, \ - 0xed, 0xa7, 0x39, 0xfc, 0x4f, 0xa3, 0xc4, 0x75, 0x3a, 0xa3, 0x98, 0xa7, \ - 0x45, 0xf5, 0x66, 0xcb, 0x7c, 0x65, 0xfb, 0x80, 0x23, 0xe6, 0xff, 0xfd, \ - 0x99, 0x1f, 0x8e, 0x6b, 0xff, 0x5e, 0x93, 0x66, 0xdf, 0x6c, 0x6f, 0xc3, \ - 0xf6, 0x38, 0x2e, 0xff, 0x69, 0xb5, 0xac, 0xae, 0xbb, 0xc6, 0x71, 0x16, \ - 0x6b, 0xd0, 0xf8, 0x22, 0xd9, 0xf8, 0xa2, 0x72, 0x20, 0xd2, 0xe2, 0x3a, \ - 0x70, 0x4b, 0xde, 0xab, 0x2f, 0x02, 0x81, 0x81, 0x00, 0xda, 0x51, 0x9b, \ - 0xb8, 0xb2, 0x2a, 0x14, 0x75, 0x58, 0x40, 0x8d, 0x27, 0x70, 0xfa, 0x31, \ - 0x48, 0xb0, 0x20, 0x21, 0x34, 0xfa, 0x4c, 0x57, 0xa8, 0x11, 0x88, 0xf3, \ - 0xa7, 0xae, 0x21, 0xe9, 0xb6, 0x2b, 0xd1, 0xcd, 0xa7, 0xf8, 0xd8, 0x0c, \ - 0x8a, 0x76, 0x22, 0x35, 0x44, 0xce, 0x3f, 0x25, 0x29, 0x83, 0x7d, 0x79, \ - 0xa7, 0x31, 0xd6, 0xec, 0xb2, 0xbf, 0xda, 0x34, 0xb6, 0xf6, 0xb2, 0x3b, \ - 0xf3, 0x78, 0x5a, 0x04, 0x83, 0x33, 0x3e, 0xa2, 0xe2, 0x81, 0x82, 0x13, \ - 0xd4, 0x35, 0x17, 0x63, 0x9b, 0x9e, 0xc4, 0x8d, 0x91, 0x4c, 0x03, 0x77, \ - 0xc7, 0x71, 0x5b, 0xee, 0x83, 0x6d, 0xd5, 0x78, 0x88, 0xf6, 0x2c, 0x79, \ - 0xc2, 0x4a, 0xb4, 0x79, 0x90, 0x70, 0xbf, 0xdf, 0x34, 0x56, 0x96, 0x71, \ - 0xe3, 0x0e, 0x68, 0x91, 0xbc, 0xea, 0xcb, 0x33, 0xc0, 0xbe, 0x45, 0xd7, \ - 0xfc, 0x30, 0xfd, 0x01, 0x3b, 0x02, 0x81, 0x81, 0x00, 0xd2, 0x9f, 0x2a, \ - 0xb7, 0x38, 0x19, 0xc7, 0x17, 0x95, 0x73, 0x78, 0xae, 0xf5, 0xcb, 0x75, \ - 0x83, 0x7f, 0x19, 0x4b, 0xcb, 0x86, 0xfb, 0x4a, 0x15, 0x9a, 0xb6, 0x17, \ - 0x04, 0x49, 0x07, 0x8d, 0xf6, 0x66, 0x4a, 0x06, 0xf6, 0x05, 0xa7, 0xdf, \ - 0x66, 0x82, 0x3c, 0xff, 0xb6, 0x1d, 0x57, 0x89, 0x33, 0x5f, 0x9c, 0x05, \ - 0x75, 0x7f, 0xf3, 0x5d, 0xdc, 0x34, 0x65, 0x72, 0x85, 0x22, 0xa4, 0x14, \ - 0x1b, 0x41, 0xc3, 0xe4, 0xd0, 0x9e, 0x69, 0xd5, 0xeb, 0x38, 0x74, 0x70, \ - 0x43, 0xdc, 0xd9, 0x50, 0xe4, 0x97, 0x6d, 0x73, 0xd6, 0xfb, 0xc8, 0xa7, \ - 0xfa, 0xb4, 0xc2, 0xc4, 0x9d, 0x5d, 0x0c, 0xd5, 0x9f, 0x79, 0xb3, 0x54, \ - 0xc2, 0xb7, 0x6c, 0x3d, 0x7d, 0xcb, 0x2d, 0xf8, 0xc4, 0xf3, 0x78, 0x5a, \ - 0x33, 0x2a, 0xb8, 0x0c, 0x6d, 0x06, 0xfa, 0xf2, 0x62, 0xd3, 0x42, 0xd0, \ - 0xbd, 0xc8, 0x4a, 0xa5, 0x0d, 0x02, 0x81, 0x81, 0x00, 0xd4, 0xa9, 0x90, \ - 0x15, 0xde, 0xbf, 0x2c, 0xc4, 0x8d, 0x9d, 0xfb, 0xa1, 0xc2, 0xe4, 0x83, \ - 0xe3, 0x79, 0x65, 0x22, 0xd3, 0xb7, 0x49, 0x6c, 0x4d, 0x94, 0x1f, 0x22, \ - 0xb1, 0x60, 0xe7, 0x3a, 0x00, 0xb1, 0x38, 0xa2, 0xab, 0x0f, 0xb4, 0x6c, \ - 0xaa, 0xe7, 0x9e, 0x34, 0xe3, 0x7c, 0x40, 0x78, 0x53, 0xb2, 0xf9, 0x23, \ - 0xea, 0xa0, 0x9a, 0xea, 0x60, 0xc8, 0x8f, 0xa6, 0xaf, 0xdf, 0x29, 0x09, \ - 0x4b, 0x06, 0x1e, 0x31, 0xad, 0x17, 0xda, 0xd8, 0xd1, 0xe9, 0x33, 0xab, \ - 0x5b, 0x18, 0x08, 0x5b, 0x87, 0xf8, 0xa5, 0x1f, 0xfd, 0xbb, 0xdc, 0xd8, \ - 0xed, 0x97, 0x57, 0xe4, 0xc3, 0x73, 0xd6, 0xf0, 0x9e, 0x01, 0xa6, 0x9b, \ - 0x48, 0x8e, 0x7a, 0xb4, 0xbb, 0xe5, 0x88, 0x91, 0xc5, 0x2a, 0xdf, 0x4b, \ - 0xba, 0xd0, 0x8b, 0x3e, 0x03, 0x97, 0x77, 0x2f, 0x47, 0x7e, 0x51, 0x0c, \ - 0xae, 0x65, 0x8d, 0xde, 0x87, 0x02, 0x81, 0x80, 0x20, 0x24, 0x0f, 0xd2, \ - 0xaf, 0xc2, 0x28, 0x3b, 0x97, 0x20, 0xb2, 0x92, 0x49, 0xeb, 0x09, 0x68, \ - 0x40, 0xb2, 0xbe, 0xd1, 0xc3, 0x83, 0x94, 0x34, 0x38, 0xd6, 0xc9, 0xec, \ - 0x34, 0x09, 0xf9, 0x41, 0x6d, 0x5c, 0x42, 0x94, 0xf7, 0x04, 0xfc, 0x32, \ - 0x39, 0x69, 0xbc, 0x1c, 0xfb, 0x3e, 0x61, 0x98, 0xc0, 0x80, 0xd8, 0x36, \ - 0x47, 0xc3, 0x6d, 0xc2, 0x2e, 0xe7, 0x81, 0x2a, 0x17, 0x34, 0x64, 0x30, \ - 0x4e, 0x96, 0xbb, 0x26, 0x16, 0xb9, 0x41, 0x36, 0xfe, 0x8a, 0xd6, 0x53, \ - 0x7c, 0xaa, 0xec, 0x39, 0x42, 0x50, 0xef, 0xe3, 0xb3, 0x01, 0x28, 0x32, \ - 0xca, 0x6d, 0xf5, 0x9a, 0x1e, 0x9f, 0x37, 0xbe, 0xfe, 0x38, 0x20, 0x22, \ - 0x91, 0x8c, 0xcd, 0x95, 0x02, 0xf2, 0x4d, 0x6f, 0x1a, 0xb4, 0x43, 0xf0, \ - 0x19, 0xdf, 0x65, 0xc0, 0x92, 0xe7, 0x9d, 0x2f, 0x09, 0xe7, 0xec, 0x69, \ - 0xa8, 0xc2, 0x8f, 0x0d \ + 0x30, 0x82, 0x04, 0xa4, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00, \ + 0xc0, 0xdf, 0x37, 0xfc, 0x17, 0xbb, 0xe0, 0x96, 0x9d, 0x3f, 0x86, 0xde, \ + 0x96, 0x32, 0x7d, 0x44, 0xa5, 0x16, 0xa0, 0xcd, 0x21, 0xf1, 0x99, 0xd4, \ + 0xec, 0xea, 0xcb, 0x7c, 0x18, 0x58, 0x08, 0x94, 0xa5, 0xec, 0x9b, 0xc5, \ + 0x8b, 0xdf, 0x1a, 0x1e, 0x99, 0x38, 0x99, 0x87, 0x1e, 0x7b, 0xc0, 0x8d, \ + 0x39, 0xdf, 0x38, 0x5d, 0x70, 0x78, 0x07, 0xd3, 0x9e, 0xd9, 0x93, 0xe8, \ + 0xb9, 0x72, 0x51, 0xc5, 0xce, 0xa3, 0x30, 0x52, 0xa9, 0xf2, 0xe7, 0x40, \ + 0x70, 0x14, 0xcb, 0x44, 0xa2, 0x72, 0x0b, 0xc2, 0xe5, 0x40, 0xf9, 0x3e, \ + 0xe5, 0xa6, 0x0e, 0xb3, 0xf9, 0xec, 0x4a, 0x63, 0xc0, 0xb8, 0x29, 0x00, \ + 0x74, 0x9c, 0x57, 0x3b, 0xa8, 0xa5, 0x04, 0x90, 0x71, 0xf1, 0xbd, 0x83, \ + 0xd9, 0x3f, 0xd6, 0xa5, 0xe2, 0x3c, 0x2a, 0x8f, 0xef, 0x27, 0x60, 0xc3, \ + 0xc6, 0x9f, 0xcb, 0xba, 0xec, 0x60, 0x7d, 0xb7, 0xe6, 0x84, 0x32, 0xbe, \ + 0x4f, 0xfb, 0x58, 0x26, 0x22, 0x03, 0x5b, 0xd4, 0xb4, 0xd5, 0xfb, 0xf5, \ + 0xe3, 0x96, 0x2e, 0x70, 0xc0, 0xe4, 0x2e, 0xbd, 0xfc, 0x2e, 0xee, 0xe2, \ + 0x41, 0x55, 0xc0, 0x34, 0x2e, 0x7d, 0x24, 0x72, 0x69, 0xcb, 0x47, 0xb1, \ + 0x14, 0x40, 0x83, 0x7d, 0x67, 0xf4, 0x86, 0xf6, 0x31, 0xab, 0xf1, 0x79, \ + 0xa4, 0xb2, 0xb5, 0x2e, 0x12, 0xf9, 0x84, 0x17, 0xf0, 0x62, 0x6f, 0x27, \ + 0x3e, 0x13, 0x58, 0xb1, 0x54, 0x0d, 0x21, 0x9a, 0x73, 0x37, 0xa1, 0x30, \ + 0xcf, 0x6f, 0x92, 0xdc, 0xf6, 0xe9, 0xfc, 0xac, 0xdb, 0x2e, 0x28, 0xd1, \ + 0x7e, 0x02, 0x4b, 0x23, 0xa0, 0x15, 0xf2, 0x38, 0x65, 0x64, 0x09, 0xea, \ + 0x0c, 0x6e, 0x8e, 0x1b, 0x17, 0xa0, 0x71, 0xc8, 0xb3, 0x9b, 0xc9, 0xab, \ + 0xe9, 0xc3, 0xf2, 0xcf, 0x87, 0x96, 0x8f, 0x80, 0x02, 0x32, 0x9e, 0x99, \ + 0x58, 0x6f, 0xa2, 0xd5, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01, \ + 0x00, 0x3f, 0xf7, 0x07, 0xd3, 0x34, 0x6f, 0xdb, 0xc9, 0x37, 0xb7, 0x84, \ + 0xdc, 0x37, 0x45, 0xe1, 0x63, 0xad, 0xb8, 0xb6, 0x75, 0xb1, 0xc7, 0x35, \ + 0xb4, 0x77, 0x2a, 0x5b, 0x77, 0xf9, 0x7e, 0xe0, 0xc1, 0xa3, 0xd1, 0xb7, \ + 0xcb, 0xa9, 0x5a, 0xc1, 0x87, 0xda, 0x5a, 0xfa, 0x17, 0xe4, 0xd5, 0x38, \ + 0x03, 0xde, 0x68, 0x98, 0x81, 0xec, 0xb5, 0xf2, 0x2a, 0x8d, 0xe9, 0x2c, \ + 0xf3, 0xa6, 0xe5, 0x32, 0x17, 0x7f, 0x33, 0x81, 0xe8, 0x38, 0x72, 0xd5, \ + 0x9c, 0xfa, 0x4e, 0xfb, 0x26, 0xf5, 0x15, 0x0b, 0xaf, 0x84, 0x66, 0xab, \ + 0x02, 0xe0, 0x18, 0xd5, 0x91, 0x7c, 0xd6, 0x8f, 0xc9, 0x4b, 0x76, 0x08, \ + 0x2b, 0x1d, 0x81, 0x68, 0x30, 0xe1, 0xfa, 0x70, 0x6c, 0x13, 0x4e, 0x10, \ + 0x03, 0x35, 0x3e, 0xc5, 0xca, 0x58, 0x20, 0x8a, 0x21, 0x18, 0x38, 0xa0, \ + 0x0f, 0xed, 0xc4, 0xbb, 0x45, 0x6f, 0xf5, 0x84, 0x5b, 0xb0, 0xcf, 0x4e, \ + 0x9d, 0x58, 0x13, 0x6b, 0x35, 0x35, 0x69, 0xa1, 0xd2, 0xc4, 0xf2, 0xc1, \ + 0x48, 0x04, 0x20, 0x51, 0xb9, 0x6b, 0xa4, 0x5d, 0xa5, 0x4b, 0x84, 0x88, \ + 0x43, 0x48, 0x99, 0x2c, 0xbb, 0xa4, 0x97, 0xd6, 0xd6, 0x18, 0xf6, 0xec, \ + 0x5c, 0xd1, 0x31, 0x49, 0xc9, 0xf2, 0x8f, 0x0b, 0x4d, 0xef, 0x09, 0x02, \ + 0xfe, 0x7d, 0xfd, 0xbb, 0xaf, 0x2b, 0x83, 0x94, 0x22, 0xc4, 0xa7, 0x3e, \ + 0x66, 0xf5, 0xe0, 0x57, 0xdc, 0xf2, 0xed, 0x2c, 0x3e, 0x81, 0x74, 0x76, \ + 0x1e, 0x96, 0x6f, 0x74, 0x1e, 0x32, 0x0e, 0x14, 0x31, 0xd0, 0x74, 0xf0, \ + 0xf4, 0x07, 0xbd, 0xc3, 0xd1, 0x22, 0xc2, 0xa8, 0x95, 0x92, 0x06, 0x7f, \ + 0x43, 0x02, 0x91, 0xbc, 0xdd, 0x23, 0x01, 0x89, 0x94, 0x20, 0x44, 0x64, \ + 0xf5, 0x1d, 0x67, 0xd2, 0x8f, 0xe8, 0x69, 0xa5, 0x29, 0x25, 0xe6, 0x50, \ + 0x9c, 0xe3, 0xe9, 0xcb, 0x75, 0x02, 0x81, 0x81, 0x00, 0xe2, 0x29, 0x3e, \ + 0xaa, 0x6b, 0xd5, 0x59, 0x1e, 0x9c, 0xe6, 0x47, 0xd5, 0xb6, 0xd7, 0xe3, \ + 0xf1, 0x8e, 0x9e, 0xe9, 0x83, 0x5f, 0x10, 0x9f, 0x63, 0xec, 0x04, 0x44, \ + 0xcc, 0x3f, 0xf8, 0xd9, 0x3a, 0x17, 0xe0, 0x4f, 0xfe, 0xd8, 0x4d, 0xcd, \ + 0x46, 0x54, 0x74, 0xbf, 0x0a, 0xc4, 0x67, 0x9c, 0xa7, 0xd8, 0x89, 0x65, \ + 0x4c, 0xfd, 0x58, 0x2a, 0x47, 0x0f, 0xf4, 0x37, 0xb6, 0x55, 0xb0, 0x1d, \ + 0xed, 0xa7, 0x39, 0xfc, 0x4f, 0xa3, 0xc4, 0x75, 0x3a, 0xa3, 0x98, 0xa7, \ + 0x45, 0xf5, 0x66, 0xcb, 0x7c, 0x65, 0xfb, 0x80, 0x23, 0xe6, 0xff, 0xfd, \ + 0x99, 0x1f, 0x8e, 0x6b, 0xff, 0x5e, 0x93, 0x66, 0xdf, 0x6c, 0x6f, 0xc3, \ + 0xf6, 0x38, 0x2e, 0xff, 0x69, 0xb5, 0xac, 0xae, 0xbb, 0xc6, 0x71, 0x16, \ + 0x6b, 0xd0, 0xf8, 0x22, 0xd9, 0xf8, 0xa2, 0x72, 0x20, 0xd2, 0xe2, 0x3a, \ + 0x70, 0x4b, 0xde, 0xab, 0x2f, 0x02, 0x81, 0x81, 0x00, 0xda, 0x51, 0x9b, \ + 0xb8, 0xb2, 0x2a, 0x14, 0x75, 0x58, 0x40, 0x8d, 0x27, 0x70, 0xfa, 0x31, \ + 0x48, 0xb0, 0x20, 0x21, 0x34, 0xfa, 0x4c, 0x57, 0xa8, 0x11, 0x88, 0xf3, \ + 0xa7, 0xae, 0x21, 0xe9, 0xb6, 0x2b, 0xd1, 0xcd, 0xa7, 0xf8, 0xd8, 0x0c, \ + 0x8a, 0x76, 0x22, 0x35, 0x44, 0xce, 0x3f, 0x25, 0x29, 0x83, 0x7d, 0x79, \ + 0xa7, 0x31, 0xd6, 0xec, 0xb2, 0xbf, 0xda, 0x34, 0xb6, 0xf6, 0xb2, 0x3b, \ + 0xf3, 0x78, 0x5a, 0x04, 0x83, 0x33, 0x3e, 0xa2, 0xe2, 0x81, 0x82, 0x13, \ + 0xd4, 0x35, 0x17, 0x63, 0x9b, 0x9e, 0xc4, 0x8d, 0x91, 0x4c, 0x03, 0x77, \ + 0xc7, 0x71, 0x5b, 0xee, 0x83, 0x6d, 0xd5, 0x78, 0x88, 0xf6, 0x2c, 0x79, \ + 0xc2, 0x4a, 0xb4, 0x79, 0x90, 0x70, 0xbf, 0xdf, 0x34, 0x56, 0x96, 0x71, \ + 0xe3, 0x0e, 0x68, 0x91, 0xbc, 0xea, 0xcb, 0x33, 0xc0, 0xbe, 0x45, 0xd7, \ + 0xfc, 0x30, 0xfd, 0x01, 0x3b, 0x02, 0x81, 0x81, 0x00, 0xd2, 0x9f, 0x2a, \ + 0xb7, 0x38, 0x19, 0xc7, 0x17, 0x95, 0x73, 0x78, 0xae, 0xf5, 0xcb, 0x75, \ + 0x83, 0x7f, 0x19, 0x4b, 0xcb, 0x86, 0xfb, 0x4a, 0x15, 0x9a, 0xb6, 0x17, \ + 0x04, 0x49, 0x07, 0x8d, 0xf6, 0x66, 0x4a, 0x06, 0xf6, 0x05, 0xa7, 0xdf, \ + 0x66, 0x82, 0x3c, 0xff, 0xb6, 0x1d, 0x57, 0x89, 0x33, 0x5f, 0x9c, 0x05, \ + 0x75, 0x7f, 0xf3, 0x5d, 0xdc, 0x34, 0x65, 0x72, 0x85, 0x22, 0xa4, 0x14, \ + 0x1b, 0x41, 0xc3, 0xe4, 0xd0, 0x9e, 0x69, 0xd5, 0xeb, 0x38, 0x74, 0x70, \ + 0x43, 0xdc, 0xd9, 0x50, 0xe4, 0x97, 0x6d, 0x73, 0xd6, 0xfb, 0xc8, 0xa7, \ + 0xfa, 0xb4, 0xc2, 0xc4, 0x9d, 0x5d, 0x0c, 0xd5, 0x9f, 0x79, 0xb3, 0x54, \ + 0xc2, 0xb7, 0x6c, 0x3d, 0x7d, 0xcb, 0x2d, 0xf8, 0xc4, 0xf3, 0x78, 0x5a, \ + 0x33, 0x2a, 0xb8, 0x0c, 0x6d, 0x06, 0xfa, 0xf2, 0x62, 0xd3, 0x42, 0xd0, \ + 0xbd, 0xc8, 0x4a, 0xa5, 0x0d, 0x02, 0x81, 0x81, 0x00, 0xd4, 0xa9, 0x90, \ + 0x15, 0xde, 0xbf, 0x2c, 0xc4, 0x8d, 0x9d, 0xfb, 0xa1, 0xc2, 0xe4, 0x83, \ + 0xe3, 0x79, 0x65, 0x22, 0xd3, 0xb7, 0x49, 0x6c, 0x4d, 0x94, 0x1f, 0x22, \ + 0xb1, 0x60, 0xe7, 0x3a, 0x00, 0xb1, 0x38, 0xa2, 0xab, 0x0f, 0xb4, 0x6c, \ + 0xaa, 0xe7, 0x9e, 0x34, 0xe3, 0x7c, 0x40, 0x78, 0x53, 0xb2, 0xf9, 0x23, \ + 0xea, 0xa0, 0x9a, 0xea, 0x60, 0xc8, 0x8f, 0xa6, 0xaf, 0xdf, 0x29, 0x09, \ + 0x4b, 0x06, 0x1e, 0x31, 0xad, 0x17, 0xda, 0xd8, 0xd1, 0xe9, 0x33, 0xab, \ + 0x5b, 0x18, 0x08, 0x5b, 0x87, 0xf8, 0xa5, 0x1f, 0xfd, 0xbb, 0xdc, 0xd8, \ + 0xed, 0x97, 0x57, 0xe4, 0xc3, 0x73, 0xd6, 0xf0, 0x9e, 0x01, 0xa6, 0x9b, \ + 0x48, 0x8e, 0x7a, 0xb4, 0xbb, 0xe5, 0x88, 0x91, 0xc5, 0x2a, 0xdf, 0x4b, \ + 0xba, 0xd0, 0x8b, 0x3e, 0x03, 0x97, 0x77, 0x2f, 0x47, 0x7e, 0x51, 0x0c, \ + 0xae, 0x65, 0x8d, 0xde, 0x87, 0x02, 0x81, 0x80, 0x20, 0x24, 0x0f, 0xd2, \ + 0xaf, 0xc2, 0x28, 0x3b, 0x97, 0x20, 0xb2, 0x92, 0x49, 0xeb, 0x09, 0x68, \ + 0x40, 0xb2, 0xbe, 0xd1, 0xc3, 0x83, 0x94, 0x34, 0x38, 0xd6, 0xc9, 0xec, \ + 0x34, 0x09, 0xf9, 0x41, 0x6d, 0x5c, 0x42, 0x94, 0xf7, 0x04, 0xfc, 0x32, \ + 0x39, 0x69, 0xbc, 0x1c, 0xfb, 0x3e, 0x61, 0x98, 0xc0, 0x80, 0xd8, 0x36, \ + 0x47, 0xc3, 0x6d, 0xc2, 0x2e, 0xe7, 0x81, 0x2a, 0x17, 0x34, 0x64, 0x30, \ + 0x4e, 0x96, 0xbb, 0x26, 0x16, 0xb9, 0x41, 0x36, 0xfe, 0x8a, 0xd6, 0x53, \ + 0x7c, 0xaa, 0xec, 0x39, 0x42, 0x50, 0xef, 0xe3, 0xb3, 0x01, 0x28, 0x32, \ + 0xca, 0x6d, 0xf5, 0x9a, 0x1e, 0x9f, 0x37, 0xbe, 0xfe, 0x38, 0x20, 0x22, \ + 0x91, 0x8c, 0xcd, 0x95, 0x02, 0xf2, 0x4d, 0x6f, 0x1a, 0xb4, 0x43, 0xf0, \ + 0x19, 0xdf, 0x65, 0xc0, 0x92, 0xe7, 0x9d, 0x2f, 0x09, 0xe7, 0xec, 0x69, \ + 0xa8, 0xc2, 0x8f, 0x0d \ } /* END FILE */ @@ -521,52 +521,52 @@ /* This is generated from tests/data_files/server5.crt.der using `xxd -i`. */ /* BEGIN FILE binary macro TEST_SRV_CRT_EC_DER tests/data_files/server5.crt.der */ #define TEST_SRV_CRT_EC_DER { \ - 0x30, 0x82, 0x02, 0x1f, 0x30, 0x82, 0x01, 0xa5, 0xa0, 0x03, 0x02, 0x01, \ - 0x02, 0x02, 0x01, 0x09, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, \ - 0x3d, 0x04, 0x03, 0x02, 0x30, 0x3e, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, \ - 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, \ - 0x03, 0x55, 0x04, 0x0a, 0x13, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, \ - 0x53, 0x4c, 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, \ - 0x13, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x73, 0x73, 0x6c, 0x20, 0x54, 0x65, \ - 0x73, 0x74, 0x20, 0x45, 0x43, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, \ - 0x31, 0x33, 0x30, 0x39, 0x32, 0x34, 0x31, 0x35, 0x35, 0x32, 0x30, 0x34, \ - 0x5a, 0x17, 0x0d, 0x32, 0x33, 0x30, 0x39, 0x32, 0x32, 0x31, 0x35, 0x35, \ - 0x32, 0x30, 0x34, 0x5a, 0x30, 0x34, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, \ - 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, \ - 0x03, 0x55, 0x04, 0x0a, 0x13, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, \ - 0x53, 0x4c, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, \ - 0x09, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x68, 0x6f, 0x73, 0x74, 0x30, 0x59, \ - 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, \ - 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03, 0x42, 0x00, \ - 0x04, 0x37, 0xcc, 0x56, 0xd9, 0x76, 0x09, 0x1e, 0x5a, 0x72, 0x3e, 0xc7, \ - 0x59, 0x2d, 0xff, 0x20, 0x6e, 0xee, 0x7c, 0xf9, 0x06, 0x91, 0x74, 0xd0, \ - 0xad, 0x14, 0xb5, 0xf7, 0x68, 0x22, 0x59, 0x62, 0x92, 0x4e, 0xe5, 0x00, \ - 0xd8, 0x23, 0x11, 0xff, 0xea, 0x2f, 0xd2, 0x34, 0x5d, 0x5d, 0x16, 0xbd, \ - 0x8a, 0x88, 0xc2, 0x6b, 0x77, 0x0d, 0x55, 0xcd, 0x8a, 0x2a, 0x0e, 0xfa, \ - 0x01, 0xc8, 0xb4, 0xed, 0xff, 0xa3, 0x81, 0x9d, 0x30, 0x81, 0x9a, 0x30, \ - 0x09, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x02, 0x30, 0x00, 0x30, 0x1d, \ - 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x50, 0x61, 0xa5, \ - 0x8f, 0xd4, 0x07, 0xd9, 0xd7, 0x82, 0x01, 0x0c, 0xe5, 0x65, 0x7f, 0x8c, \ - 0x63, 0x46, 0xa7, 0x13, 0xbe, 0x30, 0x6e, 0x06, 0x03, 0x55, 0x1d, 0x23, \ - 0x04, 0x67, 0x30, 0x65, 0x80, 0x14, 0x9d, 0x6d, 0x20, 0x24, 0x49, 0x01, \ - 0x3f, 0x2b, 0xcb, 0x78, 0xb5, 0x19, 0xbc, 0x7e, 0x24, 0xc9, 0xdb, 0xfb, \ - 0x36, 0x7c, 0xa1, 0x42, 0xa4, 0x40, 0x30, 0x3e, 0x31, 0x0b, 0x30, 0x09, \ - 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, \ - 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x08, 0x50, 0x6f, 0x6c, 0x61, \ - 0x72, 0x53, 0x53, 0x4c, 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, \ - 0x03, 0x13, 0x13, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x73, 0x73, 0x6c, 0x20, \ - 0x54, 0x65, 0x73, 0x74, 0x20, 0x45, 0x43, 0x20, 0x43, 0x41, 0x82, 0x09, \ - 0x00, 0xc1, 0x43, 0xe2, 0x7e, 0x62, 0x43, 0xcc, 0xe8, 0x30, 0x0a, 0x06, \ - 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x03, 0x68, 0x00, \ - 0x30, 0x65, 0x02, 0x31, 0x00, 0x9a, 0x2c, 0x5c, 0xd7, 0xa6, 0xdb, 0xa2, \ - 0xe5, 0x64, 0x0d, 0xf0, 0xb9, 0x4e, 0xdd, 0xd7, 0x61, 0xd6, 0x13, 0x31, \ - 0xc7, 0xab, 0x73, 0x80, 0xbb, 0xd3, 0xd3, 0x73, 0x13, 0x54, 0xad, 0x92, \ - 0x0b, 0x5d, 0xab, 0xd0, 0xbc, 0xf7, 0xae, 0x2f, 0xe6, 0xa1, 0x21, 0x29, \ - 0x35, 0x95, 0xaa, 0x3e, 0x39, 0x02, 0x30, 0x21, 0x36, 0x7f, 0x9d, 0xc6, \ - 0x5d, 0xc6, 0x0b, 0xab, 0x27, 0xf2, 0x25, 0x1d, 0x3b, 0xf1, 0xcf, 0xf1, \ - 0x35, 0x25, 0x14, 0xe7, 0xe5, 0xf1, 0x97, 0xb5, 0x59, 0xe3, 0x5e, 0x15, \ - 0x7c, 0x66, 0xb9, 0x90, 0x7b, 0xc7, 0x01, 0x10, 0x4f, 0x73, 0xc6, 0x00, \ - 0x21, 0x52, 0x2a, 0x0e, 0xf1, 0xc7, 0xd5 \ + 0x30, 0x82, 0x02, 0x1f, 0x30, 0x82, 0x01, 0xa5, 0xa0, 0x03, 0x02, 0x01, \ + 0x02, 0x02, 0x01, 0x09, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, \ + 0x3d, 0x04, 0x03, 0x02, 0x30, 0x3e, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, \ + 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, \ + 0x03, 0x55, 0x04, 0x0a, 0x13, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, \ + 0x53, 0x4c, 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, \ + 0x13, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x73, 0x73, 0x6c, 0x20, 0x54, 0x65, \ + 0x73, 0x74, 0x20, 0x45, 0x43, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, \ + 0x31, 0x33, 0x30, 0x39, 0x32, 0x34, 0x31, 0x35, 0x35, 0x32, 0x30, 0x34, \ + 0x5a, 0x17, 0x0d, 0x32, 0x33, 0x30, 0x39, 0x32, 0x32, 0x31, 0x35, 0x35, \ + 0x32, 0x30, 0x34, 0x5a, 0x30, 0x34, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, \ + 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, \ + 0x03, 0x55, 0x04, 0x0a, 0x13, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, \ + 0x53, 0x4c, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, \ + 0x09, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x68, 0x6f, 0x73, 0x74, 0x30, 0x59, \ + 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, \ + 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03, 0x42, 0x00, \ + 0x04, 0x37, 0xcc, 0x56, 0xd9, 0x76, 0x09, 0x1e, 0x5a, 0x72, 0x3e, 0xc7, \ + 0x59, 0x2d, 0xff, 0x20, 0x6e, 0xee, 0x7c, 0xf9, 0x06, 0x91, 0x74, 0xd0, \ + 0xad, 0x14, 0xb5, 0xf7, 0x68, 0x22, 0x59, 0x62, 0x92, 0x4e, 0xe5, 0x00, \ + 0xd8, 0x23, 0x11, 0xff, 0xea, 0x2f, 0xd2, 0x34, 0x5d, 0x5d, 0x16, 0xbd, \ + 0x8a, 0x88, 0xc2, 0x6b, 0x77, 0x0d, 0x55, 0xcd, 0x8a, 0x2a, 0x0e, 0xfa, \ + 0x01, 0xc8, 0xb4, 0xed, 0xff, 0xa3, 0x81, 0x9d, 0x30, 0x81, 0x9a, 0x30, \ + 0x09, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x02, 0x30, 0x00, 0x30, 0x1d, \ + 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x50, 0x61, 0xa5, \ + 0x8f, 0xd4, 0x07, 0xd9, 0xd7, 0x82, 0x01, 0x0c, 0xe5, 0x65, 0x7f, 0x8c, \ + 0x63, 0x46, 0xa7, 0x13, 0xbe, 0x30, 0x6e, 0x06, 0x03, 0x55, 0x1d, 0x23, \ + 0x04, 0x67, 0x30, 0x65, 0x80, 0x14, 0x9d, 0x6d, 0x20, 0x24, 0x49, 0x01, \ + 0x3f, 0x2b, 0xcb, 0x78, 0xb5, 0x19, 0xbc, 0x7e, 0x24, 0xc9, 0xdb, 0xfb, \ + 0x36, 0x7c, 0xa1, 0x42, 0xa4, 0x40, 0x30, 0x3e, 0x31, 0x0b, 0x30, 0x09, \ + 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, \ + 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x08, 0x50, 0x6f, 0x6c, 0x61, \ + 0x72, 0x53, 0x53, 0x4c, 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, \ + 0x03, 0x13, 0x13, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x73, 0x73, 0x6c, 0x20, \ + 0x54, 0x65, 0x73, 0x74, 0x20, 0x45, 0x43, 0x20, 0x43, 0x41, 0x82, 0x09, \ + 0x00, 0xc1, 0x43, 0xe2, 0x7e, 0x62, 0x43, 0xcc, 0xe8, 0x30, 0x0a, 0x06, \ + 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x03, 0x68, 0x00, \ + 0x30, 0x65, 0x02, 0x31, 0x00, 0x9a, 0x2c, 0x5c, 0xd7, 0xa6, 0xdb, 0xa2, \ + 0xe5, 0x64, 0x0d, 0xf0, 0xb9, 0x4e, 0xdd, 0xd7, 0x61, 0xd6, 0x13, 0x31, \ + 0xc7, 0xab, 0x73, 0x80, 0xbb, 0xd3, 0xd3, 0x73, 0x13, 0x54, 0xad, 0x92, \ + 0x0b, 0x5d, 0xab, 0xd0, 0xbc, 0xf7, 0xae, 0x2f, 0xe6, 0xa1, 0x21, 0x29, \ + 0x35, 0x95, 0xaa, 0x3e, 0x39, 0x02, 0x30, 0x21, 0x36, 0x7f, 0x9d, 0xc6, \ + 0x5d, 0xc6, 0x0b, 0xab, 0x27, 0xf2, 0x25, 0x1d, 0x3b, 0xf1, 0xcf, 0xf1, \ + 0x35, 0x25, 0x14, 0xe7, 0xe5, 0xf1, 0x97, 0xb5, 0x59, 0xe3, 0x5e, 0x15, \ + 0x7c, 0x66, 0xb9, 0x90, 0x7b, 0xc7, 0x01, 0x10, 0x4f, 0x73, 0xc6, 0x00, \ + 0x21, 0x52, 0x2a, 0x0e, 0xf1, 0xc7, 0xd5 \ } /* END FILE */ @@ -583,17 +583,17 @@ /* This is generated from tests/data_files/server5.key.der using `xxd -i`. */ /* BEGIN FILE binary macro TEST_SRV_KEY_EC_DER tests/data_files/server5.key.der */ #define TEST_SRV_KEY_EC_DER { \ - 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0xf1, 0x2a, 0x13, 0x20, 0x76, \ - 0x02, 0x70, 0xa8, 0x3c, 0xbf, 0xfd, 0x53, 0xf6, 0x03, 0x1e, 0xf7, 0x6a, \ - 0x5d, 0x86, 0xc8, 0xa2, 0x04, 0xf2, 0xc3, 0x0c, 0xa9, 0xeb, 0xf5, 0x1f, \ - 0x0f, 0x0e, 0xa7, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, \ - 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0x37, 0xcc, 0x56, \ - 0xd9, 0x76, 0x09, 0x1e, 0x5a, 0x72, 0x3e, 0xc7, 0x59, 0x2d, 0xff, 0x20, \ - 0x6e, 0xee, 0x7c, 0xf9, 0x06, 0x91, 0x74, 0xd0, 0xad, 0x14, 0xb5, 0xf7, \ - 0x68, 0x22, 0x59, 0x62, 0x92, 0x4e, 0xe5, 0x00, 0xd8, 0x23, 0x11, 0xff, \ - 0xea, 0x2f, 0xd2, 0x34, 0x5d, 0x5d, 0x16, 0xbd, 0x8a, 0x88, 0xc2, 0x6b, \ - 0x77, 0x0d, 0x55, 0xcd, 0x8a, 0x2a, 0x0e, 0xfa, 0x01, 0xc8, 0xb4, 0xed, \ - 0xff \ + 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0xf1, 0x2a, 0x13, 0x20, 0x76, \ + 0x02, 0x70, 0xa8, 0x3c, 0xbf, 0xfd, 0x53, 0xf6, 0x03, 0x1e, 0xf7, 0x6a, \ + 0x5d, 0x86, 0xc8, 0xa2, 0x04, 0xf2, 0xc3, 0x0c, 0xa9, 0xeb, 0xf5, 0x1f, \ + 0x0f, 0x0e, 0xa7, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, \ + 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0x37, 0xcc, 0x56, \ + 0xd9, 0x76, 0x09, 0x1e, 0x5a, 0x72, 0x3e, 0xc7, 0x59, 0x2d, 0xff, 0x20, \ + 0x6e, 0xee, 0x7c, 0xf9, 0x06, 0x91, 0x74, 0xd0, 0xad, 0x14, 0xb5, 0xf7, \ + 0x68, 0x22, 0x59, 0x62, 0x92, 0x4e, 0xe5, 0x00, 0xd8, 0x23, 0x11, 0xff, \ + 0xea, 0x2f, 0xd2, 0x34, 0x5d, 0x5d, 0x16, 0xbd, 0x8a, 0x88, 0xc2, 0x6b, \ + 0x77, 0x0d, 0x55, 0xcd, 0x8a, 0x2a, 0x0e, 0xfa, 0x01, 0xc8, 0xb4, 0xed, \ + 0xff \ } /* END FILE */ @@ -625,175 +625,175 @@ /* This is taken from tests/data_files/server2-sha256.crt.der. */ /* BEGIN FILE binary macro TEST_SRV_CRT_RSA_SHA256_DER tests/data_files/server2-sha256.crt.der */ #define TEST_SRV_CRT_RSA_SHA256_DER { \ - 0x30, 0x82, 0x03, 0x37, 0x30, 0x82, 0x02, 0x1f, 0xa0, 0x03, 0x02, 0x01, \ - 0x02, 0x02, 0x01, 0x02, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, \ - 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x3b, 0x31, 0x0b, 0x30, \ - 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, \ - 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, \ - 0x61, 0x72, 0x53, 0x53, 0x4c, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, \ - 0x04, 0x03, 0x0c, 0x10, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, \ - 0x20, 0x54, 0x65, 0x73, 0x74, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, \ - 0x31, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, 0x34, 0x30, 0x36, \ - 0x5a, 0x17, 0x0d, 0x32, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, \ - 0x34, 0x30, 0x36, 0x5a, 0x30, 0x34, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, \ - 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, \ - 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, \ - 0x53, 0x4c, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, \ - 0x09, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x68, 0x6f, 0x73, 0x74, 0x30, 0x82, \ - 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, \ - 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, \ - 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xc1, 0x4d, 0xa3, 0xdd, 0xe7, \ - 0xcd, 0x1d, 0xd1, 0x04, 0xd7, 0x49, 0x72, 0xb8, 0x99, 0xac, 0x0e, 0x78, \ - 0xe4, 0x3a, 0x3c, 0x4a, 0xcf, 0x3a, 0x13, 0x16, 0xd0, 0x5a, 0xe4, 0xcd, \ - 0xa3, 0x00, 0x88, 0xa7, 0xee, 0x1e, 0x6b, 0x96, 0xa7, 0x52, 0xb4, 0x90, \ - 0xef, 0x2d, 0x72, 0x7a, 0x3e, 0x24, 0x9a, 0xfc, 0xb6, 0x34, 0xac, 0x24, \ - 0xf5, 0x77, 0xe0, 0x26, 0x64, 0x8c, 0x9c, 0xb0, 0x28, 0x7d, 0xa1, 0xda, \ - 0xea, 0x8c, 0xe6, 0xc9, 0x1c, 0x96, 0xbc, 0xfe, 0xc1, 0x04, 0x52, 0xb3, \ - 0x36, 0xd4, 0xa3, 0xfa, 0xe1, 0xb1, 0x76, 0xd8, 0x90, 0xc1, 0x61, 0xb4, \ - 0x66, 0x52, 0x36, 0xa2, 0x26, 0x53, 0xaa, 0xab, 0x74, 0x5e, 0x07, 0x7d, \ - 0x19, 0x82, 0xdb, 0x2a, 0xd8, 0x1f, 0xa0, 0xd9, 0x0d, 0x1c, 0x2d, 0x49, \ - 0x66, 0xf7, 0x5b, 0x25, 0x73, 0x46, 0xe8, 0x0b, 0x8a, 0x4f, 0x69, 0x0c, \ - 0xb5, 0x00, 0x90, 0xe1, 0xda, 0x82, 0x10, 0x66, 0x7d, 0xae, 0x54, 0x2b, \ - 0x8b, 0x65, 0x79, 0x91, 0xa1, 0xe2, 0x61, 0xc3, 0xcd, 0x40, 0x49, 0x08, \ - 0xee, 0x68, 0x0c, 0xf1, 0x8b, 0x86, 0xd2, 0x46, 0xbf, 0xd0, 0xb8, 0xaa, \ - 0x11, 0x03, 0x1e, 0x7f, 0x56, 0xa8, 0x1a, 0x1e, 0x44, 0x18, 0x0f, 0x0f, \ - 0x85, 0x8b, 0xda, 0x8b, 0x44, 0x5e, 0xe2, 0x18, 0xc6, 0x62, 0x2f, 0xc7, \ - 0x66, 0x8d, 0xfa, 0x5d, 0xd8, 0x7d, 0xf3, 0x27, 0x89, 0x29, 0x01, 0xc5, \ - 0x90, 0x0e, 0x3f, 0x27, 0xf1, 0x30, 0xc8, 0x4a, 0x0e, 0xef, 0xd6, 0xde, \ - 0xc7, 0xc7, 0x27, 0x6b, 0xc7, 0x05, 0x3d, 0x7a, 0xc4, 0x02, 0x3c, 0x9a, \ - 0x1d, 0x3e, 0x0f, 0xe8, 0x34, 0x98, 0x5b, 0xcb, 0x73, 0x4b, 0x52, 0x96, \ - 0xd8, 0x11, 0xa2, 0x2c, 0x80, 0x88, 0x69, 0x39, 0x5a, 0xd3, 0x0f, 0xb0, \ - 0xde, 0x59, 0x2f, 0x11, 0xc7, 0xf7, 0xea, 0x12, 0x01, 0x30, 0x97, 0x02, \ - 0x03, 0x01, 0x00, 0x01, 0xa3, 0x4d, 0x30, 0x4b, 0x30, 0x09, 0x06, 0x03, \ - 0x55, 0x1d, 0x13, 0x04, 0x02, 0x30, 0x00, 0x30, 0x1d, 0x06, 0x03, 0x55, \ - 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0xa5, 0x05, 0xe8, 0x64, 0xb8, 0xdc, \ - 0xdf, 0x60, 0x0f, 0x50, 0x12, 0x4d, 0x60, 0xa8, 0x64, 0xaf, 0x4d, 0x8b, \ - 0x43, 0x93, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, \ - 0x16, 0x80, 0x14, 0xb4, 0x5a, 0xe4, 0xa5, 0xb3, 0xde, 0xd2, 0x52, 0xf6, \ - 0xb9, 0xd5, 0xa6, 0x95, 0x0f, 0xeb, 0x3e, 0xbc, 0xc7, 0xfd, 0xff, 0x30, \ - 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, \ - 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x2e, 0x3a, 0xe4, 0x52, 0x61, \ - 0x3e, 0xa7, 0xa5, 0xef, 0x32, 0x67, 0x80, 0x72, 0x07, 0x26, 0xba, 0xa3, \ - 0xff, 0x05, 0x40, 0xc4, 0x60, 0x05, 0x39, 0x31, 0x77, 0xf7, 0xa5, 0xca, \ - 0x01, 0x31, 0x80, 0xa7, 0xe1, 0xd1, 0x0a, 0xa2, 0x7c, 0xd5, 0x1c, 0xba, \ - 0xd0, 0x23, 0x4a, 0xd6, 0x30, 0xf3, 0x93, 0xc7, 0x6f, 0xe8, 0xce, 0x94, \ - 0x1e, 0x84, 0xbb, 0x44, 0x81, 0x62, 0x33, 0xff, 0x6b, 0x5d, 0x00, 0x9b, \ - 0x25, 0xf8, 0x8f, 0x0f, 0x9c, 0x4c, 0x4d, 0xe8, 0xd9, 0xa7, 0x99, 0xf9, \ - 0x51, 0x81, 0xc0, 0x9b, 0x1b, 0x31, 0x0d, 0xa6, 0xb3, 0x7c, 0x0e, 0x45, \ - 0xb8, 0x18, 0x64, 0x7e, 0x89, 0x0a, 0x2b, 0xa8, 0xc3, 0xe0, 0x4a, 0xbd, \ - 0xd4, 0x2f, 0x78, 0xc4, 0x62, 0x9b, 0xe9, 0x7e, 0x3f, 0x56, 0x46, 0x8f, \ - 0x17, 0xb7, 0x2a, 0xa0, 0x10, 0x70, 0xfd, 0xb1, 0xf1, 0x6b, 0x05, 0xdc, \ - 0xd1, 0x41, 0x0f, 0x8e, 0xa6, 0xb2, 0x88, 0x1a, 0x42, 0x61, 0x4f, 0xeb, \ - 0x26, 0x85, 0x59, 0x80, 0xba, 0x85, 0x54, 0xfe, 0xcf, 0xc7, 0x7b, 0x2f, \ - 0x6b, 0x59, 0xce, 0xac, 0xdc, 0x7c, 0xac, 0xf3, 0xc8, 0xd6, 0x12, 0x7e, \ - 0x64, 0xe8, 0x3c, 0x99, 0xa8, 0x8f, 0x4f, 0x11, 0xd9, 0x9c, 0x15, 0x4b, \ - 0x6a, 0x44, 0x92, 0x2d, 0x0c, 0xbf, 0xb1, 0x67, 0x96, 0xc9, 0xac, 0xce, \ - 0xd5, 0x19, 0xeb, 0x6f, 0x18, 0xeb, 0x6e, 0x04, 0x2d, 0x60, 0xac, 0xf4, \ - 0x7b, 0x79, 0xf0, 0x1a, 0x9b, 0xb5, 0xc3, 0x5d, 0xef, 0x7d, 0xc9, 0x05, \ - 0x99, 0x44, 0x81, 0x84, 0x75, 0xc7, 0xec, 0x00, 0x12, 0xfc, 0x7a, 0x4a, \ - 0x0b, 0x82, 0x07, 0xec, 0x6d, 0x86, 0x02, 0x4d, 0xfe, 0x9f, 0xc8, 0x92, \ - 0x48, 0xde, 0xf5, 0xb1, 0x9c, 0xe9, 0xc6, 0x89, 0xd0, 0xc1, 0x56, 0xe8, \ - 0xa4, 0xc6, 0x6a, 0x2e, 0x66, 0xc1, 0x9b, 0xfe, 0xd6, 0x3c, 0xb7 \ + 0x30, 0x82, 0x03, 0x37, 0x30, 0x82, 0x02, 0x1f, 0xa0, 0x03, 0x02, 0x01, \ + 0x02, 0x02, 0x01, 0x02, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, \ + 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x3b, 0x31, 0x0b, 0x30, \ + 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, \ + 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, \ + 0x61, 0x72, 0x53, 0x53, 0x4c, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, \ + 0x04, 0x03, 0x0c, 0x10, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, \ + 0x20, 0x54, 0x65, 0x73, 0x74, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, \ + 0x31, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, 0x34, 0x30, 0x36, \ + 0x5a, 0x17, 0x0d, 0x32, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, \ + 0x34, 0x30, 0x36, 0x5a, 0x30, 0x34, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, \ + 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, \ + 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, \ + 0x53, 0x4c, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, \ + 0x09, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x68, 0x6f, 0x73, 0x74, 0x30, 0x82, \ + 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, \ + 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, \ + 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xc1, 0x4d, 0xa3, 0xdd, 0xe7, \ + 0xcd, 0x1d, 0xd1, 0x04, 0xd7, 0x49, 0x72, 0xb8, 0x99, 0xac, 0x0e, 0x78, \ + 0xe4, 0x3a, 0x3c, 0x4a, 0xcf, 0x3a, 0x13, 0x16, 0xd0, 0x5a, 0xe4, 0xcd, \ + 0xa3, 0x00, 0x88, 0xa7, 0xee, 0x1e, 0x6b, 0x96, 0xa7, 0x52, 0xb4, 0x90, \ + 0xef, 0x2d, 0x72, 0x7a, 0x3e, 0x24, 0x9a, 0xfc, 0xb6, 0x34, 0xac, 0x24, \ + 0xf5, 0x77, 0xe0, 0x26, 0x64, 0x8c, 0x9c, 0xb0, 0x28, 0x7d, 0xa1, 0xda, \ + 0xea, 0x8c, 0xe6, 0xc9, 0x1c, 0x96, 0xbc, 0xfe, 0xc1, 0x04, 0x52, 0xb3, \ + 0x36, 0xd4, 0xa3, 0xfa, 0xe1, 0xb1, 0x76, 0xd8, 0x90, 0xc1, 0x61, 0xb4, \ + 0x66, 0x52, 0x36, 0xa2, 0x26, 0x53, 0xaa, 0xab, 0x74, 0x5e, 0x07, 0x7d, \ + 0x19, 0x82, 0xdb, 0x2a, 0xd8, 0x1f, 0xa0, 0xd9, 0x0d, 0x1c, 0x2d, 0x49, \ + 0x66, 0xf7, 0x5b, 0x25, 0x73, 0x46, 0xe8, 0x0b, 0x8a, 0x4f, 0x69, 0x0c, \ + 0xb5, 0x00, 0x90, 0xe1, 0xda, 0x82, 0x10, 0x66, 0x7d, 0xae, 0x54, 0x2b, \ + 0x8b, 0x65, 0x79, 0x91, 0xa1, 0xe2, 0x61, 0xc3, 0xcd, 0x40, 0x49, 0x08, \ + 0xee, 0x68, 0x0c, 0xf1, 0x8b, 0x86, 0xd2, 0x46, 0xbf, 0xd0, 0xb8, 0xaa, \ + 0x11, 0x03, 0x1e, 0x7f, 0x56, 0xa8, 0x1a, 0x1e, 0x44, 0x18, 0x0f, 0x0f, \ + 0x85, 0x8b, 0xda, 0x8b, 0x44, 0x5e, 0xe2, 0x18, 0xc6, 0x62, 0x2f, 0xc7, \ + 0x66, 0x8d, 0xfa, 0x5d, 0xd8, 0x7d, 0xf3, 0x27, 0x89, 0x29, 0x01, 0xc5, \ + 0x90, 0x0e, 0x3f, 0x27, 0xf1, 0x30, 0xc8, 0x4a, 0x0e, 0xef, 0xd6, 0xde, \ + 0xc7, 0xc7, 0x27, 0x6b, 0xc7, 0x05, 0x3d, 0x7a, 0xc4, 0x02, 0x3c, 0x9a, \ + 0x1d, 0x3e, 0x0f, 0xe8, 0x34, 0x98, 0x5b, 0xcb, 0x73, 0x4b, 0x52, 0x96, \ + 0xd8, 0x11, 0xa2, 0x2c, 0x80, 0x88, 0x69, 0x39, 0x5a, 0xd3, 0x0f, 0xb0, \ + 0xde, 0x59, 0x2f, 0x11, 0xc7, 0xf7, 0xea, 0x12, 0x01, 0x30, 0x97, 0x02, \ + 0x03, 0x01, 0x00, 0x01, 0xa3, 0x4d, 0x30, 0x4b, 0x30, 0x09, 0x06, 0x03, \ + 0x55, 0x1d, 0x13, 0x04, 0x02, 0x30, 0x00, 0x30, 0x1d, 0x06, 0x03, 0x55, \ + 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0xa5, 0x05, 0xe8, 0x64, 0xb8, 0xdc, \ + 0xdf, 0x60, 0x0f, 0x50, 0x12, 0x4d, 0x60, 0xa8, 0x64, 0xaf, 0x4d, 0x8b, \ + 0x43, 0x93, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, \ + 0x16, 0x80, 0x14, 0xb4, 0x5a, 0xe4, 0xa5, 0xb3, 0xde, 0xd2, 0x52, 0xf6, \ + 0xb9, 0xd5, 0xa6, 0x95, 0x0f, 0xeb, 0x3e, 0xbc, 0xc7, 0xfd, 0xff, 0x30, \ + 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, \ + 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x2e, 0x3a, 0xe4, 0x52, 0x61, \ + 0x3e, 0xa7, 0xa5, 0xef, 0x32, 0x67, 0x80, 0x72, 0x07, 0x26, 0xba, 0xa3, \ + 0xff, 0x05, 0x40, 0xc4, 0x60, 0x05, 0x39, 0x31, 0x77, 0xf7, 0xa5, 0xca, \ + 0x01, 0x31, 0x80, 0xa7, 0xe1, 0xd1, 0x0a, 0xa2, 0x7c, 0xd5, 0x1c, 0xba, \ + 0xd0, 0x23, 0x4a, 0xd6, 0x30, 0xf3, 0x93, 0xc7, 0x6f, 0xe8, 0xce, 0x94, \ + 0x1e, 0x84, 0xbb, 0x44, 0x81, 0x62, 0x33, 0xff, 0x6b, 0x5d, 0x00, 0x9b, \ + 0x25, 0xf8, 0x8f, 0x0f, 0x9c, 0x4c, 0x4d, 0xe8, 0xd9, 0xa7, 0x99, 0xf9, \ + 0x51, 0x81, 0xc0, 0x9b, 0x1b, 0x31, 0x0d, 0xa6, 0xb3, 0x7c, 0x0e, 0x45, \ + 0xb8, 0x18, 0x64, 0x7e, 0x89, 0x0a, 0x2b, 0xa8, 0xc3, 0xe0, 0x4a, 0xbd, \ + 0xd4, 0x2f, 0x78, 0xc4, 0x62, 0x9b, 0xe9, 0x7e, 0x3f, 0x56, 0x46, 0x8f, \ + 0x17, 0xb7, 0x2a, 0xa0, 0x10, 0x70, 0xfd, 0xb1, 0xf1, 0x6b, 0x05, 0xdc, \ + 0xd1, 0x41, 0x0f, 0x8e, 0xa6, 0xb2, 0x88, 0x1a, 0x42, 0x61, 0x4f, 0xeb, \ + 0x26, 0x85, 0x59, 0x80, 0xba, 0x85, 0x54, 0xfe, 0xcf, 0xc7, 0x7b, 0x2f, \ + 0x6b, 0x59, 0xce, 0xac, 0xdc, 0x7c, 0xac, 0xf3, 0xc8, 0xd6, 0x12, 0x7e, \ + 0x64, 0xe8, 0x3c, 0x99, 0xa8, 0x8f, 0x4f, 0x11, 0xd9, 0x9c, 0x15, 0x4b, \ + 0x6a, 0x44, 0x92, 0x2d, 0x0c, 0xbf, 0xb1, 0x67, 0x96, 0xc9, 0xac, 0xce, \ + 0xd5, 0x19, 0xeb, 0x6f, 0x18, 0xeb, 0x6e, 0x04, 0x2d, 0x60, 0xac, 0xf4, \ + 0x7b, 0x79, 0xf0, 0x1a, 0x9b, 0xb5, 0xc3, 0x5d, 0xef, 0x7d, 0xc9, 0x05, \ + 0x99, 0x44, 0x81, 0x84, 0x75, 0xc7, 0xec, 0x00, 0x12, 0xfc, 0x7a, 0x4a, \ + 0x0b, 0x82, 0x07, 0xec, 0x6d, 0x86, 0x02, 0x4d, 0xfe, 0x9f, 0xc8, 0x92, \ + 0x48, 0xde, 0xf5, 0xb1, 0x9c, 0xe9, 0xc6, 0x89, 0xd0, 0xc1, 0x56, 0xe8, \ + 0xa4, 0xc6, 0x6a, 0x2e, 0x66, 0xc1, 0x9b, 0xfe, 0xd6, 0x3c, 0xb7 \ } /* END FILE */ /* This is taken from tests/data_files/server2.crt. */ /* BEGIN FILE string macro TEST_SRV_CRT_RSA_SHA1_PEM tests/data_files/server2.crt */ #define TEST_SRV_CRT_RSA_SHA1_PEM \ -"-----BEGIN CERTIFICATE-----\r\n" \ -"MIIDNzCCAh+gAwIBAgIBAjANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER\r\n" \ -"MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN\r\n" \ -"MTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA0MQswCQYDVQQGEwJOTDERMA8G\r\n" \ -"A1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcN\r\n" \ -"AQEBBQADggEPADCCAQoCggEBAMFNo93nzR3RBNdJcriZrA545Do8Ss86ExbQWuTN\r\n" \ -"owCIp+4ea5anUrSQ7y1yej4kmvy2NKwk9XfgJmSMnLAofaHa6ozmyRyWvP7BBFKz\r\n" \ -"NtSj+uGxdtiQwWG0ZlI2oiZTqqt0Xgd9GYLbKtgfoNkNHC1JZvdbJXNG6AuKT2kM\r\n" \ -"tQCQ4dqCEGZ9rlQri2V5kaHiYcPNQEkI7mgM8YuG0ka/0LiqEQMef1aoGh5EGA8P\r\n" \ -"hYvai0Re4hjGYi/HZo36Xdh98yeJKQHFkA4/J/EwyEoO79bex8cna8cFPXrEAjya\r\n" \ -"HT4P6DSYW8tzS1KW2BGiLICIaTla0w+w3lkvEcf36hIBMJcCAwEAAaNNMEswCQYD\r\n" \ -"VR0TBAIwADAdBgNVHQ4EFgQUpQXoZLjc32APUBJNYKhkr02LQ5MwHwYDVR0jBBgw\r\n" \ -"FoAUtFrkpbPe0lL2udWmlQ/rPrzH/f8wDQYJKoZIhvcNAQEFBQADggEBAJklg3Q4\r\n" \ -"cB7v7BzsxM/vLyKccO6op0/gZzM4ghuLq2Y32kl0sM6kSNUUmduuq3u/+GmUZN2A\r\n" \ -"O/7c+Hw7hDFEIvZk98aBGjCLqn3DmgHIv8ToQ67nellQxx2Uj309PdgjNi/r9HOc\r\n" \ -"KNAYPbBcg6MJGWWj2TI6vNaceios/DhOYx5V0j5nfqSJ/pnU0g9Ign2LAhgYpGJE\r\n" \ -"iEM9wW7hEMkwmk0h/sqZsrJsGH5YsF/VThSq/JVO1e2mZH2vruyZKJVBq+8tDNYp\r\n" \ -"HkK6tSyVYQhzIt3StMJWKMl/o5k2AYz6tSC164+1oG+ML3LWg8XrGKa91H4UOKap\r\n" \ -"Awgk0+4m0T25cNs=\r\n" \ -"-----END CERTIFICATE-----\r\n" + "-----BEGIN CERTIFICATE-----\r\n" \ + "MIIDNzCCAh+gAwIBAgIBAjANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER\r\n" \ + "MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN\r\n" \ + "MTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA0MQswCQYDVQQGEwJOTDERMA8G\r\n" \ + "A1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcN\r\n" \ + "AQEBBQADggEPADCCAQoCggEBAMFNo93nzR3RBNdJcriZrA545Do8Ss86ExbQWuTN\r\n" \ + "owCIp+4ea5anUrSQ7y1yej4kmvy2NKwk9XfgJmSMnLAofaHa6ozmyRyWvP7BBFKz\r\n" \ + "NtSj+uGxdtiQwWG0ZlI2oiZTqqt0Xgd9GYLbKtgfoNkNHC1JZvdbJXNG6AuKT2kM\r\n" \ + "tQCQ4dqCEGZ9rlQri2V5kaHiYcPNQEkI7mgM8YuG0ka/0LiqEQMef1aoGh5EGA8P\r\n" \ + "hYvai0Re4hjGYi/HZo36Xdh98yeJKQHFkA4/J/EwyEoO79bex8cna8cFPXrEAjya\r\n" \ + "HT4P6DSYW8tzS1KW2BGiLICIaTla0w+w3lkvEcf36hIBMJcCAwEAAaNNMEswCQYD\r\n" \ + "VR0TBAIwADAdBgNVHQ4EFgQUpQXoZLjc32APUBJNYKhkr02LQ5MwHwYDVR0jBBgw\r\n" \ + "FoAUtFrkpbPe0lL2udWmlQ/rPrzH/f8wDQYJKoZIhvcNAQEFBQADggEBAJklg3Q4\r\n" \ + "cB7v7BzsxM/vLyKccO6op0/gZzM4ghuLq2Y32kl0sM6kSNUUmduuq3u/+GmUZN2A\r\n" \ + "O/7c+Hw7hDFEIvZk98aBGjCLqn3DmgHIv8ToQ67nellQxx2Uj309PdgjNi/r9HOc\r\n" \ + "KNAYPbBcg6MJGWWj2TI6vNaceios/DhOYx5V0j5nfqSJ/pnU0g9Ign2LAhgYpGJE\r\n" \ + "iEM9wW7hEMkwmk0h/sqZsrJsGH5YsF/VThSq/JVO1e2mZH2vruyZKJVBq+8tDNYp\r\n" \ + "HkK6tSyVYQhzIt3StMJWKMl/o5k2AYz6tSC164+1oG+ML3LWg8XrGKa91H4UOKap\r\n" \ + "Awgk0+4m0T25cNs=\r\n" \ + "-----END CERTIFICATE-----\r\n" /* END FILE */ /* This is taken from tests/data_files/server2.crt.der. */ /* BEGIN FILE binary macro TEST_SRV_CRT_RSA_SHA1_DER tests/data_files/server2.crt.der */ #define TEST_SRV_CRT_RSA_SHA1_DER { \ - 0x30, 0x82, 0x03, 0x37, 0x30, 0x82, 0x02, 0x1f, 0xa0, 0x03, 0x02, 0x01, \ - 0x02, 0x02, 0x01, 0x02, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, \ - 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30, 0x3b, 0x31, 0x0b, 0x30, \ - 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, \ - 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, \ - 0x61, 0x72, 0x53, 0x53, 0x4c, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, \ - 0x04, 0x03, 0x0c, 0x10, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, \ - 0x20, 0x54, 0x65, 0x73, 0x74, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, \ - 0x31, 0x31, 0x30, 0x32, 0x31, 0x32, 0x31, 0x34, 0x34, 0x34, 0x30, 0x36, \ - 0x5a, 0x17, 0x0d, 0x32, 0x31, 0x30, 0x32, 0x31, 0x32, 0x31, 0x34, 0x34, \ - 0x34, 0x30, 0x36, 0x5a, 0x30, 0x34, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, \ - 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, \ - 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, \ - 0x53, 0x4c, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, \ - 0x09, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x68, 0x6f, 0x73, 0x74, 0x30, 0x82, \ - 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, \ - 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, \ - 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xc1, 0x4d, 0xa3, 0xdd, 0xe7, \ - 0xcd, 0x1d, 0xd1, 0x04, 0xd7, 0x49, 0x72, 0xb8, 0x99, 0xac, 0x0e, 0x78, \ - 0xe4, 0x3a, 0x3c, 0x4a, 0xcf, 0x3a, 0x13, 0x16, 0xd0, 0x5a, 0xe4, 0xcd, \ - 0xa3, 0x00, 0x88, 0xa7, 0xee, 0x1e, 0x6b, 0x96, 0xa7, 0x52, 0xb4, 0x90, \ - 0xef, 0x2d, 0x72, 0x7a, 0x3e, 0x24, 0x9a, 0xfc, 0xb6, 0x34, 0xac, 0x24, \ - 0xf5, 0x77, 0xe0, 0x26, 0x64, 0x8c, 0x9c, 0xb0, 0x28, 0x7d, 0xa1, 0xda, \ - 0xea, 0x8c, 0xe6, 0xc9, 0x1c, 0x96, 0xbc, 0xfe, 0xc1, 0x04, 0x52, 0xb3, \ - 0x36, 0xd4, 0xa3, 0xfa, 0xe1, 0xb1, 0x76, 0xd8, 0x90, 0xc1, 0x61, 0xb4, \ - 0x66, 0x52, 0x36, 0xa2, 0x26, 0x53, 0xaa, 0xab, 0x74, 0x5e, 0x07, 0x7d, \ - 0x19, 0x82, 0xdb, 0x2a, 0xd8, 0x1f, 0xa0, 0xd9, 0x0d, 0x1c, 0x2d, 0x49, \ - 0x66, 0xf7, 0x5b, 0x25, 0x73, 0x46, 0xe8, 0x0b, 0x8a, 0x4f, 0x69, 0x0c, \ - 0xb5, 0x00, 0x90, 0xe1, 0xda, 0x82, 0x10, 0x66, 0x7d, 0xae, 0x54, 0x2b, \ - 0x8b, 0x65, 0x79, 0x91, 0xa1, 0xe2, 0x61, 0xc3, 0xcd, 0x40, 0x49, 0x08, \ - 0xee, 0x68, 0x0c, 0xf1, 0x8b, 0x86, 0xd2, 0x46, 0xbf, 0xd0, 0xb8, 0xaa, \ - 0x11, 0x03, 0x1e, 0x7f, 0x56, 0xa8, 0x1a, 0x1e, 0x44, 0x18, 0x0f, 0x0f, \ - 0x85, 0x8b, 0xda, 0x8b, 0x44, 0x5e, 0xe2, 0x18, 0xc6, 0x62, 0x2f, 0xc7, \ - 0x66, 0x8d, 0xfa, 0x5d, 0xd8, 0x7d, 0xf3, 0x27, 0x89, 0x29, 0x01, 0xc5, \ - 0x90, 0x0e, 0x3f, 0x27, 0xf1, 0x30, 0xc8, 0x4a, 0x0e, 0xef, 0xd6, 0xde, \ - 0xc7, 0xc7, 0x27, 0x6b, 0xc7, 0x05, 0x3d, 0x7a, 0xc4, 0x02, 0x3c, 0x9a, \ - 0x1d, 0x3e, 0x0f, 0xe8, 0x34, 0x98, 0x5b, 0xcb, 0x73, 0x4b, 0x52, 0x96, \ - 0xd8, 0x11, 0xa2, 0x2c, 0x80, 0x88, 0x69, 0x39, 0x5a, 0xd3, 0x0f, 0xb0, \ - 0xde, 0x59, 0x2f, 0x11, 0xc7, 0xf7, 0xea, 0x12, 0x01, 0x30, 0x97, 0x02, \ - 0x03, 0x01, 0x00, 0x01, 0xa3, 0x4d, 0x30, 0x4b, 0x30, 0x09, 0x06, 0x03, \ - 0x55, 0x1d, 0x13, 0x04, 0x02, 0x30, 0x00, 0x30, 0x1d, 0x06, 0x03, 0x55, \ - 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0xa5, 0x05, 0xe8, 0x64, 0xb8, 0xdc, \ - 0xdf, 0x60, 0x0f, 0x50, 0x12, 0x4d, 0x60, 0xa8, 0x64, 0xaf, 0x4d, 0x8b, \ - 0x43, 0x93, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, \ - 0x16, 0x80, 0x14, 0xb4, 0x5a, 0xe4, 0xa5, 0xb3, 0xde, 0xd2, 0x52, 0xf6, \ - 0xb9, 0xd5, 0xa6, 0x95, 0x0f, 0xeb, 0x3e, 0xbc, 0xc7, 0xfd, 0xff, 0x30, \ - 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, \ - 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x01, 0x73, 0x0b, 0x4a, 0xc5, \ - 0xcb, 0xa0, 0xde, 0xf1, 0x63, 0x1c, 0x76, 0x04, 0x2b, 0x13, 0x0d, 0xc0, \ - 0x84, 0x11, 0xc5, 0x8f, 0x3a, 0xa7, 0xc5, 0x9c, 0x35, 0x7a, 0x77, 0xb8, \ - 0x20, 0x14, 0x82, 0xee, 0x54, 0xf0, 0xf2, 0xb0, 0x52, 0xcb, 0x78, 0xce, \ - 0x59, 0x07, 0x4f, 0x51, 0x69, 0xfe, 0xd3, 0x2f, 0xe9, 0x09, 0xe7, 0x85, \ - 0x92, 0xd8, 0xba, 0xb1, 0xeb, 0xc5, 0x76, 0x5d, 0x61, 0x2d, 0xe9, 0x86, \ - 0xb5, 0xde, 0x2a, 0xf9, 0x3f, 0x53, 0x28, 0x42, 0x86, 0x83, 0x73, 0x43, \ - 0xe0, 0x04, 0x5f, 0x07, 0x90, 0x14, 0x65, 0x9f, 0x6e, 0x10, 0x7a, 0xbc, \ - 0x58, 0x19, 0x22, 0xc2, 0xeb, 0x39, 0x72, 0x51, 0x92, 0xd7, 0xb4, 0x1d, \ - 0x75, 0x2f, 0xd3, 0x3a, 0x2b, 0x01, 0xe7, 0xdb, 0x50, 0xae, 0xe2, 0xf1, \ - 0xd4, 0x4d, 0x5b, 0x3c, 0xbb, 0x41, 0x2b, 0x2a, 0xa4, 0xe2, 0x4a, 0x02, \ - 0xe5, 0x60, 0x14, 0x2c, 0x9c, 0x1f, 0xa6, 0xcc, 0x06, 0x4b, 0x25, 0x89, \ - 0x4e, 0x96, 0x30, 0x22, 0x9c, 0x5c, 0x58, 0x4d, 0xc3, 0xda, 0xd0, 0x6e, \ - 0x50, 0x1e, 0x8c, 0x65, 0xf5, 0xd9, 0x17, 0x35, 0xa6, 0x58, 0x43, 0xb2, \ - 0x29, 0xb7, 0xa8, 0x5e, 0x35, 0xde, 0xf0, 0x60, 0x42, 0x1a, 0x01, 0xcb, \ - 0xcb, 0x0b, 0xd8, 0x0e, 0xc1, 0x90, 0xdf, 0xa1, 0xd2, 0x1a, 0xd1, 0x2c, \ - 0x02, 0xf4, 0x76, 0x41, 0xa4, 0xcb, 0x4b, 0x15, 0x98, 0x71, 0xf9, 0x35, \ - 0x7d, 0xb0, 0xe7, 0xe2, 0x34, 0x96, 0x91, 0xbe, 0x32, 0x67, 0x2d, 0x6b, \ - 0xd3, 0x55, 0x04, 0x8a, 0x01, 0x50, 0xb4, 0xe3, 0x62, 0x78, 0x6c, 0x11, \ - 0x15, 0xa5, 0x2a, 0x11, 0xc1, 0x49, 0x1c, 0x9b, 0xc4, 0x10, 0x65, 0x60, \ - 0x87, 0xd9, 0x1e, 0x69, 0x59, 0x4e, 0x8f, 0x6b, 0xeb, 0xc1, 0xfe, 0x6b, \ - 0xe2, 0x63, 0x78, 0x95, 0x6e, 0xe0, 0x2d, 0xd7, 0xa7, 0x37, 0xa8 \ + 0x30, 0x82, 0x03, 0x37, 0x30, 0x82, 0x02, 0x1f, 0xa0, 0x03, 0x02, 0x01, \ + 0x02, 0x02, 0x01, 0x02, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, \ + 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30, 0x3b, 0x31, 0x0b, 0x30, \ + 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, \ + 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, \ + 0x61, 0x72, 0x53, 0x53, 0x4c, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, \ + 0x04, 0x03, 0x0c, 0x10, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, \ + 0x20, 0x54, 0x65, 0x73, 0x74, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, \ + 0x31, 0x31, 0x30, 0x32, 0x31, 0x32, 0x31, 0x34, 0x34, 0x34, 0x30, 0x36, \ + 0x5a, 0x17, 0x0d, 0x32, 0x31, 0x30, 0x32, 0x31, 0x32, 0x31, 0x34, 0x34, \ + 0x34, 0x30, 0x36, 0x5a, 0x30, 0x34, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, \ + 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, \ + 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, \ + 0x53, 0x4c, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, \ + 0x09, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x68, 0x6f, 0x73, 0x74, 0x30, 0x82, \ + 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, \ + 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, \ + 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xc1, 0x4d, 0xa3, 0xdd, 0xe7, \ + 0xcd, 0x1d, 0xd1, 0x04, 0xd7, 0x49, 0x72, 0xb8, 0x99, 0xac, 0x0e, 0x78, \ + 0xe4, 0x3a, 0x3c, 0x4a, 0xcf, 0x3a, 0x13, 0x16, 0xd0, 0x5a, 0xe4, 0xcd, \ + 0xa3, 0x00, 0x88, 0xa7, 0xee, 0x1e, 0x6b, 0x96, 0xa7, 0x52, 0xb4, 0x90, \ + 0xef, 0x2d, 0x72, 0x7a, 0x3e, 0x24, 0x9a, 0xfc, 0xb6, 0x34, 0xac, 0x24, \ + 0xf5, 0x77, 0xe0, 0x26, 0x64, 0x8c, 0x9c, 0xb0, 0x28, 0x7d, 0xa1, 0xda, \ + 0xea, 0x8c, 0xe6, 0xc9, 0x1c, 0x96, 0xbc, 0xfe, 0xc1, 0x04, 0x52, 0xb3, \ + 0x36, 0xd4, 0xa3, 0xfa, 0xe1, 0xb1, 0x76, 0xd8, 0x90, 0xc1, 0x61, 0xb4, \ + 0x66, 0x52, 0x36, 0xa2, 0x26, 0x53, 0xaa, 0xab, 0x74, 0x5e, 0x07, 0x7d, \ + 0x19, 0x82, 0xdb, 0x2a, 0xd8, 0x1f, 0xa0, 0xd9, 0x0d, 0x1c, 0x2d, 0x49, \ + 0x66, 0xf7, 0x5b, 0x25, 0x73, 0x46, 0xe8, 0x0b, 0x8a, 0x4f, 0x69, 0x0c, \ + 0xb5, 0x00, 0x90, 0xe1, 0xda, 0x82, 0x10, 0x66, 0x7d, 0xae, 0x54, 0x2b, \ + 0x8b, 0x65, 0x79, 0x91, 0xa1, 0xe2, 0x61, 0xc3, 0xcd, 0x40, 0x49, 0x08, \ + 0xee, 0x68, 0x0c, 0xf1, 0x8b, 0x86, 0xd2, 0x46, 0xbf, 0xd0, 0xb8, 0xaa, \ + 0x11, 0x03, 0x1e, 0x7f, 0x56, 0xa8, 0x1a, 0x1e, 0x44, 0x18, 0x0f, 0x0f, \ + 0x85, 0x8b, 0xda, 0x8b, 0x44, 0x5e, 0xe2, 0x18, 0xc6, 0x62, 0x2f, 0xc7, \ + 0x66, 0x8d, 0xfa, 0x5d, 0xd8, 0x7d, 0xf3, 0x27, 0x89, 0x29, 0x01, 0xc5, \ + 0x90, 0x0e, 0x3f, 0x27, 0xf1, 0x30, 0xc8, 0x4a, 0x0e, 0xef, 0xd6, 0xde, \ + 0xc7, 0xc7, 0x27, 0x6b, 0xc7, 0x05, 0x3d, 0x7a, 0xc4, 0x02, 0x3c, 0x9a, \ + 0x1d, 0x3e, 0x0f, 0xe8, 0x34, 0x98, 0x5b, 0xcb, 0x73, 0x4b, 0x52, 0x96, \ + 0xd8, 0x11, 0xa2, 0x2c, 0x80, 0x88, 0x69, 0x39, 0x5a, 0xd3, 0x0f, 0xb0, \ + 0xde, 0x59, 0x2f, 0x11, 0xc7, 0xf7, 0xea, 0x12, 0x01, 0x30, 0x97, 0x02, \ + 0x03, 0x01, 0x00, 0x01, 0xa3, 0x4d, 0x30, 0x4b, 0x30, 0x09, 0x06, 0x03, \ + 0x55, 0x1d, 0x13, 0x04, 0x02, 0x30, 0x00, 0x30, 0x1d, 0x06, 0x03, 0x55, \ + 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0xa5, 0x05, 0xe8, 0x64, 0xb8, 0xdc, \ + 0xdf, 0x60, 0x0f, 0x50, 0x12, 0x4d, 0x60, 0xa8, 0x64, 0xaf, 0x4d, 0x8b, \ + 0x43, 0x93, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, \ + 0x16, 0x80, 0x14, 0xb4, 0x5a, 0xe4, 0xa5, 0xb3, 0xde, 0xd2, 0x52, 0xf6, \ + 0xb9, 0xd5, 0xa6, 0x95, 0x0f, 0xeb, 0x3e, 0xbc, 0xc7, 0xfd, 0xff, 0x30, \ + 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, \ + 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x01, 0x73, 0x0b, 0x4a, 0xc5, \ + 0xcb, 0xa0, 0xde, 0xf1, 0x63, 0x1c, 0x76, 0x04, 0x2b, 0x13, 0x0d, 0xc0, \ + 0x84, 0x11, 0xc5, 0x8f, 0x3a, 0xa7, 0xc5, 0x9c, 0x35, 0x7a, 0x77, 0xb8, \ + 0x20, 0x14, 0x82, 0xee, 0x54, 0xf0, 0xf2, 0xb0, 0x52, 0xcb, 0x78, 0xce, \ + 0x59, 0x07, 0x4f, 0x51, 0x69, 0xfe, 0xd3, 0x2f, 0xe9, 0x09, 0xe7, 0x85, \ + 0x92, 0xd8, 0xba, 0xb1, 0xeb, 0xc5, 0x76, 0x5d, 0x61, 0x2d, 0xe9, 0x86, \ + 0xb5, 0xde, 0x2a, 0xf9, 0x3f, 0x53, 0x28, 0x42, 0x86, 0x83, 0x73, 0x43, \ + 0xe0, 0x04, 0x5f, 0x07, 0x90, 0x14, 0x65, 0x9f, 0x6e, 0x10, 0x7a, 0xbc, \ + 0x58, 0x19, 0x22, 0xc2, 0xeb, 0x39, 0x72, 0x51, 0x92, 0xd7, 0xb4, 0x1d, \ + 0x75, 0x2f, 0xd3, 0x3a, 0x2b, 0x01, 0xe7, 0xdb, 0x50, 0xae, 0xe2, 0xf1, \ + 0xd4, 0x4d, 0x5b, 0x3c, 0xbb, 0x41, 0x2b, 0x2a, 0xa4, 0xe2, 0x4a, 0x02, \ + 0xe5, 0x60, 0x14, 0x2c, 0x9c, 0x1f, 0xa6, 0xcc, 0x06, 0x4b, 0x25, 0x89, \ + 0x4e, 0x96, 0x30, 0x22, 0x9c, 0x5c, 0x58, 0x4d, 0xc3, 0xda, 0xd0, 0x6e, \ + 0x50, 0x1e, 0x8c, 0x65, 0xf5, 0xd9, 0x17, 0x35, 0xa6, 0x58, 0x43, 0xb2, \ + 0x29, 0xb7, 0xa8, 0x5e, 0x35, 0xde, 0xf0, 0x60, 0x42, 0x1a, 0x01, 0xcb, \ + 0xcb, 0x0b, 0xd8, 0x0e, 0xc1, 0x90, 0xdf, 0xa1, 0xd2, 0x1a, 0xd1, 0x2c, \ + 0x02, 0xf4, 0x76, 0x41, 0xa4, 0xcb, 0x4b, 0x15, 0x98, 0x71, 0xf9, 0x35, \ + 0x7d, 0xb0, 0xe7, 0xe2, 0x34, 0x96, 0x91, 0xbe, 0x32, 0x67, 0x2d, 0x6b, \ + 0xd3, 0x55, 0x04, 0x8a, 0x01, 0x50, 0xb4, 0xe3, 0x62, 0x78, 0x6c, 0x11, \ + 0x15, 0xa5, 0x2a, 0x11, 0xc1, 0x49, 0x1c, 0x9b, 0xc4, 0x10, 0x65, 0x60, \ + 0x87, 0xd9, 0x1e, 0x69, 0x59, 0x4e, 0x8f, 0x6b, 0xeb, 0xc1, 0xfe, 0x6b, \ + 0xe2, 0x63, 0x78, 0x95, 0x6e, 0xe0, 0x2d, 0xd7, 0xa7, 0x37, 0xa8 \ } /* END FILE */ @@ -832,106 +832,106 @@ /* This was generated from tests/data_files/server2.key.der using `xxd -i`. */ /* BEGIN FILE binary macro TEST_SRV_KEY_RSA_DER tests/data_files/server2.key.der */ #define TEST_SRV_KEY_RSA_DER { \ - 0x30, 0x82, 0x04, 0xa4, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00, \ - 0xc1, 0x4d, 0xa3, 0xdd, 0xe7, 0xcd, 0x1d, 0xd1, 0x04, 0xd7, 0x49, 0x72, \ - 0xb8, 0x99, 0xac, 0x0e, 0x78, 0xe4, 0x3a, 0x3c, 0x4a, 0xcf, 0x3a, 0x13, \ - 0x16, 0xd0, 0x5a, 0xe4, 0xcd, 0xa3, 0x00, 0x88, 0xa7, 0xee, 0x1e, 0x6b, \ - 0x96, 0xa7, 0x52, 0xb4, 0x90, 0xef, 0x2d, 0x72, 0x7a, 0x3e, 0x24, 0x9a, \ - 0xfc, 0xb6, 0x34, 0xac, 0x24, 0xf5, 0x77, 0xe0, 0x26, 0x64, 0x8c, 0x9c, \ - 0xb0, 0x28, 0x7d, 0xa1, 0xda, 0xea, 0x8c, 0xe6, 0xc9, 0x1c, 0x96, 0xbc, \ - 0xfe, 0xc1, 0x04, 0x52, 0xb3, 0x36, 0xd4, 0xa3, 0xfa, 0xe1, 0xb1, 0x76, \ - 0xd8, 0x90, 0xc1, 0x61, 0xb4, 0x66, 0x52, 0x36, 0xa2, 0x26, 0x53, 0xaa, \ - 0xab, 0x74, 0x5e, 0x07, 0x7d, 0x19, 0x82, 0xdb, 0x2a, 0xd8, 0x1f, 0xa0, \ - 0xd9, 0x0d, 0x1c, 0x2d, 0x49, 0x66, 0xf7, 0x5b, 0x25, 0x73, 0x46, 0xe8, \ - 0x0b, 0x8a, 0x4f, 0x69, 0x0c, 0xb5, 0x00, 0x90, 0xe1, 0xda, 0x82, 0x10, \ - 0x66, 0x7d, 0xae, 0x54, 0x2b, 0x8b, 0x65, 0x79, 0x91, 0xa1, 0xe2, 0x61, \ - 0xc3, 0xcd, 0x40, 0x49, 0x08, 0xee, 0x68, 0x0c, 0xf1, 0x8b, 0x86, 0xd2, \ - 0x46, 0xbf, 0xd0, 0xb8, 0xaa, 0x11, 0x03, 0x1e, 0x7f, 0x56, 0xa8, 0x1a, \ - 0x1e, 0x44, 0x18, 0x0f, 0x0f, 0x85, 0x8b, 0xda, 0x8b, 0x44, 0x5e, 0xe2, \ - 0x18, 0xc6, 0x62, 0x2f, 0xc7, 0x66, 0x8d, 0xfa, 0x5d, 0xd8, 0x7d, 0xf3, \ - 0x27, 0x89, 0x29, 0x01, 0xc5, 0x90, 0x0e, 0x3f, 0x27, 0xf1, 0x30, 0xc8, \ - 0x4a, 0x0e, 0xef, 0xd6, 0xde, 0xc7, 0xc7, 0x27, 0x6b, 0xc7, 0x05, 0x3d, \ - 0x7a, 0xc4, 0x02, 0x3c, 0x9a, 0x1d, 0x3e, 0x0f, 0xe8, 0x34, 0x98, 0x5b, \ - 0xcb, 0x73, 0x4b, 0x52, 0x96, 0xd8, 0x11, 0xa2, 0x2c, 0x80, 0x88, 0x69, \ - 0x39, 0x5a, 0xd3, 0x0f, 0xb0, 0xde, 0x59, 0x2f, 0x11, 0xc7, 0xf7, 0xea, \ - 0x12, 0x01, 0x30, 0x97, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01, \ - 0x01, 0x00, 0x97, 0x47, 0x44, 0xbc, 0x10, 0x81, 0xc5, 0x18, 0xe4, 0x59, \ - 0xfb, 0xe0, 0x2d, 0x3a, 0x0e, 0x9e, 0x10, 0xdc, 0x43, 0xfb, 0x15, 0x6c, \ - 0xd1, 0xfd, 0x48, 0x78, 0x6c, 0xf9, 0xed, 0x38, 0xe8, 0xdd, 0x09, 0xd7, \ - 0x5f, 0xb5, 0x41, 0x64, 0xd7, 0x63, 0xfa, 0x9d, 0x44, 0x0a, 0xf8, 0x42, \ - 0x13, 0xf1, 0xbb, 0x5e, 0x79, 0x20, 0x53, 0x98, 0x4b, 0x65, 0x7f, 0x86, \ - 0x67, 0x48, 0xe4, 0xcf, 0xfb, 0x6a, 0x24, 0xe2, 0x34, 0xbd, 0x14, 0x9d, \ - 0x2c, 0x16, 0xe2, 0xa4, 0x79, 0xd6, 0xa2, 0xec, 0x81, 0x43, 0x87, 0xbf, \ - 0x03, 0x5c, 0x88, 0x25, 0xd9, 0x41, 0xb6, 0xa5, 0xf1, 0x27, 0x52, 0x84, \ - 0xfe, 0x2b, 0x6e, 0x1d, 0x16, 0xcd, 0x73, 0x88, 0xf8, 0x90, 0xbf, 0x19, \ - 0xfe, 0xbe, 0xa9, 0xbf, 0x09, 0xd3, 0x23, 0x43, 0xd2, 0xc7, 0x61, 0x2a, \ - 0xb3, 0x4e, 0x3c, 0x61, 0xd4, 0xbd, 0xd8, 0xb4, 0xfa, 0xa8, 0x0b, 0xf8, \ - 0x7e, 0x56, 0xcd, 0x0f, 0x13, 0x27, 0xda, 0xe6, 0x3b, 0xb3, 0x8c, 0x9c, \ - 0x4b, 0x84, 0x3c, 0xc3, 0x52, 0x57, 0x9c, 0x27, 0x9a, 0x02, 0x76, 0x26, \ - 0x59, 0x82, 0x39, 0xc3, 0x13, 0xbe, 0x6e, 0xf4, 0x44, 0x2d, 0x1d, 0x8c, \ - 0x73, 0x3e, 0x43, 0x99, 0x59, 0xcb, 0xf2, 0x34, 0x72, 0x9a, 0x5e, 0xa5, \ - 0xeb, 0x9f, 0x36, 0x6d, 0x2b, 0xf9, 0xa2, 0xe7, 0xd1, 0x78, 0x52, 0x1b, \ - 0xc8, 0xf6, 0x5b, 0x41, 0x69, 0x57, 0x81, 0x89, 0xe9, 0xbb, 0xa1, 0xde, \ - 0x19, 0x37, 0x3b, 0x13, 0x5c, 0xca, 0x61, 0x01, 0x86, 0xff, 0xdf, 0x83, \ - 0x41, 0x49, 0x7f, 0xd6, 0xf4, 0x2e, 0x08, 0xfa, 0x90, 0xc2, 0x7c, 0xb4, \ - 0xb5, 0x0a, 0x17, 0xdb, 0x0e, 0x6d, 0x75, 0x8a, 0x5d, 0x31, 0xd5, 0x66, \ - 0xfb, 0x39, 0x0b, 0xb5, 0xb6, 0xa3, 0xcd, 0xd4, 0xef, 0x88, 0x92, 0x5a, \ - 0x4d, 0x6c, 0xcb, 0xea, 0x5b, 0x79, 0x02, 0x81, 0x81, 0x00, 0xdf, 0x3a, \ - 0xf9, 0x25, 0x5e, 0x24, 0x37, 0x26, 0x40, 0x97, 0x2f, 0xe0, 0x4a, 0xba, \ - 0x52, 0x1b, 0x51, 0xaf, 0x84, 0x06, 0x32, 0x24, 0x0c, 0xcf, 0x44, 0xa8, \ - 0x77, 0xa7, 0xad, 0xb5, 0x8c, 0x58, 0xcc, 0xc8, 0x31, 0xb7, 0x0d, 0xbc, \ - 0x08, 0x8a, 0xe0, 0xa6, 0x8c, 0xc2, 0x73, 0xe5, 0x1a, 0x64, 0x92, 0xe8, \ - 0xed, 0x4c, 0x6f, 0x0b, 0xa6, 0xa7, 0xf3, 0x9a, 0xf5, 0x6f, 0x69, 0xca, \ - 0x3c, 0x22, 0xd0, 0x15, 0xa8, 0x20, 0x27, 0x41, 0xf8, 0x43, 0x42, 0x7f, \ - 0xb1, 0x93, 0xa1, 0x04, 0x85, 0xda, 0xa0, 0x1c, 0xd6, 0xc6, 0xf7, 0x8a, \ - 0x9e, 0xea, 0x5c, 0x78, 0xa7, 0x55, 0xc4, 0x6b, 0x05, 0x8b, 0xc0, 0x83, \ - 0xcb, 0xce, 0x83, 0x05, 0xf8, 0xb2, 0x16, 0x2b, 0xdf, 0x06, 0x3f, 0xb8, \ - 0xec, 0x16, 0xda, 0x43, 0x33, 0xc1, 0x8f, 0xb0, 0xb8, 0xac, 0xae, 0xd4, \ - 0x94, 0xb8, 0xda, 0x6f, 0x6a, 0xc3, 0x02, 0x81, 0x81, 0x00, 0xdd, 0xae, \ - 0x00, 0xcd, 0xa0, 0x72, 0x1a, 0x05, 0x8a, 0xee, 0x2f, 0xd4, 0x71, 0x4b, \ - 0xf0, 0x3e, 0xe5, 0xc1, 0xe1, 0x29, 0x8b, 0xa6, 0x67, 0x30, 0x98, 0xe7, \ - 0x12, 0xef, 0xdd, 0x12, 0x01, 0x90, 0x24, 0x58, 0xf0, 0x76, 0x92, 0xe7, \ - 0x3d, 0xbb, 0x23, 0xe1, 0xce, 0xf9, 0xa1, 0xd4, 0x38, 0x1b, 0x3f, 0x20, \ - 0xb3, 0x0f, 0x65, 0x6a, 0x8f, 0x55, 0x57, 0x36, 0xee, 0xb2, 0x84, 0x44, \ - 0xfc, 0x91, 0x88, 0xe1, 0xa4, 0xdd, 0x3b, 0x4a, 0x40, 0x4d, 0x7c, 0x86, \ - 0xed, 0xe1, 0xb5, 0x42, 0xef, 0xb9, 0x61, 0xcd, 0x58, 0x19, 0x77, 0x02, \ - 0xae, 0x58, 0x80, 0xdb, 0x13, 0x3d, 0xc7, 0x1f, 0x9d, 0xed, 0xff, 0xac, \ - 0x98, 0xfc, 0xcd, 0xf9, 0x62, 0x04, 0x83, 0x91, 0x89, 0x0d, 0x86, 0x43, \ - 0x8c, 0x0c, 0xc7, 0x1b, 0x90, 0x4d, 0xbe, 0x2f, 0xc5, 0x7c, 0xcd, 0x42, \ - 0xf5, 0xd3, 0xad, 0x8e, 0xfd, 0x9d, 0x02, 0x81, 0x80, 0x17, 0x4b, 0x79, \ - 0x2a, 0x6c, 0x1b, 0x8d, 0x61, 0xc1, 0x85, 0xc5, 0x6a, 0x3b, 0x82, 0x1c, \ - 0x05, 0x5b, 0xcd, 0xdc, 0x12, 0x25, 0x73, 0x5b, 0x9e, 0xd9, 0x84, 0x57, \ - 0x10, 0x39, 0x71, 0x63, 0x96, 0xf4, 0xaf, 0xc3, 0x78, 0x5d, 0xc7, 0x8c, \ - 0x80, 0xa9, 0x96, 0xd7, 0xc3, 0x87, 0x02, 0x96, 0x71, 0x7e, 0x5f, 0x2e, \ - 0x3c, 0x36, 0xae, 0x59, 0x92, 0xd7, 0x3a, 0x09, 0x78, 0xb9, 0xea, 0x6f, \ - 0xc2, 0x16, 0x42, 0xdc, 0x4b, 0x96, 0xad, 0x2c, 0xb2, 0x20, 0x23, 0x61, \ - 0x2d, 0x8d, 0xb5, 0x02, 0x1e, 0xe1, 0x6c, 0x81, 0x01, 0x3c, 0x5d, 0xcb, \ - 0xdd, 0x9b, 0x0e, 0xc0, 0x2f, 0x94, 0x12, 0xb2, 0xfe, 0x75, 0x75, 0x8b, \ - 0x74, 0x1e, 0x7a, 0x26, 0x0c, 0xb7, 0x81, 0x96, 0x81, 0x79, 0x6e, 0xdb, \ - 0xbc, 0x3a, 0xc4, 0x9e, 0x87, 0x09, 0x6e, 0xa0, 0xa6, 0xec, 0x8b, 0xa4, \ - 0x85, 0x71, 0xce, 0x04, 0xaf, 0x02, 0x81, 0x81, 0x00, 0xc2, 0xa7, 0x47, \ - 0x07, 0x48, 0x6a, 0xc8, 0xd4, 0xb3, 0x20, 0xe1, 0x98, 0xee, 0xff, 0x5a, \ - 0x6f, 0x30, 0x7a, 0xa5, 0x47, 0x40, 0xdc, 0x16, 0x62, 0x42, 0xf1, 0x2c, \ - 0xdc, 0xb8, 0xc7, 0x55, 0xde, 0x07, 0x3c, 0x9d, 0xb1, 0xd0, 0xdf, 0x02, \ - 0x82, 0xb0, 0x48, 0x58, 0xe1, 0x34, 0xab, 0xcf, 0xb4, 0x85, 0x23, 0x26, \ - 0x78, 0x4f, 0x7a, 0x59, 0x6f, 0xfb, 0x8c, 0x3d, 0xdf, 0x3d, 0x6c, 0x02, \ - 0x47, 0x9c, 0xe5, 0x5e, 0x49, 0xf1, 0x05, 0x0b, 0x1f, 0xbf, 0x48, 0x0f, \ - 0xdc, 0x10, 0xb9, 0x3d, 0x1d, 0x10, 0x77, 0x2a, 0x73, 0xf9, 0xdf, 0xbd, \ - 0xcd, 0xf3, 0x1f, 0xeb, 0x6e, 0x64, 0xca, 0x2b, 0x78, 0x4f, 0xf8, 0x73, \ - 0xc2, 0x10, 0xef, 0x79, 0x95, 0x33, 0x1e, 0x79, 0x35, 0x09, 0xff, 0x88, \ - 0x1b, 0xb4, 0x3e, 0x4c, 0xe1, 0x27, 0x2e, 0x75, 0x80, 0x58, 0x11, 0x03, \ - 0x21, 0x23, 0x96, 0x9a, 0xb5, 0x02, 0x81, 0x80, 0x05, 0x12, 0x64, 0x71, \ - 0x83, 0x00, 0x1c, 0xfe, 0xef, 0x83, 0xea, 0xdd, 0x2c, 0xc8, 0x2c, 0x00, \ - 0x62, 0x1e, 0x8f, 0x3a, 0xdb, 0x1c, 0xab, 0xd6, 0x34, 0x8b, 0xd1, 0xb2, \ - 0x5a, 0x4f, 0x3d, 0x37, 0x38, 0x02, 0xe0, 0xd7, 0x70, 0xc1, 0xb0, 0x47, \ - 0xe0, 0x08, 0x1a, 0x84, 0xec, 0x48, 0xc5, 0x7c, 0x76, 0x83, 0x12, 0x67, \ - 0xab, 0x7c, 0x9f, 0x90, 0x97, 0xc8, 0x8f, 0x07, 0xf4, 0xb3, 0x60, 0xf2, \ - 0x3f, 0x49, 0x18, 0xdb, 0x2e, 0x94, 0x6b, 0x53, 0x9e, 0xa2, 0x63, 0xde, \ - 0x63, 0xd9, 0xab, 0x21, 0x2e, 0x2d, 0x0a, 0xe0, 0xd0, 0xe8, 0xba, 0xc4, \ - 0x4c, 0x1e, 0xa5, 0xf5, 0x51, 0xa8, 0xc4, 0x92, 0xf8, 0x7f, 0x21, 0xe7, \ - 0x65, 0xbf, 0x0b, 0xe6, 0x01, 0xaf, 0x9c, 0x1d, 0x5b, 0x6c, 0x3f, 0x1c, \ - 0x2f, 0xa6, 0x0f, 0x68, 0x38, 0x8e, 0x85, 0xc4, 0x6c, 0x78, 0x2f, 0x6f, \ - 0x06, 0x21, 0x2e, 0x56 \ + 0x30, 0x82, 0x04, 0xa4, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00, \ + 0xc1, 0x4d, 0xa3, 0xdd, 0xe7, 0xcd, 0x1d, 0xd1, 0x04, 0xd7, 0x49, 0x72, \ + 0xb8, 0x99, 0xac, 0x0e, 0x78, 0xe4, 0x3a, 0x3c, 0x4a, 0xcf, 0x3a, 0x13, \ + 0x16, 0xd0, 0x5a, 0xe4, 0xcd, 0xa3, 0x00, 0x88, 0xa7, 0xee, 0x1e, 0x6b, \ + 0x96, 0xa7, 0x52, 0xb4, 0x90, 0xef, 0x2d, 0x72, 0x7a, 0x3e, 0x24, 0x9a, \ + 0xfc, 0xb6, 0x34, 0xac, 0x24, 0xf5, 0x77, 0xe0, 0x26, 0x64, 0x8c, 0x9c, \ + 0xb0, 0x28, 0x7d, 0xa1, 0xda, 0xea, 0x8c, 0xe6, 0xc9, 0x1c, 0x96, 0xbc, \ + 0xfe, 0xc1, 0x04, 0x52, 0xb3, 0x36, 0xd4, 0xa3, 0xfa, 0xe1, 0xb1, 0x76, \ + 0xd8, 0x90, 0xc1, 0x61, 0xb4, 0x66, 0x52, 0x36, 0xa2, 0x26, 0x53, 0xaa, \ + 0xab, 0x74, 0x5e, 0x07, 0x7d, 0x19, 0x82, 0xdb, 0x2a, 0xd8, 0x1f, 0xa0, \ + 0xd9, 0x0d, 0x1c, 0x2d, 0x49, 0x66, 0xf7, 0x5b, 0x25, 0x73, 0x46, 0xe8, \ + 0x0b, 0x8a, 0x4f, 0x69, 0x0c, 0xb5, 0x00, 0x90, 0xe1, 0xda, 0x82, 0x10, \ + 0x66, 0x7d, 0xae, 0x54, 0x2b, 0x8b, 0x65, 0x79, 0x91, 0xa1, 0xe2, 0x61, \ + 0xc3, 0xcd, 0x40, 0x49, 0x08, 0xee, 0x68, 0x0c, 0xf1, 0x8b, 0x86, 0xd2, \ + 0x46, 0xbf, 0xd0, 0xb8, 0xaa, 0x11, 0x03, 0x1e, 0x7f, 0x56, 0xa8, 0x1a, \ + 0x1e, 0x44, 0x18, 0x0f, 0x0f, 0x85, 0x8b, 0xda, 0x8b, 0x44, 0x5e, 0xe2, \ + 0x18, 0xc6, 0x62, 0x2f, 0xc7, 0x66, 0x8d, 0xfa, 0x5d, 0xd8, 0x7d, 0xf3, \ + 0x27, 0x89, 0x29, 0x01, 0xc5, 0x90, 0x0e, 0x3f, 0x27, 0xf1, 0x30, 0xc8, \ + 0x4a, 0x0e, 0xef, 0xd6, 0xde, 0xc7, 0xc7, 0x27, 0x6b, 0xc7, 0x05, 0x3d, \ + 0x7a, 0xc4, 0x02, 0x3c, 0x9a, 0x1d, 0x3e, 0x0f, 0xe8, 0x34, 0x98, 0x5b, \ + 0xcb, 0x73, 0x4b, 0x52, 0x96, 0xd8, 0x11, 0xa2, 0x2c, 0x80, 0x88, 0x69, \ + 0x39, 0x5a, 0xd3, 0x0f, 0xb0, 0xde, 0x59, 0x2f, 0x11, 0xc7, 0xf7, 0xea, \ + 0x12, 0x01, 0x30, 0x97, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01, \ + 0x01, 0x00, 0x97, 0x47, 0x44, 0xbc, 0x10, 0x81, 0xc5, 0x18, 0xe4, 0x59, \ + 0xfb, 0xe0, 0x2d, 0x3a, 0x0e, 0x9e, 0x10, 0xdc, 0x43, 0xfb, 0x15, 0x6c, \ + 0xd1, 0xfd, 0x48, 0x78, 0x6c, 0xf9, 0xed, 0x38, 0xe8, 0xdd, 0x09, 0xd7, \ + 0x5f, 0xb5, 0x41, 0x64, 0xd7, 0x63, 0xfa, 0x9d, 0x44, 0x0a, 0xf8, 0x42, \ + 0x13, 0xf1, 0xbb, 0x5e, 0x79, 0x20, 0x53, 0x98, 0x4b, 0x65, 0x7f, 0x86, \ + 0x67, 0x48, 0xe4, 0xcf, 0xfb, 0x6a, 0x24, 0xe2, 0x34, 0xbd, 0x14, 0x9d, \ + 0x2c, 0x16, 0xe2, 0xa4, 0x79, 0xd6, 0xa2, 0xec, 0x81, 0x43, 0x87, 0xbf, \ + 0x03, 0x5c, 0x88, 0x25, 0xd9, 0x41, 0xb6, 0xa5, 0xf1, 0x27, 0x52, 0x84, \ + 0xfe, 0x2b, 0x6e, 0x1d, 0x16, 0xcd, 0x73, 0x88, 0xf8, 0x90, 0xbf, 0x19, \ + 0xfe, 0xbe, 0xa9, 0xbf, 0x09, 0xd3, 0x23, 0x43, 0xd2, 0xc7, 0x61, 0x2a, \ + 0xb3, 0x4e, 0x3c, 0x61, 0xd4, 0xbd, 0xd8, 0xb4, 0xfa, 0xa8, 0x0b, 0xf8, \ + 0x7e, 0x56, 0xcd, 0x0f, 0x13, 0x27, 0xda, 0xe6, 0x3b, 0xb3, 0x8c, 0x9c, \ + 0x4b, 0x84, 0x3c, 0xc3, 0x52, 0x57, 0x9c, 0x27, 0x9a, 0x02, 0x76, 0x26, \ + 0x59, 0x82, 0x39, 0xc3, 0x13, 0xbe, 0x6e, 0xf4, 0x44, 0x2d, 0x1d, 0x8c, \ + 0x73, 0x3e, 0x43, 0x99, 0x59, 0xcb, 0xf2, 0x34, 0x72, 0x9a, 0x5e, 0xa5, \ + 0xeb, 0x9f, 0x36, 0x6d, 0x2b, 0xf9, 0xa2, 0xe7, 0xd1, 0x78, 0x52, 0x1b, \ + 0xc8, 0xf6, 0x5b, 0x41, 0x69, 0x57, 0x81, 0x89, 0xe9, 0xbb, 0xa1, 0xde, \ + 0x19, 0x37, 0x3b, 0x13, 0x5c, 0xca, 0x61, 0x01, 0x86, 0xff, 0xdf, 0x83, \ + 0x41, 0x49, 0x7f, 0xd6, 0xf4, 0x2e, 0x08, 0xfa, 0x90, 0xc2, 0x7c, 0xb4, \ + 0xb5, 0x0a, 0x17, 0xdb, 0x0e, 0x6d, 0x75, 0x8a, 0x5d, 0x31, 0xd5, 0x66, \ + 0xfb, 0x39, 0x0b, 0xb5, 0xb6, 0xa3, 0xcd, 0xd4, 0xef, 0x88, 0x92, 0x5a, \ + 0x4d, 0x6c, 0xcb, 0xea, 0x5b, 0x79, 0x02, 0x81, 0x81, 0x00, 0xdf, 0x3a, \ + 0xf9, 0x25, 0x5e, 0x24, 0x37, 0x26, 0x40, 0x97, 0x2f, 0xe0, 0x4a, 0xba, \ + 0x52, 0x1b, 0x51, 0xaf, 0x84, 0x06, 0x32, 0x24, 0x0c, 0xcf, 0x44, 0xa8, \ + 0x77, 0xa7, 0xad, 0xb5, 0x8c, 0x58, 0xcc, 0xc8, 0x31, 0xb7, 0x0d, 0xbc, \ + 0x08, 0x8a, 0xe0, 0xa6, 0x8c, 0xc2, 0x73, 0xe5, 0x1a, 0x64, 0x92, 0xe8, \ + 0xed, 0x4c, 0x6f, 0x0b, 0xa6, 0xa7, 0xf3, 0x9a, 0xf5, 0x6f, 0x69, 0xca, \ + 0x3c, 0x22, 0xd0, 0x15, 0xa8, 0x20, 0x27, 0x41, 0xf8, 0x43, 0x42, 0x7f, \ + 0xb1, 0x93, 0xa1, 0x04, 0x85, 0xda, 0xa0, 0x1c, 0xd6, 0xc6, 0xf7, 0x8a, \ + 0x9e, 0xea, 0x5c, 0x78, 0xa7, 0x55, 0xc4, 0x6b, 0x05, 0x8b, 0xc0, 0x83, \ + 0xcb, 0xce, 0x83, 0x05, 0xf8, 0xb2, 0x16, 0x2b, 0xdf, 0x06, 0x3f, 0xb8, \ + 0xec, 0x16, 0xda, 0x43, 0x33, 0xc1, 0x8f, 0xb0, 0xb8, 0xac, 0xae, 0xd4, \ + 0x94, 0xb8, 0xda, 0x6f, 0x6a, 0xc3, 0x02, 0x81, 0x81, 0x00, 0xdd, 0xae, \ + 0x00, 0xcd, 0xa0, 0x72, 0x1a, 0x05, 0x8a, 0xee, 0x2f, 0xd4, 0x71, 0x4b, \ + 0xf0, 0x3e, 0xe5, 0xc1, 0xe1, 0x29, 0x8b, 0xa6, 0x67, 0x30, 0x98, 0xe7, \ + 0x12, 0xef, 0xdd, 0x12, 0x01, 0x90, 0x24, 0x58, 0xf0, 0x76, 0x92, 0xe7, \ + 0x3d, 0xbb, 0x23, 0xe1, 0xce, 0xf9, 0xa1, 0xd4, 0x38, 0x1b, 0x3f, 0x20, \ + 0xb3, 0x0f, 0x65, 0x6a, 0x8f, 0x55, 0x57, 0x36, 0xee, 0xb2, 0x84, 0x44, \ + 0xfc, 0x91, 0x88, 0xe1, 0xa4, 0xdd, 0x3b, 0x4a, 0x40, 0x4d, 0x7c, 0x86, \ + 0xed, 0xe1, 0xb5, 0x42, 0xef, 0xb9, 0x61, 0xcd, 0x58, 0x19, 0x77, 0x02, \ + 0xae, 0x58, 0x80, 0xdb, 0x13, 0x3d, 0xc7, 0x1f, 0x9d, 0xed, 0xff, 0xac, \ + 0x98, 0xfc, 0xcd, 0xf9, 0x62, 0x04, 0x83, 0x91, 0x89, 0x0d, 0x86, 0x43, \ + 0x8c, 0x0c, 0xc7, 0x1b, 0x90, 0x4d, 0xbe, 0x2f, 0xc5, 0x7c, 0xcd, 0x42, \ + 0xf5, 0xd3, 0xad, 0x8e, 0xfd, 0x9d, 0x02, 0x81, 0x80, 0x17, 0x4b, 0x79, \ + 0x2a, 0x6c, 0x1b, 0x8d, 0x61, 0xc1, 0x85, 0xc5, 0x6a, 0x3b, 0x82, 0x1c, \ + 0x05, 0x5b, 0xcd, 0xdc, 0x12, 0x25, 0x73, 0x5b, 0x9e, 0xd9, 0x84, 0x57, \ + 0x10, 0x39, 0x71, 0x63, 0x96, 0xf4, 0xaf, 0xc3, 0x78, 0x5d, 0xc7, 0x8c, \ + 0x80, 0xa9, 0x96, 0xd7, 0xc3, 0x87, 0x02, 0x96, 0x71, 0x7e, 0x5f, 0x2e, \ + 0x3c, 0x36, 0xae, 0x59, 0x92, 0xd7, 0x3a, 0x09, 0x78, 0xb9, 0xea, 0x6f, \ + 0xc2, 0x16, 0x42, 0xdc, 0x4b, 0x96, 0xad, 0x2c, 0xb2, 0x20, 0x23, 0x61, \ + 0x2d, 0x8d, 0xb5, 0x02, 0x1e, 0xe1, 0x6c, 0x81, 0x01, 0x3c, 0x5d, 0xcb, \ + 0xdd, 0x9b, 0x0e, 0xc0, 0x2f, 0x94, 0x12, 0xb2, 0xfe, 0x75, 0x75, 0x8b, \ + 0x74, 0x1e, 0x7a, 0x26, 0x0c, 0xb7, 0x81, 0x96, 0x81, 0x79, 0x6e, 0xdb, \ + 0xbc, 0x3a, 0xc4, 0x9e, 0x87, 0x09, 0x6e, 0xa0, 0xa6, 0xec, 0x8b, 0xa4, \ + 0x85, 0x71, 0xce, 0x04, 0xaf, 0x02, 0x81, 0x81, 0x00, 0xc2, 0xa7, 0x47, \ + 0x07, 0x48, 0x6a, 0xc8, 0xd4, 0xb3, 0x20, 0xe1, 0x98, 0xee, 0xff, 0x5a, \ + 0x6f, 0x30, 0x7a, 0xa5, 0x47, 0x40, 0xdc, 0x16, 0x62, 0x42, 0xf1, 0x2c, \ + 0xdc, 0xb8, 0xc7, 0x55, 0xde, 0x07, 0x3c, 0x9d, 0xb1, 0xd0, 0xdf, 0x02, \ + 0x82, 0xb0, 0x48, 0x58, 0xe1, 0x34, 0xab, 0xcf, 0xb4, 0x85, 0x23, 0x26, \ + 0x78, 0x4f, 0x7a, 0x59, 0x6f, 0xfb, 0x8c, 0x3d, 0xdf, 0x3d, 0x6c, 0x02, \ + 0x47, 0x9c, 0xe5, 0x5e, 0x49, 0xf1, 0x05, 0x0b, 0x1f, 0xbf, 0x48, 0x0f, \ + 0xdc, 0x10, 0xb9, 0x3d, 0x1d, 0x10, 0x77, 0x2a, 0x73, 0xf9, 0xdf, 0xbd, \ + 0xcd, 0xf3, 0x1f, 0xeb, 0x6e, 0x64, 0xca, 0x2b, 0x78, 0x4f, 0xf8, 0x73, \ + 0xc2, 0x10, 0xef, 0x79, 0x95, 0x33, 0x1e, 0x79, 0x35, 0x09, 0xff, 0x88, \ + 0x1b, 0xb4, 0x3e, 0x4c, 0xe1, 0x27, 0x2e, 0x75, 0x80, 0x58, 0x11, 0x03, \ + 0x21, 0x23, 0x96, 0x9a, 0xb5, 0x02, 0x81, 0x80, 0x05, 0x12, 0x64, 0x71, \ + 0x83, 0x00, 0x1c, 0xfe, 0xef, 0x83, 0xea, 0xdd, 0x2c, 0xc8, 0x2c, 0x00, \ + 0x62, 0x1e, 0x8f, 0x3a, 0xdb, 0x1c, 0xab, 0xd6, 0x34, 0x8b, 0xd1, 0xb2, \ + 0x5a, 0x4f, 0x3d, 0x37, 0x38, 0x02, 0xe0, 0xd7, 0x70, 0xc1, 0xb0, 0x47, \ + 0xe0, 0x08, 0x1a, 0x84, 0xec, 0x48, 0xc5, 0x7c, 0x76, 0x83, 0x12, 0x67, \ + 0xab, 0x7c, 0x9f, 0x90, 0x97, 0xc8, 0x8f, 0x07, 0xf4, 0xb3, 0x60, 0xf2, \ + 0x3f, 0x49, 0x18, 0xdb, 0x2e, 0x94, 0x6b, 0x53, 0x9e, 0xa2, 0x63, 0xde, \ + 0x63, 0xd9, 0xab, 0x21, 0x2e, 0x2d, 0x0a, 0xe0, 0xd0, 0xe8, 0xba, 0xc4, \ + 0x4c, 0x1e, 0xa5, 0xf5, 0x51, 0xa8, 0xc4, 0x92, 0xf8, 0x7f, 0x21, 0xe7, \ + 0x65, 0xbf, 0x0b, 0xe6, 0x01, 0xaf, 0x9c, 0x1d, 0x5b, 0x6c, 0x3f, 0x1c, \ + 0x2f, 0xa6, 0x0f, 0x68, 0x38, 0x8e, 0x85, 0xc4, 0x6c, 0x78, 0x2f, 0x6f, \ + 0x06, 0x21, 0x2e, 0x56 \ } /* END FILE */ @@ -969,47 +969,47 @@ /* This is generated from tests/data_files/cli2.crt.der using `xxd -i`. */ /* BEGIN FILE binary macro TEST_CLI_CRT_EC_DER tests/data_files/cli2.crt.der */ #define TEST_CLI_CRT_EC_DER { \ - 0x30, 0x82, 0x01, 0xdf, 0x30, 0x82, 0x01, 0x63, 0xa0, 0x03, 0x02, 0x01, \ - 0x02, 0x02, 0x01, 0x0d, 0x30, 0x0c, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, \ - 0x3d, 0x04, 0x03, 0x02, 0x05, 0x00, 0x30, 0x3e, 0x31, 0x0b, 0x30, 0x09, \ - 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, \ - 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, \ - 0x72, 0x53, 0x53, 0x4c, 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, \ - 0x03, 0x0c, 0x13, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, 0x20, \ - 0x54, 0x65, 0x73, 0x74, 0x20, 0x45, 0x43, 0x20, 0x43, 0x41, 0x30, 0x1e, \ - 0x17, 0x0d, 0x31, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, 0x34, \ - 0x30, 0x30, 0x5a, 0x17, 0x0d, 0x32, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, \ - 0x34, 0x34, 0x34, 0x30, 0x30, 0x5a, 0x30, 0x41, 0x31, 0x0b, 0x30, 0x09, \ - 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, \ - 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, \ - 0x72, 0x53, 0x53, 0x4c, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x04, \ - 0x03, 0x0c, 0x16, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, 0x20, \ - 0x54, 0x65, 0x73, 0x74, 0x20, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x20, \ - 0x32, 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, \ - 0x02, 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, \ - 0x03, 0x42, 0x00, 0x04, 0x57, 0xe5, 0xae, 0xb1, 0x73, 0xdf, 0xd3, 0xac, \ - 0xbb, 0x93, 0xb8, 0x81, 0xff, 0x12, 0xae, 0xee, 0xe6, 0x53, 0xac, 0xce, \ - 0x55, 0x53, 0xf6, 0x34, 0x0e, 0xcc, 0x2e, 0xe3, 0x63, 0x25, 0x0b, 0xdf, \ - 0x98, 0xe2, 0xf3, 0x5c, 0x60, 0x36, 0x96, 0xc0, 0xd5, 0x18, 0x14, 0x70, \ - 0xe5, 0x7f, 0x9f, 0xd5, 0x4b, 0x45, 0x18, 0xe5, 0xb0, 0x6c, 0xd5, 0x5c, \ - 0xf8, 0x96, 0x8f, 0x87, 0x70, 0xa3, 0xe4, 0xc7, 0xa3, 0x4d, 0x30, 0x4b, \ - 0x30, 0x09, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x02, 0x30, 0x00, 0x30, \ - 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x7a, 0x00, \ - 0x5f, 0x86, 0x64, 0xfc, 0xe0, 0x5d, 0xe5, 0x11, 0x10, 0x3b, 0xb2, 0xe6, \ - 0x3b, 0xc4, 0x26, 0x3f, 0xcf, 0xe2, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, \ - 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x9d, 0x6d, 0x20, 0x24, 0x49, \ - 0x01, 0x3f, 0x2b, 0xcb, 0x78, 0xb5, 0x19, 0xbc, 0x7e, 0x24, 0xc9, 0xdb, \ - 0xfb, 0x36, 0x7c, 0x30, 0x0c, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, \ - 0x04, 0x03, 0x02, 0x05, 0x00, 0x03, 0x68, 0x00, 0x30, 0x65, 0x02, 0x31, \ - 0x00, 0xca, 0xa6, 0x7b, 0x80, 0xca, 0x32, 0x57, 0x54, 0x96, 0x99, 0x43, \ - 0x11, 0x3f, 0x50, 0xe8, 0x4a, 0x6d, 0xad, 0xee, 0xee, 0x51, 0x62, 0xa1, \ - 0xb0, 0xb3, 0x85, 0xfb, 0x33, 0xe4, 0x28, 0x39, 0x5f, 0xce, 0x92, 0x24, \ - 0x25, 0x81, 0x05, 0x81, 0xc9, 0x68, 0x0c, 0x71, 0x98, 0xc3, 0xcd, 0x2e, \ - 0x22, 0x02, 0x30, 0x35, 0xfb, 0x72, 0x3d, 0x7b, 0x1a, 0x6d, 0x3a, 0x8c, \ - 0x33, 0xb8, 0x84, 0x1e, 0x05, 0x69, 0x5f, 0xf1, 0x91, 0xa3, 0x32, 0xa4, \ - 0x95, 0x8f, 0x72, 0x40, 0x8f, 0xf9, 0x7a, 0x80, 0x3a, 0x80, 0x65, 0xbb, \ - 0x63, 0xe8, 0xa6, 0xb8, 0x64, 0x7f, 0xa1, 0xaa, 0x39, 0xc9, 0x23, 0x9b, \ - 0x6b, 0xd5, 0x64 \ + 0x30, 0x82, 0x01, 0xdf, 0x30, 0x82, 0x01, 0x63, 0xa0, 0x03, 0x02, 0x01, \ + 0x02, 0x02, 0x01, 0x0d, 0x30, 0x0c, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, \ + 0x3d, 0x04, 0x03, 0x02, 0x05, 0x00, 0x30, 0x3e, 0x31, 0x0b, 0x30, 0x09, \ + 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, \ + 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, \ + 0x72, 0x53, 0x53, 0x4c, 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, \ + 0x03, 0x0c, 0x13, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, 0x20, \ + 0x54, 0x65, 0x73, 0x74, 0x20, 0x45, 0x43, 0x20, 0x43, 0x41, 0x30, 0x1e, \ + 0x17, 0x0d, 0x31, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, 0x34, \ + 0x30, 0x30, 0x5a, 0x17, 0x0d, 0x32, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, \ + 0x34, 0x34, 0x34, 0x30, 0x30, 0x5a, 0x30, 0x41, 0x31, 0x0b, 0x30, 0x09, \ + 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, \ + 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, \ + 0x72, 0x53, 0x53, 0x4c, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x04, \ + 0x03, 0x0c, 0x16, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, 0x20, \ + 0x54, 0x65, 0x73, 0x74, 0x20, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x20, \ + 0x32, 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, \ + 0x02, 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, \ + 0x03, 0x42, 0x00, 0x04, 0x57, 0xe5, 0xae, 0xb1, 0x73, 0xdf, 0xd3, 0xac, \ + 0xbb, 0x93, 0xb8, 0x81, 0xff, 0x12, 0xae, 0xee, 0xe6, 0x53, 0xac, 0xce, \ + 0x55, 0x53, 0xf6, 0x34, 0x0e, 0xcc, 0x2e, 0xe3, 0x63, 0x25, 0x0b, 0xdf, \ + 0x98, 0xe2, 0xf3, 0x5c, 0x60, 0x36, 0x96, 0xc0, 0xd5, 0x18, 0x14, 0x70, \ + 0xe5, 0x7f, 0x9f, 0xd5, 0x4b, 0x45, 0x18, 0xe5, 0xb0, 0x6c, 0xd5, 0x5c, \ + 0xf8, 0x96, 0x8f, 0x87, 0x70, 0xa3, 0xe4, 0xc7, 0xa3, 0x4d, 0x30, 0x4b, \ + 0x30, 0x09, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x02, 0x30, 0x00, 0x30, \ + 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x7a, 0x00, \ + 0x5f, 0x86, 0x64, 0xfc, 0xe0, 0x5d, 0xe5, 0x11, 0x10, 0x3b, 0xb2, 0xe6, \ + 0x3b, 0xc4, 0x26, 0x3f, 0xcf, 0xe2, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, \ + 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x9d, 0x6d, 0x20, 0x24, 0x49, \ + 0x01, 0x3f, 0x2b, 0xcb, 0x78, 0xb5, 0x19, 0xbc, 0x7e, 0x24, 0xc9, 0xdb, \ + 0xfb, 0x36, 0x7c, 0x30, 0x0c, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, \ + 0x04, 0x03, 0x02, 0x05, 0x00, 0x03, 0x68, 0x00, 0x30, 0x65, 0x02, 0x31, \ + 0x00, 0xca, 0xa6, 0x7b, 0x80, 0xca, 0x32, 0x57, 0x54, 0x96, 0x99, 0x43, \ + 0x11, 0x3f, 0x50, 0xe8, 0x4a, 0x6d, 0xad, 0xee, 0xee, 0x51, 0x62, 0xa1, \ + 0xb0, 0xb3, 0x85, 0xfb, 0x33, 0xe4, 0x28, 0x39, 0x5f, 0xce, 0x92, 0x24, \ + 0x25, 0x81, 0x05, 0x81, 0xc9, 0x68, 0x0c, 0x71, 0x98, 0xc3, 0xcd, 0x2e, \ + 0x22, 0x02, 0x30, 0x35, 0xfb, 0x72, 0x3d, 0x7b, 0x1a, 0x6d, 0x3a, 0x8c, \ + 0x33, 0xb8, 0x84, 0x1e, 0x05, 0x69, 0x5f, 0xf1, 0x91, 0xa3, 0x32, 0xa4, \ + 0x95, 0x8f, 0x72, 0x40, 0x8f, 0xf9, 0x7a, 0x80, 0x3a, 0x80, 0x65, 0xbb, \ + 0x63, 0xe8, 0xa6, 0xb8, 0x64, 0x7f, 0xa1, 0xaa, 0x39, 0xc9, 0x23, 0x9b, \ + 0x6b, 0xd5, 0x64 \ } /* END FILE */ @@ -1026,17 +1026,17 @@ /* This is generated from tests/data_files/cli2.key.der using `xxd -i`. */ /* BEGIN FILE binary macro TEST_CLI_KEY_EC_DER tests/data_files/cli2.key.der */ #define TEST_CLI_KEY_EC_DER { \ - 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0xf6, 0xf7, 0x86, 0x64, 0xf1, \ - 0x67, 0x7f, 0xe6, 0x64, 0x8d, 0xef, 0xca, 0x4e, 0xe9, 0xdd, 0x4d, 0xf0, \ - 0x05, 0xff, 0x96, 0x22, 0x8a, 0x7a, 0x84, 0x38, 0x64, 0x17, 0x32, 0x61, \ - 0x98, 0xb7, 0x2a, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, \ - 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0x57, 0xe5, 0xae, \ - 0xb1, 0x73, 0xdf, 0xd3, 0xac, 0xbb, 0x93, 0xb8, 0x81, 0xff, 0x12, 0xae, \ - 0xee, 0xe6, 0x53, 0xac, 0xce, 0x55, 0x53, 0xf6, 0x34, 0x0e, 0xcc, 0x2e, \ - 0xe3, 0x63, 0x25, 0x0b, 0xdf, 0x98, 0xe2, 0xf3, 0x5c, 0x60, 0x36, 0x96, \ - 0xc0, 0xd5, 0x18, 0x14, 0x70, 0xe5, 0x7f, 0x9f, 0xd5, 0x4b, 0x45, 0x18, \ - 0xe5, 0xb0, 0x6c, 0xd5, 0x5c, 0xf8, 0x96, 0x8f, 0x87, 0x70, 0xa3, 0xe4, \ - 0xc7 \ + 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0xf6, 0xf7, 0x86, 0x64, 0xf1, \ + 0x67, 0x7f, 0xe6, 0x64, 0x8d, 0xef, 0xca, 0x4e, 0xe9, 0xdd, 0x4d, 0xf0, \ + 0x05, 0xff, 0x96, 0x22, 0x8a, 0x7a, 0x84, 0x38, 0x64, 0x17, 0x32, 0x61, \ + 0x98, 0xb7, 0x2a, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, \ + 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0x57, 0xe5, 0xae, \ + 0xb1, 0x73, 0xdf, 0xd3, 0xac, 0xbb, 0x93, 0xb8, 0x81, 0xff, 0x12, 0xae, \ + 0xee, 0xe6, 0x53, 0xac, 0xce, 0x55, 0x53, 0xf6, 0x34, 0x0e, 0xcc, 0x2e, \ + 0xe3, 0x63, 0x25, 0x0b, 0xdf, 0x98, 0xe2, 0xf3, 0x5c, 0x60, 0x36, 0x96, \ + 0xc0, 0xd5, 0x18, 0x14, 0x70, 0xe5, 0x7f, 0x9f, 0xd5, 0x4b, 0x45, 0x18, \ + 0xe5, 0xb0, 0x6c, 0xd5, 0x5c, 0xf8, 0x96, 0x8f, 0x87, 0x70, 0xa3, 0xe4, \ + 0xc7 \ } /* END FILE */ @@ -1069,76 +1069,76 @@ using `xxd -i.` */ /* BEGIN FILE binary macro TEST_CLI_CRT_RSA_DER tests/data_files/cli-rsa-sha256.crt.der */ #define TEST_CLI_CRT_RSA_DER { \ - 0x30, 0x82, 0x03, 0x3f, 0x30, 0x82, 0x02, 0x27, 0xa0, 0x03, 0x02, 0x01, \ - 0x02, 0x02, 0x01, 0x04, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, \ - 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x3b, 0x31, 0x0b, 0x30, \ - 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, \ - 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, \ - 0x61, 0x72, 0x53, 0x53, 0x4c, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, \ - 0x04, 0x03, 0x0c, 0x10, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, \ - 0x20, 0x54, 0x65, 0x73, 0x74, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, \ - 0x31, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, 0x34, 0x30, 0x36, \ - 0x5a, 0x17, 0x0d, 0x32, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, \ - 0x34, 0x30, 0x36, 0x5a, 0x30, 0x3c, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, \ - 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, \ - 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, \ - 0x53, 0x4c, 0x31, 0x1a, 0x30, 0x18, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, \ - 0x11, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, 0x20, 0x43, 0x6c, \ - 0x69, 0x65, 0x6e, 0x74, 0x20, 0x32, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, \ - 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, \ - 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, \ - 0x01, 0x01, 0x00, 0xc8, 0x74, 0xc4, 0xcc, 0xb9, 0xf9, 0xb5, 0x79, 0xe9, \ - 0x45, 0xd9, 0x14, 0x60, 0xb0, 0x7d, 0xbb, 0x93, 0xf2, 0x6b, 0x1e, 0x9f, \ - 0x33, 0xad, 0x0d, 0x8f, 0x8a, 0x3c, 0x56, 0x65, 0xe5, 0xdc, 0x44, 0xd9, \ - 0xcc, 0x66, 0x85, 0x07, 0xd5, 0xf8, 0x27, 0xb0, 0x4a, 0x35, 0xd0, 0x63, \ - 0x9e, 0x0a, 0x6e, 0x1b, 0xb7, 0xda, 0xf0, 0x7e, 0xab, 0xee, 0x0c, 0x10, \ - 0x93, 0x86, 0x49, 0x18, 0x34, 0xf3, 0xa8, 0x2a, 0xd2, 0x57, 0xf5, 0x2e, \ - 0xd4, 0x2f, 0x77, 0x29, 0x84, 0x61, 0x4d, 0x82, 0x50, 0x8f, 0xa7, 0x95, \ - 0x48, 0x70, 0xf5, 0x6e, 0x4d, 0xb2, 0xd5, 0x13, 0xc3, 0xd2, 0x1a, 0xed, \ - 0xe6, 0x43, 0xea, 0x42, 0x14, 0xeb, 0x74, 0xea, 0xc0, 0xed, 0x1f, 0xd4, \ - 0x57, 0x4e, 0xa9, 0xf3, 0xa8, 0xed, 0xd2, 0xe0, 0xc1, 0x30, 0x71, 0x30, \ - 0x32, 0x30, 0xd5, 0xd3, 0xf6, 0x08, 0xd0, 0x56, 0x4f, 0x46, 0x8e, 0xf2, \ - 0x5f, 0xf9, 0x3d, 0x67, 0x91, 0x88, 0x30, 0x2e, 0x42, 0xb2, 0xdf, 0x7d, \ - 0xfb, 0xe5, 0x0c, 0x77, 0xff, 0xec, 0x31, 0xc0, 0x78, 0x8f, 0xbf, 0xc2, \ - 0x7f, 0xca, 0xad, 0x6c, 0x21, 0xd6, 0x8d, 0xd9, 0x8b, 0x6a, 0x8e, 0x6f, \ - 0xe0, 0x9b, 0xf8, 0x10, 0x56, 0xcc, 0xb3, 0x8e, 0x13, 0x15, 0xe6, 0x34, \ - 0x04, 0x66, 0xc7, 0xee, 0xf9, 0x36, 0x0e, 0x6a, 0x95, 0xf6, 0x09, 0x9a, \ - 0x06, 0x67, 0xf4, 0x65, 0x71, 0xf8, 0xca, 0xa4, 0xb1, 0x25, 0xe0, 0xfe, \ - 0x3c, 0x8b, 0x35, 0x04, 0x67, 0xba, 0xe0, 0x4f, 0x76, 0x85, 0xfc, 0x7f, \ - 0xfc, 0x36, 0x6b, 0xb5, 0xe9, 0xcd, 0x2d, 0x03, 0x62, 0x4e, 0xb3, 0x3d, \ - 0x00, 0xcf, 0xaf, 0x76, 0xa0, 0x69, 0x56, 0x83, 0x6a, 0xd2, 0xa8, 0xd4, \ - 0xe7, 0x50, 0x71, 0xe6, 0xb5, 0x36, 0x05, 0x77, 0x05, 0x6d, 0x7b, 0xc8, \ - 0xe4, 0xc4, 0xfd, 0x4c, 0xd5, 0x21, 0x5f, 0x02, 0x03, 0x01, 0x00, 0x01, \ - 0xa3, 0x4d, 0x30, 0x4b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, \ - 0x02, 0x30, 0x00, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, \ - 0x04, 0x14, 0x71, 0xa1, 0x00, 0x73, 0x72, 0x40, 0x2f, 0x54, 0x76, 0x5e, \ - 0x33, 0xfc, 0x52, 0x8f, 0xbc, 0xf1, 0xdd, 0x6b, 0x46, 0x21, 0x30, 0x1f, \ - 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0xb4, \ - 0x5a, 0xe4, 0xa5, 0xb3, 0xde, 0xd2, 0x52, 0xf6, 0xb9, 0xd5, 0xa6, 0x95, \ - 0x0f, 0xeb, 0x3e, 0xbc, 0xc7, 0xfd, 0xff, 0x30, 0x0d, 0x06, 0x09, 0x2a, \ - 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, \ - 0x01, 0x01, 0x00, 0x5e, 0x27, 0x6f, 0xd5, 0xde, 0x29, 0x2e, 0x50, 0x62, \ - 0x29, 0x61, 0x03, 0xf7, 0x9a, 0xcc, 0xc9, 0xc0, 0x5d, 0x80, 0x37, 0x20, \ - 0xc8, 0xda, 0x89, 0xc5, 0xa9, 0x05, 0x91, 0x17, 0xd1, 0xc8, 0x0d, 0xb2, \ - 0xd6, 0x69, 0x72, 0x4e, 0x7e, 0xee, 0x05, 0x74, 0x64, 0x34, 0xb6, 0x39, \ - 0x64, 0x5c, 0xca, 0xf3, 0x61, 0x82, 0x8e, 0x4d, 0x90, 0xd8, 0xe0, 0xf8, \ - 0x45, 0x94, 0x82, 0x3c, 0x02, 0x49, 0xa8, 0xba, 0x47, 0x1d, 0x4d, 0xf8, \ - 0xb7, 0xbd, 0x5c, 0x89, 0xf7, 0xef, 0xcb, 0x62, 0x8a, 0xf3, 0x56, 0x2f, \ - 0xaf, 0x17, 0x33, 0x46, 0x13, 0x00, 0x13, 0xae, 0x22, 0xfa, 0xa9, 0xda, \ - 0xc8, 0xfd, 0xd3, 0x77, 0x65, 0xee, 0x58, 0x94, 0x74, 0xe4, 0xf5, 0x4f, \ - 0xa1, 0x27, 0xa6, 0xb0, 0xd1, 0x0b, 0xb3, 0xd8, 0x16, 0xb6, 0xd7, 0x67, \ - 0x63, 0x2d, 0xdc, 0x7b, 0xe1, 0x18, 0xd9, 0x8d, 0x27, 0xed, 0x1b, 0x22, \ - 0xef, 0xdf, 0x36, 0x11, 0xe2, 0xc8, 0x00, 0x0e, 0xc7, 0xe9, 0xc6, 0xb8, \ - 0xd8, 0x4b, 0x3f, 0x35, 0x41, 0xff, 0xfc, 0x96, 0x49, 0x4f, 0x7d, 0x8e, \ - 0x3f, 0x47, 0x68, 0x33, 0x17, 0x83, 0x44, 0x0f, 0xaf, 0xa6, 0x59, 0x0a, \ - 0xa9, 0x32, 0xcb, 0x59, 0xfe, 0xdd, 0x5f, 0x6e, 0x8b, 0x22, 0xb8, 0x81, \ - 0x90, 0x16, 0x91, 0x0a, 0x04, 0x79, 0x62, 0xff, 0x4b, 0x04, 0xf1, 0x5c, \ - 0x34, 0xeb, 0x69, 0xce, 0xef, 0xcb, 0x6e, 0xb6, 0x3b, 0x40, 0x55, 0xca, \ - 0x24, 0xc2, 0x3e, 0x25, 0x70, 0xee, 0x74, 0x2b, 0x0e, 0x9f, 0xc2, 0x82, \ - 0x9a, 0x20, 0x38, 0x77, 0xa1, 0x26, 0x8a, 0xca, 0x9f, 0x87, 0x75, 0x77, \ - 0xe3, 0xce, 0x65, 0xec, 0x71, 0x10, 0x35, 0xcb, 0xcb, 0x4f, 0x19, 0x43, \ - 0xeb, 0x30, 0xd0, 0xca, 0x2d, 0x3f, 0xca, 0x46, 0x14, 0x61, 0x99, 0x30, \ - 0x41, 0x32, 0xb5, 0x37, 0x63, 0x6f, 0x97 \ + 0x30, 0x82, 0x03, 0x3f, 0x30, 0x82, 0x02, 0x27, 0xa0, 0x03, 0x02, 0x01, \ + 0x02, 0x02, 0x01, 0x04, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, \ + 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x3b, 0x31, 0x0b, 0x30, \ + 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, \ + 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, \ + 0x61, 0x72, 0x53, 0x53, 0x4c, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, \ + 0x04, 0x03, 0x0c, 0x10, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, \ + 0x20, 0x54, 0x65, 0x73, 0x74, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, \ + 0x31, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, 0x34, 0x30, 0x36, \ + 0x5a, 0x17, 0x0d, 0x32, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, \ + 0x34, 0x30, 0x36, 0x5a, 0x30, 0x3c, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, \ + 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, \ + 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, \ + 0x53, 0x4c, 0x31, 0x1a, 0x30, 0x18, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, \ + 0x11, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, 0x20, 0x43, 0x6c, \ + 0x69, 0x65, 0x6e, 0x74, 0x20, 0x32, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, \ + 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, \ + 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, \ + 0x01, 0x01, 0x00, 0xc8, 0x74, 0xc4, 0xcc, 0xb9, 0xf9, 0xb5, 0x79, 0xe9, \ + 0x45, 0xd9, 0x14, 0x60, 0xb0, 0x7d, 0xbb, 0x93, 0xf2, 0x6b, 0x1e, 0x9f, \ + 0x33, 0xad, 0x0d, 0x8f, 0x8a, 0x3c, 0x56, 0x65, 0xe5, 0xdc, 0x44, 0xd9, \ + 0xcc, 0x66, 0x85, 0x07, 0xd5, 0xf8, 0x27, 0xb0, 0x4a, 0x35, 0xd0, 0x63, \ + 0x9e, 0x0a, 0x6e, 0x1b, 0xb7, 0xda, 0xf0, 0x7e, 0xab, 0xee, 0x0c, 0x10, \ + 0x93, 0x86, 0x49, 0x18, 0x34, 0xf3, 0xa8, 0x2a, 0xd2, 0x57, 0xf5, 0x2e, \ + 0xd4, 0x2f, 0x77, 0x29, 0x84, 0x61, 0x4d, 0x82, 0x50, 0x8f, 0xa7, 0x95, \ + 0x48, 0x70, 0xf5, 0x6e, 0x4d, 0xb2, 0xd5, 0x13, 0xc3, 0xd2, 0x1a, 0xed, \ + 0xe6, 0x43, 0xea, 0x42, 0x14, 0xeb, 0x74, 0xea, 0xc0, 0xed, 0x1f, 0xd4, \ + 0x57, 0x4e, 0xa9, 0xf3, 0xa8, 0xed, 0xd2, 0xe0, 0xc1, 0x30, 0x71, 0x30, \ + 0x32, 0x30, 0xd5, 0xd3, 0xf6, 0x08, 0xd0, 0x56, 0x4f, 0x46, 0x8e, 0xf2, \ + 0x5f, 0xf9, 0x3d, 0x67, 0x91, 0x88, 0x30, 0x2e, 0x42, 0xb2, 0xdf, 0x7d, \ + 0xfb, 0xe5, 0x0c, 0x77, 0xff, 0xec, 0x31, 0xc0, 0x78, 0x8f, 0xbf, 0xc2, \ + 0x7f, 0xca, 0xad, 0x6c, 0x21, 0xd6, 0x8d, 0xd9, 0x8b, 0x6a, 0x8e, 0x6f, \ + 0xe0, 0x9b, 0xf8, 0x10, 0x56, 0xcc, 0xb3, 0x8e, 0x13, 0x15, 0xe6, 0x34, \ + 0x04, 0x66, 0xc7, 0xee, 0xf9, 0x36, 0x0e, 0x6a, 0x95, 0xf6, 0x09, 0x9a, \ + 0x06, 0x67, 0xf4, 0x65, 0x71, 0xf8, 0xca, 0xa4, 0xb1, 0x25, 0xe0, 0xfe, \ + 0x3c, 0x8b, 0x35, 0x04, 0x67, 0xba, 0xe0, 0x4f, 0x76, 0x85, 0xfc, 0x7f, \ + 0xfc, 0x36, 0x6b, 0xb5, 0xe9, 0xcd, 0x2d, 0x03, 0x62, 0x4e, 0xb3, 0x3d, \ + 0x00, 0xcf, 0xaf, 0x76, 0xa0, 0x69, 0x56, 0x83, 0x6a, 0xd2, 0xa8, 0xd4, \ + 0xe7, 0x50, 0x71, 0xe6, 0xb5, 0x36, 0x05, 0x77, 0x05, 0x6d, 0x7b, 0xc8, \ + 0xe4, 0xc4, 0xfd, 0x4c, 0xd5, 0x21, 0x5f, 0x02, 0x03, 0x01, 0x00, 0x01, \ + 0xa3, 0x4d, 0x30, 0x4b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, \ + 0x02, 0x30, 0x00, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, \ + 0x04, 0x14, 0x71, 0xa1, 0x00, 0x73, 0x72, 0x40, 0x2f, 0x54, 0x76, 0x5e, \ + 0x33, 0xfc, 0x52, 0x8f, 0xbc, 0xf1, 0xdd, 0x6b, 0x46, 0x21, 0x30, 0x1f, \ + 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0xb4, \ + 0x5a, 0xe4, 0xa5, 0xb3, 0xde, 0xd2, 0x52, 0xf6, 0xb9, 0xd5, 0xa6, 0x95, \ + 0x0f, 0xeb, 0x3e, 0xbc, 0xc7, 0xfd, 0xff, 0x30, 0x0d, 0x06, 0x09, 0x2a, \ + 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, \ + 0x01, 0x01, 0x00, 0x5e, 0x27, 0x6f, 0xd5, 0xde, 0x29, 0x2e, 0x50, 0x62, \ + 0x29, 0x61, 0x03, 0xf7, 0x9a, 0xcc, 0xc9, 0xc0, 0x5d, 0x80, 0x37, 0x20, \ + 0xc8, 0xda, 0x89, 0xc5, 0xa9, 0x05, 0x91, 0x17, 0xd1, 0xc8, 0x0d, 0xb2, \ + 0xd6, 0x69, 0x72, 0x4e, 0x7e, 0xee, 0x05, 0x74, 0x64, 0x34, 0xb6, 0x39, \ + 0x64, 0x5c, 0xca, 0xf3, 0x61, 0x82, 0x8e, 0x4d, 0x90, 0xd8, 0xe0, 0xf8, \ + 0x45, 0x94, 0x82, 0x3c, 0x02, 0x49, 0xa8, 0xba, 0x47, 0x1d, 0x4d, 0xf8, \ + 0xb7, 0xbd, 0x5c, 0x89, 0xf7, 0xef, 0xcb, 0x62, 0x8a, 0xf3, 0x56, 0x2f, \ + 0xaf, 0x17, 0x33, 0x46, 0x13, 0x00, 0x13, 0xae, 0x22, 0xfa, 0xa9, 0xda, \ + 0xc8, 0xfd, 0xd3, 0x77, 0x65, 0xee, 0x58, 0x94, 0x74, 0xe4, 0xf5, 0x4f, \ + 0xa1, 0x27, 0xa6, 0xb0, 0xd1, 0x0b, 0xb3, 0xd8, 0x16, 0xb6, 0xd7, 0x67, \ + 0x63, 0x2d, 0xdc, 0x7b, 0xe1, 0x18, 0xd9, 0x8d, 0x27, 0xed, 0x1b, 0x22, \ + 0xef, 0xdf, 0x36, 0x11, 0xe2, 0xc8, 0x00, 0x0e, 0xc7, 0xe9, 0xc6, 0xb8, \ + 0xd8, 0x4b, 0x3f, 0x35, 0x41, 0xff, 0xfc, 0x96, 0x49, 0x4f, 0x7d, 0x8e, \ + 0x3f, 0x47, 0x68, 0x33, 0x17, 0x83, 0x44, 0x0f, 0xaf, 0xa6, 0x59, 0x0a, \ + 0xa9, 0x32, 0xcb, 0x59, 0xfe, 0xdd, 0x5f, 0x6e, 0x8b, 0x22, 0xb8, 0x81, \ + 0x90, 0x16, 0x91, 0x0a, 0x04, 0x79, 0x62, 0xff, 0x4b, 0x04, 0xf1, 0x5c, \ + 0x34, 0xeb, 0x69, 0xce, 0xef, 0xcb, 0x6e, 0xb6, 0x3b, 0x40, 0x55, 0xca, \ + 0x24, 0xc2, 0x3e, 0x25, 0x70, 0xee, 0x74, 0x2b, 0x0e, 0x9f, 0xc2, 0x82, \ + 0x9a, 0x20, 0x38, 0x77, 0xa1, 0x26, 0x8a, 0xca, 0x9f, 0x87, 0x75, 0x77, \ + 0xe3, 0xce, 0x65, 0xec, 0x71, 0x10, 0x35, 0xcb, 0xcb, 0x4f, 0x19, 0x43, \ + 0xeb, 0x30, 0xd0, 0xca, 0x2d, 0x3f, 0xca, 0x46, 0x14, 0x61, 0x99, 0x30, \ + 0x41, 0x32, 0xb5, 0x37, 0x63, 0x6f, 0x97 \ } /* END FILE */ @@ -1176,106 +1176,106 @@ /* This was generated from tests/data_files/cli-rsa.key.der using `xxd -i`. */ /* BEGIN FILE binary macro TEST_CLI_KEY_RSA_DER tests/data_files/cli-rsa.key.der */ #define TEST_CLI_KEY_RSA_DER { \ - 0x30, 0x82, 0x04, 0xa4, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00, \ - 0xc8, 0x74, 0xc4, 0xcc, 0xb9, 0xf9, 0xb5, 0x79, 0xe9, 0x45, 0xd9, 0x14, \ - 0x60, 0xb0, 0x7d, 0xbb, 0x93, 0xf2, 0x6b, 0x1e, 0x9f, 0x33, 0xad, 0x0d, \ - 0x8f, 0x8a, 0x3c, 0x56, 0x65, 0xe5, 0xdc, 0x44, 0xd9, 0xcc, 0x66, 0x85, \ - 0x07, 0xd5, 0xf8, 0x27, 0xb0, 0x4a, 0x35, 0xd0, 0x63, 0x9e, 0x0a, 0x6e, \ - 0x1b, 0xb7, 0xda, 0xf0, 0x7e, 0xab, 0xee, 0x0c, 0x10, 0x93, 0x86, 0x49, \ - 0x18, 0x34, 0xf3, 0xa8, 0x2a, 0xd2, 0x57, 0xf5, 0x2e, 0xd4, 0x2f, 0x77, \ - 0x29, 0x84, 0x61, 0x4d, 0x82, 0x50, 0x8f, 0xa7, 0x95, 0x48, 0x70, 0xf5, \ - 0x6e, 0x4d, 0xb2, 0xd5, 0x13, 0xc3, 0xd2, 0x1a, 0xed, 0xe6, 0x43, 0xea, \ - 0x42, 0x14, 0xeb, 0x74, 0xea, 0xc0, 0xed, 0x1f, 0xd4, 0x57, 0x4e, 0xa9, \ - 0xf3, 0xa8, 0xed, 0xd2, 0xe0, 0xc1, 0x30, 0x71, 0x30, 0x32, 0x30, 0xd5, \ - 0xd3, 0xf6, 0x08, 0xd0, 0x56, 0x4f, 0x46, 0x8e, 0xf2, 0x5f, 0xf9, 0x3d, \ - 0x67, 0x91, 0x88, 0x30, 0x2e, 0x42, 0xb2, 0xdf, 0x7d, 0xfb, 0xe5, 0x0c, \ - 0x77, 0xff, 0xec, 0x31, 0xc0, 0x78, 0x8f, 0xbf, 0xc2, 0x7f, 0xca, 0xad, \ - 0x6c, 0x21, 0xd6, 0x8d, 0xd9, 0x8b, 0x6a, 0x8e, 0x6f, 0xe0, 0x9b, 0xf8, \ - 0x10, 0x56, 0xcc, 0xb3, 0x8e, 0x13, 0x15, 0xe6, 0x34, 0x04, 0x66, 0xc7, \ - 0xee, 0xf9, 0x36, 0x0e, 0x6a, 0x95, 0xf6, 0x09, 0x9a, 0x06, 0x67, 0xf4, \ - 0x65, 0x71, 0xf8, 0xca, 0xa4, 0xb1, 0x25, 0xe0, 0xfe, 0x3c, 0x8b, 0x35, \ - 0x04, 0x67, 0xba, 0xe0, 0x4f, 0x76, 0x85, 0xfc, 0x7f, 0xfc, 0x36, 0x6b, \ - 0xb5, 0xe9, 0xcd, 0x2d, 0x03, 0x62, 0x4e, 0xb3, 0x3d, 0x00, 0xcf, 0xaf, \ - 0x76, 0xa0, 0x69, 0x56, 0x83, 0x6a, 0xd2, 0xa8, 0xd4, 0xe7, 0x50, 0x71, \ - 0xe6, 0xb5, 0x36, 0x05, 0x77, 0x05, 0x6d, 0x7b, 0xc8, 0xe4, 0xc4, 0xfd, \ - 0x4c, 0xd5, 0x21, 0x5f, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01, \ - 0x00, 0x67, 0x4d, 0xb5, 0xf6, 0x03, 0x89, 0xaa, 0x7a, 0x6f, 0x3b, 0x2d, \ - 0xca, 0x10, 0xa2, 0x23, 0xc9, 0xbd, 0x4e, 0xda, 0xe1, 0x67, 0x0e, 0x0c, \ - 0x8a, 0xc6, 0x84, 0x68, 0xdf, 0xe5, 0x97, 0x75, 0xd2, 0x8d, 0xa3, 0x86, \ - 0xd9, 0xdb, 0xd5, 0xeb, 0x13, 0x19, 0x08, 0xc5, 0x7e, 0xe5, 0x37, 0x97, \ - 0x0c, 0x73, 0x80, 0x66, 0x76, 0x35, 0xf1, 0x88, 0xb5, 0xf2, 0xfc, 0xf3, \ - 0xe1, 0x4b, 0x76, 0x4e, 0x73, 0x45, 0xce, 0x2c, 0xc2, 0x10, 0x26, 0x0d, \ - 0x68, 0x0d, 0x9f, 0x49, 0x3d, 0xd6, 0x80, 0x89, 0xe7, 0xc5, 0x49, 0x15, \ - 0xdd, 0x85, 0xc0, 0xc8, 0xfe, 0x82, 0x37, 0x12, 0x5a, 0x0a, 0x6b, 0xf6, \ - 0x68, 0x0d, 0x32, 0x16, 0xbd, 0xa4, 0x15, 0x54, 0x9e, 0x68, 0xa1, 0xad, \ - 0xca, 0x6b, 0xe5, 0x8c, 0xda, 0x76, 0x35, 0x59, 0x2f, 0x9b, 0xb4, 0xe1, \ - 0xf1, 0xf0, 0x50, 0x04, 0xee, 0xc8, 0xec, 0x05, 0xe1, 0xcf, 0x8d, 0xe4, \ - 0xd2, 0x64, 0x7b, 0x5e, 0x63, 0xe0, 0x7b, 0x07, 0xbc, 0x02, 0x96, 0x4e, \ - 0x1b, 0x78, 0x6c, 0xb6, 0x43, 0x9a, 0x32, 0xf6, 0xd6, 0x02, 0xf5, 0x80, \ - 0xcc, 0x26, 0x6e, 0xa5, 0xd0, 0xe3, 0x65, 0x88, 0xce, 0x26, 0xa9, 0x40, \ - 0xe1, 0xe1, 0x00, 0xe0, 0x7f, 0x3f, 0xc3, 0xb1, 0x7c, 0xde, 0xbe, 0x42, \ - 0xba, 0x07, 0x81, 0x13, 0xc2, 0xe0, 0x11, 0x11, 0x23, 0x2c, 0xf8, 0xb2, \ - 0x7a, 0x3a, 0xd4, 0xe4, 0x7d, 0x5f, 0xb9, 0xb1, 0x18, 0xfa, 0x1d, 0x1d, \ - 0x97, 0x91, 0xd9, 0x04, 0x9e, 0xbc, 0xc9, 0xb4, 0xd7, 0x7d, 0x0e, 0x54, \ - 0xf6, 0x8f, 0xd0, 0x28, 0x0d, 0xdd, 0x77, 0x4b, 0x68, 0x04, 0x48, 0x61, \ - 0x75, 0x15, 0x03, 0x1b, 0x35, 0xad, 0x8e, 0xfc, 0x24, 0x11, 0x07, 0xea, \ - 0x17, 0x5a, 0xde, 0x19, 0x68, 0xff, 0xb6, 0x87, 0x7f, 0x80, 0x2a, 0x5f, \ - 0x0c, 0x58, 0xba, 0x5f, 0x41, 0x02, 0x81, 0x81, 0x00, 0xe3, 0x03, 0xaf, \ - 0xfe, 0x98, 0xd2, 0x0b, 0x7b, 0x72, 0xe9, 0x3b, 0x8e, 0xbc, 0xa5, 0xf6, \ - 0xac, 0xe5, 0x22, 0x06, 0xb2, 0xd7, 0x5e, 0xfd, 0x89, 0x4b, 0x16, 0x67, \ - 0x32, 0x83, 0x22, 0x58, 0x8e, 0x62, 0xa4, 0xb4, 0x2d, 0xf9, 0x16, 0x13, \ - 0x54, 0xf6, 0x9f, 0x2f, 0xf9, 0xbb, 0x0e, 0x7e, 0x8c, 0x6f, 0x08, 0xda, \ - 0xc8, 0xe9, 0x1c, 0x66, 0x10, 0x70, 0x93, 0x90, 0x8d, 0xcf, 0x90, 0x3a, \ - 0x43, 0x89, 0x49, 0xeb, 0x83, 0x2a, 0xfe, 0x5a, 0x87, 0xce, 0x74, 0x42, \ - 0x41, 0x0d, 0x8c, 0x73, 0x51, 0xbc, 0x7b, 0x20, 0xc5, 0xfd, 0xf6, 0x0b, \ - 0x65, 0xed, 0xa9, 0x2e, 0xfc, 0x0f, 0xf5, 0x50, 0xf9, 0x8d, 0x37, 0x36, \ - 0x9a, 0x20, 0xdf, 0xc3, 0xe3, 0x27, 0xbc, 0x98, 0x72, 0xc1, 0x14, 0x4b, \ - 0x71, 0xe9, 0x83, 0x14, 0xff, 0x24, 0xe2, 0x14, 0x15, 0xb6, 0x6f, 0x0f, \ - 0x32, 0x9d, 0xd9, 0x98, 0xd1, 0x02, 0x81, 0x81, 0x00, 0xe2, 0x0c, 0xfb, \ - 0xc3, 0x33, 0x9b, 0x47, 0x88, 0x27, 0xf2, 0x26, 0xde, 0xeb, 0x5e, 0xee, \ - 0x40, 0xf6, 0x63, 0x5b, 0x35, 0x23, 0xf5, 0xd5, 0x07, 0x61, 0xdf, 0xa2, \ - 0x9f, 0x58, 0x30, 0x04, 0x22, 0x2b, 0xb4, 0xd9, 0xda, 0x46, 0x7f, 0x48, \ - 0xf5, 0x4f, 0xd0, 0xea, 0xd7, 0xa0, 0x45, 0x8a, 0x62, 0x8b, 0x8c, 0xac, \ - 0x73, 0x5e, 0xfa, 0x36, 0x65, 0x3e, 0xba, 0x6c, 0xba, 0x5e, 0x6b, 0x92, \ - 0x29, 0x5e, 0x6a, 0x0f, 0xd6, 0xd2, 0xa5, 0x95, 0x86, 0xda, 0x72, 0xc5, \ - 0x9e, 0xc9, 0x6b, 0x37, 0x5e, 0x4b, 0x9b, 0x77, 0xe1, 0x67, 0x1a, 0x1e, \ - 0x30, 0xd8, 0x41, 0x68, 0x40, 0xd3, 0x9c, 0xb4, 0xf6, 0xeb, 0x2a, 0x22, \ - 0xdf, 0x78, 0x29, 0xd2, 0x64, 0x92, 0x5b, 0x2f, 0x78, 0x64, 0x4a, 0xa2, \ - 0xa6, 0x6b, 0x3e, 0x50, 0xb1, 0x7a, 0xb1, 0x8d, 0x59, 0xb4, 0x55, 0xba, \ - 0xb6, 0x91, 0x85, 0xa3, 0x2f, 0x02, 0x81, 0x80, 0x10, 0x1e, 0x19, 0xe7, \ - 0xbc, 0x97, 0xe5, 0x22, 0xcd, 0xa4, 0xcb, 0x8a, 0xb5, 0xd0, 0x1e, 0xb4, \ - 0x65, 0xcc, 0x45, 0xa7, 0x7a, 0xed, 0x0e, 0x99, 0x29, 0xd0, 0x9c, 0x61, \ - 0x14, 0xb8, 0x62, 0x8b, 0x31, 0x6b, 0xba, 0x33, 0x2d, 0x65, 0x28, 0xd8, \ - 0x36, 0x6e, 0x54, 0xec, 0xa9, 0x20, 0x3d, 0x51, 0xe1, 0x2c, 0x42, 0xc4, \ - 0x52, 0xf0, 0xa6, 0x3a, 0x72, 0x93, 0xb7, 0x86, 0xa9, 0xfe, 0xf6, 0x74, \ - 0x07, 0x12, 0x4d, 0x7b, 0x51, 0x99, 0x1f, 0x7a, 0x56, 0xe9, 0x20, 0x2f, \ - 0x18, 0x34, 0x29, 0x97, 0xdb, 0x06, 0xee, 0xeb, 0xbf, 0xbd, 0x31, 0x4f, \ - 0xfa, 0x50, 0xb1, 0xba, 0x49, 0xb3, 0xc4, 0x1d, 0x03, 0xae, 0xb0, 0xdc, \ - 0xbe, 0x8a, 0xc4, 0x90, 0xa3, 0x28, 0x9b, 0xb6, 0x42, 0x09, 0x1b, 0xd6, \ - 0x29, 0x9b, 0x19, 0xe9, 0x87, 0x87, 0xd9, 0x9f, 0x35, 0x05, 0xab, 0x91, \ - 0x8f, 0x6d, 0x7c, 0x91, 0x02, 0x81, 0x81, 0x00, 0x94, 0x57, 0xf0, 0xe0, \ - 0x28, 0xfd, 0xbd, 0xf3, 0x9c, 0x43, 0x4d, 0x3e, 0xfd, 0x37, 0x4f, 0x23, \ - 0x52, 0x8d, 0xe1, 0x4c, 0xfe, 0x4c, 0x55, 0x80, 0x82, 0xba, 0x3f, 0xfe, \ - 0x51, 0xe1, 0x30, 0xd5, 0x3b, 0xd9, 0x73, 0x1d, 0xcb, 0x25, 0xbc, 0xbb, \ - 0x3f, 0xa5, 0xda, 0x77, 0xa6, 0xb5, 0xfc, 0x1a, 0xaf, 0x79, 0xa1, 0xb2, \ - 0x14, 0xa2, 0x1f, 0x10, 0x52, 0x1a, 0x05, 0x40, 0x48, 0xb6, 0x4f, 0x34, \ - 0xd6, 0xc0, 0xc3, 0xa4, 0x36, 0x98, 0x73, 0x88, 0x0b, 0xd3, 0x45, 0xdc, \ - 0xee, 0x51, 0x6e, 0x04, 0x73, 0x99, 0x93, 0x12, 0x58, 0x96, 0xcb, 0x39, \ - 0x42, 0xb1, 0xa9, 0xb8, 0xe1, 0x25, 0xf5, 0x9c, 0x14, 0xb7, 0x92, 0x2b, \ - 0x14, 0xb0, 0x5d, 0x61, 0xa2, 0xaa, 0x34, 0x7c, 0xcd, 0x54, 0x2d, 0x69, \ - 0x08, 0xf7, 0xdb, 0xfc, 0x9c, 0x87, 0xe8, 0x3a, 0xf6, 0x1d, 0x4c, 0x6a, \ - 0x83, 0x15, 0x30, 0x01, 0x02, 0x81, 0x81, 0x00, 0x9c, 0x53, 0xa1, 0xb6, \ - 0x2f, 0xc0, 0x06, 0xf5, 0xdf, 0x5c, 0xd1, 0x4a, 0x4e, 0xc8, 0xbd, 0x6d, \ - 0x32, 0xf1, 0x5e, 0xe5, 0x3b, 0x70, 0xd0, 0xa8, 0xe5, 0x41, 0x57, 0x6c, \ - 0x87, 0x53, 0x0f, 0xeb, 0x28, 0xa0, 0x62, 0x8f, 0x43, 0x62, 0xec, 0x2e, \ - 0x6c, 0x71, 0x55, 0x5b, 0x6a, 0xf4, 0x74, 0x14, 0xea, 0x7a, 0x03, 0xf6, \ - 0xfc, 0xa4, 0xce, 0xc4, 0xac, 0xda, 0x1d, 0xf0, 0xb5, 0xa9, 0xfd, 0x11, \ - 0x18, 0x3b, 0x14, 0xa0, 0x90, 0x8d, 0x26, 0xb7, 0x75, 0x73, 0x0a, 0x02, \ - 0x2c, 0x6f, 0x0f, 0xd8, 0x41, 0x78, 0xc3, 0x73, 0x81, 0xac, 0xaa, 0xaf, \ - 0xf2, 0xee, 0x32, 0xb5, 0x8d, 0x05, 0xf9, 0x59, 0x5a, 0x9e, 0x3e, 0x65, \ - 0x9b, 0x74, 0xda, 0xa0, 0x74, 0x95, 0x17, 0x5f, 0x8d, 0x58, 0xfc, 0x8e, \ - 0x4e, 0x2c, 0x1e, 0xbc, 0x81, 0x02, 0x18, 0xac, 0x12, 0xc6, 0xf9, 0x64, \ - 0x8b, 0x87, 0xc3, 0x00 \ + 0x30, 0x82, 0x04, 0xa4, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00, \ + 0xc8, 0x74, 0xc4, 0xcc, 0xb9, 0xf9, 0xb5, 0x79, 0xe9, 0x45, 0xd9, 0x14, \ + 0x60, 0xb0, 0x7d, 0xbb, 0x93, 0xf2, 0x6b, 0x1e, 0x9f, 0x33, 0xad, 0x0d, \ + 0x8f, 0x8a, 0x3c, 0x56, 0x65, 0xe5, 0xdc, 0x44, 0xd9, 0xcc, 0x66, 0x85, \ + 0x07, 0xd5, 0xf8, 0x27, 0xb0, 0x4a, 0x35, 0xd0, 0x63, 0x9e, 0x0a, 0x6e, \ + 0x1b, 0xb7, 0xda, 0xf0, 0x7e, 0xab, 0xee, 0x0c, 0x10, 0x93, 0x86, 0x49, \ + 0x18, 0x34, 0xf3, 0xa8, 0x2a, 0xd2, 0x57, 0xf5, 0x2e, 0xd4, 0x2f, 0x77, \ + 0x29, 0x84, 0x61, 0x4d, 0x82, 0x50, 0x8f, 0xa7, 0x95, 0x48, 0x70, 0xf5, \ + 0x6e, 0x4d, 0xb2, 0xd5, 0x13, 0xc3, 0xd2, 0x1a, 0xed, 0xe6, 0x43, 0xea, \ + 0x42, 0x14, 0xeb, 0x74, 0xea, 0xc0, 0xed, 0x1f, 0xd4, 0x57, 0x4e, 0xa9, \ + 0xf3, 0xa8, 0xed, 0xd2, 0xe0, 0xc1, 0x30, 0x71, 0x30, 0x32, 0x30, 0xd5, \ + 0xd3, 0xf6, 0x08, 0xd0, 0x56, 0x4f, 0x46, 0x8e, 0xf2, 0x5f, 0xf9, 0x3d, \ + 0x67, 0x91, 0x88, 0x30, 0x2e, 0x42, 0xb2, 0xdf, 0x7d, 0xfb, 0xe5, 0x0c, \ + 0x77, 0xff, 0xec, 0x31, 0xc0, 0x78, 0x8f, 0xbf, 0xc2, 0x7f, 0xca, 0xad, \ + 0x6c, 0x21, 0xd6, 0x8d, 0xd9, 0x8b, 0x6a, 0x8e, 0x6f, 0xe0, 0x9b, 0xf8, \ + 0x10, 0x56, 0xcc, 0xb3, 0x8e, 0x13, 0x15, 0xe6, 0x34, 0x04, 0x66, 0xc7, \ + 0xee, 0xf9, 0x36, 0x0e, 0x6a, 0x95, 0xf6, 0x09, 0x9a, 0x06, 0x67, 0xf4, \ + 0x65, 0x71, 0xf8, 0xca, 0xa4, 0xb1, 0x25, 0xe0, 0xfe, 0x3c, 0x8b, 0x35, \ + 0x04, 0x67, 0xba, 0xe0, 0x4f, 0x76, 0x85, 0xfc, 0x7f, 0xfc, 0x36, 0x6b, \ + 0xb5, 0xe9, 0xcd, 0x2d, 0x03, 0x62, 0x4e, 0xb3, 0x3d, 0x00, 0xcf, 0xaf, \ + 0x76, 0xa0, 0x69, 0x56, 0x83, 0x6a, 0xd2, 0xa8, 0xd4, 0xe7, 0x50, 0x71, \ + 0xe6, 0xb5, 0x36, 0x05, 0x77, 0x05, 0x6d, 0x7b, 0xc8, 0xe4, 0xc4, 0xfd, \ + 0x4c, 0xd5, 0x21, 0x5f, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01, \ + 0x00, 0x67, 0x4d, 0xb5, 0xf6, 0x03, 0x89, 0xaa, 0x7a, 0x6f, 0x3b, 0x2d, \ + 0xca, 0x10, 0xa2, 0x23, 0xc9, 0xbd, 0x4e, 0xda, 0xe1, 0x67, 0x0e, 0x0c, \ + 0x8a, 0xc6, 0x84, 0x68, 0xdf, 0xe5, 0x97, 0x75, 0xd2, 0x8d, 0xa3, 0x86, \ + 0xd9, 0xdb, 0xd5, 0xeb, 0x13, 0x19, 0x08, 0xc5, 0x7e, 0xe5, 0x37, 0x97, \ + 0x0c, 0x73, 0x80, 0x66, 0x76, 0x35, 0xf1, 0x88, 0xb5, 0xf2, 0xfc, 0xf3, \ + 0xe1, 0x4b, 0x76, 0x4e, 0x73, 0x45, 0xce, 0x2c, 0xc2, 0x10, 0x26, 0x0d, \ + 0x68, 0x0d, 0x9f, 0x49, 0x3d, 0xd6, 0x80, 0x89, 0xe7, 0xc5, 0x49, 0x15, \ + 0xdd, 0x85, 0xc0, 0xc8, 0xfe, 0x82, 0x37, 0x12, 0x5a, 0x0a, 0x6b, 0xf6, \ + 0x68, 0x0d, 0x32, 0x16, 0xbd, 0xa4, 0x15, 0x54, 0x9e, 0x68, 0xa1, 0xad, \ + 0xca, 0x6b, 0xe5, 0x8c, 0xda, 0x76, 0x35, 0x59, 0x2f, 0x9b, 0xb4, 0xe1, \ + 0xf1, 0xf0, 0x50, 0x04, 0xee, 0xc8, 0xec, 0x05, 0xe1, 0xcf, 0x8d, 0xe4, \ + 0xd2, 0x64, 0x7b, 0x5e, 0x63, 0xe0, 0x7b, 0x07, 0xbc, 0x02, 0x96, 0x4e, \ + 0x1b, 0x78, 0x6c, 0xb6, 0x43, 0x9a, 0x32, 0xf6, 0xd6, 0x02, 0xf5, 0x80, \ + 0xcc, 0x26, 0x6e, 0xa5, 0xd0, 0xe3, 0x65, 0x88, 0xce, 0x26, 0xa9, 0x40, \ + 0xe1, 0xe1, 0x00, 0xe0, 0x7f, 0x3f, 0xc3, 0xb1, 0x7c, 0xde, 0xbe, 0x42, \ + 0xba, 0x07, 0x81, 0x13, 0xc2, 0xe0, 0x11, 0x11, 0x23, 0x2c, 0xf8, 0xb2, \ + 0x7a, 0x3a, 0xd4, 0xe4, 0x7d, 0x5f, 0xb9, 0xb1, 0x18, 0xfa, 0x1d, 0x1d, \ + 0x97, 0x91, 0xd9, 0x04, 0x9e, 0xbc, 0xc9, 0xb4, 0xd7, 0x7d, 0x0e, 0x54, \ + 0xf6, 0x8f, 0xd0, 0x28, 0x0d, 0xdd, 0x77, 0x4b, 0x68, 0x04, 0x48, 0x61, \ + 0x75, 0x15, 0x03, 0x1b, 0x35, 0xad, 0x8e, 0xfc, 0x24, 0x11, 0x07, 0xea, \ + 0x17, 0x5a, 0xde, 0x19, 0x68, 0xff, 0xb6, 0x87, 0x7f, 0x80, 0x2a, 0x5f, \ + 0x0c, 0x58, 0xba, 0x5f, 0x41, 0x02, 0x81, 0x81, 0x00, 0xe3, 0x03, 0xaf, \ + 0xfe, 0x98, 0xd2, 0x0b, 0x7b, 0x72, 0xe9, 0x3b, 0x8e, 0xbc, 0xa5, 0xf6, \ + 0xac, 0xe5, 0x22, 0x06, 0xb2, 0xd7, 0x5e, 0xfd, 0x89, 0x4b, 0x16, 0x67, \ + 0x32, 0x83, 0x22, 0x58, 0x8e, 0x62, 0xa4, 0xb4, 0x2d, 0xf9, 0x16, 0x13, \ + 0x54, 0xf6, 0x9f, 0x2f, 0xf9, 0xbb, 0x0e, 0x7e, 0x8c, 0x6f, 0x08, 0xda, \ + 0xc8, 0xe9, 0x1c, 0x66, 0x10, 0x70, 0x93, 0x90, 0x8d, 0xcf, 0x90, 0x3a, \ + 0x43, 0x89, 0x49, 0xeb, 0x83, 0x2a, 0xfe, 0x5a, 0x87, 0xce, 0x74, 0x42, \ + 0x41, 0x0d, 0x8c, 0x73, 0x51, 0xbc, 0x7b, 0x20, 0xc5, 0xfd, 0xf6, 0x0b, \ + 0x65, 0xed, 0xa9, 0x2e, 0xfc, 0x0f, 0xf5, 0x50, 0xf9, 0x8d, 0x37, 0x36, \ + 0x9a, 0x20, 0xdf, 0xc3, 0xe3, 0x27, 0xbc, 0x98, 0x72, 0xc1, 0x14, 0x4b, \ + 0x71, 0xe9, 0x83, 0x14, 0xff, 0x24, 0xe2, 0x14, 0x15, 0xb6, 0x6f, 0x0f, \ + 0x32, 0x9d, 0xd9, 0x98, 0xd1, 0x02, 0x81, 0x81, 0x00, 0xe2, 0x0c, 0xfb, \ + 0xc3, 0x33, 0x9b, 0x47, 0x88, 0x27, 0xf2, 0x26, 0xde, 0xeb, 0x5e, 0xee, \ + 0x40, 0xf6, 0x63, 0x5b, 0x35, 0x23, 0xf5, 0xd5, 0x07, 0x61, 0xdf, 0xa2, \ + 0x9f, 0x58, 0x30, 0x04, 0x22, 0x2b, 0xb4, 0xd9, 0xda, 0x46, 0x7f, 0x48, \ + 0xf5, 0x4f, 0xd0, 0xea, 0xd7, 0xa0, 0x45, 0x8a, 0x62, 0x8b, 0x8c, 0xac, \ + 0x73, 0x5e, 0xfa, 0x36, 0x65, 0x3e, 0xba, 0x6c, 0xba, 0x5e, 0x6b, 0x92, \ + 0x29, 0x5e, 0x6a, 0x0f, 0xd6, 0xd2, 0xa5, 0x95, 0x86, 0xda, 0x72, 0xc5, \ + 0x9e, 0xc9, 0x6b, 0x37, 0x5e, 0x4b, 0x9b, 0x77, 0xe1, 0x67, 0x1a, 0x1e, \ + 0x30, 0xd8, 0x41, 0x68, 0x40, 0xd3, 0x9c, 0xb4, 0xf6, 0xeb, 0x2a, 0x22, \ + 0xdf, 0x78, 0x29, 0xd2, 0x64, 0x92, 0x5b, 0x2f, 0x78, 0x64, 0x4a, 0xa2, \ + 0xa6, 0x6b, 0x3e, 0x50, 0xb1, 0x7a, 0xb1, 0x8d, 0x59, 0xb4, 0x55, 0xba, \ + 0xb6, 0x91, 0x85, 0xa3, 0x2f, 0x02, 0x81, 0x80, 0x10, 0x1e, 0x19, 0xe7, \ + 0xbc, 0x97, 0xe5, 0x22, 0xcd, 0xa4, 0xcb, 0x8a, 0xb5, 0xd0, 0x1e, 0xb4, \ + 0x65, 0xcc, 0x45, 0xa7, 0x7a, 0xed, 0x0e, 0x99, 0x29, 0xd0, 0x9c, 0x61, \ + 0x14, 0xb8, 0x62, 0x8b, 0x31, 0x6b, 0xba, 0x33, 0x2d, 0x65, 0x28, 0xd8, \ + 0x36, 0x6e, 0x54, 0xec, 0xa9, 0x20, 0x3d, 0x51, 0xe1, 0x2c, 0x42, 0xc4, \ + 0x52, 0xf0, 0xa6, 0x3a, 0x72, 0x93, 0xb7, 0x86, 0xa9, 0xfe, 0xf6, 0x74, \ + 0x07, 0x12, 0x4d, 0x7b, 0x51, 0x99, 0x1f, 0x7a, 0x56, 0xe9, 0x20, 0x2f, \ + 0x18, 0x34, 0x29, 0x97, 0xdb, 0x06, 0xee, 0xeb, 0xbf, 0xbd, 0x31, 0x4f, \ + 0xfa, 0x50, 0xb1, 0xba, 0x49, 0xb3, 0xc4, 0x1d, 0x03, 0xae, 0xb0, 0xdc, \ + 0xbe, 0x8a, 0xc4, 0x90, 0xa3, 0x28, 0x9b, 0xb6, 0x42, 0x09, 0x1b, 0xd6, \ + 0x29, 0x9b, 0x19, 0xe9, 0x87, 0x87, 0xd9, 0x9f, 0x35, 0x05, 0xab, 0x91, \ + 0x8f, 0x6d, 0x7c, 0x91, 0x02, 0x81, 0x81, 0x00, 0x94, 0x57, 0xf0, 0xe0, \ + 0x28, 0xfd, 0xbd, 0xf3, 0x9c, 0x43, 0x4d, 0x3e, 0xfd, 0x37, 0x4f, 0x23, \ + 0x52, 0x8d, 0xe1, 0x4c, 0xfe, 0x4c, 0x55, 0x80, 0x82, 0xba, 0x3f, 0xfe, \ + 0x51, 0xe1, 0x30, 0xd5, 0x3b, 0xd9, 0x73, 0x1d, 0xcb, 0x25, 0xbc, 0xbb, \ + 0x3f, 0xa5, 0xda, 0x77, 0xa6, 0xb5, 0xfc, 0x1a, 0xaf, 0x79, 0xa1, 0xb2, \ + 0x14, 0xa2, 0x1f, 0x10, 0x52, 0x1a, 0x05, 0x40, 0x48, 0xb6, 0x4f, 0x34, \ + 0xd6, 0xc0, 0xc3, 0xa4, 0x36, 0x98, 0x73, 0x88, 0x0b, 0xd3, 0x45, 0xdc, \ + 0xee, 0x51, 0x6e, 0x04, 0x73, 0x99, 0x93, 0x12, 0x58, 0x96, 0xcb, 0x39, \ + 0x42, 0xb1, 0xa9, 0xb8, 0xe1, 0x25, 0xf5, 0x9c, 0x14, 0xb7, 0x92, 0x2b, \ + 0x14, 0xb0, 0x5d, 0x61, 0xa2, 0xaa, 0x34, 0x7c, 0xcd, 0x54, 0x2d, 0x69, \ + 0x08, 0xf7, 0xdb, 0xfc, 0x9c, 0x87, 0xe8, 0x3a, 0xf6, 0x1d, 0x4c, 0x6a, \ + 0x83, 0x15, 0x30, 0x01, 0x02, 0x81, 0x81, 0x00, 0x9c, 0x53, 0xa1, 0xb6, \ + 0x2f, 0xc0, 0x06, 0xf5, 0xdf, 0x5c, 0xd1, 0x4a, 0x4e, 0xc8, 0xbd, 0x6d, \ + 0x32, 0xf1, 0x5e, 0xe5, 0x3b, 0x70, 0xd0, 0xa8, 0xe5, 0x41, 0x57, 0x6c, \ + 0x87, 0x53, 0x0f, 0xeb, 0x28, 0xa0, 0x62, 0x8f, 0x43, 0x62, 0xec, 0x2e, \ + 0x6c, 0x71, 0x55, 0x5b, 0x6a, 0xf4, 0x74, 0x14, 0xea, 0x7a, 0x03, 0xf6, \ + 0xfc, 0xa4, 0xce, 0xc4, 0xac, 0xda, 0x1d, 0xf0, 0xb5, 0xa9, 0xfd, 0x11, \ + 0x18, 0x3b, 0x14, 0xa0, 0x90, 0x8d, 0x26, 0xb7, 0x75, 0x73, 0x0a, 0x02, \ + 0x2c, 0x6f, 0x0f, 0xd8, 0x41, 0x78, 0xc3, 0x73, 0x81, 0xac, 0xaa, 0xaf, \ + 0xf2, 0xee, 0x32, 0xb5, 0x8d, 0x05, 0xf9, 0x59, 0x5a, 0x9e, 0x3e, 0x65, \ + 0x9b, 0x74, 0xda, 0xa0, 0x74, 0x95, 0x17, 0x5f, 0x8d, 0x58, 0xfc, 0x8e, \ + 0x4e, 0x2c, 0x1e, 0xbc, 0x81, 0x02, 0x18, 0xac, 0x12, 0xc6, 0xf9, 0x64, \ + 0x8b, 0x87, 0xc3, 0x00 \ } /* END FILE */ @@ -1306,32 +1306,32 @@ const unsigned char mbedtls_test_ca_crt_rsa_sha256_der[] = TEST_CA_CRT_RSA_SHA256_DER; const size_t mbedtls_test_ca_crt_ec_pem_len = - sizeof( mbedtls_test_ca_crt_ec_pem ); + sizeof(mbedtls_test_ca_crt_ec_pem); const size_t mbedtls_test_ca_key_ec_pem_len = - sizeof( mbedtls_test_ca_key_ec_pem ); + sizeof(mbedtls_test_ca_key_ec_pem); const size_t mbedtls_test_ca_pwd_ec_pem_len = - sizeof( mbedtls_test_ca_pwd_ec_pem ) - 1; + sizeof(mbedtls_test_ca_pwd_ec_pem) - 1; const size_t mbedtls_test_ca_key_rsa_pem_len = - sizeof( mbedtls_test_ca_key_rsa_pem ); + sizeof(mbedtls_test_ca_key_rsa_pem); const size_t mbedtls_test_ca_pwd_rsa_pem_len = - sizeof( mbedtls_test_ca_pwd_rsa_pem ) - 1; + sizeof(mbedtls_test_ca_pwd_rsa_pem) - 1; const size_t mbedtls_test_ca_crt_rsa_sha1_pem_len = - sizeof( mbedtls_test_ca_crt_rsa_sha1_pem ); + sizeof(mbedtls_test_ca_crt_rsa_sha1_pem); const size_t mbedtls_test_ca_crt_rsa_sha256_pem_len = - sizeof( mbedtls_test_ca_crt_rsa_sha256_pem ); + sizeof(mbedtls_test_ca_crt_rsa_sha256_pem); const size_t mbedtls_test_ca_crt_ec_der_len = - sizeof( mbedtls_test_ca_crt_ec_der ); + sizeof(mbedtls_test_ca_crt_ec_der); const size_t mbedtls_test_ca_key_ec_der_len = - sizeof( mbedtls_test_ca_key_ec_der ); + sizeof(mbedtls_test_ca_key_ec_der); const size_t mbedtls_test_ca_pwd_ec_der_len = 0; const size_t mbedtls_test_ca_key_rsa_der_len = - sizeof( mbedtls_test_ca_key_rsa_der ); + sizeof(mbedtls_test_ca_key_rsa_der); const size_t mbedtls_test_ca_pwd_rsa_der_len = 0; const size_t mbedtls_test_ca_crt_rsa_sha1_der_len = - sizeof( mbedtls_test_ca_crt_rsa_sha1_der ); + sizeof(mbedtls_test_ca_crt_rsa_sha1_der); const size_t mbedtls_test_ca_crt_rsa_sha256_der_len = - sizeof( mbedtls_test_ca_crt_rsa_sha256_der ); + sizeof(mbedtls_test_ca_crt_rsa_sha256_der); /* * Server @@ -1354,32 +1354,32 @@ const unsigned char mbedtls_test_srv_crt_rsa_sha256_der[] = TEST_SRV_CRT_RSA_SHA256_DER; const size_t mbedtls_test_srv_crt_ec_pem_len = - sizeof( mbedtls_test_srv_crt_ec_pem ); + sizeof(mbedtls_test_srv_crt_ec_pem); const size_t mbedtls_test_srv_key_ec_pem_len = - sizeof( mbedtls_test_srv_key_ec_pem ); + sizeof(mbedtls_test_srv_key_ec_pem); const size_t mbedtls_test_srv_pwd_ec_pem_len = - sizeof( mbedtls_test_srv_pwd_ec_pem ) - 1; + sizeof(mbedtls_test_srv_pwd_ec_pem) - 1; const size_t mbedtls_test_srv_key_rsa_pem_len = - sizeof( mbedtls_test_srv_key_rsa_pem ); + sizeof(mbedtls_test_srv_key_rsa_pem); const size_t mbedtls_test_srv_pwd_rsa_pem_len = - sizeof( mbedtls_test_srv_pwd_rsa_pem ) - 1; + sizeof(mbedtls_test_srv_pwd_rsa_pem) - 1; const size_t mbedtls_test_srv_crt_rsa_sha1_pem_len = - sizeof( mbedtls_test_srv_crt_rsa_sha1_pem ); + sizeof(mbedtls_test_srv_crt_rsa_sha1_pem); const size_t mbedtls_test_srv_crt_rsa_sha256_pem_len = - sizeof( mbedtls_test_srv_crt_rsa_sha256_pem ); + sizeof(mbedtls_test_srv_crt_rsa_sha256_pem); const size_t mbedtls_test_srv_crt_ec_der_len = - sizeof( mbedtls_test_srv_crt_ec_der ); + sizeof(mbedtls_test_srv_crt_ec_der); const size_t mbedtls_test_srv_key_ec_der_len = - sizeof( mbedtls_test_srv_key_ec_der ); + sizeof(mbedtls_test_srv_key_ec_der); const size_t mbedtls_test_srv_pwd_ec_der_len = 0; const size_t mbedtls_test_srv_key_rsa_der_len = - sizeof( mbedtls_test_srv_key_rsa_der ); + sizeof(mbedtls_test_srv_key_rsa_der); const size_t mbedtls_test_srv_pwd_rsa_der_len = 0; const size_t mbedtls_test_srv_crt_rsa_sha1_der_len = - sizeof( mbedtls_test_srv_crt_rsa_sha1_der ); + sizeof(mbedtls_test_srv_crt_rsa_sha1_der); const size_t mbedtls_test_srv_crt_rsa_sha256_der_len = - sizeof( mbedtls_test_srv_crt_rsa_sha256_der ); + sizeof(mbedtls_test_srv_crt_rsa_sha256_der); /* * Client @@ -1398,26 +1398,26 @@ const unsigned char mbedtls_test_cli_key_rsa_der[] = TEST_CLI_KEY_RSA_DER; const unsigned char mbedtls_test_cli_crt_rsa_der[] = TEST_CLI_CRT_RSA_DER; const size_t mbedtls_test_cli_crt_ec_pem_len = - sizeof( mbedtls_test_cli_crt_ec_pem ); + sizeof(mbedtls_test_cli_crt_ec_pem); const size_t mbedtls_test_cli_key_ec_pem_len = - sizeof( mbedtls_test_cli_key_ec_pem ); + sizeof(mbedtls_test_cli_key_ec_pem); const size_t mbedtls_test_cli_pwd_ec_pem_len = - sizeof( mbedtls_test_cli_pwd_ec_pem ) - 1; + sizeof(mbedtls_test_cli_pwd_ec_pem) - 1; const size_t mbedtls_test_cli_key_rsa_pem_len = - sizeof( mbedtls_test_cli_key_rsa_pem ); + sizeof(mbedtls_test_cli_key_rsa_pem); const size_t mbedtls_test_cli_pwd_rsa_pem_len = - sizeof( mbedtls_test_cli_pwd_rsa_pem ) - 1; + sizeof(mbedtls_test_cli_pwd_rsa_pem) - 1; const size_t mbedtls_test_cli_crt_rsa_pem_len = - sizeof( mbedtls_test_cli_crt_rsa_pem ); + sizeof(mbedtls_test_cli_crt_rsa_pem); const size_t mbedtls_test_cli_crt_ec_der_len = - sizeof( mbedtls_test_cli_crt_ec_der ); + sizeof(mbedtls_test_cli_crt_ec_der); const size_t mbedtls_test_cli_key_ec_der_len = - sizeof( mbedtls_test_cli_key_ec_der ); + sizeof(mbedtls_test_cli_key_ec_der); const size_t mbedtls_test_cli_key_rsa_der_len = - sizeof( mbedtls_test_cli_key_rsa_der ); + sizeof(mbedtls_test_cli_key_rsa_der); const size_t mbedtls_test_cli_crt_rsa_der_len = - sizeof( mbedtls_test_cli_crt_rsa_der ); + sizeof(mbedtls_test_cli_crt_rsa_der); /* * @@ -1519,47 +1519,47 @@ const char mbedtls_test_cli_pwd_ec[] = TEST_CLI_PWD_EC; const char mbedtls_test_cli_crt_ec[] = TEST_CLI_CRT_EC; const size_t mbedtls_test_ca_key_rsa_len = - sizeof( mbedtls_test_ca_key_rsa ); + sizeof(mbedtls_test_ca_key_rsa); const size_t mbedtls_test_ca_pwd_rsa_len = - sizeof( mbedtls_test_ca_pwd_rsa ) - 1; + sizeof(mbedtls_test_ca_pwd_rsa) - 1; const size_t mbedtls_test_ca_crt_rsa_sha256_len = - sizeof( mbedtls_test_ca_crt_rsa_sha256 ); + sizeof(mbedtls_test_ca_crt_rsa_sha256); const size_t mbedtls_test_ca_crt_rsa_sha1_len = - sizeof( mbedtls_test_ca_crt_rsa_sha1 ); + sizeof(mbedtls_test_ca_crt_rsa_sha1); const size_t mbedtls_test_ca_key_ec_len = - sizeof( mbedtls_test_ca_key_ec ); + sizeof(mbedtls_test_ca_key_ec); const size_t mbedtls_test_ca_pwd_ec_len = - sizeof( mbedtls_test_ca_pwd_ec ) - 1; + sizeof(mbedtls_test_ca_pwd_ec) - 1; const size_t mbedtls_test_ca_crt_ec_len = - sizeof( mbedtls_test_ca_crt_ec ); + sizeof(mbedtls_test_ca_crt_ec); const size_t mbedtls_test_srv_key_rsa_len = - sizeof( mbedtls_test_srv_key_rsa ); + sizeof(mbedtls_test_srv_key_rsa); const size_t mbedtls_test_srv_pwd_rsa_len = - sizeof( mbedtls_test_srv_pwd_rsa ) -1; + sizeof(mbedtls_test_srv_pwd_rsa) -1; const size_t mbedtls_test_srv_crt_rsa_sha256_len = - sizeof( mbedtls_test_srv_crt_rsa_sha256 ); + sizeof(mbedtls_test_srv_crt_rsa_sha256); const size_t mbedtls_test_srv_crt_rsa_sha1_len = - sizeof( mbedtls_test_srv_crt_rsa_sha1 ); + sizeof(mbedtls_test_srv_crt_rsa_sha1); const size_t mbedtls_test_srv_key_ec_len = - sizeof( mbedtls_test_srv_key_ec ); + sizeof(mbedtls_test_srv_key_ec); const size_t mbedtls_test_srv_pwd_ec_len = - sizeof( mbedtls_test_srv_pwd_ec ) - 1; + sizeof(mbedtls_test_srv_pwd_ec) - 1; const size_t mbedtls_test_srv_crt_ec_len = - sizeof( mbedtls_test_srv_crt_ec ); + sizeof(mbedtls_test_srv_crt_ec); const size_t mbedtls_test_cli_key_rsa_len = - sizeof( mbedtls_test_cli_key_rsa ); + sizeof(mbedtls_test_cli_key_rsa); const size_t mbedtls_test_cli_pwd_rsa_len = - sizeof( mbedtls_test_cli_pwd_rsa ) - 1; + sizeof(mbedtls_test_cli_pwd_rsa) - 1; const size_t mbedtls_test_cli_crt_rsa_len = - sizeof( mbedtls_test_cli_crt_rsa ); + sizeof(mbedtls_test_cli_crt_rsa); const size_t mbedtls_test_cli_key_ec_len = - sizeof( mbedtls_test_cli_key_ec ); + sizeof(mbedtls_test_cli_key_ec); const size_t mbedtls_test_cli_pwd_ec_len = - sizeof( mbedtls_test_cli_pwd_ec ) - 1; + sizeof(mbedtls_test_cli_pwd_ec) - 1; const size_t mbedtls_test_cli_crt_ec_len = - sizeof( mbedtls_test_cli_crt_ec ); + sizeof(mbedtls_test_cli_crt_ec); /* * Dispatch between SHA-1 and SHA-256 @@ -1577,9 +1577,9 @@ const char mbedtls_test_ca_crt_rsa[] = TEST_CA_CRT_RSA; const char mbedtls_test_srv_crt_rsa[] = TEST_SRV_CRT_RSA; const size_t mbedtls_test_ca_crt_rsa_len = - sizeof( mbedtls_test_ca_crt_rsa ); + sizeof(mbedtls_test_ca_crt_rsa); const size_t mbedtls_test_srv_crt_rsa_len = - sizeof( mbedtls_test_srv_crt_rsa ); + sizeof(mbedtls_test_srv_crt_rsa); /* * Dispatch between RSA and EC @@ -1642,25 +1642,25 @@ const char *mbedtls_test_cli_pwd = test_cli_pwd; const char *mbedtls_test_cli_crt = test_cli_crt; const size_t mbedtls_test_ca_key_len = - sizeof( test_ca_key ); + sizeof(test_ca_key); const size_t mbedtls_test_ca_pwd_len = - sizeof( test_ca_pwd ) - 1; + sizeof(test_ca_pwd) - 1; const size_t mbedtls_test_ca_crt_len = - sizeof( test_ca_crt ); + sizeof(test_ca_crt); const size_t mbedtls_test_srv_key_len = - sizeof( test_srv_key ); + sizeof(test_srv_key); const size_t mbedtls_test_srv_pwd_len = - sizeof( test_srv_pwd ) - 1; + sizeof(test_srv_pwd) - 1; const size_t mbedtls_test_srv_crt_len = - sizeof( test_srv_crt ); + sizeof(test_srv_crt); const size_t mbedtls_test_cli_key_len = - sizeof( test_cli_key ); + sizeof(test_cli_key); const size_t mbedtls_test_cli_pwd_len = - sizeof( test_cli_pwd ) - 1; + sizeof(test_cli_pwd) - 1; const size_t mbedtls_test_cli_crt_len = - sizeof( test_cli_crt ); + sizeof(test_cli_crt); /* * @@ -1669,7 +1669,7 @@ const size_t mbedtls_test_cli_crt_len = */ /* List of CAs in PEM or DER, depending on config */ -const char * mbedtls_test_cas[] = { +const char *mbedtls_test_cas[] = { #if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_SHA1_C) mbedtls_test_ca_crt_rsa_sha1, #endif @@ -1683,19 +1683,19 @@ const char * mbedtls_test_cas[] = { }; const size_t mbedtls_test_cas_len[] = { #if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_SHA1_C) - sizeof( mbedtls_test_ca_crt_rsa_sha1 ), + sizeof(mbedtls_test_ca_crt_rsa_sha1), #endif #if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_SHA256_C) - sizeof( mbedtls_test_ca_crt_rsa_sha256 ), + sizeof(mbedtls_test_ca_crt_rsa_sha256), #endif #if defined(MBEDTLS_ECDSA_C) - sizeof( mbedtls_test_ca_crt_ec ), + sizeof(mbedtls_test_ca_crt_ec), #endif 0 }; /* List of all available CA certificates in DER format */ -const unsigned char * mbedtls_test_cas_der[] = { +const unsigned char *mbedtls_test_cas_der[] = { #if defined(MBEDTLS_RSA_C) #if defined(MBEDTLS_SHA256_C) mbedtls_test_ca_crt_rsa_sha256_der, @@ -1713,14 +1713,14 @@ const unsigned char * mbedtls_test_cas_der[] = { const size_t mbedtls_test_cas_der_len[] = { #if defined(MBEDTLS_RSA_C) #if defined(MBEDTLS_SHA256_C) - sizeof( mbedtls_test_ca_crt_rsa_sha256_der ), + sizeof(mbedtls_test_ca_crt_rsa_sha256_der), #endif /* MBEDTLS_SHA256_C */ #if defined(MBEDTLS_SHA1_C) - sizeof( mbedtls_test_ca_crt_rsa_sha1_der ), + sizeof(mbedtls_test_ca_crt_rsa_sha1_der), #endif /* MBEDTLS_SHA1_C */ #endif /* MBEDTLS_RSA_C */ #if defined(MBEDTLS_ECDSA_C) - sizeof( mbedtls_test_ca_crt_ec_der ), + sizeof(mbedtls_test_ca_crt_ec_der), #endif /* MBEDTLS_ECDSA_C */ 0 }; @@ -1740,7 +1740,7 @@ const char mbedtls_test_cas_pem[] = TEST_CA_CRT_EC_PEM #endif /* MBEDTLS_ECDSA_C */ ""; -const size_t mbedtls_test_cas_pem_len = sizeof( mbedtls_test_cas_pem ); +const size_t mbedtls_test_cas_pem_len = sizeof(mbedtls_test_cas_pem); #endif /* MBEDTLS_PEM_PARSE_C */ #endif /* MBEDTLS_CERTS_C */ diff --git a/thirdparty/mbedtls/library/chacha20.c b/thirdparty/mbedtls/library/chacha20.c index bd0701482c..53f1d3916c 100644 --- a/thirdparty/mbedtls/library/chacha20.c +++ b/thirdparty/mbedtls/library/chacha20.c @@ -37,17 +37,17 @@ #if !defined(MBEDTLS_CHACHA20_ALT) /* Parameter validation macros */ -#define CHACHA20_VALIDATE_RET( cond ) \ - MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA ) -#define CHACHA20_VALIDATE( cond ) \ - MBEDTLS_INTERNAL_VALIDATE( cond ) +#define CHACHA20_VALIDATE_RET(cond) \ + MBEDTLS_INTERNAL_VALIDATE_RET(cond, MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA) +#define CHACHA20_VALIDATE(cond) \ + MBEDTLS_INTERNAL_VALIDATE(cond) -#define ROTL32( value, amount ) \ - ( (uint32_t) ( (value) << (amount) ) | ( (value) >> ( 32 - (amount) ) ) ) +#define ROTL32(value, amount) \ + ((uint32_t) ((value) << (amount)) | ((value) >> (32 - (amount)))) -#define CHACHA20_CTR_INDEX ( 12U ) +#define CHACHA20_CTR_INDEX (12U) -#define CHACHA20_BLOCK_SIZE_BYTES ( 4U * 16U ) +#define CHACHA20_BLOCK_SIZE_BYTES (4U * 16U) /** * \brief ChaCha20 quarter round operation. @@ -64,31 +64,31 @@ * \param c The index of 'c' in the state. * \param d The index of 'd' in the state. */ -static inline void chacha20_quarter_round( uint32_t state[16], - size_t a, - size_t b, - size_t c, - size_t d ) +static inline void chacha20_quarter_round(uint32_t state[16], + size_t a, + size_t b, + size_t c, + size_t d) { /* a += b; d ^= a; d <<<= 16; */ state[a] += state[b]; state[d] ^= state[a]; - state[d] = ROTL32( state[d], 16 ); + state[d] = ROTL32(state[d], 16); /* c += d; b ^= c; b <<<= 12 */ state[c] += state[d]; state[b] ^= state[c]; - state[b] = ROTL32( state[b], 12 ); + state[b] = ROTL32(state[b], 12); /* a += b; d ^= a; d <<<= 8; */ state[a] += state[b]; state[d] ^= state[a]; - state[d] = ROTL32( state[d], 8 ); + state[d] = ROTL32(state[d], 8); /* c += d; b ^= c; b <<<= 7; */ state[c] += state[d]; state[b] ^= state[c]; - state[b] = ROTL32( state[b], 7 ); + state[b] = ROTL32(state[b], 7); } /** @@ -99,17 +99,17 @@ static inline void chacha20_quarter_round( uint32_t state[16], * * \param state The ChaCha20 state to update. */ -static void chacha20_inner_block( uint32_t state[16] ) +static void chacha20_inner_block(uint32_t state[16]) { - chacha20_quarter_round( state, 0, 4, 8, 12 ); - chacha20_quarter_round( state, 1, 5, 9, 13 ); - chacha20_quarter_round( state, 2, 6, 10, 14 ); - chacha20_quarter_round( state, 3, 7, 11, 15 ); - - chacha20_quarter_round( state, 0, 5, 10, 15 ); - chacha20_quarter_round( state, 1, 6, 11, 12 ); - chacha20_quarter_round( state, 2, 7, 8, 13 ); - chacha20_quarter_round( state, 3, 4, 9, 14 ); + chacha20_quarter_round(state, 0, 4, 8, 12); + chacha20_quarter_round(state, 1, 5, 9, 13); + chacha20_quarter_round(state, 2, 6, 10, 14); + chacha20_quarter_round(state, 3, 7, 11, 15); + + chacha20_quarter_round(state, 0, 5, 10, 15); + chacha20_quarter_round(state, 1, 6, 11, 12); + chacha20_quarter_round(state, 2, 7, 8, 13); + chacha20_quarter_round(state, 3, 4, 9, 14); } /** @@ -118,29 +118,30 @@ static void chacha20_inner_block( uint32_t state[16] ) * \param initial_state The initial ChaCha20 state (key, nonce, counter). * \param keystream Generated keystream bytes are written to this buffer. */ -static void chacha20_block( const uint32_t initial_state[16], - unsigned char keystream[64] ) +static void chacha20_block(const uint32_t initial_state[16], + unsigned char keystream[64]) { uint32_t working_state[16]; size_t i; - memcpy( working_state, - initial_state, - CHACHA20_BLOCK_SIZE_BYTES ); - - for( i = 0U; i < 10U; i++ ) - chacha20_inner_block( working_state ); - - working_state[ 0] += initial_state[ 0]; - working_state[ 1] += initial_state[ 1]; - working_state[ 2] += initial_state[ 2]; - working_state[ 3] += initial_state[ 3]; - working_state[ 4] += initial_state[ 4]; - working_state[ 5] += initial_state[ 5]; - working_state[ 6] += initial_state[ 6]; - working_state[ 7] += initial_state[ 7]; - working_state[ 8] += initial_state[ 8]; - working_state[ 9] += initial_state[ 9]; + memcpy(working_state, + initial_state, + CHACHA20_BLOCK_SIZE_BYTES); + + for (i = 0U; i < 10U; i++) { + chacha20_inner_block(working_state); + } + + working_state[0] += initial_state[0]; + working_state[1] += initial_state[1]; + working_state[2] += initial_state[2]; + working_state[3] += initial_state[3]; + working_state[4] += initial_state[4]; + working_state[5] += initial_state[5]; + working_state[6] += initial_state[6]; + working_state[7] += initial_state[7]; + working_state[8] += initial_state[8]; + working_state[9] += initial_state[9]; working_state[10] += initial_state[10]; working_state[11] += initial_state[11]; working_state[12] += initial_state[12]; @@ -148,40 +149,38 @@ static void chacha20_block( const uint32_t initial_state[16], working_state[14] += initial_state[14]; working_state[15] += initial_state[15]; - for( i = 0U; i < 16; i++ ) - { + for (i = 0U; i < 16; i++) { size_t offset = i * 4U; MBEDTLS_PUT_UINT32_LE(working_state[i], keystream, offset); } - mbedtls_platform_zeroize( working_state, sizeof( working_state ) ); + mbedtls_platform_zeroize(working_state, sizeof(working_state)); } -void mbedtls_chacha20_init( mbedtls_chacha20_context *ctx ) +void mbedtls_chacha20_init(mbedtls_chacha20_context *ctx) { - CHACHA20_VALIDATE( ctx != NULL ); + CHACHA20_VALIDATE(ctx != NULL); - mbedtls_platform_zeroize( ctx->state, sizeof( ctx->state ) ); - mbedtls_platform_zeroize( ctx->keystream8, sizeof( ctx->keystream8 ) ); + mbedtls_platform_zeroize(ctx->state, sizeof(ctx->state)); + mbedtls_platform_zeroize(ctx->keystream8, sizeof(ctx->keystream8)); /* Initially, there's no keystream bytes available */ ctx->keystream_bytes_used = CHACHA20_BLOCK_SIZE_BYTES; } -void mbedtls_chacha20_free( mbedtls_chacha20_context *ctx ) +void mbedtls_chacha20_free(mbedtls_chacha20_context *ctx) { - if( ctx != NULL ) - { - mbedtls_platform_zeroize( ctx, sizeof( mbedtls_chacha20_context ) ); + if (ctx != NULL) { + mbedtls_platform_zeroize(ctx, sizeof(mbedtls_chacha20_context)); } } -int mbedtls_chacha20_setkey( mbedtls_chacha20_context *ctx, - const unsigned char key[32] ) +int mbedtls_chacha20_setkey(mbedtls_chacha20_context *ctx, + const unsigned char key[32]) { - CHACHA20_VALIDATE_RET( ctx != NULL ); - CHACHA20_VALIDATE_RET( key != NULL ); + CHACHA20_VALIDATE_RET(ctx != NULL); + CHACHA20_VALIDATE_RET(key != NULL); /* ChaCha20 constants - the string "expand 32-byte k" */ ctx->state[0] = 0x61707865; @@ -190,58 +189,57 @@ int mbedtls_chacha20_setkey( mbedtls_chacha20_context *ctx, ctx->state[3] = 0x6b206574; /* Set key */ - ctx->state[4] = MBEDTLS_GET_UINT32_LE( key, 0 ); - ctx->state[5] = MBEDTLS_GET_UINT32_LE( key, 4 ); - ctx->state[6] = MBEDTLS_GET_UINT32_LE( key, 8 ); - ctx->state[7] = MBEDTLS_GET_UINT32_LE( key, 12 ); - ctx->state[8] = MBEDTLS_GET_UINT32_LE( key, 16 ); - ctx->state[9] = MBEDTLS_GET_UINT32_LE( key, 20 ); - ctx->state[10] = MBEDTLS_GET_UINT32_LE( key, 24 ); - ctx->state[11] = MBEDTLS_GET_UINT32_LE( key, 28 ); - - return( 0 ); + ctx->state[4] = MBEDTLS_GET_UINT32_LE(key, 0); + ctx->state[5] = MBEDTLS_GET_UINT32_LE(key, 4); + ctx->state[6] = MBEDTLS_GET_UINT32_LE(key, 8); + ctx->state[7] = MBEDTLS_GET_UINT32_LE(key, 12); + ctx->state[8] = MBEDTLS_GET_UINT32_LE(key, 16); + ctx->state[9] = MBEDTLS_GET_UINT32_LE(key, 20); + ctx->state[10] = MBEDTLS_GET_UINT32_LE(key, 24); + ctx->state[11] = MBEDTLS_GET_UINT32_LE(key, 28); + + return 0; } -int mbedtls_chacha20_starts( mbedtls_chacha20_context* ctx, - const unsigned char nonce[12], - uint32_t counter ) +int mbedtls_chacha20_starts(mbedtls_chacha20_context *ctx, + const unsigned char nonce[12], + uint32_t counter) { - CHACHA20_VALIDATE_RET( ctx != NULL ); - CHACHA20_VALIDATE_RET( nonce != NULL ); + CHACHA20_VALIDATE_RET(ctx != NULL); + CHACHA20_VALIDATE_RET(nonce != NULL); /* Counter */ ctx->state[12] = counter; /* Nonce */ - ctx->state[13] = MBEDTLS_GET_UINT32_LE( nonce, 0 ); - ctx->state[14] = MBEDTLS_GET_UINT32_LE( nonce, 4 ); - ctx->state[15] = MBEDTLS_GET_UINT32_LE( nonce, 8 ); + ctx->state[13] = MBEDTLS_GET_UINT32_LE(nonce, 0); + ctx->state[14] = MBEDTLS_GET_UINT32_LE(nonce, 4); + ctx->state[15] = MBEDTLS_GET_UINT32_LE(nonce, 8); - mbedtls_platform_zeroize( ctx->keystream8, sizeof( ctx->keystream8 ) ); + mbedtls_platform_zeroize(ctx->keystream8, sizeof(ctx->keystream8)); /* Initially, there's no keystream bytes available */ ctx->keystream_bytes_used = CHACHA20_BLOCK_SIZE_BYTES; - return( 0 ); + return 0; } -int mbedtls_chacha20_update( mbedtls_chacha20_context *ctx, - size_t size, - const unsigned char *input, - unsigned char *output ) +int mbedtls_chacha20_update(mbedtls_chacha20_context *ctx, + size_t size, + const unsigned char *input, + unsigned char *output) { size_t offset = 0U; size_t i; - CHACHA20_VALIDATE_RET( ctx != NULL ); - CHACHA20_VALIDATE_RET( size == 0 || input != NULL ); - CHACHA20_VALIDATE_RET( size == 0 || output != NULL ); + CHACHA20_VALIDATE_RET(ctx != NULL); + CHACHA20_VALIDATE_RET(size == 0 || input != NULL); + CHACHA20_VALIDATE_RET(size == 0 || output != NULL); /* Use leftover keystream bytes, if available */ - while( size > 0U && ctx->keystream_bytes_used < CHACHA20_BLOCK_SIZE_BYTES ) - { + while (size > 0U && ctx->keystream_bytes_used < CHACHA20_BLOCK_SIZE_BYTES) { output[offset] = input[offset] - ^ ctx->keystream8[ctx->keystream_bytes_used]; + ^ ctx->keystream8[ctx->keystream_bytes_used]; ctx->keystream_bytes_used++; offset++; @@ -249,15 +247,13 @@ int mbedtls_chacha20_update( mbedtls_chacha20_context *ctx, } /* Process full blocks */ - while( size >= CHACHA20_BLOCK_SIZE_BYTES ) - { + while (size >= CHACHA20_BLOCK_SIZE_BYTES) { /* Generate new keystream block and increment counter */ - chacha20_block( ctx->state, ctx->keystream8 ); + chacha20_block(ctx->state, ctx->keystream8); ctx->state[CHACHA20_CTR_INDEX]++; - for( i = 0U; i < 64U; i += 8U ) - { - output[offset + i ] = input[offset + i ] ^ ctx->keystream8[i ]; + for (i = 0U; i < 64U; i += 8U) { + output[offset + i] = input[offset + i] ^ ctx->keystream8[i]; output[offset + i+1] = input[offset + i+1] ^ ctx->keystream8[i+1]; output[offset + i+2] = input[offset + i+2] ^ ctx->keystream8[i+2]; output[offset + i+3] = input[offset + i+3] ^ ctx->keystream8[i+3]; @@ -272,14 +268,12 @@ int mbedtls_chacha20_update( mbedtls_chacha20_context *ctx, } /* Last (partial) block */ - if( size > 0U ) - { + if (size > 0U) { /* Generate new keystream block and increment counter */ - chacha20_block( ctx->state, ctx->keystream8 ); + chacha20_block(ctx->state, ctx->keystream8); ctx->state[CHACHA20_CTR_INDEX]++; - for( i = 0U; i < size; i++) - { + for (i = 0U; i < size; i++) { output[offset + i] = input[offset + i] ^ ctx->keystream8[i]; } @@ -287,39 +281,41 @@ int mbedtls_chacha20_update( mbedtls_chacha20_context *ctx, } - return( 0 ); + return 0; } -int mbedtls_chacha20_crypt( const unsigned char key[32], - const unsigned char nonce[12], - uint32_t counter, - size_t data_len, - const unsigned char* input, - unsigned char* output ) +int mbedtls_chacha20_crypt(const unsigned char key[32], + const unsigned char nonce[12], + uint32_t counter, + size_t data_len, + const unsigned char *input, + unsigned char *output) { mbedtls_chacha20_context ctx; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - CHACHA20_VALIDATE_RET( key != NULL ); - CHACHA20_VALIDATE_RET( nonce != NULL ); - CHACHA20_VALIDATE_RET( data_len == 0 || input != NULL ); - CHACHA20_VALIDATE_RET( data_len == 0 || output != NULL ); + CHACHA20_VALIDATE_RET(key != NULL); + CHACHA20_VALIDATE_RET(nonce != NULL); + CHACHA20_VALIDATE_RET(data_len == 0 || input != NULL); + CHACHA20_VALIDATE_RET(data_len == 0 || output != NULL); - mbedtls_chacha20_init( &ctx ); + mbedtls_chacha20_init(&ctx); - ret = mbedtls_chacha20_setkey( &ctx, key ); - if( ret != 0 ) + ret = mbedtls_chacha20_setkey(&ctx, key); + if (ret != 0) { goto cleanup; + } - ret = mbedtls_chacha20_starts( &ctx, nonce, counter ); - if( ret != 0 ) + ret = mbedtls_chacha20_starts(&ctx, nonce, counter); + if (ret != 0) { goto cleanup; + } - ret = mbedtls_chacha20_update( &ctx, data_len, input, output ); + ret = mbedtls_chacha20_update(&ctx, data_len, input, output); cleanup: - mbedtls_chacha20_free( &ctx ); - return( ret ); + mbedtls_chacha20_free(&ctx); + return ret; } #endif /* !MBEDTLS_CHACHA20_ALT */ @@ -495,50 +491,52 @@ static const size_t test_lengths[2] = /* Make sure no other definition is already present. */ #undef ASSERT -#define ASSERT( cond, args ) \ +#define ASSERT(cond, args) \ do \ { \ - if( ! ( cond ) ) \ + if (!(cond)) \ { \ - if( verbose != 0 ) \ - mbedtls_printf args; \ + if (verbose != 0) \ + mbedtls_printf args; \ \ - return( -1 ); \ + return -1; \ } \ } \ - while( 0 ) + while (0) -int mbedtls_chacha20_self_test( int verbose ) +int mbedtls_chacha20_self_test(int verbose) { unsigned char output[381]; unsigned i; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - for( i = 0U; i < 2U; i++ ) - { - if( verbose != 0 ) - mbedtls_printf( " ChaCha20 test %u ", i ); + for (i = 0U; i < 2U; i++) { + if (verbose != 0) { + mbedtls_printf(" ChaCha20 test %u ", i); + } - ret = mbedtls_chacha20_crypt( test_keys[i], - test_nonces[i], - test_counters[i], - test_lengths[i], - test_input[i], - output ); + ret = mbedtls_chacha20_crypt(test_keys[i], + test_nonces[i], + test_counters[i], + test_lengths[i], + test_input[i], + output); - ASSERT( 0 == ret, ( "error code: %i\n", ret ) ); + ASSERT(0 == ret, ("error code: %i\n", ret)); - ASSERT( 0 == memcmp( output, test_output[i], test_lengths[i] ), - ( "failed (output)\n" ) ); + ASSERT(0 == memcmp(output, test_output[i], test_lengths[i]), + ("failed (output)\n")); - if( verbose != 0 ) - mbedtls_printf( "passed\n" ); + if (verbose != 0) { + mbedtls_printf("passed\n"); + } } - if( verbose != 0 ) - mbedtls_printf( "\n" ); + if (verbose != 0) { + mbedtls_printf("\n"); + } - return( 0 ); + return 0; } #endif /* MBEDTLS_SELF_TEST */ diff --git a/thirdparty/mbedtls/library/chachapoly.c b/thirdparty/mbedtls/library/chachapoly.c index 4adf846857..ceb429287b 100644 --- a/thirdparty/mbedtls/library/chachapoly.c +++ b/thirdparty/mbedtls/library/chachapoly.c @@ -33,34 +33,35 @@ #if !defined(MBEDTLS_CHACHAPOLY_ALT) /* Parameter validation macros */ -#define CHACHAPOLY_VALIDATE_RET( cond ) \ - MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA ) -#define CHACHAPOLY_VALIDATE( cond ) \ - MBEDTLS_INTERNAL_VALIDATE( cond ) +#define CHACHAPOLY_VALIDATE_RET(cond) \ + MBEDTLS_INTERNAL_VALIDATE_RET(cond, MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA) +#define CHACHAPOLY_VALIDATE(cond) \ + MBEDTLS_INTERNAL_VALIDATE(cond) -#define CHACHAPOLY_STATE_INIT ( 0 ) -#define CHACHAPOLY_STATE_AAD ( 1 ) -#define CHACHAPOLY_STATE_CIPHERTEXT ( 2 ) /* Encrypting or decrypting */ -#define CHACHAPOLY_STATE_FINISHED ( 3 ) +#define CHACHAPOLY_STATE_INIT (0) +#define CHACHAPOLY_STATE_AAD (1) +#define CHACHAPOLY_STATE_CIPHERTEXT (2) /* Encrypting or decrypting */ +#define CHACHAPOLY_STATE_FINISHED (3) /** * \brief Adds nul bytes to pad the AAD for Poly1305. * * \param ctx The ChaCha20-Poly1305 context. */ -static int chachapoly_pad_aad( mbedtls_chachapoly_context *ctx ) +static int chachapoly_pad_aad(mbedtls_chachapoly_context *ctx) { - uint32_t partial_block_len = (uint32_t) ( ctx->aad_len % 16U ); + uint32_t partial_block_len = (uint32_t) (ctx->aad_len % 16U); unsigned char zeroes[15]; - if( partial_block_len == 0U ) - return( 0 ); + if (partial_block_len == 0U) { + return 0; + } - memset( zeroes, 0, sizeof( zeroes ) ); + memset(zeroes, 0, sizeof(zeroes)); - return( mbedtls_poly1305_update( &ctx->poly1305_ctx, - zeroes, - 16U - partial_block_len ) ); + return mbedtls_poly1305_update(&ctx->poly1305_ctx, + zeroes, + 16U - partial_block_len); } /** @@ -68,86 +69,89 @@ static int chachapoly_pad_aad( mbedtls_chachapoly_context *ctx ) * * \param ctx The ChaCha20-Poly1305 context. */ -static int chachapoly_pad_ciphertext( mbedtls_chachapoly_context *ctx ) +static int chachapoly_pad_ciphertext(mbedtls_chachapoly_context *ctx) { - uint32_t partial_block_len = (uint32_t) ( ctx->ciphertext_len % 16U ); + uint32_t partial_block_len = (uint32_t) (ctx->ciphertext_len % 16U); unsigned char zeroes[15]; - if( partial_block_len == 0U ) - return( 0 ); + if (partial_block_len == 0U) { + return 0; + } - memset( zeroes, 0, sizeof( zeroes ) ); - return( mbedtls_poly1305_update( &ctx->poly1305_ctx, - zeroes, - 16U - partial_block_len ) ); + memset(zeroes, 0, sizeof(zeroes)); + return mbedtls_poly1305_update(&ctx->poly1305_ctx, + zeroes, + 16U - partial_block_len); } -void mbedtls_chachapoly_init( mbedtls_chachapoly_context *ctx ) +void mbedtls_chachapoly_init(mbedtls_chachapoly_context *ctx) { - CHACHAPOLY_VALIDATE( ctx != NULL ); + CHACHAPOLY_VALIDATE(ctx != NULL); - mbedtls_chacha20_init( &ctx->chacha20_ctx ); - mbedtls_poly1305_init( &ctx->poly1305_ctx ); + mbedtls_chacha20_init(&ctx->chacha20_ctx); + mbedtls_poly1305_init(&ctx->poly1305_ctx); ctx->aad_len = 0U; ctx->ciphertext_len = 0U; ctx->state = CHACHAPOLY_STATE_INIT; ctx->mode = MBEDTLS_CHACHAPOLY_ENCRYPT; } -void mbedtls_chachapoly_free( mbedtls_chachapoly_context *ctx ) +void mbedtls_chachapoly_free(mbedtls_chachapoly_context *ctx) { - if( ctx == NULL ) + if (ctx == NULL) { return; + } - mbedtls_chacha20_free( &ctx->chacha20_ctx ); - mbedtls_poly1305_free( &ctx->poly1305_ctx ); + mbedtls_chacha20_free(&ctx->chacha20_ctx); + mbedtls_poly1305_free(&ctx->poly1305_ctx); ctx->aad_len = 0U; ctx->ciphertext_len = 0U; ctx->state = CHACHAPOLY_STATE_INIT; ctx->mode = MBEDTLS_CHACHAPOLY_ENCRYPT; } -int mbedtls_chachapoly_setkey( mbedtls_chachapoly_context *ctx, - const unsigned char key[32] ) +int mbedtls_chachapoly_setkey(mbedtls_chachapoly_context *ctx, + const unsigned char key[32]) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - CHACHAPOLY_VALIDATE_RET( ctx != NULL ); - CHACHAPOLY_VALIDATE_RET( key != NULL ); + CHACHAPOLY_VALIDATE_RET(ctx != NULL); + CHACHAPOLY_VALIDATE_RET(key != NULL); - ret = mbedtls_chacha20_setkey( &ctx->chacha20_ctx, key ); + ret = mbedtls_chacha20_setkey(&ctx->chacha20_ctx, key); - return( ret ); + return ret; } -int mbedtls_chachapoly_starts( mbedtls_chachapoly_context *ctx, - const unsigned char nonce[12], - mbedtls_chachapoly_mode_t mode ) +int mbedtls_chachapoly_starts(mbedtls_chachapoly_context *ctx, + const unsigned char nonce[12], + mbedtls_chachapoly_mode_t mode) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char poly1305_key[64]; - CHACHAPOLY_VALIDATE_RET( ctx != NULL ); - CHACHAPOLY_VALIDATE_RET( nonce != NULL ); + CHACHAPOLY_VALIDATE_RET(ctx != NULL); + CHACHAPOLY_VALIDATE_RET(nonce != NULL); /* Set counter = 0, will be update to 1 when generating Poly1305 key */ - ret = mbedtls_chacha20_starts( &ctx->chacha20_ctx, nonce, 0U ); - if( ret != 0 ) + ret = mbedtls_chacha20_starts(&ctx->chacha20_ctx, nonce, 0U); + if (ret != 0) { goto cleanup; + } /* Generate the Poly1305 key by getting the ChaCha20 keystream output with * counter = 0. This is the same as encrypting a buffer of zeroes. * Only the first 256-bits (32 bytes) of the key is used for Poly1305. * The other 256 bits are discarded. */ - memset( poly1305_key, 0, sizeof( poly1305_key ) ); - ret = mbedtls_chacha20_update( &ctx->chacha20_ctx, sizeof( poly1305_key ), - poly1305_key, poly1305_key ); - if( ret != 0 ) + memset(poly1305_key, 0, sizeof(poly1305_key)); + ret = mbedtls_chacha20_update(&ctx->chacha20_ctx, sizeof(poly1305_key), + poly1305_key, poly1305_key); + if (ret != 0) { goto cleanup; + } - ret = mbedtls_poly1305_starts( &ctx->poly1305_ctx, poly1305_key ); + ret = mbedtls_poly1305_starts(&ctx->poly1305_ctx, poly1305_key); - if( ret == 0 ) - { + if (ret == 0) { ctx->aad_len = 0U; ctx->ciphertext_len = 0U; ctx->state = CHACHAPOLY_STATE_AAD; @@ -155,100 +159,99 @@ int mbedtls_chachapoly_starts( mbedtls_chachapoly_context *ctx, } cleanup: - mbedtls_platform_zeroize( poly1305_key, 64U ); - return( ret ); + mbedtls_platform_zeroize(poly1305_key, 64U); + return ret; } -int mbedtls_chachapoly_update_aad( mbedtls_chachapoly_context *ctx, - const unsigned char *aad, - size_t aad_len ) +int mbedtls_chachapoly_update_aad(mbedtls_chachapoly_context *ctx, + const unsigned char *aad, + size_t aad_len) { - CHACHAPOLY_VALIDATE_RET( ctx != NULL ); - CHACHAPOLY_VALIDATE_RET( aad_len == 0 || aad != NULL ); + CHACHAPOLY_VALIDATE_RET(ctx != NULL); + CHACHAPOLY_VALIDATE_RET(aad_len == 0 || aad != NULL); - if( ctx->state != CHACHAPOLY_STATE_AAD ) - return( MBEDTLS_ERR_CHACHAPOLY_BAD_STATE ); + if (ctx->state != CHACHAPOLY_STATE_AAD) { + return MBEDTLS_ERR_CHACHAPOLY_BAD_STATE; + } ctx->aad_len += aad_len; - return( mbedtls_poly1305_update( &ctx->poly1305_ctx, aad, aad_len ) ); + return mbedtls_poly1305_update(&ctx->poly1305_ctx, aad, aad_len); } -int mbedtls_chachapoly_update( mbedtls_chachapoly_context *ctx, - size_t len, - const unsigned char *input, - unsigned char *output ) +int mbedtls_chachapoly_update(mbedtls_chachapoly_context *ctx, + size_t len, + const unsigned char *input, + unsigned char *output) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - CHACHAPOLY_VALIDATE_RET( ctx != NULL ); - CHACHAPOLY_VALIDATE_RET( len == 0 || input != NULL ); - CHACHAPOLY_VALIDATE_RET( len == 0 || output != NULL ); + CHACHAPOLY_VALIDATE_RET(ctx != NULL); + CHACHAPOLY_VALIDATE_RET(len == 0 || input != NULL); + CHACHAPOLY_VALIDATE_RET(len == 0 || output != NULL); - if( ( ctx->state != CHACHAPOLY_STATE_AAD ) && - ( ctx->state != CHACHAPOLY_STATE_CIPHERTEXT ) ) - { - return( MBEDTLS_ERR_CHACHAPOLY_BAD_STATE ); + if ((ctx->state != CHACHAPOLY_STATE_AAD) && + (ctx->state != CHACHAPOLY_STATE_CIPHERTEXT)) { + return MBEDTLS_ERR_CHACHAPOLY_BAD_STATE; } - if( ctx->state == CHACHAPOLY_STATE_AAD ) - { + if (ctx->state == CHACHAPOLY_STATE_AAD) { ctx->state = CHACHAPOLY_STATE_CIPHERTEXT; - ret = chachapoly_pad_aad( ctx ); - if( ret != 0 ) - return( ret ); + ret = chachapoly_pad_aad(ctx); + if (ret != 0) { + return ret; + } } ctx->ciphertext_len += len; - if( ctx->mode == MBEDTLS_CHACHAPOLY_ENCRYPT ) - { - ret = mbedtls_chacha20_update( &ctx->chacha20_ctx, len, input, output ); - if( ret != 0 ) - return( ret ); - - ret = mbedtls_poly1305_update( &ctx->poly1305_ctx, output, len ); - if( ret != 0 ) - return( ret ); - } - else /* DECRYPT */ - { - ret = mbedtls_poly1305_update( &ctx->poly1305_ctx, input, len ); - if( ret != 0 ) - return( ret ); - - ret = mbedtls_chacha20_update( &ctx->chacha20_ctx, len, input, output ); - if( ret != 0 ) - return( ret ); + if (ctx->mode == MBEDTLS_CHACHAPOLY_ENCRYPT) { + ret = mbedtls_chacha20_update(&ctx->chacha20_ctx, len, input, output); + if (ret != 0) { + return ret; + } + + ret = mbedtls_poly1305_update(&ctx->poly1305_ctx, output, len); + if (ret != 0) { + return ret; + } + } else { /* DECRYPT */ + ret = mbedtls_poly1305_update(&ctx->poly1305_ctx, input, len); + if (ret != 0) { + return ret; + } + + ret = mbedtls_chacha20_update(&ctx->chacha20_ctx, len, input, output); + if (ret != 0) { + return ret; + } } - return( 0 ); + return 0; } -int mbedtls_chachapoly_finish( mbedtls_chachapoly_context *ctx, - unsigned char mac[16] ) +int mbedtls_chachapoly_finish(mbedtls_chachapoly_context *ctx, + unsigned char mac[16]) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char len_block[16]; - CHACHAPOLY_VALIDATE_RET( ctx != NULL ); - CHACHAPOLY_VALIDATE_RET( mac != NULL ); + CHACHAPOLY_VALIDATE_RET(ctx != NULL); + CHACHAPOLY_VALIDATE_RET(mac != NULL); - if( ctx->state == CHACHAPOLY_STATE_INIT ) - { - return( MBEDTLS_ERR_CHACHAPOLY_BAD_STATE ); + if (ctx->state == CHACHAPOLY_STATE_INIT) { + return MBEDTLS_ERR_CHACHAPOLY_BAD_STATE; } - if( ctx->state == CHACHAPOLY_STATE_AAD ) - { - ret = chachapoly_pad_aad( ctx ); - if( ret != 0 ) - return( ret ); - } - else if( ctx->state == CHACHAPOLY_STATE_CIPHERTEXT ) - { - ret = chachapoly_pad_ciphertext( ctx ); - if( ret != 0 ) - return( ret ); + if (ctx->state == CHACHAPOLY_STATE_AAD) { + ret = chachapoly_pad_aad(ctx); + if (ret != 0) { + return ret; + } + } else if (ctx->state == CHACHAPOLY_STATE_CIPHERTEXT) { + ret = chachapoly_pad_ciphertext(ctx); + if (ret != 0) { + return ret; + } } ctx->state = CHACHAPOLY_STATE_FINISHED; @@ -259,104 +262,107 @@ int mbedtls_chachapoly_finish( mbedtls_chachapoly_context *ctx, MBEDTLS_PUT_UINT64_LE(ctx->aad_len, len_block, 0); MBEDTLS_PUT_UINT64_LE(ctx->ciphertext_len, len_block, 8); - ret = mbedtls_poly1305_update( &ctx->poly1305_ctx, len_block, 16U ); - if( ret != 0 ) - return( ret ); + ret = mbedtls_poly1305_update(&ctx->poly1305_ctx, len_block, 16U); + if (ret != 0) { + return ret; + } - ret = mbedtls_poly1305_finish( &ctx->poly1305_ctx, mac ); + ret = mbedtls_poly1305_finish(&ctx->poly1305_ctx, mac); - return( ret ); + return ret; } -static int chachapoly_crypt_and_tag( mbedtls_chachapoly_context *ctx, - mbedtls_chachapoly_mode_t mode, - size_t length, - const unsigned char nonce[12], - const unsigned char *aad, - size_t aad_len, - const unsigned char *input, - unsigned char *output, - unsigned char tag[16] ) +static int chachapoly_crypt_and_tag(mbedtls_chachapoly_context *ctx, + mbedtls_chachapoly_mode_t mode, + size_t length, + const unsigned char nonce[12], + const unsigned char *aad, + size_t aad_len, + const unsigned char *input, + unsigned char *output, + unsigned char tag[16]) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - ret = mbedtls_chachapoly_starts( ctx, nonce, mode ); - if( ret != 0 ) + ret = mbedtls_chachapoly_starts(ctx, nonce, mode); + if (ret != 0) { goto cleanup; + } - ret = mbedtls_chachapoly_update_aad( ctx, aad, aad_len ); - if( ret != 0 ) + ret = mbedtls_chachapoly_update_aad(ctx, aad, aad_len); + if (ret != 0) { goto cleanup; + } - ret = mbedtls_chachapoly_update( ctx, length, input, output ); - if( ret != 0 ) + ret = mbedtls_chachapoly_update(ctx, length, input, output); + if (ret != 0) { goto cleanup; + } - ret = mbedtls_chachapoly_finish( ctx, tag ); + ret = mbedtls_chachapoly_finish(ctx, tag); cleanup: - return( ret ); + return ret; } -int mbedtls_chachapoly_encrypt_and_tag( mbedtls_chachapoly_context *ctx, - size_t length, - const unsigned char nonce[12], - const unsigned char *aad, - size_t aad_len, - const unsigned char *input, - unsigned char *output, - unsigned char tag[16] ) +int mbedtls_chachapoly_encrypt_and_tag(mbedtls_chachapoly_context *ctx, + size_t length, + const unsigned char nonce[12], + const unsigned char *aad, + size_t aad_len, + const unsigned char *input, + unsigned char *output, + unsigned char tag[16]) { - CHACHAPOLY_VALIDATE_RET( ctx != NULL ); - CHACHAPOLY_VALIDATE_RET( nonce != NULL ); - CHACHAPOLY_VALIDATE_RET( tag != NULL ); - CHACHAPOLY_VALIDATE_RET( aad_len == 0 || aad != NULL ); - CHACHAPOLY_VALIDATE_RET( length == 0 || input != NULL ); - CHACHAPOLY_VALIDATE_RET( length == 0 || output != NULL ); - - return( chachapoly_crypt_and_tag( ctx, MBEDTLS_CHACHAPOLY_ENCRYPT, - length, nonce, aad, aad_len, - input, output, tag ) ); + CHACHAPOLY_VALIDATE_RET(ctx != NULL); + CHACHAPOLY_VALIDATE_RET(nonce != NULL); + CHACHAPOLY_VALIDATE_RET(tag != NULL); + CHACHAPOLY_VALIDATE_RET(aad_len == 0 || aad != NULL); + CHACHAPOLY_VALIDATE_RET(length == 0 || input != NULL); + CHACHAPOLY_VALIDATE_RET(length == 0 || output != NULL); + + return chachapoly_crypt_and_tag(ctx, MBEDTLS_CHACHAPOLY_ENCRYPT, + length, nonce, aad, aad_len, + input, output, tag); } -int mbedtls_chachapoly_auth_decrypt( mbedtls_chachapoly_context *ctx, - size_t length, - const unsigned char nonce[12], - const unsigned char *aad, - size_t aad_len, - const unsigned char tag[16], - const unsigned char *input, - unsigned char *output ) +int mbedtls_chachapoly_auth_decrypt(mbedtls_chachapoly_context *ctx, + size_t length, + const unsigned char nonce[12], + const unsigned char *aad, + size_t aad_len, + const unsigned char tag[16], + const unsigned char *input, + unsigned char *output) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char check_tag[16]; size_t i; int diff; - CHACHAPOLY_VALIDATE_RET( ctx != NULL ); - CHACHAPOLY_VALIDATE_RET( nonce != NULL ); - CHACHAPOLY_VALIDATE_RET( tag != NULL ); - CHACHAPOLY_VALIDATE_RET( aad_len == 0 || aad != NULL ); - CHACHAPOLY_VALIDATE_RET( length == 0 || input != NULL ); - CHACHAPOLY_VALIDATE_RET( length == 0 || output != NULL ); - - if( ( ret = chachapoly_crypt_and_tag( ctx, - MBEDTLS_CHACHAPOLY_DECRYPT, length, nonce, - aad, aad_len, input, output, check_tag ) ) != 0 ) - { - return( ret ); + CHACHAPOLY_VALIDATE_RET(ctx != NULL); + CHACHAPOLY_VALIDATE_RET(nonce != NULL); + CHACHAPOLY_VALIDATE_RET(tag != NULL); + CHACHAPOLY_VALIDATE_RET(aad_len == 0 || aad != NULL); + CHACHAPOLY_VALIDATE_RET(length == 0 || input != NULL); + CHACHAPOLY_VALIDATE_RET(length == 0 || output != NULL); + + if ((ret = chachapoly_crypt_and_tag(ctx, + MBEDTLS_CHACHAPOLY_DECRYPT, length, nonce, + aad, aad_len, input, output, check_tag)) != 0) { + return ret; } /* Check tag in "constant-time" */ - for( diff = 0, i = 0; i < sizeof( check_tag ); i++ ) + for (diff = 0, i = 0; i < sizeof(check_tag); i++) { diff |= tag[i] ^ check_tag[i]; + } - if( diff != 0 ) - { - mbedtls_platform_zeroize( output, length ); - return( MBEDTLS_ERR_CHACHAPOLY_AUTH_FAILED ); + if (diff != 0) { + mbedtls_platform_zeroize(output, length); + return MBEDTLS_ERR_CHACHAPOLY_AUTH_FAILED; } - return( 0 ); + return 0; } #endif /* MBEDTLS_CHACHAPOLY_ALT */ @@ -452,20 +458,20 @@ static const unsigned char test_mac[1][16] = /* Make sure no other definition is already present. */ #undef ASSERT -#define ASSERT( cond, args ) \ +#define ASSERT(cond, args) \ do \ { \ - if( ! ( cond ) ) \ + if (!(cond)) \ { \ - if( verbose != 0 ) \ - mbedtls_printf args; \ + if (verbose != 0) \ + mbedtls_printf args; \ \ - return( -1 ); \ + return -1; \ } \ } \ - while( 0 ) + while (0) -int mbedtls_chachapoly_self_test( int verbose ) +int mbedtls_chachapoly_self_test(int verbose) { mbedtls_chachapoly_context ctx; unsigned i; @@ -473,43 +479,45 @@ int mbedtls_chachapoly_self_test( int verbose ) unsigned char output[200]; unsigned char mac[16]; - for( i = 0U; i < 1U; i++ ) - { - if( verbose != 0 ) - mbedtls_printf( " ChaCha20-Poly1305 test %u ", i ); + for (i = 0U; i < 1U; i++) { + if (verbose != 0) { + mbedtls_printf(" ChaCha20-Poly1305 test %u ", i); + } - mbedtls_chachapoly_init( &ctx ); + mbedtls_chachapoly_init(&ctx); - ret = mbedtls_chachapoly_setkey( &ctx, test_key[i] ); - ASSERT( 0 == ret, ( "setkey() error code: %i\n", ret ) ); + ret = mbedtls_chachapoly_setkey(&ctx, test_key[i]); + ASSERT(0 == ret, ("setkey() error code: %i\n", ret)); - ret = mbedtls_chachapoly_encrypt_and_tag( &ctx, - test_input_len[i], - test_nonce[i], - test_aad[i], - test_aad_len[i], - test_input[i], - output, - mac ); + ret = mbedtls_chachapoly_encrypt_and_tag(&ctx, + test_input_len[i], + test_nonce[i], + test_aad[i], + test_aad_len[i], + test_input[i], + output, + mac); - ASSERT( 0 == ret, ( "crypt_and_tag() error code: %i\n", ret ) ); + ASSERT(0 == ret, ("crypt_and_tag() error code: %i\n", ret)); - ASSERT( 0 == memcmp( output, test_output[i], test_input_len[i] ), - ( "failure (wrong output)\n" ) ); + ASSERT(0 == memcmp(output, test_output[i], test_input_len[i]), + ("failure (wrong output)\n")); - ASSERT( 0 == memcmp( mac, test_mac[i], 16U ), - ( "failure (wrong MAC)\n" ) ); + ASSERT(0 == memcmp(mac, test_mac[i], 16U), + ("failure (wrong MAC)\n")); - mbedtls_chachapoly_free( &ctx ); + mbedtls_chachapoly_free(&ctx); - if( verbose != 0 ) - mbedtls_printf( "passed\n" ); + if (verbose != 0) { + mbedtls_printf("passed\n"); + } } - if( verbose != 0 ) - mbedtls_printf( "\n" ); + if (verbose != 0) { + mbedtls_printf("\n"); + } - return( 0 ); + return 0; } #endif /* MBEDTLS_SELF_TEST */ diff --git a/thirdparty/mbedtls/library/check_crypto_config.h b/thirdparty/mbedtls/library/check_crypto_config.h index d7ad16a617..b72de80d0a 100644 --- a/thirdparty/mbedtls/library/check_crypto_config.h +++ b/thirdparty/mbedtls/library/check_crypto_config.h @@ -29,57 +29,57 @@ #define MBEDTLS_CHECK_CRYPTO_CONFIG_H #if defined(PSA_WANT_ALG_CCM) && \ - !( defined(PSA_WANT_KEY_TYPE_AES) || \ - defined(PSA_WANT_KEY_TYPE_CAMELLIA) ) + !(defined(PSA_WANT_KEY_TYPE_AES) || \ + defined(PSA_WANT_KEY_TYPE_CAMELLIA)) #error "PSA_WANT_ALG_CCM defined, but not all prerequisites" #endif #if defined(PSA_WANT_ALG_CMAC) && \ - !( defined(PSA_WANT_KEY_TYPE_AES) || \ - defined(PSA_WANT_KEY_TYPE_CAMELLIA) || \ - defined(PSA_WANT_KEY_TYPE_DES) ) + !(defined(PSA_WANT_KEY_TYPE_AES) || \ + defined(PSA_WANT_KEY_TYPE_CAMELLIA) || \ + defined(PSA_WANT_KEY_TYPE_DES)) #error "PSA_WANT_ALG_CMAC defined, but not all prerequisites" #endif #if defined(PSA_WANT_ALG_DETERMINISTIC_ECDSA) && \ - !( defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR) || \ - defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) ) + !(defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR) || \ + defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY)) #error "PSA_WANT_ALG_DETERMINISTIC_ECDSA defined, but not all prerequisites" #endif #if defined(PSA_WANT_ALG_ECDSA) && \ - !( defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR) || \ - defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) ) + !(defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR) || \ + defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY)) #error "PSA_WANT_ALG_ECDSA defined, but not all prerequisites" #endif #if defined(PSA_WANT_ALG_GCM) && \ - !( defined(PSA_WANT_KEY_TYPE_AES) || \ - defined(PSA_WANT_KEY_TYPE_CAMELLIA) ) + !(defined(PSA_WANT_KEY_TYPE_AES) || \ + defined(PSA_WANT_KEY_TYPE_CAMELLIA)) #error "PSA_WANT_ALG_GCM defined, but not all prerequisites" #endif #if defined(PSA_WANT_ALG_RSA_PKCS1V15_CRYPT) && \ - !( defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR) || \ - defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY) ) + !(defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR) || \ + defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY)) #error "PSA_WANT_ALG_RSA_PKCS1V15_CRYPT defined, but not all prerequisites" #endif #if defined(PSA_WANT_ALG_RSA_PKCS1V15_SIGN) && \ - !( defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR) || \ - defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY) ) + !(defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR) || \ + defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY)) #error "PSA_WANT_ALG_RSA_PKCS1V15_SIGN defined, but not all prerequisites" #endif #if defined(PSA_WANT_ALG_RSA_OAEP) && \ - !( defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR) || \ - defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY) ) + !(defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR) || \ + defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY)) #error "PSA_WANT_ALG_RSA_OAEP defined, but not all prerequisites" #endif #if defined(PSA_WANT_ALG_RSA_PSS) && \ - !( defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR) || \ - defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY) ) + !(defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR) || \ + defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY)) #error "PSA_WANT_ALG_RSA_PSS defined, but not all prerequisites" #endif diff --git a/thirdparty/mbedtls/library/cipher.c b/thirdparty/mbedtls/library/cipher.c index 67e3274587..36f87c3005 100644 --- a/thirdparty/mbedtls/library/cipher.c +++ b/thirdparty/mbedtls/library/cipher.c @@ -65,137 +65,144 @@ #include "mbedtls/platform.h" -#define CIPHER_VALIDATE_RET( cond ) \ - MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ) -#define CIPHER_VALIDATE( cond ) \ - MBEDTLS_INTERNAL_VALIDATE( cond ) +#define CIPHER_VALIDATE_RET(cond) \ + MBEDTLS_INTERNAL_VALIDATE_RET(cond, MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA) +#define CIPHER_VALIDATE(cond) \ + MBEDTLS_INTERNAL_VALIDATE(cond) static int supported_init = 0; -const int *mbedtls_cipher_list( void ) +const int *mbedtls_cipher_list(void) { const mbedtls_cipher_definition_t *def; int *type; - if( ! supported_init ) - { + if (!supported_init) { def = mbedtls_cipher_definitions; type = mbedtls_cipher_supported; - while( def->type != 0 ) + while (def->type != 0) { *type++ = (*def++).type; + } *type = 0; supported_init = 1; } - return( mbedtls_cipher_supported ); + return mbedtls_cipher_supported; } const mbedtls_cipher_info_t *mbedtls_cipher_info_from_type( - const mbedtls_cipher_type_t cipher_type ) + const mbedtls_cipher_type_t cipher_type) { const mbedtls_cipher_definition_t *def; - for( def = mbedtls_cipher_definitions; def->info != NULL; def++ ) - if( def->type == cipher_type ) - return( def->info ); + for (def = mbedtls_cipher_definitions; def->info != NULL; def++) { + if (def->type == cipher_type) { + return def->info; + } + } - return( NULL ); + return NULL; } const mbedtls_cipher_info_t *mbedtls_cipher_info_from_string( - const char *cipher_name ) + const char *cipher_name) { const mbedtls_cipher_definition_t *def; - if( NULL == cipher_name ) - return( NULL ); + if (NULL == cipher_name) { + return NULL; + } - for( def = mbedtls_cipher_definitions; def->info != NULL; def++ ) - if( ! strcmp( def->info->name, cipher_name ) ) - return( def->info ); + for (def = mbedtls_cipher_definitions; def->info != NULL; def++) { + if (!strcmp(def->info->name, cipher_name)) { + return def->info; + } + } - return( NULL ); + return NULL; } const mbedtls_cipher_info_t *mbedtls_cipher_info_from_values( const mbedtls_cipher_id_t cipher_id, int key_bitlen, - const mbedtls_cipher_mode_t mode ) + const mbedtls_cipher_mode_t mode) { const mbedtls_cipher_definition_t *def; - for( def = mbedtls_cipher_definitions; def->info != NULL; def++ ) - if( def->info->base->cipher == cipher_id && + for (def = mbedtls_cipher_definitions; def->info != NULL; def++) { + if (def->info->base->cipher == cipher_id && def->info->key_bitlen == (unsigned) key_bitlen && - def->info->mode == mode ) - return( def->info ); + def->info->mode == mode) { + return def->info; + } + } - return( NULL ); + return NULL; } -void mbedtls_cipher_init( mbedtls_cipher_context_t *ctx ) +void mbedtls_cipher_init(mbedtls_cipher_context_t *ctx) { - CIPHER_VALIDATE( ctx != NULL ); - memset( ctx, 0, sizeof( mbedtls_cipher_context_t ) ); + CIPHER_VALIDATE(ctx != NULL); + memset(ctx, 0, sizeof(mbedtls_cipher_context_t)); } -void mbedtls_cipher_free( mbedtls_cipher_context_t *ctx ) +void mbedtls_cipher_free(mbedtls_cipher_context_t *ctx) { - if( ctx == NULL ) + if (ctx == NULL) { return; + } #if defined(MBEDTLS_USE_PSA_CRYPTO) - if( ctx->psa_enabled == 1 ) - { - if( ctx->cipher_ctx != NULL ) - { + if (ctx->psa_enabled == 1) { + if (ctx->cipher_ctx != NULL) { mbedtls_cipher_context_psa * const cipher_psa = (mbedtls_cipher_context_psa *) ctx->cipher_ctx; - if( cipher_psa->slot_state == MBEDTLS_CIPHER_PSA_KEY_OWNED ) - { + if (cipher_psa->slot_state == MBEDTLS_CIPHER_PSA_KEY_OWNED) { /* xxx_free() doesn't allow to return failures. */ - (void) psa_destroy_key( cipher_psa->slot ); + (void) psa_destroy_key(cipher_psa->slot); } - mbedtls_platform_zeroize( cipher_psa, sizeof( *cipher_psa ) ); - mbedtls_free( cipher_psa ); + mbedtls_platform_zeroize(cipher_psa, sizeof(*cipher_psa)); + mbedtls_free(cipher_psa); } - mbedtls_platform_zeroize( ctx, sizeof(mbedtls_cipher_context_t) ); + mbedtls_platform_zeroize(ctx, sizeof(mbedtls_cipher_context_t)); return; } #endif /* MBEDTLS_USE_PSA_CRYPTO */ #if defined(MBEDTLS_CMAC_C) - if( ctx->cmac_ctx ) - { - mbedtls_platform_zeroize( ctx->cmac_ctx, - sizeof( mbedtls_cmac_context_t ) ); - mbedtls_free( ctx->cmac_ctx ); + if (ctx->cmac_ctx) { + mbedtls_platform_zeroize(ctx->cmac_ctx, + sizeof(mbedtls_cmac_context_t)); + mbedtls_free(ctx->cmac_ctx); } #endif - if( ctx->cipher_ctx ) - ctx->cipher_info->base->ctx_free_func( ctx->cipher_ctx ); + if (ctx->cipher_ctx) { + ctx->cipher_info->base->ctx_free_func(ctx->cipher_ctx); + } - mbedtls_platform_zeroize( ctx, sizeof(mbedtls_cipher_context_t) ); + mbedtls_platform_zeroize(ctx, sizeof(mbedtls_cipher_context_t)); } -int mbedtls_cipher_setup( mbedtls_cipher_context_t *ctx, - const mbedtls_cipher_info_t *cipher_info ) +int mbedtls_cipher_setup(mbedtls_cipher_context_t *ctx, + const mbedtls_cipher_info_t *cipher_info) { - CIPHER_VALIDATE_RET( ctx != NULL ); - if( cipher_info == NULL ) - return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + CIPHER_VALIDATE_RET(ctx != NULL); + if (cipher_info == NULL) { + return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA; + } - memset( ctx, 0, sizeof( mbedtls_cipher_context_t ) ); + memset(ctx, 0, sizeof(mbedtls_cipher_context_t)); - if( NULL == ( ctx->cipher_ctx = cipher_info->base->ctx_alloc_func() ) ) - return( MBEDTLS_ERR_CIPHER_ALLOC_FAILED ); + if (NULL == (ctx->cipher_ctx = cipher_info->base->ctx_alloc_func())) { + return MBEDTLS_ERR_CIPHER_ALLOC_FAILED; + } ctx->cipher_info = cipher_info; @@ -204,106 +211,112 @@ int mbedtls_cipher_setup( mbedtls_cipher_context_t *ctx, * Ignore possible errors caused by a cipher mode that doesn't use padding */ #if defined(MBEDTLS_CIPHER_PADDING_PKCS7) - (void) mbedtls_cipher_set_padding_mode( ctx, MBEDTLS_PADDING_PKCS7 ); + (void) mbedtls_cipher_set_padding_mode(ctx, MBEDTLS_PADDING_PKCS7); #else - (void) mbedtls_cipher_set_padding_mode( ctx, MBEDTLS_PADDING_NONE ); + (void) mbedtls_cipher_set_padding_mode(ctx, MBEDTLS_PADDING_NONE); #endif #endif /* MBEDTLS_CIPHER_MODE_WITH_PADDING */ - return( 0 ); + return 0; } #if defined(MBEDTLS_USE_PSA_CRYPTO) -int mbedtls_cipher_setup_psa( mbedtls_cipher_context_t *ctx, - const mbedtls_cipher_info_t *cipher_info, - size_t taglen ) +int mbedtls_cipher_setup_psa(mbedtls_cipher_context_t *ctx, + const mbedtls_cipher_info_t *cipher_info, + size_t taglen) { psa_algorithm_t alg; mbedtls_cipher_context_psa *cipher_psa; - if( NULL == cipher_info || NULL == ctx ) - return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + if (NULL == cipher_info || NULL == ctx) { + return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA; + } /* Check that the underlying cipher mode and cipher type are * supported by the underlying PSA Crypto implementation. */ - alg = mbedtls_psa_translate_cipher_mode( cipher_info->mode, taglen ); - if( alg == 0 ) - return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE ); - if( mbedtls_psa_translate_cipher_type( cipher_info->type ) == 0 ) - return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE ); + alg = mbedtls_psa_translate_cipher_mode(cipher_info->mode, taglen); + if (alg == 0) { + return MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE; + } + if (mbedtls_psa_translate_cipher_type(cipher_info->type) == 0) { + return MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE; + } - memset( ctx, 0, sizeof( mbedtls_cipher_context_t ) ); + memset(ctx, 0, sizeof(mbedtls_cipher_context_t)); - cipher_psa = mbedtls_calloc( 1, sizeof(mbedtls_cipher_context_psa ) ); - if( cipher_psa == NULL ) - return( MBEDTLS_ERR_CIPHER_ALLOC_FAILED ); + cipher_psa = mbedtls_calloc(1, sizeof(mbedtls_cipher_context_psa)); + if (cipher_psa == NULL) { + return MBEDTLS_ERR_CIPHER_ALLOC_FAILED; + } cipher_psa->alg = alg; ctx->cipher_ctx = cipher_psa; ctx->cipher_info = cipher_info; ctx->psa_enabled = 1; - return( 0 ); + return 0; } #endif /* MBEDTLS_USE_PSA_CRYPTO */ -int mbedtls_cipher_setkey( mbedtls_cipher_context_t *ctx, - const unsigned char *key, - int key_bitlen, - const mbedtls_operation_t operation ) +int mbedtls_cipher_setkey(mbedtls_cipher_context_t *ctx, + const unsigned char *key, + int key_bitlen, + const mbedtls_operation_t operation) { - CIPHER_VALIDATE_RET( ctx != NULL ); - CIPHER_VALIDATE_RET( key != NULL ); - CIPHER_VALIDATE_RET( operation == MBEDTLS_ENCRYPT || - operation == MBEDTLS_DECRYPT ); - if( ctx->cipher_info == NULL ) - return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + CIPHER_VALIDATE_RET(ctx != NULL); + CIPHER_VALIDATE_RET(key != NULL); + CIPHER_VALIDATE_RET(operation == MBEDTLS_ENCRYPT || + operation == MBEDTLS_DECRYPT); + if (ctx->cipher_info == NULL) { + return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA; + } #if defined(MBEDTLS_USE_PSA_CRYPTO) - if( ctx->psa_enabled == 1 ) - { + if (ctx->psa_enabled == 1) { mbedtls_cipher_context_psa * const cipher_psa = (mbedtls_cipher_context_psa *) ctx->cipher_ctx; - size_t const key_bytelen = ( (size_t) key_bitlen + 7 ) / 8; + size_t const key_bytelen = ((size_t) key_bitlen + 7) / 8; psa_status_t status; psa_key_type_t key_type; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; /* PSA Crypto API only accepts byte-aligned keys. */ - if( key_bitlen % 8 != 0 ) - return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + if (key_bitlen % 8 != 0) { + return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA; + } /* Don't allow keys to be set multiple times. */ - if( cipher_psa->slot_state != MBEDTLS_CIPHER_PSA_KEY_UNSET ) - return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + if (cipher_psa->slot_state != MBEDTLS_CIPHER_PSA_KEY_UNSET) { + return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA; + } key_type = mbedtls_psa_translate_cipher_type( - ctx->cipher_info->type ); - if( key_type == 0 ) - return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE ); - psa_set_key_type( &attributes, key_type ); + ctx->cipher_info->type); + if (key_type == 0) { + return MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE; + } + psa_set_key_type(&attributes, key_type); /* Mbed TLS' cipher layer doesn't enforce the mode of operation * (encrypt vs. decrypt): it is possible to setup a key for encryption * and use it for AEAD decryption. Until tests relying on this * are changed, allow any usage in PSA. */ - psa_set_key_usage_flags( &attributes, - /* mbedtls_psa_translate_cipher_operation( operation ); */ - PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT ); - psa_set_key_algorithm( &attributes, cipher_psa->alg ); - - status = psa_import_key( &attributes, key, key_bytelen, - &cipher_psa->slot ); - switch( status ) - { + psa_set_key_usage_flags(&attributes, + /* mbedtls_psa_translate_cipher_operation( operation ); */ + PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT); + psa_set_key_algorithm(&attributes, cipher_psa->alg); + + status = psa_import_key(&attributes, key, key_bytelen, + &cipher_psa->slot); + switch (status) { case PSA_SUCCESS: break; case PSA_ERROR_INSUFFICIENT_MEMORY: - return( MBEDTLS_ERR_CIPHER_ALLOC_FAILED ); + return MBEDTLS_ERR_CIPHER_ALLOC_FAILED; case PSA_ERROR_NOT_SUPPORTED: - return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE ); + return MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE; default: - return( MBEDTLS_ERR_CIPHER_HW_ACCEL_FAILED ); + return MBEDTLS_ERR_CIPHER_HW_ACCEL_FAILED; } /* Indicate that we own the key slot and need to * destroy it in mbedtls_cipher_free(). */ @@ -311,14 +324,13 @@ int mbedtls_cipher_setkey( mbedtls_cipher_context_t *ctx, ctx->key_bitlen = key_bitlen; ctx->operation = operation; - return( 0 ); + return 0; } #endif /* MBEDTLS_USE_PSA_CRYPTO */ - if( ( ctx->cipher_info->flags & MBEDTLS_CIPHER_VARIABLE_KEY_LEN ) == 0 && - (int) ctx->cipher_info->key_bitlen != key_bitlen ) - { - return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + if ((ctx->cipher_info->flags & MBEDTLS_CIPHER_VARIABLE_KEY_LEN) == 0 && + (int) ctx->cipher_info->key_bitlen != key_bitlen) { + return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA; } ctx->key_bitlen = key_bitlen; @@ -327,268 +339,258 @@ int mbedtls_cipher_setkey( mbedtls_cipher_context_t *ctx, /* * For OFB, CFB and CTR mode always use the encryption key schedule */ - if( MBEDTLS_ENCRYPT == operation || + if (MBEDTLS_ENCRYPT == operation || MBEDTLS_MODE_CFB == ctx->cipher_info->mode || MBEDTLS_MODE_OFB == ctx->cipher_info->mode || - MBEDTLS_MODE_CTR == ctx->cipher_info->mode ) - { - return( ctx->cipher_info->base->setkey_enc_func( ctx->cipher_ctx, key, - ctx->key_bitlen ) ); + MBEDTLS_MODE_CTR == ctx->cipher_info->mode) { + return ctx->cipher_info->base->setkey_enc_func(ctx->cipher_ctx, key, + ctx->key_bitlen); } - if( MBEDTLS_DECRYPT == operation ) - return( ctx->cipher_info->base->setkey_dec_func( ctx->cipher_ctx, key, - ctx->key_bitlen ) ); + if (MBEDTLS_DECRYPT == operation) { + return ctx->cipher_info->base->setkey_dec_func(ctx->cipher_ctx, key, + ctx->key_bitlen); + } - return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA; } -int mbedtls_cipher_set_iv( mbedtls_cipher_context_t *ctx, - const unsigned char *iv, - size_t iv_len ) +int mbedtls_cipher_set_iv(mbedtls_cipher_context_t *ctx, + const unsigned char *iv, + size_t iv_len) { size_t actual_iv_size; - CIPHER_VALIDATE_RET( ctx != NULL ); - CIPHER_VALIDATE_RET( iv_len == 0 || iv != NULL ); - if( ctx->cipher_info == NULL ) - return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + CIPHER_VALIDATE_RET(ctx != NULL); + CIPHER_VALIDATE_RET(iv_len == 0 || iv != NULL); + if (ctx->cipher_info == NULL) { + return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA; + } #if defined(MBEDTLS_USE_PSA_CRYPTO) - if( ctx->psa_enabled == 1 ) - { + if (ctx->psa_enabled == 1) { /* While PSA Crypto has an API for multipart * operations, we currently don't make it * accessible through the cipher layer. */ - return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE ); + return MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE; } #endif /* MBEDTLS_USE_PSA_CRYPTO */ /* avoid buffer overflow in ctx->iv */ - if( iv_len > MBEDTLS_MAX_IV_LENGTH ) - return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE ); + if (iv_len > MBEDTLS_MAX_IV_LENGTH) { + return MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE; + } - if( ( ctx->cipher_info->flags & MBEDTLS_CIPHER_VARIABLE_IV_LEN ) != 0 ) + if ((ctx->cipher_info->flags & MBEDTLS_CIPHER_VARIABLE_IV_LEN) != 0) { actual_iv_size = iv_len; - else - { + } else { actual_iv_size = ctx->cipher_info->iv_size; /* avoid reading past the end of input buffer */ - if( actual_iv_size > iv_len ) - return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + if (actual_iv_size > iv_len) { + return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA; + } } #if defined(MBEDTLS_CHACHA20_C) - if ( ctx->cipher_info->type == MBEDTLS_CIPHER_CHACHA20 ) - { + if (ctx->cipher_info->type == MBEDTLS_CIPHER_CHACHA20) { /* Even though the actual_iv_size is overwritten with a correct value * of 12 from the cipher info, return an error to indicate that * the input iv_len is wrong. */ - if( iv_len != 12 ) - return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); - - if ( 0 != mbedtls_chacha20_starts( (mbedtls_chacha20_context*)ctx->cipher_ctx, - iv, - 0U ) ) /* Initial counter value */ - { - return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + if (iv_len != 12) { + return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA; + } + + if (0 != mbedtls_chacha20_starts((mbedtls_chacha20_context *) ctx->cipher_ctx, + iv, + 0U)) { /* Initial counter value */ + return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA; } } #if defined(MBEDTLS_CHACHAPOLY_C) - if ( ctx->cipher_info->type == MBEDTLS_CIPHER_CHACHA20_POLY1305 && - iv_len != 12 ) - return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + if (ctx->cipher_info->type == MBEDTLS_CIPHER_CHACHA20_POLY1305 && + iv_len != 12) { + return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA; + } #endif #endif - if ( actual_iv_size != 0 ) - { - memcpy( ctx->iv, iv, actual_iv_size ); + if (actual_iv_size != 0) { + memcpy(ctx->iv, iv, actual_iv_size); ctx->iv_size = actual_iv_size; } - return( 0 ); + return 0; } -int mbedtls_cipher_reset( mbedtls_cipher_context_t *ctx ) +int mbedtls_cipher_reset(mbedtls_cipher_context_t *ctx) { - CIPHER_VALIDATE_RET( ctx != NULL ); - if( ctx->cipher_info == NULL ) - return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + CIPHER_VALIDATE_RET(ctx != NULL); + if (ctx->cipher_info == NULL) { + return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA; + } #if defined(MBEDTLS_USE_PSA_CRYPTO) - if( ctx->psa_enabled == 1 ) - { + if (ctx->psa_enabled == 1) { /* We don't support resetting PSA-based * cipher contexts, yet. */ - return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE ); + return MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE; } #endif /* MBEDTLS_USE_PSA_CRYPTO */ ctx->unprocessed_len = 0; - return( 0 ); + return 0; } #if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) -int mbedtls_cipher_update_ad( mbedtls_cipher_context_t *ctx, - const unsigned char *ad, size_t ad_len ) +int mbedtls_cipher_update_ad(mbedtls_cipher_context_t *ctx, + const unsigned char *ad, size_t ad_len) { - CIPHER_VALIDATE_RET( ctx != NULL ); - CIPHER_VALIDATE_RET( ad_len == 0 || ad != NULL ); - if( ctx->cipher_info == NULL ) - return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + CIPHER_VALIDATE_RET(ctx != NULL); + CIPHER_VALIDATE_RET(ad_len == 0 || ad != NULL); + if (ctx->cipher_info == NULL) { + return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA; + } #if defined(MBEDTLS_USE_PSA_CRYPTO) - if( ctx->psa_enabled == 1 ) - { + if (ctx->psa_enabled == 1) { /* While PSA Crypto has an API for multipart * operations, we currently don't make it * accessible through the cipher layer. */ - return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE ); + return MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE; } #endif /* MBEDTLS_USE_PSA_CRYPTO */ #if defined(MBEDTLS_GCM_C) - if( MBEDTLS_MODE_GCM == ctx->cipher_info->mode ) - { - return( mbedtls_gcm_starts( (mbedtls_gcm_context *) ctx->cipher_ctx, ctx->operation, - ctx->iv, ctx->iv_size, ad, ad_len ) ); + if (MBEDTLS_MODE_GCM == ctx->cipher_info->mode) { + return mbedtls_gcm_starts((mbedtls_gcm_context *) ctx->cipher_ctx, ctx->operation, + ctx->iv, ctx->iv_size, ad, ad_len); } #endif #if defined(MBEDTLS_CHACHAPOLY_C) - if (MBEDTLS_CIPHER_CHACHA20_POLY1305 == ctx->cipher_info->type ) - { + if (MBEDTLS_CIPHER_CHACHA20_POLY1305 == ctx->cipher_info->type) { int result; mbedtls_chachapoly_mode_t mode; - mode = ( ctx->operation == MBEDTLS_ENCRYPT ) + mode = (ctx->operation == MBEDTLS_ENCRYPT) ? MBEDTLS_CHACHAPOLY_ENCRYPT : MBEDTLS_CHACHAPOLY_DECRYPT; - result = mbedtls_chachapoly_starts( (mbedtls_chachapoly_context*) ctx->cipher_ctx, - ctx->iv, - mode ); - if ( result != 0 ) - return( result ); + result = mbedtls_chachapoly_starts((mbedtls_chachapoly_context *) ctx->cipher_ctx, + ctx->iv, + mode); + if (result != 0) { + return result; + } - return( mbedtls_chachapoly_update_aad( (mbedtls_chachapoly_context*) ctx->cipher_ctx, - ad, ad_len ) ); + return mbedtls_chachapoly_update_aad((mbedtls_chachapoly_context *) ctx->cipher_ctx, + ad, ad_len); } #endif - return( 0 ); + return 0; } #endif /* MBEDTLS_GCM_C || MBEDTLS_CHACHAPOLY_C */ -int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx, const unsigned char *input, - size_t ilen, unsigned char *output, size_t *olen ) +int mbedtls_cipher_update(mbedtls_cipher_context_t *ctx, const unsigned char *input, + size_t ilen, unsigned char *output, size_t *olen) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t block_size; - CIPHER_VALIDATE_RET( ctx != NULL ); - CIPHER_VALIDATE_RET( ilen == 0 || input != NULL ); - CIPHER_VALIDATE_RET( output != NULL ); - CIPHER_VALIDATE_RET( olen != NULL ); - if( ctx->cipher_info == NULL ) - return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + CIPHER_VALIDATE_RET(ctx != NULL); + CIPHER_VALIDATE_RET(ilen == 0 || input != NULL); + CIPHER_VALIDATE_RET(output != NULL); + CIPHER_VALIDATE_RET(olen != NULL); + if (ctx->cipher_info == NULL) { + return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA; + } #if defined(MBEDTLS_USE_PSA_CRYPTO) - if( ctx->psa_enabled == 1 ) - { + if (ctx->psa_enabled == 1) { /* While PSA Crypto has an API for multipart * operations, we currently don't make it * accessible through the cipher layer. */ - return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE ); + return MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE; } #endif /* MBEDTLS_USE_PSA_CRYPTO */ *olen = 0; - block_size = mbedtls_cipher_get_block_size( ctx ); - if ( 0 == block_size ) - { - return( MBEDTLS_ERR_CIPHER_INVALID_CONTEXT ); + block_size = mbedtls_cipher_get_block_size(ctx); + if (0 == block_size) { + return MBEDTLS_ERR_CIPHER_INVALID_CONTEXT; } - if( ctx->cipher_info->mode == MBEDTLS_MODE_ECB ) - { - if( ilen != block_size ) - return( MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED ); + if (ctx->cipher_info->mode == MBEDTLS_MODE_ECB) { + if (ilen != block_size) { + return MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED; + } *olen = ilen; - if( 0 != ( ret = ctx->cipher_info->base->ecb_func( ctx->cipher_ctx, - ctx->operation, input, output ) ) ) - { - return( ret ); + if (0 != (ret = ctx->cipher_info->base->ecb_func(ctx->cipher_ctx, + ctx->operation, input, output))) { + return ret; } - return( 0 ); + return 0; } #if defined(MBEDTLS_GCM_C) - if( ctx->cipher_info->mode == MBEDTLS_MODE_GCM ) - { + if (ctx->cipher_info->mode == MBEDTLS_MODE_GCM) { *olen = ilen; - return( mbedtls_gcm_update( (mbedtls_gcm_context *) ctx->cipher_ctx, ilen, input, - output ) ); + return mbedtls_gcm_update((mbedtls_gcm_context *) ctx->cipher_ctx, ilen, input, + output); } #endif #if defined(MBEDTLS_CHACHAPOLY_C) - if ( ctx->cipher_info->type == MBEDTLS_CIPHER_CHACHA20_POLY1305 ) - { + if (ctx->cipher_info->type == MBEDTLS_CIPHER_CHACHA20_POLY1305) { *olen = ilen; - return( mbedtls_chachapoly_update( (mbedtls_chachapoly_context*) ctx->cipher_ctx, - ilen, input, output ) ); + return mbedtls_chachapoly_update((mbedtls_chachapoly_context *) ctx->cipher_ctx, + ilen, input, output); } #endif - if( input == output && - ( ctx->unprocessed_len != 0 || ilen % block_size ) ) - { - return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + if (input == output && + (ctx->unprocessed_len != 0 || ilen % block_size)) { + return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA; } #if defined(MBEDTLS_CIPHER_MODE_CBC) - if( ctx->cipher_info->mode == MBEDTLS_MODE_CBC ) - { + if (ctx->cipher_info->mode == MBEDTLS_MODE_CBC) { size_t copy_len = 0; /* * If there is not enough data for a full block, cache it. */ - if( ( ctx->operation == MBEDTLS_DECRYPT && NULL != ctx->add_padding && - ilen <= block_size - ctx->unprocessed_len ) || - ( ctx->operation == MBEDTLS_DECRYPT && NULL == ctx->add_padding && - ilen < block_size - ctx->unprocessed_len ) || - ( ctx->operation == MBEDTLS_ENCRYPT && - ilen < block_size - ctx->unprocessed_len ) ) - { - memcpy( &( ctx->unprocessed_data[ctx->unprocessed_len] ), input, - ilen ); + if ((ctx->operation == MBEDTLS_DECRYPT && NULL != ctx->add_padding && + ilen <= block_size - ctx->unprocessed_len) || + (ctx->operation == MBEDTLS_DECRYPT && NULL == ctx->add_padding && + ilen < block_size - ctx->unprocessed_len) || + (ctx->operation == MBEDTLS_ENCRYPT && + ilen < block_size - ctx->unprocessed_len)) { + memcpy(&(ctx->unprocessed_data[ctx->unprocessed_len]), input, + ilen); ctx->unprocessed_len += ilen; - return( 0 ); + return 0; } /* * Process cached data first */ - if( 0 != ctx->unprocessed_len ) - { + if (0 != ctx->unprocessed_len) { copy_len = block_size - ctx->unprocessed_len; - memcpy( &( ctx->unprocessed_data[ctx->unprocessed_len] ), input, - copy_len ); + memcpy(&(ctx->unprocessed_data[ctx->unprocessed_len]), input, + copy_len); - if( 0 != ( ret = ctx->cipher_info->base->cbc_func( ctx->cipher_ctx, - ctx->operation, block_size, ctx->iv, - ctx->unprocessed_data, output ) ) ) - { - return( ret ); + if (0 != (ret = ctx->cipher_info->base->cbc_func(ctx->cipher_ctx, + ctx->operation, block_size, ctx->iv, + ctx->unprocessed_data, output))) { + return ret; } *olen += block_size; @@ -602,22 +604,20 @@ int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx, const unsigned char *i /* * Cache final, incomplete block */ - if( 0 != ilen ) - { + if (0 != ilen) { /* Encryption: only cache partial blocks * Decryption w/ padding: always keep at least one whole block * Decryption w/o padding: only cache partial blocks */ copy_len = ilen % block_size; - if( copy_len == 0 && + if (copy_len == 0 && ctx->operation == MBEDTLS_DECRYPT && - NULL != ctx->add_padding) - { + NULL != ctx->add_padding) { copy_len = block_size; } - memcpy( ctx->unprocessed_data, &( input[ilen - copy_len] ), - copy_len ); + memcpy(ctx->unprocessed_data, &(input[ilen - copy_len]), + copy_len); ctx->unprocessed_len += copy_len; ilen -= copy_len; @@ -626,105 +626,96 @@ int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx, const unsigned char *i /* * Process remaining full blocks */ - if( ilen ) - { - if( 0 != ( ret = ctx->cipher_info->base->cbc_func( ctx->cipher_ctx, - ctx->operation, ilen, ctx->iv, input, output ) ) ) - { - return( ret ); + if (ilen) { + if (0 != (ret = ctx->cipher_info->base->cbc_func(ctx->cipher_ctx, + ctx->operation, ilen, ctx->iv, input, + output))) { + return ret; } *olen += ilen; } - return( 0 ); + return 0; } #endif /* MBEDTLS_CIPHER_MODE_CBC */ #if defined(MBEDTLS_CIPHER_MODE_CFB) - if( ctx->cipher_info->mode == MBEDTLS_MODE_CFB ) - { - if( 0 != ( ret = ctx->cipher_info->base->cfb_func( ctx->cipher_ctx, - ctx->operation, ilen, &ctx->unprocessed_len, ctx->iv, - input, output ) ) ) - { - return( ret ); + if (ctx->cipher_info->mode == MBEDTLS_MODE_CFB) { + if (0 != (ret = ctx->cipher_info->base->cfb_func(ctx->cipher_ctx, + ctx->operation, ilen, + &ctx->unprocessed_len, ctx->iv, + input, output))) { + return ret; } *olen = ilen; - return( 0 ); + return 0; } #endif /* MBEDTLS_CIPHER_MODE_CFB */ #if defined(MBEDTLS_CIPHER_MODE_OFB) - if( ctx->cipher_info->mode == MBEDTLS_MODE_OFB ) - { - if( 0 != ( ret = ctx->cipher_info->base->ofb_func( ctx->cipher_ctx, - ilen, &ctx->unprocessed_len, ctx->iv, input, output ) ) ) - { - return( ret ); + if (ctx->cipher_info->mode == MBEDTLS_MODE_OFB) { + if (0 != (ret = ctx->cipher_info->base->ofb_func(ctx->cipher_ctx, + ilen, &ctx->unprocessed_len, ctx->iv, + input, output))) { + return ret; } *olen = ilen; - return( 0 ); + return 0; } #endif /* MBEDTLS_CIPHER_MODE_OFB */ #if defined(MBEDTLS_CIPHER_MODE_CTR) - if( ctx->cipher_info->mode == MBEDTLS_MODE_CTR ) - { - if( 0 != ( ret = ctx->cipher_info->base->ctr_func( ctx->cipher_ctx, - ilen, &ctx->unprocessed_len, ctx->iv, - ctx->unprocessed_data, input, output ) ) ) - { - return( ret ); + if (ctx->cipher_info->mode == MBEDTLS_MODE_CTR) { + if (0 != (ret = ctx->cipher_info->base->ctr_func(ctx->cipher_ctx, + ilen, &ctx->unprocessed_len, ctx->iv, + ctx->unprocessed_data, input, output))) { + return ret; } *olen = ilen; - return( 0 ); + return 0; } #endif /* MBEDTLS_CIPHER_MODE_CTR */ #if defined(MBEDTLS_CIPHER_MODE_XTS) - if( ctx->cipher_info->mode == MBEDTLS_MODE_XTS ) - { - if( ctx->unprocessed_len > 0 ) { + if (ctx->cipher_info->mode == MBEDTLS_MODE_XTS) { + if (ctx->unprocessed_len > 0) { /* We can only process an entire data unit at a time. */ - return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE ); + return MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE; } - ret = ctx->cipher_info->base->xts_func( ctx->cipher_ctx, - ctx->operation, ilen, ctx->iv, input, output ); - if( ret != 0 ) - { - return( ret ); + ret = ctx->cipher_info->base->xts_func(ctx->cipher_ctx, + ctx->operation, ilen, ctx->iv, input, output); + if (ret != 0) { + return ret; } *olen = ilen; - return( 0 ); + return 0; } #endif /* MBEDTLS_CIPHER_MODE_XTS */ #if defined(MBEDTLS_CIPHER_MODE_STREAM) - if( ctx->cipher_info->mode == MBEDTLS_MODE_STREAM ) - { - if( 0 != ( ret = ctx->cipher_info->base->stream_func( ctx->cipher_ctx, - ilen, input, output ) ) ) - { - return( ret ); + if (ctx->cipher_info->mode == MBEDTLS_MODE_STREAM) { + if (0 != (ret = ctx->cipher_info->base->stream_func(ctx->cipher_ctx, + ilen, input, output))) { + return ret; } *olen = ilen; - return( 0 ); + return 0; } #endif /* MBEDTLS_CIPHER_MODE_STREAM */ - return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE ); + return MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE; } #if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING) @@ -732,24 +723,26 @@ int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx, const unsigned char *i /* * PKCS7 (and PKCS5) padding: fill with ll bytes, with ll = padding_len */ -static void add_pkcs_padding( unsigned char *output, size_t output_len, - size_t data_len ) +static void add_pkcs_padding(unsigned char *output, size_t output_len, + size_t data_len) { size_t padding_len = output_len - data_len; unsigned char i; - for( i = 0; i < padding_len; i++ ) + for (i = 0; i < padding_len; i++) { output[data_len + i] = (unsigned char) padding_len; + } } -static int get_pkcs_padding( unsigned char *input, size_t input_len, - size_t *data_len ) +static int get_pkcs_padding(unsigned char *input, size_t input_len, + size_t *data_len) { size_t i, pad_idx; unsigned char padding_len, bad = 0; - if( NULL == input || NULL == data_len ) - return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + if (NULL == input || NULL == data_len) { + return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA; + } padding_len = input[input_len - 1]; *data_len = input_len - padding_len; @@ -761,10 +754,11 @@ static int get_pkcs_padding( unsigned char *input, size_t input_len, /* The number of bytes checked must be independent of padding_len, * so pick input_len, which is usually 8 or 16 (one block) */ pad_idx = input_len - padding_len; - for( i = 0; i < input_len; i++ ) - bad |= ( input[i] ^ padding_len ) * ( i >= pad_idx ); + for (i = 0; i < input_len; i++) { + bad |= (input[i] ^ padding_len) * (i >= pad_idx); + } - return( MBEDTLS_ERR_CIPHER_INVALID_PADDING * ( bad != 0 ) ); + return MBEDTLS_ERR_CIPHER_INVALID_PADDING * (bad != 0); } #endif /* MBEDTLS_CIPHER_PADDING_PKCS7 */ @@ -772,37 +766,38 @@ static int get_pkcs_padding( unsigned char *input, size_t input_len, /* * One and zeros padding: fill with 80 00 ... 00 */ -static void add_one_and_zeros_padding( unsigned char *output, - size_t output_len, size_t data_len ) +static void add_one_and_zeros_padding(unsigned char *output, + size_t output_len, size_t data_len) { size_t padding_len = output_len - data_len; unsigned char i = 0; output[data_len] = 0x80; - for( i = 1; i < padding_len; i++ ) + for (i = 1; i < padding_len; i++) { output[data_len + i] = 0x00; + } } -static int get_one_and_zeros_padding( unsigned char *input, size_t input_len, - size_t *data_len ) +static int get_one_and_zeros_padding(unsigned char *input, size_t input_len, + size_t *data_len) { size_t i; unsigned char done = 0, prev_done, bad; - if( NULL == input || NULL == data_len ) - return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + if (NULL == input || NULL == data_len) { + return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA; + } bad = 0x80; *data_len = 0; - for( i = input_len; i > 0; i-- ) - { + for (i = input_len; i > 0; i--) { prev_done = done; - done |= ( input[i - 1] != 0 ); - *data_len |= ( i - 1 ) * ( done != prev_done ); - bad ^= input[i - 1] * ( done != prev_done ); + done |= (input[i - 1] != 0); + *data_len |= (i - 1) * (done != prev_done); + bad ^= input[i - 1] * (done != prev_done); } - return( MBEDTLS_ERR_CIPHER_INVALID_PADDING * ( bad != 0 ) ); + return MBEDTLS_ERR_CIPHER_INVALID_PADDING * (bad != 0); } #endif /* MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS */ @@ -811,25 +806,27 @@ static int get_one_and_zeros_padding( unsigned char *input, size_t input_len, /* * Zeros and len padding: fill with 00 ... 00 ll, where ll is padding length */ -static void add_zeros_and_len_padding( unsigned char *output, - size_t output_len, size_t data_len ) +static void add_zeros_and_len_padding(unsigned char *output, + size_t output_len, size_t data_len) { size_t padding_len = output_len - data_len; unsigned char i = 0; - for( i = 1; i < padding_len; i++ ) + for (i = 1; i < padding_len; i++) { output[data_len + i - 1] = 0x00; + } output[output_len - 1] = (unsigned char) padding_len; } -static int get_zeros_and_len_padding( unsigned char *input, size_t input_len, - size_t *data_len ) +static int get_zeros_and_len_padding(unsigned char *input, size_t input_len, + size_t *data_len) { size_t i, pad_idx; unsigned char padding_len, bad = 0; - if( NULL == input || NULL == data_len ) - return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + if (NULL == input || NULL == data_len) { + return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA; + } padding_len = input[input_len - 1]; *data_len = input_len - padding_len; @@ -840,10 +837,11 @@ static int get_zeros_and_len_padding( unsigned char *input, size_t input_len, /* The number of bytes checked must be independent of padding_len */ pad_idx = input_len - padding_len; - for( i = 0; i < input_len - 1; i++ ) - bad |= input[i] * ( i >= pad_idx ); + for (i = 0; i < input_len - 1; i++) { + bad |= input[i] * (i >= pad_idx); + } - return( MBEDTLS_ERR_CIPHER_INVALID_PADDING * ( bad != 0 ) ); + return MBEDTLS_ERR_CIPHER_INVALID_PADDING * (bad != 0); } #endif /* MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN */ @@ -851,33 +849,34 @@ static int get_zeros_and_len_padding( unsigned char *input, size_t input_len, /* * Zero padding: fill with 00 ... 00 */ -static void add_zeros_padding( unsigned char *output, - size_t output_len, size_t data_len ) +static void add_zeros_padding(unsigned char *output, + size_t output_len, size_t data_len) { size_t i; - for( i = data_len; i < output_len; i++ ) + for (i = data_len; i < output_len; i++) { output[i] = 0x00; + } } -static int get_zeros_padding( unsigned char *input, size_t input_len, - size_t *data_len ) +static int get_zeros_padding(unsigned char *input, size_t input_len, + size_t *data_len) { size_t i; unsigned char done = 0, prev_done; - if( NULL == input || NULL == data_len ) - return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + if (NULL == input || NULL == data_len) { + return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA; + } *data_len = 0; - for( i = input_len; i > 0; i-- ) - { + for (i = input_len; i > 0; i--) { prev_done = done; - done |= ( input[i-1] != 0 ); - *data_len |= i * ( done != prev_done ); + done |= (input[i-1] != 0); + *data_len |= i * (done != prev_done); } - return( 0 ); + return 0; } #endif /* MBEDTLS_CIPHER_PADDING_ZEROS */ @@ -887,247 +886,244 @@ static int get_zeros_padding( unsigned char *input, size_t input_len, * There is no add_padding function (check for NULL in mbedtls_cipher_finish) * but a trivial get_padding function */ -static int get_no_padding( unsigned char *input, size_t input_len, - size_t *data_len ) +static int get_no_padding(unsigned char *input, size_t input_len, + size_t *data_len) { - if( NULL == input || NULL == data_len ) - return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + if (NULL == input || NULL == data_len) { + return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA; + } *data_len = input_len; - return( 0 ); + return 0; } #endif /* MBEDTLS_CIPHER_MODE_WITH_PADDING */ -int mbedtls_cipher_finish( mbedtls_cipher_context_t *ctx, - unsigned char *output, size_t *olen ) +int mbedtls_cipher_finish(mbedtls_cipher_context_t *ctx, + unsigned char *output, size_t *olen) { - CIPHER_VALIDATE_RET( ctx != NULL ); - CIPHER_VALIDATE_RET( output != NULL ); - CIPHER_VALIDATE_RET( olen != NULL ); - if( ctx->cipher_info == NULL ) - return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + CIPHER_VALIDATE_RET(ctx != NULL); + CIPHER_VALIDATE_RET(output != NULL); + CIPHER_VALIDATE_RET(olen != NULL); + if (ctx->cipher_info == NULL) { + return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA; + } #if defined(MBEDTLS_USE_PSA_CRYPTO) - if( ctx->psa_enabled == 1 ) - { + if (ctx->psa_enabled == 1) { /* While PSA Crypto has an API for multipart * operations, we currently don't make it * accessible through the cipher layer. */ - return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE ); + return MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE; } #endif /* MBEDTLS_USE_PSA_CRYPTO */ *olen = 0; - if( MBEDTLS_MODE_CFB == ctx->cipher_info->mode || + if (MBEDTLS_MODE_CFB == ctx->cipher_info->mode || MBEDTLS_MODE_OFB == ctx->cipher_info->mode || MBEDTLS_MODE_CTR == ctx->cipher_info->mode || MBEDTLS_MODE_GCM == ctx->cipher_info->mode || MBEDTLS_MODE_XTS == ctx->cipher_info->mode || - MBEDTLS_MODE_STREAM == ctx->cipher_info->mode ) - { - return( 0 ); + MBEDTLS_MODE_STREAM == ctx->cipher_info->mode) { + return 0; } - if ( ( MBEDTLS_CIPHER_CHACHA20 == ctx->cipher_info->type ) || - ( MBEDTLS_CIPHER_CHACHA20_POLY1305 == ctx->cipher_info->type ) ) - { - return( 0 ); + if ((MBEDTLS_CIPHER_CHACHA20 == ctx->cipher_info->type) || + (MBEDTLS_CIPHER_CHACHA20_POLY1305 == ctx->cipher_info->type)) { + return 0; } - if( MBEDTLS_MODE_ECB == ctx->cipher_info->mode ) - { - if( ctx->unprocessed_len != 0 ) - return( MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED ); + if (MBEDTLS_MODE_ECB == ctx->cipher_info->mode) { + if (ctx->unprocessed_len != 0) { + return MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED; + } - return( 0 ); + return 0; } #if defined(MBEDTLS_CIPHER_MODE_CBC) - if( MBEDTLS_MODE_CBC == ctx->cipher_info->mode ) - { + if (MBEDTLS_MODE_CBC == ctx->cipher_info->mode) { int ret = 0; - if( MBEDTLS_ENCRYPT == ctx->operation ) - { + if (MBEDTLS_ENCRYPT == ctx->operation) { /* check for 'no padding' mode */ - if( NULL == ctx->add_padding ) - { - if( 0 != ctx->unprocessed_len ) - return( MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED ); + if (NULL == ctx->add_padding) { + if (0 != ctx->unprocessed_len) { + return MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED; + } - return( 0 ); + return 0; } - ctx->add_padding( ctx->unprocessed_data, mbedtls_cipher_get_iv_size( ctx ), - ctx->unprocessed_len ); - } - else if( mbedtls_cipher_get_block_size( ctx ) != ctx->unprocessed_len ) - { + ctx->add_padding(ctx->unprocessed_data, mbedtls_cipher_get_iv_size(ctx), + ctx->unprocessed_len); + } else if (mbedtls_cipher_get_block_size(ctx) != ctx->unprocessed_len) { /* * For decrypt operations, expect a full block, * or an empty block if no padding */ - if( NULL == ctx->add_padding && 0 == ctx->unprocessed_len ) - return( 0 ); + if (NULL == ctx->add_padding && 0 == ctx->unprocessed_len) { + return 0; + } - return( MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED ); + return MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED; } /* cipher block */ - if( 0 != ( ret = ctx->cipher_info->base->cbc_func( ctx->cipher_ctx, - ctx->operation, mbedtls_cipher_get_block_size( ctx ), ctx->iv, - ctx->unprocessed_data, output ) ) ) - { - return( ret ); + if (0 != (ret = ctx->cipher_info->base->cbc_func(ctx->cipher_ctx, + ctx->operation, + mbedtls_cipher_get_block_size(ctx), + ctx->iv, + ctx->unprocessed_data, output))) { + return ret; } /* Set output size for decryption */ - if( MBEDTLS_DECRYPT == ctx->operation ) - return( ctx->get_padding( output, mbedtls_cipher_get_block_size( ctx ), - olen ) ); + if (MBEDTLS_DECRYPT == ctx->operation) { + return ctx->get_padding(output, mbedtls_cipher_get_block_size(ctx), + olen); + } /* Set output size for encryption */ - *olen = mbedtls_cipher_get_block_size( ctx ); - return( 0 ); + *olen = mbedtls_cipher_get_block_size(ctx); + return 0; } #else ((void) output); #endif /* MBEDTLS_CIPHER_MODE_CBC */ - return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE ); + return MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE; } #if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING) -int mbedtls_cipher_set_padding_mode( mbedtls_cipher_context_t *ctx, - mbedtls_cipher_padding_t mode ) +int mbedtls_cipher_set_padding_mode(mbedtls_cipher_context_t *ctx, + mbedtls_cipher_padding_t mode) { - CIPHER_VALIDATE_RET( ctx != NULL ); + CIPHER_VALIDATE_RET(ctx != NULL); - if( NULL == ctx->cipher_info || MBEDTLS_MODE_CBC != ctx->cipher_info->mode ) - { - return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + if (NULL == ctx->cipher_info || MBEDTLS_MODE_CBC != ctx->cipher_info->mode) { + return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA; } #if defined(MBEDTLS_USE_PSA_CRYPTO) - if( ctx->psa_enabled == 1 ) - { + if (ctx->psa_enabled == 1) { /* While PSA Crypto knows about CBC padding * schemes, we currently don't make them * accessible through the cipher layer. */ - if( mode != MBEDTLS_PADDING_NONE ) - return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE ); + if (mode != MBEDTLS_PADDING_NONE) { + return MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE; + } - return( 0 ); + return 0; } #endif /* MBEDTLS_USE_PSA_CRYPTO */ - switch( mode ) - { + switch (mode) { #if defined(MBEDTLS_CIPHER_PADDING_PKCS7) - case MBEDTLS_PADDING_PKCS7: - ctx->add_padding = add_pkcs_padding; - ctx->get_padding = get_pkcs_padding; - break; + case MBEDTLS_PADDING_PKCS7: + ctx->add_padding = add_pkcs_padding; + ctx->get_padding = get_pkcs_padding; + break; #endif #if defined(MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS) - case MBEDTLS_PADDING_ONE_AND_ZEROS: - ctx->add_padding = add_one_and_zeros_padding; - ctx->get_padding = get_one_and_zeros_padding; - break; + case MBEDTLS_PADDING_ONE_AND_ZEROS: + ctx->add_padding = add_one_and_zeros_padding; + ctx->get_padding = get_one_and_zeros_padding; + break; #endif #if defined(MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN) - case MBEDTLS_PADDING_ZEROS_AND_LEN: - ctx->add_padding = add_zeros_and_len_padding; - ctx->get_padding = get_zeros_and_len_padding; - break; + case MBEDTLS_PADDING_ZEROS_AND_LEN: + ctx->add_padding = add_zeros_and_len_padding; + ctx->get_padding = get_zeros_and_len_padding; + break; #endif #if defined(MBEDTLS_CIPHER_PADDING_ZEROS) - case MBEDTLS_PADDING_ZEROS: - ctx->add_padding = add_zeros_padding; - ctx->get_padding = get_zeros_padding; - break; + case MBEDTLS_PADDING_ZEROS: + ctx->add_padding = add_zeros_padding; + ctx->get_padding = get_zeros_padding; + break; #endif - case MBEDTLS_PADDING_NONE: - ctx->add_padding = NULL; - ctx->get_padding = get_no_padding; - break; + case MBEDTLS_PADDING_NONE: + ctx->add_padding = NULL; + ctx->get_padding = get_no_padding; + break; - default: - return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE ); + default: + return MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE; } - return( 0 ); + return 0; } #endif /* MBEDTLS_CIPHER_MODE_WITH_PADDING */ #if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) -int mbedtls_cipher_write_tag( mbedtls_cipher_context_t *ctx, - unsigned char *tag, size_t tag_len ) +int mbedtls_cipher_write_tag(mbedtls_cipher_context_t *ctx, + unsigned char *tag, size_t tag_len) { - CIPHER_VALIDATE_RET( ctx != NULL ); - CIPHER_VALIDATE_RET( tag_len == 0 || tag != NULL ); - if( ctx->cipher_info == NULL ) - return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + CIPHER_VALIDATE_RET(ctx != NULL); + CIPHER_VALIDATE_RET(tag_len == 0 || tag != NULL); + if (ctx->cipher_info == NULL) { + return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA; + } - if( MBEDTLS_ENCRYPT != ctx->operation ) - return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + if (MBEDTLS_ENCRYPT != ctx->operation) { + return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA; + } #if defined(MBEDTLS_USE_PSA_CRYPTO) - if( ctx->psa_enabled == 1 ) - { + if (ctx->psa_enabled == 1) { /* While PSA Crypto has an API for multipart * operations, we currently don't make it * accessible through the cipher layer. */ - return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE ); + return MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE; } #endif /* MBEDTLS_USE_PSA_CRYPTO */ #if defined(MBEDTLS_GCM_C) - if( MBEDTLS_MODE_GCM == ctx->cipher_info->mode ) - return( mbedtls_gcm_finish( (mbedtls_gcm_context *) ctx->cipher_ctx, - tag, tag_len ) ); + if (MBEDTLS_MODE_GCM == ctx->cipher_info->mode) { + return mbedtls_gcm_finish((mbedtls_gcm_context *) ctx->cipher_ctx, + tag, tag_len); + } #endif #if defined(MBEDTLS_CHACHAPOLY_C) - if ( MBEDTLS_CIPHER_CHACHA20_POLY1305 == ctx->cipher_info->type ) - { + if (MBEDTLS_CIPHER_CHACHA20_POLY1305 == ctx->cipher_info->type) { /* Don't allow truncated MAC for Poly1305 */ - if ( tag_len != 16U ) - return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + if (tag_len != 16U) { + return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA; + } - return( mbedtls_chachapoly_finish( - (mbedtls_chachapoly_context*) ctx->cipher_ctx, tag ) ); + return mbedtls_chachapoly_finish( + (mbedtls_chachapoly_context *) ctx->cipher_ctx, tag); } #endif - return( 0 ); + return 0; } -int mbedtls_cipher_check_tag( mbedtls_cipher_context_t *ctx, - const unsigned char *tag, size_t tag_len ) +int mbedtls_cipher_check_tag(mbedtls_cipher_context_t *ctx, + const unsigned char *tag, size_t tag_len) { unsigned char check_tag[16]; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - CIPHER_VALIDATE_RET( ctx != NULL ); - CIPHER_VALIDATE_RET( tag_len == 0 || tag != NULL ); - if( ctx->cipher_info == NULL ) - return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + CIPHER_VALIDATE_RET(ctx != NULL); + CIPHER_VALIDATE_RET(tag_len == 0 || tag != NULL); + if (ctx->cipher_info == NULL) { + return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA; + } - if( MBEDTLS_DECRYPT != ctx->operation ) - { - return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + if (MBEDTLS_DECRYPT != ctx->operation) { + return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA; } #if defined(MBEDTLS_USE_PSA_CRYPTO) - if( ctx->psa_enabled == 1 ) - { + if (ctx->psa_enabled == 1) { /* While PSA Crypto has an API for multipart * operations, we currently don't make it * accessible through the cipher layer. */ - return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE ); + return MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE; } #endif /* MBEDTLS_USE_PSA_CRYPTO */ @@ -1138,21 +1134,19 @@ int mbedtls_cipher_check_tag( mbedtls_cipher_context_t *ctx, ret = 0; #if defined(MBEDTLS_GCM_C) - if( MBEDTLS_MODE_GCM == ctx->cipher_info->mode ) - { - if( tag_len > sizeof( check_tag ) ) - return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); - - if( 0 != ( ret = mbedtls_gcm_finish( - (mbedtls_gcm_context *) ctx->cipher_ctx, - check_tag, tag_len ) ) ) - { - return( ret ); + if (MBEDTLS_MODE_GCM == ctx->cipher_info->mode) { + if (tag_len > sizeof(check_tag)) { + return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA; + } + + if (0 != (ret = mbedtls_gcm_finish( + (mbedtls_gcm_context *) ctx->cipher_ctx, + check_tag, tag_len))) { + return ret; } /* Check the tag in "constant-time" */ - if( mbedtls_ct_memcmp( tag, check_tag, tag_len ) != 0 ) - { + if (mbedtls_ct_memcmp(tag, check_tag, tag_len) != 0) { ret = MBEDTLS_ERR_CIPHER_AUTH_FAILED; goto exit; } @@ -1160,22 +1154,20 @@ int mbedtls_cipher_check_tag( mbedtls_cipher_context_t *ctx, #endif /* MBEDTLS_GCM_C */ #if defined(MBEDTLS_CHACHAPOLY_C) - if ( MBEDTLS_CIPHER_CHACHA20_POLY1305 == ctx->cipher_info->type ) - { + if (MBEDTLS_CIPHER_CHACHA20_POLY1305 == ctx->cipher_info->type) { /* Don't allow truncated MAC for Poly1305 */ - if ( tag_len != sizeof( check_tag ) ) - return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + if (tag_len != sizeof(check_tag)) { + return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA; + } ret = mbedtls_chachapoly_finish( - (mbedtls_chachapoly_context*) ctx->cipher_ctx, check_tag ); - if ( ret != 0 ) - { - return( ret ); + (mbedtls_chachapoly_context *) ctx->cipher_ctx, check_tag); + if (ret != 0) { + return ret; } /* Check the tag in "constant-time" */ - if( mbedtls_ct_memcmp( tag, check_tag, tag_len ) != 0 ) - { + if (mbedtls_ct_memcmp(tag, check_tag, tag_len) != 0) { ret = MBEDTLS_ERR_CIPHER_AUTH_FAILED; goto exit; } @@ -1183,31 +1175,30 @@ int mbedtls_cipher_check_tag( mbedtls_cipher_context_t *ctx, #endif /* MBEDTLS_CHACHAPOLY_C */ exit: - mbedtls_platform_zeroize( check_tag, tag_len ); - return( ret ); + mbedtls_platform_zeroize(check_tag, tag_len); + return ret; } #endif /* MBEDTLS_GCM_C || MBEDTLS_CHACHAPOLY_C */ /* * Packet-oriented wrapper for non-AEAD modes */ -int mbedtls_cipher_crypt( mbedtls_cipher_context_t *ctx, - const unsigned char *iv, size_t iv_len, - const unsigned char *input, size_t ilen, - unsigned char *output, size_t *olen ) +int mbedtls_cipher_crypt(mbedtls_cipher_context_t *ctx, + const unsigned char *iv, size_t iv_len, + const unsigned char *input, size_t ilen, + unsigned char *output, size_t *olen) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t finish_olen; - CIPHER_VALIDATE_RET( ctx != NULL ); - CIPHER_VALIDATE_RET( iv_len == 0 || iv != NULL ); - CIPHER_VALIDATE_RET( ilen == 0 || input != NULL ); - CIPHER_VALIDATE_RET( output != NULL ); - CIPHER_VALIDATE_RET( olen != NULL ); + CIPHER_VALIDATE_RET(ctx != NULL); + CIPHER_VALIDATE_RET(iv_len == 0 || iv != NULL); + CIPHER_VALIDATE_RET(ilen == 0 || input != NULL); + CIPHER_VALIDATE_RET(output != NULL); + CIPHER_VALIDATE_RET(olen != NULL); #if defined(MBEDTLS_USE_PSA_CRYPTO) - if( ctx->psa_enabled == 1 ) - { + if (ctx->psa_enabled == 1) { /* As in the non-PSA case, we don't check that * a key has been set. If not, the key slot will * still be in its default state of 0, which is @@ -1220,69 +1211,73 @@ int mbedtls_cipher_crypt( mbedtls_cipher_context_t *ctx, psa_cipher_operation_t cipher_op = PSA_CIPHER_OPERATION_INIT; size_t part_len; - if( ctx->operation == MBEDTLS_DECRYPT ) - { - status = psa_cipher_decrypt_setup( &cipher_op, - cipher_psa->slot, - cipher_psa->alg ); - } - else if( ctx->operation == MBEDTLS_ENCRYPT ) - { - status = psa_cipher_encrypt_setup( &cipher_op, - cipher_psa->slot, - cipher_psa->alg ); + if (ctx->operation == MBEDTLS_DECRYPT) { + status = psa_cipher_decrypt_setup(&cipher_op, + cipher_psa->slot, + cipher_psa->alg); + } else if (ctx->operation == MBEDTLS_ENCRYPT) { + status = psa_cipher_encrypt_setup(&cipher_op, + cipher_psa->slot, + cipher_psa->alg); + } else { + return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA; } - else - return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); /* In the following, we can immediately return on an error, * because the PSA Crypto API guarantees that cipher operations * are terminated by unsuccessful calls to psa_cipher_update(), * and by any call to psa_cipher_finish(). */ - if( status != PSA_SUCCESS ) - return( MBEDTLS_ERR_CIPHER_HW_ACCEL_FAILED ); - - if( ctx->cipher_info->mode != MBEDTLS_MODE_ECB ) - { - status = psa_cipher_set_iv( &cipher_op, iv, iv_len ); - if( status != PSA_SUCCESS ) - return( MBEDTLS_ERR_CIPHER_HW_ACCEL_FAILED ); + if (status != PSA_SUCCESS) { + return MBEDTLS_ERR_CIPHER_HW_ACCEL_FAILED; } - status = psa_cipher_update( &cipher_op, - input, ilen, - output, ilen, olen ); - if( status != PSA_SUCCESS ) - return( MBEDTLS_ERR_CIPHER_HW_ACCEL_FAILED ); + if (ctx->cipher_info->mode != MBEDTLS_MODE_ECB) { + status = psa_cipher_set_iv(&cipher_op, iv, iv_len); + if (status != PSA_SUCCESS) { + return MBEDTLS_ERR_CIPHER_HW_ACCEL_FAILED; + } + } - status = psa_cipher_finish( &cipher_op, - output + *olen, ilen - *olen, - &part_len ); - if( status != PSA_SUCCESS ) - return( MBEDTLS_ERR_CIPHER_HW_ACCEL_FAILED ); + status = psa_cipher_update(&cipher_op, + input, ilen, + output, ilen, olen); + if (status != PSA_SUCCESS) { + return MBEDTLS_ERR_CIPHER_HW_ACCEL_FAILED; + } + + status = psa_cipher_finish(&cipher_op, + output + *olen, ilen - *olen, + &part_len); + if (status != PSA_SUCCESS) { + return MBEDTLS_ERR_CIPHER_HW_ACCEL_FAILED; + } *olen += part_len; - return( 0 ); + return 0; } #endif /* MBEDTLS_USE_PSA_CRYPTO */ - if( ( ret = mbedtls_cipher_set_iv( ctx, iv, iv_len ) ) != 0 ) - return( ret ); + if ((ret = mbedtls_cipher_set_iv(ctx, iv, iv_len)) != 0) { + return ret; + } - if( ( ret = mbedtls_cipher_reset( ctx ) ) != 0 ) - return( ret ); + if ((ret = mbedtls_cipher_reset(ctx)) != 0) { + return ret; + } - if( ( ret = mbedtls_cipher_update( ctx, input, ilen, - output, olen ) ) != 0 ) - return( ret ); + if ((ret = mbedtls_cipher_update(ctx, input, ilen, + output, olen)) != 0) { + return ret; + } - if( ( ret = mbedtls_cipher_finish( ctx, output + *olen, - &finish_olen ) ) != 0 ) - return( ret ); + if ((ret = mbedtls_cipher_finish(ctx, output + *olen, + &finish_olen)) != 0) { + return ret; + } *olen += finish_olen; - return( 0 ); + return 0; } #if defined(MBEDTLS_CIPHER_MODE_AEAD) @@ -1290,16 +1285,15 @@ int mbedtls_cipher_crypt( mbedtls_cipher_context_t *ctx, * Packet-oriented encryption for AEAD modes: internal function shared by * mbedtls_cipher_auth_encrypt() and mbedtls_cipher_auth_encrypt_ext(). */ -static int mbedtls_cipher_aead_encrypt( mbedtls_cipher_context_t *ctx, - const unsigned char *iv, size_t iv_len, - const unsigned char *ad, size_t ad_len, - const unsigned char *input, size_t ilen, - unsigned char *output, size_t *olen, - unsigned char *tag, size_t tag_len ) +static int mbedtls_cipher_aead_encrypt(mbedtls_cipher_context_t *ctx, + const unsigned char *iv, size_t iv_len, + const unsigned char *ad, size_t ad_len, + const unsigned char *input, size_t ilen, + unsigned char *output, size_t *olen, + unsigned char *tag, size_t tag_len) { #if defined(MBEDTLS_USE_PSA_CRYPTO) - if( ctx->psa_enabled == 1 ) - { + if (ctx->psa_enabled == 1) { /* As in the non-PSA case, we don't check that * a key has been set. If not, the key slot will * still be in its default state of 0, which is @@ -1312,74 +1306,71 @@ static int mbedtls_cipher_aead_encrypt( mbedtls_cipher_context_t *ctx, /* PSA Crypto API always writes the authentication tag * at the end of the encrypted message. */ - if( output == NULL || tag != output + ilen ) - return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE ); + if (output == NULL || tag != output + ilen) { + return MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE; + } - status = psa_aead_encrypt( cipher_psa->slot, - cipher_psa->alg, - iv, iv_len, - ad, ad_len, - input, ilen, - output, ilen + tag_len, olen ); - if( status != PSA_SUCCESS ) - return( MBEDTLS_ERR_CIPHER_HW_ACCEL_FAILED ); + status = psa_aead_encrypt(cipher_psa->slot, + cipher_psa->alg, + iv, iv_len, + ad, ad_len, + input, ilen, + output, ilen + tag_len, olen); + if (status != PSA_SUCCESS) { + return MBEDTLS_ERR_CIPHER_HW_ACCEL_FAILED; + } *olen -= tag_len; - return( 0 ); + return 0; } #endif /* MBEDTLS_USE_PSA_CRYPTO */ #if defined(MBEDTLS_GCM_C) - if( MBEDTLS_MODE_GCM == ctx->cipher_info->mode ) - { + if (MBEDTLS_MODE_GCM == ctx->cipher_info->mode) { *olen = ilen; - return( mbedtls_gcm_crypt_and_tag( ctx->cipher_ctx, MBEDTLS_GCM_ENCRYPT, - ilen, iv, iv_len, ad, ad_len, - input, output, tag_len, tag ) ); + return mbedtls_gcm_crypt_and_tag(ctx->cipher_ctx, MBEDTLS_GCM_ENCRYPT, + ilen, iv, iv_len, ad, ad_len, + input, output, tag_len, tag); } #endif /* MBEDTLS_GCM_C */ #if defined(MBEDTLS_CCM_C) - if( MBEDTLS_MODE_CCM == ctx->cipher_info->mode ) - { + if (MBEDTLS_MODE_CCM == ctx->cipher_info->mode) { *olen = ilen; - return( mbedtls_ccm_encrypt_and_tag( ctx->cipher_ctx, ilen, - iv, iv_len, ad, ad_len, input, output, - tag, tag_len ) ); + return mbedtls_ccm_encrypt_and_tag(ctx->cipher_ctx, ilen, + iv, iv_len, ad, ad_len, input, output, + tag, tag_len); } #endif /* MBEDTLS_CCM_C */ #if defined(MBEDTLS_CHACHAPOLY_C) - if ( MBEDTLS_CIPHER_CHACHA20_POLY1305 == ctx->cipher_info->type ) - { + if (MBEDTLS_CIPHER_CHACHA20_POLY1305 == ctx->cipher_info->type) { /* ChachaPoly has fixed length nonce and MAC (tag) */ - if ( ( iv_len != ctx->cipher_info->iv_size ) || - ( tag_len != 16U ) ) - { - return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + if ((iv_len != ctx->cipher_info->iv_size) || + (tag_len != 16U)) { + return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA; } *olen = ilen; - return( mbedtls_chachapoly_encrypt_and_tag( ctx->cipher_ctx, - ilen, iv, ad, ad_len, input, output, tag ) ); + return mbedtls_chachapoly_encrypt_and_tag(ctx->cipher_ctx, + ilen, iv, ad, ad_len, input, output, tag); } #endif /* MBEDTLS_CHACHAPOLY_C */ - return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE ); + return MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE; } /* * Packet-oriented encryption for AEAD modes: internal function shared by * mbedtls_cipher_auth_encrypt() and mbedtls_cipher_auth_encrypt_ext(). */ -static int mbedtls_cipher_aead_decrypt( mbedtls_cipher_context_t *ctx, - const unsigned char *iv, size_t iv_len, - const unsigned char *ad, size_t ad_len, - const unsigned char *input, size_t ilen, - unsigned char *output, size_t *olen, - const unsigned char *tag, size_t tag_len ) +static int mbedtls_cipher_aead_decrypt(mbedtls_cipher_context_t *ctx, + const unsigned char *iv, size_t iv_len, + const unsigned char *ad, size_t ad_len, + const unsigned char *input, size_t ilen, + unsigned char *output, size_t *olen, + const unsigned char *tag, size_t tag_len) { #if defined(MBEDTLS_USE_PSA_CRYPTO) - if( ctx->psa_enabled == 1 ) - { + if (ctx->psa_enabled == 1) { /* As in the non-PSA case, we don't check that * a key has been set. If not, the key slot will * still be in its default state of 0, which is @@ -1392,127 +1383,128 @@ static int mbedtls_cipher_aead_decrypt( mbedtls_cipher_context_t *ctx, /* PSA Crypto API always writes the authentication tag * at the end of the encrypted message. */ - if( input == NULL || tag != input + ilen ) - return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE ); - - status = psa_aead_decrypt( cipher_psa->slot, - cipher_psa->alg, - iv, iv_len, - ad, ad_len, - input, ilen + tag_len, - output, ilen, olen ); - if( status == PSA_ERROR_INVALID_SIGNATURE ) - return( MBEDTLS_ERR_CIPHER_AUTH_FAILED ); - else if( status != PSA_SUCCESS ) - return( MBEDTLS_ERR_CIPHER_HW_ACCEL_FAILED ); - - return( 0 ); + if (input == NULL || tag != input + ilen) { + return MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE; + } + + status = psa_aead_decrypt(cipher_psa->slot, + cipher_psa->alg, + iv, iv_len, + ad, ad_len, + input, ilen + tag_len, + output, ilen, olen); + if (status == PSA_ERROR_INVALID_SIGNATURE) { + return MBEDTLS_ERR_CIPHER_AUTH_FAILED; + } else if (status != PSA_SUCCESS) { + return MBEDTLS_ERR_CIPHER_HW_ACCEL_FAILED; + } + + return 0; } #endif /* MBEDTLS_USE_PSA_CRYPTO */ #if defined(MBEDTLS_GCM_C) - if( MBEDTLS_MODE_GCM == ctx->cipher_info->mode ) - { + if (MBEDTLS_MODE_GCM == ctx->cipher_info->mode) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; *olen = ilen; - ret = mbedtls_gcm_auth_decrypt( ctx->cipher_ctx, ilen, - iv, iv_len, ad, ad_len, - tag, tag_len, input, output ); + ret = mbedtls_gcm_auth_decrypt(ctx->cipher_ctx, ilen, + iv, iv_len, ad, ad_len, + tag, tag_len, input, output); - if( ret == MBEDTLS_ERR_GCM_AUTH_FAILED ) + if (ret == MBEDTLS_ERR_GCM_AUTH_FAILED) { ret = MBEDTLS_ERR_CIPHER_AUTH_FAILED; + } - return( ret ); + return ret; } #endif /* MBEDTLS_GCM_C */ #if defined(MBEDTLS_CCM_C) - if( MBEDTLS_MODE_CCM == ctx->cipher_info->mode ) - { + if (MBEDTLS_MODE_CCM == ctx->cipher_info->mode) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; *olen = ilen; - ret = mbedtls_ccm_auth_decrypt( ctx->cipher_ctx, ilen, - iv, iv_len, ad, ad_len, - input, output, tag, tag_len ); + ret = mbedtls_ccm_auth_decrypt(ctx->cipher_ctx, ilen, + iv, iv_len, ad, ad_len, + input, output, tag, tag_len); - if( ret == MBEDTLS_ERR_CCM_AUTH_FAILED ) + if (ret == MBEDTLS_ERR_CCM_AUTH_FAILED) { ret = MBEDTLS_ERR_CIPHER_AUTH_FAILED; + } - return( ret ); + return ret; } #endif /* MBEDTLS_CCM_C */ #if defined(MBEDTLS_CHACHAPOLY_C) - if ( MBEDTLS_CIPHER_CHACHA20_POLY1305 == ctx->cipher_info->type ) - { + if (MBEDTLS_CIPHER_CHACHA20_POLY1305 == ctx->cipher_info->type) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; /* ChachaPoly has fixed length nonce and MAC (tag) */ - if ( ( iv_len != ctx->cipher_info->iv_size ) || - ( tag_len != 16U ) ) - { - return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + if ((iv_len != ctx->cipher_info->iv_size) || + (tag_len != 16U)) { + return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA; } *olen = ilen; - ret = mbedtls_chachapoly_auth_decrypt( ctx->cipher_ctx, ilen, - iv, ad, ad_len, tag, input, output ); + ret = mbedtls_chachapoly_auth_decrypt(ctx->cipher_ctx, ilen, + iv, ad, ad_len, tag, input, output); - if( ret == MBEDTLS_ERR_CHACHAPOLY_AUTH_FAILED ) + if (ret == MBEDTLS_ERR_CHACHAPOLY_AUTH_FAILED) { ret = MBEDTLS_ERR_CIPHER_AUTH_FAILED; + } - return( ret ); + return ret; } #endif /* MBEDTLS_CHACHAPOLY_C */ - return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE ); + return MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE; } #if !defined(MBEDTLS_DEPRECATED_REMOVED) /* * Packet-oriented encryption for AEAD modes: public legacy function. */ -int mbedtls_cipher_auth_encrypt( mbedtls_cipher_context_t *ctx, - const unsigned char *iv, size_t iv_len, - const unsigned char *ad, size_t ad_len, - const unsigned char *input, size_t ilen, - unsigned char *output, size_t *olen, - unsigned char *tag, size_t tag_len ) +int mbedtls_cipher_auth_encrypt(mbedtls_cipher_context_t *ctx, + const unsigned char *iv, size_t iv_len, + const unsigned char *ad, size_t ad_len, + const unsigned char *input, size_t ilen, + unsigned char *output, size_t *olen, + unsigned char *tag, size_t tag_len) { - CIPHER_VALIDATE_RET( ctx != NULL ); - CIPHER_VALIDATE_RET( iv_len == 0 || iv != NULL ); - CIPHER_VALIDATE_RET( ad_len == 0 || ad != NULL ); - CIPHER_VALIDATE_RET( ilen == 0 || input != NULL ); - CIPHER_VALIDATE_RET( ilen == 0 || output != NULL ); - CIPHER_VALIDATE_RET( olen != NULL ); - CIPHER_VALIDATE_RET( tag_len == 0 || tag != NULL ); - - return( mbedtls_cipher_aead_encrypt( ctx, iv, iv_len, ad, ad_len, - input, ilen, output, olen, - tag, tag_len ) ); + CIPHER_VALIDATE_RET(ctx != NULL); + CIPHER_VALIDATE_RET(iv_len == 0 || iv != NULL); + CIPHER_VALIDATE_RET(ad_len == 0 || ad != NULL); + CIPHER_VALIDATE_RET(ilen == 0 || input != NULL); + CIPHER_VALIDATE_RET(ilen == 0 || output != NULL); + CIPHER_VALIDATE_RET(olen != NULL); + CIPHER_VALIDATE_RET(tag_len == 0 || tag != NULL); + + return mbedtls_cipher_aead_encrypt(ctx, iv, iv_len, ad, ad_len, + input, ilen, output, olen, + tag, tag_len); } /* * Packet-oriented decryption for AEAD modes: public legacy function. */ -int mbedtls_cipher_auth_decrypt( mbedtls_cipher_context_t *ctx, - const unsigned char *iv, size_t iv_len, - const unsigned char *ad, size_t ad_len, - const unsigned char *input, size_t ilen, - unsigned char *output, size_t *olen, - const unsigned char *tag, size_t tag_len ) +int mbedtls_cipher_auth_decrypt(mbedtls_cipher_context_t *ctx, + const unsigned char *iv, size_t iv_len, + const unsigned char *ad, size_t ad_len, + const unsigned char *input, size_t ilen, + unsigned char *output, size_t *olen, + const unsigned char *tag, size_t tag_len) { - CIPHER_VALIDATE_RET( ctx != NULL ); - CIPHER_VALIDATE_RET( iv_len == 0 || iv != NULL ); - CIPHER_VALIDATE_RET( ad_len == 0 || ad != NULL ); - CIPHER_VALIDATE_RET( ilen == 0 || input != NULL ); - CIPHER_VALIDATE_RET( ilen == 0 || output != NULL ); - CIPHER_VALIDATE_RET( olen != NULL ); - CIPHER_VALIDATE_RET( tag_len == 0 || tag != NULL ); - - return( mbedtls_cipher_aead_decrypt( ctx, iv, iv_len, ad, ad_len, - input, ilen, output, olen, - tag, tag_len ) ); + CIPHER_VALIDATE_RET(ctx != NULL); + CIPHER_VALIDATE_RET(iv_len == 0 || iv != NULL); + CIPHER_VALIDATE_RET(ad_len == 0 || ad != NULL); + CIPHER_VALIDATE_RET(ilen == 0 || input != NULL); + CIPHER_VALIDATE_RET(ilen == 0 || output != NULL); + CIPHER_VALIDATE_RET(olen != NULL); + CIPHER_VALIDATE_RET(tag_len == 0 || tag != NULL); + + return mbedtls_cipher_aead_decrypt(ctx, iv, iv_len, ad, ad_len, + input, ilen, output, olen, + tag, tag_len); } #endif /* !MBEDTLS_DEPRECATED_REMOVED */ #endif /* MBEDTLS_CIPHER_MODE_AEAD */ @@ -1521,110 +1513,112 @@ int mbedtls_cipher_auth_decrypt( mbedtls_cipher_context_t *ctx, /* * Packet-oriented encryption for AEAD/NIST_KW: public function. */ -int mbedtls_cipher_auth_encrypt_ext( mbedtls_cipher_context_t *ctx, - const unsigned char *iv, size_t iv_len, - const unsigned char *ad, size_t ad_len, - const unsigned char *input, size_t ilen, - unsigned char *output, size_t output_len, - size_t *olen, size_t tag_len ) +int mbedtls_cipher_auth_encrypt_ext(mbedtls_cipher_context_t *ctx, + const unsigned char *iv, size_t iv_len, + const unsigned char *ad, size_t ad_len, + const unsigned char *input, size_t ilen, + unsigned char *output, size_t output_len, + size_t *olen, size_t tag_len) { - CIPHER_VALIDATE_RET( ctx != NULL ); - CIPHER_VALIDATE_RET( iv_len == 0 || iv != NULL ); - CIPHER_VALIDATE_RET( ad_len == 0 || ad != NULL ); - CIPHER_VALIDATE_RET( ilen == 0 || input != NULL ); - CIPHER_VALIDATE_RET( output != NULL ); - CIPHER_VALIDATE_RET( olen != NULL ); + CIPHER_VALIDATE_RET(ctx != NULL); + CIPHER_VALIDATE_RET(iv_len == 0 || iv != NULL); + CIPHER_VALIDATE_RET(ad_len == 0 || ad != NULL); + CIPHER_VALIDATE_RET(ilen == 0 || input != NULL); + CIPHER_VALIDATE_RET(output != NULL); + CIPHER_VALIDATE_RET(olen != NULL); #if defined(MBEDTLS_NIST_KW_C) - if( + if ( #if defined(MBEDTLS_USE_PSA_CRYPTO) ctx->psa_enabled == 0 && #endif - ( MBEDTLS_MODE_KW == ctx->cipher_info->mode || - MBEDTLS_MODE_KWP == ctx->cipher_info->mode ) ) - { - mbedtls_nist_kw_mode_t mode = ( MBEDTLS_MODE_KW == ctx->cipher_info->mode ) ? - MBEDTLS_KW_MODE_KW : MBEDTLS_KW_MODE_KWP; + (MBEDTLS_MODE_KW == ctx->cipher_info->mode || + MBEDTLS_MODE_KWP == ctx->cipher_info->mode)) { + mbedtls_nist_kw_mode_t mode = (MBEDTLS_MODE_KW == ctx->cipher_info->mode) ? + MBEDTLS_KW_MODE_KW : MBEDTLS_KW_MODE_KWP; /* There is no iv, tag or ad associated with KW and KWP, * so these length should be 0 as documented. */ - if( iv_len != 0 || tag_len != 0 || ad_len != 0 ) - return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + if (iv_len != 0 || tag_len != 0 || ad_len != 0) { + return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA; + } (void) iv; (void) ad; - return( mbedtls_nist_kw_wrap( ctx->cipher_ctx, mode, input, ilen, - output, olen, output_len ) ); + return mbedtls_nist_kw_wrap(ctx->cipher_ctx, mode, input, ilen, + output, olen, output_len); } #endif /* MBEDTLS_NIST_KW_C */ #if defined(MBEDTLS_CIPHER_MODE_AEAD) /* AEAD case: check length before passing on to shared function */ - if( output_len < ilen + tag_len ) - return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + if (output_len < ilen + tag_len) { + return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA; + } - int ret = mbedtls_cipher_aead_encrypt( ctx, iv, iv_len, ad, ad_len, - input, ilen, output, olen, - output + ilen, tag_len ); + int ret = mbedtls_cipher_aead_encrypt(ctx, iv, iv_len, ad, ad_len, + input, ilen, output, olen, + output + ilen, tag_len); *olen += tag_len; - return( ret ); + return ret; #else - return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE ); + return MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE; #endif /* MBEDTLS_CIPHER_MODE_AEAD */ } /* * Packet-oriented decryption for AEAD/NIST_KW: public function. */ -int mbedtls_cipher_auth_decrypt_ext( mbedtls_cipher_context_t *ctx, - const unsigned char *iv, size_t iv_len, - const unsigned char *ad, size_t ad_len, - const unsigned char *input, size_t ilen, - unsigned char *output, size_t output_len, - size_t *olen, size_t tag_len ) +int mbedtls_cipher_auth_decrypt_ext(mbedtls_cipher_context_t *ctx, + const unsigned char *iv, size_t iv_len, + const unsigned char *ad, size_t ad_len, + const unsigned char *input, size_t ilen, + unsigned char *output, size_t output_len, + size_t *olen, size_t tag_len) { - CIPHER_VALIDATE_RET( ctx != NULL ); - CIPHER_VALIDATE_RET( iv_len == 0 || iv != NULL ); - CIPHER_VALIDATE_RET( ad_len == 0 || ad != NULL ); - CIPHER_VALIDATE_RET( ilen == 0 || input != NULL ); - CIPHER_VALIDATE_RET( output_len == 0 || output != NULL ); - CIPHER_VALIDATE_RET( olen != NULL ); + CIPHER_VALIDATE_RET(ctx != NULL); + CIPHER_VALIDATE_RET(iv_len == 0 || iv != NULL); + CIPHER_VALIDATE_RET(ad_len == 0 || ad != NULL); + CIPHER_VALIDATE_RET(ilen == 0 || input != NULL); + CIPHER_VALIDATE_RET(output_len == 0 || output != NULL); + CIPHER_VALIDATE_RET(olen != NULL); #if defined(MBEDTLS_NIST_KW_C) - if( + if ( #if defined(MBEDTLS_USE_PSA_CRYPTO) ctx->psa_enabled == 0 && #endif - ( MBEDTLS_MODE_KW == ctx->cipher_info->mode || - MBEDTLS_MODE_KWP == ctx->cipher_info->mode ) ) - { - mbedtls_nist_kw_mode_t mode = ( MBEDTLS_MODE_KW == ctx->cipher_info->mode ) ? - MBEDTLS_KW_MODE_KW : MBEDTLS_KW_MODE_KWP; + (MBEDTLS_MODE_KW == ctx->cipher_info->mode || + MBEDTLS_MODE_KWP == ctx->cipher_info->mode)) { + mbedtls_nist_kw_mode_t mode = (MBEDTLS_MODE_KW == ctx->cipher_info->mode) ? + MBEDTLS_KW_MODE_KW : MBEDTLS_KW_MODE_KWP; /* There is no iv, tag or ad associated with KW and KWP, * so these length should be 0 as documented. */ - if( iv_len != 0 || tag_len != 0 || ad_len != 0 ) - return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + if (iv_len != 0 || tag_len != 0 || ad_len != 0) { + return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA; + } (void) iv; (void) ad; - return( mbedtls_nist_kw_unwrap( ctx->cipher_ctx, mode, input, ilen, - output, olen, output_len ) ); + return mbedtls_nist_kw_unwrap(ctx->cipher_ctx, mode, input, ilen, + output, olen, output_len); } #endif /* MBEDTLS_NIST_KW_C */ #if defined(MBEDTLS_CIPHER_MODE_AEAD) /* AEAD case: check length before passing on to shared function */ - if( ilen < tag_len || output_len < ilen - tag_len ) - return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + if (ilen < tag_len || output_len < ilen - tag_len) { + return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA; + } - return( mbedtls_cipher_aead_decrypt( ctx, iv, iv_len, ad, ad_len, - input, ilen - tag_len, output, olen, - input + ilen - tag_len, tag_len ) ); + return mbedtls_cipher_aead_decrypt(ctx, iv, iv_len, ad, ad_len, + input, ilen - tag_len, output, olen, + input + ilen - tag_len, tag_len); #else - return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE ); + return MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE; #endif /* MBEDTLS_CIPHER_MODE_AEAD */ } #endif /* MBEDTLS_CIPHER_MODE_AEAD || MBEDTLS_NIST_KW_C */ diff --git a/thirdparty/mbedtls/library/cipher_wrap.c b/thirdparty/mbedtls/library/cipher_wrap.c index c76bdcc0f8..737cf9776b 100644 --- a/thirdparty/mbedtls/library/cipher_wrap.c +++ b/thirdparty/mbedtls/library/cipher_wrap.c @@ -80,100 +80,101 @@ #if defined(MBEDTLS_GCM_C) /* shared by all GCM ciphers */ -static void *gcm_ctx_alloc( void ) +static void *gcm_ctx_alloc(void) { - void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_gcm_context ) ); + void *ctx = mbedtls_calloc(1, sizeof(mbedtls_gcm_context)); - if( ctx != NULL ) - mbedtls_gcm_init( (mbedtls_gcm_context *) ctx ); + if (ctx != NULL) { + mbedtls_gcm_init((mbedtls_gcm_context *) ctx); + } - return( ctx ); + return ctx; } -static void gcm_ctx_free( void *ctx ) +static void gcm_ctx_free(void *ctx) { - mbedtls_gcm_free( ctx ); - mbedtls_free( ctx ); + mbedtls_gcm_free(ctx); + mbedtls_free(ctx); } #endif /* MBEDTLS_GCM_C */ #if defined(MBEDTLS_CCM_C) /* shared by all CCM ciphers */ -static void *ccm_ctx_alloc( void ) +static void *ccm_ctx_alloc(void) { - void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_ccm_context ) ); + void *ctx = mbedtls_calloc(1, sizeof(mbedtls_ccm_context)); - if( ctx != NULL ) - mbedtls_ccm_init( (mbedtls_ccm_context *) ctx ); + if (ctx != NULL) { + mbedtls_ccm_init((mbedtls_ccm_context *) ctx); + } - return( ctx ); + return ctx; } -static void ccm_ctx_free( void *ctx ) +static void ccm_ctx_free(void *ctx) { - mbedtls_ccm_free( ctx ); - mbedtls_free( ctx ); + mbedtls_ccm_free(ctx); + mbedtls_free(ctx); } #endif /* MBEDTLS_CCM_C */ #if defined(MBEDTLS_AES_C) -static int aes_crypt_ecb_wrap( void *ctx, mbedtls_operation_t operation, - const unsigned char *input, unsigned char *output ) +static int aes_crypt_ecb_wrap(void *ctx, mbedtls_operation_t operation, + const unsigned char *input, unsigned char *output) { - return mbedtls_aes_crypt_ecb( (mbedtls_aes_context *) ctx, operation, input, output ); + return mbedtls_aes_crypt_ecb((mbedtls_aes_context *) ctx, operation, input, output); } #if defined(MBEDTLS_CIPHER_MODE_CBC) -static int aes_crypt_cbc_wrap( void *ctx, mbedtls_operation_t operation, size_t length, - unsigned char *iv, const unsigned char *input, unsigned char *output ) +static int aes_crypt_cbc_wrap(void *ctx, mbedtls_operation_t operation, size_t length, + unsigned char *iv, const unsigned char *input, unsigned char *output) { - return mbedtls_aes_crypt_cbc( (mbedtls_aes_context *) ctx, operation, length, iv, input, - output ); + return mbedtls_aes_crypt_cbc((mbedtls_aes_context *) ctx, operation, length, iv, input, + output); } #endif /* MBEDTLS_CIPHER_MODE_CBC */ #if defined(MBEDTLS_CIPHER_MODE_CFB) -static int aes_crypt_cfb128_wrap( void *ctx, mbedtls_operation_t operation, - size_t length, size_t *iv_off, unsigned char *iv, - const unsigned char *input, unsigned char *output ) +static int aes_crypt_cfb128_wrap(void *ctx, mbedtls_operation_t operation, + size_t length, size_t *iv_off, unsigned char *iv, + const unsigned char *input, unsigned char *output) { - return mbedtls_aes_crypt_cfb128( (mbedtls_aes_context *) ctx, operation, length, iv_off, iv, - input, output ); + return mbedtls_aes_crypt_cfb128((mbedtls_aes_context *) ctx, operation, length, iv_off, iv, + input, output); } #endif /* MBEDTLS_CIPHER_MODE_CFB */ #if defined(MBEDTLS_CIPHER_MODE_OFB) -static int aes_crypt_ofb_wrap( void *ctx, size_t length, size_t *iv_off, - unsigned char *iv, const unsigned char *input, unsigned char *output ) +static int aes_crypt_ofb_wrap(void *ctx, size_t length, size_t *iv_off, + unsigned char *iv, const unsigned char *input, unsigned char *output) { - return mbedtls_aes_crypt_ofb( (mbedtls_aes_context *) ctx, length, iv_off, - iv, input, output ); + return mbedtls_aes_crypt_ofb((mbedtls_aes_context *) ctx, length, iv_off, + iv, input, output); } #endif /* MBEDTLS_CIPHER_MODE_OFB */ #if defined(MBEDTLS_CIPHER_MODE_CTR) -static int aes_crypt_ctr_wrap( void *ctx, size_t length, size_t *nc_off, - unsigned char *nonce_counter, unsigned char *stream_block, - const unsigned char *input, unsigned char *output ) +static int aes_crypt_ctr_wrap(void *ctx, size_t length, size_t *nc_off, + unsigned char *nonce_counter, unsigned char *stream_block, + const unsigned char *input, unsigned char *output) { - return mbedtls_aes_crypt_ctr( (mbedtls_aes_context *) ctx, length, nc_off, nonce_counter, - stream_block, input, output ); + return mbedtls_aes_crypt_ctr((mbedtls_aes_context *) ctx, length, nc_off, nonce_counter, + stream_block, input, output); } #endif /* MBEDTLS_CIPHER_MODE_CTR */ #if defined(MBEDTLS_CIPHER_MODE_XTS) -static int aes_crypt_xts_wrap( void *ctx, mbedtls_operation_t operation, - size_t length, - const unsigned char data_unit[16], - const unsigned char *input, - unsigned char *output ) +static int aes_crypt_xts_wrap(void *ctx, mbedtls_operation_t operation, + size_t length, + const unsigned char data_unit[16], + const unsigned char *input, + unsigned char *output) { mbedtls_aes_xts_context *xts_ctx = ctx; int mode; - switch( operation ) - { + switch (operation) { case MBEDTLS_ENCRYPT: mode = MBEDTLS_AES_ENCRYPT; break; @@ -184,39 +185,40 @@ static int aes_crypt_xts_wrap( void *ctx, mbedtls_operation_t operation, return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA; } - return mbedtls_aes_crypt_xts( xts_ctx, mode, length, - data_unit, input, output ); + return mbedtls_aes_crypt_xts(xts_ctx, mode, length, + data_unit, input, output); } #endif /* MBEDTLS_CIPHER_MODE_XTS */ -static int aes_setkey_dec_wrap( void *ctx, const unsigned char *key, - unsigned int key_bitlen ) +static int aes_setkey_dec_wrap(void *ctx, const unsigned char *key, + unsigned int key_bitlen) { - return mbedtls_aes_setkey_dec( (mbedtls_aes_context *) ctx, key, key_bitlen ); + return mbedtls_aes_setkey_dec((mbedtls_aes_context *) ctx, key, key_bitlen); } -static int aes_setkey_enc_wrap( void *ctx, const unsigned char *key, - unsigned int key_bitlen ) +static int aes_setkey_enc_wrap(void *ctx, const unsigned char *key, + unsigned int key_bitlen) { - return mbedtls_aes_setkey_enc( (mbedtls_aes_context *) ctx, key, key_bitlen ); + return mbedtls_aes_setkey_enc((mbedtls_aes_context *) ctx, key, key_bitlen); } -static void * aes_ctx_alloc( void ) +static void *aes_ctx_alloc(void) { - mbedtls_aes_context *aes = mbedtls_calloc( 1, sizeof( mbedtls_aes_context ) ); + mbedtls_aes_context *aes = mbedtls_calloc(1, sizeof(mbedtls_aes_context)); - if( aes == NULL ) - return( NULL ); + if (aes == NULL) { + return NULL; + } - mbedtls_aes_init( aes ); + mbedtls_aes_init(aes); - return( aes ); + return aes; } -static void aes_ctx_free( void *ctx ) +static void aes_ctx_free(void *ctx) { - mbedtls_aes_free( (mbedtls_aes_context *) ctx ); - mbedtls_free( ctx ); + mbedtls_aes_free((mbedtls_aes_context *) ctx); + mbedtls_free(ctx); } static const mbedtls_cipher_base_t aes_info = { @@ -420,39 +422,41 @@ static const mbedtls_cipher_info_t aes_256_ctr_info = { #endif /* MBEDTLS_CIPHER_MODE_CTR */ #if defined(MBEDTLS_CIPHER_MODE_XTS) -static int xts_aes_setkey_enc_wrap( void *ctx, const unsigned char *key, - unsigned int key_bitlen ) +static int xts_aes_setkey_enc_wrap(void *ctx, const unsigned char *key, + unsigned int key_bitlen) { mbedtls_aes_xts_context *xts_ctx = ctx; - return( mbedtls_aes_xts_setkey_enc( xts_ctx, key, key_bitlen ) ); + return mbedtls_aes_xts_setkey_enc(xts_ctx, key, key_bitlen); } -static int xts_aes_setkey_dec_wrap( void *ctx, const unsigned char *key, - unsigned int key_bitlen ) +static int xts_aes_setkey_dec_wrap(void *ctx, const unsigned char *key, + unsigned int key_bitlen) { mbedtls_aes_xts_context *xts_ctx = ctx; - return( mbedtls_aes_xts_setkey_dec( xts_ctx, key, key_bitlen ) ); + return mbedtls_aes_xts_setkey_dec(xts_ctx, key, key_bitlen); } -static void *xts_aes_ctx_alloc( void ) +static void *xts_aes_ctx_alloc(void) { - mbedtls_aes_xts_context *xts_ctx = mbedtls_calloc( 1, sizeof( *xts_ctx ) ); + mbedtls_aes_xts_context *xts_ctx = mbedtls_calloc(1, sizeof(*xts_ctx)); - if( xts_ctx != NULL ) - mbedtls_aes_xts_init( xts_ctx ); + if (xts_ctx != NULL) { + mbedtls_aes_xts_init(xts_ctx); + } - return( xts_ctx ); + return xts_ctx; } -static void xts_aes_ctx_free( void *ctx ) +static void xts_aes_ctx_free(void *ctx) { mbedtls_aes_xts_context *xts_ctx = ctx; - if( xts_ctx == NULL ) + if (xts_ctx == NULL) { return; + } - mbedtls_aes_xts_free( xts_ctx ); - mbedtls_free( xts_ctx ); + mbedtls_aes_xts_free(xts_ctx); + mbedtls_free(xts_ctx); } static const mbedtls_cipher_base_t xts_aes_info = { @@ -506,11 +510,11 @@ static const mbedtls_cipher_info_t aes_256_xts_info = { #endif /* MBEDTLS_CIPHER_MODE_XTS */ #if defined(MBEDTLS_GCM_C) -static int gcm_aes_setkey_wrap( void *ctx, const unsigned char *key, - unsigned int key_bitlen ) +static int gcm_aes_setkey_wrap(void *ctx, const unsigned char *key, + unsigned int key_bitlen) { - return mbedtls_gcm_setkey( (mbedtls_gcm_context *) ctx, MBEDTLS_CIPHER_ID_AES, - key, key_bitlen ); + return mbedtls_gcm_setkey((mbedtls_gcm_context *) ctx, MBEDTLS_CIPHER_ID_AES, + key, key_bitlen); } static const mbedtls_cipher_base_t gcm_aes_info = { @@ -575,11 +579,11 @@ static const mbedtls_cipher_info_t aes_256_gcm_info = { #endif /* MBEDTLS_GCM_C */ #if defined(MBEDTLS_CCM_C) -static int ccm_aes_setkey_wrap( void *ctx, const unsigned char *key, - unsigned int key_bitlen ) +static int ccm_aes_setkey_wrap(void *ctx, const unsigned char *key, + unsigned int key_bitlen) { - return mbedtls_ccm_setkey( (mbedtls_ccm_context *) ctx, MBEDTLS_CIPHER_ID_AES, - key, key_bitlen ); + return mbedtls_ccm_setkey((mbedtls_ccm_context *) ctx, MBEDTLS_CIPHER_ID_AES, + key, key_bitlen); } static const mbedtls_cipher_base_t ccm_aes_info = { @@ -647,72 +651,73 @@ static const mbedtls_cipher_info_t aes_256_ccm_info = { #if defined(MBEDTLS_CAMELLIA_C) -static int camellia_crypt_ecb_wrap( void *ctx, mbedtls_operation_t operation, - const unsigned char *input, unsigned char *output ) +static int camellia_crypt_ecb_wrap(void *ctx, mbedtls_operation_t operation, + const unsigned char *input, unsigned char *output) { - return mbedtls_camellia_crypt_ecb( (mbedtls_camellia_context *) ctx, operation, input, - output ); + return mbedtls_camellia_crypt_ecb((mbedtls_camellia_context *) ctx, operation, input, + output); } #if defined(MBEDTLS_CIPHER_MODE_CBC) -static int camellia_crypt_cbc_wrap( void *ctx, mbedtls_operation_t operation, - size_t length, unsigned char *iv, - const unsigned char *input, unsigned char *output ) +static int camellia_crypt_cbc_wrap(void *ctx, mbedtls_operation_t operation, + size_t length, unsigned char *iv, + const unsigned char *input, unsigned char *output) { - return mbedtls_camellia_crypt_cbc( (mbedtls_camellia_context *) ctx, operation, length, iv, - input, output ); + return mbedtls_camellia_crypt_cbc((mbedtls_camellia_context *) ctx, operation, length, iv, + input, output); } #endif /* MBEDTLS_CIPHER_MODE_CBC */ #if defined(MBEDTLS_CIPHER_MODE_CFB) -static int camellia_crypt_cfb128_wrap( void *ctx, mbedtls_operation_t operation, - size_t length, size_t *iv_off, unsigned char *iv, - const unsigned char *input, unsigned char *output ) +static int camellia_crypt_cfb128_wrap(void *ctx, mbedtls_operation_t operation, + size_t length, size_t *iv_off, unsigned char *iv, + const unsigned char *input, unsigned char *output) { - return mbedtls_camellia_crypt_cfb128( (mbedtls_camellia_context *) ctx, operation, length, - iv_off, iv, input, output ); + return mbedtls_camellia_crypt_cfb128((mbedtls_camellia_context *) ctx, operation, length, + iv_off, iv, input, output); } #endif /* MBEDTLS_CIPHER_MODE_CFB */ #if defined(MBEDTLS_CIPHER_MODE_CTR) -static int camellia_crypt_ctr_wrap( void *ctx, size_t length, size_t *nc_off, - unsigned char *nonce_counter, unsigned char *stream_block, - const unsigned char *input, unsigned char *output ) +static int camellia_crypt_ctr_wrap(void *ctx, size_t length, size_t *nc_off, + unsigned char *nonce_counter, unsigned char *stream_block, + const unsigned char *input, unsigned char *output) { - return mbedtls_camellia_crypt_ctr( (mbedtls_camellia_context *) ctx, length, nc_off, - nonce_counter, stream_block, input, output ); + return mbedtls_camellia_crypt_ctr((mbedtls_camellia_context *) ctx, length, nc_off, + nonce_counter, stream_block, input, output); } #endif /* MBEDTLS_CIPHER_MODE_CTR */ -static int camellia_setkey_dec_wrap( void *ctx, const unsigned char *key, - unsigned int key_bitlen ) +static int camellia_setkey_dec_wrap(void *ctx, const unsigned char *key, + unsigned int key_bitlen) { - return mbedtls_camellia_setkey_dec( (mbedtls_camellia_context *) ctx, key, key_bitlen ); + return mbedtls_camellia_setkey_dec((mbedtls_camellia_context *) ctx, key, key_bitlen); } -static int camellia_setkey_enc_wrap( void *ctx, const unsigned char *key, - unsigned int key_bitlen ) +static int camellia_setkey_enc_wrap(void *ctx, const unsigned char *key, + unsigned int key_bitlen) { - return mbedtls_camellia_setkey_enc( (mbedtls_camellia_context *) ctx, key, key_bitlen ); + return mbedtls_camellia_setkey_enc((mbedtls_camellia_context *) ctx, key, key_bitlen); } -static void * camellia_ctx_alloc( void ) +static void *camellia_ctx_alloc(void) { mbedtls_camellia_context *ctx; - ctx = mbedtls_calloc( 1, sizeof( mbedtls_camellia_context ) ); + ctx = mbedtls_calloc(1, sizeof(mbedtls_camellia_context)); - if( ctx == NULL ) - return( NULL ); + if (ctx == NULL) { + return NULL; + } - mbedtls_camellia_init( ctx ); + mbedtls_camellia_init(ctx); - return( ctx ); + return ctx; } -static void camellia_ctx_free( void *ctx ) +static void camellia_ctx_free(void *ctx) { - mbedtls_camellia_free( (mbedtls_camellia_context *) ctx ); - mbedtls_free( ctx ); + mbedtls_camellia_free((mbedtls_camellia_context *) ctx); + mbedtls_free(ctx); } static const mbedtls_cipher_base_t camellia_info = { @@ -881,11 +886,11 @@ static const mbedtls_cipher_info_t camellia_256_ctr_info = { #endif /* MBEDTLS_CIPHER_MODE_CTR */ #if defined(MBEDTLS_GCM_C) -static int gcm_camellia_setkey_wrap( void *ctx, const unsigned char *key, - unsigned int key_bitlen ) +static int gcm_camellia_setkey_wrap(void *ctx, const unsigned char *key, + unsigned int key_bitlen) { - return mbedtls_gcm_setkey( (mbedtls_gcm_context *) ctx, MBEDTLS_CIPHER_ID_CAMELLIA, - key, key_bitlen ); + return mbedtls_gcm_setkey((mbedtls_gcm_context *) ctx, MBEDTLS_CIPHER_ID_CAMELLIA, + key, key_bitlen); } static const mbedtls_cipher_base_t gcm_camellia_info = { @@ -950,11 +955,11 @@ static const mbedtls_cipher_info_t camellia_256_gcm_info = { #endif /* MBEDTLS_GCM_C */ #if defined(MBEDTLS_CCM_C) -static int ccm_camellia_setkey_wrap( void *ctx, const unsigned char *key, - unsigned int key_bitlen ) +static int ccm_camellia_setkey_wrap(void *ctx, const unsigned char *key, + unsigned int key_bitlen) { - return mbedtls_ccm_setkey( (mbedtls_ccm_context *) ctx, MBEDTLS_CIPHER_ID_CAMELLIA, - key, key_bitlen ); + return mbedtls_ccm_setkey((mbedtls_ccm_context *) ctx, MBEDTLS_CIPHER_ID_CAMELLIA, + key, key_bitlen); } static const mbedtls_cipher_base_t ccm_camellia_info = { @@ -1022,73 +1027,74 @@ static const mbedtls_cipher_info_t camellia_256_ccm_info = { #if defined(MBEDTLS_ARIA_C) -static int aria_crypt_ecb_wrap( void *ctx, mbedtls_operation_t operation, - const unsigned char *input, unsigned char *output ) +static int aria_crypt_ecb_wrap(void *ctx, mbedtls_operation_t operation, + const unsigned char *input, unsigned char *output) { (void) operation; - return mbedtls_aria_crypt_ecb( (mbedtls_aria_context *) ctx, input, - output ); + return mbedtls_aria_crypt_ecb((mbedtls_aria_context *) ctx, input, + output); } #if defined(MBEDTLS_CIPHER_MODE_CBC) -static int aria_crypt_cbc_wrap( void *ctx, mbedtls_operation_t operation, - size_t length, unsigned char *iv, - const unsigned char *input, unsigned char *output ) +static int aria_crypt_cbc_wrap(void *ctx, mbedtls_operation_t operation, + size_t length, unsigned char *iv, + const unsigned char *input, unsigned char *output) { - return mbedtls_aria_crypt_cbc( (mbedtls_aria_context *) ctx, operation, length, iv, - input, output ); + return mbedtls_aria_crypt_cbc((mbedtls_aria_context *) ctx, operation, length, iv, + input, output); } #endif /* MBEDTLS_CIPHER_MODE_CBC */ #if defined(MBEDTLS_CIPHER_MODE_CFB) -static int aria_crypt_cfb128_wrap( void *ctx, mbedtls_operation_t operation, - size_t length, size_t *iv_off, unsigned char *iv, - const unsigned char *input, unsigned char *output ) +static int aria_crypt_cfb128_wrap(void *ctx, mbedtls_operation_t operation, + size_t length, size_t *iv_off, unsigned char *iv, + const unsigned char *input, unsigned char *output) { - return mbedtls_aria_crypt_cfb128( (mbedtls_aria_context *) ctx, operation, length, - iv_off, iv, input, output ); + return mbedtls_aria_crypt_cfb128((mbedtls_aria_context *) ctx, operation, length, + iv_off, iv, input, output); } #endif /* MBEDTLS_CIPHER_MODE_CFB */ #if defined(MBEDTLS_CIPHER_MODE_CTR) -static int aria_crypt_ctr_wrap( void *ctx, size_t length, size_t *nc_off, - unsigned char *nonce_counter, unsigned char *stream_block, - const unsigned char *input, unsigned char *output ) +static int aria_crypt_ctr_wrap(void *ctx, size_t length, size_t *nc_off, + unsigned char *nonce_counter, unsigned char *stream_block, + const unsigned char *input, unsigned char *output) { - return mbedtls_aria_crypt_ctr( (mbedtls_aria_context *) ctx, length, nc_off, - nonce_counter, stream_block, input, output ); + return mbedtls_aria_crypt_ctr((mbedtls_aria_context *) ctx, length, nc_off, + nonce_counter, stream_block, input, output); } #endif /* MBEDTLS_CIPHER_MODE_CTR */ -static int aria_setkey_dec_wrap( void *ctx, const unsigned char *key, - unsigned int key_bitlen ) +static int aria_setkey_dec_wrap(void *ctx, const unsigned char *key, + unsigned int key_bitlen) { - return mbedtls_aria_setkey_dec( (mbedtls_aria_context *) ctx, key, key_bitlen ); + return mbedtls_aria_setkey_dec((mbedtls_aria_context *) ctx, key, key_bitlen); } -static int aria_setkey_enc_wrap( void *ctx, const unsigned char *key, - unsigned int key_bitlen ) +static int aria_setkey_enc_wrap(void *ctx, const unsigned char *key, + unsigned int key_bitlen) { - return mbedtls_aria_setkey_enc( (mbedtls_aria_context *) ctx, key, key_bitlen ); + return mbedtls_aria_setkey_enc((mbedtls_aria_context *) ctx, key, key_bitlen); } -static void * aria_ctx_alloc( void ) +static void *aria_ctx_alloc(void) { mbedtls_aria_context *ctx; - ctx = mbedtls_calloc( 1, sizeof( mbedtls_aria_context ) ); + ctx = mbedtls_calloc(1, sizeof(mbedtls_aria_context)); - if( ctx == NULL ) - return( NULL ); + if (ctx == NULL) { + return NULL; + } - mbedtls_aria_init( ctx ); + mbedtls_aria_init(ctx); - return( ctx ); + return ctx; } -static void aria_ctx_free( void *ctx ) +static void aria_ctx_free(void *ctx) { - mbedtls_aria_free( (mbedtls_aria_context *) ctx ); - mbedtls_free( ctx ); + mbedtls_aria_free((mbedtls_aria_context *) ctx); + mbedtls_free(ctx); } static const mbedtls_cipher_base_t aria_info = { @@ -1257,11 +1263,11 @@ static const mbedtls_cipher_info_t aria_256_ctr_info = { #endif /* MBEDTLS_CIPHER_MODE_CTR */ #if defined(MBEDTLS_GCM_C) -static int gcm_aria_setkey_wrap( void *ctx, const unsigned char *key, - unsigned int key_bitlen ) +static int gcm_aria_setkey_wrap(void *ctx, const unsigned char *key, + unsigned int key_bitlen) { - return mbedtls_gcm_setkey( (mbedtls_gcm_context *) ctx, MBEDTLS_CIPHER_ID_ARIA, - key, key_bitlen ); + return mbedtls_gcm_setkey((mbedtls_gcm_context *) ctx, MBEDTLS_CIPHER_ID_ARIA, + key, key_bitlen); } static const mbedtls_cipher_base_t gcm_aria_info = { @@ -1326,11 +1332,11 @@ static const mbedtls_cipher_info_t aria_256_gcm_info = { #endif /* MBEDTLS_GCM_C */ #if defined(MBEDTLS_CCM_C) -static int ccm_aria_setkey_wrap( void *ctx, const unsigned char *key, - unsigned int key_bitlen ) +static int ccm_aria_setkey_wrap(void *ctx, const unsigned char *key, + unsigned int key_bitlen) { - return mbedtls_ccm_setkey( (mbedtls_ccm_context *) ctx, MBEDTLS_CIPHER_ID_ARIA, - key, key_bitlen ); + return mbedtls_ccm_setkey((mbedtls_ccm_context *) ctx, MBEDTLS_CIPHER_ID_ARIA, + key, key_bitlen); } static const mbedtls_cipher_base_t ccm_aria_info = { @@ -1398,121 +1404,123 @@ static const mbedtls_cipher_info_t aria_256_ccm_info = { #if defined(MBEDTLS_DES_C) -static int des_crypt_ecb_wrap( void *ctx, mbedtls_operation_t operation, - const unsigned char *input, unsigned char *output ) +static int des_crypt_ecb_wrap(void *ctx, mbedtls_operation_t operation, + const unsigned char *input, unsigned char *output) { ((void) operation); - return mbedtls_des_crypt_ecb( (mbedtls_des_context *) ctx, input, output ); + return mbedtls_des_crypt_ecb((mbedtls_des_context *) ctx, input, output); } -static int des3_crypt_ecb_wrap( void *ctx, mbedtls_operation_t operation, - const unsigned char *input, unsigned char *output ) +static int des3_crypt_ecb_wrap(void *ctx, mbedtls_operation_t operation, + const unsigned char *input, unsigned char *output) { ((void) operation); - return mbedtls_des3_crypt_ecb( (mbedtls_des3_context *) ctx, input, output ); + return mbedtls_des3_crypt_ecb((mbedtls_des3_context *) ctx, input, output); } #if defined(MBEDTLS_CIPHER_MODE_CBC) -static int des_crypt_cbc_wrap( void *ctx, mbedtls_operation_t operation, size_t length, - unsigned char *iv, const unsigned char *input, unsigned char *output ) +static int des_crypt_cbc_wrap(void *ctx, mbedtls_operation_t operation, size_t length, + unsigned char *iv, const unsigned char *input, unsigned char *output) { - return mbedtls_des_crypt_cbc( (mbedtls_des_context *) ctx, operation, length, iv, input, - output ); + return mbedtls_des_crypt_cbc((mbedtls_des_context *) ctx, operation, length, iv, input, + output); } #endif /* MBEDTLS_CIPHER_MODE_CBC */ #if defined(MBEDTLS_CIPHER_MODE_CBC) -static int des3_crypt_cbc_wrap( void *ctx, mbedtls_operation_t operation, size_t length, - unsigned char *iv, const unsigned char *input, unsigned char *output ) +static int des3_crypt_cbc_wrap(void *ctx, mbedtls_operation_t operation, size_t length, + unsigned char *iv, const unsigned char *input, unsigned char *output) { - return mbedtls_des3_crypt_cbc( (mbedtls_des3_context *) ctx, operation, length, iv, input, - output ); + return mbedtls_des3_crypt_cbc((mbedtls_des3_context *) ctx, operation, length, iv, input, + output); } #endif /* MBEDTLS_CIPHER_MODE_CBC */ -static int des_setkey_dec_wrap( void *ctx, const unsigned char *key, - unsigned int key_bitlen ) +static int des_setkey_dec_wrap(void *ctx, const unsigned char *key, + unsigned int key_bitlen) { ((void) key_bitlen); - return mbedtls_des_setkey_dec( (mbedtls_des_context *) ctx, key ); + return mbedtls_des_setkey_dec((mbedtls_des_context *) ctx, key); } -static int des_setkey_enc_wrap( void *ctx, const unsigned char *key, - unsigned int key_bitlen ) +static int des_setkey_enc_wrap(void *ctx, const unsigned char *key, + unsigned int key_bitlen) { ((void) key_bitlen); - return mbedtls_des_setkey_enc( (mbedtls_des_context *) ctx, key ); + return mbedtls_des_setkey_enc((mbedtls_des_context *) ctx, key); } -static int des3_set2key_dec_wrap( void *ctx, const unsigned char *key, - unsigned int key_bitlen ) +static int des3_set2key_dec_wrap(void *ctx, const unsigned char *key, + unsigned int key_bitlen) { ((void) key_bitlen); - return mbedtls_des3_set2key_dec( (mbedtls_des3_context *) ctx, key ); + return mbedtls_des3_set2key_dec((mbedtls_des3_context *) ctx, key); } -static int des3_set2key_enc_wrap( void *ctx, const unsigned char *key, - unsigned int key_bitlen ) +static int des3_set2key_enc_wrap(void *ctx, const unsigned char *key, + unsigned int key_bitlen) { ((void) key_bitlen); - return mbedtls_des3_set2key_enc( (mbedtls_des3_context *) ctx, key ); + return mbedtls_des3_set2key_enc((mbedtls_des3_context *) ctx, key); } -static int des3_set3key_dec_wrap( void *ctx, const unsigned char *key, - unsigned int key_bitlen ) +static int des3_set3key_dec_wrap(void *ctx, const unsigned char *key, + unsigned int key_bitlen) { ((void) key_bitlen); - return mbedtls_des3_set3key_dec( (mbedtls_des3_context *) ctx, key ); + return mbedtls_des3_set3key_dec((mbedtls_des3_context *) ctx, key); } -static int des3_set3key_enc_wrap( void *ctx, const unsigned char *key, - unsigned int key_bitlen ) +static int des3_set3key_enc_wrap(void *ctx, const unsigned char *key, + unsigned int key_bitlen) { ((void) key_bitlen); - return mbedtls_des3_set3key_enc( (mbedtls_des3_context *) ctx, key ); + return mbedtls_des3_set3key_enc((mbedtls_des3_context *) ctx, key); } -static void * des_ctx_alloc( void ) +static void *des_ctx_alloc(void) { - mbedtls_des_context *des = mbedtls_calloc( 1, sizeof( mbedtls_des_context ) ); + mbedtls_des_context *des = mbedtls_calloc(1, sizeof(mbedtls_des_context)); - if( des == NULL ) - return( NULL ); + if (des == NULL) { + return NULL; + } - mbedtls_des_init( des ); + mbedtls_des_init(des); - return( des ); + return des; } -static void des_ctx_free( void *ctx ) +static void des_ctx_free(void *ctx) { - mbedtls_des_free( (mbedtls_des_context *) ctx ); - mbedtls_free( ctx ); + mbedtls_des_free((mbedtls_des_context *) ctx); + mbedtls_free(ctx); } -static void * des3_ctx_alloc( void ) +static void *des3_ctx_alloc(void) { mbedtls_des3_context *des3; - des3 = mbedtls_calloc( 1, sizeof( mbedtls_des3_context ) ); + des3 = mbedtls_calloc(1, sizeof(mbedtls_des3_context)); - if( des3 == NULL ) - return( NULL ); + if (des3 == NULL) { + return NULL; + } - mbedtls_des3_init( des3 ); + mbedtls_des3_init(des3); - return( des3 ); + return des3; } -static void des3_ctx_free( void *ctx ) +static void des3_ctx_free(void *ctx) { - mbedtls_des3_free( (mbedtls_des3_context *) ctx ); - mbedtls_free( ctx ); + mbedtls_des3_free((mbedtls_des3_context *) ctx); + mbedtls_free(ctx); } static const mbedtls_cipher_base_t des_info = { @@ -1670,66 +1678,67 @@ static const mbedtls_cipher_info_t des_ede3_cbc_info = { #if defined(MBEDTLS_BLOWFISH_C) -static int blowfish_crypt_ecb_wrap( void *ctx, mbedtls_operation_t operation, - const unsigned char *input, unsigned char *output ) +static int blowfish_crypt_ecb_wrap(void *ctx, mbedtls_operation_t operation, + const unsigned char *input, unsigned char *output) { - return mbedtls_blowfish_crypt_ecb( (mbedtls_blowfish_context *) ctx, operation, input, - output ); + return mbedtls_blowfish_crypt_ecb((mbedtls_blowfish_context *) ctx, operation, input, + output); } #if defined(MBEDTLS_CIPHER_MODE_CBC) -static int blowfish_crypt_cbc_wrap( void *ctx, mbedtls_operation_t operation, - size_t length, unsigned char *iv, const unsigned char *input, - unsigned char *output ) +static int blowfish_crypt_cbc_wrap(void *ctx, mbedtls_operation_t operation, + size_t length, unsigned char *iv, const unsigned char *input, + unsigned char *output) { - return mbedtls_blowfish_crypt_cbc( (mbedtls_blowfish_context *) ctx, operation, length, iv, - input, output ); + return mbedtls_blowfish_crypt_cbc((mbedtls_blowfish_context *) ctx, operation, length, iv, + input, output); } #endif /* MBEDTLS_CIPHER_MODE_CBC */ #if defined(MBEDTLS_CIPHER_MODE_CFB) -static int blowfish_crypt_cfb64_wrap( void *ctx, mbedtls_operation_t operation, - size_t length, size_t *iv_off, unsigned char *iv, - const unsigned char *input, unsigned char *output ) +static int blowfish_crypt_cfb64_wrap(void *ctx, mbedtls_operation_t operation, + size_t length, size_t *iv_off, unsigned char *iv, + const unsigned char *input, unsigned char *output) { - return mbedtls_blowfish_crypt_cfb64( (mbedtls_blowfish_context *) ctx, operation, length, - iv_off, iv, input, output ); + return mbedtls_blowfish_crypt_cfb64((mbedtls_blowfish_context *) ctx, operation, length, + iv_off, iv, input, output); } #endif /* MBEDTLS_CIPHER_MODE_CFB */ #if defined(MBEDTLS_CIPHER_MODE_CTR) -static int blowfish_crypt_ctr_wrap( void *ctx, size_t length, size_t *nc_off, - unsigned char *nonce_counter, unsigned char *stream_block, - const unsigned char *input, unsigned char *output ) +static int blowfish_crypt_ctr_wrap(void *ctx, size_t length, size_t *nc_off, + unsigned char *nonce_counter, unsigned char *stream_block, + const unsigned char *input, unsigned char *output) { - return mbedtls_blowfish_crypt_ctr( (mbedtls_blowfish_context *) ctx, length, nc_off, - nonce_counter, stream_block, input, output ); + return mbedtls_blowfish_crypt_ctr((mbedtls_blowfish_context *) ctx, length, nc_off, + nonce_counter, stream_block, input, output); } #endif /* MBEDTLS_CIPHER_MODE_CTR */ -static int blowfish_setkey_wrap( void *ctx, const unsigned char *key, - unsigned int key_bitlen ) +static int blowfish_setkey_wrap(void *ctx, const unsigned char *key, + unsigned int key_bitlen) { - return mbedtls_blowfish_setkey( (mbedtls_blowfish_context *) ctx, key, key_bitlen ); + return mbedtls_blowfish_setkey((mbedtls_blowfish_context *) ctx, key, key_bitlen); } -static void * blowfish_ctx_alloc( void ) +static void *blowfish_ctx_alloc(void) { mbedtls_blowfish_context *ctx; - ctx = mbedtls_calloc( 1, sizeof( mbedtls_blowfish_context ) ); + ctx = mbedtls_calloc(1, sizeof(mbedtls_blowfish_context)); - if( ctx == NULL ) - return( NULL ); + if (ctx == NULL) { + return NULL; + } - mbedtls_blowfish_init( ctx ); + mbedtls_blowfish_init(ctx); - return( ctx ); + return ctx; } -static void blowfish_ctx_free( void *ctx ) +static void blowfish_ctx_free(void *ctx) { - mbedtls_blowfish_free( (mbedtls_blowfish_context *) ctx ); - mbedtls_free( ctx ); + mbedtls_blowfish_free((mbedtls_blowfish_context *) ctx); + mbedtls_free(ctx); } static const mbedtls_cipher_base_t blowfish_info = { @@ -1811,41 +1820,43 @@ static const mbedtls_cipher_info_t blowfish_ctr_info = { #endif /* MBEDTLS_BLOWFISH_C */ #if defined(MBEDTLS_ARC4_C) -static int arc4_crypt_stream_wrap( void *ctx, size_t length, - const unsigned char *input, - unsigned char *output ) +static int arc4_crypt_stream_wrap(void *ctx, size_t length, + const unsigned char *input, + unsigned char *output) { - return( mbedtls_arc4_crypt( (mbedtls_arc4_context *) ctx, length, input, output ) ); + return mbedtls_arc4_crypt((mbedtls_arc4_context *) ctx, length, input, output); } -static int arc4_setkey_wrap( void *ctx, const unsigned char *key, - unsigned int key_bitlen ) +static int arc4_setkey_wrap(void *ctx, const unsigned char *key, + unsigned int key_bitlen) { /* we get key_bitlen in bits, arc4 expects it in bytes */ - if( key_bitlen % 8 != 0 ) - return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + if (key_bitlen % 8 != 0) { + return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA; + } - mbedtls_arc4_setup( (mbedtls_arc4_context *) ctx, key, key_bitlen / 8 ); - return( 0 ); + mbedtls_arc4_setup((mbedtls_arc4_context *) ctx, key, key_bitlen / 8); + return 0; } -static void * arc4_ctx_alloc( void ) +static void *arc4_ctx_alloc(void) { mbedtls_arc4_context *ctx; - ctx = mbedtls_calloc( 1, sizeof( mbedtls_arc4_context ) ); + ctx = mbedtls_calloc(1, sizeof(mbedtls_arc4_context)); - if( ctx == NULL ) - return( NULL ); + if (ctx == NULL) { + return NULL; + } - mbedtls_arc4_init( ctx ); + mbedtls_arc4_init(ctx); - return( ctx ); + return ctx; } -static void arc4_ctx_free( void *ctx ) +static void arc4_ctx_free(void *ctx) { - mbedtls_arc4_free( (mbedtls_arc4_context *) ctx ); - mbedtls_free( ctx ); + mbedtls_arc4_free((mbedtls_arc4_context *) ctx); + mbedtls_free(ctx); } static const mbedtls_cipher_base_t arc4_base_info = { @@ -1889,48 +1900,52 @@ static const mbedtls_cipher_info_t arc4_128_info = { #if defined(MBEDTLS_CHACHA20_C) -static int chacha20_setkey_wrap( void *ctx, const unsigned char *key, - unsigned int key_bitlen ) +static int chacha20_setkey_wrap(void *ctx, const unsigned char *key, + unsigned int key_bitlen) { - if( key_bitlen != 256U ) - return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + if (key_bitlen != 256U) { + return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA; + } - if ( 0 != mbedtls_chacha20_setkey( (mbedtls_chacha20_context*)ctx, key ) ) - return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + if (0 != mbedtls_chacha20_setkey((mbedtls_chacha20_context *) ctx, key)) { + return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA; + } - return( 0 ); + return 0; } -static int chacha20_stream_wrap( void *ctx, size_t length, - const unsigned char *input, - unsigned char *output ) +static int chacha20_stream_wrap(void *ctx, size_t length, + const unsigned char *input, + unsigned char *output) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - ret = mbedtls_chacha20_update( ctx, length, input, output ); - if( ret == MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA ) - return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + ret = mbedtls_chacha20_update(ctx, length, input, output); + if (ret == MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA) { + return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA; + } - return( ret ); + return ret; } -static void * chacha20_ctx_alloc( void ) +static void *chacha20_ctx_alloc(void) { mbedtls_chacha20_context *ctx; - ctx = mbedtls_calloc( 1, sizeof( mbedtls_chacha20_context ) ); + ctx = mbedtls_calloc(1, sizeof(mbedtls_chacha20_context)); - if( ctx == NULL ) - return( NULL ); + if (ctx == NULL) { + return NULL; + } - mbedtls_chacha20_init( ctx ); + mbedtls_chacha20_init(ctx); - return( ctx ); + return ctx; } -static void chacha20_ctx_free( void *ctx ) +static void chacha20_ctx_free(void *ctx) { - mbedtls_chacha20_free( (mbedtls_chacha20_context *) ctx ); - mbedtls_free( ctx ); + mbedtls_chacha20_free((mbedtls_chacha20_context *) ctx); + mbedtls_free(ctx); } static const mbedtls_cipher_base_t chacha20_base_info = { @@ -1973,36 +1988,39 @@ static const mbedtls_cipher_info_t chacha20_info = { #if defined(MBEDTLS_CHACHAPOLY_C) -static int chachapoly_setkey_wrap( void *ctx, - const unsigned char *key, - unsigned int key_bitlen ) +static int chachapoly_setkey_wrap(void *ctx, + const unsigned char *key, + unsigned int key_bitlen) { - if( key_bitlen != 256U ) - return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + if (key_bitlen != 256U) { + return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA; + } - if ( 0 != mbedtls_chachapoly_setkey( (mbedtls_chachapoly_context*)ctx, key ) ) - return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + if (0 != mbedtls_chachapoly_setkey((mbedtls_chachapoly_context *) ctx, key)) { + return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA; + } - return( 0 ); + return 0; } -static void * chachapoly_ctx_alloc( void ) +static void *chachapoly_ctx_alloc(void) { mbedtls_chachapoly_context *ctx; - ctx = mbedtls_calloc( 1, sizeof( mbedtls_chachapoly_context ) ); + ctx = mbedtls_calloc(1, sizeof(mbedtls_chachapoly_context)); - if( ctx == NULL ) - return( NULL ); + if (ctx == NULL) { + return NULL; + } - mbedtls_chachapoly_init( ctx ); + mbedtls_chachapoly_init(ctx); - return( ctx ); + return ctx; } -static void chachapoly_ctx_free( void *ctx ) +static void chachapoly_ctx_free(void *ctx) { - mbedtls_chachapoly_free( (mbedtls_chachapoly_context *) ctx ); - mbedtls_free( ctx ); + mbedtls_chachapoly_free((mbedtls_chachapoly_context *) ctx); + mbedtls_free(ctx); } static const mbedtls_cipher_base_t chachapoly_base_info = { @@ -2044,31 +2062,31 @@ static const mbedtls_cipher_info_t chachapoly_info = { #endif /* MBEDTLS_CHACHAPOLY_C */ #if defined(MBEDTLS_CIPHER_NULL_CIPHER) -static int null_crypt_stream( void *ctx, size_t length, - const unsigned char *input, - unsigned char *output ) +static int null_crypt_stream(void *ctx, size_t length, + const unsigned char *input, + unsigned char *output) { ((void) ctx); - memmove( output, input, length ); - return( 0 ); + memmove(output, input, length); + return 0; } -static int null_setkey( void *ctx, const unsigned char *key, - unsigned int key_bitlen ) +static int null_setkey(void *ctx, const unsigned char *key, + unsigned int key_bitlen) { ((void) ctx); ((void) key); ((void) key_bitlen); - return( 0 ); + return 0; } -static void * null_ctx_alloc( void ) +static void *null_ctx_alloc(void) { - return( (void *) 1 ); + return (void *) 1; } -static void null_ctx_free( void *ctx ) +static void null_ctx_free(void *ctx) { ((void) ctx); } @@ -2113,34 +2131,35 @@ static const mbedtls_cipher_info_t null_cipher_info = { #endif /* defined(MBEDTLS_CIPHER_NULL_CIPHER) */ #if defined(MBEDTLS_NIST_KW_C) -static void *kw_ctx_alloc( void ) +static void *kw_ctx_alloc(void) { - void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_nist_kw_context ) ); + void *ctx = mbedtls_calloc(1, sizeof(mbedtls_nist_kw_context)); - if( ctx != NULL ) - mbedtls_nist_kw_init( (mbedtls_nist_kw_context *) ctx ); + if (ctx != NULL) { + mbedtls_nist_kw_init((mbedtls_nist_kw_context *) ctx); + } - return( ctx ); + return ctx; } -static void kw_ctx_free( void *ctx ) +static void kw_ctx_free(void *ctx) { - mbedtls_nist_kw_free( ctx ); - mbedtls_free( ctx ); + mbedtls_nist_kw_free(ctx); + mbedtls_free(ctx); } -static int kw_aes_setkey_wrap( void *ctx, const unsigned char *key, - unsigned int key_bitlen ) +static int kw_aes_setkey_wrap(void *ctx, const unsigned char *key, + unsigned int key_bitlen) { - return mbedtls_nist_kw_setkey( (mbedtls_nist_kw_context *) ctx, - MBEDTLS_CIPHER_ID_AES, key, key_bitlen, 1 ); + return mbedtls_nist_kw_setkey((mbedtls_nist_kw_context *) ctx, + MBEDTLS_CIPHER_ID_AES, key, key_bitlen, 1); } -static int kw_aes_setkey_unwrap( void *ctx, const unsigned char *key, - unsigned int key_bitlen ) +static int kw_aes_setkey_unwrap(void *ctx, const unsigned char *key, + unsigned int key_bitlen) { - return mbedtls_nist_kw_setkey( (mbedtls_nist_kw_context *) ctx, - MBEDTLS_CIPHER_ID_AES, key, key_bitlen, 0 ); + return mbedtls_nist_kw_setkey((mbedtls_nist_kw_context *) ctx, + MBEDTLS_CIPHER_ID_AES, key, key_bitlen, 0); } static const mbedtls_cipher_base_t kw_aes_info = { @@ -2393,8 +2412,8 @@ const mbedtls_cipher_definition_t mbedtls_cipher_definitions[] = { MBEDTLS_CIPHER_NONE, NULL } }; -#define NUM_CIPHERS ( sizeof(mbedtls_cipher_definitions) / \ - sizeof(mbedtls_cipher_definitions[0]) ) +#define NUM_CIPHERS (sizeof(mbedtls_cipher_definitions) / \ + sizeof(mbedtls_cipher_definitions[0])) int mbedtls_cipher_supported[NUM_CIPHERS]; #endif /* MBEDTLS_CIPHER_C */ diff --git a/thirdparty/mbedtls/library/cmac.c b/thirdparty/mbedtls/library/cmac.c index 3cc49d10cc..0c07de6f2f 100644 --- a/thirdparty/mbedtls/library/cmac.c +++ b/thirdparty/mbedtls/library/cmac.c @@ -63,9 +63,9 @@ * Input and output MUST NOT point to the same buffer * Block size must be 8 bytes or 16 bytes - the block sizes for DES and AES. */ -static int cmac_multiply_by_u( unsigned char *output, - const unsigned char *input, - size_t blocksize ) +static int cmac_multiply_by_u(unsigned char *output, + const unsigned char *input, + size_t blocksize) { const unsigned char R_128 = 0x87; const unsigned char R_64 = 0x1B; @@ -73,21 +73,15 @@ static int cmac_multiply_by_u( unsigned char *output, unsigned char overflow = 0x00; int i; - if( blocksize == MBEDTLS_AES_BLOCK_SIZE ) - { + if (blocksize == MBEDTLS_AES_BLOCK_SIZE) { R_n = R_128; - } - else if( blocksize == MBEDTLS_DES3_BLOCK_SIZE ) - { + } else if (blocksize == MBEDTLS_DES3_BLOCK_SIZE) { R_n = R_64; - } - else - { - return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + } else { + return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA; } - for( i = (int)blocksize - 1; i >= 0; i-- ) - { + for (i = (int) blocksize - 1; i >= 0; i--) { output[i] = input[i] << 1 | overflow; overflow = input[i] >> 7; } @@ -101,14 +95,14 @@ static int cmac_multiply_by_u( unsigned char *output, #pragma warning( push ) #pragma warning( disable : 4146 ) #endif - mask = - ( input[0] >> 7 ); + mask = -(input[0] >> 7); #if defined(_MSC_VER) #pragma warning( pop ) #endif - output[ blocksize - 1 ] ^= R_n & mask; + output[blocksize - 1] ^= R_n & mask; - return( 0 ); + return 0; } /* @@ -116,46 +110,50 @@ static int cmac_multiply_by_u( unsigned char *output, * * - as specified by RFC 4493, section 2.3 Subkey Generation Algorithm */ -static int cmac_generate_subkeys( mbedtls_cipher_context_t *ctx, - unsigned char* K1, unsigned char* K2 ) +static int cmac_generate_subkeys(mbedtls_cipher_context_t *ctx, + unsigned char *K1, unsigned char *K2) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char L[MBEDTLS_CIPHER_BLKSIZE_MAX]; size_t olen, block_size; - mbedtls_platform_zeroize( L, sizeof( L ) ); + mbedtls_platform_zeroize(L, sizeof(L)); block_size = ctx->cipher_info->block_size; /* Calculate Ek(0) */ - if( ( ret = mbedtls_cipher_update( ctx, L, block_size, L, &olen ) ) != 0 ) + if ((ret = mbedtls_cipher_update(ctx, L, block_size, L, &olen)) != 0) { goto exit; + } /* * Generate K1 and K2 */ - if( ( ret = cmac_multiply_by_u( K1, L , block_size ) ) != 0 ) + if ((ret = cmac_multiply_by_u(K1, L, block_size)) != 0) { goto exit; + } - if( ( ret = cmac_multiply_by_u( K2, K1 , block_size ) ) != 0 ) + if ((ret = cmac_multiply_by_u(K2, K1, block_size)) != 0) { goto exit; + } exit: - mbedtls_platform_zeroize( L, sizeof( L ) ); + mbedtls_platform_zeroize(L, sizeof(L)); - return( ret ); + return ret; } #endif /* !defined(MBEDTLS_CMAC_ALT) || defined(MBEDTLS_SELF_TEST) */ #if !defined(MBEDTLS_CMAC_ALT) -static void cmac_xor_block( unsigned char *output, const unsigned char *input1, - const unsigned char *input2, - const size_t block_size ) +static void cmac_xor_block(unsigned char *output, const unsigned char *input1, + const unsigned char *input2, + const size_t block_size) { size_t idx; - for( idx = 0; idx < block_size; idx++ ) - output[ idx ] = input1[ idx ] ^ input2[ idx ]; + for (idx = 0; idx < block_size; idx++) { + output[idx] = input1[idx] ^ input2[idx]; + } } /* @@ -164,75 +162,78 @@ static void cmac_xor_block( unsigned char *output, const unsigned char *input1, * We can't use the padding option from the cipher layer, as it only works for * CBC and we use ECB mode, and anyway we need to XOR K1 or K2 in addition. */ -static void cmac_pad( unsigned char padded_block[MBEDTLS_CIPHER_BLKSIZE_MAX], - size_t padded_block_len, - const unsigned char *last_block, - size_t last_block_len ) +static void cmac_pad(unsigned char padded_block[MBEDTLS_CIPHER_BLKSIZE_MAX], + size_t padded_block_len, + const unsigned char *last_block, + size_t last_block_len) { size_t j; - for( j = 0; j < padded_block_len; j++ ) - { - if( j < last_block_len ) + for (j = 0; j < padded_block_len; j++) { + if (j < last_block_len) { padded_block[j] = last_block[j]; - else if( j == last_block_len ) + } else if (j == last_block_len) { padded_block[j] = 0x80; - else + } else { padded_block[j] = 0x00; + } } } -int mbedtls_cipher_cmac_starts( mbedtls_cipher_context_t *ctx, - const unsigned char *key, size_t keybits ) +int mbedtls_cipher_cmac_starts(mbedtls_cipher_context_t *ctx, + const unsigned char *key, size_t keybits) { mbedtls_cipher_type_t type; mbedtls_cmac_context_t *cmac_ctx; int retval; - if( ctx == NULL || ctx->cipher_info == NULL || key == NULL ) - return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + if (ctx == NULL || ctx->cipher_info == NULL || key == NULL) { + return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA; + } - if( ( retval = mbedtls_cipher_setkey( ctx, key, (int)keybits, - MBEDTLS_ENCRYPT ) ) != 0 ) - return( retval ); + if ((retval = mbedtls_cipher_setkey(ctx, key, (int) keybits, + MBEDTLS_ENCRYPT)) != 0) { + return retval; + } type = ctx->cipher_info->type; - switch( type ) - { + switch (type) { case MBEDTLS_CIPHER_AES_128_ECB: case MBEDTLS_CIPHER_AES_192_ECB: case MBEDTLS_CIPHER_AES_256_ECB: case MBEDTLS_CIPHER_DES_EDE3_ECB: break; default: - return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA; } /* Allocated and initialise in the cipher context memory for the CMAC * context */ - cmac_ctx = mbedtls_calloc( 1, sizeof( mbedtls_cmac_context_t ) ); - if( cmac_ctx == NULL ) - return( MBEDTLS_ERR_CIPHER_ALLOC_FAILED ); + cmac_ctx = mbedtls_calloc(1, sizeof(mbedtls_cmac_context_t)); + if (cmac_ctx == NULL) { + return MBEDTLS_ERR_CIPHER_ALLOC_FAILED; + } ctx->cmac_ctx = cmac_ctx; - mbedtls_platform_zeroize( cmac_ctx->state, sizeof( cmac_ctx->state ) ); + mbedtls_platform_zeroize(cmac_ctx->state, sizeof(cmac_ctx->state)); return 0; } -int mbedtls_cipher_cmac_update( mbedtls_cipher_context_t *ctx, - const unsigned char *input, size_t ilen ) +int mbedtls_cipher_cmac_update(mbedtls_cipher_context_t *ctx, + const unsigned char *input, size_t ilen) { - mbedtls_cmac_context_t* cmac_ctx; + mbedtls_cmac_context_t *cmac_ctx; unsigned char *state; int ret = 0; size_t n, j, olen, block_size; - if( ctx == NULL || ctx->cipher_info == NULL || input == NULL || - ctx->cmac_ctx == NULL ) - return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + if (ctx == NULL || ctx->cipher_info == NULL || input == NULL || + ctx->cmac_ctx == NULL) { + return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA; + } cmac_ctx = ctx->cmac_ctx; block_size = ctx->cipher_info->block_size; @@ -240,19 +241,17 @@ int mbedtls_cipher_cmac_update( mbedtls_cipher_context_t *ctx, /* Is there data still to process from the last call, that's greater in * size than a block? */ - if( cmac_ctx->unprocessed_len > 0 && - ilen > block_size - cmac_ctx->unprocessed_len ) - { - memcpy( &cmac_ctx->unprocessed_block[cmac_ctx->unprocessed_len], - input, - block_size - cmac_ctx->unprocessed_len ); + if (cmac_ctx->unprocessed_len > 0 && + ilen > block_size - cmac_ctx->unprocessed_len) { + memcpy(&cmac_ctx->unprocessed_block[cmac_ctx->unprocessed_len], + input, + block_size - cmac_ctx->unprocessed_len); - cmac_xor_block( state, cmac_ctx->unprocessed_block, state, block_size ); + cmac_xor_block(state, cmac_ctx->unprocessed_block, state, block_size); - if( ( ret = mbedtls_cipher_update( ctx, state, block_size, state, - &olen ) ) != 0 ) - { - goto exit; + if ((ret = mbedtls_cipher_update(ctx, state, block_size, state, + &olen)) != 0) { + goto exit; } input += block_size - cmac_ctx->unprocessed_len; @@ -261,39 +260,38 @@ int mbedtls_cipher_cmac_update( mbedtls_cipher_context_t *ctx, } /* n is the number of blocks including any final partial block */ - n = ( ilen + block_size - 1 ) / block_size; + n = (ilen + block_size - 1) / block_size; /* Iterate across the input data in block sized chunks, excluding any * final partial or complete block */ - for( j = 1; j < n; j++ ) - { - cmac_xor_block( state, input, state, block_size ); + for (j = 1; j < n; j++) { + cmac_xor_block(state, input, state, block_size); - if( ( ret = mbedtls_cipher_update( ctx, state, block_size, state, - &olen ) ) != 0 ) - goto exit; + if ((ret = mbedtls_cipher_update(ctx, state, block_size, state, + &olen)) != 0) { + goto exit; + } ilen -= block_size; input += block_size; } /* If there is data left over that wasn't aligned to a block */ - if( ilen > 0 ) - { - memcpy( &cmac_ctx->unprocessed_block[cmac_ctx->unprocessed_len], - input, - ilen ); + if (ilen > 0) { + memcpy(&cmac_ctx->unprocessed_block[cmac_ctx->unprocessed_len], + input, + ilen); cmac_ctx->unprocessed_len += ilen; } exit: - return( ret ); + return ret; } -int mbedtls_cipher_cmac_finish( mbedtls_cipher_context_t *ctx, - unsigned char *output ) +int mbedtls_cipher_cmac_finish(mbedtls_cipher_context_t *ctx, + unsigned char *output) { - mbedtls_cmac_context_t* cmac_ctx; + mbedtls_cmac_context_t *cmac_ctx; unsigned char *state, *last_block; unsigned char K1[MBEDTLS_CIPHER_BLKSIZE_MAX]; unsigned char K2[MBEDTLS_CIPHER_BLKSIZE_MAX]; @@ -301,153 +299,153 @@ int mbedtls_cipher_cmac_finish( mbedtls_cipher_context_t *ctx, int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t olen, block_size; - if( ctx == NULL || ctx->cipher_info == NULL || ctx->cmac_ctx == NULL || - output == NULL ) - return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + if (ctx == NULL || ctx->cipher_info == NULL || ctx->cmac_ctx == NULL || + output == NULL) { + return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA; + } cmac_ctx = ctx->cmac_ctx; block_size = ctx->cipher_info->block_size; state = cmac_ctx->state; - mbedtls_platform_zeroize( K1, sizeof( K1 ) ); - mbedtls_platform_zeroize( K2, sizeof( K2 ) ); - cmac_generate_subkeys( ctx, K1, K2 ); + mbedtls_platform_zeroize(K1, sizeof(K1)); + mbedtls_platform_zeroize(K2, sizeof(K2)); + cmac_generate_subkeys(ctx, K1, K2); last_block = cmac_ctx->unprocessed_block; /* Calculate last block */ - if( cmac_ctx->unprocessed_len < block_size ) - { - cmac_pad( M_last, block_size, last_block, cmac_ctx->unprocessed_len ); - cmac_xor_block( M_last, M_last, K2, block_size ); - } - else - { + if (cmac_ctx->unprocessed_len < block_size) { + cmac_pad(M_last, block_size, last_block, cmac_ctx->unprocessed_len); + cmac_xor_block(M_last, M_last, K2, block_size); + } else { /* Last block is complete block */ - cmac_xor_block( M_last, last_block, K1, block_size ); + cmac_xor_block(M_last, last_block, K1, block_size); } - cmac_xor_block( state, M_last, state, block_size ); - if( ( ret = mbedtls_cipher_update( ctx, state, block_size, state, - &olen ) ) != 0 ) - { + cmac_xor_block(state, M_last, state, block_size); + if ((ret = mbedtls_cipher_update(ctx, state, block_size, state, + &olen)) != 0) { goto exit; } - memcpy( output, state, block_size ); + memcpy(output, state, block_size); exit: /* Wipe the generated keys on the stack, and any other transients to avoid * side channel leakage */ - mbedtls_platform_zeroize( K1, sizeof( K1 ) ); - mbedtls_platform_zeroize( K2, sizeof( K2 ) ); + mbedtls_platform_zeroize(K1, sizeof(K1)); + mbedtls_platform_zeroize(K2, sizeof(K2)); cmac_ctx->unprocessed_len = 0; - mbedtls_platform_zeroize( cmac_ctx->unprocessed_block, - sizeof( cmac_ctx->unprocessed_block ) ); + mbedtls_platform_zeroize(cmac_ctx->unprocessed_block, + sizeof(cmac_ctx->unprocessed_block)); - mbedtls_platform_zeroize( state, MBEDTLS_CIPHER_BLKSIZE_MAX ); - return( ret ); + mbedtls_platform_zeroize(state, MBEDTLS_CIPHER_BLKSIZE_MAX); + return ret; } -int mbedtls_cipher_cmac_reset( mbedtls_cipher_context_t *ctx ) +int mbedtls_cipher_cmac_reset(mbedtls_cipher_context_t *ctx) { - mbedtls_cmac_context_t* cmac_ctx; + mbedtls_cmac_context_t *cmac_ctx; - if( ctx == NULL || ctx->cipher_info == NULL || ctx->cmac_ctx == NULL ) - return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + if (ctx == NULL || ctx->cipher_info == NULL || ctx->cmac_ctx == NULL) { + return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA; + } cmac_ctx = ctx->cmac_ctx; /* Reset the internal state */ cmac_ctx->unprocessed_len = 0; - mbedtls_platform_zeroize( cmac_ctx->unprocessed_block, - sizeof( cmac_ctx->unprocessed_block ) ); - mbedtls_platform_zeroize( cmac_ctx->state, - sizeof( cmac_ctx->state ) ); + mbedtls_platform_zeroize(cmac_ctx->unprocessed_block, + sizeof(cmac_ctx->unprocessed_block)); + mbedtls_platform_zeroize(cmac_ctx->state, + sizeof(cmac_ctx->state)); - return( 0 ); + return 0; } -int mbedtls_cipher_cmac( const mbedtls_cipher_info_t *cipher_info, - const unsigned char *key, size_t keylen, - const unsigned char *input, size_t ilen, - unsigned char *output ) +int mbedtls_cipher_cmac(const mbedtls_cipher_info_t *cipher_info, + const unsigned char *key, size_t keylen, + const unsigned char *input, size_t ilen, + unsigned char *output) { mbedtls_cipher_context_t ctx; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - if( cipher_info == NULL || key == NULL || input == NULL || output == NULL ) - return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + if (cipher_info == NULL || key == NULL || input == NULL || output == NULL) { + return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA; + } - mbedtls_cipher_init( &ctx ); + mbedtls_cipher_init(&ctx); - if( ( ret = mbedtls_cipher_setup( &ctx, cipher_info ) ) != 0 ) + if ((ret = mbedtls_cipher_setup(&ctx, cipher_info)) != 0) { goto exit; + } - ret = mbedtls_cipher_cmac_starts( &ctx, key, keylen ); - if( ret != 0 ) + ret = mbedtls_cipher_cmac_starts(&ctx, key, keylen); + if (ret != 0) { goto exit; + } - ret = mbedtls_cipher_cmac_update( &ctx, input, ilen ); - if( ret != 0 ) + ret = mbedtls_cipher_cmac_update(&ctx, input, ilen); + if (ret != 0) { goto exit; + } - ret = mbedtls_cipher_cmac_finish( &ctx, output ); + ret = mbedtls_cipher_cmac_finish(&ctx, output); exit: - mbedtls_cipher_free( &ctx ); + mbedtls_cipher_free(&ctx); - return( ret ); + return ret; } #if defined(MBEDTLS_AES_C) /* * Implementation of AES-CMAC-PRF-128 defined in RFC 4615 */ -int mbedtls_aes_cmac_prf_128( const unsigned char *key, size_t key_length, - const unsigned char *input, size_t in_len, - unsigned char output[16] ) +int mbedtls_aes_cmac_prf_128(const unsigned char *key, size_t key_length, + const unsigned char *input, size_t in_len, + unsigned char output[16]) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; const mbedtls_cipher_info_t *cipher_info; unsigned char zero_key[MBEDTLS_AES_BLOCK_SIZE]; unsigned char int_key[MBEDTLS_AES_BLOCK_SIZE]; - if( key == NULL || input == NULL || output == NULL ) - return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + if (key == NULL || input == NULL || output == NULL) { + return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA; + } - cipher_info = mbedtls_cipher_info_from_type( MBEDTLS_CIPHER_AES_128_ECB ); - if( cipher_info == NULL ) - { + cipher_info = mbedtls_cipher_info_from_type(MBEDTLS_CIPHER_AES_128_ECB); + if (cipher_info == NULL) { /* Failing at this point must be due to a build issue */ ret = MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE; goto exit; } - if( key_length == MBEDTLS_AES_BLOCK_SIZE ) - { + if (key_length == MBEDTLS_AES_BLOCK_SIZE) { /* Use key as is */ - memcpy( int_key, key, MBEDTLS_AES_BLOCK_SIZE ); - } - else - { - memset( zero_key, 0, MBEDTLS_AES_BLOCK_SIZE ); + memcpy(int_key, key, MBEDTLS_AES_BLOCK_SIZE); + } else { + memset(zero_key, 0, MBEDTLS_AES_BLOCK_SIZE); - ret = mbedtls_cipher_cmac( cipher_info, zero_key, 128, key, - key_length, int_key ); - if( ret != 0 ) + ret = mbedtls_cipher_cmac(cipher_info, zero_key, 128, key, + key_length, int_key); + if (ret != 0) { goto exit; + } } - ret = mbedtls_cipher_cmac( cipher_info, int_key, 128, input, in_len, - output ); + ret = mbedtls_cipher_cmac(cipher_info, int_key, 128, input, in_len, + output); exit: - mbedtls_platform_zeroize( int_key, sizeof( int_key ) ); + mbedtls_platform_zeroize(int_key, sizeof(int_key)); - return( ret ); + return ret; } #endif /* MBEDTLS_AES_C */ @@ -508,7 +506,8 @@ static const unsigned char aes_128_subkeys[2][MBEDTLS_AES_BLOCK_SIZE] = { 0xf9, 0x0b, 0xc1, 0x1e, 0xe4, 0x6d, 0x51, 0x3b } }; -static const unsigned char aes_128_expected_result[NB_CMAC_TESTS_PER_KEY][MBEDTLS_AES_BLOCK_SIZE] = { +static const unsigned char aes_128_expected_result[NB_CMAC_TESTS_PER_KEY][MBEDTLS_AES_BLOCK_SIZE] = +{ { /* Example #1 */ 0xbb, 0x1d, 0x69, 0x29, 0xe9, 0x59, 0x37, 0x28, @@ -549,7 +548,8 @@ static const unsigned char aes_192_subkeys[2][MBEDTLS_AES_BLOCK_SIZE] = { 0x7d, 0xcc, 0x87, 0x3b, 0xa9, 0xb5, 0x45, 0x2c } }; -static const unsigned char aes_192_expected_result[NB_CMAC_TESTS_PER_KEY][MBEDTLS_AES_BLOCK_SIZE] = { +static const unsigned char aes_192_expected_result[NB_CMAC_TESTS_PER_KEY][MBEDTLS_AES_BLOCK_SIZE] = +{ { /* Example #1 */ 0xd1, 0x7d, 0xdf, 0x46, 0xad, 0xaa, 0xcd, 0xe5, @@ -591,7 +591,8 @@ static const unsigned char aes_256_subkeys[2][MBEDTLS_AES_BLOCK_SIZE] = { 0x5d, 0x35, 0x33, 0x01, 0x0c, 0x42, 0xa0, 0xd9 } }; -static const unsigned char aes_256_expected_result[NB_CMAC_TESTS_PER_KEY][MBEDTLS_AES_BLOCK_SIZE] = { +static const unsigned char aes_256_expected_result[NB_CMAC_TESTS_PER_KEY][MBEDTLS_AES_BLOCK_SIZE] = +{ { /* Example #1 */ 0x02, 0x89, 0x62, 0xf6, 0x1b, 0x7b, 0xf8, 0x9e, @@ -643,7 +644,8 @@ static const unsigned char des3_2key_subkeys[2][8] = { 0x1b, 0xa5, 0x96, 0xf4, 0x7b, 0x11, 0x11, 0xb2 } }; -static const unsigned char des3_2key_expected_result[NB_CMAC_TESTS_PER_KEY][MBEDTLS_DES3_BLOCK_SIZE] = { +static const unsigned char des3_2key_expected_result[NB_CMAC_TESTS_PER_KEY][MBEDTLS_DES3_BLOCK_SIZE] + = { { /* Sample #1 */ 0x79, 0xce, 0x52, 0xa7, 0xf7, 0x86, 0xa9, 0x60 @@ -660,7 +662,7 @@ static const unsigned char des3_2key_expected_result[NB_CMAC_TESTS_PER_KEY][MBED /* Sample #4 */ 0x9c, 0xd3, 0x35, 0x80, 0xf9, 0xb6, 0x4d, 0xfb } -}; + }; /* CMAC-TDES (Generation) - 3 Key Test Data */ static const unsigned char des3_3key_key[24] = { @@ -681,7 +683,8 @@ static const unsigned char des3_3key_subkeys[2][8] = { 0x3a, 0xe9, 0xce, 0x72, 0x66, 0x2f, 0x2d, 0x9b } }; -static const unsigned char des3_3key_expected_result[NB_CMAC_TESTS_PER_KEY][MBEDTLS_DES3_BLOCK_SIZE] = { +static const unsigned char des3_3key_expected_result[NB_CMAC_TESTS_PER_KEY][MBEDTLS_DES3_BLOCK_SIZE] + = { { /* Sample #1 */ 0x7d, 0xb0, 0xd3, 0x7d, 0xf9, 0x36, 0xc5, 0x50 @@ -698,7 +701,7 @@ static const unsigned char des3_3key_expected_result[NB_CMAC_TESTS_PER_KEY][MBED /* Sample #4 */ 0x99, 0x42, 0x9b, 0xd0, 0xbF, 0x79, 0x04, 0xe5 } -}; + }; #endif /* MBEDTLS_DES_C */ @@ -741,14 +744,14 @@ static const unsigned char PRFT[NB_PRF_TESTS][16] = { }; #endif /* MBEDTLS_AES_C */ -static int cmac_test_subkeys( int verbose, - const char* testname, - const unsigned char* key, - int keybits, - const unsigned char* subkeys, - mbedtls_cipher_type_t cipher_type, - int block_size, - int num_tests ) +static int cmac_test_subkeys(int verbose, + const char *testname, + const unsigned char *key, + int keybits, + const unsigned char *subkeys, + mbedtls_cipher_type_t cipher_type, + int block_size, + int num_tests) { int i, ret = 0; mbedtls_cipher_context_t ctx; @@ -756,330 +759,321 @@ static int cmac_test_subkeys( int verbose, unsigned char K1[MBEDTLS_CIPHER_BLKSIZE_MAX]; unsigned char K2[MBEDTLS_CIPHER_BLKSIZE_MAX]; - cipher_info = mbedtls_cipher_info_from_type( cipher_type ); - if( cipher_info == NULL ) - { + cipher_info = mbedtls_cipher_info_from_type(cipher_type); + if (cipher_info == NULL) { /* Failing at this point must be due to a build issue */ - return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE ); + return MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE; } - for( i = 0; i < num_tests; i++ ) - { - if( verbose != 0 ) - mbedtls_printf( " %s CMAC subkey #%d: ", testname, i + 1 ); + for (i = 0; i < num_tests; i++) { + if (verbose != 0) { + mbedtls_printf(" %s CMAC subkey #%d: ", testname, i + 1); + } - mbedtls_cipher_init( &ctx ); + mbedtls_cipher_init(&ctx); - if( ( ret = mbedtls_cipher_setup( &ctx, cipher_info ) ) != 0 ) - { - if( verbose != 0 ) - mbedtls_printf( "test execution failed\n" ); + if ((ret = mbedtls_cipher_setup(&ctx, cipher_info)) != 0) { + if (verbose != 0) { + mbedtls_printf("test execution failed\n"); + } goto cleanup; } - if( ( ret = mbedtls_cipher_setkey( &ctx, key, keybits, - MBEDTLS_ENCRYPT ) ) != 0 ) - { + if ((ret = mbedtls_cipher_setkey(&ctx, key, keybits, + MBEDTLS_ENCRYPT)) != 0) { /* When CMAC is implemented by an alternative implementation, or * the underlying primitive itself is implemented alternatively, * AES-192 may be unavailable. This should not cause the selftest * function to fail. */ - if( ( ret == MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED || - ret == MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE ) && - cipher_type == MBEDTLS_CIPHER_AES_192_ECB ) { - if( verbose != 0 ) - mbedtls_printf( "skipped\n" ); + if ((ret == MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED || + ret == MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE) && + cipher_type == MBEDTLS_CIPHER_AES_192_ECB) { + if (verbose != 0) { + mbedtls_printf("skipped\n"); + } goto next_test; } - if( verbose != 0 ) - mbedtls_printf( "test execution failed\n" ); + if (verbose != 0) { + mbedtls_printf("test execution failed\n"); + } goto cleanup; } - ret = cmac_generate_subkeys( &ctx, K1, K2 ); - if( ret != 0 ) - { - if( verbose != 0 ) - mbedtls_printf( "failed\n" ); + ret = cmac_generate_subkeys(&ctx, K1, K2); + if (ret != 0) { + if (verbose != 0) { + mbedtls_printf("failed\n"); + } goto cleanup; } - if( ( ret = memcmp( K1, subkeys, block_size ) ) != 0 || - ( ret = memcmp( K2, &subkeys[block_size], block_size ) ) != 0 ) - { - if( verbose != 0 ) - mbedtls_printf( "failed\n" ); + if ((ret = memcmp(K1, subkeys, block_size)) != 0 || + (ret = memcmp(K2, &subkeys[block_size], block_size)) != 0) { + if (verbose != 0) { + mbedtls_printf("failed\n"); + } goto cleanup; } - if( verbose != 0 ) - mbedtls_printf( "passed\n" ); + if (verbose != 0) { + mbedtls_printf("passed\n"); + } next_test: - mbedtls_cipher_free( &ctx ); + mbedtls_cipher_free(&ctx); } ret = 0; goto exit; cleanup: - mbedtls_cipher_free( &ctx ); + mbedtls_cipher_free(&ctx); exit: - return( ret ); + return ret; } -static int cmac_test_wth_cipher( int verbose, - const char* testname, - const unsigned char* key, - int keybits, - const unsigned char* messages, - const unsigned int message_lengths[4], - const unsigned char* expected_result, - mbedtls_cipher_type_t cipher_type, - int block_size, - int num_tests ) +static int cmac_test_wth_cipher(int verbose, + const char *testname, + const unsigned char *key, + int keybits, + const unsigned char *messages, + const unsigned int message_lengths[4], + const unsigned char *expected_result, + mbedtls_cipher_type_t cipher_type, + int block_size, + int num_tests) { const mbedtls_cipher_info_t *cipher_info; int i, ret = 0; unsigned char output[MBEDTLS_CIPHER_BLKSIZE_MAX]; - cipher_info = mbedtls_cipher_info_from_type( cipher_type ); - if( cipher_info == NULL ) - { + cipher_info = mbedtls_cipher_info_from_type(cipher_type); + if (cipher_info == NULL) { /* Failing at this point must be due to a build issue */ ret = MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE; goto exit; } - for( i = 0; i < num_tests; i++ ) - { - if( verbose != 0 ) - mbedtls_printf( " %s CMAC #%d: ", testname, i + 1 ); + for (i = 0; i < num_tests; i++) { + if (verbose != 0) { + mbedtls_printf(" %s CMAC #%d: ", testname, i + 1); + } - if( ( ret = mbedtls_cipher_cmac( cipher_info, key, keybits, messages, - message_lengths[i], output ) ) != 0 ) - { + if ((ret = mbedtls_cipher_cmac(cipher_info, key, keybits, messages, + message_lengths[i], output)) != 0) { /* When CMAC is implemented by an alternative implementation, or * the underlying primitive itself is implemented alternatively, * AES-192 and/or 3DES may be unavailable. This should not cause * the selftest function to fail. */ - if( ( ret == MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED || - ret == MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE ) && - ( cipher_type == MBEDTLS_CIPHER_AES_192_ECB || - cipher_type == MBEDTLS_CIPHER_DES_EDE3_ECB ) ) { - if( verbose != 0 ) - mbedtls_printf( "skipped\n" ); + if ((ret == MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED || + ret == MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE) && + (cipher_type == MBEDTLS_CIPHER_AES_192_ECB || + cipher_type == MBEDTLS_CIPHER_DES_EDE3_ECB)) { + if (verbose != 0) { + mbedtls_printf("skipped\n"); + } continue; } - if( verbose != 0 ) - mbedtls_printf( "failed\n" ); + if (verbose != 0) { + mbedtls_printf("failed\n"); + } goto exit; } - if( ( ret = memcmp( output, &expected_result[i * block_size], block_size ) ) != 0 ) - { - if( verbose != 0 ) - mbedtls_printf( "failed\n" ); + if ((ret = memcmp(output, &expected_result[i * block_size], block_size)) != 0) { + if (verbose != 0) { + mbedtls_printf("failed\n"); + } goto exit; } - if( verbose != 0 ) - mbedtls_printf( "passed\n" ); + if (verbose != 0) { + mbedtls_printf("passed\n"); + } } ret = 0; exit: - return( ret ); + return ret; } #if defined(MBEDTLS_AES_C) -static int test_aes128_cmac_prf( int verbose ) +static int test_aes128_cmac_prf(int verbose) { int i; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char output[MBEDTLS_AES_BLOCK_SIZE]; - for( i = 0; i < NB_PRF_TESTS; i++ ) - { - mbedtls_printf( " AES CMAC 128 PRF #%d: ", i ); - ret = mbedtls_aes_cmac_prf_128( PRFK, PRFKlen[i], PRFM, 20, output ); - if( ret != 0 || - memcmp( output, PRFT[i], MBEDTLS_AES_BLOCK_SIZE ) != 0 ) - { + for (i = 0; i < NB_PRF_TESTS; i++) { + mbedtls_printf(" AES CMAC 128 PRF #%d: ", i); + ret = mbedtls_aes_cmac_prf_128(PRFK, PRFKlen[i], PRFM, 20, output); + if (ret != 0 || + memcmp(output, PRFT[i], MBEDTLS_AES_BLOCK_SIZE) != 0) { - if( verbose != 0 ) - mbedtls_printf( "failed\n" ); + if (verbose != 0) { + mbedtls_printf("failed\n"); + } - return( ret ); - } - else if( verbose != 0 ) - { - mbedtls_printf( "passed\n" ); + return ret; + } else if (verbose != 0) { + mbedtls_printf("passed\n"); } } - return( ret ); + return ret; } #endif /* MBEDTLS_AES_C */ -int mbedtls_cmac_self_test( int verbose ) +int mbedtls_cmac_self_test(int verbose) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; #if defined(MBEDTLS_AES_C) /* AES-128 */ - if( ( ret = cmac_test_subkeys( verbose, - "AES 128", - aes_128_key, - 128, - (const unsigned char*)aes_128_subkeys, - MBEDTLS_CIPHER_AES_128_ECB, - MBEDTLS_AES_BLOCK_SIZE, - NB_CMAC_TESTS_PER_KEY ) ) != 0 ) - { - return( ret ); + if ((ret = cmac_test_subkeys(verbose, + "AES 128", + aes_128_key, + 128, + (const unsigned char *) aes_128_subkeys, + MBEDTLS_CIPHER_AES_128_ECB, + MBEDTLS_AES_BLOCK_SIZE, + NB_CMAC_TESTS_PER_KEY)) != 0) { + return ret; } - if( ( ret = cmac_test_wth_cipher( verbose, - "AES 128", - aes_128_key, - 128, - test_message, - aes_message_lengths, - (const unsigned char*)aes_128_expected_result, - MBEDTLS_CIPHER_AES_128_ECB, - MBEDTLS_AES_BLOCK_SIZE, - NB_CMAC_TESTS_PER_KEY ) ) != 0 ) - { - return( ret ); + if ((ret = cmac_test_wth_cipher(verbose, + "AES 128", + aes_128_key, + 128, + test_message, + aes_message_lengths, + (const unsigned char *) aes_128_expected_result, + MBEDTLS_CIPHER_AES_128_ECB, + MBEDTLS_AES_BLOCK_SIZE, + NB_CMAC_TESTS_PER_KEY)) != 0) { + return ret; } /* AES-192 */ - if( ( ret = cmac_test_subkeys( verbose, - "AES 192", - aes_192_key, - 192, - (const unsigned char*)aes_192_subkeys, - MBEDTLS_CIPHER_AES_192_ECB, - MBEDTLS_AES_BLOCK_SIZE, - NB_CMAC_TESTS_PER_KEY ) ) != 0 ) - { - return( ret ); + if ((ret = cmac_test_subkeys(verbose, + "AES 192", + aes_192_key, + 192, + (const unsigned char *) aes_192_subkeys, + MBEDTLS_CIPHER_AES_192_ECB, + MBEDTLS_AES_BLOCK_SIZE, + NB_CMAC_TESTS_PER_KEY)) != 0) { + return ret; } - if( ( ret = cmac_test_wth_cipher( verbose, - "AES 192", - aes_192_key, - 192, - test_message, - aes_message_lengths, - (const unsigned char*)aes_192_expected_result, - MBEDTLS_CIPHER_AES_192_ECB, - MBEDTLS_AES_BLOCK_SIZE, - NB_CMAC_TESTS_PER_KEY ) ) != 0 ) - { - return( ret ); + if ((ret = cmac_test_wth_cipher(verbose, + "AES 192", + aes_192_key, + 192, + test_message, + aes_message_lengths, + (const unsigned char *) aes_192_expected_result, + MBEDTLS_CIPHER_AES_192_ECB, + MBEDTLS_AES_BLOCK_SIZE, + NB_CMAC_TESTS_PER_KEY)) != 0) { + return ret; } /* AES-256 */ - if( ( ret = cmac_test_subkeys( verbose, - "AES 256", - aes_256_key, - 256, - (const unsigned char*)aes_256_subkeys, - MBEDTLS_CIPHER_AES_256_ECB, - MBEDTLS_AES_BLOCK_SIZE, - NB_CMAC_TESTS_PER_KEY ) ) != 0 ) - { - return( ret ); + if ((ret = cmac_test_subkeys(verbose, + "AES 256", + aes_256_key, + 256, + (const unsigned char *) aes_256_subkeys, + MBEDTLS_CIPHER_AES_256_ECB, + MBEDTLS_AES_BLOCK_SIZE, + NB_CMAC_TESTS_PER_KEY)) != 0) { + return ret; } - if( ( ret = cmac_test_wth_cipher ( verbose, - "AES 256", - aes_256_key, - 256, - test_message, - aes_message_lengths, - (const unsigned char*)aes_256_expected_result, - MBEDTLS_CIPHER_AES_256_ECB, - MBEDTLS_AES_BLOCK_SIZE, - NB_CMAC_TESTS_PER_KEY ) ) != 0 ) - { - return( ret ); + if ((ret = cmac_test_wth_cipher(verbose, + "AES 256", + aes_256_key, + 256, + test_message, + aes_message_lengths, + (const unsigned char *) aes_256_expected_result, + MBEDTLS_CIPHER_AES_256_ECB, + MBEDTLS_AES_BLOCK_SIZE, + NB_CMAC_TESTS_PER_KEY)) != 0) { + return ret; } #endif /* MBEDTLS_AES_C */ #if defined(MBEDTLS_DES_C) /* 3DES 2 key */ - if( ( ret = cmac_test_subkeys( verbose, - "3DES 2 key", - des3_2key_key, - 192, - (const unsigned char*)des3_2key_subkeys, - MBEDTLS_CIPHER_DES_EDE3_ECB, - MBEDTLS_DES3_BLOCK_SIZE, - NB_CMAC_TESTS_PER_KEY ) ) != 0 ) - { - return( ret ); + if ((ret = cmac_test_subkeys(verbose, + "3DES 2 key", + des3_2key_key, + 192, + (const unsigned char *) des3_2key_subkeys, + MBEDTLS_CIPHER_DES_EDE3_ECB, + MBEDTLS_DES3_BLOCK_SIZE, + NB_CMAC_TESTS_PER_KEY)) != 0) { + return ret; } - if( ( ret = cmac_test_wth_cipher( verbose, - "3DES 2 key", - des3_2key_key, - 192, - test_message, - des3_message_lengths, - (const unsigned char*)des3_2key_expected_result, - MBEDTLS_CIPHER_DES_EDE3_ECB, - MBEDTLS_DES3_BLOCK_SIZE, - NB_CMAC_TESTS_PER_KEY ) ) != 0 ) - { - return( ret ); + if ((ret = cmac_test_wth_cipher(verbose, + "3DES 2 key", + des3_2key_key, + 192, + test_message, + des3_message_lengths, + (const unsigned char *) des3_2key_expected_result, + MBEDTLS_CIPHER_DES_EDE3_ECB, + MBEDTLS_DES3_BLOCK_SIZE, + NB_CMAC_TESTS_PER_KEY)) != 0) { + return ret; } /* 3DES 3 key */ - if( ( ret = cmac_test_subkeys( verbose, - "3DES 3 key", - des3_3key_key, - 192, - (const unsigned char*)des3_3key_subkeys, - MBEDTLS_CIPHER_DES_EDE3_ECB, - MBEDTLS_DES3_BLOCK_SIZE, - NB_CMAC_TESTS_PER_KEY ) ) != 0 ) - { - return( ret ); + if ((ret = cmac_test_subkeys(verbose, + "3DES 3 key", + des3_3key_key, + 192, + (const unsigned char *) des3_3key_subkeys, + MBEDTLS_CIPHER_DES_EDE3_ECB, + MBEDTLS_DES3_BLOCK_SIZE, + NB_CMAC_TESTS_PER_KEY)) != 0) { + return ret; } - if( ( ret = cmac_test_wth_cipher( verbose, - "3DES 3 key", - des3_3key_key, - 192, - test_message, - des3_message_lengths, - (const unsigned char*)des3_3key_expected_result, - MBEDTLS_CIPHER_DES_EDE3_ECB, - MBEDTLS_DES3_BLOCK_SIZE, - NB_CMAC_TESTS_PER_KEY ) ) != 0 ) - { - return( ret ); + if ((ret = cmac_test_wth_cipher(verbose, + "3DES 3 key", + des3_3key_key, + 192, + test_message, + des3_message_lengths, + (const unsigned char *) des3_3key_expected_result, + MBEDTLS_CIPHER_DES_EDE3_ECB, + MBEDTLS_DES3_BLOCK_SIZE, + NB_CMAC_TESTS_PER_KEY)) != 0) { + return ret; } #endif /* MBEDTLS_DES_C */ #if defined(MBEDTLS_AES_C) - if( ( ret = test_aes128_cmac_prf( verbose ) ) != 0 ) - return( ret ); + if ((ret = test_aes128_cmac_prf(verbose)) != 0) { + return ret; + } #endif /* MBEDTLS_AES_C */ - if( verbose != 0 ) - mbedtls_printf( "\n" ); + if (verbose != 0) { + mbedtls_printf("\n"); + } - return( 0 ); + return 0; } #endif /* MBEDTLS_SELF_TEST */ diff --git a/thirdparty/mbedtls/library/common.h b/thirdparty/mbedtls/library/common.h index 1663d50226..e162aa3cff 100644 --- a/thirdparty/mbedtls/library/common.h +++ b/thirdparty/mbedtls/library/common.h @@ -29,11 +29,12 @@ #include "mbedtls/config.h" #endif +#include #include #include /* Define `inline` on some non-C99-compliant compilers. */ -#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \ +#if (defined(__ARMCC_VERSION) || defined(_MSC_VER)) && \ !defined(inline) && !defined(__cplusplus) #define inline __inline #endif @@ -75,9 +76,9 @@ * buffer is at least \p n + 1. */ static inline unsigned char *mbedtls_buffer_offset( - unsigned char *p, size_t n ) + unsigned char *p, size_t n) { - return( p == NULL ? NULL : p + n ); + return p == NULL ? NULL : p + n; } /** Return an offset into a read-only buffer. @@ -92,9 +93,9 @@ static inline unsigned char *mbedtls_buffer_offset( * buffer is at least \p n + 1. */ static inline const unsigned char *mbedtls_buffer_offset_const( - const unsigned char *p, size_t n ) + const unsigned char *p, size_t n) { - return( p == NULL ? NULL : p + n ); + return p == NULL ? NULL : p + n; } /** Byte Reading Macros @@ -102,14 +103,14 @@ static inline const unsigned char *mbedtls_buffer_offset_const( * Given a multi-byte integer \p x, MBEDTLS_BYTE_n retrieves the n-th * byte from x, where byte 0 is the least significant byte. */ -#define MBEDTLS_BYTE_0( x ) ( (uint8_t) ( ( x ) & 0xff ) ) -#define MBEDTLS_BYTE_1( x ) ( (uint8_t) ( ( ( x ) >> 8 ) & 0xff ) ) -#define MBEDTLS_BYTE_2( x ) ( (uint8_t) ( ( ( x ) >> 16 ) & 0xff ) ) -#define MBEDTLS_BYTE_3( x ) ( (uint8_t) ( ( ( x ) >> 24 ) & 0xff ) ) -#define MBEDTLS_BYTE_4( x ) ( (uint8_t) ( ( ( x ) >> 32 ) & 0xff ) ) -#define MBEDTLS_BYTE_5( x ) ( (uint8_t) ( ( ( x ) >> 40 ) & 0xff ) ) -#define MBEDTLS_BYTE_6( x ) ( (uint8_t) ( ( ( x ) >> 48 ) & 0xff ) ) -#define MBEDTLS_BYTE_7( x ) ( (uint8_t) ( ( ( x ) >> 56 ) & 0xff ) ) +#define MBEDTLS_BYTE_0(x) ((uint8_t) ((x) & 0xff)) +#define MBEDTLS_BYTE_1(x) ((uint8_t) (((x) >> 8) & 0xff)) +#define MBEDTLS_BYTE_2(x) ((uint8_t) (((x) >> 16) & 0xff)) +#define MBEDTLS_BYTE_3(x) ((uint8_t) (((x) >> 24) & 0xff)) +#define MBEDTLS_BYTE_4(x) ((uint8_t) (((x) >> 32) & 0xff)) +#define MBEDTLS_BYTE_5(x) ((uint8_t) (((x) >> 40) & 0xff)) +#define MBEDTLS_BYTE_6(x) ((uint8_t) (((x) >> 48) & 0xff)) +#define MBEDTLS_BYTE_7(x) ((uint8_t) (((x) >> 56) & 0xff)) /** * Get the unsigned 32 bits integer corresponding to four bytes in @@ -121,12 +122,12 @@ static inline const unsigned char *mbedtls_buffer_offset_const( * integer from. */ #ifndef MBEDTLS_GET_UINT32_BE -#define MBEDTLS_GET_UINT32_BE( data , offset ) \ +#define MBEDTLS_GET_UINT32_BE(data, offset) \ ( \ - ( (uint32_t) ( data )[( offset ) ] << 24 ) \ - | ( (uint32_t) ( data )[( offset ) + 1] << 16 ) \ - | ( (uint32_t) ( data )[( offset ) + 2] << 8 ) \ - | ( (uint32_t) ( data )[( offset ) + 3] ) \ + ((uint32_t) (data)[(offset)] << 24) \ + | ((uint32_t) (data)[(offset) + 1] << 16) \ + | ((uint32_t) (data)[(offset) + 2] << 8) \ + | ((uint32_t) (data)[(offset) + 3]) \ ) #endif @@ -140,13 +141,13 @@ static inline const unsigned char *mbedtls_buffer_offset_const( * byte of the 32 bits unsigned integer \p n. */ #ifndef MBEDTLS_PUT_UINT32_BE -#define MBEDTLS_PUT_UINT32_BE( n, data, offset ) \ -{ \ - ( data )[( offset ) ] = MBEDTLS_BYTE_3( n ); \ - ( data )[( offset ) + 1] = MBEDTLS_BYTE_2( n ); \ - ( data )[( offset ) + 2] = MBEDTLS_BYTE_1( n ); \ - ( data )[( offset ) + 3] = MBEDTLS_BYTE_0( n ); \ -} +#define MBEDTLS_PUT_UINT32_BE(n, data, offset) \ + { \ + (data)[(offset)] = MBEDTLS_BYTE_3(n); \ + (data)[(offset) + 1] = MBEDTLS_BYTE_2(n); \ + (data)[(offset) + 2] = MBEDTLS_BYTE_1(n); \ + (data)[(offset) + 3] = MBEDTLS_BYTE_0(n); \ + } #endif /** @@ -159,12 +160,12 @@ static inline const unsigned char *mbedtls_buffer_offset_const( * integer from. */ #ifndef MBEDTLS_GET_UINT32_LE -#define MBEDTLS_GET_UINT32_LE( data, offset ) \ +#define MBEDTLS_GET_UINT32_LE(data, offset) \ ( \ - ( (uint32_t) ( data )[( offset ) ] ) \ - | ( (uint32_t) ( data )[( offset ) + 1] << 8 ) \ - | ( (uint32_t) ( data )[( offset ) + 2] << 16 ) \ - | ( (uint32_t) ( data )[( offset ) + 3] << 24 ) \ + ((uint32_t) (data)[(offset)]) \ + | ((uint32_t) (data)[(offset) + 1] << 8) \ + | ((uint32_t) (data)[(offset) + 2] << 16) \ + | ((uint32_t) (data)[(offset) + 3] << 24) \ ) #endif @@ -178,13 +179,13 @@ static inline const unsigned char *mbedtls_buffer_offset_const( * byte of the 32 bits unsigned integer \p n. */ #ifndef MBEDTLS_PUT_UINT32_LE -#define MBEDTLS_PUT_UINT32_LE( n, data, offset ) \ -{ \ - ( data )[( offset ) ] = MBEDTLS_BYTE_0( n ); \ - ( data )[( offset ) + 1] = MBEDTLS_BYTE_1( n ); \ - ( data )[( offset ) + 2] = MBEDTLS_BYTE_2( n ); \ - ( data )[( offset ) + 3] = MBEDTLS_BYTE_3( n ); \ -} +#define MBEDTLS_PUT_UINT32_LE(n, data, offset) \ + { \ + (data)[(offset)] = MBEDTLS_BYTE_0(n); \ + (data)[(offset) + 1] = MBEDTLS_BYTE_1(n); \ + (data)[(offset) + 2] = MBEDTLS_BYTE_2(n); \ + (data)[(offset) + 3] = MBEDTLS_BYTE_3(n); \ + } #endif /** @@ -197,10 +198,10 @@ static inline const unsigned char *mbedtls_buffer_offset_const( * integer from. */ #ifndef MBEDTLS_GET_UINT16_LE -#define MBEDTLS_GET_UINT16_LE( data, offset ) \ +#define MBEDTLS_GET_UINT16_LE(data, offset) \ ( \ - ( (uint16_t) ( data )[( offset ) ] ) \ - | ( (uint16_t) ( data )[( offset ) + 1] << 8 ) \ + ((uint16_t) (data)[(offset)]) \ + | ((uint16_t) (data)[(offset) + 1] << 8) \ ) #endif @@ -214,11 +215,11 @@ static inline const unsigned char *mbedtls_buffer_offset_const( * byte of the 16 bits unsigned integer \p n. */ #ifndef MBEDTLS_PUT_UINT16_LE -#define MBEDTLS_PUT_UINT16_LE( n, data, offset ) \ -{ \ - ( data )[( offset ) ] = MBEDTLS_BYTE_0( n ); \ - ( data )[( offset ) + 1] = MBEDTLS_BYTE_1( n ); \ -} +#define MBEDTLS_PUT_UINT16_LE(n, data, offset) \ + { \ + (data)[(offset)] = MBEDTLS_BYTE_0(n); \ + (data)[(offset) + 1] = MBEDTLS_BYTE_1(n); \ + } #endif /** @@ -231,10 +232,10 @@ static inline const unsigned char *mbedtls_buffer_offset_const( * integer from. */ #ifndef MBEDTLS_GET_UINT16_BE -#define MBEDTLS_GET_UINT16_BE( data, offset ) \ +#define MBEDTLS_GET_UINT16_BE(data, offset) \ ( \ - ( (uint16_t) ( data )[( offset ) ] << 8 ) \ - | ( (uint16_t) ( data )[( offset ) + 1] ) \ + ((uint16_t) (data)[(offset)] << 8) \ + | ((uint16_t) (data)[(offset) + 1]) \ ) #endif @@ -248,11 +249,11 @@ static inline const unsigned char *mbedtls_buffer_offset_const( * byte of the 16 bits unsigned integer \p n. */ #ifndef MBEDTLS_PUT_UINT16_BE -#define MBEDTLS_PUT_UINT16_BE( n, data, offset ) \ -{ \ - ( data )[( offset ) ] = MBEDTLS_BYTE_1( n ); \ - ( data )[( offset ) + 1] = MBEDTLS_BYTE_0( n ); \ -} +#define MBEDTLS_PUT_UINT16_BE(n, data, offset) \ + { \ + (data)[(offset)] = MBEDTLS_BYTE_1(n); \ + (data)[(offset) + 1] = MBEDTLS_BYTE_0(n); \ + } #endif /** @@ -265,16 +266,16 @@ static inline const unsigned char *mbedtls_buffer_offset_const( * integer from. */ #ifndef MBEDTLS_GET_UINT64_BE -#define MBEDTLS_GET_UINT64_BE( data, offset ) \ +#define MBEDTLS_GET_UINT64_BE(data, offset) \ ( \ - ( (uint64_t) ( data )[( offset ) ] << 56 ) \ - | ( (uint64_t) ( data )[( offset ) + 1] << 48 ) \ - | ( (uint64_t) ( data )[( offset ) + 2] << 40 ) \ - | ( (uint64_t) ( data )[( offset ) + 3] << 32 ) \ - | ( (uint64_t) ( data )[( offset ) + 4] << 24 ) \ - | ( (uint64_t) ( data )[( offset ) + 5] << 16 ) \ - | ( (uint64_t) ( data )[( offset ) + 6] << 8 ) \ - | ( (uint64_t) ( data )[( offset ) + 7] ) \ + ((uint64_t) (data)[(offset)] << 56) \ + | ((uint64_t) (data)[(offset) + 1] << 48) \ + | ((uint64_t) (data)[(offset) + 2] << 40) \ + | ((uint64_t) (data)[(offset) + 3] << 32) \ + | ((uint64_t) (data)[(offset) + 4] << 24) \ + | ((uint64_t) (data)[(offset) + 5] << 16) \ + | ((uint64_t) (data)[(offset) + 6] << 8) \ + | ((uint64_t) (data)[(offset) + 7]) \ ) #endif @@ -288,17 +289,17 @@ static inline const unsigned char *mbedtls_buffer_offset_const( * byte of the 64 bits unsigned integer \p n. */ #ifndef MBEDTLS_PUT_UINT64_BE -#define MBEDTLS_PUT_UINT64_BE( n, data, offset ) \ -{ \ - ( data )[( offset ) ] = MBEDTLS_BYTE_7( n ); \ - ( data )[( offset ) + 1] = MBEDTLS_BYTE_6( n ); \ - ( data )[( offset ) + 2] = MBEDTLS_BYTE_5( n ); \ - ( data )[( offset ) + 3] = MBEDTLS_BYTE_4( n ); \ - ( data )[( offset ) + 4] = MBEDTLS_BYTE_3( n ); \ - ( data )[( offset ) + 5] = MBEDTLS_BYTE_2( n ); \ - ( data )[( offset ) + 6] = MBEDTLS_BYTE_1( n ); \ - ( data )[( offset ) + 7] = MBEDTLS_BYTE_0( n ); \ -} +#define MBEDTLS_PUT_UINT64_BE(n, data, offset) \ + { \ + (data)[(offset)] = MBEDTLS_BYTE_7(n); \ + (data)[(offset) + 1] = MBEDTLS_BYTE_6(n); \ + (data)[(offset) + 2] = MBEDTLS_BYTE_5(n); \ + (data)[(offset) + 3] = MBEDTLS_BYTE_4(n); \ + (data)[(offset) + 4] = MBEDTLS_BYTE_3(n); \ + (data)[(offset) + 5] = MBEDTLS_BYTE_2(n); \ + (data)[(offset) + 6] = MBEDTLS_BYTE_1(n); \ + (data)[(offset) + 7] = MBEDTLS_BYTE_0(n); \ + } #endif /** @@ -311,16 +312,16 @@ static inline const unsigned char *mbedtls_buffer_offset_const( * integer from. */ #ifndef MBEDTLS_GET_UINT64_LE -#define MBEDTLS_GET_UINT64_LE( data, offset ) \ +#define MBEDTLS_GET_UINT64_LE(data, offset) \ ( \ - ( (uint64_t) ( data )[( offset ) + 7] << 56 ) \ - | ( (uint64_t) ( data )[( offset ) + 6] << 48 ) \ - | ( (uint64_t) ( data )[( offset ) + 5] << 40 ) \ - | ( (uint64_t) ( data )[( offset ) + 4] << 32 ) \ - | ( (uint64_t) ( data )[( offset ) + 3] << 24 ) \ - | ( (uint64_t) ( data )[( offset ) + 2] << 16 ) \ - | ( (uint64_t) ( data )[( offset ) + 1] << 8 ) \ - | ( (uint64_t) ( data )[( offset ) ] ) \ + ((uint64_t) (data)[(offset) + 7] << 56) \ + | ((uint64_t) (data)[(offset) + 6] << 48) \ + | ((uint64_t) (data)[(offset) + 5] << 40) \ + | ((uint64_t) (data)[(offset) + 4] << 32) \ + | ((uint64_t) (data)[(offset) + 3] << 24) \ + | ((uint64_t) (data)[(offset) + 2] << 16) \ + | ((uint64_t) (data)[(offset) + 1] << 8) \ + | ((uint64_t) (data)[(offset)]) \ ) #endif @@ -334,17 +335,31 @@ static inline const unsigned char *mbedtls_buffer_offset_const( * byte of the 64 bits unsigned integer \p n. */ #ifndef MBEDTLS_PUT_UINT64_LE -#define MBEDTLS_PUT_UINT64_LE( n, data, offset ) \ -{ \ - ( data )[( offset ) ] = MBEDTLS_BYTE_0( n ); \ - ( data )[( offset ) + 1] = MBEDTLS_BYTE_1( n ); \ - ( data )[( offset ) + 2] = MBEDTLS_BYTE_2( n ); \ - ( data )[( offset ) + 3] = MBEDTLS_BYTE_3( n ); \ - ( data )[( offset ) + 4] = MBEDTLS_BYTE_4( n ); \ - ( data )[( offset ) + 5] = MBEDTLS_BYTE_5( n ); \ - ( data )[( offset ) + 6] = MBEDTLS_BYTE_6( n ); \ - ( data )[( offset ) + 7] = MBEDTLS_BYTE_7( n ); \ -} +#define MBEDTLS_PUT_UINT64_LE(n, data, offset) \ + { \ + (data)[(offset)] = MBEDTLS_BYTE_0(n); \ + (data)[(offset) + 1] = MBEDTLS_BYTE_1(n); \ + (data)[(offset) + 2] = MBEDTLS_BYTE_2(n); \ + (data)[(offset) + 3] = MBEDTLS_BYTE_3(n); \ + (data)[(offset) + 4] = MBEDTLS_BYTE_4(n); \ + (data)[(offset) + 5] = MBEDTLS_BYTE_5(n); \ + (data)[(offset) + 6] = MBEDTLS_BYTE_6(n); \ + (data)[(offset) + 7] = MBEDTLS_BYTE_7(n); \ + } +#endif + +/* Always provide a static assert macro, so it can be used unconditionally. + * It will expand to nothing on some systems. + * Can be used outside functions (but don't add a trailing ';' in that case: + * the semicolon is included here to avoid triggering -Wextra-semi when + * MBEDTLS_STATIC_ASSERT() expands to nothing). + * Can't use the C11-style `defined(static_assert)` on FreeBSD, since it + * defines static_assert even with -std=c99, but then complains about it. + */ +#if defined(static_assert) && !defined(__FreeBSD__) +#define MBEDTLS_STATIC_ASSERT(expr, msg) static_assert(expr, msg); +#else +#define MBEDTLS_STATIC_ASSERT(expr, msg) #endif #endif /* MBEDTLS_LIBRARY_COMMON_H */ diff --git a/thirdparty/mbedtls/library/constant_time.c b/thirdparty/mbedtls/library/constant_time.c index 2401b0434a..527930129b 100644 --- a/thirdparty/mbedtls/library/constant_time.c +++ b/thirdparty/mbedtls/library/constant_time.c @@ -17,7 +17,7 @@ * limitations under the License. */ - /* +/* * The following functions are implemented without using comparison operators, as those * might be translated to branches by some compilers on some platforms. */ @@ -46,17 +46,16 @@ #include -int mbedtls_ct_memcmp( const void *a, - const void *b, - size_t n ) +int mbedtls_ct_memcmp(const void *a, + const void *b, + size_t n) { size_t i; volatile const unsigned char *A = (volatile const unsigned char *) a; volatile const unsigned char *B = (volatile const unsigned char *) b; volatile unsigned char diff = 0; - for( i = 0; i < n; i++ ) - { + for (i = 0; i < n; i++) { /* Read volatile data in order before computing diff. * This avoids IAR compiler warning: * 'the order of volatile accesses is undefined ..' */ @@ -64,10 +63,10 @@ int mbedtls_ct_memcmp( const void *a, diff |= x ^ y; } - return( (int)diff ); + return (int) diff; } -unsigned mbedtls_ct_uint_mask( unsigned value ) +unsigned mbedtls_ct_uint_mask(unsigned value) { /* MSVC has a warning about unary minus on unsigned, but this is * well-defined and precisely what we want to do here */ @@ -75,7 +74,7 @@ unsigned mbedtls_ct_uint_mask( unsigned value ) #pragma warning( push ) #pragma warning( disable : 4146 ) #endif - return( - ( ( value | - value ) >> ( sizeof( value ) * 8 - 1 ) ) ); + return -((value | -value) >> (sizeof(value) * 8 - 1)); #if defined(_MSC_VER) #pragma warning( pop ) #endif @@ -83,7 +82,7 @@ unsigned mbedtls_ct_uint_mask( unsigned value ) #if defined(MBEDTLS_SSL_SOME_MODES_USE_MAC) -size_t mbedtls_ct_size_mask( size_t value ) +size_t mbedtls_ct_size_mask(size_t value) { /* MSVC has a warning about unary minus on unsigned integer types, * but this is well-defined and precisely what we want to do here. */ @@ -91,7 +90,7 @@ size_t mbedtls_ct_size_mask( size_t value ) #pragma warning( push ) #pragma warning( disable : 4146 ) #endif - return( - ( ( value | - value ) >> ( sizeof( value ) * 8 - 1 ) ) ); + return -((value | -value) >> (sizeof(value) * 8 - 1)); #if defined(_MSC_VER) #pragma warning( pop ) #endif @@ -101,7 +100,7 @@ size_t mbedtls_ct_size_mask( size_t value ) #if defined(MBEDTLS_BIGNUM_C) -mbedtls_mpi_uint mbedtls_ct_mpi_uint_mask( mbedtls_mpi_uint value ) +mbedtls_mpi_uint mbedtls_ct_mpi_uint_mask(mbedtls_mpi_uint value) { /* MSVC has a warning about unary minus on unsigned, but this is * well-defined and precisely what we want to do here */ @@ -109,7 +108,7 @@ mbedtls_mpi_uint mbedtls_ct_mpi_uint_mask( mbedtls_mpi_uint value ) #pragma warning( push ) #pragma warning( disable : 4146 ) #endif - return( - ( ( value | - value ) >> ( sizeof( value ) * 8 - 1 ) ) ); + return -((value | -value) >> (sizeof(value) * 8 - 1)); #if defined(_MSC_VER) #pragma warning( pop ) #endif @@ -131,25 +130,25 @@ mbedtls_mpi_uint mbedtls_ct_mpi_uint_mask( mbedtls_mpi_uint value ) * * \return All-bits-one if \p x is less than \p y, otherwise zero. */ -static size_t mbedtls_ct_size_mask_lt( size_t x, - size_t y ) +static size_t mbedtls_ct_size_mask_lt(size_t x, + size_t y) { /* This has the most significant bit set if and only if x < y */ const size_t sub = x - y; /* sub1 = (x < y) ? 1 : 0 */ - const size_t sub1 = sub >> ( sizeof( sub ) * 8 - 1 ); + const size_t sub1 = sub >> (sizeof(sub) * 8 - 1); /* mask = (x < y) ? 0xff... : 0x00... */ - const size_t mask = mbedtls_ct_size_mask( sub1 ); + const size_t mask = mbedtls_ct_size_mask(sub1); - return( mask ); + return mask; } -size_t mbedtls_ct_size_mask_ge( size_t x, - size_t y ) +size_t mbedtls_ct_size_mask_ge(size_t x, + size_t y) { - return( ~mbedtls_ct_size_mask_lt( x, y ) ); + return ~mbedtls_ct_size_mask_lt(x, y); } #endif /* MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC */ @@ -161,21 +160,21 @@ size_t mbedtls_ct_size_mask_ge( size_t x, * Constant flow with respect to c. */ MBEDTLS_STATIC_TESTABLE -unsigned char mbedtls_ct_uchar_mask_of_range( unsigned char low, - unsigned char high, - unsigned char c ) +unsigned char mbedtls_ct_uchar_mask_of_range(unsigned char low, + unsigned char high, + unsigned char c) { /* low_mask is: 0 if low <= c, 0x...ff if low > c */ - unsigned low_mask = ( (unsigned) c - low ) >> 8; + unsigned low_mask = ((unsigned) c - low) >> 8; /* high_mask is: 0 if c <= high, 0x...ff if c > high */ - unsigned high_mask = ( (unsigned) high - c ) >> 8; - return( ~( low_mask | high_mask ) & 0xff ); + unsigned high_mask = ((unsigned) high - c) >> 8; + return ~(low_mask | high_mask) & 0xff; } #endif /* MBEDTLS_BASE64_C */ -unsigned mbedtls_ct_size_bool_eq( size_t x, - size_t y ) +unsigned mbedtls_ct_size_bool_eq(size_t x, + size_t y) { /* diff = 0 if x == y, non-zero otherwise */ const size_t diff = x ^ y; @@ -188,16 +187,16 @@ unsigned mbedtls_ct_size_bool_eq( size_t x, #endif /* diff_msb's most significant bit is equal to x != y */ - const size_t diff_msb = ( diff | (size_t) -diff ); + const size_t diff_msb = (diff | (size_t) -diff); #if defined(_MSC_VER) #pragma warning( pop ) #endif /* diff1 = (x != y) ? 1 : 0 */ - const unsigned diff1 = diff_msb >> ( sizeof( diff_msb ) * 8 - 1 ); + const unsigned diff1 = diff_msb >> (sizeof(diff_msb) * 8 - 1); - return( 1 ^ diff1 ); + return 1 ^ diff1; } #if defined(MBEDTLS_PKCS1_V15) && defined(MBEDTLS_RSA_C) && !defined(MBEDTLS_RSA_ALT) @@ -213,19 +212,19 @@ unsigned mbedtls_ct_size_bool_eq( size_t x, * * \return 1 if \p x greater than \p y, otherwise 0. */ -static unsigned mbedtls_ct_size_gt( size_t x, - size_t y ) +static unsigned mbedtls_ct_size_gt(size_t x, + size_t y) { /* Return the sign bit (1 for negative) of (y - x). */ - return( ( y - x ) >> ( sizeof( size_t ) * 8 - 1 ) ); + return (y - x) >> (sizeof(size_t) * 8 - 1); } #endif /* MBEDTLS_PKCS1_V15 && MBEDTLS_RSA_C && ! MBEDTLS_RSA_ALT */ #if defined(MBEDTLS_BIGNUM_C) -unsigned mbedtls_ct_mpi_uint_lt( const mbedtls_mpi_uint x, - const mbedtls_mpi_uint y ) +unsigned mbedtls_ct_mpi_uint_lt(const mbedtls_mpi_uint x, + const mbedtls_mpi_uint y) { mbedtls_mpi_uint ret; mbedtls_mpi_uint cond; @@ -233,12 +232,12 @@ unsigned mbedtls_ct_mpi_uint_lt( const mbedtls_mpi_uint x, /* * Check if the most significant bits (MSB) of the operands are different. */ - cond = ( x ^ y ); + cond = (x ^ y); /* * If the MSB are the same then the difference x-y will be negative (and * have its MSB set to 1 during conversion to unsigned) if and only if x> ( sizeof( mbedtls_mpi_uint ) * 8 - 1 ); + ret = ret >> (sizeof(mbedtls_mpi_uint) * 8 - 1); return (unsigned) ret; } #endif /* MBEDTLS_BIGNUM_C */ -unsigned mbedtls_ct_uint_if( unsigned condition, - unsigned if1, - unsigned if0 ) +unsigned mbedtls_ct_uint_if(unsigned condition, + unsigned if1, + unsigned if0) { - unsigned mask = mbedtls_ct_uint_mask( condition ); - return( ( mask & if1 ) | (~mask & if0 ) ); + unsigned mask = mbedtls_ct_uint_mask(condition); + return (mask & if1) | (~mask & if0); } #if defined(MBEDTLS_BIGNUM_C) @@ -278,9 +277,9 @@ unsigned mbedtls_ct_uint_if( unsigned condition, * * \return \c if1 if \p condition is nonzero, otherwise \c if0. * */ -static int mbedtls_ct_cond_select_sign( unsigned char condition, - int if1, - int if0 ) +static int mbedtls_ct_cond_select_sign(unsigned char condition, + int if1, + int if0) { /* In order to avoid questions about what we can reasonably assume about * the representations of signed integers, move everything to unsigned @@ -292,16 +291,16 @@ static int mbedtls_ct_cond_select_sign( unsigned char condition, const unsigned mask = condition << 1; /* select uif1 or uif0 */ - unsigned ur = ( uif0 & ~mask ) | ( uif1 & mask ); + unsigned ur = (uif0 & ~mask) | (uif1 & mask); /* ur is now 0 or 2, convert back to -1 or +1 */ - return( (int) ur - 1 ); + return (int) ur - 1; } -void mbedtls_ct_mpi_uint_cond_assign( size_t n, - mbedtls_mpi_uint *dest, - const mbedtls_mpi_uint *src, - unsigned char condition ) +void mbedtls_ct_mpi_uint_cond_assign(size_t n, + mbedtls_mpi_uint *dest, + const mbedtls_mpi_uint *src, + unsigned char condition) { size_t i; @@ -319,43 +318,44 @@ void mbedtls_ct_mpi_uint_cond_assign( size_t n, #pragma warning( pop ) #endif - for( i = 0; i < n; i++ ) - dest[i] = ( src[i] & mask ) | ( dest[i] & ~mask ); + for (i = 0; i < n; i++) { + dest[i] = (src[i] & mask) | (dest[i] & ~mask); + } } #endif /* MBEDTLS_BIGNUM_C */ #if defined(MBEDTLS_BASE64_C) -unsigned char mbedtls_ct_base64_enc_char( unsigned char value ) +unsigned char mbedtls_ct_base64_enc_char(unsigned char value) { unsigned char digit = 0; /* For each range of values, if value is in that range, mask digit with * the corresponding value. Since value can only be in a single range, * only at most one masking will change digit. */ - digit |= mbedtls_ct_uchar_mask_of_range( 0, 25, value ) & ( 'A' + value ); - digit |= mbedtls_ct_uchar_mask_of_range( 26, 51, value ) & ( 'a' + value - 26 ); - digit |= mbedtls_ct_uchar_mask_of_range( 52, 61, value ) & ( '0' + value - 52 ); - digit |= mbedtls_ct_uchar_mask_of_range( 62, 62, value ) & '+'; - digit |= mbedtls_ct_uchar_mask_of_range( 63, 63, value ) & '/'; - return( digit ); + digit |= mbedtls_ct_uchar_mask_of_range(0, 25, value) & ('A' + value); + digit |= mbedtls_ct_uchar_mask_of_range(26, 51, value) & ('a' + value - 26); + digit |= mbedtls_ct_uchar_mask_of_range(52, 61, value) & ('0' + value - 52); + digit |= mbedtls_ct_uchar_mask_of_range(62, 62, value) & '+'; + digit |= mbedtls_ct_uchar_mask_of_range(63, 63, value) & '/'; + return digit; } -signed char mbedtls_ct_base64_dec_value( unsigned char c ) +signed char mbedtls_ct_base64_dec_value(unsigned char c) { unsigned char val = 0; /* For each range of digits, if c is in that range, mask val with * the corresponding value. Since c can only be in a single range, * only at most one masking will change val. Set val to one plus * the desired value so that it stays 0 if c is in none of the ranges. */ - val |= mbedtls_ct_uchar_mask_of_range( 'A', 'Z', c ) & ( c - 'A' + 0 + 1 ); - val |= mbedtls_ct_uchar_mask_of_range( 'a', 'z', c ) & ( c - 'a' + 26 + 1 ); - val |= mbedtls_ct_uchar_mask_of_range( '0', '9', c ) & ( c - '0' + 52 + 1 ); - val |= mbedtls_ct_uchar_mask_of_range( '+', '+', c ) & ( c - '+' + 62 + 1 ); - val |= mbedtls_ct_uchar_mask_of_range( '/', '/', c ) & ( c - '/' + 63 + 1 ); + val |= mbedtls_ct_uchar_mask_of_range('A', 'Z', c) & (c - 'A' + 0 + 1); + val |= mbedtls_ct_uchar_mask_of_range('a', 'z', c) & (c - 'a' + 26 + 1); + val |= mbedtls_ct_uchar_mask_of_range('0', '9', c) & (c - '0' + 52 + 1); + val |= mbedtls_ct_uchar_mask_of_range('+', '+', c) & (c - '+' + 62 + 1); + val |= mbedtls_ct_uchar_mask_of_range('/', '/', c) & (c - '/' + 63 + 1); /* At this point, val is 0 if c is an invalid digit and v+1 if c is * a digit with the value v. */ - return( val - 1 ); + return val - 1; } #endif /* MBEDTLS_BASE64_C */ @@ -378,72 +378,71 @@ signed char mbedtls_ct_base64_dec_value( unsigned char c ) * \param total Total size of the buffer. * \param offset Offset from which to copy \p total - \p offset bytes. */ -static void mbedtls_ct_mem_move_to_left( void *start, - size_t total, - size_t offset ) +static void mbedtls_ct_mem_move_to_left(void *start, + size_t total, + size_t offset) { volatile unsigned char *buf = start; size_t i, n; - if( total == 0 ) + if (total == 0) { return; - for( i = 0; i < total; i++ ) - { - unsigned no_op = mbedtls_ct_size_gt( total - offset, i ); + } + for (i = 0; i < total; i++) { + unsigned no_op = mbedtls_ct_size_gt(total - offset, i); /* The first `total - offset` passes are a no-op. The last * `offset` passes shift the data one byte to the left and * zero out the last byte. */ - for( n = 0; n < total - 1; n++ ) - { + for (n = 0; n < total - 1; n++) { unsigned char current = buf[n]; unsigned char next = buf[n+1]; - buf[n] = mbedtls_ct_uint_if( no_op, current, next ); + buf[n] = mbedtls_ct_uint_if(no_op, current, next); } - buf[total-1] = mbedtls_ct_uint_if( no_op, buf[total-1], 0 ); + buf[total-1] = mbedtls_ct_uint_if(no_op, buf[total-1], 0); } } #endif /* MBEDTLS_PKCS1_V15 && MBEDTLS_RSA_C && ! MBEDTLS_RSA_ALT */ #if defined(MBEDTLS_SSL_SOME_MODES_USE_MAC) -void mbedtls_ct_memcpy_if_eq( unsigned char *dest, - const unsigned char *src, - size_t len, - size_t c1, - size_t c2 ) +void mbedtls_ct_memcpy_if_eq(unsigned char *dest, + const unsigned char *src, + size_t len, + size_t c1, + size_t c2) { /* mask = c1 == c2 ? 0xff : 0x00 */ - const size_t equal = mbedtls_ct_size_bool_eq( c1, c2 ); - const unsigned char mask = (unsigned char) mbedtls_ct_size_mask( equal ); + const size_t equal = mbedtls_ct_size_bool_eq(c1, c2); + const unsigned char mask = (unsigned char) mbedtls_ct_size_mask(equal); /* dest[i] = c1 == c2 ? src[i] : dest[i] */ - for( size_t i = 0; i < len; i++ ) - dest[i] = ( src[i] & mask ) | ( dest[i] & ~mask ); + for (size_t i = 0; i < len; i++) { + dest[i] = (src[i] & mask) | (dest[i] & ~mask); + } } -void mbedtls_ct_memcpy_offset( unsigned char *dest, - const unsigned char *src, - size_t offset, - size_t offset_min, - size_t offset_max, - size_t len ) +void mbedtls_ct_memcpy_offset(unsigned char *dest, + const unsigned char *src, + size_t offset, + size_t offset_min, + size_t offset_max, + size_t len) { size_t offsetval; - for( offsetval = offset_min; offsetval <= offset_max; offsetval++ ) - { - mbedtls_ct_memcpy_if_eq( dest, src + offsetval, len, - offsetval, offset ); + for (offsetval = offset_min; offsetval <= offset_max; offsetval++) { + mbedtls_ct_memcpy_if_eq(dest, src + offsetval, len, + offsetval, offset); } } -int mbedtls_ct_hmac( mbedtls_md_context_t *ctx, - const unsigned char *add_data, - size_t add_data_len, - const unsigned char *data, - size_t data_len_secret, - size_t min_data_len, - size_t max_data_len, - unsigned char *output ) +int mbedtls_ct_hmac(mbedtls_md_context_t *ctx, + const unsigned char *add_data, + size_t add_data_len, + const unsigned char *data, + size_t data_len_secret, + size_t min_data_len, + size_t max_data_len, + unsigned char *output) { /* * This function breaks the HMAC abstraction and uses the md_clone() @@ -459,79 +458,79 @@ int mbedtls_ct_hmac( mbedtls_md_context_t *ctx, * * Then we only need to compute HASH(okey + inner_hash) and we're done. */ - const mbedtls_md_type_t md_alg = mbedtls_md_get_type( ctx->md_info ); + const mbedtls_md_type_t md_alg = mbedtls_md_get_type(ctx->md_info); /* TLS 1.0-1.2 only support SHA-384, SHA-256, SHA-1, MD-5, * all of which have the same block size except SHA-384. */ const size_t block_size = md_alg == MBEDTLS_MD_SHA384 ? 128 : 64; const unsigned char * const ikey = ctx->hmac_ctx; const unsigned char * const okey = ikey + block_size; - const size_t hash_size = mbedtls_md_get_size( ctx->md_info ); + const size_t hash_size = mbedtls_md_get_size(ctx->md_info); unsigned char aux_out[MBEDTLS_MD_MAX_SIZE]; mbedtls_md_context_t aux; size_t offset; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - mbedtls_md_init( &aux ); + mbedtls_md_init(&aux); -#define MD_CHK( func_call ) \ +#define MD_CHK(func_call) \ do { \ ret = (func_call); \ - if( ret != 0 ) \ - goto cleanup; \ - } while( 0 ) + if (ret != 0) \ + goto cleanup; \ + } while (0) - MD_CHK( mbedtls_md_setup( &aux, ctx->md_info, 0 ) ); + MD_CHK(mbedtls_md_setup(&aux, ctx->md_info, 0)); /* After hmac_start() of hmac_reset(), ikey has already been hashed, * so we can start directly with the message */ - MD_CHK( mbedtls_md_update( ctx, add_data, add_data_len ) ); - MD_CHK( mbedtls_md_update( ctx, data, min_data_len ) ); + MD_CHK(mbedtls_md_update(ctx, add_data, add_data_len)); + MD_CHK(mbedtls_md_update(ctx, data, min_data_len)); /* Fill the hash buffer in advance with something that is * not a valid hash (barring an attack on the hash and * deliberately-crafted input), in case the caller doesn't * check the return status properly. */ - memset( output, '!', hash_size ); + memset(output, '!', hash_size); /* For each possible length, compute the hash up to that point */ - for( offset = min_data_len; offset <= max_data_len; offset++ ) - { - MD_CHK( mbedtls_md_clone( &aux, ctx ) ); - MD_CHK( mbedtls_md_finish( &aux, aux_out ) ); + for (offset = min_data_len; offset <= max_data_len; offset++) { + MD_CHK(mbedtls_md_clone(&aux, ctx)); + MD_CHK(mbedtls_md_finish(&aux, aux_out)); /* Keep only the correct inner_hash in the output buffer */ - mbedtls_ct_memcpy_if_eq( output, aux_out, hash_size, - offset, data_len_secret ); + mbedtls_ct_memcpy_if_eq(output, aux_out, hash_size, + offset, data_len_secret); - if( offset < max_data_len ) - MD_CHK( mbedtls_md_update( ctx, data + offset, 1 ) ); + if (offset < max_data_len) { + MD_CHK(mbedtls_md_update(ctx, data + offset, 1)); + } } /* The context needs to finish() before it starts() again */ - MD_CHK( mbedtls_md_finish( ctx, aux_out ) ); + MD_CHK(mbedtls_md_finish(ctx, aux_out)); /* Now compute HASH(okey + inner_hash) */ - MD_CHK( mbedtls_md_starts( ctx ) ); - MD_CHK( mbedtls_md_update( ctx, okey, block_size ) ); - MD_CHK( mbedtls_md_update( ctx, output, hash_size ) ); - MD_CHK( mbedtls_md_finish( ctx, output ) ); + MD_CHK(mbedtls_md_starts(ctx)); + MD_CHK(mbedtls_md_update(ctx, okey, block_size)); + MD_CHK(mbedtls_md_update(ctx, output, hash_size)); + MD_CHK(mbedtls_md_finish(ctx, output)); /* Done, get ready for next time */ - MD_CHK( mbedtls_md_hmac_reset( ctx ) ); + MD_CHK(mbedtls_md_hmac_reset(ctx)); #undef MD_CHK cleanup: - mbedtls_md_free( &aux ); - return( ret ); + mbedtls_md_free(&aux); + return ret; } #endif /* MBEDTLS_SSL_SOME_MODES_USE_MAC */ #if defined(MBEDTLS_BIGNUM_C) -#define MPI_VALIDATE_RET( cond ) \ - MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_MPI_BAD_INPUT_DATA ) +#define MPI_VALIDATE_RET(cond) \ + MBEDTLS_INTERNAL_VALIDATE_RET(cond, MBEDTLS_ERR_MPI_BAD_INPUT_DATA) /* * Conditionally assign X = Y, without leaking information @@ -545,30 +544,31 @@ cleanup: */ __declspec(noinline) #endif -int mbedtls_mpi_safe_cond_assign( mbedtls_mpi *X, - const mbedtls_mpi *Y, - unsigned char assign ) +int mbedtls_mpi_safe_cond_assign(mbedtls_mpi *X, + const mbedtls_mpi *Y, + unsigned char assign) { int ret = 0; size_t i; mbedtls_mpi_uint limb_mask; - MPI_VALIDATE_RET( X != NULL ); - MPI_VALIDATE_RET( Y != NULL ); + MPI_VALIDATE_RET(X != NULL); + MPI_VALIDATE_RET(Y != NULL); /* all-bits 1 if assign is 1, all-bits 0 if assign is 0 */ - limb_mask = mbedtls_ct_mpi_uint_mask( assign );; + limb_mask = mbedtls_ct_mpi_uint_mask(assign);; - MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, Y->n ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_grow(X, Y->n)); - X->s = mbedtls_ct_cond_select_sign( assign, Y->s, X->s ); + X->s = mbedtls_ct_cond_select_sign(assign, Y->s, X->s); - mbedtls_ct_mpi_uint_cond_assign( Y->n, X->p, Y->p, assign ); + mbedtls_ct_mpi_uint_cond_assign(Y->n, X->p, Y->p, assign); - for( i = Y->n; i < X->n; i++ ) + for (i = Y->n; i < X->n; i++) { X->p[i] &= ~limb_mask; + } cleanup: - return( ret ); + return ret; } /* @@ -577,73 +577,74 @@ cleanup: * Here it is not ok to simply swap the pointers, which would lead to * different memory access patterns when X and Y are used afterwards. */ -int mbedtls_mpi_safe_cond_swap( mbedtls_mpi *X, - mbedtls_mpi *Y, - unsigned char swap ) +int mbedtls_mpi_safe_cond_swap(mbedtls_mpi *X, + mbedtls_mpi *Y, + unsigned char swap) { int ret, s; size_t i; mbedtls_mpi_uint limb_mask; mbedtls_mpi_uint tmp; - MPI_VALIDATE_RET( X != NULL ); - MPI_VALIDATE_RET( Y != NULL ); + MPI_VALIDATE_RET(X != NULL); + MPI_VALIDATE_RET(Y != NULL); - if( X == Y ) - return( 0 ); + if (X == Y) { + return 0; + } /* all-bits 1 if swap is 1, all-bits 0 if swap is 0 */ - limb_mask = mbedtls_ct_mpi_uint_mask( swap ); + limb_mask = mbedtls_ct_mpi_uint_mask(swap); - MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, Y->n ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_grow( Y, X->n ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_grow(X, Y->n)); + MBEDTLS_MPI_CHK(mbedtls_mpi_grow(Y, X->n)); s = X->s; - X->s = mbedtls_ct_cond_select_sign( swap, Y->s, X->s ); - Y->s = mbedtls_ct_cond_select_sign( swap, s, Y->s ); + X->s = mbedtls_ct_cond_select_sign(swap, Y->s, X->s); + Y->s = mbedtls_ct_cond_select_sign(swap, s, Y->s); - for( i = 0; i < X->n; i++ ) - { + for (i = 0; i < X->n; i++) { tmp = X->p[i]; - X->p[i] = ( X->p[i] & ~limb_mask ) | ( Y->p[i] & limb_mask ); - Y->p[i] = ( Y->p[i] & ~limb_mask ) | ( tmp & limb_mask ); + X->p[i] = (X->p[i] & ~limb_mask) | (Y->p[i] & limb_mask); + Y->p[i] = (Y->p[i] & ~limb_mask) | (tmp & limb_mask); } cleanup: - return( ret ); + return ret; } /* * Compare signed values in constant time */ -int mbedtls_mpi_lt_mpi_ct( const mbedtls_mpi *X, - const mbedtls_mpi *Y, - unsigned *ret ) +int mbedtls_mpi_lt_mpi_ct(const mbedtls_mpi *X, + const mbedtls_mpi *Y, + unsigned *ret) { size_t i; /* The value of any of these variables is either 0 or 1 at all times. */ unsigned cond, done, X_is_negative, Y_is_negative; - MPI_VALIDATE_RET( X != NULL ); - MPI_VALIDATE_RET( Y != NULL ); - MPI_VALIDATE_RET( ret != NULL ); + MPI_VALIDATE_RET(X != NULL); + MPI_VALIDATE_RET(Y != NULL); + MPI_VALIDATE_RET(ret != NULL); - if( X->n != Y->n ) + if (X->n != Y->n) { return MBEDTLS_ERR_MPI_BAD_INPUT_DATA; + } /* * Set sign_N to 1 if N >= 0, 0 if N < 0. * We know that N->s == 1 if N >= 0 and N->s == -1 if N < 0. */ - X_is_negative = ( X->s & 2 ) >> 1; - Y_is_negative = ( Y->s & 2 ) >> 1; + X_is_negative = (X->s & 2) >> 1; + Y_is_negative = (Y->s & 2) >> 1; /* * If the signs are different, then the positive operand is the bigger. * That is if X is negative (X_is_negative == 1), then X < Y is true and it * is false if X is positive (X_is_negative == 0). */ - cond = ( X_is_negative ^ Y_is_negative ); + cond = (X_is_negative ^ Y_is_negative); *ret = cond & X_is_negative; /* @@ -652,8 +653,7 @@ int mbedtls_mpi_lt_mpi_ct( const mbedtls_mpi *X, */ done = cond; - for( i = X->n; i > 0; i-- ) - { + for (i = X->n; i > 0; i--) { /* * If Y->p[i - 1] < X->p[i - 1] then X < Y is true if and only if both * X and Y are negative. @@ -661,8 +661,8 @@ int mbedtls_mpi_lt_mpi_ct( const mbedtls_mpi *X, * Again even if we can make a decision, we just mark the result and * the fact that we are done and continue looping. */ - cond = mbedtls_ct_mpi_uint_lt( Y->p[i - 1], X->p[i - 1] ); - *ret |= cond & ( 1 - done ) & X_is_negative; + cond = mbedtls_ct_mpi_uint_lt(Y->p[i - 1], X->p[i - 1]); + *ret |= cond & (1 - done) & X_is_negative; done |= cond; /* @@ -672,24 +672,24 @@ int mbedtls_mpi_lt_mpi_ct( const mbedtls_mpi *X, * Again even if we can make a decision, we just mark the result and * the fact that we are done and continue looping. */ - cond = mbedtls_ct_mpi_uint_lt( X->p[i - 1], Y->p[i - 1] ); - *ret |= cond & ( 1 - done ) & ( 1 - X_is_negative ); + cond = mbedtls_ct_mpi_uint_lt(X->p[i - 1], Y->p[i - 1]); + *ret |= cond & (1 - done) & (1 - X_is_negative); done |= cond; } - return( 0 ); + return 0; } #endif /* MBEDTLS_BIGNUM_C */ #if defined(MBEDTLS_PKCS1_V15) && defined(MBEDTLS_RSA_C) && !defined(MBEDTLS_RSA_ALT) -int mbedtls_ct_rsaes_pkcs1_v15_unpadding( int mode, - unsigned char *input, - size_t ilen, - unsigned char *output, - size_t output_max_len, - size_t *olen ) +int mbedtls_ct_rsaes_pkcs1_v15_unpadding(int mode, + unsigned char *input, + size_t ilen, + unsigned char *output, + size_t output_max_len, + size_t *olen) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t i, plaintext_max_size; @@ -710,29 +710,25 @@ int mbedtls_ct_rsaes_pkcs1_v15_unpadding( int mode, size_t plaintext_size = 0; unsigned output_too_large; - plaintext_max_size = ( output_max_len > ilen - 11 ) ? ilen - 11 + plaintext_max_size = (output_max_len > ilen - 11) ? ilen - 11 : output_max_len; /* Check and get padding length in constant time and constant * memory trace. The first byte must be 0. */ bad |= input[0]; - if( mode == MBEDTLS_RSA_PRIVATE ) - { + if (mode == MBEDTLS_RSA_PRIVATE) { /* Decode EME-PKCS1-v1_5 padding: 0x00 || 0x02 || PS || 0x00 * where PS must be at least 8 nonzero bytes. */ bad |= input[1] ^ MBEDTLS_RSA_CRYPT; /* Read the whole buffer. Set pad_done to nonzero if we find * the 0x00 byte and remember the padding length in pad_count. */ - for( i = 2; i < ilen; i++ ) - { - pad_done |= ((input[i] | (unsigned char)-input[i]) >> 7) ^ 1; - pad_count += ((pad_done | (unsigned char)-pad_done) >> 7) ^ 1; + for (i = 2; i < ilen; i++) { + pad_done |= ((input[i] | (unsigned char) -input[i]) >> 7) ^ 1; + pad_count += ((pad_done | (unsigned char) -pad_done) >> 7) ^ 1; } - } - else - { + } else { /* Decode EMSA-PKCS1-v1_5 padding: 0x00 || 0x01 || PS || 0x00 * where PS must be at least 8 bytes with the value 0xFF. */ bad |= input[1] ^ MBEDTLS_RSA_SIGN; @@ -740,19 +736,18 @@ int mbedtls_ct_rsaes_pkcs1_v15_unpadding( int mode, /* Read the whole buffer. Set pad_done to nonzero if we find * the 0x00 byte and remember the padding length in pad_count. * If there's a non-0xff byte in the padding, the padding is bad. */ - for( i = 2; i < ilen; i++ ) - { - pad_done |= mbedtls_ct_uint_if( input[i], 0, 1 ); - pad_count += mbedtls_ct_uint_if( pad_done, 0, 1 ); - bad |= mbedtls_ct_uint_if( pad_done, 0, input[i] ^ 0xFF ); + for (i = 2; i < ilen; i++) { + pad_done |= mbedtls_ct_uint_if(input[i], 0, 1); + pad_count += mbedtls_ct_uint_if(pad_done, 0, 1); + bad |= mbedtls_ct_uint_if(pad_done, 0, input[i] ^ 0xFF); } } /* If pad_done is still zero, there's no data, only unfinished padding. */ - bad |= mbedtls_ct_uint_if( pad_done, 0, 1 ); + bad |= mbedtls_ct_uint_if(pad_done, 0, 1); /* There must be at least 8 bytes of padding. */ - bad |= mbedtls_ct_size_gt( 8, pad_count ); + bad |= mbedtls_ct_size_gt(8, pad_count); /* If the padding is valid, set plaintext_size to the number of * remaining bytes after stripping the padding. If the padding @@ -762,24 +757,24 @@ int mbedtls_ct_rsaes_pkcs1_v15_unpadding( int mode, * validity through timing. RSA keys are small enough that all the * size_t values involved fit in unsigned int. */ plaintext_size = mbedtls_ct_uint_if( - bad, (unsigned) plaintext_max_size, - (unsigned) ( ilen - pad_count - 3 ) ); + bad, (unsigned) plaintext_max_size, + (unsigned) (ilen - pad_count - 3)); /* Set output_too_large to 0 if the plaintext fits in the output * buffer and to 1 otherwise. */ - output_too_large = mbedtls_ct_size_gt( plaintext_size, - plaintext_max_size ); + output_too_large = mbedtls_ct_size_gt(plaintext_size, + plaintext_max_size); /* Set ret without branches to avoid timing attacks. Return: * - INVALID_PADDING if the padding is bad (bad != 0). * - OUTPUT_TOO_LARGE if the padding is good but the decrypted * plaintext does not fit in the output buffer. * - 0 if the padding is correct. */ - ret = - (int) mbedtls_ct_uint_if( - bad, - MBEDTLS_ERR_RSA_INVALID_PADDING, - mbedtls_ct_uint_if( output_too_large, - - MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE, - 0 ) ); + ret = -(int) mbedtls_ct_uint_if( + bad, -MBEDTLS_ERR_RSA_INVALID_PADDING, + mbedtls_ct_uint_if(output_too_large, + -MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE, + 0)); /* If the padding is bad or the plaintext is too large, zero the * data that we're about to copy to the output buffer. @@ -787,17 +782,18 @@ int mbedtls_ct_rsaes_pkcs1_v15_unpadding( int mode, * from the same buffer whether the padding is good or not to * avoid leaking the padding validity through overall timing or * through memory or cache access patterns. */ - bad = mbedtls_ct_uint_mask( bad | output_too_large ); - for( i = 11; i < ilen; i++ ) + bad = mbedtls_ct_uint_mask(bad | output_too_large); + for (i = 11; i < ilen; i++) { input[i] &= ~bad; + } /* If the plaintext is too large, truncate it to the buffer size. * Copy anyway to avoid revealing the length through timing, because * revealing the length is as bad as revealing the padding validity * for a Bleichenbacher attack. */ - plaintext_size = mbedtls_ct_uint_if( output_too_large, - (unsigned) plaintext_max_size, - (unsigned) plaintext_size ); + plaintext_size = mbedtls_ct_uint_if(output_too_large, + (unsigned) plaintext_max_size, + (unsigned) plaintext_size); /* Move the plaintext to the leftmost position where it can start in * the working buffer, i.e. make it start plaintext_max_size from @@ -805,9 +801,9 @@ int mbedtls_ct_rsaes_pkcs1_v15_unpadding( int mode, * does not depend on the plaintext size. After this move, the * starting location of the plaintext is no longer sensitive * information. */ - mbedtls_ct_mem_move_to_left( input + ilen - plaintext_max_size, - plaintext_max_size, - plaintext_max_size - plaintext_size ); + mbedtls_ct_mem_move_to_left(input + ilen - plaintext_max_size, + plaintext_max_size, + plaintext_max_size - plaintext_size); /* Finally copy the decrypted plaintext plus trailing zeros into the output * buffer. If output_max_len is 0, then output may be an invalid pointer @@ -816,8 +812,9 @@ int mbedtls_ct_rsaes_pkcs1_v15_unpadding( int mode, * user-provided output buffer), which is independent from plaintext * length, validity of padding, success of the decryption, and other * secrets. */ - if( output_max_len != 0 ) - memcpy( output, input + ilen - plaintext_max_size, plaintext_max_size ); + if (output_max_len != 0) { + memcpy(output, input + ilen - plaintext_max_size, plaintext_max_size); + } /* Report the amount of data we copied to the output buffer. In case * of errors (bad padding or output too large), the value of *olen @@ -825,7 +822,7 @@ int mbedtls_ct_rsaes_pkcs1_v15_unpadding( int mode, * to the good case limits the risks of leaking the padding validity. */ *olen = plaintext_size; - return( ret ); + return ret; } #endif /* MBEDTLS_PKCS1_V15 && MBEDTLS_RSA_C && ! MBEDTLS_RSA_ALT */ diff --git a/thirdparty/mbedtls/library/constant_time_internal.h b/thirdparty/mbedtls/library/constant_time_internal.h index ff2d0ff92c..402cf148b8 100644 --- a/thirdparty/mbedtls/library/constant_time_internal.h +++ b/thirdparty/mbedtls/library/constant_time_internal.h @@ -43,7 +43,7 @@ * * \return Zero if \p value is zero, otherwise all-bits-one. */ -unsigned mbedtls_ct_uint_mask( unsigned value ); +unsigned mbedtls_ct_uint_mask(unsigned value); #if defined(MBEDTLS_SSL_SOME_MODES_USE_MAC) @@ -58,7 +58,7 @@ unsigned mbedtls_ct_uint_mask( unsigned value ); * * \return Zero if \p value is zero, otherwise all-bits-one. */ -size_t mbedtls_ct_size_mask( size_t value ); +size_t mbedtls_ct_size_mask(size_t value); #endif /* MBEDTLS_SSL_SOME_MODES_USE_MAC */ @@ -75,7 +75,7 @@ size_t mbedtls_ct_size_mask( size_t value ); * * \return Zero if \p value is zero, otherwise all-bits-one. */ -mbedtls_mpi_uint mbedtls_ct_mpi_uint_mask( mbedtls_mpi_uint value ); +mbedtls_mpi_uint mbedtls_ct_mpi_uint_mask(mbedtls_mpi_uint value); #endif /* MBEDTLS_BIGNUM_C */ @@ -94,8 +94,8 @@ mbedtls_mpi_uint mbedtls_ct_mpi_uint_mask( mbedtls_mpi_uint value ); * \return All-bits-one if \p x is greater or equal than \p y, * otherwise zero. */ -size_t mbedtls_ct_size_mask_ge( size_t x, - size_t y ); +size_t mbedtls_ct_size_mask_ge(size_t x, + size_t y); #endif /* MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC */ @@ -110,8 +110,8 @@ size_t mbedtls_ct_size_mask_ge( size_t x, * * \return 1 if \p x equals to \p y, otherwise 0. */ -unsigned mbedtls_ct_size_bool_eq( size_t x, - size_t y ); +unsigned mbedtls_ct_size_bool_eq(size_t x, + size_t y); #if defined(MBEDTLS_BIGNUM_C) @@ -125,8 +125,8 @@ unsigned mbedtls_ct_size_bool_eq( size_t x, * * \return 1 if \p x is less than \p y, otherwise 0. */ -unsigned mbedtls_ct_mpi_uint_lt( const mbedtls_mpi_uint x, - const mbedtls_mpi_uint y ); +unsigned mbedtls_ct_mpi_uint_lt(const mbedtls_mpi_uint x, + const mbedtls_mpi_uint y); #endif /* MBEDTLS_BIGNUM_C */ @@ -141,9 +141,9 @@ unsigned mbedtls_ct_mpi_uint_lt( const mbedtls_mpi_uint x, * * \return \c if1 if \p condition is nonzero, otherwise \c if0. */ -unsigned mbedtls_ct_uint_if( unsigned condition, - unsigned if1, - unsigned if0 ); +unsigned mbedtls_ct_uint_if(unsigned condition, + unsigned if1, + unsigned if0); #if defined(MBEDTLS_BIGNUM_C) @@ -159,10 +159,10 @@ unsigned mbedtls_ct_uint_if( unsigned condition, * initialized MPI. * \param condition Condition to test, must be 0 or 1. */ -void mbedtls_ct_mpi_uint_cond_assign( size_t n, - mbedtls_mpi_uint *dest, - const mbedtls_mpi_uint *src, - unsigned char condition ); +void mbedtls_ct_mpi_uint_cond_assign(size_t n, + mbedtls_mpi_uint *dest, + const mbedtls_mpi_uint *src, + unsigned char condition); #endif /* MBEDTLS_BIGNUM_C */ @@ -177,7 +177,7 @@ void mbedtls_ct_mpi_uint_cond_assign( size_t n, * * \return A base64 digit converted from \p value. */ -unsigned char mbedtls_ct_base64_enc_char( unsigned char value ); +unsigned char mbedtls_ct_base64_enc_char(unsigned char value); /** Given a Base64 digit, return its value. * @@ -191,7 +191,7 @@ unsigned char mbedtls_ct_base64_enc_char( unsigned char value ); * * \return The value of the base64 digit \p c. */ -signed char mbedtls_ct_base64_dec_value( unsigned char c ); +signed char mbedtls_ct_base64_dec_value(unsigned char c); #endif /* MBEDTLS_BASE64_C */ @@ -208,10 +208,10 @@ signed char mbedtls_ct_base64_dec_value( unsigned char c ); * \param c1 The first value to analyze in the condition. * \param c2 The second value to analyze in the condition. */ -void mbedtls_ct_memcpy_if_eq( unsigned char *dest, - const unsigned char *src, - size_t len, - size_t c1, size_t c2 ); +void mbedtls_ct_memcpy_if_eq(unsigned char *dest, + const unsigned char *src, + size_t len, + size_t c1, size_t c2); /** Copy data from a secret position with constant flow. * @@ -239,12 +239,12 @@ void mbedtls_ct_memcpy_if_eq( unsigned char *dest, * \param offset_max The maximal value of \p offset. * \param len The number of bytes to copy. */ -void mbedtls_ct_memcpy_offset( unsigned char *dest, - const unsigned char *src, - size_t offset, - size_t offset_min, - size_t offset_max, - size_t len ); +void mbedtls_ct_memcpy_offset(unsigned char *dest, + const unsigned char *src, + size_t offset, + size_t offset_min, + size_t offset_max, + size_t len); /** Compute the HMAC of variable-length data with constant flow. * @@ -282,14 +282,14 @@ void mbedtls_ct_memcpy_offset( unsigned char *dest, * \retval #MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED * The hardware accelerator failed. */ -int mbedtls_ct_hmac( mbedtls_md_context_t *ctx, - const unsigned char *add_data, - size_t add_data_len, - const unsigned char *data, - size_t data_len_secret, - size_t min_data_len, - size_t max_data_len, - unsigned char *output ); +int mbedtls_ct_hmac(mbedtls_md_context_t *ctx, + const unsigned char *add_data, + size_t add_data_len, + const unsigned char *data, + size_t data_len_secret, + size_t min_data_len, + size_t max_data_len, + unsigned char *output); #endif /* MBEDTLS_SSL_SOME_MODES_USE_MAC */ @@ -323,12 +323,12 @@ int mbedtls_ct_hmac( mbedtls_md_context_t *ctx, * \return #MBEDTLS_ERR_RSA_INVALID_PADDING * The input doesn't contain properly formatted padding. */ -int mbedtls_ct_rsaes_pkcs1_v15_unpadding( int mode, - unsigned char *input, - size_t ilen, - unsigned char *output, - size_t output_max_len, - size_t *olen ); +int mbedtls_ct_rsaes_pkcs1_v15_unpadding(int mode, + unsigned char *input, + size_t ilen, + unsigned char *output, + size_t output_max_len, + size_t *olen); #endif /* MBEDTLS_PKCS1_V15 && MBEDTLS_RSA_C && ! MBEDTLS_RSA_ALT */ diff --git a/thirdparty/mbedtls/library/constant_time_invasive.h b/thirdparty/mbedtls/library/constant_time_invasive.h index 4620ca1379..c176b28ffd 100644 --- a/thirdparty/mbedtls/library/constant_time_invasive.h +++ b/thirdparty/mbedtls/library/constant_time_invasive.h @@ -42,9 +42,9 @@ * * \return All-bits-one if \p low <= \p c <= \p high, otherwise zero. */ -unsigned char mbedtls_ct_uchar_mask_of_range( unsigned char low, - unsigned char high, - unsigned char c ); +unsigned char mbedtls_ct_uchar_mask_of_range(unsigned char low, + unsigned char high, + unsigned char c); #endif /* MBEDTLS_TEST_HOOKS */ diff --git a/thirdparty/mbedtls/library/ctr_drbg.c b/thirdparty/mbedtls/library/ctr_drbg.c index ed31576a7b..652c5cbc28 100644 --- a/thirdparty/mbedtls/library/ctr_drbg.c +++ b/thirdparty/mbedtls/library/ctr_drbg.c @@ -41,9 +41,9 @@ /* * CTR_DRBG context initialization */ -void mbedtls_ctr_drbg_init( mbedtls_ctr_drbg_context *ctx ) +void mbedtls_ctr_drbg_init(mbedtls_ctr_drbg_context *ctx) { - memset( ctx, 0, sizeof( mbedtls_ctr_drbg_context ) ); + memset(ctx, 0, sizeof(mbedtls_ctr_drbg_context)); /* Indicate that the entropy nonce length is not set explicitly. * See mbedtls_ctr_drbg_set_nonce_len(). */ ctx->reseed_counter = -1; @@ -55,50 +55,55 @@ void mbedtls_ctr_drbg_init( mbedtls_ctr_drbg_context *ctx ) * This function resets CTR_DRBG context to the state immediately * after initial call of mbedtls_ctr_drbg_init(). */ -void mbedtls_ctr_drbg_free( mbedtls_ctr_drbg_context *ctx ) +void mbedtls_ctr_drbg_free(mbedtls_ctr_drbg_context *ctx) { - if( ctx == NULL ) + if (ctx == NULL) { return; + } #if defined(MBEDTLS_THREADING_C) /* The mutex is initialized iff f_entropy is set. */ - if( ctx->f_entropy != NULL ) - mbedtls_mutex_free( &ctx->mutex ); + if (ctx->f_entropy != NULL) { + mbedtls_mutex_free(&ctx->mutex); + } #endif - mbedtls_aes_free( &ctx->aes_ctx ); - mbedtls_platform_zeroize( ctx, sizeof( mbedtls_ctr_drbg_context ) ); + mbedtls_aes_free(&ctx->aes_ctx); + mbedtls_platform_zeroize(ctx, sizeof(mbedtls_ctr_drbg_context)); ctx->reseed_interval = MBEDTLS_CTR_DRBG_RESEED_INTERVAL; ctx->reseed_counter = -1; } -void mbedtls_ctr_drbg_set_prediction_resistance( mbedtls_ctr_drbg_context *ctx, - int resistance ) +void mbedtls_ctr_drbg_set_prediction_resistance(mbedtls_ctr_drbg_context *ctx, + int resistance) { ctx->prediction_resistance = resistance; } -void mbedtls_ctr_drbg_set_entropy_len( mbedtls_ctr_drbg_context *ctx, - size_t len ) +void mbedtls_ctr_drbg_set_entropy_len(mbedtls_ctr_drbg_context *ctx, + size_t len) { ctx->entropy_len = len; } -int mbedtls_ctr_drbg_set_nonce_len( mbedtls_ctr_drbg_context *ctx, - size_t len ) +int mbedtls_ctr_drbg_set_nonce_len(mbedtls_ctr_drbg_context *ctx, + size_t len) { /* If mbedtls_ctr_drbg_seed() has already been called, it's * too late. Return the error code that's closest to making sense. */ - if( ctx->f_entropy != NULL ) - return( MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED ); + if (ctx->f_entropy != NULL) { + return MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED; + } - if( len > MBEDTLS_CTR_DRBG_MAX_SEED_INPUT ) - return( MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG ); + if (len > MBEDTLS_CTR_DRBG_MAX_SEED_INPUT) { + return MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG; + } #if SIZE_MAX > INT_MAX /* This shouldn't be an issue because * MBEDTLS_CTR_DRBG_MAX_SEED_INPUT < INT_MAX in any sensible * configuration, but make sure anyway. */ - if( len > INT_MAX ) - return( MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG ); + if (len > INT_MAX) { + return MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG; + } #endif /* For backward compatibility with Mbed TLS <= 2.19, store the @@ -106,17 +111,17 @@ int mbedtls_ctr_drbg_set_nonce_len( mbedtls_ctr_drbg_context *ctx, * used until after the initial seeding. */ /* Due to the capping of len above, the value fits in an int. */ ctx->reseed_counter = (int) len; - return( 0 ); + return 0; } -void mbedtls_ctr_drbg_set_reseed_interval( mbedtls_ctr_drbg_context *ctx, - int interval ) +void mbedtls_ctr_drbg_set_reseed_interval(mbedtls_ctr_drbg_context *ctx, + int interval) { ctx->reseed_interval = interval; } -static int block_cipher_df( unsigned char *output, - const unsigned char *data, size_t data_len ) +static int block_cipher_df(unsigned char *output, + const unsigned char *data, size_t data_len) { unsigned char buf[MBEDTLS_CTR_DRBG_MAX_SEED_INPUT + MBEDTLS_CTR_DRBG_BLOCKSIZE + 16]; @@ -130,12 +135,13 @@ static int block_cipher_df( unsigned char *output, int i, j; size_t buf_len, use_len; - if( data_len > MBEDTLS_CTR_DRBG_MAX_SEED_INPUT ) - return( MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG ); + if (data_len > MBEDTLS_CTR_DRBG_MAX_SEED_INPUT) { + return MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG; + } - memset( buf, 0, MBEDTLS_CTR_DRBG_MAX_SEED_INPUT + - MBEDTLS_CTR_DRBG_BLOCKSIZE + 16 ); - mbedtls_aes_init( &aes_ctx ); + memset(buf, 0, MBEDTLS_CTR_DRBG_MAX_SEED_INPUT + + MBEDTLS_CTR_DRBG_BLOCKSIZE + 16); + mbedtls_aes_init(&aes_ctx); /* * Construct IV (16 bytes) and S in buffer @@ -145,48 +151,46 @@ static int block_cipher_df( unsigned char *output, * (Total is padded to a multiple of 16-bytes with zeroes) */ p = buf + MBEDTLS_CTR_DRBG_BLOCKSIZE; - MBEDTLS_PUT_UINT32_BE( data_len, p, 0); + MBEDTLS_PUT_UINT32_BE(data_len, p, 0); p += 4 + 3; *p++ = MBEDTLS_CTR_DRBG_SEEDLEN; - memcpy( p, data, data_len ); + memcpy(p, data, data_len); p[data_len] = 0x80; buf_len = MBEDTLS_CTR_DRBG_BLOCKSIZE + 8 + data_len + 1; - for( i = 0; i < MBEDTLS_CTR_DRBG_KEYSIZE; i++ ) + for (i = 0; i < MBEDTLS_CTR_DRBG_KEYSIZE; i++) { key[i] = i; + } - if( ( ret = mbedtls_aes_setkey_enc( &aes_ctx, key, - MBEDTLS_CTR_DRBG_KEYBITS ) ) != 0 ) - { + if ((ret = mbedtls_aes_setkey_enc(&aes_ctx, key, + MBEDTLS_CTR_DRBG_KEYBITS)) != 0) { goto exit; } /* * Reduce data to MBEDTLS_CTR_DRBG_SEEDLEN bytes of data */ - for( j = 0; j < MBEDTLS_CTR_DRBG_SEEDLEN; j += MBEDTLS_CTR_DRBG_BLOCKSIZE ) - { + for (j = 0; j < MBEDTLS_CTR_DRBG_SEEDLEN; j += MBEDTLS_CTR_DRBG_BLOCKSIZE) { p = buf; - memset( chain, 0, MBEDTLS_CTR_DRBG_BLOCKSIZE ); + memset(chain, 0, MBEDTLS_CTR_DRBG_BLOCKSIZE); use_len = buf_len; - while( use_len > 0 ) - { - for( i = 0; i < MBEDTLS_CTR_DRBG_BLOCKSIZE; i++ ) + while (use_len > 0) { + for (i = 0; i < MBEDTLS_CTR_DRBG_BLOCKSIZE; i++) { chain[i] ^= p[i]; + } p += MBEDTLS_CTR_DRBG_BLOCKSIZE; - use_len -= ( use_len >= MBEDTLS_CTR_DRBG_BLOCKSIZE ) ? + use_len -= (use_len >= MBEDTLS_CTR_DRBG_BLOCKSIZE) ? MBEDTLS_CTR_DRBG_BLOCKSIZE : use_len; - if( ( ret = mbedtls_aes_crypt_ecb( &aes_ctx, MBEDTLS_AES_ENCRYPT, - chain, chain ) ) != 0 ) - { + if ((ret = mbedtls_aes_crypt_ecb(&aes_ctx, MBEDTLS_AES_ENCRYPT, + chain, chain)) != 0) { goto exit; } } - memcpy( tmp + j, chain, MBEDTLS_CTR_DRBG_BLOCKSIZE ); + memcpy(tmp + j, chain, MBEDTLS_CTR_DRBG_BLOCKSIZE); /* * Update IV @@ -197,42 +201,38 @@ static int block_cipher_df( unsigned char *output, /* * Do final encryption with reduced data */ - if( ( ret = mbedtls_aes_setkey_enc( &aes_ctx, tmp, - MBEDTLS_CTR_DRBG_KEYBITS ) ) != 0 ) - { + if ((ret = mbedtls_aes_setkey_enc(&aes_ctx, tmp, + MBEDTLS_CTR_DRBG_KEYBITS)) != 0) { goto exit; } iv = tmp + MBEDTLS_CTR_DRBG_KEYSIZE; p = output; - for( j = 0; j < MBEDTLS_CTR_DRBG_SEEDLEN; j += MBEDTLS_CTR_DRBG_BLOCKSIZE ) - { - if( ( ret = mbedtls_aes_crypt_ecb( &aes_ctx, MBEDTLS_AES_ENCRYPT, - iv, iv ) ) != 0 ) - { + for (j = 0; j < MBEDTLS_CTR_DRBG_SEEDLEN; j += MBEDTLS_CTR_DRBG_BLOCKSIZE) { + if ((ret = mbedtls_aes_crypt_ecb(&aes_ctx, MBEDTLS_AES_ENCRYPT, + iv, iv)) != 0) { goto exit; } - memcpy( p, iv, MBEDTLS_CTR_DRBG_BLOCKSIZE ); + memcpy(p, iv, MBEDTLS_CTR_DRBG_BLOCKSIZE); p += MBEDTLS_CTR_DRBG_BLOCKSIZE; } exit: - mbedtls_aes_free( &aes_ctx ); + mbedtls_aes_free(&aes_ctx); /* - * tidy up the stack - */ - mbedtls_platform_zeroize( buf, sizeof( buf ) ); - mbedtls_platform_zeroize( tmp, sizeof( tmp ) ); - mbedtls_platform_zeroize( key, sizeof( key ) ); - mbedtls_platform_zeroize( chain, sizeof( chain ) ); - if( 0 != ret ) - { + * tidy up the stack + */ + mbedtls_platform_zeroize(buf, sizeof(buf)); + mbedtls_platform_zeroize(tmp, sizeof(tmp)); + mbedtls_platform_zeroize(key, sizeof(key)); + mbedtls_platform_zeroize(chain, sizeof(chain)); + if (0 != ret) { /* - * wipe partial seed from memory - */ - mbedtls_platform_zeroize( output, MBEDTLS_CTR_DRBG_SEEDLEN ); + * wipe partial seed from memory + */ + mbedtls_platform_zeroize(output, MBEDTLS_CTR_DRBG_SEEDLEN); } - return( ret ); + return ret; } /* CTR_DRBG_Update (SP 800-90A §10.2.1.2) @@ -243,54 +243,54 @@ exit: * ctx->aes_ctx = Key * ctx->counter = V */ -static int ctr_drbg_update_internal( mbedtls_ctr_drbg_context *ctx, - const unsigned char data[MBEDTLS_CTR_DRBG_SEEDLEN] ) +static int ctr_drbg_update_internal(mbedtls_ctr_drbg_context *ctx, + const unsigned char data[MBEDTLS_CTR_DRBG_SEEDLEN]) { unsigned char tmp[MBEDTLS_CTR_DRBG_SEEDLEN]; unsigned char *p = tmp; int i, j; int ret = 0; - memset( tmp, 0, MBEDTLS_CTR_DRBG_SEEDLEN ); + memset(tmp, 0, MBEDTLS_CTR_DRBG_SEEDLEN); - for( j = 0; j < MBEDTLS_CTR_DRBG_SEEDLEN; j += MBEDTLS_CTR_DRBG_BLOCKSIZE ) - { + for (j = 0; j < MBEDTLS_CTR_DRBG_SEEDLEN; j += MBEDTLS_CTR_DRBG_BLOCKSIZE) { /* * Increase counter */ - for( i = MBEDTLS_CTR_DRBG_BLOCKSIZE; i > 0; i-- ) - if( ++ctx->counter[i - 1] != 0 ) + for (i = MBEDTLS_CTR_DRBG_BLOCKSIZE; i > 0; i--) { + if (++ctx->counter[i - 1] != 0) { break; + } + } /* * Crypt counter block */ - if( ( ret = mbedtls_aes_crypt_ecb( &ctx->aes_ctx, MBEDTLS_AES_ENCRYPT, - ctx->counter, p ) ) != 0 ) - { + if ((ret = mbedtls_aes_crypt_ecb(&ctx->aes_ctx, MBEDTLS_AES_ENCRYPT, + ctx->counter, p)) != 0) { goto exit; } p += MBEDTLS_CTR_DRBG_BLOCKSIZE; } - for( i = 0; i < MBEDTLS_CTR_DRBG_SEEDLEN; i++ ) + for (i = 0; i < MBEDTLS_CTR_DRBG_SEEDLEN; i++) { tmp[i] ^= data[i]; + } /* * Update key and counter */ - if( ( ret = mbedtls_aes_setkey_enc( &ctx->aes_ctx, tmp, - MBEDTLS_CTR_DRBG_KEYBITS ) ) != 0 ) - { + if ((ret = mbedtls_aes_setkey_enc(&ctx->aes_ctx, tmp, + MBEDTLS_CTR_DRBG_KEYBITS)) != 0) { goto exit; } - memcpy( ctx->counter, tmp + MBEDTLS_CTR_DRBG_KEYSIZE, - MBEDTLS_CTR_DRBG_BLOCKSIZE ); + memcpy(ctx->counter, tmp + MBEDTLS_CTR_DRBG_KEYSIZE, + MBEDTLS_CTR_DRBG_BLOCKSIZE); exit: - mbedtls_platform_zeroize( tmp, sizeof( tmp ) ); - return( ret ); + mbedtls_platform_zeroize(tmp, sizeof(tmp)); + return ret; } /* CTR_DRBG_Instantiate with derivation function (SP 800-90A §10.2.1.3.2) @@ -305,36 +305,40 @@ exit: * and with outputs * ctx = initial_working_state */ -int mbedtls_ctr_drbg_update_ret( mbedtls_ctr_drbg_context *ctx, - const unsigned char *additional, - size_t add_len ) +int mbedtls_ctr_drbg_update_ret(mbedtls_ctr_drbg_context *ctx, + const unsigned char *additional, + size_t add_len) { unsigned char add_input[MBEDTLS_CTR_DRBG_SEEDLEN]; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - if( add_len == 0 ) - return( 0 ); + if (add_len == 0) { + return 0; + } - if( ( ret = block_cipher_df( add_input, additional, add_len ) ) != 0 ) + if ((ret = block_cipher_df(add_input, additional, add_len)) != 0) { goto exit; - if( ( ret = ctr_drbg_update_internal( ctx, add_input ) ) != 0 ) + } + if ((ret = ctr_drbg_update_internal(ctx, add_input)) != 0) { goto exit; + } exit: - mbedtls_platform_zeroize( add_input, sizeof( add_input ) ); - return( ret ); + mbedtls_platform_zeroize(add_input, sizeof(add_input)); + return ret; } #if !defined(MBEDTLS_DEPRECATED_REMOVED) -void mbedtls_ctr_drbg_update( mbedtls_ctr_drbg_context *ctx, - const unsigned char *additional, - size_t add_len ) +void mbedtls_ctr_drbg_update(mbedtls_ctr_drbg_context *ctx, + const unsigned char *additional, + size_t add_len) { /* MAX_INPUT would be more logical here, but we have to match * block_cipher_df()'s limits since we can't propagate errors */ - if( add_len > MBEDTLS_CTR_DRBG_MAX_SEED_INPUT ) + if (add_len > MBEDTLS_CTR_DRBG_MAX_SEED_INPUT) { add_len = MBEDTLS_CTR_DRBG_MAX_SEED_INPUT; - (void) mbedtls_ctr_drbg_update_ret( ctx, additional, add_len ); + } + (void) mbedtls_ctr_drbg_update_ret(ctx, additional, add_len); } #endif /* MBEDTLS_DEPRECATED_REMOVED */ @@ -351,66 +355,67 @@ void mbedtls_ctr_drbg_update( mbedtls_ctr_drbg_context *ctx, * and with output * ctx contains new_working_state */ -static int mbedtls_ctr_drbg_reseed_internal( mbedtls_ctr_drbg_context *ctx, - const unsigned char *additional, - size_t len, - size_t nonce_len ) +static int mbedtls_ctr_drbg_reseed_internal(mbedtls_ctr_drbg_context *ctx, + const unsigned char *additional, + size_t len, + size_t nonce_len) { unsigned char seed[MBEDTLS_CTR_DRBG_MAX_SEED_INPUT]; size_t seedlen = 0; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - if( ctx->entropy_len > MBEDTLS_CTR_DRBG_MAX_SEED_INPUT ) - return( MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG ); - if( nonce_len > MBEDTLS_CTR_DRBG_MAX_SEED_INPUT - ctx->entropy_len ) - return( MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG ); - if( len > MBEDTLS_CTR_DRBG_MAX_SEED_INPUT - ctx->entropy_len - nonce_len ) - return( MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG ); + if (ctx->entropy_len > MBEDTLS_CTR_DRBG_MAX_SEED_INPUT) { + return MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG; + } + if (nonce_len > MBEDTLS_CTR_DRBG_MAX_SEED_INPUT - ctx->entropy_len) { + return MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG; + } + if (len > MBEDTLS_CTR_DRBG_MAX_SEED_INPUT - ctx->entropy_len - nonce_len) { + return MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG; + } - memset( seed, 0, MBEDTLS_CTR_DRBG_MAX_SEED_INPUT ); + memset(seed, 0, MBEDTLS_CTR_DRBG_MAX_SEED_INPUT); /* Gather entropy_len bytes of entropy to seed state. */ - if( 0 != ctx->f_entropy( ctx->p_entropy, seed, ctx->entropy_len ) ) - { - return( MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED ); + if (0 != ctx->f_entropy(ctx->p_entropy, seed, ctx->entropy_len)) { + return MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED; } seedlen += ctx->entropy_len; /* Gather entropy for a nonce if requested. */ - if( nonce_len != 0 ) - { - if( 0 != ctx->f_entropy( ctx->p_entropy, seed + seedlen, nonce_len ) ) - { - return( MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED ); + if (nonce_len != 0) { + if (0 != ctx->f_entropy(ctx->p_entropy, seed + seedlen, nonce_len)) { + return MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED; } seedlen += nonce_len; } /* Add additional data if provided. */ - if( additional != NULL && len != 0 ) - { - memcpy( seed + seedlen, additional, len ); + if (additional != NULL && len != 0) { + memcpy(seed + seedlen, additional, len); seedlen += len; } /* Reduce to 384 bits. */ - if( ( ret = block_cipher_df( seed, seed, seedlen ) ) != 0 ) + if ((ret = block_cipher_df(seed, seed, seedlen)) != 0) { goto exit; + } /* Update state. */ - if( ( ret = ctr_drbg_update_internal( ctx, seed ) ) != 0 ) + if ((ret = ctr_drbg_update_internal(ctx, seed)) != 0) { goto exit; + } ctx->reseed_counter = 1; exit: - mbedtls_platform_zeroize( seed, sizeof( seed ) ); - return( ret ); + mbedtls_platform_zeroize(seed, sizeof(seed)); + return ret; } -int mbedtls_ctr_drbg_reseed( mbedtls_ctr_drbg_context *ctx, - const unsigned char *additional, size_t len ) +int mbedtls_ctr_drbg_reseed(mbedtls_ctr_drbg_context *ctx, + const unsigned char *additional, size_t len) { - return( mbedtls_ctr_drbg_reseed_internal( ctx, additional, len, 0 ) ); + return mbedtls_ctr_drbg_reseed_internal(ctx, additional, len, 0); } /* Return a "good" nonce length for CTR_DRBG. The chosen nonce length @@ -418,12 +423,13 @@ int mbedtls_ctr_drbg_reseed( mbedtls_ctr_drbg_context *ctx, * size and entropy length. If there is enough entropy in the initial * call to the entropy function to serve as both the entropy input and * the nonce, don't make a second call to get a nonce. */ -static size_t good_nonce_len( size_t entropy_len ) +static size_t good_nonce_len(size_t entropy_len) { - if( entropy_len >= MBEDTLS_CTR_DRBG_KEYSIZE * 3 / 2 ) - return( 0 ); - else - return( ( entropy_len + 1 ) / 2 ); + if (entropy_len >= MBEDTLS_CTR_DRBG_KEYSIZE * 3 / 2) { + return 0; + } else { + return (entropy_len + 1) / 2; + } } /* CTR_DRBG_Instantiate with derivation function (SP 800-90A §10.2.1.3.2) @@ -437,52 +443,51 @@ static size_t good_nonce_len( size_t entropy_len ) * and with outputs * ctx = initial_working_state */ -int mbedtls_ctr_drbg_seed( mbedtls_ctr_drbg_context *ctx, - int (*f_entropy)(void *, unsigned char *, size_t), - void *p_entropy, - const unsigned char *custom, - size_t len ) +int mbedtls_ctr_drbg_seed(mbedtls_ctr_drbg_context *ctx, + int (*f_entropy)(void *, unsigned char *, size_t), + void *p_entropy, + const unsigned char *custom, + size_t len) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char key[MBEDTLS_CTR_DRBG_KEYSIZE]; size_t nonce_len; - memset( key, 0, MBEDTLS_CTR_DRBG_KEYSIZE ); + memset(key, 0, MBEDTLS_CTR_DRBG_KEYSIZE); /* The mutex is initialized iff f_entropy is set. */ #if defined(MBEDTLS_THREADING_C) - mbedtls_mutex_init( &ctx->mutex ); + mbedtls_mutex_init(&ctx->mutex); #endif - mbedtls_aes_init( &ctx->aes_ctx ); + mbedtls_aes_init(&ctx->aes_ctx); ctx->f_entropy = f_entropy; ctx->p_entropy = p_entropy; - if( ctx->entropy_len == 0 ) + if (ctx->entropy_len == 0) { ctx->entropy_len = MBEDTLS_CTR_DRBG_ENTROPY_LEN; + } /* ctx->reseed_counter contains the desired amount of entropy to * grab for a nonce (see mbedtls_ctr_drbg_set_nonce_len()). * If it's -1, indicating that the entropy nonce length was not set * explicitly, use a sufficiently large nonce for security. */ - nonce_len = ( ctx->reseed_counter >= 0 ? - (size_t) ctx->reseed_counter : - good_nonce_len( ctx->entropy_len ) ); + nonce_len = (ctx->reseed_counter >= 0 ? + (size_t) ctx->reseed_counter : + good_nonce_len(ctx->entropy_len)); /* Initialize with an empty key. */ - if( ( ret = mbedtls_aes_setkey_enc( &ctx->aes_ctx, key, - MBEDTLS_CTR_DRBG_KEYBITS ) ) != 0 ) - { - return( ret ); + if ((ret = mbedtls_aes_setkey_enc(&ctx->aes_ctx, key, + MBEDTLS_CTR_DRBG_KEYBITS)) != 0) { + return ret; } /* Do the initial seeding. */ - if( ( ret = mbedtls_ctr_drbg_reseed_internal( ctx, custom, len, - nonce_len ) ) != 0 ) - { - return( ret ); + if ((ret = mbedtls_ctr_drbg_reseed_internal(ctx, custom, len, + nonce_len)) != 0) { + return ret; } - return( 0 ); + return 0; } /* CTR_DRBG_Generate with derivation function (SP 800-90A §10.2.1.5.2) @@ -504,9 +509,9 @@ int mbedtls_ctr_drbg_seed( mbedtls_ctr_drbg_context *ctx, * returned_bits = output[:output_len] * ctx contains new_working_state */ -int mbedtls_ctr_drbg_random_with_add( void *p_rng, - unsigned char *output, size_t output_len, - const unsigned char *additional, size_t add_len ) +int mbedtls_ctr_drbg_random_with_add(void *p_rng, + unsigned char *output, size_t output_len, + const unsigned char *additional, size_t add_len) { int ret = 0; mbedtls_ctr_drbg_context *ctx = (mbedtls_ctr_drbg_context *) p_rng; @@ -516,159 +521,163 @@ int mbedtls_ctr_drbg_random_with_add( void *p_rng, int i; size_t use_len; - if( output_len > MBEDTLS_CTR_DRBG_MAX_REQUEST ) - return( MBEDTLS_ERR_CTR_DRBG_REQUEST_TOO_BIG ); + if (output_len > MBEDTLS_CTR_DRBG_MAX_REQUEST) { + return MBEDTLS_ERR_CTR_DRBG_REQUEST_TOO_BIG; + } - if( add_len > MBEDTLS_CTR_DRBG_MAX_INPUT ) - return( MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG ); + if (add_len > MBEDTLS_CTR_DRBG_MAX_INPUT) { + return MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG; + } - memset( add_input, 0, MBEDTLS_CTR_DRBG_SEEDLEN ); + memset(add_input, 0, MBEDTLS_CTR_DRBG_SEEDLEN); - if( ctx->reseed_counter > ctx->reseed_interval || - ctx->prediction_resistance ) - { - if( ( ret = mbedtls_ctr_drbg_reseed( ctx, additional, add_len ) ) != 0 ) - { - return( ret ); + if (ctx->reseed_counter > ctx->reseed_interval || + ctx->prediction_resistance) { + if ((ret = mbedtls_ctr_drbg_reseed(ctx, additional, add_len)) != 0) { + return ret; } add_len = 0; } - if( add_len > 0 ) - { - if( ( ret = block_cipher_df( add_input, additional, add_len ) ) != 0 ) + if (add_len > 0) { + if ((ret = block_cipher_df(add_input, additional, add_len)) != 0) { goto exit; - if( ( ret = ctr_drbg_update_internal( ctx, add_input ) ) != 0 ) + } + if ((ret = ctr_drbg_update_internal(ctx, add_input)) != 0) { goto exit; + } } - while( output_len > 0 ) - { + while (output_len > 0) { /* * Increase counter */ - for( i = MBEDTLS_CTR_DRBG_BLOCKSIZE; i > 0; i-- ) - if( ++ctx->counter[i - 1] != 0 ) + for (i = MBEDTLS_CTR_DRBG_BLOCKSIZE; i > 0; i--) { + if (++ctx->counter[i - 1] != 0) { break; + } + } /* * Crypt counter block */ - if( ( ret = mbedtls_aes_crypt_ecb( &ctx->aes_ctx, MBEDTLS_AES_ENCRYPT, - ctx->counter, tmp ) ) != 0 ) - { + if ((ret = mbedtls_aes_crypt_ecb(&ctx->aes_ctx, MBEDTLS_AES_ENCRYPT, + ctx->counter, tmp)) != 0) { goto exit; } - use_len = ( output_len > MBEDTLS_CTR_DRBG_BLOCKSIZE ) + use_len = (output_len > MBEDTLS_CTR_DRBG_BLOCKSIZE) ? MBEDTLS_CTR_DRBG_BLOCKSIZE : output_len; /* * Copy random block to destination */ - memcpy( p, tmp, use_len ); + memcpy(p, tmp, use_len); p += use_len; output_len -= use_len; } - if( ( ret = ctr_drbg_update_internal( ctx, add_input ) ) != 0 ) + if ((ret = ctr_drbg_update_internal(ctx, add_input)) != 0) { goto exit; + } ctx->reseed_counter++; exit: - mbedtls_platform_zeroize( add_input, sizeof( add_input ) ); - mbedtls_platform_zeroize( tmp, sizeof( tmp ) ); - return( ret ); + mbedtls_platform_zeroize(add_input, sizeof(add_input)); + mbedtls_platform_zeroize(tmp, sizeof(tmp)); + return ret; } -int mbedtls_ctr_drbg_random( void *p_rng, unsigned char *output, - size_t output_len ) +int mbedtls_ctr_drbg_random(void *p_rng, unsigned char *output, + size_t output_len) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_ctr_drbg_context *ctx = (mbedtls_ctr_drbg_context *) p_rng; #if defined(MBEDTLS_THREADING_C) - if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 ) - return( ret ); + if ((ret = mbedtls_mutex_lock(&ctx->mutex)) != 0) { + return ret; + } #endif - ret = mbedtls_ctr_drbg_random_with_add( ctx, output, output_len, NULL, 0 ); + ret = mbedtls_ctr_drbg_random_with_add(ctx, output, output_len, NULL, 0); #if defined(MBEDTLS_THREADING_C) - if( mbedtls_mutex_unlock( &ctx->mutex ) != 0 ) - return( MBEDTLS_ERR_THREADING_MUTEX_ERROR ); + if (mbedtls_mutex_unlock(&ctx->mutex) != 0) { + return MBEDTLS_ERR_THREADING_MUTEX_ERROR; + } #endif - return( ret ); + return ret; } #if defined(MBEDTLS_FS_IO) -int mbedtls_ctr_drbg_write_seed_file( mbedtls_ctr_drbg_context *ctx, - const char *path ) +int mbedtls_ctr_drbg_write_seed_file(mbedtls_ctr_drbg_context *ctx, + const char *path) { int ret = MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR; FILE *f; - unsigned char buf[ MBEDTLS_CTR_DRBG_MAX_INPUT ]; + unsigned char buf[MBEDTLS_CTR_DRBG_MAX_INPUT]; - if( ( f = fopen( path, "wb" ) ) == NULL ) - return( MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR ); + if ((f = fopen(path, "wb")) == NULL) { + return MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR; + } - if( ( ret = mbedtls_ctr_drbg_random( ctx, buf, - MBEDTLS_CTR_DRBG_MAX_INPUT ) ) != 0 ) + if ((ret = mbedtls_ctr_drbg_random(ctx, buf, + MBEDTLS_CTR_DRBG_MAX_INPUT)) != 0) { goto exit; + } - if( fwrite( buf, 1, MBEDTLS_CTR_DRBG_MAX_INPUT, f ) != - MBEDTLS_CTR_DRBG_MAX_INPUT ) - { + if (fwrite(buf, 1, MBEDTLS_CTR_DRBG_MAX_INPUT, f) != + MBEDTLS_CTR_DRBG_MAX_INPUT) { ret = MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR; - } - else - { + } else { ret = 0; } exit: - mbedtls_platform_zeroize( buf, sizeof( buf ) ); + mbedtls_platform_zeroize(buf, sizeof(buf)); - fclose( f ); - return( ret ); + fclose(f); + return ret; } -int mbedtls_ctr_drbg_update_seed_file( mbedtls_ctr_drbg_context *ctx, - const char *path ) +int mbedtls_ctr_drbg_update_seed_file(mbedtls_ctr_drbg_context *ctx, + const char *path) { int ret = 0; FILE *f = NULL; size_t n; - unsigned char buf[ MBEDTLS_CTR_DRBG_MAX_INPUT ]; + unsigned char buf[MBEDTLS_CTR_DRBG_MAX_INPUT]; unsigned char c; - if( ( f = fopen( path, "rb" ) ) == NULL ) - return( MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR ); + if ((f = fopen(path, "rb")) == NULL) { + return MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR; + } - n = fread( buf, 1, sizeof( buf ), f ); - if( fread( &c, 1, 1, f ) != 0 ) - { + n = fread(buf, 1, sizeof(buf), f); + if (fread(&c, 1, 1, f) != 0) { ret = MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG; goto exit; } - if( n == 0 || ferror( f ) ) - { + if (n == 0 || ferror(f)) { ret = MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR; goto exit; } - fclose( f ); + fclose(f); f = NULL; - ret = mbedtls_ctr_drbg_update_ret( ctx, buf, n ); + ret = mbedtls_ctr_drbg_update_ret(ctx, buf, n); exit: - mbedtls_platform_zeroize( buf, sizeof( buf ) ); - if( f != NULL ) - fclose( f ); - if( ret != 0 ) - return( ret ); - return( mbedtls_ctr_drbg_write_seed_file( ctx, path ) ); + mbedtls_platform_zeroize(buf, sizeof(buf)); + if (f != NULL) { + fclose(f); + } + if (ret != 0) { + return ret; + } + return mbedtls_ctr_drbg_write_seed_file(ctx, path); } #endif /* MBEDTLS_FS_IO */ @@ -699,192 +708,197 @@ exit: #if defined(MBEDTLS_CTR_DRBG_USE_128_BIT_KEY) static const unsigned char entropy_source_pr[] = - { 0x04, 0xd9, 0x49, 0xa6, 0xdc, 0xe8, 0x6e, 0xbb, - 0xf1, 0x08, 0x77, 0x2b, 0x9e, 0x08, 0xca, 0x92, - 0x65, 0x16, 0xda, 0x99, 0xa2, 0x59, 0xf3, 0xe8, - 0x38, 0x7e, 0x3f, 0x6b, 0x51, 0x70, 0x7b, 0x20, - 0xec, 0x53, 0xd0, 0x66, 0xc3, 0x0f, 0xe3, 0xb0, - 0xe0, 0x86, 0xa6, 0xaa, 0x5f, 0x72, 0x2f, 0xad, - 0xf7, 0xef, 0x06, 0xb8, 0xd6, 0x9c, 0x9d, 0xe8 }; +{ 0x04, 0xd9, 0x49, 0xa6, 0xdc, 0xe8, 0x6e, 0xbb, + 0xf1, 0x08, 0x77, 0x2b, 0x9e, 0x08, 0xca, 0x92, + 0x65, 0x16, 0xda, 0x99, 0xa2, 0x59, 0xf3, 0xe8, + 0x38, 0x7e, 0x3f, 0x6b, 0x51, 0x70, 0x7b, 0x20, + 0xec, 0x53, 0xd0, 0x66, 0xc3, 0x0f, 0xe3, 0xb0, + 0xe0, 0x86, 0xa6, 0xaa, 0x5f, 0x72, 0x2f, 0xad, + 0xf7, 0xef, 0x06, 0xb8, 0xd6, 0x9c, 0x9d, 0xe8 }; static const unsigned char entropy_source_nopr[] = - { 0x07, 0x0d, 0x59, 0x63, 0x98, 0x73, 0xa5, 0x45, - 0x27, 0x38, 0x22, 0x7b, 0x76, 0x85, 0xd1, 0xa9, - 0x74, 0x18, 0x1f, 0x3c, 0x22, 0xf6, 0x49, 0x20, - 0x4a, 0x47, 0xc2, 0xf3, 0x85, 0x16, 0xb4, 0x6f, - 0x00, 0x2e, 0x71, 0xda, 0xed, 0x16, 0x9b, 0x5c }; +{ 0x07, 0x0d, 0x59, 0x63, 0x98, 0x73, 0xa5, 0x45, + 0x27, 0x38, 0x22, 0x7b, 0x76, 0x85, 0xd1, 0xa9, + 0x74, 0x18, 0x1f, 0x3c, 0x22, 0xf6, 0x49, 0x20, + 0x4a, 0x47, 0xc2, 0xf3, 0x85, 0x16, 0xb4, 0x6f, + 0x00, 0x2e, 0x71, 0xda, 0xed, 0x16, 0x9b, 0x5c }; static const unsigned char pers_pr[] = - { 0xbf, 0xa4, 0x9a, 0x8f, 0x7b, 0xd8, 0xb1, 0x7a, - 0x9d, 0xfa, 0x45, 0xed, 0x21, 0x52, 0xb3, 0xad }; +{ 0xbf, 0xa4, 0x9a, 0x8f, 0x7b, 0xd8, 0xb1, 0x7a, + 0x9d, 0xfa, 0x45, 0xed, 0x21, 0x52, 0xb3, 0xad }; static const unsigned char pers_nopr[] = - { 0x4e, 0x61, 0x79, 0xd4, 0xc2, 0x72, 0xa1, 0x4c, - 0xf1, 0x3d, 0xf6, 0x5e, 0xa3, 0xa6, 0xe5, 0x0f }; +{ 0x4e, 0x61, 0x79, 0xd4, 0xc2, 0x72, 0xa1, 0x4c, + 0xf1, 0x3d, 0xf6, 0x5e, 0xa3, 0xa6, 0xe5, 0x0f }; static const unsigned char result_pr[] = - { 0xc9, 0x0a, 0xaf, 0x85, 0x89, 0x71, 0x44, 0x66, - 0x4f, 0x25, 0x0b, 0x2b, 0xde, 0xd8, 0xfa, 0xff, - 0x52, 0x5a, 0x1b, 0x32, 0x5e, 0x41, 0x7a, 0x10, - 0x1f, 0xef, 0x1e, 0x62, 0x23, 0xe9, 0x20, 0x30, - 0xc9, 0x0d, 0xad, 0x69, 0xb4, 0x9c, 0x5b, 0xf4, - 0x87, 0x42, 0xd5, 0xae, 0x5e, 0x5e, 0x43, 0xcc, - 0xd9, 0xfd, 0x0b, 0x93, 0x4a, 0xe3, 0xd4, 0x06, - 0x37, 0x36, 0x0f, 0x3f, 0x72, 0x82, 0x0c, 0xcf }; +{ 0xc9, 0x0a, 0xaf, 0x85, 0x89, 0x71, 0x44, 0x66, + 0x4f, 0x25, 0x0b, 0x2b, 0xde, 0xd8, 0xfa, 0xff, + 0x52, 0x5a, 0x1b, 0x32, 0x5e, 0x41, 0x7a, 0x10, + 0x1f, 0xef, 0x1e, 0x62, 0x23, 0xe9, 0x20, 0x30, + 0xc9, 0x0d, 0xad, 0x69, 0xb4, 0x9c, 0x5b, 0xf4, + 0x87, 0x42, 0xd5, 0xae, 0x5e, 0x5e, 0x43, 0xcc, + 0xd9, 0xfd, 0x0b, 0x93, 0x4a, 0xe3, 0xd4, 0x06, + 0x37, 0x36, 0x0f, 0x3f, 0x72, 0x82, 0x0c, 0xcf }; static const unsigned char result_nopr[] = - { 0x31, 0xc9, 0x91, 0x09, 0xf8, 0xc5, 0x10, 0x13, - 0x3c, 0xd3, 0x96, 0xf9, 0xbc, 0x2c, 0x12, 0xc0, - 0x7c, 0xc1, 0x61, 0x5f, 0xa3, 0x09, 0x99, 0xaf, - 0xd7, 0xf2, 0x36, 0xfd, 0x40, 0x1a, 0x8b, 0xf2, - 0x33, 0x38, 0xee, 0x1d, 0x03, 0x5f, 0x83, 0xb7, - 0xa2, 0x53, 0xdc, 0xee, 0x18, 0xfc, 0xa7, 0xf2, - 0xee, 0x96, 0xc6, 0xc2, 0xcd, 0x0c, 0xff, 0x02, - 0x76, 0x70, 0x69, 0xaa, 0x69, 0xd1, 0x3b, 0xe8 }; +{ 0x31, 0xc9, 0x91, 0x09, 0xf8, 0xc5, 0x10, 0x13, + 0x3c, 0xd3, 0x96, 0xf9, 0xbc, 0x2c, 0x12, 0xc0, + 0x7c, 0xc1, 0x61, 0x5f, 0xa3, 0x09, 0x99, 0xaf, + 0xd7, 0xf2, 0x36, 0xfd, 0x40, 0x1a, 0x8b, 0xf2, + 0x33, 0x38, 0xee, 0x1d, 0x03, 0x5f, 0x83, 0xb7, + 0xa2, 0x53, 0xdc, 0xee, 0x18, 0xfc, 0xa7, 0xf2, + 0xee, 0x96, 0xc6, 0xc2, 0xcd, 0x0c, 0xff, 0x02, + 0x76, 0x70, 0x69, 0xaa, 0x69, 0xd1, 0x3b, 0xe8 }; #else /* MBEDTLS_CTR_DRBG_USE_128_BIT_KEY */ static const unsigned char entropy_source_pr[] = - { 0xca, 0x58, 0xfd, 0xf2, 0xb9, 0x77, 0xcb, 0x49, - 0xd4, 0xe0, 0x5b, 0xe2, 0x39, 0x50, 0xd9, 0x8a, - 0x6a, 0xb3, 0xc5, 0x2f, 0xdf, 0x74, 0xd5, 0x85, - 0x8f, 0xd1, 0xba, 0x64, 0x54, 0x7b, 0xdb, 0x1e, - 0xc5, 0xea, 0x24, 0xc0, 0xfa, 0x0c, 0x90, 0x15, - 0x09, 0x20, 0x92, 0x42, 0x32, 0x36, 0x45, 0x45, - 0x7d, 0x20, 0x76, 0x6b, 0xcf, 0xa2, 0x15, 0xc8, - 0x2f, 0x9f, 0xbc, 0x88, 0x3f, 0x80, 0xd1, 0x2c, - 0xb7, 0x16, 0xd1, 0x80, 0x9e, 0xe1, 0xc9, 0xb3, - 0x88, 0x1b, 0x21, 0x45, 0xef, 0xa1, 0x7f, 0xce, - 0xc8, 0x92, 0x35, 0x55, 0x2a, 0xd9, 0x1d, 0x8e, - 0x12, 0x38, 0xac, 0x01, 0x4e, 0x38, 0x18, 0x76, - 0x9c, 0xf2, 0xb6, 0xd4, 0x13, 0xb6, 0x2c, 0x77, - 0xc0, 0xe7, 0xe6, 0x0c, 0x47, 0x44, 0x95, 0xbe }; +{ 0xca, 0x58, 0xfd, 0xf2, 0xb9, 0x77, 0xcb, 0x49, + 0xd4, 0xe0, 0x5b, 0xe2, 0x39, 0x50, 0xd9, 0x8a, + 0x6a, 0xb3, 0xc5, 0x2f, 0xdf, 0x74, 0xd5, 0x85, + 0x8f, 0xd1, 0xba, 0x64, 0x54, 0x7b, 0xdb, 0x1e, + 0xc5, 0xea, 0x24, 0xc0, 0xfa, 0x0c, 0x90, 0x15, + 0x09, 0x20, 0x92, 0x42, 0x32, 0x36, 0x45, 0x45, + 0x7d, 0x20, 0x76, 0x6b, 0xcf, 0xa2, 0x15, 0xc8, + 0x2f, 0x9f, 0xbc, 0x88, 0x3f, 0x80, 0xd1, 0x2c, + 0xb7, 0x16, 0xd1, 0x80, 0x9e, 0xe1, 0xc9, 0xb3, + 0x88, 0x1b, 0x21, 0x45, 0xef, 0xa1, 0x7f, 0xce, + 0xc8, 0x92, 0x35, 0x55, 0x2a, 0xd9, 0x1d, 0x8e, + 0x12, 0x38, 0xac, 0x01, 0x4e, 0x38, 0x18, 0x76, + 0x9c, 0xf2, 0xb6, 0xd4, 0x13, 0xb6, 0x2c, 0x77, + 0xc0, 0xe7, 0xe6, 0x0c, 0x47, 0x44, 0x95, 0xbe }; static const unsigned char entropy_source_nopr[] = - { 0x4c, 0xfb, 0x21, 0x86, 0x73, 0x34, 0x6d, 0x9d, - 0x50, 0xc9, 0x22, 0xe4, 0x9b, 0x0d, 0xfc, 0xd0, - 0x90, 0xad, 0xf0, 0x4f, 0x5c, 0x3b, 0xa4, 0x73, - 0x27, 0xdf, 0xcd, 0x6f, 0xa6, 0x3a, 0x78, 0x5c, - 0x01, 0x69, 0x62, 0xa7, 0xfd, 0x27, 0x87, 0xa2, - 0x4b, 0xf6, 0xbe, 0x47, 0xef, 0x37, 0x83, 0xf1, - 0xb7, 0xec, 0x46, 0x07, 0x23, 0x63, 0x83, 0x4a, - 0x1b, 0x01, 0x33, 0xf2, 0xc2, 0x38, 0x91, 0xdb, - 0x4f, 0x11, 0xa6, 0x86, 0x51, 0xf2, 0x3e, 0x3a, - 0x8b, 0x1f, 0xdc, 0x03, 0xb1, 0x92, 0xc7, 0xe7 }; +{ 0x4c, 0xfb, 0x21, 0x86, 0x73, 0x34, 0x6d, 0x9d, + 0x50, 0xc9, 0x22, 0xe4, 0x9b, 0x0d, 0xfc, 0xd0, + 0x90, 0xad, 0xf0, 0x4f, 0x5c, 0x3b, 0xa4, 0x73, + 0x27, 0xdf, 0xcd, 0x6f, 0xa6, 0x3a, 0x78, 0x5c, + 0x01, 0x69, 0x62, 0xa7, 0xfd, 0x27, 0x87, 0xa2, + 0x4b, 0xf6, 0xbe, 0x47, 0xef, 0x37, 0x83, 0xf1, + 0xb7, 0xec, 0x46, 0x07, 0x23, 0x63, 0x83, 0x4a, + 0x1b, 0x01, 0x33, 0xf2, 0xc2, 0x38, 0x91, 0xdb, + 0x4f, 0x11, 0xa6, 0x86, 0x51, 0xf2, 0x3e, 0x3a, + 0x8b, 0x1f, 0xdc, 0x03, 0xb1, 0x92, 0xc7, 0xe7 }; static const unsigned char pers_pr[] = - { 0x5a, 0x70, 0x95, 0xe9, 0x81, 0x40, 0x52, 0x33, - 0x91, 0x53, 0x7e, 0x75, 0xd6, 0x19, 0x9d, 0x1e, - 0xad, 0x0d, 0xc6, 0xa7, 0xde, 0x6c, 0x1f, 0xe0, - 0xea, 0x18, 0x33, 0xa8, 0x7e, 0x06, 0x20, 0xe9 }; +{ 0x5a, 0x70, 0x95, 0xe9, 0x81, 0x40, 0x52, 0x33, + 0x91, 0x53, 0x7e, 0x75, 0xd6, 0x19, 0x9d, 0x1e, + 0xad, 0x0d, 0xc6, 0xa7, 0xde, 0x6c, 0x1f, 0xe0, + 0xea, 0x18, 0x33, 0xa8, 0x7e, 0x06, 0x20, 0xe9 }; static const unsigned char pers_nopr[] = - { 0x88, 0xee, 0xb8, 0xe0, 0xe8, 0x3b, 0xf3, 0x29, - 0x4b, 0xda, 0xcd, 0x60, 0x99, 0xeb, 0xe4, 0xbf, - 0x55, 0xec, 0xd9, 0x11, 0x3f, 0x71, 0xe5, 0xeb, - 0xcb, 0x45, 0x75, 0xf3, 0xd6, 0xa6, 0x8a, 0x6b }; +{ 0x88, 0xee, 0xb8, 0xe0, 0xe8, 0x3b, 0xf3, 0x29, + 0x4b, 0xda, 0xcd, 0x60, 0x99, 0xeb, 0xe4, 0xbf, + 0x55, 0xec, 0xd9, 0x11, 0x3f, 0x71, 0xe5, 0xeb, + 0xcb, 0x45, 0x75, 0xf3, 0xd6, 0xa6, 0x8a, 0x6b }; static const unsigned char result_pr[] = - { 0xce, 0x2f, 0xdb, 0xb6, 0xd9, 0xb7, 0x39, 0x85, - 0x04, 0xc5, 0xc0, 0x42, 0xc2, 0x31, 0xc6, 0x1d, - 0x9b, 0x5a, 0x59, 0xf8, 0x7e, 0x0d, 0xcc, 0x62, - 0x7b, 0x65, 0x11, 0x55, 0x10, 0xeb, 0x9e, 0x3d, - 0xa4, 0xfb, 0x1c, 0x6a, 0x18, 0xc0, 0x74, 0xdb, - 0xdd, 0xe7, 0x02, 0x23, 0x63, 0x21, 0xd0, 0x39, - 0xf9, 0xa7, 0xc4, 0x52, 0x84, 0x3b, 0x49, 0x40, - 0x72, 0x2b, 0xb0, 0x6c, 0x9c, 0xdb, 0xc3, 0x43 }; +{ 0xce, 0x2f, 0xdb, 0xb6, 0xd9, 0xb7, 0x39, 0x85, + 0x04, 0xc5, 0xc0, 0x42, 0xc2, 0x31, 0xc6, 0x1d, + 0x9b, 0x5a, 0x59, 0xf8, 0x7e, 0x0d, 0xcc, 0x62, + 0x7b, 0x65, 0x11, 0x55, 0x10, 0xeb, 0x9e, 0x3d, + 0xa4, 0xfb, 0x1c, 0x6a, 0x18, 0xc0, 0x74, 0xdb, + 0xdd, 0xe7, 0x02, 0x23, 0x63, 0x21, 0xd0, 0x39, + 0xf9, 0xa7, 0xc4, 0x52, 0x84, 0x3b, 0x49, 0x40, + 0x72, 0x2b, 0xb0, 0x6c, 0x9c, 0xdb, 0xc3, 0x43 }; static const unsigned char result_nopr[] = - { 0xa5, 0x51, 0x80, 0xa1, 0x90, 0xbe, 0xf3, 0xad, - 0xaf, 0x28, 0xf6, 0xb7, 0x95, 0xe9, 0xf1, 0xf3, - 0xd6, 0xdf, 0xa1, 0xb2, 0x7d, 0xd0, 0x46, 0x7b, - 0x0c, 0x75, 0xf5, 0xfa, 0x93, 0x1e, 0x97, 0x14, - 0x75, 0xb2, 0x7c, 0xae, 0x03, 0xa2, 0x96, 0x54, - 0xe2, 0xf4, 0x09, 0x66, 0xea, 0x33, 0x64, 0x30, - 0x40, 0xd1, 0x40, 0x0f, 0xe6, 0x77, 0x87, 0x3a, - 0xf8, 0x09, 0x7c, 0x1f, 0xe9, 0xf0, 0x02, 0x98 }; +{ 0xa5, 0x51, 0x80, 0xa1, 0x90, 0xbe, 0xf3, 0xad, + 0xaf, 0x28, 0xf6, 0xb7, 0x95, 0xe9, 0xf1, 0xf3, + 0xd6, 0xdf, 0xa1, 0xb2, 0x7d, 0xd0, 0x46, 0x7b, + 0x0c, 0x75, 0xf5, 0xfa, 0x93, 0x1e, 0x97, 0x14, + 0x75, 0xb2, 0x7c, 0xae, 0x03, 0xa2, 0x96, 0x54, + 0xe2, 0xf4, 0x09, 0x66, 0xea, 0x33, 0x64, 0x30, + 0x40, 0xd1, 0x40, 0x0f, 0xe6, 0x77, 0x87, 0x3a, + 0xf8, 0x09, 0x7c, 0x1f, 0xe9, 0xf0, 0x02, 0x98 }; #endif /* MBEDTLS_CTR_DRBG_USE_128_BIT_KEY */ static size_t test_offset; -static int ctr_drbg_self_test_entropy( void *data, unsigned char *buf, - size_t len ) +static int ctr_drbg_self_test_entropy(void *data, unsigned char *buf, + size_t len) { const unsigned char *p = data; - memcpy( buf, p + test_offset, len ); + memcpy(buf, p + test_offset, len); test_offset += len; - return( 0 ); + return 0; } -#define CHK( c ) if( (c) != 0 ) \ - { \ - if( verbose != 0 ) \ - mbedtls_printf( "failed\n" ); \ - return( 1 ); \ - } +#define CHK(c) if ((c) != 0) \ + { \ + if (verbose != 0) \ + mbedtls_printf("failed\n"); \ + return 1; \ + } #define SELF_TEST_OUTPUT_DISCARD_LENGTH 64 /* * Checkup routine */ -int mbedtls_ctr_drbg_self_test( int verbose ) +int mbedtls_ctr_drbg_self_test(int verbose) { mbedtls_ctr_drbg_context ctx; - unsigned char buf[ sizeof( result_pr ) ]; + unsigned char buf[sizeof(result_pr)]; - mbedtls_ctr_drbg_init( &ctx ); + mbedtls_ctr_drbg_init(&ctx); /* * Based on a NIST CTR_DRBG test vector (PR = True) */ - if( verbose != 0 ) - mbedtls_printf( " CTR_DRBG (PR = TRUE) : " ); + if (verbose != 0) { + mbedtls_printf(" CTR_DRBG (PR = TRUE) : "); + } test_offset = 0; - mbedtls_ctr_drbg_set_entropy_len( &ctx, MBEDTLS_CTR_DRBG_KEYSIZE ); - mbedtls_ctr_drbg_set_nonce_len( &ctx, MBEDTLS_CTR_DRBG_KEYSIZE / 2 ); - CHK( mbedtls_ctr_drbg_seed( &ctx, - ctr_drbg_self_test_entropy, - (void *) entropy_source_pr, - pers_pr, MBEDTLS_CTR_DRBG_KEYSIZE ) ); - mbedtls_ctr_drbg_set_prediction_resistance( &ctx, MBEDTLS_CTR_DRBG_PR_ON ); - CHK( mbedtls_ctr_drbg_random( &ctx, buf, SELF_TEST_OUTPUT_DISCARD_LENGTH ) ); - CHK( mbedtls_ctr_drbg_random( &ctx, buf, sizeof( result_pr ) ) ); - CHK( memcmp( buf, result_pr, sizeof( result_pr ) ) ); - - mbedtls_ctr_drbg_free( &ctx ); - - if( verbose != 0 ) - mbedtls_printf( "passed\n" ); + mbedtls_ctr_drbg_set_entropy_len(&ctx, MBEDTLS_CTR_DRBG_KEYSIZE); + mbedtls_ctr_drbg_set_nonce_len(&ctx, MBEDTLS_CTR_DRBG_KEYSIZE / 2); + CHK(mbedtls_ctr_drbg_seed(&ctx, + ctr_drbg_self_test_entropy, + (void *) entropy_source_pr, + pers_pr, MBEDTLS_CTR_DRBG_KEYSIZE)); + mbedtls_ctr_drbg_set_prediction_resistance(&ctx, MBEDTLS_CTR_DRBG_PR_ON); + CHK(mbedtls_ctr_drbg_random(&ctx, buf, SELF_TEST_OUTPUT_DISCARD_LENGTH)); + CHK(mbedtls_ctr_drbg_random(&ctx, buf, sizeof(result_pr))); + CHK(memcmp(buf, result_pr, sizeof(result_pr))); + + mbedtls_ctr_drbg_free(&ctx); + + if (verbose != 0) { + mbedtls_printf("passed\n"); + } /* * Based on a NIST CTR_DRBG test vector (PR = FALSE) */ - if( verbose != 0 ) - mbedtls_printf( " CTR_DRBG (PR = FALSE): " ); + if (verbose != 0) { + mbedtls_printf(" CTR_DRBG (PR = FALSE): "); + } - mbedtls_ctr_drbg_init( &ctx ); + mbedtls_ctr_drbg_init(&ctx); test_offset = 0; - mbedtls_ctr_drbg_set_entropy_len( &ctx, MBEDTLS_CTR_DRBG_KEYSIZE); - mbedtls_ctr_drbg_set_nonce_len( &ctx, MBEDTLS_CTR_DRBG_KEYSIZE / 2 ); - CHK( mbedtls_ctr_drbg_seed( &ctx, - ctr_drbg_self_test_entropy, - (void *) entropy_source_nopr, - pers_nopr, MBEDTLS_CTR_DRBG_KEYSIZE ) ); - CHK( mbedtls_ctr_drbg_reseed( &ctx, NULL, 0 ) ); - CHK( mbedtls_ctr_drbg_random( &ctx, buf, SELF_TEST_OUTPUT_DISCARD_LENGTH ) ); - CHK( mbedtls_ctr_drbg_random( &ctx, buf, sizeof( result_nopr ) ) ); - CHK( memcmp( buf, result_nopr, sizeof( result_nopr ) ) ); - - mbedtls_ctr_drbg_free( &ctx ); - - if( verbose != 0 ) - mbedtls_printf( "passed\n" ); - - if( verbose != 0 ) - mbedtls_printf( "\n" ); - - return( 0 ); + mbedtls_ctr_drbg_set_entropy_len(&ctx, MBEDTLS_CTR_DRBG_KEYSIZE); + mbedtls_ctr_drbg_set_nonce_len(&ctx, MBEDTLS_CTR_DRBG_KEYSIZE / 2); + CHK(mbedtls_ctr_drbg_seed(&ctx, + ctr_drbg_self_test_entropy, + (void *) entropy_source_nopr, + pers_nopr, MBEDTLS_CTR_DRBG_KEYSIZE)); + CHK(mbedtls_ctr_drbg_reseed(&ctx, NULL, 0)); + CHK(mbedtls_ctr_drbg_random(&ctx, buf, SELF_TEST_OUTPUT_DISCARD_LENGTH)); + CHK(mbedtls_ctr_drbg_random(&ctx, buf, sizeof(result_nopr))); + CHK(memcmp(buf, result_nopr, sizeof(result_nopr))); + + mbedtls_ctr_drbg_free(&ctx); + + if (verbose != 0) { + mbedtls_printf("passed\n"); + } + + if (verbose != 0) { + mbedtls_printf("\n"); + } + + return 0; } #endif /* MBEDTLS_SELF_TEST */ diff --git a/thirdparty/mbedtls/library/debug.c b/thirdparty/mbedtls/library/debug.c index 353b4bf07b..ab8b3524d4 100644 --- a/thirdparty/mbedtls/library/debug.c +++ b/thirdparty/mbedtls/library/debug.c @@ -34,7 +34,7 @@ static int debug_threshold = 0; -void mbedtls_debug_set_threshold( int threshold ) +void mbedtls_debug_set_threshold(int threshold) { debug_threshold = threshold; } @@ -42,9 +42,9 @@ void mbedtls_debug_set_threshold( int threshold ) /* * All calls to f_dbg must be made via this function */ -static inline void debug_send_line( const mbedtls_ssl_context *ssl, int level, - const char *file, int line, - const char *str ) +static inline void debug_send_line(const mbedtls_ssl_context *ssl, int level, + const char *file, int line, + const char *str) { /* * If in a threaded environment, we need a thread identifier. @@ -53,54 +53,51 @@ static inline void debug_send_line( const mbedtls_ssl_context *ssl, int level, */ #if defined(MBEDTLS_THREADING_C) char idstr[20 + DEBUG_BUF_SIZE]; /* 0x + 16 nibbles + ': ' */ - mbedtls_snprintf( idstr, sizeof( idstr ), "%p: %s", (void*)ssl, str ); - ssl->conf->f_dbg( ssl->conf->p_dbg, level, file, line, idstr ); + mbedtls_snprintf(idstr, sizeof(idstr), "%p: %s", (void *) ssl, str); + ssl->conf->f_dbg(ssl->conf->p_dbg, level, file, line, idstr); #else - ssl->conf->f_dbg( ssl->conf->p_dbg, level, file, line, str ); + ssl->conf->f_dbg(ssl->conf->p_dbg, level, file, line, str); #endif } MBEDTLS_PRINTF_ATTRIBUTE(5, 6) -void mbedtls_debug_print_msg( const mbedtls_ssl_context *ssl, int level, - const char *file, int line, - const char *format, ... ) +void mbedtls_debug_print_msg(const mbedtls_ssl_context *ssl, int level, + const char *file, int line, + const char *format, ...) { va_list argp; char str[DEBUG_BUF_SIZE]; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - if( NULL == ssl || + if (NULL == ssl || NULL == ssl->conf || NULL == ssl->conf->f_dbg || - level > debug_threshold ) - { + level > debug_threshold) { return; } - va_start( argp, format ); - ret = mbedtls_vsnprintf( str, DEBUG_BUF_SIZE, format, argp ); - va_end( argp ); + va_start(argp, format); + ret = mbedtls_vsnprintf(str, DEBUG_BUF_SIZE, format, argp); + va_end(argp); - if( ret >= 0 && ret < DEBUG_BUF_SIZE - 1 ) - { + if (ret >= 0 && ret < DEBUG_BUF_SIZE - 1) { str[ret] = '\n'; str[ret + 1] = '\0'; } - debug_send_line( ssl, level, file, line, str ); + debug_send_line(ssl, level, file, line, str); } -void mbedtls_debug_print_ret( const mbedtls_ssl_context *ssl, int level, - const char *file, int line, - const char *text, int ret ) +void mbedtls_debug_print_ret(const mbedtls_ssl_context *ssl, int level, + const char *file, int line, + const char *text, int ret) { char str[DEBUG_BUF_SIZE]; - if( NULL == ssl || + if (NULL == ssl || NULL == ssl->conf || NULL == ssl->conf->f_dbg || - level > debug_threshold ) - { + level > debug_threshold) { return; } @@ -109,246 +106,232 @@ void mbedtls_debug_print_ret( const mbedtls_ssl_context *ssl, int level, * the logs would be quickly flooded with WANT_READ, so ignore that. * Don't ignore WANT_WRITE however, since is is usually rare. */ - if( ret == MBEDTLS_ERR_SSL_WANT_READ ) + if (ret == MBEDTLS_ERR_SSL_WANT_READ) { return; + } - mbedtls_snprintf( str, sizeof( str ), "%s() returned %d (-0x%04x)\n", - text, ret, (unsigned int) -ret ); + mbedtls_snprintf(str, sizeof(str), "%s() returned %d (-0x%04x)\n", + text, ret, (unsigned int) -ret); - debug_send_line( ssl, level, file, line, str ); + debug_send_line(ssl, level, file, line, str); } -void mbedtls_debug_print_buf( const mbedtls_ssl_context *ssl, int level, - const char *file, int line, const char *text, - const unsigned char *buf, size_t len ) +void mbedtls_debug_print_buf(const mbedtls_ssl_context *ssl, int level, + const char *file, int line, const char *text, + const unsigned char *buf, size_t len) { char str[DEBUG_BUF_SIZE]; char txt[17]; size_t i, idx = 0; - if( NULL == ssl || + if (NULL == ssl || NULL == ssl->conf || NULL == ssl->conf->f_dbg || - level > debug_threshold ) - { + level > debug_threshold) { return; } - mbedtls_snprintf( str + idx, sizeof( str ) - idx, "dumping '%s' (%u bytes)\n", - text, (unsigned int) len ); + mbedtls_snprintf(str + idx, sizeof(str) - idx, "dumping '%s' (%u bytes)\n", + text, (unsigned int) len); - debug_send_line( ssl, level, file, line, str ); + debug_send_line(ssl, level, file, line, str); idx = 0; - memset( txt, 0, sizeof( txt ) ); - for( i = 0; i < len; i++ ) - { - if( i >= 4096 ) + memset(txt, 0, sizeof(txt)); + for (i = 0; i < len; i++) { + if (i >= 4096) { break; + } - if( i % 16 == 0 ) - { - if( i > 0 ) - { - mbedtls_snprintf( str + idx, sizeof( str ) - idx, " %s\n", txt ); - debug_send_line( ssl, level, file, line, str ); + if (i % 16 == 0) { + if (i > 0) { + mbedtls_snprintf(str + idx, sizeof(str) - idx, " %s\n", txt); + debug_send_line(ssl, level, file, line, str); idx = 0; - memset( txt, 0, sizeof( txt ) ); + memset(txt, 0, sizeof(txt)); } - idx += mbedtls_snprintf( str + idx, sizeof( str ) - idx, "%04x: ", - (unsigned int) i ); + idx += mbedtls_snprintf(str + idx, sizeof(str) - idx, "%04x: ", + (unsigned int) i); } - idx += mbedtls_snprintf( str + idx, sizeof( str ) - idx, " %02x", - (unsigned int) buf[i] ); - txt[i % 16] = ( buf[i] > 31 && buf[i] < 127 ) ? buf[i] : '.' ; + idx += mbedtls_snprintf(str + idx, sizeof(str) - idx, " %02x", + (unsigned int) buf[i]); + txt[i % 16] = (buf[i] > 31 && buf[i] < 127) ? buf[i] : '.'; } - if( len > 0 ) - { - for( /* i = i */; i % 16 != 0; i++ ) - idx += mbedtls_snprintf( str + idx, sizeof( str ) - idx, " " ); + if (len > 0) { + for (/* i = i */; i % 16 != 0; i++) { + idx += mbedtls_snprintf(str + idx, sizeof(str) - idx, " "); + } - mbedtls_snprintf( str + idx, sizeof( str ) - idx, " %s\n", txt ); - debug_send_line( ssl, level, file, line, str ); + mbedtls_snprintf(str + idx, sizeof(str) - idx, " %s\n", txt); + debug_send_line(ssl, level, file, line, str); } } #if defined(MBEDTLS_ECP_C) -void mbedtls_debug_print_ecp( const mbedtls_ssl_context *ssl, int level, - const char *file, int line, - const char *text, const mbedtls_ecp_point *X ) +void mbedtls_debug_print_ecp(const mbedtls_ssl_context *ssl, int level, + const char *file, int line, + const char *text, const mbedtls_ecp_point *X) { char str[DEBUG_BUF_SIZE]; - if( NULL == ssl || + if (NULL == ssl || NULL == ssl->conf || NULL == ssl->conf->f_dbg || - level > debug_threshold ) - { + level > debug_threshold) { return; } - mbedtls_snprintf( str, sizeof( str ), "%s(X)", text ); - mbedtls_debug_print_mpi( ssl, level, file, line, str, &X->X ); + mbedtls_snprintf(str, sizeof(str), "%s(X)", text); + mbedtls_debug_print_mpi(ssl, level, file, line, str, &X->X); - mbedtls_snprintf( str, sizeof( str ), "%s(Y)", text ); - mbedtls_debug_print_mpi( ssl, level, file, line, str, &X->Y ); + mbedtls_snprintf(str, sizeof(str), "%s(Y)", text); + mbedtls_debug_print_mpi(ssl, level, file, line, str, &X->Y); } #endif /* MBEDTLS_ECP_C */ #if defined(MBEDTLS_BIGNUM_C) -void mbedtls_debug_print_mpi( const mbedtls_ssl_context *ssl, int level, - const char *file, int line, - const char *text, const mbedtls_mpi *X ) +void mbedtls_debug_print_mpi(const mbedtls_ssl_context *ssl, int level, + const char *file, int line, + const char *text, const mbedtls_mpi *X) { char str[DEBUG_BUF_SIZE]; size_t bitlen; size_t idx = 0; - if( NULL == ssl || + if (NULL == ssl || NULL == ssl->conf || NULL == ssl->conf->f_dbg || NULL == X || - level > debug_threshold ) - { + level > debug_threshold) { return; } - bitlen = mbedtls_mpi_bitlen( X ); + bitlen = mbedtls_mpi_bitlen(X); - mbedtls_snprintf( str, sizeof( str ), "value of '%s' (%u bits) is:\n", - text, (unsigned) bitlen ); - debug_send_line( ssl, level, file, line, str ); + mbedtls_snprintf(str, sizeof(str), "value of '%s' (%u bits) is:\n", + text, (unsigned) bitlen); + debug_send_line(ssl, level, file, line, str); - if( bitlen == 0 ) - { + if (bitlen == 0) { str[0] = ' '; str[1] = '0'; str[2] = '0'; idx = 3; - } - else - { + } else { int n; - for( n = (int) ( ( bitlen - 1 ) / 8 ); n >= 0; n-- ) - { - size_t limb_offset = n / sizeof( mbedtls_mpi_uint ); - size_t offset_in_limb = n % sizeof( mbedtls_mpi_uint ); + for (n = (int) ((bitlen - 1) / 8); n >= 0; n--) { + size_t limb_offset = n / sizeof(mbedtls_mpi_uint); + size_t offset_in_limb = n % sizeof(mbedtls_mpi_uint); unsigned char octet = - ( X->p[limb_offset] >> ( offset_in_limb * 8 ) ) & 0xff; - mbedtls_snprintf( str + idx, sizeof( str ) - idx, " %02x", octet ); + (X->p[limb_offset] >> (offset_in_limb * 8)) & 0xff; + mbedtls_snprintf(str + idx, sizeof(str) - idx, " %02x", octet); idx += 3; /* Wrap lines after 16 octets that each take 3 columns */ - if( idx >= 3 * 16 ) - { - mbedtls_snprintf( str + idx, sizeof( str ) - idx, "\n" ); - debug_send_line( ssl, level, file, line, str ); + if (idx >= 3 * 16) { + mbedtls_snprintf(str + idx, sizeof(str) - idx, "\n"); + debug_send_line(ssl, level, file, line, str); idx = 0; } } } - if( idx != 0 ) - { - mbedtls_snprintf( str + idx, sizeof( str ) - idx, "\n" ); - debug_send_line( ssl, level, file, line, str ); + if (idx != 0) { + mbedtls_snprintf(str + idx, sizeof(str) - idx, "\n"); + debug_send_line(ssl, level, file, line, str); } } #endif /* MBEDTLS_BIGNUM_C */ #if defined(MBEDTLS_X509_CRT_PARSE_C) -static void debug_print_pk( const mbedtls_ssl_context *ssl, int level, - const char *file, int line, - const char *text, const mbedtls_pk_context *pk ) +static void debug_print_pk(const mbedtls_ssl_context *ssl, int level, + const char *file, int line, + const char *text, const mbedtls_pk_context *pk) { size_t i; mbedtls_pk_debug_item items[MBEDTLS_PK_DEBUG_MAX_ITEMS]; char name[16]; - memset( items, 0, sizeof( items ) ); + memset(items, 0, sizeof(items)); - if( mbedtls_pk_debug( pk, items ) != 0 ) - { - debug_send_line( ssl, level, file, line, - "invalid PK context\n" ); + if (mbedtls_pk_debug(pk, items) != 0) { + debug_send_line(ssl, level, file, line, + "invalid PK context\n"); return; } - for( i = 0; i < MBEDTLS_PK_DEBUG_MAX_ITEMS; i++ ) - { - if( items[i].type == MBEDTLS_PK_DEBUG_NONE ) + for (i = 0; i < MBEDTLS_PK_DEBUG_MAX_ITEMS; i++) { + if (items[i].type == MBEDTLS_PK_DEBUG_NONE) { return; + } - mbedtls_snprintf( name, sizeof( name ), "%s%s", text, items[i].name ); - name[sizeof( name ) - 1] = '\0'; + mbedtls_snprintf(name, sizeof(name), "%s%s", text, items[i].name); + name[sizeof(name) - 1] = '\0'; - if( items[i].type == MBEDTLS_PK_DEBUG_MPI ) - mbedtls_debug_print_mpi( ssl, level, file, line, name, items[i].value ); - else + if (items[i].type == MBEDTLS_PK_DEBUG_MPI) { + mbedtls_debug_print_mpi(ssl, level, file, line, name, items[i].value); + } else #if defined(MBEDTLS_ECP_C) - if( items[i].type == MBEDTLS_PK_DEBUG_ECP ) - mbedtls_debug_print_ecp( ssl, level, file, line, name, items[i].value ); - else + if (items[i].type == MBEDTLS_PK_DEBUG_ECP) { + mbedtls_debug_print_ecp(ssl, level, file, line, name, items[i].value); + } else #endif - debug_send_line( ssl, level, file, line, - "should not happen\n" ); + { debug_send_line(ssl, level, file, line, + "should not happen\n"); } } } -static void debug_print_line_by_line( const mbedtls_ssl_context *ssl, int level, - const char *file, int line, const char *text ) +static void debug_print_line_by_line(const mbedtls_ssl_context *ssl, int level, + const char *file, int line, const char *text) { char str[DEBUG_BUF_SIZE]; const char *start, *cur; start = text; - for( cur = text; *cur != '\0'; cur++ ) - { - if( *cur == '\n' ) - { + for (cur = text; *cur != '\0'; cur++) { + if (*cur == '\n') { size_t len = cur - start + 1; - if( len > DEBUG_BUF_SIZE - 1 ) + if (len > DEBUG_BUF_SIZE - 1) { len = DEBUG_BUF_SIZE - 1; + } - memcpy( str, start, len ); + memcpy(str, start, len); str[len] = '\0'; - debug_send_line( ssl, level, file, line, str ); + debug_send_line(ssl, level, file, line, str); start = cur + 1; } } } -void mbedtls_debug_print_crt( const mbedtls_ssl_context *ssl, int level, - const char *file, int line, - const char *text, const mbedtls_x509_crt *crt ) +void mbedtls_debug_print_crt(const mbedtls_ssl_context *ssl, int level, + const char *file, int line, + const char *text, const mbedtls_x509_crt *crt) { char str[DEBUG_BUF_SIZE]; int i = 0; - if( NULL == ssl || + if (NULL == ssl || NULL == ssl->conf || NULL == ssl->conf->f_dbg || NULL == crt || - level > debug_threshold ) - { + level > debug_threshold) { return; } - while( crt != NULL ) - { + while (crt != NULL) { char buf[1024]; - mbedtls_snprintf( str, sizeof( str ), "%s #%d:\n", text, ++i ); - debug_send_line( ssl, level, file, line, str ); + mbedtls_snprintf(str, sizeof(str), "%s #%d:\n", text, ++i); + debug_send_line(ssl, level, file, line, str); - mbedtls_x509_crt_info( buf, sizeof( buf ) - 1, "", crt ); - debug_print_line_by_line( ssl, level, file, line, buf ); + mbedtls_x509_crt_info(buf, sizeof(buf) - 1, "", crt); + debug_print_line_by_line(ssl, level, file, line, buf); - debug_print_pk( ssl, level, file, line, "crt->", &crt->pk ); + debug_print_pk(ssl, level, file, line, "crt->", &crt->pk); crt = crt->next; } @@ -356,50 +339,48 @@ void mbedtls_debug_print_crt( const mbedtls_ssl_context *ssl, int level, #endif /* MBEDTLS_X509_CRT_PARSE_C */ #if defined(MBEDTLS_ECDH_C) -static void mbedtls_debug_printf_ecdh_internal( const mbedtls_ssl_context *ssl, - int level, const char *file, - int line, - const mbedtls_ecdh_context *ecdh, - mbedtls_debug_ecdh_attr attr ) +static void mbedtls_debug_printf_ecdh_internal(const mbedtls_ssl_context *ssl, + int level, const char *file, + int line, + const mbedtls_ecdh_context *ecdh, + mbedtls_debug_ecdh_attr attr) { #if defined(MBEDTLS_ECDH_LEGACY_CONTEXT) - const mbedtls_ecdh_context* ctx = ecdh; + const mbedtls_ecdh_context *ctx = ecdh; #else - const mbedtls_ecdh_context_mbed* ctx = &ecdh->ctx.mbed_ecdh; + const mbedtls_ecdh_context_mbed *ctx = &ecdh->ctx.mbed_ecdh; #endif - switch( attr ) - { + switch (attr) { case MBEDTLS_DEBUG_ECDH_Q: - mbedtls_debug_print_ecp( ssl, level, file, line, "ECDH: Q", - &ctx->Q ); + mbedtls_debug_print_ecp(ssl, level, file, line, "ECDH: Q", + &ctx->Q); break; case MBEDTLS_DEBUG_ECDH_QP: - mbedtls_debug_print_ecp( ssl, level, file, line, "ECDH: Qp", - &ctx->Qp ); + mbedtls_debug_print_ecp(ssl, level, file, line, "ECDH: Qp", + &ctx->Qp); break; case MBEDTLS_DEBUG_ECDH_Z: - mbedtls_debug_print_mpi( ssl, level, file, line, "ECDH: z", - &ctx->z ); + mbedtls_debug_print_mpi(ssl, level, file, line, "ECDH: z", + &ctx->z); break; default: break; } } -void mbedtls_debug_printf_ecdh( const mbedtls_ssl_context *ssl, int level, - const char *file, int line, - const mbedtls_ecdh_context *ecdh, - mbedtls_debug_ecdh_attr attr ) +void mbedtls_debug_printf_ecdh(const mbedtls_ssl_context *ssl, int level, + const char *file, int line, + const mbedtls_ecdh_context *ecdh, + mbedtls_debug_ecdh_attr attr) { #if defined(MBEDTLS_ECDH_LEGACY_CONTEXT) - mbedtls_debug_printf_ecdh_internal( ssl, level, file, line, ecdh, attr ); + mbedtls_debug_printf_ecdh_internal(ssl, level, file, line, ecdh, attr); #else - switch( ecdh->var ) - { + switch (ecdh->var) { default: - mbedtls_debug_printf_ecdh_internal( ssl, level, file, line, ecdh, - attr ); + mbedtls_debug_printf_ecdh_internal(ssl, level, file, line, ecdh, + attr); } #endif } diff --git a/thirdparty/mbedtls/library/des.c b/thirdparty/mbedtls/library/des.c index 65f5681cf1..8cf346f81b 100644 --- a/thirdparty/mbedtls/library/des.c +++ b/thirdparty/mbedtls/library/des.c @@ -222,7 +222,7 @@ static const uint32_t RHs[16] = /* * Initial Permutation macro */ -#define DES_IP(X,Y) \ +#define DES_IP(X, Y) \ do \ { \ T = (((X) >> 4) ^ (Y)) & 0x0F0F0F0F; (Y) ^= T; (X) ^= (T << 4); \ @@ -232,12 +232,12 @@ static const uint32_t RHs[16] = (Y) = (((Y) << 1) | ((Y) >> 31)) & 0xFFFFFFFF; \ T = ((X) ^ (Y)) & 0xAAAAAAAA; (Y) ^= T; (X) ^= T; \ (X) = (((X) << 1) | ((X) >> 31)) & 0xFFFFFFFF; \ - } while( 0 ) + } while (0) /* * Final Permutation macro */ -#define DES_FP(X,Y) \ +#define DES_FP(X, Y) \ do \ { \ (X) = (((X) << 31) | ((X) >> 1)) & 0xFFFFFFFF; \ @@ -247,90 +247,103 @@ static const uint32_t RHs[16] = T = (((Y) >> 2) ^ (X)) & 0x33333333; (X) ^= T; (Y) ^= (T << 2); \ T = (((X) >> 16) ^ (Y)) & 0x0000FFFF; (Y) ^= T; (X) ^= (T << 16); \ T = (((X) >> 4) ^ (Y)) & 0x0F0F0F0F; (Y) ^= T; (X) ^= (T << 4); \ - } while( 0 ) + } while (0) /* * DES round macro */ -#define DES_ROUND(X,Y) \ +#define DES_ROUND(X, Y) \ do \ { \ T = *SK++ ^ (X); \ - (Y) ^= SB8[ (T ) & 0x3F ] ^ \ - SB6[ (T >> 8) & 0x3F ] ^ \ - SB4[ (T >> 16) & 0x3F ] ^ \ - SB2[ (T >> 24) & 0x3F ]; \ + (Y) ^= SB8[(T) & 0x3F] ^ \ + SB6[(T >> 8) & 0x3F] ^ \ + SB4[(T >> 16) & 0x3F] ^ \ + SB2[(T >> 24) & 0x3F]; \ \ T = *SK++ ^ (((X) << 28) | ((X) >> 4)); \ - (Y) ^= SB7[ (T ) & 0x3F ] ^ \ - SB5[ (T >> 8) & 0x3F ] ^ \ - SB3[ (T >> 16) & 0x3F ] ^ \ - SB1[ (T >> 24) & 0x3F ]; \ - } while( 0 ) + (Y) ^= SB7[(T) & 0x3F] ^ \ + SB5[(T >> 8) & 0x3F] ^ \ + SB3[(T >> 16) & 0x3F] ^ \ + SB1[(T >> 24) & 0x3F]; \ + } while (0) -#define SWAP(a,b) \ +#define SWAP(a, b) \ do \ { \ uint32_t t = (a); (a) = (b); (b) = t; t = 0; \ - } while( 0 ) + } while (0) -void mbedtls_des_init( mbedtls_des_context *ctx ) +void mbedtls_des_init(mbedtls_des_context *ctx) { - memset( ctx, 0, sizeof( mbedtls_des_context ) ); + memset(ctx, 0, sizeof(mbedtls_des_context)); } -void mbedtls_des_free( mbedtls_des_context *ctx ) +void mbedtls_des_free(mbedtls_des_context *ctx) { - if( ctx == NULL ) + if (ctx == NULL) { return; + } - mbedtls_platform_zeroize( ctx, sizeof( mbedtls_des_context ) ); + mbedtls_platform_zeroize(ctx, sizeof(mbedtls_des_context)); } -void mbedtls_des3_init( mbedtls_des3_context *ctx ) +void mbedtls_des3_init(mbedtls_des3_context *ctx) { - memset( ctx, 0, sizeof( mbedtls_des3_context ) ); + memset(ctx, 0, sizeof(mbedtls_des3_context)); } -void mbedtls_des3_free( mbedtls_des3_context *ctx ) +void mbedtls_des3_free(mbedtls_des3_context *ctx) { - if( ctx == NULL ) + if (ctx == NULL) { return; + } - mbedtls_platform_zeroize( ctx, sizeof( mbedtls_des3_context ) ); + mbedtls_platform_zeroize(ctx, sizeof(mbedtls_des3_context)); } static const unsigned char odd_parity_table[128] = { 1, 2, 4, 7, 8, - 11, 13, 14, 16, 19, 21, 22, 25, 26, 28, 31, 32, 35, 37, 38, 41, 42, 44, - 47, 49, 50, 52, 55, 56, 59, 61, 62, 64, 67, 69, 70, 73, 74, 76, 79, 81, - 82, 84, 87, 88, 91, 93, 94, 97, 98, 100, 103, 104, 107, 109, 110, 112, - 115, 117, 118, 121, 122, 124, 127, 128, 131, 133, 134, 137, 138, 140, - 143, 145, 146, 148, 151, 152, 155, 157, 158, 161, 162, 164, 167, 168, - 171, 173, 174, 176, 179, 181, 182, 185, 186, 188, 191, 193, 194, 196, - 199, 200, 203, 205, 206, 208, 211, 213, 214, 217, 218, 220, 223, 224, - 227, 229, 230, 233, 234, 236, 239, 241, 242, 244, 247, 248, 251, 253, - 254 }; - -void mbedtls_des_key_set_parity( unsigned char key[MBEDTLS_DES_KEY_SIZE] ) + 11, 13, 14, 16, 19, 21, 22, 25, 26, 28, 31, 32, + 35, 37, 38, 41, 42, 44, + 47, 49, 50, 52, 55, 56, 59, 61, 62, 64, 67, 69, + 70, 73, 74, 76, 79, 81, + 82, 84, 87, 88, 91, 93, 94, 97, 98, 100, 103, + 104, 107, 109, 110, 112, + 115, 117, 118, 121, 122, 124, 127, 128, 131, + 133, 134, 137, 138, 140, + 143, 145, 146, 148, 151, 152, 155, 157, 158, + 161, 162, 164, 167, 168, + 171, 173, 174, 176, 179, 181, 182, 185, 186, + 188, 191, 193, 194, 196, + 199, 200, 203, 205, 206, 208, 211, 213, 214, + 217, 218, 220, 223, 224, + 227, 229, 230, 233, 234, 236, 239, 241, 242, + 244, 247, 248, 251, 253, + 254 }; + +void mbedtls_des_key_set_parity(unsigned char key[MBEDTLS_DES_KEY_SIZE]) { int i; - for( i = 0; i < MBEDTLS_DES_KEY_SIZE; i++ ) + for (i = 0; i < MBEDTLS_DES_KEY_SIZE; i++) { key[i] = odd_parity_table[key[i] / 2]; + } } /* * Check the given key's parity, returns 1 on failure, 0 on SUCCESS */ -int mbedtls_des_key_check_key_parity( const unsigned char key[MBEDTLS_DES_KEY_SIZE] ) +int mbedtls_des_key_check_key_parity(const unsigned char key[MBEDTLS_DES_KEY_SIZE]) { int i; - for( i = 0; i < MBEDTLS_DES_KEY_SIZE; i++ ) - if( key[i] != odd_parity_table[key[i] / 2] ) - return( 1 ); + for (i = 0; i < MBEDTLS_DES_KEY_SIZE; i++) { + if (key[i] != odd_parity_table[key[i] / 2]) { + return 1; + } + } - return( 0 ); + return 0; } /* @@ -377,41 +390,43 @@ static const unsigned char weak_key_table[WEAK_KEY_COUNT][MBEDTLS_DES_KEY_SIZE] { 0xFE, 0xE0, 0xFE, 0xE0, 0xFE, 0xF1, 0xFE, 0xF1 } }; -int mbedtls_des_key_check_weak( const unsigned char key[MBEDTLS_DES_KEY_SIZE] ) +int mbedtls_des_key_check_weak(const unsigned char key[MBEDTLS_DES_KEY_SIZE]) { int i; - for( i = 0; i < WEAK_KEY_COUNT; i++ ) - if( memcmp( weak_key_table[i], key, MBEDTLS_DES_KEY_SIZE) == 0 ) - return( 1 ); + for (i = 0; i < WEAK_KEY_COUNT; i++) { + if (memcmp(weak_key_table[i], key, MBEDTLS_DES_KEY_SIZE) == 0) { + return 1; + } + } - return( 0 ); + return 0; } #if !defined(MBEDTLS_DES_SETKEY_ALT) -void mbedtls_des_setkey( uint32_t SK[32], const unsigned char key[MBEDTLS_DES_KEY_SIZE] ) +void mbedtls_des_setkey(uint32_t SK[32], const unsigned char key[MBEDTLS_DES_KEY_SIZE]) { int i; uint32_t X, Y, T; - X = MBEDTLS_GET_UINT32_BE( key, 0 ); - Y = MBEDTLS_GET_UINT32_BE( key, 4 ); + X = MBEDTLS_GET_UINT32_BE(key, 0); + Y = MBEDTLS_GET_UINT32_BE(key, 4); /* * Permuted Choice 1 */ T = ((Y >> 4) ^ X) & 0x0F0F0F0F; X ^= T; Y ^= (T << 4); - T = ((Y ) ^ X) & 0x10101010; X ^= T; Y ^= (T ); + T = ((Y) ^ X) & 0x10101010; X ^= T; Y ^= (T); - X = (LHs[ (X ) & 0xF] << 3) | (LHs[ (X >> 8) & 0xF ] << 2) - | (LHs[ (X >> 16) & 0xF] << 1) | (LHs[ (X >> 24) & 0xF ] ) - | (LHs[ (X >> 5) & 0xF] << 7) | (LHs[ (X >> 13) & 0xF ] << 6) - | (LHs[ (X >> 21) & 0xF] << 5) | (LHs[ (X >> 29) & 0xF ] << 4); + X = (LHs[(X) & 0xF] << 3) | (LHs[(X >> 8) & 0xF] << 2) + | (LHs[(X >> 16) & 0xF] << 1) | (LHs[(X >> 24) & 0xF]) + | (LHs[(X >> 5) & 0xF] << 7) | (LHs[(X >> 13) & 0xF] << 6) + | (LHs[(X >> 21) & 0xF] << 5) | (LHs[(X >> 29) & 0xF] << 4); - Y = (RHs[ (Y >> 1) & 0xF] << 3) | (RHs[ (Y >> 9) & 0xF ] << 2) - | (RHs[ (Y >> 17) & 0xF] << 1) | (RHs[ (Y >> 25) & 0xF ] ) - | (RHs[ (Y >> 4) & 0xF] << 7) | (RHs[ (Y >> 12) & 0xF ] << 6) - | (RHs[ (Y >> 20) & 0xF] << 5) | (RHs[ (Y >> 28) & 0xF ] << 4); + Y = (RHs[(Y >> 1) & 0xF] << 3) | (RHs[(Y >> 9) & 0xF] << 2) + | (RHs[(Y >> 17) & 0xF] << 1) | (RHs[(Y >> 25) & 0xF]) + | (RHs[(Y >> 4) & 0xF] << 7) | (RHs[(Y >> 12) & 0xF] << 6) + | (RHs[(Y >> 20) & 0xF] << 5) | (RHs[(Y >> 28) & 0xF] << 4); X &= 0x0FFFFFFF; Y &= 0x0FFFFFFF; @@ -419,15 +434,11 @@ void mbedtls_des_setkey( uint32_t SK[32], const unsigned char key[MBEDTLS_DES_KE /* * calculate subkeys */ - for( i = 0; i < 16; i++ ) - { - if( i < 2 || i == 8 || i == 15 ) - { + for (i = 0; i < 16; i++) { + if (i < 2 || i == 8 || i == 15) { X = ((X << 1) | (X >> 27)) & 0x0FFFFFFF; Y = ((Y << 1) | (Y >> 27)) & 0x0FFFFFFF; - } - else - { + } else { X = ((X << 2) | (X >> 26)) & 0x0FFFFFFF; Y = ((Y << 2) | (Y >> 26)) & 0x0FFFFFFF; } @@ -439,7 +450,7 @@ void mbedtls_des_setkey( uint32_t SK[32], const unsigned char key[MBEDTLS_DES_KE | ((X << 2) & 0x00020000) | ((X >> 10) & 0x00010000) | ((Y >> 13) & 0x00002000) | ((Y >> 4) & 0x00001000) | ((Y << 6) & 0x00000800) | ((Y >> 1) & 0x00000400) - | ((Y >> 14) & 0x00000200) | ((Y ) & 0x00000100) + | ((Y >> 14) & 0x00000200) | ((Y) & 0x00000100) | ((Y >> 5) & 0x00000020) | ((Y >> 10) & 0x00000010) | ((Y >> 3) & 0x00000008) | ((Y >> 18) & 0x00000004) | ((Y >> 26) & 0x00000002) | ((Y >> 24) & 0x00000001); @@ -452,7 +463,7 @@ void mbedtls_des_setkey( uint32_t SK[32], const unsigned char key[MBEDTLS_DES_KE | ((X << 15) & 0x00020000) | ((X >> 4) & 0x00010000) | ((Y >> 2) & 0x00002000) | ((Y << 8) & 0x00001000) | ((Y >> 14) & 0x00000808) | ((Y >> 9) & 0x00000400) - | ((Y ) & 0x00000200) | ((Y << 7) & 0x00000100) + | ((Y) & 0x00000200) | ((Y << 7) & 0x00000100) | ((Y >> 7) & 0x00000020) | ((Y >> 3) & 0x00000011) | ((Y << 2) & 0x00000004) | ((Y >> 21) & 0x00000002); } @@ -462,52 +473,50 @@ void mbedtls_des_setkey( uint32_t SK[32], const unsigned char key[MBEDTLS_DES_KE /* * DES key schedule (56-bit, encryption) */ -int mbedtls_des_setkey_enc( mbedtls_des_context *ctx, const unsigned char key[MBEDTLS_DES_KEY_SIZE] ) +int mbedtls_des_setkey_enc(mbedtls_des_context *ctx, const unsigned char key[MBEDTLS_DES_KEY_SIZE]) { - mbedtls_des_setkey( ctx->sk, key ); + mbedtls_des_setkey(ctx->sk, key); - return( 0 ); + return 0; } /* * DES key schedule (56-bit, decryption) */ -int mbedtls_des_setkey_dec( mbedtls_des_context *ctx, const unsigned char key[MBEDTLS_DES_KEY_SIZE] ) +int mbedtls_des_setkey_dec(mbedtls_des_context *ctx, const unsigned char key[MBEDTLS_DES_KEY_SIZE]) { int i; - mbedtls_des_setkey( ctx->sk, key ); + mbedtls_des_setkey(ctx->sk, key); - for( i = 0; i < 16; i += 2 ) - { - SWAP( ctx->sk[i ], ctx->sk[30 - i] ); - SWAP( ctx->sk[i + 1], ctx->sk[31 - i] ); + for (i = 0; i < 16; i += 2) { + SWAP(ctx->sk[i], ctx->sk[30 - i]); + SWAP(ctx->sk[i + 1], ctx->sk[31 - i]); } - return( 0 ); + return 0; } -static void des3_set2key( uint32_t esk[96], - uint32_t dsk[96], - const unsigned char key[MBEDTLS_DES_KEY_SIZE*2] ) +static void des3_set2key(uint32_t esk[96], + uint32_t dsk[96], + const unsigned char key[MBEDTLS_DES_KEY_SIZE*2]) { int i; - mbedtls_des_setkey( esk, key ); - mbedtls_des_setkey( dsk + 32, key + 8 ); + mbedtls_des_setkey(esk, key); + mbedtls_des_setkey(dsk + 32, key + 8); - for( i = 0; i < 32; i += 2 ) - { - dsk[i ] = esk[30 - i]; + for (i = 0; i < 32; i += 2) { + dsk[i] = esk[30 - i]; dsk[i + 1] = esk[31 - i]; esk[i + 32] = dsk[62 - i]; esk[i + 33] = dsk[63 - i]; - esk[i + 64] = esk[i ]; + esk[i + 64] = esk[i]; esk[i + 65] = esk[i + 1]; - dsk[i + 64] = dsk[i ]; + dsk[i + 64] = dsk[i]; dsk[i + 65] = dsk[i + 1]; } } @@ -515,44 +524,43 @@ static void des3_set2key( uint32_t esk[96], /* * Triple-DES key schedule (112-bit, encryption) */ -int mbedtls_des3_set2key_enc( mbedtls_des3_context *ctx, - const unsigned char key[MBEDTLS_DES_KEY_SIZE * 2] ) +int mbedtls_des3_set2key_enc(mbedtls_des3_context *ctx, + const unsigned char key[MBEDTLS_DES_KEY_SIZE * 2]) { uint32_t sk[96]; - des3_set2key( ctx->sk, sk, key ); - mbedtls_platform_zeroize( sk, sizeof( sk ) ); + des3_set2key(ctx->sk, sk, key); + mbedtls_platform_zeroize(sk, sizeof(sk)); - return( 0 ); + return 0; } /* * Triple-DES key schedule (112-bit, decryption) */ -int mbedtls_des3_set2key_dec( mbedtls_des3_context *ctx, - const unsigned char key[MBEDTLS_DES_KEY_SIZE * 2] ) +int mbedtls_des3_set2key_dec(mbedtls_des3_context *ctx, + const unsigned char key[MBEDTLS_DES_KEY_SIZE * 2]) { uint32_t sk[96]; - des3_set2key( sk, ctx->sk, key ); - mbedtls_platform_zeroize( sk, sizeof( sk ) ); + des3_set2key(sk, ctx->sk, key); + mbedtls_platform_zeroize(sk, sizeof(sk)); - return( 0 ); + return 0; } -static void des3_set3key( uint32_t esk[96], - uint32_t dsk[96], - const unsigned char key[24] ) +static void des3_set3key(uint32_t esk[96], + uint32_t dsk[96], + const unsigned char key[24]) { int i; - mbedtls_des_setkey( esk, key ); - mbedtls_des_setkey( dsk + 32, key + 8 ); - mbedtls_des_setkey( esk + 64, key + 16 ); + mbedtls_des_setkey(esk, key); + mbedtls_des_setkey(dsk + 32, key + 8); + mbedtls_des_setkey(esk + 64, key + 16); - for( i = 0; i < 32; i += 2 ) - { - dsk[i ] = esk[94 - i]; + for (i = 0; i < 32; i += 2) { + dsk[i] = esk[94 - i]; dsk[i + 1] = esk[95 - i]; esk[i + 32] = dsk[62 - i]; @@ -566,61 +574,60 @@ static void des3_set3key( uint32_t esk[96], /* * Triple-DES key schedule (168-bit, encryption) */ -int mbedtls_des3_set3key_enc( mbedtls_des3_context *ctx, - const unsigned char key[MBEDTLS_DES_KEY_SIZE * 3] ) +int mbedtls_des3_set3key_enc(mbedtls_des3_context *ctx, + const unsigned char key[MBEDTLS_DES_KEY_SIZE * 3]) { uint32_t sk[96]; - des3_set3key( ctx->sk, sk, key ); - mbedtls_platform_zeroize( sk, sizeof( sk ) ); + des3_set3key(ctx->sk, sk, key); + mbedtls_platform_zeroize(sk, sizeof(sk)); - return( 0 ); + return 0; } /* * Triple-DES key schedule (168-bit, decryption) */ -int mbedtls_des3_set3key_dec( mbedtls_des3_context *ctx, - const unsigned char key[MBEDTLS_DES_KEY_SIZE * 3] ) +int mbedtls_des3_set3key_dec(mbedtls_des3_context *ctx, + const unsigned char key[MBEDTLS_DES_KEY_SIZE * 3]) { uint32_t sk[96]; - des3_set3key( sk, ctx->sk, key ); - mbedtls_platform_zeroize( sk, sizeof( sk ) ); + des3_set3key(sk, ctx->sk, key); + mbedtls_platform_zeroize(sk, sizeof(sk)); - return( 0 ); + return 0; } /* * DES-ECB block encryption/decryption */ #if !defined(MBEDTLS_DES_CRYPT_ECB_ALT) -int mbedtls_des_crypt_ecb( mbedtls_des_context *ctx, - const unsigned char input[8], - unsigned char output[8] ) +int mbedtls_des_crypt_ecb(mbedtls_des_context *ctx, + const unsigned char input[8], + unsigned char output[8]) { int i; uint32_t X, Y, T, *SK; SK = ctx->sk; - X = MBEDTLS_GET_UINT32_BE( input, 0 ); - Y = MBEDTLS_GET_UINT32_BE( input, 4 ); + X = MBEDTLS_GET_UINT32_BE(input, 0); + Y = MBEDTLS_GET_UINT32_BE(input, 4); - DES_IP( X, Y ); + DES_IP(X, Y); - for( i = 0; i < 8; i++ ) - { - DES_ROUND( Y, X ); - DES_ROUND( X, Y ); + for (i = 0; i < 8; i++) { + DES_ROUND(Y, X); + DES_ROUND(X, Y); } - DES_FP( Y, X ); + DES_FP(Y, X); - MBEDTLS_PUT_UINT32_BE( Y, output, 0 ); - MBEDTLS_PUT_UINT32_BE( X, output, 4 ); + MBEDTLS_PUT_UINT32_BE(Y, output, 0); + MBEDTLS_PUT_UINT32_BE(X, output, 4); - return( 0 ); + return 0; } #endif /* !MBEDTLS_DES_CRYPT_ECB_ALT */ @@ -628,50 +635,50 @@ int mbedtls_des_crypt_ecb( mbedtls_des_context *ctx, /* * DES-CBC buffer encryption/decryption */ -int mbedtls_des_crypt_cbc( mbedtls_des_context *ctx, - int mode, - size_t length, - unsigned char iv[8], - const unsigned char *input, - unsigned char *output ) +int mbedtls_des_crypt_cbc(mbedtls_des_context *ctx, + int mode, + size_t length, + unsigned char iv[8], + const unsigned char *input, + unsigned char *output) { int i; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char temp[8]; - if( length % 8 ) - return( MBEDTLS_ERR_DES_INVALID_INPUT_LENGTH ); + if (length % 8) { + return MBEDTLS_ERR_DES_INVALID_INPUT_LENGTH; + } - if( mode == MBEDTLS_DES_ENCRYPT ) - { - while( length > 0 ) - { - for( i = 0; i < 8; i++ ) - output[i] = (unsigned char)( input[i] ^ iv[i] ); + if (mode == MBEDTLS_DES_ENCRYPT) { + while (length > 0) { + for (i = 0; i < 8; i++) { + output[i] = (unsigned char) (input[i] ^ iv[i]); + } - ret = mbedtls_des_crypt_ecb( ctx, output, output ); - if( ret != 0 ) + ret = mbedtls_des_crypt_ecb(ctx, output, output); + if (ret != 0) { goto exit; - memcpy( iv, output, 8 ); + } + memcpy(iv, output, 8); input += 8; output += 8; length -= 8; } - } - else /* MBEDTLS_DES_DECRYPT */ - { - while( length > 0 ) - { - memcpy( temp, input, 8 ); - ret = mbedtls_des_crypt_ecb( ctx, input, output ); - if( ret != 0 ) + } else { /* MBEDTLS_DES_DECRYPT */ + while (length > 0) { + memcpy(temp, input, 8); + ret = mbedtls_des_crypt_ecb(ctx, input, output); + if (ret != 0) { goto exit; + } - for( i = 0; i < 8; i++ ) - output[i] = (unsigned char)( output[i] ^ iv[i] ); + for (i = 0; i < 8; i++) { + output[i] = (unsigned char) (output[i] ^ iv[i]); + } - memcpy( iv, temp, 8 ); + memcpy(iv, temp, 8); input += 8; output += 8; @@ -681,7 +688,7 @@ int mbedtls_des_crypt_cbc( mbedtls_des_context *ctx, ret = 0; exit: - return( ret ); + return ret; } #endif /* MBEDTLS_CIPHER_MODE_CBC */ @@ -689,44 +696,41 @@ exit: * 3DES-ECB block encryption/decryption */ #if !defined(MBEDTLS_DES3_CRYPT_ECB_ALT) -int mbedtls_des3_crypt_ecb( mbedtls_des3_context *ctx, - const unsigned char input[8], - unsigned char output[8] ) +int mbedtls_des3_crypt_ecb(mbedtls_des3_context *ctx, + const unsigned char input[8], + unsigned char output[8]) { int i; uint32_t X, Y, T, *SK; SK = ctx->sk; - X = MBEDTLS_GET_UINT32_BE( input, 0 ); - Y = MBEDTLS_GET_UINT32_BE( input, 4 ); + X = MBEDTLS_GET_UINT32_BE(input, 0); + Y = MBEDTLS_GET_UINT32_BE(input, 4); - DES_IP( X, Y ); + DES_IP(X, Y); - for( i = 0; i < 8; i++ ) - { - DES_ROUND( Y, X ); - DES_ROUND( X, Y ); + for (i = 0; i < 8; i++) { + DES_ROUND(Y, X); + DES_ROUND(X, Y); } - for( i = 0; i < 8; i++ ) - { - DES_ROUND( X, Y ); - DES_ROUND( Y, X ); + for (i = 0; i < 8; i++) { + DES_ROUND(X, Y); + DES_ROUND(Y, X); } - for( i = 0; i < 8; i++ ) - { - DES_ROUND( Y, X ); - DES_ROUND( X, Y ); + for (i = 0; i < 8; i++) { + DES_ROUND(Y, X); + DES_ROUND(X, Y); } - DES_FP( Y, X ); + DES_FP(Y, X); - MBEDTLS_PUT_UINT32_BE( Y, output, 0 ); - MBEDTLS_PUT_UINT32_BE( X, output, 4 ); + MBEDTLS_PUT_UINT32_BE(Y, output, 0); + MBEDTLS_PUT_UINT32_BE(X, output, 4); - return( 0 ); + return 0; } #endif /* !MBEDTLS_DES3_CRYPT_ECB_ALT */ @@ -734,50 +738,50 @@ int mbedtls_des3_crypt_ecb( mbedtls_des3_context *ctx, /* * 3DES-CBC buffer encryption/decryption */ -int mbedtls_des3_crypt_cbc( mbedtls_des3_context *ctx, - int mode, - size_t length, - unsigned char iv[8], - const unsigned char *input, - unsigned char *output ) +int mbedtls_des3_crypt_cbc(mbedtls_des3_context *ctx, + int mode, + size_t length, + unsigned char iv[8], + const unsigned char *input, + unsigned char *output) { int i; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char temp[8]; - if( length % 8 ) - return( MBEDTLS_ERR_DES_INVALID_INPUT_LENGTH ); + if (length % 8) { + return MBEDTLS_ERR_DES_INVALID_INPUT_LENGTH; + } - if( mode == MBEDTLS_DES_ENCRYPT ) - { - while( length > 0 ) - { - for( i = 0; i < 8; i++ ) - output[i] = (unsigned char)( input[i] ^ iv[i] ); + if (mode == MBEDTLS_DES_ENCRYPT) { + while (length > 0) { + for (i = 0; i < 8; i++) { + output[i] = (unsigned char) (input[i] ^ iv[i]); + } - ret = mbedtls_des3_crypt_ecb( ctx, output, output ); - if( ret != 0 ) + ret = mbedtls_des3_crypt_ecb(ctx, output, output); + if (ret != 0) { goto exit; - memcpy( iv, output, 8 ); + } + memcpy(iv, output, 8); input += 8; output += 8; length -= 8; } - } - else /* MBEDTLS_DES_DECRYPT */ - { - while( length > 0 ) - { - memcpy( temp, input, 8 ); - ret = mbedtls_des3_crypt_ecb( ctx, input, output ); - if( ret != 0 ) + } else { /* MBEDTLS_DES_DECRYPT */ + while (length > 0) { + memcpy(temp, input, 8); + ret = mbedtls_des3_crypt_ecb(ctx, input, output); + if (ret != 0) { goto exit; + } - for( i = 0; i < 8; i++ ) - output[i] = (unsigned char)( output[i] ^ iv[i] ); + for (i = 0; i < 8; i++) { + output[i] = (unsigned char) (output[i] ^ iv[i]); + } - memcpy( iv, temp, 8 ); + memcpy(iv, temp, 8); input += 8; output += 8; @@ -787,7 +791,7 @@ int mbedtls_des3_crypt_cbc( mbedtls_des3_context *ctx, ret = 0; exit: - return( ret ); + return ret; } #endif /* MBEDTLS_CIPHER_MODE_CBC */ @@ -849,7 +853,7 @@ static const unsigned char des3_test_cbc_enc[3][8] = /* * Checkup routine */ -int mbedtls_des_self_test( int verbose ) +int mbedtls_des_self_test(int verbose) { int i, j, u, v, ret = 0; mbedtls_des_context ctx; @@ -860,194 +864,199 @@ int mbedtls_des_self_test( int verbose ) unsigned char iv[8]; #endif - mbedtls_des_init( &ctx ); - mbedtls_des3_init( &ctx3 ); + mbedtls_des_init(&ctx); + mbedtls_des3_init(&ctx3); /* * ECB mode */ - for( i = 0; i < 6; i++ ) - { + for (i = 0; i < 6; i++) { u = i >> 1; v = i & 1; - if( verbose != 0 ) - mbedtls_printf( " DES%c-ECB-%3d (%s): ", - ( u == 0 ) ? ' ' : '3', 56 + u * 56, - ( v == MBEDTLS_DES_DECRYPT ) ? "dec" : "enc" ); + if (verbose != 0) { + mbedtls_printf(" DES%c-ECB-%3d (%s): ", + (u == 0) ? ' ' : '3', 56 + u * 56, + (v == MBEDTLS_DES_DECRYPT) ? "dec" : "enc"); + } - memcpy( buf, des3_test_buf, 8 ); + memcpy(buf, des3_test_buf, 8); - switch( i ) - { - case 0: - ret = mbedtls_des_setkey_dec( &ctx, des3_test_keys ); - break; + switch (i) { + case 0: + ret = mbedtls_des_setkey_dec(&ctx, des3_test_keys); + break; - case 1: - ret = mbedtls_des_setkey_enc( &ctx, des3_test_keys ); - break; + case 1: + ret = mbedtls_des_setkey_enc(&ctx, des3_test_keys); + break; - case 2: - ret = mbedtls_des3_set2key_dec( &ctx3, des3_test_keys ); - break; + case 2: + ret = mbedtls_des3_set2key_dec(&ctx3, des3_test_keys); + break; - case 3: - ret = mbedtls_des3_set2key_enc( &ctx3, des3_test_keys ); - break; + case 3: + ret = mbedtls_des3_set2key_enc(&ctx3, des3_test_keys); + break; - case 4: - ret = mbedtls_des3_set3key_dec( &ctx3, des3_test_keys ); - break; + case 4: + ret = mbedtls_des3_set3key_dec(&ctx3, des3_test_keys); + break; - case 5: - ret = mbedtls_des3_set3key_enc( &ctx3, des3_test_keys ); - break; + case 5: + ret = mbedtls_des3_set3key_enc(&ctx3, des3_test_keys); + break; - default: - return( 1 ); + default: + return 1; } - if( ret != 0 ) + if (ret != 0) { goto exit; + } - for( j = 0; j < 100; j++ ) - { - if( u == 0 ) - ret = mbedtls_des_crypt_ecb( &ctx, buf, buf ); - else - ret = mbedtls_des3_crypt_ecb( &ctx3, buf, buf ); - if( ret != 0 ) + for (j = 0; j < 100; j++) { + if (u == 0) { + ret = mbedtls_des_crypt_ecb(&ctx, buf, buf); + } else { + ret = mbedtls_des3_crypt_ecb(&ctx3, buf, buf); + } + if (ret != 0) { goto exit; + } } - if( ( v == MBEDTLS_DES_DECRYPT && - memcmp( buf, des3_test_ecb_dec[u], 8 ) != 0 ) || - ( v != MBEDTLS_DES_DECRYPT && - memcmp( buf, des3_test_ecb_enc[u], 8 ) != 0 ) ) - { - if( verbose != 0 ) - mbedtls_printf( "failed\n" ); + if ((v == MBEDTLS_DES_DECRYPT && + memcmp(buf, des3_test_ecb_dec[u], 8) != 0) || + (v != MBEDTLS_DES_DECRYPT && + memcmp(buf, des3_test_ecb_enc[u], 8) != 0)) { + if (verbose != 0) { + mbedtls_printf("failed\n"); + } ret = 1; goto exit; } - if( verbose != 0 ) - mbedtls_printf( "passed\n" ); + if (verbose != 0) { + mbedtls_printf("passed\n"); + } } - if( verbose != 0 ) - mbedtls_printf( "\n" ); + if (verbose != 0) { + mbedtls_printf("\n"); + } #if defined(MBEDTLS_CIPHER_MODE_CBC) /* * CBC mode */ - for( i = 0; i < 6; i++ ) - { + for (i = 0; i < 6; i++) { u = i >> 1; v = i & 1; - if( verbose != 0 ) - mbedtls_printf( " DES%c-CBC-%3d (%s): ", - ( u == 0 ) ? ' ' : '3', 56 + u * 56, - ( v == MBEDTLS_DES_DECRYPT ) ? "dec" : "enc" ); + if (verbose != 0) { + mbedtls_printf(" DES%c-CBC-%3d (%s): ", + (u == 0) ? ' ' : '3', 56 + u * 56, + (v == MBEDTLS_DES_DECRYPT) ? "dec" : "enc"); + } - memcpy( iv, des3_test_iv, 8 ); - memcpy( prv, des3_test_iv, 8 ); - memcpy( buf, des3_test_buf, 8 ); + memcpy(iv, des3_test_iv, 8); + memcpy(prv, des3_test_iv, 8); + memcpy(buf, des3_test_buf, 8); - switch( i ) - { - case 0: - ret = mbedtls_des_setkey_dec( &ctx, des3_test_keys ); - break; + switch (i) { + case 0: + ret = mbedtls_des_setkey_dec(&ctx, des3_test_keys); + break; - case 1: - ret = mbedtls_des_setkey_enc( &ctx, des3_test_keys ); - break; + case 1: + ret = mbedtls_des_setkey_enc(&ctx, des3_test_keys); + break; - case 2: - ret = mbedtls_des3_set2key_dec( &ctx3, des3_test_keys ); - break; + case 2: + ret = mbedtls_des3_set2key_dec(&ctx3, des3_test_keys); + break; - case 3: - ret = mbedtls_des3_set2key_enc( &ctx3, des3_test_keys ); - break; + case 3: + ret = mbedtls_des3_set2key_enc(&ctx3, des3_test_keys); + break; - case 4: - ret = mbedtls_des3_set3key_dec( &ctx3, des3_test_keys ); - break; + case 4: + ret = mbedtls_des3_set3key_dec(&ctx3, des3_test_keys); + break; - case 5: - ret = mbedtls_des3_set3key_enc( &ctx3, des3_test_keys ); - break; + case 5: + ret = mbedtls_des3_set3key_enc(&ctx3, des3_test_keys); + break; - default: - return( 1 ); + default: + return 1; } - if( ret != 0 ) + if (ret != 0) { goto exit; + } - if( v == MBEDTLS_DES_DECRYPT ) - { - for( j = 0; j < 100; j++ ) - { - if( u == 0 ) - ret = mbedtls_des_crypt_cbc( &ctx, v, 8, iv, buf, buf ); - else - ret = mbedtls_des3_crypt_cbc( &ctx3, v, 8, iv, buf, buf ); - if( ret != 0 ) + if (v == MBEDTLS_DES_DECRYPT) { + for (j = 0; j < 100; j++) { + if (u == 0) { + ret = mbedtls_des_crypt_cbc(&ctx, v, 8, iv, buf, buf); + } else { + ret = mbedtls_des3_crypt_cbc(&ctx3, v, 8, iv, buf, buf); + } + if (ret != 0) { goto exit; + } } - } - else - { - for( j = 0; j < 100; j++ ) - { + } else { + for (j = 0; j < 100; j++) { unsigned char tmp[8]; - if( u == 0 ) - ret = mbedtls_des_crypt_cbc( &ctx, v, 8, iv, buf, buf ); - else - ret = mbedtls_des3_crypt_cbc( &ctx3, v, 8, iv, buf, buf ); - if( ret != 0 ) + if (u == 0) { + ret = mbedtls_des_crypt_cbc(&ctx, v, 8, iv, buf, buf); + } else { + ret = mbedtls_des3_crypt_cbc(&ctx3, v, 8, iv, buf, buf); + } + if (ret != 0) { goto exit; + } - memcpy( tmp, prv, 8 ); - memcpy( prv, buf, 8 ); - memcpy( buf, tmp, 8 ); + memcpy(tmp, prv, 8); + memcpy(prv, buf, 8); + memcpy(buf, tmp, 8); } - memcpy( buf, prv, 8 ); + memcpy(buf, prv, 8); } - if( ( v == MBEDTLS_DES_DECRYPT && - memcmp( buf, des3_test_cbc_dec[u], 8 ) != 0 ) || - ( v != MBEDTLS_DES_DECRYPT && - memcmp( buf, des3_test_cbc_enc[u], 8 ) != 0 ) ) - { - if( verbose != 0 ) - mbedtls_printf( "failed\n" ); + if ((v == MBEDTLS_DES_DECRYPT && + memcmp(buf, des3_test_cbc_dec[u], 8) != 0) || + (v != MBEDTLS_DES_DECRYPT && + memcmp(buf, des3_test_cbc_enc[u], 8) != 0)) { + if (verbose != 0) { + mbedtls_printf("failed\n"); + } ret = 1; goto exit; } - if( verbose != 0 ) - mbedtls_printf( "passed\n" ); + if (verbose != 0) { + mbedtls_printf("passed\n"); + } } #endif /* MBEDTLS_CIPHER_MODE_CBC */ - if( verbose != 0 ) - mbedtls_printf( "\n" ); + if (verbose != 0) { + mbedtls_printf("\n"); + } exit: - mbedtls_des_free( &ctx ); - mbedtls_des3_free( &ctx3 ); + mbedtls_des_free(&ctx); + mbedtls_des3_free(&ctx3); - if( ret != 0 ) + if (ret != 0) { ret = 1; - return( ret ); + } + return ret; } #endif /* MBEDTLS_SELF_TEST */ diff --git a/thirdparty/mbedtls/library/dhm.c b/thirdparty/mbedtls/library/dhm.c index 4d2e33e689..c6f955ee42 100644 --- a/thirdparty/mbedtls/library/dhm.c +++ b/thirdparty/mbedtls/library/dhm.c @@ -47,35 +47,38 @@ #if !defined(MBEDTLS_DHM_ALT) -#define DHM_VALIDATE_RET( cond ) \ - MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_DHM_BAD_INPUT_DATA ) -#define DHM_VALIDATE( cond ) \ - MBEDTLS_INTERNAL_VALIDATE( cond ) +#define DHM_VALIDATE_RET(cond) \ + MBEDTLS_INTERNAL_VALIDATE_RET(cond, MBEDTLS_ERR_DHM_BAD_INPUT_DATA) +#define DHM_VALIDATE(cond) \ + MBEDTLS_INTERNAL_VALIDATE(cond) /* * helper to validate the mbedtls_mpi size and import it */ -static int dhm_read_bignum( mbedtls_mpi *X, - unsigned char **p, - const unsigned char *end ) +static int dhm_read_bignum(mbedtls_mpi *X, + unsigned char **p, + const unsigned char *end) { int ret, n; - if( end - *p < 2 ) - return( MBEDTLS_ERR_DHM_BAD_INPUT_DATA ); + if (end - *p < 2) { + return MBEDTLS_ERR_DHM_BAD_INPUT_DATA; + } - n = ( (*p)[0] << 8 ) | (*p)[1]; + n = ((*p)[0] << 8) | (*p)[1]; (*p) += 2; - if( (int)( end - *p ) < n ) - return( MBEDTLS_ERR_DHM_BAD_INPUT_DATA ); + if ((int) (end - *p) < n) { + return MBEDTLS_ERR_DHM_BAD_INPUT_DATA; + } - if( ( ret = mbedtls_mpi_read_binary( X, *p, n ) ) != 0 ) - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_DHM_READ_PARAMS_FAILED, ret ) ); + if ((ret = mbedtls_mpi_read_binary(X, *p, n)) != 0) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_DHM_READ_PARAMS_FAILED, ret); + } (*p) += n; - return( 0 ); + return 0; } /* @@ -90,232 +93,242 @@ static int dhm_read_bignum( mbedtls_mpi *X, * http://www.cl.cam.ac.uk/~rja14/Papers/psandqs.pdf * http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-2643 */ -static int dhm_check_range( const mbedtls_mpi *param, const mbedtls_mpi *P ) +static int dhm_check_range(const mbedtls_mpi *param, const mbedtls_mpi *P) { mbedtls_mpi U; int ret = 0; - mbedtls_mpi_init( &U ); + mbedtls_mpi_init(&U); - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &U, P, 2 ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_sub_int(&U, P, 2)); - if( mbedtls_mpi_cmp_int( param, 2 ) < 0 || - mbedtls_mpi_cmp_mpi( param, &U ) > 0 ) - { + if (mbedtls_mpi_cmp_int(param, 2) < 0 || + mbedtls_mpi_cmp_mpi(param, &U) > 0) { ret = MBEDTLS_ERR_DHM_BAD_INPUT_DATA; } cleanup: - mbedtls_mpi_free( &U ); - return( ret ); + mbedtls_mpi_free(&U); + return ret; } -void mbedtls_dhm_init( mbedtls_dhm_context *ctx ) +void mbedtls_dhm_init(mbedtls_dhm_context *ctx) { - DHM_VALIDATE( ctx != NULL ); - memset( ctx, 0, sizeof( mbedtls_dhm_context ) ); + DHM_VALIDATE(ctx != NULL); + memset(ctx, 0, sizeof(mbedtls_dhm_context)); } /* * Parse the ServerKeyExchange parameters */ -int mbedtls_dhm_read_params( mbedtls_dhm_context *ctx, - unsigned char **p, - const unsigned char *end ) +int mbedtls_dhm_read_params(mbedtls_dhm_context *ctx, + unsigned char **p, + const unsigned char *end) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - DHM_VALIDATE_RET( ctx != NULL ); - DHM_VALIDATE_RET( p != NULL && *p != NULL ); - DHM_VALIDATE_RET( end != NULL ); - - if( ( ret = dhm_read_bignum( &ctx->P, p, end ) ) != 0 || - ( ret = dhm_read_bignum( &ctx->G, p, end ) ) != 0 || - ( ret = dhm_read_bignum( &ctx->GY, p, end ) ) != 0 ) - return( ret ); + DHM_VALIDATE_RET(ctx != NULL); + DHM_VALIDATE_RET(p != NULL && *p != NULL); + DHM_VALIDATE_RET(end != NULL); + + if ((ret = dhm_read_bignum(&ctx->P, p, end)) != 0 || + (ret = dhm_read_bignum(&ctx->G, p, end)) != 0 || + (ret = dhm_read_bignum(&ctx->GY, p, end)) != 0) { + return ret; + } - if( ( ret = dhm_check_range( &ctx->GY, &ctx->P ) ) != 0 ) - return( ret ); + if ((ret = dhm_check_range(&ctx->GY, &ctx->P)) != 0) { + return ret; + } - ctx->len = mbedtls_mpi_size( &ctx->P ); + ctx->len = mbedtls_mpi_size(&ctx->P); - return( 0 ); + return 0; } /* * Pick a random R in the range [2, M-2] for blinding or key generation. */ -static int dhm_random_below( mbedtls_mpi *R, const mbedtls_mpi *M, - int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) +static int dhm_random_below(mbedtls_mpi *R, const mbedtls_mpi *M, + int (*f_rng)(void *, unsigned char *, size_t), void *p_rng) { int ret; - MBEDTLS_MPI_CHK( mbedtls_mpi_random( R, 3, M, f_rng, p_rng ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( R, R, 1 ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_random(R, 3, M, f_rng, p_rng)); + MBEDTLS_MPI_CHK(mbedtls_mpi_sub_int(R, R, 1)); cleanup: - return( ret ); + return ret; } -static int dhm_make_common( mbedtls_dhm_context *ctx, int x_size, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ) +static int dhm_make_common(mbedtls_dhm_context *ctx, int x_size, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng) { int ret = 0; - if( mbedtls_mpi_cmp_int( &ctx->P, 0 ) == 0 ) - return( MBEDTLS_ERR_DHM_BAD_INPUT_DATA ); - if( x_size < 0 ) - return( MBEDTLS_ERR_DHM_BAD_INPUT_DATA ); - - if( (unsigned) x_size < mbedtls_mpi_size( &ctx->P ) ) - { - MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( &ctx->X, x_size, f_rng, p_rng ) ); + if (mbedtls_mpi_cmp_int(&ctx->P, 0) == 0) { + return MBEDTLS_ERR_DHM_BAD_INPUT_DATA; + } + if (x_size < 0) { + return MBEDTLS_ERR_DHM_BAD_INPUT_DATA; } - else - { + + if ((unsigned) x_size < mbedtls_mpi_size(&ctx->P)) { + MBEDTLS_MPI_CHK(mbedtls_mpi_fill_random(&ctx->X, x_size, f_rng, p_rng)); + } else { /* Generate X as large as possible ( <= P - 2 ) */ - ret = dhm_random_below( &ctx->X, &ctx->P, f_rng, p_rng ); - if( ret == MBEDTLS_ERR_MPI_NOT_ACCEPTABLE ) - return( MBEDTLS_ERR_DHM_MAKE_PARAMS_FAILED ); - if( ret != 0 ) - return( ret ); + ret = dhm_random_below(&ctx->X, &ctx->P, f_rng, p_rng); + if (ret == MBEDTLS_ERR_MPI_NOT_ACCEPTABLE) { + return MBEDTLS_ERR_DHM_MAKE_PARAMS_FAILED; + } + if (ret != 0) { + return ret; + } } /* * Calculate GX = G^X mod P */ - MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &ctx->GX, &ctx->G, &ctx->X, - &ctx->P , &ctx->RP ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_exp_mod(&ctx->GX, &ctx->G, &ctx->X, + &ctx->P, &ctx->RP)); - if( ( ret = dhm_check_range( &ctx->GX, &ctx->P ) ) != 0 ) - return( ret ); + if ((ret = dhm_check_range(&ctx->GX, &ctx->P)) != 0) { + return ret; + } cleanup: - return( ret ); + return ret; } /* * Setup and write the ServerKeyExchange parameters */ -int mbedtls_dhm_make_params( mbedtls_dhm_context *ctx, int x_size, - unsigned char *output, size_t *olen, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ) +int mbedtls_dhm_make_params(mbedtls_dhm_context *ctx, int x_size, + unsigned char *output, size_t *olen, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng) { int ret; size_t n1, n2, n3; unsigned char *p; - DHM_VALIDATE_RET( ctx != NULL ); - DHM_VALIDATE_RET( output != NULL ); - DHM_VALIDATE_RET( olen != NULL ); - DHM_VALIDATE_RET( f_rng != NULL ); + DHM_VALIDATE_RET(ctx != NULL); + DHM_VALIDATE_RET(output != NULL); + DHM_VALIDATE_RET(olen != NULL); + DHM_VALIDATE_RET(f_rng != NULL); - ret = dhm_make_common( ctx, x_size, f_rng, p_rng ); - if( ret != 0 ) + ret = dhm_make_common(ctx, x_size, f_rng, p_rng); + if (ret != 0) { goto cleanup; + } /* * Export P, G, GX. RFC 5246 §4.4 states that "leading zero octets are * not required". We omit leading zeros for compactness. */ -#define DHM_MPI_EXPORT( X, n ) \ +#define DHM_MPI_EXPORT(X, n) \ do { \ - MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( ( X ), \ - p + 2, \ - ( n ) ) ); \ - *p++ = MBEDTLS_BYTE_1( n ); \ - *p++ = MBEDTLS_BYTE_0( n ); \ - p += ( n ); \ - } while( 0 ) - - n1 = mbedtls_mpi_size( &ctx->P ); - n2 = mbedtls_mpi_size( &ctx->G ); - n3 = mbedtls_mpi_size( &ctx->GX ); + MBEDTLS_MPI_CHK(mbedtls_mpi_write_binary((X), \ + p + 2, \ + (n))); \ + *p++ = MBEDTLS_BYTE_1(n); \ + *p++ = MBEDTLS_BYTE_0(n); \ + p += (n); \ + } while (0) + + n1 = mbedtls_mpi_size(&ctx->P); + n2 = mbedtls_mpi_size(&ctx->G); + n3 = mbedtls_mpi_size(&ctx->GX); p = output; - DHM_MPI_EXPORT( &ctx->P , n1 ); - DHM_MPI_EXPORT( &ctx->G , n2 ); - DHM_MPI_EXPORT( &ctx->GX, n3 ); + DHM_MPI_EXPORT(&ctx->P, n1); + DHM_MPI_EXPORT(&ctx->G, n2); + DHM_MPI_EXPORT(&ctx->GX, n3); *olen = p - output; ctx->len = n1; cleanup: - if( ret != 0 && ret > -128 ) - ret = MBEDTLS_ERROR_ADD( MBEDTLS_ERR_DHM_MAKE_PARAMS_FAILED, ret ); - return( ret ); + if (ret != 0 && ret > -128) { + ret = MBEDTLS_ERROR_ADD(MBEDTLS_ERR_DHM_MAKE_PARAMS_FAILED, ret); + } + return ret; } /* * Set prime modulus and generator */ -int mbedtls_dhm_set_group( mbedtls_dhm_context *ctx, - const mbedtls_mpi *P, - const mbedtls_mpi *G ) +int mbedtls_dhm_set_group(mbedtls_dhm_context *ctx, + const mbedtls_mpi *P, + const mbedtls_mpi *G) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - DHM_VALIDATE_RET( ctx != NULL ); - DHM_VALIDATE_RET( P != NULL ); - DHM_VALIDATE_RET( G != NULL ); + DHM_VALIDATE_RET(ctx != NULL); + DHM_VALIDATE_RET(P != NULL); + DHM_VALIDATE_RET(G != NULL); - if( ( ret = mbedtls_mpi_copy( &ctx->P, P ) ) != 0 || - ( ret = mbedtls_mpi_copy( &ctx->G, G ) ) != 0 ) - { - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_DHM_SET_GROUP_FAILED, ret ) ); + if ((ret = mbedtls_mpi_copy(&ctx->P, P)) != 0 || + (ret = mbedtls_mpi_copy(&ctx->G, G)) != 0) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_DHM_SET_GROUP_FAILED, ret); } - ctx->len = mbedtls_mpi_size( &ctx->P ); - return( 0 ); + ctx->len = mbedtls_mpi_size(&ctx->P); + return 0; } /* * Import the peer's public value G^Y */ -int mbedtls_dhm_read_public( mbedtls_dhm_context *ctx, - const unsigned char *input, size_t ilen ) +int mbedtls_dhm_read_public(mbedtls_dhm_context *ctx, + const unsigned char *input, size_t ilen) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - DHM_VALIDATE_RET( ctx != NULL ); - DHM_VALIDATE_RET( input != NULL ); + DHM_VALIDATE_RET(ctx != NULL); + DHM_VALIDATE_RET(input != NULL); - if( ilen < 1 || ilen > ctx->len ) - return( MBEDTLS_ERR_DHM_BAD_INPUT_DATA ); + if (ilen < 1 || ilen > ctx->len) { + return MBEDTLS_ERR_DHM_BAD_INPUT_DATA; + } - if( ( ret = mbedtls_mpi_read_binary( &ctx->GY, input, ilen ) ) != 0 ) - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_DHM_READ_PUBLIC_FAILED, ret ) ); + if ((ret = mbedtls_mpi_read_binary(&ctx->GY, input, ilen)) != 0) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_DHM_READ_PUBLIC_FAILED, ret); + } - return( 0 ); + return 0; } /* * Create own private value X and export G^X */ -int mbedtls_dhm_make_public( mbedtls_dhm_context *ctx, int x_size, - unsigned char *output, size_t olen, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ) +int mbedtls_dhm_make_public(mbedtls_dhm_context *ctx, int x_size, + unsigned char *output, size_t olen, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng) { int ret; - DHM_VALIDATE_RET( ctx != NULL ); - DHM_VALIDATE_RET( output != NULL ); - DHM_VALIDATE_RET( f_rng != NULL ); + DHM_VALIDATE_RET(ctx != NULL); + DHM_VALIDATE_RET(output != NULL); + DHM_VALIDATE_RET(f_rng != NULL); - if( olen < 1 || olen > ctx->len ) - return( MBEDTLS_ERR_DHM_BAD_INPUT_DATA ); + if (olen < 1 || olen > ctx->len) { + return MBEDTLS_ERR_DHM_BAD_INPUT_DATA; + } - ret = dhm_make_common( ctx, x_size, f_rng, p_rng ); - if( ret == MBEDTLS_ERR_DHM_MAKE_PARAMS_FAILED ) - return( MBEDTLS_ERR_DHM_MAKE_PUBLIC_FAILED ); - if( ret != 0 ) + ret = dhm_make_common(ctx, x_size, f_rng, p_rng); + if (ret == MBEDTLS_ERR_DHM_MAKE_PARAMS_FAILED) { + return MBEDTLS_ERR_DHM_MAKE_PUBLIC_FAILED; + } + if (ret != 0) { goto cleanup; + } - MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &ctx->GX, output, olen ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_write_binary(&ctx->GX, output, olen)); cleanup: - if( ret != 0 && ret > -128 ) - ret = MBEDTLS_ERROR_ADD( MBEDTLS_ERR_DHM_MAKE_PUBLIC_FAILED, ret ); - return( ret ); + if (ret != 0 && ret > -128) { + ret = MBEDTLS_ERROR_ADD(MBEDTLS_ERR_DHM_MAKE_PUBLIC_FAILED, ret); + } + return ret; } @@ -325,40 +338,38 @@ cleanup: * DSS, and other systems. In : Advances in Cryptology-CRYPTO'96. Springer * Berlin Heidelberg, 1996. p. 104-113. */ -static int dhm_update_blinding( mbedtls_dhm_context *ctx, - int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) +static int dhm_update_blinding(mbedtls_dhm_context *ctx, + int (*f_rng)(void *, unsigned char *, size_t), void *p_rng) { int ret; mbedtls_mpi R; - mbedtls_mpi_init( &R ); + mbedtls_mpi_init(&R); /* * Don't use any blinding the first time a particular X is used, * but remember it to use blinding next time. */ - if( mbedtls_mpi_cmp_mpi( &ctx->X, &ctx->pX ) != 0 ) - { - MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &ctx->pX, &ctx->X ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &ctx->Vi, 1 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &ctx->Vf, 1 ) ); + if (mbedtls_mpi_cmp_mpi(&ctx->X, &ctx->pX) != 0) { + MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&ctx->pX, &ctx->X)); + MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&ctx->Vi, 1)); + MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&ctx->Vf, 1)); - return( 0 ); + return 0; } /* * Ok, we need blinding. Can we re-use existing values? * If yes, just update them by squaring them. */ - if( mbedtls_mpi_cmp_int( &ctx->Vi, 1 ) != 0 ) - { - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &ctx->Vi, &ctx->Vi, &ctx->Vi ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &ctx->Vi, &ctx->Vi, &ctx->P ) ); + if (mbedtls_mpi_cmp_int(&ctx->Vi, 1) != 0) { + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&ctx->Vi, &ctx->Vi, &ctx->Vi)); + MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(&ctx->Vi, &ctx->Vi, &ctx->P)); - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &ctx->Vf, &ctx->Vf, &ctx->Vf ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &ctx->Vf, &ctx->Vf, &ctx->P ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&ctx->Vf, &ctx->Vf, &ctx->Vf)); + MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(&ctx->Vf, &ctx->Vf, &ctx->P)); - return( 0 ); + return 0; } /* @@ -366,111 +377,113 @@ static int dhm_update_blinding( mbedtls_dhm_context *ctx, */ /* Vi = random( 2, P-2 ) */ - MBEDTLS_MPI_CHK( dhm_random_below( &ctx->Vi, &ctx->P, f_rng, p_rng ) ); + MBEDTLS_MPI_CHK(dhm_random_below(&ctx->Vi, &ctx->P, f_rng, p_rng)); /* Vf = Vi^-X mod P * First compute Vi^-1 = R * (R Vi)^-1, (avoiding leaks from inv_mod), * then elevate to the Xth power. */ - MBEDTLS_MPI_CHK( dhm_random_below( &R, &ctx->P, f_rng, p_rng ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &ctx->Vf, &ctx->Vi, &R ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &ctx->Vf, &ctx->Vf, &ctx->P ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( &ctx->Vf, &ctx->Vf, &ctx->P ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &ctx->Vf, &ctx->Vf, &R ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &ctx->Vf, &ctx->Vf, &ctx->P ) ); + MBEDTLS_MPI_CHK(dhm_random_below(&R, &ctx->P, f_rng, p_rng)); + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&ctx->Vf, &ctx->Vi, &R)); + MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(&ctx->Vf, &ctx->Vf, &ctx->P)); + MBEDTLS_MPI_CHK(mbedtls_mpi_inv_mod(&ctx->Vf, &ctx->Vf, &ctx->P)); + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&ctx->Vf, &ctx->Vf, &R)); + MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(&ctx->Vf, &ctx->Vf, &ctx->P)); - MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &ctx->Vf, &ctx->Vf, &ctx->X, &ctx->P, &ctx->RP ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_exp_mod(&ctx->Vf, &ctx->Vf, &ctx->X, &ctx->P, &ctx->RP)); cleanup: - mbedtls_mpi_free( &R ); + mbedtls_mpi_free(&R); - return( ret ); + return ret; } /* * Derive and export the shared secret (G^Y)^X mod P */ -int mbedtls_dhm_calc_secret( mbedtls_dhm_context *ctx, - unsigned char *output, size_t output_size, size_t *olen, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ) +int mbedtls_dhm_calc_secret(mbedtls_dhm_context *ctx, + unsigned char *output, size_t output_size, size_t *olen, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_mpi GYb; - DHM_VALIDATE_RET( ctx != NULL ); - DHM_VALIDATE_RET( output != NULL ); - DHM_VALIDATE_RET( olen != NULL ); + DHM_VALIDATE_RET(ctx != NULL); + DHM_VALIDATE_RET(output != NULL); + DHM_VALIDATE_RET(olen != NULL); - if( output_size < ctx->len ) - return( MBEDTLS_ERR_DHM_BAD_INPUT_DATA ); + if (output_size < ctx->len) { + return MBEDTLS_ERR_DHM_BAD_INPUT_DATA; + } - if( ( ret = dhm_check_range( &ctx->GY, &ctx->P ) ) != 0 ) - return( ret ); + if ((ret = dhm_check_range(&ctx->GY, &ctx->P)) != 0) { + return ret; + } - mbedtls_mpi_init( &GYb ); + mbedtls_mpi_init(&GYb); /* Blind peer's value */ - if( f_rng != NULL ) - { - MBEDTLS_MPI_CHK( dhm_update_blinding( ctx, f_rng, p_rng ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &GYb, &ctx->GY, &ctx->Vi ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &GYb, &GYb, &ctx->P ) ); + if (f_rng != NULL) { + MBEDTLS_MPI_CHK(dhm_update_blinding(ctx, f_rng, p_rng)); + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&GYb, &ctx->GY, &ctx->Vi)); + MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(&GYb, &GYb, &ctx->P)); + } else { + MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&GYb, &ctx->GY)); } - else - MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &GYb, &ctx->GY ) ); /* Do modular exponentiation */ - MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &ctx->K, &GYb, &ctx->X, - &ctx->P, &ctx->RP ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_exp_mod(&ctx->K, &GYb, &ctx->X, + &ctx->P, &ctx->RP)); /* Unblind secret value */ - if( f_rng != NULL ) - { - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &ctx->K, &ctx->K, &ctx->Vf ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &ctx->K, &ctx->K, &ctx->P ) ); + if (f_rng != NULL) { + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&ctx->K, &ctx->K, &ctx->Vf)); + MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(&ctx->K, &ctx->K, &ctx->P)); } /* Output the secret without any leading zero byte. This is mandatory * for TLS per RFC 5246 §8.1.2. */ - *olen = mbedtls_mpi_size( &ctx->K ); - MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &ctx->K, output, *olen ) ); + *olen = mbedtls_mpi_size(&ctx->K); + MBEDTLS_MPI_CHK(mbedtls_mpi_write_binary(&ctx->K, output, *olen)); cleanup: - mbedtls_mpi_free( &GYb ); + mbedtls_mpi_free(&GYb); - if( ret != 0 ) - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_DHM_CALC_SECRET_FAILED, ret ) ); + if (ret != 0) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_DHM_CALC_SECRET_FAILED, ret); + } - return( 0 ); + return 0; } /* * Free the components of a DHM key */ -void mbedtls_dhm_free( mbedtls_dhm_context *ctx ) +void mbedtls_dhm_free(mbedtls_dhm_context *ctx) { - if( ctx == NULL ) + if (ctx == NULL) { return; + } - mbedtls_mpi_free( &ctx->pX ); - mbedtls_mpi_free( &ctx->Vf ); - mbedtls_mpi_free( &ctx->Vi ); - mbedtls_mpi_free( &ctx->RP ); - mbedtls_mpi_free( &ctx->K ); - mbedtls_mpi_free( &ctx->GY ); - mbedtls_mpi_free( &ctx->GX ); - mbedtls_mpi_free( &ctx->X ); - mbedtls_mpi_free( &ctx->G ); - mbedtls_mpi_free( &ctx->P ); - - mbedtls_platform_zeroize( ctx, sizeof( mbedtls_dhm_context ) ); + mbedtls_mpi_free(&ctx->pX); + mbedtls_mpi_free(&ctx->Vf); + mbedtls_mpi_free(&ctx->Vi); + mbedtls_mpi_free(&ctx->RP); + mbedtls_mpi_free(&ctx->K); + mbedtls_mpi_free(&ctx->GY); + mbedtls_mpi_free(&ctx->GX); + mbedtls_mpi_free(&ctx->X); + mbedtls_mpi_free(&ctx->G); + mbedtls_mpi_free(&ctx->P); + + mbedtls_platform_zeroize(ctx, sizeof(mbedtls_dhm_context)); } #if defined(MBEDTLS_ASN1_PARSE_C) /* * Parse DHM parameters */ -int mbedtls_dhm_parse_dhm( mbedtls_dhm_context *dhm, const unsigned char *dhmin, - size_t dhminlen ) +int mbedtls_dhm_parse_dhm(mbedtls_dhm_context *dhm, const unsigned char *dhmin, + size_t dhminlen) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len; @@ -479,32 +492,32 @@ int mbedtls_dhm_parse_dhm( mbedtls_dhm_context *dhm, const unsigned char *dhmin, mbedtls_pem_context pem; #endif /* MBEDTLS_PEM_PARSE_C */ - DHM_VALIDATE_RET( dhm != NULL ); - DHM_VALIDATE_RET( dhmin != NULL ); + DHM_VALIDATE_RET(dhm != NULL); + DHM_VALIDATE_RET(dhmin != NULL); #if defined(MBEDTLS_PEM_PARSE_C) - mbedtls_pem_init( &pem ); + mbedtls_pem_init(&pem); /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */ - if( dhminlen == 0 || dhmin[dhminlen - 1] != '\0' ) + if (dhminlen == 0 || dhmin[dhminlen - 1] != '\0') { ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT; - else - ret = mbedtls_pem_read_buffer( &pem, - "-----BEGIN DH PARAMETERS-----", - "-----END DH PARAMETERS-----", - dhmin, NULL, 0, &dhminlen ); - - if( ret == 0 ) - { + } else { + ret = mbedtls_pem_read_buffer(&pem, + "-----BEGIN DH PARAMETERS-----", + "-----END DH PARAMETERS-----", + dhmin, NULL, 0, &dhminlen); + } + + if (ret == 0) { /* * Was PEM encoded */ dhminlen = pem.buflen; - } - else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT ) + } else if (ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT) { goto exit; + } - p = ( ret == 0 ) ? pem.buf : (unsigned char *) dhmin; + p = (ret == 0) ? pem.buf : (unsigned char *) dhmin; #else p = (unsigned char *) dhmin; #endif /* MBEDTLS_PEM_PARSE_C */ @@ -517,55 +530,51 @@ int mbedtls_dhm_parse_dhm( mbedtls_dhm_context *dhm, const unsigned char *dhmin, * privateValueLength INTEGER OPTIONAL * } */ - if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) - { - ret = MBEDTLS_ERROR_ADD( MBEDTLS_ERR_DHM_INVALID_FORMAT, ret ); + if ((ret = mbedtls_asn1_get_tag(&p, end, &len, + MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { + ret = MBEDTLS_ERROR_ADD(MBEDTLS_ERR_DHM_INVALID_FORMAT, ret); goto exit; } end = p + len; - if( ( ret = mbedtls_asn1_get_mpi( &p, end, &dhm->P ) ) != 0 || - ( ret = mbedtls_asn1_get_mpi( &p, end, &dhm->G ) ) != 0 ) - { - ret = MBEDTLS_ERROR_ADD( MBEDTLS_ERR_DHM_INVALID_FORMAT, ret ); + if ((ret = mbedtls_asn1_get_mpi(&p, end, &dhm->P)) != 0 || + (ret = mbedtls_asn1_get_mpi(&p, end, &dhm->G)) != 0) { + ret = MBEDTLS_ERROR_ADD(MBEDTLS_ERR_DHM_INVALID_FORMAT, ret); goto exit; } - if( p != end ) - { + if (p != end) { /* This might be the optional privateValueLength. * If so, we can cleanly discard it */ mbedtls_mpi rec; - mbedtls_mpi_init( &rec ); - ret = mbedtls_asn1_get_mpi( &p, end, &rec ); - mbedtls_mpi_free( &rec ); - if ( ret != 0 ) - { - ret = MBEDTLS_ERROR_ADD( MBEDTLS_ERR_DHM_INVALID_FORMAT, ret ); + mbedtls_mpi_init(&rec); + ret = mbedtls_asn1_get_mpi(&p, end, &rec); + mbedtls_mpi_free(&rec); + if (ret != 0) { + ret = MBEDTLS_ERROR_ADD(MBEDTLS_ERR_DHM_INVALID_FORMAT, ret); goto exit; } - if ( p != end ) - { - ret = MBEDTLS_ERROR_ADD( MBEDTLS_ERR_DHM_INVALID_FORMAT, - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); + if (p != end) { + ret = MBEDTLS_ERROR_ADD(MBEDTLS_ERR_DHM_INVALID_FORMAT, + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); goto exit; } } ret = 0; - dhm->len = mbedtls_mpi_size( &dhm->P ); + dhm->len = mbedtls_mpi_size(&dhm->P); exit: #if defined(MBEDTLS_PEM_PARSE_C) - mbedtls_pem_free( &pem ); + mbedtls_pem_free(&pem); #endif - if( ret != 0 ) - mbedtls_dhm_free( dhm ); + if (ret != 0) { + mbedtls_dhm_free(dhm); + } - return( ret ); + return ret; } #if defined(MBEDTLS_FS_IO) @@ -576,71 +585,71 @@ exit: * A terminating null byte is always appended. It is included in the announced * length only if the data looks like it is PEM encoded. */ -static int load_file( const char *path, unsigned char **buf, size_t *n ) +static int load_file(const char *path, unsigned char **buf, size_t *n) { FILE *f; long size; - if( ( f = fopen( path, "rb" ) ) == NULL ) - return( MBEDTLS_ERR_DHM_FILE_IO_ERROR ); + if ((f = fopen(path, "rb")) == NULL) { + return MBEDTLS_ERR_DHM_FILE_IO_ERROR; + } - fseek( f, 0, SEEK_END ); - if( ( size = ftell( f ) ) == -1 ) - { - fclose( f ); - return( MBEDTLS_ERR_DHM_FILE_IO_ERROR ); + fseek(f, 0, SEEK_END); + if ((size = ftell(f)) == -1) { + fclose(f); + return MBEDTLS_ERR_DHM_FILE_IO_ERROR; } - fseek( f, 0, SEEK_SET ); + fseek(f, 0, SEEK_SET); *n = (size_t) size; - if( *n + 1 == 0 || - ( *buf = mbedtls_calloc( 1, *n + 1 ) ) == NULL ) - { - fclose( f ); - return( MBEDTLS_ERR_DHM_ALLOC_FAILED ); + if (*n + 1 == 0 || + (*buf = mbedtls_calloc(1, *n + 1)) == NULL) { + fclose(f); + return MBEDTLS_ERR_DHM_ALLOC_FAILED; } - if( fread( *buf, 1, *n, f ) != *n ) - { - fclose( f ); + if (fread(*buf, 1, *n, f) != *n) { + fclose(f); - mbedtls_platform_zeroize( *buf, *n + 1 ); - mbedtls_free( *buf ); + mbedtls_platform_zeroize(*buf, *n + 1); + mbedtls_free(*buf); - return( MBEDTLS_ERR_DHM_FILE_IO_ERROR ); + return MBEDTLS_ERR_DHM_FILE_IO_ERROR; } - fclose( f ); + fclose(f); (*buf)[*n] = '\0'; - if( strstr( (const char *) *buf, "-----BEGIN " ) != NULL ) + if (strstr((const char *) *buf, "-----BEGIN ") != NULL) { ++*n; + } - return( 0 ); + return 0; } /* * Load and parse DHM parameters */ -int mbedtls_dhm_parse_dhmfile( mbedtls_dhm_context *dhm, const char *path ) +int mbedtls_dhm_parse_dhmfile(mbedtls_dhm_context *dhm, const char *path) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t n; unsigned char *buf; - DHM_VALIDATE_RET( dhm != NULL ); - DHM_VALIDATE_RET( path != NULL ); + DHM_VALIDATE_RET(dhm != NULL); + DHM_VALIDATE_RET(path != NULL); - if( ( ret = load_file( path, &buf, &n ) ) != 0 ) - return( ret ); + if ((ret = load_file(path, &buf, &n)) != 0) { + return ret; + } - ret = mbedtls_dhm_parse_dhm( dhm, buf, n ); + ret = mbedtls_dhm_parse_dhm(dhm, buf, n); - mbedtls_platform_zeroize( buf, n ); - mbedtls_free( buf ); + mbedtls_platform_zeroize(buf, n); + mbedtls_free(buf); - return( ret ); + return ret; } #endif /* MBEDTLS_FS_IO */ #endif /* MBEDTLS_ASN1_PARSE_C */ @@ -650,60 +659,63 @@ int mbedtls_dhm_parse_dhmfile( mbedtls_dhm_context *dhm, const char *path ) #if defined(MBEDTLS_PEM_PARSE_C) static const char mbedtls_test_dhm_params[] = -"-----BEGIN DH PARAMETERS-----\r\n" -"MIGHAoGBAJ419DBEOgmQTzo5qXl5fQcN9TN455wkOL7052HzxxRVMyhYmwQcgJvh\r\n" -"1sa18fyfR9OiVEMYglOpkqVoGLN7qd5aQNNi5W7/C+VBdHTBJcGZJyyP5B3qcz32\r\n" -"9mLJKudlVudV0Qxk5qUJaPZ/xupz0NyoVpviuiBOI1gNi8ovSXWzAgEC\r\n" -"-----END DH PARAMETERS-----\r\n"; + "-----BEGIN DH PARAMETERS-----\r\n" + "MIGHAoGBAJ419DBEOgmQTzo5qXl5fQcN9TN455wkOL7052HzxxRVMyhYmwQcgJvh\r\n" + "1sa18fyfR9OiVEMYglOpkqVoGLN7qd5aQNNi5W7/C+VBdHTBJcGZJyyP5B3qcz32\r\n" + "9mLJKudlVudV0Qxk5qUJaPZ/xupz0NyoVpviuiBOI1gNi8ovSXWzAgEC\r\n" + "-----END DH PARAMETERS-----\r\n"; #else /* MBEDTLS_PEM_PARSE_C */ static const char mbedtls_test_dhm_params[] = { - 0x30, 0x81, 0x87, 0x02, 0x81, 0x81, 0x00, 0x9e, 0x35, 0xf4, 0x30, 0x44, - 0x3a, 0x09, 0x90, 0x4f, 0x3a, 0x39, 0xa9, 0x79, 0x79, 0x7d, 0x07, 0x0d, - 0xf5, 0x33, 0x78, 0xe7, 0x9c, 0x24, 0x38, 0xbe, 0xf4, 0xe7, 0x61, 0xf3, - 0xc7, 0x14, 0x55, 0x33, 0x28, 0x58, 0x9b, 0x04, 0x1c, 0x80, 0x9b, 0xe1, - 0xd6, 0xc6, 0xb5, 0xf1, 0xfc, 0x9f, 0x47, 0xd3, 0xa2, 0x54, 0x43, 0x18, - 0x82, 0x53, 0xa9, 0x92, 0xa5, 0x68, 0x18, 0xb3, 0x7b, 0xa9, 0xde, 0x5a, - 0x40, 0xd3, 0x62, 0xe5, 0x6e, 0xff, 0x0b, 0xe5, 0x41, 0x74, 0x74, 0xc1, - 0x25, 0xc1, 0x99, 0x27, 0x2c, 0x8f, 0xe4, 0x1d, 0xea, 0x73, 0x3d, 0xf6, - 0xf6, 0x62, 0xc9, 0x2a, 0xe7, 0x65, 0x56, 0xe7, 0x55, 0xd1, 0x0c, 0x64, - 0xe6, 0xa5, 0x09, 0x68, 0xf6, 0x7f, 0xc6, 0xea, 0x73, 0xd0, 0xdc, 0xa8, - 0x56, 0x9b, 0xe2, 0xba, 0x20, 0x4e, 0x23, 0x58, 0x0d, 0x8b, 0xca, 0x2f, - 0x49, 0x75, 0xb3, 0x02, 0x01, 0x02 }; + 0x30, 0x81, 0x87, 0x02, 0x81, 0x81, 0x00, 0x9e, 0x35, 0xf4, 0x30, 0x44, + 0x3a, 0x09, 0x90, 0x4f, 0x3a, 0x39, 0xa9, 0x79, 0x79, 0x7d, 0x07, 0x0d, + 0xf5, 0x33, 0x78, 0xe7, 0x9c, 0x24, 0x38, 0xbe, 0xf4, 0xe7, 0x61, 0xf3, + 0xc7, 0x14, 0x55, 0x33, 0x28, 0x58, 0x9b, 0x04, 0x1c, 0x80, 0x9b, 0xe1, + 0xd6, 0xc6, 0xb5, 0xf1, 0xfc, 0x9f, 0x47, 0xd3, 0xa2, 0x54, 0x43, 0x18, + 0x82, 0x53, 0xa9, 0x92, 0xa5, 0x68, 0x18, 0xb3, 0x7b, 0xa9, 0xde, 0x5a, + 0x40, 0xd3, 0x62, 0xe5, 0x6e, 0xff, 0x0b, 0xe5, 0x41, 0x74, 0x74, 0xc1, + 0x25, 0xc1, 0x99, 0x27, 0x2c, 0x8f, 0xe4, 0x1d, 0xea, 0x73, 0x3d, 0xf6, + 0xf6, 0x62, 0xc9, 0x2a, 0xe7, 0x65, 0x56, 0xe7, 0x55, 0xd1, 0x0c, 0x64, + 0xe6, 0xa5, 0x09, 0x68, 0xf6, 0x7f, 0xc6, 0xea, 0x73, 0xd0, 0xdc, 0xa8, + 0x56, 0x9b, 0xe2, 0xba, 0x20, 0x4e, 0x23, 0x58, 0x0d, 0x8b, 0xca, 0x2f, + 0x49, 0x75, 0xb3, 0x02, 0x01, 0x02 +}; #endif /* MBEDTLS_PEM_PARSE_C */ -static const size_t mbedtls_test_dhm_params_len = sizeof( mbedtls_test_dhm_params ); +static const size_t mbedtls_test_dhm_params_len = sizeof(mbedtls_test_dhm_params); /* * Checkup routine */ -int mbedtls_dhm_self_test( int verbose ) +int mbedtls_dhm_self_test(int verbose) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_dhm_context dhm; - mbedtls_dhm_init( &dhm ); + mbedtls_dhm_init(&dhm); - if( verbose != 0 ) - mbedtls_printf( " DHM parameter load: " ); + if (verbose != 0) { + mbedtls_printf(" DHM parameter load: "); + } - if( ( ret = mbedtls_dhm_parse_dhm( &dhm, - (const unsigned char *) mbedtls_test_dhm_params, - mbedtls_test_dhm_params_len ) ) != 0 ) - { - if( verbose != 0 ) - mbedtls_printf( "failed\n" ); + if ((ret = mbedtls_dhm_parse_dhm(&dhm, + (const unsigned char *) mbedtls_test_dhm_params, + mbedtls_test_dhm_params_len)) != 0) { + if (verbose != 0) { + mbedtls_printf("failed\n"); + } ret = 1; goto exit; } - if( verbose != 0 ) - mbedtls_printf( "passed\n\n" ); + if (verbose != 0) { + mbedtls_printf("passed\n\n"); + } exit: - mbedtls_dhm_free( &dhm ); + mbedtls_dhm_free(&dhm); - return( ret ); + return ret; } #endif /* MBEDTLS_SELF_TEST */ diff --git a/thirdparty/mbedtls/library/ecdh.c b/thirdparty/mbedtls/library/ecdh.c index 724c938a71..2007e1670c 100644 --- a/thirdparty/mbedtls/library/ecdh.c +++ b/thirdparty/mbedtls/library/ecdh.c @@ -35,30 +35,30 @@ #include /* Parameter validation macros based on platform_util.h */ -#define ECDH_VALIDATE_RET( cond ) \ - MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_ECP_BAD_INPUT_DATA ) -#define ECDH_VALIDATE( cond ) \ - MBEDTLS_INTERNAL_VALIDATE( cond ) +#define ECDH_VALIDATE_RET(cond) \ + MBEDTLS_INTERNAL_VALIDATE_RET(cond, MBEDTLS_ERR_ECP_BAD_INPUT_DATA) +#define ECDH_VALIDATE(cond) \ + MBEDTLS_INTERNAL_VALIDATE(cond) #if defined(MBEDTLS_ECDH_LEGACY_CONTEXT) typedef mbedtls_ecdh_context mbedtls_ecdh_context_mbed; #endif static mbedtls_ecp_group_id mbedtls_ecdh_grp_id( - const mbedtls_ecdh_context *ctx ) + const mbedtls_ecdh_context *ctx) { #if defined(MBEDTLS_ECDH_LEGACY_CONTEXT) - return( ctx->grp.id ); + return ctx->grp.id; #else - return( ctx->grp_id ); + return ctx->grp_id; #endif } -int mbedtls_ecdh_can_do( mbedtls_ecp_group_id gid ) +int mbedtls_ecdh_can_do(mbedtls_ecp_group_id gid) { /* At this time, all groups support ECDH. */ (void) gid; - return( 1 ); + return 1; } #if !defined(MBEDTLS_ECDH_GEN_PUBLIC_ALT) @@ -69,41 +69,42 @@ int mbedtls_ecdh_can_do( mbedtls_ecp_group_id gid ) * the output parameter 'd' across continuation calls. This would not be * acceptable for a public function but is OK here as we control call sites. */ -static int ecdh_gen_public_restartable( mbedtls_ecp_group *grp, - mbedtls_mpi *d, mbedtls_ecp_point *Q, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng, - mbedtls_ecp_restart_ctx *rs_ctx ) +static int ecdh_gen_public_restartable(mbedtls_ecp_group *grp, + mbedtls_mpi *d, mbedtls_ecp_point *Q, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng, + mbedtls_ecp_restart_ctx *rs_ctx) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; int restarting = 0; #if defined(MBEDTLS_ECP_RESTARTABLE) - restarting = ( rs_ctx != NULL && rs_ctx->rsm != NULL ); + restarting = (rs_ctx != NULL && rs_ctx->rsm != NULL); #endif /* If multiplication is in progress, we already generated a privkey */ - if( !restarting ) - MBEDTLS_MPI_CHK( mbedtls_ecp_gen_privkey( grp, d, f_rng, p_rng ) ); + if (!restarting) { + MBEDTLS_MPI_CHK(mbedtls_ecp_gen_privkey(grp, d, f_rng, p_rng)); + } - MBEDTLS_MPI_CHK( mbedtls_ecp_mul_restartable( grp, Q, d, &grp->G, - f_rng, p_rng, rs_ctx ) ); + MBEDTLS_MPI_CHK(mbedtls_ecp_mul_restartable(grp, Q, d, &grp->G, + f_rng, p_rng, rs_ctx)); cleanup: - return( ret ); + return ret; } /* * Generate public key */ -int mbedtls_ecdh_gen_public( mbedtls_ecp_group *grp, mbedtls_mpi *d, mbedtls_ecp_point *Q, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ) +int mbedtls_ecdh_gen_public(mbedtls_ecp_group *grp, mbedtls_mpi *d, mbedtls_ecp_point *Q, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng) { - ECDH_VALIDATE_RET( grp != NULL ); - ECDH_VALIDATE_RET( d != NULL ); - ECDH_VALIDATE_RET( Q != NULL ); - ECDH_VALIDATE_RET( f_rng != NULL ); - return( ecdh_gen_public_restartable( grp, d, Q, f_rng, p_rng, NULL ) ); + ECDH_VALIDATE_RET(grp != NULL); + ECDH_VALIDATE_RET(d != NULL); + ECDH_VALIDATE_RET(Q != NULL); + ECDH_VALIDATE_RET(f_rng != NULL); + return ecdh_gen_public_restartable(grp, d, Q, f_rng, p_rng, NULL); } #endif /* !MBEDTLS_ECDH_GEN_PUBLIC_ALT */ @@ -111,79 +112,78 @@ int mbedtls_ecdh_gen_public( mbedtls_ecp_group *grp, mbedtls_mpi *d, mbedtls_ecp /* * Compute shared secret (SEC1 3.3.1) */ -static int ecdh_compute_shared_restartable( mbedtls_ecp_group *grp, - mbedtls_mpi *z, - const mbedtls_ecp_point *Q, const mbedtls_mpi *d, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng, - mbedtls_ecp_restart_ctx *rs_ctx ) +static int ecdh_compute_shared_restartable(mbedtls_ecp_group *grp, + mbedtls_mpi *z, + const mbedtls_ecp_point *Q, const mbedtls_mpi *d, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng, + mbedtls_ecp_restart_ctx *rs_ctx) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_ecp_point P; - mbedtls_ecp_point_init( &P ); + mbedtls_ecp_point_init(&P); - MBEDTLS_MPI_CHK( mbedtls_ecp_mul_restartable( grp, &P, d, Q, - f_rng, p_rng, rs_ctx ) ); + MBEDTLS_MPI_CHK(mbedtls_ecp_mul_restartable(grp, &P, d, Q, + f_rng, p_rng, rs_ctx)); - if( mbedtls_ecp_is_zero( &P ) ) - { + if (mbedtls_ecp_is_zero(&P)) { ret = MBEDTLS_ERR_ECP_BAD_INPUT_DATA; goto cleanup; } - MBEDTLS_MPI_CHK( mbedtls_mpi_copy( z, &P.X ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_copy(z, &P.X)); cleanup: - mbedtls_ecp_point_free( &P ); + mbedtls_ecp_point_free(&P); - return( ret ); + return ret; } /* * Compute shared secret (SEC1 3.3.1) */ -int mbedtls_ecdh_compute_shared( mbedtls_ecp_group *grp, mbedtls_mpi *z, - const mbedtls_ecp_point *Q, const mbedtls_mpi *d, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ) +int mbedtls_ecdh_compute_shared(mbedtls_ecp_group *grp, mbedtls_mpi *z, + const mbedtls_ecp_point *Q, const mbedtls_mpi *d, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng) { - ECDH_VALIDATE_RET( grp != NULL ); - ECDH_VALIDATE_RET( Q != NULL ); - ECDH_VALIDATE_RET( d != NULL ); - ECDH_VALIDATE_RET( z != NULL ); - return( ecdh_compute_shared_restartable( grp, z, Q, d, - f_rng, p_rng, NULL ) ); + ECDH_VALIDATE_RET(grp != NULL); + ECDH_VALIDATE_RET(Q != NULL); + ECDH_VALIDATE_RET(d != NULL); + ECDH_VALIDATE_RET(z != NULL); + return ecdh_compute_shared_restartable(grp, z, Q, d, + f_rng, p_rng, NULL); } #endif /* !MBEDTLS_ECDH_COMPUTE_SHARED_ALT */ -static void ecdh_init_internal( mbedtls_ecdh_context_mbed *ctx ) +static void ecdh_init_internal(mbedtls_ecdh_context_mbed *ctx) { - mbedtls_ecp_group_init( &ctx->grp ); - mbedtls_mpi_init( &ctx->d ); - mbedtls_ecp_point_init( &ctx->Q ); - mbedtls_ecp_point_init( &ctx->Qp ); - mbedtls_mpi_init( &ctx->z ); + mbedtls_ecp_group_init(&ctx->grp); + mbedtls_mpi_init(&ctx->d); + mbedtls_ecp_point_init(&ctx->Q); + mbedtls_ecp_point_init(&ctx->Qp); + mbedtls_mpi_init(&ctx->z); #if defined(MBEDTLS_ECP_RESTARTABLE) - mbedtls_ecp_restart_init( &ctx->rs ); + mbedtls_ecp_restart_init(&ctx->rs); #endif } /* * Initialize context */ -void mbedtls_ecdh_init( mbedtls_ecdh_context *ctx ) +void mbedtls_ecdh_init(mbedtls_ecdh_context *ctx) { - ECDH_VALIDATE( ctx != NULL ); + ECDH_VALIDATE(ctx != NULL); #if defined(MBEDTLS_ECDH_LEGACY_CONTEXT) - ecdh_init_internal( ctx ); - mbedtls_ecp_point_init( &ctx->Vi ); - mbedtls_ecp_point_init( &ctx->Vf ); - mbedtls_mpi_init( &ctx->_d ); + ecdh_init_internal(ctx); + mbedtls_ecp_point_init(&ctx->Vi); + mbedtls_ecp_point_init(&ctx->Vf); + mbedtls_mpi_init(&ctx->_d); #else - memset( ctx, 0, sizeof( mbedtls_ecdh_context ) ); + memset(ctx, 0, sizeof(mbedtls_ecdh_context)); ctx->var = MBEDTLS_ECDH_VARIANT_NONE; #endif @@ -193,59 +193,57 @@ void mbedtls_ecdh_init( mbedtls_ecdh_context *ctx ) #endif } -static int ecdh_setup_internal( mbedtls_ecdh_context_mbed *ctx, - mbedtls_ecp_group_id grp_id ) +static int ecdh_setup_internal(mbedtls_ecdh_context_mbed *ctx, + mbedtls_ecp_group_id grp_id) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - ret = mbedtls_ecp_group_load( &ctx->grp, grp_id ); - if( ret != 0 ) - { - return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE ); + ret = mbedtls_ecp_group_load(&ctx->grp, grp_id); + if (ret != 0) { + return MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE; } - return( 0 ); + return 0; } /* * Setup context */ -int mbedtls_ecdh_setup( mbedtls_ecdh_context *ctx, mbedtls_ecp_group_id grp_id ) +int mbedtls_ecdh_setup(mbedtls_ecdh_context *ctx, mbedtls_ecp_group_id grp_id) { - ECDH_VALIDATE_RET( ctx != NULL ); + ECDH_VALIDATE_RET(ctx != NULL); #if defined(MBEDTLS_ECDH_LEGACY_CONTEXT) - return( ecdh_setup_internal( ctx, grp_id ) ); + return ecdh_setup_internal(ctx, grp_id); #else - switch( grp_id ) - { + switch (grp_id) { #if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED) case MBEDTLS_ECP_DP_CURVE25519: ctx->point_format = MBEDTLS_ECP_PF_COMPRESSED; ctx->var = MBEDTLS_ECDH_VARIANT_EVEREST; ctx->grp_id = grp_id; - return( mbedtls_everest_setup( &ctx->ctx.everest_ecdh, grp_id ) ); + return mbedtls_everest_setup(&ctx->ctx.everest_ecdh, grp_id); #endif default: ctx->point_format = MBEDTLS_ECP_PF_UNCOMPRESSED; ctx->var = MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0; ctx->grp_id = grp_id; - ecdh_init_internal( &ctx->ctx.mbed_ecdh ); - return( ecdh_setup_internal( &ctx->ctx.mbed_ecdh, grp_id ) ); + ecdh_init_internal(&ctx->ctx.mbed_ecdh); + return ecdh_setup_internal(&ctx->ctx.mbed_ecdh, grp_id); } #endif } -static void ecdh_free_internal( mbedtls_ecdh_context_mbed *ctx ) +static void ecdh_free_internal(mbedtls_ecdh_context_mbed *ctx) { - mbedtls_ecp_group_free( &ctx->grp ); - mbedtls_mpi_free( &ctx->d ); - mbedtls_ecp_point_free( &ctx->Q ); - mbedtls_ecp_point_free( &ctx->Qp ); - mbedtls_mpi_free( &ctx->z ); + mbedtls_ecp_group_free(&ctx->grp); + mbedtls_mpi_free(&ctx->d); + mbedtls_ecp_point_free(&ctx->Q); + mbedtls_ecp_point_free(&ctx->Qp); + mbedtls_mpi_free(&ctx->z); #if defined(MBEDTLS_ECP_RESTARTABLE) - mbedtls_ecp_restart_free( &ctx->rs ); + mbedtls_ecp_restart_free(&ctx->rs); #endif } @@ -253,9 +251,9 @@ static void ecdh_free_internal( mbedtls_ecdh_context_mbed *ctx ) /* * Enable restartable operations for context */ -void mbedtls_ecdh_enable_restart( mbedtls_ecdh_context *ctx ) +void mbedtls_ecdh_enable_restart(mbedtls_ecdh_context *ctx) { - ECDH_VALIDATE( ctx != NULL ); + ECDH_VALIDATE(ctx != NULL); ctx->restart_enabled = 1; } @@ -264,26 +262,26 @@ void mbedtls_ecdh_enable_restart( mbedtls_ecdh_context *ctx ) /* * Free context */ -void mbedtls_ecdh_free( mbedtls_ecdh_context *ctx ) +void mbedtls_ecdh_free(mbedtls_ecdh_context *ctx) { - if( ctx == NULL ) + if (ctx == NULL) { return; + } #if defined(MBEDTLS_ECDH_LEGACY_CONTEXT) - mbedtls_ecp_point_free( &ctx->Vi ); - mbedtls_ecp_point_free( &ctx->Vf ); - mbedtls_mpi_free( &ctx->_d ); - ecdh_free_internal( ctx ); + mbedtls_ecp_point_free(&ctx->Vi); + mbedtls_ecp_point_free(&ctx->Vf); + mbedtls_mpi_free(&ctx->_d); + ecdh_free_internal(ctx); #else - switch( ctx->var ) - { + switch (ctx->var) { #if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED) case MBEDTLS_ECDH_VARIANT_EVEREST: - mbedtls_everest_free( &ctx->ctx.everest_ecdh ); + mbedtls_everest_free(&ctx->ctx.everest_ecdh); break; #endif case MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0: - ecdh_free_internal( &ctx->ctx.mbed_ecdh ); + ecdh_free_internal(&ctx->ctx.mbed_ecdh); break; default: break; @@ -295,14 +293,14 @@ void mbedtls_ecdh_free( mbedtls_ecdh_context *ctx ) #endif } -static int ecdh_make_params_internal( mbedtls_ecdh_context_mbed *ctx, - size_t *olen, int point_format, - unsigned char *buf, size_t blen, - int (*f_rng)(void *, - unsigned char *, - size_t), - void *p_rng, - int restart_enabled ) +static int ecdh_make_params_internal(mbedtls_ecdh_context_mbed *ctx, + size_t *olen, int point_format, + unsigned char *buf, size_t blen, + int (*f_rng)(void *, + unsigned char *, + size_t), + void *p_rng, + int restart_enabled) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t grp_len, pt_len; @@ -310,40 +308,46 @@ static int ecdh_make_params_internal( mbedtls_ecdh_context_mbed *ctx, mbedtls_ecp_restart_ctx *rs_ctx = NULL; #endif - if( ctx->grp.pbits == 0 ) - return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); + if (ctx->grp.pbits == 0) { + return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; + } #if defined(MBEDTLS_ECP_RESTARTABLE) - if( restart_enabled ) + if (restart_enabled) { rs_ctx = &ctx->rs; + } #else (void) restart_enabled; #endif #if defined(MBEDTLS_ECP_RESTARTABLE) - if( ( ret = ecdh_gen_public_restartable( &ctx->grp, &ctx->d, &ctx->Q, - f_rng, p_rng, rs_ctx ) ) != 0 ) - return( ret ); + if ((ret = ecdh_gen_public_restartable(&ctx->grp, &ctx->d, &ctx->Q, + f_rng, p_rng, rs_ctx)) != 0) { + return ret; + } #else - if( ( ret = mbedtls_ecdh_gen_public( &ctx->grp, &ctx->d, &ctx->Q, - f_rng, p_rng ) ) != 0 ) - return( ret ); + if ((ret = mbedtls_ecdh_gen_public(&ctx->grp, &ctx->d, &ctx->Q, + f_rng, p_rng)) != 0) { + return ret; + } #endif /* MBEDTLS_ECP_RESTARTABLE */ - if( ( ret = mbedtls_ecp_tls_write_group( &ctx->grp, &grp_len, buf, - blen ) ) != 0 ) - return( ret ); + if ((ret = mbedtls_ecp_tls_write_group(&ctx->grp, &grp_len, buf, + blen)) != 0) { + return ret; + } buf += grp_len; blen -= grp_len; - if( ( ret = mbedtls_ecp_tls_write_point( &ctx->grp, &ctx->Q, point_format, - &pt_len, buf, blen ) ) != 0 ) - return( ret ); + if ((ret = mbedtls_ecp_tls_write_point(&ctx->grp, &ctx->Q, point_format, + &pt_len, buf, blen)) != 0) { + return ret; + } *olen = grp_len + pt_len; - return( 0 ); + return 0; } /* @@ -353,16 +357,16 @@ static int ecdh_make_params_internal( mbedtls_ecdh_context_mbed *ctx, * ECPoint public; * } ServerECDHParams; */ -int mbedtls_ecdh_make_params( mbedtls_ecdh_context *ctx, size_t *olen, - unsigned char *buf, size_t blen, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ) +int mbedtls_ecdh_make_params(mbedtls_ecdh_context *ctx, size_t *olen, + unsigned char *buf, size_t blen, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng) { int restart_enabled = 0; - ECDH_VALIDATE_RET( ctx != NULL ); - ECDH_VALIDATE_RET( olen != NULL ); - ECDH_VALIDATE_RET( buf != NULL ); - ECDH_VALIDATE_RET( f_rng != NULL ); + ECDH_VALIDATE_RET(ctx != NULL); + ECDH_VALIDATE_RET(olen != NULL); + ECDH_VALIDATE_RET(buf != NULL); + ECDH_VALIDATE_RET(f_rng != NULL); #if defined(MBEDTLS_ECP_RESTARTABLE) restart_enabled = ctx->restart_enabled; @@ -371,33 +375,32 @@ int mbedtls_ecdh_make_params( mbedtls_ecdh_context *ctx, size_t *olen, #endif #if defined(MBEDTLS_ECDH_LEGACY_CONTEXT) - return( ecdh_make_params_internal( ctx, olen, ctx->point_format, buf, blen, - f_rng, p_rng, restart_enabled ) ); + return ecdh_make_params_internal(ctx, olen, ctx->point_format, buf, blen, + f_rng, p_rng, restart_enabled); #else - switch( ctx->var ) - { + switch (ctx->var) { #if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED) case MBEDTLS_ECDH_VARIANT_EVEREST: - return( mbedtls_everest_make_params( &ctx->ctx.everest_ecdh, olen, - buf, blen, f_rng, p_rng ) ); + return mbedtls_everest_make_params(&ctx->ctx.everest_ecdh, olen, + buf, blen, f_rng, p_rng); #endif case MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0: - return( ecdh_make_params_internal( &ctx->ctx.mbed_ecdh, olen, - ctx->point_format, buf, blen, - f_rng, p_rng, - restart_enabled ) ); + return ecdh_make_params_internal(&ctx->ctx.mbed_ecdh, olen, + ctx->point_format, buf, blen, + f_rng, p_rng, + restart_enabled); default: return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; } #endif } -static int ecdh_read_params_internal( mbedtls_ecdh_context_mbed *ctx, - const unsigned char **buf, - const unsigned char *end ) +static int ecdh_read_params_internal(mbedtls_ecdh_context_mbed *ctx, + const unsigned char **buf, + const unsigned char *end) { - return( mbedtls_ecp_tls_read_point( &ctx->grp, &ctx->Qp, buf, - end - *buf ) ); + return mbedtls_ecp_tls_read_point(&ctx->grp, &ctx->Qp, buf, + end - *buf); } /* @@ -407,323 +410,330 @@ static int ecdh_read_params_internal( mbedtls_ecdh_context_mbed *ctx, * ECPoint public; * } ServerECDHParams; */ -int mbedtls_ecdh_read_params( mbedtls_ecdh_context *ctx, - const unsigned char **buf, - const unsigned char *end ) +int mbedtls_ecdh_read_params(mbedtls_ecdh_context *ctx, + const unsigned char **buf, + const unsigned char *end) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_ecp_group_id grp_id; - ECDH_VALIDATE_RET( ctx != NULL ); - ECDH_VALIDATE_RET( buf != NULL ); - ECDH_VALIDATE_RET( *buf != NULL ); - ECDH_VALIDATE_RET( end != NULL ); - - if( ( ret = mbedtls_ecp_tls_read_group_id( &grp_id, buf, end - *buf ) ) - != 0 ) - return( ret ); + ECDH_VALIDATE_RET(ctx != NULL); + ECDH_VALIDATE_RET(buf != NULL); + ECDH_VALIDATE_RET(*buf != NULL); + ECDH_VALIDATE_RET(end != NULL); + + if ((ret = mbedtls_ecp_tls_read_group_id(&grp_id, buf, end - *buf)) + != 0) { + return ret; + } - if( ( ret = mbedtls_ecdh_setup( ctx, grp_id ) ) != 0 ) - return( ret ); + if ((ret = mbedtls_ecdh_setup(ctx, grp_id)) != 0) { + return ret; + } #if defined(MBEDTLS_ECDH_LEGACY_CONTEXT) - return( ecdh_read_params_internal( ctx, buf, end ) ); + return ecdh_read_params_internal(ctx, buf, end); #else - switch( ctx->var ) - { + switch (ctx->var) { #if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED) case MBEDTLS_ECDH_VARIANT_EVEREST: - return( mbedtls_everest_read_params( &ctx->ctx.everest_ecdh, - buf, end) ); + return mbedtls_everest_read_params(&ctx->ctx.everest_ecdh, + buf, end); #endif case MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0: - return( ecdh_read_params_internal( &ctx->ctx.mbed_ecdh, - buf, end ) ); + return ecdh_read_params_internal(&ctx->ctx.mbed_ecdh, + buf, end); default: return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; } #endif } -static int ecdh_get_params_internal( mbedtls_ecdh_context_mbed *ctx, - const mbedtls_ecp_keypair *key, - mbedtls_ecdh_side side ) +static int ecdh_get_params_internal(mbedtls_ecdh_context_mbed *ctx, + const mbedtls_ecp_keypair *key, + mbedtls_ecdh_side side) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; /* If it's not our key, just import the public part as Qp */ - if( side == MBEDTLS_ECDH_THEIRS ) - return( mbedtls_ecp_copy( &ctx->Qp, &key->Q ) ); + if (side == MBEDTLS_ECDH_THEIRS) { + return mbedtls_ecp_copy(&ctx->Qp, &key->Q); + } /* Our key: import public (as Q) and private parts */ - if( side != MBEDTLS_ECDH_OURS ) - return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); + if (side != MBEDTLS_ECDH_OURS) { + return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; + } - if( ( ret = mbedtls_ecp_copy( &ctx->Q, &key->Q ) ) != 0 || - ( ret = mbedtls_mpi_copy( &ctx->d, &key->d ) ) != 0 ) - return( ret ); + if ((ret = mbedtls_ecp_copy(&ctx->Q, &key->Q)) != 0 || + (ret = mbedtls_mpi_copy(&ctx->d, &key->d)) != 0) { + return ret; + } - return( 0 ); + return 0; } /* * Get parameters from a keypair */ -int mbedtls_ecdh_get_params( mbedtls_ecdh_context *ctx, - const mbedtls_ecp_keypair *key, - mbedtls_ecdh_side side ) +int mbedtls_ecdh_get_params(mbedtls_ecdh_context *ctx, + const mbedtls_ecp_keypair *key, + mbedtls_ecdh_side side) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - ECDH_VALIDATE_RET( ctx != NULL ); - ECDH_VALIDATE_RET( key != NULL ); - ECDH_VALIDATE_RET( side == MBEDTLS_ECDH_OURS || - side == MBEDTLS_ECDH_THEIRS ); + ECDH_VALIDATE_RET(ctx != NULL); + ECDH_VALIDATE_RET(key != NULL); + ECDH_VALIDATE_RET(side == MBEDTLS_ECDH_OURS || + side == MBEDTLS_ECDH_THEIRS); - if( mbedtls_ecdh_grp_id( ctx ) == MBEDTLS_ECP_DP_NONE ) - { + if (mbedtls_ecdh_grp_id(ctx) == MBEDTLS_ECP_DP_NONE) { /* This is the first call to get_params(). Set up the context * for use with the group. */ - if( ( ret = mbedtls_ecdh_setup( ctx, key->grp.id ) ) != 0 ) - return( ret ); - } - else - { + if ((ret = mbedtls_ecdh_setup(ctx, key->grp.id)) != 0) { + return ret; + } + } else { /* This is not the first call to get_params(). Check that the * current key's group is the same as the context's, which was set * from the first key's group. */ - if( mbedtls_ecdh_grp_id( ctx ) != key->grp.id ) - return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); + if (mbedtls_ecdh_grp_id(ctx) != key->grp.id) { + return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; + } } #if defined(MBEDTLS_ECDH_LEGACY_CONTEXT) - return( ecdh_get_params_internal( ctx, key, side ) ); + return ecdh_get_params_internal(ctx, key, side); #else - switch( ctx->var ) - { + switch (ctx->var) { #if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED) case MBEDTLS_ECDH_VARIANT_EVEREST: { mbedtls_everest_ecdh_side s = side == MBEDTLS_ECDH_OURS ? - MBEDTLS_EVEREST_ECDH_OURS : - MBEDTLS_EVEREST_ECDH_THEIRS; - return( mbedtls_everest_get_params( &ctx->ctx.everest_ecdh, - key, s) ); + MBEDTLS_EVEREST_ECDH_OURS : + MBEDTLS_EVEREST_ECDH_THEIRS; + return mbedtls_everest_get_params(&ctx->ctx.everest_ecdh, + key, s); } #endif case MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0: - return( ecdh_get_params_internal( &ctx->ctx.mbed_ecdh, - key, side ) ); + return ecdh_get_params_internal(&ctx->ctx.mbed_ecdh, + key, side); default: return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; } #endif } -static int ecdh_make_public_internal( mbedtls_ecdh_context_mbed *ctx, - size_t *olen, int point_format, - unsigned char *buf, size_t blen, - int (*f_rng)(void *, - unsigned char *, - size_t), - void *p_rng, - int restart_enabled ) +static int ecdh_make_public_internal(mbedtls_ecdh_context_mbed *ctx, + size_t *olen, int point_format, + unsigned char *buf, size_t blen, + int (*f_rng)(void *, + unsigned char *, + size_t), + void *p_rng, + int restart_enabled) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; #if defined(MBEDTLS_ECP_RESTARTABLE) mbedtls_ecp_restart_ctx *rs_ctx = NULL; #endif - if( ctx->grp.pbits == 0 ) - return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); + if (ctx->grp.pbits == 0) { + return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; + } #if defined(MBEDTLS_ECP_RESTARTABLE) - if( restart_enabled ) + if (restart_enabled) { rs_ctx = &ctx->rs; + } #else (void) restart_enabled; #endif #if defined(MBEDTLS_ECP_RESTARTABLE) - if( ( ret = ecdh_gen_public_restartable( &ctx->grp, &ctx->d, &ctx->Q, - f_rng, p_rng, rs_ctx ) ) != 0 ) - return( ret ); + if ((ret = ecdh_gen_public_restartable(&ctx->grp, &ctx->d, &ctx->Q, + f_rng, p_rng, rs_ctx)) != 0) { + return ret; + } #else - if( ( ret = mbedtls_ecdh_gen_public( &ctx->grp, &ctx->d, &ctx->Q, - f_rng, p_rng ) ) != 0 ) - return( ret ); + if ((ret = mbedtls_ecdh_gen_public(&ctx->grp, &ctx->d, &ctx->Q, + f_rng, p_rng)) != 0) { + return ret; + } #endif /* MBEDTLS_ECP_RESTARTABLE */ - return mbedtls_ecp_tls_write_point( &ctx->grp, &ctx->Q, point_format, olen, - buf, blen ); + return mbedtls_ecp_tls_write_point(&ctx->grp, &ctx->Q, point_format, olen, + buf, blen); } /* * Setup and export the client public value */ -int mbedtls_ecdh_make_public( mbedtls_ecdh_context *ctx, size_t *olen, - unsigned char *buf, size_t blen, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ) +int mbedtls_ecdh_make_public(mbedtls_ecdh_context *ctx, size_t *olen, + unsigned char *buf, size_t blen, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng) { int restart_enabled = 0; - ECDH_VALIDATE_RET( ctx != NULL ); - ECDH_VALIDATE_RET( olen != NULL ); - ECDH_VALIDATE_RET( buf != NULL ); - ECDH_VALIDATE_RET( f_rng != NULL ); + ECDH_VALIDATE_RET(ctx != NULL); + ECDH_VALIDATE_RET(olen != NULL); + ECDH_VALIDATE_RET(buf != NULL); + ECDH_VALIDATE_RET(f_rng != NULL); #if defined(MBEDTLS_ECP_RESTARTABLE) restart_enabled = ctx->restart_enabled; #endif #if defined(MBEDTLS_ECDH_LEGACY_CONTEXT) - return( ecdh_make_public_internal( ctx, olen, ctx->point_format, buf, blen, - f_rng, p_rng, restart_enabled ) ); + return ecdh_make_public_internal(ctx, olen, ctx->point_format, buf, blen, + f_rng, p_rng, restart_enabled); #else - switch( ctx->var ) - { + switch (ctx->var) { #if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED) case MBEDTLS_ECDH_VARIANT_EVEREST: - return( mbedtls_everest_make_public( &ctx->ctx.everest_ecdh, olen, - buf, blen, f_rng, p_rng ) ); + return mbedtls_everest_make_public(&ctx->ctx.everest_ecdh, olen, + buf, blen, f_rng, p_rng); #endif case MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0: - return( ecdh_make_public_internal( &ctx->ctx.mbed_ecdh, olen, - ctx->point_format, buf, blen, - f_rng, p_rng, - restart_enabled ) ); + return ecdh_make_public_internal(&ctx->ctx.mbed_ecdh, olen, + ctx->point_format, buf, blen, + f_rng, p_rng, + restart_enabled); default: return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; } #endif } -static int ecdh_read_public_internal( mbedtls_ecdh_context_mbed *ctx, - const unsigned char *buf, size_t blen ) +static int ecdh_read_public_internal(mbedtls_ecdh_context_mbed *ctx, + const unsigned char *buf, size_t blen) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; const unsigned char *p = buf; - if( ( ret = mbedtls_ecp_tls_read_point( &ctx->grp, &ctx->Qp, &p, - blen ) ) != 0 ) - return( ret ); + if ((ret = mbedtls_ecp_tls_read_point(&ctx->grp, &ctx->Qp, &p, + blen)) != 0) { + return ret; + } - if( (size_t)( p - buf ) != blen ) - return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); + if ((size_t) (p - buf) != blen) { + return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; + } - return( 0 ); + return 0; } /* * Parse and import the client's public value */ -int mbedtls_ecdh_read_public( mbedtls_ecdh_context *ctx, - const unsigned char *buf, size_t blen ) +int mbedtls_ecdh_read_public(mbedtls_ecdh_context *ctx, + const unsigned char *buf, size_t blen) { - ECDH_VALIDATE_RET( ctx != NULL ); - ECDH_VALIDATE_RET( buf != NULL ); + ECDH_VALIDATE_RET(ctx != NULL); + ECDH_VALIDATE_RET(buf != NULL); #if defined(MBEDTLS_ECDH_LEGACY_CONTEXT) - return( ecdh_read_public_internal( ctx, buf, blen ) ); + return ecdh_read_public_internal(ctx, buf, blen); #else - switch( ctx->var ) - { + switch (ctx->var) { #if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED) case MBEDTLS_ECDH_VARIANT_EVEREST: - return( mbedtls_everest_read_public( &ctx->ctx.everest_ecdh, - buf, blen ) ); + return mbedtls_everest_read_public(&ctx->ctx.everest_ecdh, + buf, blen); #endif case MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0: - return( ecdh_read_public_internal( &ctx->ctx.mbed_ecdh, - buf, blen ) ); + return ecdh_read_public_internal(&ctx->ctx.mbed_ecdh, + buf, blen); default: return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; } #endif } -static int ecdh_calc_secret_internal( mbedtls_ecdh_context_mbed *ctx, - size_t *olen, unsigned char *buf, - size_t blen, - int (*f_rng)(void *, - unsigned char *, - size_t), - void *p_rng, - int restart_enabled ) +static int ecdh_calc_secret_internal(mbedtls_ecdh_context_mbed *ctx, + size_t *olen, unsigned char *buf, + size_t blen, + int (*f_rng)(void *, + unsigned char *, + size_t), + void *p_rng, + int restart_enabled) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; #if defined(MBEDTLS_ECP_RESTARTABLE) mbedtls_ecp_restart_ctx *rs_ctx = NULL; #endif - if( ctx == NULL || ctx->grp.pbits == 0 ) - return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); + if (ctx == NULL || ctx->grp.pbits == 0) { + return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; + } #if defined(MBEDTLS_ECP_RESTARTABLE) - if( restart_enabled ) + if (restart_enabled) { rs_ctx = &ctx->rs; + } #else (void) restart_enabled; #endif #if defined(MBEDTLS_ECP_RESTARTABLE) - if( ( ret = ecdh_compute_shared_restartable( &ctx->grp, &ctx->z, &ctx->Qp, - &ctx->d, f_rng, p_rng, - rs_ctx ) ) != 0 ) - { - return( ret ); + if ((ret = ecdh_compute_shared_restartable(&ctx->grp, &ctx->z, &ctx->Qp, + &ctx->d, f_rng, p_rng, + rs_ctx)) != 0) { + return ret; } #else - if( ( ret = mbedtls_ecdh_compute_shared( &ctx->grp, &ctx->z, &ctx->Qp, - &ctx->d, f_rng, p_rng ) ) != 0 ) - { - return( ret ); + if ((ret = mbedtls_ecdh_compute_shared(&ctx->grp, &ctx->z, &ctx->Qp, + &ctx->d, f_rng, p_rng)) != 0) { + return ret; } #endif /* MBEDTLS_ECP_RESTARTABLE */ - if( mbedtls_mpi_size( &ctx->z ) > blen ) - return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); + if (mbedtls_mpi_size(&ctx->z) > blen) { + return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; + } - *olen = ctx->grp.pbits / 8 + ( ( ctx->grp.pbits % 8 ) != 0 ); + *olen = ctx->grp.pbits / 8 + ((ctx->grp.pbits % 8) != 0); - if( mbedtls_ecp_get_type( &ctx->grp ) == MBEDTLS_ECP_TYPE_MONTGOMERY ) - return mbedtls_mpi_write_binary_le( &ctx->z, buf, *olen ); + if (mbedtls_ecp_get_type(&ctx->grp) == MBEDTLS_ECP_TYPE_MONTGOMERY) { + return mbedtls_mpi_write_binary_le(&ctx->z, buf, *olen); + } - return mbedtls_mpi_write_binary( &ctx->z, buf, *olen ); + return mbedtls_mpi_write_binary(&ctx->z, buf, *olen); } /* * Derive and export the shared secret */ -int mbedtls_ecdh_calc_secret( mbedtls_ecdh_context *ctx, size_t *olen, - unsigned char *buf, size_t blen, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ) +int mbedtls_ecdh_calc_secret(mbedtls_ecdh_context *ctx, size_t *olen, + unsigned char *buf, size_t blen, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng) { int restart_enabled = 0; - ECDH_VALIDATE_RET( ctx != NULL ); - ECDH_VALIDATE_RET( olen != NULL ); - ECDH_VALIDATE_RET( buf != NULL ); + ECDH_VALIDATE_RET(ctx != NULL); + ECDH_VALIDATE_RET(olen != NULL); + ECDH_VALIDATE_RET(buf != NULL); #if defined(MBEDTLS_ECP_RESTARTABLE) restart_enabled = ctx->restart_enabled; #endif #if defined(MBEDTLS_ECDH_LEGACY_CONTEXT) - return( ecdh_calc_secret_internal( ctx, olen, buf, blen, f_rng, p_rng, - restart_enabled ) ); + return ecdh_calc_secret_internal(ctx, olen, buf, blen, f_rng, p_rng, + restart_enabled); #else - switch( ctx->var ) - { + switch (ctx->var) { #if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED) case MBEDTLS_ECDH_VARIANT_EVEREST: - return( mbedtls_everest_calc_secret( &ctx->ctx.everest_ecdh, olen, - buf, blen, f_rng, p_rng ) ); + return mbedtls_everest_calc_secret(&ctx->ctx.everest_ecdh, olen, + buf, blen, f_rng, p_rng); #endif case MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0: - return( ecdh_calc_secret_internal( &ctx->ctx.mbed_ecdh, olen, buf, - blen, f_rng, p_rng, - restart_enabled ) ); + return ecdh_calc_secret_internal(&ctx->ctx.mbed_ecdh, olen, buf, + blen, f_rng, p_rng, + restart_enabled); default: - return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); + return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; } #endif } diff --git a/thirdparty/mbedtls/library/ecdsa.c b/thirdparty/mbedtls/library/ecdsa.c index 4bae6a93fd..42a65dcb59 100644 --- a/thirdparty/mbedtls/library/ecdsa.c +++ b/thirdparty/mbedtls/library/ecdsa.c @@ -42,18 +42,17 @@ #include "mbedtls/error.h" /* Parameter validation macros based on platform_util.h */ -#define ECDSA_VALIDATE_RET( cond ) \ - MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_ECP_BAD_INPUT_DATA ) -#define ECDSA_VALIDATE( cond ) \ - MBEDTLS_INTERNAL_VALIDATE( cond ) +#define ECDSA_VALIDATE_RET(cond) \ + MBEDTLS_INTERNAL_VALIDATE_RET(cond, MBEDTLS_ERR_ECP_BAD_INPUT_DATA) +#define ECDSA_VALIDATE(cond) \ + MBEDTLS_INTERNAL_VALIDATE(cond) #if defined(MBEDTLS_ECP_RESTARTABLE) /* * Sub-context for ecdsa_verify() */ -struct mbedtls_ecdsa_restart_ver -{ +struct mbedtls_ecdsa_restart_ver { mbedtls_mpi u1, u2; /* intermediate values */ enum { /* what to do next? */ ecdsa_ver_init = 0, /* getting started */ @@ -64,32 +63,32 @@ struct mbedtls_ecdsa_restart_ver /* * Init verify restart sub-context */ -static void ecdsa_restart_ver_init( mbedtls_ecdsa_restart_ver_ctx *ctx ) +static void ecdsa_restart_ver_init(mbedtls_ecdsa_restart_ver_ctx *ctx) { - mbedtls_mpi_init( &ctx->u1 ); - mbedtls_mpi_init( &ctx->u2 ); + mbedtls_mpi_init(&ctx->u1); + mbedtls_mpi_init(&ctx->u2); ctx->state = ecdsa_ver_init; } /* * Free the components of a verify restart sub-context */ -static void ecdsa_restart_ver_free( mbedtls_ecdsa_restart_ver_ctx *ctx ) +static void ecdsa_restart_ver_free(mbedtls_ecdsa_restart_ver_ctx *ctx) { - if( ctx == NULL ) + if (ctx == NULL) { return; + } - mbedtls_mpi_free( &ctx->u1 ); - mbedtls_mpi_free( &ctx->u2 ); + mbedtls_mpi_free(&ctx->u1); + mbedtls_mpi_free(&ctx->u2); - ecdsa_restart_ver_init( ctx ); + ecdsa_restart_ver_init(ctx); } /* * Sub-context for ecdsa_sign() */ -struct mbedtls_ecdsa_restart_sig -{ +struct mbedtls_ecdsa_restart_sig { int sign_tries; int key_tries; mbedtls_mpi k; /* per-signature random */ @@ -104,33 +103,33 @@ struct mbedtls_ecdsa_restart_sig /* * Init verify sign sub-context */ -static void ecdsa_restart_sig_init( mbedtls_ecdsa_restart_sig_ctx *ctx ) +static void ecdsa_restart_sig_init(mbedtls_ecdsa_restart_sig_ctx *ctx) { ctx->sign_tries = 0; ctx->key_tries = 0; - mbedtls_mpi_init( &ctx->k ); - mbedtls_mpi_init( &ctx->r ); + mbedtls_mpi_init(&ctx->k); + mbedtls_mpi_init(&ctx->r); ctx->state = ecdsa_sig_init; } /* * Free the components of a sign restart sub-context */ -static void ecdsa_restart_sig_free( mbedtls_ecdsa_restart_sig_ctx *ctx ) +static void ecdsa_restart_sig_free(mbedtls_ecdsa_restart_sig_ctx *ctx) { - if( ctx == NULL ) + if (ctx == NULL) { return; + } - mbedtls_mpi_free( &ctx->k ); - mbedtls_mpi_free( &ctx->r ); + mbedtls_mpi_free(&ctx->k); + mbedtls_mpi_free(&ctx->r); } #if defined(MBEDTLS_ECDSA_DETERMINISTIC) /* * Sub-context for ecdsa_sign_det() */ -struct mbedtls_ecdsa_restart_det -{ +struct mbedtls_ecdsa_restart_det { mbedtls_hmac_drbg_context rng_ctx; /* DRBG state */ enum { /* what to do next? */ ecdsa_det_init = 0, /* getting started */ @@ -141,73 +140,74 @@ struct mbedtls_ecdsa_restart_det /* * Init verify sign_det sub-context */ -static void ecdsa_restart_det_init( mbedtls_ecdsa_restart_det_ctx *ctx ) +static void ecdsa_restart_det_init(mbedtls_ecdsa_restart_det_ctx *ctx) { - mbedtls_hmac_drbg_init( &ctx->rng_ctx ); + mbedtls_hmac_drbg_init(&ctx->rng_ctx); ctx->state = ecdsa_det_init; } /* * Free the components of a sign_det restart sub-context */ -static void ecdsa_restart_det_free( mbedtls_ecdsa_restart_det_ctx *ctx ) +static void ecdsa_restart_det_free(mbedtls_ecdsa_restart_det_ctx *ctx) { - if( ctx == NULL ) + if (ctx == NULL) { return; + } - mbedtls_hmac_drbg_free( &ctx->rng_ctx ); + mbedtls_hmac_drbg_free(&ctx->rng_ctx); - ecdsa_restart_det_init( ctx ); + ecdsa_restart_det_init(ctx); } #endif /* MBEDTLS_ECDSA_DETERMINISTIC */ -#define ECDSA_RS_ECP ( rs_ctx == NULL ? NULL : &rs_ctx->ecp ) +#define ECDSA_RS_ECP (rs_ctx == NULL ? NULL : &rs_ctx->ecp) /* Utility macro for checking and updating ops budget */ -#define ECDSA_BUDGET( ops ) \ - MBEDTLS_MPI_CHK( mbedtls_ecp_check_budget( grp, ECDSA_RS_ECP, ops ) ); +#define ECDSA_BUDGET(ops) \ + MBEDTLS_MPI_CHK(mbedtls_ecp_check_budget(grp, ECDSA_RS_ECP, ops)); /* Call this when entering a function that needs its own sub-context */ -#define ECDSA_RS_ENTER( SUB ) do { \ - /* reset ops count for this call if top-level */ \ - if( rs_ctx != NULL && rs_ctx->ecp.depth++ == 0 ) \ +#define ECDSA_RS_ENTER(SUB) do { \ + /* reset ops count for this call if top-level */ \ + if (rs_ctx != NULL && rs_ctx->ecp.depth++ == 0) \ rs_ctx->ecp.ops_done = 0; \ \ - /* set up our own sub-context if needed */ \ - if( mbedtls_ecp_restart_is_enabled() && \ - rs_ctx != NULL && rs_ctx->SUB == NULL ) \ - { \ - rs_ctx->SUB = mbedtls_calloc( 1, sizeof( *rs_ctx->SUB ) ); \ - if( rs_ctx->SUB == NULL ) \ - return( MBEDTLS_ERR_ECP_ALLOC_FAILED ); \ - \ - ecdsa_restart_## SUB ##_init( rs_ctx->SUB ); \ - } \ -} while( 0 ) + /* set up our own sub-context if needed */ \ + if (mbedtls_ecp_restart_is_enabled() && \ + rs_ctx != NULL && rs_ctx->SUB == NULL) \ + { \ + rs_ctx->SUB = mbedtls_calloc(1, sizeof(*rs_ctx->SUB)); \ + if (rs_ctx->SUB == NULL) \ + return MBEDTLS_ERR_ECP_ALLOC_FAILED; \ + \ + ecdsa_restart_## SUB ##_init(rs_ctx->SUB); \ + } \ +} while (0) /* Call this when leaving a function that needs its own sub-context */ -#define ECDSA_RS_LEAVE( SUB ) do { \ - /* clear our sub-context when not in progress (done or error) */ \ - if( rs_ctx != NULL && rs_ctx->SUB != NULL && \ - ret != MBEDTLS_ERR_ECP_IN_PROGRESS ) \ - { \ - ecdsa_restart_## SUB ##_free( rs_ctx->SUB ); \ - mbedtls_free( rs_ctx->SUB ); \ - rs_ctx->SUB = NULL; \ - } \ +#define ECDSA_RS_LEAVE(SUB) do { \ + /* clear our sub-context when not in progress (done or error) */ \ + if (rs_ctx != NULL && rs_ctx->SUB != NULL && \ + ret != MBEDTLS_ERR_ECP_IN_PROGRESS) \ + { \ + ecdsa_restart_## SUB ##_free(rs_ctx->SUB); \ + mbedtls_free(rs_ctx->SUB); \ + rs_ctx->SUB = NULL; \ + } \ \ - if( rs_ctx != NULL ) \ + if (rs_ctx != NULL) \ rs_ctx->ecp.depth--; \ -} while( 0 ) +} while (0) #else /* MBEDTLS_ECP_RESTARTABLE */ #define ECDSA_RS_ECP NULL -#define ECDSA_BUDGET( ops ) /* no-op; for compatibility */ +#define ECDSA_BUDGET(ops) /* no-op; for compatibility */ -#define ECDSA_RS_ENTER( SUB ) (void) rs_ctx -#define ECDSA_RS_LEAVE( SUB ) (void) rs_ctx +#define ECDSA_RS_ENTER(SUB) (void) rs_ctx +#define ECDSA_RS_LEAVE(SUB) (void) rs_ctx #endif /* MBEDTLS_ECP_RESTARTABLE */ @@ -218,23 +218,25 @@ static void ecdsa_restart_det_free( mbedtls_ecdsa_restart_det_ctx *ctx ) * Derive a suitable integer for group grp from a buffer of length len * SEC1 4.1.3 step 5 aka SEC1 4.1.4 step 3 */ -static int derive_mpi( const mbedtls_ecp_group *grp, mbedtls_mpi *x, - const unsigned char *buf, size_t blen ) +static int derive_mpi(const mbedtls_ecp_group *grp, mbedtls_mpi *x, + const unsigned char *buf, size_t blen) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t n_size = ( grp->nbits + 7 ) / 8; + size_t n_size = (grp->nbits + 7) / 8; size_t use_size = blen > n_size ? n_size : blen; - MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( x, buf, use_size ) ); - if( use_size * 8 > grp->nbits ) - MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( x, use_size * 8 - grp->nbits ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(x, buf, use_size)); + if (use_size * 8 > grp->nbits) { + MBEDTLS_MPI_CHK(mbedtls_mpi_shift_r(x, use_size * 8 - grp->nbits)); + } /* While at it, reduce modulo N */ - if( mbedtls_mpi_cmp_mpi( x, &grp->N ) >= 0 ) - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( x, x, &grp->N ) ); + if (mbedtls_mpi_cmp_mpi(x, &grp->N) >= 0) { + MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mpi(x, x, &grp->N)); + } cleanup: - return( ret ); + return ret; } #endif /* ECDSA_DETERMINISTIC || !ECDSA_SIGN_ALT || !ECDSA_VERIFY_ALT */ @@ -243,13 +245,13 @@ cleanup: * Compute ECDSA signature of a hashed message (SEC1 4.1.3) * Obviously, compared to SEC1 4.1.3, we skip step 4 (hash message) */ -static int ecdsa_sign_restartable( mbedtls_ecp_group *grp, - mbedtls_mpi *r, mbedtls_mpi *s, - const mbedtls_mpi *d, const unsigned char *buf, size_t blen, - int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, - int (*f_rng_blind)(void *, unsigned char *, size_t), - void *p_rng_blind, - mbedtls_ecdsa_restart_ctx *rs_ctx ) +static int ecdsa_sign_restartable(mbedtls_ecp_group *grp, + mbedtls_mpi *r, mbedtls_mpi *s, + const mbedtls_mpi *d, const unsigned char *buf, size_t blen, + int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, + int (*f_rng_blind)(void *, unsigned char *, size_t), + void *p_rng_blind, + mbedtls_ecdsa_restart_ctx *rs_ctx) { int ret, key_tries, sign_tries; int *p_sign_tries = &sign_tries, *p_key_tries = &key_tries; @@ -258,21 +260,22 @@ static int ecdsa_sign_restartable( mbedtls_ecp_group *grp, mbedtls_mpi *pk = &k, *pr = r; /* Fail cleanly on curves such as Curve25519 that can't be used for ECDSA */ - if( ! mbedtls_ecdsa_can_do( grp->id ) || grp->N.p == NULL ) - return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); + if (!mbedtls_ecdsa_can_do(grp->id) || grp->N.p == NULL) { + return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; + } /* Make sure d is in range 1..n-1 */ - if( mbedtls_mpi_cmp_int( d, 1 ) < 0 || mbedtls_mpi_cmp_mpi( d, &grp->N ) >= 0 ) - return( MBEDTLS_ERR_ECP_INVALID_KEY ); + if (mbedtls_mpi_cmp_int(d, 1) < 0 || mbedtls_mpi_cmp_mpi(d, &grp->N) >= 0) { + return MBEDTLS_ERR_ECP_INVALID_KEY; + } - mbedtls_ecp_point_init( &R ); - mbedtls_mpi_init( &k ); mbedtls_mpi_init( &e ); mbedtls_mpi_init( &t ); + mbedtls_ecp_point_init(&R); + mbedtls_mpi_init(&k); mbedtls_mpi_init(&e); mbedtls_mpi_init(&t); - ECDSA_RS_ENTER( sig ); + ECDSA_RS_ENTER(sig); #if defined(MBEDTLS_ECP_RESTARTABLE) - if( rs_ctx != NULL && rs_ctx->sig != NULL ) - { + if (rs_ctx != NULL && rs_ctx->sig != NULL) { /* redirect to our context */ p_sign_tries = &rs_ctx->sig->sign_tries; p_key_tries = &rs_ctx->sig->key_tries; @@ -280,18 +283,18 @@ static int ecdsa_sign_restartable( mbedtls_ecp_group *grp, pr = &rs_ctx->sig->r; /* jump to current step */ - if( rs_ctx->sig->state == ecdsa_sig_mul ) + if (rs_ctx->sig->state == ecdsa_sig_mul) { goto mul; - if( rs_ctx->sig->state == ecdsa_sig_modn ) + } + if (rs_ctx->sig->state == ecdsa_sig_modn) { goto modn; + } } #endif /* MBEDTLS_ECP_RESTARTABLE */ *p_sign_tries = 0; - do - { - if( (*p_sign_tries)++ > 10 ) - { + do { + if ((*p_sign_tries)++ > 10) { ret = MBEDTLS_ERR_ECP_RANDOM_FAILED; goto cleanup; } @@ -301,33 +304,32 @@ static int ecdsa_sign_restartable( mbedtls_ecp_group *grp, * and set r = xR mod n */ *p_key_tries = 0; - do - { - if( (*p_key_tries)++ > 10 ) - { + do { + if ((*p_key_tries)++ > 10) { ret = MBEDTLS_ERR_ECP_RANDOM_FAILED; goto cleanup; } - MBEDTLS_MPI_CHK( mbedtls_ecp_gen_privkey( grp, pk, f_rng, p_rng ) ); + MBEDTLS_MPI_CHK(mbedtls_ecp_gen_privkey(grp, pk, f_rng, p_rng)); #if defined(MBEDTLS_ECP_RESTARTABLE) - if( rs_ctx != NULL && rs_ctx->sig != NULL ) + if (rs_ctx != NULL && rs_ctx->sig != NULL) { rs_ctx->sig->state = ecdsa_sig_mul; + } mul: #endif - MBEDTLS_MPI_CHK( mbedtls_ecp_mul_restartable( grp, &R, pk, &grp->G, - f_rng_blind, - p_rng_blind, - ECDSA_RS_ECP ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( pr, &R.X, &grp->N ) ); - } - while( mbedtls_mpi_cmp_int( pr, 0 ) == 0 ); + MBEDTLS_MPI_CHK(mbedtls_ecp_mul_restartable(grp, &R, pk, &grp->G, + f_rng_blind, + p_rng_blind, + ECDSA_RS_ECP)); + MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(pr, &R.X, &grp->N)); + } while (mbedtls_mpi_cmp_int(pr, 0) == 0); #if defined(MBEDTLS_ECP_RESTARTABLE) - if( rs_ctx != NULL && rs_ctx->sig != NULL ) + if (rs_ctx != NULL && rs_ctx->sig != NULL) { rs_ctx->sig->state = ecdsa_sig_modn; + } modn: #endif @@ -335,79 +337,78 @@ modn: * Accounting for everything up to the end of the loop * (step 6, but checking now avoids saving e and t) */ - ECDSA_BUDGET( MBEDTLS_ECP_OPS_INV + 4 ); + ECDSA_BUDGET(MBEDTLS_ECP_OPS_INV + 4); /* * Step 5: derive MPI from hashed message */ - MBEDTLS_MPI_CHK( derive_mpi( grp, &e, buf, blen ) ); + MBEDTLS_MPI_CHK(derive_mpi(grp, &e, buf, blen)); /* * Generate a random value to blind inv_mod in next step, * avoiding a potential timing leak. */ - MBEDTLS_MPI_CHK( mbedtls_ecp_gen_privkey( grp, &t, f_rng_blind, - p_rng_blind ) ); + MBEDTLS_MPI_CHK(mbedtls_ecp_gen_privkey(grp, &t, f_rng_blind, + p_rng_blind)); /* * Step 6: compute s = (e + r * d) / k = t (e + rd) / (kt) mod n */ - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( s, pr, d ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &e, &e, s ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &e, &e, &t ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( pk, pk, &t ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( pk, pk, &grp->N ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( s, pk, &grp->N ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( s, s, &e ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( s, s, &grp->N ) ); - } - while( mbedtls_mpi_cmp_int( s, 0 ) == 0 ); + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(s, pr, d)); + MBEDTLS_MPI_CHK(mbedtls_mpi_add_mpi(&e, &e, s)); + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&e, &e, &t)); + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(pk, pk, &t)); + MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(pk, pk, &grp->N)); + MBEDTLS_MPI_CHK(mbedtls_mpi_inv_mod(s, pk, &grp->N)); + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(s, s, &e)); + MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(s, s, &grp->N)); + } while (mbedtls_mpi_cmp_int(s, 0) == 0); #if defined(MBEDTLS_ECP_RESTARTABLE) - if( rs_ctx != NULL && rs_ctx->sig != NULL ) - mbedtls_mpi_copy( r, pr ); + if (rs_ctx != NULL && rs_ctx->sig != NULL) { + mbedtls_mpi_copy(r, pr); + } #endif cleanup: - mbedtls_ecp_point_free( &R ); - mbedtls_mpi_free( &k ); mbedtls_mpi_free( &e ); mbedtls_mpi_free( &t ); + mbedtls_ecp_point_free(&R); + mbedtls_mpi_free(&k); mbedtls_mpi_free(&e); mbedtls_mpi_free(&t); - ECDSA_RS_LEAVE( sig ); + ECDSA_RS_LEAVE(sig); - return( ret ); + return ret; } -int mbedtls_ecdsa_can_do( mbedtls_ecp_group_id gid ) +int mbedtls_ecdsa_can_do(mbedtls_ecp_group_id gid) { - switch( gid ) - { + switch (gid) { #ifdef MBEDTLS_ECP_DP_CURVE25519_ENABLED case MBEDTLS_ECP_DP_CURVE25519: return 0; #endif #ifdef MBEDTLS_ECP_DP_CURVE448_ENABLED case MBEDTLS_ECP_DP_CURVE448: return 0; #endif - default: return 1; + default: return 1; } } /* * Compute ECDSA signature of a hashed message */ -int mbedtls_ecdsa_sign( mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi *s, - const mbedtls_mpi *d, const unsigned char *buf, size_t blen, - int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) +int mbedtls_ecdsa_sign(mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi *s, + const mbedtls_mpi *d, const unsigned char *buf, size_t blen, + int (*f_rng)(void *, unsigned char *, size_t), void *p_rng) { - ECDSA_VALIDATE_RET( grp != NULL ); - ECDSA_VALIDATE_RET( r != NULL ); - ECDSA_VALIDATE_RET( s != NULL ); - ECDSA_VALIDATE_RET( d != NULL ); - ECDSA_VALIDATE_RET( f_rng != NULL ); - ECDSA_VALIDATE_RET( buf != NULL || blen == 0 ); + ECDSA_VALIDATE_RET(grp != NULL); + ECDSA_VALIDATE_RET(r != NULL); + ECDSA_VALIDATE_RET(s != NULL); + ECDSA_VALIDATE_RET(d != NULL); + ECDSA_VALIDATE_RET(f_rng != NULL); + ECDSA_VALIDATE_RET(buf != NULL || blen == 0); /* Use the same RNG for both blinding and ephemeral key generation */ - return( ecdsa_sign_restartable( grp, r, s, d, buf, blen, - f_rng, p_rng, f_rng, p_rng, NULL ) ); + return ecdsa_sign_restartable(grp, r, s, d, buf, blen, + f_rng, p_rng, f_rng, p_rng, NULL); } #endif /* !MBEDTLS_ECDSA_SIGN_ALT */ @@ -415,66 +416,67 @@ int mbedtls_ecdsa_sign( mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi *s, /* * Deterministic signature wrapper */ -static int ecdsa_sign_det_restartable( mbedtls_ecp_group *grp, - mbedtls_mpi *r, mbedtls_mpi *s, - const mbedtls_mpi *d, const unsigned char *buf, size_t blen, - mbedtls_md_type_t md_alg, - int (*f_rng_blind)(void *, unsigned char *, size_t), - void *p_rng_blind, - mbedtls_ecdsa_restart_ctx *rs_ctx ) +static int ecdsa_sign_det_restartable(mbedtls_ecp_group *grp, + mbedtls_mpi *r, mbedtls_mpi *s, + const mbedtls_mpi *d, const unsigned char *buf, size_t blen, + mbedtls_md_type_t md_alg, + int (*f_rng_blind)(void *, unsigned char *, size_t), + void *p_rng_blind, + mbedtls_ecdsa_restart_ctx *rs_ctx) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_hmac_drbg_context rng_ctx; mbedtls_hmac_drbg_context *p_rng = &rng_ctx; unsigned char data[2 * MBEDTLS_ECP_MAX_BYTES]; - size_t grp_len = ( grp->nbits + 7 ) / 8; + size_t grp_len = (grp->nbits + 7) / 8; const mbedtls_md_info_t *md_info; mbedtls_mpi h; - if( ( md_info = mbedtls_md_info_from_type( md_alg ) ) == NULL ) - return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); + if ((md_info = mbedtls_md_info_from_type(md_alg)) == NULL) { + return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; + } - mbedtls_mpi_init( &h ); - mbedtls_hmac_drbg_init( &rng_ctx ); + mbedtls_mpi_init(&h); + mbedtls_hmac_drbg_init(&rng_ctx); - ECDSA_RS_ENTER( det ); + ECDSA_RS_ENTER(det); #if defined(MBEDTLS_ECP_RESTARTABLE) - if( rs_ctx != NULL && rs_ctx->det != NULL ) - { + if (rs_ctx != NULL && rs_ctx->det != NULL) { /* redirect to our context */ p_rng = &rs_ctx->det->rng_ctx; /* jump to current step */ - if( rs_ctx->det->state == ecdsa_det_sign ) + if (rs_ctx->det->state == ecdsa_det_sign) { goto sign; + } } #endif /* MBEDTLS_ECP_RESTARTABLE */ /* Use private key and message hash (reduced) to initialize HMAC_DRBG */ - MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( d, data, grp_len ) ); - MBEDTLS_MPI_CHK( derive_mpi( grp, &h, buf, blen ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &h, data + grp_len, grp_len ) ); - mbedtls_hmac_drbg_seed_buf( p_rng, md_info, data, 2 * grp_len ); + MBEDTLS_MPI_CHK(mbedtls_mpi_write_binary(d, data, grp_len)); + MBEDTLS_MPI_CHK(derive_mpi(grp, &h, buf, blen)); + MBEDTLS_MPI_CHK(mbedtls_mpi_write_binary(&h, data + grp_len, grp_len)); + mbedtls_hmac_drbg_seed_buf(p_rng, md_info, data, 2 * grp_len); #if defined(MBEDTLS_ECP_RESTARTABLE) - if( rs_ctx != NULL && rs_ctx->det != NULL ) + if (rs_ctx != NULL && rs_ctx->det != NULL) { rs_ctx->det->state = ecdsa_det_sign; + } sign: #endif #if defined(MBEDTLS_ECDSA_SIGN_ALT) (void) f_rng_blind; (void) p_rng_blind; - ret = mbedtls_ecdsa_sign( grp, r, s, d, buf, blen, - mbedtls_hmac_drbg_random, p_rng ); + ret = mbedtls_ecdsa_sign(grp, r, s, d, buf, blen, + mbedtls_hmac_drbg_random, p_rng); #else - if( f_rng_blind != NULL ) - ret = ecdsa_sign_restartable( grp, r, s, d, buf, blen, - mbedtls_hmac_drbg_random, p_rng, - f_rng_blind, p_rng_blind, rs_ctx ); - else - { + if (f_rng_blind != NULL) { + ret = ecdsa_sign_restartable(grp, r, s, d, buf, blen, + mbedtls_hmac_drbg_random, p_rng, + f_rng_blind, p_rng_blind, rs_ctx); + } else { mbedtls_hmac_drbg_context *p_rng_blind_det; #if !defined(MBEDTLS_ECP_RESTARTABLE) @@ -484,19 +486,18 @@ sign: * reusing the bits of the ephemeral key for blinding and eliminate the * risk that they leak this way. */ - const char* blind_label = "BLINDING CONTEXT"; + const char *blind_label = "BLINDING CONTEXT"; mbedtls_hmac_drbg_context rng_ctx_blind; - mbedtls_hmac_drbg_init( &rng_ctx_blind ); + mbedtls_hmac_drbg_init(&rng_ctx_blind); p_rng_blind_det = &rng_ctx_blind; - mbedtls_hmac_drbg_seed_buf( p_rng_blind_det, md_info, - data, 2 * grp_len ); - ret = mbedtls_hmac_drbg_update_ret( p_rng_blind_det, - (const unsigned char*) blind_label, - strlen( blind_label ) ); - if( ret != 0 ) - { - mbedtls_hmac_drbg_free( &rng_ctx_blind ); + mbedtls_hmac_drbg_seed_buf(p_rng_blind_det, md_info, + data, 2 * grp_len); + ret = mbedtls_hmac_drbg_update_ret(p_rng_blind_det, + (const unsigned char *) blind_label, + strlen(blind_label)); + if (ret != 0) { + mbedtls_hmac_drbg_free(&rng_ctx_blind); goto cleanup; } #else @@ -523,24 +524,24 @@ sign: * won't be a valid value for f_rng_blind anymore. Therefore it should * be checked by the caller and this branch and check can be removed. */ - ret = ecdsa_sign_restartable( grp, r, s, d, buf, blen, - mbedtls_hmac_drbg_random, p_rng, - mbedtls_hmac_drbg_random, p_rng_blind_det, - rs_ctx ); + ret = ecdsa_sign_restartable(grp, r, s, d, buf, blen, + mbedtls_hmac_drbg_random, p_rng, + mbedtls_hmac_drbg_random, p_rng_blind_det, + rs_ctx); #if !defined(MBEDTLS_ECP_RESTARTABLE) - mbedtls_hmac_drbg_free( &rng_ctx_blind ); + mbedtls_hmac_drbg_free(&rng_ctx_blind); #endif } #endif /* MBEDTLS_ECDSA_SIGN_ALT */ cleanup: - mbedtls_hmac_drbg_free( &rng_ctx ); - mbedtls_mpi_free( &h ); + mbedtls_hmac_drbg_free(&rng_ctx); + mbedtls_mpi_free(&h); - ECDSA_RS_LEAVE( det ); + ECDSA_RS_LEAVE(det); - return( ret ); + return ret; } /* @@ -548,39 +549,39 @@ cleanup: */ #if !defined(MBEDTLS_DEPRECATED_REMOVED) -int mbedtls_ecdsa_sign_det( mbedtls_ecp_group *grp, mbedtls_mpi *r, - mbedtls_mpi *s, const mbedtls_mpi *d, - const unsigned char *buf, size_t blen, - mbedtls_md_type_t md_alg ) +int mbedtls_ecdsa_sign_det(mbedtls_ecp_group *grp, mbedtls_mpi *r, + mbedtls_mpi *s, const mbedtls_mpi *d, + const unsigned char *buf, size_t blen, + mbedtls_md_type_t md_alg) { - ECDSA_VALIDATE_RET( grp != NULL ); - ECDSA_VALIDATE_RET( r != NULL ); - ECDSA_VALIDATE_RET( s != NULL ); - ECDSA_VALIDATE_RET( d != NULL ); - ECDSA_VALIDATE_RET( buf != NULL || blen == 0 ); - - return( ecdsa_sign_det_restartable( grp, r, s, d, buf, blen, md_alg, - NULL, NULL, NULL ) ); + ECDSA_VALIDATE_RET(grp != NULL); + ECDSA_VALIDATE_RET(r != NULL); + ECDSA_VALIDATE_RET(s != NULL); + ECDSA_VALIDATE_RET(d != NULL); + ECDSA_VALIDATE_RET(buf != NULL || blen == 0); + + return ecdsa_sign_det_restartable(grp, r, s, d, buf, blen, md_alg, + NULL, NULL, NULL); } #endif /* MBEDTLS_DEPRECATED_REMOVED */ -int mbedtls_ecdsa_sign_det_ext( mbedtls_ecp_group *grp, mbedtls_mpi *r, - mbedtls_mpi *s, const mbedtls_mpi *d, - const unsigned char *buf, size_t blen, - mbedtls_md_type_t md_alg, - int (*f_rng_blind)(void *, unsigned char *, - size_t), - void *p_rng_blind ) +int mbedtls_ecdsa_sign_det_ext(mbedtls_ecp_group *grp, mbedtls_mpi *r, + mbedtls_mpi *s, const mbedtls_mpi *d, + const unsigned char *buf, size_t blen, + mbedtls_md_type_t md_alg, + int (*f_rng_blind)(void *, unsigned char *, + size_t), + void *p_rng_blind) { - ECDSA_VALIDATE_RET( grp != NULL ); - ECDSA_VALIDATE_RET( r != NULL ); - ECDSA_VALIDATE_RET( s != NULL ); - ECDSA_VALIDATE_RET( d != NULL ); - ECDSA_VALIDATE_RET( buf != NULL || blen == 0 ); - ECDSA_VALIDATE_RET( f_rng_blind != NULL ); - - return( ecdsa_sign_det_restartable( grp, r, s, d, buf, blen, md_alg, - f_rng_blind, p_rng_blind, NULL ) ); + ECDSA_VALIDATE_RET(grp != NULL); + ECDSA_VALIDATE_RET(r != NULL); + ECDSA_VALIDATE_RET(s != NULL); + ECDSA_VALIDATE_RET(d != NULL); + ECDSA_VALIDATE_RET(buf != NULL || blen == 0); + ECDSA_VALIDATE_RET(f_rng_blind != NULL); + + return ecdsa_sign_det_restartable(grp, r, s, d, buf, blen, md_alg, + f_rng_blind, p_rng_blind, NULL); } #endif /* MBEDTLS_ECDSA_DETERMINISTIC */ @@ -589,46 +590,46 @@ int mbedtls_ecdsa_sign_det_ext( mbedtls_ecp_group *grp, mbedtls_mpi *r, * Verify ECDSA signature of hashed message (SEC1 4.1.4) * Obviously, compared to SEC1 4.1.3, we skip step 2 (hash message) */ -static int ecdsa_verify_restartable( mbedtls_ecp_group *grp, - const unsigned char *buf, size_t blen, - const mbedtls_ecp_point *Q, - const mbedtls_mpi *r, const mbedtls_mpi *s, - mbedtls_ecdsa_restart_ctx *rs_ctx ) +static int ecdsa_verify_restartable(mbedtls_ecp_group *grp, + const unsigned char *buf, size_t blen, + const mbedtls_ecp_point *Q, + const mbedtls_mpi *r, const mbedtls_mpi *s, + mbedtls_ecdsa_restart_ctx *rs_ctx) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_mpi e, s_inv, u1, u2; mbedtls_ecp_point R; mbedtls_mpi *pu1 = &u1, *pu2 = &u2; - mbedtls_ecp_point_init( &R ); - mbedtls_mpi_init( &e ); mbedtls_mpi_init( &s_inv ); - mbedtls_mpi_init( &u1 ); mbedtls_mpi_init( &u2 ); + mbedtls_ecp_point_init(&R); + mbedtls_mpi_init(&e); mbedtls_mpi_init(&s_inv); + mbedtls_mpi_init(&u1); mbedtls_mpi_init(&u2); /* Fail cleanly on curves such as Curve25519 that can't be used for ECDSA */ - if( ! mbedtls_ecdsa_can_do( grp->id ) || grp->N.p == NULL ) - return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); + if (!mbedtls_ecdsa_can_do(grp->id) || grp->N.p == NULL) { + return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; + } - ECDSA_RS_ENTER( ver ); + ECDSA_RS_ENTER(ver); #if defined(MBEDTLS_ECP_RESTARTABLE) - if( rs_ctx != NULL && rs_ctx->ver != NULL ) - { + if (rs_ctx != NULL && rs_ctx->ver != NULL) { /* redirect to our context */ pu1 = &rs_ctx->ver->u1; pu2 = &rs_ctx->ver->u2; /* jump to current step */ - if( rs_ctx->ver->state == ecdsa_ver_muladd ) + if (rs_ctx->ver->state == ecdsa_ver_muladd) { goto muladd; + } } #endif /* MBEDTLS_ECP_RESTARTABLE */ /* * Step 1: make sure r and s are in range 1..n-1 */ - if( mbedtls_mpi_cmp_int( r, 1 ) < 0 || mbedtls_mpi_cmp_mpi( r, &grp->N ) >= 0 || - mbedtls_mpi_cmp_int( s, 1 ) < 0 || mbedtls_mpi_cmp_mpi( s, &grp->N ) >= 0 ) - { + if (mbedtls_mpi_cmp_int(r, 1) < 0 || mbedtls_mpi_cmp_mpi(r, &grp->N) >= 0 || + mbedtls_mpi_cmp_int(s, 1) < 0 || mbedtls_mpi_cmp_mpi(s, &grp->N) >= 0) { ret = MBEDTLS_ERR_ECP_VERIFY_FAILED; goto cleanup; } @@ -636,35 +637,35 @@ static int ecdsa_verify_restartable( mbedtls_ecp_group *grp, /* * Step 3: derive MPI from hashed message */ - MBEDTLS_MPI_CHK( derive_mpi( grp, &e, buf, blen ) ); + MBEDTLS_MPI_CHK(derive_mpi(grp, &e, buf, blen)); /* * Step 4: u1 = e / s mod n, u2 = r / s mod n */ - ECDSA_BUDGET( MBEDTLS_ECP_OPS_CHK + MBEDTLS_ECP_OPS_INV + 2 ); + ECDSA_BUDGET(MBEDTLS_ECP_OPS_CHK + MBEDTLS_ECP_OPS_INV + 2); - MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( &s_inv, s, &grp->N ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_inv_mod(&s_inv, s, &grp->N)); - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( pu1, &e, &s_inv ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( pu1, pu1, &grp->N ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(pu1, &e, &s_inv)); + MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(pu1, pu1, &grp->N)); - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( pu2, r, &s_inv ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( pu2, pu2, &grp->N ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(pu2, r, &s_inv)); + MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(pu2, pu2, &grp->N)); #if defined(MBEDTLS_ECP_RESTARTABLE) - if( rs_ctx != NULL && rs_ctx->ver != NULL ) + if (rs_ctx != NULL && rs_ctx->ver != NULL) { rs_ctx->ver->state = ecdsa_ver_muladd; + } muladd: #endif /* * Step 5: R = u1 G + u2 Q */ - MBEDTLS_MPI_CHK( mbedtls_ecp_muladd_restartable( grp, - &R, pu1, &grp->G, pu2, Q, ECDSA_RS_ECP ) ); + MBEDTLS_MPI_CHK(mbedtls_ecp_muladd_restartable(grp, + &R, pu1, &grp->G, pu2, Q, ECDSA_RS_ECP)); - if( mbedtls_ecp_is_zero( &R ) ) - { + if (mbedtls_ecp_is_zero(&R)) { ret = MBEDTLS_ERR_ECP_VERIFY_FAILED; goto cleanup; } @@ -673,302 +674,303 @@ muladd: * Step 6: convert xR to an integer (no-op) * Step 7: reduce xR mod n (gives v) */ - MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &R.X, &R.X, &grp->N ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(&R.X, &R.X, &grp->N)); /* * Step 8: check if v (that is, R.X) is equal to r */ - if( mbedtls_mpi_cmp_mpi( &R.X, r ) != 0 ) - { + if (mbedtls_mpi_cmp_mpi(&R.X, r) != 0) { ret = MBEDTLS_ERR_ECP_VERIFY_FAILED; goto cleanup; } cleanup: - mbedtls_ecp_point_free( &R ); - mbedtls_mpi_free( &e ); mbedtls_mpi_free( &s_inv ); - mbedtls_mpi_free( &u1 ); mbedtls_mpi_free( &u2 ); + mbedtls_ecp_point_free(&R); + mbedtls_mpi_free(&e); mbedtls_mpi_free(&s_inv); + mbedtls_mpi_free(&u1); mbedtls_mpi_free(&u2); - ECDSA_RS_LEAVE( ver ); + ECDSA_RS_LEAVE(ver); - return( ret ); + return ret; } /* * Verify ECDSA signature of hashed message */ -int mbedtls_ecdsa_verify( mbedtls_ecp_group *grp, - const unsigned char *buf, size_t blen, - const mbedtls_ecp_point *Q, - const mbedtls_mpi *r, - const mbedtls_mpi *s) +int mbedtls_ecdsa_verify(mbedtls_ecp_group *grp, + const unsigned char *buf, size_t blen, + const mbedtls_ecp_point *Q, + const mbedtls_mpi *r, + const mbedtls_mpi *s) { - ECDSA_VALIDATE_RET( grp != NULL ); - ECDSA_VALIDATE_RET( Q != NULL ); - ECDSA_VALIDATE_RET( r != NULL ); - ECDSA_VALIDATE_RET( s != NULL ); - ECDSA_VALIDATE_RET( buf != NULL || blen == 0 ); + ECDSA_VALIDATE_RET(grp != NULL); + ECDSA_VALIDATE_RET(Q != NULL); + ECDSA_VALIDATE_RET(r != NULL); + ECDSA_VALIDATE_RET(s != NULL); + ECDSA_VALIDATE_RET(buf != NULL || blen == 0); - return( ecdsa_verify_restartable( grp, buf, blen, Q, r, s, NULL ) ); + return ecdsa_verify_restartable(grp, buf, blen, Q, r, s, NULL); } #endif /* !MBEDTLS_ECDSA_VERIFY_ALT */ /* * Convert a signature (given by context) to ASN.1 */ -static int ecdsa_signature_to_asn1( const mbedtls_mpi *r, const mbedtls_mpi *s, - unsigned char *sig, size_t *slen ) +static int ecdsa_signature_to_asn1(const mbedtls_mpi *r, const mbedtls_mpi *s, + unsigned char *sig, size_t *slen) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - unsigned char buf[MBEDTLS_ECDSA_MAX_LEN] = {0}; - unsigned char *p = buf + sizeof( buf ); + unsigned char buf[MBEDTLS_ECDSA_MAX_LEN] = { 0 }; + unsigned char *p = buf + sizeof(buf); size_t len = 0; - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_mpi( &p, buf, s ) ); - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_mpi( &p, buf, r ) ); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_mpi(&p, buf, s)); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_mpi(&p, buf, r)); - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &p, buf, len ) ); - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &p, buf, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&p, buf, len)); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(&p, buf, + MBEDTLS_ASN1_CONSTRUCTED | + MBEDTLS_ASN1_SEQUENCE)); - memcpy( sig, p, len ); + memcpy(sig, p, len); *slen = len; - return( 0 ); + return 0; } /* * Compute and write signature */ -int mbedtls_ecdsa_write_signature_restartable( mbedtls_ecdsa_context *ctx, - mbedtls_md_type_t md_alg, - const unsigned char *hash, size_t hlen, - unsigned char *sig, size_t *slen, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng, - mbedtls_ecdsa_restart_ctx *rs_ctx ) +int mbedtls_ecdsa_write_signature_restartable(mbedtls_ecdsa_context *ctx, + mbedtls_md_type_t md_alg, + const unsigned char *hash, size_t hlen, + unsigned char *sig, size_t *slen, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng, + mbedtls_ecdsa_restart_ctx *rs_ctx) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_mpi r, s; - ECDSA_VALIDATE_RET( ctx != NULL ); - ECDSA_VALIDATE_RET( hash != NULL ); - ECDSA_VALIDATE_RET( sig != NULL ); - ECDSA_VALIDATE_RET( slen != NULL ); + ECDSA_VALIDATE_RET(ctx != NULL); + ECDSA_VALIDATE_RET(hash != NULL); + ECDSA_VALIDATE_RET(sig != NULL); + ECDSA_VALIDATE_RET(slen != NULL); - mbedtls_mpi_init( &r ); - mbedtls_mpi_init( &s ); + mbedtls_mpi_init(&r); + mbedtls_mpi_init(&s); #if defined(MBEDTLS_ECDSA_DETERMINISTIC) - MBEDTLS_MPI_CHK( ecdsa_sign_det_restartable( &ctx->grp, &r, &s, &ctx->d, - hash, hlen, md_alg, f_rng, - p_rng, rs_ctx ) ); + MBEDTLS_MPI_CHK(ecdsa_sign_det_restartable(&ctx->grp, &r, &s, &ctx->d, + hash, hlen, md_alg, f_rng, + p_rng, rs_ctx)); #else (void) md_alg; #if defined(MBEDTLS_ECDSA_SIGN_ALT) (void) rs_ctx; - MBEDTLS_MPI_CHK( mbedtls_ecdsa_sign( &ctx->grp, &r, &s, &ctx->d, - hash, hlen, f_rng, p_rng ) ); + MBEDTLS_MPI_CHK(mbedtls_ecdsa_sign(&ctx->grp, &r, &s, &ctx->d, + hash, hlen, f_rng, p_rng)); #else /* Use the same RNG for both blinding and ephemeral key generation */ - MBEDTLS_MPI_CHK( ecdsa_sign_restartable( &ctx->grp, &r, &s, &ctx->d, - hash, hlen, f_rng, p_rng, f_rng, - p_rng, rs_ctx ) ); + MBEDTLS_MPI_CHK(ecdsa_sign_restartable(&ctx->grp, &r, &s, &ctx->d, + hash, hlen, f_rng, p_rng, f_rng, + p_rng, rs_ctx)); #endif /* MBEDTLS_ECDSA_SIGN_ALT */ #endif /* MBEDTLS_ECDSA_DETERMINISTIC */ - MBEDTLS_MPI_CHK( ecdsa_signature_to_asn1( &r, &s, sig, slen ) ); + MBEDTLS_MPI_CHK(ecdsa_signature_to_asn1(&r, &s, sig, slen)); cleanup: - mbedtls_mpi_free( &r ); - mbedtls_mpi_free( &s ); + mbedtls_mpi_free(&r); + mbedtls_mpi_free(&s); - return( ret ); + return ret; } /* * Compute and write signature */ -int mbedtls_ecdsa_write_signature( mbedtls_ecdsa_context *ctx, - mbedtls_md_type_t md_alg, - const unsigned char *hash, size_t hlen, - unsigned char *sig, size_t *slen, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ) +int mbedtls_ecdsa_write_signature(mbedtls_ecdsa_context *ctx, + mbedtls_md_type_t md_alg, + const unsigned char *hash, size_t hlen, + unsigned char *sig, size_t *slen, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng) { - ECDSA_VALIDATE_RET( ctx != NULL ); - ECDSA_VALIDATE_RET( hash != NULL ); - ECDSA_VALIDATE_RET( sig != NULL ); - ECDSA_VALIDATE_RET( slen != NULL ); - return( mbedtls_ecdsa_write_signature_restartable( - ctx, md_alg, hash, hlen, sig, slen, f_rng, p_rng, NULL ) ); + ECDSA_VALIDATE_RET(ctx != NULL); + ECDSA_VALIDATE_RET(hash != NULL); + ECDSA_VALIDATE_RET(sig != NULL); + ECDSA_VALIDATE_RET(slen != NULL); + return mbedtls_ecdsa_write_signature_restartable( + ctx, md_alg, hash, hlen, sig, slen, f_rng, p_rng, NULL); } #if !defined(MBEDTLS_DEPRECATED_REMOVED) && \ defined(MBEDTLS_ECDSA_DETERMINISTIC) -int mbedtls_ecdsa_write_signature_det( mbedtls_ecdsa_context *ctx, - const unsigned char *hash, size_t hlen, - unsigned char *sig, size_t *slen, - mbedtls_md_type_t md_alg ) +int mbedtls_ecdsa_write_signature_det(mbedtls_ecdsa_context *ctx, + const unsigned char *hash, size_t hlen, + unsigned char *sig, size_t *slen, + mbedtls_md_type_t md_alg) { - ECDSA_VALIDATE_RET( ctx != NULL ); - ECDSA_VALIDATE_RET( hash != NULL ); - ECDSA_VALIDATE_RET( sig != NULL ); - ECDSA_VALIDATE_RET( slen != NULL ); - return( mbedtls_ecdsa_write_signature( ctx, md_alg, hash, hlen, sig, slen, - NULL, NULL ) ); + ECDSA_VALIDATE_RET(ctx != NULL); + ECDSA_VALIDATE_RET(hash != NULL); + ECDSA_VALIDATE_RET(sig != NULL); + ECDSA_VALIDATE_RET(slen != NULL); + return mbedtls_ecdsa_write_signature(ctx, md_alg, hash, hlen, sig, slen, + NULL, NULL); } #endif /* * Read and check signature */ -int mbedtls_ecdsa_read_signature( mbedtls_ecdsa_context *ctx, - const unsigned char *hash, size_t hlen, - const unsigned char *sig, size_t slen ) +int mbedtls_ecdsa_read_signature(mbedtls_ecdsa_context *ctx, + const unsigned char *hash, size_t hlen, + const unsigned char *sig, size_t slen) { - ECDSA_VALIDATE_RET( ctx != NULL ); - ECDSA_VALIDATE_RET( hash != NULL ); - ECDSA_VALIDATE_RET( sig != NULL ); - return( mbedtls_ecdsa_read_signature_restartable( - ctx, hash, hlen, sig, slen, NULL ) ); + ECDSA_VALIDATE_RET(ctx != NULL); + ECDSA_VALIDATE_RET(hash != NULL); + ECDSA_VALIDATE_RET(sig != NULL); + return mbedtls_ecdsa_read_signature_restartable( + ctx, hash, hlen, sig, slen, NULL); } /* * Restartable read and check signature */ -int mbedtls_ecdsa_read_signature_restartable( mbedtls_ecdsa_context *ctx, - const unsigned char *hash, size_t hlen, - const unsigned char *sig, size_t slen, - mbedtls_ecdsa_restart_ctx *rs_ctx ) +int mbedtls_ecdsa_read_signature_restartable(mbedtls_ecdsa_context *ctx, + const unsigned char *hash, size_t hlen, + const unsigned char *sig, size_t slen, + mbedtls_ecdsa_restart_ctx *rs_ctx) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char *p = (unsigned char *) sig; const unsigned char *end = sig + slen; size_t len; mbedtls_mpi r, s; - ECDSA_VALIDATE_RET( ctx != NULL ); - ECDSA_VALIDATE_RET( hash != NULL ); - ECDSA_VALIDATE_RET( sig != NULL ); + ECDSA_VALIDATE_RET(ctx != NULL); + ECDSA_VALIDATE_RET(hash != NULL); + ECDSA_VALIDATE_RET(sig != NULL); - mbedtls_mpi_init( &r ); - mbedtls_mpi_init( &s ); + mbedtls_mpi_init(&r); + mbedtls_mpi_init(&s); - if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) - { + if ((ret = mbedtls_asn1_get_tag(&p, end, &len, + MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { ret += MBEDTLS_ERR_ECP_BAD_INPUT_DATA; goto cleanup; } - if( p + len != end ) - { - ret = MBEDTLS_ERROR_ADD( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); + if (p + len != end) { + ret = MBEDTLS_ERROR_ADD(MBEDTLS_ERR_ECP_BAD_INPUT_DATA, + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); goto cleanup; } - if( ( ret = mbedtls_asn1_get_mpi( &p, end, &r ) ) != 0 || - ( ret = mbedtls_asn1_get_mpi( &p, end, &s ) ) != 0 ) - { + if ((ret = mbedtls_asn1_get_mpi(&p, end, &r)) != 0 || + (ret = mbedtls_asn1_get_mpi(&p, end, &s)) != 0) { ret += MBEDTLS_ERR_ECP_BAD_INPUT_DATA; goto cleanup; } #if defined(MBEDTLS_ECDSA_VERIFY_ALT) (void) rs_ctx; - if( ( ret = mbedtls_ecdsa_verify( &ctx->grp, hash, hlen, - &ctx->Q, &r, &s ) ) != 0 ) + if ((ret = mbedtls_ecdsa_verify(&ctx->grp, hash, hlen, + &ctx->Q, &r, &s)) != 0) { goto cleanup; + } #else - if( ( ret = ecdsa_verify_restartable( &ctx->grp, hash, hlen, - &ctx->Q, &r, &s, rs_ctx ) ) != 0 ) + if ((ret = ecdsa_verify_restartable(&ctx->grp, hash, hlen, + &ctx->Q, &r, &s, rs_ctx)) != 0) { goto cleanup; + } #endif /* MBEDTLS_ECDSA_VERIFY_ALT */ /* At this point we know that the buffer starts with a valid signature. * Return 0 if the buffer just contains the signature, and a specific * error code if the valid signature is followed by more data. */ - if( p != end ) + if (p != end) { ret = MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH; + } cleanup: - mbedtls_mpi_free( &r ); - mbedtls_mpi_free( &s ); + mbedtls_mpi_free(&r); + mbedtls_mpi_free(&s); - return( ret ); + return ret; } #if !defined(MBEDTLS_ECDSA_GENKEY_ALT) /* * Generate key pair */ -int mbedtls_ecdsa_genkey( mbedtls_ecdsa_context *ctx, mbedtls_ecp_group_id gid, - int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) +int mbedtls_ecdsa_genkey(mbedtls_ecdsa_context *ctx, mbedtls_ecp_group_id gid, + int (*f_rng)(void *, unsigned char *, size_t), void *p_rng) { int ret = 0; - ECDSA_VALIDATE_RET( ctx != NULL ); - ECDSA_VALIDATE_RET( f_rng != NULL ); + ECDSA_VALIDATE_RET(ctx != NULL); + ECDSA_VALIDATE_RET(f_rng != NULL); - ret = mbedtls_ecp_group_load( &ctx->grp, gid ); - if( ret != 0 ) - return( ret ); + ret = mbedtls_ecp_group_load(&ctx->grp, gid); + if (ret != 0) { + return ret; + } - return( mbedtls_ecp_gen_keypair( &ctx->grp, &ctx->d, - &ctx->Q, f_rng, p_rng ) ); + return mbedtls_ecp_gen_keypair(&ctx->grp, &ctx->d, + &ctx->Q, f_rng, p_rng); } #endif /* !MBEDTLS_ECDSA_GENKEY_ALT */ /* * Set context from an mbedtls_ecp_keypair */ -int mbedtls_ecdsa_from_keypair( mbedtls_ecdsa_context *ctx, const mbedtls_ecp_keypair *key ) +int mbedtls_ecdsa_from_keypair(mbedtls_ecdsa_context *ctx, const mbedtls_ecp_keypair *key) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - ECDSA_VALIDATE_RET( ctx != NULL ); - ECDSA_VALIDATE_RET( key != NULL ); - - if( ( ret = mbedtls_ecp_group_copy( &ctx->grp, &key->grp ) ) != 0 || - ( ret = mbedtls_mpi_copy( &ctx->d, &key->d ) ) != 0 || - ( ret = mbedtls_ecp_copy( &ctx->Q, &key->Q ) ) != 0 ) - { - mbedtls_ecdsa_free( ctx ); + ECDSA_VALIDATE_RET(ctx != NULL); + ECDSA_VALIDATE_RET(key != NULL); + + if ((ret = mbedtls_ecp_group_copy(&ctx->grp, &key->grp)) != 0 || + (ret = mbedtls_mpi_copy(&ctx->d, &key->d)) != 0 || + (ret = mbedtls_ecp_copy(&ctx->Q, &key->Q)) != 0) { + mbedtls_ecdsa_free(ctx); } - return( ret ); + return ret; } /* * Initialize context */ -void mbedtls_ecdsa_init( mbedtls_ecdsa_context *ctx ) +void mbedtls_ecdsa_init(mbedtls_ecdsa_context *ctx) { - ECDSA_VALIDATE( ctx != NULL ); + ECDSA_VALIDATE(ctx != NULL); - mbedtls_ecp_keypair_init( ctx ); + mbedtls_ecp_keypair_init(ctx); } /* * Free context */ -void mbedtls_ecdsa_free( mbedtls_ecdsa_context *ctx ) +void mbedtls_ecdsa_free(mbedtls_ecdsa_context *ctx) { - if( ctx == NULL ) + if (ctx == NULL) { return; + } - mbedtls_ecp_keypair_free( ctx ); + mbedtls_ecp_keypair_free(ctx); } #if defined(MBEDTLS_ECP_RESTARTABLE) /* * Initialize a restart context */ -void mbedtls_ecdsa_restart_init( mbedtls_ecdsa_restart_ctx *ctx ) +void mbedtls_ecdsa_restart_init(mbedtls_ecdsa_restart_ctx *ctx) { - ECDSA_VALIDATE( ctx != NULL ); + ECDSA_VALIDATE(ctx != NULL); - mbedtls_ecp_restart_init( &ctx->ecp ); + mbedtls_ecp_restart_init(&ctx->ecp); ctx->ver = NULL; ctx->sig = NULL; @@ -980,24 +982,25 @@ void mbedtls_ecdsa_restart_init( mbedtls_ecdsa_restart_ctx *ctx ) /* * Free the components of a restart context */ -void mbedtls_ecdsa_restart_free( mbedtls_ecdsa_restart_ctx *ctx ) +void mbedtls_ecdsa_restart_free(mbedtls_ecdsa_restart_ctx *ctx) { - if( ctx == NULL ) + if (ctx == NULL) { return; + } - mbedtls_ecp_restart_free( &ctx->ecp ); + mbedtls_ecp_restart_free(&ctx->ecp); - ecdsa_restart_ver_free( ctx->ver ); - mbedtls_free( ctx->ver ); + ecdsa_restart_ver_free(ctx->ver); + mbedtls_free(ctx->ver); ctx->ver = NULL; - ecdsa_restart_sig_free( ctx->sig ); - mbedtls_free( ctx->sig ); + ecdsa_restart_sig_free(ctx->sig); + mbedtls_free(ctx->sig); ctx->sig = NULL; #if defined(MBEDTLS_ECDSA_DETERMINISTIC) - ecdsa_restart_det_free( ctx->det ); - mbedtls_free( ctx->det ); + ecdsa_restart_det_free(ctx->det); + mbedtls_free(ctx->det); ctx->det = NULL; #endif } diff --git a/thirdparty/mbedtls/library/ecjpake.c b/thirdparty/mbedtls/library/ecjpake.c index fe0b9d93e9..3728d1a580 100644 --- a/thirdparty/mbedtls/library/ecjpake.c +++ b/thirdparty/mbedtls/library/ecjpake.c @@ -35,10 +35,10 @@ #if !defined(MBEDTLS_ECJPAKE_ALT) /* Parameter validation macros based on platform_util.h */ -#define ECJPAKE_VALIDATE_RET( cond ) \ - MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_ECP_BAD_INPUT_DATA ) -#define ECJPAKE_VALIDATE( cond ) \ - MBEDTLS_INTERNAL_VALIDATE( cond ) +#define ECJPAKE_VALIDATE_RET(cond) \ + MBEDTLS_INTERNAL_VALIDATE_RET(cond, MBEDTLS_ERR_ECP_BAD_INPUT_DATA) +#define ECJPAKE_VALIDATE(cond) \ + MBEDTLS_INTERNAL_VALIDATE(cond) /* * Convert a mbedtls_ecjpake_role to identifier string @@ -48,206 +48,212 @@ static const char * const ecjpake_id[] = { "server" }; -#define ID_MINE ( ecjpake_id[ ctx->role ] ) -#define ID_PEER ( ecjpake_id[ 1 - ctx->role ] ) +#define ID_MINE (ecjpake_id[ctx->role]) +#define ID_PEER (ecjpake_id[1 - ctx->role]) /* * Initialize context */ -void mbedtls_ecjpake_init( mbedtls_ecjpake_context *ctx ) +void mbedtls_ecjpake_init(mbedtls_ecjpake_context *ctx) { - ECJPAKE_VALIDATE( ctx != NULL ); + ECJPAKE_VALIDATE(ctx != NULL); ctx->md_info = NULL; - mbedtls_ecp_group_init( &ctx->grp ); + mbedtls_ecp_group_init(&ctx->grp); ctx->point_format = MBEDTLS_ECP_PF_UNCOMPRESSED; - mbedtls_ecp_point_init( &ctx->Xm1 ); - mbedtls_ecp_point_init( &ctx->Xm2 ); - mbedtls_ecp_point_init( &ctx->Xp1 ); - mbedtls_ecp_point_init( &ctx->Xp2 ); - mbedtls_ecp_point_init( &ctx->Xp ); + mbedtls_ecp_point_init(&ctx->Xm1); + mbedtls_ecp_point_init(&ctx->Xm2); + mbedtls_ecp_point_init(&ctx->Xp1); + mbedtls_ecp_point_init(&ctx->Xp2); + mbedtls_ecp_point_init(&ctx->Xp); - mbedtls_mpi_init( &ctx->xm1 ); - mbedtls_mpi_init( &ctx->xm2 ); - mbedtls_mpi_init( &ctx->s ); + mbedtls_mpi_init(&ctx->xm1); + mbedtls_mpi_init(&ctx->xm2); + mbedtls_mpi_init(&ctx->s); } /* * Free context */ -void mbedtls_ecjpake_free( mbedtls_ecjpake_context *ctx ) +void mbedtls_ecjpake_free(mbedtls_ecjpake_context *ctx) { - if( ctx == NULL ) + if (ctx == NULL) { return; + } ctx->md_info = NULL; - mbedtls_ecp_group_free( &ctx->grp ); + mbedtls_ecp_group_free(&ctx->grp); - mbedtls_ecp_point_free( &ctx->Xm1 ); - mbedtls_ecp_point_free( &ctx->Xm2 ); - mbedtls_ecp_point_free( &ctx->Xp1 ); - mbedtls_ecp_point_free( &ctx->Xp2 ); - mbedtls_ecp_point_free( &ctx->Xp ); + mbedtls_ecp_point_free(&ctx->Xm1); + mbedtls_ecp_point_free(&ctx->Xm2); + mbedtls_ecp_point_free(&ctx->Xp1); + mbedtls_ecp_point_free(&ctx->Xp2); + mbedtls_ecp_point_free(&ctx->Xp); - mbedtls_mpi_free( &ctx->xm1 ); - mbedtls_mpi_free( &ctx->xm2 ); - mbedtls_mpi_free( &ctx->s ); + mbedtls_mpi_free(&ctx->xm1); + mbedtls_mpi_free(&ctx->xm2); + mbedtls_mpi_free(&ctx->s); } /* * Setup context */ -int mbedtls_ecjpake_setup( mbedtls_ecjpake_context *ctx, - mbedtls_ecjpake_role role, - mbedtls_md_type_t hash, - mbedtls_ecp_group_id curve, - const unsigned char *secret, - size_t len ) +int mbedtls_ecjpake_setup(mbedtls_ecjpake_context *ctx, + mbedtls_ecjpake_role role, + mbedtls_md_type_t hash, + mbedtls_ecp_group_id curve, + const unsigned char *secret, + size_t len) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - ECJPAKE_VALIDATE_RET( ctx != NULL ); - ECJPAKE_VALIDATE_RET( role == MBEDTLS_ECJPAKE_CLIENT || - role == MBEDTLS_ECJPAKE_SERVER ); - ECJPAKE_VALIDATE_RET( secret != NULL || len == 0 ); + ECJPAKE_VALIDATE_RET(ctx != NULL); + ECJPAKE_VALIDATE_RET(role == MBEDTLS_ECJPAKE_CLIENT || + role == MBEDTLS_ECJPAKE_SERVER); + ECJPAKE_VALIDATE_RET(secret != NULL || len == 0); ctx->role = role; - if( ( ctx->md_info = mbedtls_md_info_from_type( hash ) ) == NULL ) - return( MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE ); + if ((ctx->md_info = mbedtls_md_info_from_type(hash)) == NULL) { + return MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE; + } - MBEDTLS_MPI_CHK( mbedtls_ecp_group_load( &ctx->grp, curve ) ); + MBEDTLS_MPI_CHK(mbedtls_ecp_group_load(&ctx->grp, curve)); - MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &ctx->s, secret, len ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&ctx->s, secret, len)); cleanup: - if( ret != 0 ) - mbedtls_ecjpake_free( ctx ); + if (ret != 0) { + mbedtls_ecjpake_free(ctx); + } - return( ret ); + return ret; } /* * Check if context is ready for use */ -int mbedtls_ecjpake_check( const mbedtls_ecjpake_context *ctx ) +int mbedtls_ecjpake_check(const mbedtls_ecjpake_context *ctx) { - ECJPAKE_VALIDATE_RET( ctx != NULL ); + ECJPAKE_VALIDATE_RET(ctx != NULL); - if( ctx->md_info == NULL || + if (ctx->md_info == NULL || ctx->grp.id == MBEDTLS_ECP_DP_NONE || - ctx->s.p == NULL ) - { - return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); + ctx->s.p == NULL) { + return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; } - return( 0 ); + return 0; } /* * Write a point plus its length to a buffer */ -static int ecjpake_write_len_point( unsigned char **p, - const unsigned char *end, - const mbedtls_ecp_group *grp, - const int pf, - const mbedtls_ecp_point *P ) +static int ecjpake_write_len_point(unsigned char **p, + const unsigned char *end, + const mbedtls_ecp_group *grp, + const int pf, + const mbedtls_ecp_point *P) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len; /* Need at least 4 for length plus 1 for point */ - if( end < *p || end - *p < 5 ) - return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL ); + if (end < *p || end - *p < 5) { + return MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL; + } - ret = mbedtls_ecp_point_write_binary( grp, P, pf, - &len, *p + 4, end - ( *p + 4 ) ); - if( ret != 0 ) - return( ret ); + ret = mbedtls_ecp_point_write_binary(grp, P, pf, + &len, *p + 4, end - (*p + 4)); + if (ret != 0) { + return ret; + } - MBEDTLS_PUT_UINT32_BE( len, *p, 0 ); + MBEDTLS_PUT_UINT32_BE(len, *p, 0); *p += 4 + len; - return( 0 ); + return 0; } /* * Size of the temporary buffer for ecjpake_hash: * 3 EC points plus their length, plus ID and its length (4 + 6 bytes) */ -#define ECJPAKE_HASH_BUF_LEN ( 3 * ( 4 + MBEDTLS_ECP_MAX_PT_LEN ) + 4 + 6 ) +#define ECJPAKE_HASH_BUF_LEN (3 * (4 + MBEDTLS_ECP_MAX_PT_LEN) + 4 + 6) /* * Compute hash for ZKP (7.4.2.2.2.1) */ -static int ecjpake_hash( const mbedtls_md_info_t *md_info, - const mbedtls_ecp_group *grp, - const int pf, - const mbedtls_ecp_point *G, - const mbedtls_ecp_point *V, - const mbedtls_ecp_point *X, - const char *id, - mbedtls_mpi *h ) +static int ecjpake_hash(const mbedtls_md_info_t *md_info, + const mbedtls_ecp_group *grp, + const int pf, + const mbedtls_ecp_point *G, + const mbedtls_ecp_point *V, + const mbedtls_ecp_point *X, + const char *id, + mbedtls_mpi *h) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char buf[ECJPAKE_HASH_BUF_LEN]; unsigned char *p = buf; - const unsigned char *end = buf + sizeof( buf ); - const size_t id_len = strlen( id ); + const unsigned char *end = buf + sizeof(buf); + const size_t id_len = strlen(id); unsigned char hash[MBEDTLS_MD_MAX_SIZE]; /* Write things to temporary buffer */ - MBEDTLS_MPI_CHK( ecjpake_write_len_point( &p, end, grp, pf, G ) ); - MBEDTLS_MPI_CHK( ecjpake_write_len_point( &p, end, grp, pf, V ) ); - MBEDTLS_MPI_CHK( ecjpake_write_len_point( &p, end, grp, pf, X ) ); + MBEDTLS_MPI_CHK(ecjpake_write_len_point(&p, end, grp, pf, G)); + MBEDTLS_MPI_CHK(ecjpake_write_len_point(&p, end, grp, pf, V)); + MBEDTLS_MPI_CHK(ecjpake_write_len_point(&p, end, grp, pf, X)); - if( end - p < 4 ) - return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL ); + if (end - p < 4) { + return MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL; + } - MBEDTLS_PUT_UINT32_BE( id_len, p, 0 ); + MBEDTLS_PUT_UINT32_BE(id_len, p, 0); p += 4; - if( end < p || (size_t)( end - p ) < id_len ) - return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL ); + if (end < p || (size_t) (end - p) < id_len) { + return MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL; + } - memcpy( p, id, id_len ); + memcpy(p, id, id_len); p += id_len; /* Compute hash */ - MBEDTLS_MPI_CHK( mbedtls_md( md_info, buf, p - buf, hash ) ); + MBEDTLS_MPI_CHK(mbedtls_md(md_info, buf, p - buf, hash)); /* Turn it into an integer mod n */ - MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( h, hash, - mbedtls_md_get_size( md_info ) ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( h, h, &grp->N ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(h, hash, + mbedtls_md_get_size(md_info))); + MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(h, h, &grp->N)); cleanup: - return( ret ); + return ret; } /* * Parse a ECShnorrZKP (7.4.2.2.2) and verify it (7.4.2.3.3) */ -static int ecjpake_zkp_read( const mbedtls_md_info_t *md_info, - const mbedtls_ecp_group *grp, - const int pf, - const mbedtls_ecp_point *G, - const mbedtls_ecp_point *X, - const char *id, - const unsigned char **p, - const unsigned char *end ) +static int ecjpake_zkp_read(const mbedtls_md_info_t *md_info, + const mbedtls_ecp_group *grp, + const int pf, + const mbedtls_ecp_point *G, + const mbedtls_ecp_point *X, + const char *id, + const unsigned char **p, + const unsigned char *end) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_ecp_point V, VV; mbedtls_mpi r, h; size_t r_len; - mbedtls_ecp_point_init( &V ); - mbedtls_ecp_point_init( &VV ); - mbedtls_mpi_init( &r ); - mbedtls_mpi_init( &h ); + mbedtls_ecp_point_init(&V); + mbedtls_ecp_point_init(&VV); + mbedtls_mpi_init(&r); + mbedtls_mpi_init(&h); /* * struct { @@ -255,64 +261,62 @@ static int ecjpake_zkp_read( const mbedtls_md_info_t *md_info, * opaque r<1..2^8-1>; * } ECSchnorrZKP; */ - if( end < *p ) - return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); + if (end < *p) { + return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; + } - MBEDTLS_MPI_CHK( mbedtls_ecp_tls_read_point( grp, &V, p, end - *p ) ); + MBEDTLS_MPI_CHK(mbedtls_ecp_tls_read_point(grp, &V, p, end - *p)); - if( end < *p || (size_t)( end - *p ) < 1 ) - { + if (end < *p || (size_t) (end - *p) < 1) { ret = MBEDTLS_ERR_ECP_BAD_INPUT_DATA; goto cleanup; } r_len = *(*p)++; - if( end < *p || (size_t)( end - *p ) < r_len || r_len == 0 ) - { + if (end < *p || (size_t) (end - *p) < r_len || r_len == 0) { ret = MBEDTLS_ERR_ECP_BAD_INPUT_DATA; goto cleanup; } - MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &r, *p, r_len ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&r, *p, r_len)); *p += r_len; /* * Verification */ - MBEDTLS_MPI_CHK( ecjpake_hash( md_info, grp, pf, G, &V, X, id, &h ) ); - MBEDTLS_MPI_CHK( mbedtls_ecp_muladd( (mbedtls_ecp_group *) grp, - &VV, &h, X, &r, G ) ); + MBEDTLS_MPI_CHK(ecjpake_hash(md_info, grp, pf, G, &V, X, id, &h)); + MBEDTLS_MPI_CHK(mbedtls_ecp_muladd((mbedtls_ecp_group *) grp, + &VV, &h, X, &r, G)); - if( mbedtls_ecp_point_cmp( &VV, &V ) != 0 ) - { + if (mbedtls_ecp_point_cmp(&VV, &V) != 0) { ret = MBEDTLS_ERR_ECP_VERIFY_FAILED; goto cleanup; } cleanup: - mbedtls_ecp_point_free( &V ); - mbedtls_ecp_point_free( &VV ); - mbedtls_mpi_free( &r ); - mbedtls_mpi_free( &h ); + mbedtls_ecp_point_free(&V); + mbedtls_ecp_point_free(&VV); + mbedtls_mpi_free(&r); + mbedtls_mpi_free(&h); - return( ret ); + return ret; } /* * Generate ZKP (7.4.2.3.2) and write it as ECSchnorrZKP (7.4.2.2.2) */ -static int ecjpake_zkp_write( const mbedtls_md_info_t *md_info, - const mbedtls_ecp_group *grp, - const int pf, - const mbedtls_ecp_point *G, - const mbedtls_mpi *x, - const mbedtls_ecp_point *X, - const char *id, - unsigned char **p, - const unsigned char *end, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ) +static int ecjpake_zkp_write(const mbedtls_md_info_t *md_info, + const mbedtls_ecp_group *grp, + const int pf, + const mbedtls_ecp_point *G, + const mbedtls_mpi *x, + const mbedtls_ecp_point *X, + const char *id, + unsigned char **p, + const unsigned char *end, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_ecp_point V; @@ -320,62 +324,63 @@ static int ecjpake_zkp_write( const mbedtls_md_info_t *md_info, mbedtls_mpi h; /* later recycled to hold r */ size_t len; - if( end < *p ) - return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL ); + if (end < *p) { + return MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL; + } - mbedtls_ecp_point_init( &V ); - mbedtls_mpi_init( &v ); - mbedtls_mpi_init( &h ); + mbedtls_ecp_point_init(&V); + mbedtls_mpi_init(&v); + mbedtls_mpi_init(&h); /* Compute signature */ - MBEDTLS_MPI_CHK( mbedtls_ecp_gen_keypair_base( (mbedtls_ecp_group *) grp, - G, &v, &V, f_rng, p_rng ) ); - MBEDTLS_MPI_CHK( ecjpake_hash( md_info, grp, pf, G, &V, X, id, &h ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &h, &h, x ) ); /* x*h */ - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &h, &v, &h ) ); /* v - x*h */ - MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &h, &h, &grp->N ) ); /* r */ + MBEDTLS_MPI_CHK(mbedtls_ecp_gen_keypair_base((mbedtls_ecp_group *) grp, + G, &v, &V, f_rng, p_rng)); + MBEDTLS_MPI_CHK(ecjpake_hash(md_info, grp, pf, G, &V, X, id, &h)); + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&h, &h, x)); /* x*h */ + MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mpi(&h, &v, &h)); /* v - x*h */ + MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(&h, &h, &grp->N)); /* r */ /* Write it out */ - MBEDTLS_MPI_CHK( mbedtls_ecp_tls_write_point( grp, &V, - pf, &len, *p, end - *p ) ); + MBEDTLS_MPI_CHK(mbedtls_ecp_tls_write_point(grp, &V, + pf, &len, *p, end - *p)); *p += len; - len = mbedtls_mpi_size( &h ); /* actually r */ - if( end < *p || (size_t)( end - *p ) < 1 + len || len > 255 ) - { + len = mbedtls_mpi_size(&h); /* actually r */ + if (end < *p || (size_t) (end - *p) < 1 + len || len > 255) { ret = MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL; goto cleanup; } - *(*p)++ = MBEDTLS_BYTE_0( len ); - MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &h, *p, len ) ); /* r */ + *(*p)++ = MBEDTLS_BYTE_0(len); + MBEDTLS_MPI_CHK(mbedtls_mpi_write_binary(&h, *p, len)); /* r */ *p += len; cleanup: - mbedtls_ecp_point_free( &V ); - mbedtls_mpi_free( &v ); - mbedtls_mpi_free( &h ); + mbedtls_ecp_point_free(&V); + mbedtls_mpi_free(&v); + mbedtls_mpi_free(&h); - return( ret ); + return ret; } /* * Parse a ECJPAKEKeyKP (7.4.2.2.1) and check proof * Output: verified public key X */ -static int ecjpake_kkp_read( const mbedtls_md_info_t *md_info, - const mbedtls_ecp_group *grp, - const int pf, - const mbedtls_ecp_point *G, - mbedtls_ecp_point *X, - const char *id, - const unsigned char **p, - const unsigned char *end ) +static int ecjpake_kkp_read(const mbedtls_md_info_t *md_info, + const mbedtls_ecp_group *grp, + const int pf, + const mbedtls_ecp_point *G, + mbedtls_ecp_point *X, + const char *id, + const unsigned char **p, + const unsigned char *end) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - if( end < *p ) - return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); + if (end < *p) { + return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; + } /* * struct { @@ -383,69 +388,69 @@ static int ecjpake_kkp_read( const mbedtls_md_info_t *md_info, * ECSchnorrZKP zkp; * } ECJPAKEKeyKP; */ - MBEDTLS_MPI_CHK( mbedtls_ecp_tls_read_point( grp, X, p, end - *p ) ); - if( mbedtls_ecp_is_zero( X ) ) - { + MBEDTLS_MPI_CHK(mbedtls_ecp_tls_read_point(grp, X, p, end - *p)); + if (mbedtls_ecp_is_zero(X)) { ret = MBEDTLS_ERR_ECP_INVALID_KEY; goto cleanup; } - MBEDTLS_MPI_CHK( ecjpake_zkp_read( md_info, grp, pf, G, X, id, p, end ) ); + MBEDTLS_MPI_CHK(ecjpake_zkp_read(md_info, grp, pf, G, X, id, p, end)); cleanup: - return( ret ); + return ret; } /* * Generate an ECJPAKEKeyKP * Output: the serialized structure, plus private/public key pair */ -static int ecjpake_kkp_write( const mbedtls_md_info_t *md_info, - const mbedtls_ecp_group *grp, - const int pf, - const mbedtls_ecp_point *G, - mbedtls_mpi *x, - mbedtls_ecp_point *X, - const char *id, - unsigned char **p, - const unsigned char *end, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ) +static int ecjpake_kkp_write(const mbedtls_md_info_t *md_info, + const mbedtls_ecp_group *grp, + const int pf, + const mbedtls_ecp_point *G, + mbedtls_mpi *x, + mbedtls_ecp_point *X, + const char *id, + unsigned char **p, + const unsigned char *end, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len; - if( end < *p ) - return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL ); + if (end < *p) { + return MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL; + } /* Generate key (7.4.2.3.1) and write it out */ - MBEDTLS_MPI_CHK( mbedtls_ecp_gen_keypair_base( (mbedtls_ecp_group *) grp, G, x, X, - f_rng, p_rng ) ); - MBEDTLS_MPI_CHK( mbedtls_ecp_tls_write_point( grp, X, - pf, &len, *p, end - *p ) ); + MBEDTLS_MPI_CHK(mbedtls_ecp_gen_keypair_base((mbedtls_ecp_group *) grp, G, x, X, + f_rng, p_rng)); + MBEDTLS_MPI_CHK(mbedtls_ecp_tls_write_point(grp, X, + pf, &len, *p, end - *p)); *p += len; /* Generate and write proof */ - MBEDTLS_MPI_CHK( ecjpake_zkp_write( md_info, grp, pf, G, x, X, id, - p, end, f_rng, p_rng ) ); + MBEDTLS_MPI_CHK(ecjpake_zkp_write(md_info, grp, pf, G, x, X, id, + p, end, f_rng, p_rng)); cleanup: - return( ret ); + return ret; } /* * Read a ECJPAKEKeyKPPairList (7.4.2.3) and check proofs * Outputs: verified peer public keys Xa, Xb */ -static int ecjpake_kkpp_read( const mbedtls_md_info_t *md_info, - const mbedtls_ecp_group *grp, - const int pf, - const mbedtls_ecp_point *G, - mbedtls_ecp_point *Xa, - mbedtls_ecp_point *Xb, - const char *id, - const unsigned char *buf, - size_t len ) +static int ecjpake_kkpp_read(const mbedtls_md_info_t *md_info, + const mbedtls_ecp_group *grp, + const int pf, + const mbedtls_ecp_point *G, + mbedtls_ecp_point *Xa, + mbedtls_ecp_point *Xb, + const char *id, + const unsigned char *buf, + size_t len) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; const unsigned char *p = buf; @@ -456,114 +461,115 @@ static int ecjpake_kkpp_read( const mbedtls_md_info_t *md_info, * ECJPAKEKeyKP ecjpake_key_kp_pair_list[2]; * } ECJPAKEKeyKPPairList; */ - MBEDTLS_MPI_CHK( ecjpake_kkp_read( md_info, grp, pf, G, Xa, id, &p, end ) ); - MBEDTLS_MPI_CHK( ecjpake_kkp_read( md_info, grp, pf, G, Xb, id, &p, end ) ); + MBEDTLS_MPI_CHK(ecjpake_kkp_read(md_info, grp, pf, G, Xa, id, &p, end)); + MBEDTLS_MPI_CHK(ecjpake_kkp_read(md_info, grp, pf, G, Xb, id, &p, end)); - if( p != end ) + if (p != end) { ret = MBEDTLS_ERR_ECP_BAD_INPUT_DATA; + } cleanup: - return( ret ); + return ret; } /* * Generate a ECJPAKEKeyKPPairList * Outputs: the serialized structure, plus two private/public key pairs */ -static int ecjpake_kkpp_write( const mbedtls_md_info_t *md_info, - const mbedtls_ecp_group *grp, - const int pf, - const mbedtls_ecp_point *G, - mbedtls_mpi *xm1, - mbedtls_ecp_point *Xa, - mbedtls_mpi *xm2, - mbedtls_ecp_point *Xb, - const char *id, - unsigned char *buf, - size_t len, - size_t *olen, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ) +static int ecjpake_kkpp_write(const mbedtls_md_info_t *md_info, + const mbedtls_ecp_group *grp, + const int pf, + const mbedtls_ecp_point *G, + mbedtls_mpi *xm1, + mbedtls_ecp_point *Xa, + mbedtls_mpi *xm2, + mbedtls_ecp_point *Xb, + const char *id, + unsigned char *buf, + size_t len, + size_t *olen, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char *p = buf; const unsigned char *end = buf + len; - MBEDTLS_MPI_CHK( ecjpake_kkp_write( md_info, grp, pf, G, xm1, Xa, id, - &p, end, f_rng, p_rng ) ); - MBEDTLS_MPI_CHK( ecjpake_kkp_write( md_info, grp, pf, G, xm2, Xb, id, - &p, end, f_rng, p_rng ) ); + MBEDTLS_MPI_CHK(ecjpake_kkp_write(md_info, grp, pf, G, xm1, Xa, id, + &p, end, f_rng, p_rng)); + MBEDTLS_MPI_CHK(ecjpake_kkp_write(md_info, grp, pf, G, xm2, Xb, id, + &p, end, f_rng, p_rng)); *olen = p - buf; cleanup: - return( ret ); + return ret; } /* * Read and process the first round message */ -int mbedtls_ecjpake_read_round_one( mbedtls_ecjpake_context *ctx, - const unsigned char *buf, - size_t len ) +int mbedtls_ecjpake_read_round_one(mbedtls_ecjpake_context *ctx, + const unsigned char *buf, + size_t len) { - ECJPAKE_VALIDATE_RET( ctx != NULL ); - ECJPAKE_VALIDATE_RET( buf != NULL ); + ECJPAKE_VALIDATE_RET(ctx != NULL); + ECJPAKE_VALIDATE_RET(buf != NULL); - return( ecjpake_kkpp_read( ctx->md_info, &ctx->grp, ctx->point_format, - &ctx->grp.G, - &ctx->Xp1, &ctx->Xp2, ID_PEER, - buf, len ) ); + return ecjpake_kkpp_read(ctx->md_info, &ctx->grp, ctx->point_format, + &ctx->grp.G, + &ctx->Xp1, &ctx->Xp2, ID_PEER, + buf, len); } /* * Generate and write the first round message */ -int mbedtls_ecjpake_write_round_one( mbedtls_ecjpake_context *ctx, - unsigned char *buf, size_t len, size_t *olen, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ) +int mbedtls_ecjpake_write_round_one(mbedtls_ecjpake_context *ctx, + unsigned char *buf, size_t len, size_t *olen, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng) { - ECJPAKE_VALIDATE_RET( ctx != NULL ); - ECJPAKE_VALIDATE_RET( buf != NULL ); - ECJPAKE_VALIDATE_RET( olen != NULL ); - ECJPAKE_VALIDATE_RET( f_rng != NULL ); - - return( ecjpake_kkpp_write( ctx->md_info, &ctx->grp, ctx->point_format, - &ctx->grp.G, - &ctx->xm1, &ctx->Xm1, &ctx->xm2, &ctx->Xm2, - ID_MINE, buf, len, olen, f_rng, p_rng ) ); + ECJPAKE_VALIDATE_RET(ctx != NULL); + ECJPAKE_VALIDATE_RET(buf != NULL); + ECJPAKE_VALIDATE_RET(olen != NULL); + ECJPAKE_VALIDATE_RET(f_rng != NULL); + + return ecjpake_kkpp_write(ctx->md_info, &ctx->grp, ctx->point_format, + &ctx->grp.G, + &ctx->xm1, &ctx->Xm1, &ctx->xm2, &ctx->Xm2, + ID_MINE, buf, len, olen, f_rng, p_rng); } /* * Compute the sum of three points R = A + B + C */ -static int ecjpake_ecp_add3( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, - const mbedtls_ecp_point *A, - const mbedtls_ecp_point *B, - const mbedtls_ecp_point *C ) +static int ecjpake_ecp_add3(mbedtls_ecp_group *grp, mbedtls_ecp_point *R, + const mbedtls_ecp_point *A, + const mbedtls_ecp_point *B, + const mbedtls_ecp_point *C) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_mpi one; - mbedtls_mpi_init( &one ); + mbedtls_mpi_init(&one); - MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &one, 1 ) ); - MBEDTLS_MPI_CHK( mbedtls_ecp_muladd( grp, R, &one, A, &one, B ) ); - MBEDTLS_MPI_CHK( mbedtls_ecp_muladd( grp, R, &one, R, &one, C ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&one, 1)); + MBEDTLS_MPI_CHK(mbedtls_ecp_muladd(grp, R, &one, A, &one, B)); + MBEDTLS_MPI_CHK(mbedtls_ecp_muladd(grp, R, &one, R, &one, C)); cleanup: - mbedtls_mpi_free( &one ); + mbedtls_mpi_free(&one); - return( ret ); + return ret; } /* * Read and process second round message (C: 7.4.2.5, S: 7.4.2.6) */ -int mbedtls_ecjpake_read_round_two( mbedtls_ecjpake_context *ctx, - const unsigned char *buf, - size_t len ) +int mbedtls_ecjpake_read_round_two(mbedtls_ecjpake_context *ctx, + const unsigned char *buf, + size_t len) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; const unsigned char *p = buf; @@ -571,11 +577,11 @@ int mbedtls_ecjpake_read_round_two( mbedtls_ecjpake_context *ctx, mbedtls_ecp_group grp; mbedtls_ecp_point G; /* C: GB, S: GA */ - ECJPAKE_VALIDATE_RET( ctx != NULL ); - ECJPAKE_VALIDATE_RET( buf != NULL ); + ECJPAKE_VALIDATE_RET(ctx != NULL); + ECJPAKE_VALIDATE_RET(buf != NULL); - mbedtls_ecp_group_init( &grp ); - mbedtls_ecp_point_init( &G ); + mbedtls_ecp_group_init(&grp); + mbedtls_ecp_point_init(&G); /* * Server: GA = X3 + X4 + X1 (7.4.2.6.1) @@ -583,8 +589,8 @@ int mbedtls_ecjpake_read_round_two( mbedtls_ecjpake_context *ctx, * Unified: G = Xm1 + Xm2 + Xp1 * We need that before parsing in order to check Xp as we read it */ - MBEDTLS_MPI_CHK( ecjpake_ecp_add3( &ctx->grp, &G, - &ctx->Xm1, &ctx->Xm2, &ctx->Xp1 ) ); + MBEDTLS_MPI_CHK(ecjpake_ecp_add3(&ctx->grp, &G, + &ctx->Xm1, &ctx->Xm2, &ctx->Xp1)); /* * struct { @@ -592,71 +598,68 @@ int mbedtls_ecjpake_read_round_two( mbedtls_ecjpake_context *ctx, * ECJPAKEKeyKP ecjpake_key_kp; * } Client/ServerECJPAKEParams; */ - if( ctx->role == MBEDTLS_ECJPAKE_CLIENT ) - { - MBEDTLS_MPI_CHK( mbedtls_ecp_tls_read_group( &grp, &p, len ) ); - if( grp.id != ctx->grp.id ) - { + if (ctx->role == MBEDTLS_ECJPAKE_CLIENT) { + MBEDTLS_MPI_CHK(mbedtls_ecp_tls_read_group(&grp, &p, len)); + if (grp.id != ctx->grp.id) { ret = MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE; goto cleanup; } } - MBEDTLS_MPI_CHK( ecjpake_kkp_read( ctx->md_info, &ctx->grp, - ctx->point_format, - &G, &ctx->Xp, ID_PEER, &p, end ) ); + MBEDTLS_MPI_CHK(ecjpake_kkp_read(ctx->md_info, &ctx->grp, + ctx->point_format, + &G, &ctx->Xp, ID_PEER, &p, end)); - if( p != end ) - { + if (p != end) { ret = MBEDTLS_ERR_ECP_BAD_INPUT_DATA; goto cleanup; } cleanup: - mbedtls_ecp_group_free( &grp ); - mbedtls_ecp_point_free( &G ); + mbedtls_ecp_group_free(&grp); + mbedtls_ecp_point_free(&G); - return( ret ); + return ret; } /* * Compute R = +/- X * S mod N, taking care not to leak S */ -static int ecjpake_mul_secret( mbedtls_mpi *R, int sign, - const mbedtls_mpi *X, - const mbedtls_mpi *S, - const mbedtls_mpi *N, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ) +static int ecjpake_mul_secret(mbedtls_mpi *R, int sign, + const mbedtls_mpi *X, + const mbedtls_mpi *S, + const mbedtls_mpi *N, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_mpi b; /* Blinding value, then s + N * blinding */ - mbedtls_mpi_init( &b ); + mbedtls_mpi_init(&b); /* b = s + rnd-128-bit * N */ - MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( &b, 16, f_rng, p_rng ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &b, &b, N ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &b, &b, S ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_fill_random(&b, 16, f_rng, p_rng)); + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&b, &b, N)); + MBEDTLS_MPI_CHK(mbedtls_mpi_add_mpi(&b, &b, S)); /* R = sign * X * b mod N */ - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( R, X, &b ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(R, X, &b)); R->s *= sign; - MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( R, R, N ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(R, R, N)); cleanup: - mbedtls_mpi_free( &b ); + mbedtls_mpi_free(&b); - return( ret ); + return ret; } /* * Generate and write the second round message (S: 7.4.2.5, C: 7.4.2.6) */ -int mbedtls_ecjpake_write_round_two( mbedtls_ecjpake_context *ctx, - unsigned char *buf, size_t len, size_t *olen, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ) +int mbedtls_ecjpake_write_round_two(mbedtls_ecjpake_context *ctx, + unsigned char *buf, size_t len, size_t *olen, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_ecp_point G; /* C: GA, S: GB */ @@ -666,14 +669,14 @@ int mbedtls_ecjpake_write_round_two( mbedtls_ecjpake_context *ctx, const unsigned char *end = buf + len; size_t ec_len; - ECJPAKE_VALIDATE_RET( ctx != NULL ); - ECJPAKE_VALIDATE_RET( buf != NULL ); - ECJPAKE_VALIDATE_RET( olen != NULL ); - ECJPAKE_VALIDATE_RET( f_rng != NULL ); + ECJPAKE_VALIDATE_RET(ctx != NULL); + ECJPAKE_VALIDATE_RET(buf != NULL); + ECJPAKE_VALIDATE_RET(olen != NULL); + ECJPAKE_VALIDATE_RET(f_rng != NULL); - mbedtls_ecp_point_init( &G ); - mbedtls_ecp_point_init( &Xm ); - mbedtls_mpi_init( &xm ); + mbedtls_ecp_point_init(&G); + mbedtls_ecp_point_init(&Xm); + mbedtls_mpi_init(&xm); /* * First generate private/public key pair (S: 7.4.2.5.1, C: 7.4.2.6.1) @@ -682,11 +685,11 @@ int mbedtls_ecjpake_write_round_two( mbedtls_ecjpake_context *ctx, * Server: GB = X3 + X1 + X2 | xs = x4 * s | Xs = xs * GB * Unified: G = Xm1 + Xp1 + Xp2 | xm = xm2 * s | Xm = xm * G */ - MBEDTLS_MPI_CHK( ecjpake_ecp_add3( &ctx->grp, &G, - &ctx->Xp1, &ctx->Xp2, &ctx->Xm1 ) ); - MBEDTLS_MPI_CHK( ecjpake_mul_secret( &xm, 1, &ctx->xm2, &ctx->s, - &ctx->grp.N, f_rng, p_rng ) ); - MBEDTLS_MPI_CHK( mbedtls_ecp_mul( &ctx->grp, &Xm, &xm, &G, f_rng, p_rng ) ); + MBEDTLS_MPI_CHK(ecjpake_ecp_add3(&ctx->grp, &G, + &ctx->Xp1, &ctx->Xp2, &ctx->Xm1)); + MBEDTLS_MPI_CHK(ecjpake_mul_secret(&xm, 1, &ctx->xm2, &ctx->s, + &ctx->grp.N, f_rng, p_rng)); + MBEDTLS_MPI_CHK(mbedtls_ecp_mul(&ctx->grp, &Xm, &xm, &G, f_rng, p_rng)); /* * Now write things out @@ -696,49 +699,46 @@ int mbedtls_ecjpake_write_round_two( mbedtls_ecjpake_context *ctx, * ECJPAKEKeyKP ecjpake_key_kp; * } Client/ServerECJPAKEParams; */ - if( ctx->role == MBEDTLS_ECJPAKE_SERVER ) - { - if( end < p ) - { + if (ctx->role == MBEDTLS_ECJPAKE_SERVER) { + if (end < p) { ret = MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL; goto cleanup; } - MBEDTLS_MPI_CHK( mbedtls_ecp_tls_write_group( &ctx->grp, &ec_len, - p, end - p ) ); + MBEDTLS_MPI_CHK(mbedtls_ecp_tls_write_group(&ctx->grp, &ec_len, + p, end - p)); p += ec_len; } - if( end < p ) - { + if (end < p) { ret = MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL; goto cleanup; } - MBEDTLS_MPI_CHK( mbedtls_ecp_tls_write_point( &ctx->grp, &Xm, - ctx->point_format, &ec_len, p, end - p ) ); + MBEDTLS_MPI_CHK(mbedtls_ecp_tls_write_point(&ctx->grp, &Xm, + ctx->point_format, &ec_len, p, end - p)); p += ec_len; - MBEDTLS_MPI_CHK( ecjpake_zkp_write( ctx->md_info, &ctx->grp, - ctx->point_format, - &G, &xm, &Xm, ID_MINE, - &p, end, f_rng, p_rng ) ); + MBEDTLS_MPI_CHK(ecjpake_zkp_write(ctx->md_info, &ctx->grp, + ctx->point_format, + &G, &xm, &Xm, ID_MINE, + &p, end, f_rng, p_rng)); *olen = p - buf; cleanup: - mbedtls_ecp_point_free( &G ); - mbedtls_ecp_point_free( &Xm ); - mbedtls_mpi_free( &xm ); + mbedtls_ecp_point_free(&G); + mbedtls_ecp_point_free(&Xm); + mbedtls_mpi_free(&xm); - return( ret ); + return ret; } /* * Derive PMS (7.4.2.7 / 7.4.2.8) */ -int mbedtls_ecjpake_derive_secret( mbedtls_ecjpake_context *ctx, - unsigned char *buf, size_t len, size_t *olen, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ) +int mbedtls_ecjpake_derive_secret(mbedtls_ecjpake_context *ctx, + unsigned char *buf, size_t len, size_t *olen, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_ecp_point K; @@ -746,45 +746,46 @@ int mbedtls_ecjpake_derive_secret( mbedtls_ecjpake_context *ctx, unsigned char kx[MBEDTLS_ECP_MAX_BYTES]; size_t x_bytes; - ECJPAKE_VALIDATE_RET( ctx != NULL ); - ECJPAKE_VALIDATE_RET( buf != NULL ); - ECJPAKE_VALIDATE_RET( olen != NULL ); - ECJPAKE_VALIDATE_RET( f_rng != NULL ); + ECJPAKE_VALIDATE_RET(ctx != NULL); + ECJPAKE_VALIDATE_RET(buf != NULL); + ECJPAKE_VALIDATE_RET(olen != NULL); + ECJPAKE_VALIDATE_RET(f_rng != NULL); - *olen = mbedtls_md_get_size( ctx->md_info ); - if( len < *olen ) - return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL ); + *olen = mbedtls_md_get_size(ctx->md_info); + if (len < *olen) { + return MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL; + } - mbedtls_ecp_point_init( &K ); - mbedtls_mpi_init( &m_xm2_s ); - mbedtls_mpi_init( &one ); + mbedtls_ecp_point_init(&K); + mbedtls_mpi_init(&m_xm2_s); + mbedtls_mpi_init(&one); - MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &one, 1 ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&one, 1)); /* * Client: K = ( Xs - X4 * x2 * s ) * x2 * Server: K = ( Xc - X2 * x4 * s ) * x4 * Unified: K = ( Xp - Xp2 * xm2 * s ) * xm2 */ - MBEDTLS_MPI_CHK( ecjpake_mul_secret( &m_xm2_s, -1, &ctx->xm2, &ctx->s, - &ctx->grp.N, f_rng, p_rng ) ); - MBEDTLS_MPI_CHK( mbedtls_ecp_muladd( &ctx->grp, &K, - &one, &ctx->Xp, - &m_xm2_s, &ctx->Xp2 ) ); - MBEDTLS_MPI_CHK( mbedtls_ecp_mul( &ctx->grp, &K, &ctx->xm2, &K, - f_rng, p_rng ) ); + MBEDTLS_MPI_CHK(ecjpake_mul_secret(&m_xm2_s, -1, &ctx->xm2, &ctx->s, + &ctx->grp.N, f_rng, p_rng)); + MBEDTLS_MPI_CHK(mbedtls_ecp_muladd(&ctx->grp, &K, + &one, &ctx->Xp, + &m_xm2_s, &ctx->Xp2)); + MBEDTLS_MPI_CHK(mbedtls_ecp_mul(&ctx->grp, &K, &ctx->xm2, &K, + f_rng, p_rng)); /* PMS = SHA-256( K.X ) */ - x_bytes = ( ctx->grp.pbits + 7 ) / 8; - MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &K.X, kx, x_bytes ) ); - MBEDTLS_MPI_CHK( mbedtls_md( ctx->md_info, kx, x_bytes, buf ) ); + x_bytes = (ctx->grp.pbits + 7) / 8; + MBEDTLS_MPI_CHK(mbedtls_mpi_write_binary(&K.X, kx, x_bytes)); + MBEDTLS_MPI_CHK(mbedtls_md(ctx->md_info, kx, x_bytes, buf)); cleanup: - mbedtls_ecp_point_free( &K ); - mbedtls_mpi_free( &m_xm2_s ); - mbedtls_mpi_free( &one ); + mbedtls_ecp_point_free(&K); + mbedtls_mpi_free(&m_xm2_s); + mbedtls_mpi_free(&one); - return( ret ); + return ret; } #undef ID_MINE @@ -798,10 +799,10 @@ cleanup: #if !defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) || \ !defined(MBEDTLS_SHA256_C) -int mbedtls_ecjpake_self_test( int verbose ) +int mbedtls_ecjpake_self_test(int verbose) { (void) verbose; - return( 0 ); + return 0; } #else @@ -939,59 +940,58 @@ static const unsigned char ecjpake_test_pms[] = { }; /* Load my private keys and generate the corresponding public keys */ -static int ecjpake_test_load( mbedtls_ecjpake_context *ctx, - const unsigned char *xm1, size_t len1, - const unsigned char *xm2, size_t len2 ) +static int ecjpake_test_load(mbedtls_ecjpake_context *ctx, + const unsigned char *xm1, size_t len1, + const unsigned char *xm2, size_t len2) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &ctx->xm1, xm1, len1 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &ctx->xm2, xm2, len2 ) ); - MBEDTLS_MPI_CHK( mbedtls_ecp_mul( &ctx->grp, &ctx->Xm1, &ctx->xm1, - &ctx->grp.G, NULL, NULL ) ); - MBEDTLS_MPI_CHK( mbedtls_ecp_mul( &ctx->grp, &ctx->Xm2, &ctx->xm2, - &ctx->grp.G, NULL, NULL ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&ctx->xm1, xm1, len1)); + MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&ctx->xm2, xm2, len2)); + MBEDTLS_MPI_CHK(mbedtls_ecp_mul(&ctx->grp, &ctx->Xm1, &ctx->xm1, + &ctx->grp.G, NULL, NULL)); + MBEDTLS_MPI_CHK(mbedtls_ecp_mul(&ctx->grp, &ctx->Xm2, &ctx->xm2, + &ctx->grp.G, NULL, NULL)); cleanup: - return( ret ); + return ret; } #endif /* ! MBEDTLS_ECJPAKE_ALT */ /* For tests we don't need a secure RNG; * use the LGC from Numerical Recipes for simplicity */ -static int ecjpake_lgc( void *p, unsigned char *out, size_t len ) +static int ecjpake_lgc(void *p, unsigned char *out, size_t len) { static uint32_t x = 42; (void) p; - while( len > 0 ) - { + while (len > 0) { size_t use_len = len > 4 ? 4 : len; x = 1664525 * x + 1013904223; - memcpy( out, &x, use_len ); + memcpy(out, &x, use_len); out += use_len; len -= use_len; } - return( 0 ); + return 0; } -#define TEST_ASSERT( x ) \ +#define TEST_ASSERT(x) \ do { \ - if( x ) \ - ret = 0; \ + if (x) \ + ret = 0; \ else \ { \ ret = 1; \ goto cleanup; \ } \ - } while( 0 ) + } while (0) /* * Checkup routine */ -int mbedtls_ecjpake_self_test( int verbose ) +int mbedtls_ecjpake_self_test(int verbose) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_ecjpake_context cli; @@ -999,59 +999,63 @@ int mbedtls_ecjpake_self_test( int verbose ) unsigned char buf[512], pms[32]; size_t len, pmslen; - mbedtls_ecjpake_init( &cli ); - mbedtls_ecjpake_init( &srv ); + mbedtls_ecjpake_init(&cli); + mbedtls_ecjpake_init(&srv); - if( verbose != 0 ) - mbedtls_printf( " ECJPAKE test #0 (setup): " ); + if (verbose != 0) { + mbedtls_printf(" ECJPAKE test #0 (setup): "); + } - TEST_ASSERT( mbedtls_ecjpake_setup( &cli, MBEDTLS_ECJPAKE_CLIENT, - MBEDTLS_MD_SHA256, MBEDTLS_ECP_DP_SECP256R1, - ecjpake_test_password, - sizeof( ecjpake_test_password ) ) == 0 ); + TEST_ASSERT(mbedtls_ecjpake_setup(&cli, MBEDTLS_ECJPAKE_CLIENT, + MBEDTLS_MD_SHA256, MBEDTLS_ECP_DP_SECP256R1, + ecjpake_test_password, + sizeof(ecjpake_test_password)) == 0); - TEST_ASSERT( mbedtls_ecjpake_setup( &srv, MBEDTLS_ECJPAKE_SERVER, - MBEDTLS_MD_SHA256, MBEDTLS_ECP_DP_SECP256R1, - ecjpake_test_password, - sizeof( ecjpake_test_password ) ) == 0 ); + TEST_ASSERT(mbedtls_ecjpake_setup(&srv, MBEDTLS_ECJPAKE_SERVER, + MBEDTLS_MD_SHA256, MBEDTLS_ECP_DP_SECP256R1, + ecjpake_test_password, + sizeof(ecjpake_test_password)) == 0); - if( verbose != 0 ) - mbedtls_printf( "passed\n" ); + if (verbose != 0) { + mbedtls_printf("passed\n"); + } - if( verbose != 0 ) - mbedtls_printf( " ECJPAKE test #1 (random handshake): " ); + if (verbose != 0) { + mbedtls_printf(" ECJPAKE test #1 (random handshake): "); + } - TEST_ASSERT( mbedtls_ecjpake_write_round_one( &cli, - buf, sizeof( buf ), &len, ecjpake_lgc, NULL ) == 0 ); + TEST_ASSERT(mbedtls_ecjpake_write_round_one(&cli, + buf, sizeof(buf), &len, ecjpake_lgc, NULL) == 0); - TEST_ASSERT( mbedtls_ecjpake_read_round_one( &srv, buf, len ) == 0 ); + TEST_ASSERT(mbedtls_ecjpake_read_round_one(&srv, buf, len) == 0); - TEST_ASSERT( mbedtls_ecjpake_write_round_one( &srv, - buf, sizeof( buf ), &len, ecjpake_lgc, NULL ) == 0 ); + TEST_ASSERT(mbedtls_ecjpake_write_round_one(&srv, + buf, sizeof(buf), &len, ecjpake_lgc, NULL) == 0); - TEST_ASSERT( mbedtls_ecjpake_read_round_one( &cli, buf, len ) == 0 ); + TEST_ASSERT(mbedtls_ecjpake_read_round_one(&cli, buf, len) == 0); - TEST_ASSERT( mbedtls_ecjpake_write_round_two( &srv, - buf, sizeof( buf ), &len, ecjpake_lgc, NULL ) == 0 ); + TEST_ASSERT(mbedtls_ecjpake_write_round_two(&srv, + buf, sizeof(buf), &len, ecjpake_lgc, NULL) == 0); - TEST_ASSERT( mbedtls_ecjpake_read_round_two( &cli, buf, len ) == 0 ); + TEST_ASSERT(mbedtls_ecjpake_read_round_two(&cli, buf, len) == 0); - TEST_ASSERT( mbedtls_ecjpake_derive_secret( &cli, - pms, sizeof( pms ), &pmslen, ecjpake_lgc, NULL ) == 0 ); + TEST_ASSERT(mbedtls_ecjpake_derive_secret(&cli, + pms, sizeof(pms), &pmslen, ecjpake_lgc, NULL) == 0); - TEST_ASSERT( mbedtls_ecjpake_write_round_two( &cli, - buf, sizeof( buf ), &len, ecjpake_lgc, NULL ) == 0 ); + TEST_ASSERT(mbedtls_ecjpake_write_round_two(&cli, + buf, sizeof(buf), &len, ecjpake_lgc, NULL) == 0); - TEST_ASSERT( mbedtls_ecjpake_read_round_two( &srv, buf, len ) == 0 ); + TEST_ASSERT(mbedtls_ecjpake_read_round_two(&srv, buf, len) == 0); - TEST_ASSERT( mbedtls_ecjpake_derive_secret( &srv, - buf, sizeof( buf ), &len, ecjpake_lgc, NULL ) == 0 ); + TEST_ASSERT(mbedtls_ecjpake_derive_secret(&srv, + buf, sizeof(buf), &len, ecjpake_lgc, NULL) == 0); - TEST_ASSERT( len == pmslen ); - TEST_ASSERT( memcmp( buf, pms, len ) == 0 ); + TEST_ASSERT(len == pmslen); + TEST_ASSERT(memcmp(buf, pms, len) == 0); - if( verbose != 0 ) - mbedtls_printf( "passed\n" ); + if (verbose != 0) { + mbedtls_printf("passed\n"); + } #if !defined(MBEDTLS_ECJPAKE_ALT) /* 'reference handshake' tests can only be run against implementations @@ -1059,72 +1063,75 @@ int mbedtls_ecjpake_self_test( int verbose ) * are generated. This is only the case for the internal mbed TLS * implementation, so these tests are skipped in case the internal * implementation is swapped out for an alternative one. */ - if( verbose != 0 ) - mbedtls_printf( " ECJPAKE test #2 (reference handshake): " ); + if (verbose != 0) { + mbedtls_printf(" ECJPAKE test #2 (reference handshake): "); + } /* Simulate generation of round one */ - MBEDTLS_MPI_CHK( ecjpake_test_load( &cli, - ecjpake_test_x1, sizeof( ecjpake_test_x1 ), - ecjpake_test_x2, sizeof( ecjpake_test_x2 ) ) ); + MBEDTLS_MPI_CHK(ecjpake_test_load(&cli, + ecjpake_test_x1, sizeof(ecjpake_test_x1), + ecjpake_test_x2, sizeof(ecjpake_test_x2))); - MBEDTLS_MPI_CHK( ecjpake_test_load( &srv, - ecjpake_test_x3, sizeof( ecjpake_test_x3 ), - ecjpake_test_x4, sizeof( ecjpake_test_x4 ) ) ); + MBEDTLS_MPI_CHK(ecjpake_test_load(&srv, + ecjpake_test_x3, sizeof(ecjpake_test_x3), + ecjpake_test_x4, sizeof(ecjpake_test_x4))); /* Read round one */ - TEST_ASSERT( mbedtls_ecjpake_read_round_one( &srv, - ecjpake_test_cli_one, - sizeof( ecjpake_test_cli_one ) ) == 0 ); + TEST_ASSERT(mbedtls_ecjpake_read_round_one(&srv, + ecjpake_test_cli_one, + sizeof(ecjpake_test_cli_one)) == 0); - TEST_ASSERT( mbedtls_ecjpake_read_round_one( &cli, - ecjpake_test_srv_one, - sizeof( ecjpake_test_srv_one ) ) == 0 ); + TEST_ASSERT(mbedtls_ecjpake_read_round_one(&cli, + ecjpake_test_srv_one, + sizeof(ecjpake_test_srv_one)) == 0); /* Skip generation of round two, read round two */ - TEST_ASSERT( mbedtls_ecjpake_read_round_two( &cli, - ecjpake_test_srv_two, - sizeof( ecjpake_test_srv_two ) ) == 0 ); + TEST_ASSERT(mbedtls_ecjpake_read_round_two(&cli, + ecjpake_test_srv_two, + sizeof(ecjpake_test_srv_two)) == 0); - TEST_ASSERT( mbedtls_ecjpake_read_round_two( &srv, - ecjpake_test_cli_two, - sizeof( ecjpake_test_cli_two ) ) == 0 ); + TEST_ASSERT(mbedtls_ecjpake_read_round_two(&srv, + ecjpake_test_cli_two, + sizeof(ecjpake_test_cli_two)) == 0); /* Server derives PMS */ - TEST_ASSERT( mbedtls_ecjpake_derive_secret( &srv, - buf, sizeof( buf ), &len, ecjpake_lgc, NULL ) == 0 ); + TEST_ASSERT(mbedtls_ecjpake_derive_secret(&srv, + buf, sizeof(buf), &len, ecjpake_lgc, NULL) == 0); - TEST_ASSERT( len == sizeof( ecjpake_test_pms ) ); - TEST_ASSERT( memcmp( buf, ecjpake_test_pms, len ) == 0 ); + TEST_ASSERT(len == sizeof(ecjpake_test_pms)); + TEST_ASSERT(memcmp(buf, ecjpake_test_pms, len) == 0); - memset( buf, 0, len ); /* Avoid interferences with next step */ + memset(buf, 0, len); /* Avoid interferences with next step */ /* Client derives PMS */ - TEST_ASSERT( mbedtls_ecjpake_derive_secret( &cli, - buf, sizeof( buf ), &len, ecjpake_lgc, NULL ) == 0 ); + TEST_ASSERT(mbedtls_ecjpake_derive_secret(&cli, + buf, sizeof(buf), &len, ecjpake_lgc, NULL) == 0); - TEST_ASSERT( len == sizeof( ecjpake_test_pms ) ); - TEST_ASSERT( memcmp( buf, ecjpake_test_pms, len ) == 0 ); + TEST_ASSERT(len == sizeof(ecjpake_test_pms)); + TEST_ASSERT(memcmp(buf, ecjpake_test_pms, len) == 0); - if( verbose != 0 ) - mbedtls_printf( "passed\n" ); + if (verbose != 0) { + mbedtls_printf("passed\n"); + } #endif /* ! MBEDTLS_ECJPAKE_ALT */ cleanup: - mbedtls_ecjpake_free( &cli ); - mbedtls_ecjpake_free( &srv ); + mbedtls_ecjpake_free(&cli); + mbedtls_ecjpake_free(&srv); - if( ret != 0 ) - { - if( verbose != 0 ) - mbedtls_printf( "failed\n" ); + if (ret != 0) { + if (verbose != 0) { + mbedtls_printf("failed\n"); + } ret = 1; } - if( verbose != 0 ) - mbedtls_printf( "\n" ); + if (verbose != 0) { + mbedtls_printf("\n"); + } - return( ret ); + return ret; } #undef TEST_ASSERT diff --git a/thirdparty/mbedtls/library/ecp.c b/thirdparty/mbedtls/library/ecp.c index ad19e05fb2..9051490b12 100644 --- a/thirdparty/mbedtls/library/ecp.c +++ b/thirdparty/mbedtls/library/ecp.c @@ -85,10 +85,10 @@ #if !defined(MBEDTLS_ECP_ALT) /* Parameter validation macros based on platform_util.h */ -#define ECP_VALIDATE_RET( cond ) \ - MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_ECP_BAD_INPUT_DATA ) -#define ECP_VALIDATE( cond ) \ - MBEDTLS_INTERNAL_VALIDATE( cond ) +#define ECP_VALIDATE_RET(cond) \ + MBEDTLS_INTERNAL_VALIDATE_RET(cond, MBEDTLS_ERR_ECP_BAD_INPUT_DATA) +#define ECP_VALIDATE(cond) \ + MBEDTLS_INTERNAL_VALIDATE(cond) #include "mbedtls/platform.h" @@ -100,7 +100,8 @@ #elif defined(MBEDTLS_CTR_DRBG_C) #include "mbedtls/ctr_drbg.h" #else -#error "Invalid configuration detected. Include check_config.h to ensure that the configuration is valid." +#error \ + "Invalid configuration detected. Include check_config.h to ensure that the configuration is valid." #endif #endif /* MBEDTLS_ECP_NO_INTERNAL_RNG */ @@ -137,49 +138,49 @@ static unsigned long add_count, dbl_count, mul_count; typedef mbedtls_hmac_drbg_context ecp_drbg_context; /* DRBG context init */ -static inline void ecp_drbg_init( ecp_drbg_context *ctx ) +static inline void ecp_drbg_init(ecp_drbg_context *ctx) { - mbedtls_hmac_drbg_init( ctx ); + mbedtls_hmac_drbg_init(ctx); } /* DRBG context free */ -static inline void ecp_drbg_free( ecp_drbg_context *ctx ) +static inline void ecp_drbg_free(ecp_drbg_context *ctx) { - mbedtls_hmac_drbg_free( ctx ); + mbedtls_hmac_drbg_free(ctx); } /* DRBG function */ -static inline int ecp_drbg_random( void *p_rng, - unsigned char *output, size_t output_len ) +static inline int ecp_drbg_random(void *p_rng, + unsigned char *output, size_t output_len) { - return( mbedtls_hmac_drbg_random( p_rng, output, output_len ) ); + return mbedtls_hmac_drbg_random(p_rng, output, output_len); } /* DRBG context seeding */ -static int ecp_drbg_seed( ecp_drbg_context *ctx, - const mbedtls_mpi *secret, size_t secret_len ) +static int ecp_drbg_seed(ecp_drbg_context *ctx, + const mbedtls_mpi *secret, size_t secret_len) { int ret; unsigned char secret_bytes[MBEDTLS_ECP_MAX_BYTES]; /* The list starts with strong hashes */ - const mbedtls_md_type_t md_type = mbedtls_md_list()[0]; - const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type( md_type ); + const mbedtls_md_type_t md_type = + (const mbedtls_md_type_t) (mbedtls_md_list()[0]); + const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type(md_type); - if( secret_len > MBEDTLS_ECP_MAX_BYTES ) - { + if (secret_len > MBEDTLS_ECP_MAX_BYTES) { ret = MBEDTLS_ERR_ECP_RANDOM_FAILED; goto cleanup; } - MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( secret, - secret_bytes, secret_len ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_write_binary(secret, + secret_bytes, secret_len)); - ret = mbedtls_hmac_drbg_seed_buf( ctx, md_info, secret_bytes, secret_len ); + ret = mbedtls_hmac_drbg_seed_buf(ctx, md_info, secret_bytes, secret_len); cleanup: - mbedtls_platform_zeroize( secret_bytes, secret_len ); + mbedtls_platform_zeroize(secret_bytes, secret_len); - return( ret ); + return ret; } #elif defined(MBEDTLS_CTR_DRBG_C) @@ -188,22 +189,22 @@ cleanup: typedef mbedtls_ctr_drbg_context ecp_drbg_context; /* DRBG context init */ -static inline void ecp_drbg_init( ecp_drbg_context *ctx ) +static inline void ecp_drbg_init(ecp_drbg_context *ctx) { - mbedtls_ctr_drbg_init( ctx ); + mbedtls_ctr_drbg_init(ctx); } /* DRBG context free */ -static inline void ecp_drbg_free( ecp_drbg_context *ctx ) +static inline void ecp_drbg_free(ecp_drbg_context *ctx) { - mbedtls_ctr_drbg_free( ctx ); + mbedtls_ctr_drbg_free(ctx); } /* DRBG function */ -static inline int ecp_drbg_random( void *p_rng, - unsigned char *output, size_t output_len ) +static inline int ecp_drbg_random(void *p_rng, + unsigned char *output, size_t output_len) { - return( mbedtls_ctr_drbg_random( p_rng, output, output_len ) ); + return mbedtls_ctr_drbg_random(p_rng, output, output_len); } /* @@ -216,37 +217,37 @@ static inline int ecp_drbg_random( void *p_rng, static int ecp_ctr_drbg_null_entropy(void *ctx, unsigned char *out, size_t len) { (void) ctx; - memset( out, 0, len ); - return( 0 ); + memset(out, 0, len); + return 0; } /* DRBG context seeding */ -static int ecp_drbg_seed( ecp_drbg_context *ctx, - const mbedtls_mpi *secret, size_t secret_len ) +static int ecp_drbg_seed(ecp_drbg_context *ctx, + const mbedtls_mpi *secret, size_t secret_len) { int ret; unsigned char secret_bytes[MBEDTLS_ECP_MAX_BYTES]; - if( secret_len > MBEDTLS_ECP_MAX_BYTES ) - { + if (secret_len > MBEDTLS_ECP_MAX_BYTES) { ret = MBEDTLS_ERR_ECP_RANDOM_FAILED; goto cleanup; } - MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( secret, - secret_bytes, secret_len ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_write_binary(secret, + secret_bytes, secret_len)); - ret = mbedtls_ctr_drbg_seed( ctx, ecp_ctr_drbg_null_entropy, NULL, - secret_bytes, secret_len ); + ret = mbedtls_ctr_drbg_seed(ctx, ecp_ctr_drbg_null_entropy, NULL, + secret_bytes, secret_len); cleanup: - mbedtls_platform_zeroize( secret_bytes, secret_len ); + mbedtls_platform_zeroize(secret_bytes, secret_len); - return( ret ); + return ret; } #else -#error "Invalid configuration detected. Include check_config.h to ensure that the configuration is valid." +#error \ + "Invalid configuration detected. Include check_config.h to ensure that the configuration is valid." #endif /* DRBG modules */ #endif /* MBEDTLS_ECP_NO_INTERNAL_RNG */ @@ -266,7 +267,7 @@ static unsigned ecp_max_ops = 0; /* * Set ecp_max_ops */ -void mbedtls_ecp_set_max_ops( unsigned max_ops ) +void mbedtls_ecp_set_max_ops(unsigned max_ops) { ecp_max_ops = max_ops; } @@ -274,16 +275,15 @@ void mbedtls_ecp_set_max_ops( unsigned max_ops ) /* * Check if restart is enabled */ -int mbedtls_ecp_restart_is_enabled( void ) +int mbedtls_ecp_restart_is_enabled(void) { - return( ecp_max_ops != 0 ); + return ecp_max_ops != 0; } /* * Restart sub-context for ecp_mul_comb() */ -struct mbedtls_ecp_restart_mul -{ +struct mbedtls_ecp_restart_mul { mbedtls_ecp_point R; /* current intermediate result */ size_t i; /* current index in various loops, 0 outside */ mbedtls_ecp_point *T; /* table for precomputed points */ @@ -306,15 +306,15 @@ struct mbedtls_ecp_restart_mul /* * Init restart_mul sub-context */ -static void ecp_restart_rsm_init( mbedtls_ecp_restart_mul_ctx *ctx ) +static void ecp_restart_rsm_init(mbedtls_ecp_restart_mul_ctx *ctx) { - mbedtls_ecp_point_init( &ctx->R ); + mbedtls_ecp_point_init(&ctx->R); ctx->i = 0; ctx->T = NULL; ctx->T_size = 0; ctx->state = ecp_rsm_init; #if !defined(MBEDTLS_ECP_NO_INTERNAL_RNG) - ecp_drbg_init( &ctx->drbg_ctx ); + ecp_drbg_init(&ctx->drbg_ctx); ctx->drbg_seeded = 0; #endif } @@ -322,34 +322,34 @@ static void ecp_restart_rsm_init( mbedtls_ecp_restart_mul_ctx *ctx ) /* * Free the components of a restart_mul sub-context */ -static void ecp_restart_rsm_free( mbedtls_ecp_restart_mul_ctx *ctx ) +static void ecp_restart_rsm_free(mbedtls_ecp_restart_mul_ctx *ctx) { unsigned char i; - if( ctx == NULL ) + if (ctx == NULL) { return; + } - mbedtls_ecp_point_free( &ctx->R ); + mbedtls_ecp_point_free(&ctx->R); - if( ctx->T != NULL ) - { - for( i = 0; i < ctx->T_size; i++ ) - mbedtls_ecp_point_free( ctx->T + i ); - mbedtls_free( ctx->T ); + if (ctx->T != NULL) { + for (i = 0; i < ctx->T_size; i++) { + mbedtls_ecp_point_free(ctx->T + i); + } + mbedtls_free(ctx->T); } #if !defined(MBEDTLS_ECP_NO_INTERNAL_RNG) - ecp_drbg_free( &ctx->drbg_ctx ); + ecp_drbg_free(&ctx->drbg_ctx); #endif - ecp_restart_rsm_init( ctx ); + ecp_restart_rsm_init(ctx); } /* * Restart context for ecp_muladd() */ -struct mbedtls_ecp_restart_muladd -{ +struct mbedtls_ecp_restart_muladd { mbedtls_ecp_point mP; /* mP value */ mbedtls_ecp_point R; /* R intermediate result */ enum { /* what should we do next? */ @@ -363,33 +363,34 @@ struct mbedtls_ecp_restart_muladd /* * Init restart_muladd sub-context */ -static void ecp_restart_ma_init( mbedtls_ecp_restart_muladd_ctx *ctx ) +static void ecp_restart_ma_init(mbedtls_ecp_restart_muladd_ctx *ctx) { - mbedtls_ecp_point_init( &ctx->mP ); - mbedtls_ecp_point_init( &ctx->R ); + mbedtls_ecp_point_init(&ctx->mP); + mbedtls_ecp_point_init(&ctx->R); ctx->state = ecp_rsma_mul1; } /* * Free the components of a restart_muladd sub-context */ -static void ecp_restart_ma_free( mbedtls_ecp_restart_muladd_ctx *ctx ) +static void ecp_restart_ma_free(mbedtls_ecp_restart_muladd_ctx *ctx) { - if( ctx == NULL ) + if (ctx == NULL) { return; + } - mbedtls_ecp_point_free( &ctx->mP ); - mbedtls_ecp_point_free( &ctx->R ); + mbedtls_ecp_point_free(&ctx->mP); + mbedtls_ecp_point_free(&ctx->R); - ecp_restart_ma_init( ctx ); + ecp_restart_ma_init(ctx); } /* * Initialize a restart context */ -void mbedtls_ecp_restart_init( mbedtls_ecp_restart_ctx *ctx ) +void mbedtls_ecp_restart_init(mbedtls_ecp_restart_ctx *ctx) { - ECP_VALIDATE( ctx != NULL ); + ECP_VALIDATE(ctx != NULL); ctx->ops_done = 0; ctx->depth = 0; ctx->rsm = NULL; @@ -399,93 +400,93 @@ void mbedtls_ecp_restart_init( mbedtls_ecp_restart_ctx *ctx ) /* * Free the components of a restart context */ -void mbedtls_ecp_restart_free( mbedtls_ecp_restart_ctx *ctx ) +void mbedtls_ecp_restart_free(mbedtls_ecp_restart_ctx *ctx) { - if( ctx == NULL ) + if (ctx == NULL) { return; + } - ecp_restart_rsm_free( ctx->rsm ); - mbedtls_free( ctx->rsm ); + ecp_restart_rsm_free(ctx->rsm); + mbedtls_free(ctx->rsm); - ecp_restart_ma_free( ctx->ma ); - mbedtls_free( ctx->ma ); + ecp_restart_ma_free(ctx->ma); + mbedtls_free(ctx->ma); - mbedtls_ecp_restart_init( ctx ); + mbedtls_ecp_restart_init(ctx); } /* * Check if we can do the next step */ -int mbedtls_ecp_check_budget( const mbedtls_ecp_group *grp, - mbedtls_ecp_restart_ctx *rs_ctx, - unsigned ops ) +int mbedtls_ecp_check_budget(const mbedtls_ecp_group *grp, + mbedtls_ecp_restart_ctx *rs_ctx, + unsigned ops) { - ECP_VALIDATE_RET( grp != NULL ); + ECP_VALIDATE_RET(grp != NULL); - if( rs_ctx != NULL && ecp_max_ops != 0 ) - { + if (rs_ctx != NULL && ecp_max_ops != 0) { /* scale depending on curve size: the chosen reference is 256-bit, * and multiplication is quadratic. Round to the closest integer. */ - if( grp->pbits >= 512 ) + if (grp->pbits >= 512) { ops *= 4; - else if( grp->pbits >= 384 ) + } else if (grp->pbits >= 384) { ops *= 2; + } /* Avoid infinite loops: always allow first step. * Because of that, however, it's not generally true * that ops_done <= ecp_max_ops, so the check * ops_done > ecp_max_ops below is mandatory. */ - if( ( rs_ctx->ops_done != 0 ) && - ( rs_ctx->ops_done > ecp_max_ops || - ops > ecp_max_ops - rs_ctx->ops_done ) ) - { - return( MBEDTLS_ERR_ECP_IN_PROGRESS ); + if ((rs_ctx->ops_done != 0) && + (rs_ctx->ops_done > ecp_max_ops || + ops > ecp_max_ops - rs_ctx->ops_done)) { + return MBEDTLS_ERR_ECP_IN_PROGRESS; } /* update running count */ rs_ctx->ops_done += ops; } - return( 0 ); + return 0; } /* Call this when entering a function that needs its own sub-context */ -#define ECP_RS_ENTER( SUB ) do { \ - /* reset ops count for this call if top-level */ \ - if( rs_ctx != NULL && rs_ctx->depth++ == 0 ) \ +#define ECP_RS_ENTER(SUB) do { \ + /* reset ops count for this call if top-level */ \ + if (rs_ctx != NULL && rs_ctx->depth++ == 0) \ rs_ctx->ops_done = 0; \ \ - /* set up our own sub-context if needed */ \ - if( mbedtls_ecp_restart_is_enabled() && \ - rs_ctx != NULL && rs_ctx->SUB == NULL ) \ - { \ - rs_ctx->SUB = mbedtls_calloc( 1, sizeof( *rs_ctx->SUB ) ); \ - if( rs_ctx->SUB == NULL ) \ - return( MBEDTLS_ERR_ECP_ALLOC_FAILED ); \ - \ - ecp_restart_## SUB ##_init( rs_ctx->SUB ); \ - } \ -} while( 0 ) + /* set up our own sub-context if needed */ \ + if (mbedtls_ecp_restart_is_enabled() && \ + rs_ctx != NULL && rs_ctx->SUB == NULL) \ + { \ + rs_ctx->SUB = mbedtls_calloc(1, sizeof(*rs_ctx->SUB)); \ + if (rs_ctx->SUB == NULL) \ + return MBEDTLS_ERR_ECP_ALLOC_FAILED; \ + \ + ecp_restart_## SUB ##_init(rs_ctx->SUB); \ + } \ +} while (0) /* Call this when leaving a function that needs its own sub-context */ -#define ECP_RS_LEAVE( SUB ) do { \ - /* clear our sub-context when not in progress (done or error) */ \ - if( rs_ctx != NULL && rs_ctx->SUB != NULL && \ - ret != MBEDTLS_ERR_ECP_IN_PROGRESS ) \ - { \ - ecp_restart_## SUB ##_free( rs_ctx->SUB ); \ - mbedtls_free( rs_ctx->SUB ); \ - rs_ctx->SUB = NULL; \ - } \ +#define ECP_RS_LEAVE(SUB) do { \ + /* clear our sub-context when not in progress (done or error) */ \ + if (rs_ctx != NULL && rs_ctx->SUB != NULL && \ + ret != MBEDTLS_ERR_ECP_IN_PROGRESS) \ + { \ + ecp_restart_## SUB ##_free(rs_ctx->SUB); \ + mbedtls_free(rs_ctx->SUB); \ + rs_ctx->SUB = NULL; \ + } \ \ - if( rs_ctx != NULL ) \ + if (rs_ctx != NULL) \ rs_ctx->depth--; \ -} while( 0 ) +} while (0) #else /* MBEDTLS_ECP_RESTARTABLE */ -#define ECP_RS_ENTER( sub ) (void) rs_ctx; -#define ECP_RS_LEAVE( sub ) (void) rs_ctx; +#define ECP_RS_ENTER(sub) (void) rs_ctx; +#define ECP_RS_LEAVE(sub) (void) rs_ctx; #endif /* MBEDTLS_ECP_RESTARTABLE */ @@ -545,35 +546,33 @@ static const mbedtls_ecp_curve_info ecp_supported_curves[] = { MBEDTLS_ECP_DP_NONE, 0, 0, NULL }, }; -#define ECP_NB_CURVES sizeof( ecp_supported_curves ) / \ - sizeof( ecp_supported_curves[0] ) +#define ECP_NB_CURVES sizeof(ecp_supported_curves) / \ + sizeof(ecp_supported_curves[0]) static mbedtls_ecp_group_id ecp_supported_grp_id[ECP_NB_CURVES]; /* * List of supported curves and associated info */ -const mbedtls_ecp_curve_info *mbedtls_ecp_curve_list( void ) +const mbedtls_ecp_curve_info *mbedtls_ecp_curve_list(void) { - return( ecp_supported_curves ); + return ecp_supported_curves; } /* * List of supported curves, group ID only */ -const mbedtls_ecp_group_id *mbedtls_ecp_grp_id_list( void ) +const mbedtls_ecp_group_id *mbedtls_ecp_grp_id_list(void) { static int init_done = 0; - if( ! init_done ) - { + if (!init_done) { size_t i = 0; const mbedtls_ecp_curve_info *curve_info; - for( curve_info = mbedtls_ecp_curve_list(); + for (curve_info = mbedtls_ecp_curve_list(); curve_info->grp_id != MBEDTLS_ECP_DP_NONE; - curve_info++ ) - { + curve_info++) { ecp_supported_grp_id[i++] = curve_info->grp_id; } ecp_supported_grp_id[i] = MBEDTLS_ECP_DP_NONE; @@ -581,105 +580,108 @@ const mbedtls_ecp_group_id *mbedtls_ecp_grp_id_list( void ) init_done = 1; } - return( ecp_supported_grp_id ); + return ecp_supported_grp_id; } /* * Get the curve info for the internal identifier */ -const mbedtls_ecp_curve_info *mbedtls_ecp_curve_info_from_grp_id( mbedtls_ecp_group_id grp_id ) +const mbedtls_ecp_curve_info *mbedtls_ecp_curve_info_from_grp_id(mbedtls_ecp_group_id grp_id) { const mbedtls_ecp_curve_info *curve_info; - for( curve_info = mbedtls_ecp_curve_list(); + for (curve_info = mbedtls_ecp_curve_list(); curve_info->grp_id != MBEDTLS_ECP_DP_NONE; - curve_info++ ) - { - if( curve_info->grp_id == grp_id ) - return( curve_info ); + curve_info++) { + if (curve_info->grp_id == grp_id) { + return curve_info; + } } - return( NULL ); + return NULL; } /* * Get the curve info from the TLS identifier */ -const mbedtls_ecp_curve_info *mbedtls_ecp_curve_info_from_tls_id( uint16_t tls_id ) +const mbedtls_ecp_curve_info *mbedtls_ecp_curve_info_from_tls_id(uint16_t tls_id) { const mbedtls_ecp_curve_info *curve_info; - for( curve_info = mbedtls_ecp_curve_list(); + for (curve_info = mbedtls_ecp_curve_list(); curve_info->grp_id != MBEDTLS_ECP_DP_NONE; - curve_info++ ) - { - if( curve_info->tls_id == tls_id ) - return( curve_info ); + curve_info++) { + if (curve_info->tls_id == tls_id) { + return curve_info; + } } - return( NULL ); + return NULL; } /* * Get the curve info from the name */ -const mbedtls_ecp_curve_info *mbedtls_ecp_curve_info_from_name( const char *name ) +const mbedtls_ecp_curve_info *mbedtls_ecp_curve_info_from_name(const char *name) { const mbedtls_ecp_curve_info *curve_info; - if( name == NULL ) - return( NULL ); + if (name == NULL) { + return NULL; + } - for( curve_info = mbedtls_ecp_curve_list(); + for (curve_info = mbedtls_ecp_curve_list(); curve_info->grp_id != MBEDTLS_ECP_DP_NONE; - curve_info++ ) - { - if( strcmp( curve_info->name, name ) == 0 ) - return( curve_info ); + curve_info++) { + if (strcmp(curve_info->name, name) == 0) { + return curve_info; + } } - return( NULL ); + return NULL; } /* * Get the type of a curve */ -mbedtls_ecp_curve_type mbedtls_ecp_get_type( const mbedtls_ecp_group *grp ) +mbedtls_ecp_curve_type mbedtls_ecp_get_type(const mbedtls_ecp_group *grp) { - if( grp->G.X.p == NULL ) - return( MBEDTLS_ECP_TYPE_NONE ); + if (grp->G.X.p == NULL) { + return MBEDTLS_ECP_TYPE_NONE; + } - if( grp->G.Y.p == NULL ) - return( MBEDTLS_ECP_TYPE_MONTGOMERY ); - else - return( MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS ); + if (grp->G.Y.p == NULL) { + return MBEDTLS_ECP_TYPE_MONTGOMERY; + } else { + return MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS; + } } /* * Initialize (the components of) a point */ -void mbedtls_ecp_point_init( mbedtls_ecp_point *pt ) +void mbedtls_ecp_point_init(mbedtls_ecp_point *pt) { - ECP_VALIDATE( pt != NULL ); + ECP_VALIDATE(pt != NULL); - mbedtls_mpi_init( &pt->X ); - mbedtls_mpi_init( &pt->Y ); - mbedtls_mpi_init( &pt->Z ); + mbedtls_mpi_init(&pt->X); + mbedtls_mpi_init(&pt->Y); + mbedtls_mpi_init(&pt->Z); } /* * Initialize (the components of) a group */ -void mbedtls_ecp_group_init( mbedtls_ecp_group *grp ) +void mbedtls_ecp_group_init(mbedtls_ecp_group *grp) { - ECP_VALIDATE( grp != NULL ); + ECP_VALIDATE(grp != NULL); grp->id = MBEDTLS_ECP_DP_NONE; - mbedtls_mpi_init( &grp->P ); - mbedtls_mpi_init( &grp->A ); - mbedtls_mpi_init( &grp->B ); - mbedtls_ecp_point_init( &grp->G ); - mbedtls_mpi_init( &grp->N ); + mbedtls_mpi_init(&grp->P); + mbedtls_mpi_init(&grp->A); + mbedtls_mpi_init(&grp->B); + mbedtls_ecp_point_init(&grp->G); + mbedtls_mpi_init(&grp->N); grp->pbits = 0; grp->nbits = 0; grp->h = 0; @@ -694,297 +696,299 @@ void mbedtls_ecp_group_init( mbedtls_ecp_group *grp ) /* * Initialize (the components of) a key pair */ -void mbedtls_ecp_keypair_init( mbedtls_ecp_keypair *key ) +void mbedtls_ecp_keypair_init(mbedtls_ecp_keypair *key) { - ECP_VALIDATE( key != NULL ); + ECP_VALIDATE(key != NULL); - mbedtls_ecp_group_init( &key->grp ); - mbedtls_mpi_init( &key->d ); - mbedtls_ecp_point_init( &key->Q ); + mbedtls_ecp_group_init(&key->grp); + mbedtls_mpi_init(&key->d); + mbedtls_ecp_point_init(&key->Q); } /* * Unallocate (the components of) a point */ -void mbedtls_ecp_point_free( mbedtls_ecp_point *pt ) +void mbedtls_ecp_point_free(mbedtls_ecp_point *pt) { - if( pt == NULL ) + if (pt == NULL) { return; + } - mbedtls_mpi_free( &( pt->X ) ); - mbedtls_mpi_free( &( pt->Y ) ); - mbedtls_mpi_free( &( pt->Z ) ); + mbedtls_mpi_free(&(pt->X)); + mbedtls_mpi_free(&(pt->Y)); + mbedtls_mpi_free(&(pt->Z)); } /* * Unallocate (the components of) a group */ -void mbedtls_ecp_group_free( mbedtls_ecp_group *grp ) +void mbedtls_ecp_group_free(mbedtls_ecp_group *grp) { size_t i; - if( grp == NULL ) + if (grp == NULL) { return; + } - if( grp->h != 1 ) - { - mbedtls_mpi_free( &grp->P ); - mbedtls_mpi_free( &grp->A ); - mbedtls_mpi_free( &grp->B ); - mbedtls_ecp_point_free( &grp->G ); - mbedtls_mpi_free( &grp->N ); + if (grp->h != 1) { + mbedtls_mpi_free(&grp->P); + mbedtls_mpi_free(&grp->A); + mbedtls_mpi_free(&grp->B); + mbedtls_ecp_point_free(&grp->G); + mbedtls_mpi_free(&grp->N); } - if( grp->T != NULL ) - { - for( i = 0; i < grp->T_size; i++ ) - mbedtls_ecp_point_free( &grp->T[i] ); - mbedtls_free( grp->T ); + if (grp->T != NULL) { + for (i = 0; i < grp->T_size; i++) { + mbedtls_ecp_point_free(&grp->T[i]); + } + mbedtls_free(grp->T); } - mbedtls_platform_zeroize( grp, sizeof( mbedtls_ecp_group ) ); + mbedtls_platform_zeroize(grp, sizeof(mbedtls_ecp_group)); } /* * Unallocate (the components of) a key pair */ -void mbedtls_ecp_keypair_free( mbedtls_ecp_keypair *key ) +void mbedtls_ecp_keypair_free(mbedtls_ecp_keypair *key) { - if( key == NULL ) + if (key == NULL) { return; + } - mbedtls_ecp_group_free( &key->grp ); - mbedtls_mpi_free( &key->d ); - mbedtls_ecp_point_free( &key->Q ); + mbedtls_ecp_group_free(&key->grp); + mbedtls_mpi_free(&key->d); + mbedtls_ecp_point_free(&key->Q); } /* * Copy the contents of a point */ -int mbedtls_ecp_copy( mbedtls_ecp_point *P, const mbedtls_ecp_point *Q ) +int mbedtls_ecp_copy(mbedtls_ecp_point *P, const mbedtls_ecp_point *Q) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - ECP_VALIDATE_RET( P != NULL ); - ECP_VALIDATE_RET( Q != NULL ); + ECP_VALIDATE_RET(P != NULL); + ECP_VALIDATE_RET(Q != NULL); - MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &P->X, &Q->X ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &P->Y, &Q->Y ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &P->Z, &Q->Z ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&P->X, &Q->X)); + MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&P->Y, &Q->Y)); + MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&P->Z, &Q->Z)); cleanup: - return( ret ); + return ret; } /* * Copy the contents of a group object */ -int mbedtls_ecp_group_copy( mbedtls_ecp_group *dst, const mbedtls_ecp_group *src ) +int mbedtls_ecp_group_copy(mbedtls_ecp_group *dst, const mbedtls_ecp_group *src) { - ECP_VALIDATE_RET( dst != NULL ); - ECP_VALIDATE_RET( src != NULL ); + ECP_VALIDATE_RET(dst != NULL); + ECP_VALIDATE_RET(src != NULL); - return( mbedtls_ecp_group_load( dst, src->id ) ); + return mbedtls_ecp_group_load(dst, src->id); } /* * Set point to zero */ -int mbedtls_ecp_set_zero( mbedtls_ecp_point *pt ) +int mbedtls_ecp_set_zero(mbedtls_ecp_point *pt) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - ECP_VALIDATE_RET( pt != NULL ); + ECP_VALIDATE_RET(pt != NULL); - MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &pt->X , 1 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &pt->Y , 1 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &pt->Z , 0 ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&pt->X, 1)); + MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&pt->Y, 1)); + MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&pt->Z, 0)); cleanup: - return( ret ); + return ret; } /* * Tell if a point is zero */ -int mbedtls_ecp_is_zero( mbedtls_ecp_point *pt ) +int mbedtls_ecp_is_zero(mbedtls_ecp_point *pt) { - ECP_VALIDATE_RET( pt != NULL ); + ECP_VALIDATE_RET(pt != NULL); - return( mbedtls_mpi_cmp_int( &pt->Z, 0 ) == 0 ); + return mbedtls_mpi_cmp_int(&pt->Z, 0) == 0; } /* * Compare two points lazily */ -int mbedtls_ecp_point_cmp( const mbedtls_ecp_point *P, - const mbedtls_ecp_point *Q ) +int mbedtls_ecp_point_cmp(const mbedtls_ecp_point *P, + const mbedtls_ecp_point *Q) { - ECP_VALIDATE_RET( P != NULL ); - ECP_VALIDATE_RET( Q != NULL ); + ECP_VALIDATE_RET(P != NULL); + ECP_VALIDATE_RET(Q != NULL); - if( mbedtls_mpi_cmp_mpi( &P->X, &Q->X ) == 0 && - mbedtls_mpi_cmp_mpi( &P->Y, &Q->Y ) == 0 && - mbedtls_mpi_cmp_mpi( &P->Z, &Q->Z ) == 0 ) - { - return( 0 ); + if (mbedtls_mpi_cmp_mpi(&P->X, &Q->X) == 0 && + mbedtls_mpi_cmp_mpi(&P->Y, &Q->Y) == 0 && + mbedtls_mpi_cmp_mpi(&P->Z, &Q->Z) == 0) { + return 0; } - return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); + return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; } /* * Import a non-zero point from ASCII strings */ -int mbedtls_ecp_point_read_string( mbedtls_ecp_point *P, int radix, - const char *x, const char *y ) +int mbedtls_ecp_point_read_string(mbedtls_ecp_point *P, int radix, + const char *x, const char *y) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - ECP_VALIDATE_RET( P != NULL ); - ECP_VALIDATE_RET( x != NULL ); - ECP_VALIDATE_RET( y != NULL ); + ECP_VALIDATE_RET(P != NULL); + ECP_VALIDATE_RET(x != NULL); + ECP_VALIDATE_RET(y != NULL); - MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &P->X, radix, x ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &P->Y, radix, y ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &P->Z, 1 ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_read_string(&P->X, radix, x)); + MBEDTLS_MPI_CHK(mbedtls_mpi_read_string(&P->Y, radix, y)); + MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&P->Z, 1)); cleanup: - return( ret ); + return ret; } /* * Export a point into unsigned binary data (SEC1 2.3.3 and RFC7748) */ -int mbedtls_ecp_point_write_binary( const mbedtls_ecp_group *grp, - const mbedtls_ecp_point *P, - int format, size_t *olen, - unsigned char *buf, size_t buflen ) +int mbedtls_ecp_point_write_binary(const mbedtls_ecp_group *grp, + const mbedtls_ecp_point *P, + int format, size_t *olen, + unsigned char *buf, size_t buflen) { int ret = MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE; size_t plen; - ECP_VALIDATE_RET( grp != NULL ); - ECP_VALIDATE_RET( P != NULL ); - ECP_VALIDATE_RET( olen != NULL ); - ECP_VALIDATE_RET( buf != NULL ); - ECP_VALIDATE_RET( format == MBEDTLS_ECP_PF_UNCOMPRESSED || - format == MBEDTLS_ECP_PF_COMPRESSED ); + ECP_VALIDATE_RET(grp != NULL); + ECP_VALIDATE_RET(P != NULL); + ECP_VALIDATE_RET(olen != NULL); + ECP_VALIDATE_RET(buf != NULL); + ECP_VALIDATE_RET(format == MBEDTLS_ECP_PF_UNCOMPRESSED || + format == MBEDTLS_ECP_PF_COMPRESSED); - plen = mbedtls_mpi_size( &grp->P ); + plen = mbedtls_mpi_size(&grp->P); #if defined(MBEDTLS_ECP_MONTGOMERY_ENABLED) (void) format; /* Montgomery curves always use the same point format */ - if( mbedtls_ecp_get_type( grp ) == MBEDTLS_ECP_TYPE_MONTGOMERY ) - { + if (mbedtls_ecp_get_type(grp) == MBEDTLS_ECP_TYPE_MONTGOMERY) { *olen = plen; - if( buflen < *olen ) - return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL ); + if (buflen < *olen) { + return MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL; + } - MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary_le( &P->X, buf, plen ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_write_binary_le(&P->X, buf, plen)); } #endif #if defined(MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED) - if( mbedtls_ecp_get_type( grp ) == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS ) - { + if (mbedtls_ecp_get_type(grp) == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS) { /* * Common case: P == 0 */ - if( mbedtls_mpi_cmp_int( &P->Z, 0 ) == 0 ) - { - if( buflen < 1 ) - return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL ); + if (mbedtls_mpi_cmp_int(&P->Z, 0) == 0) { + if (buflen < 1) { + return MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL; + } buf[0] = 0x00; *olen = 1; - return( 0 ); + return 0; } - if( format == MBEDTLS_ECP_PF_UNCOMPRESSED ) - { + if (format == MBEDTLS_ECP_PF_UNCOMPRESSED) { *olen = 2 * plen + 1; - if( buflen < *olen ) - return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL ); + if (buflen < *olen) { + return MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL; + } buf[0] = 0x04; - MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &P->X, buf + 1, plen ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &P->Y, buf + 1 + plen, plen ) ); - } - else if( format == MBEDTLS_ECP_PF_COMPRESSED ) - { + MBEDTLS_MPI_CHK(mbedtls_mpi_write_binary(&P->X, buf + 1, plen)); + MBEDTLS_MPI_CHK(mbedtls_mpi_write_binary(&P->Y, buf + 1 + plen, plen)); + } else if (format == MBEDTLS_ECP_PF_COMPRESSED) { *olen = plen + 1; - if( buflen < *olen ) - return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL ); + if (buflen < *olen) { + return MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL; + } - buf[0] = 0x02 + mbedtls_mpi_get_bit( &P->Y, 0 ); - MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &P->X, buf + 1, plen ) ); + buf[0] = 0x02 + mbedtls_mpi_get_bit(&P->Y, 0); + MBEDTLS_MPI_CHK(mbedtls_mpi_write_binary(&P->X, buf + 1, plen)); } } #endif cleanup: - return( ret ); + return ret; } /* * Import a point from unsigned binary data (SEC1 2.3.4 and RFC7748) */ -int mbedtls_ecp_point_read_binary( const mbedtls_ecp_group *grp, - mbedtls_ecp_point *pt, - const unsigned char *buf, size_t ilen ) +int mbedtls_ecp_point_read_binary(const mbedtls_ecp_group *grp, + mbedtls_ecp_point *pt, + const unsigned char *buf, size_t ilen) { int ret = MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE; size_t plen; - ECP_VALIDATE_RET( grp != NULL ); - ECP_VALIDATE_RET( pt != NULL ); - ECP_VALIDATE_RET( buf != NULL ); + ECP_VALIDATE_RET(grp != NULL); + ECP_VALIDATE_RET(pt != NULL); + ECP_VALIDATE_RET(buf != NULL); - if( ilen < 1 ) - return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); + if (ilen < 1) { + return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; + } - plen = mbedtls_mpi_size( &grp->P ); + plen = mbedtls_mpi_size(&grp->P); #if defined(MBEDTLS_ECP_MONTGOMERY_ENABLED) - if( mbedtls_ecp_get_type( grp ) == MBEDTLS_ECP_TYPE_MONTGOMERY ) - { - if( plen != ilen ) - return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); + if (mbedtls_ecp_get_type(grp) == MBEDTLS_ECP_TYPE_MONTGOMERY) { + if (plen != ilen) { + return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; + } - MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary_le( &pt->X, buf, plen ) ); - mbedtls_mpi_free( &pt->Y ); + MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary_le(&pt->X, buf, plen)); + mbedtls_mpi_free(&pt->Y); - if( grp->id == MBEDTLS_ECP_DP_CURVE25519 ) + if (grp->id == MBEDTLS_ECP_DP_CURVE25519) { /* Set most significant bit to 0 as prescribed in RFC7748 §5 */ - MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( &pt->X, plen * 8 - 1, 0 ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_set_bit(&pt->X, plen * 8 - 1, 0)); + } - MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &pt->Z, 1 ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&pt->Z, 1)); } #endif #if defined(MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED) - if( mbedtls_ecp_get_type( grp ) == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS ) - { - if( buf[0] == 0x00 ) - { - if( ilen == 1 ) - return( mbedtls_ecp_set_zero( pt ) ); - else - return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); + if (mbedtls_ecp_get_type(grp) == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS) { + if (buf[0] == 0x00) { + if (ilen == 1) { + return mbedtls_ecp_set_zero(pt); + } else { + return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; + } } - if( buf[0] != 0x04 ) - return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE ); + if (buf[0] != 0x04) { + return MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE; + } - if( ilen != 2 * plen + 1 ) - return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); + if (ilen != 2 * plen + 1) { + return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; + } - MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &pt->X, buf + 1, plen ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &pt->Y, - buf + 1 + plen, plen ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &pt->Z, 1 ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&pt->X, buf + 1, plen)); + MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&pt->Y, + buf + 1 + plen, plen)); + MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&pt->Z, 1)); } #endif cleanup: - return( ret ); + return ret; } /* @@ -993,26 +997,28 @@ cleanup: * opaque point <1..2^8-1>; * } ECPoint; */ -int mbedtls_ecp_tls_read_point( const mbedtls_ecp_group *grp, - mbedtls_ecp_point *pt, - const unsigned char **buf, size_t buf_len ) +int mbedtls_ecp_tls_read_point(const mbedtls_ecp_group *grp, + mbedtls_ecp_point *pt, + const unsigned char **buf, size_t buf_len) { unsigned char data_len; const unsigned char *buf_start; - ECP_VALIDATE_RET( grp != NULL ); - ECP_VALIDATE_RET( pt != NULL ); - ECP_VALIDATE_RET( buf != NULL ); - ECP_VALIDATE_RET( *buf != NULL ); + ECP_VALIDATE_RET(grp != NULL); + ECP_VALIDATE_RET(pt != NULL); + ECP_VALIDATE_RET(buf != NULL); + ECP_VALIDATE_RET(*buf != NULL); /* * We must have at least two bytes (1 for length, at least one for data) */ - if( buf_len < 2 ) - return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); + if (buf_len < 2) { + return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; + } data_len = *(*buf)++; - if( data_len < 1 || data_len > buf_len - 1 ) - return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); + if (data_len < 1 || data_len > buf_len - 1) { + return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; + } /* * Save buffer start for read_binary and update buf @@ -1020,7 +1026,7 @@ int mbedtls_ecp_tls_read_point( const mbedtls_ecp_group *grp, buf_start = *buf; *buf += data_len; - return( mbedtls_ecp_point_read_binary( grp, pt, buf_start, data_len ) ); + return mbedtls_ecp_point_read_binary(grp, pt, buf_start, data_len); } /* @@ -1029,27 +1035,29 @@ int mbedtls_ecp_tls_read_point( const mbedtls_ecp_group *grp, * opaque point <1..2^8-1>; * } ECPoint; */ -int mbedtls_ecp_tls_write_point( const mbedtls_ecp_group *grp, const mbedtls_ecp_point *pt, - int format, size_t *olen, - unsigned char *buf, size_t blen ) +int mbedtls_ecp_tls_write_point(const mbedtls_ecp_group *grp, const mbedtls_ecp_point *pt, + int format, size_t *olen, + unsigned char *buf, size_t blen) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - ECP_VALIDATE_RET( grp != NULL ); - ECP_VALIDATE_RET( pt != NULL ); - ECP_VALIDATE_RET( olen != NULL ); - ECP_VALIDATE_RET( buf != NULL ); - ECP_VALIDATE_RET( format == MBEDTLS_ECP_PF_UNCOMPRESSED || - format == MBEDTLS_ECP_PF_COMPRESSED ); + ECP_VALIDATE_RET(grp != NULL); + ECP_VALIDATE_RET(pt != NULL); + ECP_VALIDATE_RET(olen != NULL); + ECP_VALIDATE_RET(buf != NULL); + ECP_VALIDATE_RET(format == MBEDTLS_ECP_PF_UNCOMPRESSED || + format == MBEDTLS_ECP_PF_COMPRESSED); /* * buffer length must be at least one, for our length byte */ - if( blen < 1 ) - return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); + if (blen < 1) { + return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; + } - if( ( ret = mbedtls_ecp_point_write_binary( grp, pt, format, - olen, buf + 1, blen - 1) ) != 0 ) - return( ret ); + if ((ret = mbedtls_ecp_point_write_binary(grp, pt, format, + olen, buf + 1, blen - 1)) != 0) { + return ret; + } /* * write length to the first byte and update total length @@ -1057,51 +1065,54 @@ int mbedtls_ecp_tls_write_point( const mbedtls_ecp_group *grp, const mbedtls_ecp buf[0] = (unsigned char) *olen; ++*olen; - return( 0 ); + return 0; } /* * Set a group from an ECParameters record (RFC 4492) */ -int mbedtls_ecp_tls_read_group( mbedtls_ecp_group *grp, - const unsigned char **buf, size_t len ) +int mbedtls_ecp_tls_read_group(mbedtls_ecp_group *grp, + const unsigned char **buf, size_t len) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_ecp_group_id grp_id; - ECP_VALIDATE_RET( grp != NULL ); - ECP_VALIDATE_RET( buf != NULL ); - ECP_VALIDATE_RET( *buf != NULL ); + ECP_VALIDATE_RET(grp != NULL); + ECP_VALIDATE_RET(buf != NULL); + ECP_VALIDATE_RET(*buf != NULL); - if( ( ret = mbedtls_ecp_tls_read_group_id( &grp_id, buf, len ) ) != 0 ) - return( ret ); + if ((ret = mbedtls_ecp_tls_read_group_id(&grp_id, buf, len)) != 0) { + return ret; + } - return( mbedtls_ecp_group_load( grp, grp_id ) ); + return mbedtls_ecp_group_load(grp, grp_id); } /* * Read a group id from an ECParameters record (RFC 4492) and convert it to * mbedtls_ecp_group_id. */ -int mbedtls_ecp_tls_read_group_id( mbedtls_ecp_group_id *grp, - const unsigned char **buf, size_t len ) +int mbedtls_ecp_tls_read_group_id(mbedtls_ecp_group_id *grp, + const unsigned char **buf, size_t len) { uint16_t tls_id; const mbedtls_ecp_curve_info *curve_info; - ECP_VALIDATE_RET( grp != NULL ); - ECP_VALIDATE_RET( buf != NULL ); - ECP_VALIDATE_RET( *buf != NULL ); + ECP_VALIDATE_RET(grp != NULL); + ECP_VALIDATE_RET(buf != NULL); + ECP_VALIDATE_RET(*buf != NULL); /* * We expect at least three bytes (see below) */ - if( len < 3 ) - return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); + if (len < 3) { + return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; + } /* * First byte is curve_type; only named_curve is handled */ - if( *(*buf)++ != MBEDTLS_ECP_TLS_NAMED_CURVE ) - return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); + if (*(*buf)++ != MBEDTLS_ECP_TLS_NAMED_CURVE) { + return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; + } /* * Next two bytes are the namedcurve value @@ -1110,34 +1121,37 @@ int mbedtls_ecp_tls_read_group_id( mbedtls_ecp_group_id *grp, tls_id <<= 8; tls_id |= *(*buf)++; - if( ( curve_info = mbedtls_ecp_curve_info_from_tls_id( tls_id ) ) == NULL ) - return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE ); + if ((curve_info = mbedtls_ecp_curve_info_from_tls_id(tls_id)) == NULL) { + return MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE; + } *grp = curve_info->grp_id; - return( 0 ); + return 0; } /* * Write the ECParameters record corresponding to a group (RFC 4492) */ -int mbedtls_ecp_tls_write_group( const mbedtls_ecp_group *grp, size_t *olen, - unsigned char *buf, size_t blen ) +int mbedtls_ecp_tls_write_group(const mbedtls_ecp_group *grp, size_t *olen, + unsigned char *buf, size_t blen) { const mbedtls_ecp_curve_info *curve_info; - ECP_VALIDATE_RET( grp != NULL ); - ECP_VALIDATE_RET( buf != NULL ); - ECP_VALIDATE_RET( olen != NULL ); + ECP_VALIDATE_RET(grp != NULL); + ECP_VALIDATE_RET(buf != NULL); + ECP_VALIDATE_RET(olen != NULL); - if( ( curve_info = mbedtls_ecp_curve_info_from_grp_id( grp->id ) ) == NULL ) - return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); + if ((curve_info = mbedtls_ecp_curve_info_from_grp_id(grp->id)) == NULL) { + return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; + } /* * We are going to write 3 bytes (see below) */ *olen = 3; - if( blen < *olen ) - return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL ); + if (blen < *olen) { + return MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL; + } /* * First byte is curve_type, always named_curve @@ -1147,9 +1161,9 @@ int mbedtls_ecp_tls_write_group( const mbedtls_ecp_group *grp, size_t *olen, /* * Next two bytes are the namedcurve value */ - MBEDTLS_PUT_UINT16_BE( curve_info->tls_id, buf, 0 ); + MBEDTLS_PUT_UINT16_BE(curve_info->tls_id, buf, 0); - return( 0 ); + return 0; } /* @@ -1158,32 +1172,34 @@ int mbedtls_ecp_tls_write_group( const mbedtls_ecp_group *grp, size_t *olen, * * This function is in the critial loop for mbedtls_ecp_mul, so pay attention to perf. */ -static int ecp_modp( mbedtls_mpi *N, const mbedtls_ecp_group *grp ) +static int ecp_modp(mbedtls_mpi *N, const mbedtls_ecp_group *grp) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - if( grp->modp == NULL ) - return( mbedtls_mpi_mod_mpi( N, N, &grp->P ) ); + if (grp->modp == NULL) { + return mbedtls_mpi_mod_mpi(N, N, &grp->P); + } /* N->s < 0 is a much faster test, which fails only if N is 0 */ - if( ( N->s < 0 && mbedtls_mpi_cmp_int( N, 0 ) != 0 ) || - mbedtls_mpi_bitlen( N ) > 2 * grp->pbits ) - { - return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); + if ((N->s < 0 && mbedtls_mpi_cmp_int(N, 0) != 0) || + mbedtls_mpi_bitlen(N) > 2 * grp->pbits) { + return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; } - MBEDTLS_MPI_CHK( grp->modp( N ) ); + MBEDTLS_MPI_CHK(grp->modp(N)); /* N->s < 0 is a much faster test, which fails only if N is 0 */ - while( N->s < 0 && mbedtls_mpi_cmp_int( N, 0 ) != 0 ) - MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( N, N, &grp->P ) ); + while (N->s < 0 && mbedtls_mpi_cmp_int(N, 0) != 0) { + MBEDTLS_MPI_CHK(mbedtls_mpi_add_mpi(N, N, &grp->P)); + } - while( mbedtls_mpi_cmp_mpi( N, &grp->P ) >= 0 ) + while (mbedtls_mpi_cmp_mpi(N, &grp->P) >= 0) { /* we known P, N and the result are positive */ - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_abs( N, N, &grp->P ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_sub_abs(N, N, &grp->P)); + } cleanup: - return( ret ); + return ret; } /* @@ -1205,50 +1221,50 @@ cleanup: #define INC_MUL_COUNT #endif -#define MOD_MUL( N ) \ +#define MOD_MUL(N) \ do \ { \ - MBEDTLS_MPI_CHK( ecp_modp( &(N), grp ) ); \ + MBEDTLS_MPI_CHK(ecp_modp(&(N), grp)); \ INC_MUL_COUNT \ - } while( 0 ) + } while (0) -static inline int mbedtls_mpi_mul_mod( const mbedtls_ecp_group *grp, - mbedtls_mpi *X, - const mbedtls_mpi *A, - const mbedtls_mpi *B ) +static inline int mbedtls_mpi_mul_mod(const mbedtls_ecp_group *grp, + mbedtls_mpi *X, + const mbedtls_mpi *A, + const mbedtls_mpi *B) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( X, A, B ) ); - MOD_MUL( *X ); + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(X, A, B)); + MOD_MUL(*X); cleanup: - return( ret ); + return ret; } /* * Reduce a mbedtls_mpi mod p in-place, to use after mbedtls_mpi_sub_mpi * N->s < 0 is a very fast test, which fails only if N is 0 */ -#define MOD_SUB( N ) \ - while( (N).s < 0 && mbedtls_mpi_cmp_int( &(N), 0 ) != 0 ) \ - MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &(N), &(N), &grp->P ) ) - -#if ( defined(MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED) && \ - !( defined(MBEDTLS_ECP_NO_FALLBACK) && \ - defined(MBEDTLS_ECP_DOUBLE_JAC_ALT) && \ - defined(MBEDTLS_ECP_ADD_MIXED_ALT) ) ) || \ - ( defined(MBEDTLS_ECP_MONTGOMERY_ENABLED) && \ - !( defined(MBEDTLS_ECP_NO_FALLBACK) && \ - defined(MBEDTLS_ECP_DOUBLE_ADD_MXZ_ALT) ) ) -static inline int mbedtls_mpi_sub_mod( const mbedtls_ecp_group *grp, - mbedtls_mpi *X, - const mbedtls_mpi *A, - const mbedtls_mpi *B ) +#define MOD_SUB(N) \ + while ((N).s < 0 && mbedtls_mpi_cmp_int(&(N), 0) != 0) \ + MBEDTLS_MPI_CHK(mbedtls_mpi_add_mpi(&(N), &(N), &grp->P)) + +#if (defined(MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED) && \ + !(defined(MBEDTLS_ECP_NO_FALLBACK) && \ + defined(MBEDTLS_ECP_DOUBLE_JAC_ALT) && \ + defined(MBEDTLS_ECP_ADD_MIXED_ALT))) || \ + (defined(MBEDTLS_ECP_MONTGOMERY_ENABLED) && \ + !(defined(MBEDTLS_ECP_NO_FALLBACK) && \ + defined(MBEDTLS_ECP_DOUBLE_ADD_MXZ_ALT))) +static inline int mbedtls_mpi_sub_mod(const mbedtls_ecp_group *grp, + mbedtls_mpi *X, + const mbedtls_mpi *A, + const mbedtls_mpi *B) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( X, A, B ) ); - MOD_SUB( *X ); + MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mpi(X, A, B)); + MOD_SUB(*X); cleanup: - return( ret ); + return ret; } #endif /* All functions referencing mbedtls_mpi_sub_mod() are alt-implemented without fallback */ @@ -1257,37 +1273,38 @@ cleanup: * We known P, N and the result are positive, so sub_abs is correct, and * a bit faster. */ -#define MOD_ADD( N ) \ - while( mbedtls_mpi_cmp_mpi( &(N), &grp->P ) >= 0 ) \ - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_abs( &(N), &(N), &grp->P ) ) +#define MOD_ADD(N) \ + while (mbedtls_mpi_cmp_mpi(&(N), &grp->P) >= 0) \ + MBEDTLS_MPI_CHK(mbedtls_mpi_sub_abs(&(N), &(N), &grp->P)) -static inline int mbedtls_mpi_add_mod( const mbedtls_ecp_group *grp, - mbedtls_mpi *X, - const mbedtls_mpi *A, - const mbedtls_mpi *B ) +static inline int mbedtls_mpi_add_mod(const mbedtls_ecp_group *grp, + mbedtls_mpi *X, + const mbedtls_mpi *A, + const mbedtls_mpi *B) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( X, A, B ) ); - MOD_ADD( *X ); + MBEDTLS_MPI_CHK(mbedtls_mpi_add_mpi(X, A, B)); + MOD_ADD(*X); cleanup: - return( ret ); + return ret; } #if defined(MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED) && \ - !( defined(MBEDTLS_ECP_NO_FALLBACK) && \ - defined(MBEDTLS_ECP_DOUBLE_JAC_ALT) && \ - defined(MBEDTLS_ECP_ADD_MIXED_ALT) ) -static inline int mbedtls_mpi_shift_l_mod( const mbedtls_ecp_group *grp, - mbedtls_mpi *X, - size_t count ) + !(defined(MBEDTLS_ECP_NO_FALLBACK) && \ + defined(MBEDTLS_ECP_DOUBLE_JAC_ALT) && \ + defined(MBEDTLS_ECP_ADD_MIXED_ALT)) +static inline int mbedtls_mpi_shift_l_mod(const mbedtls_ecp_group *grp, + mbedtls_mpi *X, + size_t count) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l( X, count ) ); - MOD_ADD( *X ); + MBEDTLS_MPI_CHK(mbedtls_mpi_shift_l(X, count)); + MOD_ADD(*X); cleanup: - return( ret ); + return ret; } -#endif /* All functions referencing mbedtls_mpi_shift_l_mod() are alt-implemented without fallback */ +#endif \ + /* All functions referencing mbedtls_mpi_shift_l_mod() are alt-implemented without fallback */ #if defined(MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED) /* @@ -1302,46 +1319,48 @@ cleanup: * Normalize jacobian coordinates so that Z == 0 || Z == 1 (GECC 3.2.1) * Cost: 1N := 1I + 3M + 1S */ -static int ecp_normalize_jac( const mbedtls_ecp_group *grp, mbedtls_ecp_point *pt ) +static int ecp_normalize_jac(const mbedtls_ecp_group *grp, mbedtls_ecp_point *pt) { - if( mbedtls_mpi_cmp_int( &pt->Z, 0 ) == 0 ) - return( 0 ); + if (mbedtls_mpi_cmp_int(&pt->Z, 0) == 0) { + return 0; + } #if defined(MBEDTLS_ECP_NORMALIZE_JAC_ALT) - if( mbedtls_internal_ecp_grp_capable( grp ) ) - return( mbedtls_internal_ecp_normalize_jac( grp, pt ) ); + if (mbedtls_internal_ecp_grp_capable(grp)) { + return mbedtls_internal_ecp_normalize_jac(grp, pt); + } #endif /* MBEDTLS_ECP_NORMALIZE_JAC_ALT */ #if defined(MBEDTLS_ECP_NO_FALLBACK) && defined(MBEDTLS_ECP_NORMALIZE_JAC_ALT) - return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE ); + return MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE; #else int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_mpi Zi, ZZi; - mbedtls_mpi_init( &Zi ); mbedtls_mpi_init( &ZZi ); + mbedtls_mpi_init(&Zi); mbedtls_mpi_init(&ZZi); /* * X = X / Z^2 mod p */ - MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( &Zi, &pt->Z, &grp->P ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &ZZi, &Zi, &Zi ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &pt->X, &pt->X, &ZZi ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_inv_mod(&Zi, &pt->Z, &grp->P)); + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &ZZi, &Zi, &Zi)); + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &pt->X, &pt->X, &ZZi)); /* * Y = Y / Z^3 mod p */ - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &pt->Y, &pt->Y, &ZZi ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &pt->Y, &pt->Y, &Zi ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &pt->Y, &pt->Y, &ZZi)); + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &pt->Y, &pt->Y, &Zi)); /* * Z = 1 */ - MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &pt->Z, 1 ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&pt->Z, 1)); cleanup: - mbedtls_mpi_free( &Zi ); mbedtls_mpi_free( &ZZi ); + mbedtls_mpi_free(&Zi); mbedtls_mpi_free(&ZZi); - return( ret ); + return ret; #endif /* !defined(MBEDTLS_ECP_NO_FALLBACK) || !defined(MBEDTLS_ECP_NORMALIZE_JAC_ALT) */ } @@ -1356,68 +1375,68 @@ cleanup: * * Cost: 1N(t) := 1I + (6t - 3)M + 1S */ -static int ecp_normalize_jac_many( const mbedtls_ecp_group *grp, - mbedtls_ecp_point *T[], size_t T_size ) +static int ecp_normalize_jac_many(const mbedtls_ecp_group *grp, + mbedtls_ecp_point *T[], size_t T_size) { - if( T_size < 2 ) - return( ecp_normalize_jac( grp, *T ) ); + if (T_size < 2) { + return ecp_normalize_jac(grp, *T); + } #if defined(MBEDTLS_ECP_NORMALIZE_JAC_MANY_ALT) - if( mbedtls_internal_ecp_grp_capable( grp ) ) - return( mbedtls_internal_ecp_normalize_jac_many( grp, T, T_size ) ); + if (mbedtls_internal_ecp_grp_capable(grp)) { + return mbedtls_internal_ecp_normalize_jac_many(grp, T, T_size); + } #endif #if defined(MBEDTLS_ECP_NO_FALLBACK) && defined(MBEDTLS_ECP_NORMALIZE_JAC_MANY_ALT) - return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE ); + return MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE; #else int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t i; mbedtls_mpi *c, u, Zi, ZZi; - if( ( c = mbedtls_calloc( T_size, sizeof( mbedtls_mpi ) ) ) == NULL ) - return( MBEDTLS_ERR_ECP_ALLOC_FAILED ); + if ((c = mbedtls_calloc(T_size, sizeof(mbedtls_mpi))) == NULL) { + return MBEDTLS_ERR_ECP_ALLOC_FAILED; + } - for( i = 0; i < T_size; i++ ) - mbedtls_mpi_init( &c[i] ); + for (i = 0; i < T_size; i++) { + mbedtls_mpi_init(&c[i]); + } - mbedtls_mpi_init( &u ); mbedtls_mpi_init( &Zi ); mbedtls_mpi_init( &ZZi ); + mbedtls_mpi_init(&u); mbedtls_mpi_init(&Zi); mbedtls_mpi_init(&ZZi); /* * c[i] = Z_0 * ... * Z_i */ - MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &c[0], &T[0]->Z ) ); - for( i = 1; i < T_size; i++ ) - { - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &c[i], &c[i-1], &T[i]->Z ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&c[0], &T[0]->Z)); + for (i = 1; i < T_size; i++) { + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &c[i], &c[i-1], &T[i]->Z)); } /* * u = 1 / (Z_0 * ... * Z_n) mod P */ - MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( &u, &c[T_size-1], &grp->P ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_inv_mod(&u, &c[T_size-1], &grp->P)); - for( i = T_size - 1; ; i-- ) - { + for (i = T_size - 1;; i--) { /* * Zi = 1 / Z_i mod p * u = 1 / (Z_0 * ... * Z_i) mod P */ - if( i == 0 ) { - MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &Zi, &u ) ); - } - else - { - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &Zi, &u, &c[i-1] ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &u, &u, &T[i]->Z ) ); + if (i == 0) { + MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&Zi, &u)); + } else { + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &Zi, &u, &c[i-1])); + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &u, &u, &T[i]->Z)); } /* * proceed as in normalize() */ - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &ZZi, &Zi, &Zi ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &T[i]->X, &T[i]->X, &ZZi ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &T[i]->Y, &T[i]->Y, &ZZi ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &T[i]->Y, &T[i]->Y, &Zi ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &ZZi, &Zi, &Zi)); + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &T[i]->X, &T[i]->X, &ZZi)); + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &T[i]->Y, &T[i]->Y, &ZZi)); + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &T[i]->Y, &T[i]->Y, &Zi)); /* * Post-precessing: reclaim some memory by shrinking coordinates @@ -1425,22 +1444,24 @@ static int ecp_normalize_jac_many( const mbedtls_ecp_group *grp, * - shrinking other coordinates, but still keeping the same number of * limbs as P, as otherwise it will too likely be regrown too fast. */ - MBEDTLS_MPI_CHK( mbedtls_mpi_shrink( &T[i]->X, grp->P.n ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_shrink( &T[i]->Y, grp->P.n ) ); - mbedtls_mpi_free( &T[i]->Z ); + MBEDTLS_MPI_CHK(mbedtls_mpi_shrink(&T[i]->X, grp->P.n)); + MBEDTLS_MPI_CHK(mbedtls_mpi_shrink(&T[i]->Y, grp->P.n)); + mbedtls_mpi_free(&T[i]->Z); - if( i == 0 ) + if (i == 0) { break; + } } cleanup: - mbedtls_mpi_free( &u ); mbedtls_mpi_free( &Zi ); mbedtls_mpi_free( &ZZi ); - for( i = 0; i < T_size; i++ ) - mbedtls_mpi_free( &c[i] ); - mbedtls_free( c ); + mbedtls_mpi_free(&u); mbedtls_mpi_free(&Zi); mbedtls_mpi_free(&ZZi); + for (i = 0; i < T_size; i++) { + mbedtls_mpi_free(&c[i]); + } + mbedtls_free(c); - return( ret ); + return ret; #endif /* !defined(MBEDTLS_ECP_NO_FALLBACK) || !defined(MBEDTLS_ECP_NORMALIZE_JAC_MANY_ALT) */ } @@ -1448,25 +1469,25 @@ cleanup: * Conditional point inversion: Q -> -Q = (Q.X, -Q.Y, Q.Z) without leak. * "inv" must be 0 (don't invert) or 1 (invert) or the result will be invalid */ -static int ecp_safe_invert_jac( const mbedtls_ecp_group *grp, - mbedtls_ecp_point *Q, - unsigned char inv ) +static int ecp_safe_invert_jac(const mbedtls_ecp_group *grp, + mbedtls_ecp_point *Q, + unsigned char inv) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char nonzero; mbedtls_mpi mQY; - mbedtls_mpi_init( &mQY ); + mbedtls_mpi_init(&mQY); /* Use the fact that -Q.Y mod P = P - Q.Y unless Q.Y == 0 */ - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &mQY, &grp->P, &Q->Y ) ); - nonzero = mbedtls_mpi_cmp_int( &Q->Y, 0 ) != 0; - MBEDTLS_MPI_CHK( mbedtls_mpi_safe_cond_assign( &Q->Y, &mQY, inv & nonzero ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mpi(&mQY, &grp->P, &Q->Y)); + nonzero = mbedtls_mpi_cmp_int(&Q->Y, 0) != 0; + MBEDTLS_MPI_CHK(mbedtls_mpi_safe_cond_assign(&Q->Y, &mQY, inv & nonzero)); cleanup: - mbedtls_mpi_free( &mQY ); + mbedtls_mpi_free(&mQY); - return( ret ); + return ret; } /* @@ -1483,85 +1504,82 @@ cleanup: * 4M + 4S (A == -3) * 3M + 6S + 1a otherwise */ -static int ecp_double_jac( const mbedtls_ecp_group *grp, mbedtls_ecp_point *R, - const mbedtls_ecp_point *P ) +static int ecp_double_jac(const mbedtls_ecp_group *grp, mbedtls_ecp_point *R, + const mbedtls_ecp_point *P) { #if defined(MBEDTLS_SELF_TEST) dbl_count++; #endif #if defined(MBEDTLS_ECP_DOUBLE_JAC_ALT) - if( mbedtls_internal_ecp_grp_capable( grp ) ) - return( mbedtls_internal_ecp_double_jac( grp, R, P ) ); + if (mbedtls_internal_ecp_grp_capable(grp)) { + return mbedtls_internal_ecp_double_jac(grp, R, P); + } #endif /* MBEDTLS_ECP_DOUBLE_JAC_ALT */ #if defined(MBEDTLS_ECP_NO_FALLBACK) && defined(MBEDTLS_ECP_DOUBLE_JAC_ALT) - return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE ); + return MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE; #else int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_mpi M, S, T, U; - mbedtls_mpi_init( &M ); mbedtls_mpi_init( &S ); mbedtls_mpi_init( &T ); mbedtls_mpi_init( &U ); + mbedtls_mpi_init(&M); mbedtls_mpi_init(&S); mbedtls_mpi_init(&T); mbedtls_mpi_init(&U); /* Special case for A = -3 */ - if( grp->A.p == NULL ) - { + if (grp->A.p == NULL) { /* M = 3(X + Z^2)(X - Z^2) */ - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &S, &P->Z, &P->Z ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_add_mod( grp, &T, &P->X, &S ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mod( grp, &U, &P->X, &S ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &S, &T, &U ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_int( &M, &S, 3 ) ); MOD_ADD( M ); - } - else - { + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &S, &P->Z, &P->Z)); + MBEDTLS_MPI_CHK(mbedtls_mpi_add_mod(grp, &T, &P->X, &S)); + MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mod(grp, &U, &P->X, &S)); + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &S, &T, &U)); + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_int(&M, &S, 3)); MOD_ADD(M); + } else { /* M = 3.X^2 */ - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &S, &P->X, &P->X ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_int( &M, &S, 3 ) ); MOD_ADD( M ); + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &S, &P->X, &P->X)); + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_int(&M, &S, 3)); MOD_ADD(M); /* Optimize away for "koblitz" curves with A = 0 */ - if( mbedtls_mpi_cmp_int( &grp->A, 0 ) != 0 ) - { + if (mbedtls_mpi_cmp_int(&grp->A, 0) != 0) { /* M += A.Z^4 */ - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &S, &P->Z, &P->Z ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &T, &S, &S ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &S, &T, &grp->A ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_add_mod( grp, &M, &M, &S ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &S, &P->Z, &P->Z)); + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &T, &S, &S)); + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &S, &T, &grp->A)); + MBEDTLS_MPI_CHK(mbedtls_mpi_add_mod(grp, &M, &M, &S)); } } /* S = 4.X.Y^2 */ - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &T, &P->Y, &P->Y ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l_mod( grp, &T, 1 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &S, &P->X, &T ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l_mod( grp, &S, 1 ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &T, &P->Y, &P->Y)); + MBEDTLS_MPI_CHK(mbedtls_mpi_shift_l_mod(grp, &T, 1)); + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &S, &P->X, &T)); + MBEDTLS_MPI_CHK(mbedtls_mpi_shift_l_mod(grp, &S, 1)); /* U = 8.Y^4 */ - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &U, &T, &T ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l_mod( grp, &U, 1 ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &U, &T, &T)); + MBEDTLS_MPI_CHK(mbedtls_mpi_shift_l_mod(grp, &U, 1)); /* T = M^2 - 2.S */ - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &T, &M, &M ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mod( grp, &T, &T, &S ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mod( grp, &T, &T, &S ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &T, &M, &M)); + MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mod(grp, &T, &T, &S)); + MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mod(grp, &T, &T, &S)); /* S = M(S - T) - U */ - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mod( grp, &S, &S, &T ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &S, &S, &M ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mod( grp, &S, &S, &U ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mod(grp, &S, &S, &T)); + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &S, &S, &M)); + MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mod(grp, &S, &S, &U)); /* U = 2.Y.Z */ - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &U, &P->Y, &P->Z ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l_mod( grp, &U, 1 ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &U, &P->Y, &P->Z)); + MBEDTLS_MPI_CHK(mbedtls_mpi_shift_l_mod(grp, &U, 1)); - MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &R->X, &T ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &R->Y, &S ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &R->Z, &U ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&R->X, &T)); + MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&R->Y, &S)); + MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&R->Z, &U)); cleanup: - mbedtls_mpi_free( &M ); mbedtls_mpi_free( &S ); mbedtls_mpi_free( &T ); mbedtls_mpi_free( &U ); + mbedtls_mpi_free(&M); mbedtls_mpi_free(&S); mbedtls_mpi_free(&T); mbedtls_mpi_free(&U); - return( ret ); + return ret; #endif /* !defined(MBEDTLS_ECP_NO_FALLBACK) || !defined(MBEDTLS_ECP_DOUBLE_JAC_ALT) */ } @@ -1583,20 +1601,21 @@ cleanup: * * Cost: 1A := 8M + 3S */ -static int ecp_add_mixed( const mbedtls_ecp_group *grp, mbedtls_ecp_point *R, - const mbedtls_ecp_point *P, const mbedtls_ecp_point *Q ) +static int ecp_add_mixed(const mbedtls_ecp_group *grp, mbedtls_ecp_point *R, + const mbedtls_ecp_point *P, const mbedtls_ecp_point *Q) { #if defined(MBEDTLS_SELF_TEST) add_count++; #endif #if defined(MBEDTLS_ECP_ADD_MIXED_ALT) - if( mbedtls_internal_ecp_grp_capable( grp ) ) - return( mbedtls_internal_ecp_add_mixed( grp, R, P, Q ) ); + if (mbedtls_internal_ecp_grp_capable(grp)) { + return mbedtls_internal_ecp_add_mixed(grp, R, P, Q); + } #endif /* MBEDTLS_ECP_ADD_MIXED_ALT */ #if defined(MBEDTLS_ECP_NO_FALLBACK) && defined(MBEDTLS_ECP_ADD_MIXED_ALT) - return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE ); + return MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE; #else int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_mpi T1, T2, T3, T4, X, Y, Z; @@ -1604,67 +1623,66 @@ static int ecp_add_mixed( const mbedtls_ecp_group *grp, mbedtls_ecp_point *R, /* * Trivial cases: P == 0 or Q == 0 (case 1) */ - if( mbedtls_mpi_cmp_int( &P->Z, 0 ) == 0 ) - return( mbedtls_ecp_copy( R, Q ) ); + if (mbedtls_mpi_cmp_int(&P->Z, 0) == 0) { + return mbedtls_ecp_copy(R, Q); + } - if( Q->Z.p != NULL && mbedtls_mpi_cmp_int( &Q->Z, 0 ) == 0 ) - return( mbedtls_ecp_copy( R, P ) ); + if (Q->Z.p != NULL && mbedtls_mpi_cmp_int(&Q->Z, 0) == 0) { + return mbedtls_ecp_copy(R, P); + } /* * Make sure Q coordinates are normalized */ - if( Q->Z.p != NULL && mbedtls_mpi_cmp_int( &Q->Z, 1 ) != 0 ) - return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); + if (Q->Z.p != NULL && mbedtls_mpi_cmp_int(&Q->Z, 1) != 0) { + return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; + } - mbedtls_mpi_init( &T1 ); mbedtls_mpi_init( &T2 ); mbedtls_mpi_init( &T3 ); mbedtls_mpi_init( &T4 ); - mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y ); mbedtls_mpi_init( &Z ); + mbedtls_mpi_init(&T1); mbedtls_mpi_init(&T2); mbedtls_mpi_init(&T3); mbedtls_mpi_init(&T4); + mbedtls_mpi_init(&X); mbedtls_mpi_init(&Y); mbedtls_mpi_init(&Z); - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &T1, &P->Z, &P->Z ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &T2, &T1, &P->Z ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &T1, &T1, &Q->X ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &T2, &T2, &Q->Y ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mod( grp, &T1, &T1, &P->X ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mod( grp, &T2, &T2, &P->Y ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &T1, &P->Z, &P->Z)); + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &T2, &T1, &P->Z)); + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &T1, &T1, &Q->X)); + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &T2, &T2, &Q->Y)); + MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mod(grp, &T1, &T1, &P->X)); + MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mod(grp, &T2, &T2, &P->Y)); /* Special cases (2) and (3) */ - if( mbedtls_mpi_cmp_int( &T1, 0 ) == 0 ) - { - if( mbedtls_mpi_cmp_int( &T2, 0 ) == 0 ) - { - ret = ecp_double_jac( grp, R, P ); + if (mbedtls_mpi_cmp_int(&T1, 0) == 0) { + if (mbedtls_mpi_cmp_int(&T2, 0) == 0) { + ret = ecp_double_jac(grp, R, P); goto cleanup; - } - else - { - ret = mbedtls_ecp_set_zero( R ); + } else { + ret = mbedtls_ecp_set_zero(R); goto cleanup; } } - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &Z, &P->Z, &T1 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &T3, &T1, &T1 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &T4, &T3, &T1 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &T3, &T3, &P->X ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &T1, &T3 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l_mod( grp, &T1, 1 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &X, &T2, &T2 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mod( grp, &X, &X, &T1 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mod( grp, &X, &X, &T4 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mod( grp, &T3, &T3, &X ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &T3, &T3, &T2 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &T4, &T4, &P->Y ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mod( grp, &Y, &T3, &T4 ) ); - - MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &R->X, &X ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &R->Y, &Y ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &R->Z, &Z ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &Z, &P->Z, &T1)); + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &T3, &T1, &T1)); + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &T4, &T3, &T1)); + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &T3, &T3, &P->X)); + MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&T1, &T3)); + MBEDTLS_MPI_CHK(mbedtls_mpi_shift_l_mod(grp, &T1, 1)); + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &X, &T2, &T2)); + MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mod(grp, &X, &X, &T1)); + MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mod(grp, &X, &X, &T4)); + MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mod(grp, &T3, &T3, &X)); + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &T3, &T3, &T2)); + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &T4, &T4, &P->Y)); + MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mod(grp, &Y, &T3, &T4)); + + MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&R->X, &X)); + MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&R->Y, &Y)); + MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&R->Z, &Z)); cleanup: - mbedtls_mpi_free( &T1 ); mbedtls_mpi_free( &T2 ); mbedtls_mpi_free( &T3 ); mbedtls_mpi_free( &T4 ); - mbedtls_mpi_free( &X ); mbedtls_mpi_free( &Y ); mbedtls_mpi_free( &Z ); + mbedtls_mpi_free(&T1); mbedtls_mpi_free(&T2); mbedtls_mpi_free(&T3); mbedtls_mpi_free(&T4); + mbedtls_mpi_free(&X); mbedtls_mpi_free(&Y); mbedtls_mpi_free(&Z); - return( ret ); + return ret; #endif /* !defined(MBEDTLS_ECP_NO_FALLBACK) || !defined(MBEDTLS_ECP_ADD_MIXED_ALT) */ } @@ -1675,42 +1693,44 @@ cleanup: * * This countermeasure was first suggested in [2]. */ -static int ecp_randomize_jac( const mbedtls_ecp_group *grp, mbedtls_ecp_point *pt, - int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) +static int ecp_randomize_jac(const mbedtls_ecp_group *grp, mbedtls_ecp_point *pt, + int (*f_rng)(void *, unsigned char *, size_t), void *p_rng) { #if defined(MBEDTLS_ECP_RANDOMIZE_JAC_ALT) - if( mbedtls_internal_ecp_grp_capable( grp ) ) - return( mbedtls_internal_ecp_randomize_jac( grp, pt, f_rng, p_rng ) ); + if (mbedtls_internal_ecp_grp_capable(grp)) { + return mbedtls_internal_ecp_randomize_jac(grp, pt, f_rng, p_rng); + } #endif /* MBEDTLS_ECP_RANDOMIZE_JAC_ALT */ #if defined(MBEDTLS_ECP_NO_FALLBACK) && defined(MBEDTLS_ECP_RANDOMIZE_JAC_ALT) - return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE ); + return MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE; #else int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_mpi l, ll; - mbedtls_mpi_init( &l ); mbedtls_mpi_init( &ll ); + mbedtls_mpi_init(&l); mbedtls_mpi_init(&ll); /* Generate l such that 1 < l < p */ - MBEDTLS_MPI_CHK( mbedtls_mpi_random( &l, 2, &grp->P, f_rng, p_rng ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_random(&l, 2, &grp->P, f_rng, p_rng)); /* Z = l * Z */ - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &pt->Z, &pt->Z, &l ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &pt->Z, &pt->Z, &l)); /* X = l^2 * X */ - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &ll, &l, &l ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &pt->X, &pt->X, &ll ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &ll, &l, &l)); + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &pt->X, &pt->X, &ll)); /* Y = l^3 * Y */ - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &ll, &ll, &l ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &pt->Y, &pt->Y, &ll ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &ll, &ll, &l)); + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &pt->Y, &pt->Y, &ll)); cleanup: - mbedtls_mpi_free( &l ); mbedtls_mpi_free( &ll ); + mbedtls_mpi_free(&l); mbedtls_mpi_free(&ll); - if( ret == MBEDTLS_ERR_MPI_NOT_ACCEPTABLE ) + if (ret == MBEDTLS_ERR_MPI_NOT_ACCEPTABLE) { ret = MBEDTLS_ERR_ECP_RANDOM_FAILED; - return( ret ); + } + return ret; #endif /* !defined(MBEDTLS_ECP_NO_FALLBACK) || !defined(MBEDTLS_ECP_RANDOMIZE_JAC_ALT) */ } @@ -1722,10 +1742,10 @@ cleanup: #endif /* d = ceil( n / w ) */ -#define COMB_MAX_D ( MBEDTLS_ECP_MAX_BITS + 1 ) / 2 +#define COMB_MAX_D (MBEDTLS_ECP_MAX_BITS + 1) / 2 /* number of precomputed points */ -#define COMB_MAX_PRE ( 1 << ( MBEDTLS_ECP_WINDOW_SIZE - 1 ) ) +#define COMB_MAX_PRE (1 << (MBEDTLS_ECP_WINDOW_SIZE - 1)) /* * Compute the representation of m that will be used with our comb method. @@ -1774,32 +1794,33 @@ cleanup: * - m is the MPI, expected to be odd and such that bitlength(m) <= w * d * (the result will be incorrect if these assumptions are not satisfied) */ -static void ecp_comb_recode_core( unsigned char x[], size_t d, - unsigned char w, const mbedtls_mpi *m ) +static void ecp_comb_recode_core(unsigned char x[], size_t d, + unsigned char w, const mbedtls_mpi *m) { size_t i, j; unsigned char c, cc, adjust; - memset( x, 0, d+1 ); + memset(x, 0, d+1); /* First get the classical comb values (except for x_d = 0) */ - for( i = 0; i < d; i++ ) - for( j = 0; j < w; j++ ) - x[i] |= mbedtls_mpi_get_bit( m, i + d * j ) << j; + for (i = 0; i < d; i++) { + for (j = 0; j < w; j++) { + x[i] |= mbedtls_mpi_get_bit(m, i + d * j) << j; + } + } /* Now make sure x_1 .. x_d are odd */ c = 0; - for( i = 1; i <= d; i++ ) - { + for (i = 1; i <= d; i++) { /* Add carry and update it */ cc = x[i] & c; x[i] = x[i] ^ c; c = cc; /* Adjust if needed, avoiding branches */ - adjust = 1 - ( x[i] & 0x01 ); - c |= x[i] & ( x[i-1] * adjust ); - x[i] = x[i] ^ ( x[i-1] * adjust ); + adjust = 1 - (x[i] & 0x01); + c |= x[i] & (x[i-1] * adjust); + x[i] = x[i] ^ (x[i-1] * adjust); x[i-1] |= adjust << 7; } } @@ -1838,36 +1859,38 @@ static void ecp_comb_recode_core( unsigned char x[], size_t d, * value, it's useful to set MBEDTLS_ECP_WINDOW_SIZE to a lower value in order * to minimize maximum blocking time. */ -static int ecp_precompute_comb( const mbedtls_ecp_group *grp, - mbedtls_ecp_point T[], const mbedtls_ecp_point *P, - unsigned char w, size_t d, - mbedtls_ecp_restart_ctx *rs_ctx ) +static int ecp_precompute_comb(const mbedtls_ecp_group *grp, + mbedtls_ecp_point T[], const mbedtls_ecp_point *P, + unsigned char w, size_t d, + mbedtls_ecp_restart_ctx *rs_ctx) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char i; size_t j = 0; - const unsigned char T_size = 1U << ( w - 1 ); + const unsigned char T_size = 1U << (w - 1); mbedtls_ecp_point *cur, *TT[COMB_MAX_PRE - 1]; #if defined(MBEDTLS_ECP_RESTARTABLE) - if( rs_ctx != NULL && rs_ctx->rsm != NULL ) - { - if( rs_ctx->rsm->state == ecp_rsm_pre_dbl ) + if (rs_ctx != NULL && rs_ctx->rsm != NULL) { + if (rs_ctx->rsm->state == ecp_rsm_pre_dbl) { goto dbl; - if( rs_ctx->rsm->state == ecp_rsm_pre_norm_dbl ) + } + if (rs_ctx->rsm->state == ecp_rsm_pre_norm_dbl) { goto norm_dbl; - if( rs_ctx->rsm->state == ecp_rsm_pre_add ) + } + if (rs_ctx->rsm->state == ecp_rsm_pre_add) { goto add; - if( rs_ctx->rsm->state == ecp_rsm_pre_norm_add ) + } + if (rs_ctx->rsm->state == ecp_rsm_pre_norm_add) { goto norm_add; + } } #else (void) rs_ctx; #endif #if defined(MBEDTLS_ECP_RESTARTABLE) - if( rs_ctx != NULL && rs_ctx->rsm != NULL ) - { + if (rs_ctx != NULL && rs_ctx->rsm != NULL) { rs_ctx->rsm->state = ecp_rsm_pre_dbl; /* initial state for the loop */ @@ -1880,31 +1903,32 @@ dbl: * Set T[0] = P and * T[2^{l-1}] = 2^{dl} P for l = 1 .. w-1 (this is not the final value) */ - MBEDTLS_MPI_CHK( mbedtls_ecp_copy( &T[0], P ) ); + MBEDTLS_MPI_CHK(mbedtls_ecp_copy(&T[0], P)); #if defined(MBEDTLS_ECP_RESTARTABLE) - if( rs_ctx != NULL && rs_ctx->rsm != NULL && rs_ctx->rsm->i != 0 ) + if (rs_ctx != NULL && rs_ctx->rsm != NULL && rs_ctx->rsm->i != 0) { j = rs_ctx->rsm->i; - else + } else #endif - j = 0; + j = 0; - for( ; j < d * ( w - 1 ); j++ ) - { - MBEDTLS_ECP_BUDGET( MBEDTLS_ECP_OPS_DBL ); + for (; j < d * (w - 1); j++) { + MBEDTLS_ECP_BUDGET(MBEDTLS_ECP_OPS_DBL); - i = 1U << ( j / d ); + i = 1U << (j / d); cur = T + i; - if( j % d == 0 ) - MBEDTLS_MPI_CHK( mbedtls_ecp_copy( cur, T + ( i >> 1 ) ) ); + if (j % d == 0) { + MBEDTLS_MPI_CHK(mbedtls_ecp_copy(cur, T + (i >> 1))); + } - MBEDTLS_MPI_CHK( ecp_double_jac( grp, cur, cur ) ); + MBEDTLS_MPI_CHK(ecp_double_jac(grp, cur, cur)); } #if defined(MBEDTLS_ECP_RESTARTABLE) - if( rs_ctx != NULL && rs_ctx->rsm != NULL ) + if (rs_ctx != NULL && rs_ctx->rsm != NULL) { rs_ctx->rsm->state = ecp_rsm_pre_norm_dbl; + } norm_dbl: #endif @@ -1913,16 +1937,18 @@ norm_dbl: * use an auxiliary array of pointers to elements in T. */ j = 0; - for( i = 1; i < T_size; i <<= 1 ) + for (i = 1; i < T_size; i <<= 1) { TT[j++] = T + i; + } - MBEDTLS_ECP_BUDGET( MBEDTLS_ECP_OPS_INV + 6 * j - 2 ); + MBEDTLS_ECP_BUDGET(MBEDTLS_ECP_OPS_INV + 6 * j - 2); - MBEDTLS_MPI_CHK( ecp_normalize_jac_many( grp, TT, j ) ); + MBEDTLS_MPI_CHK(ecp_normalize_jac_many(grp, TT, j)); #if defined(MBEDTLS_ECP_RESTARTABLE) - if( rs_ctx != NULL && rs_ctx->rsm != NULL ) + if (rs_ctx != NULL && rs_ctx->rsm != NULL) { rs_ctx->rsm->state = ecp_rsm_pre_add; + } add: #endif @@ -1930,18 +1956,19 @@ add: * Compute the remaining ones using the minimal number of additions * Be careful to update T[2^l] only after using it! */ - MBEDTLS_ECP_BUDGET( ( T_size - 1 ) * MBEDTLS_ECP_OPS_ADD ); + MBEDTLS_ECP_BUDGET((T_size - 1) * MBEDTLS_ECP_OPS_ADD); - for( i = 1; i < T_size; i <<= 1 ) - { + for (i = 1; i < T_size; i <<= 1) { j = i; - while( j-- ) - MBEDTLS_MPI_CHK( ecp_add_mixed( grp, &T[i + j], &T[j], &T[i] ) ); + while (j--) { + MBEDTLS_MPI_CHK(ecp_add_mixed(grp, &T[i + j], &T[j], &T[i])); + } } #if defined(MBEDTLS_ECP_RESTARTABLE) - if( rs_ctx != NULL && rs_ctx->rsm != NULL ) + if (rs_ctx != NULL && rs_ctx->rsm != NULL) { rs_ctx->rsm->state = ecp_rsm_pre_norm_add; + } norm_add: #endif @@ -1950,24 +1977,25 @@ norm_add: * still need the auxiliary array for homogeneity with the previous * call. Also, skip T[0] which is already normalised, being a copy of P. */ - for( j = 0; j + 1 < T_size; j++ ) + for (j = 0; j + 1 < T_size; j++) { TT[j] = T + j + 1; + } - MBEDTLS_ECP_BUDGET( MBEDTLS_ECP_OPS_INV + 6 * j - 2 ); + MBEDTLS_ECP_BUDGET(MBEDTLS_ECP_OPS_INV + 6 * j - 2); - MBEDTLS_MPI_CHK( ecp_normalize_jac_many( grp, TT, j ) ); + MBEDTLS_MPI_CHK(ecp_normalize_jac_many(grp, TT, j)); cleanup: #if defined(MBEDTLS_ECP_RESTARTABLE) - if( rs_ctx != NULL && rs_ctx->rsm != NULL && - ret == MBEDTLS_ERR_ECP_IN_PROGRESS ) - { - if( rs_ctx->rsm->state == ecp_rsm_pre_dbl ) + if (rs_ctx != NULL && rs_ctx->rsm != NULL && + ret == MBEDTLS_ERR_ECP_IN_PROGRESS) { + if (rs_ctx->rsm->state == ecp_rsm_pre_dbl) { rs_ctx->rsm->i = j; + } } #endif - return( ret ); + return ret; } /* @@ -1975,28 +2003,27 @@ cleanup: * * See ecp_comb_recode_core() for background */ -static int ecp_select_comb( const mbedtls_ecp_group *grp, mbedtls_ecp_point *R, - const mbedtls_ecp_point T[], unsigned char T_size, - unsigned char i ) +static int ecp_select_comb(const mbedtls_ecp_group *grp, mbedtls_ecp_point *R, + const mbedtls_ecp_point T[], unsigned char T_size, + unsigned char i) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char ii, j; /* Ignore the "sign" bit and scale down */ - ii = ( i & 0x7Fu ) >> 1; + ii = (i & 0x7Fu) >> 1; /* Read the whole table to thwart cache-based timing attacks */ - for( j = 0; j < T_size; j++ ) - { - MBEDTLS_MPI_CHK( mbedtls_mpi_safe_cond_assign( &R->X, &T[j].X, j == ii ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_safe_cond_assign( &R->Y, &T[j].Y, j == ii ) ); + for (j = 0; j < T_size; j++) { + MBEDTLS_MPI_CHK(mbedtls_mpi_safe_cond_assign(&R->X, &T[j].X, j == ii)); + MBEDTLS_MPI_CHK(mbedtls_mpi_safe_cond_assign(&R->Y, &T[j].Y, j == ii)); } /* Safely invert result if i is "negative" */ - MBEDTLS_MPI_CHK( ecp_safe_invert_jac( grp, R, i >> 7 ) ); + MBEDTLS_MPI_CHK(ecp_safe_invert_jac(grp, R, i >> 7)); cleanup: - return( ret ); + return ret; } /* @@ -2005,78 +2032,76 @@ cleanup: * * Cost: d A + d D + 1 R */ -static int ecp_mul_comb_core( const mbedtls_ecp_group *grp, mbedtls_ecp_point *R, - const mbedtls_ecp_point T[], unsigned char T_size, - const unsigned char x[], size_t d, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng, - mbedtls_ecp_restart_ctx *rs_ctx ) +static int ecp_mul_comb_core(const mbedtls_ecp_group *grp, mbedtls_ecp_point *R, + const mbedtls_ecp_point T[], unsigned char T_size, + const unsigned char x[], size_t d, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng, + mbedtls_ecp_restart_ctx *rs_ctx) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_ecp_point Txi; size_t i; - mbedtls_ecp_point_init( &Txi ); + mbedtls_ecp_point_init(&Txi); #if !defined(MBEDTLS_ECP_RESTARTABLE) (void) rs_ctx; #endif #if defined(MBEDTLS_ECP_RESTARTABLE) - if( rs_ctx != NULL && rs_ctx->rsm != NULL && - rs_ctx->rsm->state != ecp_rsm_comb_core ) - { + if (rs_ctx != NULL && rs_ctx->rsm != NULL && + rs_ctx->rsm->state != ecp_rsm_comb_core) { rs_ctx->rsm->i = 0; rs_ctx->rsm->state = ecp_rsm_comb_core; } /* new 'if' instead of nested for the sake of the 'else' branch */ - if( rs_ctx != NULL && rs_ctx->rsm != NULL && rs_ctx->rsm->i != 0 ) - { + if (rs_ctx != NULL && rs_ctx->rsm != NULL && rs_ctx->rsm->i != 0) { /* restore current index (R already pointing to rs_ctx->rsm->R) */ i = rs_ctx->rsm->i; - } - else + } else #endif { + int have_rng = 1; + /* Start with a non-zero point and randomize its coordinates */ i = d; - MBEDTLS_MPI_CHK( ecp_select_comb( grp, R, T, T_size, x[i] ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &R->Z, 1 ) ); + MBEDTLS_MPI_CHK(ecp_select_comb(grp, R, T, T_size, x[i])); + MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&R->Z, 1)); - int have_rng = 1; #if defined(MBEDTLS_ECP_NO_INTERNAL_RNG) - if( f_rng == NULL ) + if (f_rng == NULL) { have_rng = 0; + } #endif - if( have_rng ) - MBEDTLS_MPI_CHK( ecp_randomize_jac( grp, R, f_rng, p_rng ) ); + if (have_rng) { + MBEDTLS_MPI_CHK(ecp_randomize_jac(grp, R, f_rng, p_rng)); + } } - while( i != 0 ) - { - MBEDTLS_ECP_BUDGET( MBEDTLS_ECP_OPS_DBL + MBEDTLS_ECP_OPS_ADD ); + while (i != 0) { + MBEDTLS_ECP_BUDGET(MBEDTLS_ECP_OPS_DBL + MBEDTLS_ECP_OPS_ADD); --i; - MBEDTLS_MPI_CHK( ecp_double_jac( grp, R, R ) ); - MBEDTLS_MPI_CHK( ecp_select_comb( grp, &Txi, T, T_size, x[i] ) ); - MBEDTLS_MPI_CHK( ecp_add_mixed( grp, R, R, &Txi ) ); + MBEDTLS_MPI_CHK(ecp_double_jac(grp, R, R)); + MBEDTLS_MPI_CHK(ecp_select_comb(grp, &Txi, T, T_size, x[i])); + MBEDTLS_MPI_CHK(ecp_add_mixed(grp, R, R, &Txi)); } cleanup: - mbedtls_ecp_point_free( &Txi ); + mbedtls_ecp_point_free(&Txi); #if defined(MBEDTLS_ECP_RESTARTABLE) - if( rs_ctx != NULL && rs_ctx->rsm != NULL && - ret == MBEDTLS_ERR_ECP_IN_PROGRESS ) - { + if (rs_ctx != NULL && rs_ctx->rsm != NULL && + ret == MBEDTLS_ERR_ECP_IN_PROGRESS) { rs_ctx->rsm->i = i; /* no need to save R, already pointing to rs_ctx->rsm->R */ } #endif - return( ret ); + return ret; } /* @@ -2091,39 +2116,40 @@ cleanup: * * See ecp_comb_recode_core() for background. */ -static int ecp_comb_recode_scalar( const mbedtls_ecp_group *grp, - const mbedtls_mpi *m, - unsigned char k[COMB_MAX_D + 1], - size_t d, - unsigned char w, - unsigned char *parity_trick ) +static int ecp_comb_recode_scalar(const mbedtls_ecp_group *grp, + const mbedtls_mpi *m, + unsigned char k[COMB_MAX_D + 1], + size_t d, + unsigned char w, + unsigned char *parity_trick) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_mpi M, mm; - mbedtls_mpi_init( &M ); - mbedtls_mpi_init( &mm ); + mbedtls_mpi_init(&M); + mbedtls_mpi_init(&mm); /* N is always odd (see above), just make extra sure */ - if( mbedtls_mpi_get_bit( &grp->N, 0 ) != 1 ) - return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); + if (mbedtls_mpi_get_bit(&grp->N, 0) != 1) { + return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; + } /* do we need the parity trick? */ - *parity_trick = ( mbedtls_mpi_get_bit( m, 0 ) == 0 ); + *parity_trick = (mbedtls_mpi_get_bit(m, 0) == 0); /* execute parity fix in constant time */ - MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &M, m ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &mm, &grp->N, m ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_safe_cond_assign( &M, &mm, *parity_trick ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&M, m)); + MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mpi(&mm, &grp->N, m)); + MBEDTLS_MPI_CHK(mbedtls_mpi_safe_cond_assign(&M, &mm, *parity_trick)); /* actual scalar recoding */ - ecp_comb_recode_core( k, d, w, &M ); + ecp_comb_recode_core(k, d, w, &M); cleanup: - mbedtls_mpi_free( &mm ); - mbedtls_mpi_free( &M ); + mbedtls_mpi_free(&mm); + mbedtls_mpi_free(&M); - return( ret ); + return ret; } /* @@ -2133,44 +2159,46 @@ cleanup: * Scalar recoding may use a parity trick that makes us compute -m * P, * if that is the case we'll need to recover m * P at the end. */ -static int ecp_mul_comb_after_precomp( const mbedtls_ecp_group *grp, - mbedtls_ecp_point *R, - const mbedtls_mpi *m, - const mbedtls_ecp_point *T, - unsigned char T_size, - unsigned char w, - size_t d, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng, - mbedtls_ecp_restart_ctx *rs_ctx ) +static int ecp_mul_comb_after_precomp(const mbedtls_ecp_group *grp, + mbedtls_ecp_point *R, + const mbedtls_mpi *m, + const mbedtls_ecp_point *T, + unsigned char T_size, + unsigned char w, + size_t d, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng, + mbedtls_ecp_restart_ctx *rs_ctx) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char parity_trick; unsigned char k[COMB_MAX_D + 1]; mbedtls_ecp_point *RR = R; + int have_rng = 1; #if defined(MBEDTLS_ECP_RESTARTABLE) - if( rs_ctx != NULL && rs_ctx->rsm != NULL ) - { + if (rs_ctx != NULL && rs_ctx->rsm != NULL) { RR = &rs_ctx->rsm->R; - if( rs_ctx->rsm->state == ecp_rsm_final_norm ) + if (rs_ctx->rsm->state == ecp_rsm_final_norm) { goto final_norm; + } } #endif - MBEDTLS_MPI_CHK( ecp_comb_recode_scalar( grp, m, k, d, w, - &parity_trick ) ); - MBEDTLS_MPI_CHK( ecp_mul_comb_core( grp, RR, T, T_size, k, d, - f_rng, p_rng, rs_ctx ) ); - MBEDTLS_MPI_CHK( ecp_safe_invert_jac( grp, RR, parity_trick ) ); + MBEDTLS_MPI_CHK(ecp_comb_recode_scalar(grp, m, k, d, w, + &parity_trick)); + MBEDTLS_MPI_CHK(ecp_mul_comb_core(grp, RR, T, T_size, k, d, + f_rng, p_rng, rs_ctx)); + MBEDTLS_MPI_CHK(ecp_safe_invert_jac(grp, RR, parity_trick)); #if defined(MBEDTLS_ECP_RESTARTABLE) - if( rs_ctx != NULL && rs_ctx->rsm != NULL ) + if (rs_ctx != NULL && rs_ctx->rsm != NULL) { rs_ctx->rsm->state = ecp_rsm_final_norm; + } final_norm: - MBEDTLS_ECP_BUDGET( MBEDTLS_ECP_OPS_INV ); + MBEDTLS_ECP_BUDGET(MBEDTLS_ECP_OPS_INV); #endif /* * Knowledge of the jacobian coordinates may leak the last few bits of the @@ -2183,30 +2211,32 @@ final_norm: * * Avoid the leak by randomizing coordinates before we normalize them. */ - int have_rng = 1; #if defined(MBEDTLS_ECP_NO_INTERNAL_RNG) - if( f_rng == NULL ) + if (f_rng == NULL) { have_rng = 0; + } #endif - if( have_rng ) - MBEDTLS_MPI_CHK( ecp_randomize_jac( grp, RR, f_rng, p_rng ) ); + if (have_rng) { + MBEDTLS_MPI_CHK(ecp_randomize_jac(grp, RR, f_rng, p_rng)); + } - MBEDTLS_MPI_CHK( ecp_normalize_jac( grp, RR ) ); + MBEDTLS_MPI_CHK(ecp_normalize_jac(grp, RR)); #if defined(MBEDTLS_ECP_RESTARTABLE) - if( rs_ctx != NULL && rs_ctx->rsm != NULL ) - MBEDTLS_MPI_CHK( mbedtls_ecp_copy( R, RR ) ); + if (rs_ctx != NULL && rs_ctx->rsm != NULL) { + MBEDTLS_MPI_CHK(mbedtls_ecp_copy(R, RR)); + } #endif cleanup: - return( ret ); + return ret; } /* * Pick window size based on curve size and whether we optimize for base point */ -static unsigned char ecp_pick_window_size( const mbedtls_ecp_group *grp, - unsigned char p_eq_g ) +static unsigned char ecp_pick_window_size(const mbedtls_ecp_group *grp, + unsigned char p_eq_g) { unsigned char w; @@ -2222,21 +2252,24 @@ static unsigned char ecp_pick_window_size( const mbedtls_ecp_group *grp, * Just adding one avoids upping the cost of the first mul too much, * and the memory cost too. */ - if( p_eq_g ) + if (p_eq_g) { w++; + } /* * Make sure w is within bounds. * (The last test is useful only for very small curves in the test suite.) */ -#if( MBEDTLS_ECP_WINDOW_SIZE < 6 ) - if( w > MBEDTLS_ECP_WINDOW_SIZE ) +#if (MBEDTLS_ECP_WINDOW_SIZE < 6) + if (w > MBEDTLS_ECP_WINDOW_SIZE) { w = MBEDTLS_ECP_WINDOW_SIZE; + } #endif - if( w >= grp->nbits ) + if (w >= grp->nbits) { w = 2; + } - return( w ); + return w; } /* @@ -2252,11 +2285,11 @@ static unsigned char ecp_pick_window_size( const mbedtls_ecp_group *grp, * * See comments on ecp_comb_recode_core() regarding the computation strategy. */ -static int ecp_mul_comb( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, - const mbedtls_mpi *m, const mbedtls_ecp_point *P, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng, - mbedtls_ecp_restart_ctx *rs_ctx ) +static int ecp_mul_comb(mbedtls_ecp_group *grp, mbedtls_ecp_point *R, + const mbedtls_mpi *m, const mbedtls_ecp_point *P, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng, + mbedtls_ecp_restart_ctx *rs_ctx) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char w, p_eq_g, i; @@ -2266,64 +2299,61 @@ static int ecp_mul_comb( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, #if !defined(MBEDTLS_ECP_NO_INTERNAL_RNG) ecp_drbg_context drbg_ctx; - ecp_drbg_init( &drbg_ctx ); + ecp_drbg_init(&drbg_ctx); #endif - ECP_RS_ENTER( rsm ); + ECP_RS_ENTER(rsm); #if !defined(MBEDTLS_ECP_NO_INTERNAL_RNG) - if( f_rng == NULL ) - { + if (f_rng == NULL) { /* Adjust pointers */ f_rng = &ecp_drbg_random; #if defined(MBEDTLS_ECP_RESTARTABLE) - if( rs_ctx != NULL && rs_ctx->rsm != NULL ) + if (rs_ctx != NULL && rs_ctx->rsm != NULL) { p_rng = &rs_ctx->rsm->drbg_ctx; - else + } else #endif - p_rng = &drbg_ctx; + p_rng = &drbg_ctx; /* Initialize internal DRBG if necessary */ #if defined(MBEDTLS_ECP_RESTARTABLE) - if( rs_ctx == NULL || rs_ctx->rsm == NULL || - rs_ctx->rsm->drbg_seeded == 0 ) + if (rs_ctx == NULL || rs_ctx->rsm == NULL || + rs_ctx->rsm->drbg_seeded == 0) #endif { - const size_t m_len = ( grp->nbits + 7 ) / 8; - MBEDTLS_MPI_CHK( ecp_drbg_seed( p_rng, m, m_len ) ); + const size_t m_len = (grp->nbits + 7) / 8; + MBEDTLS_MPI_CHK(ecp_drbg_seed(p_rng, m, m_len)); } #if defined(MBEDTLS_ECP_RESTARTABLE) - if( rs_ctx != NULL && rs_ctx->rsm != NULL ) + if (rs_ctx != NULL && rs_ctx->rsm != NULL) { rs_ctx->rsm->drbg_seeded = 1; + } #endif } #endif /* !MBEDTLS_ECP_NO_INTERNAL_RNG */ /* Is P the base point ? */ #if MBEDTLS_ECP_FIXED_POINT_OPTIM == 1 - p_eq_g = ( mbedtls_mpi_cmp_mpi( &P->Y, &grp->G.Y ) == 0 && - mbedtls_mpi_cmp_mpi( &P->X, &grp->G.X ) == 0 ); + p_eq_g = (mbedtls_mpi_cmp_mpi(&P->Y, &grp->G.Y) == 0 && + mbedtls_mpi_cmp_mpi(&P->X, &grp->G.X) == 0); #else p_eq_g = 0; #endif /* Pick window size and deduce related sizes */ - w = ecp_pick_window_size( grp, p_eq_g ); - T_size = 1U << ( w - 1 ); - d = ( grp->nbits + w - 1 ) / w; + w = ecp_pick_window_size(grp, p_eq_g); + T_size = 1U << (w - 1); + d = (grp->nbits + w - 1) / w; /* Pre-computed table: do we have it already for the base point? */ - if( p_eq_g && grp->T != NULL ) - { + if (p_eq_g && grp->T != NULL) { /* second pointer to the same table, will be deleted on exit */ T = grp->T; T_ok = 1; - } - else + } else #if defined(MBEDTLS_ECP_RESTARTABLE) /* Pre-computed table: do we have one in progress? complete? */ - if( rs_ctx != NULL && rs_ctx->rsm != NULL && rs_ctx->rsm->T != NULL ) - { + if (rs_ctx != NULL && rs_ctx->rsm != NULL && rs_ctx->rsm->T != NULL) { /* transfer ownership of T from rsm to local function */ T = rs_ctx->rsm->T; rs_ctx->rsm->T = NULL; @@ -2331,31 +2361,28 @@ static int ecp_mul_comb( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, /* This effectively jumps to the call to mul_comb_after_precomp() */ T_ok = rs_ctx->rsm->state >= ecp_rsm_comb_core; - } - else + } else #endif /* Allocate table if we didn't have any */ { - T = mbedtls_calloc( T_size, sizeof( mbedtls_ecp_point ) ); - if( T == NULL ) - { + T = mbedtls_calloc(T_size, sizeof(mbedtls_ecp_point)); + if (T == NULL) { ret = MBEDTLS_ERR_ECP_ALLOC_FAILED; goto cleanup; } - for( i = 0; i < T_size; i++ ) - mbedtls_ecp_point_init( &T[i] ); + for (i = 0; i < T_size; i++) { + mbedtls_ecp_point_init(&T[i]); + } T_ok = 0; } /* Compute table (or finish computing it) if not done already */ - if( !T_ok ) - { - MBEDTLS_MPI_CHK( ecp_precompute_comb( grp, T, P, w, d, rs_ctx ) ); + if (!T_ok) { + MBEDTLS_MPI_CHK(ecp_precompute_comb(grp, T, P, w, d, rs_ctx)); - if( p_eq_g ) - { + if (p_eq_g) { /* almost transfer ownership of T to the group, but keep a copy of * the pointer to use for calling the next function more easily */ grp->T = T; @@ -2364,24 +2391,24 @@ static int ecp_mul_comb( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, } /* Actual comb multiplication using precomputed points */ - MBEDTLS_MPI_CHK( ecp_mul_comb_after_precomp( grp, R, m, - T, T_size, w, d, - f_rng, p_rng, rs_ctx ) ); + MBEDTLS_MPI_CHK(ecp_mul_comb_after_precomp(grp, R, m, + T, T_size, w, d, + f_rng, p_rng, rs_ctx)); cleanup: #if !defined(MBEDTLS_ECP_NO_INTERNAL_RNG) - ecp_drbg_free( &drbg_ctx ); + ecp_drbg_free(&drbg_ctx); #endif /* does T belong to the group? */ - if( T == grp->T ) + if (T == grp->T) { T = NULL; + } /* does T belong to the restart context? */ #if defined(MBEDTLS_ECP_RESTARTABLE) - if( rs_ctx != NULL && rs_ctx->rsm != NULL && ret == MBEDTLS_ERR_ECP_IN_PROGRESS && T != NULL ) - { + if (rs_ctx != NULL && rs_ctx->rsm != NULL && ret == MBEDTLS_ERR_ECP_IN_PROGRESS && T != NULL) { /* transfer ownership of T from local function to rsm */ rs_ctx->rsm->T_size = T_size; rs_ctx->rsm->T = T; @@ -2390,26 +2417,28 @@ cleanup: #endif /* did T belong to us? then let's destroy it! */ - if( T != NULL ) - { - for( i = 0; i < T_size; i++ ) - mbedtls_ecp_point_free( &T[i] ); - mbedtls_free( T ); + if (T != NULL) { + for (i = 0; i < T_size; i++) { + mbedtls_ecp_point_free(&T[i]); + } + mbedtls_free(T); } /* prevent caller from using invalid value */ - int should_free_R = ( ret != 0 ); + int should_free_R = (ret != 0); #if defined(MBEDTLS_ECP_RESTARTABLE) /* don't free R while in progress in case R == P */ - if( ret == MBEDTLS_ERR_ECP_IN_PROGRESS ) + if (ret == MBEDTLS_ERR_ECP_IN_PROGRESS) { should_free_R = 0; + } #endif - if( should_free_R ) - mbedtls_ecp_point_free( R ); + if (should_free_R) { + mbedtls_ecp_point_free(R); + } - ECP_RS_LEAVE( rsm ); + ECP_RS_LEAVE(rsm); - return( ret ); + return ret; } #endif /* MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED */ @@ -2427,23 +2456,24 @@ cleanup: * Normalize Montgomery x/z coordinates: X = X/Z, Z = 1 * Cost: 1M + 1I */ -static int ecp_normalize_mxz( const mbedtls_ecp_group *grp, mbedtls_ecp_point *P ) +static int ecp_normalize_mxz(const mbedtls_ecp_group *grp, mbedtls_ecp_point *P) { #if defined(MBEDTLS_ECP_NORMALIZE_MXZ_ALT) - if( mbedtls_internal_ecp_grp_capable( grp ) ) - return( mbedtls_internal_ecp_normalize_mxz( grp, P ) ); + if (mbedtls_internal_ecp_grp_capable(grp)) { + return mbedtls_internal_ecp_normalize_mxz(grp, P); + } #endif /* MBEDTLS_ECP_NORMALIZE_MXZ_ALT */ #if defined(MBEDTLS_ECP_NO_FALLBACK) && defined(MBEDTLS_ECP_NORMALIZE_MXZ_ALT) - return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE ); + return MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE; #else int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( &P->Z, &P->Z, &grp->P ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &P->X, &P->X, &P->Z ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &P->Z, 1 ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_inv_mod(&P->Z, &P->Z, &grp->P)); + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &P->X, &P->X, &P->Z)); + MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&P->Z, 1)); cleanup: - return( ret ); + return ret; #endif /* !defined(MBEDTLS_ECP_NO_FALLBACK) || !defined(MBEDTLS_ECP_NORMALIZE_MXZ_ALT) */ } @@ -2455,33 +2485,35 @@ cleanup: * This countermeasure was first suggested in [2]. * Cost: 2M */ -static int ecp_randomize_mxz( const mbedtls_ecp_group *grp, mbedtls_ecp_point *P, - int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) +static int ecp_randomize_mxz(const mbedtls_ecp_group *grp, mbedtls_ecp_point *P, + int (*f_rng)(void *, unsigned char *, size_t), void *p_rng) { #if defined(MBEDTLS_ECP_RANDOMIZE_MXZ_ALT) - if( mbedtls_internal_ecp_grp_capable( grp ) ) - return( mbedtls_internal_ecp_randomize_mxz( grp, P, f_rng, p_rng ) ); + if (mbedtls_internal_ecp_grp_capable(grp)) { + return mbedtls_internal_ecp_randomize_mxz(grp, P, f_rng, p_rng); + } #endif /* MBEDTLS_ECP_RANDOMIZE_MXZ_ALT */ #if defined(MBEDTLS_ECP_NO_FALLBACK) && defined(MBEDTLS_ECP_RANDOMIZE_MXZ_ALT) - return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE ); + return MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE; #else int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_mpi l; - mbedtls_mpi_init( &l ); + mbedtls_mpi_init(&l); /* Generate l such that 1 < l < p */ - MBEDTLS_MPI_CHK( mbedtls_mpi_random( &l, 2, &grp->P, f_rng, p_rng ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_random(&l, 2, &grp->P, f_rng, p_rng)); - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &P->X, &P->X, &l ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &P->Z, &P->Z, &l ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &P->X, &P->X, &l)); + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &P->Z, &P->Z, &l)); cleanup: - mbedtls_mpi_free( &l ); + mbedtls_mpi_free(&l); - if( ret == MBEDTLS_ERR_MPI_NOT_ACCEPTABLE ) + if (ret == MBEDTLS_ERR_MPI_NOT_ACCEPTABLE) { ret = MBEDTLS_ERR_ECP_RANDOM_FAILED; - return( ret ); + } + return ret; #endif /* !defined(MBEDTLS_ECP_NO_FALLBACK) || !defined(MBEDTLS_ECP_RANDOMIZE_MXZ_ALT) */ } @@ -2500,51 +2532,52 @@ cleanup: * * Cost: 5M + 4S */ -static int ecp_double_add_mxz( const mbedtls_ecp_group *grp, - mbedtls_ecp_point *R, mbedtls_ecp_point *S, - const mbedtls_ecp_point *P, const mbedtls_ecp_point *Q, - const mbedtls_mpi *d ) +static int ecp_double_add_mxz(const mbedtls_ecp_group *grp, + mbedtls_ecp_point *R, mbedtls_ecp_point *S, + const mbedtls_ecp_point *P, const mbedtls_ecp_point *Q, + const mbedtls_mpi *d) { #if defined(MBEDTLS_ECP_DOUBLE_ADD_MXZ_ALT) - if( mbedtls_internal_ecp_grp_capable( grp ) ) - return( mbedtls_internal_ecp_double_add_mxz( grp, R, S, P, Q, d ) ); + if (mbedtls_internal_ecp_grp_capable(grp)) { + return mbedtls_internal_ecp_double_add_mxz(grp, R, S, P, Q, d); + } #endif /* MBEDTLS_ECP_DOUBLE_ADD_MXZ_ALT */ #if defined(MBEDTLS_ECP_NO_FALLBACK) && defined(MBEDTLS_ECP_DOUBLE_ADD_MXZ_ALT) - return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE ); + return MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE; #else int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_mpi A, AA, B, BB, E, C, D, DA, CB; - mbedtls_mpi_init( &A ); mbedtls_mpi_init( &AA ); mbedtls_mpi_init( &B ); - mbedtls_mpi_init( &BB ); mbedtls_mpi_init( &E ); mbedtls_mpi_init( &C ); - mbedtls_mpi_init( &D ); mbedtls_mpi_init( &DA ); mbedtls_mpi_init( &CB ); - - MBEDTLS_MPI_CHK( mbedtls_mpi_add_mod( grp, &A, &P->X, &P->Z ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &AA, &A, &A ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mod( grp, &B, &P->X, &P->Z ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &BB, &B, &B ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mod( grp, &E, &AA, &BB ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_add_mod( grp, &C, &Q->X, &Q->Z ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mod( grp, &D, &Q->X, &Q->Z ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &DA, &D, &A ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &CB, &C, &B ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_add_mod( grp, &S->X, &DA, &CB ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &S->X, &S->X, &S->X ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mod( grp, &S->Z, &DA, &CB ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &S->Z, &S->Z, &S->Z ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &S->Z, d, &S->Z ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &R->X, &AA, &BB ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &R->Z, &grp->A, &E ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_add_mod( grp, &R->Z, &BB, &R->Z ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &R->Z, &E, &R->Z ) ); + mbedtls_mpi_init(&A); mbedtls_mpi_init(&AA); mbedtls_mpi_init(&B); + mbedtls_mpi_init(&BB); mbedtls_mpi_init(&E); mbedtls_mpi_init(&C); + mbedtls_mpi_init(&D); mbedtls_mpi_init(&DA); mbedtls_mpi_init(&CB); + + MBEDTLS_MPI_CHK(mbedtls_mpi_add_mod(grp, &A, &P->X, &P->Z)); + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &AA, &A, &A)); + MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mod(grp, &B, &P->X, &P->Z)); + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &BB, &B, &B)); + MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mod(grp, &E, &AA, &BB)); + MBEDTLS_MPI_CHK(mbedtls_mpi_add_mod(grp, &C, &Q->X, &Q->Z)); + MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mod(grp, &D, &Q->X, &Q->Z)); + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &DA, &D, &A)); + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &CB, &C, &B)); + MBEDTLS_MPI_CHK(mbedtls_mpi_add_mod(grp, &S->X, &DA, &CB)); + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &S->X, &S->X, &S->X)); + MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mod(grp, &S->Z, &DA, &CB)); + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &S->Z, &S->Z, &S->Z)); + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &S->Z, d, &S->Z)); + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &R->X, &AA, &BB)); + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &R->Z, &grp->A, &E)); + MBEDTLS_MPI_CHK(mbedtls_mpi_add_mod(grp, &R->Z, &BB, &R->Z)); + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &R->Z, &E, &R->Z)); cleanup: - mbedtls_mpi_free( &A ); mbedtls_mpi_free( &AA ); mbedtls_mpi_free( &B ); - mbedtls_mpi_free( &BB ); mbedtls_mpi_free( &E ); mbedtls_mpi_free( &C ); - mbedtls_mpi_free( &D ); mbedtls_mpi_free( &DA ); mbedtls_mpi_free( &CB ); + mbedtls_mpi_free(&A); mbedtls_mpi_free(&AA); mbedtls_mpi_free(&B); + mbedtls_mpi_free(&BB); mbedtls_mpi_free(&E); mbedtls_mpi_free(&C); + mbedtls_mpi_free(&D); mbedtls_mpi_free(&DA); mbedtls_mpi_free(&CB); - return( ret ); + return ret; #endif /* !defined(MBEDTLS_ECP_NO_FALLBACK) || !defined(MBEDTLS_ECP_DOUBLE_ADD_MXZ_ALT) */ } @@ -2552,10 +2585,10 @@ cleanup: * Multiplication with Montgomery ladder in x/z coordinates, * for curves in Montgomery form */ -static int ecp_mul_mxz( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, - const mbedtls_mpi *m, const mbedtls_ecp_point *P, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ) +static int ecp_mul_mxz(mbedtls_ecp_group *grp, mbedtls_ecp_point *R, + const mbedtls_mpi *m, const mbedtls_ecp_point *P, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t i; @@ -2565,46 +2598,46 @@ static int ecp_mul_mxz( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, #if !defined(MBEDTLS_ECP_NO_INTERNAL_RNG) ecp_drbg_context drbg_ctx; - ecp_drbg_init( &drbg_ctx ); + ecp_drbg_init(&drbg_ctx); #endif - mbedtls_ecp_point_init( &RP ); mbedtls_mpi_init( &PX ); + mbedtls_ecp_point_init(&RP); mbedtls_mpi_init(&PX); #if !defined(MBEDTLS_ECP_NO_INTERNAL_RNG) - if( f_rng == NULL ) - { - const size_t m_len = ( grp->nbits + 7 ) / 8; - MBEDTLS_MPI_CHK( ecp_drbg_seed( &drbg_ctx, m, m_len ) ); + if (f_rng == NULL) { + const size_t m_len = (grp->nbits + 7) / 8; + MBEDTLS_MPI_CHK(ecp_drbg_seed(&drbg_ctx, m, m_len)); f_rng = &ecp_drbg_random; p_rng = &drbg_ctx; } #endif /* !MBEDTLS_ECP_NO_INTERNAL_RNG */ /* Save PX and read from P before writing to R, in case P == R */ - MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &PX, &P->X ) ); - MBEDTLS_MPI_CHK( mbedtls_ecp_copy( &RP, P ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&PX, &P->X)); + MBEDTLS_MPI_CHK(mbedtls_ecp_copy(&RP, P)); /* Set R to zero in modified x/z coordinates */ - MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &R->X, 1 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &R->Z, 0 ) ); - mbedtls_mpi_free( &R->Y ); + MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&R->X, 1)); + MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&R->Z, 0)); + mbedtls_mpi_free(&R->Y); /* RP.X might be slightly larger than P, so reduce it */ - MOD_ADD( RP.X ); + MOD_ADD(RP.X); /* Randomize coordinates of the starting point */ int have_rng = 1; #if defined(MBEDTLS_ECP_NO_INTERNAL_RNG) - if( f_rng == NULL ) + if (f_rng == NULL) { have_rng = 0; + } #endif - if( have_rng ) - MBEDTLS_MPI_CHK( ecp_randomize_mxz( grp, &RP, f_rng, p_rng ) ); + if (have_rng) { + MBEDTLS_MPI_CHK(ecp_randomize_mxz(grp, &RP, f_rng, p_rng)); + } /* Loop invariant: R = result so far, RP = R + P */ i = grp->nbits + 1; /* one past the (zero-based) required msb for private keys */ - while( i-- > 0 ) - { - b = mbedtls_mpi_get_bit( m, i ); + while (i-- > 0) { + b = mbedtls_mpi_get_bit(m, i); /* * if (b) R = 2R + P else R = 2R, * which is: @@ -2612,11 +2645,11 @@ static int ecp_mul_mxz( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, * else double_add( R, RP, R, RP ) * but using safe conditional swaps to avoid leaks */ - MBEDTLS_MPI_CHK( mbedtls_mpi_safe_cond_swap( &R->X, &RP.X, b ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_safe_cond_swap( &R->Z, &RP.Z, b ) ); - MBEDTLS_MPI_CHK( ecp_double_add_mxz( grp, R, &RP, R, &RP, &PX ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_safe_cond_swap( &R->X, &RP.X, b ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_safe_cond_swap( &R->Z, &RP.Z, b ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_safe_cond_swap(&R->X, &RP.X, b)); + MBEDTLS_MPI_CHK(mbedtls_mpi_safe_cond_swap(&R->Z, &RP.Z, b)); + MBEDTLS_MPI_CHK(ecp_double_add_mxz(grp, R, &RP, R, &RP, &PX)); + MBEDTLS_MPI_CHK(mbedtls_mpi_safe_cond_swap(&R->X, &RP.X, b)); + MBEDTLS_MPI_CHK(mbedtls_mpi_safe_cond_swap(&R->Z, &RP.Z, b)); } /* @@ -2632,22 +2665,24 @@ static int ecp_mul_mxz( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, */ have_rng = 1; #if defined(MBEDTLS_ECP_NO_INTERNAL_RNG) - if( f_rng == NULL ) + if (f_rng == NULL) { have_rng = 0; + } #endif - if( have_rng ) - MBEDTLS_MPI_CHK( ecp_randomize_mxz( grp, R, f_rng, p_rng ) ); + if (have_rng) { + MBEDTLS_MPI_CHK(ecp_randomize_mxz(grp, R, f_rng, p_rng)); + } - MBEDTLS_MPI_CHK( ecp_normalize_mxz( grp, R ) ); + MBEDTLS_MPI_CHK(ecp_normalize_mxz(grp, R)); cleanup: #if !defined(MBEDTLS_ECP_NO_INTERNAL_RNG) - ecp_drbg_free( &drbg_ctx ); + ecp_drbg_free(&drbg_ctx); #endif - mbedtls_ecp_point_free( &RP ); mbedtls_mpi_free( &PX ); + mbedtls_ecp_point_free(&RP); mbedtls_mpi_free(&PX); - return( ret ); + return ret; } #endif /* MBEDTLS_ECP_MONTGOMERY_ENABLED */ @@ -2655,85 +2690,90 @@ cleanup: /* * Restartable multiplication R = m * P */ -int mbedtls_ecp_mul_restartable( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, - const mbedtls_mpi *m, const mbedtls_ecp_point *P, - int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, - mbedtls_ecp_restart_ctx *rs_ctx ) +int mbedtls_ecp_mul_restartable(mbedtls_ecp_group *grp, mbedtls_ecp_point *R, + const mbedtls_mpi *m, const mbedtls_ecp_point *P, + int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, + mbedtls_ecp_restart_ctx *rs_ctx) { int ret = MBEDTLS_ERR_ECP_BAD_INPUT_DATA; #if defined(MBEDTLS_ECP_INTERNAL_ALT) char is_grp_capable = 0; #endif - ECP_VALIDATE_RET( grp != NULL ); - ECP_VALIDATE_RET( R != NULL ); - ECP_VALIDATE_RET( m != NULL ); - ECP_VALIDATE_RET( P != NULL ); + ECP_VALIDATE_RET(grp != NULL); + ECP_VALIDATE_RET(R != NULL); + ECP_VALIDATE_RET(m != NULL); + ECP_VALIDATE_RET(P != NULL); #if defined(MBEDTLS_ECP_RESTARTABLE) /* reset ops count for this call if top-level */ - if( rs_ctx != NULL && rs_ctx->depth++ == 0 ) + if (rs_ctx != NULL && rs_ctx->depth++ == 0) { rs_ctx->ops_done = 0; + } #else (void) rs_ctx; #endif #if defined(MBEDTLS_ECP_INTERNAL_ALT) - if( ( is_grp_capable = mbedtls_internal_ecp_grp_capable( grp ) ) ) - MBEDTLS_MPI_CHK( mbedtls_internal_ecp_init( grp ) ); + if ((is_grp_capable = mbedtls_internal_ecp_grp_capable(grp))) { + MBEDTLS_MPI_CHK(mbedtls_internal_ecp_init(grp)); + } #endif /* MBEDTLS_ECP_INTERNAL_ALT */ int restarting = 0; #if defined(MBEDTLS_ECP_RESTARTABLE) - restarting = ( rs_ctx != NULL && rs_ctx->rsm != NULL ); + restarting = (rs_ctx != NULL && rs_ctx->rsm != NULL); #endif /* skip argument check when restarting */ - if( !restarting ) - { + if (!restarting) { /* check_privkey is free */ - MBEDTLS_ECP_BUDGET( MBEDTLS_ECP_OPS_CHK ); + MBEDTLS_ECP_BUDGET(MBEDTLS_ECP_OPS_CHK); /* Common sanity checks */ - MBEDTLS_MPI_CHK( mbedtls_ecp_check_privkey( grp, m ) ); - MBEDTLS_MPI_CHK( mbedtls_ecp_check_pubkey( grp, P ) ); + MBEDTLS_MPI_CHK(mbedtls_ecp_check_privkey(grp, m)); + MBEDTLS_MPI_CHK(mbedtls_ecp_check_pubkey(grp, P)); } ret = MBEDTLS_ERR_ECP_BAD_INPUT_DATA; #if defined(MBEDTLS_ECP_MONTGOMERY_ENABLED) - if( mbedtls_ecp_get_type( grp ) == MBEDTLS_ECP_TYPE_MONTGOMERY ) - MBEDTLS_MPI_CHK( ecp_mul_mxz( grp, R, m, P, f_rng, p_rng ) ); + if (mbedtls_ecp_get_type(grp) == MBEDTLS_ECP_TYPE_MONTGOMERY) { + MBEDTLS_MPI_CHK(ecp_mul_mxz(grp, R, m, P, f_rng, p_rng)); + } #endif #if defined(MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED) - if( mbedtls_ecp_get_type( grp ) == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS ) - MBEDTLS_MPI_CHK( ecp_mul_comb( grp, R, m, P, f_rng, p_rng, rs_ctx ) ); + if (mbedtls_ecp_get_type(grp) == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS) { + MBEDTLS_MPI_CHK(ecp_mul_comb(grp, R, m, P, f_rng, p_rng, rs_ctx)); + } #endif cleanup: #if defined(MBEDTLS_ECP_INTERNAL_ALT) - if( is_grp_capable ) - mbedtls_internal_ecp_free( grp ); + if (is_grp_capable) { + mbedtls_internal_ecp_free(grp); + } #endif /* MBEDTLS_ECP_INTERNAL_ALT */ #if defined(MBEDTLS_ECP_RESTARTABLE) - if( rs_ctx != NULL ) + if (rs_ctx != NULL) { rs_ctx->depth--; + } #endif - return( ret ); + return ret; } /* * Multiplication R = m * P */ -int mbedtls_ecp_mul( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, - const mbedtls_mpi *m, const mbedtls_ecp_point *P, - int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) +int mbedtls_ecp_mul(mbedtls_ecp_group *grp, mbedtls_ecp_point *R, + const mbedtls_mpi *m, const mbedtls_ecp_point *P, + int (*f_rng)(void *, unsigned char *, size_t), void *p_rng) { - ECP_VALIDATE_RET( grp != NULL ); - ECP_VALIDATE_RET( R != NULL ); - ECP_VALIDATE_RET( m != NULL ); - ECP_VALIDATE_RET( P != NULL ); - return( mbedtls_ecp_mul_restartable( grp, R, m, P, f_rng, p_rng, NULL ) ); + ECP_VALIDATE_RET(grp != NULL); + ECP_VALIDATE_RET(R != NULL); + ECP_VALIDATE_RET(m != NULL); + ECP_VALIDATE_RET(P != NULL); + return mbedtls_ecp_mul_restartable(grp, R, m, P, f_rng, p_rng, NULL); } #if defined(MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED) @@ -2741,48 +2781,47 @@ int mbedtls_ecp_mul( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, * Check that an affine point is valid as a public key, * short weierstrass curves (SEC1 3.2.3.1) */ -static int ecp_check_pubkey_sw( const mbedtls_ecp_group *grp, const mbedtls_ecp_point *pt ) +static int ecp_check_pubkey_sw(const mbedtls_ecp_group *grp, const mbedtls_ecp_point *pt) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_mpi YY, RHS; /* pt coordinates must be normalized for our checks */ - if( mbedtls_mpi_cmp_int( &pt->X, 0 ) < 0 || - mbedtls_mpi_cmp_int( &pt->Y, 0 ) < 0 || - mbedtls_mpi_cmp_mpi( &pt->X, &grp->P ) >= 0 || - mbedtls_mpi_cmp_mpi( &pt->Y, &grp->P ) >= 0 ) - return( MBEDTLS_ERR_ECP_INVALID_KEY ); + if (mbedtls_mpi_cmp_int(&pt->X, 0) < 0 || + mbedtls_mpi_cmp_int(&pt->Y, 0) < 0 || + mbedtls_mpi_cmp_mpi(&pt->X, &grp->P) >= 0 || + mbedtls_mpi_cmp_mpi(&pt->Y, &grp->P) >= 0) { + return MBEDTLS_ERR_ECP_INVALID_KEY; + } - mbedtls_mpi_init( &YY ); mbedtls_mpi_init( &RHS ); + mbedtls_mpi_init(&YY); mbedtls_mpi_init(&RHS); /* * YY = Y^2 * RHS = X (X^2 + A) + B = X^3 + A X + B */ - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &YY, &pt->Y, &pt->Y ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &RHS, &pt->X, &pt->X ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &YY, &pt->Y, &pt->Y)); + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &RHS, &pt->X, &pt->X)); /* Special case for A = -3 */ - if( grp->A.p == NULL ) - { - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &RHS, &RHS, 3 ) ); MOD_SUB( RHS ); - } - else - { - MBEDTLS_MPI_CHK( mbedtls_mpi_add_mod( grp, &RHS, &RHS, &grp->A ) ); + if (grp->A.p == NULL) { + MBEDTLS_MPI_CHK(mbedtls_mpi_sub_int(&RHS, &RHS, 3)); MOD_SUB(RHS); + } else { + MBEDTLS_MPI_CHK(mbedtls_mpi_add_mod(grp, &RHS, &RHS, &grp->A)); } - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &RHS, &RHS, &pt->X ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_add_mod( grp, &RHS, &RHS, &grp->B ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &RHS, &RHS, &pt->X)); + MBEDTLS_MPI_CHK(mbedtls_mpi_add_mod(grp, &RHS, &RHS, &grp->B)); - if( mbedtls_mpi_cmp_mpi( &YY, &RHS ) != 0 ) + if (mbedtls_mpi_cmp_mpi(&YY, &RHS) != 0) { ret = MBEDTLS_ERR_ECP_INVALID_KEY; + } cleanup: - mbedtls_mpi_free( &YY ); mbedtls_mpi_free( &RHS ); + mbedtls_mpi_free(&YY); mbedtls_mpi_free(&RHS); - return( ret ); + return ret; } #endif /* MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED */ @@ -2791,39 +2830,33 @@ cleanup: * R = m * P with shortcuts for m == 0, m == 1 and m == -1 * NOT constant-time - ONLY for short Weierstrass! */ -static int mbedtls_ecp_mul_shortcuts( mbedtls_ecp_group *grp, - mbedtls_ecp_point *R, - const mbedtls_mpi *m, - const mbedtls_ecp_point *P, - mbedtls_ecp_restart_ctx *rs_ctx ) +static int mbedtls_ecp_mul_shortcuts(mbedtls_ecp_group *grp, + mbedtls_ecp_point *R, + const mbedtls_mpi *m, + const mbedtls_ecp_point *P, + mbedtls_ecp_restart_ctx *rs_ctx) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - if( mbedtls_mpi_cmp_int( m, 0 ) == 0 ) - { - MBEDTLS_MPI_CHK( mbedtls_ecp_check_pubkey( grp, P ) ); - MBEDTLS_MPI_CHK( mbedtls_ecp_set_zero( R ) ); - } - else if( mbedtls_mpi_cmp_int( m, 1 ) == 0 ) - { - MBEDTLS_MPI_CHK( mbedtls_ecp_check_pubkey( grp, P ) ); - MBEDTLS_MPI_CHK( mbedtls_ecp_copy( R, P ) ); - } - else if( mbedtls_mpi_cmp_int( m, -1 ) == 0 ) - { - MBEDTLS_MPI_CHK( mbedtls_ecp_check_pubkey( grp, P ) ); - MBEDTLS_MPI_CHK( mbedtls_ecp_copy( R, P ) ); - if( mbedtls_mpi_cmp_int( &R->Y, 0 ) != 0 ) - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &R->Y, &grp->P, &R->Y ) ); - } - else - { - MBEDTLS_MPI_CHK( mbedtls_ecp_mul_restartable( grp, R, m, P, - NULL, NULL, rs_ctx ) ); + if (mbedtls_mpi_cmp_int(m, 0) == 0) { + MBEDTLS_MPI_CHK(mbedtls_ecp_check_pubkey(grp, P)); + MBEDTLS_MPI_CHK(mbedtls_ecp_set_zero(R)); + } else if (mbedtls_mpi_cmp_int(m, 1) == 0) { + MBEDTLS_MPI_CHK(mbedtls_ecp_check_pubkey(grp, P)); + MBEDTLS_MPI_CHK(mbedtls_ecp_copy(R, P)); + } else if (mbedtls_mpi_cmp_int(m, -1) == 0) { + MBEDTLS_MPI_CHK(mbedtls_ecp_check_pubkey(grp, P)); + MBEDTLS_MPI_CHK(mbedtls_ecp_copy(R, P)); + if (mbedtls_mpi_cmp_int(&R->Y, 0) != 0) { + MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mpi(&R->Y, &grp->P, &R->Y)); + } + } else { + MBEDTLS_MPI_CHK(mbedtls_ecp_mul_restartable(grp, R, m, P, + NULL, NULL, rs_ctx)); } cleanup: - return( ret ); + return ret; } /* @@ -2831,10 +2864,10 @@ cleanup: * NOT constant-time */ int mbedtls_ecp_muladd_restartable( - mbedtls_ecp_group *grp, mbedtls_ecp_point *R, - const mbedtls_mpi *m, const mbedtls_ecp_point *P, - const mbedtls_mpi *n, const mbedtls_ecp_point *Q, - mbedtls_ecp_restart_ctx *rs_ctx ) + mbedtls_ecp_group *grp, mbedtls_ecp_point *R, + const mbedtls_mpi *m, const mbedtls_ecp_point *P, + const mbedtls_mpi *n, const mbedtls_ecp_point *Q, + mbedtls_ecp_restart_ctx *rs_ctx) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_ecp_point mP; @@ -2843,107 +2876,116 @@ int mbedtls_ecp_muladd_restartable( #if defined(MBEDTLS_ECP_INTERNAL_ALT) char is_grp_capable = 0; #endif - ECP_VALIDATE_RET( grp != NULL ); - ECP_VALIDATE_RET( R != NULL ); - ECP_VALIDATE_RET( m != NULL ); - ECP_VALIDATE_RET( P != NULL ); - ECP_VALIDATE_RET( n != NULL ); - ECP_VALIDATE_RET( Q != NULL ); + ECP_VALIDATE_RET(grp != NULL); + ECP_VALIDATE_RET(R != NULL); + ECP_VALIDATE_RET(m != NULL); + ECP_VALIDATE_RET(P != NULL); + ECP_VALIDATE_RET(n != NULL); + ECP_VALIDATE_RET(Q != NULL); - if( mbedtls_ecp_get_type( grp ) != MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS ) - return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE ); + if (mbedtls_ecp_get_type(grp) != MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS) { + return MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE; + } - mbedtls_ecp_point_init( &mP ); + mbedtls_ecp_point_init(&mP); - ECP_RS_ENTER( ma ); + ECP_RS_ENTER(ma); #if defined(MBEDTLS_ECP_RESTARTABLE) - if( rs_ctx != NULL && rs_ctx->ma != NULL ) - { + if (rs_ctx != NULL && rs_ctx->ma != NULL) { /* redirect intermediate results to restart context */ pmP = &rs_ctx->ma->mP; pR = &rs_ctx->ma->R; /* jump to next operation */ - if( rs_ctx->ma->state == ecp_rsma_mul2 ) + if (rs_ctx->ma->state == ecp_rsma_mul2) { goto mul2; - if( rs_ctx->ma->state == ecp_rsma_add ) + } + if (rs_ctx->ma->state == ecp_rsma_add) { goto add; - if( rs_ctx->ma->state == ecp_rsma_norm ) + } + if (rs_ctx->ma->state == ecp_rsma_norm) { goto norm; + } } #endif /* MBEDTLS_ECP_RESTARTABLE */ - MBEDTLS_MPI_CHK( mbedtls_ecp_mul_shortcuts( grp, pmP, m, P, rs_ctx ) ); + MBEDTLS_MPI_CHK(mbedtls_ecp_mul_shortcuts(grp, pmP, m, P, rs_ctx)); #if defined(MBEDTLS_ECP_RESTARTABLE) - if( rs_ctx != NULL && rs_ctx->ma != NULL ) + if (rs_ctx != NULL && rs_ctx->ma != NULL) { rs_ctx->ma->state = ecp_rsma_mul2; + } mul2: #endif - MBEDTLS_MPI_CHK( mbedtls_ecp_mul_shortcuts( grp, pR, n, Q, rs_ctx ) ); + MBEDTLS_MPI_CHK(mbedtls_ecp_mul_shortcuts(grp, pR, n, Q, rs_ctx)); #if defined(MBEDTLS_ECP_INTERNAL_ALT) - if( ( is_grp_capable = mbedtls_internal_ecp_grp_capable( grp ) ) ) - MBEDTLS_MPI_CHK( mbedtls_internal_ecp_init( grp ) ); + if ((is_grp_capable = mbedtls_internal_ecp_grp_capable(grp))) { + MBEDTLS_MPI_CHK(mbedtls_internal_ecp_init(grp)); + } #endif /* MBEDTLS_ECP_INTERNAL_ALT */ #if defined(MBEDTLS_ECP_RESTARTABLE) - if( rs_ctx != NULL && rs_ctx->ma != NULL ) + if (rs_ctx != NULL && rs_ctx->ma != NULL) { rs_ctx->ma->state = ecp_rsma_add; + } add: #endif - MBEDTLS_ECP_BUDGET( MBEDTLS_ECP_OPS_ADD ); - MBEDTLS_MPI_CHK( ecp_add_mixed( grp, pR, pmP, pR ) ); + MBEDTLS_ECP_BUDGET(MBEDTLS_ECP_OPS_ADD); + MBEDTLS_MPI_CHK(ecp_add_mixed(grp, pR, pmP, pR)); #if defined(MBEDTLS_ECP_RESTARTABLE) - if( rs_ctx != NULL && rs_ctx->ma != NULL ) + if (rs_ctx != NULL && rs_ctx->ma != NULL) { rs_ctx->ma->state = ecp_rsma_norm; + } norm: #endif - MBEDTLS_ECP_BUDGET( MBEDTLS_ECP_OPS_INV ); - MBEDTLS_MPI_CHK( ecp_normalize_jac( grp, pR ) ); + MBEDTLS_ECP_BUDGET(MBEDTLS_ECP_OPS_INV); + MBEDTLS_MPI_CHK(ecp_normalize_jac(grp, pR)); #if defined(MBEDTLS_ECP_RESTARTABLE) - if( rs_ctx != NULL && rs_ctx->ma != NULL ) - MBEDTLS_MPI_CHK( mbedtls_ecp_copy( R, pR ) ); + if (rs_ctx != NULL && rs_ctx->ma != NULL) { + MBEDTLS_MPI_CHK(mbedtls_ecp_copy(R, pR)); + } #endif cleanup: #if defined(MBEDTLS_ECP_INTERNAL_ALT) - if( is_grp_capable ) - mbedtls_internal_ecp_free( grp ); + if (is_grp_capable) { + mbedtls_internal_ecp_free(grp); + } #endif /* MBEDTLS_ECP_INTERNAL_ALT */ - mbedtls_ecp_point_free( &mP ); + mbedtls_ecp_point_free(&mP); - ECP_RS_LEAVE( ma ); + ECP_RS_LEAVE(ma); - return( ret ); + return ret; } /* * Linear combination * NOT constant-time */ -int mbedtls_ecp_muladd( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, - const mbedtls_mpi *m, const mbedtls_ecp_point *P, - const mbedtls_mpi *n, const mbedtls_ecp_point *Q ) +int mbedtls_ecp_muladd(mbedtls_ecp_group *grp, mbedtls_ecp_point *R, + const mbedtls_mpi *m, const mbedtls_ecp_point *P, + const mbedtls_mpi *n, const mbedtls_ecp_point *Q) { - ECP_VALIDATE_RET( grp != NULL ); - ECP_VALIDATE_RET( R != NULL ); - ECP_VALIDATE_RET( m != NULL ); - ECP_VALIDATE_RET( P != NULL ); - ECP_VALIDATE_RET( n != NULL ); - ECP_VALIDATE_RET( Q != NULL ); - return( mbedtls_ecp_muladd_restartable( grp, R, m, P, n, Q, NULL ) ); + ECP_VALIDATE_RET(grp != NULL); + ECP_VALIDATE_RET(R != NULL); + ECP_VALIDATE_RET(m != NULL); + ECP_VALIDATE_RET(P != NULL); + ECP_VALIDATE_RET(n != NULL); + ECP_VALIDATE_RET(Q != NULL); + return mbedtls_ecp_muladd_restartable(grp, R, m, P, n, Q, NULL); } #endif /* MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED */ #if defined(MBEDTLS_ECP_MONTGOMERY_ENABLED) #if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) -#define ECP_MPI_INIT(s, n, p) {s, (n), (mbedtls_mpi_uint *)(p)} +#define ECP_MPI_INIT(s, n, p) { s, (n), (mbedtls_mpi_uint *) (p) } #define ECP_MPI_INIT_ARRAY(x) \ ECP_MPI_INIT(1, sizeof(x) / sizeof(mbedtls_mpi_uint), x) /* @@ -2952,21 +2994,21 @@ int mbedtls_ecp_muladd( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, * See ecp_check_pubkey_x25519(). */ static const mbedtls_mpi_uint x25519_bad_point_1[] = { - MBEDTLS_BYTES_TO_T_UINT_8( 0xe0, 0xeb, 0x7a, 0x7c, 0x3b, 0x41, 0xb8, 0xae ), - MBEDTLS_BYTES_TO_T_UINT_8( 0x16, 0x56, 0xe3, 0xfa, 0xf1, 0x9f, 0xc4, 0x6a ), - MBEDTLS_BYTES_TO_T_UINT_8( 0xda, 0x09, 0x8d, 0xeb, 0x9c, 0x32, 0xb1, 0xfd ), - MBEDTLS_BYTES_TO_T_UINT_8( 0x86, 0x62, 0x05, 0x16, 0x5f, 0x49, 0xb8, 0x00 ), + MBEDTLS_BYTES_TO_T_UINT_8(0xe0, 0xeb, 0x7a, 0x7c, 0x3b, 0x41, 0xb8, 0xae), + MBEDTLS_BYTES_TO_T_UINT_8(0x16, 0x56, 0xe3, 0xfa, 0xf1, 0x9f, 0xc4, 0x6a), + MBEDTLS_BYTES_TO_T_UINT_8(0xda, 0x09, 0x8d, 0xeb, 0x9c, 0x32, 0xb1, 0xfd), + MBEDTLS_BYTES_TO_T_UINT_8(0x86, 0x62, 0x05, 0x16, 0x5f, 0x49, 0xb8, 0x00), }; static const mbedtls_mpi_uint x25519_bad_point_2[] = { - MBEDTLS_BYTES_TO_T_UINT_8( 0x5f, 0x9c, 0x95, 0xbc, 0xa3, 0x50, 0x8c, 0x24 ), - MBEDTLS_BYTES_TO_T_UINT_8( 0xb1, 0xd0, 0xb1, 0x55, 0x9c, 0x83, 0xef, 0x5b ), - MBEDTLS_BYTES_TO_T_UINT_8( 0x04, 0x44, 0x5c, 0xc4, 0x58, 0x1c, 0x8e, 0x86 ), - MBEDTLS_BYTES_TO_T_UINT_8( 0xd8, 0x22, 0x4e, 0xdd, 0xd0, 0x9f, 0x11, 0x57 ), + MBEDTLS_BYTES_TO_T_UINT_8(0x5f, 0x9c, 0x95, 0xbc, 0xa3, 0x50, 0x8c, 0x24), + MBEDTLS_BYTES_TO_T_UINT_8(0xb1, 0xd0, 0xb1, 0x55, 0x9c, 0x83, 0xef, 0x5b), + MBEDTLS_BYTES_TO_T_UINT_8(0x04, 0x44, 0x5c, 0xc4, 0x58, 0x1c, 0x8e, 0x86), + MBEDTLS_BYTES_TO_T_UINT_8(0xd8, 0x22, 0x4e, 0xdd, 0xd0, 0x9f, 0x11, 0x57), }; static const mbedtls_mpi ecp_x25519_bad_point_1 = ECP_MPI_INIT_ARRAY( - x25519_bad_point_1 ); + x25519_bad_point_1); static const mbedtls_mpi ecp_x25519_bad_point_2 = ECP_MPI_INIT_ARRAY( - x25519_bad_point_2 ); + x25519_bad_point_2); #endif /* MBEDTLS_ECP_DP_CURVE25519_ENABLED */ /* @@ -2975,40 +3017,37 @@ static const mbedtls_mpi ecp_x25519_bad_point_2 = ECP_MPI_INIT_ARRAY( * https://eprint.iacr.org/2017/806.pdf * Those points are never sent by an honest peer. */ -static int ecp_check_bad_points_mx( const mbedtls_mpi *X, const mbedtls_mpi *P, - const mbedtls_ecp_group_id grp_id ) +static int ecp_check_bad_points_mx(const mbedtls_mpi *X, const mbedtls_mpi *P, + const mbedtls_ecp_group_id grp_id) { int ret; mbedtls_mpi XmP; - mbedtls_mpi_init( &XmP ); + mbedtls_mpi_init(&XmP); /* Reduce X mod P so that we only need to check values less than P. * We know X < 2^256 so we can proceed by subtraction. */ - MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &XmP, X ) ); - while( mbedtls_mpi_cmp_mpi( &XmP, P ) >= 0 ) - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &XmP, &XmP, P ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&XmP, X)); + while (mbedtls_mpi_cmp_mpi(&XmP, P) >= 0) { + MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mpi(&XmP, &XmP, P)); + } /* Check against the known bad values that are less than P. For Curve448 * these are 0, 1 and -1. For Curve25519 we check the values less than P * from the following list: https://cr.yp.to/ecdh.html#validate */ - if( mbedtls_mpi_cmp_int( &XmP, 1 ) <= 0 ) /* takes care of 0 and 1 */ - { + if (mbedtls_mpi_cmp_int(&XmP, 1) <= 0) { /* takes care of 0 and 1 */ ret = MBEDTLS_ERR_ECP_INVALID_KEY; goto cleanup; } #if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) - if( grp_id == MBEDTLS_ECP_DP_CURVE25519 ) - { - if( mbedtls_mpi_cmp_mpi( &XmP, &ecp_x25519_bad_point_1 ) == 0 ) - { + if (grp_id == MBEDTLS_ECP_DP_CURVE25519) { + if (mbedtls_mpi_cmp_mpi(&XmP, &ecp_x25519_bad_point_1) == 0) { ret = MBEDTLS_ERR_ECP_INVALID_KEY; goto cleanup; } - if( mbedtls_mpi_cmp_mpi( &XmP, &ecp_x25519_bad_point_2 ) == 0 ) - { + if (mbedtls_mpi_cmp_mpi(&XmP, &ecp_x25519_bad_point_2) == 0) { ret = MBEDTLS_ERR_ECP_INVALID_KEY; goto cleanup; } @@ -3018,9 +3057,8 @@ static int ecp_check_bad_points_mx( const mbedtls_mpi *X, const mbedtls_mpi *P, #endif /* Final check: check if XmP + 1 is P (final because it changes XmP!) */ - MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( &XmP, &XmP, 1 ) ); - if( mbedtls_mpi_cmp_mpi( &XmP, P ) == 0 ) - { + MBEDTLS_MPI_CHK(mbedtls_mpi_add_int(&XmP, &XmP, 1)); + if (mbedtls_mpi_cmp_mpi(&XmP, P) == 0) { ret = MBEDTLS_ERR_ECP_INVALID_KEY; goto cleanup; } @@ -3028,102 +3066,108 @@ static int ecp_check_bad_points_mx( const mbedtls_mpi *X, const mbedtls_mpi *P, ret = 0; cleanup: - mbedtls_mpi_free( &XmP ); + mbedtls_mpi_free(&XmP); - return( ret ); + return ret; } /* * Check validity of a public key for Montgomery curves with x-only schemes */ -static int ecp_check_pubkey_mx( const mbedtls_ecp_group *grp, const mbedtls_ecp_point *pt ) +static int ecp_check_pubkey_mx(const mbedtls_ecp_group *grp, const mbedtls_ecp_point *pt) { /* [Curve25519 p. 5] Just check X is the correct number of bytes */ /* Allow any public value, if it's too big then we'll just reduce it mod p * (RFC 7748 sec. 5 para. 3). */ - if( mbedtls_mpi_size( &pt->X ) > ( grp->nbits + 7 ) / 8 ) - return( MBEDTLS_ERR_ECP_INVALID_KEY ); + if (mbedtls_mpi_size(&pt->X) > (grp->nbits + 7) / 8) { + return MBEDTLS_ERR_ECP_INVALID_KEY; + } /* Implicit in all standards (as they don't consider negative numbers): * X must be non-negative. This is normally ensured by the way it's * encoded for transmission, but let's be extra sure. */ - if( mbedtls_mpi_cmp_int( &pt->X, 0 ) < 0 ) - return( MBEDTLS_ERR_ECP_INVALID_KEY ); + if (mbedtls_mpi_cmp_int(&pt->X, 0) < 0) { + return MBEDTLS_ERR_ECP_INVALID_KEY; + } - return( ecp_check_bad_points_mx( &pt->X, &grp->P, grp->id ) ); + return ecp_check_bad_points_mx(&pt->X, &grp->P, grp->id); } #endif /* MBEDTLS_ECP_MONTGOMERY_ENABLED */ /* * Check that a point is valid as a public key */ -int mbedtls_ecp_check_pubkey( const mbedtls_ecp_group *grp, - const mbedtls_ecp_point *pt ) +int mbedtls_ecp_check_pubkey(const mbedtls_ecp_group *grp, + const mbedtls_ecp_point *pt) { - ECP_VALIDATE_RET( grp != NULL ); - ECP_VALIDATE_RET( pt != NULL ); + ECP_VALIDATE_RET(grp != NULL); + ECP_VALIDATE_RET(pt != NULL); /* Must use affine coordinates */ - if( mbedtls_mpi_cmp_int( &pt->Z, 1 ) != 0 ) - return( MBEDTLS_ERR_ECP_INVALID_KEY ); + if (mbedtls_mpi_cmp_int(&pt->Z, 1) != 0) { + return MBEDTLS_ERR_ECP_INVALID_KEY; + } #if defined(MBEDTLS_ECP_MONTGOMERY_ENABLED) - if( mbedtls_ecp_get_type( grp ) == MBEDTLS_ECP_TYPE_MONTGOMERY ) - return( ecp_check_pubkey_mx( grp, pt ) ); + if (mbedtls_ecp_get_type(grp) == MBEDTLS_ECP_TYPE_MONTGOMERY) { + return ecp_check_pubkey_mx(grp, pt); + } #endif #if defined(MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED) - if( mbedtls_ecp_get_type( grp ) == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS ) - return( ecp_check_pubkey_sw( grp, pt ) ); + if (mbedtls_ecp_get_type(grp) == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS) { + return ecp_check_pubkey_sw(grp, pt); + } #endif - return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); + return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; } /* * Check that an mbedtls_mpi is valid as a private key */ -int mbedtls_ecp_check_privkey( const mbedtls_ecp_group *grp, - const mbedtls_mpi *d ) +int mbedtls_ecp_check_privkey(const mbedtls_ecp_group *grp, + const mbedtls_mpi *d) { - ECP_VALIDATE_RET( grp != NULL ); - ECP_VALIDATE_RET( d != NULL ); + ECP_VALIDATE_RET(grp != NULL); + ECP_VALIDATE_RET(d != NULL); #if defined(MBEDTLS_ECP_MONTGOMERY_ENABLED) - if( mbedtls_ecp_get_type( grp ) == MBEDTLS_ECP_TYPE_MONTGOMERY ) - { + if (mbedtls_ecp_get_type(grp) == MBEDTLS_ECP_TYPE_MONTGOMERY) { /* see RFC 7748 sec. 5 para. 5 */ - if( mbedtls_mpi_get_bit( d, 0 ) != 0 || - mbedtls_mpi_get_bit( d, 1 ) != 0 || - mbedtls_mpi_bitlen( d ) - 1 != grp->nbits ) /* mbedtls_mpi_bitlen is one-based! */ - return( MBEDTLS_ERR_ECP_INVALID_KEY ); + if (mbedtls_mpi_get_bit(d, 0) != 0 || + mbedtls_mpi_get_bit(d, 1) != 0 || + mbedtls_mpi_bitlen(d) - 1 != grp->nbits) { /* mbedtls_mpi_bitlen is one-based! */ + return MBEDTLS_ERR_ECP_INVALID_KEY; + } /* see [Curve25519] page 5 */ - if( grp->nbits == 254 && mbedtls_mpi_get_bit( d, 2 ) != 0 ) - return( MBEDTLS_ERR_ECP_INVALID_KEY ); + if (grp->nbits == 254 && mbedtls_mpi_get_bit(d, 2) != 0) { + return MBEDTLS_ERR_ECP_INVALID_KEY; + } - return( 0 ); + return 0; } #endif /* MBEDTLS_ECP_MONTGOMERY_ENABLED */ #if defined(MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED) - if( mbedtls_ecp_get_type( grp ) == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS ) - { + if (mbedtls_ecp_get_type(grp) == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS) { /* see SEC1 3.2 */ - if( mbedtls_mpi_cmp_int( d, 1 ) < 0 || - mbedtls_mpi_cmp_mpi( d, &grp->N ) >= 0 ) - return( MBEDTLS_ERR_ECP_INVALID_KEY ); - else - return( 0 ); + if (mbedtls_mpi_cmp_int(d, 1) < 0 || + mbedtls_mpi_cmp_mpi(d, &grp->N) >= 0) { + return MBEDTLS_ERR_ECP_INVALID_KEY; + } else { + return 0; + } } #endif /* MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED */ - return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); + return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; } #if defined(MBEDTLS_ECP_MONTGOMERY_ENABLED) MBEDTLS_STATIC_TESTABLE -int mbedtls_ecp_gen_privkey_mx( size_t high_bit, - mbedtls_mpi *d, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ) +int mbedtls_ecp_gen_privkey_mx(size_t high_bit, + mbedtls_mpi *d, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng) { int ret = MBEDTLS_ERR_ECP_BAD_INPUT_DATA; size_t n_random_bytes = high_bit / 8 + 1; @@ -3132,38 +3176,36 @@ int mbedtls_ecp_gen_privkey_mx( size_t high_bit, /* Generate a (high_bit+1)-bit random number by generating just enough * random bytes, then shifting out extra bits from the top (necessary * when (high_bit+1) is not a multiple of 8). */ - MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( d, n_random_bytes, - f_rng, p_rng ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( d, 8 * n_random_bytes - high_bit - 1 ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_fill_random(d, n_random_bytes, + f_rng, p_rng)); + MBEDTLS_MPI_CHK(mbedtls_mpi_shift_r(d, 8 * n_random_bytes - high_bit - 1)); - MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( d, high_bit, 1 ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_set_bit(d, high_bit, 1)); /* Make sure the last two bits are unset for Curve448, three bits for Curve25519 */ - MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( d, 0, 0 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( d, 1, 0 ) ); - if( high_bit == 254 ) - { - MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( d, 2, 0 ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_set_bit(d, 0, 0)); + MBEDTLS_MPI_CHK(mbedtls_mpi_set_bit(d, 1, 0)); + if (high_bit == 254) { + MBEDTLS_MPI_CHK(mbedtls_mpi_set_bit(d, 2, 0)); } cleanup: - return( ret ); + return ret; } #endif /* MBEDTLS_ECP_MONTGOMERY_ENABLED */ #if defined(MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED) static int mbedtls_ecp_gen_privkey_sw( const mbedtls_mpi *N, mbedtls_mpi *d, - int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) + int (*f_rng)(void *, unsigned char *, size_t), void *p_rng) { - int ret = mbedtls_mpi_random( d, 1, N, f_rng, p_rng ); - switch( ret ) - { + int ret = mbedtls_mpi_random(d, 1, N, f_rng, p_rng); + switch (ret) { case MBEDTLS_ERR_MPI_NOT_ACCEPTABLE: - return( MBEDTLS_ERR_ECP_RANDOM_FAILED ); + return MBEDTLS_ERR_ECP_RANDOM_FAILED; default: - return( ret ); + return ret; } } #endif /* MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED */ @@ -3171,233 +3213,232 @@ static int mbedtls_ecp_gen_privkey_sw( /* * Generate a private key */ -int mbedtls_ecp_gen_privkey( const mbedtls_ecp_group *grp, - mbedtls_mpi *d, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ) +int mbedtls_ecp_gen_privkey(const mbedtls_ecp_group *grp, + mbedtls_mpi *d, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng) { - ECP_VALIDATE_RET( grp != NULL ); - ECP_VALIDATE_RET( d != NULL ); - ECP_VALIDATE_RET( f_rng != NULL ); + ECP_VALIDATE_RET(grp != NULL); + ECP_VALIDATE_RET(d != NULL); + ECP_VALIDATE_RET(f_rng != NULL); #if defined(MBEDTLS_ECP_MONTGOMERY_ENABLED) - if( mbedtls_ecp_get_type( grp ) == MBEDTLS_ECP_TYPE_MONTGOMERY ) - return( mbedtls_ecp_gen_privkey_mx( grp->nbits, d, f_rng, p_rng ) ); + if (mbedtls_ecp_get_type(grp) == MBEDTLS_ECP_TYPE_MONTGOMERY) { + return mbedtls_ecp_gen_privkey_mx(grp->nbits, d, f_rng, p_rng); + } #endif /* MBEDTLS_ECP_MONTGOMERY_ENABLED */ #if defined(MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED) - if( mbedtls_ecp_get_type( grp ) == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS ) - return( mbedtls_ecp_gen_privkey_sw( &grp->N, d, f_rng, p_rng ) ); + if (mbedtls_ecp_get_type(grp) == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS) { + return mbedtls_ecp_gen_privkey_sw(&grp->N, d, f_rng, p_rng); + } #endif /* MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED */ - return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); + return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; } /* * Generate a keypair with configurable base point */ -int mbedtls_ecp_gen_keypair_base( mbedtls_ecp_group *grp, - const mbedtls_ecp_point *G, - mbedtls_mpi *d, mbedtls_ecp_point *Q, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ) +int mbedtls_ecp_gen_keypair_base(mbedtls_ecp_group *grp, + const mbedtls_ecp_point *G, + mbedtls_mpi *d, mbedtls_ecp_point *Q, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - ECP_VALIDATE_RET( grp != NULL ); - ECP_VALIDATE_RET( d != NULL ); - ECP_VALIDATE_RET( G != NULL ); - ECP_VALIDATE_RET( Q != NULL ); - ECP_VALIDATE_RET( f_rng != NULL ); + ECP_VALIDATE_RET(grp != NULL); + ECP_VALIDATE_RET(d != NULL); + ECP_VALIDATE_RET(G != NULL); + ECP_VALIDATE_RET(Q != NULL); + ECP_VALIDATE_RET(f_rng != NULL); - MBEDTLS_MPI_CHK( mbedtls_ecp_gen_privkey( grp, d, f_rng, p_rng ) ); - MBEDTLS_MPI_CHK( mbedtls_ecp_mul( grp, Q, d, G, f_rng, p_rng ) ); + MBEDTLS_MPI_CHK(mbedtls_ecp_gen_privkey(grp, d, f_rng, p_rng)); + MBEDTLS_MPI_CHK(mbedtls_ecp_mul(grp, Q, d, G, f_rng, p_rng)); cleanup: - return( ret ); + return ret; } /* * Generate key pair, wrapper for conventional base point */ -int mbedtls_ecp_gen_keypair( mbedtls_ecp_group *grp, - mbedtls_mpi *d, mbedtls_ecp_point *Q, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ) +int mbedtls_ecp_gen_keypair(mbedtls_ecp_group *grp, + mbedtls_mpi *d, mbedtls_ecp_point *Q, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng) { - ECP_VALIDATE_RET( grp != NULL ); - ECP_VALIDATE_RET( d != NULL ); - ECP_VALIDATE_RET( Q != NULL ); - ECP_VALIDATE_RET( f_rng != NULL ); + ECP_VALIDATE_RET(grp != NULL); + ECP_VALIDATE_RET(d != NULL); + ECP_VALIDATE_RET(Q != NULL); + ECP_VALIDATE_RET(f_rng != NULL); - return( mbedtls_ecp_gen_keypair_base( grp, &grp->G, d, Q, f_rng, p_rng ) ); + return mbedtls_ecp_gen_keypair_base(grp, &grp->G, d, Q, f_rng, p_rng); } /* * Generate a keypair, prettier wrapper */ -int mbedtls_ecp_gen_key( mbedtls_ecp_group_id grp_id, mbedtls_ecp_keypair *key, - int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) +int mbedtls_ecp_gen_key(mbedtls_ecp_group_id grp_id, mbedtls_ecp_keypair *key, + int (*f_rng)(void *, unsigned char *, size_t), void *p_rng) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - ECP_VALIDATE_RET( key != NULL ); - ECP_VALIDATE_RET( f_rng != NULL ); + ECP_VALIDATE_RET(key != NULL); + ECP_VALIDATE_RET(f_rng != NULL); - if( ( ret = mbedtls_ecp_group_load( &key->grp, grp_id ) ) != 0 ) - return( ret ); + if ((ret = mbedtls_ecp_group_load(&key->grp, grp_id)) != 0) { + return ret; + } - return( mbedtls_ecp_gen_keypair( &key->grp, &key->d, &key->Q, f_rng, p_rng ) ); + return mbedtls_ecp_gen_keypair(&key->grp, &key->d, &key->Q, f_rng, p_rng); } #define ECP_CURVE25519_KEY_SIZE 32 /* * Read a private key. */ -int mbedtls_ecp_read_key( mbedtls_ecp_group_id grp_id, mbedtls_ecp_keypair *key, - const unsigned char *buf, size_t buflen ) +int mbedtls_ecp_read_key(mbedtls_ecp_group_id grp_id, mbedtls_ecp_keypair *key, + const unsigned char *buf, size_t buflen) { int ret = 0; - ECP_VALIDATE_RET( key != NULL ); - ECP_VALIDATE_RET( buf != NULL ); + ECP_VALIDATE_RET(key != NULL); + ECP_VALIDATE_RET(buf != NULL); - if( ( ret = mbedtls_ecp_group_load( &key->grp, grp_id ) ) != 0 ) - return( ret ); + if ((ret = mbedtls_ecp_group_load(&key->grp, grp_id)) != 0) { + return ret; + } ret = MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE; #if defined(MBEDTLS_ECP_MONTGOMERY_ENABLED) - if( mbedtls_ecp_get_type( &key->grp ) == MBEDTLS_ECP_TYPE_MONTGOMERY ) - { + if (mbedtls_ecp_get_type(&key->grp) == MBEDTLS_ECP_TYPE_MONTGOMERY) { /* * If it is Curve25519 curve then mask the key as mandated by RFC7748 */ - if( grp_id == MBEDTLS_ECP_DP_CURVE25519 ) - { - if( buflen != ECP_CURVE25519_KEY_SIZE ) + if (grp_id == MBEDTLS_ECP_DP_CURVE25519) { + if (buflen != ECP_CURVE25519_KEY_SIZE) { return MBEDTLS_ERR_ECP_INVALID_KEY; + } - MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary_le( &key->d, buf, buflen ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary_le(&key->d, buf, buflen)); /* Set the three least significant bits to 0 */ - MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( &key->d, 0, 0 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( &key->d, 1, 0 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( &key->d, 2, 0 ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_set_bit(&key->d, 0, 0)); + MBEDTLS_MPI_CHK(mbedtls_mpi_set_bit(&key->d, 1, 0)); + MBEDTLS_MPI_CHK(mbedtls_mpi_set_bit(&key->d, 2, 0)); /* Set the most significant bit to 0 */ MBEDTLS_MPI_CHK( - mbedtls_mpi_set_bit( &key->d, - ECP_CURVE25519_KEY_SIZE * 8 - 1, 0 ) - ); + mbedtls_mpi_set_bit(&key->d, + ECP_CURVE25519_KEY_SIZE * 8 - 1, 0) + ); /* Set the second most significant bit to 1 */ MBEDTLS_MPI_CHK( - mbedtls_mpi_set_bit( &key->d, - ECP_CURVE25519_KEY_SIZE * 8 - 2, 1 ) - ); - } - else + mbedtls_mpi_set_bit(&key->d, + ECP_CURVE25519_KEY_SIZE * 8 - 2, 1) + ); + } else { ret = MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE; + } } #endif #if defined(MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED) - if( mbedtls_ecp_get_type( &key->grp ) == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS ) - { - MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &key->d, buf, buflen ) ); + if (mbedtls_ecp_get_type(&key->grp) == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS) { + MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&key->d, buf, buflen)); - MBEDTLS_MPI_CHK( mbedtls_ecp_check_privkey( &key->grp, &key->d ) ); + MBEDTLS_MPI_CHK(mbedtls_ecp_check_privkey(&key->grp, &key->d)); } #endif cleanup: - if( ret != 0 ) - mbedtls_mpi_free( &key->d ); + if (ret != 0) { + mbedtls_mpi_free(&key->d); + } - return( ret ); + return ret; } /* * Write a private key. */ -int mbedtls_ecp_write_key( mbedtls_ecp_keypair *key, - unsigned char *buf, size_t buflen ) +int mbedtls_ecp_write_key(mbedtls_ecp_keypair *key, + unsigned char *buf, size_t buflen) { int ret = MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE; - ECP_VALIDATE_RET( key != NULL ); - ECP_VALIDATE_RET( buf != NULL ); + ECP_VALIDATE_RET(key != NULL); + ECP_VALIDATE_RET(buf != NULL); #if defined(MBEDTLS_ECP_MONTGOMERY_ENABLED) - if( mbedtls_ecp_get_type( &key->grp ) == MBEDTLS_ECP_TYPE_MONTGOMERY ) - { - if( key->grp.id == MBEDTLS_ECP_DP_CURVE25519 ) - { - if( buflen < ECP_CURVE25519_KEY_SIZE ) + if (mbedtls_ecp_get_type(&key->grp) == MBEDTLS_ECP_TYPE_MONTGOMERY) { + if (key->grp.id == MBEDTLS_ECP_DP_CURVE25519) { + if (buflen < ECP_CURVE25519_KEY_SIZE) { return MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL; + } - MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary_le( &key->d, buf, buflen ) ); - } - else + MBEDTLS_MPI_CHK(mbedtls_mpi_write_binary_le(&key->d, buf, buflen)); + } else { ret = MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE; + } } #endif #if defined(MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED) - if( mbedtls_ecp_get_type( &key->grp ) == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS ) - { - MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &key->d, buf, buflen ) ); + if (mbedtls_ecp_get_type(&key->grp) == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS) { + MBEDTLS_MPI_CHK(mbedtls_mpi_write_binary(&key->d, buf, buflen)); } #endif cleanup: - return( ret ); + return ret; } /* * Check a public-private key pair */ -int mbedtls_ecp_check_pub_priv( const mbedtls_ecp_keypair *pub, const mbedtls_ecp_keypair *prv ) +int mbedtls_ecp_check_pub_priv(const mbedtls_ecp_keypair *pub, const mbedtls_ecp_keypair *prv) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_ecp_point Q; mbedtls_ecp_group grp; - ECP_VALIDATE_RET( pub != NULL ); - ECP_VALIDATE_RET( prv != NULL ); + ECP_VALIDATE_RET(pub != NULL); + ECP_VALIDATE_RET(prv != NULL); - if( pub->grp.id == MBEDTLS_ECP_DP_NONE || + if (pub->grp.id == MBEDTLS_ECP_DP_NONE || pub->grp.id != prv->grp.id || - mbedtls_mpi_cmp_mpi( &pub->Q.X, &prv->Q.X ) || - mbedtls_mpi_cmp_mpi( &pub->Q.Y, &prv->Q.Y ) || - mbedtls_mpi_cmp_mpi( &pub->Q.Z, &prv->Q.Z ) ) - { - return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); + mbedtls_mpi_cmp_mpi(&pub->Q.X, &prv->Q.X) || + mbedtls_mpi_cmp_mpi(&pub->Q.Y, &prv->Q.Y) || + mbedtls_mpi_cmp_mpi(&pub->Q.Z, &prv->Q.Z)) { + return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; } - mbedtls_ecp_point_init( &Q ); - mbedtls_ecp_group_init( &grp ); + mbedtls_ecp_point_init(&Q); + mbedtls_ecp_group_init(&grp); /* mbedtls_ecp_mul() needs a non-const group... */ - mbedtls_ecp_group_copy( &grp, &prv->grp ); + mbedtls_ecp_group_copy(&grp, &prv->grp); /* Also checks d is valid */ - MBEDTLS_MPI_CHK( mbedtls_ecp_mul( &grp, &Q, &prv->d, &prv->grp.G, NULL, NULL ) ); + MBEDTLS_MPI_CHK(mbedtls_ecp_mul(&grp, &Q, &prv->d, &prv->grp.G, NULL, NULL)); - if( mbedtls_mpi_cmp_mpi( &Q.X, &prv->Q.X ) || - mbedtls_mpi_cmp_mpi( &Q.Y, &prv->Q.Y ) || - mbedtls_mpi_cmp_mpi( &Q.Z, &prv->Q.Z ) ) - { + if (mbedtls_mpi_cmp_mpi(&Q.X, &prv->Q.X) || + mbedtls_mpi_cmp_mpi(&Q.Y, &prv->Q.Y) || + mbedtls_mpi_cmp_mpi(&Q.Z, &prv->Q.Z)) { ret = MBEDTLS_ERR_ECP_BAD_INPUT_DATA; goto cleanup; } cleanup: - mbedtls_ecp_point_free( &Q ); - mbedtls_ecp_group_free( &grp ); + mbedtls_ecp_point_free(&Q); + mbedtls_ecp_group_free(&grp); - return( ret ); + return ret; } #if defined(MBEDTLS_SELF_TEST) @@ -3405,26 +3446,25 @@ cleanup: /* Adjust the exponent to be a valid private point for the specified curve. * This is sometimes necessary because we use a single set of exponents * for all curves but the validity of values depends on the curve. */ -static int self_test_adjust_exponent( const mbedtls_ecp_group *grp, - mbedtls_mpi *m ) +static int self_test_adjust_exponent(const mbedtls_ecp_group *grp, + mbedtls_mpi *m) { int ret = 0; - switch( grp->id ) - { - /* If Curve25519 is available, then that's what we use for the - * Montgomery test, so we don't need the adjustment code. */ -#if ! defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) + switch (grp->id) { + /* If Curve25519 is available, then that's what we use for the + * Montgomery test, so we don't need the adjustment code. */ +#if !defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) #if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED) case MBEDTLS_ECP_DP_CURVE448: /* Move highest bit from 254 to N-1. Setting bit N-1 is * necessary to enforce the highest-bit-set constraint. */ - MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( m, 254, 0 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( m, grp->nbits, 1 ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_set_bit(m, 254, 0)); + MBEDTLS_MPI_CHK(mbedtls_mpi_set_bit(m, grp->nbits, 1)); /* Copy second-highest bit from 253 to N-2. This is not * necessary but improves the test variety a bit. */ MBEDTLS_MPI_CHK( - mbedtls_mpi_set_bit( m, grp->nbits - 1, - mbedtls_mpi_get_bit( m, 253 ) ) ); + mbedtls_mpi_set_bit(m, grp->nbits - 1, + mbedtls_mpi_get_bit(m, 253))); break; #endif #endif /* ! defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) */ @@ -3435,18 +3475,18 @@ static int self_test_adjust_exponent( const mbedtls_ecp_group *grp, goto cleanup; } cleanup: - return( ret ); + return ret; } /* Calculate R = m.P for each m in exponents. Check that the number of * basic operations doesn't depend on the value of m. */ -static int self_test_point( int verbose, - mbedtls_ecp_group *grp, - mbedtls_ecp_point *R, - mbedtls_mpi *m, - const mbedtls_ecp_point *P, - const char *const *exponents, - size_t n_exponents ) +static int self_test_point(int verbose, + mbedtls_ecp_group *grp, + mbedtls_ecp_point *R, + mbedtls_mpi *m, + const mbedtls_ecp_point *P, + const char *const *exponents, + size_t n_exponents) { int ret = 0; size_t i = 0; @@ -3455,12 +3495,11 @@ static int self_test_point( int verbose, dbl_count = 0; mul_count = 0; - MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( m, 16, exponents[0] ) ); - MBEDTLS_MPI_CHK( self_test_adjust_exponent( grp, m ) ); - MBEDTLS_MPI_CHK( mbedtls_ecp_mul( grp, R, m, P, NULL, NULL ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_read_string(m, 16, exponents[0])); + MBEDTLS_MPI_CHK(self_test_adjust_exponent(grp, m)); + MBEDTLS_MPI_CHK(mbedtls_ecp_mul(grp, R, m, P, NULL, NULL)); - for( i = 1; i < n_exponents; i++ ) - { + for (i = 1; i < n_exponents; i++) { add_c_prev = add_count; dbl_c_prev = dbl_count; mul_c_prev = mul_count; @@ -3468,34 +3507,33 @@ static int self_test_point( int verbose, dbl_count = 0; mul_count = 0; - MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( m, 16, exponents[i] ) ); - MBEDTLS_MPI_CHK( self_test_adjust_exponent( grp, m ) ); - MBEDTLS_MPI_CHK( mbedtls_ecp_mul( grp, R, m, P, NULL, NULL ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_read_string(m, 16, exponents[i])); + MBEDTLS_MPI_CHK(self_test_adjust_exponent(grp, m)); + MBEDTLS_MPI_CHK(mbedtls_ecp_mul(grp, R, m, P, NULL, NULL)); - if( add_count != add_c_prev || + if (add_count != add_c_prev || dbl_count != dbl_c_prev || - mul_count != mul_c_prev ) - { + mul_count != mul_c_prev) { ret = 1; break; } } cleanup: - if( verbose != 0 ) - { - if( ret != 0 ) - mbedtls_printf( "failed (%u)\n", (unsigned int) i ); - else - mbedtls_printf( "passed\n" ); + if (verbose != 0) { + if (ret != 0) { + mbedtls_printf("failed (%u)\n", (unsigned int) i); + } else { + mbedtls_printf("passed\n"); + } } - return( ret ); + return ret; } /* * Checkup routine */ -int mbedtls_ecp_self_test( int verbose ) +int mbedtls_ecp_self_test(int verbose) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_ecp_group grp; @@ -3531,77 +3569,85 @@ int mbedtls_ecp_self_test( int verbose ) }; #endif /* MBEDTLS_ECP_MONTGOMERY_ENABLED */ - mbedtls_ecp_group_init( &grp ); - mbedtls_ecp_point_init( &R ); - mbedtls_ecp_point_init( &P ); - mbedtls_mpi_init( &m ); + mbedtls_ecp_group_init(&grp); + mbedtls_ecp_point_init(&R); + mbedtls_ecp_point_init(&P); + mbedtls_mpi_init(&m); #if defined(MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED) /* Use secp192r1 if available, or any available curve */ #if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) - MBEDTLS_MPI_CHK( mbedtls_ecp_group_load( &grp, MBEDTLS_ECP_DP_SECP192R1 ) ); + MBEDTLS_MPI_CHK(mbedtls_ecp_group_load(&grp, MBEDTLS_ECP_DP_SECP192R1)); #else - MBEDTLS_MPI_CHK( mbedtls_ecp_group_load( &grp, mbedtls_ecp_curve_list()->grp_id ) ); + MBEDTLS_MPI_CHK(mbedtls_ecp_group_load(&grp, mbedtls_ecp_curve_list()->grp_id)); #endif - if( verbose != 0 ) - mbedtls_printf( " ECP SW test #1 (constant op_count, base point G): " ); + if (verbose != 0) { + mbedtls_printf(" ECP SW test #1 (constant op_count, base point G): "); + } /* Do a dummy multiplication first to trigger precomputation */ - MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &m, 2 ) ); - MBEDTLS_MPI_CHK( mbedtls_ecp_mul( &grp, &P, &m, &grp.G, NULL, NULL ) ); - ret = self_test_point( verbose, - &grp, &R, &m, &grp.G, - sw_exponents, - sizeof( sw_exponents ) / sizeof( sw_exponents[0] )); - if( ret != 0 ) + MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&m, 2)); + MBEDTLS_MPI_CHK(mbedtls_ecp_mul(&grp, &P, &m, &grp.G, NULL, NULL)); + ret = self_test_point(verbose, + &grp, &R, &m, &grp.G, + sw_exponents, + sizeof(sw_exponents) / sizeof(sw_exponents[0])); + if (ret != 0) { goto cleanup; + } - if( verbose != 0 ) - mbedtls_printf( " ECP SW test #2 (constant op_count, other point): " ); + if (verbose != 0) { + mbedtls_printf(" ECP SW test #2 (constant op_count, other point): "); + } /* We computed P = 2G last time, use it */ - ret = self_test_point( verbose, - &grp, &R, &m, &P, - sw_exponents, - sizeof( sw_exponents ) / sizeof( sw_exponents[0] )); - if( ret != 0 ) + ret = self_test_point(verbose, + &grp, &R, &m, &P, + sw_exponents, + sizeof(sw_exponents) / sizeof(sw_exponents[0])); + if (ret != 0) { goto cleanup; + } - mbedtls_ecp_group_free( &grp ); - mbedtls_ecp_point_free( &R ); + mbedtls_ecp_group_free(&grp); + mbedtls_ecp_point_free(&R); #endif /* MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED */ #if defined(MBEDTLS_ECP_MONTGOMERY_ENABLED) - if( verbose != 0 ) - mbedtls_printf( " ECP Montgomery test (constant op_count): " ); + if (verbose != 0) { + mbedtls_printf(" ECP Montgomery test (constant op_count): "); + } #if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) - MBEDTLS_MPI_CHK( mbedtls_ecp_group_load( &grp, MBEDTLS_ECP_DP_CURVE25519 ) ); + MBEDTLS_MPI_CHK(mbedtls_ecp_group_load(&grp, MBEDTLS_ECP_DP_CURVE25519)); #elif defined(MBEDTLS_ECP_DP_CURVE448_ENABLED) - MBEDTLS_MPI_CHK( mbedtls_ecp_group_load( &grp, MBEDTLS_ECP_DP_CURVE448 ) ); + MBEDTLS_MPI_CHK(mbedtls_ecp_group_load(&grp, MBEDTLS_ECP_DP_CURVE448)); #else #error "MBEDTLS_ECP_MONTGOMERY_ENABLED is defined, but no curve is supported for self-test" #endif - ret = self_test_point( verbose, - &grp, &R, &m, &grp.G, - m_exponents, - sizeof( m_exponents ) / sizeof( m_exponents[0] )); - if( ret != 0 ) + ret = self_test_point(verbose, + &grp, &R, &m, &grp.G, + m_exponents, + sizeof(m_exponents) / sizeof(m_exponents[0])); + if (ret != 0) { goto cleanup; + } #endif /* MBEDTLS_ECP_MONTGOMERY_ENABLED */ cleanup: - if( ret < 0 && verbose != 0 ) - mbedtls_printf( "Unexpected error, return code = %08X\n", (unsigned int) ret ); + if (ret < 0 && verbose != 0) { + mbedtls_printf("Unexpected error, return code = %08X\n", (unsigned int) ret); + } - mbedtls_ecp_group_free( &grp ); - mbedtls_ecp_point_free( &R ); - mbedtls_ecp_point_free( &P ); - mbedtls_mpi_free( &m ); + mbedtls_ecp_group_free(&grp); + mbedtls_ecp_point_free(&R); + mbedtls_ecp_point_free(&P); + mbedtls_mpi_free(&m); - if( verbose != 0 ) - mbedtls_printf( "\n" ); + if (verbose != 0) { + mbedtls_printf("\n"); + } - return( ret ); + return ret; } #endif /* MBEDTLS_SELF_TEST */ diff --git a/thirdparty/mbedtls/library/ecp_curves.c b/thirdparty/mbedtls/library/ecp_curves.c index 47761eef4e..6ce4f64c16 100644 --- a/thirdparty/mbedtls/library/ecp_curves.c +++ b/thirdparty/mbedtls/library/ecp_curves.c @@ -33,12 +33,12 @@ #if !defined(MBEDTLS_ECP_ALT) /* Parameter validation macros based on platform_util.h */ -#define ECP_VALIDATE_RET( cond ) \ - MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_ECP_BAD_INPUT_DATA ) -#define ECP_VALIDATE( cond ) \ - MBEDTLS_INTERNAL_VALIDATE( cond ) +#define ECP_VALIDATE_RET(cond) \ + MBEDTLS_INTERNAL_VALIDATE_RET(cond, MBEDTLS_ERR_ECP_BAD_INPUT_DATA) +#define ECP_VALIDATE(cond) \ + MBEDTLS_INTERNAL_VALIDATE(cond) -#define ECP_MPI_INIT(s, n, p) {s, (n), (mbedtls_mpi_uint *)(p)} +#define ECP_MPI_INIT(s, n, p) { s, (n), (mbedtls_mpi_uint *) (p) } #define ECP_MPI_INIT_ARRAY(x) \ ECP_MPI_INIT(1, sizeof(x) / sizeof(mbedtls_mpi_uint), x) @@ -53,29 +53,29 @@ */ #if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) static const mbedtls_mpi_uint secp192r1_p[] = { - MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ), - MBEDTLS_BYTES_TO_T_UINT_8( 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ), - MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ), + MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), + MBEDTLS_BYTES_TO_T_UINT_8(0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), + MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), }; static const mbedtls_mpi_uint secp192r1_b[] = { - MBEDTLS_BYTES_TO_T_UINT_8( 0xB1, 0xB9, 0x46, 0xC1, 0xEC, 0xDE, 0xB8, 0xFE ), - MBEDTLS_BYTES_TO_T_UINT_8( 0x49, 0x30, 0x24, 0x72, 0xAB, 0xE9, 0xA7, 0x0F ), - MBEDTLS_BYTES_TO_T_UINT_8( 0xE7, 0x80, 0x9C, 0xE5, 0x19, 0x05, 0x21, 0x64 ), + MBEDTLS_BYTES_TO_T_UINT_8(0xB1, 0xB9, 0x46, 0xC1, 0xEC, 0xDE, 0xB8, 0xFE), + MBEDTLS_BYTES_TO_T_UINT_8(0x49, 0x30, 0x24, 0x72, 0xAB, 0xE9, 0xA7, 0x0F), + MBEDTLS_BYTES_TO_T_UINT_8(0xE7, 0x80, 0x9C, 0xE5, 0x19, 0x05, 0x21, 0x64), }; static const mbedtls_mpi_uint secp192r1_gx[] = { - MBEDTLS_BYTES_TO_T_UINT_8( 0x12, 0x10, 0xFF, 0x82, 0xFD, 0x0A, 0xFF, 0xF4 ), - MBEDTLS_BYTES_TO_T_UINT_8( 0x00, 0x88, 0xA1, 0x43, 0xEB, 0x20, 0xBF, 0x7C ), - MBEDTLS_BYTES_TO_T_UINT_8( 0xF6, 0x90, 0x30, 0xB0, 0x0E, 0xA8, 0x8D, 0x18 ), + MBEDTLS_BYTES_TO_T_UINT_8(0x12, 0x10, 0xFF, 0x82, 0xFD, 0x0A, 0xFF, 0xF4), + MBEDTLS_BYTES_TO_T_UINT_8(0x00, 0x88, 0xA1, 0x43, 0xEB, 0x20, 0xBF, 0x7C), + MBEDTLS_BYTES_TO_T_UINT_8(0xF6, 0x90, 0x30, 0xB0, 0x0E, 0xA8, 0x8D, 0x18), }; static const mbedtls_mpi_uint secp192r1_gy[] = { - MBEDTLS_BYTES_TO_T_UINT_8( 0x11, 0x48, 0x79, 0x1E, 0xA1, 0x77, 0xF9, 0x73 ), - MBEDTLS_BYTES_TO_T_UINT_8( 0xD5, 0xCD, 0x24, 0x6B, 0xED, 0x11, 0x10, 0x63 ), - MBEDTLS_BYTES_TO_T_UINT_8( 0x78, 0xDA, 0xC8, 0xFF, 0x95, 0x2B, 0x19, 0x07 ), + MBEDTLS_BYTES_TO_T_UINT_8(0x11, 0x48, 0x79, 0x1E, 0xA1, 0x77, 0xF9, 0x73), + MBEDTLS_BYTES_TO_T_UINT_8(0xD5, 0xCD, 0x24, 0x6B, 0xED, 0x11, 0x10, 0x63), + MBEDTLS_BYTES_TO_T_UINT_8(0x78, 0xDA, 0xC8, 0xFF, 0x95, 0x2B, 0x19, 0x07), }; static const mbedtls_mpi_uint secp192r1_n[] = { - MBEDTLS_BYTES_TO_T_UINT_8( 0x31, 0x28, 0xD2, 0xB4, 0xB1, 0xC9, 0x6B, 0x14 ), - MBEDTLS_BYTES_TO_T_UINT_8( 0x36, 0xF8, 0xDE, 0x99, 0xFF, 0xFF, 0xFF, 0xFF ), - MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ), + MBEDTLS_BYTES_TO_T_UINT_8(0x31, 0x28, 0xD2, 0xB4, 0xB1, 0xC9, 0x6B, 0x14), + MBEDTLS_BYTES_TO_T_UINT_8(0x36, 0xF8, 0xDE, 0x99, 0xFF, 0xFF, 0xFF, 0xFF), + MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), }; #endif /* MBEDTLS_ECP_DP_SECP192R1_ENABLED */ @@ -84,34 +84,34 @@ static const mbedtls_mpi_uint secp192r1_n[] = { */ #if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) static const mbedtls_mpi_uint secp224r1_p[] = { - MBEDTLS_BYTES_TO_T_UINT_8( 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ), - MBEDTLS_BYTES_TO_T_UINT_8( 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF ), - MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ), - MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00 ), + MBEDTLS_BYTES_TO_T_UINT_8(0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00), + MBEDTLS_BYTES_TO_T_UINT_8(0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF), + MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), + MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00), }; static const mbedtls_mpi_uint secp224r1_b[] = { - MBEDTLS_BYTES_TO_T_UINT_8( 0xB4, 0xFF, 0x55, 0x23, 0x43, 0x39, 0x0B, 0x27 ), - MBEDTLS_BYTES_TO_T_UINT_8( 0xBA, 0xD8, 0xBF, 0xD7, 0xB7, 0xB0, 0x44, 0x50 ), - MBEDTLS_BYTES_TO_T_UINT_8( 0x56, 0x32, 0x41, 0xF5, 0xAB, 0xB3, 0x04, 0x0C ), - MBEDTLS_BYTES_TO_T_UINT_4( 0x85, 0x0A, 0x05, 0xB4 ), + MBEDTLS_BYTES_TO_T_UINT_8(0xB4, 0xFF, 0x55, 0x23, 0x43, 0x39, 0x0B, 0x27), + MBEDTLS_BYTES_TO_T_UINT_8(0xBA, 0xD8, 0xBF, 0xD7, 0xB7, 0xB0, 0x44, 0x50), + MBEDTLS_BYTES_TO_T_UINT_8(0x56, 0x32, 0x41, 0xF5, 0xAB, 0xB3, 0x04, 0x0C), + MBEDTLS_BYTES_TO_T_UINT_4(0x85, 0x0A, 0x05, 0xB4), }; static const mbedtls_mpi_uint secp224r1_gx[] = { - MBEDTLS_BYTES_TO_T_UINT_8( 0x21, 0x1D, 0x5C, 0x11, 0xD6, 0x80, 0x32, 0x34 ), - MBEDTLS_BYTES_TO_T_UINT_8( 0x22, 0x11, 0xC2, 0x56, 0xD3, 0xC1, 0x03, 0x4A ), - MBEDTLS_BYTES_TO_T_UINT_8( 0xB9, 0x90, 0x13, 0x32, 0x7F, 0xBF, 0xB4, 0x6B ), - MBEDTLS_BYTES_TO_T_UINT_4( 0xBD, 0x0C, 0x0E, 0xB7 ), + MBEDTLS_BYTES_TO_T_UINT_8(0x21, 0x1D, 0x5C, 0x11, 0xD6, 0x80, 0x32, 0x34), + MBEDTLS_BYTES_TO_T_UINT_8(0x22, 0x11, 0xC2, 0x56, 0xD3, 0xC1, 0x03, 0x4A), + MBEDTLS_BYTES_TO_T_UINT_8(0xB9, 0x90, 0x13, 0x32, 0x7F, 0xBF, 0xB4, 0x6B), + MBEDTLS_BYTES_TO_T_UINT_4(0xBD, 0x0C, 0x0E, 0xB7), }; static const mbedtls_mpi_uint secp224r1_gy[] = { - MBEDTLS_BYTES_TO_T_UINT_8( 0x34, 0x7E, 0x00, 0x85, 0x99, 0x81, 0xD5, 0x44 ), - MBEDTLS_BYTES_TO_T_UINT_8( 0x64, 0x47, 0x07, 0x5A, 0xA0, 0x75, 0x43, 0xCD ), - MBEDTLS_BYTES_TO_T_UINT_8( 0xE6, 0xDF, 0x22, 0x4C, 0xFB, 0x23, 0xF7, 0xB5 ), - MBEDTLS_BYTES_TO_T_UINT_4( 0x88, 0x63, 0x37, 0xBD ), + MBEDTLS_BYTES_TO_T_UINT_8(0x34, 0x7E, 0x00, 0x85, 0x99, 0x81, 0xD5, 0x44), + MBEDTLS_BYTES_TO_T_UINT_8(0x64, 0x47, 0x07, 0x5A, 0xA0, 0x75, 0x43, 0xCD), + MBEDTLS_BYTES_TO_T_UINT_8(0xE6, 0xDF, 0x22, 0x4C, 0xFB, 0x23, 0xF7, 0xB5), + MBEDTLS_BYTES_TO_T_UINT_4(0x88, 0x63, 0x37, 0xBD), }; static const mbedtls_mpi_uint secp224r1_n[] = { - MBEDTLS_BYTES_TO_T_UINT_8( 0x3D, 0x2A, 0x5C, 0x5C, 0x45, 0x29, 0xDD, 0x13 ), - MBEDTLS_BYTES_TO_T_UINT_8( 0x3E, 0xF0, 0xB8, 0xE0, 0xA2, 0x16, 0xFF, 0xFF ), - MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ), - MBEDTLS_BYTES_TO_T_UINT_4( 0xFF, 0xFF, 0xFF, 0xFF ), + MBEDTLS_BYTES_TO_T_UINT_8(0x3D, 0x2A, 0x5C, 0x5C, 0x45, 0x29, 0xDD, 0x13), + MBEDTLS_BYTES_TO_T_UINT_8(0x3E, 0xF0, 0xB8, 0xE0, 0xA2, 0x16, 0xFF, 0xFF), + MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), + MBEDTLS_BYTES_TO_T_UINT_4(0xFF, 0xFF, 0xFF, 0xFF), }; #endif /* MBEDTLS_ECP_DP_SECP224R1_ENABLED */ @@ -120,34 +120,34 @@ static const mbedtls_mpi_uint secp224r1_n[] = { */ #if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) static const mbedtls_mpi_uint secp256r1_p[] = { - MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ), - MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00 ), - MBEDTLS_BYTES_TO_T_UINT_8( 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ), - MBEDTLS_BYTES_TO_T_UINT_8( 0x01, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF ), + MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), + MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00), + MBEDTLS_BYTES_TO_T_UINT_8(0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00), + MBEDTLS_BYTES_TO_T_UINT_8(0x01, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF), }; static const mbedtls_mpi_uint secp256r1_b[] = { - MBEDTLS_BYTES_TO_T_UINT_8( 0x4B, 0x60, 0xD2, 0x27, 0x3E, 0x3C, 0xCE, 0x3B ), - MBEDTLS_BYTES_TO_T_UINT_8( 0xF6, 0xB0, 0x53, 0xCC, 0xB0, 0x06, 0x1D, 0x65 ), - MBEDTLS_BYTES_TO_T_UINT_8( 0xBC, 0x86, 0x98, 0x76, 0x55, 0xBD, 0xEB, 0xB3 ), - MBEDTLS_BYTES_TO_T_UINT_8( 0xE7, 0x93, 0x3A, 0xAA, 0xD8, 0x35, 0xC6, 0x5A ), + MBEDTLS_BYTES_TO_T_UINT_8(0x4B, 0x60, 0xD2, 0x27, 0x3E, 0x3C, 0xCE, 0x3B), + MBEDTLS_BYTES_TO_T_UINT_8(0xF6, 0xB0, 0x53, 0xCC, 0xB0, 0x06, 0x1D, 0x65), + MBEDTLS_BYTES_TO_T_UINT_8(0xBC, 0x86, 0x98, 0x76, 0x55, 0xBD, 0xEB, 0xB3), + MBEDTLS_BYTES_TO_T_UINT_8(0xE7, 0x93, 0x3A, 0xAA, 0xD8, 0x35, 0xC6, 0x5A), }; static const mbedtls_mpi_uint secp256r1_gx[] = { - MBEDTLS_BYTES_TO_T_UINT_8( 0x96, 0xC2, 0x98, 0xD8, 0x45, 0x39, 0xA1, 0xF4 ), - MBEDTLS_BYTES_TO_T_UINT_8( 0xA0, 0x33, 0xEB, 0x2D, 0x81, 0x7D, 0x03, 0x77 ), - MBEDTLS_BYTES_TO_T_UINT_8( 0xF2, 0x40, 0xA4, 0x63, 0xE5, 0xE6, 0xBC, 0xF8 ), - MBEDTLS_BYTES_TO_T_UINT_8( 0x47, 0x42, 0x2C, 0xE1, 0xF2, 0xD1, 0x17, 0x6B ), + MBEDTLS_BYTES_TO_T_UINT_8(0x96, 0xC2, 0x98, 0xD8, 0x45, 0x39, 0xA1, 0xF4), + MBEDTLS_BYTES_TO_T_UINT_8(0xA0, 0x33, 0xEB, 0x2D, 0x81, 0x7D, 0x03, 0x77), + MBEDTLS_BYTES_TO_T_UINT_8(0xF2, 0x40, 0xA4, 0x63, 0xE5, 0xE6, 0xBC, 0xF8), + MBEDTLS_BYTES_TO_T_UINT_8(0x47, 0x42, 0x2C, 0xE1, 0xF2, 0xD1, 0x17, 0x6B), }; static const mbedtls_mpi_uint secp256r1_gy[] = { - MBEDTLS_BYTES_TO_T_UINT_8( 0xF5, 0x51, 0xBF, 0x37, 0x68, 0x40, 0xB6, 0xCB ), - MBEDTLS_BYTES_TO_T_UINT_8( 0xCE, 0x5E, 0x31, 0x6B, 0x57, 0x33, 0xCE, 0x2B ), - MBEDTLS_BYTES_TO_T_UINT_8( 0x16, 0x9E, 0x0F, 0x7C, 0x4A, 0xEB, 0xE7, 0x8E ), - MBEDTLS_BYTES_TO_T_UINT_8( 0x9B, 0x7F, 0x1A, 0xFE, 0xE2, 0x42, 0xE3, 0x4F ), + MBEDTLS_BYTES_TO_T_UINT_8(0xF5, 0x51, 0xBF, 0x37, 0x68, 0x40, 0xB6, 0xCB), + MBEDTLS_BYTES_TO_T_UINT_8(0xCE, 0x5E, 0x31, 0x6B, 0x57, 0x33, 0xCE, 0x2B), + MBEDTLS_BYTES_TO_T_UINT_8(0x16, 0x9E, 0x0F, 0x7C, 0x4A, 0xEB, 0xE7, 0x8E), + MBEDTLS_BYTES_TO_T_UINT_8(0x9B, 0x7F, 0x1A, 0xFE, 0xE2, 0x42, 0xE3, 0x4F), }; static const mbedtls_mpi_uint secp256r1_n[] = { - MBEDTLS_BYTES_TO_T_UINT_8( 0x51, 0x25, 0x63, 0xFC, 0xC2, 0xCA, 0xB9, 0xF3 ), - MBEDTLS_BYTES_TO_T_UINT_8( 0x84, 0x9E, 0x17, 0xA7, 0xAD, 0xFA, 0xE6, 0xBC ), - MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ), - MBEDTLS_BYTES_TO_T_UINT_8( 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF ), + MBEDTLS_BYTES_TO_T_UINT_8(0x51, 0x25, 0x63, 0xFC, 0xC2, 0xCA, 0xB9, 0xF3), + MBEDTLS_BYTES_TO_T_UINT_8(0x84, 0x9E, 0x17, 0xA7, 0xAD, 0xFA, 0xE6, 0xBC), + MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), + MBEDTLS_BYTES_TO_T_UINT_8(0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF), }; #endif /* MBEDTLS_ECP_DP_SECP256R1_ENABLED */ @@ -156,44 +156,44 @@ static const mbedtls_mpi_uint secp256r1_n[] = { */ #if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) static const mbedtls_mpi_uint secp384r1_p[] = { - MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00 ), - MBEDTLS_BYTES_TO_T_UINT_8( 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF ), - MBEDTLS_BYTES_TO_T_UINT_8( 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ), - MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ), - MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ), - MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ), + MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00), + MBEDTLS_BYTES_TO_T_UINT_8(0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF), + MBEDTLS_BYTES_TO_T_UINT_8(0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), + MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), + MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), + MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), }; static const mbedtls_mpi_uint secp384r1_b[] = { - MBEDTLS_BYTES_TO_T_UINT_8( 0xEF, 0x2A, 0xEC, 0xD3, 0xED, 0xC8, 0x85, 0x2A ), - MBEDTLS_BYTES_TO_T_UINT_8( 0x9D, 0xD1, 0x2E, 0x8A, 0x8D, 0x39, 0x56, 0xC6 ), - MBEDTLS_BYTES_TO_T_UINT_8( 0x5A, 0x87, 0x13, 0x50, 0x8F, 0x08, 0x14, 0x03 ), - MBEDTLS_BYTES_TO_T_UINT_8( 0x12, 0x41, 0x81, 0xFE, 0x6E, 0x9C, 0x1D, 0x18 ), - MBEDTLS_BYTES_TO_T_UINT_8( 0x19, 0x2D, 0xF8, 0xE3, 0x6B, 0x05, 0x8E, 0x98 ), - MBEDTLS_BYTES_TO_T_UINT_8( 0xE4, 0xE7, 0x3E, 0xE2, 0xA7, 0x2F, 0x31, 0xB3 ), + MBEDTLS_BYTES_TO_T_UINT_8(0xEF, 0x2A, 0xEC, 0xD3, 0xED, 0xC8, 0x85, 0x2A), + MBEDTLS_BYTES_TO_T_UINT_8(0x9D, 0xD1, 0x2E, 0x8A, 0x8D, 0x39, 0x56, 0xC6), + MBEDTLS_BYTES_TO_T_UINT_8(0x5A, 0x87, 0x13, 0x50, 0x8F, 0x08, 0x14, 0x03), + MBEDTLS_BYTES_TO_T_UINT_8(0x12, 0x41, 0x81, 0xFE, 0x6E, 0x9C, 0x1D, 0x18), + MBEDTLS_BYTES_TO_T_UINT_8(0x19, 0x2D, 0xF8, 0xE3, 0x6B, 0x05, 0x8E, 0x98), + MBEDTLS_BYTES_TO_T_UINT_8(0xE4, 0xE7, 0x3E, 0xE2, 0xA7, 0x2F, 0x31, 0xB3), }; static const mbedtls_mpi_uint secp384r1_gx[] = { - MBEDTLS_BYTES_TO_T_UINT_8( 0xB7, 0x0A, 0x76, 0x72, 0x38, 0x5E, 0x54, 0x3A ), - MBEDTLS_BYTES_TO_T_UINT_8( 0x6C, 0x29, 0x55, 0xBF, 0x5D, 0xF2, 0x02, 0x55 ), - MBEDTLS_BYTES_TO_T_UINT_8( 0x38, 0x2A, 0x54, 0x82, 0xE0, 0x41, 0xF7, 0x59 ), - MBEDTLS_BYTES_TO_T_UINT_8( 0x98, 0x9B, 0xA7, 0x8B, 0x62, 0x3B, 0x1D, 0x6E ), - MBEDTLS_BYTES_TO_T_UINT_8( 0x74, 0xAD, 0x20, 0xF3, 0x1E, 0xC7, 0xB1, 0x8E ), - MBEDTLS_BYTES_TO_T_UINT_8( 0x37, 0x05, 0x8B, 0xBE, 0x22, 0xCA, 0x87, 0xAA ), + MBEDTLS_BYTES_TO_T_UINT_8(0xB7, 0x0A, 0x76, 0x72, 0x38, 0x5E, 0x54, 0x3A), + MBEDTLS_BYTES_TO_T_UINT_8(0x6C, 0x29, 0x55, 0xBF, 0x5D, 0xF2, 0x02, 0x55), + MBEDTLS_BYTES_TO_T_UINT_8(0x38, 0x2A, 0x54, 0x82, 0xE0, 0x41, 0xF7, 0x59), + MBEDTLS_BYTES_TO_T_UINT_8(0x98, 0x9B, 0xA7, 0x8B, 0x62, 0x3B, 0x1D, 0x6E), + MBEDTLS_BYTES_TO_T_UINT_8(0x74, 0xAD, 0x20, 0xF3, 0x1E, 0xC7, 0xB1, 0x8E), + MBEDTLS_BYTES_TO_T_UINT_8(0x37, 0x05, 0x8B, 0xBE, 0x22, 0xCA, 0x87, 0xAA), }; static const mbedtls_mpi_uint secp384r1_gy[] = { - MBEDTLS_BYTES_TO_T_UINT_8( 0x5F, 0x0E, 0xEA, 0x90, 0x7C, 0x1D, 0x43, 0x7A ), - MBEDTLS_BYTES_TO_T_UINT_8( 0x9D, 0x81, 0x7E, 0x1D, 0xCE, 0xB1, 0x60, 0x0A ), - MBEDTLS_BYTES_TO_T_UINT_8( 0xC0, 0xB8, 0xF0, 0xB5, 0x13, 0x31, 0xDA, 0xE9 ), - MBEDTLS_BYTES_TO_T_UINT_8( 0x7C, 0x14, 0x9A, 0x28, 0xBD, 0x1D, 0xF4, 0xF8 ), - MBEDTLS_BYTES_TO_T_UINT_8( 0x29, 0xDC, 0x92, 0x92, 0xBF, 0x98, 0x9E, 0x5D ), - MBEDTLS_BYTES_TO_T_UINT_8( 0x6F, 0x2C, 0x26, 0x96, 0x4A, 0xDE, 0x17, 0x36 ), + MBEDTLS_BYTES_TO_T_UINT_8(0x5F, 0x0E, 0xEA, 0x90, 0x7C, 0x1D, 0x43, 0x7A), + MBEDTLS_BYTES_TO_T_UINT_8(0x9D, 0x81, 0x7E, 0x1D, 0xCE, 0xB1, 0x60, 0x0A), + MBEDTLS_BYTES_TO_T_UINT_8(0xC0, 0xB8, 0xF0, 0xB5, 0x13, 0x31, 0xDA, 0xE9), + MBEDTLS_BYTES_TO_T_UINT_8(0x7C, 0x14, 0x9A, 0x28, 0xBD, 0x1D, 0xF4, 0xF8), + MBEDTLS_BYTES_TO_T_UINT_8(0x29, 0xDC, 0x92, 0x92, 0xBF, 0x98, 0x9E, 0x5D), + MBEDTLS_BYTES_TO_T_UINT_8(0x6F, 0x2C, 0x26, 0x96, 0x4A, 0xDE, 0x17, 0x36), }; static const mbedtls_mpi_uint secp384r1_n[] = { - MBEDTLS_BYTES_TO_T_UINT_8( 0x73, 0x29, 0xC5, 0xCC, 0x6A, 0x19, 0xEC, 0xEC ), - MBEDTLS_BYTES_TO_T_UINT_8( 0x7A, 0xA7, 0xB0, 0x48, 0xB2, 0x0D, 0x1A, 0x58 ), - MBEDTLS_BYTES_TO_T_UINT_8( 0xDF, 0x2D, 0x37, 0xF4, 0x81, 0x4D, 0x63, 0xC7 ), - MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ), - MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ), - MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ), + MBEDTLS_BYTES_TO_T_UINT_8(0x73, 0x29, 0xC5, 0xCC, 0x6A, 0x19, 0xEC, 0xEC), + MBEDTLS_BYTES_TO_T_UINT_8(0x7A, 0xA7, 0xB0, 0x48, 0xB2, 0x0D, 0x1A, 0x58), + MBEDTLS_BYTES_TO_T_UINT_8(0xDF, 0x2D, 0x37, 0xF4, 0x81, 0x4D, 0x63, 0xC7), + MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), + MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), + MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), }; #endif /* MBEDTLS_ECP_DP_SECP384R1_ENABLED */ @@ -202,154 +202,154 @@ static const mbedtls_mpi_uint secp384r1_n[] = { */ #if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) static const mbedtls_mpi_uint secp521r1_p[] = { - MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ), - MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ), - MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ), - MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ), - MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ), - MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ), - MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ), - MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ), - MBEDTLS_BYTES_TO_T_UINT_2( 0xFF, 0x01 ), + MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), + MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), + MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), + MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), + MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), + MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), + MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), + MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), + MBEDTLS_BYTES_TO_T_UINT_2(0xFF, 0x01), }; static const mbedtls_mpi_uint secp521r1_b[] = { - MBEDTLS_BYTES_TO_T_UINT_8( 0x00, 0x3F, 0x50, 0x6B, 0xD4, 0x1F, 0x45, 0xEF ), - MBEDTLS_BYTES_TO_T_UINT_8( 0xF1, 0x34, 0x2C, 0x3D, 0x88, 0xDF, 0x73, 0x35 ), - MBEDTLS_BYTES_TO_T_UINT_8( 0x07, 0xBF, 0xB1, 0x3B, 0xBD, 0xC0, 0x52, 0x16 ), - MBEDTLS_BYTES_TO_T_UINT_8( 0x7B, 0x93, 0x7E, 0xEC, 0x51, 0x39, 0x19, 0x56 ), - MBEDTLS_BYTES_TO_T_UINT_8( 0xE1, 0x09, 0xF1, 0x8E, 0x91, 0x89, 0xB4, 0xB8 ), - MBEDTLS_BYTES_TO_T_UINT_8( 0xF3, 0x15, 0xB3, 0x99, 0x5B, 0x72, 0xDA, 0xA2 ), - MBEDTLS_BYTES_TO_T_UINT_8( 0xEE, 0x40, 0x85, 0xB6, 0xA0, 0x21, 0x9A, 0x92 ), - MBEDTLS_BYTES_TO_T_UINT_8( 0x1F, 0x9A, 0x1C, 0x8E, 0x61, 0xB9, 0x3E, 0x95 ), - MBEDTLS_BYTES_TO_T_UINT_2( 0x51, 0x00 ), + MBEDTLS_BYTES_TO_T_UINT_8(0x00, 0x3F, 0x50, 0x6B, 0xD4, 0x1F, 0x45, 0xEF), + MBEDTLS_BYTES_TO_T_UINT_8(0xF1, 0x34, 0x2C, 0x3D, 0x88, 0xDF, 0x73, 0x35), + MBEDTLS_BYTES_TO_T_UINT_8(0x07, 0xBF, 0xB1, 0x3B, 0xBD, 0xC0, 0x52, 0x16), + MBEDTLS_BYTES_TO_T_UINT_8(0x7B, 0x93, 0x7E, 0xEC, 0x51, 0x39, 0x19, 0x56), + MBEDTLS_BYTES_TO_T_UINT_8(0xE1, 0x09, 0xF1, 0x8E, 0x91, 0x89, 0xB4, 0xB8), + MBEDTLS_BYTES_TO_T_UINT_8(0xF3, 0x15, 0xB3, 0x99, 0x5B, 0x72, 0xDA, 0xA2), + MBEDTLS_BYTES_TO_T_UINT_8(0xEE, 0x40, 0x85, 0xB6, 0xA0, 0x21, 0x9A, 0x92), + MBEDTLS_BYTES_TO_T_UINT_8(0x1F, 0x9A, 0x1C, 0x8E, 0x61, 0xB9, 0x3E, 0x95), + MBEDTLS_BYTES_TO_T_UINT_2(0x51, 0x00), }; static const mbedtls_mpi_uint secp521r1_gx[] = { - MBEDTLS_BYTES_TO_T_UINT_8( 0x66, 0xBD, 0xE5, 0xC2, 0x31, 0x7E, 0x7E, 0xF9 ), - MBEDTLS_BYTES_TO_T_UINT_8( 0x9B, 0x42, 0x6A, 0x85, 0xC1, 0xB3, 0x48, 0x33 ), - MBEDTLS_BYTES_TO_T_UINT_8( 0xDE, 0xA8, 0xFF, 0xA2, 0x27, 0xC1, 0x1D, 0xFE ), - MBEDTLS_BYTES_TO_T_UINT_8( 0x28, 0x59, 0xE7, 0xEF, 0x77, 0x5E, 0x4B, 0xA1 ), - MBEDTLS_BYTES_TO_T_UINT_8( 0xBA, 0x3D, 0x4D, 0x6B, 0x60, 0xAF, 0x28, 0xF8 ), - MBEDTLS_BYTES_TO_T_UINT_8( 0x21, 0xB5, 0x3F, 0x05, 0x39, 0x81, 0x64, 0x9C ), - MBEDTLS_BYTES_TO_T_UINT_8( 0x42, 0xB4, 0x95, 0x23, 0x66, 0xCB, 0x3E, 0x9E ), - MBEDTLS_BYTES_TO_T_UINT_8( 0xCD, 0xE9, 0x04, 0x04, 0xB7, 0x06, 0x8E, 0x85 ), - MBEDTLS_BYTES_TO_T_UINT_2( 0xC6, 0x00 ), + MBEDTLS_BYTES_TO_T_UINT_8(0x66, 0xBD, 0xE5, 0xC2, 0x31, 0x7E, 0x7E, 0xF9), + MBEDTLS_BYTES_TO_T_UINT_8(0x9B, 0x42, 0x6A, 0x85, 0xC1, 0xB3, 0x48, 0x33), + MBEDTLS_BYTES_TO_T_UINT_8(0xDE, 0xA8, 0xFF, 0xA2, 0x27, 0xC1, 0x1D, 0xFE), + MBEDTLS_BYTES_TO_T_UINT_8(0x28, 0x59, 0xE7, 0xEF, 0x77, 0x5E, 0x4B, 0xA1), + MBEDTLS_BYTES_TO_T_UINT_8(0xBA, 0x3D, 0x4D, 0x6B, 0x60, 0xAF, 0x28, 0xF8), + MBEDTLS_BYTES_TO_T_UINT_8(0x21, 0xB5, 0x3F, 0x05, 0x39, 0x81, 0x64, 0x9C), + MBEDTLS_BYTES_TO_T_UINT_8(0x42, 0xB4, 0x95, 0x23, 0x66, 0xCB, 0x3E, 0x9E), + MBEDTLS_BYTES_TO_T_UINT_8(0xCD, 0xE9, 0x04, 0x04, 0xB7, 0x06, 0x8E, 0x85), + MBEDTLS_BYTES_TO_T_UINT_2(0xC6, 0x00), }; static const mbedtls_mpi_uint secp521r1_gy[] = { - MBEDTLS_BYTES_TO_T_UINT_8( 0x50, 0x66, 0xD1, 0x9F, 0x76, 0x94, 0xBE, 0x88 ), - MBEDTLS_BYTES_TO_T_UINT_8( 0x40, 0xC2, 0x72, 0xA2, 0x86, 0x70, 0x3C, 0x35 ), - MBEDTLS_BYTES_TO_T_UINT_8( 0x61, 0x07, 0xAD, 0x3F, 0x01, 0xB9, 0x50, 0xC5 ), - MBEDTLS_BYTES_TO_T_UINT_8( 0x40, 0x26, 0xF4, 0x5E, 0x99, 0x72, 0xEE, 0x97 ), - MBEDTLS_BYTES_TO_T_UINT_8( 0x2C, 0x66, 0x3E, 0x27, 0x17, 0xBD, 0xAF, 0x17 ), - MBEDTLS_BYTES_TO_T_UINT_8( 0x68, 0x44, 0x9B, 0x57, 0x49, 0x44, 0xF5, 0x98 ), - MBEDTLS_BYTES_TO_T_UINT_8( 0xD9, 0x1B, 0x7D, 0x2C, 0xB4, 0x5F, 0x8A, 0x5C ), - MBEDTLS_BYTES_TO_T_UINT_8( 0x04, 0xC0, 0x3B, 0x9A, 0x78, 0x6A, 0x29, 0x39 ), - MBEDTLS_BYTES_TO_T_UINT_2( 0x18, 0x01 ), + MBEDTLS_BYTES_TO_T_UINT_8(0x50, 0x66, 0xD1, 0x9F, 0x76, 0x94, 0xBE, 0x88), + MBEDTLS_BYTES_TO_T_UINT_8(0x40, 0xC2, 0x72, 0xA2, 0x86, 0x70, 0x3C, 0x35), + MBEDTLS_BYTES_TO_T_UINT_8(0x61, 0x07, 0xAD, 0x3F, 0x01, 0xB9, 0x50, 0xC5), + MBEDTLS_BYTES_TO_T_UINT_8(0x40, 0x26, 0xF4, 0x5E, 0x99, 0x72, 0xEE, 0x97), + MBEDTLS_BYTES_TO_T_UINT_8(0x2C, 0x66, 0x3E, 0x27, 0x17, 0xBD, 0xAF, 0x17), + MBEDTLS_BYTES_TO_T_UINT_8(0x68, 0x44, 0x9B, 0x57, 0x49, 0x44, 0xF5, 0x98), + MBEDTLS_BYTES_TO_T_UINT_8(0xD9, 0x1B, 0x7D, 0x2C, 0xB4, 0x5F, 0x8A, 0x5C), + MBEDTLS_BYTES_TO_T_UINT_8(0x04, 0xC0, 0x3B, 0x9A, 0x78, 0x6A, 0x29, 0x39), + MBEDTLS_BYTES_TO_T_UINT_2(0x18, 0x01), }; static const mbedtls_mpi_uint secp521r1_n[] = { - MBEDTLS_BYTES_TO_T_UINT_8( 0x09, 0x64, 0x38, 0x91, 0x1E, 0xB7, 0x6F, 0xBB ), - MBEDTLS_BYTES_TO_T_UINT_8( 0xAE, 0x47, 0x9C, 0x89, 0xB8, 0xC9, 0xB5, 0x3B ), - MBEDTLS_BYTES_TO_T_UINT_8( 0xD0, 0xA5, 0x09, 0xF7, 0x48, 0x01, 0xCC, 0x7F ), - MBEDTLS_BYTES_TO_T_UINT_8( 0x6B, 0x96, 0x2F, 0xBF, 0x83, 0x87, 0x86, 0x51 ), - MBEDTLS_BYTES_TO_T_UINT_8( 0xFA, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ), - MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ), - MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ), - MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ), - MBEDTLS_BYTES_TO_T_UINT_2( 0xFF, 0x01 ), + MBEDTLS_BYTES_TO_T_UINT_8(0x09, 0x64, 0x38, 0x91, 0x1E, 0xB7, 0x6F, 0xBB), + MBEDTLS_BYTES_TO_T_UINT_8(0xAE, 0x47, 0x9C, 0x89, 0xB8, 0xC9, 0xB5, 0x3B), + MBEDTLS_BYTES_TO_T_UINT_8(0xD0, 0xA5, 0x09, 0xF7, 0x48, 0x01, 0xCC, 0x7F), + MBEDTLS_BYTES_TO_T_UINT_8(0x6B, 0x96, 0x2F, 0xBF, 0x83, 0x87, 0x86, 0x51), + MBEDTLS_BYTES_TO_T_UINT_8(0xFA, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), + MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), + MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), + MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), + MBEDTLS_BYTES_TO_T_UINT_2(0xFF, 0x01), }; #endif /* MBEDTLS_ECP_DP_SECP521R1_ENABLED */ #if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) static const mbedtls_mpi_uint secp192k1_p[] = { - MBEDTLS_BYTES_TO_T_UINT_8( 0x37, 0xEE, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF ), - MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ), - MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ), + MBEDTLS_BYTES_TO_T_UINT_8(0x37, 0xEE, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF), + MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), + MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), }; static const mbedtls_mpi_uint secp192k1_a[] = { - MBEDTLS_BYTES_TO_T_UINT_2( 0x00, 0x00 ), + MBEDTLS_BYTES_TO_T_UINT_2(0x00, 0x00), }; static const mbedtls_mpi_uint secp192k1_b[] = { - MBEDTLS_BYTES_TO_T_UINT_2( 0x03, 0x00 ), + MBEDTLS_BYTES_TO_T_UINT_2(0x03, 0x00), }; static const mbedtls_mpi_uint secp192k1_gx[] = { - MBEDTLS_BYTES_TO_T_UINT_8( 0x7D, 0x6C, 0xE0, 0xEA, 0xB1, 0xD1, 0xA5, 0x1D ), - MBEDTLS_BYTES_TO_T_UINT_8( 0x34, 0xF4, 0xB7, 0x80, 0x02, 0x7D, 0xB0, 0x26 ), - MBEDTLS_BYTES_TO_T_UINT_8( 0xAE, 0xE9, 0x57, 0xC0, 0x0E, 0xF1, 0x4F, 0xDB ), + MBEDTLS_BYTES_TO_T_UINT_8(0x7D, 0x6C, 0xE0, 0xEA, 0xB1, 0xD1, 0xA5, 0x1D), + MBEDTLS_BYTES_TO_T_UINT_8(0x34, 0xF4, 0xB7, 0x80, 0x02, 0x7D, 0xB0, 0x26), + MBEDTLS_BYTES_TO_T_UINT_8(0xAE, 0xE9, 0x57, 0xC0, 0x0E, 0xF1, 0x4F, 0xDB), }; static const mbedtls_mpi_uint secp192k1_gy[] = { - MBEDTLS_BYTES_TO_T_UINT_8( 0x9D, 0x2F, 0x5E, 0xD9, 0x88, 0xAA, 0x82, 0x40 ), - MBEDTLS_BYTES_TO_T_UINT_8( 0x34, 0x86, 0xBE, 0x15, 0xD0, 0x63, 0x41, 0x84 ), - MBEDTLS_BYTES_TO_T_UINT_8( 0xA7, 0x28, 0x56, 0x9C, 0x6D, 0x2F, 0x2F, 0x9B ), + MBEDTLS_BYTES_TO_T_UINT_8(0x9D, 0x2F, 0x5E, 0xD9, 0x88, 0xAA, 0x82, 0x40), + MBEDTLS_BYTES_TO_T_UINT_8(0x34, 0x86, 0xBE, 0x15, 0xD0, 0x63, 0x41, 0x84), + MBEDTLS_BYTES_TO_T_UINT_8(0xA7, 0x28, 0x56, 0x9C, 0x6D, 0x2F, 0x2F, 0x9B), }; static const mbedtls_mpi_uint secp192k1_n[] = { - MBEDTLS_BYTES_TO_T_UINT_8( 0x8D, 0xFD, 0xDE, 0x74, 0x6A, 0x46, 0x69, 0x0F ), - MBEDTLS_BYTES_TO_T_UINT_8( 0x17, 0xFC, 0xF2, 0x26, 0xFE, 0xFF, 0xFF, 0xFF ), - MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ), + MBEDTLS_BYTES_TO_T_UINT_8(0x8D, 0xFD, 0xDE, 0x74, 0x6A, 0x46, 0x69, 0x0F), + MBEDTLS_BYTES_TO_T_UINT_8(0x17, 0xFC, 0xF2, 0x26, 0xFE, 0xFF, 0xFF, 0xFF), + MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), }; #endif /* MBEDTLS_ECP_DP_SECP192K1_ENABLED */ #if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) static const mbedtls_mpi_uint secp224k1_p[] = { - MBEDTLS_BYTES_TO_T_UINT_8( 0x6D, 0xE5, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF ), - MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ), - MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ), - MBEDTLS_BYTES_TO_T_UINT_4( 0xFF, 0xFF, 0xFF, 0xFF ), + MBEDTLS_BYTES_TO_T_UINT_8(0x6D, 0xE5, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF), + MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), + MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), + MBEDTLS_BYTES_TO_T_UINT_4(0xFF, 0xFF, 0xFF, 0xFF), }; static const mbedtls_mpi_uint secp224k1_a[] = { - MBEDTLS_BYTES_TO_T_UINT_2( 0x00, 0x00 ), + MBEDTLS_BYTES_TO_T_UINT_2(0x00, 0x00), }; static const mbedtls_mpi_uint secp224k1_b[] = { - MBEDTLS_BYTES_TO_T_UINT_2( 0x05, 0x00 ), + MBEDTLS_BYTES_TO_T_UINT_2(0x05, 0x00), }; static const mbedtls_mpi_uint secp224k1_gx[] = { - MBEDTLS_BYTES_TO_T_UINT_8( 0x5C, 0xA4, 0xB7, 0xB6, 0x0E, 0x65, 0x7E, 0x0F ), - MBEDTLS_BYTES_TO_T_UINT_8( 0xA9, 0x75, 0x70, 0xE4, 0xE9, 0x67, 0xA4, 0x69 ), - MBEDTLS_BYTES_TO_T_UINT_8( 0xA1, 0x28, 0xFC, 0x30, 0xDF, 0x99, 0xF0, 0x4D ), - MBEDTLS_BYTES_TO_T_UINT_4( 0x33, 0x5B, 0x45, 0xA1 ), + MBEDTLS_BYTES_TO_T_UINT_8(0x5C, 0xA4, 0xB7, 0xB6, 0x0E, 0x65, 0x7E, 0x0F), + MBEDTLS_BYTES_TO_T_UINT_8(0xA9, 0x75, 0x70, 0xE4, 0xE9, 0x67, 0xA4, 0x69), + MBEDTLS_BYTES_TO_T_UINT_8(0xA1, 0x28, 0xFC, 0x30, 0xDF, 0x99, 0xF0, 0x4D), + MBEDTLS_BYTES_TO_T_UINT_4(0x33, 0x5B, 0x45, 0xA1), }; static const mbedtls_mpi_uint secp224k1_gy[] = { - MBEDTLS_BYTES_TO_T_UINT_8( 0xA5, 0x61, 0x6D, 0x55, 0xDB, 0x4B, 0xCA, 0xE2 ), - MBEDTLS_BYTES_TO_T_UINT_8( 0x59, 0xBD, 0xB0, 0xC0, 0xF7, 0x19, 0xE3, 0xF7 ), - MBEDTLS_BYTES_TO_T_UINT_8( 0xD6, 0xFB, 0xCA, 0x82, 0x42, 0x34, 0xBA, 0x7F ), - MBEDTLS_BYTES_TO_T_UINT_4( 0xED, 0x9F, 0x08, 0x7E ), + MBEDTLS_BYTES_TO_T_UINT_8(0xA5, 0x61, 0x6D, 0x55, 0xDB, 0x4B, 0xCA, 0xE2), + MBEDTLS_BYTES_TO_T_UINT_8(0x59, 0xBD, 0xB0, 0xC0, 0xF7, 0x19, 0xE3, 0xF7), + MBEDTLS_BYTES_TO_T_UINT_8(0xD6, 0xFB, 0xCA, 0x82, 0x42, 0x34, 0xBA, 0x7F), + MBEDTLS_BYTES_TO_T_UINT_4(0xED, 0x9F, 0x08, 0x7E), }; static const mbedtls_mpi_uint secp224k1_n[] = { - MBEDTLS_BYTES_TO_T_UINT_8( 0xF7, 0xB1, 0x9F, 0x76, 0x71, 0xA9, 0xF0, 0xCA ), - MBEDTLS_BYTES_TO_T_UINT_8( 0x84, 0x61, 0xEC, 0xD2, 0xE8, 0xDC, 0x01, 0x00 ), - MBEDTLS_BYTES_TO_T_UINT_8( 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ), - MBEDTLS_BYTES_TO_T_UINT_8( 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00 ), + MBEDTLS_BYTES_TO_T_UINT_8(0xF7, 0xB1, 0x9F, 0x76, 0x71, 0xA9, 0xF0, 0xCA), + MBEDTLS_BYTES_TO_T_UINT_8(0x84, 0x61, 0xEC, 0xD2, 0xE8, 0xDC, 0x01, 0x00), + MBEDTLS_BYTES_TO_T_UINT_8(0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00), + MBEDTLS_BYTES_TO_T_UINT_8(0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00), }; #endif /* MBEDTLS_ECP_DP_SECP224K1_ENABLED */ #if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) static const mbedtls_mpi_uint secp256k1_p[] = { - MBEDTLS_BYTES_TO_T_UINT_8( 0x2F, 0xFC, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF ), - MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ), - MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ), - MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ), + MBEDTLS_BYTES_TO_T_UINT_8(0x2F, 0xFC, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF), + MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), + MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), + MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), }; static const mbedtls_mpi_uint secp256k1_a[] = { - MBEDTLS_BYTES_TO_T_UINT_2( 0x00, 0x00 ), + MBEDTLS_BYTES_TO_T_UINT_2(0x00, 0x00), }; static const mbedtls_mpi_uint secp256k1_b[] = { - MBEDTLS_BYTES_TO_T_UINT_2( 0x07, 0x00 ), + MBEDTLS_BYTES_TO_T_UINT_2(0x07, 0x00), }; static const mbedtls_mpi_uint secp256k1_gx[] = { - MBEDTLS_BYTES_TO_T_UINT_8( 0x98, 0x17, 0xF8, 0x16, 0x5B, 0x81, 0xF2, 0x59 ), - MBEDTLS_BYTES_TO_T_UINT_8( 0xD9, 0x28, 0xCE, 0x2D, 0xDB, 0xFC, 0x9B, 0x02 ), - MBEDTLS_BYTES_TO_T_UINT_8( 0x07, 0x0B, 0x87, 0xCE, 0x95, 0x62, 0xA0, 0x55 ), - MBEDTLS_BYTES_TO_T_UINT_8( 0xAC, 0xBB, 0xDC, 0xF9, 0x7E, 0x66, 0xBE, 0x79 ), + MBEDTLS_BYTES_TO_T_UINT_8(0x98, 0x17, 0xF8, 0x16, 0x5B, 0x81, 0xF2, 0x59), + MBEDTLS_BYTES_TO_T_UINT_8(0xD9, 0x28, 0xCE, 0x2D, 0xDB, 0xFC, 0x9B, 0x02), + MBEDTLS_BYTES_TO_T_UINT_8(0x07, 0x0B, 0x87, 0xCE, 0x95, 0x62, 0xA0, 0x55), + MBEDTLS_BYTES_TO_T_UINT_8(0xAC, 0xBB, 0xDC, 0xF9, 0x7E, 0x66, 0xBE, 0x79), }; static const mbedtls_mpi_uint secp256k1_gy[] = { - MBEDTLS_BYTES_TO_T_UINT_8( 0xB8, 0xD4, 0x10, 0xFB, 0x8F, 0xD0, 0x47, 0x9C ), - MBEDTLS_BYTES_TO_T_UINT_8( 0x19, 0x54, 0x85, 0xA6, 0x48, 0xB4, 0x17, 0xFD ), - MBEDTLS_BYTES_TO_T_UINT_8( 0xA8, 0x08, 0x11, 0x0E, 0xFC, 0xFB, 0xA4, 0x5D ), - MBEDTLS_BYTES_TO_T_UINT_8( 0x65, 0xC4, 0xA3, 0x26, 0x77, 0xDA, 0x3A, 0x48 ), + MBEDTLS_BYTES_TO_T_UINT_8(0xB8, 0xD4, 0x10, 0xFB, 0x8F, 0xD0, 0x47, 0x9C), + MBEDTLS_BYTES_TO_T_UINT_8(0x19, 0x54, 0x85, 0xA6, 0x48, 0xB4, 0x17, 0xFD), + MBEDTLS_BYTES_TO_T_UINT_8(0xA8, 0x08, 0x11, 0x0E, 0xFC, 0xFB, 0xA4, 0x5D), + MBEDTLS_BYTES_TO_T_UINT_8(0x65, 0xC4, 0xA3, 0x26, 0x77, 0xDA, 0x3A, 0x48), }; static const mbedtls_mpi_uint secp256k1_n[] = { - MBEDTLS_BYTES_TO_T_UINT_8( 0x41, 0x41, 0x36, 0xD0, 0x8C, 0x5E, 0xD2, 0xBF ), - MBEDTLS_BYTES_TO_T_UINT_8( 0x3B, 0xA0, 0x48, 0xAF, 0xE6, 0xDC, 0xAE, 0xBA ), - MBEDTLS_BYTES_TO_T_UINT_8( 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ), - MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ), + MBEDTLS_BYTES_TO_T_UINT_8(0x41, 0x41, 0x36, 0xD0, 0x8C, 0x5E, 0xD2, 0xBF), + MBEDTLS_BYTES_TO_T_UINT_8(0x3B, 0xA0, 0x48, 0xAF, 0xE6, 0xDC, 0xAE, 0xBA), + MBEDTLS_BYTES_TO_T_UINT_8(0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), + MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), }; #endif /* MBEDTLS_ECP_DP_SECP256K1_ENABLED */ @@ -358,40 +358,40 @@ static const mbedtls_mpi_uint secp256k1_n[] = { */ #if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED) static const mbedtls_mpi_uint brainpoolP256r1_p[] = { - MBEDTLS_BYTES_TO_T_UINT_8( 0x77, 0x53, 0x6E, 0x1F, 0x1D, 0x48, 0x13, 0x20 ), - MBEDTLS_BYTES_TO_T_UINT_8( 0x28, 0x20, 0x26, 0xD5, 0x23, 0xF6, 0x3B, 0x6E ), - MBEDTLS_BYTES_TO_T_UINT_8( 0x72, 0x8D, 0x83, 0x9D, 0x90, 0x0A, 0x66, 0x3E ), - MBEDTLS_BYTES_TO_T_UINT_8( 0xBC, 0xA9, 0xEE, 0xA1, 0xDB, 0x57, 0xFB, 0xA9 ), + MBEDTLS_BYTES_TO_T_UINT_8(0x77, 0x53, 0x6E, 0x1F, 0x1D, 0x48, 0x13, 0x20), + MBEDTLS_BYTES_TO_T_UINT_8(0x28, 0x20, 0x26, 0xD5, 0x23, 0xF6, 0x3B, 0x6E), + MBEDTLS_BYTES_TO_T_UINT_8(0x72, 0x8D, 0x83, 0x9D, 0x90, 0x0A, 0x66, 0x3E), + MBEDTLS_BYTES_TO_T_UINT_8(0xBC, 0xA9, 0xEE, 0xA1, 0xDB, 0x57, 0xFB, 0xA9), }; static const mbedtls_mpi_uint brainpoolP256r1_a[] = { - MBEDTLS_BYTES_TO_T_UINT_8( 0xD9, 0xB5, 0x30, 0xF3, 0x44, 0x4B, 0x4A, 0xE9 ), - MBEDTLS_BYTES_TO_T_UINT_8( 0x6C, 0x5C, 0xDC, 0x26, 0xC1, 0x55, 0x80, 0xFB ), - MBEDTLS_BYTES_TO_T_UINT_8( 0xE7, 0xFF, 0x7A, 0x41, 0x30, 0x75, 0xF6, 0xEE ), - MBEDTLS_BYTES_TO_T_UINT_8( 0x57, 0x30, 0x2C, 0xFC, 0x75, 0x09, 0x5A, 0x7D ), + MBEDTLS_BYTES_TO_T_UINT_8(0xD9, 0xB5, 0x30, 0xF3, 0x44, 0x4B, 0x4A, 0xE9), + MBEDTLS_BYTES_TO_T_UINT_8(0x6C, 0x5C, 0xDC, 0x26, 0xC1, 0x55, 0x80, 0xFB), + MBEDTLS_BYTES_TO_T_UINT_8(0xE7, 0xFF, 0x7A, 0x41, 0x30, 0x75, 0xF6, 0xEE), + MBEDTLS_BYTES_TO_T_UINT_8(0x57, 0x30, 0x2C, 0xFC, 0x75, 0x09, 0x5A, 0x7D), }; static const mbedtls_mpi_uint brainpoolP256r1_b[] = { - MBEDTLS_BYTES_TO_T_UINT_8( 0xB6, 0x07, 0x8C, 0xFF, 0x18, 0xDC, 0xCC, 0x6B ), - MBEDTLS_BYTES_TO_T_UINT_8( 0xCE, 0xE1, 0xF7, 0x5C, 0x29, 0x16, 0x84, 0x95 ), - MBEDTLS_BYTES_TO_T_UINT_8( 0xBF, 0x7C, 0xD7, 0xBB, 0xD9, 0xB5, 0x30, 0xF3 ), - MBEDTLS_BYTES_TO_T_UINT_8( 0x44, 0x4B, 0x4A, 0xE9, 0x6C, 0x5C, 0xDC, 0x26 ), + MBEDTLS_BYTES_TO_T_UINT_8(0xB6, 0x07, 0x8C, 0xFF, 0x18, 0xDC, 0xCC, 0x6B), + MBEDTLS_BYTES_TO_T_UINT_8(0xCE, 0xE1, 0xF7, 0x5C, 0x29, 0x16, 0x84, 0x95), + MBEDTLS_BYTES_TO_T_UINT_8(0xBF, 0x7C, 0xD7, 0xBB, 0xD9, 0xB5, 0x30, 0xF3), + MBEDTLS_BYTES_TO_T_UINT_8(0x44, 0x4B, 0x4A, 0xE9, 0x6C, 0x5C, 0xDC, 0x26), }; static const mbedtls_mpi_uint brainpoolP256r1_gx[] = { - MBEDTLS_BYTES_TO_T_UINT_8( 0x62, 0x32, 0xCE, 0x9A, 0xBD, 0x53, 0x44, 0x3A ), - MBEDTLS_BYTES_TO_T_UINT_8( 0xC2, 0x23, 0xBD, 0xE3, 0xE1, 0x27, 0xDE, 0xB9 ), - MBEDTLS_BYTES_TO_T_UINT_8( 0xAF, 0xB7, 0x81, 0xFC, 0x2F, 0x48, 0x4B, 0x2C ), - MBEDTLS_BYTES_TO_T_UINT_8( 0xCB, 0x57, 0x7E, 0xCB, 0xB9, 0xAE, 0xD2, 0x8B ), + MBEDTLS_BYTES_TO_T_UINT_8(0x62, 0x32, 0xCE, 0x9A, 0xBD, 0x53, 0x44, 0x3A), + MBEDTLS_BYTES_TO_T_UINT_8(0xC2, 0x23, 0xBD, 0xE3, 0xE1, 0x27, 0xDE, 0xB9), + MBEDTLS_BYTES_TO_T_UINT_8(0xAF, 0xB7, 0x81, 0xFC, 0x2F, 0x48, 0x4B, 0x2C), + MBEDTLS_BYTES_TO_T_UINT_8(0xCB, 0x57, 0x7E, 0xCB, 0xB9, 0xAE, 0xD2, 0x8B), }; static const mbedtls_mpi_uint brainpoolP256r1_gy[] = { - MBEDTLS_BYTES_TO_T_UINT_8( 0x97, 0x69, 0x04, 0x2F, 0xC7, 0x54, 0x1D, 0x5C ), - MBEDTLS_BYTES_TO_T_UINT_8( 0x54, 0x8E, 0xED, 0x2D, 0x13, 0x45, 0x77, 0xC2 ), - MBEDTLS_BYTES_TO_T_UINT_8( 0xC9, 0x1D, 0x61, 0x14, 0x1A, 0x46, 0xF8, 0x97 ), - MBEDTLS_BYTES_TO_T_UINT_8( 0xFD, 0xC4, 0xDA, 0xC3, 0x35, 0xF8, 0x7E, 0x54 ), + MBEDTLS_BYTES_TO_T_UINT_8(0x97, 0x69, 0x04, 0x2F, 0xC7, 0x54, 0x1D, 0x5C), + MBEDTLS_BYTES_TO_T_UINT_8(0x54, 0x8E, 0xED, 0x2D, 0x13, 0x45, 0x77, 0xC2), + MBEDTLS_BYTES_TO_T_UINT_8(0xC9, 0x1D, 0x61, 0x14, 0x1A, 0x46, 0xF8, 0x97), + MBEDTLS_BYTES_TO_T_UINT_8(0xFD, 0xC4, 0xDA, 0xC3, 0x35, 0xF8, 0x7E, 0x54), }; static const mbedtls_mpi_uint brainpoolP256r1_n[] = { - MBEDTLS_BYTES_TO_T_UINT_8( 0xA7, 0x56, 0x48, 0x97, 0x82, 0x0E, 0x1E, 0x90 ), - MBEDTLS_BYTES_TO_T_UINT_8( 0xF7, 0xA6, 0x61, 0xB5, 0xA3, 0x7A, 0x39, 0x8C ), - MBEDTLS_BYTES_TO_T_UINT_8( 0x71, 0x8D, 0x83, 0x9D, 0x90, 0x0A, 0x66, 0x3E ), - MBEDTLS_BYTES_TO_T_UINT_8( 0xBC, 0xA9, 0xEE, 0xA1, 0xDB, 0x57, 0xFB, 0xA9 ), + MBEDTLS_BYTES_TO_T_UINT_8(0xA7, 0x56, 0x48, 0x97, 0x82, 0x0E, 0x1E, 0x90), + MBEDTLS_BYTES_TO_T_UINT_8(0xF7, 0xA6, 0x61, 0xB5, 0xA3, 0x7A, 0x39, 0x8C), + MBEDTLS_BYTES_TO_T_UINT_8(0x71, 0x8D, 0x83, 0x9D, 0x90, 0x0A, 0x66, 0x3E), + MBEDTLS_BYTES_TO_T_UINT_8(0xBC, 0xA9, 0xEE, 0xA1, 0xDB, 0x57, 0xFB, 0xA9), }; #endif /* MBEDTLS_ECP_DP_BP256R1_ENABLED */ @@ -400,52 +400,52 @@ static const mbedtls_mpi_uint brainpoolP256r1_n[] = { */ #if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED) static const mbedtls_mpi_uint brainpoolP384r1_p[] = { - MBEDTLS_BYTES_TO_T_UINT_8( 0x53, 0xEC, 0x07, 0x31, 0x13, 0x00, 0x47, 0x87 ), - MBEDTLS_BYTES_TO_T_UINT_8( 0x71, 0x1A, 0x1D, 0x90, 0x29, 0xA7, 0xD3, 0xAC ), - MBEDTLS_BYTES_TO_T_UINT_8( 0x23, 0x11, 0xB7, 0x7F, 0x19, 0xDA, 0xB1, 0x12 ), - MBEDTLS_BYTES_TO_T_UINT_8( 0xB4, 0x56, 0x54, 0xED, 0x09, 0x71, 0x2F, 0x15 ), - MBEDTLS_BYTES_TO_T_UINT_8( 0xDF, 0x41, 0xE6, 0x50, 0x7E, 0x6F, 0x5D, 0x0F ), - MBEDTLS_BYTES_TO_T_UINT_8( 0x28, 0x6D, 0x38, 0xA3, 0x82, 0x1E, 0xB9, 0x8C ), + MBEDTLS_BYTES_TO_T_UINT_8(0x53, 0xEC, 0x07, 0x31, 0x13, 0x00, 0x47, 0x87), + MBEDTLS_BYTES_TO_T_UINT_8(0x71, 0x1A, 0x1D, 0x90, 0x29, 0xA7, 0xD3, 0xAC), + MBEDTLS_BYTES_TO_T_UINT_8(0x23, 0x11, 0xB7, 0x7F, 0x19, 0xDA, 0xB1, 0x12), + MBEDTLS_BYTES_TO_T_UINT_8(0xB4, 0x56, 0x54, 0xED, 0x09, 0x71, 0x2F, 0x15), + MBEDTLS_BYTES_TO_T_UINT_8(0xDF, 0x41, 0xE6, 0x50, 0x7E, 0x6F, 0x5D, 0x0F), + MBEDTLS_BYTES_TO_T_UINT_8(0x28, 0x6D, 0x38, 0xA3, 0x82, 0x1E, 0xB9, 0x8C), }; static const mbedtls_mpi_uint brainpoolP384r1_a[] = { - MBEDTLS_BYTES_TO_T_UINT_8( 0x26, 0x28, 0xCE, 0x22, 0xDD, 0xC7, 0xA8, 0x04 ), - MBEDTLS_BYTES_TO_T_UINT_8( 0xEB, 0xD4, 0x3A, 0x50, 0x4A, 0x81, 0xA5, 0x8A ), - MBEDTLS_BYTES_TO_T_UINT_8( 0x0F, 0xF9, 0x91, 0xBA, 0xEF, 0x65, 0x91, 0x13 ), - MBEDTLS_BYTES_TO_T_UINT_8( 0x87, 0x27, 0xB2, 0x4F, 0x8E, 0xA2, 0xBE, 0xC2 ), - MBEDTLS_BYTES_TO_T_UINT_8( 0xA0, 0xAF, 0x05, 0xCE, 0x0A, 0x08, 0x72, 0x3C ), - MBEDTLS_BYTES_TO_T_UINT_8( 0x0C, 0x15, 0x8C, 0x3D, 0xC6, 0x82, 0xC3, 0x7B ), + MBEDTLS_BYTES_TO_T_UINT_8(0x26, 0x28, 0xCE, 0x22, 0xDD, 0xC7, 0xA8, 0x04), + MBEDTLS_BYTES_TO_T_UINT_8(0xEB, 0xD4, 0x3A, 0x50, 0x4A, 0x81, 0xA5, 0x8A), + MBEDTLS_BYTES_TO_T_UINT_8(0x0F, 0xF9, 0x91, 0xBA, 0xEF, 0x65, 0x91, 0x13), + MBEDTLS_BYTES_TO_T_UINT_8(0x87, 0x27, 0xB2, 0x4F, 0x8E, 0xA2, 0xBE, 0xC2), + MBEDTLS_BYTES_TO_T_UINT_8(0xA0, 0xAF, 0x05, 0xCE, 0x0A, 0x08, 0x72, 0x3C), + MBEDTLS_BYTES_TO_T_UINT_8(0x0C, 0x15, 0x8C, 0x3D, 0xC6, 0x82, 0xC3, 0x7B), }; static const mbedtls_mpi_uint brainpoolP384r1_b[] = { - MBEDTLS_BYTES_TO_T_UINT_8( 0x11, 0x4C, 0x50, 0xFA, 0x96, 0x86, 0xB7, 0x3A ), - MBEDTLS_BYTES_TO_T_UINT_8( 0x94, 0xC9, 0xDB, 0x95, 0x02, 0x39, 0xB4, 0x7C ), - MBEDTLS_BYTES_TO_T_UINT_8( 0xD5, 0x62, 0xEB, 0x3E, 0xA5, 0x0E, 0x88, 0x2E ), - MBEDTLS_BYTES_TO_T_UINT_8( 0xA6, 0xD2, 0xDC, 0x07, 0xE1, 0x7D, 0xB7, 0x2F ), - MBEDTLS_BYTES_TO_T_UINT_8( 0x7C, 0x44, 0xF0, 0x16, 0x54, 0xB5, 0x39, 0x8B ), - MBEDTLS_BYTES_TO_T_UINT_8( 0x26, 0x28, 0xCE, 0x22, 0xDD, 0xC7, 0xA8, 0x04 ), + MBEDTLS_BYTES_TO_T_UINT_8(0x11, 0x4C, 0x50, 0xFA, 0x96, 0x86, 0xB7, 0x3A), + MBEDTLS_BYTES_TO_T_UINT_8(0x94, 0xC9, 0xDB, 0x95, 0x02, 0x39, 0xB4, 0x7C), + MBEDTLS_BYTES_TO_T_UINT_8(0xD5, 0x62, 0xEB, 0x3E, 0xA5, 0x0E, 0x88, 0x2E), + MBEDTLS_BYTES_TO_T_UINT_8(0xA6, 0xD2, 0xDC, 0x07, 0xE1, 0x7D, 0xB7, 0x2F), + MBEDTLS_BYTES_TO_T_UINT_8(0x7C, 0x44, 0xF0, 0x16, 0x54, 0xB5, 0x39, 0x8B), + MBEDTLS_BYTES_TO_T_UINT_8(0x26, 0x28, 0xCE, 0x22, 0xDD, 0xC7, 0xA8, 0x04), }; static const mbedtls_mpi_uint brainpoolP384r1_gx[] = { - MBEDTLS_BYTES_TO_T_UINT_8( 0x1E, 0xAF, 0xD4, 0x47, 0xE2, 0xB2, 0x87, 0xEF ), - MBEDTLS_BYTES_TO_T_UINT_8( 0xAA, 0x46, 0xD6, 0x36, 0x34, 0xE0, 0x26, 0xE8 ), - MBEDTLS_BYTES_TO_T_UINT_8( 0xE8, 0x10, 0xBD, 0x0C, 0xFE, 0xCA, 0x7F, 0xDB ), - MBEDTLS_BYTES_TO_T_UINT_8( 0xE3, 0x4F, 0xF1, 0x7E, 0xE7, 0xA3, 0x47, 0x88 ), - MBEDTLS_BYTES_TO_T_UINT_8( 0x6B, 0x3F, 0xC1, 0xB7, 0x81, 0x3A, 0xA6, 0xA2 ), - MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0x45, 0xCF, 0x68, 0xF0, 0x64, 0x1C, 0x1D ), + MBEDTLS_BYTES_TO_T_UINT_8(0x1E, 0xAF, 0xD4, 0x47, 0xE2, 0xB2, 0x87, 0xEF), + MBEDTLS_BYTES_TO_T_UINT_8(0xAA, 0x46, 0xD6, 0x36, 0x34, 0xE0, 0x26, 0xE8), + MBEDTLS_BYTES_TO_T_UINT_8(0xE8, 0x10, 0xBD, 0x0C, 0xFE, 0xCA, 0x7F, 0xDB), + MBEDTLS_BYTES_TO_T_UINT_8(0xE3, 0x4F, 0xF1, 0x7E, 0xE7, 0xA3, 0x47, 0x88), + MBEDTLS_BYTES_TO_T_UINT_8(0x6B, 0x3F, 0xC1, 0xB7, 0x81, 0x3A, 0xA6, 0xA2), + MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0x45, 0xCF, 0x68, 0xF0, 0x64, 0x1C, 0x1D), }; static const mbedtls_mpi_uint brainpoolP384r1_gy[] = { - MBEDTLS_BYTES_TO_T_UINT_8( 0x15, 0x53, 0x3C, 0x26, 0x41, 0x03, 0x82, 0x42 ), - MBEDTLS_BYTES_TO_T_UINT_8( 0x11, 0x81, 0x91, 0x77, 0x21, 0x46, 0x46, 0x0E ), - MBEDTLS_BYTES_TO_T_UINT_8( 0x28, 0x29, 0x91, 0xF9, 0x4F, 0x05, 0x9C, 0xE1 ), - MBEDTLS_BYTES_TO_T_UINT_8( 0x64, 0x58, 0xEC, 0xFE, 0x29, 0x0B, 0xB7, 0x62 ), - MBEDTLS_BYTES_TO_T_UINT_8( 0x52, 0xD5, 0xCF, 0x95, 0x8E, 0xEB, 0xB1, 0x5C ), - MBEDTLS_BYTES_TO_T_UINT_8( 0xA4, 0xC2, 0xF9, 0x20, 0x75, 0x1D, 0xBE, 0x8A ), + MBEDTLS_BYTES_TO_T_UINT_8(0x15, 0x53, 0x3C, 0x26, 0x41, 0x03, 0x82, 0x42), + MBEDTLS_BYTES_TO_T_UINT_8(0x11, 0x81, 0x91, 0x77, 0x21, 0x46, 0x46, 0x0E), + MBEDTLS_BYTES_TO_T_UINT_8(0x28, 0x29, 0x91, 0xF9, 0x4F, 0x05, 0x9C, 0xE1), + MBEDTLS_BYTES_TO_T_UINT_8(0x64, 0x58, 0xEC, 0xFE, 0x29, 0x0B, 0xB7, 0x62), + MBEDTLS_BYTES_TO_T_UINT_8(0x52, 0xD5, 0xCF, 0x95, 0x8E, 0xEB, 0xB1, 0x5C), + MBEDTLS_BYTES_TO_T_UINT_8(0xA4, 0xC2, 0xF9, 0x20, 0x75, 0x1D, 0xBE, 0x8A), }; static const mbedtls_mpi_uint brainpoolP384r1_n[] = { - MBEDTLS_BYTES_TO_T_UINT_8( 0x65, 0x65, 0x04, 0xE9, 0x02, 0x32, 0x88, 0x3B ), - MBEDTLS_BYTES_TO_T_UINT_8( 0x10, 0xC3, 0x7F, 0x6B, 0xAF, 0xB6, 0x3A, 0xCF ), - MBEDTLS_BYTES_TO_T_UINT_8( 0xA7, 0x25, 0x04, 0xAC, 0x6C, 0x6E, 0x16, 0x1F ), - MBEDTLS_BYTES_TO_T_UINT_8( 0xB3, 0x56, 0x54, 0xED, 0x09, 0x71, 0x2F, 0x15 ), - MBEDTLS_BYTES_TO_T_UINT_8( 0xDF, 0x41, 0xE6, 0x50, 0x7E, 0x6F, 0x5D, 0x0F ), - MBEDTLS_BYTES_TO_T_UINT_8( 0x28, 0x6D, 0x38, 0xA3, 0x82, 0x1E, 0xB9, 0x8C ), + MBEDTLS_BYTES_TO_T_UINT_8(0x65, 0x65, 0x04, 0xE9, 0x02, 0x32, 0x88, 0x3B), + MBEDTLS_BYTES_TO_T_UINT_8(0x10, 0xC3, 0x7F, 0x6B, 0xAF, 0xB6, 0x3A, 0xCF), + MBEDTLS_BYTES_TO_T_UINT_8(0xA7, 0x25, 0x04, 0xAC, 0x6C, 0x6E, 0x16, 0x1F), + MBEDTLS_BYTES_TO_T_UINT_8(0xB3, 0x56, 0x54, 0xED, 0x09, 0x71, 0x2F, 0x15), + MBEDTLS_BYTES_TO_T_UINT_8(0xDF, 0x41, 0xE6, 0x50, 0x7E, 0x6F, 0x5D, 0x0F), + MBEDTLS_BYTES_TO_T_UINT_8(0x28, 0x6D, 0x38, 0xA3, 0x82, 0x1E, 0xB9, 0x8C), }; #endif /* MBEDTLS_ECP_DP_BP384R1_ENABLED */ @@ -454,64 +454,64 @@ static const mbedtls_mpi_uint brainpoolP384r1_n[] = { */ #if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED) static const mbedtls_mpi_uint brainpoolP512r1_p[] = { - MBEDTLS_BYTES_TO_T_UINT_8( 0xF3, 0x48, 0x3A, 0x58, 0x56, 0x60, 0xAA, 0x28 ), - MBEDTLS_BYTES_TO_T_UINT_8( 0x85, 0xC6, 0x82, 0x2D, 0x2F, 0xFF, 0x81, 0x28 ), - MBEDTLS_BYTES_TO_T_UINT_8( 0xE6, 0x80, 0xA3, 0xE6, 0x2A, 0xA1, 0xCD, 0xAE ), - MBEDTLS_BYTES_TO_T_UINT_8( 0x42, 0x68, 0xC6, 0x9B, 0x00, 0x9B, 0x4D, 0x7D ), - MBEDTLS_BYTES_TO_T_UINT_8( 0x71, 0x08, 0x33, 0x70, 0xCA, 0x9C, 0x63, 0xD6 ), - MBEDTLS_BYTES_TO_T_UINT_8( 0x0E, 0xD2, 0xC9, 0xB3, 0xB3, 0x8D, 0x30, 0xCB ), - MBEDTLS_BYTES_TO_T_UINT_8( 0x07, 0xFC, 0xC9, 0x33, 0xAE, 0xE6, 0xD4, 0x3F ), - MBEDTLS_BYTES_TO_T_UINT_8( 0x8B, 0xC4, 0xE9, 0xDB, 0xB8, 0x9D, 0xDD, 0xAA ), + MBEDTLS_BYTES_TO_T_UINT_8(0xF3, 0x48, 0x3A, 0x58, 0x56, 0x60, 0xAA, 0x28), + MBEDTLS_BYTES_TO_T_UINT_8(0x85, 0xC6, 0x82, 0x2D, 0x2F, 0xFF, 0x81, 0x28), + MBEDTLS_BYTES_TO_T_UINT_8(0xE6, 0x80, 0xA3, 0xE6, 0x2A, 0xA1, 0xCD, 0xAE), + MBEDTLS_BYTES_TO_T_UINT_8(0x42, 0x68, 0xC6, 0x9B, 0x00, 0x9B, 0x4D, 0x7D), + MBEDTLS_BYTES_TO_T_UINT_8(0x71, 0x08, 0x33, 0x70, 0xCA, 0x9C, 0x63, 0xD6), + MBEDTLS_BYTES_TO_T_UINT_8(0x0E, 0xD2, 0xC9, 0xB3, 0xB3, 0x8D, 0x30, 0xCB), + MBEDTLS_BYTES_TO_T_UINT_8(0x07, 0xFC, 0xC9, 0x33, 0xAE, 0xE6, 0xD4, 0x3F), + MBEDTLS_BYTES_TO_T_UINT_8(0x8B, 0xC4, 0xE9, 0xDB, 0xB8, 0x9D, 0xDD, 0xAA), }; static const mbedtls_mpi_uint brainpoolP512r1_a[] = { - MBEDTLS_BYTES_TO_T_UINT_8( 0xCA, 0x94, 0xFC, 0x77, 0x4D, 0xAC, 0xC1, 0xE7 ), - MBEDTLS_BYTES_TO_T_UINT_8( 0xB9, 0xC7, 0xF2, 0x2B, 0xA7, 0x17, 0x11, 0x7F ), - MBEDTLS_BYTES_TO_T_UINT_8( 0xB5, 0xC8, 0x9A, 0x8B, 0xC9, 0xF1, 0x2E, 0x0A ), - MBEDTLS_BYTES_TO_T_UINT_8( 0xA1, 0x3A, 0x25, 0xA8, 0x5A, 0x5D, 0xED, 0x2D ), - MBEDTLS_BYTES_TO_T_UINT_8( 0xBC, 0x63, 0x98, 0xEA, 0xCA, 0x41, 0x34, 0xA8 ), - MBEDTLS_BYTES_TO_T_UINT_8( 0x10, 0x16, 0xF9, 0x3D, 0x8D, 0xDD, 0xCB, 0x94 ), - MBEDTLS_BYTES_TO_T_UINT_8( 0xC5, 0x4C, 0x23, 0xAC, 0x45, 0x71, 0x32, 0xE2 ), - MBEDTLS_BYTES_TO_T_UINT_8( 0x89, 0x3B, 0x60, 0x8B, 0x31, 0xA3, 0x30, 0x78 ), + MBEDTLS_BYTES_TO_T_UINT_8(0xCA, 0x94, 0xFC, 0x77, 0x4D, 0xAC, 0xC1, 0xE7), + MBEDTLS_BYTES_TO_T_UINT_8(0xB9, 0xC7, 0xF2, 0x2B, 0xA7, 0x17, 0x11, 0x7F), + MBEDTLS_BYTES_TO_T_UINT_8(0xB5, 0xC8, 0x9A, 0x8B, 0xC9, 0xF1, 0x2E, 0x0A), + MBEDTLS_BYTES_TO_T_UINT_8(0xA1, 0x3A, 0x25, 0xA8, 0x5A, 0x5D, 0xED, 0x2D), + MBEDTLS_BYTES_TO_T_UINT_8(0xBC, 0x63, 0x98, 0xEA, 0xCA, 0x41, 0x34, 0xA8), + MBEDTLS_BYTES_TO_T_UINT_8(0x10, 0x16, 0xF9, 0x3D, 0x8D, 0xDD, 0xCB, 0x94), + MBEDTLS_BYTES_TO_T_UINT_8(0xC5, 0x4C, 0x23, 0xAC, 0x45, 0x71, 0x32, 0xE2), + MBEDTLS_BYTES_TO_T_UINT_8(0x89, 0x3B, 0x60, 0x8B, 0x31, 0xA3, 0x30, 0x78), }; static const mbedtls_mpi_uint brainpoolP512r1_b[] = { - MBEDTLS_BYTES_TO_T_UINT_8( 0x23, 0xF7, 0x16, 0x80, 0x63, 0xBD, 0x09, 0x28 ), - MBEDTLS_BYTES_TO_T_UINT_8( 0xDD, 0xE5, 0xBA, 0x5E, 0xB7, 0x50, 0x40, 0x98 ), - MBEDTLS_BYTES_TO_T_UINT_8( 0x67, 0x3E, 0x08, 0xDC, 0xCA, 0x94, 0xFC, 0x77 ), - MBEDTLS_BYTES_TO_T_UINT_8( 0x4D, 0xAC, 0xC1, 0xE7, 0xB9, 0xC7, 0xF2, 0x2B ), - MBEDTLS_BYTES_TO_T_UINT_8( 0xA7, 0x17, 0x11, 0x7F, 0xB5, 0xC8, 0x9A, 0x8B ), - MBEDTLS_BYTES_TO_T_UINT_8( 0xC9, 0xF1, 0x2E, 0x0A, 0xA1, 0x3A, 0x25, 0xA8 ), - MBEDTLS_BYTES_TO_T_UINT_8( 0x5A, 0x5D, 0xED, 0x2D, 0xBC, 0x63, 0x98, 0xEA ), - MBEDTLS_BYTES_TO_T_UINT_8( 0xCA, 0x41, 0x34, 0xA8, 0x10, 0x16, 0xF9, 0x3D ), + MBEDTLS_BYTES_TO_T_UINT_8(0x23, 0xF7, 0x16, 0x80, 0x63, 0xBD, 0x09, 0x28), + MBEDTLS_BYTES_TO_T_UINT_8(0xDD, 0xE5, 0xBA, 0x5E, 0xB7, 0x50, 0x40, 0x98), + MBEDTLS_BYTES_TO_T_UINT_8(0x67, 0x3E, 0x08, 0xDC, 0xCA, 0x94, 0xFC, 0x77), + MBEDTLS_BYTES_TO_T_UINT_8(0x4D, 0xAC, 0xC1, 0xE7, 0xB9, 0xC7, 0xF2, 0x2B), + MBEDTLS_BYTES_TO_T_UINT_8(0xA7, 0x17, 0x11, 0x7F, 0xB5, 0xC8, 0x9A, 0x8B), + MBEDTLS_BYTES_TO_T_UINT_8(0xC9, 0xF1, 0x2E, 0x0A, 0xA1, 0x3A, 0x25, 0xA8), + MBEDTLS_BYTES_TO_T_UINT_8(0x5A, 0x5D, 0xED, 0x2D, 0xBC, 0x63, 0x98, 0xEA), + MBEDTLS_BYTES_TO_T_UINT_8(0xCA, 0x41, 0x34, 0xA8, 0x10, 0x16, 0xF9, 0x3D), }; static const mbedtls_mpi_uint brainpoolP512r1_gx[] = { - MBEDTLS_BYTES_TO_T_UINT_8( 0x22, 0xF8, 0xB9, 0xBC, 0x09, 0x22, 0x35, 0x8B ), - MBEDTLS_BYTES_TO_T_UINT_8( 0x68, 0x5E, 0x6A, 0x40, 0x47, 0x50, 0x6D, 0x7C ), - MBEDTLS_BYTES_TO_T_UINT_8( 0x5F, 0x7D, 0xB9, 0x93, 0x7B, 0x68, 0xD1, 0x50 ), - MBEDTLS_BYTES_TO_T_UINT_8( 0x8D, 0xD4, 0xD0, 0xE2, 0x78, 0x1F, 0x3B, 0xFF ), - MBEDTLS_BYTES_TO_T_UINT_8( 0x8E, 0x09, 0xD0, 0xF4, 0xEE, 0x62, 0x3B, 0xB4 ), - MBEDTLS_BYTES_TO_T_UINT_8( 0xC1, 0x16, 0xD9, 0xB5, 0x70, 0x9F, 0xED, 0x85 ), - MBEDTLS_BYTES_TO_T_UINT_8( 0x93, 0x6A, 0x4C, 0x9C, 0x2E, 0x32, 0x21, 0x5A ), - MBEDTLS_BYTES_TO_T_UINT_8( 0x64, 0xD9, 0x2E, 0xD8, 0xBD, 0xE4, 0xAE, 0x81 ), + MBEDTLS_BYTES_TO_T_UINT_8(0x22, 0xF8, 0xB9, 0xBC, 0x09, 0x22, 0x35, 0x8B), + MBEDTLS_BYTES_TO_T_UINT_8(0x68, 0x5E, 0x6A, 0x40, 0x47, 0x50, 0x6D, 0x7C), + MBEDTLS_BYTES_TO_T_UINT_8(0x5F, 0x7D, 0xB9, 0x93, 0x7B, 0x68, 0xD1, 0x50), + MBEDTLS_BYTES_TO_T_UINT_8(0x8D, 0xD4, 0xD0, 0xE2, 0x78, 0x1F, 0x3B, 0xFF), + MBEDTLS_BYTES_TO_T_UINT_8(0x8E, 0x09, 0xD0, 0xF4, 0xEE, 0x62, 0x3B, 0xB4), + MBEDTLS_BYTES_TO_T_UINT_8(0xC1, 0x16, 0xD9, 0xB5, 0x70, 0x9F, 0xED, 0x85), + MBEDTLS_BYTES_TO_T_UINT_8(0x93, 0x6A, 0x4C, 0x9C, 0x2E, 0x32, 0x21, 0x5A), + MBEDTLS_BYTES_TO_T_UINT_8(0x64, 0xD9, 0x2E, 0xD8, 0xBD, 0xE4, 0xAE, 0x81), }; static const mbedtls_mpi_uint brainpoolP512r1_gy[] = { - MBEDTLS_BYTES_TO_T_UINT_8( 0x92, 0x08, 0xD8, 0x3A, 0x0F, 0x1E, 0xCD, 0x78 ), - MBEDTLS_BYTES_TO_T_UINT_8( 0x06, 0x54, 0xF0, 0xA8, 0x2F, 0x2B, 0xCA, 0xD1 ), - MBEDTLS_BYTES_TO_T_UINT_8( 0xAE, 0x63, 0x27, 0x8A, 0xD8, 0x4B, 0xCA, 0x5B ), - MBEDTLS_BYTES_TO_T_UINT_8( 0x5E, 0x48, 0x5F, 0x4A, 0x49, 0xDE, 0xDC, 0xB2 ), - MBEDTLS_BYTES_TO_T_UINT_8( 0x11, 0x81, 0x1F, 0x88, 0x5B, 0xC5, 0x00, 0xA0 ), - MBEDTLS_BYTES_TO_T_UINT_8( 0x1A, 0x7B, 0xA5, 0x24, 0x00, 0xF7, 0x09, 0xF2 ), - MBEDTLS_BYTES_TO_T_UINT_8( 0xFD, 0x22, 0x78, 0xCF, 0xA9, 0xBF, 0xEA, 0xC0 ), - MBEDTLS_BYTES_TO_T_UINT_8( 0xEC, 0x32, 0x63, 0x56, 0x5D, 0x38, 0xDE, 0x7D ), + MBEDTLS_BYTES_TO_T_UINT_8(0x92, 0x08, 0xD8, 0x3A, 0x0F, 0x1E, 0xCD, 0x78), + MBEDTLS_BYTES_TO_T_UINT_8(0x06, 0x54, 0xF0, 0xA8, 0x2F, 0x2B, 0xCA, 0xD1), + MBEDTLS_BYTES_TO_T_UINT_8(0xAE, 0x63, 0x27, 0x8A, 0xD8, 0x4B, 0xCA, 0x5B), + MBEDTLS_BYTES_TO_T_UINT_8(0x5E, 0x48, 0x5F, 0x4A, 0x49, 0xDE, 0xDC, 0xB2), + MBEDTLS_BYTES_TO_T_UINT_8(0x11, 0x81, 0x1F, 0x88, 0x5B, 0xC5, 0x00, 0xA0), + MBEDTLS_BYTES_TO_T_UINT_8(0x1A, 0x7B, 0xA5, 0x24, 0x00, 0xF7, 0x09, 0xF2), + MBEDTLS_BYTES_TO_T_UINT_8(0xFD, 0x22, 0x78, 0xCF, 0xA9, 0xBF, 0xEA, 0xC0), + MBEDTLS_BYTES_TO_T_UINT_8(0xEC, 0x32, 0x63, 0x56, 0x5D, 0x38, 0xDE, 0x7D), }; static const mbedtls_mpi_uint brainpoolP512r1_n[] = { - MBEDTLS_BYTES_TO_T_UINT_8( 0x69, 0x00, 0xA9, 0x9C, 0x82, 0x96, 0x87, 0xB5 ), - MBEDTLS_BYTES_TO_T_UINT_8( 0xDD, 0xDA, 0x5D, 0x08, 0x81, 0xD3, 0xB1, 0x1D ), - MBEDTLS_BYTES_TO_T_UINT_8( 0x47, 0x10, 0xAC, 0x7F, 0x19, 0x61, 0x86, 0x41 ), - MBEDTLS_BYTES_TO_T_UINT_8( 0x19, 0x26, 0xA9, 0x4C, 0x41, 0x5C, 0x3E, 0x55 ), - MBEDTLS_BYTES_TO_T_UINT_8( 0x70, 0x08, 0x33, 0x70, 0xCA, 0x9C, 0x63, 0xD6 ), - MBEDTLS_BYTES_TO_T_UINT_8( 0x0E, 0xD2, 0xC9, 0xB3, 0xB3, 0x8D, 0x30, 0xCB ), - MBEDTLS_BYTES_TO_T_UINT_8( 0x07, 0xFC, 0xC9, 0x33, 0xAE, 0xE6, 0xD4, 0x3F ), - MBEDTLS_BYTES_TO_T_UINT_8( 0x8B, 0xC4, 0xE9, 0xDB, 0xB8, 0x9D, 0xDD, 0xAA ), + MBEDTLS_BYTES_TO_T_UINT_8(0x69, 0x00, 0xA9, 0x9C, 0x82, 0x96, 0x87, 0xB5), + MBEDTLS_BYTES_TO_T_UINT_8(0xDD, 0xDA, 0x5D, 0x08, 0x81, 0xD3, 0xB1, 0x1D), + MBEDTLS_BYTES_TO_T_UINT_8(0x47, 0x10, 0xAC, 0x7F, 0x19, 0x61, 0x86, 0x41), + MBEDTLS_BYTES_TO_T_UINT_8(0x19, 0x26, 0xA9, 0x4C, 0x41, 0x5C, 0x3E, 0x55), + MBEDTLS_BYTES_TO_T_UINT_8(0x70, 0x08, 0x33, 0x70, 0xCA, 0x9C, 0x63, 0xD6), + MBEDTLS_BYTES_TO_T_UINT_8(0x0E, 0xD2, 0xC9, 0xB3, 0xB3, 0x8D, 0x30, 0xCB), + MBEDTLS_BYTES_TO_T_UINT_8(0x07, 0xFC, 0xC9, 0x33, 0xAE, 0xE6, 0xD4, 0x3F), + MBEDTLS_BYTES_TO_T_UINT_8(0x8B, 0xC4, 0xE9, 0xDB, 0xB8, 0x9D, 0xDD, 0xAA), }; #endif /* MBEDTLS_ECP_DP_BP512R1_ENABLED */ @@ -533,19 +533,19 @@ static const mbedtls_mpi_uint brainpoolP512r1_n[] = { #if defined(ECP_LOAD_GROUP) /* * Create an MPI from embedded constants - * (assumes len is an exact multiple of sizeof mbedtls_mpi_uint) + * (assumes len is an exact multiple of sizeof(mbedtls_mpi_uint)) */ -static inline void ecp_mpi_load( mbedtls_mpi *X, const mbedtls_mpi_uint *p, size_t len ) +static inline void ecp_mpi_load(mbedtls_mpi *X, const mbedtls_mpi_uint *p, size_t len) { X->s = 1; - X->n = len / sizeof( mbedtls_mpi_uint ); + X->n = len / sizeof(mbedtls_mpi_uint); X->p = (mbedtls_mpi_uint *) p; } /* * Set an MPI to static value 1 */ -static inline void ecp_mpi_set1( mbedtls_mpi *X ) +static inline void ecp_mpi_set1(mbedtls_mpi *X) { static mbedtls_mpi_uint one[] = { 1 }; X->s = 1; @@ -556,89 +556,90 @@ static inline void ecp_mpi_set1( mbedtls_mpi *X ) /* * Make group available from embedded constants */ -static int ecp_group_load( mbedtls_ecp_group *grp, - const mbedtls_mpi_uint *p, size_t plen, - const mbedtls_mpi_uint *a, size_t alen, - const mbedtls_mpi_uint *b, size_t blen, - const mbedtls_mpi_uint *gx, size_t gxlen, - const mbedtls_mpi_uint *gy, size_t gylen, - const mbedtls_mpi_uint *n, size_t nlen) +static int ecp_group_load(mbedtls_ecp_group *grp, + const mbedtls_mpi_uint *p, size_t plen, + const mbedtls_mpi_uint *a, size_t alen, + const mbedtls_mpi_uint *b, size_t blen, + const mbedtls_mpi_uint *gx, size_t gxlen, + const mbedtls_mpi_uint *gy, size_t gylen, + const mbedtls_mpi_uint *n, size_t nlen) { - ecp_mpi_load( &grp->P, p, plen ); - if( a != NULL ) - ecp_mpi_load( &grp->A, a, alen ); - ecp_mpi_load( &grp->B, b, blen ); - ecp_mpi_load( &grp->N, n, nlen ); + ecp_mpi_load(&grp->P, p, plen); + if (a != NULL) { + ecp_mpi_load(&grp->A, a, alen); + } + ecp_mpi_load(&grp->B, b, blen); + ecp_mpi_load(&grp->N, n, nlen); - ecp_mpi_load( &grp->G.X, gx, gxlen ); - ecp_mpi_load( &grp->G.Y, gy, gylen ); - ecp_mpi_set1( &grp->G.Z ); + ecp_mpi_load(&grp->G.X, gx, gxlen); + ecp_mpi_load(&grp->G.Y, gy, gylen); + ecp_mpi_set1(&grp->G.Z); - grp->pbits = mbedtls_mpi_bitlen( &grp->P ); - grp->nbits = mbedtls_mpi_bitlen( &grp->N ); + grp->pbits = mbedtls_mpi_bitlen(&grp->P); + grp->nbits = mbedtls_mpi_bitlen(&grp->N); grp->h = 1; - return( 0 ); + return 0; } #endif /* ECP_LOAD_GROUP */ #if defined(MBEDTLS_ECP_NIST_OPTIM) /* Forward declarations */ #if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) -static int ecp_mod_p192( mbedtls_mpi * ); +static int ecp_mod_p192(mbedtls_mpi *); #endif #if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) -static int ecp_mod_p224( mbedtls_mpi * ); +static int ecp_mod_p224(mbedtls_mpi *); #endif #if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) -static int ecp_mod_p256( mbedtls_mpi * ); +static int ecp_mod_p256(mbedtls_mpi *); #endif #if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) -static int ecp_mod_p384( mbedtls_mpi * ); +static int ecp_mod_p384(mbedtls_mpi *); #endif #if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) -static int ecp_mod_p521( mbedtls_mpi * ); +static int ecp_mod_p521(mbedtls_mpi *); #endif -#define NIST_MODP( P ) grp->modp = ecp_mod_ ## P; +#define NIST_MODP(P) grp->modp = ecp_mod_ ## P; #else -#define NIST_MODP( P ) +#define NIST_MODP(P) #endif /* MBEDTLS_ECP_NIST_OPTIM */ /* Additional forward declarations */ #if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) -static int ecp_mod_p255( mbedtls_mpi * ); +static int ecp_mod_p255(mbedtls_mpi *); #endif #if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED) -static int ecp_mod_p448( mbedtls_mpi * ); +static int ecp_mod_p448(mbedtls_mpi *); #endif #if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) -static int ecp_mod_p192k1( mbedtls_mpi * ); +static int ecp_mod_p192k1(mbedtls_mpi *); #endif #if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) -static int ecp_mod_p224k1( mbedtls_mpi * ); +static int ecp_mod_p224k1(mbedtls_mpi *); #endif #if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) -static int ecp_mod_p256k1( mbedtls_mpi * ); +static int ecp_mod_p256k1(mbedtls_mpi *); #endif #if defined(ECP_LOAD_GROUP) -#define LOAD_GROUP_A( G ) ecp_group_load( grp, \ - G ## _p, sizeof( G ## _p ), \ - G ## _a, sizeof( G ## _a ), \ - G ## _b, sizeof( G ## _b ), \ - G ## _gx, sizeof( G ## _gx ), \ - G ## _gy, sizeof( G ## _gy ), \ - G ## _n, sizeof( G ## _n ) ) - -#define LOAD_GROUP( G ) ecp_group_load( grp, \ - G ## _p, sizeof( G ## _p ), \ - NULL, 0, \ - G ## _b, sizeof( G ## _b ), \ - G ## _gx, sizeof( G ## _gx ), \ - G ## _gy, sizeof( G ## _gy ), \ - G ## _n, sizeof( G ## _n ) ) +#define LOAD_GROUP_A(G) ecp_group_load(grp, \ + G ## _p, sizeof(G ## _p), \ + G ## _a, sizeof(G ## _a), \ + G ## _b, sizeof(G ## _b), \ + G ## _gx, sizeof(G ## _gx), \ + G ## _gy, sizeof(G ## _gy), \ + G ## _n, sizeof(G ## _n)) + +#define LOAD_GROUP(G) ecp_group_load(grp, \ + G ## _p, sizeof(G ## _p), \ + NULL, 0, \ + G ## _b, sizeof(G ## _b), \ + G ## _gx, sizeof(G ## _gx), \ + G ## _gy, sizeof(G ## _gy), \ + G ## _n, sizeof(G ## _n)) #endif /* ECP_LOAD_GROUP */ #if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) @@ -652,38 +653,39 @@ static const unsigned char curve25519_part_of_n[] = { /* * Specialized function for creating the Curve25519 group */ -static int ecp_use_curve25519( mbedtls_ecp_group *grp ) +static int ecp_use_curve25519(mbedtls_ecp_group *grp) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; /* Actually ( A + 2 ) / 4 */ - MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &grp->A, curve25519_a24 ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&grp->A, curve25519_a24)); /* P = 2^255 - 19 */ - MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &grp->P, 1 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l( &grp->P, 255 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &grp->P, &grp->P, 19 ) ); - grp->pbits = mbedtls_mpi_bitlen( &grp->P ); + MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&grp->P, 1)); + MBEDTLS_MPI_CHK(mbedtls_mpi_shift_l(&grp->P, 255)); + MBEDTLS_MPI_CHK(mbedtls_mpi_sub_int(&grp->P, &grp->P, 19)); + grp->pbits = mbedtls_mpi_bitlen(&grp->P); /* N = 2^252 + 27742317777372353535851937790883648493 */ - MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &grp->N, - curve25519_part_of_n, sizeof( curve25519_part_of_n ) ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( &grp->N, 252, 1 ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&grp->N, + curve25519_part_of_n, sizeof(curve25519_part_of_n))); + MBEDTLS_MPI_CHK(mbedtls_mpi_set_bit(&grp->N, 252, 1)); /* Y intentionally not set, since we use x/z coordinates. * This is used as a marker to identify Montgomery curves! */ - MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &grp->G.X, 9 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &grp->G.Z, 1 ) ); - mbedtls_mpi_free( &grp->G.Y ); + MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&grp->G.X, 9)); + MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&grp->G.Z, 1)); + mbedtls_mpi_free(&grp->G.Y); /* Actually, the required msb for private keys */ grp->nbits = 254; cleanup: - if( ret != 0 ) - mbedtls_ecp_group_free( grp ); + if (ret != 0) { + mbedtls_ecp_group_free(grp); + } - return( ret ); + return ret; } #endif /* MBEDTLS_ECP_DP_CURVE25519_ENABLED */ @@ -700,140 +702,140 @@ static const unsigned char curve448_part_of_n[] = { /* * Specialized function for creating the Curve448 group */ -static int ecp_use_curve448( mbedtls_ecp_group *grp ) +static int ecp_use_curve448(mbedtls_ecp_group *grp) { mbedtls_mpi Ns; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - mbedtls_mpi_init( &Ns ); + mbedtls_mpi_init(&Ns); /* Actually ( A + 2 ) / 4 */ - MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &grp->A, curve448_a24 ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&grp->A, curve448_a24)); /* P = 2^448 - 2^224 - 1 */ - MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &grp->P, 1 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l( &grp->P, 224 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &grp->P, &grp->P, 1 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l( &grp->P, 224 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &grp->P, &grp->P, 1 ) ); - grp->pbits = mbedtls_mpi_bitlen( &grp->P ); + MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&grp->P, 1)); + MBEDTLS_MPI_CHK(mbedtls_mpi_shift_l(&grp->P, 224)); + MBEDTLS_MPI_CHK(mbedtls_mpi_sub_int(&grp->P, &grp->P, 1)); + MBEDTLS_MPI_CHK(mbedtls_mpi_shift_l(&grp->P, 224)); + MBEDTLS_MPI_CHK(mbedtls_mpi_sub_int(&grp->P, &grp->P, 1)); + grp->pbits = mbedtls_mpi_bitlen(&grp->P); /* Y intentionally not set, since we use x/z coordinates. * This is used as a marker to identify Montgomery curves! */ - MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &grp->G.X, 5 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &grp->G.Z, 1 ) ); - mbedtls_mpi_free( &grp->G.Y ); + MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&grp->G.X, 5)); + MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&grp->G.Z, 1)); + mbedtls_mpi_free(&grp->G.Y); /* N = 2^446 - 13818066809895115352007386748515426880336692474882178609894547503885 */ - MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( &grp->N, 446, 1 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &Ns, - curve448_part_of_n, sizeof( curve448_part_of_n ) ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &grp->N, &grp->N, &Ns ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_set_bit(&grp->N, 446, 1)); + MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&Ns, + curve448_part_of_n, sizeof(curve448_part_of_n))); + MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mpi(&grp->N, &grp->N, &Ns)); /* Actually, the required msb for private keys */ grp->nbits = 447; cleanup: - mbedtls_mpi_free( &Ns ); - if( ret != 0 ) - mbedtls_ecp_group_free( grp ); + mbedtls_mpi_free(&Ns); + if (ret != 0) { + mbedtls_ecp_group_free(grp); + } - return( ret ); + return ret; } #endif /* MBEDTLS_ECP_DP_CURVE448_ENABLED */ /* * Set a group using well-known domain parameters */ -int mbedtls_ecp_group_load( mbedtls_ecp_group *grp, mbedtls_ecp_group_id id ) +int mbedtls_ecp_group_load(mbedtls_ecp_group *grp, mbedtls_ecp_group_id id) { - ECP_VALIDATE_RET( grp != NULL ); - mbedtls_ecp_group_free( grp ); + ECP_VALIDATE_RET(grp != NULL); + mbedtls_ecp_group_free(grp); - mbedtls_ecp_group_init( grp ); + mbedtls_ecp_group_init(grp); grp->id = id; - switch( id ) - { + switch (id) { #if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) case MBEDTLS_ECP_DP_SECP192R1: - NIST_MODP( p192 ); - return( LOAD_GROUP( secp192r1 ) ); + NIST_MODP(p192); + return LOAD_GROUP(secp192r1); #endif /* MBEDTLS_ECP_DP_SECP192R1_ENABLED */ #if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) case MBEDTLS_ECP_DP_SECP224R1: - NIST_MODP( p224 ); - return( LOAD_GROUP( secp224r1 ) ); + NIST_MODP(p224); + return LOAD_GROUP(secp224r1); #endif /* MBEDTLS_ECP_DP_SECP224R1_ENABLED */ #if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) case MBEDTLS_ECP_DP_SECP256R1: - NIST_MODP( p256 ); - return( LOAD_GROUP( secp256r1 ) ); + NIST_MODP(p256); + return LOAD_GROUP(secp256r1); #endif /* MBEDTLS_ECP_DP_SECP256R1_ENABLED */ #if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) case MBEDTLS_ECP_DP_SECP384R1: - NIST_MODP( p384 ); - return( LOAD_GROUP( secp384r1 ) ); + NIST_MODP(p384); + return LOAD_GROUP(secp384r1); #endif /* MBEDTLS_ECP_DP_SECP384R1_ENABLED */ #if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) case MBEDTLS_ECP_DP_SECP521R1: - NIST_MODP( p521 ); - return( LOAD_GROUP( secp521r1 ) ); + NIST_MODP(p521); + return LOAD_GROUP(secp521r1); #endif /* MBEDTLS_ECP_DP_SECP521R1_ENABLED */ #if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) case MBEDTLS_ECP_DP_SECP192K1: grp->modp = ecp_mod_p192k1; - return( LOAD_GROUP_A( secp192k1 ) ); + return LOAD_GROUP_A(secp192k1); #endif /* MBEDTLS_ECP_DP_SECP192K1_ENABLED */ #if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) case MBEDTLS_ECP_DP_SECP224K1: grp->modp = ecp_mod_p224k1; - return( LOAD_GROUP_A( secp224k1 ) ); + return LOAD_GROUP_A(secp224k1); #endif /* MBEDTLS_ECP_DP_SECP224K1_ENABLED */ #if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) case MBEDTLS_ECP_DP_SECP256K1: grp->modp = ecp_mod_p256k1; - return( LOAD_GROUP_A( secp256k1 ) ); + return LOAD_GROUP_A(secp256k1); #endif /* MBEDTLS_ECP_DP_SECP256K1_ENABLED */ #if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED) case MBEDTLS_ECP_DP_BP256R1: - return( LOAD_GROUP_A( brainpoolP256r1 ) ); + return LOAD_GROUP_A(brainpoolP256r1); #endif /* MBEDTLS_ECP_DP_BP256R1_ENABLED */ #if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED) case MBEDTLS_ECP_DP_BP384R1: - return( LOAD_GROUP_A( brainpoolP384r1 ) ); + return LOAD_GROUP_A(brainpoolP384r1); #endif /* MBEDTLS_ECP_DP_BP384R1_ENABLED */ #if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED) case MBEDTLS_ECP_DP_BP512R1: - return( LOAD_GROUP_A( brainpoolP512r1 ) ); + return LOAD_GROUP_A(brainpoolP512r1); #endif /* MBEDTLS_ECP_DP_BP512R1_ENABLED */ #if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) case MBEDTLS_ECP_DP_CURVE25519: grp->modp = ecp_mod_p255; - return( ecp_use_curve25519( grp ) ); + return ecp_use_curve25519(grp); #endif /* MBEDTLS_ECP_DP_CURVE25519_ENABLED */ #if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED) case MBEDTLS_ECP_DP_CURVE448: grp->modp = ecp_mod_p448; - return( ecp_use_curve448( grp ) ); + return ecp_use_curve448(grp); #endif /* MBEDTLS_ECP_DP_CURVE448_ENABLED */ default: grp->id = MBEDTLS_ECP_DP_NONE; - return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE ); + return MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE; } } @@ -862,56 +864,54 @@ int mbedtls_ecp_group_load( mbedtls_ecp_group *grp, mbedtls_ecp_group_id id ) */ /* Add 64-bit chunks (dst += src) and update carry */ -static inline void add64( mbedtls_mpi_uint *dst, mbedtls_mpi_uint *src, mbedtls_mpi_uint *carry ) +static inline void add64(mbedtls_mpi_uint *dst, mbedtls_mpi_uint *src, mbedtls_mpi_uint *carry) { unsigned char i; mbedtls_mpi_uint c = 0; - for( i = 0; i < 8 / sizeof( mbedtls_mpi_uint ); i++, dst++, src++ ) - { - *dst += c; c = ( *dst < c ); - *dst += *src; c += ( *dst < *src ); + for (i = 0; i < 8 / sizeof(mbedtls_mpi_uint); i++, dst++, src++) { + *dst += c; c = (*dst < c); + *dst += *src; c += (*dst < *src); } *carry += c; } /* Add carry to a 64-bit chunk and update carry */ -static inline void carry64( mbedtls_mpi_uint *dst, mbedtls_mpi_uint *carry ) +static inline void carry64(mbedtls_mpi_uint *dst, mbedtls_mpi_uint *carry) { unsigned char i; - for( i = 0; i < 8 / sizeof( mbedtls_mpi_uint ); i++, dst++ ) - { + for (i = 0; i < 8 / sizeof(mbedtls_mpi_uint); i++, dst++) { *dst += *carry; - *carry = ( *dst < *carry ); + *carry = (*dst < *carry); } } -#define WIDTH 8 / sizeof( mbedtls_mpi_uint ) -#define A( i ) N->p + (i) * WIDTH -#define ADD( i ) add64( p, A( i ), &c ) -#define NEXT p += WIDTH; carry64( p, &c ) -#define LAST p += WIDTH; *p = c; while( ++p < end ) *p = 0 +#define WIDTH 8 / sizeof(mbedtls_mpi_uint) +#define A(i) N->p + (i) * WIDTH +#define ADD(i) add64(p, A(i), &c) +#define NEXT p += WIDTH; carry64(p, &c) +#define LAST p += WIDTH; *p = c; while (++p < end) *p = 0 /* * Fast quasi-reduction modulo p192 (FIPS 186-3 D.2.1) */ -static int ecp_mod_p192( mbedtls_mpi *N ) +static int ecp_mod_p192(mbedtls_mpi *N) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_mpi_uint c = 0; mbedtls_mpi_uint *p, *end; /* Make sure we have enough blocks so that A(5) is legal */ - MBEDTLS_MPI_CHK( mbedtls_mpi_grow( N, 6 * WIDTH ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_grow(N, 6 * WIDTH)); p = N->p; end = p + N->n; - ADD( 3 ); ADD( 5 ); NEXT; // A0 += A3 + A5 - ADD( 3 ); ADD( 4 ); ADD( 5 ); NEXT; // A1 += A3 + A4 + A5 - ADD( 4 ); ADD( 5 ); LAST; // A2 += A4 + A5 + ADD(3); ADD(5); NEXT; // A0 += A3 + A5 + ADD(3); ADD(4); ADD(5); NEXT; // A1 += A3 + A4 + A5 + ADD(4); ADD(5); LAST; // A2 += A4 + A5 cleanup: - return( ret ); + return ret; } #undef WIDTH @@ -940,21 +940,21 @@ cleanup: * * While at it, also define the size of N in terms of 32-bit chunks. */ -#define LOAD32 cur = A( i ); +#define LOAD32 cur = A(i); #if defined(MBEDTLS_HAVE_INT32) /* 32 bit */ #define MAX32 N->n -#define A( j ) N->p[j] +#define A(j) N->p[j] #define STORE32 N->p[i] = cur; #else /* 64-bit */ #define MAX32 N->n * 2 -#define A( j ) (j) % 2 ? (uint32_t)( N->p[(j)/2] >> 32 ) : \ - (uint32_t)( N->p[(j)/2] ) +#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ + (uint32_t) (N->p[(j)/2]) #define STORE32 \ - if( i % 2 ) { \ + if (i % 2) { \ N->p[i/2] &= 0x00000000FFFFFFFF; \ N->p[i/2] |= ((mbedtls_mpi_uint) cur) << 32; \ } else { \ @@ -967,20 +967,20 @@ cleanup: /* * Helpers for addition and subtraction of chunks, with signed carry. */ -static inline void add32( uint32_t *dst, uint32_t src, signed char *carry ) +static inline void add32(uint32_t *dst, uint32_t src, signed char *carry) { *dst += src; - *carry += ( *dst < src ); + *carry += (*dst < src); } -static inline void sub32( uint32_t *dst, uint32_t src, signed char *carry ) +static inline void sub32(uint32_t *dst, uint32_t src, signed char *carry) { - *carry -= ( *dst < src ); + *carry -= (*dst < src); *dst -= src; } -#define ADD( j ) add32( &cur, A( j ), &c ); -#define SUB( j ) sub32( &cur, A( j ), &c ); +#define ADD(j) add32(&cur, A(j), &c); +#define SUB(j) sub32(&cur, A(j), &c); #define ciL (sizeof(mbedtls_mpi_uint)) /* chars in limb */ #define biL (ciL << 3) /* bits in limb */ @@ -988,83 +988,83 @@ static inline void sub32( uint32_t *dst, uint32_t src, signed char *carry ) /* * Helpers for the main 'loop' */ -#define INIT( b ) \ +#define INIT(b) \ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; \ signed char c = 0, cc; \ uint32_t cur; \ size_t i = 0, bits = (b); \ /* N is the size of the product of two b-bit numbers, plus one */ \ /* limb for fix_negative */ \ - MBEDTLS_MPI_CHK( mbedtls_mpi_grow( N, ( b ) * 2 / biL + 1 ) ); \ + MBEDTLS_MPI_CHK(mbedtls_mpi_grow(N, (b) * 2 / biL + 1)); \ LOAD32; #define NEXT \ STORE32; i++; LOAD32; \ cc = c; c = 0; \ - if( cc < 0 ) \ - sub32( &cur, -cc, &c ); \ + if (cc < 0) \ + sub32(&cur, -cc, &c); \ else \ - add32( &cur, cc, &c ); \ + add32(&cur, cc, &c); \ #define LAST \ STORE32; i++; \ cur = c > 0 ? c : 0; STORE32; \ - cur = 0; while( ++i < MAX32 ) { STORE32; } \ - if( c < 0 ) mbedtls_ecp_fix_negative( N, c, bits ); + cur = 0; while (++i < MAX32) { STORE32; } \ + if (c < 0) mbedtls_ecp_fix_negative(N, c, bits); /* * If the result is negative, we get it in the form * c * 2^bits + N, with c negative and N positive shorter than 'bits' */ MBEDTLS_STATIC_TESTABLE -void mbedtls_ecp_fix_negative( mbedtls_mpi *N, signed char c, size_t bits ) +void mbedtls_ecp_fix_negative(mbedtls_mpi *N, signed char c, size_t bits) { size_t i; /* Set N := 2^bits - 1 - N. We know that 0 <= N < 2^bits, so * set the absolute value to 0xfff...fff - N. There is no carry * since we're subtracting from all-bits-one. */ - for( i = 0; i <= bits / 8 / sizeof( mbedtls_mpi_uint ); i++ ) - { - N->p[i] = ~(mbedtls_mpi_uint)0 - N->p[i]; + for (i = 0; i <= bits / 8 / sizeof(mbedtls_mpi_uint); i++) { + N->p[i] = ~(mbedtls_mpi_uint) 0 - N->p[i]; } /* Add 1, taking care of the carry. */ i = 0; - do + do { ++N->p[i]; - while( N->p[i++] == 0 && i <= bits / 8 / sizeof( mbedtls_mpi_uint ) ); + } while (N->p[i++] == 0 && i <= bits / 8 / sizeof(mbedtls_mpi_uint)); /* Invert the sign. * Now N = N0 - 2^bits where N0 is the initial value of N. */ N->s = -1; /* Add |c| * 2^bits to the absolute value. Since c and N are - * negative, this adds c * 2^bits. */ + * negative, this adds c * 2^bits. */ mbedtls_mpi_uint msw = (mbedtls_mpi_uint) -c; #if defined(MBEDTLS_HAVE_INT64) - if( bits == 224 ) + if (bits == 224) { msw <<= 32; + } #endif - N->p[bits / 8 / sizeof( mbedtls_mpi_uint)] += msw; + N->p[bits / 8 / sizeof(mbedtls_mpi_uint)] += msw; } #if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) /* * Fast quasi-reduction modulo p224 (FIPS 186-3 D.2.2) */ -static int ecp_mod_p224( mbedtls_mpi *N ) +static int ecp_mod_p224(mbedtls_mpi *N) { - INIT( 224 ); + INIT(224); - SUB( 7 ); SUB( 11 ); NEXT; // A0 += -A7 - A11 - SUB( 8 ); SUB( 12 ); NEXT; // A1 += -A8 - A12 - SUB( 9 ); SUB( 13 ); NEXT; // A2 += -A9 - A13 - SUB( 10 ); ADD( 7 ); ADD( 11 ); NEXT; // A3 += -A10 + A7 + A11 - SUB( 11 ); ADD( 8 ); ADD( 12 ); NEXT; // A4 += -A11 + A8 + A12 - SUB( 12 ); ADD( 9 ); ADD( 13 ); NEXT; // A5 += -A12 + A9 + A13 - SUB( 13 ); ADD( 10 ); LAST; // A6 += -A13 + A10 + SUB(7); SUB(11); NEXT; // A0 += -A7 - A11 + SUB(8); SUB(12); NEXT; // A1 += -A8 - A12 + SUB(9); SUB(13); NEXT; // A2 += -A9 - A13 + SUB(10); ADD(7); ADD(11); NEXT; // A3 += -A10 + A7 + A11 + SUB(11); ADD(8); ADD(12); NEXT; // A4 += -A11 + A8 + A12 + SUB(12); ADD(9); ADD(13); NEXT; // A5 += -A12 + A9 + A13 + SUB(13); ADD(10); LAST; // A6 += -A13 + A10 cleanup: - return( ret ); + return ret; } #endif /* MBEDTLS_ECP_DP_SECP224R1_ENABLED */ @@ -1072,36 +1072,36 @@ cleanup: /* * Fast quasi-reduction modulo p256 (FIPS 186-3 D.2.3) */ -static int ecp_mod_p256( mbedtls_mpi *N ) +static int ecp_mod_p256(mbedtls_mpi *N) { - INIT( 256 ); + INIT(256); - ADD( 8 ); ADD( 9 ); - SUB( 11 ); SUB( 12 ); SUB( 13 ); SUB( 14 ); NEXT; // A0 + ADD(8); ADD(9); + SUB(11); SUB(12); SUB(13); SUB(14); NEXT; // A0 - ADD( 9 ); ADD( 10 ); - SUB( 12 ); SUB( 13 ); SUB( 14 ); SUB( 15 ); NEXT; // A1 + ADD(9); ADD(10); + SUB(12); SUB(13); SUB(14); SUB(15); NEXT; // A1 - ADD( 10 ); ADD( 11 ); - SUB( 13 ); SUB( 14 ); SUB( 15 ); NEXT; // A2 + ADD(10); ADD(11); + SUB(13); SUB(14); SUB(15); NEXT; // A2 - ADD( 11 ); ADD( 11 ); ADD( 12 ); ADD( 12 ); ADD( 13 ); - SUB( 15 ); SUB( 8 ); SUB( 9 ); NEXT; // A3 + ADD(11); ADD(11); ADD(12); ADD(12); ADD(13); + SUB(15); SUB(8); SUB(9); NEXT; // A3 - ADD( 12 ); ADD( 12 ); ADD( 13 ); ADD( 13 ); ADD( 14 ); - SUB( 9 ); SUB( 10 ); NEXT; // A4 + ADD(12); ADD(12); ADD(13); ADD(13); ADD(14); + SUB(9); SUB(10); NEXT; // A4 - ADD( 13 ); ADD( 13 ); ADD( 14 ); ADD( 14 ); ADD( 15 ); - SUB( 10 ); SUB( 11 ); NEXT; // A5 + ADD(13); ADD(13); ADD(14); ADD(14); ADD(15); + SUB(10); SUB(11); NEXT; // A5 - ADD( 14 ); ADD( 14 ); ADD( 15 ); ADD( 15 ); ADD( 14 ); ADD( 13 ); - SUB( 8 ); SUB( 9 ); NEXT; // A6 + ADD(14); ADD(14); ADD(15); ADD(15); ADD(14); ADD(13); + SUB(8); SUB(9); NEXT; // A6 - ADD( 15 ); ADD( 15 ); ADD( 15 ); ADD( 8 ); - SUB( 10 ); SUB( 11 ); SUB( 12 ); SUB( 13 ); LAST; // A7 + ADD(15); ADD(15); ADD(15); ADD(8); + SUB(10); SUB(11); SUB(12); SUB(13); LAST; // A7 cleanup: - return( ret ); + return ret; } #endif /* MBEDTLS_ECP_DP_SECP256R1_ENABLED */ @@ -1109,48 +1109,48 @@ cleanup: /* * Fast quasi-reduction modulo p384 (FIPS 186-3 D.2.4) */ -static int ecp_mod_p384( mbedtls_mpi *N ) +static int ecp_mod_p384(mbedtls_mpi *N) { - INIT( 384 ); + INIT(384); - ADD( 12 ); ADD( 21 ); ADD( 20 ); - SUB( 23 ); NEXT; // A0 + ADD(12); ADD(21); ADD(20); + SUB(23); NEXT; // A0 - ADD( 13 ); ADD( 22 ); ADD( 23 ); - SUB( 12 ); SUB( 20 ); NEXT; // A2 + ADD(13); ADD(22); ADD(23); + SUB(12); SUB(20); NEXT; // A2 - ADD( 14 ); ADD( 23 ); - SUB( 13 ); SUB( 21 ); NEXT; // A2 + ADD(14); ADD(23); + SUB(13); SUB(21); NEXT; // A2 - ADD( 15 ); ADD( 12 ); ADD( 20 ); ADD( 21 ); - SUB( 14 ); SUB( 22 ); SUB( 23 ); NEXT; // A3 + ADD(15); ADD(12); ADD(20); ADD(21); + SUB(14); SUB(22); SUB(23); NEXT; // A3 - ADD( 21 ); ADD( 21 ); ADD( 16 ); ADD( 13 ); ADD( 12 ); ADD( 20 ); ADD( 22 ); - SUB( 15 ); SUB( 23 ); SUB( 23 ); NEXT; // A4 + ADD(21); ADD(21); ADD(16); ADD(13); ADD(12); ADD(20); ADD(22); + SUB(15); SUB(23); SUB(23); NEXT; // A4 - ADD( 22 ); ADD( 22 ); ADD( 17 ); ADD( 14 ); ADD( 13 ); ADD( 21 ); ADD( 23 ); - SUB( 16 ); NEXT; // A5 + ADD(22); ADD(22); ADD(17); ADD(14); ADD(13); ADD(21); ADD(23); + SUB(16); NEXT; // A5 - ADD( 23 ); ADD( 23 ); ADD( 18 ); ADD( 15 ); ADD( 14 ); ADD( 22 ); - SUB( 17 ); NEXT; // A6 + ADD(23); ADD(23); ADD(18); ADD(15); ADD(14); ADD(22); + SUB(17); NEXT; // A6 - ADD( 19 ); ADD( 16 ); ADD( 15 ); ADD( 23 ); - SUB( 18 ); NEXT; // A7 + ADD(19); ADD(16); ADD(15); ADD(23); + SUB(18); NEXT; // A7 - ADD( 20 ); ADD( 17 ); ADD( 16 ); - SUB( 19 ); NEXT; // A8 + ADD(20); ADD(17); ADD(16); + SUB(19); NEXT; // A8 - ADD( 21 ); ADD( 18 ); ADD( 17 ); - SUB( 20 ); NEXT; // A9 + ADD(21); ADD(18); ADD(17); + SUB(20); NEXT; // A9 - ADD( 22 ); ADD( 19 ); ADD( 18 ); - SUB( 21 ); NEXT; // A10 + ADD(22); ADD(19); ADD(18); + SUB(21); NEXT; // A10 - ADD( 23 ); ADD( 20 ); ADD( 19 ); - SUB( 22 ); LAST; // A11 + ADD(23); ADD(20); ADD(19); + SUB(22); LAST; // A11 cleanup: - return( ret ); + return ret; } #endif /* MBEDTLS_ECP_DP_SECP384R1_ENABLED */ @@ -1173,7 +1173,7 @@ cleanup: */ /* Size of p521 in terms of mbedtls_mpi_uint */ -#define P521_WIDTH ( 521 / 8 / sizeof( mbedtls_mpi_uint ) + 1 ) +#define P521_WIDTH (521 / 8 / sizeof(mbedtls_mpi_uint) + 1) /* Bits to keep in the most significant mbedtls_mpi_uint */ #define P521_MASK 0x01FF @@ -1182,7 +1182,7 @@ cleanup: * Fast quasi-reduction modulo p521 (FIPS 186-3 D.2.5) * Write N as A1 + 2^521 A0, return A0 + A1 */ -static int ecp_mod_p521( mbedtls_mpi *N ) +static int ecp_mod_p521(mbedtls_mpi *N) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t i; @@ -1192,28 +1192,31 @@ static int ecp_mod_p521( mbedtls_mpi *N ) * we need to hold bits 513 to 1056, which is 34 limbs, that is * P521_WIDTH + 1. Otherwise P521_WIDTH is enough. */ - if( N->n < P521_WIDTH ) - return( 0 ); + if (N->n < P521_WIDTH) { + return 0; + } /* M = A1 */ M.s = 1; - M.n = N->n - ( P521_WIDTH - 1 ); - if( M.n > P521_WIDTH + 1 ) + M.n = N->n - (P521_WIDTH - 1); + if (M.n > P521_WIDTH + 1) { M.n = P521_WIDTH + 1; + } M.p = Mp; - memcpy( Mp, N->p + P521_WIDTH - 1, M.n * sizeof( mbedtls_mpi_uint ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &M, 521 % ( 8 * sizeof( mbedtls_mpi_uint ) ) ) ); + memcpy(Mp, N->p + P521_WIDTH - 1, M.n * sizeof(mbedtls_mpi_uint)); + MBEDTLS_MPI_CHK(mbedtls_mpi_shift_r(&M, 521 % (8 * sizeof(mbedtls_mpi_uint)))); /* N = A0 */ N->p[P521_WIDTH - 1] &= P521_MASK; - for( i = P521_WIDTH; i < N->n; i++ ) + for (i = P521_WIDTH; i < N->n; i++) { N->p[i] = 0; + } /* N = A0 + A1 */ - MBEDTLS_MPI_CHK( mbedtls_mpi_add_abs( N, N, &M ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_add_abs(N, N, &M)); cleanup: - return( ret ); + return ret; } #undef P521_WIDTH @@ -1225,57 +1228,60 @@ cleanup: #if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) /* Size of p255 in terms of mbedtls_mpi_uint */ -#define P255_WIDTH ( 255 / 8 / sizeof( mbedtls_mpi_uint ) + 1 ) +#define P255_WIDTH (255 / 8 / sizeof(mbedtls_mpi_uint) + 1) /* * Fast quasi-reduction modulo p255 = 2^255 - 19 * Write N as A0 + 2^255 A1, return A0 + 19 * A1 */ -static int ecp_mod_p255( mbedtls_mpi *N ) +static int ecp_mod_p255(mbedtls_mpi *N) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t i; mbedtls_mpi M; mbedtls_mpi_uint Mp[P255_WIDTH + 2]; - if( N->n < P255_WIDTH ) - return( 0 ); + if (N->n < P255_WIDTH) { + return 0; + } /* M = A1 */ M.s = 1; - M.n = N->n - ( P255_WIDTH - 1 ); - if( M.n > P255_WIDTH + 1 ) - return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); + M.n = N->n - (P255_WIDTH - 1); + if (M.n > P255_WIDTH + 1) { + return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; + } M.p = Mp; - memset( Mp, 0, sizeof Mp ); - memcpy( Mp, N->p + P255_WIDTH - 1, M.n * sizeof( mbedtls_mpi_uint ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &M, 255 % ( 8 * sizeof( mbedtls_mpi_uint ) ) ) ); + memset(Mp, 0, sizeof(Mp)); + memcpy(Mp, N->p + P255_WIDTH - 1, M.n * sizeof(mbedtls_mpi_uint)); + MBEDTLS_MPI_CHK(mbedtls_mpi_shift_r(&M, 255 % (8 * sizeof(mbedtls_mpi_uint)))); M.n++; /* Make room for multiplication by 19 */ /* N = A0 */ - MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( N, 255, 0 ) ); - for( i = P255_WIDTH; i < N->n; i++ ) + MBEDTLS_MPI_CHK(mbedtls_mpi_set_bit(N, 255, 0)); + for (i = P255_WIDTH; i < N->n; i++) { N->p[i] = 0; + } /* N = A0 + 19 * A1 */ - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_int( &M, &M, 19 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_add_abs( N, N, &M ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_int(&M, &M, 19)); + MBEDTLS_MPI_CHK(mbedtls_mpi_add_abs(N, N, &M)); cleanup: - return( ret ); + return ret; } #endif /* MBEDTLS_ECP_DP_CURVE25519_ENABLED */ #if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED) /* Size of p448 in terms of mbedtls_mpi_uint */ -#define P448_WIDTH ( 448 / 8 / sizeof( mbedtls_mpi_uint ) ) +#define P448_WIDTH (448 / 8 / sizeof(mbedtls_mpi_uint)) /* Number of limbs fully occupied by 2^224 (max), and limbs used by it (min) */ -#define DIV_ROUND_UP( X, Y ) ( ( ( X ) + ( Y ) - 1 ) / ( Y ) ) -#define P224_WIDTH_MIN ( 28 / sizeof( mbedtls_mpi_uint ) ) -#define P224_WIDTH_MAX DIV_ROUND_UP( 28, sizeof( mbedtls_mpi_uint ) ) -#define P224_UNUSED_BITS ( ( P224_WIDTH_MAX * sizeof( mbedtls_mpi_uint ) * 8 ) - 224 ) +#define DIV_ROUND_UP(X, Y) (((X) + (Y) -1) / (Y)) +#define P224_WIDTH_MIN (28 / sizeof(mbedtls_mpi_uint)) +#define P224_WIDTH_MAX DIV_ROUND_UP(28, sizeof(mbedtls_mpi_uint)) +#define P224_UNUSED_BITS ((P224_WIDTH_MAX * sizeof(mbedtls_mpi_uint) * 8) - 224) /* * Fast quasi-reduction modulo p448 = 2^448 - 2^224 - 1 @@ -1288,52 +1294,57 @@ cleanup: * but for 64-bit targets it should use half the number of operations if we do * the reduction with 224-bit limbs, since mpi_add_mpi will then use 64-bit adds. */ -static int ecp_mod_p448( mbedtls_mpi *N ) +static int ecp_mod_p448(mbedtls_mpi *N) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t i; mbedtls_mpi M, Q; mbedtls_mpi_uint Mp[P448_WIDTH + 1], Qp[P448_WIDTH]; - if( N->n <= P448_WIDTH ) - return( 0 ); + if (N->n <= P448_WIDTH) { + return 0; + } /* M = A1 */ M.s = 1; - M.n = N->n - ( P448_WIDTH ); - if( M.n > P448_WIDTH ) + M.n = N->n - (P448_WIDTH); + if (M.n > P448_WIDTH) { /* Shouldn't be called with N larger than 2^896! */ - return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); + return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; + } M.p = Mp; - memset( Mp, 0, sizeof( Mp ) ); - memcpy( Mp, N->p + P448_WIDTH, M.n * sizeof( mbedtls_mpi_uint ) ); + memset(Mp, 0, sizeof(Mp)); + memcpy(Mp, N->p + P448_WIDTH, M.n * sizeof(mbedtls_mpi_uint)); /* N = A0 */ - for( i = P448_WIDTH; i < N->n; i++ ) + for (i = P448_WIDTH; i < N->n; i++) { N->p[i] = 0; + } /* N += A1 */ - MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( N, N, &M ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_add_mpi(N, N, &M)); /* Q = B1, N += B1 */ Q = M; Q.p = Qp; - memcpy( Qp, Mp, sizeof( Qp ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &Q, 224 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( N, N, &Q ) ); + memcpy(Qp, Mp, sizeof(Qp)); + MBEDTLS_MPI_CHK(mbedtls_mpi_shift_r(&Q, 224)); + MBEDTLS_MPI_CHK(mbedtls_mpi_add_mpi(N, N, &Q)); /* M = (B0 + B1) * 2^224, N += M */ - if( sizeof( mbedtls_mpi_uint ) > 4 ) - Mp[P224_WIDTH_MIN] &= ( (mbedtls_mpi_uint)-1 ) >> ( P224_UNUSED_BITS ); - for( i = P224_WIDTH_MAX; i < M.n; ++i ) + if (sizeof(mbedtls_mpi_uint) > 4) { + Mp[P224_WIDTH_MIN] &= ((mbedtls_mpi_uint)-1) >> (P224_UNUSED_BITS); + } + for (i = P224_WIDTH_MAX; i < M.n; ++i) { Mp[i] = 0; - MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &M, &M, &Q ) ); + } + MBEDTLS_MPI_CHK(mbedtls_mpi_add_mpi(&M, &M, &Q)); M.n = P448_WIDTH + 1; /* Make room for shifted carry bit from the addition */ - MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l( &M, 224 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( N, N, &M ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_shift_l(&M, 224)); + MBEDTLS_MPI_CHK(mbedtls_mpi_add_mpi(N, N, &M)); cleanup: - return( ret ); + return ret; } #endif /* MBEDTLS_ECP_DP_CURVE448_ENABLED */ @@ -1347,18 +1358,19 @@ cleanup: * Write N as A0 + 2^224 A1, return A0 + R * A1. * Actually do two passes, since R is big. */ -#define P_KOBLITZ_MAX ( 256 / 8 / sizeof( mbedtls_mpi_uint ) ) // Max limbs in P -#define P_KOBLITZ_R ( 8 / sizeof( mbedtls_mpi_uint ) ) // Limbs in R -static inline int ecp_mod_koblitz( mbedtls_mpi *N, mbedtls_mpi_uint *Rp, size_t p_limbs, - size_t adjust, size_t shift, mbedtls_mpi_uint mask ) +#define P_KOBLITZ_MAX (256 / 8 / sizeof(mbedtls_mpi_uint)) // Max limbs in P +#define P_KOBLITZ_R (8 / sizeof(mbedtls_mpi_uint)) // Limbs in R +static inline int ecp_mod_koblitz(mbedtls_mpi *N, mbedtls_mpi_uint *Rp, size_t p_limbs, + size_t adjust, size_t shift, mbedtls_mpi_uint mask) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t i; mbedtls_mpi M, R; mbedtls_mpi_uint Mp[P_KOBLITZ_MAX + P_KOBLITZ_R + 1]; - if( N->n < p_limbs ) - return( 0 ); + if (N->n < p_limbs) { + return 0; + } /* Init R */ R.s = 1; @@ -1370,49 +1382,57 @@ static inline int ecp_mod_koblitz( mbedtls_mpi *N, mbedtls_mpi_uint *Rp, size_t M.p = Mp; /* M = A1 */ - M.n = N->n - ( p_limbs - adjust ); - if( M.n > p_limbs + adjust ) + M.n = N->n - (p_limbs - adjust); + if (M.n > p_limbs + adjust) { M.n = p_limbs + adjust; - memset( Mp, 0, sizeof Mp ); - memcpy( Mp, N->p + p_limbs - adjust, M.n * sizeof( mbedtls_mpi_uint ) ); - if( shift != 0 ) - MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &M, shift ) ); + } + memset(Mp, 0, sizeof(Mp)); + memcpy(Mp, N->p + p_limbs - adjust, M.n * sizeof(mbedtls_mpi_uint)); + if (shift != 0) { + MBEDTLS_MPI_CHK(mbedtls_mpi_shift_r(&M, shift)); + } M.n += R.n; /* Make room for multiplication by R */ /* N = A0 */ - if( mask != 0 ) + if (mask != 0) { N->p[p_limbs - 1] &= mask; - for( i = p_limbs; i < N->n; i++ ) + } + for (i = p_limbs; i < N->n; i++) { N->p[i] = 0; + } /* N = A0 + R * A1 */ - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &M, &M, &R ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_add_abs( N, N, &M ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&M, &M, &R)); + MBEDTLS_MPI_CHK(mbedtls_mpi_add_abs(N, N, &M)); /* Second pass */ /* M = A1 */ - M.n = N->n - ( p_limbs - adjust ); - if( M.n > p_limbs + adjust ) + M.n = N->n - (p_limbs - adjust); + if (M.n > p_limbs + adjust) { M.n = p_limbs + adjust; - memset( Mp, 0, sizeof Mp ); - memcpy( Mp, N->p + p_limbs - adjust, M.n * sizeof( mbedtls_mpi_uint ) ); - if( shift != 0 ) - MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &M, shift ) ); + } + memset(Mp, 0, sizeof(Mp)); + memcpy(Mp, N->p + p_limbs - adjust, M.n * sizeof(mbedtls_mpi_uint)); + if (shift != 0) { + MBEDTLS_MPI_CHK(mbedtls_mpi_shift_r(&M, shift)); + } M.n += R.n; /* Make room for multiplication by R */ /* N = A0 */ - if( mask != 0 ) + if (mask != 0) { N->p[p_limbs - 1] &= mask; - for( i = p_limbs; i < N->n; i++ ) + } + for (i = p_limbs; i < N->n; i++) { N->p[i] = 0; + } /* N = A0 + R * A1 */ - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &M, &M, &R ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_add_abs( N, N, &M ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&M, &M, &R)); + MBEDTLS_MPI_CHK(mbedtls_mpi_add_abs(N, N, &M)); cleanup: - return( ret ); + return ret; } #endif /* MBEDTLS_ECP_DP_SECP192K1_ENABLED) || MBEDTLS_ECP_DP_SECP224K1_ENABLED) || @@ -1423,14 +1443,15 @@ cleanup: * Fast quasi-reduction modulo p192k1 = 2^192 - R, * with R = 2^32 + 2^12 + 2^8 + 2^7 + 2^6 + 2^3 + 1 = 0x0100001119 */ -static int ecp_mod_p192k1( mbedtls_mpi *N ) +static int ecp_mod_p192k1(mbedtls_mpi *N) { static mbedtls_mpi_uint Rp[] = { - MBEDTLS_BYTES_TO_T_UINT_8( 0xC9, 0x11, 0x00, 0x00, 0x01, 0x00, 0x00, - 0x00 ) }; + MBEDTLS_BYTES_TO_T_UINT_8(0xC9, 0x11, 0x00, 0x00, 0x01, 0x00, 0x00, + 0x00) + }; - return( ecp_mod_koblitz( N, Rp, 192 / 8 / sizeof( mbedtls_mpi_uint ), 0, 0, - 0 ) ); + return ecp_mod_koblitz(N, Rp, 192 / 8 / sizeof(mbedtls_mpi_uint), 0, 0, + 0); } #endif /* MBEDTLS_ECP_DP_SECP192K1_ENABLED */ @@ -1439,17 +1460,18 @@ static int ecp_mod_p192k1( mbedtls_mpi *N ) * Fast quasi-reduction modulo p224k1 = 2^224 - R, * with R = 2^32 + 2^12 + 2^11 + 2^9 + 2^7 + 2^4 + 2 + 1 = 0x0100001A93 */ -static int ecp_mod_p224k1( mbedtls_mpi *N ) +static int ecp_mod_p224k1(mbedtls_mpi *N) { static mbedtls_mpi_uint Rp[] = { - MBEDTLS_BYTES_TO_T_UINT_8( 0x93, 0x1A, 0x00, 0x00, 0x01, 0x00, 0x00, - 0x00 ) }; + MBEDTLS_BYTES_TO_T_UINT_8(0x93, 0x1A, 0x00, 0x00, 0x01, 0x00, 0x00, + 0x00) + }; #if defined(MBEDTLS_HAVE_INT64) - return( ecp_mod_koblitz( N, Rp, 4, 1, 32, 0xFFFFFFFF ) ); + return ecp_mod_koblitz(N, Rp, 4, 1, 32, 0xFFFFFFFF); #else - return( ecp_mod_koblitz( N, Rp, 224 / 8 / sizeof( mbedtls_mpi_uint ), 0, 0, - 0 ) ); + return ecp_mod_koblitz(N, Rp, 224 / 8 / sizeof(mbedtls_mpi_uint), 0, 0, + 0); #endif } @@ -1460,13 +1482,14 @@ static int ecp_mod_p224k1( mbedtls_mpi *N ) * Fast quasi-reduction modulo p256k1 = 2^256 - R, * with R = 2^32 + 2^9 + 2^8 + 2^7 + 2^6 + 2^4 + 1 = 0x01000003D1 */ -static int ecp_mod_p256k1( mbedtls_mpi *N ) +static int ecp_mod_p256k1(mbedtls_mpi *N) { static mbedtls_mpi_uint Rp[] = { - MBEDTLS_BYTES_TO_T_UINT_8( 0xD1, 0x03, 0x00, 0x00, 0x01, 0x00, 0x00, - 0x00 ) }; - return( ecp_mod_koblitz( N, Rp, 256 / 8 / sizeof( mbedtls_mpi_uint ), 0, 0, - 0 ) ); + MBEDTLS_BYTES_TO_T_UINT_8(0xD1, 0x03, 0x00, 0x00, 0x01, 0x00, 0x00, + 0x00) + }; + return ecp_mod_koblitz(N, Rp, 256 / 8 / sizeof(mbedtls_mpi_uint), 0, 0, + 0); } #endif /* MBEDTLS_ECP_DP_SECP256K1_ENABLED */ diff --git a/thirdparty/mbedtls/library/ecp_invasive.h b/thirdparty/mbedtls/library/ecp_invasive.h index 71c7702758..18815be089 100644 --- a/thirdparty/mbedtls/library/ecp_invasive.h +++ b/thirdparty/mbedtls/library/ecp_invasive.h @@ -44,7 +44,7 @@ * Behavior: * Set N to c * 2^bits + old_value_of_N. */ -void mbedtls_ecp_fix_negative( mbedtls_mpi *N, signed char c, size_t bits ); +void mbedtls_ecp_fix_negative(mbedtls_mpi *N, signed char c, size_t bits); #endif #if defined(MBEDTLS_ECP_MONTGOMERY_ENABLED) @@ -69,10 +69,10 @@ void mbedtls_ecp_fix_negative( mbedtls_mpi *N, signed char c, size_t bits ); * \return \c 0 on success. * \return \c MBEDTLS_ERR_ECP_xxx or MBEDTLS_ERR_MPI_xxx on failure. */ -int mbedtls_ecp_gen_privkey_mx( size_t n_bits, - mbedtls_mpi *d, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ); +int mbedtls_ecp_gen_privkey_mx(size_t n_bits, + mbedtls_mpi *d, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng); #endif /* MBEDTLS_ECP_MONTGOMERY_ENABLED */ diff --git a/thirdparty/mbedtls/library/entropy.c b/thirdparty/mbedtls/library/entropy.c index e3b337ff35..af78acc1bf 100644 --- a/thirdparty/mbedtls/library/entropy.c +++ b/thirdparty/mbedtls/library/entropy.c @@ -48,103 +48,104 @@ #define ENTROPY_MAX_LOOP 256 /**< Maximum amount to loop before error */ -void mbedtls_entropy_init( mbedtls_entropy_context *ctx ) +void mbedtls_entropy_init(mbedtls_entropy_context *ctx) { ctx->source_count = 0; - memset( ctx->source, 0, sizeof( ctx->source ) ); + memset(ctx->source, 0, sizeof(ctx->source)); #if defined(MBEDTLS_THREADING_C) - mbedtls_mutex_init( &ctx->mutex ); + mbedtls_mutex_init(&ctx->mutex); #endif ctx->accumulator_started = 0; #if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR) - mbedtls_sha512_init( &ctx->accumulator ); + mbedtls_sha512_init(&ctx->accumulator); #else - mbedtls_sha256_init( &ctx->accumulator ); + mbedtls_sha256_init(&ctx->accumulator); #endif #if defined(MBEDTLS_HAVEGE_C) - mbedtls_havege_init( &ctx->havege_data ); + mbedtls_havege_init(&ctx->havege_data); #endif /* Reminder: Update ENTROPY_HAVE_STRONG in the test files * when adding more strong entropy sources here. */ #if defined(MBEDTLS_TEST_NULL_ENTROPY) - mbedtls_entropy_add_source( ctx, mbedtls_null_entropy_poll, NULL, - 1, MBEDTLS_ENTROPY_SOURCE_STRONG ); + mbedtls_entropy_add_source(ctx, mbedtls_null_entropy_poll, NULL, + 1, MBEDTLS_ENTROPY_SOURCE_STRONG); #endif #if !defined(MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES) #if !defined(MBEDTLS_NO_PLATFORM_ENTROPY) - mbedtls_entropy_add_source( ctx, mbedtls_platform_entropy_poll, NULL, - MBEDTLS_ENTROPY_MIN_PLATFORM, - MBEDTLS_ENTROPY_SOURCE_STRONG ); + mbedtls_entropy_add_source(ctx, mbedtls_platform_entropy_poll, NULL, + MBEDTLS_ENTROPY_MIN_PLATFORM, + MBEDTLS_ENTROPY_SOURCE_STRONG); #endif #if defined(MBEDTLS_TIMING_C) - mbedtls_entropy_add_source( ctx, mbedtls_hardclock_poll, NULL, - MBEDTLS_ENTROPY_MIN_HARDCLOCK, - MBEDTLS_ENTROPY_SOURCE_WEAK ); + mbedtls_entropy_add_source(ctx, mbedtls_hardclock_poll, NULL, + MBEDTLS_ENTROPY_MIN_HARDCLOCK, + MBEDTLS_ENTROPY_SOURCE_WEAK); #endif #if defined(MBEDTLS_HAVEGE_C) - mbedtls_entropy_add_source( ctx, mbedtls_havege_poll, &ctx->havege_data, - MBEDTLS_ENTROPY_MIN_HAVEGE, - MBEDTLS_ENTROPY_SOURCE_STRONG ); + mbedtls_entropy_add_source(ctx, mbedtls_havege_poll, &ctx->havege_data, + MBEDTLS_ENTROPY_MIN_HAVEGE, + MBEDTLS_ENTROPY_SOURCE_STRONG); #endif #if defined(MBEDTLS_ENTROPY_HARDWARE_ALT) - mbedtls_entropy_add_source( ctx, mbedtls_hardware_poll, NULL, - MBEDTLS_ENTROPY_MIN_HARDWARE, - MBEDTLS_ENTROPY_SOURCE_STRONG ); + mbedtls_entropy_add_source(ctx, mbedtls_hardware_poll, NULL, + MBEDTLS_ENTROPY_MIN_HARDWARE, + MBEDTLS_ENTROPY_SOURCE_STRONG); #endif #if defined(MBEDTLS_ENTROPY_NV_SEED) - mbedtls_entropy_add_source( ctx, mbedtls_nv_seed_poll, NULL, - MBEDTLS_ENTROPY_BLOCK_SIZE, - MBEDTLS_ENTROPY_SOURCE_STRONG ); + mbedtls_entropy_add_source(ctx, mbedtls_nv_seed_poll, NULL, + MBEDTLS_ENTROPY_BLOCK_SIZE, + MBEDTLS_ENTROPY_SOURCE_STRONG); ctx->initial_entropy_run = 0; #endif #endif /* MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES */ } -void mbedtls_entropy_free( mbedtls_entropy_context *ctx ) +void mbedtls_entropy_free(mbedtls_entropy_context *ctx) { /* If the context was already free, don't call free() again. * This is important for mutexes which don't allow double-free. */ - if( ctx->accumulator_started == -1 ) + if (ctx->accumulator_started == -1) { return; + } #if defined(MBEDTLS_HAVEGE_C) - mbedtls_havege_free( &ctx->havege_data ); + mbedtls_havege_free(&ctx->havege_data); #endif #if defined(MBEDTLS_THREADING_C) - mbedtls_mutex_free( &ctx->mutex ); + mbedtls_mutex_free(&ctx->mutex); #endif #if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR) - mbedtls_sha512_free( &ctx->accumulator ); + mbedtls_sha512_free(&ctx->accumulator); #else - mbedtls_sha256_free( &ctx->accumulator ); + mbedtls_sha256_free(&ctx->accumulator); #endif #if defined(MBEDTLS_ENTROPY_NV_SEED) ctx->initial_entropy_run = 0; #endif ctx->source_count = 0; - mbedtls_platform_zeroize( ctx->source, sizeof( ctx->source ) ); + mbedtls_platform_zeroize(ctx->source, sizeof(ctx->source)); ctx->accumulator_started = -1; } -int mbedtls_entropy_add_source( mbedtls_entropy_context *ctx, - mbedtls_entropy_f_source_ptr f_source, void *p_source, - size_t threshold, int strong ) +int mbedtls_entropy_add_source(mbedtls_entropy_context *ctx, + mbedtls_entropy_f_source_ptr f_source, void *p_source, + size_t threshold, int strong) { int idx, ret = 0; #if defined(MBEDTLS_THREADING_C) - if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 ) - return( ret ); + if ((ret = mbedtls_mutex_lock(&ctx->mutex)) != 0) { + return ret; + } #endif idx = ctx->source_count; - if( idx >= MBEDTLS_ENTROPY_MAX_SOURCES ) - { + if (idx >= MBEDTLS_ENTROPY_MAX_SOURCES) { ret = MBEDTLS_ERR_ENTROPY_MAX_SOURCES; goto exit; } @@ -158,18 +159,19 @@ int mbedtls_entropy_add_source( mbedtls_entropy_context *ctx, exit: #if defined(MBEDTLS_THREADING_C) - if( mbedtls_mutex_unlock( &ctx->mutex ) != 0 ) - return( MBEDTLS_ERR_THREADING_MUTEX_ERROR ); + if (mbedtls_mutex_unlock(&ctx->mutex) != 0) { + return MBEDTLS_ERR_THREADING_MUTEX_ERROR; + } #endif - return( ret ); + return ret; } /* * Entropy accumulator update */ -static int entropy_update( mbedtls_entropy_context *ctx, unsigned char source_id, - const unsigned char *data, size_t len ) +static int entropy_update(mbedtls_entropy_context *ctx, unsigned char source_id, + const unsigned char *data, size_t len) { unsigned char header[2]; unsigned char tmp[MBEDTLS_ENTROPY_BLOCK_SIZE]; @@ -177,14 +179,15 @@ static int entropy_update( mbedtls_entropy_context *ctx, unsigned char source_id const unsigned char *p = data; int ret = 0; - if( use_len > MBEDTLS_ENTROPY_BLOCK_SIZE ) - { + if (use_len > MBEDTLS_ENTROPY_BLOCK_SIZE) { #if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR) - if( ( ret = mbedtls_sha512_ret( data, len, tmp, 0 ) ) != 0 ) + if ((ret = mbedtls_sha512_ret(data, len, tmp, 0)) != 0) { goto cleanup; + } #else - if( ( ret = mbedtls_sha256_ret( data, len, tmp, 0 ) ) != 0 ) + if ((ret = mbedtls_sha256_ret(data, len, tmp, 0)) != 0) { goto cleanup; + } #endif p = tmp; use_len = MBEDTLS_ENTROPY_BLOCK_SIZE; @@ -199,55 +202,61 @@ static int entropy_update( mbedtls_entropy_context *ctx, unsigned char source_id * gather entropy eventually execute this code. */ #if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR) - if( ctx->accumulator_started == 0 && - ( ret = mbedtls_sha512_starts_ret( &ctx->accumulator, 0 ) ) != 0 ) + if (ctx->accumulator_started == 0 && + (ret = mbedtls_sha512_starts_ret(&ctx->accumulator, 0)) != 0) { goto cleanup; - else + } else { ctx->accumulator_started = 1; - if( ( ret = mbedtls_sha512_update_ret( &ctx->accumulator, header, 2 ) ) != 0 ) + } + if ((ret = mbedtls_sha512_update_ret(&ctx->accumulator, header, 2)) != 0) { goto cleanup; - ret = mbedtls_sha512_update_ret( &ctx->accumulator, p, use_len ); + } + ret = mbedtls_sha512_update_ret(&ctx->accumulator, p, use_len); #else - if( ctx->accumulator_started == 0 && - ( ret = mbedtls_sha256_starts_ret( &ctx->accumulator, 0 ) ) != 0 ) + if (ctx->accumulator_started == 0 && + (ret = mbedtls_sha256_starts_ret(&ctx->accumulator, 0)) != 0) { goto cleanup; - else + } else { ctx->accumulator_started = 1; - if( ( ret = mbedtls_sha256_update_ret( &ctx->accumulator, header, 2 ) ) != 0 ) + } + if ((ret = mbedtls_sha256_update_ret(&ctx->accumulator, header, 2)) != 0) { goto cleanup; - ret = mbedtls_sha256_update_ret( &ctx->accumulator, p, use_len ); + } + ret = mbedtls_sha256_update_ret(&ctx->accumulator, p, use_len); #endif cleanup: - mbedtls_platform_zeroize( tmp, sizeof( tmp ) ); + mbedtls_platform_zeroize(tmp, sizeof(tmp)); - return( ret ); + return ret; } -int mbedtls_entropy_update_manual( mbedtls_entropy_context *ctx, - const unsigned char *data, size_t len ) +int mbedtls_entropy_update_manual(mbedtls_entropy_context *ctx, + const unsigned char *data, size_t len) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; #if defined(MBEDTLS_THREADING_C) - if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 ) - return( ret ); + if ((ret = mbedtls_mutex_lock(&ctx->mutex)) != 0) { + return ret; + } #endif - ret = entropy_update( ctx, MBEDTLS_ENTROPY_SOURCE_MANUAL, data, len ); + ret = entropy_update(ctx, MBEDTLS_ENTROPY_SOURCE_MANUAL, data, len); #if defined(MBEDTLS_THREADING_C) - if( mbedtls_mutex_unlock( &ctx->mutex ) != 0 ) - return( MBEDTLS_ERR_THREADING_MUTEX_ERROR ); + if (mbedtls_mutex_unlock(&ctx->mutex) != 0) { + return MBEDTLS_ERR_THREADING_MUTEX_ERROR; + } #endif - return( ret ); + return ret; } /* * Run through the different sources to add entropy to our accumulator */ -static int entropy_gather_internal( mbedtls_entropy_context *ctx ) +static int entropy_gather_internal(mbedtls_entropy_context *ctx) { int ret = MBEDTLS_ERR_ENTROPY_SOURCE_FAILED; int i; @@ -255,121 +264,125 @@ static int entropy_gather_internal( mbedtls_entropy_context *ctx ) unsigned char buf[MBEDTLS_ENTROPY_MAX_GATHER]; size_t olen; - if( ctx->source_count == 0 ) - return( MBEDTLS_ERR_ENTROPY_NO_SOURCES_DEFINED ); + if (ctx->source_count == 0) { + return MBEDTLS_ERR_ENTROPY_NO_SOURCES_DEFINED; + } /* * Run through our entropy sources */ - for( i = 0; i < ctx->source_count; i++ ) - { - if( ctx->source[i].strong == MBEDTLS_ENTROPY_SOURCE_STRONG ) + for (i = 0; i < ctx->source_count; i++) { + if (ctx->source[i].strong == MBEDTLS_ENTROPY_SOURCE_STRONG) { have_one_strong = 1; + } olen = 0; - if( ( ret = ctx->source[i].f_source( ctx->source[i].p_source, - buf, MBEDTLS_ENTROPY_MAX_GATHER, &olen ) ) != 0 ) - { + if ((ret = ctx->source[i].f_source(ctx->source[i].p_source, + buf, MBEDTLS_ENTROPY_MAX_GATHER, &olen)) != 0) { goto cleanup; } /* * Add if we actually gathered something */ - if( olen > 0 ) - { - if( ( ret = entropy_update( ctx, (unsigned char) i, - buf, olen ) ) != 0 ) - return( ret ); + if (olen > 0) { + if ((ret = entropy_update(ctx, (unsigned char) i, + buf, olen)) != 0) { + return ret; + } ctx->source[i].size += olen; } } - if( have_one_strong == 0 ) + if (have_one_strong == 0) { ret = MBEDTLS_ERR_ENTROPY_NO_STRONG_SOURCE; + } cleanup: - mbedtls_platform_zeroize( buf, sizeof( buf ) ); + mbedtls_platform_zeroize(buf, sizeof(buf)); - return( ret ); + return ret; } /* * Thread-safe wrapper for entropy_gather_internal() */ -int mbedtls_entropy_gather( mbedtls_entropy_context *ctx ) +int mbedtls_entropy_gather(mbedtls_entropy_context *ctx) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; #if defined(MBEDTLS_THREADING_C) - if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 ) - return( ret ); + if ((ret = mbedtls_mutex_lock(&ctx->mutex)) != 0) { + return ret; + } #endif - ret = entropy_gather_internal( ctx ); + ret = entropy_gather_internal(ctx); #if defined(MBEDTLS_THREADING_C) - if( mbedtls_mutex_unlock( &ctx->mutex ) != 0 ) - return( MBEDTLS_ERR_THREADING_MUTEX_ERROR ); + if (mbedtls_mutex_unlock(&ctx->mutex) != 0) { + return MBEDTLS_ERR_THREADING_MUTEX_ERROR; + } #endif - return( ret ); + return ret; } -int mbedtls_entropy_func( void *data, unsigned char *output, size_t len ) +int mbedtls_entropy_func(void *data, unsigned char *output, size_t len) { int ret, count = 0, i, thresholds_reached; size_t strong_size; mbedtls_entropy_context *ctx = (mbedtls_entropy_context *) data; unsigned char buf[MBEDTLS_ENTROPY_BLOCK_SIZE]; - if( len > MBEDTLS_ENTROPY_BLOCK_SIZE ) - return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED ); + if (len > MBEDTLS_ENTROPY_BLOCK_SIZE) { + return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED; + } #if defined(MBEDTLS_ENTROPY_NV_SEED) /* Update the NV entropy seed before generating any entropy for outside * use. */ - if( ctx->initial_entropy_run == 0 ) - { + if (ctx->initial_entropy_run == 0) { ctx->initial_entropy_run = 1; - if( ( ret = mbedtls_entropy_update_nv_seed( ctx ) ) != 0 ) - return( ret ); + if ((ret = mbedtls_entropy_update_nv_seed(ctx)) != 0) { + return ret; + } } #endif #if defined(MBEDTLS_THREADING_C) - if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 ) - return( ret ); + if ((ret = mbedtls_mutex_lock(&ctx->mutex)) != 0) { + return ret; + } #endif /* * Always gather extra entropy before a call */ - do - { - if( count++ > ENTROPY_MAX_LOOP ) - { + do { + if (count++ > ENTROPY_MAX_LOOP) { ret = MBEDTLS_ERR_ENTROPY_SOURCE_FAILED; goto exit; } - if( ( ret = entropy_gather_internal( ctx ) ) != 0 ) + if ((ret = entropy_gather_internal(ctx)) != 0) { goto exit; + } thresholds_reached = 1; strong_size = 0; - for( i = 0; i < ctx->source_count; i++ ) - { - if( ctx->source[i].size < ctx->source[i].threshold ) + for (i = 0; i < ctx->source_count; i++) { + if (ctx->source[i].size < ctx->source[i].threshold) { thresholds_reached = 0; - if( ctx->source[i].strong == MBEDTLS_ENTROPY_SOURCE_STRONG ) + } + if (ctx->source[i].strong == MBEDTLS_ENTROPY_SOURCE_STRONG) { strong_size += ctx->source[i].size; + } } - } - while( ! thresholds_reached || strong_size < MBEDTLS_ENTROPY_BLOCK_SIZE ); + } while (!thresholds_reached || strong_size < MBEDTLS_ENTROPY_BLOCK_SIZE); - memset( buf, 0, MBEDTLS_ENTROPY_BLOCK_SIZE ); + memset(buf, 0, MBEDTLS_ENTROPY_BLOCK_SIZE); #if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR) /* @@ -377,109 +390,118 @@ int mbedtls_entropy_func( void *data, unsigned char *output, size_t len ) * in a previous call to entropy_update(). If this is not guaranteed, the * code below will fail. */ - if( ( ret = mbedtls_sha512_finish_ret( &ctx->accumulator, buf ) ) != 0 ) + if ((ret = mbedtls_sha512_finish_ret(&ctx->accumulator, buf)) != 0) { goto exit; + } /* * Reset accumulator and counters and recycle existing entropy */ - mbedtls_sha512_free( &ctx->accumulator ); - mbedtls_sha512_init( &ctx->accumulator ); - if( ( ret = mbedtls_sha512_starts_ret( &ctx->accumulator, 0 ) ) != 0 ) + mbedtls_sha512_free(&ctx->accumulator); + mbedtls_sha512_init(&ctx->accumulator); + if ((ret = mbedtls_sha512_starts_ret(&ctx->accumulator, 0)) != 0) { goto exit; - if( ( ret = mbedtls_sha512_update_ret( &ctx->accumulator, buf, - MBEDTLS_ENTROPY_BLOCK_SIZE ) ) != 0 ) + } + if ((ret = mbedtls_sha512_update_ret(&ctx->accumulator, buf, + MBEDTLS_ENTROPY_BLOCK_SIZE)) != 0) { goto exit; + } /* * Perform second SHA-512 on entropy */ - if( ( ret = mbedtls_sha512_ret( buf, MBEDTLS_ENTROPY_BLOCK_SIZE, - buf, 0 ) ) != 0 ) + if ((ret = mbedtls_sha512_ret(buf, MBEDTLS_ENTROPY_BLOCK_SIZE, + buf, 0)) != 0) { goto exit; + } #else /* MBEDTLS_ENTROPY_SHA512_ACCUMULATOR */ - if( ( ret = mbedtls_sha256_finish_ret( &ctx->accumulator, buf ) ) != 0 ) + if ((ret = mbedtls_sha256_finish_ret(&ctx->accumulator, buf)) != 0) { goto exit; + } /* * Reset accumulator and counters and recycle existing entropy */ - mbedtls_sha256_free( &ctx->accumulator ); - mbedtls_sha256_init( &ctx->accumulator ); - if( ( ret = mbedtls_sha256_starts_ret( &ctx->accumulator, 0 ) ) != 0 ) + mbedtls_sha256_free(&ctx->accumulator); + mbedtls_sha256_init(&ctx->accumulator); + if ((ret = mbedtls_sha256_starts_ret(&ctx->accumulator, 0)) != 0) { goto exit; - if( ( ret = mbedtls_sha256_update_ret( &ctx->accumulator, buf, - MBEDTLS_ENTROPY_BLOCK_SIZE ) ) != 0 ) + } + if ((ret = mbedtls_sha256_update_ret(&ctx->accumulator, buf, + MBEDTLS_ENTROPY_BLOCK_SIZE)) != 0) { goto exit; + } /* * Perform second SHA-256 on entropy */ - if( ( ret = mbedtls_sha256_ret( buf, MBEDTLS_ENTROPY_BLOCK_SIZE, - buf, 0 ) ) != 0 ) + if ((ret = mbedtls_sha256_ret(buf, MBEDTLS_ENTROPY_BLOCK_SIZE, + buf, 0)) != 0) { goto exit; + } #endif /* MBEDTLS_ENTROPY_SHA512_ACCUMULATOR */ - for( i = 0; i < ctx->source_count; i++ ) + for (i = 0; i < ctx->source_count; i++) { ctx->source[i].size = 0; + } - memcpy( output, buf, len ); + memcpy(output, buf, len); ret = 0; exit: - mbedtls_platform_zeroize( buf, sizeof( buf ) ); + mbedtls_platform_zeroize(buf, sizeof(buf)); #if defined(MBEDTLS_THREADING_C) - if( mbedtls_mutex_unlock( &ctx->mutex ) != 0 ) - return( MBEDTLS_ERR_THREADING_MUTEX_ERROR ); + if (mbedtls_mutex_unlock(&ctx->mutex) != 0) { + return MBEDTLS_ERR_THREADING_MUTEX_ERROR; + } #endif - return( ret ); + return ret; } #if defined(MBEDTLS_ENTROPY_NV_SEED) -int mbedtls_entropy_update_nv_seed( mbedtls_entropy_context *ctx ) +int mbedtls_entropy_update_nv_seed(mbedtls_entropy_context *ctx) { int ret = MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR; unsigned char buf[MBEDTLS_ENTROPY_BLOCK_SIZE]; /* Read new seed and write it to NV */ - if( ( ret = mbedtls_entropy_func( ctx, buf, MBEDTLS_ENTROPY_BLOCK_SIZE ) ) != 0 ) - return( ret ); + if ((ret = mbedtls_entropy_func(ctx, buf, MBEDTLS_ENTROPY_BLOCK_SIZE)) != 0) { + return ret; + } - if( mbedtls_nv_seed_write( buf, MBEDTLS_ENTROPY_BLOCK_SIZE ) < 0 ) - return( MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR ); + if (mbedtls_nv_seed_write(buf, MBEDTLS_ENTROPY_BLOCK_SIZE) < 0) { + return MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR; + } /* Manually update the remaining stream with a separator value to diverge */ - memset( buf, 0, MBEDTLS_ENTROPY_BLOCK_SIZE ); - ret = mbedtls_entropy_update_manual( ctx, buf, MBEDTLS_ENTROPY_BLOCK_SIZE ); + memset(buf, 0, MBEDTLS_ENTROPY_BLOCK_SIZE); + ret = mbedtls_entropy_update_manual(ctx, buf, MBEDTLS_ENTROPY_BLOCK_SIZE); - return( ret ); + return ret; } #endif /* MBEDTLS_ENTROPY_NV_SEED */ #if defined(MBEDTLS_FS_IO) -int mbedtls_entropy_write_seed_file( mbedtls_entropy_context *ctx, const char *path ) +int mbedtls_entropy_write_seed_file(mbedtls_entropy_context *ctx, const char *path) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; FILE *f = NULL; unsigned char buf[MBEDTLS_ENTROPY_BLOCK_SIZE]; - if( ( ret = mbedtls_entropy_func( ctx, buf, MBEDTLS_ENTROPY_BLOCK_SIZE ) ) != 0 ) - { + if ((ret = mbedtls_entropy_func(ctx, buf, MBEDTLS_ENTROPY_BLOCK_SIZE)) != 0) { ret = MBEDTLS_ERR_ENTROPY_SOURCE_FAILED; goto exit; } - if( ( f = fopen( path, "wb" ) ) == NULL ) - { + if ((f = fopen(path, "wb")) == NULL) { ret = MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR; goto exit; } - if( fwrite( buf, 1, MBEDTLS_ENTROPY_BLOCK_SIZE, f ) != MBEDTLS_ENTROPY_BLOCK_SIZE ) - { + if (fwrite(buf, 1, MBEDTLS_ENTROPY_BLOCK_SIZE, f) != MBEDTLS_ENTROPY_BLOCK_SIZE) { ret = MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR; goto exit; } @@ -487,44 +509,49 @@ int mbedtls_entropy_write_seed_file( mbedtls_entropy_context *ctx, const char *p ret = 0; exit: - mbedtls_platform_zeroize( buf, sizeof( buf ) ); + mbedtls_platform_zeroize(buf, sizeof(buf)); - if( f != NULL ) - fclose( f ); + if (f != NULL) { + fclose(f); + } - return( ret ); + return ret; } -int mbedtls_entropy_update_seed_file( mbedtls_entropy_context *ctx, const char *path ) +int mbedtls_entropy_update_seed_file(mbedtls_entropy_context *ctx, const char *path) { int ret = 0; FILE *f; size_t n; - unsigned char buf[ MBEDTLS_ENTROPY_MAX_SEED_SIZE ]; + unsigned char buf[MBEDTLS_ENTROPY_MAX_SEED_SIZE]; - if( ( f = fopen( path, "rb" ) ) == NULL ) - return( MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR ); + if ((f = fopen(path, "rb")) == NULL) { + return MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR; + } - fseek( f, 0, SEEK_END ); - n = (size_t) ftell( f ); - fseek( f, 0, SEEK_SET ); + fseek(f, 0, SEEK_END); + n = (size_t) ftell(f); + fseek(f, 0, SEEK_SET); - if( n > MBEDTLS_ENTROPY_MAX_SEED_SIZE ) + if (n > MBEDTLS_ENTROPY_MAX_SEED_SIZE) { n = MBEDTLS_ENTROPY_MAX_SEED_SIZE; + } - if( fread( buf, 1, n, f ) != n ) + if (fread(buf, 1, n, f) != n) { ret = MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR; - else - ret = mbedtls_entropy_update_manual( ctx, buf, n ); + } else { + ret = mbedtls_entropy_update_manual(ctx, buf, n); + } - fclose( f ); + fclose(f); - mbedtls_platform_zeroize( buf, sizeof( buf ) ); + mbedtls_platform_zeroize(buf, sizeof(buf)); - if( ret != 0 ) - return( ret ); + if (ret != 0) { + return ret; + } - return( mbedtls_entropy_write_seed_file( ctx, path ) ); + return mbedtls_entropy_write_seed_file(ctx, path); } #endif /* MBEDTLS_FS_IO */ @@ -533,64 +560,62 @@ int mbedtls_entropy_update_seed_file( mbedtls_entropy_context *ctx, const char * /* * Dummy source function */ -static int entropy_dummy_source( void *data, unsigned char *output, - size_t len, size_t *olen ) +static int entropy_dummy_source(void *data, unsigned char *output, + size_t len, size_t *olen) { ((void) data); - memset( output, 0x2a, len ); + memset(output, 0x2a, len); *olen = len; - return( 0 ); + return 0; } #endif /* !MBEDTLS_TEST_NULL_ENTROPY */ #if defined(MBEDTLS_ENTROPY_HARDWARE_ALT) -static int mbedtls_entropy_source_self_test_gather( unsigned char *buf, size_t buf_len ) +static int mbedtls_entropy_source_self_test_gather(unsigned char *buf, size_t buf_len) { int ret = 0; size_t entropy_len = 0; size_t olen = 0; size_t attempts = buf_len; - while( attempts > 0 && entropy_len < buf_len ) - { - if( ( ret = mbedtls_hardware_poll( NULL, buf + entropy_len, - buf_len - entropy_len, &olen ) ) != 0 ) - return( ret ); + while (attempts > 0 && entropy_len < buf_len) { + if ((ret = mbedtls_hardware_poll(NULL, buf + entropy_len, + buf_len - entropy_len, &olen)) != 0) { + return ret; + } entropy_len += olen; attempts--; } - if( entropy_len < buf_len ) - { + if (entropy_len < buf_len) { ret = 1; } - return( ret ); + return ret; } -static int mbedtls_entropy_source_self_test_check_bits( const unsigned char *buf, - size_t buf_len ) +static int mbedtls_entropy_source_self_test_check_bits(const unsigned char *buf, + size_t buf_len) { - unsigned char set= 0xFF; + unsigned char set = 0xFF; unsigned char unset = 0x00; size_t i; - for( i = 0; i < buf_len; i++ ) - { + for (i = 0; i < buf_len; i++) { set &= buf[i]; unset |= buf[i]; } - return( set == 0xFF || unset == 0x00 ); + return set == 0xFF || unset == 0x00; } /* - * A test to ensure hat the entropy sources are functioning correctly + * A test to ensure that the entropy sources are functioning correctly * and there is no obvious failure. The test performs the following checks: * - The entropy source is not providing only 0s (all bits unset) or 1s (all * bits set). @@ -600,45 +625,50 @@ static int mbedtls_entropy_source_self_test_check_bits( const unsigned char *buf * are not equal. * - The error code returned by the entropy source is not an error. */ -int mbedtls_entropy_source_self_test( int verbose ) +int mbedtls_entropy_source_self_test(int verbose) { int ret = 0; - unsigned char buf0[2 * sizeof( unsigned long long int )]; - unsigned char buf1[2 * sizeof( unsigned long long int )]; + unsigned char buf0[2 * sizeof(unsigned long long int)]; + unsigned char buf1[2 * sizeof(unsigned long long int)]; - if( verbose != 0 ) - mbedtls_printf( " ENTROPY_BIAS test: " ); + if (verbose != 0) { + mbedtls_printf(" ENTROPY_BIAS test: "); + } - memset( buf0, 0x00, sizeof( buf0 ) ); - memset( buf1, 0x00, sizeof( buf1 ) ); + memset(buf0, 0x00, sizeof(buf0)); + memset(buf1, 0x00, sizeof(buf1)); - if( ( ret = mbedtls_entropy_source_self_test_gather( buf0, sizeof( buf0 ) ) ) != 0 ) + if ((ret = mbedtls_entropy_source_self_test_gather(buf0, sizeof(buf0))) != 0) { goto cleanup; - if( ( ret = mbedtls_entropy_source_self_test_gather( buf1, sizeof( buf1 ) ) ) != 0 ) + } + if ((ret = mbedtls_entropy_source_self_test_gather(buf1, sizeof(buf1))) != 0) { goto cleanup; + } /* Make sure that the returned values are not all 0 or 1 */ - if( ( ret = mbedtls_entropy_source_self_test_check_bits( buf0, sizeof( buf0 ) ) ) != 0 ) + if ((ret = mbedtls_entropy_source_self_test_check_bits(buf0, sizeof(buf0))) != 0) { goto cleanup; - if( ( ret = mbedtls_entropy_source_self_test_check_bits( buf1, sizeof( buf1 ) ) ) != 0 ) + } + if ((ret = mbedtls_entropy_source_self_test_check_bits(buf1, sizeof(buf1))) != 0) { goto cleanup; + } /* Make sure that the entropy source is not returning values in a * pattern */ - ret = memcmp( buf0, buf1, sizeof( buf0 ) ) == 0; + ret = memcmp(buf0, buf1, sizeof(buf0)) == 0; cleanup: - if( verbose != 0 ) - { - if( ret != 0 ) - mbedtls_printf( "failed\n" ); - else - mbedtls_printf( "passed\n" ); + if (verbose != 0) { + if (ret != 0) { + mbedtls_printf("failed\n"); + } else { + mbedtls_printf("passed\n"); + } - mbedtls_printf( "\n" ); + mbedtls_printf("\n"); } - return( ret != 0 ); + return ret != 0; } #endif /* MBEDTLS_ENTROPY_HARDWARE_ALT */ @@ -648,7 +678,7 @@ cleanup: * test that the functions don't cause errors and write the correct * amount of data to buffers. */ -int mbedtls_entropy_self_test( int verbose ) +int mbedtls_entropy_self_test(int verbose) { int ret = 1; #if !defined(MBEDTLS_TEST_NULL_ENTROPY) @@ -658,23 +688,27 @@ int mbedtls_entropy_self_test( int verbose ) size_t i, j; #endif /* !MBEDTLS_TEST_NULL_ENTROPY */ - if( verbose != 0 ) - mbedtls_printf( " ENTROPY test: " ); + if (verbose != 0) { + mbedtls_printf(" ENTROPY test: "); + } #if !defined(MBEDTLS_TEST_NULL_ENTROPY) - mbedtls_entropy_init( &ctx ); + mbedtls_entropy_init(&ctx); /* First do a gather to make sure we have default sources */ - if( ( ret = mbedtls_entropy_gather( &ctx ) ) != 0 ) + if ((ret = mbedtls_entropy_gather(&ctx)) != 0) { goto cleanup; + } - ret = mbedtls_entropy_add_source( &ctx, entropy_dummy_source, NULL, 16, - MBEDTLS_ENTROPY_SOURCE_WEAK ); - if( ret != 0 ) + ret = mbedtls_entropy_add_source(&ctx, entropy_dummy_source, NULL, 16, + MBEDTLS_ENTROPY_SOURCE_WEAK); + if (ret != 0) { goto cleanup; + } - if( ( ret = mbedtls_entropy_update_manual( &ctx, buf, sizeof buf ) ) != 0 ) + if ((ret = mbedtls_entropy_update_manual(&ctx, buf, sizeof(buf))) != 0) { goto cleanup; + } /* * To test that mbedtls_entropy_func writes correct number of bytes: @@ -684,44 +718,44 @@ int mbedtls_entropy_self_test( int verbose ) * each of the 32 or 64 bytes to be non-zero has a false failure rate * of at most 2^(-58) which is acceptable. */ - for( i = 0; i < 8; i++ ) - { - if( ( ret = mbedtls_entropy_func( &ctx, buf, sizeof( buf ) ) ) != 0 ) + for (i = 0; i < 8; i++) { + if ((ret = mbedtls_entropy_func(&ctx, buf, sizeof(buf))) != 0) { goto cleanup; + } - for( j = 0; j < sizeof( buf ); j++ ) + for (j = 0; j < sizeof(buf); j++) { acc[j] |= buf[j]; + } } - for( j = 0; j < sizeof( buf ); j++ ) - { - if( acc[j] == 0 ) - { + for (j = 0; j < sizeof(buf); j++) { + if (acc[j] == 0) { ret = 1; goto cleanup; } } #if defined(MBEDTLS_ENTROPY_HARDWARE_ALT) - if( ( ret = mbedtls_entropy_source_self_test( 0 ) ) != 0 ) + if ((ret = mbedtls_entropy_source_self_test(0)) != 0) { goto cleanup; + } #endif cleanup: - mbedtls_entropy_free( &ctx ); + mbedtls_entropy_free(&ctx); #endif /* !MBEDTLS_TEST_NULL_ENTROPY */ - if( verbose != 0 ) - { - if( ret != 0 ) - mbedtls_printf( "failed\n" ); - else - mbedtls_printf( "passed\n" ); + if (verbose != 0) { + if (ret != 0) { + mbedtls_printf("failed\n"); + } else { + mbedtls_printf("passed\n"); + } - mbedtls_printf( "\n" ); + mbedtls_printf("\n"); } - return( ret != 0 ); + return ret != 0; } #endif /* MBEDTLS_SELF_TEST */ diff --git a/thirdparty/mbedtls/library/entropy_poll.c b/thirdparty/mbedtls/library/entropy_poll.c index 69ac29e4f7..57fddd4d62 100644 --- a/thirdparty/mbedtls/library/entropy_poll.c +++ b/thirdparty/mbedtls/library/entropy_poll.c @@ -45,7 +45,8 @@ #if !defined(unix) && !defined(__unix__) && !defined(__unix) && \ !defined(__APPLE__) && !defined(_WIN32) && !defined(__QNXNTO__) && \ !defined(__HAIKU__) && !defined(__midipix__) -#error "Platform entropy sources only work on Unix and Windows, see MBEDTLS_NO_PLATFORM_ENTROPY in config.h" +#error \ + "Platform entropy sources only work on Unix and Windows, see MBEDTLS_NO_PLATFORM_ENTROPY in config.h" #endif #if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32) @@ -69,8 +70,8 @@ #pragma warning( pop ) #endif -int mbedtls_platform_entropy_poll( void *data, unsigned char *output, size_t len, - size_t *olen ) +int mbedtls_platform_entropy_poll(void *data, unsigned char *output, size_t len, + size_t *olen) { ULONG len_as_ulong = 0; ((void) data); @@ -81,19 +82,17 @@ int mbedtls_platform_entropy_poll( void *data, unsigned char *output, size_t len * 64-bit Windows platforms. Ensure len's value can be safely converted into * a ULONG. */ - if ( FAILED( SizeTToULong( len, &len_as_ulong ) ) ) - { - return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED ); + if (FAILED(SizeTToULong(len, &len_as_ulong))) { + return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED; } - if ( !BCRYPT_SUCCESS( BCryptGenRandom( NULL, output, len_as_ulong, BCRYPT_USE_SYSTEM_PREFERRED_RNG ) ) ) - { - return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED ); + if (!BCRYPT_SUCCESS(BCryptGenRandom(NULL, output, len_as_ulong, BCRYPT_USE_SYSTEM_PREFERRED_RNG))) { + return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED; } *olen = len; - return( 0 ); + return 0; } #else /* _WIN32 && !EFIX64 && !EFI32 */ @@ -109,15 +108,15 @@ int mbedtls_platform_entropy_poll( void *data, unsigned char *output, size_t len #define HAVE_GETRANDOM #include -static int getrandom_wrapper( void *buf, size_t buflen, unsigned int flags ) +static int getrandom_wrapper(void *buf, size_t buflen, unsigned int flags) { /* MemSan cannot understand that the syscall writes to the buffer */ #if defined(__has_feature) #if __has_feature(memory_sanitizer) - memset( buf, 0, buflen ); + memset(buf, 0, buflen); #endif #endif - return( syscall( SYS_getrandom, buf, buflen, flags ) ); + return syscall(SYS_getrandom, buf, buflen, flags); } #endif /* SYS_getrandom */ #endif /* __linux__ || __midipix__ */ @@ -129,9 +128,9 @@ static int getrandom_wrapper( void *buf, size_t buflen, unsigned int flags ) #include #include #define HAVE_GETRANDOM -static int getrandom_wrapper( void *buf, size_t buflen, unsigned int flags ) +static int getrandom_wrapper(void *buf, size_t buflen, unsigned int flags) { - return getrandom( buf, buflen, flags ); + return getrandom(buf, buflen, flags); } #endif /* (__FreeBSD__ && __FreeBSD_version >= 1200000) || (__DragonFly__ && __DragonFly_version >= 500700) */ @@ -151,7 +150,7 @@ static int getrandom_wrapper( void *buf, size_t buflen, unsigned int flags ) #if defined(KERN_ARND) #define HAVE_SYSCTL_ARND -static int sysctl_arnd_wrapper( unsigned char *buf, size_t buflen ) +static int sysctl_arnd_wrapper(unsigned char *buf, size_t buflen) { int name[2]; size_t len; @@ -159,23 +158,23 @@ static int sysctl_arnd_wrapper( unsigned char *buf, size_t buflen ) name[0] = CTL_KERN; name[1] = KERN_ARND; - while( buflen > 0 ) - { + while (buflen > 0) { len = buflen > 256 ? 256 : buflen; - if( sysctl(name, 2, buf, &len, NULL, 0) == -1 ) - return( -1 ); + if (sysctl(name, 2, buf, &len, NULL, 0) == -1) { + return -1; + } buflen -= len; buf += len; } - return( 0 ); + return 0; } #endif /* KERN_ARND */ #endif /* __FreeBSD__ || __NetBSD__ */ #include -int mbedtls_platform_entropy_poll( void *data, - unsigned char *output, size_t len, size_t *olen ) +int mbedtls_platform_entropy_poll(void *data, + unsigned char *output, size_t len, size_t *olen) { FILE *file; size_t read_len; @@ -183,14 +182,13 @@ int mbedtls_platform_entropy_poll( void *data, ((void) data); #if defined(HAVE_GETRANDOM) - ret = getrandom_wrapper( output, len, 0 ); - if( ret >= 0 ) - { + ret = getrandom_wrapper(output, len, 0); + if (ret >= 0) { *olen = ret; - return( 0 ); + return 0; + } else if (errno != ENOSYS) { + return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED; } - else if( errno != ENOSYS ) - return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED ); /* Fall through if the system call isn't known. */ #else ((void) ret); @@ -199,105 +197,111 @@ int mbedtls_platform_entropy_poll( void *data, #if defined(HAVE_SYSCTL_ARND) ((void) file); ((void) read_len); - if( sysctl_arnd_wrapper( output, len ) == -1 ) - return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED ); + if (sysctl_arnd_wrapper(output, len) == -1) { + return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED; + } *olen = len; - return( 0 ); + return 0; #else *olen = 0; - file = fopen( "/dev/urandom", "rb" ); - if( file == NULL ) - return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED ); + file = fopen("/dev/urandom", "rb"); + if (file == NULL) { + return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED; + } - read_len = fread( output, 1, len, file ); - if( read_len != len ) - { - fclose( file ); - return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED ); + read_len = fread(output, 1, len, file); + if (read_len != len) { + fclose(file); + return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED; } - fclose( file ); + fclose(file); *olen = len; - return( 0 ); + return 0; #endif /* HAVE_SYSCTL_ARND */ } #endif /* _WIN32 && !EFIX64 && !EFI32 */ #endif /* !MBEDTLS_NO_PLATFORM_ENTROPY */ #if defined(MBEDTLS_TEST_NULL_ENTROPY) -int mbedtls_null_entropy_poll( void *data, - unsigned char *output, size_t len, size_t *olen ) +int mbedtls_null_entropy_poll(void *data, + unsigned char *output, size_t len, size_t *olen) { ((void) data); ((void) output); *olen = 0; - if( len < sizeof(unsigned char) ) - return( 0 ); + if (len < sizeof(unsigned char)) { + return 0; + } output[0] = 0; *olen = sizeof(unsigned char); - return( 0 ); + return 0; } #endif #if defined(MBEDTLS_TIMING_C) -int mbedtls_hardclock_poll( void *data, - unsigned char *output, size_t len, size_t *olen ) +int mbedtls_hardclock_poll(void *data, + unsigned char *output, size_t len, size_t *olen) { unsigned long timer = mbedtls_timing_hardclock(); ((void) data); *olen = 0; - if( len < sizeof(unsigned long) ) - return( 0 ); + if (len < sizeof(unsigned long)) { + return 0; + } - memcpy( output, &timer, sizeof(unsigned long) ); + memcpy(output, &timer, sizeof(unsigned long)); *olen = sizeof(unsigned long); - return( 0 ); + return 0; } #endif /* MBEDTLS_TIMING_C */ #if defined(MBEDTLS_HAVEGE_C) -int mbedtls_havege_poll( void *data, - unsigned char *output, size_t len, size_t *olen ) +int mbedtls_havege_poll(void *data, + unsigned char *output, size_t len, size_t *olen) { mbedtls_havege_state *hs = (mbedtls_havege_state *) data; *olen = 0; - if( mbedtls_havege_random( hs, output, len ) != 0 ) - return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED ); + if (mbedtls_havege_random(hs, output, len) != 0) { + return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED; + } *olen = len; - return( 0 ); + return 0; } #endif /* MBEDTLS_HAVEGE_C */ #if defined(MBEDTLS_ENTROPY_NV_SEED) -int mbedtls_nv_seed_poll( void *data, - unsigned char *output, size_t len, size_t *olen ) +int mbedtls_nv_seed_poll(void *data, + unsigned char *output, size_t len, size_t *olen) { unsigned char buf[MBEDTLS_ENTROPY_BLOCK_SIZE]; size_t use_len = MBEDTLS_ENTROPY_BLOCK_SIZE; ((void) data); - memset( buf, 0, MBEDTLS_ENTROPY_BLOCK_SIZE ); + memset(buf, 0, MBEDTLS_ENTROPY_BLOCK_SIZE); - if( mbedtls_nv_seed_read( buf, MBEDTLS_ENTROPY_BLOCK_SIZE ) < 0 ) - return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED ); + if (mbedtls_nv_seed_read(buf, MBEDTLS_ENTROPY_BLOCK_SIZE) < 0) { + return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED; + } - if( len < use_len ) - use_len = len; + if (len < use_len) { + use_len = len; + } - memcpy( output, buf, use_len ); + memcpy(output, buf, use_len); *olen = use_len; - return( 0 ); + return 0; } #endif /* MBEDTLS_ENTROPY_NV_SEED */ diff --git a/thirdparty/mbedtls/library/error.c b/thirdparty/mbedtls/library/error.c index 8573369a32..f4826c8b15 100644 --- a/thirdparty/mbedtls/library/error.c +++ b/thirdparty/mbedtls/library/error.c @@ -207,20 +207,20 @@ #endif -const char * mbedtls_high_level_strerr( int error_code ) +const char *mbedtls_high_level_strerr(int error_code) { int high_level_error_code; - if( error_code < 0 ) + if (error_code < 0) { error_code = -error_code; + } /* Extract the high-level part from the error code. */ high_level_error_code = error_code & 0xFF80; - switch( high_level_error_code ) - { - /* Begin Auto-Generated Code. */ -#if defined(MBEDTLS_CIPHER_C) + switch (high_level_error_code) { + /* Begin Auto-Generated Code. */ + #if defined(MBEDTLS_CIPHER_C) case -(MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE): return( "CIPHER - The selected feature is not available" ); case -(MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA): @@ -568,23 +568,23 @@ const char * mbedtls_high_level_strerr( int error_code ) break; } - return( NULL ); + return NULL; } -const char * mbedtls_low_level_strerr( int error_code ) +const char *mbedtls_low_level_strerr(int error_code) { int low_level_error_code; - if( error_code < 0 ) + if (error_code < 0) { error_code = -error_code; + } /* Extract the low-level part from the error code. */ low_level_error_code = error_code & ~0xFF80; - switch( low_level_error_code ) - { - /* Begin Auto-Generated Code. */ -#if defined(MBEDTLS_AES_C) + switch (low_level_error_code) { + /* Begin Auto-Generated Code. */ + #if defined(MBEDTLS_AES_C) case -(MBEDTLS_ERR_AES_INVALID_KEY_LENGTH): return( "AES - Invalid key length" ); case -(MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH): @@ -886,72 +886,77 @@ const char * mbedtls_low_level_strerr( int error_code ) break; } - return( NULL ); + return NULL; } -void mbedtls_strerror( int ret, char *buf, size_t buflen ) +void mbedtls_strerror(int ret, char *buf, size_t buflen) { size_t len; int use_ret; - const char * high_level_error_description = NULL; - const char * low_level_error_description = NULL; + const char *high_level_error_description = NULL; + const char *low_level_error_description = NULL; - if( buflen == 0 ) + if (buflen == 0) { return; + } - memset( buf, 0x00, buflen ); + memset(buf, 0x00, buflen); - if( ret < 0 ) + if (ret < 0) { ret = -ret; + } - if( ret & 0xFF80 ) - { + if (ret & 0xFF80) { use_ret = ret & 0xFF80; // Translate high level error code. - high_level_error_description = mbedtls_high_level_strerr( ret ); + high_level_error_description = mbedtls_high_level_strerr(ret); - if( high_level_error_description == NULL ) - mbedtls_snprintf( buf, buflen, "UNKNOWN ERROR CODE (%04X)", (unsigned int) use_ret ); - else - mbedtls_snprintf( buf, buflen, "%s", high_level_error_description ); + if (high_level_error_description == NULL) { + mbedtls_snprintf(buf, buflen, "UNKNOWN ERROR CODE (%04X)", (unsigned int) use_ret); + } else { + mbedtls_snprintf(buf, buflen, "%s", high_level_error_description); + } #if defined(MBEDTLS_SSL_TLS_C) // Early return in case of a fatal error - do not try to translate low // level code. - if(use_ret == -(MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE)) + if (use_ret == -(MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE)) { return; + } #endif /* MBEDTLS_SSL_TLS_C */ } use_ret = ret & ~0xFF80; - if( use_ret == 0 ) + if (use_ret == 0) { return; + } // If high level code is present, make a concatenation between both // error strings. // - len = strlen( buf ); + len = strlen(buf); - if( len > 0 ) - { - if( buflen - len < 5 ) + if (len > 0) { + if (buflen - len < 5) { return; + } - mbedtls_snprintf( buf + len, buflen - len, " : " ); + mbedtls_snprintf(buf + len, buflen - len, " : "); buf += len + 3; buflen -= len + 3; } // Translate low level error code. - low_level_error_description = mbedtls_low_level_strerr( ret ); + low_level_error_description = mbedtls_low_level_strerr(ret); - if( low_level_error_description == NULL ) - mbedtls_snprintf( buf, buflen, "UNKNOWN ERROR CODE (%04X)", (unsigned int) use_ret ); - else - mbedtls_snprintf( buf, buflen, "%s", low_level_error_description ); + if (low_level_error_description == NULL) { + mbedtls_snprintf(buf, buflen, "UNKNOWN ERROR CODE (%04X)", (unsigned int) use_ret); + } else { + mbedtls_snprintf(buf, buflen, "%s", low_level_error_description); + } } #else /* MBEDTLS_ERROR_C */ @@ -959,18 +964,19 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen ) /* * Provide a dummy implementation when MBEDTLS_ERROR_C is not defined */ -void mbedtls_strerror( int ret, char *buf, size_t buflen ) +void mbedtls_strerror(int ret, char *buf, size_t buflen) { ((void) ret); - if( buflen > 0 ) + if (buflen > 0) { buf[0] = '\0'; + } } #endif /* MBEDTLS_ERROR_C */ #if defined(MBEDTLS_TEST_HOOKS) -void (*mbedtls_test_hook_error_add)( int, int, const char *, int ); +void (*mbedtls_test_hook_error_add)(int, int, const char *, int); #endif #endif /* MBEDTLS_ERROR_C || MBEDTLS_ERROR_STRERROR_DUMMY */ diff --git a/thirdparty/mbedtls/library/gcm.c b/thirdparty/mbedtls/library/gcm.c index d0b73379a6..0c958c729a 100644 --- a/thirdparty/mbedtls/library/gcm.c +++ b/thirdparty/mbedtls/library/gcm.c @@ -45,18 +45,18 @@ #if !defined(MBEDTLS_GCM_ALT) /* Parameter validation macros */ -#define GCM_VALIDATE_RET( cond ) \ - MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_GCM_BAD_INPUT ) -#define GCM_VALIDATE( cond ) \ - MBEDTLS_INTERNAL_VALIDATE( cond ) +#define GCM_VALIDATE_RET(cond) \ + MBEDTLS_INTERNAL_VALIDATE_RET(cond, MBEDTLS_ERR_GCM_BAD_INPUT) +#define GCM_VALIDATE(cond) \ + MBEDTLS_INTERNAL_VALIDATE(cond) /* * Initialize a context */ -void mbedtls_gcm_init( mbedtls_gcm_context *ctx ) +void mbedtls_gcm_init(mbedtls_gcm_context *ctx) { - GCM_VALIDATE( ctx != NULL ); - memset( ctx, 0, sizeof( mbedtls_gcm_context ) ); + GCM_VALIDATE(ctx != NULL); + memset(ctx, 0, sizeof(mbedtls_gcm_context)); } /* @@ -67,7 +67,7 @@ void mbedtls_gcm_init( mbedtls_gcm_context *ctx ) * is the high-order bit of HH corresponds to P^0 and the low-order bit of HL * corresponds to P^127. */ -static int gcm_gen_table( mbedtls_gcm_context *ctx ) +static int gcm_gen_table(mbedtls_gcm_context *ctx) { int ret, i, j; uint64_t hi, lo; @@ -75,93 +75,95 @@ static int gcm_gen_table( mbedtls_gcm_context *ctx ) unsigned char h[16]; size_t olen = 0; - memset( h, 0, 16 ); - if( ( ret = mbedtls_cipher_update( &ctx->cipher_ctx, h, 16, h, &olen ) ) != 0 ) - return( ret ); + memset(h, 0, 16); + if ((ret = mbedtls_cipher_update(&ctx->cipher_ctx, h, 16, h, &olen)) != 0) { + return ret; + } /* pack h as two 64-bits ints, big-endian */ - hi = MBEDTLS_GET_UINT32_BE( h, 0 ); - lo = MBEDTLS_GET_UINT32_BE( h, 4 ); + hi = MBEDTLS_GET_UINT32_BE(h, 0); + lo = MBEDTLS_GET_UINT32_BE(h, 4); vh = (uint64_t) hi << 32 | lo; - hi = MBEDTLS_GET_UINT32_BE( h, 8 ); - lo = MBEDTLS_GET_UINT32_BE( h, 12 ); + hi = MBEDTLS_GET_UINT32_BE(h, 8); + lo = MBEDTLS_GET_UINT32_BE(h, 12); vl = (uint64_t) hi << 32 | lo; /* 8 = 1000 corresponds to 1 in GF(2^128) */ ctx->HL[8] = vl; ctx->HH[8] = vh; -#if defined(MBEDTLS_AESNI_C) && defined(MBEDTLS_HAVE_X86_64) +#if defined(MBEDTLS_AESNI_HAVE_CODE) /* With CLMUL support, we need only h, not the rest of the table */ - if( mbedtls_aesni_has_support( MBEDTLS_AESNI_CLMUL ) ) - return( 0 ); + if (mbedtls_aesni_has_support(MBEDTLS_AESNI_CLMUL)) { + return 0; + } #endif /* 0 corresponds to 0 in GF(2^128) */ ctx->HH[0] = 0; ctx->HL[0] = 0; - for( i = 4; i > 0; i >>= 1 ) - { - uint32_t T = ( vl & 1 ) * 0xe1000000U; - vl = ( vh << 63 ) | ( vl >> 1 ); - vh = ( vh >> 1 ) ^ ( (uint64_t) T << 32); + for (i = 4; i > 0; i >>= 1) { + uint32_t T = (vl & 1) * 0xe1000000U; + vl = (vh << 63) | (vl >> 1); + vh = (vh >> 1) ^ ((uint64_t) T << 32); ctx->HL[i] = vl; ctx->HH[i] = vh; } - for( i = 2; i <= 8; i *= 2 ) - { + for (i = 2; i <= 8; i *= 2) { uint64_t *HiL = ctx->HL + i, *HiH = ctx->HH + i; vh = *HiH; vl = *HiL; - for( j = 1; j < i; j++ ) - { + for (j = 1; j < i; j++) { HiH[j] = vh ^ ctx->HH[j]; HiL[j] = vl ^ ctx->HL[j]; } } - return( 0 ); + return 0; } -int mbedtls_gcm_setkey( mbedtls_gcm_context *ctx, - mbedtls_cipher_id_t cipher, - const unsigned char *key, - unsigned int keybits ) +int mbedtls_gcm_setkey(mbedtls_gcm_context *ctx, + mbedtls_cipher_id_t cipher, + const unsigned char *key, + unsigned int keybits) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; const mbedtls_cipher_info_t *cipher_info; - GCM_VALIDATE_RET( ctx != NULL ); - GCM_VALIDATE_RET( key != NULL ); - GCM_VALIDATE_RET( keybits == 128 || keybits == 192 || keybits == 256 ); + GCM_VALIDATE_RET(ctx != NULL); + GCM_VALIDATE_RET(key != NULL); + GCM_VALIDATE_RET(keybits == 128 || keybits == 192 || keybits == 256); - cipher_info = mbedtls_cipher_info_from_values( cipher, keybits, - MBEDTLS_MODE_ECB ); - if( cipher_info == NULL ) - return( MBEDTLS_ERR_GCM_BAD_INPUT ); + cipher_info = mbedtls_cipher_info_from_values(cipher, keybits, + MBEDTLS_MODE_ECB); + if (cipher_info == NULL) { + return MBEDTLS_ERR_GCM_BAD_INPUT; + } - if( cipher_info->block_size != 16 ) - return( MBEDTLS_ERR_GCM_BAD_INPUT ); + if (cipher_info->block_size != 16) { + return MBEDTLS_ERR_GCM_BAD_INPUT; + } - mbedtls_cipher_free( &ctx->cipher_ctx ); + mbedtls_cipher_free(&ctx->cipher_ctx); - if( ( ret = mbedtls_cipher_setup( &ctx->cipher_ctx, cipher_info ) ) != 0 ) - return( ret ); + if ((ret = mbedtls_cipher_setup(&ctx->cipher_ctx, cipher_info)) != 0) { + return ret; + } - if( ( ret = mbedtls_cipher_setkey( &ctx->cipher_ctx, key, keybits, - MBEDTLS_ENCRYPT ) ) != 0 ) - { - return( ret ); + if ((ret = mbedtls_cipher_setkey(&ctx->cipher_ctx, key, keybits, + MBEDTLS_ENCRYPT)) != 0) { + return ret; } - if( ( ret = gcm_gen_table( ctx ) ) != 0 ) - return( ret ); + if ((ret = gcm_gen_table(ctx)) != 0) { + return ret; + } - return( 0 ); + return 0; } /* @@ -181,42 +183,40 @@ static const uint64_t last4[16] = * Sets output to x times H using the precomputed tables. * x and output are seen as elements of GF(2^128) as in [MGV]. */ -static void gcm_mult( mbedtls_gcm_context *ctx, const unsigned char x[16], - unsigned char output[16] ) +static void gcm_mult(mbedtls_gcm_context *ctx, const unsigned char x[16], + unsigned char output[16]) { int i = 0; unsigned char lo, hi, rem; uint64_t zh, zl; -#if defined(MBEDTLS_AESNI_C) && defined(MBEDTLS_HAVE_X86_64) - if( mbedtls_aesni_has_support( MBEDTLS_AESNI_CLMUL ) ) { +#if defined(MBEDTLS_AESNI_HAVE_CODE) + if (mbedtls_aesni_has_support(MBEDTLS_AESNI_CLMUL)) { unsigned char h[16]; - MBEDTLS_PUT_UINT32_BE( ctx->HH[8] >> 32, h, 0 ); - MBEDTLS_PUT_UINT32_BE( ctx->HH[8], h, 4 ); - MBEDTLS_PUT_UINT32_BE( ctx->HL[8] >> 32, h, 8 ); - MBEDTLS_PUT_UINT32_BE( ctx->HL[8], h, 12 ); + MBEDTLS_PUT_UINT32_BE(ctx->HH[8] >> 32, h, 0); + MBEDTLS_PUT_UINT32_BE(ctx->HH[8], h, 4); + MBEDTLS_PUT_UINT32_BE(ctx->HL[8] >> 32, h, 8); + MBEDTLS_PUT_UINT32_BE(ctx->HL[8], h, 12); - mbedtls_aesni_gcm_mult( output, x, h ); + mbedtls_aesni_gcm_mult(output, x, h); return; } -#endif /* MBEDTLS_AESNI_C && MBEDTLS_HAVE_X86_64 */ +#endif /* MBEDTLS_AESNI_HAVE_CODE */ lo = x[15] & 0xf; zh = ctx->HH[lo]; zl = ctx->HL[lo]; - for( i = 15; i >= 0; i-- ) - { + for (i = 15; i >= 0; i--) { lo = x[i] & 0xf; - hi = ( x[i] >> 4 ) & 0xf; + hi = (x[i] >> 4) & 0xf; - if( i != 15 ) - { + if (i != 15) { rem = (unsigned char) zl & 0xf; - zl = ( zh << 60 ) | ( zl >> 4 ); - zh = ( zh >> 4 ); + zl = (zh << 60) | (zl >> 4); + zh = (zh >> 4); zh ^= (uint64_t) last4[rem] << 48; zh ^= ctx->HH[lo]; zl ^= ctx->HL[lo]; @@ -224,25 +224,25 @@ static void gcm_mult( mbedtls_gcm_context *ctx, const unsigned char x[16], } rem = (unsigned char) zl & 0xf; - zl = ( zh << 60 ) | ( zl >> 4 ); - zh = ( zh >> 4 ); + zl = (zh << 60) | (zl >> 4); + zh = (zh >> 4); zh ^= (uint64_t) last4[rem] << 48; zh ^= ctx->HH[hi]; zl ^= ctx->HL[hi]; } - MBEDTLS_PUT_UINT32_BE( zh >> 32, output, 0 ); - MBEDTLS_PUT_UINT32_BE( zh, output, 4 ); - MBEDTLS_PUT_UINT32_BE( zl >> 32, output, 8 ); - MBEDTLS_PUT_UINT32_BE( zl, output, 12 ); + MBEDTLS_PUT_UINT32_BE(zh >> 32, output, 0); + MBEDTLS_PUT_UINT32_BE(zh, output, 4); + MBEDTLS_PUT_UINT32_BE(zl >> 32, output, 8); + MBEDTLS_PUT_UINT32_BE(zl, output, 12); } -int mbedtls_gcm_starts( mbedtls_gcm_context *ctx, - int mode, - const unsigned char *iv, - size_t iv_len, - const unsigned char *add, - size_t add_len ) +int mbedtls_gcm_starts(mbedtls_gcm_context *ctx, + int mode, + const unsigned char *iv, + size_t iv_len, + const unsigned char *add, + size_t add_len) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char work_buf[16]; @@ -251,85 +251,81 @@ int mbedtls_gcm_starts( mbedtls_gcm_context *ctx, size_t use_len, olen = 0; uint64_t iv_bits; - GCM_VALIDATE_RET( ctx != NULL ); - GCM_VALIDATE_RET( iv != NULL ); - GCM_VALIDATE_RET( add_len == 0 || add != NULL ); + GCM_VALIDATE_RET(ctx != NULL); + GCM_VALIDATE_RET(iv != NULL); + GCM_VALIDATE_RET(add_len == 0 || add != NULL); /* IV and AD are limited to 2^64 bits, so 2^61 bytes */ /* IV is not allowed to be zero length */ - if( iv_len == 0 || - ( (uint64_t) iv_len ) >> 61 != 0 || - ( (uint64_t) add_len ) >> 61 != 0 ) - { - return( MBEDTLS_ERR_GCM_BAD_INPUT ); + if (iv_len == 0 || + ((uint64_t) iv_len) >> 61 != 0 || + ((uint64_t) add_len) >> 61 != 0) { + return MBEDTLS_ERR_GCM_BAD_INPUT; } - memset( ctx->y, 0x00, sizeof(ctx->y) ); - memset( ctx->buf, 0x00, sizeof(ctx->buf) ); + memset(ctx->y, 0x00, sizeof(ctx->y)); + memset(ctx->buf, 0x00, sizeof(ctx->buf)); ctx->mode = mode; ctx->len = 0; ctx->add_len = 0; - if( iv_len == 12 ) - { - memcpy( ctx->y, iv, iv_len ); + if (iv_len == 12) { + memcpy(ctx->y, iv, iv_len); ctx->y[15] = 1; - } - else - { - memset( work_buf, 0x00, 16 ); - iv_bits = (uint64_t)iv_len * 8; - MBEDTLS_PUT_UINT64_BE( iv_bits, work_buf, 8 ); + } else { + memset(work_buf, 0x00, 16); + iv_bits = (uint64_t) iv_len * 8; + MBEDTLS_PUT_UINT64_BE(iv_bits, work_buf, 8); p = iv; - while( iv_len > 0 ) - { - use_len = ( iv_len < 16 ) ? iv_len : 16; + while (iv_len > 0) { + use_len = (iv_len < 16) ? iv_len : 16; - for( i = 0; i < use_len; i++ ) + for (i = 0; i < use_len; i++) { ctx->y[i] ^= p[i]; + } - gcm_mult( ctx, ctx->y, ctx->y ); + gcm_mult(ctx, ctx->y, ctx->y); iv_len -= use_len; p += use_len; } - for( i = 0; i < 16; i++ ) + for (i = 0; i < 16; i++) { ctx->y[i] ^= work_buf[i]; + } - gcm_mult( ctx, ctx->y, ctx->y ); + gcm_mult(ctx, ctx->y, ctx->y); } - if( ( ret = mbedtls_cipher_update( &ctx->cipher_ctx, ctx->y, 16, - ctx->base_ectr, &olen ) ) != 0 ) - { - return( ret ); + if ((ret = mbedtls_cipher_update(&ctx->cipher_ctx, ctx->y, 16, + ctx->base_ectr, &olen)) != 0) { + return ret; } ctx->add_len = add_len; p = add; - while( add_len > 0 ) - { - use_len = ( add_len < 16 ) ? add_len : 16; + while (add_len > 0) { + use_len = (add_len < 16) ? add_len : 16; - for( i = 0; i < use_len; i++ ) + for (i = 0; i < use_len; i++) { ctx->buf[i] ^= p[i]; + } - gcm_mult( ctx, ctx->buf, ctx->buf ); + gcm_mult(ctx, ctx->buf, ctx->buf); add_len -= use_len; p += use_len; } - return( 0 ); + return 0; } -int mbedtls_gcm_update( mbedtls_gcm_context *ctx, - size_t length, - const unsigned char *input, - unsigned char *output ) +int mbedtls_gcm_update(mbedtls_gcm_context *ctx, + size_t length, + const unsigned char *input, + unsigned char *output) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char ectr[16]; @@ -338,180 +334,186 @@ int mbedtls_gcm_update( mbedtls_gcm_context *ctx, unsigned char *out_p = output; size_t use_len, olen = 0; - GCM_VALIDATE_RET( ctx != NULL ); - GCM_VALIDATE_RET( length == 0 || input != NULL ); - GCM_VALIDATE_RET( length == 0 || output != NULL ); + GCM_VALIDATE_RET(ctx != NULL); + GCM_VALIDATE_RET(length == 0 || input != NULL); + GCM_VALIDATE_RET(length == 0 || output != NULL); - if( output > input && (size_t) ( output - input ) < length ) - return( MBEDTLS_ERR_GCM_BAD_INPUT ); + if (output > input && (size_t) (output - input) < length) { + return MBEDTLS_ERR_GCM_BAD_INPUT; + } /* Total length is restricted to 2^39 - 256 bits, ie 2^36 - 2^5 bytes * Also check for possible overflow */ - if( ctx->len + length < ctx->len || - (uint64_t) ctx->len + length > 0xFFFFFFFE0ull ) - { - return( MBEDTLS_ERR_GCM_BAD_INPUT ); + if (ctx->len + length < ctx->len || + (uint64_t) ctx->len + length > 0xFFFFFFFE0ull) { + return MBEDTLS_ERR_GCM_BAD_INPUT; } ctx->len += length; p = input; - while( length > 0 ) - { - use_len = ( length < 16 ) ? length : 16; + while (length > 0) { + use_len = (length < 16) ? length : 16; - for( i = 16; i > 12; i-- ) - if( ++ctx->y[i - 1] != 0 ) + for (i = 16; i > 12; i--) { + if (++ctx->y[i - 1] != 0) { break; + } + } - if( ( ret = mbedtls_cipher_update( &ctx->cipher_ctx, ctx->y, 16, ectr, - &olen ) ) != 0 ) - { - return( ret ); + if ((ret = mbedtls_cipher_update(&ctx->cipher_ctx, ctx->y, 16, ectr, + &olen)) != 0) { + return ret; } - for( i = 0; i < use_len; i++ ) - { - if( ctx->mode == MBEDTLS_GCM_DECRYPT ) + for (i = 0; i < use_len; i++) { + if (ctx->mode == MBEDTLS_GCM_DECRYPT) { ctx->buf[i] ^= p[i]; + } out_p[i] = ectr[i] ^ p[i]; - if( ctx->mode == MBEDTLS_GCM_ENCRYPT ) + if (ctx->mode == MBEDTLS_GCM_ENCRYPT) { ctx->buf[i] ^= out_p[i]; + } } - gcm_mult( ctx, ctx->buf, ctx->buf ); + gcm_mult(ctx, ctx->buf, ctx->buf); length -= use_len; p += use_len; out_p += use_len; } - return( 0 ); + return 0; } -int mbedtls_gcm_finish( mbedtls_gcm_context *ctx, - unsigned char *tag, - size_t tag_len ) +int mbedtls_gcm_finish(mbedtls_gcm_context *ctx, + unsigned char *tag, + size_t tag_len) { unsigned char work_buf[16]; size_t i; uint64_t orig_len; uint64_t orig_add_len; - GCM_VALIDATE_RET( ctx != NULL ); - GCM_VALIDATE_RET( tag != NULL ); + GCM_VALIDATE_RET(ctx != NULL); + GCM_VALIDATE_RET(tag != NULL); orig_len = ctx->len * 8; orig_add_len = ctx->add_len * 8; - if( tag_len > 16 || tag_len < 4 ) - return( MBEDTLS_ERR_GCM_BAD_INPUT ); + if (tag_len > 16 || tag_len < 4) { + return MBEDTLS_ERR_GCM_BAD_INPUT; + } - memcpy( tag, ctx->base_ectr, tag_len ); + memcpy(tag, ctx->base_ectr, tag_len); - if( orig_len || orig_add_len ) - { - memset( work_buf, 0x00, 16 ); + if (orig_len || orig_add_len) { + memset(work_buf, 0x00, 16); - MBEDTLS_PUT_UINT32_BE( ( orig_add_len >> 32 ), work_buf, 0 ); - MBEDTLS_PUT_UINT32_BE( ( orig_add_len ), work_buf, 4 ); - MBEDTLS_PUT_UINT32_BE( ( orig_len >> 32 ), work_buf, 8 ); - MBEDTLS_PUT_UINT32_BE( ( orig_len ), work_buf, 12 ); + MBEDTLS_PUT_UINT32_BE((orig_add_len >> 32), work_buf, 0); + MBEDTLS_PUT_UINT32_BE((orig_add_len), work_buf, 4); + MBEDTLS_PUT_UINT32_BE((orig_len >> 32), work_buf, 8); + MBEDTLS_PUT_UINT32_BE((orig_len), work_buf, 12); - for( i = 0; i < 16; i++ ) + for (i = 0; i < 16; i++) { ctx->buf[i] ^= work_buf[i]; + } - gcm_mult( ctx, ctx->buf, ctx->buf ); + gcm_mult(ctx, ctx->buf, ctx->buf); - for( i = 0; i < tag_len; i++ ) + for (i = 0; i < tag_len; i++) { tag[i] ^= ctx->buf[i]; + } } - return( 0 ); + return 0; } -int mbedtls_gcm_crypt_and_tag( mbedtls_gcm_context *ctx, - int mode, - size_t length, - const unsigned char *iv, - size_t iv_len, - const unsigned char *add, - size_t add_len, - const unsigned char *input, - unsigned char *output, - size_t tag_len, - unsigned char *tag ) +int mbedtls_gcm_crypt_and_tag(mbedtls_gcm_context *ctx, + int mode, + size_t length, + const unsigned char *iv, + size_t iv_len, + const unsigned char *add, + size_t add_len, + const unsigned char *input, + unsigned char *output, + size_t tag_len, + unsigned char *tag) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - GCM_VALIDATE_RET( ctx != NULL ); - GCM_VALIDATE_RET( iv != NULL ); - GCM_VALIDATE_RET( add_len == 0 || add != NULL ); - GCM_VALIDATE_RET( length == 0 || input != NULL ); - GCM_VALIDATE_RET( length == 0 || output != NULL ); - GCM_VALIDATE_RET( tag != NULL ); + GCM_VALIDATE_RET(ctx != NULL); + GCM_VALIDATE_RET(iv != NULL); + GCM_VALIDATE_RET(add_len == 0 || add != NULL); + GCM_VALIDATE_RET(length == 0 || input != NULL); + GCM_VALIDATE_RET(length == 0 || output != NULL); + GCM_VALIDATE_RET(tag != NULL); - if( ( ret = mbedtls_gcm_starts( ctx, mode, iv, iv_len, add, add_len ) ) != 0 ) - return( ret ); + if ((ret = mbedtls_gcm_starts(ctx, mode, iv, iv_len, add, add_len)) != 0) { + return ret; + } - if( ( ret = mbedtls_gcm_update( ctx, length, input, output ) ) != 0 ) - return( ret ); + if ((ret = mbedtls_gcm_update(ctx, length, input, output)) != 0) { + return ret; + } - if( ( ret = mbedtls_gcm_finish( ctx, tag, tag_len ) ) != 0 ) - return( ret ); + if ((ret = mbedtls_gcm_finish(ctx, tag, tag_len)) != 0) { + return ret; + } - return( 0 ); + return 0; } -int mbedtls_gcm_auth_decrypt( mbedtls_gcm_context *ctx, - size_t length, - const unsigned char *iv, - size_t iv_len, - const unsigned char *add, - size_t add_len, - const unsigned char *tag, - size_t tag_len, - const unsigned char *input, - unsigned char *output ) +int mbedtls_gcm_auth_decrypt(mbedtls_gcm_context *ctx, + size_t length, + const unsigned char *iv, + size_t iv_len, + const unsigned char *add, + size_t add_len, + const unsigned char *tag, + size_t tag_len, + const unsigned char *input, + unsigned char *output) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char check_tag[16]; size_t i; int diff; - GCM_VALIDATE_RET( ctx != NULL ); - GCM_VALIDATE_RET( iv != NULL ); - GCM_VALIDATE_RET( add_len == 0 || add != NULL ); - GCM_VALIDATE_RET( tag != NULL ); - GCM_VALIDATE_RET( length == 0 || input != NULL ); - GCM_VALIDATE_RET( length == 0 || output != NULL ); - - if( ( ret = mbedtls_gcm_crypt_and_tag( ctx, MBEDTLS_GCM_DECRYPT, length, - iv, iv_len, add, add_len, - input, output, tag_len, check_tag ) ) != 0 ) - { - return( ret ); + GCM_VALIDATE_RET(ctx != NULL); + GCM_VALIDATE_RET(iv != NULL); + GCM_VALIDATE_RET(add_len == 0 || add != NULL); + GCM_VALIDATE_RET(tag != NULL); + GCM_VALIDATE_RET(length == 0 || input != NULL); + GCM_VALIDATE_RET(length == 0 || output != NULL); + + if ((ret = mbedtls_gcm_crypt_and_tag(ctx, MBEDTLS_GCM_DECRYPT, length, + iv, iv_len, add, add_len, + input, output, tag_len, check_tag)) != 0) { + return ret; } /* Check tag in "constant-time" */ - for( diff = 0, i = 0; i < tag_len; i++ ) + for (diff = 0, i = 0; i < tag_len; i++) { diff |= tag[i] ^ check_tag[i]; + } - if( diff != 0 ) - { - mbedtls_platform_zeroize( output, length ); - return( MBEDTLS_ERR_GCM_AUTH_FAILED ); + if (diff != 0) { + mbedtls_platform_zeroize(output, length); + return MBEDTLS_ERR_GCM_AUTH_FAILED; } - return( 0 ); + return 0; } -void mbedtls_gcm_free( mbedtls_gcm_context *ctx ) +void mbedtls_gcm_free(mbedtls_gcm_context *ctx) { - if( ctx == NULL ) + if (ctx == NULL) { return; - mbedtls_cipher_free( &ctx->cipher_ctx ); - mbedtls_platform_zeroize( ctx, sizeof( mbedtls_gcm_context ) ); + } + mbedtls_cipher_free(&ctx->cipher_ctx); + mbedtls_platform_zeroize(ctx, sizeof(mbedtls_gcm_context)); } #endif /* !MBEDTLS_GCM_ALT */ @@ -525,7 +527,7 @@ void mbedtls_gcm_free( mbedtls_gcm_context *ctx ) #define MAX_TESTS 6 static const int key_index_test_data[MAX_TESTS] = - { 0, 0, 1, 1, 1, 1 }; +{ 0, 0, 1, 1, 1, 1 }; static const unsigned char key_test_data[MAX_TESTS][32] = { @@ -540,10 +542,10 @@ static const unsigned char key_test_data[MAX_TESTS][32] = }; static const size_t iv_len_test_data[MAX_TESTS] = - { 12, 12, 12, 12, 8, 60 }; +{ 12, 12, 12, 12, 8, 60 }; static const int iv_index_test_data[MAX_TESTS] = - { 0, 0, 1, 1, 1, 2 }; +{ 0, 0, 1, 1, 1, 2 }; static const unsigned char iv_test_data[MAX_TESTS][64] = { @@ -562,10 +564,10 @@ static const unsigned char iv_test_data[MAX_TESTS][64] = }; static const size_t add_len_test_data[MAX_TESTS] = - { 0, 0, 0, 20, 20, 20 }; +{ 0, 0, 0, 20, 20, 20 }; static const int add_index_test_data[MAX_TESTS] = - { 0, 0, 0, 1, 1, 1 }; +{ 0, 0, 0, 1, 1, 1 }; static const unsigned char additional_test_data[MAX_TESTS][64] = { @@ -576,10 +578,10 @@ static const unsigned char additional_test_data[MAX_TESTS][64] = }; static const size_t pt_len_test_data[MAX_TESTS] = - { 0, 16, 64, 60, 60, 60 }; +{ 0, 16, 64, 60, 60, 60 }; static const int pt_index_test_data[MAX_TESTS] = - { 0, 0, 1, 1, 1, 1 }; +{ 0, 0, 1, 1, 1, 1 }; static const unsigned char pt_test_data[MAX_TESTS][64] = { @@ -744,7 +746,7 @@ static const unsigned char tag_test_data[MAX_TESTS * 3][16] = 0xc8, 0xb5, 0xd4, 0xcf, 0x5a, 0xe9, 0xf1, 0x9a }, }; -int mbedtls_gcm_self_test( int verbose ) +int mbedtls_gcm_self_test(int verbose) { mbedtls_gcm_context ctx; unsigned char buf[64]; @@ -752,242 +754,271 @@ int mbedtls_gcm_self_test( int verbose ) int i, j, ret; mbedtls_cipher_id_t cipher = MBEDTLS_CIPHER_ID_AES; - for( j = 0; j < 3; j++ ) - { + if (verbose != 0) { +#if defined(MBEDTLS_GCM_ALT) + mbedtls_printf(" GCM note: alternative implementation.\n"); +#else /* MBEDTLS_GCM_ALT */ +#if defined(MBEDTLS_AESNI_HAVE_CODE) + if (mbedtls_aesni_has_support(MBEDTLS_AESNI_CLMUL)) { + mbedtls_printf(" GCM note: using AESNI via "); +#if MBEDTLS_AESNI_HAVE_CODE == 1 + mbedtls_printf("assembly"); +#elif MBEDTLS_AESNI_HAVE_CODE == 2 + mbedtls_printf("intrinsics"); +#else + mbedtls_printf("(unknown)"); +#endif + mbedtls_printf(".\n"); + } else +#endif + mbedtls_printf(" GCM note: built-in implementation.\n"); +#endif /* MBEDTLS_GCM_ALT */ + } + + for (j = 0; j < 3; j++) { int key_len = 128 + 64 * j; - for( i = 0; i < MAX_TESTS; i++ ) - { - mbedtls_gcm_init( &ctx ); + for (i = 0; i < MAX_TESTS; i++) { + mbedtls_gcm_init(&ctx); - if( verbose != 0 ) - mbedtls_printf( " AES-GCM-%3d #%d (%s): ", - key_len, i, "enc" ); + if (verbose != 0) { + mbedtls_printf(" AES-GCM-%3d #%d (%s): ", + key_len, i, "enc"); + } - ret = mbedtls_gcm_setkey( &ctx, cipher, - key_test_data[key_index_test_data[i]], - key_len ); + ret = mbedtls_gcm_setkey(&ctx, cipher, + key_test_data[key_index_test_data[i]], + key_len); /* * AES-192 is an optional feature that may be unavailable when * there is an alternative underlying implementation i.e. when * MBEDTLS_AES_ALT is defined. */ - if( ret == MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED && key_len == 192 ) - { - mbedtls_printf( "skipped\n" ); + if (ret == MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED && key_len == 192) { + mbedtls_printf("skipped\n"); break; - } - else if( ret != 0 ) - { + } else if (ret != 0) { goto exit; } - ret = mbedtls_gcm_crypt_and_tag( &ctx, MBEDTLS_GCM_ENCRYPT, - pt_len_test_data[i], - iv_test_data[iv_index_test_data[i]], - iv_len_test_data[i], - additional_test_data[add_index_test_data[i]], - add_len_test_data[i], - pt_test_data[pt_index_test_data[i]], - buf, 16, tag_buf ); + ret = mbedtls_gcm_crypt_and_tag(&ctx, MBEDTLS_GCM_ENCRYPT, + pt_len_test_data[i], + iv_test_data[iv_index_test_data[i]], + iv_len_test_data[i], + additional_test_data[add_index_test_data[i]], + add_len_test_data[i], + pt_test_data[pt_index_test_data[i]], + buf, 16, tag_buf); #if defined(MBEDTLS_GCM_ALT) /* Allow alternative implementations to only support 12-byte nonces. */ - if( ret == MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED && - iv_len_test_data[i] != 12 ) - { - mbedtls_printf( "skipped\n" ); + if (ret == MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED && + iv_len_test_data[i] != 12) { + mbedtls_printf("skipped\n"); break; } #endif /* defined(MBEDTLS_GCM_ALT) */ - if( ret != 0 ) + if (ret != 0) { goto exit; + } - if ( memcmp( buf, ct_test_data[j * 6 + i], - pt_len_test_data[i] ) != 0 || - memcmp( tag_buf, tag_test_data[j * 6 + i], 16 ) != 0 ) - { + if (memcmp(buf, ct_test_data[j * 6 + i], + pt_len_test_data[i]) != 0 || + memcmp(tag_buf, tag_test_data[j * 6 + i], 16) != 0) { ret = 1; goto exit; } - mbedtls_gcm_free( &ctx ); + mbedtls_gcm_free(&ctx); - if( verbose != 0 ) - mbedtls_printf( "passed\n" ); + if (verbose != 0) { + mbedtls_printf("passed\n"); + } - mbedtls_gcm_init( &ctx ); + mbedtls_gcm_init(&ctx); - if( verbose != 0 ) - mbedtls_printf( " AES-GCM-%3d #%d (%s): ", - key_len, i, "dec" ); + if (verbose != 0) { + mbedtls_printf(" AES-GCM-%3d #%d (%s): ", + key_len, i, "dec"); + } - ret = mbedtls_gcm_setkey( &ctx, cipher, - key_test_data[key_index_test_data[i]], - key_len ); - if( ret != 0 ) + ret = mbedtls_gcm_setkey(&ctx, cipher, + key_test_data[key_index_test_data[i]], + key_len); + if (ret != 0) { goto exit; + } - ret = mbedtls_gcm_crypt_and_tag( &ctx, MBEDTLS_GCM_DECRYPT, - pt_len_test_data[i], - iv_test_data[iv_index_test_data[i]], - iv_len_test_data[i], - additional_test_data[add_index_test_data[i]], - add_len_test_data[i], - ct_test_data[j * 6 + i], buf, 16, tag_buf ); + ret = mbedtls_gcm_crypt_and_tag(&ctx, MBEDTLS_GCM_DECRYPT, + pt_len_test_data[i], + iv_test_data[iv_index_test_data[i]], + iv_len_test_data[i], + additional_test_data[add_index_test_data[i]], + add_len_test_data[i], + ct_test_data[j * 6 + i], buf, 16, tag_buf); - if( ret != 0 ) + if (ret != 0) { goto exit; + } - if( memcmp( buf, pt_test_data[pt_index_test_data[i]], - pt_len_test_data[i] ) != 0 || - memcmp( tag_buf, tag_test_data[j * 6 + i], 16 ) != 0 ) - { + if (memcmp(buf, pt_test_data[pt_index_test_data[i]], + pt_len_test_data[i]) != 0 || + memcmp(tag_buf, tag_test_data[j * 6 + i], 16) != 0) { ret = 1; goto exit; } - mbedtls_gcm_free( &ctx ); + mbedtls_gcm_free(&ctx); - if( verbose != 0 ) - mbedtls_printf( "passed\n" ); + if (verbose != 0) { + mbedtls_printf("passed\n"); + } - mbedtls_gcm_init( &ctx ); + mbedtls_gcm_init(&ctx); - if( verbose != 0 ) - mbedtls_printf( " AES-GCM-%3d #%d split (%s): ", - key_len, i, "enc" ); + if (verbose != 0) { + mbedtls_printf(" AES-GCM-%3d #%d split (%s): ", + key_len, i, "enc"); + } - ret = mbedtls_gcm_setkey( &ctx, cipher, - key_test_data[key_index_test_data[i]], - key_len ); - if( ret != 0 ) + ret = mbedtls_gcm_setkey(&ctx, cipher, + key_test_data[key_index_test_data[i]], + key_len); + if (ret != 0) { goto exit; + } - ret = mbedtls_gcm_starts( &ctx, MBEDTLS_GCM_ENCRYPT, - iv_test_data[iv_index_test_data[i]], - iv_len_test_data[i], - additional_test_data[add_index_test_data[i]], - add_len_test_data[i] ); - if( ret != 0 ) + ret = mbedtls_gcm_starts(&ctx, MBEDTLS_GCM_ENCRYPT, + iv_test_data[iv_index_test_data[i]], + iv_len_test_data[i], + additional_test_data[add_index_test_data[i]], + add_len_test_data[i]); + if (ret != 0) { goto exit; + } - if( pt_len_test_data[i] > 32 ) - { + if (pt_len_test_data[i] > 32) { size_t rest_len = pt_len_test_data[i] - 32; - ret = mbedtls_gcm_update( &ctx, 32, - pt_test_data[pt_index_test_data[i]], - buf ); - if( ret != 0 ) + ret = mbedtls_gcm_update(&ctx, 32, + pt_test_data[pt_index_test_data[i]], + buf); + if (ret != 0) { goto exit; + } - ret = mbedtls_gcm_update( &ctx, rest_len, - pt_test_data[pt_index_test_data[i]] + 32, - buf + 32 ); - if( ret != 0 ) + ret = mbedtls_gcm_update(&ctx, rest_len, + pt_test_data[pt_index_test_data[i]] + 32, + buf + 32); + if (ret != 0) { goto exit; - } - else - { - ret = mbedtls_gcm_update( &ctx, pt_len_test_data[i], - pt_test_data[pt_index_test_data[i]], - buf ); - if( ret != 0 ) + } + } else { + ret = mbedtls_gcm_update(&ctx, pt_len_test_data[i], + pt_test_data[pt_index_test_data[i]], + buf); + if (ret != 0) { goto exit; + } } - ret = mbedtls_gcm_finish( &ctx, tag_buf, 16 ); - if( ret != 0 ) + ret = mbedtls_gcm_finish(&ctx, tag_buf, 16); + if (ret != 0) { goto exit; + } - if( memcmp( buf, ct_test_data[j * 6 + i], - pt_len_test_data[i] ) != 0 || - memcmp( tag_buf, tag_test_data[j * 6 + i], 16 ) != 0 ) - { + if (memcmp(buf, ct_test_data[j * 6 + i], + pt_len_test_data[i]) != 0 || + memcmp(tag_buf, tag_test_data[j * 6 + i], 16) != 0) { ret = 1; goto exit; } - mbedtls_gcm_free( &ctx ); + mbedtls_gcm_free(&ctx); - if( verbose != 0 ) - mbedtls_printf( "passed\n" ); + if (verbose != 0) { + mbedtls_printf("passed\n"); + } - mbedtls_gcm_init( &ctx ); + mbedtls_gcm_init(&ctx); - if( verbose != 0 ) - mbedtls_printf( " AES-GCM-%3d #%d split (%s): ", - key_len, i, "dec" ); + if (verbose != 0) { + mbedtls_printf(" AES-GCM-%3d #%d split (%s): ", + key_len, i, "dec"); + } - ret = mbedtls_gcm_setkey( &ctx, cipher, - key_test_data[key_index_test_data[i]], - key_len ); - if( ret != 0 ) + ret = mbedtls_gcm_setkey(&ctx, cipher, + key_test_data[key_index_test_data[i]], + key_len); + if (ret != 0) { goto exit; + } - ret = mbedtls_gcm_starts( &ctx, MBEDTLS_GCM_DECRYPT, - iv_test_data[iv_index_test_data[i]], - iv_len_test_data[i], - additional_test_data[add_index_test_data[i]], - add_len_test_data[i] ); - if( ret != 0 ) + ret = mbedtls_gcm_starts(&ctx, MBEDTLS_GCM_DECRYPT, + iv_test_data[iv_index_test_data[i]], + iv_len_test_data[i], + additional_test_data[add_index_test_data[i]], + add_len_test_data[i]); + if (ret != 0) { goto exit; + } - if( pt_len_test_data[i] > 32 ) - { + if (pt_len_test_data[i] > 32) { size_t rest_len = pt_len_test_data[i] - 32; - ret = mbedtls_gcm_update( &ctx, 32, ct_test_data[j * 6 + i], - buf ); - if( ret != 0 ) + ret = mbedtls_gcm_update(&ctx, 32, ct_test_data[j * 6 + i], + buf); + if (ret != 0) { goto exit; + } - ret = mbedtls_gcm_update( &ctx, rest_len, - ct_test_data[j * 6 + i] + 32, - buf + 32 ); - if( ret != 0 ) + ret = mbedtls_gcm_update(&ctx, rest_len, + ct_test_data[j * 6 + i] + 32, + buf + 32); + if (ret != 0) { goto exit; - } - else - { - ret = mbedtls_gcm_update( &ctx, pt_len_test_data[i], - ct_test_data[j * 6 + i], - buf ); - if( ret != 0 ) + } + } else { + ret = mbedtls_gcm_update(&ctx, pt_len_test_data[i], + ct_test_data[j * 6 + i], + buf); + if (ret != 0) { goto exit; + } } - ret = mbedtls_gcm_finish( &ctx, tag_buf, 16 ); - if( ret != 0 ) + ret = mbedtls_gcm_finish(&ctx, tag_buf, 16); + if (ret != 0) { goto exit; + } - if( memcmp( buf, pt_test_data[pt_index_test_data[i]], - pt_len_test_data[i] ) != 0 || - memcmp( tag_buf, tag_test_data[j * 6 + i], 16 ) != 0 ) - { + if (memcmp(buf, pt_test_data[pt_index_test_data[i]], + pt_len_test_data[i]) != 0 || + memcmp(tag_buf, tag_test_data[j * 6 + i], 16) != 0) { ret = 1; goto exit; } - mbedtls_gcm_free( &ctx ); + mbedtls_gcm_free(&ctx); - if( verbose != 0 ) - mbedtls_printf( "passed\n" ); + if (verbose != 0) { + mbedtls_printf("passed\n"); + } } } - if( verbose != 0 ) - mbedtls_printf( "\n" ); + if (verbose != 0) { + mbedtls_printf("\n"); + } ret = 0; exit: - if( ret != 0 ) - { - if( verbose != 0 ) - mbedtls_printf( "failed\n" ); - mbedtls_gcm_free( &ctx ); + if (ret != 0) { + if (verbose != 0) { + mbedtls_printf("failed\n"); + } + mbedtls_gcm_free(&ctx); } - return( ret ); + return ret; } #endif /* MBEDTLS_SELF_TEST && MBEDTLS_AES_C */ diff --git a/thirdparty/mbedtls/library/havege.c b/thirdparty/mbedtls/library/havege.c index 2a360a150c..c23cdad9a5 100644 --- a/thirdparty/mbedtls/library/havege.c +++ b/thirdparty/mbedtls/library/havege.c @@ -49,10 +49,10 @@ * ------------------------------------------------------------------------ */ -#define SWAP(X,Y) { uint32_t *T = (X); (X) = (Y); (Y) = T; } +#define SWAP(X, Y) { uint32_t *T = (X); (X) = (Y); (Y) = T; } -#define TST1_ENTER if( PTEST & 1 ) { PTEST ^= 3; PTEST >>= 1; -#define TST2_ENTER if( PTEST & 1 ) { PTEST ^= 3; PTEST >>= 1; +#define TST1_ENTER if (PTEST & 1) { PTEST ^= 3; PTEST >>= 1; +#define TST2_ENTER if (PTEST & 1) { PTEST ^= 3; PTEST >>= 1; #define TST1_LEAVE U1++; } #define TST2_LEAVE U2++; } @@ -69,14 +69,14 @@ TST1_LEAVE TST1_LEAVE TST1_LEAVE TST1_LEAVE \ TST1_LEAVE TST1_LEAVE TST1_LEAVE TST1_LEAVE \ \ - PTX = (PT1 >> 18) & 7; \ + PTX = (PT1 >> 18) & 7; \ PT1 &= 0x1FFF; \ PT2 &= 0x1FFF; \ CLK = (uint32_t) mbedtls_timing_hardclock(); \ \ i = 0; \ - A = &WALK[PT1 ]; RES[i++] ^= *A; \ - B = &WALK[PT2 ]; RES[i++] ^= *B; \ + A = &WALK[PT1]; RES[i++] ^= *A; \ + B = &WALK[PT2]; RES[i++] ^= *B; \ C = &WALK[PT1 ^ 1]; RES[i++] ^= *C; \ D = &WALK[PT2 ^ 4]; RES[i++] ^= *D; \ \ @@ -91,7 +91,7 @@ C = &WALK[PT1 ^ 3]; RES[i++] ^= *C; \ D = &WALK[PT2 ^ 6]; RES[i++] ^= *D; \ \ - if( PTEST & 1 ) SWAP( A, C ); \ + if (PTEST & 1) SWAP(A, C); \ \ IN = (*A >> (5)) ^ (*A << (27)) ^ CLK; \ *A = (*B >> (6)) ^ (*B << (26)) ^ CLK; \ @@ -116,7 +116,7 @@ TST2_LEAVE TST2_LEAVE TST2_LEAVE TST2_LEAVE \ TST2_LEAVE TST2_LEAVE TST2_LEAVE TST2_LEAVE \ \ - C = &WALK[PT1 ^ 5]; \ + C = &WALK[PT1 ^ 5]; \ D = &WALK[PT2 ^ 5]; \ \ RES[i++] ^= *A; \ @@ -124,7 +124,7 @@ RES[i++] ^= *C; \ RES[i++] ^= *D; \ \ - IN = (*A >> ( 9)) ^ (*A << (23)) ^ CLK; \ + IN = (*A >> (9)) ^ (*A << (23)) ^ CLK; \ *A = (*B >> (10)) ^ (*B << (22)) ^ CLK; \ *B = IN ^ U2; \ *C = (*C >> (11)) ^ (*C << (21)) ^ CLK; \ @@ -141,17 +141,17 @@ *C = (*C >> (15)) ^ (*C << (17)) ^ CLK; \ *D = (*D >> (16)) ^ (*D << (16)) ^ CLK; \ \ - PT1 = ( RES[( i - 8 ) ^ PTX] ^ \ - WALK[PT1 ^ PTX ^ 7] ) & (~1); \ + PT1 = (RES[(i - 8) ^ PTX] ^ \ + WALK[PT1 ^ PTX ^ 7]) & (~1); \ PT1 ^= (PT2 ^ 0x10) & 0x10; \ \ - for( n++, i = 0; i < 16; i++ ) \ - hs->pool[n % MBEDTLS_HAVEGE_COLLECT_SIZE] ^= RES[i]; + for (n++, i = 0; i < 16; i++) \ + hs->pool[n % MBEDTLS_HAVEGE_COLLECT_SIZE] ^= RES[i]; /* * Entropy gathering function */ -static void havege_fill( mbedtls_havege_state *hs ) +static void havege_fill(mbedtls_havege_state *hs) { size_t n = 0; size_t i; @@ -166,16 +166,15 @@ static void havege_fill( mbedtls_havege_state *hs ) PTX = U1 = 0; PTY = U2 = 0; - (void)PTX; + (void) PTX; - memset( RES, 0, sizeof( RES ) ); + memset(RES, 0, sizeof(RES)); - while( n < MBEDTLS_HAVEGE_COLLECT_SIZE * 4 ) - { - ONE_ITERATION + while (n < MBEDTLS_HAVEGE_COLLECT_SIZE * 4) { ONE_ITERATION ONE_ITERATION ONE_ITERATION + ONE_ITERATION } hs->PT1 = PT1; @@ -188,50 +187,52 @@ static void havege_fill( mbedtls_havege_state *hs ) /* * HAVEGE initialization */ -void mbedtls_havege_init( mbedtls_havege_state *hs ) +void mbedtls_havege_init(mbedtls_havege_state *hs) { - memset( hs, 0, sizeof( mbedtls_havege_state ) ); + memset(hs, 0, sizeof(mbedtls_havege_state)); - havege_fill( hs ); + havege_fill(hs); } -void mbedtls_havege_free( mbedtls_havege_state *hs ) +void mbedtls_havege_free(mbedtls_havege_state *hs) { - if( hs == NULL ) + if (hs == NULL) { return; + } - mbedtls_platform_zeroize( hs, sizeof( mbedtls_havege_state ) ); + mbedtls_platform_zeroize(hs, sizeof(mbedtls_havege_state)); } /* * HAVEGE rand function */ -int mbedtls_havege_random( void *p_rng, unsigned char *buf, size_t len ) +int mbedtls_havege_random(void *p_rng, unsigned char *buf, size_t len) { uint32_t val; size_t use_len; mbedtls_havege_state *hs = (mbedtls_havege_state *) p_rng; unsigned char *p = buf; - while( len > 0 ) - { + while (len > 0) { use_len = len; - if( use_len > sizeof( val ) ) - use_len = sizeof( val ); + if (use_len > sizeof(val)) { + use_len = sizeof(val); + } - if( hs->offset[1] >= MBEDTLS_HAVEGE_COLLECT_SIZE ) - havege_fill( hs ); + if (hs->offset[1] >= MBEDTLS_HAVEGE_COLLECT_SIZE) { + havege_fill(hs); + } val = hs->pool[hs->offset[0]++]; val ^= hs->pool[hs->offset[1]++]; - memcpy( p, &val, use_len ); + memcpy(p, &val, use_len); len -= use_len; p += use_len; } - return( 0 ); + return 0; } #endif /* MBEDTLS_HAVEGE_C */ diff --git a/thirdparty/mbedtls/library/hkdf.c b/thirdparty/mbedtls/library/hkdf.c index 5013729d2a..a3f071ecef 100644 --- a/thirdparty/mbedtls/library/hkdf.c +++ b/thirdparty/mbedtls/library/hkdf.c @@ -25,47 +25,43 @@ #include "mbedtls/platform_util.h" #include "mbedtls/error.h" -int mbedtls_hkdf( const mbedtls_md_info_t *md, const unsigned char *salt, - size_t salt_len, const unsigned char *ikm, size_t ikm_len, - const unsigned char *info, size_t info_len, - unsigned char *okm, size_t okm_len ) +int mbedtls_hkdf(const mbedtls_md_info_t *md, const unsigned char *salt, + size_t salt_len, const unsigned char *ikm, size_t ikm_len, + const unsigned char *info, size_t info_len, + unsigned char *okm, size_t okm_len) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char prk[MBEDTLS_MD_MAX_SIZE]; - ret = mbedtls_hkdf_extract( md, salt, salt_len, ikm, ikm_len, prk ); + ret = mbedtls_hkdf_extract(md, salt, salt_len, ikm, ikm_len, prk); - if( ret == 0 ) - { - ret = mbedtls_hkdf_expand( md, prk, mbedtls_md_get_size( md ), - info, info_len, okm, okm_len ); + if (ret == 0) { + ret = mbedtls_hkdf_expand(md, prk, mbedtls_md_get_size(md), + info, info_len, okm, okm_len); } - mbedtls_platform_zeroize( prk, sizeof( prk ) ); + mbedtls_platform_zeroize(prk, sizeof(prk)); - return( ret ); + return ret; } -int mbedtls_hkdf_extract( const mbedtls_md_info_t *md, - const unsigned char *salt, size_t salt_len, - const unsigned char *ikm, size_t ikm_len, - unsigned char *prk ) +int mbedtls_hkdf_extract(const mbedtls_md_info_t *md, + const unsigned char *salt, size_t salt_len, + const unsigned char *ikm, size_t ikm_len, + unsigned char *prk) { unsigned char null_salt[MBEDTLS_MD_MAX_SIZE] = { '\0' }; - if( salt == NULL ) - { + if (salt == NULL) { size_t hash_len; - if( salt_len != 0 ) - { + if (salt_len != 0) { return MBEDTLS_ERR_HKDF_BAD_INPUT_DATA; } - hash_len = mbedtls_md_get_size( md ); + hash_len = mbedtls_md_get_size(md); - if( hash_len == 0 ) - { + if (hash_len == 0) { return MBEDTLS_ERR_HKDF_BAD_INPUT_DATA; } @@ -73,12 +69,12 @@ int mbedtls_hkdf_extract( const mbedtls_md_info_t *md, salt_len = hash_len; } - return( mbedtls_md_hmac( md, salt, salt_len, ikm, ikm_len, prk ) ); + return mbedtls_md_hmac(md, salt, salt_len, ikm, ikm_len, prk); } -int mbedtls_hkdf_expand( const mbedtls_md_info_t *md, const unsigned char *prk, - size_t prk_len, const unsigned char *info, - size_t info_len, unsigned char *okm, size_t okm_len ) +int mbedtls_hkdf_expand(const mbedtls_md_info_t *md, const unsigned char *prk, + size_t prk_len, const unsigned char *info, + size_t info_len, unsigned char *okm, size_t okm_len) { size_t hash_len; size_t where = 0; @@ -89,28 +85,24 @@ int mbedtls_hkdf_expand( const mbedtls_md_info_t *md, const unsigned char *prk, mbedtls_md_context_t ctx; unsigned char t[MBEDTLS_MD_MAX_SIZE]; - if( okm == NULL ) - { - return( MBEDTLS_ERR_HKDF_BAD_INPUT_DATA ); + if (okm == NULL) { + return MBEDTLS_ERR_HKDF_BAD_INPUT_DATA; } - hash_len = mbedtls_md_get_size( md ); + hash_len = mbedtls_md_get_size(md); - if( prk_len < hash_len || hash_len == 0 ) - { - return( MBEDTLS_ERR_HKDF_BAD_INPUT_DATA ); + if (prk_len < hash_len || hash_len == 0) { + return MBEDTLS_ERR_HKDF_BAD_INPUT_DATA; } - if( info == NULL ) - { + if (info == NULL) { info = (const unsigned char *) ""; info_len = 0; } n = okm_len / hash_len; - if( okm_len % hash_len != 0 ) - { + if (okm_len % hash_len != 0) { n++; } @@ -118,72 +110,64 @@ int mbedtls_hkdf_expand( const mbedtls_md_info_t *md, const unsigned char *prk, * Per RFC 5869 Section 2.3, okm_len must not exceed * 255 times the hash length */ - if( n > 255 ) - { - return( MBEDTLS_ERR_HKDF_BAD_INPUT_DATA ); + if (n > 255) { + return MBEDTLS_ERR_HKDF_BAD_INPUT_DATA; } - mbedtls_md_init( &ctx ); + mbedtls_md_init(&ctx); - if( ( ret = mbedtls_md_setup( &ctx, md, 1 ) ) != 0 ) - { + if ((ret = mbedtls_md_setup(&ctx, md, 1)) != 0) { goto exit; } - memset( t, 0, hash_len ); + memset(t, 0, hash_len); /* * Compute T = T(1) | T(2) | T(3) | ... | T(N) * Where T(N) is defined in RFC 5869 Section 2.3 */ - for( i = 1; i <= n; i++ ) - { + for (i = 1; i <= n; i++) { size_t num_to_copy; unsigned char c = i & 0xff; - ret = mbedtls_md_hmac_starts( &ctx, prk, prk_len ); - if( ret != 0 ) - { + ret = mbedtls_md_hmac_starts(&ctx, prk, prk_len); + if (ret != 0) { goto exit; } - ret = mbedtls_md_hmac_update( &ctx, t, t_len ); - if( ret != 0 ) - { + ret = mbedtls_md_hmac_update(&ctx, t, t_len); + if (ret != 0) { goto exit; } - ret = mbedtls_md_hmac_update( &ctx, info, info_len ); - if( ret != 0 ) - { + ret = mbedtls_md_hmac_update(&ctx, info, info_len); + if (ret != 0) { goto exit; } /* The constant concatenated to the end of each T(n) is a single octet. * */ - ret = mbedtls_md_hmac_update( &ctx, &c, 1 ); - if( ret != 0 ) - { + ret = mbedtls_md_hmac_update(&ctx, &c, 1); + if (ret != 0) { goto exit; } - ret = mbedtls_md_hmac_finish( &ctx, t ); - if( ret != 0 ) - { + ret = mbedtls_md_hmac_finish(&ctx, t); + if (ret != 0) { goto exit; } num_to_copy = i != n ? hash_len : okm_len - where; - memcpy( okm + where, t, num_to_copy ); + memcpy(okm + where, t, num_to_copy); where += hash_len; t_len = hash_len; } exit: - mbedtls_md_free( &ctx ); - mbedtls_platform_zeroize( t, sizeof( t ) ); + mbedtls_md_free(&ctx); + mbedtls_platform_zeroize(t, sizeof(t)); - return( ret ); + return ret; } #endif /* MBEDTLS_HKDF_C */ diff --git a/thirdparty/mbedtls/library/hmac_drbg.c b/thirdparty/mbedtls/library/hmac_drbg.c index 69272fa73d..fabe00252a 100644 --- a/thirdparty/mbedtls/library/hmac_drbg.c +++ b/thirdparty/mbedtls/library/hmac_drbg.c @@ -42,9 +42,9 @@ /* * HMAC_DRBG context initialization */ -void mbedtls_hmac_drbg_init( mbedtls_hmac_drbg_context *ctx ) +void mbedtls_hmac_drbg_init(mbedtls_hmac_drbg_context *ctx) { - memset( ctx, 0, sizeof( mbedtls_hmac_drbg_context ) ); + memset(ctx, 0, sizeof(mbedtls_hmac_drbg_context)); ctx->reseed_interval = MBEDTLS_HMAC_DRBG_RESEED_INTERVAL; } @@ -52,74 +52,81 @@ void mbedtls_hmac_drbg_init( mbedtls_hmac_drbg_context *ctx ) /* * HMAC_DRBG update, using optional additional data (10.1.2.2) */ -int mbedtls_hmac_drbg_update_ret( mbedtls_hmac_drbg_context *ctx, - const unsigned char *additional, - size_t add_len ) +int mbedtls_hmac_drbg_update_ret(mbedtls_hmac_drbg_context *ctx, + const unsigned char *additional, + size_t add_len) { - size_t md_len = mbedtls_md_get_size( ctx->md_ctx.md_info ); - unsigned char rounds = ( additional != NULL && add_len != 0 ) ? 2 : 1; + size_t md_len = mbedtls_md_get_size(ctx->md_ctx.md_info); + unsigned char rounds = (additional != NULL && add_len != 0) ? 2 : 1; unsigned char sep[1]; unsigned char K[MBEDTLS_MD_MAX_SIZE]; int ret = MBEDTLS_ERR_MD_BAD_INPUT_DATA; - for( sep[0] = 0; sep[0] < rounds; sep[0]++ ) - { + for (sep[0] = 0; sep[0] < rounds; sep[0]++) { /* Step 1 or 4 */ - if( ( ret = mbedtls_md_hmac_reset( &ctx->md_ctx ) ) != 0 ) - goto exit; - if( ( ret = mbedtls_md_hmac_update( &ctx->md_ctx, - ctx->V, md_len ) ) != 0 ) + if ((ret = mbedtls_md_hmac_reset(&ctx->md_ctx)) != 0) { goto exit; - if( ( ret = mbedtls_md_hmac_update( &ctx->md_ctx, - sep, 1 ) ) != 0 ) + } + if ((ret = mbedtls_md_hmac_update(&ctx->md_ctx, + ctx->V, md_len)) != 0) { goto exit; - if( rounds == 2 ) - { - if( ( ret = mbedtls_md_hmac_update( &ctx->md_ctx, - additional, add_len ) ) != 0 ) + } + if ((ret = mbedtls_md_hmac_update(&ctx->md_ctx, + sep, 1)) != 0) { goto exit; } - if( ( ret = mbedtls_md_hmac_finish( &ctx->md_ctx, K ) ) != 0 ) + if (rounds == 2) { + if ((ret = mbedtls_md_hmac_update(&ctx->md_ctx, + additional, add_len)) != 0) { + goto exit; + } + } + if ((ret = mbedtls_md_hmac_finish(&ctx->md_ctx, K)) != 0) { goto exit; + } /* Step 2 or 5 */ - if( ( ret = mbedtls_md_hmac_starts( &ctx->md_ctx, K, md_len ) ) != 0 ) + if ((ret = mbedtls_md_hmac_starts(&ctx->md_ctx, K, md_len)) != 0) { goto exit; - if( ( ret = mbedtls_md_hmac_update( &ctx->md_ctx, - ctx->V, md_len ) ) != 0 ) + } + if ((ret = mbedtls_md_hmac_update(&ctx->md_ctx, + ctx->V, md_len)) != 0) { goto exit; - if( ( ret = mbedtls_md_hmac_finish( &ctx->md_ctx, ctx->V ) ) != 0 ) + } + if ((ret = mbedtls_md_hmac_finish(&ctx->md_ctx, ctx->V)) != 0) { goto exit; + } } exit: - mbedtls_platform_zeroize( K, sizeof( K ) ); - return( ret ); + mbedtls_platform_zeroize(K, sizeof(K)); + return ret; } #if !defined(MBEDTLS_DEPRECATED_REMOVED) -void mbedtls_hmac_drbg_update( mbedtls_hmac_drbg_context *ctx, - const unsigned char *additional, - size_t add_len ) +void mbedtls_hmac_drbg_update(mbedtls_hmac_drbg_context *ctx, + const unsigned char *additional, + size_t add_len) { - (void) mbedtls_hmac_drbg_update_ret( ctx, additional, add_len ); + (void) mbedtls_hmac_drbg_update_ret(ctx, additional, add_len); } #endif /* MBEDTLS_DEPRECATED_REMOVED */ /* * Simplified HMAC_DRBG initialisation (for use with deterministic ECDSA) */ -int mbedtls_hmac_drbg_seed_buf( mbedtls_hmac_drbg_context *ctx, - const mbedtls_md_info_t * md_info, - const unsigned char *data, size_t data_len ) +int mbedtls_hmac_drbg_seed_buf(mbedtls_hmac_drbg_context *ctx, + const mbedtls_md_info_t *md_info, + const unsigned char *data, size_t data_len) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - if( ( ret = mbedtls_md_setup( &ctx->md_ctx, md_info, 1 ) ) != 0 ) - return( ret ); + if ((ret = mbedtls_md_setup(&ctx->md_ctx, md_info, 1)) != 0) { + return ret; + } #if defined(MBEDTLS_THREADING_C) - mbedtls_mutex_init( &ctx->mutex ); + mbedtls_mutex_init(&ctx->mutex); #endif /* @@ -127,15 +134,17 @@ int mbedtls_hmac_drbg_seed_buf( mbedtls_hmac_drbg_context *ctx, * Use the V memory location, which is currently all 0, to initialize the * MD context with an all-zero key. Then set V to its initial value. */ - if( ( ret = mbedtls_md_hmac_starts( &ctx->md_ctx, ctx->V, - mbedtls_md_get_size( md_info ) ) ) != 0 ) - return( ret ); - memset( ctx->V, 0x01, mbedtls_md_get_size( md_info ) ); + if ((ret = mbedtls_md_hmac_starts(&ctx->md_ctx, ctx->V, + mbedtls_md_get_size(md_info))) != 0) { + return ret; + } + memset(ctx->V, 0x01, mbedtls_md_get_size(md_info)); - if( ( ret = mbedtls_hmac_drbg_update_ret( ctx, data, data_len ) ) != 0 ) - return( ret ); + if ((ret = mbedtls_hmac_drbg_update_ret(ctx, data, data_len)) != 0) { + return ret; + } - return( 0 ); + return 0; } /* @@ -143,9 +152,9 @@ int mbedtls_hmac_drbg_seed_buf( mbedtls_hmac_drbg_context *ctx, * Comments starting with arabic numbers refer to section 10.1.2.4 * of SP800-90A, while roman numbers refer to section 9.2. */ -static int hmac_drbg_reseed_core( mbedtls_hmac_drbg_context *ctx, - const unsigned char *additional, size_t len, - int use_nonce ) +static int hmac_drbg_reseed_core(mbedtls_hmac_drbg_context *ctx, + const unsigned char *additional, size_t len, + int use_nonce) { unsigned char seed[MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT]; size_t seedlen = 0; @@ -154,33 +163,31 @@ static int hmac_drbg_reseed_core( mbedtls_hmac_drbg_context *ctx, { size_t total_entropy_len; - if( use_nonce == 0 ) + if (use_nonce == 0) { total_entropy_len = ctx->entropy_len; - else + } else { total_entropy_len = ctx->entropy_len * 3 / 2; + } /* III. Check input length */ - if( len > MBEDTLS_HMAC_DRBG_MAX_INPUT || - total_entropy_len + len > MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT ) - { - return( MBEDTLS_ERR_HMAC_DRBG_INPUT_TOO_BIG ); + if (len > MBEDTLS_HMAC_DRBG_MAX_INPUT || + total_entropy_len + len > MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT) { + return MBEDTLS_ERR_HMAC_DRBG_INPUT_TOO_BIG; } } - memset( seed, 0, MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT ); + memset(seed, 0, MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT); /* IV. Gather entropy_len bytes of entropy for the seed */ - if( ( ret = ctx->f_entropy( ctx->p_entropy, - seed, ctx->entropy_len ) ) != 0 ) - { - return( MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED ); + if ((ret = ctx->f_entropy(ctx->p_entropy, + seed, ctx->entropy_len)) != 0) { + return MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED; } seedlen += ctx->entropy_len; /* For initial seeding, allow adding of nonce generated * from the entropy source. See Sect 8.6.7 in SP800-90A. */ - if( use_nonce ) - { + if (use_nonce) { /* Note: We don't merge the two calls to f_entropy() in order * to avoid requesting too much entropy from f_entropy() * at once. Specifically, if the underlying digest is not @@ -188,11 +195,10 @@ static int hmac_drbg_reseed_core( mbedtls_hmac_drbg_context *ctx, * is larger than the maximum of 32 Bytes that our own * entropy source implementation can emit in a single * call in configurations disabling SHA-512. */ - if( ( ret = ctx->f_entropy( ctx->p_entropy, - seed + seedlen, - ctx->entropy_len / 2 ) ) != 0 ) - { - return( MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED ); + if ((ret = ctx->f_entropy(ctx->p_entropy, + seed + seedlen, + ctx->entropy_len / 2)) != 0) { + return MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED; } seedlen += ctx->entropy_len / 2; @@ -200,32 +206,32 @@ static int hmac_drbg_reseed_core( mbedtls_hmac_drbg_context *ctx, /* 1. Concatenate entropy and additional data if any */ - if( additional != NULL && len != 0 ) - { - memcpy( seed + seedlen, additional, len ); + if (additional != NULL && len != 0) { + memcpy(seed + seedlen, additional, len); seedlen += len; } /* 2. Update state */ - if( ( ret = mbedtls_hmac_drbg_update_ret( ctx, seed, seedlen ) ) != 0 ) + if ((ret = mbedtls_hmac_drbg_update_ret(ctx, seed, seedlen)) != 0) { goto exit; + } /* 3. Reset reseed_counter */ ctx->reseed_counter = 1; exit: /* 4. Done */ - mbedtls_platform_zeroize( seed, seedlen ); - return( ret ); + mbedtls_platform_zeroize(seed, seedlen); + return ret; } /* * HMAC_DRBG reseeding: 10.1.2.4 + 9.2 */ -int mbedtls_hmac_drbg_reseed( mbedtls_hmac_drbg_context *ctx, - const unsigned char *additional, size_t len ) +int mbedtls_hmac_drbg_reseed(mbedtls_hmac_drbg_context *ctx, + const unsigned char *additional, size_t len) { - return( hmac_drbg_reseed_core( ctx, additional, len, 0 ) ); + return hmac_drbg_reseed_core(ctx, additional, len, 0); } /* @@ -234,40 +240,41 @@ int mbedtls_hmac_drbg_reseed( mbedtls_hmac_drbg_context *ctx, * The nonce is not passed as a separate parameter but extracted * from the entropy source as suggested in 8.6.7. */ -int mbedtls_hmac_drbg_seed( mbedtls_hmac_drbg_context *ctx, - const mbedtls_md_info_t * md_info, - int (*f_entropy)(void *, unsigned char *, size_t), - void *p_entropy, - const unsigned char *custom, - size_t len ) +int mbedtls_hmac_drbg_seed(mbedtls_hmac_drbg_context *ctx, + const mbedtls_md_info_t *md_info, + int (*f_entropy)(void *, unsigned char *, size_t), + void *p_entropy, + const unsigned char *custom, + size_t len) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t md_size; - if( ( ret = mbedtls_md_setup( &ctx->md_ctx, md_info, 1 ) ) != 0 ) - return( ret ); + if ((ret = mbedtls_md_setup(&ctx->md_ctx, md_info, 1)) != 0) { + return ret; + } /* The mutex is initialized iff the md context is set up. */ #if defined(MBEDTLS_THREADING_C) - mbedtls_mutex_init( &ctx->mutex ); + mbedtls_mutex_init(&ctx->mutex); #endif - md_size = mbedtls_md_get_size( md_info ); + md_size = mbedtls_md_get_size(md_info); /* * Set initial working state. * Use the V memory location, which is currently all 0, to initialize the * MD context with an all-zero key. Then set V to its initial value. */ - if( ( ret = mbedtls_md_hmac_starts( &ctx->md_ctx, ctx->V, md_size ) ) != 0 ) - return( ret ); - memset( ctx->V, 0x01, md_size ); + if ((ret = mbedtls_md_hmac_starts(&ctx->md_ctx, ctx->V, md_size)) != 0) { + return ret; + } + memset(ctx->V, 0x01, md_size); ctx->f_entropy = f_entropy; ctx->p_entropy = p_entropy; - if( ctx->entropy_len == 0 ) - { + if (ctx->entropy_len == 0) { /* * See SP800-57 5.6.1 (p. 65-66) for the security strength provided by * each hash function, then according to SP800-90A rev1 10.1 table 2, @@ -280,20 +287,19 @@ int mbedtls_hmac_drbg_seed( mbedtls_hmac_drbg_context *ctx, 32; /* better (256+) -> 256 bits */ } - if( ( ret = hmac_drbg_reseed_core( ctx, custom, len, - 1 /* add nonce */ ) ) != 0 ) - { - return( ret ); + if ((ret = hmac_drbg_reseed_core(ctx, custom, len, + 1 /* add nonce */)) != 0) { + return ret; } - return( 0 ); + return 0; } /* * Set prediction resistance */ -void mbedtls_hmac_drbg_set_prediction_resistance( mbedtls_hmac_drbg_context *ctx, - int resistance ) +void mbedtls_hmac_drbg_set_prediction_resistance(mbedtls_hmac_drbg_context *ctx, + int resistance) { ctx->prediction_resistance = resistance; } @@ -301,7 +307,7 @@ void mbedtls_hmac_drbg_set_prediction_resistance( mbedtls_hmac_drbg_context *ctx /* * Set entropy length grabbed for seeding */ -void mbedtls_hmac_drbg_set_entropy_len( mbedtls_hmac_drbg_context *ctx, size_t len ) +void mbedtls_hmac_drbg_set_entropy_len(mbedtls_hmac_drbg_context *ctx, size_t len) { ctx->entropy_len = len; } @@ -309,7 +315,7 @@ void mbedtls_hmac_drbg_set_entropy_len( mbedtls_hmac_drbg_context *ctx, size_t l /* * Set reseed interval */ -void mbedtls_hmac_drbg_set_reseed_interval( mbedtls_hmac_drbg_context *ctx, int interval ) +void mbedtls_hmac_drbg_set_reseed_interval(mbedtls_hmac_drbg_context *ctx, int interval) { ctx->reseed_interval = interval; } @@ -318,131 +324,141 @@ void mbedtls_hmac_drbg_set_reseed_interval( mbedtls_hmac_drbg_context *ctx, int * HMAC_DRBG random function with optional additional data: * 10.1.2.5 (arabic) + 9.3 (Roman) */ -int mbedtls_hmac_drbg_random_with_add( void *p_rng, - unsigned char *output, size_t out_len, - const unsigned char *additional, size_t add_len ) +int mbedtls_hmac_drbg_random_with_add(void *p_rng, + unsigned char *output, size_t out_len, + const unsigned char *additional, size_t add_len) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_hmac_drbg_context *ctx = (mbedtls_hmac_drbg_context *) p_rng; - size_t md_len = mbedtls_md_get_size( ctx->md_ctx.md_info ); + size_t md_len = mbedtls_md_get_size(ctx->md_ctx.md_info); size_t left = out_len; unsigned char *out = output; /* II. Check request length */ - if( out_len > MBEDTLS_HMAC_DRBG_MAX_REQUEST ) - return( MBEDTLS_ERR_HMAC_DRBG_REQUEST_TOO_BIG ); + if (out_len > MBEDTLS_HMAC_DRBG_MAX_REQUEST) { + return MBEDTLS_ERR_HMAC_DRBG_REQUEST_TOO_BIG; + } /* III. Check input length */ - if( add_len > MBEDTLS_HMAC_DRBG_MAX_INPUT ) - return( MBEDTLS_ERR_HMAC_DRBG_INPUT_TOO_BIG ); + if (add_len > MBEDTLS_HMAC_DRBG_MAX_INPUT) { + return MBEDTLS_ERR_HMAC_DRBG_INPUT_TOO_BIG; + } /* 1. (aka VII and IX) Check reseed counter and PR */ - if( ctx->f_entropy != NULL && /* For no-reseeding instances */ - ( ctx->prediction_resistance == MBEDTLS_HMAC_DRBG_PR_ON || - ctx->reseed_counter > ctx->reseed_interval ) ) - { - if( ( ret = mbedtls_hmac_drbg_reseed( ctx, additional, add_len ) ) != 0 ) - return( ret ); + if (ctx->f_entropy != NULL && /* For no-reseeding instances */ + (ctx->prediction_resistance == MBEDTLS_HMAC_DRBG_PR_ON || + ctx->reseed_counter > ctx->reseed_interval)) { + if ((ret = mbedtls_hmac_drbg_reseed(ctx, additional, add_len)) != 0) { + return ret; + } add_len = 0; /* VII.4 */ } /* 2. Use additional data if any */ - if( additional != NULL && add_len != 0 ) - { - if( ( ret = mbedtls_hmac_drbg_update_ret( ctx, - additional, add_len ) ) != 0 ) + if (additional != NULL && add_len != 0) { + if ((ret = mbedtls_hmac_drbg_update_ret(ctx, + additional, add_len)) != 0) { goto exit; + } } /* 3, 4, 5. Generate bytes */ - while( left != 0 ) - { + while (left != 0) { size_t use_len = left > md_len ? md_len : left; - if( ( ret = mbedtls_md_hmac_reset( &ctx->md_ctx ) ) != 0 ) + if ((ret = mbedtls_md_hmac_reset(&ctx->md_ctx)) != 0) { goto exit; - if( ( ret = mbedtls_md_hmac_update( &ctx->md_ctx, - ctx->V, md_len ) ) != 0 ) + } + if ((ret = mbedtls_md_hmac_update(&ctx->md_ctx, + ctx->V, md_len)) != 0) { goto exit; - if( ( ret = mbedtls_md_hmac_finish( &ctx->md_ctx, ctx->V ) ) != 0 ) + } + if ((ret = mbedtls_md_hmac_finish(&ctx->md_ctx, ctx->V)) != 0) { goto exit; + } - memcpy( out, ctx->V, use_len ); + memcpy(out, ctx->V, use_len); out += use_len; left -= use_len; } /* 6. Update */ - if( ( ret = mbedtls_hmac_drbg_update_ret( ctx, - additional, add_len ) ) != 0 ) + if ((ret = mbedtls_hmac_drbg_update_ret(ctx, + additional, add_len)) != 0) { goto exit; + } /* 7. Update reseed counter */ ctx->reseed_counter++; exit: /* 8. Done */ - return( ret ); + return ret; } /* * HMAC_DRBG random function */ -int mbedtls_hmac_drbg_random( void *p_rng, unsigned char *output, size_t out_len ) +int mbedtls_hmac_drbg_random(void *p_rng, unsigned char *output, size_t out_len) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_hmac_drbg_context *ctx = (mbedtls_hmac_drbg_context *) p_rng; #if defined(MBEDTLS_THREADING_C) - if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 ) - return( ret ); + if ((ret = mbedtls_mutex_lock(&ctx->mutex)) != 0) { + return ret; + } #endif - ret = mbedtls_hmac_drbg_random_with_add( ctx, output, out_len, NULL, 0 ); + ret = mbedtls_hmac_drbg_random_with_add(ctx, output, out_len, NULL, 0); #if defined(MBEDTLS_THREADING_C) - if( mbedtls_mutex_unlock( &ctx->mutex ) != 0 ) - return( MBEDTLS_ERR_THREADING_MUTEX_ERROR ); + if (mbedtls_mutex_unlock(&ctx->mutex) != 0) { + return MBEDTLS_ERR_THREADING_MUTEX_ERROR; + } #endif - return( ret ); + return ret; } /* * This function resets HMAC_DRBG context to the state immediately * after initial call of mbedtls_hmac_drbg_init(). */ -void mbedtls_hmac_drbg_free( mbedtls_hmac_drbg_context *ctx ) +void mbedtls_hmac_drbg_free(mbedtls_hmac_drbg_context *ctx) { - if( ctx == NULL ) + if (ctx == NULL) { return; + } #if defined(MBEDTLS_THREADING_C) /* The mutex is initialized iff the md context is set up. */ - if( ctx->md_ctx.md_info != NULL ) - mbedtls_mutex_free( &ctx->mutex ); + if (ctx->md_ctx.md_info != NULL) { + mbedtls_mutex_free(&ctx->mutex); + } #endif - mbedtls_md_free( &ctx->md_ctx ); - mbedtls_platform_zeroize( ctx, sizeof( mbedtls_hmac_drbg_context ) ); + mbedtls_md_free(&ctx->md_ctx); + mbedtls_platform_zeroize(ctx, sizeof(mbedtls_hmac_drbg_context)); ctx->reseed_interval = MBEDTLS_HMAC_DRBG_RESEED_INTERVAL; } #if defined(MBEDTLS_FS_IO) -int mbedtls_hmac_drbg_write_seed_file( mbedtls_hmac_drbg_context *ctx, const char *path ) +int mbedtls_hmac_drbg_write_seed_file(mbedtls_hmac_drbg_context *ctx, const char *path) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; FILE *f; - unsigned char buf[ MBEDTLS_HMAC_DRBG_MAX_INPUT ]; + unsigned char buf[MBEDTLS_HMAC_DRBG_MAX_INPUT]; - if( ( f = fopen( path, "wb" ) ) == NULL ) - return( MBEDTLS_ERR_HMAC_DRBG_FILE_IO_ERROR ); + if ((f = fopen(path, "wb")) == NULL) { + return MBEDTLS_ERR_HMAC_DRBG_FILE_IO_ERROR; + } - if( ( ret = mbedtls_hmac_drbg_random( ctx, buf, sizeof( buf ) ) ) != 0 ) + if ((ret = mbedtls_hmac_drbg_random(ctx, buf, sizeof(buf))) != 0) { goto exit; + } - if( fwrite( buf, 1, sizeof( buf ), f ) != sizeof( buf ) ) - { + if (fwrite(buf, 1, sizeof(buf), f) != sizeof(buf)) { ret = MBEDTLS_ERR_HMAC_DRBG_FILE_IO_ERROR; goto exit; } @@ -450,46 +466,47 @@ int mbedtls_hmac_drbg_write_seed_file( mbedtls_hmac_drbg_context *ctx, const cha ret = 0; exit: - fclose( f ); - mbedtls_platform_zeroize( buf, sizeof( buf ) ); + fclose(f); + mbedtls_platform_zeroize(buf, sizeof(buf)); - return( ret ); + return ret; } -int mbedtls_hmac_drbg_update_seed_file( mbedtls_hmac_drbg_context *ctx, const char *path ) +int mbedtls_hmac_drbg_update_seed_file(mbedtls_hmac_drbg_context *ctx, const char *path) { int ret = 0; FILE *f = NULL; size_t n; - unsigned char buf[ MBEDTLS_HMAC_DRBG_MAX_INPUT ]; + unsigned char buf[MBEDTLS_HMAC_DRBG_MAX_INPUT]; unsigned char c; - if( ( f = fopen( path, "rb" ) ) == NULL ) - return( MBEDTLS_ERR_HMAC_DRBG_FILE_IO_ERROR ); + if ((f = fopen(path, "rb")) == NULL) { + return MBEDTLS_ERR_HMAC_DRBG_FILE_IO_ERROR; + } - n = fread( buf, 1, sizeof( buf ), f ); - if( fread( &c, 1, 1, f ) != 0 ) - { + n = fread(buf, 1, sizeof(buf), f); + if (fread(&c, 1, 1, f) != 0) { ret = MBEDTLS_ERR_HMAC_DRBG_INPUT_TOO_BIG; goto exit; } - if( n == 0 || ferror( f ) ) - { + if (n == 0 || ferror(f)) { ret = MBEDTLS_ERR_HMAC_DRBG_FILE_IO_ERROR; goto exit; } - fclose( f ); + fclose(f); f = NULL; - ret = mbedtls_hmac_drbg_update_ret( ctx, buf, n ); + ret = mbedtls_hmac_drbg_update_ret(ctx, buf, n); exit: - mbedtls_platform_zeroize( buf, sizeof( buf ) ); - if( f != NULL ) - fclose( f ); - if( ret != 0 ) - return( ret ); - return( mbedtls_hmac_drbg_write_seed_file( ctx, path ) ); + mbedtls_platform_zeroize(buf, sizeof(buf)); + if (f != NULL) { + fclose(f); + } + if (ret != 0) { + return ret; + } + return mbedtls_hmac_drbg_write_seed_file(ctx, path); } #endif /* MBEDTLS_FS_IO */ @@ -498,10 +515,10 @@ exit: #if !defined(MBEDTLS_SHA1_C) /* Dummy checkup routine */ -int mbedtls_hmac_drbg_self_test( int verbose ) +int mbedtls_hmac_drbg_self_test(int verbose) { (void) verbose; - return( 0 ); + return 0; } #else @@ -513,7 +530,8 @@ static const unsigned char entropy_pr[] = { 0xf7, 0x3e, 0x9c, 0x5b, 0x64, 0xef, 0xd8, 0xca, 0x02, 0x8c, 0xf8, 0x11, 0x48, 0xa5, 0x84, 0xfe, 0x69, 0xab, 0x5a, 0xee, 0x42, 0xaa, 0x4d, 0x42, 0x17, 0x60, 0x99, 0xd4, 0x5e, 0x13, 0x97, 0xdc, 0x40, 0x4d, 0x86, 0xa3, - 0x7b, 0xf5, 0x59, 0x54, 0x75, 0x69, 0x51, 0xe4 }; + 0x7b, 0xf5, 0x59, 0x54, 0x75, 0x69, 0x51, 0xe4 +}; static const unsigned char result_pr[OUTPUT_LEN] = { 0x9a, 0x00, 0xa2, 0xd0, 0x0e, 0xd5, 0x9b, 0xfe, 0x31, 0xec, 0xb1, 0x39, 0x9b, 0x60, 0x81, 0x48, 0xd1, 0x96, 0x9d, 0x25, 0x0d, 0x3c, 0x1e, 0x94, @@ -521,14 +539,16 @@ static const unsigned char result_pr[OUTPUT_LEN] = { 0x73, 0x19, 0x70, 0xc0, 0x10, 0x7a, 0xa4, 0x89, 0x25, 0x19, 0x95, 0x5e, 0x4b, 0xc6, 0x00, 0x1d, 0x7f, 0x4e, 0x6a, 0x2b, 0xf8, 0xa3, 0x01, 0xab, 0x46, 0x05, 0x5c, 0x09, 0xa6, 0x71, 0x88, 0xf1, 0xa7, 0x40, 0xee, 0xf3, - 0xe1, 0x5c, 0x02, 0x9b, 0x44, 0xaf, 0x03, 0x44 }; + 0xe1, 0x5c, 0x02, 0x9b, 0x44, 0xaf, 0x03, 0x44 +}; /* From a NIST PR=false test vector */ static const unsigned char entropy_nopr[] = { 0x79, 0x34, 0x9b, 0xbf, 0x7c, 0xdd, 0xa5, 0x79, 0x95, 0x57, 0x86, 0x66, 0x21, 0xc9, 0x13, 0x83, 0x11, 0x46, 0x73, 0x3a, 0xbf, 0x8c, 0x35, 0xc8, 0xc7, 0x21, 0x5b, 0x5b, 0x96, 0xc4, 0x8e, 0x9b, 0x33, 0x8c, 0x74, 0xe3, - 0xe9, 0x9d, 0xfe, 0xdf }; + 0xe9, 0x9d, 0xfe, 0xdf +}; static const unsigned char result_nopr[OUTPUT_LEN] = { 0xc6, 0xa1, 0x6a, 0xb8, 0xd4, 0x20, 0x70, 0x6f, 0x0f, 0x34, 0xab, 0x7f, 0xec, 0x5a, 0xdc, 0xa9, 0xd8, 0xca, 0x3a, 0x13, 0x3e, 0x15, 0x9c, 0xa6, @@ -536,85 +556,91 @@ static const unsigned char result_nopr[OUTPUT_LEN] = { 0xff, 0xb1, 0x0d, 0x71, 0x94, 0xf1, 0xc1, 0xa5, 0xcf, 0x73, 0x22, 0xec, 0x1a, 0xe0, 0x96, 0x4e, 0xd4, 0xbf, 0x12, 0x27, 0x46, 0xe0, 0x87, 0xfd, 0xb5, 0xb3, 0xe9, 0x1b, 0x34, 0x93, 0xd5, 0xbb, 0x98, 0xfa, 0xed, 0x49, - 0xe8, 0x5f, 0x13, 0x0f, 0xc8, 0xa4, 0x59, 0xb7 }; + 0xe8, 0x5f, 0x13, 0x0f, 0xc8, 0xa4, 0x59, 0xb7 +}; /* "Entropy" from buffer */ static size_t test_offset; -static int hmac_drbg_self_test_entropy( void *data, - unsigned char *buf, size_t len ) +static int hmac_drbg_self_test_entropy(void *data, + unsigned char *buf, size_t len) { const unsigned char *p = data; - memcpy( buf, p + test_offset, len ); + memcpy(buf, p + test_offset, len); test_offset += len; - return( 0 ); + return 0; } -#define CHK( c ) if( (c) != 0 ) \ - { \ - if( verbose != 0 ) \ - mbedtls_printf( "failed\n" ); \ - return( 1 ); \ - } +#define CHK(c) if ((c) != 0) \ + { \ + if (verbose != 0) \ + mbedtls_printf("failed\n"); \ + return 1; \ + } /* * Checkup routine for HMAC_DRBG with SHA-1 */ -int mbedtls_hmac_drbg_self_test( int verbose ) +int mbedtls_hmac_drbg_self_test(int verbose) { mbedtls_hmac_drbg_context ctx; unsigned char buf[OUTPUT_LEN]; - const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type( MBEDTLS_MD_SHA1 ); + const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type(MBEDTLS_MD_SHA1); - mbedtls_hmac_drbg_init( &ctx ); + mbedtls_hmac_drbg_init(&ctx); /* * PR = True */ - if( verbose != 0 ) - mbedtls_printf( " HMAC_DRBG (PR = True) : " ); + if (verbose != 0) { + mbedtls_printf(" HMAC_DRBG (PR = True) : "); + } test_offset = 0; - CHK( mbedtls_hmac_drbg_seed( &ctx, md_info, - hmac_drbg_self_test_entropy, (void *) entropy_pr, - NULL, 0 ) ); - mbedtls_hmac_drbg_set_prediction_resistance( &ctx, MBEDTLS_HMAC_DRBG_PR_ON ); - CHK( mbedtls_hmac_drbg_random( &ctx, buf, OUTPUT_LEN ) ); - CHK( mbedtls_hmac_drbg_random( &ctx, buf, OUTPUT_LEN ) ); - CHK( memcmp( buf, result_pr, OUTPUT_LEN ) ); - mbedtls_hmac_drbg_free( &ctx ); - - mbedtls_hmac_drbg_free( &ctx ); - - if( verbose != 0 ) - mbedtls_printf( "passed\n" ); + CHK(mbedtls_hmac_drbg_seed(&ctx, md_info, + hmac_drbg_self_test_entropy, (void *) entropy_pr, + NULL, 0)); + mbedtls_hmac_drbg_set_prediction_resistance(&ctx, MBEDTLS_HMAC_DRBG_PR_ON); + CHK(mbedtls_hmac_drbg_random(&ctx, buf, OUTPUT_LEN)); + CHK(mbedtls_hmac_drbg_random(&ctx, buf, OUTPUT_LEN)); + CHK(memcmp(buf, result_pr, OUTPUT_LEN)); + mbedtls_hmac_drbg_free(&ctx); + + mbedtls_hmac_drbg_free(&ctx); + + if (verbose != 0) { + mbedtls_printf("passed\n"); + } /* * PR = False */ - if( verbose != 0 ) - mbedtls_printf( " HMAC_DRBG (PR = False) : " ); + if (verbose != 0) { + mbedtls_printf(" HMAC_DRBG (PR = False) : "); + } - mbedtls_hmac_drbg_init( &ctx ); + mbedtls_hmac_drbg_init(&ctx); test_offset = 0; - CHK( mbedtls_hmac_drbg_seed( &ctx, md_info, - hmac_drbg_self_test_entropy, (void *) entropy_nopr, - NULL, 0 ) ); - CHK( mbedtls_hmac_drbg_reseed( &ctx, NULL, 0 ) ); - CHK( mbedtls_hmac_drbg_random( &ctx, buf, OUTPUT_LEN ) ); - CHK( mbedtls_hmac_drbg_random( &ctx, buf, OUTPUT_LEN ) ); - CHK( memcmp( buf, result_nopr, OUTPUT_LEN ) ); - mbedtls_hmac_drbg_free( &ctx ); - - mbedtls_hmac_drbg_free( &ctx ); - - if( verbose != 0 ) - mbedtls_printf( "passed\n" ); + CHK(mbedtls_hmac_drbg_seed(&ctx, md_info, + hmac_drbg_self_test_entropy, (void *) entropy_nopr, + NULL, 0)); + CHK(mbedtls_hmac_drbg_reseed(&ctx, NULL, 0)); + CHK(mbedtls_hmac_drbg_random(&ctx, buf, OUTPUT_LEN)); + CHK(mbedtls_hmac_drbg_random(&ctx, buf, OUTPUT_LEN)); + CHK(memcmp(buf, result_nopr, OUTPUT_LEN)); + mbedtls_hmac_drbg_free(&ctx); + + mbedtls_hmac_drbg_free(&ctx); + + if (verbose != 0) { + mbedtls_printf("passed\n"); + } - if( verbose != 0 ) - mbedtls_printf( "\n" ); + if (verbose != 0) { + mbedtls_printf("\n"); + } - return( 0 ); + return 0; } #endif /* MBEDTLS_SHA1_C */ #endif /* MBEDTLS_SELF_TEST */ diff --git a/thirdparty/mbedtls/library/md.c b/thirdparty/mbedtls/library/md.c index 53a84b01c6..1e24ee45bc 100644 --- a/thirdparty/mbedtls/library/md.c +++ b/thirdparty/mbedtls/library/md.c @@ -131,174 +131,182 @@ const mbedtls_md_info_t mbedtls_sha512_info = { static const int supported_digests[] = { #if defined(MBEDTLS_SHA512_C) - MBEDTLS_MD_SHA512, + MBEDTLS_MD_SHA512, #if !defined(MBEDTLS_SHA512_NO_SHA384) - MBEDTLS_MD_SHA384, + MBEDTLS_MD_SHA384, #endif #endif #if defined(MBEDTLS_SHA256_C) - MBEDTLS_MD_SHA256, - MBEDTLS_MD_SHA224, + MBEDTLS_MD_SHA256, + MBEDTLS_MD_SHA224, #endif #if defined(MBEDTLS_SHA1_C) - MBEDTLS_MD_SHA1, + MBEDTLS_MD_SHA1, #endif #if defined(MBEDTLS_RIPEMD160_C) - MBEDTLS_MD_RIPEMD160, + MBEDTLS_MD_RIPEMD160, #endif #if defined(MBEDTLS_MD5_C) - MBEDTLS_MD_MD5, + MBEDTLS_MD_MD5, #endif #if defined(MBEDTLS_MD4_C) - MBEDTLS_MD_MD4, + MBEDTLS_MD_MD4, #endif #if defined(MBEDTLS_MD2_C) - MBEDTLS_MD_MD2, + MBEDTLS_MD_MD2, #endif - MBEDTLS_MD_NONE + MBEDTLS_MD_NONE }; -const int *mbedtls_md_list( void ) +const int *mbedtls_md_list(void) { - return( supported_digests ); + return supported_digests; } -const mbedtls_md_info_t *mbedtls_md_info_from_string( const char *md_name ) +const mbedtls_md_info_t *mbedtls_md_info_from_string(const char *md_name) { - if( NULL == md_name ) - return( NULL ); + if (NULL == md_name) { + return NULL; + } /* Get the appropriate digest information */ #if defined(MBEDTLS_MD2_C) - if( !strcmp( "MD2", md_name ) ) - return mbedtls_md_info_from_type( MBEDTLS_MD_MD2 ); + if (!strcmp("MD2", md_name)) { + return mbedtls_md_info_from_type(MBEDTLS_MD_MD2); + } #endif #if defined(MBEDTLS_MD4_C) - if( !strcmp( "MD4", md_name ) ) - return mbedtls_md_info_from_type( MBEDTLS_MD_MD4 ); + if (!strcmp("MD4", md_name)) { + return mbedtls_md_info_from_type(MBEDTLS_MD_MD4); + } #endif #if defined(MBEDTLS_MD5_C) - if( !strcmp( "MD5", md_name ) ) - return mbedtls_md_info_from_type( MBEDTLS_MD_MD5 ); + if (!strcmp("MD5", md_name)) { + return mbedtls_md_info_from_type(MBEDTLS_MD_MD5); + } #endif #if defined(MBEDTLS_RIPEMD160_C) - if( !strcmp( "RIPEMD160", md_name ) ) - return mbedtls_md_info_from_type( MBEDTLS_MD_RIPEMD160 ); + if (!strcmp("RIPEMD160", md_name)) { + return mbedtls_md_info_from_type(MBEDTLS_MD_RIPEMD160); + } #endif #if defined(MBEDTLS_SHA1_C) - if( !strcmp( "SHA1", md_name ) || !strcmp( "SHA", md_name ) ) - return mbedtls_md_info_from_type( MBEDTLS_MD_SHA1 ); + if (!strcmp("SHA1", md_name) || !strcmp("SHA", md_name)) { + return mbedtls_md_info_from_type(MBEDTLS_MD_SHA1); + } #endif #if defined(MBEDTLS_SHA256_C) - if( !strcmp( "SHA224", md_name ) ) - return mbedtls_md_info_from_type( MBEDTLS_MD_SHA224 ); - if( !strcmp( "SHA256", md_name ) ) - return mbedtls_md_info_from_type( MBEDTLS_MD_SHA256 ); + if (!strcmp("SHA224", md_name)) { + return mbedtls_md_info_from_type(MBEDTLS_MD_SHA224); + } + if (!strcmp("SHA256", md_name)) { + return mbedtls_md_info_from_type(MBEDTLS_MD_SHA256); + } #endif #if defined(MBEDTLS_SHA512_C) #if !defined(MBEDTLS_SHA512_NO_SHA384) - if( !strcmp( "SHA384", md_name ) ) - return mbedtls_md_info_from_type( MBEDTLS_MD_SHA384 ); + if (!strcmp("SHA384", md_name)) { + return mbedtls_md_info_from_type(MBEDTLS_MD_SHA384); + } #endif - if( !strcmp( "SHA512", md_name ) ) - return mbedtls_md_info_from_type( MBEDTLS_MD_SHA512 ); + if (!strcmp("SHA512", md_name)) { + return mbedtls_md_info_from_type(MBEDTLS_MD_SHA512); + } #endif - return( NULL ); + return NULL; } -const mbedtls_md_info_t *mbedtls_md_info_from_type( mbedtls_md_type_t md_type ) +const mbedtls_md_info_t *mbedtls_md_info_from_type(mbedtls_md_type_t md_type) { - switch( md_type ) - { + switch (md_type) { #if defined(MBEDTLS_MD2_C) case MBEDTLS_MD_MD2: - return( &mbedtls_md2_info ); + return &mbedtls_md2_info; #endif #if defined(MBEDTLS_MD4_C) case MBEDTLS_MD_MD4: - return( &mbedtls_md4_info ); + return &mbedtls_md4_info; #endif #if defined(MBEDTLS_MD5_C) case MBEDTLS_MD_MD5: - return( &mbedtls_md5_info ); + return &mbedtls_md5_info; #endif #if defined(MBEDTLS_RIPEMD160_C) case MBEDTLS_MD_RIPEMD160: - return( &mbedtls_ripemd160_info ); + return &mbedtls_ripemd160_info; #endif #if defined(MBEDTLS_SHA1_C) case MBEDTLS_MD_SHA1: - return( &mbedtls_sha1_info ); + return &mbedtls_sha1_info; #endif #if defined(MBEDTLS_SHA256_C) case MBEDTLS_MD_SHA224: - return( &mbedtls_sha224_info ); + return &mbedtls_sha224_info; case MBEDTLS_MD_SHA256: - return( &mbedtls_sha256_info ); + return &mbedtls_sha256_info; #endif #if defined(MBEDTLS_SHA512_C) #if !defined(MBEDTLS_SHA512_NO_SHA384) case MBEDTLS_MD_SHA384: - return( &mbedtls_sha384_info ); + return &mbedtls_sha384_info; #endif case MBEDTLS_MD_SHA512: - return( &mbedtls_sha512_info ); + return &mbedtls_sha512_info; #endif default: - return( NULL ); + return NULL; } } -void mbedtls_md_init( mbedtls_md_context_t *ctx ) +void mbedtls_md_init(mbedtls_md_context_t *ctx) { - memset( ctx, 0, sizeof( mbedtls_md_context_t ) ); + memset(ctx, 0, sizeof(mbedtls_md_context_t)); } -void mbedtls_md_free( mbedtls_md_context_t *ctx ) +void mbedtls_md_free(mbedtls_md_context_t *ctx) { - if( ctx == NULL || ctx->md_info == NULL ) + if (ctx == NULL || ctx->md_info == NULL) { return; + } - if( ctx->md_ctx != NULL ) - { - switch( ctx->md_info->type ) - { + if (ctx->md_ctx != NULL) { + switch (ctx->md_info->type) { #if defined(MBEDTLS_MD2_C) case MBEDTLS_MD_MD2: - mbedtls_md2_free( ctx->md_ctx ); + mbedtls_md2_free(ctx->md_ctx); break; #endif #if defined(MBEDTLS_MD4_C) case MBEDTLS_MD_MD4: - mbedtls_md4_free( ctx->md_ctx ); + mbedtls_md4_free(ctx->md_ctx); break; #endif #if defined(MBEDTLS_MD5_C) case MBEDTLS_MD_MD5: - mbedtls_md5_free( ctx->md_ctx ); + mbedtls_md5_free(ctx->md_ctx); break; #endif #if defined(MBEDTLS_RIPEMD160_C) case MBEDTLS_MD_RIPEMD160: - mbedtls_ripemd160_free( ctx->md_ctx ); + mbedtls_ripemd160_free(ctx->md_ctx); break; #endif #if defined(MBEDTLS_SHA1_C) case MBEDTLS_MD_SHA1: - mbedtls_sha1_free( ctx->md_ctx ); + mbedtls_sha1_free(ctx->md_ctx); break; #endif #if defined(MBEDTLS_SHA256_C) case MBEDTLS_MD_SHA224: case MBEDTLS_MD_SHA256: - mbedtls_sha256_free( ctx->md_ctx ); + mbedtls_sha256_free(ctx->md_ctx); break; #endif #if defined(MBEDTLS_SHA512_C) @@ -306,67 +314,64 @@ void mbedtls_md_free( mbedtls_md_context_t *ctx ) case MBEDTLS_MD_SHA384: #endif case MBEDTLS_MD_SHA512: - mbedtls_sha512_free( ctx->md_ctx ); + mbedtls_sha512_free(ctx->md_ctx); break; #endif default: /* Shouldn't happen */ break; } - mbedtls_free( ctx->md_ctx ); + mbedtls_free(ctx->md_ctx); } - if( ctx->hmac_ctx != NULL ) - { - mbedtls_platform_zeroize( ctx->hmac_ctx, - 2 * ctx->md_info->block_size ); - mbedtls_free( ctx->hmac_ctx ); + if (ctx->hmac_ctx != NULL) { + mbedtls_platform_zeroize(ctx->hmac_ctx, + 2 * ctx->md_info->block_size); + mbedtls_free(ctx->hmac_ctx); } - mbedtls_platform_zeroize( ctx, sizeof( mbedtls_md_context_t ) ); + mbedtls_platform_zeroize(ctx, sizeof(mbedtls_md_context_t)); } -int mbedtls_md_clone( mbedtls_md_context_t *dst, - const mbedtls_md_context_t *src ) +int mbedtls_md_clone(mbedtls_md_context_t *dst, + const mbedtls_md_context_t *src) { - if( dst == NULL || dst->md_info == NULL || + if (dst == NULL || dst->md_info == NULL || src == NULL || src->md_info == NULL || - dst->md_info != src->md_info ) - { - return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); + dst->md_info != src->md_info) { + return MBEDTLS_ERR_MD_BAD_INPUT_DATA; } - switch( src->md_info->type ) - { + switch (src->md_info->type) { #if defined(MBEDTLS_MD2_C) case MBEDTLS_MD_MD2: - mbedtls_md2_clone( dst->md_ctx, src->md_ctx ); + mbedtls_md2_clone(dst->md_ctx, src->md_ctx); break; #endif #if defined(MBEDTLS_MD4_C) case MBEDTLS_MD_MD4: - mbedtls_md4_clone( dst->md_ctx, src->md_ctx ); + mbedtls_md4_clone(dst->md_ctx, src->md_ctx); break; #endif #if defined(MBEDTLS_MD5_C) case MBEDTLS_MD_MD5: - mbedtls_md5_clone( dst->md_ctx, src->md_ctx ); + mbedtls_md5_clone(dst->md_ctx, src->md_ctx); break; #endif #if defined(MBEDTLS_RIPEMD160_C) case MBEDTLS_MD_RIPEMD160: - mbedtls_ripemd160_clone( dst->md_ctx, src->md_ctx ); + mbedtls_ripemd160_clone(dst->md_ctx, src->md_ctx); break; #endif #if defined(MBEDTLS_SHA1_C) case MBEDTLS_MD_SHA1: - mbedtls_sha1_clone( dst->md_ctx, src->md_ctx ); + mbedtls_sha1_clone(dst->md_ctx, src->md_ctx); break; #endif #if defined(MBEDTLS_SHA256_C) case MBEDTLS_MD_SHA224: case MBEDTLS_MD_SHA256: - mbedtls_sha256_clone( dst->md_ctx, src->md_ctx ); + mbedtls_sha256_clone(dst->md_ctx, src->md_ctx); break; #endif #if defined(MBEDTLS_SHA512_C) @@ -374,72 +379,72 @@ int mbedtls_md_clone( mbedtls_md_context_t *dst, case MBEDTLS_MD_SHA384: #endif case MBEDTLS_MD_SHA512: - mbedtls_sha512_clone( dst->md_ctx, src->md_ctx ); + mbedtls_sha512_clone(dst->md_ctx, src->md_ctx); break; #endif default: - return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); + return MBEDTLS_ERR_MD_BAD_INPUT_DATA; } - return( 0 ); + return 0; } -#if ! defined(MBEDTLS_DEPRECATED_REMOVED) -int mbedtls_md_init_ctx( mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_info ) +#if !defined(MBEDTLS_DEPRECATED_REMOVED) +int mbedtls_md_init_ctx(mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_info) { - return mbedtls_md_setup( ctx, md_info, 1 ); + return mbedtls_md_setup(ctx, md_info, 1); } #endif -#define ALLOC( type ) \ +#define ALLOC(type) \ do { \ - ctx->md_ctx = mbedtls_calloc( 1, sizeof( mbedtls_##type##_context ) ); \ - if( ctx->md_ctx == NULL ) \ - return( MBEDTLS_ERR_MD_ALLOC_FAILED ); \ - mbedtls_##type##_init( ctx->md_ctx ); \ + ctx->md_ctx = mbedtls_calloc(1, sizeof(mbedtls_##type##_context)); \ + if (ctx->md_ctx == NULL) \ + return MBEDTLS_ERR_MD_ALLOC_FAILED; \ + mbedtls_##type##_init(ctx->md_ctx); \ } \ - while( 0 ) + while (0) -int mbedtls_md_setup( mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_info, int hmac ) +int mbedtls_md_setup(mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_info, int hmac) { - if( md_info == NULL || ctx == NULL ) - return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); + if (md_info == NULL || ctx == NULL) { + return MBEDTLS_ERR_MD_BAD_INPUT_DATA; + } ctx->md_info = md_info; ctx->md_ctx = NULL; ctx->hmac_ctx = NULL; - switch( md_info->type ) - { + switch (md_info->type) { #if defined(MBEDTLS_MD2_C) case MBEDTLS_MD_MD2: - ALLOC( md2 ); + ALLOC(md2); break; #endif #if defined(MBEDTLS_MD4_C) case MBEDTLS_MD_MD4: - ALLOC( md4 ); + ALLOC(md4); break; #endif #if defined(MBEDTLS_MD5_C) case MBEDTLS_MD_MD5: - ALLOC( md5 ); + ALLOC(md5); break; #endif #if defined(MBEDTLS_RIPEMD160_C) case MBEDTLS_MD_RIPEMD160: - ALLOC( ripemd160 ); + ALLOC(ripemd160); break; #endif #if defined(MBEDTLS_SHA1_C) case MBEDTLS_MD_SHA1: - ALLOC( sha1 ); + ALLOC(sha1); break; #endif #if defined(MBEDTLS_SHA256_C) case MBEDTLS_MD_SHA224: case MBEDTLS_MD_SHA256: - ALLOC( sha256 ); + ALLOC(sha256); break; #endif #if defined(MBEDTLS_SHA512_C) @@ -447,210 +452,208 @@ int mbedtls_md_setup( mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_inf case MBEDTLS_MD_SHA384: #endif case MBEDTLS_MD_SHA512: - ALLOC( sha512 ); + ALLOC(sha512); break; #endif default: - return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); + return MBEDTLS_ERR_MD_BAD_INPUT_DATA; } - if( hmac != 0 ) - { - ctx->hmac_ctx = mbedtls_calloc( 2, md_info->block_size ); - if( ctx->hmac_ctx == NULL ) - { - mbedtls_md_free( ctx ); - return( MBEDTLS_ERR_MD_ALLOC_FAILED ); + if (hmac != 0) { + ctx->hmac_ctx = mbedtls_calloc(2, md_info->block_size); + if (ctx->hmac_ctx == NULL) { + mbedtls_md_free(ctx); + return MBEDTLS_ERR_MD_ALLOC_FAILED; } } - return( 0 ); + return 0; } #undef ALLOC -int mbedtls_md_starts( mbedtls_md_context_t *ctx ) +int mbedtls_md_starts(mbedtls_md_context_t *ctx) { - if( ctx == NULL || ctx->md_info == NULL ) - return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); + if (ctx == NULL || ctx->md_info == NULL) { + return MBEDTLS_ERR_MD_BAD_INPUT_DATA; + } - switch( ctx->md_info->type ) - { + switch (ctx->md_info->type) { #if defined(MBEDTLS_MD2_C) case MBEDTLS_MD_MD2: - return( mbedtls_md2_starts_ret( ctx->md_ctx ) ); + return mbedtls_md2_starts_ret(ctx->md_ctx); #endif #if defined(MBEDTLS_MD4_C) case MBEDTLS_MD_MD4: - return( mbedtls_md4_starts_ret( ctx->md_ctx ) ); + return mbedtls_md4_starts_ret(ctx->md_ctx); #endif #if defined(MBEDTLS_MD5_C) case MBEDTLS_MD_MD5: - return( mbedtls_md5_starts_ret( ctx->md_ctx ) ); + return mbedtls_md5_starts_ret(ctx->md_ctx); #endif #if defined(MBEDTLS_RIPEMD160_C) case MBEDTLS_MD_RIPEMD160: - return( mbedtls_ripemd160_starts_ret( ctx->md_ctx ) ); + return mbedtls_ripemd160_starts_ret(ctx->md_ctx); #endif #if defined(MBEDTLS_SHA1_C) case MBEDTLS_MD_SHA1: - return( mbedtls_sha1_starts_ret( ctx->md_ctx ) ); + return mbedtls_sha1_starts_ret(ctx->md_ctx); #endif #if defined(MBEDTLS_SHA256_C) case MBEDTLS_MD_SHA224: - return( mbedtls_sha256_starts_ret( ctx->md_ctx, 1 ) ); + return mbedtls_sha256_starts_ret(ctx->md_ctx, 1); case MBEDTLS_MD_SHA256: - return( mbedtls_sha256_starts_ret( ctx->md_ctx, 0 ) ); + return mbedtls_sha256_starts_ret(ctx->md_ctx, 0); #endif #if defined(MBEDTLS_SHA512_C) #if !defined(MBEDTLS_SHA512_NO_SHA384) case MBEDTLS_MD_SHA384: - return( mbedtls_sha512_starts_ret( ctx->md_ctx, 1 ) ); + return mbedtls_sha512_starts_ret(ctx->md_ctx, 1); #endif case MBEDTLS_MD_SHA512: - return( mbedtls_sha512_starts_ret( ctx->md_ctx, 0 ) ); + return mbedtls_sha512_starts_ret(ctx->md_ctx, 0); #endif default: - return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); + return MBEDTLS_ERR_MD_BAD_INPUT_DATA; } } -int mbedtls_md_update( mbedtls_md_context_t *ctx, const unsigned char *input, size_t ilen ) +int mbedtls_md_update(mbedtls_md_context_t *ctx, const unsigned char *input, size_t ilen) { - if( ctx == NULL || ctx->md_info == NULL ) - return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); + if (ctx == NULL || ctx->md_info == NULL) { + return MBEDTLS_ERR_MD_BAD_INPUT_DATA; + } - switch( ctx->md_info->type ) - { + switch (ctx->md_info->type) { #if defined(MBEDTLS_MD2_C) case MBEDTLS_MD_MD2: - return( mbedtls_md2_update_ret( ctx->md_ctx, input, ilen ) ); + return mbedtls_md2_update_ret(ctx->md_ctx, input, ilen); #endif #if defined(MBEDTLS_MD4_C) case MBEDTLS_MD_MD4: - return( mbedtls_md4_update_ret( ctx->md_ctx, input, ilen ) ); + return mbedtls_md4_update_ret(ctx->md_ctx, input, ilen); #endif #if defined(MBEDTLS_MD5_C) case MBEDTLS_MD_MD5: - return( mbedtls_md5_update_ret( ctx->md_ctx, input, ilen ) ); + return mbedtls_md5_update_ret(ctx->md_ctx, input, ilen); #endif #if defined(MBEDTLS_RIPEMD160_C) case MBEDTLS_MD_RIPEMD160: - return( mbedtls_ripemd160_update_ret( ctx->md_ctx, input, ilen ) ); + return mbedtls_ripemd160_update_ret(ctx->md_ctx, input, ilen); #endif #if defined(MBEDTLS_SHA1_C) case MBEDTLS_MD_SHA1: - return( mbedtls_sha1_update_ret( ctx->md_ctx, input, ilen ) ); + return mbedtls_sha1_update_ret(ctx->md_ctx, input, ilen); #endif #if defined(MBEDTLS_SHA256_C) case MBEDTLS_MD_SHA224: case MBEDTLS_MD_SHA256: - return( mbedtls_sha256_update_ret( ctx->md_ctx, input, ilen ) ); + return mbedtls_sha256_update_ret(ctx->md_ctx, input, ilen); #endif #if defined(MBEDTLS_SHA512_C) #if !defined(MBEDTLS_SHA512_NO_SHA384) case MBEDTLS_MD_SHA384: #endif case MBEDTLS_MD_SHA512: - return( mbedtls_sha512_update_ret( ctx->md_ctx, input, ilen ) ); + return mbedtls_sha512_update_ret(ctx->md_ctx, input, ilen); #endif default: - return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); + return MBEDTLS_ERR_MD_BAD_INPUT_DATA; } } -int mbedtls_md_finish( mbedtls_md_context_t *ctx, unsigned char *output ) +int mbedtls_md_finish(mbedtls_md_context_t *ctx, unsigned char *output) { - if( ctx == NULL || ctx->md_info == NULL ) - return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); + if (ctx == NULL || ctx->md_info == NULL) { + return MBEDTLS_ERR_MD_BAD_INPUT_DATA; + } - switch( ctx->md_info->type ) - { + switch (ctx->md_info->type) { #if defined(MBEDTLS_MD2_C) case MBEDTLS_MD_MD2: - return( mbedtls_md2_finish_ret( ctx->md_ctx, output ) ); + return mbedtls_md2_finish_ret(ctx->md_ctx, output); #endif #if defined(MBEDTLS_MD4_C) case MBEDTLS_MD_MD4: - return( mbedtls_md4_finish_ret( ctx->md_ctx, output ) ); + return mbedtls_md4_finish_ret(ctx->md_ctx, output); #endif #if defined(MBEDTLS_MD5_C) case MBEDTLS_MD_MD5: - return( mbedtls_md5_finish_ret( ctx->md_ctx, output ) ); + return mbedtls_md5_finish_ret(ctx->md_ctx, output); #endif #if defined(MBEDTLS_RIPEMD160_C) case MBEDTLS_MD_RIPEMD160: - return( mbedtls_ripemd160_finish_ret( ctx->md_ctx, output ) ); + return mbedtls_ripemd160_finish_ret(ctx->md_ctx, output); #endif #if defined(MBEDTLS_SHA1_C) case MBEDTLS_MD_SHA1: - return( mbedtls_sha1_finish_ret( ctx->md_ctx, output ) ); + return mbedtls_sha1_finish_ret(ctx->md_ctx, output); #endif #if defined(MBEDTLS_SHA256_C) case MBEDTLS_MD_SHA224: case MBEDTLS_MD_SHA256: - return( mbedtls_sha256_finish_ret( ctx->md_ctx, output ) ); + return mbedtls_sha256_finish_ret(ctx->md_ctx, output); #endif #if defined(MBEDTLS_SHA512_C) #if !defined(MBEDTLS_SHA512_NO_SHA384) case MBEDTLS_MD_SHA384: #endif case MBEDTLS_MD_SHA512: - return( mbedtls_sha512_finish_ret( ctx->md_ctx, output ) ); + return mbedtls_sha512_finish_ret(ctx->md_ctx, output); #endif default: - return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); + return MBEDTLS_ERR_MD_BAD_INPUT_DATA; } } -int mbedtls_md( const mbedtls_md_info_t *md_info, const unsigned char *input, size_t ilen, - unsigned char *output ) +int mbedtls_md(const mbedtls_md_info_t *md_info, const unsigned char *input, size_t ilen, + unsigned char *output) { - if( md_info == NULL ) - return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); + if (md_info == NULL) { + return MBEDTLS_ERR_MD_BAD_INPUT_DATA; + } - switch( md_info->type ) - { + switch (md_info->type) { #if defined(MBEDTLS_MD2_C) case MBEDTLS_MD_MD2: - return( mbedtls_md2_ret( input, ilen, output ) ); + return mbedtls_md2_ret(input, ilen, output); #endif #if defined(MBEDTLS_MD4_C) case MBEDTLS_MD_MD4: - return( mbedtls_md4_ret( input, ilen, output ) ); + return mbedtls_md4_ret(input, ilen, output); #endif #if defined(MBEDTLS_MD5_C) case MBEDTLS_MD_MD5: - return( mbedtls_md5_ret( input, ilen, output ) ); + return mbedtls_md5_ret(input, ilen, output); #endif #if defined(MBEDTLS_RIPEMD160_C) case MBEDTLS_MD_RIPEMD160: - return( mbedtls_ripemd160_ret( input, ilen, output ) ); + return mbedtls_ripemd160_ret(input, ilen, output); #endif #if defined(MBEDTLS_SHA1_C) case MBEDTLS_MD_SHA1: - return( mbedtls_sha1_ret( input, ilen, output ) ); + return mbedtls_sha1_ret(input, ilen, output); #endif #if defined(MBEDTLS_SHA256_C) case MBEDTLS_MD_SHA224: - return( mbedtls_sha256_ret( input, ilen, output, 1 ) ); + return mbedtls_sha256_ret(input, ilen, output, 1); case MBEDTLS_MD_SHA256: - return( mbedtls_sha256_ret( input, ilen, output, 0 ) ); + return mbedtls_sha256_ret(input, ilen, output, 0); #endif #if defined(MBEDTLS_SHA512_C) #if !defined(MBEDTLS_SHA512_NO_SHA384) case MBEDTLS_MD_SHA384: - return( mbedtls_sha512_ret( input, ilen, output, 1 ) ); + return mbedtls_sha512_ret(input, ilen, output, 1); #endif case MBEDTLS_MD_SHA512: - return( mbedtls_sha512_ret( input, ilen, output, 0 ) ); + return mbedtls_sha512_ret(input, ilen, output, 0); #endif default: - return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); + return MBEDTLS_ERR_MD_BAD_INPUT_DATA; } } #if defined(MBEDTLS_FS_IO) -int mbedtls_md_file( const mbedtls_md_info_t *md_info, const char *path, unsigned char *output ) +int mbedtls_md_file(const mbedtls_md_info_t *md_info, const char *path, unsigned char *output) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; FILE *f; @@ -658,56 +661,66 @@ int mbedtls_md_file( const mbedtls_md_info_t *md_info, const char *path, unsigne mbedtls_md_context_t ctx; unsigned char buf[1024]; - if( md_info == NULL ) - return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); + if (md_info == NULL) { + return MBEDTLS_ERR_MD_BAD_INPUT_DATA; + } - if( ( f = fopen( path, "rb" ) ) == NULL ) - return( MBEDTLS_ERR_MD_FILE_IO_ERROR ); + if ((f = fopen(path, "rb")) == NULL) { + return MBEDTLS_ERR_MD_FILE_IO_ERROR; + } - mbedtls_md_init( &ctx ); + mbedtls_md_init(&ctx); - if( ( ret = mbedtls_md_setup( &ctx, md_info, 0 ) ) != 0 ) + if ((ret = mbedtls_md_setup(&ctx, md_info, 0)) != 0) { goto cleanup; + } - if( ( ret = mbedtls_md_starts( &ctx ) ) != 0 ) + if ((ret = mbedtls_md_starts(&ctx)) != 0) { goto cleanup; + } - while( ( n = fread( buf, 1, sizeof( buf ), f ) ) > 0 ) - if( ( ret = mbedtls_md_update( &ctx, buf, n ) ) != 0 ) + while ((n = fread(buf, 1, sizeof(buf), f)) > 0) { + if ((ret = mbedtls_md_update(&ctx, buf, n)) != 0) { goto cleanup; + } + } - if( ferror( f ) != 0 ) + if (ferror(f) != 0) { ret = MBEDTLS_ERR_MD_FILE_IO_ERROR; - else - ret = mbedtls_md_finish( &ctx, output ); + } else { + ret = mbedtls_md_finish(&ctx, output); + } cleanup: - mbedtls_platform_zeroize( buf, sizeof( buf ) ); - fclose( f ); - mbedtls_md_free( &ctx ); + mbedtls_platform_zeroize(buf, sizeof(buf)); + fclose(f); + mbedtls_md_free(&ctx); - return( ret ); + return ret; } #endif /* MBEDTLS_FS_IO */ -int mbedtls_md_hmac_starts( mbedtls_md_context_t *ctx, const unsigned char *key, size_t keylen ) +int mbedtls_md_hmac_starts(mbedtls_md_context_t *ctx, const unsigned char *key, size_t keylen) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char sum[MBEDTLS_MD_MAX_SIZE]; unsigned char *ipad, *opad; size_t i; - if( ctx == NULL || ctx->md_info == NULL || ctx->hmac_ctx == NULL ) - return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); + if (ctx == NULL || ctx->md_info == NULL || ctx->hmac_ctx == NULL) { + return MBEDTLS_ERR_MD_BAD_INPUT_DATA; + } - if( keylen > (size_t) ctx->md_info->block_size ) - { - if( ( ret = mbedtls_md_starts( ctx ) ) != 0 ) + if (keylen > (size_t) ctx->md_info->block_size) { + if ((ret = mbedtls_md_starts(ctx)) != 0) { goto cleanup; - if( ( ret = mbedtls_md_update( ctx, key, keylen ) ) != 0 ) + } + if ((ret = mbedtls_md_update(ctx, key, keylen)) != 0) { goto cleanup; - if( ( ret = mbedtls_md_finish( ctx, sum ) ) != 0 ) + } + if ((ret = mbedtls_md_finish(ctx, sum)) != 0) { goto cleanup; + } keylen = ctx->md_info->size; key = sum; @@ -716,167 +729,184 @@ int mbedtls_md_hmac_starts( mbedtls_md_context_t *ctx, const unsigned char *key, ipad = (unsigned char *) ctx->hmac_ctx; opad = (unsigned char *) ctx->hmac_ctx + ctx->md_info->block_size; - memset( ipad, 0x36, ctx->md_info->block_size ); - memset( opad, 0x5C, ctx->md_info->block_size ); + memset(ipad, 0x36, ctx->md_info->block_size); + memset(opad, 0x5C, ctx->md_info->block_size); - for( i = 0; i < keylen; i++ ) - { - ipad[i] = (unsigned char)( ipad[i] ^ key[i] ); - opad[i] = (unsigned char)( opad[i] ^ key[i] ); + for (i = 0; i < keylen; i++) { + ipad[i] = (unsigned char) (ipad[i] ^ key[i]); + opad[i] = (unsigned char) (opad[i] ^ key[i]); } - if( ( ret = mbedtls_md_starts( ctx ) ) != 0 ) + if ((ret = mbedtls_md_starts(ctx)) != 0) { goto cleanup; - if( ( ret = mbedtls_md_update( ctx, ipad, - ctx->md_info->block_size ) ) != 0 ) + } + if ((ret = mbedtls_md_update(ctx, ipad, + ctx->md_info->block_size)) != 0) { goto cleanup; + } cleanup: - mbedtls_platform_zeroize( sum, sizeof( sum ) ); + mbedtls_platform_zeroize(sum, sizeof(sum)); - return( ret ); + return ret; } -int mbedtls_md_hmac_update( mbedtls_md_context_t *ctx, const unsigned char *input, size_t ilen ) +int mbedtls_md_hmac_update(mbedtls_md_context_t *ctx, const unsigned char *input, size_t ilen) { - if( ctx == NULL || ctx->md_info == NULL || ctx->hmac_ctx == NULL ) - return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); + if (ctx == NULL || ctx->md_info == NULL || ctx->hmac_ctx == NULL) { + return MBEDTLS_ERR_MD_BAD_INPUT_DATA; + } - return( mbedtls_md_update( ctx, input, ilen ) ); + return mbedtls_md_update(ctx, input, ilen); } -int mbedtls_md_hmac_finish( mbedtls_md_context_t *ctx, unsigned char *output ) +int mbedtls_md_hmac_finish(mbedtls_md_context_t *ctx, unsigned char *output) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char tmp[MBEDTLS_MD_MAX_SIZE]; unsigned char *opad; - if( ctx == NULL || ctx->md_info == NULL || ctx->hmac_ctx == NULL ) - return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); + if (ctx == NULL || ctx->md_info == NULL || ctx->hmac_ctx == NULL) { + return MBEDTLS_ERR_MD_BAD_INPUT_DATA; + } opad = (unsigned char *) ctx->hmac_ctx + ctx->md_info->block_size; - if( ( ret = mbedtls_md_finish( ctx, tmp ) ) != 0 ) - return( ret ); - if( ( ret = mbedtls_md_starts( ctx ) ) != 0 ) - return( ret ); - if( ( ret = mbedtls_md_update( ctx, opad, - ctx->md_info->block_size ) ) != 0 ) - return( ret ); - if( ( ret = mbedtls_md_update( ctx, tmp, - ctx->md_info->size ) ) != 0 ) - return( ret ); - return( mbedtls_md_finish( ctx, output ) ); + if ((ret = mbedtls_md_finish(ctx, tmp)) != 0) { + return ret; + } + if ((ret = mbedtls_md_starts(ctx)) != 0) { + return ret; + } + if ((ret = mbedtls_md_update(ctx, opad, + ctx->md_info->block_size)) != 0) { + return ret; + } + if ((ret = mbedtls_md_update(ctx, tmp, + ctx->md_info->size)) != 0) { + return ret; + } + return mbedtls_md_finish(ctx, output); } -int mbedtls_md_hmac_reset( mbedtls_md_context_t *ctx ) +int mbedtls_md_hmac_reset(mbedtls_md_context_t *ctx) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char *ipad; - if( ctx == NULL || ctx->md_info == NULL || ctx->hmac_ctx == NULL ) - return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); + if (ctx == NULL || ctx->md_info == NULL || ctx->hmac_ctx == NULL) { + return MBEDTLS_ERR_MD_BAD_INPUT_DATA; + } ipad = (unsigned char *) ctx->hmac_ctx; - if( ( ret = mbedtls_md_starts( ctx ) ) != 0 ) - return( ret ); - return( mbedtls_md_update( ctx, ipad, ctx->md_info->block_size ) ); + if ((ret = mbedtls_md_starts(ctx)) != 0) { + return ret; + } + return mbedtls_md_update(ctx, ipad, ctx->md_info->block_size); } -int mbedtls_md_hmac( const mbedtls_md_info_t *md_info, - const unsigned char *key, size_t keylen, - const unsigned char *input, size_t ilen, - unsigned char *output ) +int mbedtls_md_hmac(const mbedtls_md_info_t *md_info, + const unsigned char *key, size_t keylen, + const unsigned char *input, size_t ilen, + unsigned char *output) { mbedtls_md_context_t ctx; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - if( md_info == NULL ) - return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); + if (md_info == NULL) { + return MBEDTLS_ERR_MD_BAD_INPUT_DATA; + } - mbedtls_md_init( &ctx ); + mbedtls_md_init(&ctx); - if( ( ret = mbedtls_md_setup( &ctx, md_info, 1 ) ) != 0 ) + if ((ret = mbedtls_md_setup(&ctx, md_info, 1)) != 0) { goto cleanup; + } - if( ( ret = mbedtls_md_hmac_starts( &ctx, key, keylen ) ) != 0 ) + if ((ret = mbedtls_md_hmac_starts(&ctx, key, keylen)) != 0) { goto cleanup; - if( ( ret = mbedtls_md_hmac_update( &ctx, input, ilen ) ) != 0 ) + } + if ((ret = mbedtls_md_hmac_update(&ctx, input, ilen)) != 0) { goto cleanup; - if( ( ret = mbedtls_md_hmac_finish( &ctx, output ) ) != 0 ) + } + if ((ret = mbedtls_md_hmac_finish(&ctx, output)) != 0) { goto cleanup; + } cleanup: - mbedtls_md_free( &ctx ); + mbedtls_md_free(&ctx); - return( ret ); + return ret; } -int mbedtls_md_process( mbedtls_md_context_t *ctx, const unsigned char *data ) +int mbedtls_md_process(mbedtls_md_context_t *ctx, const unsigned char *data) { - if( ctx == NULL || ctx->md_info == NULL ) - return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); + if (ctx == NULL || ctx->md_info == NULL) { + return MBEDTLS_ERR_MD_BAD_INPUT_DATA; + } - switch( ctx->md_info->type ) - { + switch (ctx->md_info->type) { #if defined(MBEDTLS_MD2_C) case MBEDTLS_MD_MD2: - return( mbedtls_internal_md2_process( ctx->md_ctx ) ); + return mbedtls_internal_md2_process(ctx->md_ctx); #endif #if defined(MBEDTLS_MD4_C) case MBEDTLS_MD_MD4: - return( mbedtls_internal_md4_process( ctx->md_ctx, data ) ); + return mbedtls_internal_md4_process(ctx->md_ctx, data); #endif #if defined(MBEDTLS_MD5_C) case MBEDTLS_MD_MD5: - return( mbedtls_internal_md5_process( ctx->md_ctx, data ) ); + return mbedtls_internal_md5_process(ctx->md_ctx, data); #endif #if defined(MBEDTLS_RIPEMD160_C) case MBEDTLS_MD_RIPEMD160: - return( mbedtls_internal_ripemd160_process( ctx->md_ctx, data ) ); + return mbedtls_internal_ripemd160_process(ctx->md_ctx, data); #endif #if defined(MBEDTLS_SHA1_C) case MBEDTLS_MD_SHA1: - return( mbedtls_internal_sha1_process( ctx->md_ctx, data ) ); + return mbedtls_internal_sha1_process(ctx->md_ctx, data); #endif #if defined(MBEDTLS_SHA256_C) case MBEDTLS_MD_SHA224: case MBEDTLS_MD_SHA256: - return( mbedtls_internal_sha256_process( ctx->md_ctx, data ) ); + return mbedtls_internal_sha256_process(ctx->md_ctx, data); #endif #if defined(MBEDTLS_SHA512_C) #if !defined(MBEDTLS_SHA512_NO_SHA384) case MBEDTLS_MD_SHA384: #endif case MBEDTLS_MD_SHA512: - return( mbedtls_internal_sha512_process( ctx->md_ctx, data ) ); + return mbedtls_internal_sha512_process(ctx->md_ctx, data); #endif default: - return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); + return MBEDTLS_ERR_MD_BAD_INPUT_DATA; } } -unsigned char mbedtls_md_get_size( const mbedtls_md_info_t *md_info ) +unsigned char mbedtls_md_get_size(const mbedtls_md_info_t *md_info) { - if( md_info == NULL ) - return( 0 ); + if (md_info == NULL) { + return 0; + } return md_info->size; } -mbedtls_md_type_t mbedtls_md_get_type( const mbedtls_md_info_t *md_info ) +mbedtls_md_type_t mbedtls_md_get_type(const mbedtls_md_info_t *md_info) { - if( md_info == NULL ) - return( MBEDTLS_MD_NONE ); + if (md_info == NULL) { + return MBEDTLS_MD_NONE; + } return md_info->type; } -const char *mbedtls_md_get_name( const mbedtls_md_info_t *md_info ) +const char *mbedtls_md_get_name(const mbedtls_md_info_t *md_info) { - if( md_info == NULL ) - return( NULL ); + if (md_info == NULL) { + return NULL; + } return md_info->name; } diff --git a/thirdparty/mbedtls/library/md2.c b/thirdparty/mbedtls/library/md2.c index f8293a1df3..f009498c48 100644 --- a/thirdparty/mbedtls/library/md2.c +++ b/thirdparty/mbedtls/library/md2.c @@ -67,21 +67,22 @@ static const unsigned char PI_SUBST[256] = 0x8D, 0x33, 0x9F, 0x11, 0x83, 0x14 }; -void mbedtls_md2_init( mbedtls_md2_context *ctx ) +void mbedtls_md2_init(mbedtls_md2_context *ctx) { - memset( ctx, 0, sizeof( mbedtls_md2_context ) ); + memset(ctx, 0, sizeof(mbedtls_md2_context)); } -void mbedtls_md2_free( mbedtls_md2_context *ctx ) +void mbedtls_md2_free(mbedtls_md2_context *ctx) { - if( ctx == NULL ) + if (ctx == NULL) { return; + } - mbedtls_platform_zeroize( ctx, sizeof( mbedtls_md2_context ) ); + mbedtls_platform_zeroize(ctx, sizeof(mbedtls_md2_context)); } -void mbedtls_md2_clone( mbedtls_md2_context *dst, - const mbedtls_md2_context *src ) +void mbedtls_md2_clone(mbedtls_md2_context *dst, + const mbedtls_md2_context *src) { *dst = *src; } @@ -89,67 +90,63 @@ void mbedtls_md2_clone( mbedtls_md2_context *dst, /* * MD2 context setup */ -int mbedtls_md2_starts_ret( mbedtls_md2_context *ctx ) +int mbedtls_md2_starts_ret(mbedtls_md2_context *ctx) { - memset( ctx->cksum, 0, 16 ); - memset( ctx->state, 0, 46 ); - memset( ctx->buffer, 0, 16 ); + memset(ctx->cksum, 0, 16); + memset(ctx->state, 0, 46); + memset(ctx->buffer, 0, 16); ctx->left = 0; - return( 0 ); + return 0; } #if !defined(MBEDTLS_DEPRECATED_REMOVED) -void mbedtls_md2_starts( mbedtls_md2_context *ctx ) +void mbedtls_md2_starts(mbedtls_md2_context *ctx) { - mbedtls_md2_starts_ret( ctx ); + mbedtls_md2_starts_ret(ctx); } #endif #if !defined(MBEDTLS_MD2_PROCESS_ALT) -int mbedtls_internal_md2_process( mbedtls_md2_context *ctx ) +int mbedtls_internal_md2_process(mbedtls_md2_context *ctx) { int i, j; unsigned char t = 0; - for( i = 0; i < 16; i++ ) - { + for (i = 0; i < 16; i++) { ctx->state[i + 16] = ctx->buffer[i]; ctx->state[i + 32] = - (unsigned char)( ctx->buffer[i] ^ ctx->state[i]); + (unsigned char) (ctx->buffer[i] ^ ctx->state[i]); } - for( i = 0; i < 18; i++ ) - { - for( j = 0; j < 48; j++ ) - { + for (i = 0; i < 18; i++) { + for (j = 0; j < 48; j++) { ctx->state[j] = (unsigned char) - ( ctx->state[j] ^ PI_SUBST[t] ); + (ctx->state[j] ^ PI_SUBST[t]); t = ctx->state[j]; } - t = (unsigned char)( t + i ); + t = (unsigned char) (t + i); } t = ctx->cksum[15]; - for( i = 0; i < 16; i++ ) - { + for (i = 0; i < 16; i++) { ctx->cksum[i] = (unsigned char) - ( ctx->cksum[i] ^ PI_SUBST[ctx->buffer[i] ^ t] ); + (ctx->cksum[i] ^ PI_SUBST[ctx->buffer[i] ^ t]); t = ctx->cksum[i]; } /* Zeroise variables to clear sensitive data from memory. */ - mbedtls_platform_zeroize( &t, sizeof( t ) ); + mbedtls_platform_zeroize(&t, sizeof(t)); - return( 0 ); + return 0; } #if !defined(MBEDTLS_DEPRECATED_REMOVED) -void mbedtls_md2_process( mbedtls_md2_context *ctx ) +void mbedtls_md2_process(mbedtls_md2_context *ctx) { - mbedtls_internal_md2_process( ctx ); + mbedtls_internal_md2_process(ctx); } #endif #endif /* !MBEDTLS_MD2_PROCESS_ALT */ @@ -157,78 +154,81 @@ void mbedtls_md2_process( mbedtls_md2_context *ctx ) /* * MD2 process buffer */ -int mbedtls_md2_update_ret( mbedtls_md2_context *ctx, - const unsigned char *input, - size_t ilen ) +int mbedtls_md2_update_ret(mbedtls_md2_context *ctx, + const unsigned char *input, + size_t ilen) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t fill; - while( ilen > 0 ) - { - if( ilen > 16 - ctx->left ) + while (ilen > 0) { + if (ilen > 16 - ctx->left) { fill = 16 - ctx->left; - else + } else { fill = ilen; + } - memcpy( ctx->buffer + ctx->left, input, fill ); + memcpy(ctx->buffer + ctx->left, input, fill); ctx->left += fill; input += fill; ilen -= fill; - if( ctx->left == 16 ) - { + if (ctx->left == 16) { ctx->left = 0; - if( ( ret = mbedtls_internal_md2_process( ctx ) ) != 0 ) - return( ret ); + if ((ret = mbedtls_internal_md2_process(ctx)) != 0) { + return ret; + } } } - return( 0 ); + return 0; } #if !defined(MBEDTLS_DEPRECATED_REMOVED) -void mbedtls_md2_update( mbedtls_md2_context *ctx, - const unsigned char *input, - size_t ilen ) +void mbedtls_md2_update(mbedtls_md2_context *ctx, + const unsigned char *input, + size_t ilen) { - mbedtls_md2_update_ret( ctx, input, ilen ); + mbedtls_md2_update_ret(ctx, input, ilen); } #endif /* * MD2 final digest */ -int mbedtls_md2_finish_ret( mbedtls_md2_context *ctx, - unsigned char output[16] ) +int mbedtls_md2_finish_ret(mbedtls_md2_context *ctx, + unsigned char output[16]) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t i; unsigned char x; - x = (unsigned char)( 16 - ctx->left ); + x = (unsigned char) (16 - ctx->left); - for( i = ctx->left; i < 16; i++ ) + for (i = ctx->left; i < 16; i++) { ctx->buffer[i] = x; + } - if( ( ret = mbedtls_internal_md2_process( ctx ) ) != 0 ) - return( ret ); + if ((ret = mbedtls_internal_md2_process(ctx)) != 0) { + return ret; + } - memcpy( ctx->buffer, ctx->cksum, 16 ); - if( ( ret = mbedtls_internal_md2_process( ctx ) ) != 0 ) - return( ret ); + memcpy(ctx->buffer, ctx->cksum, 16); + if ((ret = mbedtls_internal_md2_process(ctx)) != 0) { + return ret; + } - memcpy( output, ctx->state, 16 ); + memcpy(output, ctx->state, 16); - return( 0 ); + return 0; } #if !defined(MBEDTLS_DEPRECATED_REMOVED) -void mbedtls_md2_finish( mbedtls_md2_context *ctx, - unsigned char output[16] ) +void mbedtls_md2_finish(mbedtls_md2_context *ctx, + unsigned char output[16]) { - mbedtls_md2_finish_ret( ctx, output ); + mbedtls_md2_finish_ret(ctx, output); } #endif @@ -237,36 +237,39 @@ void mbedtls_md2_finish( mbedtls_md2_context *ctx, /* * output = MD2( input buffer ) */ -int mbedtls_md2_ret( const unsigned char *input, - size_t ilen, - unsigned char output[16] ) +int mbedtls_md2_ret(const unsigned char *input, + size_t ilen, + unsigned char output[16]) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_md2_context ctx; - mbedtls_md2_init( &ctx ); + mbedtls_md2_init(&ctx); - if( ( ret = mbedtls_md2_starts_ret( &ctx ) ) != 0 ) + if ((ret = mbedtls_md2_starts_ret(&ctx)) != 0) { goto exit; + } - if( ( ret = mbedtls_md2_update_ret( &ctx, input, ilen ) ) != 0 ) + if ((ret = mbedtls_md2_update_ret(&ctx, input, ilen)) != 0) { goto exit; + } - if( ( ret = mbedtls_md2_finish_ret( &ctx, output ) ) != 0 ) + if ((ret = mbedtls_md2_finish_ret(&ctx, output)) != 0) { goto exit; + } exit: - mbedtls_md2_free( &ctx ); + mbedtls_md2_free(&ctx); - return( ret ); + return ret; } #if !defined(MBEDTLS_DEPRECATED_REMOVED) -void mbedtls_md2( const unsigned char *input, - size_t ilen, - unsigned char output[16] ) +void mbedtls_md2(const unsigned char *input, + size_t ilen, + unsigned char output[16]) { - mbedtls_md2_ret( input, ilen, output ); + mbedtls_md2_ret(input, ilen, output); } #endif @@ -312,40 +315,43 @@ static const unsigned char md2_test_sum[7][16] = /* * Checkup routine */ -int mbedtls_md2_self_test( int verbose ) +int mbedtls_md2_self_test(int verbose) { int i, ret = 0; unsigned char md2sum[16]; - for( i = 0; i < 7; i++ ) - { - if( verbose != 0 ) - mbedtls_printf( " MD2 test #%d: ", i + 1 ); + for (i = 0; i < 7; i++) { + if (verbose != 0) { + mbedtls_printf(" MD2 test #%d: ", i + 1); + } - ret = mbedtls_md2_ret( md2_test_str[i], md2_test_strlen[i], md2sum ); - if( ret != 0 ) + ret = mbedtls_md2_ret(md2_test_str[i], md2_test_strlen[i], md2sum); + if (ret != 0) { goto fail; + } - if( memcmp( md2sum, md2_test_sum[i], 16 ) != 0 ) - { + if (memcmp(md2sum, md2_test_sum[i], 16) != 0) { ret = 1; goto fail; } - if( verbose != 0 ) - mbedtls_printf( "passed\n" ); + if (verbose != 0) { + mbedtls_printf("passed\n"); + } } - if( verbose != 0 ) - mbedtls_printf( "\n" ); + if (verbose != 0) { + mbedtls_printf("\n"); + } - return( 0 ); + return 0; fail: - if( verbose != 0 ) - mbedtls_printf( "failed\n" ); + if (verbose != 0) { + mbedtls_printf("failed\n"); + } - return( ret ); + return ret; } #endif /* MBEDTLS_SELF_TEST */ diff --git a/thirdparty/mbedtls/library/md4.c b/thirdparty/mbedtls/library/md4.c index a412213480..163afb1ddb 100644 --- a/thirdparty/mbedtls/library/md4.c +++ b/thirdparty/mbedtls/library/md4.c @@ -37,21 +37,22 @@ #if !defined(MBEDTLS_MD4_ALT) -void mbedtls_md4_init( mbedtls_md4_context *ctx ) +void mbedtls_md4_init(mbedtls_md4_context *ctx) { - memset( ctx, 0, sizeof( mbedtls_md4_context ) ); + memset(ctx, 0, sizeof(mbedtls_md4_context)); } -void mbedtls_md4_free( mbedtls_md4_context *ctx ) +void mbedtls_md4_free(mbedtls_md4_context *ctx) { - if( ctx == NULL ) + if (ctx == NULL) { return; + } - mbedtls_platform_zeroize( ctx, sizeof( mbedtls_md4_context ) ); + mbedtls_platform_zeroize(ctx, sizeof(mbedtls_md4_context)); } -void mbedtls_md4_clone( mbedtls_md4_context *dst, - const mbedtls_md4_context *src ) +void mbedtls_md4_clone(mbedtls_md4_context *dst, + const mbedtls_md4_context *src) { *dst = *src; } @@ -59,7 +60,7 @@ void mbedtls_md4_clone( mbedtls_md4_context *dst, /* * MD4 context setup */ -int mbedtls_md4_starts_ret( mbedtls_md4_context *ctx ) +int mbedtls_md4_starts_ret(mbedtls_md4_context *ctx) { ctx->total[0] = 0; ctx->total[1] = 0; @@ -69,43 +70,42 @@ int mbedtls_md4_starts_ret( mbedtls_md4_context *ctx ) ctx->state[2] = 0x98BADCFE; ctx->state[3] = 0x10325476; - return( 0 ); + return 0; } #if !defined(MBEDTLS_DEPRECATED_REMOVED) -void mbedtls_md4_starts( mbedtls_md4_context *ctx ) +void mbedtls_md4_starts(mbedtls_md4_context *ctx) { - mbedtls_md4_starts_ret( ctx ); + mbedtls_md4_starts_ret(ctx); } #endif #if !defined(MBEDTLS_MD4_PROCESS_ALT) -int mbedtls_internal_md4_process( mbedtls_md4_context *ctx, - const unsigned char data[64] ) +int mbedtls_internal_md4_process(mbedtls_md4_context *ctx, + const unsigned char data[64]) { - struct - { + struct { uint32_t X[16], A, B, C, D; } local; - local.X[ 0] = MBEDTLS_GET_UINT32_LE( data, 0 ); - local.X[ 1] = MBEDTLS_GET_UINT32_LE( data, 4 ); - local.X[ 2] = MBEDTLS_GET_UINT32_LE( data, 8 ); - local.X[ 3] = MBEDTLS_GET_UINT32_LE( data, 12 ); - local.X[ 4] = MBEDTLS_GET_UINT32_LE( data, 16 ); - local.X[ 5] = MBEDTLS_GET_UINT32_LE( data, 20 ); - local.X[ 6] = MBEDTLS_GET_UINT32_LE( data, 24 ); - local.X[ 7] = MBEDTLS_GET_UINT32_LE( data, 28 ); - local.X[ 8] = MBEDTLS_GET_UINT32_LE( data, 32 ); - local.X[ 9] = MBEDTLS_GET_UINT32_LE( data, 36 ); - local.X[10] = MBEDTLS_GET_UINT32_LE( data, 40 ); - local.X[11] = MBEDTLS_GET_UINT32_LE( data, 44 ); - local.X[12] = MBEDTLS_GET_UINT32_LE( data, 48 ); - local.X[13] = MBEDTLS_GET_UINT32_LE( data, 52 ); - local.X[14] = MBEDTLS_GET_UINT32_LE( data, 56 ); - local.X[15] = MBEDTLS_GET_UINT32_LE( data, 60 ); - -#define S(x,n) (((x) << (n)) | (((x) & 0xFFFFFFFF) >> (32 - (n)))) + local.X[0] = MBEDTLS_GET_UINT32_LE(data, 0); + local.X[1] = MBEDTLS_GET_UINT32_LE(data, 4); + local.X[2] = MBEDTLS_GET_UINT32_LE(data, 8); + local.X[3] = MBEDTLS_GET_UINT32_LE(data, 12); + local.X[4] = MBEDTLS_GET_UINT32_LE(data, 16); + local.X[5] = MBEDTLS_GET_UINT32_LE(data, 20); + local.X[6] = MBEDTLS_GET_UINT32_LE(data, 24); + local.X[7] = MBEDTLS_GET_UINT32_LE(data, 28); + local.X[8] = MBEDTLS_GET_UINT32_LE(data, 32); + local.X[9] = MBEDTLS_GET_UINT32_LE(data, 36); + local.X[10] = MBEDTLS_GET_UINT32_LE(data, 40); + local.X[11] = MBEDTLS_GET_UINT32_LE(data, 44); + local.X[12] = MBEDTLS_GET_UINT32_LE(data, 48); + local.X[13] = MBEDTLS_GET_UINT32_LE(data, 52); + local.X[14] = MBEDTLS_GET_UINT32_LE(data, 56); + local.X[15] = MBEDTLS_GET_UINT32_LE(data, 60); + +#define S(x, n) (((x) << (n)) | (((x) & 0xFFFFFFFF) >> (32 - (n)))) local.A = ctx->state[0]; local.B = ctx->state[1]; @@ -113,86 +113,86 @@ int mbedtls_internal_md4_process( mbedtls_md4_context *ctx, local.D = ctx->state[3]; #define F(x, y, z) (((x) & (y)) | ((~(x)) & (z))) -#define P(a,b,c,d,x,s) \ +#define P(a, b, c, d, x, s) \ do \ { \ - (a) += F((b),(c),(d)) + (x); \ - (a) = S((a),(s)); \ - } while( 0 ) - - - P( local.A, local.B, local.C, local.D, local.X[ 0], 3 ); - P( local.D, local.A, local.B, local.C, local.X[ 1], 7 ); - P( local.C, local.D, local.A, local.B, local.X[ 2], 11 ); - P( local.B, local.C, local.D, local.A, local.X[ 3], 19 ); - P( local.A, local.B, local.C, local.D, local.X[ 4], 3 ); - P( local.D, local.A, local.B, local.C, local.X[ 5], 7 ); - P( local.C, local.D, local.A, local.B, local.X[ 6], 11 ); - P( local.B, local.C, local.D, local.A, local.X[ 7], 19 ); - P( local.A, local.B, local.C, local.D, local.X[ 8], 3 ); - P( local.D, local.A, local.B, local.C, local.X[ 9], 7 ); - P( local.C, local.D, local.A, local.B, local.X[10], 11 ); - P( local.B, local.C, local.D, local.A, local.X[11], 19 ); - P( local.A, local.B, local.C, local.D, local.X[12], 3 ); - P( local.D, local.A, local.B, local.C, local.X[13], 7 ); - P( local.C, local.D, local.A, local.B, local.X[14], 11 ); - P( local.B, local.C, local.D, local.A, local.X[15], 19 ); + (a) += F((b), (c), (d)) + (x); \ + (a) = S((a), (s)); \ + } while (0) + + + P(local.A, local.B, local.C, local.D, local.X[0], 3); + P(local.D, local.A, local.B, local.C, local.X[1], 7); + P(local.C, local.D, local.A, local.B, local.X[2], 11); + P(local.B, local.C, local.D, local.A, local.X[3], 19); + P(local.A, local.B, local.C, local.D, local.X[4], 3); + P(local.D, local.A, local.B, local.C, local.X[5], 7); + P(local.C, local.D, local.A, local.B, local.X[6], 11); + P(local.B, local.C, local.D, local.A, local.X[7], 19); + P(local.A, local.B, local.C, local.D, local.X[8], 3); + P(local.D, local.A, local.B, local.C, local.X[9], 7); + P(local.C, local.D, local.A, local.B, local.X[10], 11); + P(local.B, local.C, local.D, local.A, local.X[11], 19); + P(local.A, local.B, local.C, local.D, local.X[12], 3); + P(local.D, local.A, local.B, local.C, local.X[13], 7); + P(local.C, local.D, local.A, local.B, local.X[14], 11); + P(local.B, local.C, local.D, local.A, local.X[15], 19); #undef P #undef F -#define F(x,y,z) (((x) & (y)) | ((x) & (z)) | ((y) & (z))) -#define P(a,b,c,d,x,s) \ +#define F(x, y, z) (((x) & (y)) | ((x) & (z)) | ((y) & (z))) +#define P(a, b, c, d, x, s) \ do \ { \ - (a) += F((b),(c),(d)) + (x) + 0x5A827999; \ - (a) = S((a),(s)); \ - } while( 0 ) - - P( local.A, local.B, local.C, local.D, local.X[ 0], 3 ); - P( local.D, local.A, local.B, local.C, local.X[ 4], 5 ); - P( local.C, local.D, local.A, local.B, local.X[ 8], 9 ); - P( local.B, local.C, local.D, local.A, local.X[12], 13 ); - P( local.A, local.B, local.C, local.D, local.X[ 1], 3 ); - P( local.D, local.A, local.B, local.C, local.X[ 5], 5 ); - P( local.C, local.D, local.A, local.B, local.X[ 9], 9 ); - P( local.B, local.C, local.D, local.A, local.X[13], 13 ); - P( local.A, local.B, local.C, local.D, local.X[ 2], 3 ); - P( local.D, local.A, local.B, local.C, local.X[ 6], 5 ); - P( local.C, local.D, local.A, local.B, local.X[10], 9 ); - P( local.B, local.C, local.D, local.A, local.X[14], 13 ); - P( local.A, local.B, local.C, local.D, local.X[ 3], 3 ); - P( local.D, local.A, local.B, local.C, local.X[ 7], 5 ); - P( local.C, local.D, local.A, local.B, local.X[11], 9 ); - P( local.B, local.C, local.D, local.A, local.X[15], 13 ); + (a) += F((b), (c), (d)) + (x) + 0x5A827999; \ + (a) = S((a), (s)); \ + } while (0) + + P(local.A, local.B, local.C, local.D, local.X[0], 3); + P(local.D, local.A, local.B, local.C, local.X[4], 5); + P(local.C, local.D, local.A, local.B, local.X[8], 9); + P(local.B, local.C, local.D, local.A, local.X[12], 13); + P(local.A, local.B, local.C, local.D, local.X[1], 3); + P(local.D, local.A, local.B, local.C, local.X[5], 5); + P(local.C, local.D, local.A, local.B, local.X[9], 9); + P(local.B, local.C, local.D, local.A, local.X[13], 13); + P(local.A, local.B, local.C, local.D, local.X[2], 3); + P(local.D, local.A, local.B, local.C, local.X[6], 5); + P(local.C, local.D, local.A, local.B, local.X[10], 9); + P(local.B, local.C, local.D, local.A, local.X[14], 13); + P(local.A, local.B, local.C, local.D, local.X[3], 3); + P(local.D, local.A, local.B, local.C, local.X[7], 5); + P(local.C, local.D, local.A, local.B, local.X[11], 9); + P(local.B, local.C, local.D, local.A, local.X[15], 13); #undef P #undef F -#define F(x,y,z) ((x) ^ (y) ^ (z)) -#define P(a,b,c,d,x,s) \ +#define F(x, y, z) ((x) ^ (y) ^ (z)) +#define P(a, b, c, d, x, s) \ do \ { \ - (a) += F((b),(c),(d)) + (x) + 0x6ED9EBA1; \ - (a) = S((a),(s)); \ - } while( 0 ) - - P( local.A, local.B, local.C, local.D, local.X[ 0], 3 ); - P( local.D, local.A, local.B, local.C, local.X[ 8], 9 ); - P( local.C, local.D, local.A, local.B, local.X[ 4], 11 ); - P( local.B, local.C, local.D, local.A, local.X[12], 15 ); - P( local.A, local.B, local.C, local.D, local.X[ 2], 3 ); - P( local.D, local.A, local.B, local.C, local.X[10], 9 ); - P( local.C, local.D, local.A, local.B, local.X[ 6], 11 ); - P( local.B, local.C, local.D, local.A, local.X[14], 15 ); - P( local.A, local.B, local.C, local.D, local.X[ 1], 3 ); - P( local.D, local.A, local.B, local.C, local.X[ 9], 9 ); - P( local.C, local.D, local.A, local.B, local.X[ 5], 11 ); - P( local.B, local.C, local.D, local.A, local.X[13], 15 ); - P( local.A, local.B, local.C, local.D, local.X[ 3], 3 ); - P( local.D, local.A, local.B, local.C, local.X[11], 9 ); - P( local.C, local.D, local.A, local.B, local.X[ 7], 11 ); - P( local.B, local.C, local.D, local.A, local.X[15], 15 ); + (a) += F((b), (c), (d)) + (x) + 0x6ED9EBA1; \ + (a) = S((a), (s)); \ + } while (0) + + P(local.A, local.B, local.C, local.D, local.X[0], 3); + P(local.D, local.A, local.B, local.C, local.X[8], 9); + P(local.C, local.D, local.A, local.B, local.X[4], 11); + P(local.B, local.C, local.D, local.A, local.X[12], 15); + P(local.A, local.B, local.C, local.D, local.X[2], 3); + P(local.D, local.A, local.B, local.C, local.X[10], 9); + P(local.C, local.D, local.A, local.B, local.X[6], 11); + P(local.B, local.C, local.D, local.A, local.X[14], 15); + P(local.A, local.B, local.C, local.D, local.X[1], 3); + P(local.D, local.A, local.B, local.C, local.X[9], 9); + P(local.C, local.D, local.A, local.B, local.X[5], 11); + P(local.B, local.C, local.D, local.A, local.X[13], 15); + P(local.A, local.B, local.C, local.D, local.X[3], 3); + P(local.D, local.A, local.B, local.C, local.X[11], 9); + P(local.C, local.D, local.A, local.B, local.X[7], 11); + P(local.B, local.C, local.D, local.A, local.X[15], 15); #undef F #undef P @@ -203,16 +203,16 @@ int mbedtls_internal_md4_process( mbedtls_md4_context *ctx, ctx->state[3] += local.D; /* Zeroise variables to clear sensitive data from memory. */ - mbedtls_platform_zeroize( &local, sizeof( local ) ); + mbedtls_platform_zeroize(&local, sizeof(local)); - return( 0 ); + return 0; } #if !defined(MBEDTLS_DEPRECATED_REMOVED) -void mbedtls_md4_process( mbedtls_md4_context *ctx, - const unsigned char data[64] ) +void mbedtls_md4_process(mbedtls_md4_context *ctx, + const unsigned char data[64]) { - mbedtls_internal_md4_process( ctx, data ); + mbedtls_internal_md4_process(ctx, data); } #endif #endif /* !MBEDTLS_MD4_PROCESS_ALT */ @@ -220,16 +220,17 @@ void mbedtls_md4_process( mbedtls_md4_context *ctx, /* * MD4 process buffer */ -int mbedtls_md4_update_ret( mbedtls_md4_context *ctx, - const unsigned char *input, - size_t ilen ) +int mbedtls_md4_update_ret(mbedtls_md4_context *ctx, + const unsigned char *input, + size_t ilen) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t fill; uint32_t left; - if( ilen == 0 ) - return( 0 ); + if (ilen == 0) { + return 0; + } left = ctx->total[0] & 0x3F; fill = 64 - left; @@ -237,52 +238,52 @@ int mbedtls_md4_update_ret( mbedtls_md4_context *ctx, ctx->total[0] += (uint32_t) ilen; ctx->total[0] &= 0xFFFFFFFF; - if( ctx->total[0] < (uint32_t) ilen ) + if (ctx->total[0] < (uint32_t) ilen) { ctx->total[1]++; + } - if( left && ilen >= fill ) - { - memcpy( (void *) (ctx->buffer + left), - (void *) input, fill ); + if (left && ilen >= fill) { + memcpy((void *) (ctx->buffer + left), + (void *) input, fill); - if( ( ret = mbedtls_internal_md4_process( ctx, ctx->buffer ) ) != 0 ) - return( ret ); + if ((ret = mbedtls_internal_md4_process(ctx, ctx->buffer)) != 0) { + return ret; + } input += fill; ilen -= fill; left = 0; } - while( ilen >= 64 ) - { - if( ( ret = mbedtls_internal_md4_process( ctx, input ) ) != 0 ) - return( ret ); + while (ilen >= 64) { + if ((ret = mbedtls_internal_md4_process(ctx, input)) != 0) { + return ret; + } input += 64; ilen -= 64; } - if( ilen > 0 ) - { - memcpy( (void *) (ctx->buffer + left), - (void *) input, ilen ); + if (ilen > 0) { + memcpy((void *) (ctx->buffer + left), + (void *) input, ilen); } - return( 0 ); + return 0; } #if !defined(MBEDTLS_DEPRECATED_REMOVED) -void mbedtls_md4_update( mbedtls_md4_context *ctx, - const unsigned char *input, - size_t ilen ) +void mbedtls_md4_update(mbedtls_md4_context *ctx, + const unsigned char *input, + size_t ilen) { - mbedtls_md4_update_ret( ctx, input, ilen ); + mbedtls_md4_update_ret(ctx, input, ilen); } #endif static const unsigned char md4_padding[64] = { - 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 @@ -291,45 +292,47 @@ static const unsigned char md4_padding[64] = /* * MD4 final digest */ -int mbedtls_md4_finish_ret( mbedtls_md4_context *ctx, - unsigned char output[16] ) +int mbedtls_md4_finish_ret(mbedtls_md4_context *ctx, + unsigned char output[16]) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; uint32_t last, padn; uint32_t high, low; unsigned char msglen[8]; - high = ( ctx->total[0] >> 29 ) - | ( ctx->total[1] << 3 ); - low = ( ctx->total[0] << 3 ); + high = (ctx->total[0] >> 29) + | (ctx->total[1] << 3); + low = (ctx->total[0] << 3); - MBEDTLS_PUT_UINT32_LE( low, msglen, 0 ); - MBEDTLS_PUT_UINT32_LE( high, msglen, 4 ); + MBEDTLS_PUT_UINT32_LE(low, msglen, 0); + MBEDTLS_PUT_UINT32_LE(high, msglen, 4); last = ctx->total[0] & 0x3F; - padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last ); + padn = (last < 56) ? (56 - last) : (120 - last); - ret = mbedtls_md4_update_ret( ctx, (unsigned char *)md4_padding, padn ); - if( ret != 0 ) - return( ret ); + ret = mbedtls_md4_update_ret(ctx, (unsigned char *) md4_padding, padn); + if (ret != 0) { + return ret; + } - if( ( ret = mbedtls_md4_update_ret( ctx, msglen, 8 ) ) != 0 ) - return( ret ); + if ((ret = mbedtls_md4_update_ret(ctx, msglen, 8)) != 0) { + return ret; + } - MBEDTLS_PUT_UINT32_LE( ctx->state[0], output, 0 ); - MBEDTLS_PUT_UINT32_LE( ctx->state[1], output, 4 ); - MBEDTLS_PUT_UINT32_LE( ctx->state[2], output, 8 ); - MBEDTLS_PUT_UINT32_LE( ctx->state[3], output, 12 ); + MBEDTLS_PUT_UINT32_LE(ctx->state[0], output, 0); + MBEDTLS_PUT_UINT32_LE(ctx->state[1], output, 4); + MBEDTLS_PUT_UINT32_LE(ctx->state[2], output, 8); + MBEDTLS_PUT_UINT32_LE(ctx->state[3], output, 12); - return( 0 ); + return 0; } #if !defined(MBEDTLS_DEPRECATED_REMOVED) -void mbedtls_md4_finish( mbedtls_md4_context *ctx, - unsigned char output[16] ) +void mbedtls_md4_finish(mbedtls_md4_context *ctx, + unsigned char output[16]) { - mbedtls_md4_finish_ret( ctx, output ); + mbedtls_md4_finish_ret(ctx, output); } #endif @@ -338,36 +341,39 @@ void mbedtls_md4_finish( mbedtls_md4_context *ctx, /* * output = MD4( input buffer ) */ -int mbedtls_md4_ret( const unsigned char *input, - size_t ilen, - unsigned char output[16] ) +int mbedtls_md4_ret(const unsigned char *input, + size_t ilen, + unsigned char output[16]) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_md4_context ctx; - mbedtls_md4_init( &ctx ); + mbedtls_md4_init(&ctx); - if( ( ret = mbedtls_md4_starts_ret( &ctx ) ) != 0 ) + if ((ret = mbedtls_md4_starts_ret(&ctx)) != 0) { goto exit; + } - if( ( ret = mbedtls_md4_update_ret( &ctx, input, ilen ) ) != 0 ) + if ((ret = mbedtls_md4_update_ret(&ctx, input, ilen)) != 0) { goto exit; + } - if( ( ret = mbedtls_md4_finish_ret( &ctx, output ) ) != 0 ) + if ((ret = mbedtls_md4_finish_ret(&ctx, output)) != 0) { goto exit; + } exit: - mbedtls_md4_free( &ctx ); + mbedtls_md4_free(&ctx); - return( ret ); + return ret; } #if !defined(MBEDTLS_DEPRECATED_REMOVED) -void mbedtls_md4( const unsigned char *input, - size_t ilen, - unsigned char output[16] ) +void mbedtls_md4(const unsigned char *input, + size_t ilen, + unsigned char output[16]) { - mbedtls_md4_ret( input, ilen, output ); + mbedtls_md4_ret(input, ilen, output); } #endif @@ -413,40 +419,43 @@ static const unsigned char md4_test_sum[7][16] = /* * Checkup routine */ -int mbedtls_md4_self_test( int verbose ) +int mbedtls_md4_self_test(int verbose) { int i, ret = 0; unsigned char md4sum[16]; - for( i = 0; i < 7; i++ ) - { - if( verbose != 0 ) - mbedtls_printf( " MD4 test #%d: ", i + 1 ); + for (i = 0; i < 7; i++) { + if (verbose != 0) { + mbedtls_printf(" MD4 test #%d: ", i + 1); + } - ret = mbedtls_md4_ret( md4_test_str[i], md4_test_strlen[i], md4sum ); - if( ret != 0 ) + ret = mbedtls_md4_ret(md4_test_str[i], md4_test_strlen[i], md4sum); + if (ret != 0) { goto fail; + } - if( memcmp( md4sum, md4_test_sum[i], 16 ) != 0 ) - { + if (memcmp(md4sum, md4_test_sum[i], 16) != 0) { ret = 1; goto fail; } - if( verbose != 0 ) - mbedtls_printf( "passed\n" ); + if (verbose != 0) { + mbedtls_printf("passed\n"); + } } - if( verbose != 0 ) - mbedtls_printf( "\n" ); + if (verbose != 0) { + mbedtls_printf("\n"); + } - return( 0 ); + return 0; fail: - if( verbose != 0 ) - mbedtls_printf( "failed\n" ); + if (verbose != 0) { + mbedtls_printf("failed\n"); + } - return( ret ); + return ret; } #endif /* MBEDTLS_SELF_TEST */ diff --git a/thirdparty/mbedtls/library/md5.c b/thirdparty/mbedtls/library/md5.c index e53bfe6306..fb47486fe1 100644 --- a/thirdparty/mbedtls/library/md5.c +++ b/thirdparty/mbedtls/library/md5.c @@ -36,21 +36,22 @@ #if !defined(MBEDTLS_MD5_ALT) -void mbedtls_md5_init( mbedtls_md5_context *ctx ) +void mbedtls_md5_init(mbedtls_md5_context *ctx) { - memset( ctx, 0, sizeof( mbedtls_md5_context ) ); + memset(ctx, 0, sizeof(mbedtls_md5_context)); } -void mbedtls_md5_free( mbedtls_md5_context *ctx ) +void mbedtls_md5_free(mbedtls_md5_context *ctx) { - if( ctx == NULL ) + if (ctx == NULL) { return; + } - mbedtls_platform_zeroize( ctx, sizeof( mbedtls_md5_context ) ); + mbedtls_platform_zeroize(ctx, sizeof(mbedtls_md5_context)); } -void mbedtls_md5_clone( mbedtls_md5_context *dst, - const mbedtls_md5_context *src ) +void mbedtls_md5_clone(mbedtls_md5_context *dst, + const mbedtls_md5_context *src) { *dst = *src; } @@ -58,7 +59,7 @@ void mbedtls_md5_clone( mbedtls_md5_context *dst, /* * MD5 context setup */ -int mbedtls_md5_starts_ret( mbedtls_md5_context *ctx ) +int mbedtls_md5_starts_ret(mbedtls_md5_context *ctx) { ctx->total[0] = 0; ctx->total[1] = 0; @@ -68,138 +69,137 @@ int mbedtls_md5_starts_ret( mbedtls_md5_context *ctx ) ctx->state[2] = 0x98BADCFE; ctx->state[3] = 0x10325476; - return( 0 ); + return 0; } #if !defined(MBEDTLS_DEPRECATED_REMOVED) -void mbedtls_md5_starts( mbedtls_md5_context *ctx ) +void mbedtls_md5_starts(mbedtls_md5_context *ctx) { - mbedtls_md5_starts_ret( ctx ); + mbedtls_md5_starts_ret(ctx); } #endif #if !defined(MBEDTLS_MD5_PROCESS_ALT) -int mbedtls_internal_md5_process( mbedtls_md5_context *ctx, - const unsigned char data[64] ) +int mbedtls_internal_md5_process(mbedtls_md5_context *ctx, + const unsigned char data[64]) { - struct - { + struct { uint32_t X[16], A, B, C, D; } local; - local.X[ 0] = MBEDTLS_GET_UINT32_LE( data, 0 ); - local.X[ 1] = MBEDTLS_GET_UINT32_LE( data, 4 ); - local.X[ 2] = MBEDTLS_GET_UINT32_LE( data, 8 ); - local.X[ 3] = MBEDTLS_GET_UINT32_LE( data, 12 ); - local.X[ 4] = MBEDTLS_GET_UINT32_LE( data, 16 ); - local.X[ 5] = MBEDTLS_GET_UINT32_LE( data, 20 ); - local.X[ 6] = MBEDTLS_GET_UINT32_LE( data, 24 ); - local.X[ 7] = MBEDTLS_GET_UINT32_LE( data, 28 ); - local.X[ 8] = MBEDTLS_GET_UINT32_LE( data, 32 ); - local.X[ 9] = MBEDTLS_GET_UINT32_LE( data, 36 ); - local.X[10] = MBEDTLS_GET_UINT32_LE( data, 40 ); - local.X[11] = MBEDTLS_GET_UINT32_LE( data, 44 ); - local.X[12] = MBEDTLS_GET_UINT32_LE( data, 48 ); - local.X[13] = MBEDTLS_GET_UINT32_LE( data, 52 ); - local.X[14] = MBEDTLS_GET_UINT32_LE( data, 56 ); - local.X[15] = MBEDTLS_GET_UINT32_LE( data, 60 ); - -#define S(x,n) \ - ( ( (x) << (n) ) | ( ( (x) & 0xFFFFFFFF) >> ( 32 - (n) ) ) ) - -#define P(a,b,c,d,k,s,t) \ + local.X[0] = MBEDTLS_GET_UINT32_LE(data, 0); + local.X[1] = MBEDTLS_GET_UINT32_LE(data, 4); + local.X[2] = MBEDTLS_GET_UINT32_LE(data, 8); + local.X[3] = MBEDTLS_GET_UINT32_LE(data, 12); + local.X[4] = MBEDTLS_GET_UINT32_LE(data, 16); + local.X[5] = MBEDTLS_GET_UINT32_LE(data, 20); + local.X[6] = MBEDTLS_GET_UINT32_LE(data, 24); + local.X[7] = MBEDTLS_GET_UINT32_LE(data, 28); + local.X[8] = MBEDTLS_GET_UINT32_LE(data, 32); + local.X[9] = MBEDTLS_GET_UINT32_LE(data, 36); + local.X[10] = MBEDTLS_GET_UINT32_LE(data, 40); + local.X[11] = MBEDTLS_GET_UINT32_LE(data, 44); + local.X[12] = MBEDTLS_GET_UINT32_LE(data, 48); + local.X[13] = MBEDTLS_GET_UINT32_LE(data, 52); + local.X[14] = MBEDTLS_GET_UINT32_LE(data, 56); + local.X[15] = MBEDTLS_GET_UINT32_LE(data, 60); + +#define S(x, n) \ + (((x) << (n)) | (((x) & 0xFFFFFFFF) >> (32 - (n)))) + +#define P(a, b, c, d, k, s, t) \ do \ { \ - (a) += F((b),(c),(d)) + local.X[(k)] + (t); \ - (a) = S((a),(s)) + (b); \ - } while( 0 ) + (a) += F((b), (c), (d)) + local.X[(k)] + (t); \ + (a) = S((a), (s)) + (b); \ + } while (0) local.A = ctx->state[0]; local.B = ctx->state[1]; local.C = ctx->state[2]; local.D = ctx->state[3]; -#define F(x,y,z) ((z) ^ ((x) & ((y) ^ (z)))) - - P( local.A, local.B, local.C, local.D, 0, 7, 0xD76AA478 ); - P( local.D, local.A, local.B, local.C, 1, 12, 0xE8C7B756 ); - P( local.C, local.D, local.A, local.B, 2, 17, 0x242070DB ); - P( local.B, local.C, local.D, local.A, 3, 22, 0xC1BDCEEE ); - P( local.A, local.B, local.C, local.D, 4, 7, 0xF57C0FAF ); - P( local.D, local.A, local.B, local.C, 5, 12, 0x4787C62A ); - P( local.C, local.D, local.A, local.B, 6, 17, 0xA8304613 ); - P( local.B, local.C, local.D, local.A, 7, 22, 0xFD469501 ); - P( local.A, local.B, local.C, local.D, 8, 7, 0x698098D8 ); - P( local.D, local.A, local.B, local.C, 9, 12, 0x8B44F7AF ); - P( local.C, local.D, local.A, local.B, 10, 17, 0xFFFF5BB1 ); - P( local.B, local.C, local.D, local.A, 11, 22, 0x895CD7BE ); - P( local.A, local.B, local.C, local.D, 12, 7, 0x6B901122 ); - P( local.D, local.A, local.B, local.C, 13, 12, 0xFD987193 ); - P( local.C, local.D, local.A, local.B, 14, 17, 0xA679438E ); - P( local.B, local.C, local.D, local.A, 15, 22, 0x49B40821 ); +#define F(x, y, z) ((z) ^ ((x) & ((y) ^ (z)))) + + P(local.A, local.B, local.C, local.D, 0, 7, 0xD76AA478); + P(local.D, local.A, local.B, local.C, 1, 12, 0xE8C7B756); + P(local.C, local.D, local.A, local.B, 2, 17, 0x242070DB); + P(local.B, local.C, local.D, local.A, 3, 22, 0xC1BDCEEE); + P(local.A, local.B, local.C, local.D, 4, 7, 0xF57C0FAF); + P(local.D, local.A, local.B, local.C, 5, 12, 0x4787C62A); + P(local.C, local.D, local.A, local.B, 6, 17, 0xA8304613); + P(local.B, local.C, local.D, local.A, 7, 22, 0xFD469501); + P(local.A, local.B, local.C, local.D, 8, 7, 0x698098D8); + P(local.D, local.A, local.B, local.C, 9, 12, 0x8B44F7AF); + P(local.C, local.D, local.A, local.B, 10, 17, 0xFFFF5BB1); + P(local.B, local.C, local.D, local.A, 11, 22, 0x895CD7BE); + P(local.A, local.B, local.C, local.D, 12, 7, 0x6B901122); + P(local.D, local.A, local.B, local.C, 13, 12, 0xFD987193); + P(local.C, local.D, local.A, local.B, 14, 17, 0xA679438E); + P(local.B, local.C, local.D, local.A, 15, 22, 0x49B40821); #undef F -#define F(x,y,z) ((y) ^ ((z) & ((x) ^ (y)))) - - P( local.A, local.B, local.C, local.D, 1, 5, 0xF61E2562 ); - P( local.D, local.A, local.B, local.C, 6, 9, 0xC040B340 ); - P( local.C, local.D, local.A, local.B, 11, 14, 0x265E5A51 ); - P( local.B, local.C, local.D, local.A, 0, 20, 0xE9B6C7AA ); - P( local.A, local.B, local.C, local.D, 5, 5, 0xD62F105D ); - P( local.D, local.A, local.B, local.C, 10, 9, 0x02441453 ); - P( local.C, local.D, local.A, local.B, 15, 14, 0xD8A1E681 ); - P( local.B, local.C, local.D, local.A, 4, 20, 0xE7D3FBC8 ); - P( local.A, local.B, local.C, local.D, 9, 5, 0x21E1CDE6 ); - P( local.D, local.A, local.B, local.C, 14, 9, 0xC33707D6 ); - P( local.C, local.D, local.A, local.B, 3, 14, 0xF4D50D87 ); - P( local.B, local.C, local.D, local.A, 8, 20, 0x455A14ED ); - P( local.A, local.B, local.C, local.D, 13, 5, 0xA9E3E905 ); - P( local.D, local.A, local.B, local.C, 2, 9, 0xFCEFA3F8 ); - P( local.C, local.D, local.A, local.B, 7, 14, 0x676F02D9 ); - P( local.B, local.C, local.D, local.A, 12, 20, 0x8D2A4C8A ); +#define F(x, y, z) ((y) ^ ((z) & ((x) ^ (y)))) + + P(local.A, local.B, local.C, local.D, 1, 5, 0xF61E2562); + P(local.D, local.A, local.B, local.C, 6, 9, 0xC040B340); + P(local.C, local.D, local.A, local.B, 11, 14, 0x265E5A51); + P(local.B, local.C, local.D, local.A, 0, 20, 0xE9B6C7AA); + P(local.A, local.B, local.C, local.D, 5, 5, 0xD62F105D); + P(local.D, local.A, local.B, local.C, 10, 9, 0x02441453); + P(local.C, local.D, local.A, local.B, 15, 14, 0xD8A1E681); + P(local.B, local.C, local.D, local.A, 4, 20, 0xE7D3FBC8); + P(local.A, local.B, local.C, local.D, 9, 5, 0x21E1CDE6); + P(local.D, local.A, local.B, local.C, 14, 9, 0xC33707D6); + P(local.C, local.D, local.A, local.B, 3, 14, 0xF4D50D87); + P(local.B, local.C, local.D, local.A, 8, 20, 0x455A14ED); + P(local.A, local.B, local.C, local.D, 13, 5, 0xA9E3E905); + P(local.D, local.A, local.B, local.C, 2, 9, 0xFCEFA3F8); + P(local.C, local.D, local.A, local.B, 7, 14, 0x676F02D9); + P(local.B, local.C, local.D, local.A, 12, 20, 0x8D2A4C8A); #undef F -#define F(x,y,z) ((x) ^ (y) ^ (z)) - - P( local.A, local.B, local.C, local.D, 5, 4, 0xFFFA3942 ); - P( local.D, local.A, local.B, local.C, 8, 11, 0x8771F681 ); - P( local.C, local.D, local.A, local.B, 11, 16, 0x6D9D6122 ); - P( local.B, local.C, local.D, local.A, 14, 23, 0xFDE5380C ); - P( local.A, local.B, local.C, local.D, 1, 4, 0xA4BEEA44 ); - P( local.D, local.A, local.B, local.C, 4, 11, 0x4BDECFA9 ); - P( local.C, local.D, local.A, local.B, 7, 16, 0xF6BB4B60 ); - P( local.B, local.C, local.D, local.A, 10, 23, 0xBEBFBC70 ); - P( local.A, local.B, local.C, local.D, 13, 4, 0x289B7EC6 ); - P( local.D, local.A, local.B, local.C, 0, 11, 0xEAA127FA ); - P( local.C, local.D, local.A, local.B, 3, 16, 0xD4EF3085 ); - P( local.B, local.C, local.D, local.A, 6, 23, 0x04881D05 ); - P( local.A, local.B, local.C, local.D, 9, 4, 0xD9D4D039 ); - P( local.D, local.A, local.B, local.C, 12, 11, 0xE6DB99E5 ); - P( local.C, local.D, local.A, local.B, 15, 16, 0x1FA27CF8 ); - P( local.B, local.C, local.D, local.A, 2, 23, 0xC4AC5665 ); +#define F(x, y, z) ((x) ^ (y) ^ (z)) + + P(local.A, local.B, local.C, local.D, 5, 4, 0xFFFA3942); + P(local.D, local.A, local.B, local.C, 8, 11, 0x8771F681); + P(local.C, local.D, local.A, local.B, 11, 16, 0x6D9D6122); + P(local.B, local.C, local.D, local.A, 14, 23, 0xFDE5380C); + P(local.A, local.B, local.C, local.D, 1, 4, 0xA4BEEA44); + P(local.D, local.A, local.B, local.C, 4, 11, 0x4BDECFA9); + P(local.C, local.D, local.A, local.B, 7, 16, 0xF6BB4B60); + P(local.B, local.C, local.D, local.A, 10, 23, 0xBEBFBC70); + P(local.A, local.B, local.C, local.D, 13, 4, 0x289B7EC6); + P(local.D, local.A, local.B, local.C, 0, 11, 0xEAA127FA); + P(local.C, local.D, local.A, local.B, 3, 16, 0xD4EF3085); + P(local.B, local.C, local.D, local.A, 6, 23, 0x04881D05); + P(local.A, local.B, local.C, local.D, 9, 4, 0xD9D4D039); + P(local.D, local.A, local.B, local.C, 12, 11, 0xE6DB99E5); + P(local.C, local.D, local.A, local.B, 15, 16, 0x1FA27CF8); + P(local.B, local.C, local.D, local.A, 2, 23, 0xC4AC5665); #undef F -#define F(x,y,z) ((y) ^ ((x) | ~(z))) - - P( local.A, local.B, local.C, local.D, 0, 6, 0xF4292244 ); - P( local.D, local.A, local.B, local.C, 7, 10, 0x432AFF97 ); - P( local.C, local.D, local.A, local.B, 14, 15, 0xAB9423A7 ); - P( local.B, local.C, local.D, local.A, 5, 21, 0xFC93A039 ); - P( local.A, local.B, local.C, local.D, 12, 6, 0x655B59C3 ); - P( local.D, local.A, local.B, local.C, 3, 10, 0x8F0CCC92 ); - P( local.C, local.D, local.A, local.B, 10, 15, 0xFFEFF47D ); - P( local.B, local.C, local.D, local.A, 1, 21, 0x85845DD1 ); - P( local.A, local.B, local.C, local.D, 8, 6, 0x6FA87E4F ); - P( local.D, local.A, local.B, local.C, 15, 10, 0xFE2CE6E0 ); - P( local.C, local.D, local.A, local.B, 6, 15, 0xA3014314 ); - P( local.B, local.C, local.D, local.A, 13, 21, 0x4E0811A1 ); - P( local.A, local.B, local.C, local.D, 4, 6, 0xF7537E82 ); - P( local.D, local.A, local.B, local.C, 11, 10, 0xBD3AF235 ); - P( local.C, local.D, local.A, local.B, 2, 15, 0x2AD7D2BB ); - P( local.B, local.C, local.D, local.A, 9, 21, 0xEB86D391 ); +#define F(x, y, z) ((y) ^ ((x) | ~(z))) + + P(local.A, local.B, local.C, local.D, 0, 6, 0xF4292244); + P(local.D, local.A, local.B, local.C, 7, 10, 0x432AFF97); + P(local.C, local.D, local.A, local.B, 14, 15, 0xAB9423A7); + P(local.B, local.C, local.D, local.A, 5, 21, 0xFC93A039); + P(local.A, local.B, local.C, local.D, 12, 6, 0x655B59C3); + P(local.D, local.A, local.B, local.C, 3, 10, 0x8F0CCC92); + P(local.C, local.D, local.A, local.B, 10, 15, 0xFFEFF47D); + P(local.B, local.C, local.D, local.A, 1, 21, 0x85845DD1); + P(local.A, local.B, local.C, local.D, 8, 6, 0x6FA87E4F); + P(local.D, local.A, local.B, local.C, 15, 10, 0xFE2CE6E0); + P(local.C, local.D, local.A, local.B, 6, 15, 0xA3014314); + P(local.B, local.C, local.D, local.A, 13, 21, 0x4E0811A1); + P(local.A, local.B, local.C, local.D, 4, 6, 0xF7537E82); + P(local.D, local.A, local.B, local.C, 11, 10, 0xBD3AF235); + P(local.C, local.D, local.A, local.B, 2, 15, 0x2AD7D2BB); + P(local.B, local.C, local.D, local.A, 9, 21, 0xEB86D391); #undef F @@ -209,16 +209,16 @@ int mbedtls_internal_md5_process( mbedtls_md5_context *ctx, ctx->state[3] += local.D; /* Zeroise variables to clear sensitive data from memory. */ - mbedtls_platform_zeroize( &local, sizeof( local ) ); + mbedtls_platform_zeroize(&local, sizeof(local)); - return( 0 ); + return 0; } #if !defined(MBEDTLS_DEPRECATED_REMOVED) -void mbedtls_md5_process( mbedtls_md5_context *ctx, - const unsigned char data[64] ) +void mbedtls_md5_process(mbedtls_md5_context *ctx, + const unsigned char data[64]) { - mbedtls_internal_md5_process( ctx, data ); + mbedtls_internal_md5_process(ctx, data); } #endif #endif /* !MBEDTLS_MD5_PROCESS_ALT */ @@ -226,16 +226,17 @@ void mbedtls_md5_process( mbedtls_md5_context *ctx, /* * MD5 process buffer */ -int mbedtls_md5_update_ret( mbedtls_md5_context *ctx, - const unsigned char *input, - size_t ilen ) +int mbedtls_md5_update_ret(mbedtls_md5_context *ctx, + const unsigned char *input, + size_t ilen) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t fill; uint32_t left; - if( ilen == 0 ) - return( 0 ); + if (ilen == 0) { + return 0; + } left = ctx->total[0] & 0x3F; fill = 64 - left; @@ -243,51 +244,51 @@ int mbedtls_md5_update_ret( mbedtls_md5_context *ctx, ctx->total[0] += (uint32_t) ilen; ctx->total[0] &= 0xFFFFFFFF; - if( ctx->total[0] < (uint32_t) ilen ) + if (ctx->total[0] < (uint32_t) ilen) { ctx->total[1]++; + } - if( left && ilen >= fill ) - { - memcpy( (void *) (ctx->buffer + left), input, fill ); - if( ( ret = mbedtls_internal_md5_process( ctx, ctx->buffer ) ) != 0 ) - return( ret ); + if (left && ilen >= fill) { + memcpy((void *) (ctx->buffer + left), input, fill); + if ((ret = mbedtls_internal_md5_process(ctx, ctx->buffer)) != 0) { + return ret; + } input += fill; ilen -= fill; left = 0; } - while( ilen >= 64 ) - { - if( ( ret = mbedtls_internal_md5_process( ctx, input ) ) != 0 ) - return( ret ); + while (ilen >= 64) { + if ((ret = mbedtls_internal_md5_process(ctx, input)) != 0) { + return ret; + } input += 64; ilen -= 64; } - if( ilen > 0 ) - { - memcpy( (void *) (ctx->buffer + left), input, ilen ); + if (ilen > 0) { + memcpy((void *) (ctx->buffer + left), input, ilen); } - return( 0 ); + return 0; } #if !defined(MBEDTLS_DEPRECATED_REMOVED) -void mbedtls_md5_update( mbedtls_md5_context *ctx, - const unsigned char *input, - size_t ilen ) +void mbedtls_md5_update(mbedtls_md5_context *ctx, + const unsigned char *input, + size_t ilen) { - mbedtls_md5_update_ret( ctx, input, ilen ); + mbedtls_md5_update_ret(ctx, input, ilen); } #endif /* * MD5 final digest */ -int mbedtls_md5_finish_ret( mbedtls_md5_context *ctx, - unsigned char output[16] ) +int mbedtls_md5_finish_ret(mbedtls_md5_context *ctx, + unsigned char output[16]) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; uint32_t used; @@ -300,51 +301,50 @@ int mbedtls_md5_finish_ret( mbedtls_md5_context *ctx, ctx->buffer[used++] = 0x80; - if( used <= 56 ) - { + if (used <= 56) { /* Enough room for padding + length in current block */ - memset( ctx->buffer + used, 0, 56 - used ); - } - else - { + memset(ctx->buffer + used, 0, 56 - used); + } else { /* We'll need an extra block */ - memset( ctx->buffer + used, 0, 64 - used ); + memset(ctx->buffer + used, 0, 64 - used); - if( ( ret = mbedtls_internal_md5_process( ctx, ctx->buffer ) ) != 0 ) - return( ret ); + if ((ret = mbedtls_internal_md5_process(ctx, ctx->buffer)) != 0) { + return ret; + } - memset( ctx->buffer, 0, 56 ); + memset(ctx->buffer, 0, 56); } /* * Add message length */ - high = ( ctx->total[0] >> 29 ) - | ( ctx->total[1] << 3 ); - low = ( ctx->total[0] << 3 ); + high = (ctx->total[0] >> 29) + | (ctx->total[1] << 3); + low = (ctx->total[0] << 3); - MBEDTLS_PUT_UINT32_LE( low, ctx->buffer, 56 ); - MBEDTLS_PUT_UINT32_LE( high, ctx->buffer, 60 ); + MBEDTLS_PUT_UINT32_LE(low, ctx->buffer, 56); + MBEDTLS_PUT_UINT32_LE(high, ctx->buffer, 60); - if( ( ret = mbedtls_internal_md5_process( ctx, ctx->buffer ) ) != 0 ) - return( ret ); + if ((ret = mbedtls_internal_md5_process(ctx, ctx->buffer)) != 0) { + return ret; + } /* * Output final state */ - MBEDTLS_PUT_UINT32_LE( ctx->state[0], output, 0 ); - MBEDTLS_PUT_UINT32_LE( ctx->state[1], output, 4 ); - MBEDTLS_PUT_UINT32_LE( ctx->state[2], output, 8 ); - MBEDTLS_PUT_UINT32_LE( ctx->state[3], output, 12 ); + MBEDTLS_PUT_UINT32_LE(ctx->state[0], output, 0); + MBEDTLS_PUT_UINT32_LE(ctx->state[1], output, 4); + MBEDTLS_PUT_UINT32_LE(ctx->state[2], output, 8); + MBEDTLS_PUT_UINT32_LE(ctx->state[3], output, 12); - return( 0 ); + return 0; } #if !defined(MBEDTLS_DEPRECATED_REMOVED) -void mbedtls_md5_finish( mbedtls_md5_context *ctx, - unsigned char output[16] ) +void mbedtls_md5_finish(mbedtls_md5_context *ctx, + unsigned char output[16]) { - mbedtls_md5_finish_ret( ctx, output ); + mbedtls_md5_finish_ret(ctx, output); } #endif @@ -353,36 +353,39 @@ void mbedtls_md5_finish( mbedtls_md5_context *ctx, /* * output = MD5( input buffer ) */ -int mbedtls_md5_ret( const unsigned char *input, - size_t ilen, - unsigned char output[16] ) +int mbedtls_md5_ret(const unsigned char *input, + size_t ilen, + unsigned char output[16]) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_md5_context ctx; - mbedtls_md5_init( &ctx ); + mbedtls_md5_init(&ctx); - if( ( ret = mbedtls_md5_starts_ret( &ctx ) ) != 0 ) + if ((ret = mbedtls_md5_starts_ret(&ctx)) != 0) { goto exit; + } - if( ( ret = mbedtls_md5_update_ret( &ctx, input, ilen ) ) != 0 ) + if ((ret = mbedtls_md5_update_ret(&ctx, input, ilen)) != 0) { goto exit; + } - if( ( ret = mbedtls_md5_finish_ret( &ctx, output ) ) != 0 ) + if ((ret = mbedtls_md5_finish_ret(&ctx, output)) != 0) { goto exit; + } exit: - mbedtls_md5_free( &ctx ); + mbedtls_md5_free(&ctx); - return( ret ); + return ret; } #if !defined(MBEDTLS_DEPRECATED_REMOVED) -void mbedtls_md5( const unsigned char *input, - size_t ilen, - unsigned char output[16] ) +void mbedtls_md5(const unsigned char *input, + size_t ilen, + unsigned char output[16]) { - mbedtls_md5_ret( input, ilen, output ); + mbedtls_md5_ret(input, ilen, output); } #endif @@ -427,40 +430,43 @@ static const unsigned char md5_test_sum[7][16] = /* * Checkup routine */ -int mbedtls_md5_self_test( int verbose ) +int mbedtls_md5_self_test(int verbose) { int i, ret = 0; unsigned char md5sum[16]; - for( i = 0; i < 7; i++ ) - { - if( verbose != 0 ) - mbedtls_printf( " MD5 test #%d: ", i + 1 ); + for (i = 0; i < 7; i++) { + if (verbose != 0) { + mbedtls_printf(" MD5 test #%d: ", i + 1); + } - ret = mbedtls_md5_ret( md5_test_buf[i], md5_test_buflen[i], md5sum ); - if( ret != 0 ) + ret = mbedtls_md5_ret(md5_test_buf[i], md5_test_buflen[i], md5sum); + if (ret != 0) { goto fail; + } - if( memcmp( md5sum, md5_test_sum[i], 16 ) != 0 ) - { + if (memcmp(md5sum, md5_test_sum[i], 16) != 0) { ret = 1; goto fail; } - if( verbose != 0 ) - mbedtls_printf( "passed\n" ); + if (verbose != 0) { + mbedtls_printf("passed\n"); + } } - if( verbose != 0 ) - mbedtls_printf( "\n" ); + if (verbose != 0) { + mbedtls_printf("\n"); + } - return( 0 ); + return 0; fail: - if( verbose != 0 ) - mbedtls_printf( "failed\n" ); + if (verbose != 0) { + mbedtls_printf("failed\n"); + } - return( ret ); + return ret; } #endif /* MBEDTLS_SELF_TEST */ diff --git a/thirdparty/mbedtls/library/memory_buffer_alloc.c b/thirdparty/mbedtls/library/memory_buffer_alloc.c index cc62324bdc..bdde4e0ba4 100644 --- a/thirdparty/mbedtls/library/memory_buffer_alloc.c +++ b/thirdparty/mbedtls/library/memory_buffer_alloc.c @@ -42,8 +42,7 @@ #define MAX_BT 20 typedef struct _memory_header memory_header; -struct _memory_header -{ +struct _memory_header { size_t magic1; size_t size; size_t alloc; @@ -58,8 +57,7 @@ struct _memory_header size_t magic2; }; -typedef struct -{ +typedef struct { unsigned char *buf; size_t len; memory_header *first; @@ -82,146 +80,135 @@ buffer_alloc_ctx; static buffer_alloc_ctx heap; #if defined(MBEDTLS_MEMORY_DEBUG) -static void debug_header( memory_header *hdr ) +static void debug_header(memory_header *hdr) { #if defined(MBEDTLS_MEMORY_BACKTRACE) size_t i; #endif - mbedtls_fprintf( stderr, "HDR: PTR(%10zu), PREV(%10zu), NEXT(%10zu), " - "ALLOC(%zu), SIZE(%10zu)\n", - (size_t) hdr, (size_t) hdr->prev, (size_t) hdr->next, - hdr->alloc, hdr->size ); - mbedtls_fprintf( stderr, " FPREV(%10zu), FNEXT(%10zu)\n", - (size_t) hdr->prev_free, (size_t) hdr->next_free ); + mbedtls_fprintf(stderr, "HDR: PTR(%10zu), PREV(%10zu), NEXT(%10zu), " + "ALLOC(%zu), SIZE(%10zu)\n", + (size_t) hdr, (size_t) hdr->prev, (size_t) hdr->next, + hdr->alloc, hdr->size); + mbedtls_fprintf(stderr, " FPREV(%10zu), FNEXT(%10zu)\n", + (size_t) hdr->prev_free, (size_t) hdr->next_free); #if defined(MBEDTLS_MEMORY_BACKTRACE) - mbedtls_fprintf( stderr, "TRACE: \n" ); - for( i = 0; i < hdr->trace_count; i++ ) - mbedtls_fprintf( stderr, "%s\n", hdr->trace[i] ); - mbedtls_fprintf( stderr, "\n" ); + mbedtls_fprintf(stderr, "TRACE: \n"); + for (i = 0; i < hdr->trace_count; i++) { + mbedtls_fprintf(stderr, "%s\n", hdr->trace[i]); + } + mbedtls_fprintf(stderr, "\n"); #endif } -static void debug_chain( void ) +static void debug_chain(void) { memory_header *cur = heap.first; - mbedtls_fprintf( stderr, "\nBlock list\n" ); - while( cur != NULL ) - { - debug_header( cur ); + mbedtls_fprintf(stderr, "\nBlock list\n"); + while (cur != NULL) { + debug_header(cur); cur = cur->next; } - mbedtls_fprintf( stderr, "Free list\n" ); + mbedtls_fprintf(stderr, "Free list\n"); cur = heap.first_free; - while( cur != NULL ) - { - debug_header( cur ); + while (cur != NULL) { + debug_header(cur); cur = cur->next_free; } } #endif /* MBEDTLS_MEMORY_DEBUG */ -static int verify_header( memory_header *hdr ) +static int verify_header(memory_header *hdr) { - if( hdr->magic1 != MAGIC1 ) - { + if (hdr->magic1 != MAGIC1) { #if defined(MBEDTLS_MEMORY_DEBUG) - mbedtls_fprintf( stderr, "FATAL: MAGIC1 mismatch\n" ); + mbedtls_fprintf(stderr, "FATAL: MAGIC1 mismatch\n"); #endif - return( 1 ); + return 1; } - if( hdr->magic2 != MAGIC2 ) - { + if (hdr->magic2 != MAGIC2) { #if defined(MBEDTLS_MEMORY_DEBUG) - mbedtls_fprintf( stderr, "FATAL: MAGIC2 mismatch\n" ); + mbedtls_fprintf(stderr, "FATAL: MAGIC2 mismatch\n"); #endif - return( 1 ); + return 1; } - if( hdr->alloc > 1 ) - { + if (hdr->alloc > 1) { #if defined(MBEDTLS_MEMORY_DEBUG) - mbedtls_fprintf( stderr, "FATAL: alloc has illegal value\n" ); + mbedtls_fprintf(stderr, "FATAL: alloc has illegal value\n"); #endif - return( 1 ); + return 1; } - if( hdr->prev != NULL && hdr->prev == hdr->next ) - { + if (hdr->prev != NULL && hdr->prev == hdr->next) { #if defined(MBEDTLS_MEMORY_DEBUG) - mbedtls_fprintf( stderr, "FATAL: prev == next\n" ); + mbedtls_fprintf(stderr, "FATAL: prev == next\n"); #endif - return( 1 ); + return 1; } - if( hdr->prev_free != NULL && hdr->prev_free == hdr->next_free ) - { + if (hdr->prev_free != NULL && hdr->prev_free == hdr->next_free) { #if defined(MBEDTLS_MEMORY_DEBUG) - mbedtls_fprintf( stderr, "FATAL: prev_free == next_free\n" ); + mbedtls_fprintf(stderr, "FATAL: prev_free == next_free\n"); #endif - return( 1 ); + return 1; } - return( 0 ); + return 0; } -static int verify_chain( void ) +static int verify_chain(void) { memory_header *prv = heap.first, *cur; - if( prv == NULL || verify_header( prv ) != 0 ) - { + if (prv == NULL || verify_header(prv) != 0) { #if defined(MBEDTLS_MEMORY_DEBUG) - mbedtls_fprintf( stderr, "FATAL: verification of first header " - "failed\n" ); + mbedtls_fprintf(stderr, "FATAL: verification of first header " + "failed\n"); #endif - return( 1 ); + return 1; } - if( heap.first->prev != NULL ) - { + if (heap.first->prev != NULL) { #if defined(MBEDTLS_MEMORY_DEBUG) - mbedtls_fprintf( stderr, "FATAL: verification failed: " - "first->prev != NULL\n" ); + mbedtls_fprintf(stderr, "FATAL: verification failed: " + "first->prev != NULL\n"); #endif - return( 1 ); + return 1; } cur = heap.first->next; - while( cur != NULL ) - { - if( verify_header( cur ) != 0 ) - { + while (cur != NULL) { + if (verify_header(cur) != 0) { #if defined(MBEDTLS_MEMORY_DEBUG) - mbedtls_fprintf( stderr, "FATAL: verification of header " - "failed\n" ); + mbedtls_fprintf(stderr, "FATAL: verification of header " + "failed\n"); #endif - return( 1 ); + return 1; } - if( cur->prev != prv ) - { + if (cur->prev != prv) { #if defined(MBEDTLS_MEMORY_DEBUG) - mbedtls_fprintf( stderr, "FATAL: verification failed: " - "cur->prev != prv\n" ); + mbedtls_fprintf(stderr, "FATAL: verification failed: " + "cur->prev != prv\n"); #endif - return( 1 ); + return 1; } prv = cur; cur = cur->next; } - return( 0 ); + return 0; } -static void *buffer_alloc_calloc( size_t n, size_t size ) +static void *buffer_alloc_calloc(size_t n, size_t size) { memory_header *new, *cur = heap.first_free; unsigned char *p; @@ -232,42 +219,43 @@ static void *buffer_alloc_calloc( size_t n, size_t size ) size_t trace_cnt; #endif - if( heap.buf == NULL || heap.first == NULL ) - return( NULL ); + if (heap.buf == NULL || heap.first == NULL) { + return NULL; + } original_len = len = n * size; - if( n == 0 || size == 0 || len / n != size ) - return( NULL ); - else if( len > (size_t)-MBEDTLS_MEMORY_ALIGN_MULTIPLE ) - return( NULL ); + if (n == 0 || size == 0 || len / n != size) { + return NULL; + } else if (len > (size_t) -MBEDTLS_MEMORY_ALIGN_MULTIPLE) { + return NULL; + } - if( len % MBEDTLS_MEMORY_ALIGN_MULTIPLE ) - { + if (len % MBEDTLS_MEMORY_ALIGN_MULTIPLE) { len -= len % MBEDTLS_MEMORY_ALIGN_MULTIPLE; len += MBEDTLS_MEMORY_ALIGN_MULTIPLE; } // Find block that fits // - while( cur != NULL ) - { - if( cur->size >= len ) + while (cur != NULL) { + if (cur->size >= len) { break; + } cur = cur->next_free; } - if( cur == NULL ) - return( NULL ); + if (cur == NULL) { + return NULL; + } - if( cur->alloc != 0 ) - { + if (cur->alloc != 0) { #if defined(MBEDTLS_MEMORY_DEBUG) - mbedtls_fprintf( stderr, "FATAL: block in free_list but allocated " - "data\n" ); + mbedtls_fprintf(stderr, "FATAL: block in free_list but allocated " + "data\n"); #endif - mbedtls_exit( 1 ); + mbedtls_exit(1); } #if defined(MBEDTLS_MEMORY_DEBUG) @@ -276,45 +264,48 @@ static void *buffer_alloc_calloc( size_t n, size_t size ) // Found location, split block if > memory_header + 4 room left // - if( cur->size - len < sizeof(memory_header) + - MBEDTLS_MEMORY_ALIGN_MULTIPLE ) - { + if (cur->size - len < sizeof(memory_header) + + MBEDTLS_MEMORY_ALIGN_MULTIPLE) { cur->alloc = 1; // Remove from free_list // - if( cur->prev_free != NULL ) + if (cur->prev_free != NULL) { cur->prev_free->next_free = cur->next_free; - else + } else { heap.first_free = cur->next_free; + } - if( cur->next_free != NULL ) + if (cur->next_free != NULL) { cur->next_free->prev_free = cur->prev_free; + } cur->prev_free = NULL; cur->next_free = NULL; #if defined(MBEDTLS_MEMORY_DEBUG) heap.total_used += cur->size; - if( heap.total_used > heap.maximum_used ) + if (heap.total_used > heap.maximum_used) { heap.maximum_used = heap.total_used; + } #endif #if defined(MBEDTLS_MEMORY_BACKTRACE) - trace_cnt = backtrace( trace_buffer, MAX_BT ); - cur->trace = backtrace_symbols( trace_buffer, trace_cnt ); + trace_cnt = backtrace(trace_buffer, MAX_BT); + cur->trace = backtrace_symbols(trace_buffer, trace_cnt); cur->trace_count = trace_cnt; #endif - if( ( heap.verify & MBEDTLS_MEMORY_VERIFY_ALLOC ) && verify_chain() != 0 ) - mbedtls_exit( 1 ); + if ((heap.verify & MBEDTLS_MEMORY_VERIFY_ALLOC) && verify_chain() != 0) { + mbedtls_exit(1); + } - ret = (unsigned char *) cur + sizeof( memory_header ); - memset( ret, 0, original_len ); + ret = (unsigned char *) cur + sizeof(memory_header); + memset(ret, 0, original_len); - return( ret ); + return ret; } - p = ( (unsigned char *) cur ) + sizeof(memory_header) + len; + p = ((unsigned char *) cur) + sizeof(memory_header) + len; new = (memory_header *) p; new->size = cur->size - len - sizeof(memory_header); @@ -328,20 +319,23 @@ static void *buffer_alloc_calloc( size_t n, size_t size ) new->magic1 = MAGIC1; new->magic2 = MAGIC2; - if( new->next != NULL ) + if (new->next != NULL) { new->next->prev = new; + } // Replace cur with new in free_list // new->prev_free = cur->prev_free; new->next_free = cur->next_free; - if( new->prev_free != NULL ) + if (new->prev_free != NULL) { new->prev_free->next_free = new; - else + } else { heap.first_free = new; + } - if( new->next_free != NULL ) + if (new->next_free != NULL) { new->next_free->prev_free = new; + } cur->alloc = 1; cur->size = len; @@ -351,57 +345,60 @@ static void *buffer_alloc_calloc( size_t n, size_t size ) #if defined(MBEDTLS_MEMORY_DEBUG) heap.header_count++; - if( heap.header_count > heap.maximum_header_count ) + if (heap.header_count > heap.maximum_header_count) { heap.maximum_header_count = heap.header_count; + } heap.total_used += cur->size; - if( heap.total_used > heap.maximum_used ) + if (heap.total_used > heap.maximum_used) { heap.maximum_used = heap.total_used; + } #endif #if defined(MBEDTLS_MEMORY_BACKTRACE) - trace_cnt = backtrace( trace_buffer, MAX_BT ); - cur->trace = backtrace_symbols( trace_buffer, trace_cnt ); + trace_cnt = backtrace(trace_buffer, MAX_BT); + cur->trace = backtrace_symbols(trace_buffer, trace_cnt); cur->trace_count = trace_cnt; #endif - if( ( heap.verify & MBEDTLS_MEMORY_VERIFY_ALLOC ) && verify_chain() != 0 ) - mbedtls_exit( 1 ); + if ((heap.verify & MBEDTLS_MEMORY_VERIFY_ALLOC) && verify_chain() != 0) { + mbedtls_exit(1); + } - ret = (unsigned char *) cur + sizeof( memory_header ); - memset( ret, 0, original_len ); + ret = (unsigned char *) cur + sizeof(memory_header); + memset(ret, 0, original_len); - return( ret ); + return ret; } -static void buffer_alloc_free( void *ptr ) +static void buffer_alloc_free(void *ptr) { memory_header *hdr, *old = NULL; unsigned char *p = (unsigned char *) ptr; - if( ptr == NULL || heap.buf == NULL || heap.first == NULL ) + if (ptr == NULL || heap.buf == NULL || heap.first == NULL) { return; + } - if( p < heap.buf || p >= heap.buf + heap.len ) - { + if (p < heap.buf || p >= heap.buf + heap.len) { #if defined(MBEDTLS_MEMORY_DEBUG) - mbedtls_fprintf( stderr, "FATAL: mbedtls_free() outside of managed " - "space\n" ); + mbedtls_fprintf(stderr, "FATAL: mbedtls_free() outside of managed " + "space\n"); #endif - mbedtls_exit( 1 ); + mbedtls_exit(1); } p -= sizeof(memory_header); hdr = (memory_header *) p; - if( verify_header( hdr ) != 0 ) - mbedtls_exit( 1 ); + if (verify_header(hdr) != 0) { + mbedtls_exit(1); + } - if( hdr->alloc != 1 ) - { + if (hdr->alloc != 1) { #if defined(MBEDTLS_MEMORY_DEBUG) - mbedtls_fprintf( stderr, "FATAL: mbedtls_free() on unallocated " - "data\n" ); + mbedtls_fprintf(stderr, "FATAL: mbedtls_free() on unallocated " + "data\n"); #endif - mbedtls_exit( 1 ); + mbedtls_exit(1); } hdr->alloc = 0; @@ -412,15 +409,14 @@ static void buffer_alloc_free( void *ptr ) #endif #if defined(MBEDTLS_MEMORY_BACKTRACE) - free( hdr->trace ); + free(hdr->trace); hdr->trace = NULL; hdr->trace_count = 0; #endif // Regroup with block before // - if( hdr->prev != NULL && hdr->prev->alloc == 0 ) - { + if (hdr->prev != NULL && hdr->prev->alloc == 0) { #if defined(MBEDTLS_MEMORY_DEBUG) heap.header_count--; #endif @@ -429,16 +425,16 @@ static void buffer_alloc_free( void *ptr ) old = hdr; hdr = hdr->prev; - if( hdr->next != NULL ) + if (hdr->next != NULL) { hdr->next->prev = hdr; + } - memset( old, 0, sizeof(memory_header) ); + memset(old, 0, sizeof(memory_header)); } // Regroup with block after // - if( hdr->next != NULL && hdr->next->alloc == 0 ) - { + if (hdr->next != NULL && hdr->next->alloc == 0) { #if defined(MBEDTLS_MEMORY_DEBUG) heap.header_count--; #endif @@ -446,95 +442,97 @@ static void buffer_alloc_free( void *ptr ) old = hdr->next; hdr->next = hdr->next->next; - if( hdr->prev_free != NULL || hdr->next_free != NULL ) - { - if( hdr->prev_free != NULL ) + if (hdr->prev_free != NULL || hdr->next_free != NULL) { + if (hdr->prev_free != NULL) { hdr->prev_free->next_free = hdr->next_free; - else + } else { heap.first_free = hdr->next_free; + } - if( hdr->next_free != NULL ) + if (hdr->next_free != NULL) { hdr->next_free->prev_free = hdr->prev_free; + } } hdr->prev_free = old->prev_free; hdr->next_free = old->next_free; - if( hdr->prev_free != NULL ) + if (hdr->prev_free != NULL) { hdr->prev_free->next_free = hdr; - else + } else { heap.first_free = hdr; + } - if( hdr->next_free != NULL ) + if (hdr->next_free != NULL) { hdr->next_free->prev_free = hdr; + } - if( hdr->next != NULL ) + if (hdr->next != NULL) { hdr->next->prev = hdr; + } - memset( old, 0, sizeof(memory_header) ); + memset(old, 0, sizeof(memory_header)); } // Prepend to free_list if we have not merged // (Does not have to stay in same order as prev / next list) // - if( old == NULL ) - { + if (old == NULL) { hdr->next_free = heap.first_free; - if( heap.first_free != NULL ) + if (heap.first_free != NULL) { heap.first_free->prev_free = hdr; + } heap.first_free = hdr; } - if( ( heap.verify & MBEDTLS_MEMORY_VERIFY_FREE ) && verify_chain() != 0 ) - mbedtls_exit( 1 ); + if ((heap.verify & MBEDTLS_MEMORY_VERIFY_FREE) && verify_chain() != 0) { + mbedtls_exit(1); + } } -void mbedtls_memory_buffer_set_verify( int verify ) +void mbedtls_memory_buffer_set_verify(int verify) { heap.verify = verify; } -int mbedtls_memory_buffer_alloc_verify( void ) +int mbedtls_memory_buffer_alloc_verify(void) { return verify_chain(); } #if defined(MBEDTLS_MEMORY_DEBUG) -void mbedtls_memory_buffer_alloc_status( void ) +void mbedtls_memory_buffer_alloc_status(void) { - mbedtls_fprintf( stderr, - "Current use: %zu blocks / %zu bytes, max: %zu blocks / " - "%zu bytes (total %zu bytes), alloc / free: %zu / %zu\n", - heap.header_count, heap.total_used, - heap.maximum_header_count, heap.maximum_used, - heap.maximum_header_count * sizeof( memory_header ) - + heap.maximum_used, - heap.alloc_count, heap.free_count ); - - if( heap.first->next == NULL ) - { - mbedtls_fprintf( stderr, "All memory de-allocated in stack buffer\n" ); - } - else - { - mbedtls_fprintf( stderr, "Memory currently allocated:\n" ); + mbedtls_fprintf(stderr, + "Current use: %zu blocks / %zu bytes, max: %zu blocks / " + "%zu bytes (total %zu bytes), alloc / free: %zu / %zu\n", + heap.header_count, heap.total_used, + heap.maximum_header_count, heap.maximum_used, + heap.maximum_header_count * sizeof(memory_header) + + heap.maximum_used, + heap.alloc_count, heap.free_count); + + if (heap.first->next == NULL) { + mbedtls_fprintf(stderr, "All memory de-allocated in stack buffer\n"); + } else { + mbedtls_fprintf(stderr, "Memory currently allocated:\n"); debug_chain(); } } -void mbedtls_memory_buffer_alloc_max_get( size_t *max_used, size_t *max_blocks ) +void mbedtls_memory_buffer_alloc_max_get(size_t *max_used, size_t *max_blocks) { *max_used = heap.maximum_used; *max_blocks = heap.maximum_header_count; } -void mbedtls_memory_buffer_alloc_max_reset( void ) +void mbedtls_memory_buffer_alloc_max_reset(void) { heap.maximum_used = 0; heap.maximum_header_count = 0; } -void mbedtls_memory_buffer_alloc_cur_get( size_t *cur_used, size_t *cur_blocks ) +void mbedtls_memory_buffer_alloc_cur_get(size_t *cur_used, size_t *cur_blocks) { *cur_used = heap.total_used; *cur_blocks = heap.header_count; @@ -542,202 +540,211 @@ void mbedtls_memory_buffer_alloc_cur_get( size_t *cur_used, size_t *cur_blocks ) #endif /* MBEDTLS_MEMORY_DEBUG */ #if defined(MBEDTLS_THREADING_C) -static void *buffer_alloc_calloc_mutexed( size_t n, size_t size ) +static void *buffer_alloc_calloc_mutexed(size_t n, size_t size) { void *buf; - if( mbedtls_mutex_lock( &heap.mutex ) != 0 ) - return( NULL ); - buf = buffer_alloc_calloc( n, size ); - if( mbedtls_mutex_unlock( &heap.mutex ) ) - return( NULL ); - return( buf ); + if (mbedtls_mutex_lock(&heap.mutex) != 0) { + return NULL; + } + buf = buffer_alloc_calloc(n, size); + if (mbedtls_mutex_unlock(&heap.mutex)) { + return NULL; + } + return buf; } -static void buffer_alloc_free_mutexed( void *ptr ) +static void buffer_alloc_free_mutexed(void *ptr) { /* We have no good option here, but corrupting the heap seems * worse than losing memory. */ - if( mbedtls_mutex_lock( &heap.mutex ) ) + if (mbedtls_mutex_lock(&heap.mutex)) { return; - buffer_alloc_free( ptr ); - (void) mbedtls_mutex_unlock( &heap.mutex ); + } + buffer_alloc_free(ptr); + (void) mbedtls_mutex_unlock(&heap.mutex); } #endif /* MBEDTLS_THREADING_C */ -void mbedtls_memory_buffer_alloc_init( unsigned char *buf, size_t len ) +void mbedtls_memory_buffer_alloc_init(unsigned char *buf, size_t len) { - memset( &heap, 0, sizeof( buffer_alloc_ctx ) ); + memset(&heap, 0, sizeof(buffer_alloc_ctx)); #if defined(MBEDTLS_THREADING_C) - mbedtls_mutex_init( &heap.mutex ); - mbedtls_platform_set_calloc_free( buffer_alloc_calloc_mutexed, - buffer_alloc_free_mutexed ); + mbedtls_mutex_init(&heap.mutex); + mbedtls_platform_set_calloc_free(buffer_alloc_calloc_mutexed, + buffer_alloc_free_mutexed); #else - mbedtls_platform_set_calloc_free( buffer_alloc_calloc, buffer_alloc_free ); + mbedtls_platform_set_calloc_free(buffer_alloc_calloc, buffer_alloc_free); #endif - if( len < sizeof( memory_header ) + MBEDTLS_MEMORY_ALIGN_MULTIPLE ) + if (len < sizeof(memory_header) + MBEDTLS_MEMORY_ALIGN_MULTIPLE) { return; - else if( (size_t)buf % MBEDTLS_MEMORY_ALIGN_MULTIPLE ) - { + } else if ((size_t) buf % MBEDTLS_MEMORY_ALIGN_MULTIPLE) { /* Adjust len first since buf is used in the computation */ len -= MBEDTLS_MEMORY_ALIGN_MULTIPLE - - (size_t)buf % MBEDTLS_MEMORY_ALIGN_MULTIPLE; + - (size_t) buf % MBEDTLS_MEMORY_ALIGN_MULTIPLE; buf += MBEDTLS_MEMORY_ALIGN_MULTIPLE - - (size_t)buf % MBEDTLS_MEMORY_ALIGN_MULTIPLE; + - (size_t) buf % MBEDTLS_MEMORY_ALIGN_MULTIPLE; } - memset( buf, 0, len ); + memset(buf, 0, len); heap.buf = buf; heap.len = len; - heap.first = (memory_header *)buf; - heap.first->size = len - sizeof( memory_header ); + heap.first = (memory_header *) buf; + heap.first->size = len - sizeof(memory_header); heap.first->magic1 = MAGIC1; heap.first->magic2 = MAGIC2; heap.first_free = heap.first; } -void mbedtls_memory_buffer_alloc_free( void ) +void mbedtls_memory_buffer_alloc_free(void) { #if defined(MBEDTLS_THREADING_C) - mbedtls_mutex_free( &heap.mutex ); + mbedtls_mutex_free(&heap.mutex); #endif - mbedtls_platform_zeroize( &heap, sizeof(buffer_alloc_ctx) ); + mbedtls_platform_zeroize(&heap, sizeof(buffer_alloc_ctx)); } #if defined(MBEDTLS_SELF_TEST) -static int check_pointer( void *p ) +static int check_pointer(void *p) { - if( p == NULL ) - return( -1 ); + if (p == NULL) { + return -1; + } - if( (size_t) p % MBEDTLS_MEMORY_ALIGN_MULTIPLE != 0 ) - return( -1 ); + if ((size_t) p % MBEDTLS_MEMORY_ALIGN_MULTIPLE != 0) { + return -1; + } - return( 0 ); + return 0; } -static int check_all_free( void ) +static int check_all_free(void) { - if( + if ( #if defined(MBEDTLS_MEMORY_DEBUG) heap.total_used != 0 || #endif heap.first != heap.first_free || - (void *) heap.first != (void *) heap.buf ) - { - return( -1 ); + (void *) heap.first != (void *) heap.buf) { + return -1; } - return( 0 ); + return 0; } -#define TEST_ASSERT( condition ) \ - if( ! (condition) ) \ +#define TEST_ASSERT(condition) \ + if (!(condition)) \ { \ - if( verbose != 0 ) \ - mbedtls_printf( "failed\n" ); \ + if (verbose != 0) \ + mbedtls_printf("failed\n"); \ \ ret = 1; \ goto cleanup; \ } -int mbedtls_memory_buffer_alloc_self_test( int verbose ) +int mbedtls_memory_buffer_alloc_self_test(int verbose) { unsigned char buf[1024]; unsigned char *p, *q, *r, *end; int ret = 0; - if( verbose != 0 ) - mbedtls_printf( " MBA test #1 (basic alloc-free cycle): " ); + if (verbose != 0) { + mbedtls_printf(" MBA test #1 (basic alloc-free cycle): "); + } - mbedtls_memory_buffer_alloc_init( buf, sizeof( buf ) ); + mbedtls_memory_buffer_alloc_init(buf, sizeof(buf)); - p = mbedtls_calloc( 1, 1 ); - q = mbedtls_calloc( 1, 128 ); - r = mbedtls_calloc( 1, 16 ); + p = mbedtls_calloc(1, 1); + q = mbedtls_calloc(1, 128); + r = mbedtls_calloc(1, 16); - TEST_ASSERT( check_pointer( p ) == 0 && - check_pointer( q ) == 0 && - check_pointer( r ) == 0 ); + TEST_ASSERT(check_pointer(p) == 0 && + check_pointer(q) == 0 && + check_pointer(r) == 0); - mbedtls_free( r ); - mbedtls_free( q ); - mbedtls_free( p ); + mbedtls_free(r); + mbedtls_free(q); + mbedtls_free(p); - TEST_ASSERT( check_all_free( ) == 0 ); + TEST_ASSERT(check_all_free() == 0); /* Memorize end to compare with the next test */ end = heap.buf + heap.len; - mbedtls_memory_buffer_alloc_free( ); + mbedtls_memory_buffer_alloc_free(); - if( verbose != 0 ) - mbedtls_printf( "passed\n" ); + if (verbose != 0) { + mbedtls_printf("passed\n"); + } - if( verbose != 0 ) - mbedtls_printf( " MBA test #2 (buf not aligned): " ); + if (verbose != 0) { + mbedtls_printf(" MBA test #2 (buf not aligned): "); + } - mbedtls_memory_buffer_alloc_init( buf + 1, sizeof( buf ) - 1 ); + mbedtls_memory_buffer_alloc_init(buf + 1, sizeof(buf) - 1); - TEST_ASSERT( heap.buf + heap.len == end ); + TEST_ASSERT(heap.buf + heap.len == end); - p = mbedtls_calloc( 1, 1 ); - q = mbedtls_calloc( 1, 128 ); - r = mbedtls_calloc( 1, 16 ); + p = mbedtls_calloc(1, 1); + q = mbedtls_calloc(1, 128); + r = mbedtls_calloc(1, 16); - TEST_ASSERT( check_pointer( p ) == 0 && - check_pointer( q ) == 0 && - check_pointer( r ) == 0 ); + TEST_ASSERT(check_pointer(p) == 0 && + check_pointer(q) == 0 && + check_pointer(r) == 0); - mbedtls_free( r ); - mbedtls_free( q ); - mbedtls_free( p ); + mbedtls_free(r); + mbedtls_free(q); + mbedtls_free(p); - TEST_ASSERT( check_all_free( ) == 0 ); + TEST_ASSERT(check_all_free() == 0); - mbedtls_memory_buffer_alloc_free( ); + mbedtls_memory_buffer_alloc_free(); - if( verbose != 0 ) - mbedtls_printf( "passed\n" ); + if (verbose != 0) { + mbedtls_printf("passed\n"); + } - if( verbose != 0 ) - mbedtls_printf( " MBA test #3 (full): " ); + if (verbose != 0) { + mbedtls_printf(" MBA test #3 (full): "); + } - mbedtls_memory_buffer_alloc_init( buf, sizeof( buf ) ); + mbedtls_memory_buffer_alloc_init(buf, sizeof(buf)); - p = mbedtls_calloc( 1, sizeof( buf ) - sizeof( memory_header ) ); + p = mbedtls_calloc(1, sizeof(buf) - sizeof(memory_header)); - TEST_ASSERT( check_pointer( p ) == 0 ); - TEST_ASSERT( mbedtls_calloc( 1, 1 ) == NULL ); + TEST_ASSERT(check_pointer(p) == 0); + TEST_ASSERT(mbedtls_calloc(1, 1) == NULL); - mbedtls_free( p ); + mbedtls_free(p); - p = mbedtls_calloc( 1, sizeof( buf ) - 2 * sizeof( memory_header ) - 16 ); - q = mbedtls_calloc( 1, 16 ); + p = mbedtls_calloc(1, sizeof(buf) - 2 * sizeof(memory_header) - 16); + q = mbedtls_calloc(1, 16); - TEST_ASSERT( check_pointer( p ) == 0 && check_pointer( q ) == 0 ); - TEST_ASSERT( mbedtls_calloc( 1, 1 ) == NULL ); + TEST_ASSERT(check_pointer(p) == 0 && check_pointer(q) == 0); + TEST_ASSERT(mbedtls_calloc(1, 1) == NULL); - mbedtls_free( q ); + mbedtls_free(q); - TEST_ASSERT( mbedtls_calloc( 1, 17 ) == NULL ); + TEST_ASSERT(mbedtls_calloc(1, 17) == NULL); - mbedtls_free( p ); + mbedtls_free(p); - TEST_ASSERT( check_all_free( ) == 0 ); + TEST_ASSERT(check_all_free() == 0); - mbedtls_memory_buffer_alloc_free( ); + mbedtls_memory_buffer_alloc_free(); - if( verbose != 0 ) - mbedtls_printf( "passed\n" ); + if (verbose != 0) { + mbedtls_printf("passed\n"); + } cleanup: - mbedtls_memory_buffer_alloc_free( ); + mbedtls_memory_buffer_alloc_free(); - return( ret ); + return ret; } #endif /* MBEDTLS_SELF_TEST */ diff --git a/thirdparty/mbedtls/library/mps_common.h b/thirdparty/mbedtls/library/mps_common.h index 668876ccfc..4a10176bd5 100644 --- a/thirdparty/mbedtls/library/mps_common.h +++ b/thirdparty/mbedtls/library/mps_common.h @@ -99,41 +99,41 @@ #if defined(MBEDTLS_MPS_STATE_VALIDATION) -#define MBEDTLS_MPS_STATE_VALIDATE_RAW( cond, string ) \ +#define MBEDTLS_MPS_STATE_VALIDATE_RAW(cond, string) \ do \ { \ - if( !(cond) ) \ + if (!(cond)) \ { \ - MBEDTLS_MPS_TRACE( MBEDTLS_MPS_TRACE_TYPE_ERROR, string ); \ - MBEDTLS_MPS_TRACE_RETURN( MBEDTLS_ERR_MPS_OPERATION_UNEXPECTED ); \ + MBEDTLS_MPS_TRACE(MBEDTLS_MPS_TRACE_TYPE_ERROR, string); \ + MBEDTLS_MPS_TRACE_RETURN(MBEDTLS_ERR_MPS_OPERATION_UNEXPECTED); \ } \ - } while( 0 ) + } while (0) #else /* MBEDTLS_MPS_STATE_VALIDATION */ -#define MBEDTLS_MPS_STATE_VALIDATE_RAW( cond, string ) \ +#define MBEDTLS_MPS_STATE_VALIDATE_RAW(cond, string) \ do \ { \ - ( cond ); \ - } while( 0 ) + (cond); \ + } while (0) #endif /* MBEDTLS_MPS_STATE_VALIDATION */ #if defined(MBEDTLS_MPS_ENABLE_ASSERTIONS) -#define MBEDTLS_MPS_ASSERT_RAW( cond, string ) \ +#define MBEDTLS_MPS_ASSERT_RAW(cond, string) \ do \ { \ - if( !(cond) ) \ + if (!(cond)) \ { \ - MBEDTLS_MPS_TRACE( MBEDTLS_MPS_TRACE_TYPE_ERROR, string ); \ - MBEDTLS_MPS_TRACE_RETURN( MBEDTLS_ERR_MPS_INTERNAL_ERROR ); \ + MBEDTLS_MPS_TRACE(MBEDTLS_MPS_TRACE_TYPE_ERROR, string); \ + MBEDTLS_MPS_TRACE_RETURN(MBEDTLS_ERR_MPS_INTERNAL_ERROR); \ } \ - } while( 0 ) + } while (0) #else /* MBEDTLS_MPS_ENABLE_ASSERTIONS */ -#define MBEDTLS_MPS_ASSERT_RAW( cond, string ) do {} while( 0 ) +#define MBEDTLS_MPS_ASSERT_RAW(cond, string) do {} while (0) #endif /* MBEDTLS_MPS_ENABLE_ASSERTIONS */ @@ -169,7 +169,7 @@ * */ typedef size_t mbedtls_mps_stored_size_t; -#define MBEDTLS_MPS_STORED_SIZE_MAX ( (mbedtls_mps_stored_size_t) -1 ) +#define MBEDTLS_MPS_STORED_SIZE_MAX ((mbedtls_mps_stored_size_t) -1) /** \brief The type of buffer sizes and offsets used in the MPS API * and implementation. @@ -183,7 +183,7 @@ typedef size_t mbedtls_mps_stored_size_t; * so almost 10%. */ typedef size_t mbedtls_mps_size_t; -#define MBEDTLS_MPS_SIZE_MAX ( (mbedtls_mps_size_t) -1 ) +#define MBEDTLS_MPS_SIZE_MAX ((mbedtls_mps_size_t) -1) #if MBEDTLS_MPS_STORED_SIZE_MAX > MBEDTLS_MPS_SIZE_MAX #error "Misconfiguration of mbedtls_mps_size_t and mbedtls_mps_stored_size_t." diff --git a/thirdparty/mbedtls/library/mps_error.h b/thirdparty/mbedtls/library/mps_error.h index f78d9a05f1..15570d2384 100644 --- a/thirdparty/mbedtls/library/mps_error.h +++ b/thirdparty/mbedtls/library/mps_error.h @@ -45,14 +45,14 @@ */ #ifndef MBEDTLS_MPS_ERR_BASE -#define MBEDTLS_MPS_ERR_BASE ( 0 ) +#define MBEDTLS_MPS_ERR_BASE (0) #endif #define MBEDTLS_MPS_MAKE_ERROR(code) \ - ( -( MBEDTLS_MPS_ERR_BASE | (code) ) ) + (-(MBEDTLS_MPS_ERR_BASE | (code))) -#define MBEDTLS_ERR_MPS_OPERATION_UNEXPECTED MBEDTLS_MPS_MAKE_ERROR( 0x1 ) -#define MBEDTLS_ERR_MPS_INTERNAL_ERROR MBEDTLS_MPS_MAKE_ERROR( 0x2 ) +#define MBEDTLS_ERR_MPS_OPERATION_UNEXPECTED MBEDTLS_MPS_MAKE_ERROR(0x1) +#define MBEDTLS_ERR_MPS_INTERNAL_ERROR MBEDTLS_MPS_MAKE_ERROR(0x2) /* \} name SECTION: MPS general error codes */ @@ -63,40 +63,40 @@ */ #ifndef MBEDTLS_MPS_READER_ERR_BASE -#define MBEDTLS_MPS_READER_ERR_BASE ( 1 << 8 ) +#define MBEDTLS_MPS_READER_ERR_BASE (1 << 8) #endif #define MBEDTLS_MPS_READER_MAKE_ERROR(code) \ - ( -( MBEDTLS_MPS_READER_ERR_BASE | (code) ) ) + (-(MBEDTLS_MPS_READER_ERR_BASE | (code))) /*! An attempt to reclaim the data buffer from a reader failed because * the user hasn't yet read and committed all of it. */ -#define MBEDTLS_ERR_MPS_READER_DATA_LEFT MBEDTLS_MPS_READER_MAKE_ERROR( 0x1 ) +#define MBEDTLS_ERR_MPS_READER_DATA_LEFT MBEDTLS_MPS_READER_MAKE_ERROR(0x1) /*! An invalid argument was passed to the reader. */ -#define MBEDTLS_ERR_MPS_READER_INVALID_ARG MBEDTLS_MPS_READER_MAKE_ERROR( 0x2 ) +#define MBEDTLS_ERR_MPS_READER_INVALID_ARG MBEDTLS_MPS_READER_MAKE_ERROR(0x2) /*! An attempt to move a reader to consuming mode through mbedtls_mps_reader_feed() * after pausing failed because the provided data is not sufficient to serve the * read requests that led to the pausing. */ -#define MBEDTLS_ERR_MPS_READER_NEED_MORE MBEDTLS_MPS_READER_MAKE_ERROR( 0x3 ) +#define MBEDTLS_ERR_MPS_READER_NEED_MORE MBEDTLS_MPS_READER_MAKE_ERROR(0x3) /*! A get request failed because not enough data is available in the reader. */ -#define MBEDTLS_ERR_MPS_READER_OUT_OF_DATA MBEDTLS_MPS_READER_MAKE_ERROR( 0x4 ) +#define MBEDTLS_ERR_MPS_READER_OUT_OF_DATA MBEDTLS_MPS_READER_MAKE_ERROR(0x4) /*!< A get request after pausing and reactivating the reader failed because * the request is not in line with the request made prior to pausing. The user * must not change it's 'strategy' after pausing and reactivating a reader. */ -#define MBEDTLS_ERR_MPS_READER_INCONSISTENT_REQUESTS MBEDTLS_MPS_READER_MAKE_ERROR( 0x5 ) +#define MBEDTLS_ERR_MPS_READER_INCONSISTENT_REQUESTS MBEDTLS_MPS_READER_MAKE_ERROR(0x5) /*! An attempt to reclaim the data buffer from a reader failed because the reader * has no accumulator it can use to backup the data that hasn't been processed. */ -#define MBEDTLS_ERR_MPS_READER_NEED_ACCUMULATOR MBEDTLS_MPS_READER_MAKE_ERROR( 0x6 ) +#define MBEDTLS_ERR_MPS_READER_NEED_ACCUMULATOR MBEDTLS_MPS_READER_MAKE_ERROR(0x6) /*! An attempt to reclaim the data buffer from a reader failed because the * accumulator passed to the reader is not large enough to hold both the * data that hasn't been processed and the excess of the last read-request. */ -#define MBEDTLS_ERR_MPS_READER_ACCUMULATOR_TOO_SMALL MBEDTLS_MPS_READER_MAKE_ERROR( 0x7 ) +#define MBEDTLS_ERR_MPS_READER_ACCUMULATOR_TOO_SMALL MBEDTLS_MPS_READER_MAKE_ERROR(0x7) /* \} name SECTION: MPS Reader error codes */ diff --git a/thirdparty/mbedtls/library/mps_reader.c b/thirdparty/mbedtls/library/mps_reader.c index 0c30a75d05..75c563add2 100644 --- a/thirdparty/mbedtls/library/mps_reader.c +++ b/thirdparty/mbedtls/library/mps_reader.c @@ -67,54 +67,56 @@ static int mbedtls_mps_trace_id = MBEDTLS_MPS_TRACE_BIT_READER; */ static inline int mps_reader_is_accumulating( - mbedtls_mps_reader const *rd ) + mbedtls_mps_reader const *rd) { mbedtls_mps_size_t acc_remaining; - if( rd->acc == NULL ) - return( 0 ); + if (rd->acc == NULL) { + return 0; + } acc_remaining = rd->acc_share.acc_remaining; - return( acc_remaining > 0 ); + return acc_remaining > 0; } static inline int mps_reader_is_producing( - mbedtls_mps_reader const *rd ) + mbedtls_mps_reader const *rd) { unsigned char *frag = rd->frag; - return( frag == NULL ); + return frag == NULL; } static inline int mps_reader_is_consuming( - mbedtls_mps_reader const *rd ) + mbedtls_mps_reader const *rd) { - return( !mps_reader_is_producing( rd ) ); + return !mps_reader_is_producing(rd); } static inline mbedtls_mps_size_t mps_reader_get_fragment_offset( - mbedtls_mps_reader const *rd ) + mbedtls_mps_reader const *rd) { unsigned char *acc = rd->acc; mbedtls_mps_size_t frag_offset; - if( acc == NULL ) - return( 0 ); + if (acc == NULL) { + return 0; + } frag_offset = rd->acc_share.frag_offset; - return( frag_offset ); + return frag_offset; } static inline mbedtls_mps_size_t mps_reader_serving_from_accumulator( - mbedtls_mps_reader const *rd ) + mbedtls_mps_reader const *rd) { mbedtls_mps_size_t frag_offset, end; - frag_offset = mps_reader_get_fragment_offset( rd ); + frag_offset = mps_reader_get_fragment_offset(rd); end = rd->end; - return( end < frag_offset ); + return end < frag_offset; } -static inline void mps_reader_zero( mbedtls_mps_reader *rd ) +static inline void mps_reader_zero(mbedtls_mps_reader *rd) { /* A plain memset() would likely be more efficient, * but the current way of zeroing makes it harder @@ -123,56 +125,56 @@ static inline void mps_reader_zero( mbedtls_mps_reader *rd ) * doesn't require reasoning about structs being * interpreted as unstructured binary blobs. */ static mbedtls_mps_reader const zero = - { .frag = NULL, - .frag_len = 0, - .commit = 0, - .end = 0, - .pending = 0, - .acc = NULL, - .acc_len = 0, - .acc_available = 0, - .acc_share = { .acc_remaining = 0 } - }; + { .frag = NULL, + .frag_len = 0, + .commit = 0, + .end = 0, + .pending = 0, + .acc = NULL, + .acc_len = 0, + .acc_available = 0, + .acc_share = { .acc_remaining = 0 } }; *rd = zero; } -int mbedtls_mps_reader_init( mbedtls_mps_reader *rd, - unsigned char *acc, - mbedtls_mps_size_t acc_len ) +int mbedtls_mps_reader_init(mbedtls_mps_reader *rd, + unsigned char *acc, + mbedtls_mps_size_t acc_len) { - MBEDTLS_MPS_TRACE_INIT( "mbedtls_mps_reader_init" ); - MBEDTLS_MPS_TRACE( MBEDTLS_MPS_TRACE_TYPE_COMMENT, - "* Accumulator size: %u bytes", (unsigned) acc_len ); - mps_reader_zero( rd ); + MBEDTLS_MPS_TRACE_INIT("mbedtls_mps_reader_init"); + MBEDTLS_MPS_TRACE(MBEDTLS_MPS_TRACE_TYPE_COMMENT, + "* Accumulator size: %u bytes", (unsigned) acc_len); + mps_reader_zero(rd); rd->acc = acc; rd->acc_len = acc_len; - MBEDTLS_MPS_TRACE_RETURN( 0 ); + MBEDTLS_MPS_TRACE_RETURN(0); } -int mbedtls_mps_reader_free( mbedtls_mps_reader *rd ) +int mbedtls_mps_reader_free(mbedtls_mps_reader *rd) { - MBEDTLS_MPS_TRACE_INIT( "mbedtls_mps_reader_free" ); - mps_reader_zero( rd ); - MBEDTLS_MPS_TRACE_RETURN( 0 ); + MBEDTLS_MPS_TRACE_INIT("mbedtls_mps_reader_free"); + mps_reader_zero(rd); + MBEDTLS_MPS_TRACE_RETURN(0); } -int mbedtls_mps_reader_feed( mbedtls_mps_reader *rd, - unsigned char *new_frag, - mbedtls_mps_size_t new_frag_len ) +int mbedtls_mps_reader_feed(mbedtls_mps_reader *rd, + unsigned char *new_frag, + mbedtls_mps_size_t new_frag_len) { mbedtls_mps_size_t copy_to_acc; - MBEDTLS_MPS_TRACE_INIT( "mbedtls_mps_reader_feed" ); - MBEDTLS_MPS_TRACE( MBEDTLS_MPS_TRACE_TYPE_COMMENT, - "* Fragment length: %u bytes", (unsigned) new_frag_len ); + MBEDTLS_MPS_TRACE_INIT("mbedtls_mps_reader_feed"); + MBEDTLS_MPS_TRACE(MBEDTLS_MPS_TRACE_TYPE_COMMENT, + "* Fragment length: %u bytes", (unsigned) new_frag_len); - if( new_frag == NULL ) - MBEDTLS_MPS_TRACE_RETURN( MBEDTLS_ERR_MPS_READER_INVALID_ARG ); + if (new_frag == NULL) { + MBEDTLS_MPS_TRACE_RETURN(MBEDTLS_ERR_MPS_READER_INVALID_ARG); + } - MBEDTLS_MPS_STATE_VALIDATE_RAW( mps_reader_is_producing( rd ), - "mbedtls_mps_reader_feed() requires reader to be in producing mode" ); + MBEDTLS_MPS_STATE_VALIDATE_RAW(mps_reader_is_producing( + rd), + "mbedtls_mps_reader_feed() requires reader to be in producing mode"); - if( mps_reader_is_accumulating( rd ) ) - { + if (mps_reader_is_accumulating(rd)) { unsigned char *acc = rd->acc; mbedtls_mps_size_t acc_remaining = rd->acc_share.acc_remaining; mbedtls_mps_size_t acc_available = rd->acc_available; @@ -181,39 +183,38 @@ int mbedtls_mps_reader_feed( mbedtls_mps_reader *rd, acc += acc_available; copy_to_acc = acc_remaining; - if( copy_to_acc > new_frag_len ) + if (copy_to_acc > new_frag_len) { copy_to_acc = new_frag_len; + } /* Copy new contents to accumulator. */ - memcpy( acc, new_frag, copy_to_acc ); + memcpy(acc, new_frag, copy_to_acc); - MBEDTLS_MPS_TRACE( MBEDTLS_MPS_TRACE_TYPE_COMMENT, - "Copy new data of size %u of %u into accumulator at offset %u", - (unsigned) copy_to_acc, (unsigned) new_frag_len, (unsigned) acc_available ); + MBEDTLS_MPS_TRACE(MBEDTLS_MPS_TRACE_TYPE_COMMENT, + "Copy new data of size %u of %u into accumulator at offset %u", + (unsigned) copy_to_acc, (unsigned) new_frag_len, + (unsigned) acc_available); /* Check if, with the new fragment, we have enough data. */ acc_remaining -= copy_to_acc; - if( acc_remaining > 0 ) - { + if (acc_remaining > 0) { /* We need to accumulate more data. Stay in producing mode. */ acc_available += copy_to_acc; rd->acc_share.acc_remaining = acc_remaining; rd->acc_available = acc_available; - MBEDTLS_MPS_TRACE_RETURN( MBEDTLS_ERR_MPS_READER_NEED_MORE ); + MBEDTLS_MPS_TRACE_RETURN(MBEDTLS_ERR_MPS_READER_NEED_MORE); } /* We have filled the accumulator: Move to consuming mode. */ - MBEDTLS_MPS_TRACE( MBEDTLS_MPS_TRACE_TYPE_COMMENT, - "Enough data available to serve user request" ); + MBEDTLS_MPS_TRACE(MBEDTLS_MPS_TRACE_TYPE_COMMENT, + "Enough data available to serve user request"); /* Remember overlap of accumulator and fragment. */ rd->acc_share.frag_offset = acc_available; acc_available += copy_to_acc; rd->acc_available = acc_available; - } - else /* Not accumulating */ - { + } else { /* Not accumulating */ rd->acc_share.frag_offset = 0; } @@ -221,30 +222,30 @@ int mbedtls_mps_reader_feed( mbedtls_mps_reader *rd, rd->frag_len = new_frag_len; rd->commit = 0; rd->end = 0; - MBEDTLS_MPS_TRACE_RETURN( 0 ); + MBEDTLS_MPS_TRACE_RETURN(0); } -int mbedtls_mps_reader_get( mbedtls_mps_reader *rd, - mbedtls_mps_size_t desired, - unsigned char **buffer, - mbedtls_mps_size_t *buflen ) +int mbedtls_mps_reader_get(mbedtls_mps_reader *rd, + mbedtls_mps_size_t desired, + unsigned char **buffer, + mbedtls_mps_size_t *buflen) { unsigned char *frag; mbedtls_mps_size_t frag_len, frag_offset, end, frag_fetched, frag_remaining; - MBEDTLS_MPS_TRACE_INIT( "mbedtls_mps_reader_get" ); - MBEDTLS_MPS_TRACE( MBEDTLS_MPS_TRACE_TYPE_COMMENT, - "* Bytes requested: %u", (unsigned) desired ); + MBEDTLS_MPS_TRACE_INIT("mbedtls_mps_reader_get"); + MBEDTLS_MPS_TRACE(MBEDTLS_MPS_TRACE_TYPE_COMMENT, + "* Bytes requested: %u", (unsigned) desired); - MBEDTLS_MPS_STATE_VALIDATE_RAW( mps_reader_is_consuming( rd ), - "mbedtls_mps_reader_get() requires reader to be in consuming mode" ); + MBEDTLS_MPS_STATE_VALIDATE_RAW(mps_reader_is_consuming( + rd), + "mbedtls_mps_reader_get() requires reader to be in consuming mode"); end = rd->end; - frag_offset = mps_reader_get_fragment_offset( rd ); + frag_offset = mps_reader_get_fragment_offset(rd); /* Check if we're still serving from the accumulator. */ - if( mps_reader_serving_from_accumulator( rd ) ) - { + if (mps_reader_serving_from_accumulator(rd)) { /* Illustration of supported and unsupported cases: * * - Allowed #1 @@ -310,14 +311,12 @@ int mbedtls_mps_reader_get( mbedtls_mps_reader *rd, unsigned char *acc; - MBEDTLS_MPS_TRACE( MBEDTLS_MPS_TRACE_TYPE_COMMENT, - "Serve the request from the accumulator" ); - if( frag_offset - end < desired ) - { + MBEDTLS_MPS_TRACE(MBEDTLS_MPS_TRACE_TYPE_COMMENT, + "Serve the request from the accumulator"); + if (frag_offset - end < desired) { mbedtls_mps_size_t acc_available; acc_available = rd->acc_available; - if( acc_available - end != desired ) - { + if (acc_available - end != desired) { /* It might be possible to serve some of these situations by * making additional space in the accumulator, removing those * parts that have already been committed. @@ -329,7 +328,7 @@ int mbedtls_mps_reader_get( mbedtls_mps_reader *rd, * the library, this check is a good opportunity to * validate this. */ MBEDTLS_MPS_TRACE_RETURN( - MBEDTLS_ERR_MPS_READER_INCONSISTENT_REQUESTS ); + MBEDTLS_ERR_MPS_READER_INCONSISTENT_REQUESTS); } } @@ -337,19 +336,20 @@ int mbedtls_mps_reader_get( mbedtls_mps_reader *rd, acc += end; *buffer = acc; - if( buflen != NULL ) + if (buflen != NULL) { *buflen = desired; + } end += desired; rd->end = end; rd->pending = 0; - MBEDTLS_MPS_TRACE_RETURN( 0 ); + MBEDTLS_MPS_TRACE_RETURN(0); } /* Attempt to serve the request from the current fragment */ - MBEDTLS_MPS_TRACE( MBEDTLS_MPS_TRACE_TYPE_COMMENT, - "Serve the request from the current fragment." ); + MBEDTLS_MPS_TRACE(MBEDTLS_MPS_TRACE_TYPE_COMMENT, + "Serve the request from the current fragment."); frag_len = rd->frag_len; frag_fetched = end - frag_offset; /* The amount of data from the current @@ -358,23 +358,20 @@ int mbedtls_mps_reader_get( mbedtls_mps_reader *rd, frag_remaining = frag_len - frag_fetched; /* Remaining data in fragment */ /* Check if we can serve the read request from the fragment. */ - if( frag_remaining < desired ) - { - MBEDTLS_MPS_TRACE( MBEDTLS_MPS_TRACE_TYPE_COMMENT, - "There's not enough data in the current fragment " - "to serve the request." ); + if (frag_remaining < desired) { + MBEDTLS_MPS_TRACE(MBEDTLS_MPS_TRACE_TYPE_COMMENT, + "There's not enough data in the current fragment " + "to serve the request."); /* There's not enough data in the current fragment, * so either just RETURN what we have or fail. */ - if( buflen == NULL ) - { - if( frag_remaining > 0 ) - { + if (buflen == NULL) { + if (frag_remaining > 0) { rd->pending = desired - frag_remaining; - MBEDTLS_MPS_TRACE( MBEDTLS_MPS_TRACE_TYPE_COMMENT, - "Remember to collect %u bytes before re-opening", - (unsigned) rd->pending ); + MBEDTLS_MPS_TRACE(MBEDTLS_MPS_TRACE_TYPE_COMMENT, + "Remember to collect %u bytes before re-opening", + (unsigned) rd->pending); } - MBEDTLS_MPS_TRACE_RETURN( MBEDTLS_ERR_MPS_READER_OUT_OF_DATA ); + MBEDTLS_MPS_TRACE_RETURN(MBEDTLS_ERR_MPS_READER_OUT_OF_DATA); } desired = frag_remaining; @@ -387,41 +384,45 @@ int mbedtls_mps_reader_get( mbedtls_mps_reader *rd, frag += frag_fetched; *buffer = frag; - if( buflen != NULL ) + if (buflen != NULL) { *buflen = desired; + } end += desired; rd->end = end; rd->pending = 0; - MBEDTLS_MPS_TRACE_RETURN( 0 ); + MBEDTLS_MPS_TRACE_RETURN(0); } -int mbedtls_mps_reader_commit( mbedtls_mps_reader *rd ) +int mbedtls_mps_reader_commit(mbedtls_mps_reader *rd) { mbedtls_mps_size_t end; - MBEDTLS_MPS_TRACE_INIT( "mbedtls_mps_reader_commit" ); - MBEDTLS_MPS_STATE_VALIDATE_RAW( mps_reader_is_consuming( rd ), - "mbedtls_mps_reader_commit() requires reader to be in consuming mode" ); + MBEDTLS_MPS_TRACE_INIT("mbedtls_mps_reader_commit"); + MBEDTLS_MPS_STATE_VALIDATE_RAW(mps_reader_is_consuming( + rd), + "mbedtls_mps_reader_commit() requires reader to be in consuming mode"); end = rd->end; rd->commit = end; - MBEDTLS_MPS_TRACE_RETURN( 0 ); + MBEDTLS_MPS_TRACE_RETURN(0); } -int mbedtls_mps_reader_reclaim( mbedtls_mps_reader *rd, - int *paused ) +int mbedtls_mps_reader_reclaim(mbedtls_mps_reader *rd, + int *paused) { unsigned char *frag, *acc; mbedtls_mps_size_t pending, commit; mbedtls_mps_size_t acc_len, frag_offset, frag_len; - MBEDTLS_MPS_TRACE_INIT( "mbedtls_mps_reader_reclaim" ); + MBEDTLS_MPS_TRACE_INIT("mbedtls_mps_reader_reclaim"); - if( paused != NULL ) + if (paused != NULL) { *paused = 0; + } - MBEDTLS_MPS_STATE_VALIDATE_RAW( mps_reader_is_consuming( rd ), - "mbedtls_mps_reader_reclaim() requires reader to be in consuming mode" ); + MBEDTLS_MPS_STATE_VALIDATE_RAW(mps_reader_is_consuming( + rd), + "mbedtls_mps_reader_reclaim() requires reader to be in consuming mode"); frag = rd->frag; acc = rd->acc; @@ -429,30 +430,26 @@ int mbedtls_mps_reader_reclaim( mbedtls_mps_reader *rd, commit = rd->commit; frag_len = rd->frag_len; - frag_offset = mps_reader_get_fragment_offset( rd ); + frag_offset = mps_reader_get_fragment_offset(rd); - if( pending == 0 ) - { - MBEDTLS_MPS_TRACE( MBEDTLS_MPS_TRACE_TYPE_COMMENT, - "No unsatisfied read-request has been logged." ); + if (pending == 0) { + MBEDTLS_MPS_TRACE(MBEDTLS_MPS_TRACE_TYPE_COMMENT, + "No unsatisfied read-request has been logged."); /* Check if there's data left to be consumed. */ - if( commit < frag_offset || commit - frag_offset < frag_len ) - { - MBEDTLS_MPS_TRACE( MBEDTLS_MPS_TRACE_TYPE_COMMENT, - "There is data left to be consumed." ); + if (commit < frag_offset || commit - frag_offset < frag_len) { + MBEDTLS_MPS_TRACE(MBEDTLS_MPS_TRACE_TYPE_COMMENT, + "There is data left to be consumed."); rd->end = commit; - MBEDTLS_MPS_TRACE_RETURN( MBEDTLS_ERR_MPS_READER_DATA_LEFT ); + MBEDTLS_MPS_TRACE_RETURN(MBEDTLS_ERR_MPS_READER_DATA_LEFT); } rd->acc_available = 0; rd->acc_share.acc_remaining = 0; - MBEDTLS_MPS_TRACE( MBEDTLS_MPS_TRACE_TYPE_COMMENT, - "Fragment has been fully processed and committed." ); - } - else - { + MBEDTLS_MPS_TRACE(MBEDTLS_MPS_TRACE_TYPE_COMMENT, + "Fragment has been fully processed and committed."); + } else { int overflow; mbedtls_mps_size_t acc_backup_offset; @@ -463,31 +460,27 @@ int mbedtls_mps_reader_reclaim( mbedtls_mps_reader *rd, mbedtls_mps_size_t backup_len; mbedtls_mps_size_t acc_len_needed; - MBEDTLS_MPS_TRACE( MBEDTLS_MPS_TRACE_TYPE_COMMENT, - "There has been an unsatisfied read with %u bytes overhead.", - (unsigned) pending ); + MBEDTLS_MPS_TRACE(MBEDTLS_MPS_TRACE_TYPE_COMMENT, + "There has been an unsatisfied read with %u bytes overhead.", + (unsigned) pending); - if( acc == NULL ) - { - MBEDTLS_MPS_TRACE( MBEDTLS_MPS_TRACE_TYPE_COMMENT, - "No accumulator present" ); + if (acc == NULL) { + MBEDTLS_MPS_TRACE(MBEDTLS_MPS_TRACE_TYPE_COMMENT, + "No accumulator present"); MBEDTLS_MPS_TRACE_RETURN( - MBEDTLS_ERR_MPS_READER_NEED_ACCUMULATOR ); + MBEDTLS_ERR_MPS_READER_NEED_ACCUMULATOR); } acc_len = rd->acc_len; /* Check if the upper layer has already fetched * and committed the contents of the accumulator. */ - if( commit < frag_offset ) - { + if (commit < frag_offset) { /* No, accumulator is still being processed. */ frag_backup_offset = 0; frag_backup_len = frag_len; acc_backup_offset = commit; acc_backup_len = frag_offset - commit; - } - else - { + } else { /* Yes, the accumulator is already processed. */ frag_backup_offset = commit - frag_offset; frag_backup_len = frag_len - frag_backup_offset; @@ -499,47 +492,47 @@ int mbedtls_mps_reader_reclaim( mbedtls_mps_reader *rd, acc_len_needed = backup_len + pending; overflow = 0; - overflow |= ( backup_len < acc_backup_len ); - overflow |= ( acc_len_needed < backup_len ); + overflow |= (backup_len < acc_backup_len); + overflow |= (acc_len_needed < backup_len); - if( overflow || acc_len < acc_len_needed ) - { + if (overflow || acc_len < acc_len_needed) { /* Except for the different return code, we behave as if * there hadn't been a call to mbedtls_mps_reader_get() * since the last commit. */ rd->end = commit; rd->pending = 0; - MBEDTLS_MPS_TRACE( MBEDTLS_MPS_TRACE_TYPE_ERROR, - "The accumulator is too small to handle the backup." ); - MBEDTLS_MPS_TRACE( MBEDTLS_MPS_TRACE_TYPE_ERROR, - "* Size: %u", (unsigned) acc_len ); - MBEDTLS_MPS_TRACE( MBEDTLS_MPS_TRACE_TYPE_ERROR, - "* Needed: %u (%u + %u)", - (unsigned) acc_len_needed, - (unsigned) backup_len, (unsigned) pending ); + MBEDTLS_MPS_TRACE(MBEDTLS_MPS_TRACE_TYPE_ERROR, + "The accumulator is too small to handle the backup."); + MBEDTLS_MPS_TRACE(MBEDTLS_MPS_TRACE_TYPE_ERROR, + "* Size: %u", (unsigned) acc_len); + MBEDTLS_MPS_TRACE(MBEDTLS_MPS_TRACE_TYPE_ERROR, + "* Needed: %u (%u + %u)", + (unsigned) acc_len_needed, + (unsigned) backup_len, (unsigned) pending); MBEDTLS_MPS_TRACE_RETURN( - MBEDTLS_ERR_MPS_READER_ACCUMULATOR_TOO_SMALL ); + MBEDTLS_ERR_MPS_READER_ACCUMULATOR_TOO_SMALL); } - MBEDTLS_MPS_TRACE( MBEDTLS_MPS_TRACE_TYPE_COMMENT, - "Fragment backup: %u", (unsigned) frag_backup_len ); - MBEDTLS_MPS_TRACE( MBEDTLS_MPS_TRACE_TYPE_COMMENT, - "Accumulator backup: %u", (unsigned) acc_backup_len ); + MBEDTLS_MPS_TRACE(MBEDTLS_MPS_TRACE_TYPE_COMMENT, + "Fragment backup: %u", (unsigned) frag_backup_len); + MBEDTLS_MPS_TRACE(MBEDTLS_MPS_TRACE_TYPE_COMMENT, + "Accumulator backup: %u", (unsigned) acc_backup_len); /* Move uncommitted parts from the accumulator to the front * of the accumulator. */ - memmove( acc, acc + acc_backup_offset, acc_backup_len ); + memmove(acc, acc + acc_backup_offset, acc_backup_len); /* Copy uncommitted parts of the current fragment to the * accumulator. */ - memcpy( acc + acc_backup_len, - frag + frag_backup_offset, frag_backup_len ); + memcpy(acc + acc_backup_len, + frag + frag_backup_offset, frag_backup_len); rd->acc_available = backup_len; rd->acc_share.acc_remaining = pending; - if( paused != NULL ) + if (paused != NULL) { *paused = 1; + } } rd->frag = NULL; @@ -549,11 +542,11 @@ int mbedtls_mps_reader_reclaim( mbedtls_mps_reader *rd, rd->end = 0; rd->pending = 0; - MBEDTLS_MPS_TRACE( MBEDTLS_MPS_TRACE_TYPE_COMMENT, - "Final state: aa %u, al %u, ar %u", - (unsigned) rd->acc_available, (unsigned) rd->acc_len, - (unsigned) rd->acc_share.acc_remaining ); - MBEDTLS_MPS_TRACE_RETURN( 0 ); + MBEDTLS_MPS_TRACE(MBEDTLS_MPS_TRACE_TYPE_COMMENT, + "Final state: aa %u, al %u, ar %u", + (unsigned) rd->acc_available, (unsigned) rd->acc_len, + (unsigned) rd->acc_share.acc_remaining); + MBEDTLS_MPS_TRACE_RETURN(0); } #endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ diff --git a/thirdparty/mbedtls/library/mps_reader.h b/thirdparty/mbedtls/library/mps_reader.h index 427c1bd254..bff6705037 100644 --- a/thirdparty/mbedtls/library/mps_reader.h +++ b/thirdparty/mbedtls/library/mps_reader.h @@ -134,8 +134,7 @@ typedef struct mbedtls_mps_reader mbedtls_mps_reader; * Structure definitions */ -struct mbedtls_mps_reader -{ +struct mbedtls_mps_reader { unsigned char *frag; /*!< The fragment of incoming data managed by * the reader; it is provided to the reader * through mbedtls_mps_reader_feed(). The reader @@ -146,46 +145,46 @@ struct mbedtls_mps_reader * The reader is in consuming mode if * and only if \c frag is not \c NULL. */ mbedtls_mps_stored_size_t frag_len; - /*!< The length of the current fragment. - * Must be 0 if \c frag == \c NULL. */ + /*!< The length of the current fragment. + * Must be 0 if \c frag == \c NULL. */ mbedtls_mps_stored_size_t commit; - /*!< The offset of the last commit, relative - * to the first byte in the fragment, if - * no accumulator is present. If an accumulator - * is present, it is viewed as a prefix to the - * current fragment, and this variable contains - * an offset from the beginning of the accumulator. - * - * This is only used when the reader is in - * consuming mode, i.e. \c frag != \c NULL; - * otherwise, its value is \c 0. */ + /*!< The offset of the last commit, relative + * to the first byte in the fragment, if + * no accumulator is present. If an accumulator + * is present, it is viewed as a prefix to the + * current fragment, and this variable contains + * an offset from the beginning of the accumulator. + * + * This is only used when the reader is in + * consuming mode, i.e. \c frag != \c NULL; + * otherwise, its value is \c 0. */ mbedtls_mps_stored_size_t end; - /*!< The offset of the end of the last chunk - * passed to the user through a call to - * mbedtls_mps_reader_get(), relative to the first - * byte in the fragment, if no accumulator is - * present. If an accumulator is present, it is - * viewed as a prefix to the current fragment, and - * this variable contains an offset from the - * beginning of the accumulator. - * - * This is only used when the reader is in - * consuming mode, i.e. \c frag != \c NULL; - * otherwise, its value is \c 0. */ + /*!< The offset of the end of the last chunk + * passed to the user through a call to + * mbedtls_mps_reader_get(), relative to the first + * byte in the fragment, if no accumulator is + * present. If an accumulator is present, it is + * viewed as a prefix to the current fragment, and + * this variable contains an offset from the + * beginning of the accumulator. + * + * This is only used when the reader is in + * consuming mode, i.e. \c frag != \c NULL; + * otherwise, its value is \c 0. */ mbedtls_mps_stored_size_t pending; - /*!< The amount of incoming data missing on the - * last call to mbedtls_mps_reader_get(). - * In particular, it is \c 0 if the last call - * was successful. - * If a reader is reclaimed after an - * unsuccessful call to mbedtls_mps_reader_get(), - * this variable is used to have the reader - * remember how much data should be accumulated - * so that the call to mbedtls_mps_reader_get() - * succeeds next time. - * This is only used when the reader is in - * consuming mode, i.e. \c frag != \c NULL; - * otherwise, its value is \c 0. */ + /*!< The amount of incoming data missing on the + * last call to mbedtls_mps_reader_get(). + * In particular, it is \c 0 if the last call + * was successful. + * If a reader is reclaimed after an + * unsuccessful call to mbedtls_mps_reader_get(), + * this variable is used to have the reader + * remember how much data should be accumulated + * so that the call to mbedtls_mps_reader_get() + * succeeds next time. + * This is only used when the reader is in + * consuming mode, i.e. \c frag != \c NULL; + * otherwise, its value is \c 0. */ /* The accumulator is only needed if we need to be able to pause * the reader. A few bytes could be saved by moving this to a @@ -195,32 +194,31 @@ struct mbedtls_mps_reader * data if a read-request via mbedtls_mps_reader_get() * cannot be served from the current fragment. */ mbedtls_mps_stored_size_t acc_len; - /*!< The total size of the accumulator. */ + /*!< The total size of the accumulator. */ mbedtls_mps_stored_size_t acc_available; - /*!< The number of bytes currently gathered in - * the accumulator. This is both used in - * producing and in consuming mode: - * While producing, it is increased until - * it reaches the value of \c acc_remaining below. - * While consuming, it is used to judge if a - * get request can be served from the - * accumulator or not. - * Must not be larger than \c acc_len. */ - union - { + /*!< The number of bytes currently gathered in + * the accumulator. This is both used in + * producing and in consuming mode: + * While producing, it is increased until + * it reaches the value of \c acc_remaining below. + * While consuming, it is used to judge if a + * get request can be served from the + * accumulator or not. + * Must not be larger than \c acc_len. */ + union { mbedtls_mps_stored_size_t acc_remaining; - /*!< This indicates the amount of data still - * to be gathered in the accumulator. It is - * only used in producing mode. - * Must be at most acc_len - acc_available. */ + /*!< This indicates the amount of data still + * to be gathered in the accumulator. It is + * only used in producing mode. + * Must be at most acc_len - acc_available. */ mbedtls_mps_stored_size_t frag_offset; - /*!< If an accumulator is present and in use, this - * field indicates the offset of the current - * fragment from the beginning of the - * accumulator. If no accumulator is present - * or the accumulator is not in use, this is \c 0. - * It is only used in consuming mode. - * Must not be larger than \c acc_available. */ + /*!< If an accumulator is present and in use, this + * field indicates the offset of the current + * fragment from the beginning of the + * accumulator. If no accumulator is present + * or the accumulator is not in use, this is \c 0. + * It is only used in consuming mode. + * Must not be larger than \c acc_available. */ } acc_share; }; @@ -254,9 +252,9 @@ struct mbedtls_mps_reader * \return \c 0 on success. * \return A negative \c MBEDTLS_ERR_READER_XXX error code on failure. */ -int mbedtls_mps_reader_init( mbedtls_mps_reader *reader, - unsigned char *acc, - mbedtls_mps_size_t acc_len ); +int mbedtls_mps_reader_init(mbedtls_mps_reader *reader, + unsigned char *acc, + mbedtls_mps_size_t acc_len); /** * \brief Free a reader object @@ -266,7 +264,7 @@ int mbedtls_mps_reader_init( mbedtls_mps_reader *reader, * \return \c 0 on success. * \return A negative \c MBEDTLS_ERR_READER_XXX error code on failure. */ -int mbedtls_mps_reader_free( mbedtls_mps_reader *reader ); +int mbedtls_mps_reader_free(mbedtls_mps_reader *reader); /** * \brief Pass chunk of data for the reader to manage. @@ -291,9 +289,9 @@ int mbedtls_mps_reader_free( mbedtls_mps_reader *reader ); * \return Another negative \c MBEDTLS_ERR_READER_XXX error code on * different kinds of failures. */ -int mbedtls_mps_reader_feed( mbedtls_mps_reader *reader, - unsigned char *buf, - mbedtls_mps_size_t buflen ); +int mbedtls_mps_reader_feed(mbedtls_mps_reader *reader, + unsigned char *buf, + mbedtls_mps_size_t buflen); /** * \brief Reclaim reader's access to the current input buffer. @@ -310,8 +308,8 @@ int mbedtls_mps_reader_feed( mbedtls_mps_reader *reader, * \return \c 0 on success. * \return A negative \c MBEDTLS_ERR_READER_XXX error code on failure. */ -int mbedtls_mps_reader_reclaim( mbedtls_mps_reader *reader, - int *paused ); +int mbedtls_mps_reader_reclaim(mbedtls_mps_reader *reader, + int *paused); /* * Usage API (Upper layer) @@ -353,10 +351,10 @@ int mbedtls_mps_reader_reclaim( mbedtls_mps_reader *reader, * address as buflen and checking \c *buflen == \c desired * afterwards. */ -int mbedtls_mps_reader_get( mbedtls_mps_reader *reader, - mbedtls_mps_size_t desired, - unsigned char **buffer, - mbedtls_mps_size_t *buflen ); +int mbedtls_mps_reader_get(mbedtls_mps_reader *reader, + mbedtls_mps_size_t desired, + unsigned char **buffer, + mbedtls_mps_size_t *buflen); /** * \brief Mark data obtained from mbedtls_mps_reader_get() as processed. @@ -377,6 +375,6 @@ int mbedtls_mps_reader_get( mbedtls_mps_reader *reader, * \return A negative \c MBEDTLS_ERR_READER_XXX error code on failure. * */ -int mbedtls_mps_reader_commit( mbedtls_mps_reader *reader ); +int mbedtls_mps_reader_commit(mbedtls_mps_reader *reader); #endif /* MBEDTLS_READER_H */ diff --git a/thirdparty/mbedtls/library/mps_trace.c b/thirdparty/mbedtls/library/mps_trace.c index 6026a07163..ccd944f533 100644 --- a/thirdparty/mbedtls/library/mps_trace.c +++ b/thirdparty/mbedtls/library/mps_trace.c @@ -41,7 +41,7 @@ static int trace_depth = 0; #define color_cyan "\x1B[1;36m" #define color_white "\x1B[1;37m" -static char const * colors[] = +static char const *colors[] = { color_default, color_green, @@ -54,19 +54,18 @@ static char const * colors[] = #define MPS_TRACE_BUF_SIZE 100 -void mbedtls_mps_trace_print_msg( int id, int line, const char *format, ... ) +void mbedtls_mps_trace_print_msg(int id, int line, const char *format, ...) { int ret; char str[MPS_TRACE_BUF_SIZE]; va_list argp; - va_start( argp, format ); - ret = mbedtls_vsnprintf( str, MPS_TRACE_BUF_SIZE, format, argp ); - va_end( argp ); + va_start(argp, format); + ret = mbedtls_vsnprintf(str, MPS_TRACE_BUF_SIZE, format, argp); + va_end(argp); - if( ret >= 0 && ret < MPS_TRACE_BUF_SIZE ) - { + if (ret >= 0 && ret < MPS_TRACE_BUF_SIZE) { str[ret] = '\0'; - mbedtls_printf( "[%d|L%d]: %s\n", id, line, str ); + mbedtls_printf("[%d|L%d]: %s\n", id, line, str); } } @@ -83,39 +82,39 @@ void mbedtls_mps_trace_inc_depth() trace_depth++; } -void mbedtls_mps_trace_color( int id ) +void mbedtls_mps_trace_color(int id) { - if( id > (int) ( sizeof( colors ) / sizeof( *colors ) ) ) + if (id > (int) (sizeof(colors) / sizeof(*colors))) { return; - printf( "%s", colors[ id ] ); + } + printf("%s", colors[id]); } -void mbedtls_mps_trace_indent( int level, mbedtls_mps_trace_type ty ) +void mbedtls_mps_trace_indent(int level, mbedtls_mps_trace_type ty) { - if( level > 0 ) - { - while( --level ) - printf( "| " ); + if (level > 0) { + while (--level) { + printf("| "); + } - printf( "| " ); + printf("| "); } - switch( ty ) - { + switch (ty) { case MBEDTLS_MPS_TRACE_TYPE_COMMENT: - mbedtls_printf( "@ " ); + mbedtls_printf("@ "); break; case MBEDTLS_MPS_TRACE_TYPE_CALL: - mbedtls_printf( "+--> " ); + mbedtls_printf("+--> "); break; case MBEDTLS_MPS_TRACE_TYPE_ERROR: - mbedtls_printf( "E " ); + mbedtls_printf("E "); break; case MBEDTLS_MPS_TRACE_TYPE_RETURN: - mbedtls_printf( "< " ); + mbedtls_printf("< "); break; default: diff --git a/thirdparty/mbedtls/library/mps_trace.h b/thirdparty/mbedtls/library/mps_trace.h index 820a1b66c2..6f0455f038 100644 --- a/thirdparty/mbedtls/library/mps_trace.h +++ b/thirdparty/mbedtls/library/mps_trace.h @@ -52,8 +52,7 @@ * rest of this file. */ -typedef enum -{ +typedef enum { MBEDTLS_MPS_TRACE_TYPE_COMMENT, MBEDTLS_MPS_TRACE_TYPE_CALL, MBEDTLS_MPS_TRACE_TYPE_ERROR, @@ -68,101 +67,101 @@ typedef enum #define MBEDTLS_MPS_TRACE_BIT_READER 6 #if defined(MBEDTLS_MPS_TRACE_ENABLE_LAYER_1) -#define MBEDTLS_MPS_TRACE_MASK_LAYER_1 (1u << MBEDTLS_MPS_TRACE_BIT_LAYER_1 ) +#define MBEDTLS_MPS_TRACE_MASK_LAYER_1 (1u << MBEDTLS_MPS_TRACE_BIT_LAYER_1) #else #define MBEDTLS_MPS_TRACE_MASK_LAYER_1 0 #endif #if defined(MBEDTLS_MPS_TRACE_ENABLE_LAYER_2) -#define MBEDTLS_MPS_TRACE_MASK_LAYER_2 (1u << MBEDTLS_MPS_TRACE_BIT_LAYER_2 ) +#define MBEDTLS_MPS_TRACE_MASK_LAYER_2 (1u << MBEDTLS_MPS_TRACE_BIT_LAYER_2) #else #define MBEDTLS_MPS_TRACE_MASK_LAYER_2 0 #endif #if defined(MBEDTLS_MPS_TRACE_ENABLE_LAYER_3) -#define MBEDTLS_MPS_TRACE_MASK_LAYER_3 (1u << MBEDTLS_MPS_TRACE_BIT_LAYER_3 ) +#define MBEDTLS_MPS_TRACE_MASK_LAYER_3 (1u << MBEDTLS_MPS_TRACE_BIT_LAYER_3) #else #define MBEDTLS_MPS_TRACE_MASK_LAYER_3 0 #endif #if defined(MBEDTLS_MPS_TRACE_ENABLE_LAYER_4) -#define MBEDTLS_MPS_TRACE_MASK_LAYER_4 (1u << MBEDTLS_MPS_TRACE_BIT_LAYER_4 ) +#define MBEDTLS_MPS_TRACE_MASK_LAYER_4 (1u << MBEDTLS_MPS_TRACE_BIT_LAYER_4) #else #define MBEDTLS_MPS_TRACE_MASK_LAYER_4 0 #endif #if defined(MBEDTLS_MPS_TRACE_ENABLE_READER) -#define MBEDTLS_MPS_TRACE_MASK_READER (1u << MBEDTLS_MPS_TRACE_BIT_READER ) +#define MBEDTLS_MPS_TRACE_MASK_READER (1u << MBEDTLS_MPS_TRACE_BIT_READER) #else #define MBEDTLS_MPS_TRACE_MASK_READER 0 #endif #if defined(MBEDTLS_MPS_TRACE_ENABLE_WRITER) -#define MBEDTLS_MPS_TRACE_MASK_WRITER (1u << MBEDTLS_MPS_TRACE_BIT_WRITER ) +#define MBEDTLS_MPS_TRACE_MASK_WRITER (1u << MBEDTLS_MPS_TRACE_BIT_WRITER) #else #define MBEDTLS_MPS_TRACE_MASK_WRITER 0 #endif -#define MBEDTLS_MPS_TRACE_MASK ( MBEDTLS_MPS_TRACE_MASK_LAYER_1 | \ - MBEDTLS_MPS_TRACE_MASK_LAYER_2 | \ - MBEDTLS_MPS_TRACE_MASK_LAYER_3 | \ - MBEDTLS_MPS_TRACE_MASK_LAYER_4 | \ - MBEDTLS_MPS_TRACE_MASK_READER | \ - MBEDTLS_MPS_TRACE_MASK_WRITER ) +#define MBEDTLS_MPS_TRACE_MASK (MBEDTLS_MPS_TRACE_MASK_LAYER_1 | \ + MBEDTLS_MPS_TRACE_MASK_LAYER_2 | \ + MBEDTLS_MPS_TRACE_MASK_LAYER_3 | \ + MBEDTLS_MPS_TRACE_MASK_LAYER_4 | \ + MBEDTLS_MPS_TRACE_MASK_READER | \ + MBEDTLS_MPS_TRACE_MASK_WRITER) /* We have to avoid globals because E-ACSL chokes on them... * Wrap everything in stub functions. */ -int mbedtls_mps_trace_get_depth( void ); -void mbedtls_mps_trace_inc_depth( void ); -void mbedtls_mps_trace_dec_depth( void ); +int mbedtls_mps_trace_get_depth(void); +void mbedtls_mps_trace_inc_depth(void); +void mbedtls_mps_trace_dec_depth(void); -void mbedtls_mps_trace_color( int id ); -void mbedtls_mps_trace_indent( int level, mbedtls_mps_trace_type ty ); +void mbedtls_mps_trace_color(int id); +void mbedtls_mps_trace_indent(int level, mbedtls_mps_trace_type ty); -void mbedtls_mps_trace_print_msg( int id, int line, const char *format, ... ); +void mbedtls_mps_trace_print_msg(int id, int line, const char *format, ...); -#define MBEDTLS_MPS_TRACE( type, ... ) \ +#define MBEDTLS_MPS_TRACE(type, ...) \ do { \ - if( ! ( MBEDTLS_MPS_TRACE_MASK & ( 1u << mbedtls_mps_trace_id ) ) ) \ - break; \ - mbedtls_mps_trace_indent( mbedtls_mps_trace_get_depth(), type ); \ - mbedtls_mps_trace_color( mbedtls_mps_trace_id ); \ - mbedtls_mps_trace_print_msg( mbedtls_mps_trace_id, __LINE__, __VA_ARGS__ ); \ - mbedtls_mps_trace_color( 0 ); \ - } while( 0 ) - -#define MBEDTLS_MPS_TRACE_INIT( ... ) \ + if (!(MBEDTLS_MPS_TRACE_MASK & (1u << mbedtls_mps_trace_id))) \ + break; \ + mbedtls_mps_trace_indent(mbedtls_mps_trace_get_depth(), type); \ + mbedtls_mps_trace_color(mbedtls_mps_trace_id); \ + mbedtls_mps_trace_print_msg(mbedtls_mps_trace_id, __LINE__, __VA_ARGS__); \ + mbedtls_mps_trace_color(0); \ + } while (0) + +#define MBEDTLS_MPS_TRACE_INIT(...) \ do { \ - if( ! ( MBEDTLS_MPS_TRACE_MASK & ( 1u << mbedtls_mps_trace_id ) ) ) \ - break; \ - MBEDTLS_MPS_TRACE( MBEDTLS_MPS_TRACE_TYPE_CALL, __VA_ARGS__ ); \ + if (!(MBEDTLS_MPS_TRACE_MASK & (1u << mbedtls_mps_trace_id))) \ + break; \ + MBEDTLS_MPS_TRACE(MBEDTLS_MPS_TRACE_TYPE_CALL, __VA_ARGS__); \ mbedtls_mps_trace_inc_depth(); \ - } while( 0 ) + } while (0) -#define MBEDTLS_MPS_TRACE_END( val ) \ +#define MBEDTLS_MPS_TRACE_END(val) \ do { \ - if( ! ( MBEDTLS_MPS_TRACE_MASK & ( 1u << mbedtls_mps_trace_id ) ) ) \ - break; \ - MBEDTLS_MPS_TRACE( MBEDTLS_MPS_TRACE_TYPE_RETURN, "%d (-%#04x)", \ - (int) (val), -((unsigned)(val)) ); \ + if (!(MBEDTLS_MPS_TRACE_MASK & (1u << mbedtls_mps_trace_id))) \ + break; \ + MBEDTLS_MPS_TRACE(MBEDTLS_MPS_TRACE_TYPE_RETURN, "%d (-%#04x)", \ + (int) (val), -((unsigned) (val))); \ mbedtls_mps_trace_dec_depth(); \ - } while( 0 ) + } while (0) -#define MBEDTLS_MPS_TRACE_RETURN( val ) \ +#define MBEDTLS_MPS_TRACE_RETURN(val) \ do { \ /* Breaks tail recursion. */ \ int ret__ = val; \ - MBEDTLS_MPS_TRACE_END( ret__ ); \ - return( ret__ ); \ - } while( 0 ) + MBEDTLS_MPS_TRACE_END(ret__); \ + return ret__; \ + } while (0) #else /* MBEDTLS_MPS_TRACE */ -#define MBEDTLS_MPS_TRACE( type, ... ) do { } while( 0 ) -#define MBEDTLS_MPS_TRACE_INIT( ... ) do { } while( 0 ) -#define MBEDTLS_MPS_TRACE_END do { } while( 0 ) +#define MBEDTLS_MPS_TRACE(type, ...) do { } while (0) +#define MBEDTLS_MPS_TRACE_INIT(...) do { } while (0) +#define MBEDTLS_MPS_TRACE_END do { } while (0) -#define MBEDTLS_MPS_TRACE_RETURN( val ) return( val ); +#define MBEDTLS_MPS_TRACE_RETURN(val) return val; #endif /* MBEDTLS_MPS_TRACE */ diff --git a/thirdparty/mbedtls/library/net_sockets.c b/thirdparty/mbedtls/library/net_sockets.c index b2cab503f2..bdd82ac6fe 100644 --- a/thirdparty/mbedtls/library/net_sockets.c +++ b/thirdparty/mbedtls/library/net_sockets.c @@ -47,7 +47,7 @@ #if (defined(_WIN32) || defined(_WIN32_WCE)) && !defined(EFIX64) && \ !defined(EFI32) -#define IS_EINTR( ret ) ( ( ret ) == WSAEINTR ) +#define IS_EINTR(ret) ((ret) == WSAEINTR) #if !defined(_WIN32_WINNT) /* Enables getaddrinfo() & Co */ @@ -70,8 +70,8 @@ #endif #endif /* _MSC_VER */ -#define read(fd,buf,len) recv( fd, (char*)( buf ), (int)( len ), 0 ) -#define write(fd,buf,len) send( fd, (char*)( buf ), (int)( len ), 0 ) +#define read(fd, buf, len) recv(fd, (char *) (buf), (int) (len), 0) +#define write(fd, buf, len) send(fd, (char *) (buf), (int) (len), 0) #define close(fd) closesocket(fd) static int wsa_init_done = 0; @@ -89,7 +89,7 @@ static int wsa_init_done = 0; #include #include -#define IS_EINTR( ret ) ( ( ret ) == EINTR ) +#define IS_EINTR(ret) ((ret) == EINTR) #endif /* ( _WIN32 || _WIN32_WCE ) && !EFIX64 && !EFI32 */ @@ -112,25 +112,25 @@ static int wsa_init_done = 0; /* * Prepare for using the sockets interface */ -static int net_prepare( void ) +static int net_prepare(void) { -#if ( defined(_WIN32) || defined(_WIN32_WCE) ) && !defined(EFIX64) && \ +#if (defined(_WIN32) || defined(_WIN32_WCE)) && !defined(EFIX64) && \ !defined(EFI32) WSADATA wsaData; - if( wsa_init_done == 0 ) - { - if( WSAStartup( MAKEWORD(2,0), &wsaData ) != 0 ) - return( MBEDTLS_ERR_NET_SOCKET_FAILED ); + if (wsa_init_done == 0) { + if (WSAStartup(MAKEWORD(2, 0), &wsaData) != 0) { + return MBEDTLS_ERR_NET_SOCKET_FAILED; + } wsa_init_done = 1; } #else #if !defined(EFIX64) && !defined(EFI32) - signal( SIGPIPE, SIG_IGN ); + signal(SIGPIPE, SIG_IGN); #endif #endif - return( 0 ); + return 0; } /* @@ -138,10 +138,11 @@ static int net_prepare( void ) * If for_select != 0, check whether the file descriptor is within the range * allowed for fd_set used for the FD_xxx macros and the select() function. */ -static int check_fd( int fd, int for_select ) +static int check_fd(int fd, int for_select) { - if( fd < 0 ) - return( MBEDTLS_ERR_NET_INVALID_CONTEXT ); + if (fd < 0) { + return MBEDTLS_ERR_NET_INVALID_CONTEXT; + } #if (defined(_WIN32) || defined(_WIN32_WCE)) && !defined(EFIX64) && \ !defined(EFI32) @@ -151,17 +152,18 @@ static int check_fd( int fd, int for_select ) * that are strictly less than FD_SETSIZE. This is a limitation of the * fd_set type. Error out early, because attempting to call FD_SET on a * large file descriptor is a buffer overflow on typical platforms. */ - if( for_select && fd >= FD_SETSIZE ) - return( MBEDTLS_ERR_NET_POLL_FAILED ); + if (for_select && fd >= FD_SETSIZE) { + return MBEDTLS_ERR_NET_POLL_FAILED; + } #endif - return( 0 ); + return 0; } /* * Initialize a context */ -void mbedtls_net_init( mbedtls_net_context *ctx ) +void mbedtls_net_init(mbedtls_net_context *ctx) { ctx->fd = -1; } @@ -169,107 +171,103 @@ void mbedtls_net_init( mbedtls_net_context *ctx ) /* * Initiate a TCP connection with host:port and the given protocol */ -int mbedtls_net_connect( mbedtls_net_context *ctx, const char *host, - const char *port, int proto ) +int mbedtls_net_connect(mbedtls_net_context *ctx, const char *host, + const char *port, int proto) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; struct addrinfo hints, *addr_list, *cur; - if( ( ret = net_prepare() ) != 0 ) - return( ret ); + if ((ret = net_prepare()) != 0) { + return ret; + } /* Do name resolution with both IPv6 and IPv4 */ - memset( &hints, 0, sizeof( hints ) ); + memset(&hints, 0, sizeof(hints)); hints.ai_family = AF_UNSPEC; hints.ai_socktype = proto == MBEDTLS_NET_PROTO_UDP ? SOCK_DGRAM : SOCK_STREAM; hints.ai_protocol = proto == MBEDTLS_NET_PROTO_UDP ? IPPROTO_UDP : IPPROTO_TCP; - if( getaddrinfo( host, port, &hints, &addr_list ) != 0 ) - return( MBEDTLS_ERR_NET_UNKNOWN_HOST ); + if (getaddrinfo(host, port, &hints, &addr_list) != 0) { + return MBEDTLS_ERR_NET_UNKNOWN_HOST; + } /* Try the sockaddrs until a connection succeeds */ ret = MBEDTLS_ERR_NET_UNKNOWN_HOST; - for( cur = addr_list; cur != NULL; cur = cur->ai_next ) - { - ctx->fd = (int) socket( cur->ai_family, cur->ai_socktype, - cur->ai_protocol ); - if( ctx->fd < 0 ) - { + for (cur = addr_list; cur != NULL; cur = cur->ai_next) { + ctx->fd = (int) socket(cur->ai_family, cur->ai_socktype, + cur->ai_protocol); + if (ctx->fd < 0) { ret = MBEDTLS_ERR_NET_SOCKET_FAILED; continue; } - if( connect( ctx->fd, cur->ai_addr, MSVC_INT_CAST cur->ai_addrlen ) == 0 ) - { + if (connect(ctx->fd, cur->ai_addr, MSVC_INT_CAST cur->ai_addrlen) == 0) { ret = 0; break; } - close( ctx->fd ); + close(ctx->fd); ret = MBEDTLS_ERR_NET_CONNECT_FAILED; } - freeaddrinfo( addr_list ); + freeaddrinfo(addr_list); - return( ret ); + return ret; } /* * Create a listening socket on bind_ip:port */ -int mbedtls_net_bind( mbedtls_net_context *ctx, const char *bind_ip, const char *port, int proto ) +int mbedtls_net_bind(mbedtls_net_context *ctx, const char *bind_ip, const char *port, int proto) { int n, ret; struct addrinfo hints, *addr_list, *cur; - if( ( ret = net_prepare() ) != 0 ) - return( ret ); + if ((ret = net_prepare()) != 0) { + return ret; + } /* Bind to IPv6 and/or IPv4, but only in the desired protocol */ - memset( &hints, 0, sizeof( hints ) ); + memset(&hints, 0, sizeof(hints)); hints.ai_family = AF_UNSPEC; hints.ai_socktype = proto == MBEDTLS_NET_PROTO_UDP ? SOCK_DGRAM : SOCK_STREAM; hints.ai_protocol = proto == MBEDTLS_NET_PROTO_UDP ? IPPROTO_UDP : IPPROTO_TCP; - if( bind_ip == NULL ) + if (bind_ip == NULL) { hints.ai_flags = AI_PASSIVE; + } - if( getaddrinfo( bind_ip, port, &hints, &addr_list ) != 0 ) - return( MBEDTLS_ERR_NET_UNKNOWN_HOST ); + if (getaddrinfo(bind_ip, port, &hints, &addr_list) != 0) { + return MBEDTLS_ERR_NET_UNKNOWN_HOST; + } /* Try the sockaddrs until a binding succeeds */ ret = MBEDTLS_ERR_NET_UNKNOWN_HOST; - for( cur = addr_list; cur != NULL; cur = cur->ai_next ) - { - ctx->fd = (int) socket( cur->ai_family, cur->ai_socktype, - cur->ai_protocol ); - if( ctx->fd < 0 ) - { + for (cur = addr_list; cur != NULL; cur = cur->ai_next) { + ctx->fd = (int) socket(cur->ai_family, cur->ai_socktype, + cur->ai_protocol); + if (ctx->fd < 0) { ret = MBEDTLS_ERR_NET_SOCKET_FAILED; continue; } n = 1; - if( setsockopt( ctx->fd, SOL_SOCKET, SO_REUSEADDR, - (const char *) &n, sizeof( n ) ) != 0 ) - { - close( ctx->fd ); + if (setsockopt(ctx->fd, SOL_SOCKET, SO_REUSEADDR, + (const char *) &n, sizeof(n)) != 0) { + close(ctx->fd); ret = MBEDTLS_ERR_NET_SOCKET_FAILED; continue; } - if( bind( ctx->fd, cur->ai_addr, MSVC_INT_CAST cur->ai_addrlen ) != 0 ) - { - close( ctx->fd ); + if (bind(ctx->fd, cur->ai_addr, MSVC_INT_CAST cur->ai_addrlen) != 0) { + close(ctx->fd); ret = MBEDTLS_ERR_NET_BIND_FAILED; continue; } /* Listen only makes sense for TCP */ - if( proto == MBEDTLS_NET_PROTO_TCP ) - { - if( listen( ctx->fd, MBEDTLS_NET_LISTEN_BACKLOG ) != 0 ) - { - close( ctx->fd ); + if (proto == MBEDTLS_NET_PROTO_TCP) { + if (listen(ctx->fd, MBEDTLS_NET_LISTEN_BACKLOG) != 0) { + close(ctx->fd); ret = MBEDTLS_ERR_NET_LISTEN_FAILED; continue; } @@ -280,22 +278,22 @@ int mbedtls_net_bind( mbedtls_net_context *ctx, const char *bind_ip, const char break; } - freeaddrinfo( addr_list ); + freeaddrinfo(addr_list); - return( ret ); + return ret; } -#if ( defined(_WIN32) || defined(_WIN32_WCE) ) && !defined(EFIX64) && \ +#if (defined(_WIN32) || defined(_WIN32_WCE)) && !defined(EFIX64) && \ !defined(EFI32) /* * Check if the requested operation would be blocking on a non-blocking socket * and thus 'failed' with a negative return value. */ -static int net_would_block( const mbedtls_net_context *ctx ) +static int net_would_block(const mbedtls_net_context *ctx) { ((void) ctx); - return( WSAGetLastError() == WSAEWOULDBLOCK ); + return WSAGetLastError() == WSAEWOULDBLOCK; } #else /* @@ -304,39 +302,37 @@ static int net_would_block( const mbedtls_net_context *ctx ) * * Note: on a blocking socket this function always returns 0! */ -static int net_would_block( const mbedtls_net_context *ctx ) +static int net_would_block(const mbedtls_net_context *ctx) { int err = errno; /* * Never return 'WOULD BLOCK' on a blocking socket */ - if( ( fcntl( ctx->fd, F_GETFL ) & O_NONBLOCK ) != O_NONBLOCK ) - { + if ((fcntl(ctx->fd, F_GETFL) & O_NONBLOCK) != O_NONBLOCK) { errno = err; - return( 0 ); + return 0; } - switch( errno = err ) - { + switch (errno = err) { #if defined EAGAIN case EAGAIN: #endif #if defined EWOULDBLOCK && EWOULDBLOCK != EAGAIN case EWOULDBLOCK: #endif - return( 1 ); + return 1; } - return( 0 ); + return 0; } #endif /* ( _WIN32 || _WIN32_WCE ) && !EFIX64 && !EFI32 */ /* * Accept a connection from a remote client */ -int mbedtls_net_accept( mbedtls_net_context *bind_ctx, - mbedtls_net_context *client_ctx, - void *client_ip, size_t buf_size, size_t *ip_len ) +int mbedtls_net_accept(mbedtls_net_context *bind_ctx, + mbedtls_net_context *client_ctx, + void *client_ip, size_t buf_size, size_t *ip_len) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; int type; @@ -346,132 +342,123 @@ int mbedtls_net_accept( mbedtls_net_context *bind_ctx, #if defined(__socklen_t_defined) || defined(_SOCKLEN_T) || \ defined(_SOCKLEN_T_DECLARED) || defined(__DEFINED_socklen_t) || \ defined(socklen_t) || (defined(_POSIX_VERSION) && _POSIX_VERSION >= 200112L) - socklen_t n = (socklen_t) sizeof( client_addr ); - socklen_t type_len = (socklen_t) sizeof( type ); + socklen_t n = (socklen_t) sizeof(client_addr); + socklen_t type_len = (socklen_t) sizeof(type); #else - int n = (int) sizeof( client_addr ); - int type_len = (int) sizeof( type ); + int n = (int) sizeof(client_addr); + int type_len = (int) sizeof(type); #endif /* Is this a TCP or UDP socket? */ - if( getsockopt( bind_ctx->fd, SOL_SOCKET, SO_TYPE, - (void *) &type, &type_len ) != 0 || - ( type != SOCK_STREAM && type != SOCK_DGRAM ) ) - { - return( MBEDTLS_ERR_NET_ACCEPT_FAILED ); + if (getsockopt(bind_ctx->fd, SOL_SOCKET, SO_TYPE, + (void *) &type, &type_len) != 0 || + (type != SOCK_STREAM && type != SOCK_DGRAM)) { + return MBEDTLS_ERR_NET_ACCEPT_FAILED; } - if( type == SOCK_STREAM ) - { + if (type == SOCK_STREAM) { /* TCP: actual accept() */ - ret = client_ctx->fd = (int) accept( bind_ctx->fd, - (struct sockaddr *) &client_addr, &n ); - } - else - { + ret = client_ctx->fd = (int) accept(bind_ctx->fd, + (struct sockaddr *) &client_addr, &n); + } else { /* UDP: wait for a message, but keep it in the queue */ char buf[1] = { 0 }; - ret = (int) recvfrom( bind_ctx->fd, buf, sizeof( buf ), MSG_PEEK, - (struct sockaddr *) &client_addr, &n ); + ret = (int) recvfrom(bind_ctx->fd, buf, sizeof(buf), MSG_PEEK, + (struct sockaddr *) &client_addr, &n); #if defined(_WIN32) - if( ret == SOCKET_ERROR && - WSAGetLastError() == WSAEMSGSIZE ) - { + if (ret == SOCKET_ERROR && + WSAGetLastError() == WSAEMSGSIZE) { /* We know buf is too small, thanks, just peeking here */ ret = 0; } #endif } - if( ret < 0 ) - { - if( net_would_block( bind_ctx ) != 0 ) - return( MBEDTLS_ERR_SSL_WANT_READ ); + if (ret < 0) { + if (net_would_block(bind_ctx) != 0) { + return MBEDTLS_ERR_SSL_WANT_READ; + } - return( MBEDTLS_ERR_NET_ACCEPT_FAILED ); + return MBEDTLS_ERR_NET_ACCEPT_FAILED; } /* UDP: hijack the listening socket to communicate with the client, * then bind a new socket to accept new connections */ - if( type != SOCK_STREAM ) - { + if (type != SOCK_STREAM) { struct sockaddr_storage local_addr; int one = 1; - if( connect( bind_ctx->fd, (struct sockaddr *) &client_addr, n ) != 0 ) - return( MBEDTLS_ERR_NET_ACCEPT_FAILED ); + if (connect(bind_ctx->fd, (struct sockaddr *) &client_addr, n) != 0) { + return MBEDTLS_ERR_NET_ACCEPT_FAILED; + } client_ctx->fd = bind_ctx->fd; bind_ctx->fd = -1; /* In case we exit early */ - n = sizeof( struct sockaddr_storage ); - if( getsockname( client_ctx->fd, - (struct sockaddr *) &local_addr, &n ) != 0 || - ( bind_ctx->fd = (int) socket( local_addr.ss_family, - SOCK_DGRAM, IPPROTO_UDP ) ) < 0 || - setsockopt( bind_ctx->fd, SOL_SOCKET, SO_REUSEADDR, - (const char *) &one, sizeof( one ) ) != 0 ) - { - return( MBEDTLS_ERR_NET_SOCKET_FAILED ); + n = sizeof(struct sockaddr_storage); + if (getsockname(client_ctx->fd, + (struct sockaddr *) &local_addr, &n) != 0 || + (bind_ctx->fd = (int) socket(local_addr.ss_family, + SOCK_DGRAM, IPPROTO_UDP)) < 0 || + setsockopt(bind_ctx->fd, SOL_SOCKET, SO_REUSEADDR, + (const char *) &one, sizeof(one)) != 0) { + return MBEDTLS_ERR_NET_SOCKET_FAILED; } - if( bind( bind_ctx->fd, (struct sockaddr *) &local_addr, n ) != 0 ) - { - return( MBEDTLS_ERR_NET_BIND_FAILED ); + if (bind(bind_ctx->fd, (struct sockaddr *) &local_addr, n) != 0) { + return MBEDTLS_ERR_NET_BIND_FAILED; } } - if( client_ip != NULL ) - { - if( client_addr.ss_family == AF_INET ) - { + if (client_ip != NULL) { + if (client_addr.ss_family == AF_INET) { struct sockaddr_in *addr4 = (struct sockaddr_in *) &client_addr; - *ip_len = sizeof( addr4->sin_addr.s_addr ); + *ip_len = sizeof(addr4->sin_addr.s_addr); - if( buf_size < *ip_len ) - return( MBEDTLS_ERR_NET_BUFFER_TOO_SMALL ); + if (buf_size < *ip_len) { + return MBEDTLS_ERR_NET_BUFFER_TOO_SMALL; + } - memcpy( client_ip, &addr4->sin_addr.s_addr, *ip_len ); - } - else - { + memcpy(client_ip, &addr4->sin_addr.s_addr, *ip_len); + } else { struct sockaddr_in6 *addr6 = (struct sockaddr_in6 *) &client_addr; - *ip_len = sizeof( addr6->sin6_addr.s6_addr ); + *ip_len = sizeof(addr6->sin6_addr.s6_addr); - if( buf_size < *ip_len ) - return( MBEDTLS_ERR_NET_BUFFER_TOO_SMALL ); + if (buf_size < *ip_len) { + return MBEDTLS_ERR_NET_BUFFER_TOO_SMALL; + } - memcpy( client_ip, &addr6->sin6_addr.s6_addr, *ip_len); + memcpy(client_ip, &addr6->sin6_addr.s6_addr, *ip_len); } } - return( 0 ); + return 0; } /* * Set the socket blocking or non-blocking */ -int mbedtls_net_set_block( mbedtls_net_context *ctx ) +int mbedtls_net_set_block(mbedtls_net_context *ctx) { -#if ( defined(_WIN32) || defined(_WIN32_WCE) ) && !defined(EFIX64) && \ +#if (defined(_WIN32) || defined(_WIN32_WCE)) && !defined(EFIX64) && \ !defined(EFI32) u_long n = 0; - return( ioctlsocket( ctx->fd, FIONBIO, &n ) ); + return ioctlsocket(ctx->fd, FIONBIO, &n); #else - return( fcntl( ctx->fd, F_SETFL, fcntl( ctx->fd, F_GETFL ) & ~O_NONBLOCK ) ); + return fcntl(ctx->fd, F_SETFL, fcntl(ctx->fd, F_GETFL) & ~O_NONBLOCK); #endif } -int mbedtls_net_set_nonblock( mbedtls_net_context *ctx ) +int mbedtls_net_set_nonblock(mbedtls_net_context *ctx) { -#if ( defined(_WIN32) || defined(_WIN32_WCE) ) && !defined(EFIX64) && \ +#if (defined(_WIN32) || defined(_WIN32_WCE)) && !defined(EFIX64) && \ !defined(EFI32) u_long n = 1; - return( ioctlsocket( ctx->fd, FIONBIO, &n ) ); + return ioctlsocket(ctx->fd, FIONBIO, &n); #else - return( fcntl( ctx->fd, F_SETFL, fcntl( ctx->fd, F_GETFL ) | O_NONBLOCK ) ); + return fcntl(ctx->fd, F_SETFL, fcntl(ctx->fd, F_GETFL) | O_NONBLOCK); #endif } @@ -479,7 +466,7 @@ int mbedtls_net_set_nonblock( mbedtls_net_context *ctx ) * Check if data is available on the socket */ -int mbedtls_net_poll( mbedtls_net_context *ctx, uint32_t rw, uint32_t timeout ) +int mbedtls_net_poll(mbedtls_net_context *ctx, uint32_t rw, uint32_t timeout) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; struct timeval tv; @@ -489,207 +476,220 @@ int mbedtls_net_poll( mbedtls_net_context *ctx, uint32_t rw, uint32_t timeout ) int fd = ctx->fd; - ret = check_fd( fd, 1 ); - if( ret != 0 ) - return( ret ); + ret = check_fd(fd, 1); + if (ret != 0) { + return ret; + } #if defined(__has_feature) #if __has_feature(memory_sanitizer) /* Ensure that memory sanitizers consider read_fds and write_fds as * initialized even on platforms such as Glibc/x86_64 where FD_ZERO * is implemented in assembly. */ - memset( &read_fds, 0, sizeof( read_fds ) ); - memset( &write_fds, 0, sizeof( write_fds ) ); + memset(&read_fds, 0, sizeof(read_fds)); + memset(&write_fds, 0, sizeof(write_fds)); #endif #endif - FD_ZERO( &read_fds ); - if( rw & MBEDTLS_NET_POLL_READ ) - { + FD_ZERO(&read_fds); + if (rw & MBEDTLS_NET_POLL_READ) { rw &= ~MBEDTLS_NET_POLL_READ; - FD_SET( fd, &read_fds ); + FD_SET(fd, &read_fds); } - FD_ZERO( &write_fds ); - if( rw & MBEDTLS_NET_POLL_WRITE ) - { + FD_ZERO(&write_fds); + if (rw & MBEDTLS_NET_POLL_WRITE) { rw &= ~MBEDTLS_NET_POLL_WRITE; - FD_SET( fd, &write_fds ); + FD_SET(fd, &write_fds); } - if( rw != 0 ) - return( MBEDTLS_ERR_NET_BAD_INPUT_DATA ); + if (rw != 0) { + return MBEDTLS_ERR_NET_BAD_INPUT_DATA; + } tv.tv_sec = timeout / 1000; - tv.tv_usec = ( timeout % 1000 ) * 1000; + tv.tv_usec = (timeout % 1000) * 1000; - do - { - ret = select( fd + 1, &read_fds, &write_fds, NULL, - timeout == (uint32_t) -1 ? NULL : &tv ); - } - while( IS_EINTR( ret ) ); + do { + ret = select(fd + 1, &read_fds, &write_fds, NULL, + timeout == (uint32_t) -1 ? NULL : &tv); + } while (IS_EINTR(ret)); - if( ret < 0 ) - return( MBEDTLS_ERR_NET_POLL_FAILED ); + if (ret < 0) { + return MBEDTLS_ERR_NET_POLL_FAILED; + } ret = 0; - if( FD_ISSET( fd, &read_fds ) ) + if (FD_ISSET(fd, &read_fds)) { ret |= MBEDTLS_NET_POLL_READ; - if( FD_ISSET( fd, &write_fds ) ) + } + if (FD_ISSET(fd, &write_fds)) { ret |= MBEDTLS_NET_POLL_WRITE; + } - return( ret ); + return ret; } /* * Portable usleep helper */ -void mbedtls_net_usleep( unsigned long usec ) +void mbedtls_net_usleep(unsigned long usec) { #if defined(_WIN32) - Sleep( ( usec + 999 ) / 1000 ); + Sleep((usec + 999) / 1000); #else struct timeval tv; tv.tv_sec = usec / 1000000; #if defined(__unix__) || defined(__unix) || \ - ( defined(__APPLE__) && defined(__MACH__) ) + (defined(__APPLE__) && defined(__MACH__)) tv.tv_usec = (suseconds_t) usec % 1000000; #else tv.tv_usec = usec % 1000000; #endif - select( 0, NULL, NULL, NULL, &tv ); + select(0, NULL, NULL, NULL, &tv); #endif } /* * Read at most 'len' characters */ -int mbedtls_net_recv( void *ctx, unsigned char *buf, size_t len ) +int mbedtls_net_recv(void *ctx, unsigned char *buf, size_t len) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; int fd = ((mbedtls_net_context *) ctx)->fd; - ret = check_fd( fd, 0 ); - if( ret != 0 ) - return( ret ); + ret = check_fd(fd, 0); + if (ret != 0) { + return ret; + } - ret = (int) read( fd, buf, len ); + ret = (int) read(fd, buf, len); - if( ret < 0 ) - { - if( net_would_block( ctx ) != 0 ) - return( MBEDTLS_ERR_SSL_WANT_READ ); + if (ret < 0) { + if (net_would_block(ctx) != 0) { + return MBEDTLS_ERR_SSL_WANT_READ; + } -#if ( defined(_WIN32) || defined(_WIN32_WCE) ) && !defined(EFIX64) && \ - !defined(EFI32) - if( WSAGetLastError() == WSAECONNRESET ) - return( MBEDTLS_ERR_NET_CONN_RESET ); +#if (defined(_WIN32) || defined(_WIN32_WCE)) && !defined(EFIX64) && \ + !defined(EFI32) + if (WSAGetLastError() == WSAECONNRESET) { + return MBEDTLS_ERR_NET_CONN_RESET; + } #else - if( errno == EPIPE || errno == ECONNRESET ) - return( MBEDTLS_ERR_NET_CONN_RESET ); + if (errno == EPIPE || errno == ECONNRESET) { + return MBEDTLS_ERR_NET_CONN_RESET; + } - if( errno == EINTR ) - return( MBEDTLS_ERR_SSL_WANT_READ ); + if (errno == EINTR) { + return MBEDTLS_ERR_SSL_WANT_READ; + } #endif - return( MBEDTLS_ERR_NET_RECV_FAILED ); + return MBEDTLS_ERR_NET_RECV_FAILED; } - return( ret ); + return ret; } /* * Read at most 'len' characters, blocking for at most 'timeout' ms */ -int mbedtls_net_recv_timeout( void *ctx, unsigned char *buf, - size_t len, uint32_t timeout ) +int mbedtls_net_recv_timeout(void *ctx, unsigned char *buf, + size_t len, uint32_t timeout) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; struct timeval tv; fd_set read_fds; int fd = ((mbedtls_net_context *) ctx)->fd; - ret = check_fd( fd, 1 ); - if( ret != 0 ) - return( ret ); + ret = check_fd(fd, 1); + if (ret != 0) { + return ret; + } - FD_ZERO( &read_fds ); - FD_SET( fd, &read_fds ); + FD_ZERO(&read_fds); + FD_SET(fd, &read_fds); tv.tv_sec = timeout / 1000; - tv.tv_usec = ( timeout % 1000 ) * 1000; + tv.tv_usec = (timeout % 1000) * 1000; - ret = select( fd + 1, &read_fds, NULL, NULL, timeout == 0 ? NULL : &tv ); + ret = select(fd + 1, &read_fds, NULL, NULL, timeout == 0 ? NULL : &tv); /* Zero fds ready means we timed out */ - if( ret == 0 ) - return( MBEDTLS_ERR_SSL_TIMEOUT ); + if (ret == 0) { + return MBEDTLS_ERR_SSL_TIMEOUT; + } - if( ret < 0 ) - { -#if ( defined(_WIN32) || defined(_WIN32_WCE) ) && !defined(EFIX64) && \ - !defined(EFI32) - if( WSAGetLastError() == WSAEINTR ) - return( MBEDTLS_ERR_SSL_WANT_READ ); + if (ret < 0) { +#if (defined(_WIN32) || defined(_WIN32_WCE)) && !defined(EFIX64) && \ + !defined(EFI32) + if (WSAGetLastError() == WSAEINTR) { + return MBEDTLS_ERR_SSL_WANT_READ; + } #else - if( errno == EINTR ) - return( MBEDTLS_ERR_SSL_WANT_READ ); + if (errno == EINTR) { + return MBEDTLS_ERR_SSL_WANT_READ; + } #endif - return( MBEDTLS_ERR_NET_RECV_FAILED ); + return MBEDTLS_ERR_NET_RECV_FAILED; } /* This call will not block */ - return( mbedtls_net_recv( ctx, buf, len ) ); + return mbedtls_net_recv(ctx, buf, len); } /* * Write at most 'len' characters */ -int mbedtls_net_send( void *ctx, const unsigned char *buf, size_t len ) +int mbedtls_net_send(void *ctx, const unsigned char *buf, size_t len) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; int fd = ((mbedtls_net_context *) ctx)->fd; - ret = check_fd( fd, 0 ); - if( ret != 0 ) - return( ret ); + ret = check_fd(fd, 0); + if (ret != 0) { + return ret; + } - ret = (int) write( fd, buf, len ); + ret = (int) write(fd, buf, len); - if( ret < 0 ) - { - if( net_would_block( ctx ) != 0 ) - return( MBEDTLS_ERR_SSL_WANT_WRITE ); + if (ret < 0) { + if (net_would_block(ctx) != 0) { + return MBEDTLS_ERR_SSL_WANT_WRITE; + } -#if ( defined(_WIN32) || defined(_WIN32_WCE) ) && !defined(EFIX64) && \ - !defined(EFI32) - if( WSAGetLastError() == WSAECONNRESET ) - return( MBEDTLS_ERR_NET_CONN_RESET ); +#if (defined(_WIN32) || defined(_WIN32_WCE)) && !defined(EFIX64) && \ + !defined(EFI32) + if (WSAGetLastError() == WSAECONNRESET) { + return MBEDTLS_ERR_NET_CONN_RESET; + } #else - if( errno == EPIPE || errno == ECONNRESET ) - return( MBEDTLS_ERR_NET_CONN_RESET ); + if (errno == EPIPE || errno == ECONNRESET) { + return MBEDTLS_ERR_NET_CONN_RESET; + } - if( errno == EINTR ) - return( MBEDTLS_ERR_SSL_WANT_WRITE ); + if (errno == EINTR) { + return MBEDTLS_ERR_SSL_WANT_WRITE; + } #endif - return( MBEDTLS_ERR_NET_SEND_FAILED ); + return MBEDTLS_ERR_NET_SEND_FAILED; } - return( ret ); + return ret; } /* * Close the connection */ -void mbedtls_net_close( mbedtls_net_context *ctx ) +void mbedtls_net_close(mbedtls_net_context *ctx) { - if( ctx->fd == -1 ) + if (ctx->fd == -1) { return; + } - close( ctx->fd ); + close(ctx->fd); ctx->fd = -1; } @@ -697,13 +697,14 @@ void mbedtls_net_close( mbedtls_net_context *ctx ) /* * Gracefully close the connection */ -void mbedtls_net_free( mbedtls_net_context *ctx ) +void mbedtls_net_free(mbedtls_net_context *ctx) { - if( ctx->fd == -1 ) + if (ctx->fd == -1) { return; + } - shutdown( ctx->fd, 2 ); - close( ctx->fd ); + shutdown(ctx->fd, 2); + close(ctx->fd); ctx->fd = -1; } diff --git a/thirdparty/mbedtls/library/nist_kw.c b/thirdparty/mbedtls/library/nist_kw.c index 495c23d06a..5817bf4f4c 100644 --- a/thirdparty/mbedtls/library/nist_kw.c +++ b/thirdparty/mbedtls/library/nist_kw.c @@ -47,35 +47,37 @@ #define MIN_SEMIBLOCKS_COUNT 3 /*! The 64-bit default integrity check value (ICV) for KW mode. */ -static const unsigned char NIST_KW_ICV1[] = {0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6}; +static const unsigned char NIST_KW_ICV1[] = { 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6 }; /*! The 32-bit default integrity check value (ICV) for KWP mode. */ -static const unsigned char NIST_KW_ICV2[] = {0xA6, 0x59, 0x59, 0xA6}; +static const unsigned char NIST_KW_ICV2[] = { 0xA6, 0x59, 0x59, 0xA6 }; /* * Initialize context */ -void mbedtls_nist_kw_init( mbedtls_nist_kw_context *ctx ) +void mbedtls_nist_kw_init(mbedtls_nist_kw_context *ctx) { - memset( ctx, 0, sizeof( mbedtls_nist_kw_context ) ); + memset(ctx, 0, sizeof(mbedtls_nist_kw_context)); } -int mbedtls_nist_kw_setkey( mbedtls_nist_kw_context *ctx, - mbedtls_cipher_id_t cipher, - const unsigned char *key, - unsigned int keybits, - const int is_wrap ) +int mbedtls_nist_kw_setkey(mbedtls_nist_kw_context *ctx, + mbedtls_cipher_id_t cipher, + const unsigned char *key, + unsigned int keybits, + const int is_wrap) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; const mbedtls_cipher_info_t *cipher_info; - cipher_info = mbedtls_cipher_info_from_values( cipher, - keybits, - MBEDTLS_MODE_ECB ); - if( cipher_info == NULL ) - return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + cipher_info = mbedtls_cipher_info_from_values(cipher, + keybits, + MBEDTLS_MODE_ECB); + if (cipher_info == NULL) { + return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA; + } - if( cipher_info->block_size != 16 ) - return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + if (cipher_info->block_size != 16) { + return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA; + } /* * SP 800-38F currently defines AES cipher as the only block cipher allowed: @@ -86,44 +88,44 @@ int mbedtls_nist_kw_setkey( mbedtls_nist_kw_context *ctx, * Currently we don't support other 128 bit block ciphers for key wrapping, * such as Camellia and Aria. */ - if( cipher != MBEDTLS_CIPHER_ID_AES ) - return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE ); + if (cipher != MBEDTLS_CIPHER_ID_AES) { + return MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE; + } - mbedtls_cipher_free( &ctx->cipher_ctx ); + mbedtls_cipher_free(&ctx->cipher_ctx); - if( ( ret = mbedtls_cipher_setup( &ctx->cipher_ctx, cipher_info ) ) != 0 ) - return( ret ); + if ((ret = mbedtls_cipher_setup(&ctx->cipher_ctx, cipher_info)) != 0) { + return ret; + } - if( ( ret = mbedtls_cipher_setkey( &ctx->cipher_ctx, key, keybits, - is_wrap ? MBEDTLS_ENCRYPT : - MBEDTLS_DECRYPT ) - ) != 0 ) - { - return( ret ); + if ((ret = mbedtls_cipher_setkey(&ctx->cipher_ctx, key, keybits, + is_wrap ? MBEDTLS_ENCRYPT : + MBEDTLS_DECRYPT) + ) != 0) { + return ret; } - return( 0 ); + return 0; } /* * Free context */ -void mbedtls_nist_kw_free( mbedtls_nist_kw_context *ctx ) +void mbedtls_nist_kw_free(mbedtls_nist_kw_context *ctx) { - mbedtls_cipher_free( &ctx->cipher_ctx ); - mbedtls_platform_zeroize( ctx, sizeof( mbedtls_nist_kw_context ) ); + mbedtls_cipher_free(&ctx->cipher_ctx); + mbedtls_platform_zeroize(ctx, sizeof(mbedtls_nist_kw_context)); } /* * Helper function for Xoring the uint64_t "t" with the encrypted A. * Defined in NIST SP 800-38F section 6.1 */ -static void calc_a_xor_t( unsigned char A[KW_SEMIBLOCK_LENGTH], uint64_t t ) +static void calc_a_xor_t(unsigned char A[KW_SEMIBLOCK_LENGTH], uint64_t t) { size_t i = 0; - for( i = 0; i < sizeof( t ); i++ ) - { - A[i] ^= ( t >> ( ( sizeof( t ) - 1 - i ) * 8 ) ) & 0xff; + for (i = 0; i < sizeof(t); i++) { + A[i] ^= (t >> ((sizeof(t) - 1 - i) * 8)) & 0xff; } } @@ -131,10 +133,10 @@ static void calc_a_xor_t( unsigned char A[KW_SEMIBLOCK_LENGTH], uint64_t t ) * KW-AE as defined in SP 800-38F section 6.2 * KWP-AE as defined in SP 800-38F section 6.3 */ -int mbedtls_nist_kw_wrap( mbedtls_nist_kw_context *ctx, - mbedtls_nist_kw_mode_t mode, - const unsigned char *input, size_t in_len, - unsigned char *output, size_t *out_len, size_t out_size ) +int mbedtls_nist_kw_wrap(mbedtls_nist_kw_context *ctx, + mbedtls_nist_kw_mode_t mode, + const unsigned char *input, size_t in_len, + unsigned char *output, size_t *out_len, size_t out_size) { int ret = 0; size_t semiblocks = 0; @@ -148,106 +150,96 @@ int mbedtls_nist_kw_wrap( mbedtls_nist_kw_context *ctx, /* * Generate the String to work on */ - if( mode == MBEDTLS_KW_MODE_KW ) - { - if( out_size < in_len + KW_SEMIBLOCK_LENGTH ) - { - return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + if (mode == MBEDTLS_KW_MODE_KW) { + if (out_size < in_len + KW_SEMIBLOCK_LENGTH) { + return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA; } /* * According to SP 800-38F Table 1, the plaintext length for KW * must be between 2 to 2^54-1 semiblocks inclusive. */ - if( in_len < 16 || + if (in_len < 16 || #if SIZE_MAX > 0x1FFFFFFFFFFFFF8 in_len > 0x1FFFFFFFFFFFFF8 || #endif - in_len % KW_SEMIBLOCK_LENGTH != 0 ) - { - return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + in_len % KW_SEMIBLOCK_LENGTH != 0) { + return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA; } - memcpy( output, NIST_KW_ICV1, KW_SEMIBLOCK_LENGTH ); - memmove( output + KW_SEMIBLOCK_LENGTH, input, in_len ); - } - else - { - if( in_len % 8 != 0 ) - { - padlen = ( 8 - ( in_len % 8 ) ); + memcpy(output, NIST_KW_ICV1, KW_SEMIBLOCK_LENGTH); + memmove(output + KW_SEMIBLOCK_LENGTH, input, in_len); + } else { + if (in_len % 8 != 0) { + padlen = (8 - (in_len % 8)); } - if( out_size < in_len + KW_SEMIBLOCK_LENGTH + padlen ) - { - return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + if (out_size < in_len + KW_SEMIBLOCK_LENGTH + padlen) { + return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA; } /* * According to SP 800-38F Table 1, the plaintext length for KWP * must be between 1 and 2^32-1 octets inclusive. */ - if( in_len < 1 + if (in_len < 1 #if SIZE_MAX > 0xFFFFFFFF || in_len > 0xFFFFFFFF #endif - ) - { - return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + ) { + return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA; } - memcpy( output, NIST_KW_ICV2, KW_SEMIBLOCK_LENGTH / 2 ); - MBEDTLS_PUT_UINT32_BE( ( in_len & 0xffffffff ), output, - KW_SEMIBLOCK_LENGTH / 2 ); + memcpy(output, NIST_KW_ICV2, KW_SEMIBLOCK_LENGTH / 2); + MBEDTLS_PUT_UINT32_BE((in_len & 0xffffffff), output, + KW_SEMIBLOCK_LENGTH / 2); - memcpy( output + KW_SEMIBLOCK_LENGTH, input, in_len ); - memset( output + KW_SEMIBLOCK_LENGTH + in_len, 0, padlen ); + memcpy(output + KW_SEMIBLOCK_LENGTH, input, in_len); + memset(output + KW_SEMIBLOCK_LENGTH + in_len, 0, padlen); } - semiblocks = ( ( in_len + padlen ) / KW_SEMIBLOCK_LENGTH ) + 1; + semiblocks = ((in_len + padlen) / KW_SEMIBLOCK_LENGTH) + 1; - s = 6 * ( semiblocks - 1 ); + s = 6 * (semiblocks - 1); - if( mode == MBEDTLS_KW_MODE_KWP - && in_len <= KW_SEMIBLOCK_LENGTH ) - { - memcpy( inbuff, output, 16 ); - ret = mbedtls_cipher_update( &ctx->cipher_ctx, - inbuff, 16, output, &olen ); - if( ret != 0 ) + if (mode == MBEDTLS_KW_MODE_KWP + && in_len <= KW_SEMIBLOCK_LENGTH) { + memcpy(inbuff, output, 16); + ret = mbedtls_cipher_update(&ctx->cipher_ctx, + inbuff, 16, output, &olen); + if (ret != 0) { goto cleanup; - } - else - { + } + } else { unsigned char *R2 = output + KW_SEMIBLOCK_LENGTH; unsigned char *A = output; /* * Do the wrapping function W, as defined in RFC 3394 section 2.2.1 */ - if( semiblocks < MIN_SEMIBLOCKS_COUNT ) - { + if (semiblocks < MIN_SEMIBLOCKS_COUNT) { ret = MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA; goto cleanup; } /* Calculate intermediate values */ - for( t = 1; t <= s; t++ ) - { - memcpy( inbuff, A, KW_SEMIBLOCK_LENGTH ); - memcpy( inbuff + KW_SEMIBLOCK_LENGTH, R2, KW_SEMIBLOCK_LENGTH ); - - ret = mbedtls_cipher_update( &ctx->cipher_ctx, - inbuff, 16, outbuff, &olen ); - if( ret != 0 ) + for (t = 1; t <= s; t++) { + memcpy(inbuff, A, KW_SEMIBLOCK_LENGTH); + memcpy(inbuff + KW_SEMIBLOCK_LENGTH, R2, KW_SEMIBLOCK_LENGTH); + + ret = mbedtls_cipher_update(&ctx->cipher_ctx, + inbuff, 16, outbuff, &olen); + if (ret != 0) { goto cleanup; + } - memcpy( A, outbuff, KW_SEMIBLOCK_LENGTH ); - calc_a_xor_t( A, t ); + memcpy(A, outbuff, KW_SEMIBLOCK_LENGTH); + calc_a_xor_t(A, t); - memcpy( R2, outbuff + KW_SEMIBLOCK_LENGTH, KW_SEMIBLOCK_LENGTH ); + memcpy(R2, outbuff + KW_SEMIBLOCK_LENGTH, KW_SEMIBLOCK_LENGTH); R2 += KW_SEMIBLOCK_LENGTH; - if( R2 >= output + ( semiblocks * KW_SEMIBLOCK_LENGTH ) ) + if (R2 >= output + (semiblocks * KW_SEMIBLOCK_LENGTH)) { R2 = output + KW_SEMIBLOCK_LENGTH; + } } } @@ -255,14 +247,13 @@ int mbedtls_nist_kw_wrap( mbedtls_nist_kw_context *ctx, cleanup: - if( ret != 0) - { - memset( output, 0, semiblocks * KW_SEMIBLOCK_LENGTH ); + if (ret != 0) { + memset(output, 0, semiblocks * KW_SEMIBLOCK_LENGTH); } - mbedtls_platform_zeroize( inbuff, KW_SEMIBLOCK_LENGTH * 2 ); - mbedtls_platform_zeroize( outbuff, KW_SEMIBLOCK_LENGTH * 2 ); + mbedtls_platform_zeroize(inbuff, KW_SEMIBLOCK_LENGTH * 2); + mbedtls_platform_zeroize(outbuff, KW_SEMIBLOCK_LENGTH * 2); - return( ret ); + return ret; } /* @@ -273,13 +264,13 @@ cleanup: * 3. Minimal number of semiblocks is 3. * 4. A is a buffer to hold the first semiblock of the input buffer. */ -static int unwrap( mbedtls_nist_kw_context *ctx, - const unsigned char *input, size_t semiblocks, - unsigned char A[KW_SEMIBLOCK_LENGTH], - unsigned char *output, size_t* out_len ) +static int unwrap(mbedtls_nist_kw_context *ctx, + const unsigned char *input, size_t semiblocks, + unsigned char A[KW_SEMIBLOCK_LENGTH], + unsigned char *output, size_t *out_len) { int ret = 0; - const size_t s = 6 * ( semiblocks - 1 ); + const size_t s = 6 * (semiblocks - 1); size_t olen; uint64_t t = 0; unsigned char outbuff[KW_SEMIBLOCK_LENGTH * 2]; @@ -287,58 +278,59 @@ static int unwrap( mbedtls_nist_kw_context *ctx, unsigned char *R = NULL; *out_len = 0; - if( semiblocks < MIN_SEMIBLOCKS_COUNT ) - { - return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + if (semiblocks < MIN_SEMIBLOCKS_COUNT) { + return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA; } - memcpy( A, input, KW_SEMIBLOCK_LENGTH ); - memmove( output, input + KW_SEMIBLOCK_LENGTH, ( semiblocks - 1 ) * KW_SEMIBLOCK_LENGTH ); - R = output + ( semiblocks - 2 ) * KW_SEMIBLOCK_LENGTH; + memcpy(A, input, KW_SEMIBLOCK_LENGTH); + memmove(output, input + KW_SEMIBLOCK_LENGTH, (semiblocks - 1) * KW_SEMIBLOCK_LENGTH); + R = output + (semiblocks - 2) * KW_SEMIBLOCK_LENGTH; /* Calculate intermediate values */ - for( t = s; t >= 1; t-- ) - { - calc_a_xor_t( A, t ); + for (t = s; t >= 1; t--) { + calc_a_xor_t(A, t); - memcpy( inbuff, A, KW_SEMIBLOCK_LENGTH ); - memcpy( inbuff + KW_SEMIBLOCK_LENGTH, R, KW_SEMIBLOCK_LENGTH ); + memcpy(inbuff, A, KW_SEMIBLOCK_LENGTH); + memcpy(inbuff + KW_SEMIBLOCK_LENGTH, R, KW_SEMIBLOCK_LENGTH); - ret = mbedtls_cipher_update( &ctx->cipher_ctx, - inbuff, 16, outbuff, &olen ); - if( ret != 0 ) + ret = mbedtls_cipher_update(&ctx->cipher_ctx, + inbuff, 16, outbuff, &olen); + if (ret != 0) { goto cleanup; + } - memcpy( A, outbuff, KW_SEMIBLOCK_LENGTH ); + memcpy(A, outbuff, KW_SEMIBLOCK_LENGTH); /* Set R as LSB64 of outbuff */ - memcpy( R, outbuff + KW_SEMIBLOCK_LENGTH, KW_SEMIBLOCK_LENGTH ); + memcpy(R, outbuff + KW_SEMIBLOCK_LENGTH, KW_SEMIBLOCK_LENGTH); - if( R == output ) - R = output + ( semiblocks - 2 ) * KW_SEMIBLOCK_LENGTH; - else + if (R == output) { + R = output + (semiblocks - 2) * KW_SEMIBLOCK_LENGTH; + } else { R -= KW_SEMIBLOCK_LENGTH; + } } - *out_len = ( semiblocks - 1 ) * KW_SEMIBLOCK_LENGTH; + *out_len = (semiblocks - 1) * KW_SEMIBLOCK_LENGTH; cleanup: - if( ret != 0) - memset( output, 0, ( semiblocks - 1 ) * KW_SEMIBLOCK_LENGTH ); - mbedtls_platform_zeroize( inbuff, sizeof( inbuff ) ); - mbedtls_platform_zeroize( outbuff, sizeof( outbuff ) ); + if (ret != 0) { + memset(output, 0, (semiblocks - 1) * KW_SEMIBLOCK_LENGTH); + } + mbedtls_platform_zeroize(inbuff, sizeof(inbuff)); + mbedtls_platform_zeroize(outbuff, sizeof(outbuff)); - return( ret ); + return ret; } /* * KW-AD as defined in SP 800-38F section 6.2 * KWP-AD as defined in SP 800-38F section 6.3 */ -int mbedtls_nist_kw_unwrap( mbedtls_nist_kw_context *ctx, - mbedtls_nist_kw_mode_t mode, - const unsigned char *input, size_t in_len, - unsigned char *output, size_t *out_len, size_t out_size ) +int mbedtls_nist_kw_unwrap(mbedtls_nist_kw_context *ctx, + mbedtls_nist_kw_mode_t mode, + const unsigned char *input, size_t in_len, + unsigned char *output, size_t *out_len, size_t out_size) { int ret = 0; size_t i, olen; @@ -346,89 +338,81 @@ int mbedtls_nist_kw_unwrap( mbedtls_nist_kw_context *ctx, unsigned char diff, bad_padding = 0; *out_len = 0; - if( out_size < in_len - KW_SEMIBLOCK_LENGTH ) - { - return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + if (out_size < in_len - KW_SEMIBLOCK_LENGTH) { + return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA; } - if( mode == MBEDTLS_KW_MODE_KW ) - { + if (mode == MBEDTLS_KW_MODE_KW) { /* * According to SP 800-38F Table 1, the ciphertext length for KW * must be between 3 to 2^54 semiblocks inclusive. */ - if( in_len < 24 || + if (in_len < 24 || #if SIZE_MAX > 0x200000000000000 in_len > 0x200000000000000 || #endif - in_len % KW_SEMIBLOCK_LENGTH != 0 ) - { - return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + in_len % KW_SEMIBLOCK_LENGTH != 0) { + return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA; } - ret = unwrap( ctx, input, in_len / KW_SEMIBLOCK_LENGTH, - A, output, out_len ); - if( ret != 0 ) + ret = unwrap(ctx, input, in_len / KW_SEMIBLOCK_LENGTH, + A, output, out_len); + if (ret != 0) { goto cleanup; + } /* Check ICV in "constant-time" */ - diff = mbedtls_ct_memcmp( NIST_KW_ICV1, A, KW_SEMIBLOCK_LENGTH ); + diff = mbedtls_ct_memcmp(NIST_KW_ICV1, A, KW_SEMIBLOCK_LENGTH); - if( diff != 0 ) - { + if (diff != 0) { ret = MBEDTLS_ERR_CIPHER_AUTH_FAILED; goto cleanup; } - } - else if( mode == MBEDTLS_KW_MODE_KWP ) - { + } else if (mode == MBEDTLS_KW_MODE_KWP) { size_t padlen = 0; uint32_t Plen; /* * According to SP 800-38F Table 1, the ciphertext length for KWP * must be between 2 to 2^29 semiblocks inclusive. */ - if( in_len < KW_SEMIBLOCK_LENGTH * 2 || + if (in_len < KW_SEMIBLOCK_LENGTH * 2 || #if SIZE_MAX > 0x100000000 in_len > 0x100000000 || #endif - in_len % KW_SEMIBLOCK_LENGTH != 0 ) - { - return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + in_len % KW_SEMIBLOCK_LENGTH != 0) { + return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA; } - if( in_len == KW_SEMIBLOCK_LENGTH * 2 ) - { + if (in_len == KW_SEMIBLOCK_LENGTH * 2) { unsigned char outbuff[KW_SEMIBLOCK_LENGTH * 2]; - ret = mbedtls_cipher_update( &ctx->cipher_ctx, - input, 16, outbuff, &olen ); - if( ret != 0 ) + ret = mbedtls_cipher_update(&ctx->cipher_ctx, + input, 16, outbuff, &olen); + if (ret != 0) { goto cleanup; + } - memcpy( A, outbuff, KW_SEMIBLOCK_LENGTH ); - memcpy( output, outbuff + KW_SEMIBLOCK_LENGTH, KW_SEMIBLOCK_LENGTH ); - mbedtls_platform_zeroize( outbuff, sizeof( outbuff ) ); + memcpy(A, outbuff, KW_SEMIBLOCK_LENGTH); + memcpy(output, outbuff + KW_SEMIBLOCK_LENGTH, KW_SEMIBLOCK_LENGTH); + mbedtls_platform_zeroize(outbuff, sizeof(outbuff)); *out_len = KW_SEMIBLOCK_LENGTH; - } - else - { + } else { /* in_len >= KW_SEMIBLOCK_LENGTH * 3 */ - ret = unwrap( ctx, input, in_len / KW_SEMIBLOCK_LENGTH, - A, output, out_len ); - if( ret != 0 ) + ret = unwrap(ctx, input, in_len / KW_SEMIBLOCK_LENGTH, + A, output, out_len); + if (ret != 0) { goto cleanup; + } } /* Check ICV in "constant-time" */ - diff = mbedtls_ct_memcmp( NIST_KW_ICV2, A, KW_SEMIBLOCK_LENGTH / 2 ); + diff = mbedtls_ct_memcmp(NIST_KW_ICV2, A, KW_SEMIBLOCK_LENGTH / 2); - if( diff != 0 ) - { + if (diff != 0) { ret = MBEDTLS_ERR_CIPHER_AUTH_FAILED; } - Plen = MBEDTLS_GET_UINT32_BE( A, KW_SEMIBLOCK_LENGTH / 2 ); + Plen = MBEDTLS_GET_UINT32_BE(A, KW_SEMIBLOCK_LENGTH / 2); /* * Plen is the length of the plaintext, when the input is valid. @@ -436,51 +420,45 @@ int mbedtls_nist_kw_unwrap( mbedtls_nist_kw_context *ctx, * larger than 8, because of the type wrap around. */ padlen = in_len - KW_SEMIBLOCK_LENGTH - Plen; - if ( padlen > 7 ) - { + if (padlen > 7) { padlen &= 7; ret = MBEDTLS_ERR_CIPHER_AUTH_FAILED; } /* Check padding in "constant-time" */ - for( diff = 0, i = 0; i < KW_SEMIBLOCK_LENGTH; i++ ) - { - if( i >= KW_SEMIBLOCK_LENGTH - padlen ) - diff |= output[*out_len - KW_SEMIBLOCK_LENGTH + i]; - else - bad_padding |= output[*out_len - KW_SEMIBLOCK_LENGTH + i]; + for (diff = 0, i = 0; i < KW_SEMIBLOCK_LENGTH; i++) { + if (i >= KW_SEMIBLOCK_LENGTH - padlen) { + diff |= output[*out_len - KW_SEMIBLOCK_LENGTH + i]; + } else { + bad_padding |= output[*out_len - KW_SEMIBLOCK_LENGTH + i]; + } } - if( diff != 0 ) - { + if (diff != 0) { ret = MBEDTLS_ERR_CIPHER_AUTH_FAILED; } - if( ret != 0 ) - { + if (ret != 0) { goto cleanup; } - memset( output + Plen, 0, padlen ); + memset(output + Plen, 0, padlen); *out_len = Plen; - } - else - { + } else { ret = MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE; goto cleanup; } cleanup: - if( ret != 0 ) - { - memset( output, 0, *out_len ); + if (ret != 0) { + memset(output, 0, *out_len); *out_len = 0; } - mbedtls_platform_zeroize( &bad_padding, sizeof( bad_padding) ); - mbedtls_platform_zeroize( &diff, sizeof( diff ) ); - mbedtls_platform_zeroize( A, sizeof( A ) ); + mbedtls_platform_zeroize(&bad_padding, sizeof(bad_padding)); + mbedtls_platform_zeroize(&diff, sizeof(diff)); + mbedtls_platform_zeroize(A, sizeof(A)); - return( ret ); + return ret; } #endif /* !MBEDTLS_NIST_KW_ALT */ @@ -575,130 +553,133 @@ static const unsigned char kwp_res[KW_TESTS][48] = { }; static const size_t kwp_out_len[KW_TESTS] = { 24, 40, 16 }; -int mbedtls_nist_kw_self_test( int verbose ) +int mbedtls_nist_kw_self_test(int verbose) { mbedtls_nist_kw_context ctx; unsigned char out[48]; size_t olen; int i; int ret = 0; - mbedtls_nist_kw_init( &ctx ); + mbedtls_nist_kw_init(&ctx); - for( i = 0; i < KW_TESTS; i++ ) - { - if( verbose != 0 ) - mbedtls_printf( " KW-AES-%u ", (unsigned int) key_len[i] * 8 ); + for (i = 0; i < KW_TESTS; i++) { + if (verbose != 0) { + mbedtls_printf(" KW-AES-%u ", (unsigned int) key_len[i] * 8); + } - ret = mbedtls_nist_kw_setkey( &ctx, MBEDTLS_CIPHER_ID_AES, - kw_key[i], key_len[i] * 8, 1 ); - if( ret != 0 ) - { - if( verbose != 0 ) - mbedtls_printf( " KW: setup failed " ); + ret = mbedtls_nist_kw_setkey(&ctx, MBEDTLS_CIPHER_ID_AES, + kw_key[i], key_len[i] * 8, 1); + if (ret != 0) { + if (verbose != 0) { + mbedtls_printf(" KW: setup failed "); + } goto end; } - ret = mbedtls_nist_kw_wrap( &ctx, MBEDTLS_KW_MODE_KW, kw_msg[i], - kw_msg_len[i], out, &olen, sizeof( out ) ); - if( ret != 0 || kw_out_len[i] != olen || - memcmp( out, kw_res[i], kw_out_len[i] ) != 0 ) - { - if( verbose != 0 ) - mbedtls_printf( "failed. "); + ret = mbedtls_nist_kw_wrap(&ctx, MBEDTLS_KW_MODE_KW, kw_msg[i], + kw_msg_len[i], out, &olen, sizeof(out)); + if (ret != 0 || kw_out_len[i] != olen || + memcmp(out, kw_res[i], kw_out_len[i]) != 0) { + if (verbose != 0) { + mbedtls_printf("failed. "); + } ret = 1; goto end; } - if( ( ret = mbedtls_nist_kw_setkey( &ctx, MBEDTLS_CIPHER_ID_AES, - kw_key[i], key_len[i] * 8, 0 ) ) - != 0 ) - { - if( verbose != 0 ) - mbedtls_printf( " KW: setup failed "); + if ((ret = mbedtls_nist_kw_setkey(&ctx, MBEDTLS_CIPHER_ID_AES, + kw_key[i], key_len[i] * 8, 0)) + != 0) { + if (verbose != 0) { + mbedtls_printf(" KW: setup failed "); + } goto end; } - ret = mbedtls_nist_kw_unwrap( &ctx, MBEDTLS_KW_MODE_KW, - out, olen, out, &olen, sizeof( out ) ); + ret = mbedtls_nist_kw_unwrap(&ctx, MBEDTLS_KW_MODE_KW, + out, olen, out, &olen, sizeof(out)); - if( ret != 0 || olen != kw_msg_len[i] || - memcmp( out, kw_msg[i], kw_msg_len[i] ) != 0 ) - { - if( verbose != 0 ) - mbedtls_printf( "failed\n" ); + if (ret != 0 || olen != kw_msg_len[i] || + memcmp(out, kw_msg[i], kw_msg_len[i]) != 0) { + if (verbose != 0) { + mbedtls_printf("failed\n"); + } ret = 1; goto end; } - if( verbose != 0 ) - mbedtls_printf( " passed\n" ); + if (verbose != 0) { + mbedtls_printf(" passed\n"); + } } - for( i = 0; i < KW_TESTS; i++ ) - { - olen = sizeof( out ); - if( verbose != 0 ) - mbedtls_printf( " KWP-AES-%u ", (unsigned int) key_len[i] * 8 ); + for (i = 0; i < KW_TESTS; i++) { + olen = sizeof(out); + if (verbose != 0) { + mbedtls_printf(" KWP-AES-%u ", (unsigned int) key_len[i] * 8); + } - ret = mbedtls_nist_kw_setkey( &ctx, MBEDTLS_CIPHER_ID_AES, kwp_key[i], - key_len[i] * 8, 1 ); - if( ret != 0 ) - { - if( verbose != 0 ) - mbedtls_printf( " KWP: setup failed " ); + ret = mbedtls_nist_kw_setkey(&ctx, MBEDTLS_CIPHER_ID_AES, kwp_key[i], + key_len[i] * 8, 1); + if (ret != 0) { + if (verbose != 0) { + mbedtls_printf(" KWP: setup failed "); + } goto end; } - ret = mbedtls_nist_kw_wrap( &ctx, MBEDTLS_KW_MODE_KWP, kwp_msg[i], - kwp_msg_len[i], out, &olen, sizeof( out ) ); + ret = mbedtls_nist_kw_wrap(&ctx, MBEDTLS_KW_MODE_KWP, kwp_msg[i], + kwp_msg_len[i], out, &olen, sizeof(out)); - if( ret != 0 || kwp_out_len[i] != olen || - memcmp( out, kwp_res[i], kwp_out_len[i] ) != 0 ) - { - if( verbose != 0 ) - mbedtls_printf( "failed. "); + if (ret != 0 || kwp_out_len[i] != olen || + memcmp(out, kwp_res[i], kwp_out_len[i]) != 0) { + if (verbose != 0) { + mbedtls_printf("failed. "); + } ret = 1; goto end; } - if( ( ret = mbedtls_nist_kw_setkey( &ctx, MBEDTLS_CIPHER_ID_AES, - kwp_key[i], key_len[i] * 8, 0 ) ) - != 0 ) - { - if( verbose != 0 ) - mbedtls_printf( " KWP: setup failed "); + if ((ret = mbedtls_nist_kw_setkey(&ctx, MBEDTLS_CIPHER_ID_AES, + kwp_key[i], key_len[i] * 8, 0)) + != 0) { + if (verbose != 0) { + mbedtls_printf(" KWP: setup failed "); + } goto end; } - ret = mbedtls_nist_kw_unwrap( &ctx, MBEDTLS_KW_MODE_KWP, out, - olen, out, &olen, sizeof( out ) ); + ret = mbedtls_nist_kw_unwrap(&ctx, MBEDTLS_KW_MODE_KWP, out, + olen, out, &olen, sizeof(out)); - if( ret != 0 || olen != kwp_msg_len[i] || - memcmp( out, kwp_msg[i], kwp_msg_len[i] ) != 0 ) - { - if( verbose != 0 ) - mbedtls_printf( "failed. "); + if (ret != 0 || olen != kwp_msg_len[i] || + memcmp(out, kwp_msg[i], kwp_msg_len[i]) != 0) { + if (verbose != 0) { + mbedtls_printf("failed. "); + } ret = 1; goto end; } - if( verbose != 0 ) - mbedtls_printf( " passed\n" ); + if (verbose != 0) { + mbedtls_printf(" passed\n"); + } } end: - mbedtls_nist_kw_free( &ctx ); + mbedtls_nist_kw_free(&ctx); - if( verbose != 0 ) - mbedtls_printf( "\n" ); + if (verbose != 0) { + mbedtls_printf("\n"); + } - return( ret ); + return ret; } #endif /* MBEDTLS_SELF_TEST && MBEDTLS_AES_C */ diff --git a/thirdparty/mbedtls/library/oid.c b/thirdparty/mbedtls/library/oid.c index 53e5350eb3..12a96503bd 100644 --- a/thirdparty/mbedtls/library/oid.c +++ b/thirdparty/mbedtls/library/oid.c @@ -41,23 +41,23 @@ * Macro to generate an internal function for oid_XXX_from_asn1() (used by * the other functions) */ -#define FN_OID_TYPED_FROM_ASN1( TYPE_T, NAME, LIST ) \ - static const TYPE_T * oid_ ## NAME ## _from_asn1( \ - const mbedtls_asn1_buf *oid ) \ +#define FN_OID_TYPED_FROM_ASN1(TYPE_T, NAME, LIST) \ + static const TYPE_T *oid_ ## NAME ## _from_asn1( \ + const mbedtls_asn1_buf *oid) \ { \ const TYPE_T *p = (LIST); \ const mbedtls_oid_descriptor_t *cur = \ (const mbedtls_oid_descriptor_t *) p; \ - if( p == NULL || oid == NULL ) return( NULL ); \ - while( cur->asn1 != NULL ) { \ - if( cur->asn1_len == oid->len && \ - memcmp( cur->asn1, oid->p, oid->len ) == 0 ) { \ - return( p ); \ + if (p == NULL || oid == NULL) return NULL; \ + while (cur->asn1 != NULL) { \ + if (cur->asn1_len == oid->len && \ + memcmp(cur->asn1, oid->p, oid->len) == 0) { \ + return p; \ } \ p++; \ cur = (const mbedtls_oid_descriptor_t *) p; \ } \ - return( NULL ); \ + return NULL; \ } /* @@ -65,26 +65,26 @@ * descriptor of an mbedtls_oid_descriptor_t wrapper. */ #define FN_OID_GET_DESCRIPTOR_ATTR1(FN_NAME, TYPE_T, TYPE_NAME, ATTR1_TYPE, ATTR1) \ -int FN_NAME( const mbedtls_asn1_buf *oid, ATTR1_TYPE * ATTR1 ) \ -{ \ - const TYPE_T *data = oid_ ## TYPE_NAME ## _from_asn1( oid ); \ - if( data == NULL ) return( MBEDTLS_ERR_OID_NOT_FOUND ); \ - *ATTR1 = data->descriptor.ATTR1; \ - return( 0 ); \ -} + int FN_NAME(const mbedtls_asn1_buf *oid, ATTR1_TYPE * ATTR1) \ + { \ + const TYPE_T *data = oid_ ## TYPE_NAME ## _from_asn1(oid); \ + if (data == NULL) return MBEDTLS_ERR_OID_NOT_FOUND; \ + *ATTR1 = data->descriptor.ATTR1; \ + return 0; \ + } /* * Macro to generate a function for retrieving a single attribute from an * mbedtls_oid_descriptor_t wrapper. */ #define FN_OID_GET_ATTR1(FN_NAME, TYPE_T, TYPE_NAME, ATTR1_TYPE, ATTR1) \ -int FN_NAME( const mbedtls_asn1_buf *oid, ATTR1_TYPE * ATTR1 ) \ -{ \ - const TYPE_T *data = oid_ ## TYPE_NAME ## _from_asn1( oid ); \ - if( data == NULL ) return( MBEDTLS_ERR_OID_NOT_FOUND ); \ - *ATTR1 = data->ATTR1; \ - return( 0 ); \ -} + int FN_NAME(const mbedtls_asn1_buf *oid, ATTR1_TYPE * ATTR1) \ + { \ + const TYPE_T *data = oid_ ## TYPE_NAME ## _from_asn1(oid); \ + if (data == NULL) return MBEDTLS_ERR_OID_NOT_FOUND; \ + *ATTR1 = data->ATTR1; \ + return 0; \ + } /* * Macro to generate a function for retrieving two attributes from an @@ -92,34 +92,34 @@ int FN_NAME( const mbedtls_asn1_buf *oid, ATTR1_TYPE * ATTR1 ) */ #define FN_OID_GET_ATTR2(FN_NAME, TYPE_T, TYPE_NAME, ATTR1_TYPE, ATTR1, \ ATTR2_TYPE, ATTR2) \ -int FN_NAME( const mbedtls_asn1_buf *oid, ATTR1_TYPE * ATTR1, \ - ATTR2_TYPE * ATTR2 ) \ -{ \ - const TYPE_T *data = oid_ ## TYPE_NAME ## _from_asn1( oid ); \ - if( data == NULL ) return( MBEDTLS_ERR_OID_NOT_FOUND ); \ - *(ATTR1) = data->ATTR1; \ - *(ATTR2) = data->ATTR2; \ - return( 0 ); \ -} + int FN_NAME(const mbedtls_asn1_buf *oid, ATTR1_TYPE * ATTR1, \ + ATTR2_TYPE * ATTR2) \ + { \ + const TYPE_T *data = oid_ ## TYPE_NAME ## _from_asn1(oid); \ + if (data == NULL) return MBEDTLS_ERR_OID_NOT_FOUND; \ + *(ATTR1) = data->ATTR1; \ + *(ATTR2) = data->ATTR2; \ + return 0; \ + } /* * Macro to generate a function for retrieving the OID based on a single * attribute from a mbedtls_oid_descriptor_t wrapper. */ #define FN_OID_GET_OID_BY_ATTR1(FN_NAME, TYPE_T, LIST, ATTR1_TYPE, ATTR1) \ -int FN_NAME( ATTR1_TYPE ATTR1, const char **oid, size_t *olen ) \ -{ \ - const TYPE_T *cur = (LIST); \ - while( cur->descriptor.asn1 != NULL ) { \ - if( cur->ATTR1 == (ATTR1) ) { \ - *oid = cur->descriptor.asn1; \ - *olen = cur->descriptor.asn1_len; \ - return( 0 ); \ - } \ - cur++; \ - } \ - return( MBEDTLS_ERR_OID_NOT_FOUND ); \ -} + int FN_NAME(ATTR1_TYPE ATTR1, const char **oid, size_t *olen) \ + { \ + const TYPE_T *cur = (LIST); \ + while (cur->descriptor.asn1 != NULL) { \ + if (cur->ATTR1 == (ATTR1)) { \ + *oid = cur->descriptor.asn1; \ + *olen = cur->descriptor.asn1_len; \ + return 0; \ + } \ + cur++; \ + } \ + return MBEDTLS_ERR_OID_NOT_FOUND; \ + } /* * Macro to generate a function for retrieving the OID based on two @@ -127,20 +127,20 @@ int FN_NAME( ATTR1_TYPE ATTR1, const char **oid, size_t *olen ) \ */ #define FN_OID_GET_OID_BY_ATTR2(FN_NAME, TYPE_T, LIST, ATTR1_TYPE, ATTR1, \ ATTR2_TYPE, ATTR2) \ -int FN_NAME( ATTR1_TYPE ATTR1, ATTR2_TYPE ATTR2, const char **oid , \ - size_t *olen ) \ -{ \ - const TYPE_T *cur = (LIST); \ - while( cur->descriptor.asn1 != NULL ) { \ - if( cur->ATTR1 == (ATTR1) && cur->ATTR2 == (ATTR2) ) { \ - *oid = cur->descriptor.asn1; \ - *olen = cur->descriptor.asn1_len; \ - return( 0 ); \ - } \ - cur++; \ - } \ - return( MBEDTLS_ERR_OID_NOT_FOUND ); \ -} + int FN_NAME(ATTR1_TYPE ATTR1, ATTR2_TYPE ATTR2, const char **oid, \ + size_t *olen) \ + { \ + const TYPE_T *cur = (LIST); \ + while (cur->descriptor.asn1 != NULL) { \ + if (cur->ATTR1 == (ATTR1) && cur->ATTR2 == (ATTR2)) { \ + *oid = cur->descriptor.asn1; \ + *olen = cur->descriptor.asn1_len; \ + return 0; \ + } \ + cur++; \ + } \ + return MBEDTLS_ERR_OID_NOT_FOUND; \ + } /* * For X520 attribute types @@ -153,79 +153,84 @@ typedef struct { static const oid_x520_attr_t oid_x520_attr_type[] = { { - { ADD_LEN( MBEDTLS_OID_AT_CN ), "id-at-commonName", "Common Name" }, + { ADD_LEN(MBEDTLS_OID_AT_CN), "id-at-commonName", "Common Name" }, "CN", }, { - { ADD_LEN( MBEDTLS_OID_AT_COUNTRY ), "id-at-countryName", "Country" }, + { ADD_LEN(MBEDTLS_OID_AT_COUNTRY), "id-at-countryName", "Country" }, "C", }, { - { ADD_LEN( MBEDTLS_OID_AT_LOCALITY ), "id-at-locality", "Locality" }, + { ADD_LEN(MBEDTLS_OID_AT_LOCALITY), "id-at-locality", "Locality" }, "L", }, { - { ADD_LEN( MBEDTLS_OID_AT_STATE ), "id-at-state", "State" }, + { ADD_LEN(MBEDTLS_OID_AT_STATE), "id-at-state", "State" }, "ST", }, { - { ADD_LEN( MBEDTLS_OID_AT_ORGANIZATION ),"id-at-organizationName", "Organization" }, + { ADD_LEN(MBEDTLS_OID_AT_ORGANIZATION), "id-at-organizationName", "Organization" }, "O", }, { - { ADD_LEN( MBEDTLS_OID_AT_ORG_UNIT ), "id-at-organizationalUnitName", "Org Unit" }, + { ADD_LEN(MBEDTLS_OID_AT_ORG_UNIT), "id-at-organizationalUnitName", "Org Unit" }, "OU", }, { - { ADD_LEN( MBEDTLS_OID_PKCS9_EMAIL ), "emailAddress", "E-mail address" }, + { ADD_LEN(MBEDTLS_OID_PKCS9_EMAIL), "emailAddress", "E-mail address" }, "emailAddress", }, { - { ADD_LEN( MBEDTLS_OID_AT_SERIAL_NUMBER ),"id-at-serialNumber", "Serial number" }, + { ADD_LEN(MBEDTLS_OID_AT_SERIAL_NUMBER), "id-at-serialNumber", "Serial number" }, "serialNumber", }, { - { ADD_LEN( MBEDTLS_OID_AT_POSTAL_ADDRESS ),"id-at-postalAddress", "Postal address" }, + { ADD_LEN(MBEDTLS_OID_AT_POSTAL_ADDRESS), "id-at-postalAddress", + "Postal address" }, "postalAddress", }, { - { ADD_LEN( MBEDTLS_OID_AT_POSTAL_CODE ), "id-at-postalCode", "Postal code" }, + { ADD_LEN(MBEDTLS_OID_AT_POSTAL_CODE), "id-at-postalCode", "Postal code" }, "postalCode", }, { - { ADD_LEN( MBEDTLS_OID_AT_SUR_NAME ), "id-at-surName", "Surname" }, + { ADD_LEN(MBEDTLS_OID_AT_SUR_NAME), "id-at-surName", "Surname" }, "SN", }, { - { ADD_LEN( MBEDTLS_OID_AT_GIVEN_NAME ), "id-at-givenName", "Given name" }, + { ADD_LEN(MBEDTLS_OID_AT_GIVEN_NAME), "id-at-givenName", "Given name" }, "GN", }, { - { ADD_LEN( MBEDTLS_OID_AT_INITIALS ), "id-at-initials", "Initials" }, + { ADD_LEN(MBEDTLS_OID_AT_INITIALS), "id-at-initials", "Initials" }, "initials", }, { - { ADD_LEN( MBEDTLS_OID_AT_GENERATION_QUALIFIER ), "id-at-generationQualifier", "Generation qualifier" }, + { ADD_LEN(MBEDTLS_OID_AT_GENERATION_QUALIFIER), "id-at-generationQualifier", + "Generation qualifier" }, "generationQualifier", }, { - { ADD_LEN( MBEDTLS_OID_AT_TITLE ), "id-at-title", "Title" }, + { ADD_LEN(MBEDTLS_OID_AT_TITLE), "id-at-title", "Title" }, "title", }, { - { ADD_LEN( MBEDTLS_OID_AT_DN_QUALIFIER ),"id-at-dnQualifier", "Distinguished Name qualifier" }, + { ADD_LEN(MBEDTLS_OID_AT_DN_QUALIFIER), "id-at-dnQualifier", + "Distinguished Name qualifier" }, "dnQualifier", }, { - { ADD_LEN( MBEDTLS_OID_AT_PSEUDONYM ), "id-at-pseudonym", "Pseudonym" }, + { ADD_LEN(MBEDTLS_OID_AT_PSEUDONYM), "id-at-pseudonym", "Pseudonym" }, "pseudonym", }, { - { ADD_LEN( MBEDTLS_OID_DOMAIN_COMPONENT ), "id-domainComponent", "Domain component" }, + { ADD_LEN(MBEDTLS_OID_DOMAIN_COMPONENT), "id-domainComponent", + "Domain component" }, "DC", }, { - { ADD_LEN( MBEDTLS_OID_AT_UNIQUE_IDENTIFIER ), "id-at-uniqueIdentifier", "Unique Identifier" }, + { ADD_LEN(MBEDTLS_OID_AT_UNIQUE_IDENTIFIER), "id-at-uniqueIdentifier", + "Unique Identifier" }, "uniqueIdentifier", }, { @@ -235,7 +240,11 @@ static const oid_x520_attr_t oid_x520_attr_type[] = }; FN_OID_TYPED_FROM_ASN1(oid_x520_attr_t, x520_attr, oid_x520_attr_type) -FN_OID_GET_ATTR1(mbedtls_oid_get_attr_short_name, oid_x520_attr_t, x520_attr, const char *, short_name) +FN_OID_GET_ATTR1(mbedtls_oid_get_attr_short_name, + oid_x520_attr_t, + x520_attr, + const char *, + short_name) /* * For X509 extensions @@ -248,27 +257,32 @@ typedef struct { static const oid_x509_ext_t oid_x509_ext[] = { { - { ADD_LEN( MBEDTLS_OID_BASIC_CONSTRAINTS ), "id-ce-basicConstraints", "Basic Constraints" }, + { ADD_LEN(MBEDTLS_OID_BASIC_CONSTRAINTS), "id-ce-basicConstraints", + "Basic Constraints" }, MBEDTLS_OID_X509_EXT_BASIC_CONSTRAINTS, }, { - { ADD_LEN( MBEDTLS_OID_KEY_USAGE ), "id-ce-keyUsage", "Key Usage" }, + { ADD_LEN(MBEDTLS_OID_KEY_USAGE), "id-ce-keyUsage", "Key Usage" }, MBEDTLS_OID_X509_EXT_KEY_USAGE, }, { - { ADD_LEN( MBEDTLS_OID_EXTENDED_KEY_USAGE ), "id-ce-extKeyUsage", "Extended Key Usage" }, + { ADD_LEN(MBEDTLS_OID_EXTENDED_KEY_USAGE), "id-ce-extKeyUsage", + "Extended Key Usage" }, MBEDTLS_OID_X509_EXT_EXTENDED_KEY_USAGE, }, { - { ADD_LEN( MBEDTLS_OID_SUBJECT_ALT_NAME ), "id-ce-subjectAltName", "Subject Alt Name" }, + { ADD_LEN(MBEDTLS_OID_SUBJECT_ALT_NAME), "id-ce-subjectAltName", + "Subject Alt Name" }, MBEDTLS_OID_X509_EXT_SUBJECT_ALT_NAME, }, { - { ADD_LEN( MBEDTLS_OID_NS_CERT_TYPE ), "id-netscape-certtype", "Netscape Certificate Type" }, + { ADD_LEN(MBEDTLS_OID_NS_CERT_TYPE), "id-netscape-certtype", + "Netscape Certificate Type" }, MBEDTLS_OID_X509_EXT_NS_CERT_TYPE, }, { - { ADD_LEN( MBEDTLS_OID_CERTIFICATE_POLICIES ), "id-ce-certificatePolicies", "Certificate Policies" }, + { ADD_LEN(MBEDTLS_OID_CERTIFICATE_POLICIES), "id-ce-certificatePolicies", + "Certificate Policies" }, MBEDTLS_OID_X509_EXT_CERTIFICATE_POLICIES, }, { @@ -282,27 +296,38 @@ FN_OID_GET_ATTR1(mbedtls_oid_get_x509_ext_type, oid_x509_ext_t, x509_ext, int, e static const mbedtls_oid_descriptor_t oid_ext_key_usage[] = { - { ADD_LEN( MBEDTLS_OID_SERVER_AUTH ), "id-kp-serverAuth", "TLS Web Server Authentication" }, - { ADD_LEN( MBEDTLS_OID_CLIENT_AUTH ), "id-kp-clientAuth", "TLS Web Client Authentication" }, - { ADD_LEN( MBEDTLS_OID_CODE_SIGNING ), "id-kp-codeSigning", "Code Signing" }, - { ADD_LEN( MBEDTLS_OID_EMAIL_PROTECTION ), "id-kp-emailProtection", "E-mail Protection" }, - { ADD_LEN( MBEDTLS_OID_TIME_STAMPING ), "id-kp-timeStamping", "Time Stamping" }, - { ADD_LEN( MBEDTLS_OID_OCSP_SIGNING ), "id-kp-OCSPSigning", "OCSP Signing" }, - { ADD_LEN( MBEDTLS_OID_WISUN_FAN ), "id-kp-wisun-fan-device", "Wi-SUN Alliance Field Area Network (FAN)" }, + { ADD_LEN(MBEDTLS_OID_SERVER_AUTH), "id-kp-serverAuth", + "TLS Web Server Authentication" }, + { ADD_LEN(MBEDTLS_OID_CLIENT_AUTH), "id-kp-clientAuth", + "TLS Web Client Authentication" }, + { ADD_LEN(MBEDTLS_OID_CODE_SIGNING), "id-kp-codeSigning", "Code Signing" }, + { ADD_LEN(MBEDTLS_OID_EMAIL_PROTECTION), "id-kp-emailProtection", "E-mail Protection" }, + { ADD_LEN(MBEDTLS_OID_TIME_STAMPING), "id-kp-timeStamping", "Time Stamping" }, + { ADD_LEN(MBEDTLS_OID_OCSP_SIGNING), "id-kp-OCSPSigning", "OCSP Signing" }, + { ADD_LEN(MBEDTLS_OID_WISUN_FAN), "id-kp-wisun-fan-device", + "Wi-SUN Alliance Field Area Network (FAN)" }, { NULL, 0, NULL, NULL }, }; FN_OID_TYPED_FROM_ASN1(mbedtls_oid_descriptor_t, ext_key_usage, oid_ext_key_usage) -FN_OID_GET_ATTR1(mbedtls_oid_get_extended_key_usage, mbedtls_oid_descriptor_t, ext_key_usage, const char *, description) +FN_OID_GET_ATTR1(mbedtls_oid_get_extended_key_usage, + mbedtls_oid_descriptor_t, + ext_key_usage, + const char *, + description) static const mbedtls_oid_descriptor_t oid_certificate_policies[] = { - { ADD_LEN( MBEDTLS_OID_ANY_POLICY ), "anyPolicy", "Any Policy" }, + { ADD_LEN(MBEDTLS_OID_ANY_POLICY), "anyPolicy", "Any Policy" }, { NULL, 0, NULL, NULL }, }; FN_OID_TYPED_FROM_ASN1(mbedtls_oid_descriptor_t, certificate_policies, oid_certificate_policies) -FN_OID_GET_ATTR1(mbedtls_oid_get_certificate_policies, mbedtls_oid_descriptor_t, certificate_policies, const char *, description) +FN_OID_GET_ATTR1(mbedtls_oid_get_certificate_policies, + mbedtls_oid_descriptor_t, + certificate_policies, + const char *, + description) #if defined(MBEDTLS_MD_C) /* @@ -319,51 +344,51 @@ static const oid_sig_alg_t oid_sig_alg[] = #if defined(MBEDTLS_RSA_C) #if defined(MBEDTLS_MD2_C) { - { ADD_LEN( MBEDTLS_OID_PKCS1_MD2 ), "md2WithRSAEncryption", "RSA with MD2" }, + { ADD_LEN(MBEDTLS_OID_PKCS1_MD2), "md2WithRSAEncryption", "RSA with MD2" }, MBEDTLS_MD_MD2, MBEDTLS_PK_RSA, }, #endif /* MBEDTLS_MD2_C */ #if defined(MBEDTLS_MD4_C) { - { ADD_LEN( MBEDTLS_OID_PKCS1_MD4 ), "md4WithRSAEncryption", "RSA with MD4" }, + { ADD_LEN(MBEDTLS_OID_PKCS1_MD4), "md4WithRSAEncryption", "RSA with MD4" }, MBEDTLS_MD_MD4, MBEDTLS_PK_RSA, }, #endif /* MBEDTLS_MD4_C */ #if defined(MBEDTLS_MD5_C) { - { ADD_LEN( MBEDTLS_OID_PKCS1_MD5 ), "md5WithRSAEncryption", "RSA with MD5" }, + { ADD_LEN(MBEDTLS_OID_PKCS1_MD5), "md5WithRSAEncryption", "RSA with MD5" }, MBEDTLS_MD_MD5, MBEDTLS_PK_RSA, }, #endif /* MBEDTLS_MD5_C */ #if defined(MBEDTLS_SHA1_C) { - { ADD_LEN( MBEDTLS_OID_PKCS1_SHA1 ), "sha-1WithRSAEncryption", "RSA with SHA1" }, + { ADD_LEN(MBEDTLS_OID_PKCS1_SHA1), "sha-1WithRSAEncryption", "RSA with SHA1" }, MBEDTLS_MD_SHA1, MBEDTLS_PK_RSA, }, #endif /* MBEDTLS_SHA1_C */ #if defined(MBEDTLS_SHA256_C) { - { ADD_LEN( MBEDTLS_OID_PKCS1_SHA224 ), "sha224WithRSAEncryption", "RSA with SHA-224" }, + { ADD_LEN(MBEDTLS_OID_PKCS1_SHA224), "sha224WithRSAEncryption", "RSA with SHA-224" }, MBEDTLS_MD_SHA224, MBEDTLS_PK_RSA, }, { - { ADD_LEN( MBEDTLS_OID_PKCS1_SHA256 ), "sha256WithRSAEncryption", "RSA with SHA-256" }, + { ADD_LEN(MBEDTLS_OID_PKCS1_SHA256), "sha256WithRSAEncryption", "RSA with SHA-256" }, MBEDTLS_MD_SHA256, MBEDTLS_PK_RSA, }, #endif /* MBEDTLS_SHA256_C */ #if defined(MBEDTLS_SHA512_C) { - { ADD_LEN( MBEDTLS_OID_PKCS1_SHA384 ), "sha384WithRSAEncryption", "RSA with SHA-384" }, + { ADD_LEN(MBEDTLS_OID_PKCS1_SHA384), "sha384WithRSAEncryption", "RSA with SHA-384" }, MBEDTLS_MD_SHA384, MBEDTLS_PK_RSA, }, { - { ADD_LEN( MBEDTLS_OID_PKCS1_SHA512 ), "sha512WithRSAEncryption", "RSA with SHA-512" }, + { ADD_LEN(MBEDTLS_OID_PKCS1_SHA512), "sha512WithRSAEncryption", "RSA with SHA-512" }, MBEDTLS_MD_SHA512, MBEDTLS_PK_RSA, }, #endif /* MBEDTLS_SHA512_C */ #if defined(MBEDTLS_SHA1_C) { - { ADD_LEN( MBEDTLS_OID_RSA_SHA_OBS ), "sha-1WithRSAEncryption", "RSA with SHA1" }, + { ADD_LEN(MBEDTLS_OID_RSA_SHA_OBS), "sha-1WithRSAEncryption", "RSA with SHA1" }, MBEDTLS_MD_SHA1, MBEDTLS_PK_RSA, }, #endif /* MBEDTLS_SHA1_C */ @@ -371,34 +396,34 @@ static const oid_sig_alg_t oid_sig_alg[] = #if defined(MBEDTLS_ECDSA_C) #if defined(MBEDTLS_SHA1_C) { - { ADD_LEN( MBEDTLS_OID_ECDSA_SHA1 ), "ecdsa-with-SHA1", "ECDSA with SHA1" }, + { ADD_LEN(MBEDTLS_OID_ECDSA_SHA1), "ecdsa-with-SHA1", "ECDSA with SHA1" }, MBEDTLS_MD_SHA1, MBEDTLS_PK_ECDSA, }, #endif /* MBEDTLS_SHA1_C */ #if defined(MBEDTLS_SHA256_C) { - { ADD_LEN( MBEDTLS_OID_ECDSA_SHA224 ), "ecdsa-with-SHA224", "ECDSA with SHA224" }, + { ADD_LEN(MBEDTLS_OID_ECDSA_SHA224), "ecdsa-with-SHA224", "ECDSA with SHA224" }, MBEDTLS_MD_SHA224, MBEDTLS_PK_ECDSA, }, { - { ADD_LEN( MBEDTLS_OID_ECDSA_SHA256 ), "ecdsa-with-SHA256", "ECDSA with SHA256" }, + { ADD_LEN(MBEDTLS_OID_ECDSA_SHA256), "ecdsa-with-SHA256", "ECDSA with SHA256" }, MBEDTLS_MD_SHA256, MBEDTLS_PK_ECDSA, }, #endif /* MBEDTLS_SHA256_C */ #if defined(MBEDTLS_SHA512_C) { - { ADD_LEN( MBEDTLS_OID_ECDSA_SHA384 ), "ecdsa-with-SHA384", "ECDSA with SHA384" }, + { ADD_LEN(MBEDTLS_OID_ECDSA_SHA384), "ecdsa-with-SHA384", "ECDSA with SHA384" }, MBEDTLS_MD_SHA384, MBEDTLS_PK_ECDSA, }, { - { ADD_LEN( MBEDTLS_OID_ECDSA_SHA512 ), "ecdsa-with-SHA512", "ECDSA with SHA512" }, + { ADD_LEN(MBEDTLS_OID_ECDSA_SHA512), "ecdsa-with-SHA512", "ECDSA with SHA512" }, MBEDTLS_MD_SHA512, MBEDTLS_PK_ECDSA, }, #endif /* MBEDTLS_SHA512_C */ #endif /* MBEDTLS_ECDSA_C */ #if defined(MBEDTLS_RSA_C) { - { ADD_LEN( MBEDTLS_OID_RSASSA_PSS ), "RSASSA-PSS", "RSASSA-PSS" }, + { ADD_LEN(MBEDTLS_OID_RSASSA_PSS), "RSASSA-PSS", "RSASSA-PSS" }, MBEDTLS_MD_NONE, MBEDTLS_PK_RSASSA_PSS, }, #endif /* MBEDTLS_RSA_C */ @@ -409,9 +434,25 @@ static const oid_sig_alg_t oid_sig_alg[] = }; FN_OID_TYPED_FROM_ASN1(oid_sig_alg_t, sig_alg, oid_sig_alg) -FN_OID_GET_DESCRIPTOR_ATTR1(mbedtls_oid_get_sig_alg_desc, oid_sig_alg_t, sig_alg, const char *, description) -FN_OID_GET_ATTR2(mbedtls_oid_get_sig_alg, oid_sig_alg_t, sig_alg, mbedtls_md_type_t, md_alg, mbedtls_pk_type_t, pk_alg) -FN_OID_GET_OID_BY_ATTR2(mbedtls_oid_get_oid_by_sig_alg, oid_sig_alg_t, oid_sig_alg, mbedtls_pk_type_t, pk_alg, mbedtls_md_type_t, md_alg) +FN_OID_GET_DESCRIPTOR_ATTR1(mbedtls_oid_get_sig_alg_desc, + oid_sig_alg_t, + sig_alg, + const char *, + description) +FN_OID_GET_ATTR2(mbedtls_oid_get_sig_alg, + oid_sig_alg_t, + sig_alg, + mbedtls_md_type_t, + md_alg, + mbedtls_pk_type_t, + pk_alg) +FN_OID_GET_OID_BY_ATTR2(mbedtls_oid_get_oid_by_sig_alg, + oid_sig_alg_t, + oid_sig_alg, + mbedtls_pk_type_t, + pk_alg, + mbedtls_md_type_t, + md_alg) #endif /* MBEDTLS_MD_C */ /* @@ -425,15 +466,15 @@ typedef struct { static const oid_pk_alg_t oid_pk_alg[] = { { - { ADD_LEN( MBEDTLS_OID_PKCS1_RSA ), "rsaEncryption", "RSA" }, + { ADD_LEN(MBEDTLS_OID_PKCS1_RSA), "rsaEncryption", "RSA" }, MBEDTLS_PK_RSA, }, { - { ADD_LEN( MBEDTLS_OID_EC_ALG_UNRESTRICTED ), "id-ecPublicKey", "Generic EC key" }, + { ADD_LEN(MBEDTLS_OID_EC_ALG_UNRESTRICTED), "id-ecPublicKey", "Generic EC key" }, MBEDTLS_PK_ECKEY, }, { - { ADD_LEN( MBEDTLS_OID_EC_ALG_ECDH ), "id-ecDH", "EC key for ECDH" }, + { ADD_LEN(MBEDTLS_OID_EC_ALG_ECDH), "id-ecDH", "EC key for ECDH" }, MBEDTLS_PK_ECKEY_DH, }, { @@ -444,7 +485,11 @@ static const oid_pk_alg_t oid_pk_alg[] = FN_OID_TYPED_FROM_ASN1(oid_pk_alg_t, pk_alg, oid_pk_alg) FN_OID_GET_ATTR1(mbedtls_oid_get_pk_alg, oid_pk_alg_t, pk_alg, mbedtls_pk_type_t, pk_alg) -FN_OID_GET_OID_BY_ATTR1(mbedtls_oid_get_oid_by_pk_alg, oid_pk_alg_t, oid_pk_alg, mbedtls_pk_type_t, pk_alg) +FN_OID_GET_OID_BY_ATTR1(mbedtls_oid_get_oid_by_pk_alg, + oid_pk_alg_t, + oid_pk_alg, + mbedtls_pk_type_t, + pk_alg) #if defined(MBEDTLS_ECP_C) /* @@ -459,67 +504,67 @@ static const oid_ecp_grp_t oid_ecp_grp[] = { #if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) { - { ADD_LEN( MBEDTLS_OID_EC_GRP_SECP192R1 ), "secp192r1", "secp192r1" }, + { ADD_LEN(MBEDTLS_OID_EC_GRP_SECP192R1), "secp192r1", "secp192r1" }, MBEDTLS_ECP_DP_SECP192R1, }, #endif /* MBEDTLS_ECP_DP_SECP192R1_ENABLED */ #if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) { - { ADD_LEN( MBEDTLS_OID_EC_GRP_SECP224R1 ), "secp224r1", "secp224r1" }, + { ADD_LEN(MBEDTLS_OID_EC_GRP_SECP224R1), "secp224r1", "secp224r1" }, MBEDTLS_ECP_DP_SECP224R1, }, #endif /* MBEDTLS_ECP_DP_SECP224R1_ENABLED */ #if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) { - { ADD_LEN( MBEDTLS_OID_EC_GRP_SECP256R1 ), "secp256r1", "secp256r1" }, + { ADD_LEN(MBEDTLS_OID_EC_GRP_SECP256R1), "secp256r1", "secp256r1" }, MBEDTLS_ECP_DP_SECP256R1, }, #endif /* MBEDTLS_ECP_DP_SECP256R1_ENABLED */ #if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) { - { ADD_LEN( MBEDTLS_OID_EC_GRP_SECP384R1 ), "secp384r1", "secp384r1" }, + { ADD_LEN(MBEDTLS_OID_EC_GRP_SECP384R1), "secp384r1", "secp384r1" }, MBEDTLS_ECP_DP_SECP384R1, }, #endif /* MBEDTLS_ECP_DP_SECP384R1_ENABLED */ #if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) { - { ADD_LEN( MBEDTLS_OID_EC_GRP_SECP521R1 ), "secp521r1", "secp521r1" }, + { ADD_LEN(MBEDTLS_OID_EC_GRP_SECP521R1), "secp521r1", "secp521r1" }, MBEDTLS_ECP_DP_SECP521R1, }, #endif /* MBEDTLS_ECP_DP_SECP521R1_ENABLED */ #if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) { - { ADD_LEN( MBEDTLS_OID_EC_GRP_SECP192K1 ), "secp192k1", "secp192k1" }, + { ADD_LEN(MBEDTLS_OID_EC_GRP_SECP192K1), "secp192k1", "secp192k1" }, MBEDTLS_ECP_DP_SECP192K1, }, #endif /* MBEDTLS_ECP_DP_SECP192K1_ENABLED */ #if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) { - { ADD_LEN( MBEDTLS_OID_EC_GRP_SECP224K1 ), "secp224k1", "secp224k1" }, + { ADD_LEN(MBEDTLS_OID_EC_GRP_SECP224K1), "secp224k1", "secp224k1" }, MBEDTLS_ECP_DP_SECP224K1, }, #endif /* MBEDTLS_ECP_DP_SECP224K1_ENABLED */ #if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) { - { ADD_LEN( MBEDTLS_OID_EC_GRP_SECP256K1 ), "secp256k1", "secp256k1" }, + { ADD_LEN(MBEDTLS_OID_EC_GRP_SECP256K1), "secp256k1", "secp256k1" }, MBEDTLS_ECP_DP_SECP256K1, }, #endif /* MBEDTLS_ECP_DP_SECP256K1_ENABLED */ #if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED) { - { ADD_LEN( MBEDTLS_OID_EC_GRP_BP256R1 ), "brainpoolP256r1","brainpool256r1" }, + { ADD_LEN(MBEDTLS_OID_EC_GRP_BP256R1), "brainpoolP256r1", "brainpool256r1" }, MBEDTLS_ECP_DP_BP256R1, }, #endif /* MBEDTLS_ECP_DP_BP256R1_ENABLED */ #if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED) { - { ADD_LEN( MBEDTLS_OID_EC_GRP_BP384R1 ), "brainpoolP384r1","brainpool384r1" }, + { ADD_LEN(MBEDTLS_OID_EC_GRP_BP384R1), "brainpoolP384r1", "brainpool384r1" }, MBEDTLS_ECP_DP_BP384R1, }, #endif /* MBEDTLS_ECP_DP_BP384R1_ENABLED */ #if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED) { - { ADD_LEN( MBEDTLS_OID_EC_GRP_BP512R1 ), "brainpoolP512r1","brainpool512r1" }, + { ADD_LEN(MBEDTLS_OID_EC_GRP_BP512R1), "brainpoolP512r1", "brainpool512r1" }, MBEDTLS_ECP_DP_BP512R1, }, #endif /* MBEDTLS_ECP_DP_BP512R1_ENABLED */ @@ -531,7 +576,11 @@ static const oid_ecp_grp_t oid_ecp_grp[] = FN_OID_TYPED_FROM_ASN1(oid_ecp_grp_t, grp_id, oid_ecp_grp) FN_OID_GET_ATTR1(mbedtls_oid_get_ec_grp, oid_ecp_grp_t, grp_id, mbedtls_ecp_group_id, grp_id) -FN_OID_GET_OID_BY_ATTR1(mbedtls_oid_get_oid_by_ec_grp, oid_ecp_grp_t, oid_ecp_grp, mbedtls_ecp_group_id, grp_id) +FN_OID_GET_OID_BY_ATTR1(mbedtls_oid_get_oid_by_ec_grp, + oid_ecp_grp_t, + oid_ecp_grp, + mbedtls_ecp_group_id, + grp_id) #endif /* MBEDTLS_ECP_C */ #if defined(MBEDTLS_CIPHER_C) @@ -546,11 +595,11 @@ typedef struct { static const oid_cipher_alg_t oid_cipher_alg[] = { { - { ADD_LEN( MBEDTLS_OID_DES_CBC ), "desCBC", "DES-CBC" }, + { ADD_LEN(MBEDTLS_OID_DES_CBC), "desCBC", "DES-CBC" }, MBEDTLS_CIPHER_DES_CBC, }, { - { ADD_LEN( MBEDTLS_OID_DES_EDE3_CBC ), "des-ede3-cbc", "DES-EDE3-CBC" }, + { ADD_LEN(MBEDTLS_OID_DES_EDE3_CBC), "des-ede3-cbc", "DES-EDE3-CBC" }, MBEDTLS_CIPHER_DES_EDE3_CBC, }, { @@ -560,7 +609,11 @@ static const oid_cipher_alg_t oid_cipher_alg[] = }; FN_OID_TYPED_FROM_ASN1(oid_cipher_alg_t, cipher_alg, oid_cipher_alg) -FN_OID_GET_ATTR1(mbedtls_oid_get_cipher_alg, oid_cipher_alg_t, cipher_alg, mbedtls_cipher_type_t, cipher_alg) +FN_OID_GET_ATTR1(mbedtls_oid_get_cipher_alg, + oid_cipher_alg_t, + cipher_alg, + mbedtls_cipher_type_t, + cipher_alg) #endif /* MBEDTLS_CIPHER_C */ #if defined(MBEDTLS_MD_C) @@ -576,51 +629,51 @@ static const oid_md_alg_t oid_md_alg[] = { #if defined(MBEDTLS_MD2_C) { - { ADD_LEN( MBEDTLS_OID_DIGEST_ALG_MD2 ), "id-md2", "MD2" }, + { ADD_LEN(MBEDTLS_OID_DIGEST_ALG_MD2), "id-md2", "MD2" }, MBEDTLS_MD_MD2, }, #endif /* MBEDTLS_MD2_C */ #if defined(MBEDTLS_MD4_C) { - { ADD_LEN( MBEDTLS_OID_DIGEST_ALG_MD4 ), "id-md4", "MD4" }, + { ADD_LEN(MBEDTLS_OID_DIGEST_ALG_MD4), "id-md4", "MD4" }, MBEDTLS_MD_MD4, }, #endif /* MBEDTLS_MD4_C */ #if defined(MBEDTLS_MD5_C) { - { ADD_LEN( MBEDTLS_OID_DIGEST_ALG_MD5 ), "id-md5", "MD5" }, + { ADD_LEN(MBEDTLS_OID_DIGEST_ALG_MD5), "id-md5", "MD5" }, MBEDTLS_MD_MD5, }, #endif /* MBEDTLS_MD5_C */ #if defined(MBEDTLS_SHA1_C) { - { ADD_LEN( MBEDTLS_OID_DIGEST_ALG_SHA1 ), "id-sha1", "SHA-1" }, + { ADD_LEN(MBEDTLS_OID_DIGEST_ALG_SHA1), "id-sha1", "SHA-1" }, MBEDTLS_MD_SHA1, }, #endif /* MBEDTLS_SHA1_C */ #if defined(MBEDTLS_SHA256_C) { - { ADD_LEN( MBEDTLS_OID_DIGEST_ALG_SHA224 ), "id-sha224", "SHA-224" }, + { ADD_LEN(MBEDTLS_OID_DIGEST_ALG_SHA224), "id-sha224", "SHA-224" }, MBEDTLS_MD_SHA224, }, { - { ADD_LEN( MBEDTLS_OID_DIGEST_ALG_SHA256 ), "id-sha256", "SHA-256" }, + { ADD_LEN(MBEDTLS_OID_DIGEST_ALG_SHA256), "id-sha256", "SHA-256" }, MBEDTLS_MD_SHA256, }, #endif /* MBEDTLS_SHA256_C */ #if defined(MBEDTLS_SHA512_C) { - { ADD_LEN( MBEDTLS_OID_DIGEST_ALG_SHA384 ), "id-sha384", "SHA-384" }, + { ADD_LEN(MBEDTLS_OID_DIGEST_ALG_SHA384), "id-sha384", "SHA-384" }, MBEDTLS_MD_SHA384, }, { - { ADD_LEN( MBEDTLS_OID_DIGEST_ALG_SHA512 ), "id-sha512", "SHA-512" }, + { ADD_LEN(MBEDTLS_OID_DIGEST_ALG_SHA512), "id-sha512", "SHA-512" }, MBEDTLS_MD_SHA512, }, #endif /* MBEDTLS_SHA512_C */ #if defined(MBEDTLS_RIPEMD160_C) { - { ADD_LEN( MBEDTLS_OID_DIGEST_ALG_RIPEMD160 ), "id-ripemd160", "RIPEMD-160" }, + { ADD_LEN(MBEDTLS_OID_DIGEST_ALG_RIPEMD160), "id-ripemd160", "RIPEMD-160" }, MBEDTLS_MD_RIPEMD160, }, #endif /* MBEDTLS_RIPEMD160_C */ @@ -632,7 +685,11 @@ static const oid_md_alg_t oid_md_alg[] = FN_OID_TYPED_FROM_ASN1(oid_md_alg_t, md_alg, oid_md_alg) FN_OID_GET_ATTR1(mbedtls_oid_get_md_alg, oid_md_alg_t, md_alg, mbedtls_md_type_t, md_alg) -FN_OID_GET_OID_BY_ATTR1(mbedtls_oid_get_oid_by_md, oid_md_alg_t, oid_md_alg, mbedtls_md_type_t, md_alg) +FN_OID_GET_OID_BY_ATTR1(mbedtls_oid_get_oid_by_md, + oid_md_alg_t, + oid_md_alg, + mbedtls_md_type_t, + md_alg) /* * For HMAC digestAlgorithm @@ -646,27 +703,27 @@ static const oid_md_hmac_t oid_md_hmac[] = { #if defined(MBEDTLS_SHA1_C) { - { ADD_LEN( MBEDTLS_OID_HMAC_SHA1 ), "hmacSHA1", "HMAC-SHA-1" }, + { ADD_LEN(MBEDTLS_OID_HMAC_SHA1), "hmacSHA1", "HMAC-SHA-1" }, MBEDTLS_MD_SHA1, }, #endif /* MBEDTLS_SHA1_C */ #if defined(MBEDTLS_SHA256_C) { - { ADD_LEN( MBEDTLS_OID_HMAC_SHA224 ), "hmacSHA224", "HMAC-SHA-224" }, + { ADD_LEN(MBEDTLS_OID_HMAC_SHA224), "hmacSHA224", "HMAC-SHA-224" }, MBEDTLS_MD_SHA224, }, { - { ADD_LEN( MBEDTLS_OID_HMAC_SHA256 ), "hmacSHA256", "HMAC-SHA-256" }, + { ADD_LEN(MBEDTLS_OID_HMAC_SHA256), "hmacSHA256", "HMAC-SHA-256" }, MBEDTLS_MD_SHA256, }, #endif /* MBEDTLS_SHA256_C */ #if defined(MBEDTLS_SHA512_C) { - { ADD_LEN( MBEDTLS_OID_HMAC_SHA384 ), "hmacSHA384", "HMAC-SHA-384" }, + { ADD_LEN(MBEDTLS_OID_HMAC_SHA384), "hmacSHA384", "HMAC-SHA-384" }, MBEDTLS_MD_SHA384, }, { - { ADD_LEN( MBEDTLS_OID_HMAC_SHA512 ), "hmacSHA512", "HMAC-SHA-512" }, + { ADD_LEN(MBEDTLS_OID_HMAC_SHA512), "hmacSHA512", "HMAC-SHA-512" }, MBEDTLS_MD_SHA512, }, #endif /* MBEDTLS_SHA512_C */ @@ -693,11 +750,13 @@ typedef struct { static const oid_pkcs12_pbe_alg_t oid_pkcs12_pbe_alg[] = { { - { ADD_LEN( MBEDTLS_OID_PKCS12_PBE_SHA1_DES3_EDE_CBC ), "pbeWithSHAAnd3-KeyTripleDES-CBC", "PBE with SHA1 and 3-Key 3DES" }, + { ADD_LEN(MBEDTLS_OID_PKCS12_PBE_SHA1_DES3_EDE_CBC), "pbeWithSHAAnd3-KeyTripleDES-CBC", + "PBE with SHA1 and 3-Key 3DES" }, MBEDTLS_MD_SHA1, MBEDTLS_CIPHER_DES_EDE3_CBC, }, { - { ADD_LEN( MBEDTLS_OID_PKCS12_PBE_SHA1_DES2_EDE_CBC ), "pbeWithSHAAnd2-KeyTripleDES-CBC", "PBE with SHA1 and 2-Key 3DES" }, + { ADD_LEN(MBEDTLS_OID_PKCS12_PBE_SHA1_DES2_EDE_CBC), "pbeWithSHAAnd2-KeyTripleDES-CBC", + "PBE with SHA1 and 2-Key 3DES" }, MBEDTLS_MD_SHA1, MBEDTLS_CIPHER_DES_EDE_CBC, }, { @@ -707,57 +766,82 @@ static const oid_pkcs12_pbe_alg_t oid_pkcs12_pbe_alg[] = }; FN_OID_TYPED_FROM_ASN1(oid_pkcs12_pbe_alg_t, pkcs12_pbe_alg, oid_pkcs12_pbe_alg) -FN_OID_GET_ATTR2(mbedtls_oid_get_pkcs12_pbe_alg, oid_pkcs12_pbe_alg_t, pkcs12_pbe_alg, mbedtls_md_type_t, md_alg, mbedtls_cipher_type_t, cipher_alg) +FN_OID_GET_ATTR2(mbedtls_oid_get_pkcs12_pbe_alg, + oid_pkcs12_pbe_alg_t, + pkcs12_pbe_alg, + mbedtls_md_type_t, + md_alg, + mbedtls_cipher_type_t, + cipher_alg) #endif /* MBEDTLS_PKCS12_C */ -#define OID_SAFE_SNPRINTF \ - do { \ - if( ret < 0 || (size_t) ret >= n ) \ - return( MBEDTLS_ERR_OID_BUF_TOO_SMALL ); \ - \ - n -= (size_t) ret; \ - p += (size_t) ret; \ - } while( 0 ) - /* Return the x.y.z.... style numeric string for the given OID */ -int mbedtls_oid_get_numeric_string( char *buf, size_t size, - const mbedtls_asn1_buf *oid ) +int mbedtls_oid_get_numeric_string(char *buf, size_t size, + const mbedtls_asn1_buf *oid) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t i, n; - unsigned int value; - char *p; + char *p = buf; + size_t n = size; + unsigned int value = 0; - p = buf; - n = size; + if (size > INT_MAX) { + /* Avoid overflow computing return value */ + return MBEDTLS_ERR_ASN1_INVALID_LENGTH; + } - /* First byte contains first two dots */ - if( oid->len > 0 ) - { - ret = mbedtls_snprintf( p, n, "%d.%d", oid->p[0] / 40, oid->p[0] % 40 ); - OID_SAFE_SNPRINTF; + if (oid->len <= 0) { + /* OID must not be empty */ + return MBEDTLS_ERR_ASN1_OUT_OF_DATA; } - value = 0; - for( i = 1; i < oid->len; i++ ) - { + for (size_t i = 0; i < oid->len; i++) { /* Prevent overflow in value. */ - if( ( ( value << 7 ) >> 7 ) != value ) - return( MBEDTLS_ERR_OID_BUF_TOO_SMALL ); + if (value > (UINT_MAX >> 7)) { + return MBEDTLS_ERR_ASN1_INVALID_DATA; + } + if ((value == 0) && ((oid->p[i]) == 0x80)) { + /* Overlong encoding is not allowed */ + return MBEDTLS_ERR_ASN1_INVALID_DATA; + } value <<= 7; - value += oid->p[i] & 0x7F; + value |= oid->p[i] & 0x7F; - if( !( oid->p[i] & 0x80 ) ) - { + if (!(oid->p[i] & 0x80)) { /* Last byte */ - ret = mbedtls_snprintf( p, n, ".%u", value ); - OID_SAFE_SNPRINTF; + if (n == size) { + int component1; + unsigned int component2; + /* First subidentifier contains first two OID components */ + if (value >= 80) { + component1 = '2'; + component2 = value - 80; + } else if (value >= 40) { + component1 = '1'; + component2 = value - 40; + } else { + component1 = '0'; + component2 = value; + } + ret = mbedtls_snprintf(p, n, "%c.%u", component1, component2); + } else { + ret = mbedtls_snprintf(p, n, ".%u", value); + } + if (ret < 2 || (size_t) ret >= n) { + return MBEDTLS_ERR_OID_BUF_TOO_SMALL; + } + n -= (size_t) ret; + p += ret; value = 0; } } - return( (int) ( size - n ) ); + if (value != 0) { + /* Unterminated subidentifier */ + return MBEDTLS_ERR_ASN1_OUT_OF_DATA; + } + + return (int) (size - n); } #endif /* MBEDTLS_OID_C */ diff --git a/thirdparty/mbedtls/library/padlock.c b/thirdparty/mbedtls/library/padlock.c index 837337413c..303f82c710 100644 --- a/thirdparty/mbedtls/library/padlock.c +++ b/thirdparty/mbedtls/library/padlock.c @@ -31,23 +31,24 @@ #include +/* *INDENT-OFF* */ #ifndef asm #define asm __asm #endif +/* *INDENT-ON* */ #if defined(MBEDTLS_HAVE_X86) /* * PadLock detection routine */ -int mbedtls_padlock_has_support( int feature ) +int mbedtls_padlock_has_support(int feature) { static int flags = -1; int ebx = 0, edx = 0; - if( flags == -1 ) - { - asm( "movl %%ebx, %0 \n\t" + if (flags == -1) { + asm ("movl %%ebx, %0 \n\t" "movl $0xC0000000, %%eax \n\t" "cpuid \n\t" "cmpl $0xC0000001, %%eax \n\t" @@ -60,21 +61,21 @@ int mbedtls_padlock_has_support( int feature ) "movl %2, %%ebx \n\t" : "=m" (ebx), "=m" (edx) : "m" (ebx) - : "eax", "ecx", "edx" ); + : "eax", "ecx", "edx"); flags = edx; } - return( flags & feature ); + return flags & feature; } /* * PadLock AES-ECB block en(de)cryption */ -int mbedtls_padlock_xcryptecb( mbedtls_aes_context *ctx, - int mode, - const unsigned char input[16], - unsigned char output[16] ) +int mbedtls_padlock_xcryptecb(mbedtls_aes_context *ctx, + int mode, + const unsigned char input[16], + unsigned char output[16]) { int ebx = 0; uint32_t *rk; @@ -83,13 +84,13 @@ int mbedtls_padlock_xcryptecb( mbedtls_aes_context *ctx, unsigned char buf[256]; rk = ctx->rk; - blk = MBEDTLS_PADLOCK_ALIGN16( buf ); - memcpy( blk, input, 16 ); + blk = MBEDTLS_PADLOCK_ALIGN16(buf); + memcpy(blk, input, 16); - ctrl = blk + 4; - *ctrl = 0x80 | ctx->nr | ( ( ctx->nr + ( mode^1 ) - 10 ) << 9 ); + ctrl = blk + 4; + *ctrl = 0x80 | ctx->nr | ((ctx->nr + (mode^1) - 10) << 9); - asm( "pushfl \n\t" + asm ("pushfl \n\t" "popfl \n\t" "movl %%ebx, %0 \n\t" "movl $1, %%ecx \n\t" @@ -101,22 +102,22 @@ int mbedtls_padlock_xcryptecb( mbedtls_aes_context *ctx, "movl %1, %%ebx \n\t" : "=m" (ebx) : "m" (ebx), "m" (ctrl), "m" (rk), "m" (blk) - : "memory", "ecx", "edx", "esi", "edi" ); + : "memory", "ecx", "edx", "esi", "edi"); - memcpy( output, blk, 16 ); + memcpy(output, blk, 16); - return( 0 ); + return 0; } /* * PadLock AES-CBC buffer en(de)cryption */ -int mbedtls_padlock_xcryptcbc( mbedtls_aes_context *ctx, - int mode, - size_t length, - unsigned char iv[16], - const unsigned char *input, - unsigned char *output ) +int mbedtls_padlock_xcryptcbc(mbedtls_aes_context *ctx, + int mode, + size_t length, + unsigned char iv[16], + const unsigned char *input, + unsigned char *output) { int ebx = 0; size_t count; @@ -125,20 +126,21 @@ int mbedtls_padlock_xcryptcbc( mbedtls_aes_context *ctx, uint32_t *ctrl; unsigned char buf[256]; - if( ( (long) input & 15 ) != 0 || - ( (long) output & 15 ) != 0 ) - return( MBEDTLS_ERR_PADLOCK_DATA_MISALIGNED ); + if (((long) input & 15) != 0 || + ((long) output & 15) != 0) { + return MBEDTLS_ERR_PADLOCK_DATA_MISALIGNED; + } rk = ctx->rk; - iw = MBEDTLS_PADLOCK_ALIGN16( buf ); - memcpy( iw, iv, 16 ); + iw = MBEDTLS_PADLOCK_ALIGN16(buf); + memcpy(iw, iv, 16); - ctrl = iw + 4; - *ctrl = 0x80 | ctx->nr | ( ( ctx->nr + ( mode ^ 1 ) - 10 ) << 9 ); + ctrl = iw + 4; + *ctrl = 0x80 | ctx->nr | ((ctx->nr + (mode ^ 1) - 10) << 9); - count = ( length + 15 ) >> 4; + count = (length + 15) >> 4; - asm( "pushfl \n\t" + asm ("pushfl \n\t" "popfl \n\t" "movl %%ebx, %0 \n\t" "movl %2, %%ecx \n\t" @@ -151,12 +153,12 @@ int mbedtls_padlock_xcryptcbc( mbedtls_aes_context *ctx, "movl %1, %%ebx \n\t" : "=m" (ebx) : "m" (ebx), "m" (count), "m" (ctrl), - "m" (rk), "m" (input), "m" (output), "m" (iw) - : "memory", "eax", "ecx", "edx", "esi", "edi" ); + "m" (rk), "m" (input), "m" (output), "m" (iw) + : "memory", "eax", "ecx", "edx", "esi", "edi"); - memcpy( iv, iw, 16 ); + memcpy(iv, iw, 16); - return( 0 ); + return 0; } #endif /* MBEDTLS_HAVE_X86 */ diff --git a/thirdparty/mbedtls/library/pem.c b/thirdparty/mbedtls/library/pem.c index cb1c82b3e4..3b9a3e91f2 100644 --- a/thirdparty/mbedtls/library/pem.c +++ b/thirdparty/mbedtls/library/pem.c @@ -35,151 +35,170 @@ #include "mbedtls/platform.h" #if defined(MBEDTLS_PEM_PARSE_C) -void mbedtls_pem_init( mbedtls_pem_context *ctx ) +void mbedtls_pem_init(mbedtls_pem_context *ctx) { - memset( ctx, 0, sizeof( mbedtls_pem_context ) ); + memset(ctx, 0, sizeof(mbedtls_pem_context)); } #if defined(MBEDTLS_MD5_C) && defined(MBEDTLS_CIPHER_MODE_CBC) && \ - ( defined(MBEDTLS_DES_C) || defined(MBEDTLS_AES_C) ) + (defined(MBEDTLS_DES_C) || defined(MBEDTLS_AES_C)) /* * Read a 16-byte hex string and convert it to binary */ -static int pem_get_iv( const unsigned char *s, unsigned char *iv, - size_t iv_len ) +static int pem_get_iv(const unsigned char *s, unsigned char *iv, + size_t iv_len) { size_t i, j, k; - memset( iv, 0, iv_len ); - - for( i = 0; i < iv_len * 2; i++, s++ ) - { - if( *s >= '0' && *s <= '9' ) j = *s - '0'; else - if( *s >= 'A' && *s <= 'F' ) j = *s - '7'; else - if( *s >= 'a' && *s <= 'f' ) j = *s - 'W'; else - return( MBEDTLS_ERR_PEM_INVALID_ENC_IV ); + memset(iv, 0, iv_len); + + for (i = 0; i < iv_len * 2; i++, s++) { + if (*s >= '0' && *s <= '9') { + j = *s - '0'; + } else + if (*s >= 'A' && *s <= 'F') { + j = *s - '7'; + } else + if (*s >= 'a' && *s <= 'f') { + j = *s - 'W'; + } else { + return MBEDTLS_ERR_PEM_INVALID_ENC_IV; + } - k = ( ( i & 1 ) != 0 ) ? j : j << 4; + k = ((i & 1) != 0) ? j : j << 4; - iv[i >> 1] = (unsigned char)( iv[i >> 1] | k ); + iv[i >> 1] = (unsigned char) (iv[i >> 1] | k); } - return( 0 ); + return 0; } -static int pem_pbkdf1( unsigned char *key, size_t keylen, - unsigned char *iv, - const unsigned char *pwd, size_t pwdlen ) +static int pem_pbkdf1(unsigned char *key, size_t keylen, + unsigned char *iv, + const unsigned char *pwd, size_t pwdlen) { mbedtls_md5_context md5_ctx; unsigned char md5sum[16]; size_t use_len; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - mbedtls_md5_init( &md5_ctx ); + mbedtls_md5_init(&md5_ctx); /* * key[ 0..15] = MD5(pwd || IV) */ - if( ( ret = mbedtls_md5_starts_ret( &md5_ctx ) ) != 0 ) + if ((ret = mbedtls_md5_starts_ret(&md5_ctx)) != 0) { goto exit; - if( ( ret = mbedtls_md5_update_ret( &md5_ctx, pwd, pwdlen ) ) != 0 ) + } + if ((ret = mbedtls_md5_update_ret(&md5_ctx, pwd, pwdlen)) != 0) { goto exit; - if( ( ret = mbedtls_md5_update_ret( &md5_ctx, iv, 8 ) ) != 0 ) + } + if ((ret = mbedtls_md5_update_ret(&md5_ctx, iv, 8)) != 0) { goto exit; - if( ( ret = mbedtls_md5_finish_ret( &md5_ctx, md5sum ) ) != 0 ) + } + if ((ret = mbedtls_md5_finish_ret(&md5_ctx, md5sum)) != 0) { goto exit; + } - if( keylen <= 16 ) - { - memcpy( key, md5sum, keylen ); + if (keylen <= 16) { + memcpy(key, md5sum, keylen); goto exit; } - memcpy( key, md5sum, 16 ); + memcpy(key, md5sum, 16); /* * key[16..23] = MD5(key[ 0..15] || pwd || IV]) */ - if( ( ret = mbedtls_md5_starts_ret( &md5_ctx ) ) != 0 ) + if ((ret = mbedtls_md5_starts_ret(&md5_ctx)) != 0) { goto exit; - if( ( ret = mbedtls_md5_update_ret( &md5_ctx, md5sum, 16 ) ) != 0 ) + } + if ((ret = mbedtls_md5_update_ret(&md5_ctx, md5sum, 16)) != 0) { goto exit; - if( ( ret = mbedtls_md5_update_ret( &md5_ctx, pwd, pwdlen ) ) != 0 ) + } + if ((ret = mbedtls_md5_update_ret(&md5_ctx, pwd, pwdlen)) != 0) { goto exit; - if( ( ret = mbedtls_md5_update_ret( &md5_ctx, iv, 8 ) ) != 0 ) + } + if ((ret = mbedtls_md5_update_ret(&md5_ctx, iv, 8)) != 0) { goto exit; - if( ( ret = mbedtls_md5_finish_ret( &md5_ctx, md5sum ) ) != 0 ) + } + if ((ret = mbedtls_md5_finish_ret(&md5_ctx, md5sum)) != 0) { goto exit; + } use_len = 16; - if( keylen < 32 ) + if (keylen < 32) { use_len = keylen - 16; + } - memcpy( key + 16, md5sum, use_len ); + memcpy(key + 16, md5sum, use_len); exit: - mbedtls_md5_free( &md5_ctx ); - mbedtls_platform_zeroize( md5sum, 16 ); + mbedtls_md5_free(&md5_ctx); + mbedtls_platform_zeroize(md5sum, 16); - return( ret ); + return ret; } #if defined(MBEDTLS_DES_C) /* * Decrypt with DES-CBC, using PBKDF1 for key derivation */ -static int pem_des_decrypt( unsigned char des_iv[8], - unsigned char *buf, size_t buflen, - const unsigned char *pwd, size_t pwdlen ) +static int pem_des_decrypt(unsigned char des_iv[8], + unsigned char *buf, size_t buflen, + const unsigned char *pwd, size_t pwdlen) { mbedtls_des_context des_ctx; unsigned char des_key[8]; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - mbedtls_des_init( &des_ctx ); + mbedtls_des_init(&des_ctx); - if( ( ret = pem_pbkdf1( des_key, 8, des_iv, pwd, pwdlen ) ) != 0 ) + if ((ret = pem_pbkdf1(des_key, 8, des_iv, pwd, pwdlen)) != 0) { goto exit; + } - if( ( ret = mbedtls_des_setkey_dec( &des_ctx, des_key ) ) != 0 ) + if ((ret = mbedtls_des_setkey_dec(&des_ctx, des_key)) != 0) { goto exit; - ret = mbedtls_des_crypt_cbc( &des_ctx, MBEDTLS_DES_DECRYPT, buflen, - des_iv, buf, buf ); + } + ret = mbedtls_des_crypt_cbc(&des_ctx, MBEDTLS_DES_DECRYPT, buflen, + des_iv, buf, buf); exit: - mbedtls_des_free( &des_ctx ); - mbedtls_platform_zeroize( des_key, 8 ); + mbedtls_des_free(&des_ctx); + mbedtls_platform_zeroize(des_key, 8); - return( ret ); + return ret; } /* * Decrypt with 3DES-CBC, using PBKDF1 for key derivation */ -static int pem_des3_decrypt( unsigned char des3_iv[8], - unsigned char *buf, size_t buflen, - const unsigned char *pwd, size_t pwdlen ) +static int pem_des3_decrypt(unsigned char des3_iv[8], + unsigned char *buf, size_t buflen, + const unsigned char *pwd, size_t pwdlen) { mbedtls_des3_context des3_ctx; unsigned char des3_key[24]; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - mbedtls_des3_init( &des3_ctx ); + mbedtls_des3_init(&des3_ctx); - if( ( ret = pem_pbkdf1( des3_key, 24, des3_iv, pwd, pwdlen ) ) != 0 ) + if ((ret = pem_pbkdf1(des3_key, 24, des3_iv, pwd, pwdlen)) != 0) { goto exit; + } - if( ( ret = mbedtls_des3_set3key_dec( &des3_ctx, des3_key ) ) != 0 ) + if ((ret = mbedtls_des3_set3key_dec(&des3_ctx, des3_key)) != 0) { goto exit; - ret = mbedtls_des3_crypt_cbc( &des3_ctx, MBEDTLS_DES_DECRYPT, buflen, - des3_iv, buf, buf ); + } + ret = mbedtls_des3_crypt_cbc(&des3_ctx, MBEDTLS_DES_DECRYPT, buflen, + des3_iv, buf, buf); exit: - mbedtls_des3_free( &des3_ctx ); - mbedtls_platform_zeroize( des3_key, 24 ); + mbedtls_des3_free(&des3_ctx); + mbedtls_platform_zeroize(des3_key, 24); - return( ret ); + return ret; } #endif /* MBEDTLS_DES_C */ @@ -187,45 +206,47 @@ exit: /* * Decrypt with AES-XXX-CBC, using PBKDF1 for key derivation */ -static int pem_aes_decrypt( unsigned char aes_iv[16], unsigned int keylen, - unsigned char *buf, size_t buflen, - const unsigned char *pwd, size_t pwdlen ) +static int pem_aes_decrypt(unsigned char aes_iv[16], unsigned int keylen, + unsigned char *buf, size_t buflen, + const unsigned char *pwd, size_t pwdlen) { mbedtls_aes_context aes_ctx; unsigned char aes_key[32]; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - mbedtls_aes_init( &aes_ctx ); + mbedtls_aes_init(&aes_ctx); - if( ( ret = pem_pbkdf1( aes_key, keylen, aes_iv, pwd, pwdlen ) ) != 0 ) + if ((ret = pem_pbkdf1(aes_key, keylen, aes_iv, pwd, pwdlen)) != 0) { goto exit; + } - if( ( ret = mbedtls_aes_setkey_dec( &aes_ctx, aes_key, keylen * 8 ) ) != 0 ) + if ((ret = mbedtls_aes_setkey_dec(&aes_ctx, aes_key, keylen * 8)) != 0) { goto exit; - ret = mbedtls_aes_crypt_cbc( &aes_ctx, MBEDTLS_AES_DECRYPT, buflen, - aes_iv, buf, buf ); + } + ret = mbedtls_aes_crypt_cbc(&aes_ctx, MBEDTLS_AES_DECRYPT, buflen, + aes_iv, buf, buf); exit: - mbedtls_aes_free( &aes_ctx ); - mbedtls_platform_zeroize( aes_key, keylen ); + mbedtls_aes_free(&aes_ctx); + mbedtls_platform_zeroize(aes_key, keylen); - return( ret ); + return ret; } #endif /* MBEDTLS_AES_C */ #endif /* MBEDTLS_MD5_C && MBEDTLS_CIPHER_MODE_CBC && ( MBEDTLS_AES_C || MBEDTLS_DES_C ) */ -int mbedtls_pem_read_buffer( mbedtls_pem_context *ctx, const char *header, const char *footer, - const unsigned char *data, const unsigned char *pwd, - size_t pwdlen, size_t *use_len ) +int mbedtls_pem_read_buffer(mbedtls_pem_context *ctx, const char *header, const char *footer, + const unsigned char *data, const unsigned char *pwd, + size_t pwdlen, size_t *use_len) { int ret, enc; size_t len; unsigned char *buf; const unsigned char *s1, *s2, *end; #if defined(MBEDTLS_MD5_C) && defined(MBEDTLS_CIPHER_MODE_CBC) && \ - ( defined(MBEDTLS_DES_C) || defined(MBEDTLS_AES_C) ) + (defined(MBEDTLS_DES_C) || defined(MBEDTLS_AES_C)) unsigned char pem_iv[16]; mbedtls_cipher_type_t enc_alg = MBEDTLS_CIPHER_NONE; #else @@ -234,154 +255,181 @@ int mbedtls_pem_read_buffer( mbedtls_pem_context *ctx, const char *header, const #endif /* MBEDTLS_MD5_C && MBEDTLS_CIPHER_MODE_CBC && ( MBEDTLS_AES_C || MBEDTLS_DES_C ) */ - if( ctx == NULL ) - return( MBEDTLS_ERR_PEM_BAD_INPUT_DATA ); + if (ctx == NULL) { + return MBEDTLS_ERR_PEM_BAD_INPUT_DATA; + } - s1 = (unsigned char *) strstr( (const char *) data, header ); + s1 = (unsigned char *) strstr((const char *) data, header); - if( s1 == NULL ) - return( MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT ); + if (s1 == NULL) { + return MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT; + } - s2 = (unsigned char *) strstr( (const char *) data, footer ); + s2 = (unsigned char *) strstr((const char *) data, footer); - if( s2 == NULL || s2 <= s1 ) - return( MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT ); + if (s2 == NULL || s2 <= s1) { + return MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT; + } - s1 += strlen( header ); - if( *s1 == ' ' ) s1++; - if( *s1 == '\r' ) s1++; - if( *s1 == '\n' ) s1++; - else return( MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT ); + s1 += strlen(header); + if (*s1 == ' ') { + s1++; + } + if (*s1 == '\r') { + s1++; + } + if (*s1 == '\n') { + s1++; + } else { + return MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT; + } end = s2; - end += strlen( footer ); - if( *end == ' ' ) end++; - if( *end == '\r' ) end++; - if( *end == '\n' ) end++; + end += strlen(footer); + if (*end == ' ') { + end++; + } + if (*end == '\r') { + end++; + } + if (*end == '\n') { + end++; + } *use_len = end - data; enc = 0; - if( s2 - s1 >= 22 && memcmp( s1, "Proc-Type: 4,ENCRYPTED", 22 ) == 0 ) - { + if (s2 - s1 >= 22 && memcmp(s1, "Proc-Type: 4,ENCRYPTED", 22) == 0) { #if defined(MBEDTLS_MD5_C) && defined(MBEDTLS_CIPHER_MODE_CBC) && \ - ( defined(MBEDTLS_DES_C) || defined(MBEDTLS_AES_C) ) + (defined(MBEDTLS_DES_C) || defined(MBEDTLS_AES_C)) enc++; s1 += 22; - if( *s1 == '\r' ) s1++; - if( *s1 == '\n' ) s1++; - else return( MBEDTLS_ERR_PEM_INVALID_DATA ); + if (*s1 == '\r') { + s1++; + } + if (*s1 == '\n') { + s1++; + } else { + return MBEDTLS_ERR_PEM_INVALID_DATA; + } #if defined(MBEDTLS_DES_C) - if( s2 - s1 >= 23 && memcmp( s1, "DEK-Info: DES-EDE3-CBC,", 23 ) == 0 ) - { + if (s2 - s1 >= 23 && memcmp(s1, "DEK-Info: DES-EDE3-CBC,", 23) == 0) { enc_alg = MBEDTLS_CIPHER_DES_EDE3_CBC; s1 += 23; - if( s2 - s1 < 16 || pem_get_iv( s1, pem_iv, 8 ) != 0 ) - return( MBEDTLS_ERR_PEM_INVALID_ENC_IV ); + if (s2 - s1 < 16 || pem_get_iv(s1, pem_iv, 8) != 0) { + return MBEDTLS_ERR_PEM_INVALID_ENC_IV; + } s1 += 16; - } - else if( s2 - s1 >= 18 && memcmp( s1, "DEK-Info: DES-CBC,", 18 ) == 0 ) - { + } else if (s2 - s1 >= 18 && memcmp(s1, "DEK-Info: DES-CBC,", 18) == 0) { enc_alg = MBEDTLS_CIPHER_DES_CBC; s1 += 18; - if( s2 - s1 < 16 || pem_get_iv( s1, pem_iv, 8) != 0 ) - return( MBEDTLS_ERR_PEM_INVALID_ENC_IV ); + if (s2 - s1 < 16 || pem_get_iv(s1, pem_iv, 8) != 0) { + return MBEDTLS_ERR_PEM_INVALID_ENC_IV; + } s1 += 16; } #endif /* MBEDTLS_DES_C */ #if defined(MBEDTLS_AES_C) - if( s2 - s1 >= 14 && memcmp( s1, "DEK-Info: AES-", 14 ) == 0 ) - { - if( s2 - s1 < 22 ) - return( MBEDTLS_ERR_PEM_UNKNOWN_ENC_ALG ); - else if( memcmp( s1, "DEK-Info: AES-128-CBC,", 22 ) == 0 ) + if (s2 - s1 >= 14 && memcmp(s1, "DEK-Info: AES-", 14) == 0) { + if (s2 - s1 < 22) { + return MBEDTLS_ERR_PEM_UNKNOWN_ENC_ALG; + } else if (memcmp(s1, "DEK-Info: AES-128-CBC,", 22) == 0) { enc_alg = MBEDTLS_CIPHER_AES_128_CBC; - else if( memcmp( s1, "DEK-Info: AES-192-CBC,", 22 ) == 0 ) + } else if (memcmp(s1, "DEK-Info: AES-192-CBC,", 22) == 0) { enc_alg = MBEDTLS_CIPHER_AES_192_CBC; - else if( memcmp( s1, "DEK-Info: AES-256-CBC,", 22 ) == 0 ) + } else if (memcmp(s1, "DEK-Info: AES-256-CBC,", 22) == 0) { enc_alg = MBEDTLS_CIPHER_AES_256_CBC; - else - return( MBEDTLS_ERR_PEM_UNKNOWN_ENC_ALG ); + } else { + return MBEDTLS_ERR_PEM_UNKNOWN_ENC_ALG; + } s1 += 22; - if( s2 - s1 < 32 || pem_get_iv( s1, pem_iv, 16 ) != 0 ) - return( MBEDTLS_ERR_PEM_INVALID_ENC_IV ); + if (s2 - s1 < 32 || pem_get_iv(s1, pem_iv, 16) != 0) { + return MBEDTLS_ERR_PEM_INVALID_ENC_IV; + } s1 += 32; } #endif /* MBEDTLS_AES_C */ - if( enc_alg == MBEDTLS_CIPHER_NONE ) - return( MBEDTLS_ERR_PEM_UNKNOWN_ENC_ALG ); + if (enc_alg == MBEDTLS_CIPHER_NONE) { + return MBEDTLS_ERR_PEM_UNKNOWN_ENC_ALG; + } - if( *s1 == '\r' ) s1++; - if( *s1 == '\n' ) s1++; - else return( MBEDTLS_ERR_PEM_INVALID_DATA ); + if (*s1 == '\r') { + s1++; + } + if (*s1 == '\n') { + s1++; + } else { + return MBEDTLS_ERR_PEM_INVALID_DATA; + } #else - return( MBEDTLS_ERR_PEM_FEATURE_UNAVAILABLE ); + return MBEDTLS_ERR_PEM_FEATURE_UNAVAILABLE; #endif /* MBEDTLS_MD5_C && MBEDTLS_CIPHER_MODE_CBC && ( MBEDTLS_AES_C || MBEDTLS_DES_C ) */ } - if( s1 >= s2 ) - return( MBEDTLS_ERR_PEM_INVALID_DATA ); + if (s1 >= s2) { + return MBEDTLS_ERR_PEM_INVALID_DATA; + } - ret = mbedtls_base64_decode( NULL, 0, &len, s1, s2 - s1 ); + ret = mbedtls_base64_decode(NULL, 0, &len, s1, s2 - s1); - if( ret == MBEDTLS_ERR_BASE64_INVALID_CHARACTER ) - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PEM_INVALID_DATA, ret ) ); + if (ret == MBEDTLS_ERR_BASE64_INVALID_CHARACTER) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PEM_INVALID_DATA, ret); + } - if( ( buf = mbedtls_calloc( 1, len ) ) == NULL ) - return( MBEDTLS_ERR_PEM_ALLOC_FAILED ); + if ((buf = mbedtls_calloc(1, len)) == NULL) { + return MBEDTLS_ERR_PEM_ALLOC_FAILED; + } - if( ( ret = mbedtls_base64_decode( buf, len, &len, s1, s2 - s1 ) ) != 0 ) - { - mbedtls_platform_zeroize( buf, len ); - mbedtls_free( buf ); - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PEM_INVALID_DATA, ret ) ); + if ((ret = mbedtls_base64_decode(buf, len, &len, s1, s2 - s1)) != 0) { + mbedtls_platform_zeroize(buf, len); + mbedtls_free(buf); + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PEM_INVALID_DATA, ret); } - if( enc != 0 ) - { + if (enc != 0) { #if defined(MBEDTLS_MD5_C) && defined(MBEDTLS_CIPHER_MODE_CBC) && \ - ( defined(MBEDTLS_DES_C) || defined(MBEDTLS_AES_C) ) - if( pwd == NULL ) - { - mbedtls_platform_zeroize( buf, len ); - mbedtls_free( buf ); - return( MBEDTLS_ERR_PEM_PASSWORD_REQUIRED ); + (defined(MBEDTLS_DES_C) || defined(MBEDTLS_AES_C)) + if (pwd == NULL) { + mbedtls_platform_zeroize(buf, len); + mbedtls_free(buf); + return MBEDTLS_ERR_PEM_PASSWORD_REQUIRED; } ret = 0; #if defined(MBEDTLS_DES_C) - if( enc_alg == MBEDTLS_CIPHER_DES_EDE3_CBC ) - ret = pem_des3_decrypt( pem_iv, buf, len, pwd, pwdlen ); - else if( enc_alg == MBEDTLS_CIPHER_DES_CBC ) - ret = pem_des_decrypt( pem_iv, buf, len, pwd, pwdlen ); + if (enc_alg == MBEDTLS_CIPHER_DES_EDE3_CBC) { + ret = pem_des3_decrypt(pem_iv, buf, len, pwd, pwdlen); + } else if (enc_alg == MBEDTLS_CIPHER_DES_CBC) { + ret = pem_des_decrypt(pem_iv, buf, len, pwd, pwdlen); + } #endif /* MBEDTLS_DES_C */ #if defined(MBEDTLS_AES_C) - if( enc_alg == MBEDTLS_CIPHER_AES_128_CBC ) - ret = pem_aes_decrypt( pem_iv, 16, buf, len, pwd, pwdlen ); - else if( enc_alg == MBEDTLS_CIPHER_AES_192_CBC ) - ret = pem_aes_decrypt( pem_iv, 24, buf, len, pwd, pwdlen ); - else if( enc_alg == MBEDTLS_CIPHER_AES_256_CBC ) - ret = pem_aes_decrypt( pem_iv, 32, buf, len, pwd, pwdlen ); + if (enc_alg == MBEDTLS_CIPHER_AES_128_CBC) { + ret = pem_aes_decrypt(pem_iv, 16, buf, len, pwd, pwdlen); + } else if (enc_alg == MBEDTLS_CIPHER_AES_192_CBC) { + ret = pem_aes_decrypt(pem_iv, 24, buf, len, pwd, pwdlen); + } else if (enc_alg == MBEDTLS_CIPHER_AES_256_CBC) { + ret = pem_aes_decrypt(pem_iv, 32, buf, len, pwd, pwdlen); + } #endif /* MBEDTLS_AES_C */ - if( ret != 0 ) - { - mbedtls_free( buf ); - return( ret ); + if (ret != 0) { + mbedtls_free(buf); + return ret; } /* @@ -390,16 +438,15 @@ int mbedtls_pem_read_buffer( mbedtls_pem_context *ctx, const char *header, const * * Use that as a heuristic to try to detect password mismatches. */ - if( len <= 2 || buf[0] != 0x30 || buf[1] > 0x83 ) - { - mbedtls_platform_zeroize( buf, len ); - mbedtls_free( buf ); - return( MBEDTLS_ERR_PEM_PASSWORD_MISMATCH ); + if (len <= 2 || buf[0] != 0x30 || buf[1] > 0x83) { + mbedtls_platform_zeroize(buf, len); + mbedtls_free(buf); + return MBEDTLS_ERR_PEM_PASSWORD_MISMATCH; } #else - mbedtls_platform_zeroize( buf, len ); - mbedtls_free( buf ); - return( MBEDTLS_ERR_PEM_FEATURE_UNAVAILABLE ); + mbedtls_platform_zeroize(buf, len); + mbedtls_free(buf); + return MBEDTLS_ERR_PEM_FEATURE_UNAVAILABLE; #endif /* MBEDTLS_MD5_C && MBEDTLS_CIPHER_MODE_CBC && ( MBEDTLS_AES_C || MBEDTLS_DES_C ) */ } @@ -407,77 +454,73 @@ int mbedtls_pem_read_buffer( mbedtls_pem_context *ctx, const char *header, const ctx->buf = buf; ctx->buflen = len; - return( 0 ); + return 0; } -void mbedtls_pem_free( mbedtls_pem_context *ctx ) +void mbedtls_pem_free(mbedtls_pem_context *ctx) { - if ( ctx->buf != NULL ) - { - mbedtls_platform_zeroize( ctx->buf, ctx->buflen ); - mbedtls_free( ctx->buf ); + if (ctx->buf != NULL) { + mbedtls_platform_zeroize(ctx->buf, ctx->buflen); + mbedtls_free(ctx->buf); } - mbedtls_free( ctx->info ); + mbedtls_free(ctx->info); - mbedtls_platform_zeroize( ctx, sizeof( mbedtls_pem_context ) ); + mbedtls_platform_zeroize(ctx, sizeof(mbedtls_pem_context)); } #endif /* MBEDTLS_PEM_PARSE_C */ #if defined(MBEDTLS_PEM_WRITE_C) -int mbedtls_pem_write_buffer( const char *header, const char *footer, - const unsigned char *der_data, size_t der_len, - unsigned char *buf, size_t buf_len, size_t *olen ) +int mbedtls_pem_write_buffer(const char *header, const char *footer, + const unsigned char *der_data, size_t der_len, + unsigned char *buf, size_t buf_len, size_t *olen) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char *encode_buf = NULL, *c, *p = buf; size_t len = 0, use_len, add_len = 0; - mbedtls_base64_encode( NULL, 0, &use_len, der_data, der_len ); - add_len = strlen( header ) + strlen( footer ) + ( use_len / 64 ) + 1; + mbedtls_base64_encode(NULL, 0, &use_len, der_data, der_len); + add_len = strlen(header) + strlen(footer) + (use_len / 64) + 1; - if( use_len + add_len > buf_len ) - { + if (use_len + add_len > buf_len) { *olen = use_len + add_len; - return( MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL ); + return MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL; } - if( use_len != 0 && - ( ( encode_buf = mbedtls_calloc( 1, use_len ) ) == NULL ) ) - return( MBEDTLS_ERR_PEM_ALLOC_FAILED ); + if (use_len != 0 && + ((encode_buf = mbedtls_calloc(1, use_len)) == NULL)) { + return MBEDTLS_ERR_PEM_ALLOC_FAILED; + } - if( ( ret = mbedtls_base64_encode( encode_buf, use_len, &use_len, der_data, - der_len ) ) != 0 ) - { - mbedtls_free( encode_buf ); - return( ret ); + if ((ret = mbedtls_base64_encode(encode_buf, use_len, &use_len, der_data, + der_len)) != 0) { + mbedtls_free(encode_buf); + return ret; } - memcpy( p, header, strlen( header ) ); - p += strlen( header ); + memcpy(p, header, strlen(header)); + p += strlen(header); c = encode_buf; - while( use_len ) - { - len = ( use_len > 64 ) ? 64 : use_len; - memcpy( p, c, len ); + while (use_len) { + len = (use_len > 64) ? 64 : use_len; + memcpy(p, c, len); use_len -= len; p += len; c += len; *p++ = '\n'; } - memcpy( p, footer, strlen( footer ) ); - p += strlen( footer ); + memcpy(p, footer, strlen(footer)); + p += strlen(footer); *p++ = '\0'; *olen = p - buf; - /* Clean any remaining data previously written to the buffer */ - memset( buf + *olen, 0, buf_len - *olen ); + /* Clean any remaining data previously written to the buffer */ + memset(buf + *olen, 0, buf_len - *olen); - mbedtls_free( encode_buf ); - return( 0 ); + mbedtls_free(encode_buf); + return 0; } #endif /* MBEDTLS_PEM_WRITE_C */ #endif /* MBEDTLS_PEM_PARSE_C || MBEDTLS_PEM_WRITE_C */ - diff --git a/thirdparty/mbedtls/library/pk.c b/thirdparty/mbedtls/library/pk.c index 05cc2134f1..d46a93461a 100644 --- a/thirdparty/mbedtls/library/pk.c +++ b/thirdparty/mbedtls/library/pk.c @@ -44,17 +44,17 @@ #include /* Parameter validation macros based on platform_util.h */ -#define PK_VALIDATE_RET( cond ) \ - MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_PK_BAD_INPUT_DATA ) -#define PK_VALIDATE( cond ) \ - MBEDTLS_INTERNAL_VALIDATE( cond ) +#define PK_VALIDATE_RET(cond) \ + MBEDTLS_INTERNAL_VALIDATE_RET(cond, MBEDTLS_ERR_PK_BAD_INPUT_DATA) +#define PK_VALIDATE(cond) \ + MBEDTLS_INTERNAL_VALIDATE(cond) /* * Initialise a mbedtls_pk_context */ -void mbedtls_pk_init( mbedtls_pk_context *ctx ) +void mbedtls_pk_init(mbedtls_pk_context *ctx) { - PK_VALIDATE( ctx != NULL ); + PK_VALIDATE(ctx != NULL); ctx->pk_info = NULL; ctx->pk_ctx = NULL; @@ -63,24 +63,26 @@ void mbedtls_pk_init( mbedtls_pk_context *ctx ) /* * Free (the components of) a mbedtls_pk_context */ -void mbedtls_pk_free( mbedtls_pk_context *ctx ) +void mbedtls_pk_free(mbedtls_pk_context *ctx) { - if( ctx == NULL ) + if (ctx == NULL) { return; + } - if ( ctx->pk_info != NULL ) - ctx->pk_info->ctx_free_func( ctx->pk_ctx ); + if (ctx->pk_info != NULL) { + ctx->pk_info->ctx_free_func(ctx->pk_ctx); + } - mbedtls_platform_zeroize( ctx, sizeof( mbedtls_pk_context ) ); + mbedtls_platform_zeroize(ctx, sizeof(mbedtls_pk_context)); } #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) /* * Initialize a restart context */ -void mbedtls_pk_restart_init( mbedtls_pk_restart_ctx *ctx ) +void mbedtls_pk_restart_init(mbedtls_pk_restart_ctx *ctx) { - PK_VALIDATE( ctx != NULL ); + PK_VALIDATE(ctx != NULL); ctx->pk_info = NULL; ctx->rs_ctx = NULL; } @@ -88,15 +90,14 @@ void mbedtls_pk_restart_init( mbedtls_pk_restart_ctx *ctx ) /* * Free the components of a restart context */ -void mbedtls_pk_restart_free( mbedtls_pk_restart_ctx *ctx ) +void mbedtls_pk_restart_free(mbedtls_pk_restart_ctx *ctx) { - if( ctx == NULL || ctx->pk_info == NULL || - ctx->pk_info->rs_free_func == NULL ) - { + if (ctx == NULL || ctx->pk_info == NULL || + ctx->pk_info->rs_free_func == NULL) { return; } - ctx->pk_info->rs_free_func( ctx->rs_ctx ); + ctx->pk_info->rs_free_func(ctx->rs_ctx); ctx->pk_info = NULL; ctx->rs_ctx = NULL; @@ -106,79 +107,85 @@ void mbedtls_pk_restart_free( mbedtls_pk_restart_ctx *ctx ) /* * Get pk_info structure from type */ -const mbedtls_pk_info_t * mbedtls_pk_info_from_type( mbedtls_pk_type_t pk_type ) +const mbedtls_pk_info_t *mbedtls_pk_info_from_type(mbedtls_pk_type_t pk_type) { - switch( pk_type ) { + switch (pk_type) { #if defined(MBEDTLS_RSA_C) case MBEDTLS_PK_RSA: - return( &mbedtls_rsa_info ); + return &mbedtls_rsa_info; #endif #if defined(MBEDTLS_ECP_C) case MBEDTLS_PK_ECKEY: - return( &mbedtls_eckey_info ); + return &mbedtls_eckey_info; case MBEDTLS_PK_ECKEY_DH: - return( &mbedtls_eckeydh_info ); + return &mbedtls_eckeydh_info; #endif #if defined(MBEDTLS_ECDSA_C) case MBEDTLS_PK_ECDSA: - return( &mbedtls_ecdsa_info ); + return &mbedtls_ecdsa_info; #endif /* MBEDTLS_PK_RSA_ALT omitted on purpose */ default: - return( NULL ); + return NULL; } } /* * Initialise context */ -int mbedtls_pk_setup( mbedtls_pk_context *ctx, const mbedtls_pk_info_t *info ) +int mbedtls_pk_setup(mbedtls_pk_context *ctx, const mbedtls_pk_info_t *info) { - PK_VALIDATE_RET( ctx != NULL ); - if( info == NULL || ctx->pk_info != NULL ) - return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); + PK_VALIDATE_RET(ctx != NULL); + if (info == NULL || ctx->pk_info != NULL) { + return MBEDTLS_ERR_PK_BAD_INPUT_DATA; + } - if( ( ctx->pk_ctx = info->ctx_alloc_func() ) == NULL ) - return( MBEDTLS_ERR_PK_ALLOC_FAILED ); + if ((ctx->pk_ctx = info->ctx_alloc_func()) == NULL) { + return MBEDTLS_ERR_PK_ALLOC_FAILED; + } ctx->pk_info = info; - return( 0 ); + return 0; } #if defined(MBEDTLS_USE_PSA_CRYPTO) /* * Initialise a PSA-wrapping context */ -int mbedtls_pk_setup_opaque( mbedtls_pk_context *ctx, - const psa_key_id_t key ) +int mbedtls_pk_setup_opaque(mbedtls_pk_context *ctx, + const psa_key_id_t key) { const mbedtls_pk_info_t * const info = &mbedtls_pk_opaque_info; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_key_id_t *pk_ctx; psa_key_type_t type; - if( ctx == NULL || ctx->pk_info != NULL ) - return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); + if (ctx == NULL || ctx->pk_info != NULL) { + return MBEDTLS_ERR_PK_BAD_INPUT_DATA; + } - if( PSA_SUCCESS != psa_get_key_attributes( key, &attributes ) ) - return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); - type = psa_get_key_type( &attributes ); - psa_reset_key_attributes( &attributes ); + if (PSA_SUCCESS != psa_get_key_attributes(key, &attributes)) { + return MBEDTLS_ERR_PK_BAD_INPUT_DATA; + } + type = psa_get_key_type(&attributes); + psa_reset_key_attributes(&attributes); /* Current implementation of can_do() relies on this. */ - if( ! PSA_KEY_TYPE_IS_ECC_KEY_PAIR( type ) ) - return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE) ; + if (!PSA_KEY_TYPE_IS_ECC_KEY_PAIR(type)) { + return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE; + } - if( ( ctx->pk_ctx = info->ctx_alloc_func() ) == NULL ) - return( MBEDTLS_ERR_PK_ALLOC_FAILED ); + if ((ctx->pk_ctx = info->ctx_alloc_func()) == NULL) { + return MBEDTLS_ERR_PK_ALLOC_FAILED; + } ctx->pk_info = info; pk_ctx = (psa_key_id_t *) ctx->pk_ctx; *pk_ctx = key; - return( 0 ); + return 0; } #endif /* MBEDTLS_USE_PSA_CRYPTO */ @@ -186,20 +193,22 @@ int mbedtls_pk_setup_opaque( mbedtls_pk_context *ctx, /* * Initialize an RSA-alt context */ -int mbedtls_pk_setup_rsa_alt( mbedtls_pk_context *ctx, void * key, - mbedtls_pk_rsa_alt_decrypt_func decrypt_func, - mbedtls_pk_rsa_alt_sign_func sign_func, - mbedtls_pk_rsa_alt_key_len_func key_len_func ) +int mbedtls_pk_setup_rsa_alt(mbedtls_pk_context *ctx, void *key, + mbedtls_pk_rsa_alt_decrypt_func decrypt_func, + mbedtls_pk_rsa_alt_sign_func sign_func, + mbedtls_pk_rsa_alt_key_len_func key_len_func) { mbedtls_rsa_alt_context *rsa_alt; const mbedtls_pk_info_t *info = &mbedtls_rsa_alt_info; - PK_VALIDATE_RET( ctx != NULL ); - if( ctx->pk_info != NULL ) - return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); + PK_VALIDATE_RET(ctx != NULL); + if (ctx->pk_info != NULL) { + return MBEDTLS_ERR_PK_BAD_INPUT_DATA; + } - if( ( ctx->pk_ctx = info->ctx_alloc_func() ) == NULL ) - return( MBEDTLS_ERR_PK_ALLOC_FAILED ); + if ((ctx->pk_ctx = info->ctx_alloc_func()) == NULL) { + return MBEDTLS_ERR_PK_ALLOC_FAILED; + } ctx->pk_info = info; @@ -210,377 +219,406 @@ int mbedtls_pk_setup_rsa_alt( mbedtls_pk_context *ctx, void * key, rsa_alt->sign_func = sign_func; rsa_alt->key_len_func = key_len_func; - return( 0 ); + return 0; } #endif /* MBEDTLS_PK_RSA_ALT_SUPPORT */ /* * Tell if a PK can do the operations of the given type */ -int mbedtls_pk_can_do( const mbedtls_pk_context *ctx, mbedtls_pk_type_t type ) +int mbedtls_pk_can_do(const mbedtls_pk_context *ctx, mbedtls_pk_type_t type) { /* A context with null pk_info is not set up yet and can't do anything. * For backward compatibility, also accept NULL instead of a context * pointer. */ - if( ctx == NULL || ctx->pk_info == NULL ) - return( 0 ); + if (ctx == NULL || ctx->pk_info == NULL) { + return 0; + } - return( ctx->pk_info->can_do( type ) ); + return ctx->pk_info->can_do(type); } /* * Helper for mbedtls_pk_sign and mbedtls_pk_verify */ -static inline int pk_hashlen_helper( mbedtls_md_type_t md_alg, size_t *hash_len ) +static inline int pk_hashlen_helper(mbedtls_md_type_t md_alg, size_t *hash_len) { const mbedtls_md_info_t *md_info; - if( *hash_len != 0 && md_alg == MBEDTLS_MD_NONE ) - return( 0 ); + if (*hash_len != 0 && md_alg == MBEDTLS_MD_NONE) { + return 0; + } - if( ( md_info = mbedtls_md_info_from_type( md_alg ) ) == NULL ) - return( -1 ); + if ((md_info = mbedtls_md_info_from_type(md_alg)) == NULL) { + return -1; + } - if ( *hash_len != 0 && *hash_len != mbedtls_md_get_size( md_info ) ) - return ( -1 ); + if (*hash_len != 0 && *hash_len != mbedtls_md_get_size(md_info)) { + return -1; + } - *hash_len = mbedtls_md_get_size( md_info ); - return( 0 ); + *hash_len = mbedtls_md_get_size(md_info); + return 0; } #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) /* * Helper to set up a restart context if needed */ -static int pk_restart_setup( mbedtls_pk_restart_ctx *ctx, - const mbedtls_pk_info_t *info ) +static int pk_restart_setup(mbedtls_pk_restart_ctx *ctx, + const mbedtls_pk_info_t *info) { /* Don't do anything if already set up or invalid */ - if( ctx == NULL || ctx->pk_info != NULL ) - return( 0 ); + if (ctx == NULL || ctx->pk_info != NULL) { + return 0; + } /* Should never happen when we're called */ - if( info->rs_alloc_func == NULL || info->rs_free_func == NULL ) - return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); + if (info->rs_alloc_func == NULL || info->rs_free_func == NULL) { + return MBEDTLS_ERR_PK_BAD_INPUT_DATA; + } - if( ( ctx->rs_ctx = info->rs_alloc_func() ) == NULL ) - return( MBEDTLS_ERR_PK_ALLOC_FAILED ); + if ((ctx->rs_ctx = info->rs_alloc_func()) == NULL) { + return MBEDTLS_ERR_PK_ALLOC_FAILED; + } ctx->pk_info = info; - return( 0 ); + return 0; } #endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */ /* * Verify a signature (restartable) */ -int mbedtls_pk_verify_restartable( mbedtls_pk_context *ctx, - mbedtls_md_type_t md_alg, - const unsigned char *hash, size_t hash_len, - const unsigned char *sig, size_t sig_len, - mbedtls_pk_restart_ctx *rs_ctx ) +int mbedtls_pk_verify_restartable(mbedtls_pk_context *ctx, + mbedtls_md_type_t md_alg, + const unsigned char *hash, size_t hash_len, + const unsigned char *sig, size_t sig_len, + mbedtls_pk_restart_ctx *rs_ctx) { - PK_VALIDATE_RET( ctx != NULL ); - PK_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE && hash_len == 0 ) || - hash != NULL ); - PK_VALIDATE_RET( sig != NULL ); - - if( ctx->pk_info == NULL || - pk_hashlen_helper( md_alg, &hash_len ) != 0 ) - return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); + PK_VALIDATE_RET(ctx != NULL); + PK_VALIDATE_RET((md_alg == MBEDTLS_MD_NONE && hash_len == 0) || + hash != NULL); + PK_VALIDATE_RET(sig != NULL); + + if (ctx->pk_info == NULL || + pk_hashlen_helper(md_alg, &hash_len) != 0) { + return MBEDTLS_ERR_PK_BAD_INPUT_DATA; + } #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) /* optimization: use non-restartable version if restart disabled */ - if( rs_ctx != NULL && + if (rs_ctx != NULL && mbedtls_ecp_restart_is_enabled() && - ctx->pk_info->verify_rs_func != NULL ) - { + ctx->pk_info->verify_rs_func != NULL) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - if( ( ret = pk_restart_setup( rs_ctx, ctx->pk_info ) ) != 0 ) - return( ret ); + if ((ret = pk_restart_setup(rs_ctx, ctx->pk_info)) != 0) { + return ret; + } - ret = ctx->pk_info->verify_rs_func( ctx->pk_ctx, - md_alg, hash, hash_len, sig, sig_len, rs_ctx->rs_ctx ); + ret = ctx->pk_info->verify_rs_func(ctx->pk_ctx, + md_alg, hash, hash_len, sig, sig_len, rs_ctx->rs_ctx); - if( ret != MBEDTLS_ERR_ECP_IN_PROGRESS ) - mbedtls_pk_restart_free( rs_ctx ); + if (ret != MBEDTLS_ERR_ECP_IN_PROGRESS) { + mbedtls_pk_restart_free(rs_ctx); + } - return( ret ); + return ret; } #else /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */ (void) rs_ctx; #endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */ - if( ctx->pk_info->verify_func == NULL ) - return( MBEDTLS_ERR_PK_TYPE_MISMATCH ); + if (ctx->pk_info->verify_func == NULL) { + return MBEDTLS_ERR_PK_TYPE_MISMATCH; + } - return( ctx->pk_info->verify_func( ctx->pk_ctx, md_alg, hash, hash_len, - sig, sig_len ) ); + return ctx->pk_info->verify_func(ctx->pk_ctx, md_alg, hash, hash_len, + sig, sig_len); } /* * Verify a signature */ -int mbedtls_pk_verify( mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg, - const unsigned char *hash, size_t hash_len, - const unsigned char *sig, size_t sig_len ) +int mbedtls_pk_verify(mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg, + const unsigned char *hash, size_t hash_len, + const unsigned char *sig, size_t sig_len) { - return( mbedtls_pk_verify_restartable( ctx, md_alg, hash, hash_len, - sig, sig_len, NULL ) ); + return mbedtls_pk_verify_restartable(ctx, md_alg, hash, hash_len, + sig, sig_len, NULL); } /* * Verify a signature with options */ -int mbedtls_pk_verify_ext( mbedtls_pk_type_t type, const void *options, - mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg, - const unsigned char *hash, size_t hash_len, - const unsigned char *sig, size_t sig_len ) +int mbedtls_pk_verify_ext(mbedtls_pk_type_t type, const void *options, + mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg, + const unsigned char *hash, size_t hash_len, + const unsigned char *sig, size_t sig_len) { - PK_VALIDATE_RET( ctx != NULL ); - PK_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE && hash_len == 0 ) || - hash != NULL ); - PK_VALIDATE_RET( sig != NULL ); + PK_VALIDATE_RET(ctx != NULL); + PK_VALIDATE_RET((md_alg == MBEDTLS_MD_NONE && hash_len == 0) || + hash != NULL); + PK_VALIDATE_RET(sig != NULL); - if( ctx->pk_info == NULL ) - return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); + if (ctx->pk_info == NULL) { + return MBEDTLS_ERR_PK_BAD_INPUT_DATA; + } - if( ! mbedtls_pk_can_do( ctx, type ) ) - return( MBEDTLS_ERR_PK_TYPE_MISMATCH ); + if (!mbedtls_pk_can_do(ctx, type)) { + return MBEDTLS_ERR_PK_TYPE_MISMATCH; + } - if( type == MBEDTLS_PK_RSASSA_PSS ) - { + if (type == MBEDTLS_PK_RSASSA_PSS) { #if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_PKCS1_V21) int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; const mbedtls_pk_rsassa_pss_options *pss_opts; #if SIZE_MAX > UINT_MAX - if( md_alg == MBEDTLS_MD_NONE && UINT_MAX < hash_len ) - return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); + if (md_alg == MBEDTLS_MD_NONE && UINT_MAX < hash_len) { + return MBEDTLS_ERR_PK_BAD_INPUT_DATA; + } #endif /* SIZE_MAX > UINT_MAX */ - if( options == NULL ) - return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); + if (options == NULL) { + return MBEDTLS_ERR_PK_BAD_INPUT_DATA; + } pss_opts = (const mbedtls_pk_rsassa_pss_options *) options; - if( sig_len < mbedtls_pk_get_len( ctx ) ) - return( MBEDTLS_ERR_RSA_VERIFY_FAILED ); - - ret = mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_pk_rsa( *ctx ), - NULL, NULL, MBEDTLS_RSA_PUBLIC, - md_alg, (unsigned int) hash_len, hash, - pss_opts->mgf1_hash_id, - pss_opts->expected_salt_len, - sig ); - if( ret != 0 ) - return( ret ); - - if( sig_len > mbedtls_pk_get_len( ctx ) ) - return( MBEDTLS_ERR_PK_SIG_LEN_MISMATCH ); - - return( 0 ); + if (sig_len < mbedtls_pk_get_len(ctx)) { + return MBEDTLS_ERR_RSA_VERIFY_FAILED; + } + + ret = mbedtls_rsa_rsassa_pss_verify_ext(mbedtls_pk_rsa(*ctx), + NULL, NULL, MBEDTLS_RSA_PUBLIC, + md_alg, (unsigned int) hash_len, hash, + pss_opts->mgf1_hash_id, + pss_opts->expected_salt_len, + sig); + if (ret != 0) { + return ret; + } + + if (sig_len > mbedtls_pk_get_len(ctx)) { + return MBEDTLS_ERR_PK_SIG_LEN_MISMATCH; + } + + return 0; #else - return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE ); + return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE; #endif /* MBEDTLS_RSA_C && MBEDTLS_PKCS1_V21 */ } /* General case: no options */ - if( options != NULL ) - return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); + if (options != NULL) { + return MBEDTLS_ERR_PK_BAD_INPUT_DATA; + } - return( mbedtls_pk_verify( ctx, md_alg, hash, hash_len, sig, sig_len ) ); + return mbedtls_pk_verify(ctx, md_alg, hash, hash_len, sig, sig_len); } /* * Make a signature (restartable) */ -int mbedtls_pk_sign_restartable( mbedtls_pk_context *ctx, - mbedtls_md_type_t md_alg, - const unsigned char *hash, size_t hash_len, - unsigned char *sig, size_t *sig_len, - int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, - mbedtls_pk_restart_ctx *rs_ctx ) +int mbedtls_pk_sign_restartable(mbedtls_pk_context *ctx, + mbedtls_md_type_t md_alg, + const unsigned char *hash, size_t hash_len, + unsigned char *sig, size_t *sig_len, + int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, + mbedtls_pk_restart_ctx *rs_ctx) { - PK_VALIDATE_RET( ctx != NULL ); - PK_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE && hash_len == 0 ) || - hash != NULL ); - PK_VALIDATE_RET( sig != NULL ); - - if( ctx->pk_info == NULL || - pk_hashlen_helper( md_alg, &hash_len ) != 0 ) - return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); + PK_VALIDATE_RET(ctx != NULL); + PK_VALIDATE_RET((md_alg == MBEDTLS_MD_NONE && hash_len == 0) || + hash != NULL); + PK_VALIDATE_RET(sig != NULL); + + if (ctx->pk_info == NULL || + pk_hashlen_helper(md_alg, &hash_len) != 0) { + return MBEDTLS_ERR_PK_BAD_INPUT_DATA; + } #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) /* optimization: use non-restartable version if restart disabled */ - if( rs_ctx != NULL && + if (rs_ctx != NULL && mbedtls_ecp_restart_is_enabled() && - ctx->pk_info->sign_rs_func != NULL ) - { + ctx->pk_info->sign_rs_func != NULL) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - if( ( ret = pk_restart_setup( rs_ctx, ctx->pk_info ) ) != 0 ) - return( ret ); + if ((ret = pk_restart_setup(rs_ctx, ctx->pk_info)) != 0) { + return ret; + } - ret = ctx->pk_info->sign_rs_func( ctx->pk_ctx, md_alg, - hash, hash_len, sig, sig_len, f_rng, p_rng, rs_ctx->rs_ctx ); + ret = ctx->pk_info->sign_rs_func(ctx->pk_ctx, md_alg, + hash, hash_len, sig, sig_len, f_rng, p_rng, + rs_ctx->rs_ctx); - if( ret != MBEDTLS_ERR_ECP_IN_PROGRESS ) - mbedtls_pk_restart_free( rs_ctx ); + if (ret != MBEDTLS_ERR_ECP_IN_PROGRESS) { + mbedtls_pk_restart_free(rs_ctx); + } - return( ret ); + return ret; } #else /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */ (void) rs_ctx; #endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */ - if( ctx->pk_info->sign_func == NULL ) - return( MBEDTLS_ERR_PK_TYPE_MISMATCH ); + if (ctx->pk_info->sign_func == NULL) { + return MBEDTLS_ERR_PK_TYPE_MISMATCH; + } - return( ctx->pk_info->sign_func( ctx->pk_ctx, md_alg, hash, hash_len, - sig, sig_len, f_rng, p_rng ) ); + return ctx->pk_info->sign_func(ctx->pk_ctx, md_alg, hash, hash_len, + sig, sig_len, f_rng, p_rng); } /* * Make a signature */ -int mbedtls_pk_sign( mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg, - const unsigned char *hash, size_t hash_len, - unsigned char *sig, size_t *sig_len, - int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) +int mbedtls_pk_sign(mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg, + const unsigned char *hash, size_t hash_len, + unsigned char *sig, size_t *sig_len, + int (*f_rng)(void *, unsigned char *, size_t), void *p_rng) { - return( mbedtls_pk_sign_restartable( ctx, md_alg, hash, hash_len, - sig, sig_len, f_rng, p_rng, NULL ) ); + return mbedtls_pk_sign_restartable(ctx, md_alg, hash, hash_len, + sig, sig_len, f_rng, p_rng, NULL); } /* * Decrypt message */ -int mbedtls_pk_decrypt( mbedtls_pk_context *ctx, - const unsigned char *input, size_t ilen, - unsigned char *output, size_t *olen, size_t osize, - int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) +int mbedtls_pk_decrypt(mbedtls_pk_context *ctx, + const unsigned char *input, size_t ilen, + unsigned char *output, size_t *olen, size_t osize, + int (*f_rng)(void *, unsigned char *, size_t), void *p_rng) { - PK_VALIDATE_RET( ctx != NULL ); - PK_VALIDATE_RET( input != NULL || ilen == 0 ); - PK_VALIDATE_RET( output != NULL || osize == 0 ); - PK_VALIDATE_RET( olen != NULL ); + PK_VALIDATE_RET(ctx != NULL); + PK_VALIDATE_RET(input != NULL || ilen == 0); + PK_VALIDATE_RET(output != NULL || osize == 0); + PK_VALIDATE_RET(olen != NULL); - if( ctx->pk_info == NULL ) - return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); + if (ctx->pk_info == NULL) { + return MBEDTLS_ERR_PK_BAD_INPUT_DATA; + } - if( ctx->pk_info->decrypt_func == NULL ) - return( MBEDTLS_ERR_PK_TYPE_MISMATCH ); + if (ctx->pk_info->decrypt_func == NULL) { + return MBEDTLS_ERR_PK_TYPE_MISMATCH; + } - return( ctx->pk_info->decrypt_func( ctx->pk_ctx, input, ilen, - output, olen, osize, f_rng, p_rng ) ); + return ctx->pk_info->decrypt_func(ctx->pk_ctx, input, ilen, + output, olen, osize, f_rng, p_rng); } /* * Encrypt message */ -int mbedtls_pk_encrypt( mbedtls_pk_context *ctx, - const unsigned char *input, size_t ilen, - unsigned char *output, size_t *olen, size_t osize, - int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) +int mbedtls_pk_encrypt(mbedtls_pk_context *ctx, + const unsigned char *input, size_t ilen, + unsigned char *output, size_t *olen, size_t osize, + int (*f_rng)(void *, unsigned char *, size_t), void *p_rng) { - PK_VALIDATE_RET( ctx != NULL ); - PK_VALIDATE_RET( input != NULL || ilen == 0 ); - PK_VALIDATE_RET( output != NULL || osize == 0 ); - PK_VALIDATE_RET( olen != NULL ); + PK_VALIDATE_RET(ctx != NULL); + PK_VALIDATE_RET(input != NULL || ilen == 0); + PK_VALIDATE_RET(output != NULL || osize == 0); + PK_VALIDATE_RET(olen != NULL); - if( ctx->pk_info == NULL ) - return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); + if (ctx->pk_info == NULL) { + return MBEDTLS_ERR_PK_BAD_INPUT_DATA; + } - if( ctx->pk_info->encrypt_func == NULL ) - return( MBEDTLS_ERR_PK_TYPE_MISMATCH ); + if (ctx->pk_info->encrypt_func == NULL) { + return MBEDTLS_ERR_PK_TYPE_MISMATCH; + } - return( ctx->pk_info->encrypt_func( ctx->pk_ctx, input, ilen, - output, olen, osize, f_rng, p_rng ) ); + return ctx->pk_info->encrypt_func(ctx->pk_ctx, input, ilen, + output, olen, osize, f_rng, p_rng); } /* * Check public-private key pair */ -int mbedtls_pk_check_pair( const mbedtls_pk_context *pub, const mbedtls_pk_context *prv ) +int mbedtls_pk_check_pair(const mbedtls_pk_context *pub, const mbedtls_pk_context *prv) { - PK_VALIDATE_RET( pub != NULL ); - PK_VALIDATE_RET( prv != NULL ); + PK_VALIDATE_RET(pub != NULL); + PK_VALIDATE_RET(prv != NULL); - if( pub->pk_info == NULL || - prv->pk_info == NULL ) - { - return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); + if (pub->pk_info == NULL || + prv->pk_info == NULL) { + return MBEDTLS_ERR_PK_BAD_INPUT_DATA; } - if( prv->pk_info->check_pair_func == NULL ) - return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE ); - - if( prv->pk_info->type == MBEDTLS_PK_RSA_ALT ) - { - if( pub->pk_info->type != MBEDTLS_PK_RSA ) - return( MBEDTLS_ERR_PK_TYPE_MISMATCH ); + if (prv->pk_info->check_pair_func == NULL) { + return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE; } - else - { - if( pub->pk_info != prv->pk_info ) - return( MBEDTLS_ERR_PK_TYPE_MISMATCH ); + + if (prv->pk_info->type == MBEDTLS_PK_RSA_ALT) { + if (pub->pk_info->type != MBEDTLS_PK_RSA) { + return MBEDTLS_ERR_PK_TYPE_MISMATCH; + } + } else { + if (pub->pk_info != prv->pk_info) { + return MBEDTLS_ERR_PK_TYPE_MISMATCH; + } } - return( prv->pk_info->check_pair_func( pub->pk_ctx, prv->pk_ctx ) ); + return prv->pk_info->check_pair_func(pub->pk_ctx, prv->pk_ctx); } /* * Get key size in bits */ -size_t mbedtls_pk_get_bitlen( const mbedtls_pk_context *ctx ) +size_t mbedtls_pk_get_bitlen(const mbedtls_pk_context *ctx) { /* For backward compatibility, accept NULL or a context that * isn't set up yet, and return a fake value that should be safe. */ - if( ctx == NULL || ctx->pk_info == NULL ) - return( 0 ); + if (ctx == NULL || ctx->pk_info == NULL) { + return 0; + } - return( ctx->pk_info->get_bitlen( ctx->pk_ctx ) ); + return ctx->pk_info->get_bitlen(ctx->pk_ctx); } /* * Export debug information */ -int mbedtls_pk_debug( const mbedtls_pk_context *ctx, mbedtls_pk_debug_item *items ) +int mbedtls_pk_debug(const mbedtls_pk_context *ctx, mbedtls_pk_debug_item *items) { - PK_VALIDATE_RET( ctx != NULL ); - if( ctx->pk_info == NULL ) - return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); + PK_VALIDATE_RET(ctx != NULL); + if (ctx->pk_info == NULL) { + return MBEDTLS_ERR_PK_BAD_INPUT_DATA; + } - if( ctx->pk_info->debug_func == NULL ) - return( MBEDTLS_ERR_PK_TYPE_MISMATCH ); + if (ctx->pk_info->debug_func == NULL) { + return MBEDTLS_ERR_PK_TYPE_MISMATCH; + } - ctx->pk_info->debug_func( ctx->pk_ctx, items ); - return( 0 ); + ctx->pk_info->debug_func(ctx->pk_ctx, items); + return 0; } /* * Access the PK type name */ -const char *mbedtls_pk_get_name( const mbedtls_pk_context *ctx ) +const char *mbedtls_pk_get_name(const mbedtls_pk_context *ctx) { - if( ctx == NULL || ctx->pk_info == NULL ) - return( "invalid PK" ); + if (ctx == NULL || ctx->pk_info == NULL) { + return "invalid PK"; + } - return( ctx->pk_info->name ); + return ctx->pk_info->name; } /* * Access the PK type */ -mbedtls_pk_type_t mbedtls_pk_get_type( const mbedtls_pk_context *ctx ) +mbedtls_pk_type_t mbedtls_pk_get_type(const mbedtls_pk_context *ctx) { - if( ctx == NULL || ctx->pk_info == NULL ) - return( MBEDTLS_PK_NONE ); + if (ctx == NULL || ctx->pk_info == NULL) { + return MBEDTLS_PK_NONE; + } - return( ctx->pk_info->type ); + return ctx->pk_info->type; } #if defined(MBEDTLS_USE_PSA_CRYPTO) @@ -590,15 +628,15 @@ mbedtls_pk_type_t mbedtls_pk_get_type( const mbedtls_pk_context *ctx ) * * Currently only works for EC private keys. */ -int mbedtls_pk_wrap_as_opaque( mbedtls_pk_context *pk, - psa_key_id_t *key, - psa_algorithm_t hash_alg ) +int mbedtls_pk_wrap_as_opaque(mbedtls_pk_context *pk, + psa_key_id_t *key, + psa_algorithm_t hash_alg) { #if !defined(MBEDTLS_ECP_C) ((void) pk); ((void) key); ((void) hash_alg); - return( MBEDTLS_ERR_PK_TYPE_MISMATCH ); + return MBEDTLS_ERR_PK_TYPE_MISMATCH; #else const mbedtls_ecp_keypair *ec; unsigned char d[MBEDTLS_ECP_MAX_BYTES]; @@ -610,32 +648,35 @@ int mbedtls_pk_wrap_as_opaque( mbedtls_pk_context *pk, int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; /* export the private key material in the format PSA wants */ - if( mbedtls_pk_get_type( pk ) != MBEDTLS_PK_ECKEY ) - return( MBEDTLS_ERR_PK_TYPE_MISMATCH ); + if (mbedtls_pk_get_type(pk) != MBEDTLS_PK_ECKEY) { + return MBEDTLS_ERR_PK_TYPE_MISMATCH; + } - ec = mbedtls_pk_ec( *pk ); - d_len = ( ec->grp.nbits + 7 ) / 8; - if( ( ret = mbedtls_mpi_write_binary( &ec->d, d, d_len ) ) != 0 ) - return( ret ); + ec = mbedtls_pk_ec(*pk); + d_len = (ec->grp.nbits + 7) / 8; + if ((ret = mbedtls_mpi_write_binary(&ec->d, d, d_len)) != 0) { + return ret; + } - curve_id = mbedtls_ecc_group_to_psa( ec->grp.id, &bits ); - key_type = PSA_KEY_TYPE_ECC_KEY_PAIR( curve_id ); + curve_id = mbedtls_ecc_group_to_psa(ec->grp.id, &bits); + key_type = PSA_KEY_TYPE_ECC_KEY_PAIR(curve_id); /* prepare the key attributes */ - psa_set_key_type( &attributes, key_type ); - psa_set_key_bits( &attributes, bits ); - psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_HASH ); - psa_set_key_algorithm( &attributes, PSA_ALG_ECDSA(hash_alg) ); + psa_set_key_type(&attributes, key_type); + psa_set_key_bits(&attributes, bits); + psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_HASH); + psa_set_key_algorithm(&attributes, PSA_ALG_ECDSA(hash_alg)); /* import private key into PSA */ - if( PSA_SUCCESS != psa_import_key( &attributes, d, d_len, key ) ) - return( MBEDTLS_ERR_PK_HW_ACCEL_FAILED ); + if (PSA_SUCCESS != psa_import_key(&attributes, d, d_len, key)) { + return MBEDTLS_ERR_PK_HW_ACCEL_FAILED; + } /* make PK context wrap the key slot */ - mbedtls_pk_free( pk ); - mbedtls_pk_init( pk ); + mbedtls_pk_free(pk); + mbedtls_pk_init(pk); - return( mbedtls_pk_setup_opaque( pk, *key ) ); + return mbedtls_pk_setup_opaque(pk, *key); #endif /* MBEDTLS_ECP_C */ } #endif /* MBEDTLS_USE_PSA_CRYPTO */ diff --git a/thirdparty/mbedtls/library/pk_wrap.c b/thirdparty/mbedtls/library/pk_wrap.c index f35abf21a4..f577fccdbb 100644 --- a/thirdparty/mbedtls/library/pk_wrap.c +++ b/thirdparty/mbedtls/library/pk_wrap.c @@ -56,130 +56,138 @@ #include #if defined(MBEDTLS_RSA_C) -static int rsa_can_do( mbedtls_pk_type_t type ) +static int rsa_can_do(mbedtls_pk_type_t type) { - return( type == MBEDTLS_PK_RSA || - type == MBEDTLS_PK_RSASSA_PSS ); + return type == MBEDTLS_PK_RSA || + type == MBEDTLS_PK_RSASSA_PSS; } -static size_t rsa_get_bitlen( const void *ctx ) +static size_t rsa_get_bitlen(const void *ctx) { - const mbedtls_rsa_context * rsa = (const mbedtls_rsa_context *) ctx; - return( 8 * mbedtls_rsa_get_len( rsa ) ); + const mbedtls_rsa_context *rsa = (const mbedtls_rsa_context *) ctx; + return 8 * mbedtls_rsa_get_len(rsa); } -static int rsa_verify_wrap( void *ctx, mbedtls_md_type_t md_alg, - const unsigned char *hash, size_t hash_len, - const unsigned char *sig, size_t sig_len ) +static int rsa_verify_wrap(void *ctx, mbedtls_md_type_t md_alg, + const unsigned char *hash, size_t hash_len, + const unsigned char *sig, size_t sig_len) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - mbedtls_rsa_context * rsa = (mbedtls_rsa_context *) ctx; - size_t rsa_len = mbedtls_rsa_get_len( rsa ); + mbedtls_rsa_context *rsa = (mbedtls_rsa_context *) ctx; + size_t rsa_len = mbedtls_rsa_get_len(rsa); #if SIZE_MAX > UINT_MAX - if( md_alg == MBEDTLS_MD_NONE && UINT_MAX < hash_len ) - return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); + if (md_alg == MBEDTLS_MD_NONE && UINT_MAX < hash_len) { + return MBEDTLS_ERR_PK_BAD_INPUT_DATA; + } #endif /* SIZE_MAX > UINT_MAX */ - if( sig_len < rsa_len ) - return( MBEDTLS_ERR_RSA_VERIFY_FAILED ); + if (sig_len < rsa_len) { + return MBEDTLS_ERR_RSA_VERIFY_FAILED; + } - if( ( ret = mbedtls_rsa_pkcs1_verify( rsa, NULL, NULL, - MBEDTLS_RSA_PUBLIC, md_alg, - (unsigned int) hash_len, hash, sig ) ) != 0 ) - return( ret ); + if ((ret = mbedtls_rsa_pkcs1_verify(rsa, NULL, NULL, + MBEDTLS_RSA_PUBLIC, md_alg, + (unsigned int) hash_len, hash, sig)) != 0) { + return ret; + } /* The buffer contains a valid signature followed by extra data. * We have a special error code for that so that so that callers can * use mbedtls_pk_verify() to check "Does the buffer start with a * valid signature?" and not just "Does the buffer contain a valid * signature?". */ - if( sig_len > rsa_len ) - return( MBEDTLS_ERR_PK_SIG_LEN_MISMATCH ); + if (sig_len > rsa_len) { + return MBEDTLS_ERR_PK_SIG_LEN_MISMATCH; + } - return( 0 ); + return 0; } -static int rsa_sign_wrap( void *ctx, mbedtls_md_type_t md_alg, - const unsigned char *hash, size_t hash_len, - unsigned char *sig, size_t *sig_len, - int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) +static int rsa_sign_wrap(void *ctx, mbedtls_md_type_t md_alg, + const unsigned char *hash, size_t hash_len, + unsigned char *sig, size_t *sig_len, + int (*f_rng)(void *, unsigned char *, size_t), void *p_rng) { - mbedtls_rsa_context * rsa = (mbedtls_rsa_context *) ctx; + mbedtls_rsa_context *rsa = (mbedtls_rsa_context *) ctx; #if SIZE_MAX > UINT_MAX - if( md_alg == MBEDTLS_MD_NONE && UINT_MAX < hash_len ) - return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); + if (md_alg == MBEDTLS_MD_NONE && UINT_MAX < hash_len) { + return MBEDTLS_ERR_PK_BAD_INPUT_DATA; + } #endif /* SIZE_MAX > UINT_MAX */ - *sig_len = mbedtls_rsa_get_len( rsa ); + *sig_len = mbedtls_rsa_get_len(rsa); - return( mbedtls_rsa_pkcs1_sign( rsa, f_rng, p_rng, MBEDTLS_RSA_PRIVATE, - md_alg, (unsigned int) hash_len, hash, sig ) ); + return mbedtls_rsa_pkcs1_sign(rsa, f_rng, p_rng, MBEDTLS_RSA_PRIVATE, + md_alg, (unsigned int) hash_len, hash, sig); } -static int rsa_decrypt_wrap( void *ctx, - const unsigned char *input, size_t ilen, - unsigned char *output, size_t *olen, size_t osize, - int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) +static int rsa_decrypt_wrap(void *ctx, + const unsigned char *input, size_t ilen, + unsigned char *output, size_t *olen, size_t osize, + int (*f_rng)(void *, unsigned char *, size_t), void *p_rng) { - mbedtls_rsa_context * rsa = (mbedtls_rsa_context *) ctx; + mbedtls_rsa_context *rsa = (mbedtls_rsa_context *) ctx; - if( ilen != mbedtls_rsa_get_len( rsa ) ) - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + if (ilen != mbedtls_rsa_get_len(rsa)) { + return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; + } - return( mbedtls_rsa_pkcs1_decrypt( rsa, f_rng, p_rng, - MBEDTLS_RSA_PRIVATE, olen, input, output, osize ) ); + return mbedtls_rsa_pkcs1_decrypt(rsa, f_rng, p_rng, + MBEDTLS_RSA_PRIVATE, olen, input, output, osize); } -static int rsa_encrypt_wrap( void *ctx, - const unsigned char *input, size_t ilen, - unsigned char *output, size_t *olen, size_t osize, - int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) +static int rsa_encrypt_wrap(void *ctx, + const unsigned char *input, size_t ilen, + unsigned char *output, size_t *olen, size_t osize, + int (*f_rng)(void *, unsigned char *, size_t), void *p_rng) { - mbedtls_rsa_context * rsa = (mbedtls_rsa_context *) ctx; - *olen = mbedtls_rsa_get_len( rsa ); + mbedtls_rsa_context *rsa = (mbedtls_rsa_context *) ctx; + *olen = mbedtls_rsa_get_len(rsa); - if( *olen > osize ) - return( MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE ); + if (*olen > osize) { + return MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE; + } - return( mbedtls_rsa_pkcs1_encrypt( rsa, f_rng, p_rng, MBEDTLS_RSA_PUBLIC, - ilen, input, output ) ); + return mbedtls_rsa_pkcs1_encrypt(rsa, f_rng, p_rng, MBEDTLS_RSA_PUBLIC, + ilen, input, output); } -static int rsa_check_pair_wrap( const void *pub, const void *prv ) +static int rsa_check_pair_wrap(const void *pub, const void *prv) { - return( mbedtls_rsa_check_pub_priv( (const mbedtls_rsa_context *) pub, - (const mbedtls_rsa_context *) prv ) ); + return mbedtls_rsa_check_pub_priv((const mbedtls_rsa_context *) pub, + (const mbedtls_rsa_context *) prv); } -static void *rsa_alloc_wrap( void ) +static void *rsa_alloc_wrap(void) { - void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_rsa_context ) ); + void *ctx = mbedtls_calloc(1, sizeof(mbedtls_rsa_context)); - if( ctx != NULL ) - mbedtls_rsa_init( (mbedtls_rsa_context *) ctx, 0, 0 ); + if (ctx != NULL) { + mbedtls_rsa_init((mbedtls_rsa_context *) ctx, 0, 0); + } - return( ctx ); + return ctx; } -static void rsa_free_wrap( void *ctx ) +static void rsa_free_wrap(void *ctx) { - mbedtls_rsa_free( (mbedtls_rsa_context *) ctx ); - mbedtls_free( ctx ); + mbedtls_rsa_free((mbedtls_rsa_context *) ctx); + mbedtls_free(ctx); } -static void rsa_debug( const void *ctx, mbedtls_pk_debug_item *items ) +static void rsa_debug(const void *ctx, mbedtls_pk_debug_item *items) { items->type = MBEDTLS_PK_DEBUG_MPI; items->name = "rsa.N"; - items->value = &( ((mbedtls_rsa_context *) ctx)->N ); + items->value = &(((mbedtls_rsa_context *) ctx)->N); items++; items->type = MBEDTLS_PK_DEBUG_MPI; items->name = "rsa.E"; - items->value = &( ((mbedtls_rsa_context *) ctx)->E ); + items->value = &(((mbedtls_rsa_context *) ctx)->E); } const mbedtls_pk_info_t mbedtls_rsa_info = { @@ -210,77 +218,79 @@ const mbedtls_pk_info_t mbedtls_rsa_info = { /* * Generic EC key */ -static int eckey_can_do( mbedtls_pk_type_t type ) +static int eckey_can_do(mbedtls_pk_type_t type) { - return( type == MBEDTLS_PK_ECKEY || - type == MBEDTLS_PK_ECKEY_DH || - type == MBEDTLS_PK_ECDSA ); + return type == MBEDTLS_PK_ECKEY || + type == MBEDTLS_PK_ECKEY_DH || + type == MBEDTLS_PK_ECDSA; } -static size_t eckey_get_bitlen( const void *ctx ) +static size_t eckey_get_bitlen(const void *ctx) { - return( ((mbedtls_ecp_keypair *) ctx)->grp.pbits ); + return ((mbedtls_ecp_keypair *) ctx)->grp.pbits; } #if defined(MBEDTLS_ECDSA_C) /* Forward declarations */ -static int ecdsa_verify_wrap( void *ctx, mbedtls_md_type_t md_alg, - const unsigned char *hash, size_t hash_len, - const unsigned char *sig, size_t sig_len ); - -static int ecdsa_sign_wrap( void *ctx, mbedtls_md_type_t md_alg, - const unsigned char *hash, size_t hash_len, - unsigned char *sig, size_t *sig_len, - int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ); - -static int eckey_verify_wrap( void *ctx, mbedtls_md_type_t md_alg, - const unsigned char *hash, size_t hash_len, - const unsigned char *sig, size_t sig_len ) +static int ecdsa_verify_wrap(void *ctx, mbedtls_md_type_t md_alg, + const unsigned char *hash, size_t hash_len, + const unsigned char *sig, size_t sig_len); + +static int ecdsa_sign_wrap(void *ctx, mbedtls_md_type_t md_alg, + const unsigned char *hash, size_t hash_len, + unsigned char *sig, size_t *sig_len, + int (*f_rng)(void *, unsigned char *, size_t), void *p_rng); + +static int eckey_verify_wrap(void *ctx, mbedtls_md_type_t md_alg, + const unsigned char *hash, size_t hash_len, + const unsigned char *sig, size_t sig_len) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_ecdsa_context ecdsa; - mbedtls_ecdsa_init( &ecdsa ); + mbedtls_ecdsa_init(&ecdsa); - if( ( ret = mbedtls_ecdsa_from_keypair( &ecdsa, ctx ) ) == 0 ) - ret = ecdsa_verify_wrap( &ecdsa, md_alg, hash, hash_len, sig, sig_len ); + if ((ret = mbedtls_ecdsa_from_keypair(&ecdsa, ctx)) == 0) { + ret = ecdsa_verify_wrap(&ecdsa, md_alg, hash, hash_len, sig, sig_len); + } - mbedtls_ecdsa_free( &ecdsa ); + mbedtls_ecdsa_free(&ecdsa); - return( ret ); + return ret; } -static int eckey_sign_wrap( void *ctx, mbedtls_md_type_t md_alg, - const unsigned char *hash, size_t hash_len, - unsigned char *sig, size_t *sig_len, - int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) +static int eckey_sign_wrap(void *ctx, mbedtls_md_type_t md_alg, + const unsigned char *hash, size_t hash_len, + unsigned char *sig, size_t *sig_len, + int (*f_rng)(void *, unsigned char *, size_t), void *p_rng) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_ecdsa_context ecdsa; - mbedtls_ecdsa_init( &ecdsa ); + mbedtls_ecdsa_init(&ecdsa); - if( ( ret = mbedtls_ecdsa_from_keypair( &ecdsa, ctx ) ) == 0 ) - ret = ecdsa_sign_wrap( &ecdsa, md_alg, hash, hash_len, sig, sig_len, - f_rng, p_rng ); + if ((ret = mbedtls_ecdsa_from_keypair(&ecdsa, ctx)) == 0) { + ret = ecdsa_sign_wrap(&ecdsa, md_alg, hash, hash_len, sig, sig_len, + f_rng, p_rng); + } - mbedtls_ecdsa_free( &ecdsa ); + mbedtls_ecdsa_free(&ecdsa); - return( ret ); + return ret; } #if defined(MBEDTLS_ECP_RESTARTABLE) /* Forward declarations */ -static int ecdsa_verify_rs_wrap( void *ctx, mbedtls_md_type_t md_alg, - const unsigned char *hash, size_t hash_len, - const unsigned char *sig, size_t sig_len, - void *rs_ctx ); +static int ecdsa_verify_rs_wrap(void *ctx, mbedtls_md_type_t md_alg, + const unsigned char *hash, size_t hash_len, + const unsigned char *sig, size_t sig_len, + void *rs_ctx); -static int ecdsa_sign_rs_wrap( void *ctx, mbedtls_md_type_t md_alg, - const unsigned char *hash, size_t hash_len, - unsigned char *sig, size_t *sig_len, - int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, - void *rs_ctx ); +static int ecdsa_sign_rs_wrap(void *ctx, mbedtls_md_type_t md_alg, + const unsigned char *hash, size_t hash_len, + unsigned char *sig, size_t *sig_len, + int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, + void *rs_ctx); /* * Restart context for ECDSA operations with ECKEY context @@ -288,120 +298,124 @@ static int ecdsa_sign_rs_wrap( void *ctx, mbedtls_md_type_t md_alg, * We need to store an actual ECDSA context, as we need to pass the same to * the underlying ecdsa function, so we can't create it on the fly every time. */ -typedef struct -{ +typedef struct { mbedtls_ecdsa_restart_ctx ecdsa_rs; mbedtls_ecdsa_context ecdsa_ctx; } eckey_restart_ctx; -static void *eckey_rs_alloc( void ) +static void *eckey_rs_alloc(void) { eckey_restart_ctx *rs_ctx; - void *ctx = mbedtls_calloc( 1, sizeof( eckey_restart_ctx ) ); + void *ctx = mbedtls_calloc(1, sizeof(eckey_restart_ctx)); - if( ctx != NULL ) - { + if (ctx != NULL) { rs_ctx = ctx; - mbedtls_ecdsa_restart_init( &rs_ctx->ecdsa_rs ); - mbedtls_ecdsa_init( &rs_ctx->ecdsa_ctx ); + mbedtls_ecdsa_restart_init(&rs_ctx->ecdsa_rs); + mbedtls_ecdsa_init(&rs_ctx->ecdsa_ctx); } - return( ctx ); + return ctx; } -static void eckey_rs_free( void *ctx ) +static void eckey_rs_free(void *ctx) { eckey_restart_ctx *rs_ctx; - if( ctx == NULL) + if (ctx == NULL) { return; + } rs_ctx = ctx; - mbedtls_ecdsa_restart_free( &rs_ctx->ecdsa_rs ); - mbedtls_ecdsa_free( &rs_ctx->ecdsa_ctx ); + mbedtls_ecdsa_restart_free(&rs_ctx->ecdsa_rs); + mbedtls_ecdsa_free(&rs_ctx->ecdsa_ctx); - mbedtls_free( ctx ); + mbedtls_free(ctx); } -static int eckey_verify_rs_wrap( void *ctx, mbedtls_md_type_t md_alg, - const unsigned char *hash, size_t hash_len, - const unsigned char *sig, size_t sig_len, - void *rs_ctx ) +static int eckey_verify_rs_wrap(void *ctx, mbedtls_md_type_t md_alg, + const unsigned char *hash, size_t hash_len, + const unsigned char *sig, size_t sig_len, + void *rs_ctx) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; eckey_restart_ctx *rs = rs_ctx; /* Should never happen */ - if( rs == NULL ) - return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); + if (rs == NULL) { + return MBEDTLS_ERR_PK_BAD_INPUT_DATA; + } /* set up our own sub-context if needed (that is, on first run) */ - if( rs->ecdsa_ctx.grp.pbits == 0 ) - MBEDTLS_MPI_CHK( mbedtls_ecdsa_from_keypair( &rs->ecdsa_ctx, ctx ) ); + if (rs->ecdsa_ctx.grp.pbits == 0) { + MBEDTLS_MPI_CHK(mbedtls_ecdsa_from_keypair(&rs->ecdsa_ctx, ctx)); + } - MBEDTLS_MPI_CHK( ecdsa_verify_rs_wrap( &rs->ecdsa_ctx, - md_alg, hash, hash_len, - sig, sig_len, &rs->ecdsa_rs ) ); + MBEDTLS_MPI_CHK(ecdsa_verify_rs_wrap(&rs->ecdsa_ctx, + md_alg, hash, hash_len, + sig, sig_len, &rs->ecdsa_rs)); cleanup: - return( ret ); + return ret; } -static int eckey_sign_rs_wrap( void *ctx, mbedtls_md_type_t md_alg, - const unsigned char *hash, size_t hash_len, - unsigned char *sig, size_t *sig_len, - int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, - void *rs_ctx ) +static int eckey_sign_rs_wrap(void *ctx, mbedtls_md_type_t md_alg, + const unsigned char *hash, size_t hash_len, + unsigned char *sig, size_t *sig_len, + int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, + void *rs_ctx) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; eckey_restart_ctx *rs = rs_ctx; /* Should never happen */ - if( rs == NULL ) - return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); + if (rs == NULL) { + return MBEDTLS_ERR_PK_BAD_INPUT_DATA; + } /* set up our own sub-context if needed (that is, on first run) */ - if( rs->ecdsa_ctx.grp.pbits == 0 ) - MBEDTLS_MPI_CHK( mbedtls_ecdsa_from_keypair( &rs->ecdsa_ctx, ctx ) ); + if (rs->ecdsa_ctx.grp.pbits == 0) { + MBEDTLS_MPI_CHK(mbedtls_ecdsa_from_keypair(&rs->ecdsa_ctx, ctx)); + } - MBEDTLS_MPI_CHK( ecdsa_sign_rs_wrap( &rs->ecdsa_ctx, md_alg, - hash, hash_len, sig, sig_len, - f_rng, p_rng, &rs->ecdsa_rs ) ); + MBEDTLS_MPI_CHK(ecdsa_sign_rs_wrap(&rs->ecdsa_ctx, md_alg, + hash, hash_len, sig, sig_len, + f_rng, p_rng, &rs->ecdsa_rs)); cleanup: - return( ret ); + return ret; } #endif /* MBEDTLS_ECP_RESTARTABLE */ #endif /* MBEDTLS_ECDSA_C */ -static int eckey_check_pair( const void *pub, const void *prv ) +static int eckey_check_pair(const void *pub, const void *prv) { - return( mbedtls_ecp_check_pub_priv( (const mbedtls_ecp_keypair *) pub, - (const mbedtls_ecp_keypair *) prv ) ); + return mbedtls_ecp_check_pub_priv((const mbedtls_ecp_keypair *) pub, + (const mbedtls_ecp_keypair *) prv); } -static void *eckey_alloc_wrap( void ) +static void *eckey_alloc_wrap(void) { - void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_ecp_keypair ) ); + void *ctx = mbedtls_calloc(1, sizeof(mbedtls_ecp_keypair)); - if( ctx != NULL ) - mbedtls_ecp_keypair_init( ctx ); + if (ctx != NULL) { + mbedtls_ecp_keypair_init(ctx); + } - return( ctx ); + return ctx; } -static void eckey_free_wrap( void *ctx ) +static void eckey_free_wrap(void *ctx) { - mbedtls_ecp_keypair_free( (mbedtls_ecp_keypair *) ctx ); - mbedtls_free( ctx ); + mbedtls_ecp_keypair_free((mbedtls_ecp_keypair *) ctx); + mbedtls_free(ctx); } -static void eckey_debug( const void *ctx, mbedtls_pk_debug_item *items ) +static void eckey_debug(const void *ctx, mbedtls_pk_debug_item *items) { items->type = MBEDTLS_PK_DEBUG_ECP; items->name = "eckey.Q"; - items->value = &( ((mbedtls_ecp_keypair *) ctx)->Q ); + items->value = &(((mbedtls_ecp_keypair *) ctx)->Q); } const mbedtls_pk_info_t mbedtls_eckey_info = { @@ -435,10 +449,10 @@ const mbedtls_pk_info_t mbedtls_eckey_info = { /* * EC key restricted to ECDH */ -static int eckeydh_can_do( mbedtls_pk_type_t type ) +static int eckeydh_can_do(mbedtls_pk_type_t type) { - return( type == MBEDTLS_PK_ECKEY || - type == MBEDTLS_PK_ECKEY_DH ); + return type == MBEDTLS_PK_ECKEY || + type == MBEDTLS_PK_ECKEY_DH; } const mbedtls_pk_info_t mbedtls_eckeydh_info = { @@ -466,9 +480,9 @@ const mbedtls_pk_info_t mbedtls_eckeydh_info = { #endif /* MBEDTLS_ECP_C */ #if defined(MBEDTLS_ECDSA_C) -static int ecdsa_can_do( mbedtls_pk_type_t type ) +static int ecdsa_can_do(mbedtls_pk_type_t type) { - return( type == MBEDTLS_PK_ECDSA ); + return type == MBEDTLS_PK_ECDSA; } #if defined(MBEDTLS_USE_PSA_CRYPTO) @@ -476,33 +490,32 @@ static int ecdsa_can_do( mbedtls_pk_type_t type ) * An ASN.1 encoded signature is a sequence of two ASN.1 integers. Parse one of * those integers and convert it to the fixed-length encoding expected by PSA. */ -static int extract_ecdsa_sig_int( unsigned char **from, const unsigned char *end, - unsigned char *to, size_t to_len ) +static int extract_ecdsa_sig_int(unsigned char **from, const unsigned char *end, + unsigned char *to, size_t to_len) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t unpadded_len, padding_len; - if( ( ret = mbedtls_asn1_get_tag( from, end, &unpadded_len, - MBEDTLS_ASN1_INTEGER ) ) != 0 ) - { - return( ret ); + if ((ret = mbedtls_asn1_get_tag(from, end, &unpadded_len, + MBEDTLS_ASN1_INTEGER)) != 0) { + return ret; } - while( unpadded_len > 0 && **from == 0x00 ) - { - ( *from )++; + while (unpadded_len > 0 && **from == 0x00) { + (*from)++; unpadded_len--; } - if( unpadded_len > to_len || unpadded_len == 0 ) - return( MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); + if (unpadded_len > to_len || unpadded_len == 0) { + return MBEDTLS_ERR_ASN1_LENGTH_MISMATCH; + } padding_len = to_len - unpadded_len; - memset( to, 0x00, padding_len ); - memcpy( to + padding_len, *from, unpadded_len ); - ( *from ) += unpadded_len; + memset(to, 0x00, padding_len); + memcpy(to + padding_len, *from, unpadded_len); + (*from) += unpadded_len; - return( 0 ); + return 0; } /* @@ -510,29 +523,32 @@ static int extract_ecdsa_sig_int( unsigned char **from, const unsigned char *end * to a raw {r,s} buffer. Note: the provided sig buffer must be at least * twice as big as int_size. */ -static int extract_ecdsa_sig( unsigned char **p, const unsigned char *end, - unsigned char *sig, size_t int_size ) +static int extract_ecdsa_sig(unsigned char **p, const unsigned char *end, + unsigned char *sig, size_t int_size) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t tmp_size; - if( ( ret = mbedtls_asn1_get_tag( p, end, &tmp_size, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) - return( ret ); + if ((ret = mbedtls_asn1_get_tag(p, end, &tmp_size, + MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { + return ret; + } /* Extract r */ - if( ( ret = extract_ecdsa_sig_int( p, end, sig, int_size ) ) != 0 ) - return( ret ); + if ((ret = extract_ecdsa_sig_int(p, end, sig, int_size)) != 0) { + return ret; + } /* Extract s */ - if( ( ret = extract_ecdsa_sig_int( p, end, sig + int_size, int_size ) ) != 0 ) - return( ret ); + if ((ret = extract_ecdsa_sig_int(p, end, sig + int_size, int_size)) != 0) { + return ret; + } - return( 0 ); + return 0; } -static int ecdsa_verify_wrap( void *ctx_arg, mbedtls_md_type_t md_alg, - const unsigned char *hash, size_t hash_len, - const unsigned char *sig, size_t sig_len ) +static int ecdsa_verify_wrap(void *ctx_arg, mbedtls_md_type_t md_alg, + const unsigned char *hash, size_t hash_len, + const unsigned char *sig, size_t sig_len) { mbedtls_ecdsa_context *ctx = ctx_arg; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; @@ -548,162 +564,163 @@ static int ecdsa_verify_wrap( void *ctx_arg, mbedtls_md_type_t md_alg, psa_algorithm_t psa_sig_md = PSA_ALG_ECDSA_ANY; size_t curve_bits; psa_ecc_family_t curve = - mbedtls_ecc_group_to_psa( ctx->grp.id, &curve_bits ); - const size_t signature_part_size = ( ctx->grp.nbits + 7 ) / 8; + mbedtls_ecc_group_to_psa(ctx->grp.id, &curve_bits); + const size_t signature_part_size = (ctx->grp.nbits + 7) / 8; ((void) md_alg); - if( curve == 0 ) - return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); + if (curve == 0) { + return MBEDTLS_ERR_PK_BAD_INPUT_DATA; + } /* mbedtls_pk_write_pubkey() expects a full PK context; * re-construct one to make it happy */ key.pk_info = &pk_info; key.pk_ctx = ctx; - p = buf + sizeof( buf ); - key_len = mbedtls_pk_write_pubkey( &p, buf, &key ); - if( key_len <= 0 ) - return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); - - psa_set_key_type( &attributes, PSA_KEY_TYPE_ECC_PUBLIC_KEY( curve ) ); - psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_VERIFY_HASH ); - psa_set_key_algorithm( &attributes, psa_sig_md ); - - status = psa_import_key( &attributes, - buf + sizeof( buf ) - key_len, key_len, - &key_id ); - if( status != PSA_SUCCESS ) - { - ret = mbedtls_psa_err_translate_pk( status ); + p = buf + sizeof(buf); + key_len = mbedtls_pk_write_pubkey(&p, buf, &key); + if (key_len <= 0) { + return MBEDTLS_ERR_PK_BAD_INPUT_DATA; + } + + psa_set_key_type(&attributes, PSA_KEY_TYPE_ECC_PUBLIC_KEY(curve)); + psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_VERIFY_HASH); + psa_set_key_algorithm(&attributes, psa_sig_md); + + status = psa_import_key(&attributes, + buf + sizeof(buf) - key_len, key_len, + &key_id); + if (status != PSA_SUCCESS) { + ret = mbedtls_psa_err_translate_pk(status); goto cleanup; } /* We don't need the exported key anymore and can * reuse its buffer for signature extraction. */ - if( 2 * signature_part_size > sizeof( buf ) ) - { + if (2 * signature_part_size > sizeof(buf)) { ret = MBEDTLS_ERR_PK_BAD_INPUT_DATA; goto cleanup; } - p = (unsigned char*) sig; - if( ( ret = extract_ecdsa_sig( &p, sig + sig_len, buf, - signature_part_size ) ) != 0 ) - { + p = (unsigned char *) sig; + if ((ret = extract_ecdsa_sig(&p, sig + sig_len, buf, + signature_part_size)) != 0) { goto cleanup; } - if( psa_verify_hash( key_id, psa_sig_md, - hash, hash_len, - buf, 2 * signature_part_size ) - != PSA_SUCCESS ) - { - ret = MBEDTLS_ERR_ECP_VERIFY_FAILED; - goto cleanup; + if (psa_verify_hash(key_id, psa_sig_md, + hash, hash_len, + buf, 2 * signature_part_size) + != PSA_SUCCESS) { + ret = MBEDTLS_ERR_ECP_VERIFY_FAILED; + goto cleanup; } - if( p != sig + sig_len ) - { + if (p != sig + sig_len) { ret = MBEDTLS_ERR_PK_SIG_LEN_MISMATCH; goto cleanup; } ret = 0; cleanup: - psa_destroy_key( key_id ); - return( ret ); + psa_destroy_key(key_id); + return ret; } #else /* MBEDTLS_USE_PSA_CRYPTO */ -static int ecdsa_verify_wrap( void *ctx, mbedtls_md_type_t md_alg, - const unsigned char *hash, size_t hash_len, - const unsigned char *sig, size_t sig_len ) +static int ecdsa_verify_wrap(void *ctx, mbedtls_md_type_t md_alg, + const unsigned char *hash, size_t hash_len, + const unsigned char *sig, size_t sig_len) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ((void) md_alg); - ret = mbedtls_ecdsa_read_signature( (mbedtls_ecdsa_context *) ctx, - hash, hash_len, sig, sig_len ); + ret = mbedtls_ecdsa_read_signature((mbedtls_ecdsa_context *) ctx, + hash, hash_len, sig, sig_len); - if( ret == MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH ) - return( MBEDTLS_ERR_PK_SIG_LEN_MISMATCH ); + if (ret == MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH) { + return MBEDTLS_ERR_PK_SIG_LEN_MISMATCH; + } - return( ret ); + return ret; } #endif /* MBEDTLS_USE_PSA_CRYPTO */ -static int ecdsa_sign_wrap( void *ctx, mbedtls_md_type_t md_alg, - const unsigned char *hash, size_t hash_len, - unsigned char *sig, size_t *sig_len, - int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) +static int ecdsa_sign_wrap(void *ctx, mbedtls_md_type_t md_alg, + const unsigned char *hash, size_t hash_len, + unsigned char *sig, size_t *sig_len, + int (*f_rng)(void *, unsigned char *, size_t), void *p_rng) { - return( mbedtls_ecdsa_write_signature( (mbedtls_ecdsa_context *) ctx, - md_alg, hash, hash_len, sig, sig_len, f_rng, p_rng ) ); + return mbedtls_ecdsa_write_signature((mbedtls_ecdsa_context *) ctx, + md_alg, hash, hash_len, sig, sig_len, f_rng, p_rng); } #if defined(MBEDTLS_ECP_RESTARTABLE) -static int ecdsa_verify_rs_wrap( void *ctx, mbedtls_md_type_t md_alg, - const unsigned char *hash, size_t hash_len, - const unsigned char *sig, size_t sig_len, - void *rs_ctx ) +static int ecdsa_verify_rs_wrap(void *ctx, mbedtls_md_type_t md_alg, + const unsigned char *hash, size_t hash_len, + const unsigned char *sig, size_t sig_len, + void *rs_ctx) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ((void) md_alg); ret = mbedtls_ecdsa_read_signature_restartable( - (mbedtls_ecdsa_context *) ctx, - hash, hash_len, sig, sig_len, - (mbedtls_ecdsa_restart_ctx *) rs_ctx ); + (mbedtls_ecdsa_context *) ctx, + hash, hash_len, sig, sig_len, + (mbedtls_ecdsa_restart_ctx *) rs_ctx); - if( ret == MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH ) - return( MBEDTLS_ERR_PK_SIG_LEN_MISMATCH ); + if (ret == MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH) { + return MBEDTLS_ERR_PK_SIG_LEN_MISMATCH; + } - return( ret ); + return ret; } -static int ecdsa_sign_rs_wrap( void *ctx, mbedtls_md_type_t md_alg, - const unsigned char *hash, size_t hash_len, - unsigned char *sig, size_t *sig_len, - int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, - void *rs_ctx ) +static int ecdsa_sign_rs_wrap(void *ctx, mbedtls_md_type_t md_alg, + const unsigned char *hash, size_t hash_len, + unsigned char *sig, size_t *sig_len, + int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, + void *rs_ctx) { - return( mbedtls_ecdsa_write_signature_restartable( - (mbedtls_ecdsa_context *) ctx, - md_alg, hash, hash_len, sig, sig_len, f_rng, p_rng, - (mbedtls_ecdsa_restart_ctx *) rs_ctx ) ); + return mbedtls_ecdsa_write_signature_restartable( + (mbedtls_ecdsa_context *) ctx, + md_alg, hash, hash_len, sig, sig_len, f_rng, p_rng, + (mbedtls_ecdsa_restart_ctx *) rs_ctx); } #endif /* MBEDTLS_ECP_RESTARTABLE */ -static void *ecdsa_alloc_wrap( void ) +static void *ecdsa_alloc_wrap(void) { - void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_ecdsa_context ) ); + void *ctx = mbedtls_calloc(1, sizeof(mbedtls_ecdsa_context)); - if( ctx != NULL ) - mbedtls_ecdsa_init( (mbedtls_ecdsa_context *) ctx ); + if (ctx != NULL) { + mbedtls_ecdsa_init((mbedtls_ecdsa_context *) ctx); + } - return( ctx ); + return ctx; } -static void ecdsa_free_wrap( void *ctx ) +static void ecdsa_free_wrap(void *ctx) { - mbedtls_ecdsa_free( (mbedtls_ecdsa_context *) ctx ); - mbedtls_free( ctx ); + mbedtls_ecdsa_free((mbedtls_ecdsa_context *) ctx); + mbedtls_free(ctx); } #if defined(MBEDTLS_ECP_RESTARTABLE) -static void *ecdsa_rs_alloc( void ) +static void *ecdsa_rs_alloc(void) { - void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_ecdsa_restart_ctx ) ); + void *ctx = mbedtls_calloc(1, sizeof(mbedtls_ecdsa_restart_ctx)); - if( ctx != NULL ) - mbedtls_ecdsa_restart_init( ctx ); + if (ctx != NULL) { + mbedtls_ecdsa_restart_init(ctx); + } - return( ctx ); + return ctx; } -static void ecdsa_rs_free( void *ctx ) +static void ecdsa_rs_free(void *ctx) { - mbedtls_ecdsa_restart_free( ctx ); - mbedtls_free( ctx ); + mbedtls_ecdsa_restart_free(ctx); + mbedtls_free(ctx); } #endif /* MBEDTLS_ECP_RESTARTABLE */ @@ -736,99 +753,102 @@ const mbedtls_pk_info_t mbedtls_ecdsa_info = { * Support for alternative RSA-private implementations */ -static int rsa_alt_can_do( mbedtls_pk_type_t type ) +static int rsa_alt_can_do(mbedtls_pk_type_t type) { - return( type == MBEDTLS_PK_RSA ); + return type == MBEDTLS_PK_RSA; } -static size_t rsa_alt_get_bitlen( const void *ctx ) +static size_t rsa_alt_get_bitlen(const void *ctx) { const mbedtls_rsa_alt_context *rsa_alt = (const mbedtls_rsa_alt_context *) ctx; - return( 8 * rsa_alt->key_len_func( rsa_alt->key ) ); + return 8 * rsa_alt->key_len_func(rsa_alt->key); } -static int rsa_alt_sign_wrap( void *ctx, mbedtls_md_type_t md_alg, - const unsigned char *hash, size_t hash_len, - unsigned char *sig, size_t *sig_len, - int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) +static int rsa_alt_sign_wrap(void *ctx, mbedtls_md_type_t md_alg, + const unsigned char *hash, size_t hash_len, + unsigned char *sig, size_t *sig_len, + int (*f_rng)(void *, unsigned char *, size_t), void *p_rng) { mbedtls_rsa_alt_context *rsa_alt = (mbedtls_rsa_alt_context *) ctx; #if SIZE_MAX > UINT_MAX - if( UINT_MAX < hash_len ) - return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); + if (UINT_MAX < hash_len) { + return MBEDTLS_ERR_PK_BAD_INPUT_DATA; + } #endif /* SIZE_MAX > UINT_MAX */ - *sig_len = rsa_alt->key_len_func( rsa_alt->key ); - if( *sig_len > MBEDTLS_PK_SIGNATURE_MAX_SIZE ) - return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); + *sig_len = rsa_alt->key_len_func(rsa_alt->key); + if (*sig_len > MBEDTLS_PK_SIGNATURE_MAX_SIZE) { + return MBEDTLS_ERR_PK_BAD_INPUT_DATA; + } - return( rsa_alt->sign_func( rsa_alt->key, f_rng, p_rng, MBEDTLS_RSA_PRIVATE, - md_alg, (unsigned int) hash_len, hash, sig ) ); + return rsa_alt->sign_func(rsa_alt->key, f_rng, p_rng, MBEDTLS_RSA_PRIVATE, + md_alg, (unsigned int) hash_len, hash, sig); } -static int rsa_alt_decrypt_wrap( void *ctx, - const unsigned char *input, size_t ilen, - unsigned char *output, size_t *olen, size_t osize, - int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) +static int rsa_alt_decrypt_wrap(void *ctx, + const unsigned char *input, size_t ilen, + unsigned char *output, size_t *olen, size_t osize, + int (*f_rng)(void *, unsigned char *, size_t), void *p_rng) { mbedtls_rsa_alt_context *rsa_alt = (mbedtls_rsa_alt_context *) ctx; ((void) f_rng); ((void) p_rng); - if( ilen != rsa_alt->key_len_func( rsa_alt->key ) ) - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + if (ilen != rsa_alt->key_len_func(rsa_alt->key)) { + return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; + } - return( rsa_alt->decrypt_func( rsa_alt->key, - MBEDTLS_RSA_PRIVATE, olen, input, output, osize ) ); + return rsa_alt->decrypt_func(rsa_alt->key, + MBEDTLS_RSA_PRIVATE, olen, input, output, osize); } #if defined(MBEDTLS_RSA_C) -static int rsa_alt_check_pair( const void *pub, const void *prv ) +static int rsa_alt_check_pair(const void *pub, const void *prv) { unsigned char sig[MBEDTLS_MPI_MAX_SIZE]; unsigned char hash[32]; size_t sig_len = 0; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - if( rsa_alt_get_bitlen( prv ) != rsa_get_bitlen( pub ) ) - return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED ); + if (rsa_alt_get_bitlen(prv) != rsa_get_bitlen(pub)) { + return MBEDTLS_ERR_RSA_KEY_CHECK_FAILED; + } - memset( hash, 0x2a, sizeof( hash ) ); + memset(hash, 0x2a, sizeof(hash)); - if( ( ret = rsa_alt_sign_wrap( (void *) prv, MBEDTLS_MD_NONE, - hash, sizeof( hash ), - sig, &sig_len, NULL, NULL ) ) != 0 ) - { - return( ret ); + if ((ret = rsa_alt_sign_wrap((void *) prv, MBEDTLS_MD_NONE, + hash, sizeof(hash), + sig, &sig_len, NULL, NULL)) != 0) { + return ret; } - if( rsa_verify_wrap( (void *) pub, MBEDTLS_MD_NONE, - hash, sizeof( hash ), sig, sig_len ) != 0 ) - { - return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED ); + if (rsa_verify_wrap((void *) pub, MBEDTLS_MD_NONE, + hash, sizeof(hash), sig, sig_len) != 0) { + return MBEDTLS_ERR_RSA_KEY_CHECK_FAILED; } - return( 0 ); + return 0; } #endif /* MBEDTLS_RSA_C */ -static void *rsa_alt_alloc_wrap( void ) +static void *rsa_alt_alloc_wrap(void) { - void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_rsa_alt_context ) ); + void *ctx = mbedtls_calloc(1, sizeof(mbedtls_rsa_alt_context)); - if( ctx != NULL ) - memset( ctx, 0, sizeof( mbedtls_rsa_alt_context ) ); + if (ctx != NULL) { + memset(ctx, 0, sizeof(mbedtls_rsa_alt_context)); + } - return( ctx ); + return ctx; } -static void rsa_alt_free_wrap( void *ctx ) +static void rsa_alt_free_wrap(void *ctx) { - mbedtls_platform_zeroize( ctx, sizeof( mbedtls_rsa_alt_context ) ); - mbedtls_free( ctx ); + mbedtls_platform_zeroize(ctx, sizeof(mbedtls_rsa_alt_context)); + mbedtls_free(ctx); } const mbedtls_pk_info_t mbedtls_rsa_alt_info = { @@ -862,42 +882,43 @@ const mbedtls_pk_info_t mbedtls_rsa_alt_info = { #if defined(MBEDTLS_USE_PSA_CRYPTO) -static void *pk_opaque_alloc_wrap( void ) +static void *pk_opaque_alloc_wrap(void) { - void *ctx = mbedtls_calloc( 1, sizeof( psa_key_id_t ) ); + void *ctx = mbedtls_calloc(1, sizeof(psa_key_id_t)); /* no _init() function to call, as calloc() already zeroized */ - return( ctx ); + return ctx; } -static void pk_opaque_free_wrap( void *ctx ) +static void pk_opaque_free_wrap(void *ctx) { - mbedtls_platform_zeroize( ctx, sizeof( psa_key_id_t ) ); - mbedtls_free( ctx ); + mbedtls_platform_zeroize(ctx, sizeof(psa_key_id_t)); + mbedtls_free(ctx); } -static size_t pk_opaque_get_bitlen( const void *ctx ) +static size_t pk_opaque_get_bitlen(const void *ctx) { const psa_key_id_t *key = (const psa_key_id_t *) ctx; size_t bits; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - if( PSA_SUCCESS != psa_get_key_attributes( *key, &attributes ) ) - return( 0 ); + if (PSA_SUCCESS != psa_get_key_attributes(*key, &attributes)) { + return 0; + } - bits = psa_get_key_bits( &attributes ); - psa_reset_key_attributes( &attributes ); - return( bits ); + bits = psa_get_key_bits(&attributes); + psa_reset_key_attributes(&attributes); + return bits; } -static int pk_opaque_can_do( mbedtls_pk_type_t type ) +static int pk_opaque_can_do(mbedtls_pk_type_t type) { /* For now opaque PSA keys can only wrap ECC keypairs, * as checked by setup_psa(). * Also, ECKEY_DH does not really make sense with the current API. */ - return( type == MBEDTLS_PK_ECKEY || - type == MBEDTLS_PK_ECDSA ); + return type == MBEDTLS_PK_ECKEY || + type == MBEDTLS_PK_ECDSA; } #if defined(MBEDTLS_ECDSA_C) @@ -911,48 +932,49 @@ static int pk_opaque_can_do( mbedtls_pk_type_t type ) * start: start of the output buffer, and also of the mpi to write at the end * n_len: length of the mpi to read from start */ -static int asn1_write_mpibuf( unsigned char **p, unsigned char *start, - size_t n_len ) +static int asn1_write_mpibuf(unsigned char **p, unsigned char *start, + size_t n_len) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len = 0; - if( (size_t)( *p - start ) < n_len ) - return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL ); + if ((size_t) (*p - start) < n_len) { + return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL; + } len = n_len; *p -= len; - memmove( *p, start, len ); + memmove(*p, start, len); /* ASN.1 DER encoding requires minimal length, so skip leading 0s. * Neither r nor s should be 0, but as a failsafe measure, still detect * that rather than overflowing the buffer in case of a PSA error. */ - while( len > 0 && **p == 0x00 ) - { + while (len > 0 && **p == 0x00) { ++(*p); --len; } /* this is only reached if the signature was invalid */ - if( len == 0 ) - return( MBEDTLS_ERR_PK_HW_ACCEL_FAILED ); + if (len == 0) { + return MBEDTLS_ERR_PK_HW_ACCEL_FAILED; + } /* if the msb is 1, ASN.1 requires that we prepend a 0. * Neither r nor s can be 0, so we can assume len > 0 at all times. */ - if( **p & 0x80 ) - { - if( *p - start < 1 ) - return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL ); + if (**p & 0x80) { + if (*p - start < 1) { + return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL; + } *--(*p) = 0x00; len += 1; } - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) ); - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start, - MBEDTLS_ASN1_INTEGER ) ); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, len)); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start, + MBEDTLS_ASN1_INTEGER)); - return( (int) len ); + return (int) len; } /* Transcode signature from PSA format to ASN.1 sequence. @@ -963,33 +985,34 @@ static int asn1_write_mpibuf( unsigned char **p, unsigned char *start, * [in/out] sig_len: signature length pre- and post-transcoding * [int] buf_len: the available size the in/out buffer */ -static int pk_ecdsa_sig_asn1_from_psa( unsigned char *sig, size_t *sig_len, - size_t buf_len ) +static int pk_ecdsa_sig_asn1_from_psa(unsigned char *sig, size_t *sig_len, + size_t buf_len) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len = 0; const size_t rs_len = *sig_len / 2; unsigned char *p = sig + buf_len; - MBEDTLS_ASN1_CHK_ADD( len, asn1_write_mpibuf( &p, sig + rs_len, rs_len ) ); - MBEDTLS_ASN1_CHK_ADD( len, asn1_write_mpibuf( &p, sig, rs_len ) ); + MBEDTLS_ASN1_CHK_ADD(len, asn1_write_mpibuf(&p, sig + rs_len, rs_len)); + MBEDTLS_ASN1_CHK_ADD(len, asn1_write_mpibuf(&p, sig, rs_len)); - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &p, sig, len ) ); - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &p, sig, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&p, sig, len)); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(&p, sig, + MBEDTLS_ASN1_CONSTRUCTED | + MBEDTLS_ASN1_SEQUENCE)); - memmove( sig, p, len ); + memmove(sig, p, len); *sig_len = len; - return( 0 ); + return 0; } #endif /* MBEDTLS_ECDSA_C */ -static int pk_opaque_sign_wrap( void *ctx, mbedtls_md_type_t md_alg, - const unsigned char *hash, size_t hash_len, - unsigned char *sig, size_t *sig_len, - int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) +static int pk_opaque_sign_wrap(void *ctx, mbedtls_md_type_t md_alg, + const unsigned char *hash, size_t hash_len, + unsigned char *sig, size_t *sig_len, + int (*f_rng)(void *, unsigned char *, size_t), void *p_rng) { #if !defined(MBEDTLS_ECDSA_C) ((void) ctx); @@ -1000,11 +1023,11 @@ static int pk_opaque_sign_wrap( void *ctx, mbedtls_md_type_t md_alg, ((void) sig_len); ((void) f_rng); ((void) p_rng); - return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE ); + return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE; #else /* !MBEDTLS_ECDSA_C */ const psa_key_id_t *key = (const psa_key_id_t *) ctx; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - psa_algorithm_t alg = PSA_ALG_ECDSA( mbedtls_psa_translate_md( md_alg ) ); + psa_algorithm_t alg = PSA_ALG_ECDSA(mbedtls_psa_translate_md(md_alg)); size_t buf_len; psa_status_t status; @@ -1016,22 +1039,25 @@ static int pk_opaque_sign_wrap( void *ctx, mbedtls_md_type_t md_alg, * that information. Assume that the buffer is large enough for a * maximal-length signature with that key (otherwise the application is * buggy anyway). */ - status = psa_get_key_attributes( *key, &attributes ); - if( status != PSA_SUCCESS ) - return( mbedtls_psa_err_translate_pk( status ) ); - buf_len = MBEDTLS_ECDSA_MAX_SIG_LEN( psa_get_key_bits( &attributes ) ); - psa_reset_key_attributes( &attributes ); - if( buf_len > MBEDTLS_PK_SIGNATURE_MAX_SIZE ) - return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); + status = psa_get_key_attributes(*key, &attributes); + if (status != PSA_SUCCESS) { + return mbedtls_psa_err_translate_pk(status); + } + buf_len = MBEDTLS_ECDSA_MAX_SIG_LEN(psa_get_key_bits(&attributes)); + psa_reset_key_attributes(&attributes); + if (buf_len > MBEDTLS_PK_SIGNATURE_MAX_SIZE) { + return MBEDTLS_ERR_PK_BAD_INPUT_DATA; + } /* make the signature */ - status = psa_sign_hash( *key, alg, hash, hash_len, - sig, buf_len, sig_len ); - if( status != PSA_SUCCESS ) - return( mbedtls_psa_err_translate_pk( status ) ); + status = psa_sign_hash(*key, alg, hash, hash_len, + sig, buf_len, sig_len); + if (status != PSA_SUCCESS) { + return mbedtls_psa_err_translate_pk(status); + } /* transcode it to ASN.1 sequence */ - return( pk_ecdsa_sig_asn1_from_psa( sig, sig_len, buf_len ) ); + return pk_ecdsa_sig_asn1_from_psa(sig, sig_len, buf_len); #endif /* !MBEDTLS_ECDSA_C */ } diff --git a/thirdparty/mbedtls/library/pkcs11.c b/thirdparty/mbedtls/library/pkcs11.c index a7207cfc93..8ba40caf91 100644 --- a/thirdparty/mbedtls/library/pkcs11.c +++ b/thirdparty/mbedtls/library/pkcs11.c @@ -33,46 +33,41 @@ #include -void mbedtls_pkcs11_init( mbedtls_pkcs11_context *ctx ) +void mbedtls_pkcs11_init(mbedtls_pkcs11_context *ctx) { - memset( ctx, 0, sizeof( mbedtls_pkcs11_context ) ); + memset(ctx, 0, sizeof(mbedtls_pkcs11_context)); } -int mbedtls_pkcs11_x509_cert_bind( mbedtls_x509_crt *cert, pkcs11h_certificate_t pkcs11_cert ) +int mbedtls_pkcs11_x509_cert_bind(mbedtls_x509_crt *cert, pkcs11h_certificate_t pkcs11_cert) { int ret = 1; unsigned char *cert_blob = NULL; size_t cert_blob_size = 0; - if( cert == NULL ) - { + if (cert == NULL) { ret = 2; goto cleanup; } - if( pkcs11h_certificate_getCertificateBlob( pkcs11_cert, NULL, - &cert_blob_size ) != CKR_OK ) - { + if (pkcs11h_certificate_getCertificateBlob(pkcs11_cert, NULL, + &cert_blob_size) != CKR_OK) { ret = 3; goto cleanup; } - cert_blob = mbedtls_calloc( 1, cert_blob_size ); - if( NULL == cert_blob ) - { + cert_blob = mbedtls_calloc(1, cert_blob_size); + if (NULL == cert_blob) { ret = 4; goto cleanup; } - if( pkcs11h_certificate_getCertificateBlob( pkcs11_cert, cert_blob, - &cert_blob_size ) != CKR_OK ) - { + if (pkcs11h_certificate_getCertificateBlob(pkcs11_cert, cert_blob, + &cert_blob_size) != CKR_OK) { ret = 5; goto cleanup; } - if( 0 != mbedtls_x509_crt_parse( cert, cert_blob, cert_blob_size ) ) - { + if (0 != mbedtls_x509_crt_parse(cert, cert_blob, cert_blob_size)) { ret = 6; goto cleanup; } @@ -80,121 +75,128 @@ int mbedtls_pkcs11_x509_cert_bind( mbedtls_x509_crt *cert, pkcs11h_certificate_t ret = 0; cleanup: - if( NULL != cert_blob ) - mbedtls_free( cert_blob ); + if (NULL != cert_blob) { + mbedtls_free(cert_blob); + } - return( ret ); + return ret; } -int mbedtls_pkcs11_priv_key_bind( mbedtls_pkcs11_context *priv_key, - pkcs11h_certificate_t pkcs11_cert ) +int mbedtls_pkcs11_priv_key_bind(mbedtls_pkcs11_context *priv_key, + pkcs11h_certificate_t pkcs11_cert) { int ret = 1; mbedtls_x509_crt cert; - mbedtls_x509_crt_init( &cert ); + mbedtls_x509_crt_init(&cert); - if( priv_key == NULL ) + if (priv_key == NULL) { goto cleanup; + } - if( 0 != mbedtls_pkcs11_x509_cert_bind( &cert, pkcs11_cert ) ) + if (0 != mbedtls_pkcs11_x509_cert_bind(&cert, pkcs11_cert)) { goto cleanup; + } - priv_key->len = mbedtls_pk_get_len( &cert.pk ); + priv_key->len = mbedtls_pk_get_len(&cert.pk); priv_key->pkcs11h_cert = pkcs11_cert; ret = 0; cleanup: - mbedtls_x509_crt_free( &cert ); + mbedtls_x509_crt_free(&cert); - return( ret ); + return ret; } -void mbedtls_pkcs11_priv_key_free( mbedtls_pkcs11_context *priv_key ) +void mbedtls_pkcs11_priv_key_free(mbedtls_pkcs11_context *priv_key) { - if( NULL != priv_key ) - pkcs11h_certificate_freeCertificate( priv_key->pkcs11h_cert ); + if (NULL != priv_key) { + pkcs11h_certificate_freeCertificate(priv_key->pkcs11h_cert); + } } -int mbedtls_pkcs11_decrypt( mbedtls_pkcs11_context *ctx, - int mode, size_t *olen, - const unsigned char *input, - unsigned char *output, - size_t output_max_len ) +int mbedtls_pkcs11_decrypt(mbedtls_pkcs11_context *ctx, + int mode, size_t *olen, + const unsigned char *input, + unsigned char *output, + size_t output_max_len) { size_t input_len, output_len; - if( NULL == ctx ) - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + if (NULL == ctx) { + return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; + } - if( MBEDTLS_RSA_PRIVATE != mode ) - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + if (MBEDTLS_RSA_PRIVATE != mode) { + return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; + } output_len = input_len = ctx->len; - if( input_len < 16 || input_len > output_max_len ) - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + if (input_len < 16 || input_len > output_max_len) { + return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; + } /* Determine size of output buffer */ - if( pkcs11h_certificate_decryptAny( ctx->pkcs11h_cert, CKM_RSA_PKCS, input, - input_len, NULL, &output_len ) != CKR_OK ) - { - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + if (pkcs11h_certificate_decryptAny(ctx->pkcs11h_cert, CKM_RSA_PKCS, input, + input_len, NULL, &output_len) != CKR_OK) { + return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; } - if( output_len > output_max_len ) - return( MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE ); + if (output_len > output_max_len) { + return MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE; + } - if( pkcs11h_certificate_decryptAny( ctx->pkcs11h_cert, CKM_RSA_PKCS, input, - input_len, output, &output_len ) != CKR_OK ) - { - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + if (pkcs11h_certificate_decryptAny(ctx->pkcs11h_cert, CKM_RSA_PKCS, input, + input_len, output, &output_len) != CKR_OK) { + return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; } *olen = output_len; - return( 0 ); + return 0; } -int mbedtls_pkcs11_sign( mbedtls_pkcs11_context *ctx, - int mode, - mbedtls_md_type_t md_alg, - unsigned int hashlen, - const unsigned char *hash, - unsigned char *sig ) +int mbedtls_pkcs11_sign(mbedtls_pkcs11_context *ctx, + int mode, + mbedtls_md_type_t md_alg, + unsigned int hashlen, + const unsigned char *hash, + unsigned char *sig) { size_t sig_len = 0, asn_len = 0, oid_size = 0; unsigned char *p = sig; const char *oid; - if( NULL == ctx ) - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + if (NULL == ctx) { + return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; + } - if( MBEDTLS_RSA_PRIVATE != mode ) - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + if (MBEDTLS_RSA_PRIVATE != mode) { + return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; + } - if( md_alg != MBEDTLS_MD_NONE ) - { - const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type( md_alg ); - if( md_info == NULL ) - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + if (md_alg != MBEDTLS_MD_NONE) { + const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type(md_alg); + if (md_info == NULL) { + return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; + } - if( mbedtls_oid_get_oid_by_md( md_alg, &oid, &oid_size ) != 0 ) - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + if (mbedtls_oid_get_oid_by_md(md_alg, &oid, &oid_size) != 0) { + return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; + } - hashlen = mbedtls_md_get_size( md_info ); + hashlen = mbedtls_md_get_size(md_info); asn_len = 10 + oid_size; } sig_len = ctx->len; - if( hashlen > sig_len || asn_len > sig_len || - hashlen + asn_len > sig_len ) - { - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + if (hashlen > sig_len || asn_len > sig_len || + hashlen + asn_len > sig_len) { + return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; } - if( md_alg != MBEDTLS_MD_NONE ) - { + if (md_alg != MBEDTLS_MD_NONE) { /* * DigestInfo ::= SEQUENCE { * digestAlgorithm DigestAlgorithmIdentifier, @@ -205,12 +207,12 @@ int mbedtls_pkcs11_sign( mbedtls_pkcs11_context *ctx, * Digest ::= OCTET STRING */ *p++ = MBEDTLS_ASN1_SEQUENCE | MBEDTLS_ASN1_CONSTRUCTED; - *p++ = (unsigned char) ( 0x08 + oid_size + hashlen ); + *p++ = (unsigned char) (0x08 + oid_size + hashlen); *p++ = MBEDTLS_ASN1_SEQUENCE | MBEDTLS_ASN1_CONSTRUCTED; - *p++ = (unsigned char) ( 0x04 + oid_size ); + *p++ = (unsigned char) (0x04 + oid_size); *p++ = MBEDTLS_ASN1_OID; *p++ = oid_size & 0xFF; - memcpy( p, oid, oid_size ); + memcpy(p, oid, oid_size); p += oid_size; *p++ = MBEDTLS_ASN1_NULL; *p++ = 0x00; @@ -218,15 +220,14 @@ int mbedtls_pkcs11_sign( mbedtls_pkcs11_context *ctx, *p++ = hashlen; } - memcpy( p, hash, hashlen ); + memcpy(p, hash, hashlen); - if( pkcs11h_certificate_signAny( ctx->pkcs11h_cert, CKM_RSA_PKCS, sig, - asn_len + hashlen, sig, &sig_len ) != CKR_OK ) - { - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + if (pkcs11h_certificate_signAny(ctx->pkcs11h_cert, CKM_RSA_PKCS, sig, + asn_len + hashlen, sig, &sig_len) != CKR_OK) { + return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; } - return( 0 ); + return 0; } #endif /* defined(MBEDTLS_PKCS11_C) */ diff --git a/thirdparty/mbedtls/library/pkcs12.c b/thirdparty/mbedtls/library/pkcs12.c index cacf7dba22..039026b23f 100644 --- a/thirdparty/mbedtls/library/pkcs12.c +++ b/thirdparty/mbedtls/library/pkcs12.c @@ -45,8 +45,8 @@ #if defined(MBEDTLS_ASN1_PARSE_C) -static int pkcs12_parse_pbe_params( mbedtls_asn1_buf *params, - mbedtls_asn1_buf *salt, int *iterations ) +static int pkcs12_parse_pbe_params(mbedtls_asn1_buf *params, + mbedtls_asn1_buf *salt, int *iterations) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char **p = ¶ms->p; @@ -59,76 +59,82 @@ static int pkcs12_parse_pbe_params( mbedtls_asn1_buf *params, * } * */ - if( params->tag != ( MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PKCS12_PBE_INVALID_FORMAT, - MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) ); + if (params->tag != (MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PKCS12_PBE_INVALID_FORMAT, + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG); + } - if( ( ret = mbedtls_asn1_get_tag( p, end, &salt->len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 ) - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PKCS12_PBE_INVALID_FORMAT, ret ) ); + if ((ret = mbedtls_asn1_get_tag(p, end, &salt->len, MBEDTLS_ASN1_OCTET_STRING)) != 0) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PKCS12_PBE_INVALID_FORMAT, ret); + } salt->p = *p; *p += salt->len; - if( ( ret = mbedtls_asn1_get_int( p, end, iterations ) ) != 0 ) - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PKCS12_PBE_INVALID_FORMAT, ret ) ); + if ((ret = mbedtls_asn1_get_int(p, end, iterations)) != 0) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PKCS12_PBE_INVALID_FORMAT, ret); + } - if( *p != end ) - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PKCS12_PBE_INVALID_FORMAT, - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) ); + if (*p != end) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PKCS12_PBE_INVALID_FORMAT, + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); + } - return( 0 ); + return 0; } #define PKCS12_MAX_PWDLEN 128 -static int pkcs12_pbe_derive_key_iv( mbedtls_asn1_buf *pbe_params, mbedtls_md_type_t md_type, - const unsigned char *pwd, size_t pwdlen, - unsigned char *key, size_t keylen, - unsigned char *iv, size_t ivlen ) +static int pkcs12_pbe_derive_key_iv(mbedtls_asn1_buf *pbe_params, mbedtls_md_type_t md_type, + const unsigned char *pwd, size_t pwdlen, + unsigned char *key, size_t keylen, + unsigned char *iv, size_t ivlen) { int ret, iterations = 0; mbedtls_asn1_buf salt; size_t i; unsigned char unipwd[PKCS12_MAX_PWDLEN * 2 + 2]; - if( pwdlen > PKCS12_MAX_PWDLEN ) - return( MBEDTLS_ERR_PKCS12_BAD_INPUT_DATA ); + if (pwdlen > PKCS12_MAX_PWDLEN) { + return MBEDTLS_ERR_PKCS12_BAD_INPUT_DATA; + } - memset( &salt, 0, sizeof(mbedtls_asn1_buf) ); - memset( &unipwd, 0, sizeof(unipwd) ); + memset(&salt, 0, sizeof(mbedtls_asn1_buf)); + memset(&unipwd, 0, sizeof(unipwd)); - if( ( ret = pkcs12_parse_pbe_params( pbe_params, &salt, - &iterations ) ) != 0 ) - return( ret ); + if ((ret = pkcs12_parse_pbe_params(pbe_params, &salt, + &iterations)) != 0) { + return ret; + } - for( i = 0; i < pwdlen; i++ ) + for (i = 0; i < pwdlen; i++) { unipwd[i * 2 + 1] = pwd[i]; + } - if( ( ret = mbedtls_pkcs12_derivation( key, keylen, unipwd, pwdlen * 2 + 2, - salt.p, salt.len, md_type, - MBEDTLS_PKCS12_DERIVE_KEY, iterations ) ) != 0 ) - { - return( ret ); + if ((ret = mbedtls_pkcs12_derivation(key, keylen, unipwd, pwdlen * 2 + 2, + salt.p, salt.len, md_type, + MBEDTLS_PKCS12_DERIVE_KEY, iterations)) != 0) { + return ret; } - if( iv == NULL || ivlen == 0 ) - return( 0 ); + if (iv == NULL || ivlen == 0) { + return 0; + } - if( ( ret = mbedtls_pkcs12_derivation( iv, ivlen, unipwd, pwdlen * 2 + 2, - salt.p, salt.len, md_type, - MBEDTLS_PKCS12_DERIVE_IV, iterations ) ) != 0 ) - { - return( ret ); + if ((ret = mbedtls_pkcs12_derivation(iv, ivlen, unipwd, pwdlen * 2 + 2, + salt.p, salt.len, md_type, + MBEDTLS_PKCS12_DERIVE_IV, iterations)) != 0) { + return ret; } - return( 0 ); + return 0; } #undef PKCS12_MAX_PWDLEN -int mbedtls_pkcs12_pbe_sha1_rc4_128( mbedtls_asn1_buf *pbe_params, int mode, - const unsigned char *pwd, size_t pwdlen, - const unsigned char *data, size_t len, - unsigned char *output ) +int mbedtls_pkcs12_pbe_sha1_rc4_128(mbedtls_asn1_buf *pbe_params, int mode, + const unsigned char *pwd, size_t pwdlen, + const unsigned char *data, size_t len, + unsigned char *output) { #if !defined(MBEDTLS_ARC4_C) ((void) pbe_params); @@ -138,39 +144,39 @@ int mbedtls_pkcs12_pbe_sha1_rc4_128( mbedtls_asn1_buf *pbe_params, int mode, ((void) data); ((void) len); ((void) output); - return( MBEDTLS_ERR_PKCS12_FEATURE_UNAVAILABLE ); + return MBEDTLS_ERR_PKCS12_FEATURE_UNAVAILABLE; #else int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char key[16]; mbedtls_arc4_context ctx; ((void) mode); - mbedtls_arc4_init( &ctx ); + mbedtls_arc4_init(&ctx); - if( ( ret = pkcs12_pbe_derive_key_iv( pbe_params, MBEDTLS_MD_SHA1, - pwd, pwdlen, - key, 16, NULL, 0 ) ) != 0 ) - { - return( ret ); + if ((ret = pkcs12_pbe_derive_key_iv(pbe_params, MBEDTLS_MD_SHA1, + pwd, pwdlen, + key, 16, NULL, 0)) != 0) { + return ret; } - mbedtls_arc4_setup( &ctx, key, 16 ); - if( ( ret = mbedtls_arc4_crypt( &ctx, len, data, output ) ) != 0 ) + mbedtls_arc4_setup(&ctx, key, 16); + if ((ret = mbedtls_arc4_crypt(&ctx, len, data, output)) != 0) { goto exit; + } exit: - mbedtls_platform_zeroize( key, sizeof( key ) ); - mbedtls_arc4_free( &ctx ); + mbedtls_platform_zeroize(key, sizeof(key)); + mbedtls_arc4_free(&ctx); - return( ret ); + return ret; #endif /* MBEDTLS_ARC4_C */ } -int mbedtls_pkcs12_pbe( mbedtls_asn1_buf *pbe_params, int mode, - mbedtls_cipher_type_t cipher_type, mbedtls_md_type_t md_type, - const unsigned char *pwd, size_t pwdlen, - const unsigned char *data, size_t len, - unsigned char *output ) +int mbedtls_pkcs12_pbe(mbedtls_asn1_buf *pbe_params, int mode, + mbedtls_cipher_type_t cipher_type, mbedtls_md_type_t md_type, + const unsigned char *pwd, size_t pwdlen, + const unsigned char *data, size_t len, + unsigned char *output) { int ret, keylen = 0; unsigned char key[32]; @@ -179,73 +185,76 @@ int mbedtls_pkcs12_pbe( mbedtls_asn1_buf *pbe_params, int mode, mbedtls_cipher_context_t cipher_ctx; size_t olen = 0; - if( pwd == NULL && pwdlen != 0 ) - return( MBEDTLS_ERR_PKCS12_BAD_INPUT_DATA ); + if (pwd == NULL && pwdlen != 0) { + return MBEDTLS_ERR_PKCS12_BAD_INPUT_DATA; + } - cipher_info = mbedtls_cipher_info_from_type( cipher_type ); - if( cipher_info == NULL ) - return( MBEDTLS_ERR_PKCS12_FEATURE_UNAVAILABLE ); + cipher_info = mbedtls_cipher_info_from_type(cipher_type); + if (cipher_info == NULL) { + return MBEDTLS_ERR_PKCS12_FEATURE_UNAVAILABLE; + } keylen = cipher_info->key_bitlen / 8; - if( ( ret = pkcs12_pbe_derive_key_iv( pbe_params, md_type, pwd, pwdlen, - key, keylen, - iv, cipher_info->iv_size ) ) != 0 ) - { - return( ret ); + if ((ret = pkcs12_pbe_derive_key_iv(pbe_params, md_type, pwd, pwdlen, + key, keylen, + iv, cipher_info->iv_size)) != 0) { + return ret; } - mbedtls_cipher_init( &cipher_ctx ); + mbedtls_cipher_init(&cipher_ctx); - if( ( ret = mbedtls_cipher_setup( &cipher_ctx, cipher_info ) ) != 0 ) + if ((ret = mbedtls_cipher_setup(&cipher_ctx, cipher_info)) != 0) { goto exit; + } - if( ( ret = mbedtls_cipher_setkey( &cipher_ctx, key, 8 * keylen, (mbedtls_operation_t) mode ) ) != 0 ) + if ((ret = + mbedtls_cipher_setkey(&cipher_ctx, key, 8 * keylen, + (mbedtls_operation_t) mode)) != 0) { goto exit; + } - if( ( ret = mbedtls_cipher_set_iv( &cipher_ctx, iv, cipher_info->iv_size ) ) != 0 ) + if ((ret = mbedtls_cipher_set_iv(&cipher_ctx, iv, cipher_info->iv_size)) != 0) { goto exit; + } - if( ( ret = mbedtls_cipher_reset( &cipher_ctx ) ) != 0 ) + if ((ret = mbedtls_cipher_reset(&cipher_ctx)) != 0) { goto exit; + } - if( ( ret = mbedtls_cipher_update( &cipher_ctx, data, len, - output, &olen ) ) != 0 ) - { + if ((ret = mbedtls_cipher_update(&cipher_ctx, data, len, + output, &olen)) != 0) { goto exit; } - if( ( ret = mbedtls_cipher_finish( &cipher_ctx, output + olen, &olen ) ) != 0 ) + if ((ret = mbedtls_cipher_finish(&cipher_ctx, output + olen, &olen)) != 0) { ret = MBEDTLS_ERR_PKCS12_PASSWORD_MISMATCH; + } exit: - mbedtls_platform_zeroize( key, sizeof( key ) ); - mbedtls_platform_zeroize( iv, sizeof( iv ) ); - mbedtls_cipher_free( &cipher_ctx ); + mbedtls_platform_zeroize(key, sizeof(key)); + mbedtls_platform_zeroize(iv, sizeof(iv)); + mbedtls_cipher_free(&cipher_ctx); - return( ret ); + return ret; } #endif /* MBEDTLS_ASN1_PARSE_C */ -static void pkcs12_fill_buffer( unsigned char *data, size_t data_len, - const unsigned char *filler, size_t fill_len ) +static void pkcs12_fill_buffer(unsigned char *data, size_t data_len, + const unsigned char *filler, size_t fill_len) { unsigned char *p = data; size_t use_len; - if( filler != NULL && fill_len != 0 ) - { - while( data_len > 0 ) - { - use_len = ( data_len > fill_len ) ? fill_len : data_len; - memcpy( p, filler, use_len ); + if (filler != NULL && fill_len != 0) { + while (data_len > 0) { + use_len = (data_len > fill_len) ? fill_len : data_len; + memcpy(p, filler, use_len); p += use_len; data_len -= use_len; } - } - else - { + } else { /* If either of the above are not true then clearly there is nothing * that this function can do. The function should *not* be called * under either of those circumstances, as you could end up with an @@ -254,10 +263,10 @@ static void pkcs12_fill_buffer( unsigned char *data, size_t data_len, } } -int mbedtls_pkcs12_derivation( unsigned char *data, size_t datalen, - const unsigned char *pwd, size_t pwdlen, - const unsigned char *salt, size_t saltlen, - mbedtls_md_type_t md_type, int id, int iterations ) +int mbedtls_pkcs12_derivation(unsigned char *data, size_t datalen, + const unsigned char *pwd, size_t pwdlen, + const unsigned char *salt, size_t saltlen, + mbedtls_md_type_t md_type, int id, int iterations) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned int j; @@ -276,114 +285,119 @@ int mbedtls_pkcs12_derivation( unsigned char *data, size_t datalen, mbedtls_md_context_t md_ctx; // This version only allows max of 64 bytes of password or salt - if( datalen > 128 || pwdlen > 64 || saltlen > 64 ) - return( MBEDTLS_ERR_PKCS12_BAD_INPUT_DATA ); + if (datalen > 128 || pwdlen > 64 || saltlen > 64) { + return MBEDTLS_ERR_PKCS12_BAD_INPUT_DATA; + } - if( pwd == NULL && pwdlen != 0 ) - return( MBEDTLS_ERR_PKCS12_BAD_INPUT_DATA ); + if (pwd == NULL && pwdlen != 0) { + return MBEDTLS_ERR_PKCS12_BAD_INPUT_DATA; + } - if( salt == NULL && saltlen != 0 ) - return( MBEDTLS_ERR_PKCS12_BAD_INPUT_DATA ); + if (salt == NULL && saltlen != 0) { + return MBEDTLS_ERR_PKCS12_BAD_INPUT_DATA; + } - use_password = ( pwd && pwdlen != 0 ); - use_salt = ( salt && saltlen != 0 ); + use_password = (pwd && pwdlen != 0); + use_salt = (salt && saltlen != 0); - md_info = mbedtls_md_info_from_type( md_type ); - if( md_info == NULL ) - return( MBEDTLS_ERR_PKCS12_FEATURE_UNAVAILABLE ); + md_info = mbedtls_md_info_from_type(md_type); + if (md_info == NULL) { + return MBEDTLS_ERR_PKCS12_FEATURE_UNAVAILABLE; + } - mbedtls_md_init( &md_ctx ); + mbedtls_md_init(&md_ctx); - if( ( ret = mbedtls_md_setup( &md_ctx, md_info, 0 ) ) != 0 ) - return( ret ); - hlen = mbedtls_md_get_size( md_info ); + if ((ret = mbedtls_md_setup(&md_ctx, md_info, 0)) != 0) { + return ret; + } + hlen = mbedtls_md_get_size(md_info); - if( hlen <= 32 ) + if (hlen <= 32) { v = 64; - else + } else { v = 128; + } - memset( diversifier, (unsigned char) id, v ); + memset(diversifier, (unsigned char) id, v); - if( use_salt != 0 ) - { - pkcs12_fill_buffer( salt_block, v, salt, saltlen ); + if (use_salt != 0) { + pkcs12_fill_buffer(salt_block, v, salt, saltlen); } - if( use_password != 0 ) - { - pkcs12_fill_buffer( pwd_block, v, pwd, pwdlen ); + if (use_password != 0) { + pkcs12_fill_buffer(pwd_block, v, pwd, pwdlen); } p = data; - while( datalen > 0 ) - { + while (datalen > 0) { // Calculate hash( diversifier || salt_block || pwd_block ) - if( ( ret = mbedtls_md_starts( &md_ctx ) ) != 0 ) + if ((ret = mbedtls_md_starts(&md_ctx)) != 0) { goto exit; + } - if( ( ret = mbedtls_md_update( &md_ctx, diversifier, v ) ) != 0 ) + if ((ret = mbedtls_md_update(&md_ctx, diversifier, v)) != 0) { goto exit; + } - if( use_salt != 0 ) - { - if( ( ret = mbedtls_md_update( &md_ctx, salt_block, v )) != 0 ) + if (use_salt != 0) { + if ((ret = mbedtls_md_update(&md_ctx, salt_block, v)) != 0) { goto exit; + } } - if( use_password != 0) - { - if( ( ret = mbedtls_md_update( &md_ctx, pwd_block, v )) != 0 ) + if (use_password != 0) { + if ((ret = mbedtls_md_update(&md_ctx, pwd_block, v)) != 0) { goto exit; + } } - if( ( ret = mbedtls_md_finish( &md_ctx, hash_output ) ) != 0 ) + if ((ret = mbedtls_md_finish(&md_ctx, hash_output)) != 0) { goto exit; + } // Perform remaining ( iterations - 1 ) recursive hash calculations - for( i = 1; i < (size_t) iterations; i++ ) - { - if( ( ret = mbedtls_md( md_info, hash_output, hlen, hash_output ) ) != 0 ) + for (i = 1; i < (size_t) iterations; i++) { + if ((ret = mbedtls_md(md_info, hash_output, hlen, hash_output)) != 0) { goto exit; + } } - use_len = ( datalen > hlen ) ? hlen : datalen; - memcpy( p, hash_output, use_len ); + use_len = (datalen > hlen) ? hlen : datalen; + memcpy(p, hash_output, use_len); datalen -= use_len; p += use_len; - if( datalen == 0 ) + if (datalen == 0) { break; + } // Concatenating copies of hash_output into hash_block (B) - pkcs12_fill_buffer( hash_block, v, hash_output, hlen ); + pkcs12_fill_buffer(hash_block, v, hash_output, hlen); // B += 1 - for( i = v; i > 0; i-- ) - if( ++hash_block[i - 1] != 0 ) + for (i = v; i > 0; i--) { + if (++hash_block[i - 1] != 0) { break; + } + } - if( use_salt != 0 ) - { + if (use_salt != 0) { // salt_block += B c = 0; - for( i = v; i > 0; i-- ) - { + for (i = v; i > 0; i--) { j = salt_block[i - 1] + hash_block[i - 1] + c; - c = MBEDTLS_BYTE_1( j ); - salt_block[i - 1] = MBEDTLS_BYTE_0( j ); + c = MBEDTLS_BYTE_1(j); + salt_block[i - 1] = MBEDTLS_BYTE_0(j); } } - if( use_password != 0 ) - { + if (use_password != 0) { // pwd_block += B c = 0; - for( i = v; i > 0; i-- ) - { + for (i = v; i > 0; i--) { j = pwd_block[i - 1] + hash_block[i - 1] + c; - c = MBEDTLS_BYTE_1( j ); - pwd_block[i - 1] = MBEDTLS_BYTE_0( j ); + c = MBEDTLS_BYTE_1(j); + pwd_block[i - 1] = MBEDTLS_BYTE_0(j); } } } @@ -391,14 +405,14 @@ int mbedtls_pkcs12_derivation( unsigned char *data, size_t datalen, ret = 0; exit: - mbedtls_platform_zeroize( salt_block, sizeof( salt_block ) ); - mbedtls_platform_zeroize( pwd_block, sizeof( pwd_block ) ); - mbedtls_platform_zeroize( hash_block, sizeof( hash_block ) ); - mbedtls_platform_zeroize( hash_output, sizeof( hash_output ) ); + mbedtls_platform_zeroize(salt_block, sizeof(salt_block)); + mbedtls_platform_zeroize(pwd_block, sizeof(pwd_block)); + mbedtls_platform_zeroize(hash_block, sizeof(hash_block)); + mbedtls_platform_zeroize(hash_output, sizeof(hash_output)); - mbedtls_md_free( &md_ctx ); + mbedtls_md_free(&md_ctx); - return( ret ); + return ret; } #endif /* MBEDTLS_PKCS12_C */ diff --git a/thirdparty/mbedtls/library/pkcs5.c b/thirdparty/mbedtls/library/pkcs5.c index f9d01371a7..52f1a0df22 100644 --- a/thirdparty/mbedtls/library/pkcs5.c +++ b/thirdparty/mbedtls/library/pkcs5.c @@ -45,18 +45,19 @@ #include "mbedtls/platform.h" #if defined(MBEDTLS_ASN1_PARSE_C) -static int pkcs5_parse_pbkdf2_params( const mbedtls_asn1_buf *params, - mbedtls_asn1_buf *salt, int *iterations, - int *keylen, mbedtls_md_type_t *md_type ) +static int pkcs5_parse_pbkdf2_params(const mbedtls_asn1_buf *params, + mbedtls_asn1_buf *salt, int *iterations, + int *keylen, mbedtls_md_type_t *md_type) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_asn1_buf prf_alg_oid; unsigned char *p = params->p; const unsigned char *end = params->p + params->len; - if( params->tag != ( MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PKCS5_INVALID_FORMAT, - MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) ); + if (params->tag != (MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PKCS5_INVALID_FORMAT, + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG); + } /* * PBKDF2-params ::= SEQUENCE { * salt OCTET STRING, @@ -66,45 +67,52 @@ static int pkcs5_parse_pbkdf2_params( const mbedtls_asn1_buf *params, * } * */ - if( ( ret = mbedtls_asn1_get_tag( &p, end, &salt->len, - MBEDTLS_ASN1_OCTET_STRING ) ) != 0 ) - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PKCS5_INVALID_FORMAT, ret ) ); + if ((ret = mbedtls_asn1_get_tag(&p, end, &salt->len, + MBEDTLS_ASN1_OCTET_STRING)) != 0) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PKCS5_INVALID_FORMAT, ret); + } salt->p = p; p += salt->len; - if( ( ret = mbedtls_asn1_get_int( &p, end, iterations ) ) != 0 ) - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PKCS5_INVALID_FORMAT, ret ) ); + if ((ret = mbedtls_asn1_get_int(&p, end, iterations)) != 0) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PKCS5_INVALID_FORMAT, ret); + } - if( p == end ) - return( 0 ); + if (p == end) { + return 0; + } - if( ( ret = mbedtls_asn1_get_int( &p, end, keylen ) ) != 0 ) - { - if( ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PKCS5_INVALID_FORMAT, ret ) ); + if ((ret = mbedtls_asn1_get_int(&p, end, keylen)) != 0) { + if (ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PKCS5_INVALID_FORMAT, ret); + } } - if( p == end ) - return( 0 ); + if (p == end) { + return 0; + } - if( ( ret = mbedtls_asn1_get_alg_null( &p, end, &prf_alg_oid ) ) != 0 ) - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PKCS5_INVALID_FORMAT, ret ) ); + if ((ret = mbedtls_asn1_get_alg_null(&p, end, &prf_alg_oid)) != 0) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PKCS5_INVALID_FORMAT, ret); + } - if( mbedtls_oid_get_md_hmac( &prf_alg_oid, md_type ) != 0 ) - return( MBEDTLS_ERR_PKCS5_FEATURE_UNAVAILABLE ); + if (mbedtls_oid_get_md_hmac(&prf_alg_oid, md_type) != 0) { + return MBEDTLS_ERR_PKCS5_FEATURE_UNAVAILABLE; + } - if( p != end ) - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PKCS5_INVALID_FORMAT, - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) ); + if (p != end) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PKCS5_INVALID_FORMAT, + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); + } - return( 0 ); + return 0; } -int mbedtls_pkcs5_pbes2( const mbedtls_asn1_buf *pbe_params, int mode, - const unsigned char *pwd, size_t pwdlen, - const unsigned char *data, size_t datalen, - unsigned char *output ) +int mbedtls_pkcs5_pbes2(const mbedtls_asn1_buf *pbe_params, int mode, + const unsigned char *pwd, size_t pwdlen, + const unsigned char *data, size_t datalen, + unsigned char *output) { int ret, iterations = 0, keylen = 0; unsigned char *p, *end; @@ -128,42 +136,46 @@ int mbedtls_pkcs5_pbes2( const mbedtls_asn1_buf *pbe_params, int mode, * encryptionScheme AlgorithmIdentifier {{PBES2-Encs}} * } */ - if( pbe_params->tag != ( MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PKCS5_INVALID_FORMAT, - MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) ); + if (pbe_params->tag != (MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PKCS5_INVALID_FORMAT, + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG); + } - if( ( ret = mbedtls_asn1_get_alg( &p, end, &kdf_alg_oid, - &kdf_alg_params ) ) != 0 ) - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PKCS5_INVALID_FORMAT, ret ) ); + if ((ret = mbedtls_asn1_get_alg(&p, end, &kdf_alg_oid, + &kdf_alg_params)) != 0) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PKCS5_INVALID_FORMAT, ret); + } // Only PBKDF2 supported at the moment // - if( MBEDTLS_OID_CMP( MBEDTLS_OID_PKCS5_PBKDF2, &kdf_alg_oid ) != 0 ) - return( MBEDTLS_ERR_PKCS5_FEATURE_UNAVAILABLE ); - - if( ( ret = pkcs5_parse_pbkdf2_params( &kdf_alg_params, - &salt, &iterations, &keylen, - &md_type ) ) != 0 ) - { - return( ret ); + if (MBEDTLS_OID_CMP(MBEDTLS_OID_PKCS5_PBKDF2, &kdf_alg_oid) != 0) { + return MBEDTLS_ERR_PKCS5_FEATURE_UNAVAILABLE; + } + + if ((ret = pkcs5_parse_pbkdf2_params(&kdf_alg_params, + &salt, &iterations, &keylen, + &md_type)) != 0) { + return ret; } - md_info = mbedtls_md_info_from_type( md_type ); - if( md_info == NULL ) - return( MBEDTLS_ERR_PKCS5_FEATURE_UNAVAILABLE ); + md_info = mbedtls_md_info_from_type(md_type); + if (md_info == NULL) { + return MBEDTLS_ERR_PKCS5_FEATURE_UNAVAILABLE; + } - if( ( ret = mbedtls_asn1_get_alg( &p, end, &enc_scheme_oid, - &enc_scheme_params ) ) != 0 ) - { - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PKCS5_INVALID_FORMAT, ret ) ); + if ((ret = mbedtls_asn1_get_alg(&p, end, &enc_scheme_oid, + &enc_scheme_params)) != 0) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PKCS5_INVALID_FORMAT, ret); } - if( mbedtls_oid_get_cipher_alg( &enc_scheme_oid, &cipher_alg ) != 0 ) - return( MBEDTLS_ERR_PKCS5_FEATURE_UNAVAILABLE ); + if (mbedtls_oid_get_cipher_alg(&enc_scheme_oid, &cipher_alg) != 0) { + return MBEDTLS_ERR_PKCS5_FEATURE_UNAVAILABLE; + } - cipher_info = mbedtls_cipher_info_from_type( cipher_alg ); - if( cipher_info == NULL ) - return( MBEDTLS_ERR_PKCS5_FEATURE_UNAVAILABLE ); + cipher_info = mbedtls_cipher_info_from_type(cipher_alg); + if (cipher_info == NULL) { + return MBEDTLS_ERR_PKCS5_FEATURE_UNAVAILABLE; + } /* * The value of keylen from pkcs5_parse_pbkdf2_params() is ignored @@ -171,143 +183,156 @@ int mbedtls_pkcs5_pbes2( const mbedtls_asn1_buf *pbe_params, int mode, */ keylen = cipher_info->key_bitlen / 8; - if( enc_scheme_params.tag != MBEDTLS_ASN1_OCTET_STRING || - enc_scheme_params.len != cipher_info->iv_size ) - { - return( MBEDTLS_ERR_PKCS5_INVALID_FORMAT ); + if (enc_scheme_params.tag != MBEDTLS_ASN1_OCTET_STRING || + enc_scheme_params.len != cipher_info->iv_size) { + return MBEDTLS_ERR_PKCS5_INVALID_FORMAT; } - mbedtls_md_init( &md_ctx ); - mbedtls_cipher_init( &cipher_ctx ); + mbedtls_md_init(&md_ctx); + mbedtls_cipher_init(&cipher_ctx); - memcpy( iv, enc_scheme_params.p, enc_scheme_params.len ); + memcpy(iv, enc_scheme_params.p, enc_scheme_params.len); - if( ( ret = mbedtls_md_setup( &md_ctx, md_info, 1 ) ) != 0 ) + if ((ret = mbedtls_md_setup(&md_ctx, md_info, 1)) != 0) { goto exit; + } - if( ( ret = mbedtls_pkcs5_pbkdf2_hmac( &md_ctx, pwd, pwdlen, salt.p, salt.len, - iterations, keylen, key ) ) != 0 ) - { + if ((ret = mbedtls_pkcs5_pbkdf2_hmac(&md_ctx, pwd, pwdlen, salt.p, salt.len, + iterations, keylen, key)) != 0) { goto exit; } - if( ( ret = mbedtls_cipher_setup( &cipher_ctx, cipher_info ) ) != 0 ) + if ((ret = mbedtls_cipher_setup(&cipher_ctx, cipher_info)) != 0) { goto exit; + } - if( ( ret = mbedtls_cipher_setkey( &cipher_ctx, key, 8 * keylen, - (mbedtls_operation_t) mode ) ) != 0 ) + if ((ret = mbedtls_cipher_setkey(&cipher_ctx, key, 8 * keylen, + (mbedtls_operation_t) mode)) != 0) { goto exit; + } - if( ( ret = mbedtls_cipher_crypt( &cipher_ctx, iv, enc_scheme_params.len, - data, datalen, output, &olen ) ) != 0 ) + if ((ret = mbedtls_cipher_crypt(&cipher_ctx, iv, enc_scheme_params.len, + data, datalen, output, &olen)) != 0) { ret = MBEDTLS_ERR_PKCS5_PASSWORD_MISMATCH; + } exit: - mbedtls_md_free( &md_ctx ); - mbedtls_cipher_free( &cipher_ctx ); + mbedtls_md_free(&md_ctx); + mbedtls_cipher_free(&cipher_ctx); - return( ret ); + return ret; } #endif /* MBEDTLS_ASN1_PARSE_C */ -int mbedtls_pkcs5_pbkdf2_hmac( mbedtls_md_context_t *ctx, - const unsigned char *password, - size_t plen, const unsigned char *salt, size_t slen, - unsigned int iteration_count, - uint32_t key_length, unsigned char *output ) +int mbedtls_pkcs5_pbkdf2_hmac(mbedtls_md_context_t *ctx, + const unsigned char *password, + size_t plen, const unsigned char *salt, size_t slen, + unsigned int iteration_count, + uint32_t key_length, unsigned char *output) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; int j; unsigned int i; unsigned char md1[MBEDTLS_MD_MAX_SIZE]; unsigned char work[MBEDTLS_MD_MAX_SIZE]; - unsigned char md_size = mbedtls_md_get_size( ctx->md_info ); + unsigned char md_size = mbedtls_md_get_size(ctx->md_info); size_t use_len; unsigned char *out_p = output; unsigned char counter[4]; - memset( counter, 0, 4 ); + memset(counter, 0, 4); counter[3] = 1; #if UINT_MAX > 0xFFFFFFFF - if( iteration_count > 0xFFFFFFFF ) - return( MBEDTLS_ERR_PKCS5_BAD_INPUT_DATA ); + if (iteration_count > 0xFFFFFFFF) { + return MBEDTLS_ERR_PKCS5_BAD_INPUT_DATA; + } #endif - if( ( ret = mbedtls_md_hmac_starts( ctx, password, plen ) ) != 0 ) - return( ret ); - while( key_length ) - { + if ((ret = mbedtls_md_hmac_starts(ctx, password, plen)) != 0) { + return ret; + } + while (key_length) { // U1 ends up in work // - if( ( ret = mbedtls_md_hmac_update( ctx, salt, slen ) ) != 0 ) + if ((ret = mbedtls_md_hmac_update(ctx, salt, slen)) != 0) { goto cleanup; + } - if( ( ret = mbedtls_md_hmac_update( ctx, counter, 4 ) ) != 0 ) + if ((ret = mbedtls_md_hmac_update(ctx, counter, 4)) != 0) { goto cleanup; + } - if( ( ret = mbedtls_md_hmac_finish( ctx, work ) ) != 0 ) + if ((ret = mbedtls_md_hmac_finish(ctx, work)) != 0) { goto cleanup; + } - if( ( ret = mbedtls_md_hmac_reset( ctx ) ) != 0 ) + if ((ret = mbedtls_md_hmac_reset(ctx)) != 0) { goto cleanup; + } - memcpy( md1, work, md_size ); + memcpy(md1, work, md_size); - for( i = 1; i < iteration_count; i++ ) - { + for (i = 1; i < iteration_count; i++) { // U2 ends up in md1 // - if( ( ret = mbedtls_md_hmac_update( ctx, md1, md_size ) ) != 0 ) + if ((ret = mbedtls_md_hmac_update(ctx, md1, md_size)) != 0) { goto cleanup; + } - if( ( ret = mbedtls_md_hmac_finish( ctx, md1 ) ) != 0 ) + if ((ret = mbedtls_md_hmac_finish(ctx, md1)) != 0) { goto cleanup; + } - if( ( ret = mbedtls_md_hmac_reset( ctx ) ) != 0 ) + if ((ret = mbedtls_md_hmac_reset(ctx)) != 0) { goto cleanup; + } // U1 xor U2 // - for( j = 0; j < md_size; j++ ) + for (j = 0; j < md_size; j++) { work[j] ^= md1[j]; + } } - use_len = ( key_length < md_size ) ? key_length : md_size; - memcpy( out_p, work, use_len ); + use_len = (key_length < md_size) ? key_length : md_size; + memcpy(out_p, work, use_len); key_length -= (uint32_t) use_len; out_p += use_len; - for( i = 4; i > 0; i-- ) - if( ++counter[i - 1] != 0 ) + for (i = 4; i > 0; i--) { + if (++counter[i - 1] != 0) { break; + } + } } cleanup: /* Zeroise buffers to clear sensitive data from memory. */ - mbedtls_platform_zeroize( work, MBEDTLS_MD_MAX_SIZE ); - mbedtls_platform_zeroize( md1, MBEDTLS_MD_MAX_SIZE ); + mbedtls_platform_zeroize(work, MBEDTLS_MD_MAX_SIZE); + mbedtls_platform_zeroize(md1, MBEDTLS_MD_MAX_SIZE); - return( ret ); + return ret; } #if defined(MBEDTLS_SELF_TEST) #if !defined(MBEDTLS_SHA1_C) -int mbedtls_pkcs5_self_test( int verbose ) +int mbedtls_pkcs5_self_test(int verbose) { - if( verbose != 0 ) - mbedtls_printf( " PBKDF2 (SHA1): skipped\n\n" ); + if (verbose != 0) { + mbedtls_printf(" PBKDF2 (SHA1): skipped\n\n"); + } - return( 0 ); + return 0; } #else #define MAX_TESTS 6 static const size_t plen_test_data[MAX_TESTS] = - { 8, 8, 8, 24, 9 }; +{ 8, 8, 8, 24, 9 }; static const unsigned char password_test_data[MAX_TESTS][32] = { @@ -319,7 +344,7 @@ static const unsigned char password_test_data[MAX_TESTS][32] = }; static const size_t slen_test_data[MAX_TESTS] = - { 4, 4, 4, 36, 5 }; +{ 4, 4, 4, 36, 5 }; static const unsigned char salt_test_data[MAX_TESTS][40] = { @@ -331,10 +356,10 @@ static const unsigned char salt_test_data[MAX_TESTS][40] = }; static const uint32_t it_cnt_test_data[MAX_TESTS] = - { 1, 2, 4096, 4096, 4096 }; +{ 1, 2, 4096, 4096, 4096 }; static const uint32_t key_len_test_data[MAX_TESTS] = - { 20, 20, 20, 25, 16 }; +{ 20, 20, 20, 25, 16 }; static const unsigned char result_key_test_data[MAX_TESTS][32] = { @@ -355,58 +380,58 @@ static const unsigned char result_key_test_data[MAX_TESTS][32] = 0xcc, 0x37, 0xd7, 0xf0, 0x34, 0x25, 0xe0, 0xc3 }, }; -int mbedtls_pkcs5_self_test( int verbose ) +int mbedtls_pkcs5_self_test(int verbose) { mbedtls_md_context_t sha1_ctx; const mbedtls_md_info_t *info_sha1; int ret, i; unsigned char key[64]; - mbedtls_md_init( &sha1_ctx ); + mbedtls_md_init(&sha1_ctx); - info_sha1 = mbedtls_md_info_from_type( MBEDTLS_MD_SHA1 ); - if( info_sha1 == NULL ) - { + info_sha1 = mbedtls_md_info_from_type(MBEDTLS_MD_SHA1); + if (info_sha1 == NULL) { ret = 1; goto exit; } - if( ( ret = mbedtls_md_setup( &sha1_ctx, info_sha1, 1 ) ) != 0 ) - { + if ((ret = mbedtls_md_setup(&sha1_ctx, info_sha1, 1)) != 0) { ret = 1; goto exit; } - for( i = 0; i < MAX_TESTS; i++ ) - { - if( verbose != 0 ) - mbedtls_printf( " PBKDF2 (SHA1) #%d: ", i ); - - ret = mbedtls_pkcs5_pbkdf2_hmac( &sha1_ctx, password_test_data[i], - plen_test_data[i], salt_test_data[i], - slen_test_data[i], it_cnt_test_data[i], - key_len_test_data[i], key ); - if( ret != 0 || - memcmp( result_key_test_data[i], key, key_len_test_data[i] ) != 0 ) - { - if( verbose != 0 ) - mbedtls_printf( "failed\n" ); + for (i = 0; i < MAX_TESTS; i++) { + if (verbose != 0) { + mbedtls_printf(" PBKDF2 (SHA1) #%d: ", i); + } + + ret = mbedtls_pkcs5_pbkdf2_hmac(&sha1_ctx, password_test_data[i], + plen_test_data[i], salt_test_data[i], + slen_test_data[i], it_cnt_test_data[i], + key_len_test_data[i], key); + if (ret != 0 || + memcmp(result_key_test_data[i], key, key_len_test_data[i]) != 0) { + if (verbose != 0) { + mbedtls_printf("failed\n"); + } ret = 1; goto exit; } - if( verbose != 0 ) - mbedtls_printf( "passed\n" ); + if (verbose != 0) { + mbedtls_printf("passed\n"); + } } - if( verbose != 0 ) - mbedtls_printf( "\n" ); + if (verbose != 0) { + mbedtls_printf("\n"); + } exit: - mbedtls_md_free( &sha1_ctx ); + mbedtls_md_free(&sha1_ctx); - return( ret ); + return ret; } #endif /* MBEDTLS_SHA1_C */ diff --git a/thirdparty/mbedtls/library/pkparse.c b/thirdparty/mbedtls/library/pkparse.c index 6170d6d012..deaff0b310 100644 --- a/thirdparty/mbedtls/library/pkparse.c +++ b/thirdparty/mbedtls/library/pkparse.c @@ -51,10 +51,10 @@ #include "mbedtls/platform.h" /* Parameter validation macros based on platform_util.h */ -#define PK_VALIDATE_RET( cond ) \ - MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_PK_BAD_INPUT_DATA ) -#define PK_VALIDATE( cond ) \ - MBEDTLS_INTERNAL_VALIDATE( cond ) +#define PK_VALIDATE_RET(cond) \ + MBEDTLS_INTERNAL_VALIDATE_RET(cond, MBEDTLS_ERR_PK_BAD_INPUT_DATA) +#define PK_VALIDATE(cond) \ + MBEDTLS_INTERNAL_VALIDATE(cond) #if defined(MBEDTLS_FS_IO) /* @@ -64,104 +64,106 @@ * A terminating null byte is always appended. It is included in the announced * length only if the data looks like it is PEM encoded. */ -int mbedtls_pk_load_file( const char *path, unsigned char **buf, size_t *n ) +int mbedtls_pk_load_file(const char *path, unsigned char **buf, size_t *n) { FILE *f; long size; - PK_VALIDATE_RET( path != NULL ); - PK_VALIDATE_RET( buf != NULL ); - PK_VALIDATE_RET( n != NULL ); + PK_VALIDATE_RET(path != NULL); + PK_VALIDATE_RET(buf != NULL); + PK_VALIDATE_RET(n != NULL); - if( ( f = fopen( path, "rb" ) ) == NULL ) - return( MBEDTLS_ERR_PK_FILE_IO_ERROR ); + if ((f = fopen(path, "rb")) == NULL) { + return MBEDTLS_ERR_PK_FILE_IO_ERROR; + } - fseek( f, 0, SEEK_END ); - if( ( size = ftell( f ) ) == -1 ) - { - fclose( f ); - return( MBEDTLS_ERR_PK_FILE_IO_ERROR ); + fseek(f, 0, SEEK_END); + if ((size = ftell(f)) == -1) { + fclose(f); + return MBEDTLS_ERR_PK_FILE_IO_ERROR; } - fseek( f, 0, SEEK_SET ); + fseek(f, 0, SEEK_SET); *n = (size_t) size; - if( *n + 1 == 0 || - ( *buf = mbedtls_calloc( 1, *n + 1 ) ) == NULL ) - { - fclose( f ); - return( MBEDTLS_ERR_PK_ALLOC_FAILED ); + if (*n + 1 == 0 || + (*buf = mbedtls_calloc(1, *n + 1)) == NULL) { + fclose(f); + return MBEDTLS_ERR_PK_ALLOC_FAILED; } - if( fread( *buf, 1, *n, f ) != *n ) - { - fclose( f ); + if (fread(*buf, 1, *n, f) != *n) { + fclose(f); - mbedtls_platform_zeroize( *buf, *n ); - mbedtls_free( *buf ); + mbedtls_platform_zeroize(*buf, *n); + mbedtls_free(*buf); - return( MBEDTLS_ERR_PK_FILE_IO_ERROR ); + return MBEDTLS_ERR_PK_FILE_IO_ERROR; } - fclose( f ); + fclose(f); (*buf)[*n] = '\0'; - if( strstr( (const char *) *buf, "-----BEGIN " ) != NULL ) + if (strstr((const char *) *buf, "-----BEGIN ") != NULL) { ++*n; + } - return( 0 ); + return 0; } /* * Load and parse a private key */ -int mbedtls_pk_parse_keyfile( mbedtls_pk_context *ctx, - const char *path, const char *pwd ) +int mbedtls_pk_parse_keyfile(mbedtls_pk_context *ctx, + const char *path, const char *pwd) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t n; unsigned char *buf; - PK_VALIDATE_RET( ctx != NULL ); - PK_VALIDATE_RET( path != NULL ); + PK_VALIDATE_RET(ctx != NULL); + PK_VALIDATE_RET(path != NULL); - if( ( ret = mbedtls_pk_load_file( path, &buf, &n ) ) != 0 ) - return( ret ); + if ((ret = mbedtls_pk_load_file(path, &buf, &n)) != 0) { + return ret; + } - if( pwd == NULL ) - ret = mbedtls_pk_parse_key( ctx, buf, n, NULL, 0 ); - else - ret = mbedtls_pk_parse_key( ctx, buf, n, - (const unsigned char *) pwd, strlen( pwd ) ); + if (pwd == NULL) { + ret = mbedtls_pk_parse_key(ctx, buf, n, NULL, 0); + } else { + ret = mbedtls_pk_parse_key(ctx, buf, n, + (const unsigned char *) pwd, strlen(pwd)); + } - mbedtls_platform_zeroize( buf, n ); - mbedtls_free( buf ); + mbedtls_platform_zeroize(buf, n); + mbedtls_free(buf); - return( ret ); + return ret; } /* * Load and parse a public key */ -int mbedtls_pk_parse_public_keyfile( mbedtls_pk_context *ctx, const char *path ) +int mbedtls_pk_parse_public_keyfile(mbedtls_pk_context *ctx, const char *path) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t n; unsigned char *buf; - PK_VALIDATE_RET( ctx != NULL ); - PK_VALIDATE_RET( path != NULL ); + PK_VALIDATE_RET(ctx != NULL); + PK_VALIDATE_RET(path != NULL); - if( ( ret = mbedtls_pk_load_file( path, &buf, &n ) ) != 0 ) - return( ret ); + if ((ret = mbedtls_pk_load_file(path, &buf, &n)) != 0) { + return ret; + } - ret = mbedtls_pk_parse_public_key( ctx, buf, n ); + ret = mbedtls_pk_parse_public_key(ctx, buf, n); - mbedtls_platform_zeroize( buf, n ); - mbedtls_free( buf ); + mbedtls_platform_zeroize(buf, n); + mbedtls_free(buf); - return( ret ); + return ret; } #endif /* MBEDTLS_FS_IO */ @@ -174,40 +176,40 @@ int mbedtls_pk_parse_public_keyfile( mbedtls_pk_context *ctx, const char *path ) * -- implicitCurve NULL * } */ -static int pk_get_ecparams( unsigned char **p, const unsigned char *end, - mbedtls_asn1_buf *params ) +static int pk_get_ecparams(unsigned char **p, const unsigned char *end, + mbedtls_asn1_buf *params) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - if ( end - *p < 1 ) - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, - MBEDTLS_ERR_ASN1_OUT_OF_DATA ) ); + if (end - *p < 1) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, + MBEDTLS_ERR_ASN1_OUT_OF_DATA); + } /* Tag may be either OID or SEQUENCE */ params->tag = **p; - if( params->tag != MBEDTLS_ASN1_OID + if (params->tag != MBEDTLS_ASN1_OID #if defined(MBEDTLS_PK_PARSE_EC_EXTENDED) - && params->tag != ( MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) + && params->tag != (MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE) #endif - ) - { - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, - MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) ); + ) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG); } - if( ( ret = mbedtls_asn1_get_tag( p, end, ¶ms->len, params->tag ) ) != 0 ) - { - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret ) ); + if ((ret = mbedtls_asn1_get_tag(p, end, ¶ms->len, params->tag)) != 0) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret); } params->p = *p; *p += params->len; - if( *p != end ) - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) ); + if (*p != end) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); + } - return( 0 ); + return 0; } #if defined(MBEDTLS_PK_PARSE_EC_EXTENDED) @@ -230,7 +232,7 @@ static int pk_get_ecparams( unsigned char **p, const unsigned char *end, * * We only support prime-field as field type, and ignore hash and cofactor. */ -static int pk_group_from_specified( const mbedtls_asn1_buf *params, mbedtls_ecp_group *grp ) +static int pk_group_from_specified(const mbedtls_asn1_buf *params, mbedtls_ecp_group *grp) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char *p = params->p; @@ -240,11 +242,13 @@ static int pk_group_from_specified( const mbedtls_asn1_buf *params, mbedtls_ecp_ int ver; /* SpecifiedECDomainVersion ::= INTEGER { 1, 2, 3 } */ - if( ( ret = mbedtls_asn1_get_int( &p, end, &ver ) ) != 0 ) - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret ) ); + if ((ret = mbedtls_asn1_get_int(&p, end, &ver)) != 0) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret); + } - if( ver < 1 || ver > 3 ) - return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT ); + if (ver < 1 || ver > 3) { + return MBEDTLS_ERR_PK_KEY_INVALID_FORMAT; + } /* * FieldID { FIELD-ID:IOSet } ::= SEQUENCE { -- Finite field @@ -252,9 +256,10 @@ static int pk_group_from_specified( const mbedtls_asn1_buf *params, mbedtls_ecp_ * parameters FIELD-ID.&Type({IOSet}{@fieldType}) * } */ - if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) - return( ret ); + if ((ret = mbedtls_asn1_get_tag(&p, end, &len, + MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { + return ret; + } end_field = p + len; @@ -266,26 +271,28 @@ static int pk_group_from_specified( const mbedtls_asn1_buf *params, mbedtls_ecp_ * } * prime-field OBJECT IDENTIFIER ::= { id-fieldType 1 } */ - if( ( ret = mbedtls_asn1_get_tag( &p, end_field, &len, MBEDTLS_ASN1_OID ) ) != 0 ) - return( ret ); + if ((ret = mbedtls_asn1_get_tag(&p, end_field, &len, MBEDTLS_ASN1_OID)) != 0) { + return ret; + } - if( len != MBEDTLS_OID_SIZE( MBEDTLS_OID_ANSI_X9_62_PRIME_FIELD ) || - memcmp( p, MBEDTLS_OID_ANSI_X9_62_PRIME_FIELD, len ) != 0 ) - { - return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE ); + if (len != MBEDTLS_OID_SIZE(MBEDTLS_OID_ANSI_X9_62_PRIME_FIELD) || + memcmp(p, MBEDTLS_OID_ANSI_X9_62_PRIME_FIELD, len) != 0) { + return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE; } p += len; /* Prime-p ::= INTEGER -- Field of size p. */ - if( ( ret = mbedtls_asn1_get_mpi( &p, end_field, &grp->P ) ) != 0 ) - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret ) ); + if ((ret = mbedtls_asn1_get_mpi(&p, end_field, &grp->P)) != 0) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret); + } - grp->pbits = mbedtls_mpi_bitlen( &grp->P ); + grp->pbits = mbedtls_mpi_bitlen(&grp->P); - if( p != end_field ) - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) ); + if (p != end_field) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); + } /* * Curve ::= SEQUENCE { @@ -296,9 +303,10 @@ static int pk_group_from_specified( const mbedtls_asn1_buf *params, mbedtls_ecp_ * -- with version equal to ecdpVer2 or ecdpVer3 * } */ - if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) - return( ret ); + if ((ret = mbedtls_asn1_get_tag(&p, end, &len, + MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { + return ret; + } end_curve = p + len; @@ -306,51 +314,50 @@ static int pk_group_from_specified( const mbedtls_asn1_buf *params, mbedtls_ecp_ * FieldElement ::= OCTET STRING * containing an integer in the case of a prime field */ - if( ( ret = mbedtls_asn1_get_tag( &p, end_curve, &len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 || - ( ret = mbedtls_mpi_read_binary( &grp->A, p, len ) ) != 0 ) - { - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret ) ); + if ((ret = mbedtls_asn1_get_tag(&p, end_curve, &len, MBEDTLS_ASN1_OCTET_STRING)) != 0 || + (ret = mbedtls_mpi_read_binary(&grp->A, p, len)) != 0) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret); } p += len; - if( ( ret = mbedtls_asn1_get_tag( &p, end_curve, &len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 || - ( ret = mbedtls_mpi_read_binary( &grp->B, p, len ) ) != 0 ) - { - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret ) ); + if ((ret = mbedtls_asn1_get_tag(&p, end_curve, &len, MBEDTLS_ASN1_OCTET_STRING)) != 0 || + (ret = mbedtls_mpi_read_binary(&grp->B, p, len)) != 0) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret); } p += len; /* Ignore seed BIT STRING OPTIONAL */ - if( ( ret = mbedtls_asn1_get_tag( &p, end_curve, &len, MBEDTLS_ASN1_BIT_STRING ) ) == 0 ) + if ((ret = mbedtls_asn1_get_tag(&p, end_curve, &len, MBEDTLS_ASN1_BIT_STRING)) == 0) { p += len; + } - if( p != end_curve ) - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) ); + if (p != end_curve) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); + } /* * ECPoint ::= OCTET STRING */ - if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 ) - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret ) ); + if ((ret = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_OCTET_STRING)) != 0) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret); + } - if( ( ret = mbedtls_ecp_point_read_binary( grp, &grp->G, - ( const unsigned char *) p, len ) ) != 0 ) - { + if ((ret = mbedtls_ecp_point_read_binary(grp, &grp->G, + (const unsigned char *) p, len)) != 0) { /* * If we can't read the point because it's compressed, cheat by * reading only the X coordinate and the parity bit of Y. */ - if( ret != MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE || - ( p[0] != 0x02 && p[0] != 0x03 ) || - len != mbedtls_mpi_size( &grp->P ) + 1 || - mbedtls_mpi_read_binary( &grp->G.X, p + 1, len - 1 ) != 0 || - mbedtls_mpi_lset( &grp->G.Y, p[0] - 2 ) != 0 || - mbedtls_mpi_lset( &grp->G.Z, 1 ) != 0 ) - { - return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT ); + if (ret != MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE || + (p[0] != 0x02 && p[0] != 0x03) || + len != mbedtls_mpi_size(&grp->P) + 1 || + mbedtls_mpi_read_binary(&grp->G.X, p + 1, len - 1) != 0 || + mbedtls_mpi_lset(&grp->G.Y, p[0] - 2) != 0 || + mbedtls_mpi_lset(&grp->G.Z, 1) != 0) { + return MBEDTLS_ERR_PK_KEY_INVALID_FORMAT; } } @@ -359,83 +366,84 @@ static int pk_group_from_specified( const mbedtls_asn1_buf *params, mbedtls_ecp_ /* * order INTEGER */ - if( ( ret = mbedtls_asn1_get_mpi( &p, end, &grp->N ) ) != 0 ) - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret ) ); + if ((ret = mbedtls_asn1_get_mpi(&p, end, &grp->N)) != 0) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret); + } - grp->nbits = mbedtls_mpi_bitlen( &grp->N ); + grp->nbits = mbedtls_mpi_bitlen(&grp->N); /* * Allow optional elements by purposefully not enforcing p == end here. */ - return( 0 ); + return 0; } /* * Find the group id associated with an (almost filled) group as generated by * pk_group_from_specified(), or return an error if unknown. */ -static int pk_group_id_from_group( const mbedtls_ecp_group *grp, mbedtls_ecp_group_id *grp_id ) +static int pk_group_id_from_group(const mbedtls_ecp_group *grp, mbedtls_ecp_group_id *grp_id) { int ret = 0; mbedtls_ecp_group ref; const mbedtls_ecp_group_id *id; - mbedtls_ecp_group_init( &ref ); + mbedtls_ecp_group_init(&ref); - for( id = mbedtls_ecp_grp_id_list(); *id != MBEDTLS_ECP_DP_NONE; id++ ) - { + for (id = mbedtls_ecp_grp_id_list(); *id != MBEDTLS_ECP_DP_NONE; id++) { /* Load the group associated to that id */ - mbedtls_ecp_group_free( &ref ); - MBEDTLS_MPI_CHK( mbedtls_ecp_group_load( &ref, *id ) ); + mbedtls_ecp_group_free(&ref); + MBEDTLS_MPI_CHK(mbedtls_ecp_group_load(&ref, *id)); /* Compare to the group we were given, starting with easy tests */ - if( grp->pbits == ref.pbits && grp->nbits == ref.nbits && - mbedtls_mpi_cmp_mpi( &grp->P, &ref.P ) == 0 && - mbedtls_mpi_cmp_mpi( &grp->A, &ref.A ) == 0 && - mbedtls_mpi_cmp_mpi( &grp->B, &ref.B ) == 0 && - mbedtls_mpi_cmp_mpi( &grp->N, &ref.N ) == 0 && - mbedtls_mpi_cmp_mpi( &grp->G.X, &ref.G.X ) == 0 && - mbedtls_mpi_cmp_mpi( &grp->G.Z, &ref.G.Z ) == 0 && + if (grp->pbits == ref.pbits && grp->nbits == ref.nbits && + mbedtls_mpi_cmp_mpi(&grp->P, &ref.P) == 0 && + mbedtls_mpi_cmp_mpi(&grp->A, &ref.A) == 0 && + mbedtls_mpi_cmp_mpi(&grp->B, &ref.B) == 0 && + mbedtls_mpi_cmp_mpi(&grp->N, &ref.N) == 0 && + mbedtls_mpi_cmp_mpi(&grp->G.X, &ref.G.X) == 0 && + mbedtls_mpi_cmp_mpi(&grp->G.Z, &ref.G.Z) == 0 && /* For Y we may only know the parity bit, so compare only that */ - mbedtls_mpi_get_bit( &grp->G.Y, 0 ) == mbedtls_mpi_get_bit( &ref.G.Y, 0 ) ) - { + mbedtls_mpi_get_bit(&grp->G.Y, 0) == mbedtls_mpi_get_bit(&ref.G.Y, 0)) { break; } } cleanup: - mbedtls_ecp_group_free( &ref ); + mbedtls_ecp_group_free(&ref); *grp_id = *id; - if( ret == 0 && *id == MBEDTLS_ECP_DP_NONE ) + if (ret == 0 && *id == MBEDTLS_ECP_DP_NONE) { ret = MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE; + } - return( ret ); + return ret; } /* * Parse a SpecifiedECDomain (SEC 1 C.2) and find the associated group ID */ -static int pk_group_id_from_specified( const mbedtls_asn1_buf *params, - mbedtls_ecp_group_id *grp_id ) +static int pk_group_id_from_specified(const mbedtls_asn1_buf *params, + mbedtls_ecp_group_id *grp_id) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_ecp_group grp; - mbedtls_ecp_group_init( &grp ); + mbedtls_ecp_group_init(&grp); - if( ( ret = pk_group_from_specified( params, &grp ) ) != 0 ) + if ((ret = pk_group_from_specified(params, &grp)) != 0) { goto cleanup; + } - ret = pk_group_id_from_group( &grp, grp_id ); + ret = pk_group_id_from_group(&grp, grp_id); cleanup: - mbedtls_ecp_group_free( &grp ); + mbedtls_ecp_group_free(&grp); - return( ret ); + return ret; } #endif /* MBEDTLS_PK_PARSE_EC_EXTENDED */ @@ -447,36 +455,37 @@ cleanup: * specifiedCurve SpecifiedECDomain -- = SEQUENCE { ... } * -- implicitCurve NULL */ -static int pk_use_ecparams( const mbedtls_asn1_buf *params, mbedtls_ecp_group *grp ) +static int pk_use_ecparams(const mbedtls_asn1_buf *params, mbedtls_ecp_group *grp) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_ecp_group_id grp_id; - if( params->tag == MBEDTLS_ASN1_OID ) - { - if( mbedtls_oid_get_ec_grp( params, &grp_id ) != 0 ) - return( MBEDTLS_ERR_PK_UNKNOWN_NAMED_CURVE ); - } - else - { + if (params->tag == MBEDTLS_ASN1_OID) { + if (mbedtls_oid_get_ec_grp(params, &grp_id) != 0) { + return MBEDTLS_ERR_PK_UNKNOWN_NAMED_CURVE; + } + } else { #if defined(MBEDTLS_PK_PARSE_EC_EXTENDED) - if( ( ret = pk_group_id_from_specified( params, &grp_id ) ) != 0 ) - return( ret ); + if ((ret = pk_group_id_from_specified(params, &grp_id)) != 0) { + return ret; + } #else - return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT ); + return MBEDTLS_ERR_PK_KEY_INVALID_FORMAT; #endif } /* * grp may already be initialized; if so, make sure IDs match */ - if( grp->id != MBEDTLS_ECP_DP_NONE && grp->id != grp_id ) - return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT ); + if (grp->id != MBEDTLS_ECP_DP_NONE && grp->id != grp_id) { + return MBEDTLS_ERR_PK_KEY_INVALID_FORMAT; + } - if( ( ret = mbedtls_ecp_group_load( grp, grp_id ) ) != 0 ) - return( ret ); + if ((ret = mbedtls_ecp_group_load(grp, grp_id)) != 0) { + return ret; + } - return( 0 ); + return 0; } /* @@ -486,15 +495,14 @@ static int pk_use_ecparams( const mbedtls_asn1_buf *params, mbedtls_ecp_group *g * desired. Take care to pass along the possible ECP_FEATURE_UNAVAILABLE * return code of mbedtls_ecp_point_read_binary() and leave p in a usable state. */ -static int pk_get_ecpubkey( unsigned char **p, const unsigned char *end, - mbedtls_ecp_keypair *key ) +static int pk_get_ecpubkey(unsigned char **p, const unsigned char *end, + mbedtls_ecp_keypair *key) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - if( ( ret = mbedtls_ecp_point_read_binary( &key->grp, &key->Q, - (const unsigned char *) *p, end - *p ) ) == 0 ) - { - ret = mbedtls_ecp_check_pubkey( &key->grp, &key->Q ); + if ((ret = mbedtls_ecp_point_read_binary(&key->grp, &key->Q, + (const unsigned char *) *p, end - *p)) == 0) { + ret = mbedtls_ecp_check_pubkey(&key->grp, &key->Q); } /* @@ -502,7 +510,7 @@ static int pk_get_ecpubkey( unsigned char **p, const unsigned char *end, */ *p = (unsigned char *) end; - return( ret ); + return ret; } #endif /* MBEDTLS_ECP_C */ @@ -513,52 +521,58 @@ static int pk_get_ecpubkey( unsigned char **p, const unsigned char *end, * publicExponent INTEGER -- e * } */ -static int pk_get_rsapubkey( unsigned char **p, - const unsigned char *end, - mbedtls_rsa_context *rsa ) +static int pk_get_rsapubkey(unsigned char **p, + const unsigned char *end, + mbedtls_rsa_context *rsa) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len; - if( ( ret = mbedtls_asn1_get_tag( p, end, &len, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_INVALID_PUBKEY, ret ) ); + if ((ret = mbedtls_asn1_get_tag(p, end, &len, + MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_INVALID_PUBKEY, ret); + } - if( *p + len != end ) - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_INVALID_PUBKEY, - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) ); + if (*p + len != end) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_INVALID_PUBKEY, + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); + } /* Import N */ - if( ( ret = mbedtls_asn1_get_tag( p, end, &len, MBEDTLS_ASN1_INTEGER ) ) != 0 ) - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_INVALID_PUBKEY, ret ) ); + if ((ret = mbedtls_asn1_get_tag(p, end, &len, MBEDTLS_ASN1_INTEGER)) != 0) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_INVALID_PUBKEY, ret); + } - if( ( ret = mbedtls_rsa_import_raw( rsa, *p, len, NULL, 0, NULL, 0, - NULL, 0, NULL, 0 ) ) != 0 ) - return( MBEDTLS_ERR_PK_INVALID_PUBKEY ); + if ((ret = mbedtls_rsa_import_raw(rsa, *p, len, NULL, 0, NULL, 0, + NULL, 0, NULL, 0)) != 0) { + return MBEDTLS_ERR_PK_INVALID_PUBKEY; + } *p += len; /* Import E */ - if( ( ret = mbedtls_asn1_get_tag( p, end, &len, MBEDTLS_ASN1_INTEGER ) ) != 0 ) - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_INVALID_PUBKEY, ret ) ); + if ((ret = mbedtls_asn1_get_tag(p, end, &len, MBEDTLS_ASN1_INTEGER)) != 0) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_INVALID_PUBKEY, ret); + } - if( ( ret = mbedtls_rsa_import_raw( rsa, NULL, 0, NULL, 0, NULL, 0, - NULL, 0, *p, len ) ) != 0 ) - return( MBEDTLS_ERR_PK_INVALID_PUBKEY ); + if ((ret = mbedtls_rsa_import_raw(rsa, NULL, 0, NULL, 0, NULL, 0, + NULL, 0, *p, len)) != 0) { + return MBEDTLS_ERR_PK_INVALID_PUBKEY; + } *p += len; - if( mbedtls_rsa_complete( rsa ) != 0 || - mbedtls_rsa_check_pubkey( rsa ) != 0 ) - { - return( MBEDTLS_ERR_PK_INVALID_PUBKEY ); + if (mbedtls_rsa_complete(rsa) != 0 || + mbedtls_rsa_check_pubkey(rsa) != 0) { + return MBEDTLS_ERR_PK_INVALID_PUBKEY; } - if( *p != end ) - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_INVALID_PUBKEY, - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) ); + if (*p != end) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_INVALID_PUBKEY, + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); + } - return( 0 ); + return 0; } #endif /* MBEDTLS_RSA_C */ @@ -568,32 +582,33 @@ static int pk_get_rsapubkey( unsigned char **p, * algorithm OBJECT IDENTIFIER, * parameters ANY DEFINED BY algorithm OPTIONAL } */ -static int pk_get_pk_alg( unsigned char **p, - const unsigned char *end, - mbedtls_pk_type_t *pk_alg, mbedtls_asn1_buf *params ) +static int pk_get_pk_alg(unsigned char **p, + const unsigned char *end, + mbedtls_pk_type_t *pk_alg, mbedtls_asn1_buf *params) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_asn1_buf alg_oid; - memset( params, 0, sizeof(mbedtls_asn1_buf) ); + memset(params, 0, sizeof(mbedtls_asn1_buf)); - if( ( ret = mbedtls_asn1_get_alg( p, end, &alg_oid, params ) ) != 0 ) - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_INVALID_ALG, ret ) ); + if ((ret = mbedtls_asn1_get_alg(p, end, &alg_oid, params)) != 0) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_INVALID_ALG, ret); + } - if( mbedtls_oid_get_pk_alg( &alg_oid, pk_alg ) != 0 ) - return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG ); + if (mbedtls_oid_get_pk_alg(&alg_oid, pk_alg) != 0) { + return MBEDTLS_ERR_PK_UNKNOWN_PK_ALG; + } /* * No parameters with RSA (only for EC) */ - if( *pk_alg == MBEDTLS_PK_RSA && - ( ( params->tag != MBEDTLS_ASN1_NULL && params->tag != 0 ) || - params->len != 0 ) ) - { - return( MBEDTLS_ERR_PK_INVALID_ALG ); + if (*pk_alg == MBEDTLS_PK_RSA && + ((params->tag != MBEDTLS_ASN1_NULL && params->tag != 0) || + params->len != 0)) { + return MBEDTLS_ERR_PK_INVALID_ALG; } - return( 0 ); + return 0; } /* @@ -601,8 +616,8 @@ static int pk_get_pk_alg( unsigned char **p, * algorithm AlgorithmIdentifier, * subjectPublicKey BIT STRING } */ -int mbedtls_pk_parse_subpubkey( unsigned char **p, const unsigned char *end, - mbedtls_pk_context *pk ) +int mbedtls_pk_parse_subpubkey(unsigned char **p, const unsigned char *end, + mbedtls_pk_context *pk) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len; @@ -610,59 +625,64 @@ int mbedtls_pk_parse_subpubkey( unsigned char **p, const unsigned char *end, mbedtls_pk_type_t pk_alg = MBEDTLS_PK_NONE; const mbedtls_pk_info_t *pk_info; - PK_VALIDATE_RET( p != NULL ); - PK_VALIDATE_RET( *p != NULL ); - PK_VALIDATE_RET( end != NULL ); - PK_VALIDATE_RET( pk != NULL ); + PK_VALIDATE_RET(p != NULL); + PK_VALIDATE_RET(*p != NULL); + PK_VALIDATE_RET(end != NULL); + PK_VALIDATE_RET(pk != NULL); - if( ( ret = mbedtls_asn1_get_tag( p, end, &len, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) - { - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret ) ); + if ((ret = mbedtls_asn1_get_tag(p, end, &len, + MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret); } end = *p + len; - if( ( ret = pk_get_pk_alg( p, end, &pk_alg, &alg_params ) ) != 0 ) - return( ret ); + if ((ret = pk_get_pk_alg(p, end, &pk_alg, &alg_params)) != 0) { + return ret; + } - if( ( ret = mbedtls_asn1_get_bitstring_null( p, end, &len ) ) != 0 ) - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_INVALID_PUBKEY, ret ) ); + if ((ret = mbedtls_asn1_get_bitstring_null(p, end, &len)) != 0) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_INVALID_PUBKEY, ret); + } - if( *p + len != end ) - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_INVALID_PUBKEY, - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) ); + if (*p + len != end) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_INVALID_PUBKEY, + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); + } - if( ( pk_info = mbedtls_pk_info_from_type( pk_alg ) ) == NULL ) - return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG ); + if ((pk_info = mbedtls_pk_info_from_type(pk_alg)) == NULL) { + return MBEDTLS_ERR_PK_UNKNOWN_PK_ALG; + } - if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 ) - return( ret ); + if ((ret = mbedtls_pk_setup(pk, pk_info)) != 0) { + return ret; + } #if defined(MBEDTLS_RSA_C) - if( pk_alg == MBEDTLS_PK_RSA ) - { - ret = pk_get_rsapubkey( p, end, mbedtls_pk_rsa( *pk ) ); + if (pk_alg == MBEDTLS_PK_RSA) { + ret = pk_get_rsapubkey(p, end, mbedtls_pk_rsa(*pk)); } else #endif /* MBEDTLS_RSA_C */ #if defined(MBEDTLS_ECP_C) - if( pk_alg == MBEDTLS_PK_ECKEY_DH || pk_alg == MBEDTLS_PK_ECKEY ) - { - ret = pk_use_ecparams( &alg_params, &mbedtls_pk_ec( *pk )->grp ); - if( ret == 0 ) - ret = pk_get_ecpubkey( p, end, mbedtls_pk_ec( *pk ) ); + if (pk_alg == MBEDTLS_PK_ECKEY_DH || pk_alg == MBEDTLS_PK_ECKEY) { + ret = pk_use_ecparams(&alg_params, &mbedtls_pk_ec(*pk)->grp); + if (ret == 0) { + ret = pk_get_ecpubkey(p, end, mbedtls_pk_ec(*pk)); + } } else #endif /* MBEDTLS_ECP_C */ - ret = MBEDTLS_ERR_PK_UNKNOWN_PK_ALG; + ret = MBEDTLS_ERR_PK_UNKNOWN_PK_ALG; - if( ret == 0 && *p != end ) - ret = MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_INVALID_PUBKEY, - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); + if (ret == 0 && *p != end) { + ret = MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_INVALID_PUBKEY, + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); + } - if( ret != 0 ) - mbedtls_pk_free( pk ); + if (ret != 0) { + mbedtls_pk_free(pk); + } - return( ret ); + return ret; } #if defined(MBEDTLS_RSA_C) @@ -676,35 +696,37 @@ int mbedtls_pk_parse_subpubkey( unsigned char **p, const unsigned char *end, * Since values can't be omitted in PKCS#1, passing a zero value to * rsa_complete() would be incorrect, so reject zero values early. */ -static int asn1_get_nonzero_mpi( unsigned char **p, - const unsigned char *end, - mbedtls_mpi *X ) +static int asn1_get_nonzero_mpi(unsigned char **p, + const unsigned char *end, + mbedtls_mpi *X) { int ret; - ret = mbedtls_asn1_get_mpi( p, end, X ); - if( ret != 0 ) - return( ret ); + ret = mbedtls_asn1_get_mpi(p, end, X); + if (ret != 0) { + return ret; + } - if( mbedtls_mpi_cmp_int( X, 0 ) == 0 ) - return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT ); + if (mbedtls_mpi_cmp_int(X, 0) == 0) { + return MBEDTLS_ERR_PK_KEY_INVALID_FORMAT; + } - return( 0 ); + return 0; } /* * Parse a PKCS#1 encoded private RSA key */ -static int pk_parse_key_pkcs1_der( mbedtls_rsa_context *rsa, - const unsigned char *key, - size_t keylen ) +static int pk_parse_key_pkcs1_der(mbedtls_rsa_context *rsa, + const unsigned char *key, + size_t keylen) { int ret, version; size_t len; unsigned char *p, *end; mbedtls_mpi T; - mbedtls_mpi_init( &T ); + mbedtls_mpi_init(&T); p = (unsigned char *) key; end = p + keylen; @@ -725,87 +747,93 @@ static int pk_parse_key_pkcs1_der( mbedtls_rsa_context *rsa, * otherPrimeInfos OtherPrimeInfos OPTIONAL * } */ - if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) - { - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret ) ); + if ((ret = mbedtls_asn1_get_tag(&p, end, &len, + MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret); } end = p + len; - if( ( ret = mbedtls_asn1_get_int( &p, end, &version ) ) != 0 ) - { - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret ) ); + if ((ret = mbedtls_asn1_get_int(&p, end, &version)) != 0) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret); } - if( version != 0 ) - { - return( MBEDTLS_ERR_PK_KEY_INVALID_VERSION ); + if (version != 0) { + return MBEDTLS_ERR_PK_KEY_INVALID_VERSION; } /* Import N */ - if( ( ret = asn1_get_nonzero_mpi( &p, end, &T ) ) != 0 || - ( ret = mbedtls_rsa_import( rsa, &T, NULL, NULL, - NULL, NULL ) ) != 0 ) + if ((ret = asn1_get_nonzero_mpi(&p, end, &T)) != 0 || + (ret = mbedtls_rsa_import(rsa, &T, NULL, NULL, + NULL, NULL)) != 0) { goto cleanup; + } /* Import E */ - if( ( ret = asn1_get_nonzero_mpi( &p, end, &T ) ) != 0 || - ( ret = mbedtls_rsa_import( rsa, NULL, NULL, NULL, - NULL, &T ) ) != 0 ) + if ((ret = asn1_get_nonzero_mpi(&p, end, &T)) != 0 || + (ret = mbedtls_rsa_import(rsa, NULL, NULL, NULL, + NULL, &T)) != 0) { goto cleanup; + } /* Import D */ - if( ( ret = asn1_get_nonzero_mpi( &p, end, &T ) ) != 0 || - ( ret = mbedtls_rsa_import( rsa, NULL, NULL, NULL, - &T, NULL ) ) != 0 ) + if ((ret = asn1_get_nonzero_mpi(&p, end, &T)) != 0 || + (ret = mbedtls_rsa_import(rsa, NULL, NULL, NULL, + &T, NULL)) != 0) { goto cleanup; + } /* Import P */ - if( ( ret = asn1_get_nonzero_mpi( &p, end, &T ) ) != 0 || - ( ret = mbedtls_rsa_import( rsa, NULL, &T, NULL, - NULL, NULL ) ) != 0 ) + if ((ret = asn1_get_nonzero_mpi(&p, end, &T)) != 0 || + (ret = mbedtls_rsa_import(rsa, NULL, &T, NULL, + NULL, NULL)) != 0) { goto cleanup; + } /* Import Q */ - if( ( ret = asn1_get_nonzero_mpi( &p, end, &T ) ) != 0 || - ( ret = mbedtls_rsa_import( rsa, NULL, NULL, &T, - NULL, NULL ) ) != 0 ) + if ((ret = asn1_get_nonzero_mpi(&p, end, &T)) != 0 || + (ret = mbedtls_rsa_import(rsa, NULL, NULL, &T, + NULL, NULL)) != 0) { goto cleanup; + } #if !defined(MBEDTLS_RSA_NO_CRT) && !defined(MBEDTLS_RSA_ALT) /* - * The RSA CRT parameters DP, DQ and QP are nominally redundant, in - * that they can be easily recomputed from D, P and Q. However by - * parsing them from the PKCS1 structure it is possible to avoid - * recalculating them which both reduces the overhead of loading - * RSA private keys into memory and also avoids side channels which - * can arise when computing those values, since all of D, P, and Q - * are secret. See https://eprint.iacr.org/2020/055 for a - * description of one such attack. - */ + * The RSA CRT parameters DP, DQ and QP are nominally redundant, in + * that they can be easily recomputed from D, P and Q. However by + * parsing them from the PKCS1 structure it is possible to avoid + * recalculating them which both reduces the overhead of loading + * RSA private keys into memory and also avoids side channels which + * can arise when computing those values, since all of D, P, and Q + * are secret. See https://eprint.iacr.org/2020/055 for a + * description of one such attack. + */ /* Import DP */ - if( ( ret = asn1_get_nonzero_mpi( &p, end, &T ) ) != 0 || - ( ret = mbedtls_mpi_copy( &rsa->DP, &T ) ) != 0 ) - goto cleanup; + if ((ret = asn1_get_nonzero_mpi(&p, end, &T)) != 0 || + (ret = mbedtls_mpi_copy(&rsa->DP, &T)) != 0) { + goto cleanup; + } /* Import DQ */ - if( ( ret = asn1_get_nonzero_mpi( &p, end, &T ) ) != 0 || - ( ret = mbedtls_mpi_copy( &rsa->DQ, &T ) ) != 0 ) - goto cleanup; + if ((ret = asn1_get_nonzero_mpi(&p, end, &T)) != 0 || + (ret = mbedtls_mpi_copy(&rsa->DQ, &T)) != 0) { + goto cleanup; + } /* Import QP */ - if( ( ret = asn1_get_nonzero_mpi( &p, end, &T ) ) != 0 || - ( ret = mbedtls_mpi_copy( &rsa->QP, &T ) ) != 0 ) - goto cleanup; + if ((ret = asn1_get_nonzero_mpi(&p, end, &T)) != 0 || + (ret = mbedtls_mpi_copy(&rsa->QP, &T)) != 0) { + goto cleanup; + } #else /* Verify existence of the CRT params */ - if( ( ret = asn1_get_nonzero_mpi( &p, end, &T ) ) != 0 || - ( ret = asn1_get_nonzero_mpi( &p, end, &T ) ) != 0 || - ( ret = asn1_get_nonzero_mpi( &p, end, &T ) ) != 0 ) - goto cleanup; + if ((ret = asn1_get_nonzero_mpi(&p, end, &T)) != 0 || + (ret = asn1_get_nonzero_mpi(&p, end, &T)) != 0 || + (ret = asn1_get_nonzero_mpi(&p, end, &T)) != 0) { + goto cleanup; + } #endif /* rsa_complete() doesn't complete anything with the default @@ -817,34 +845,32 @@ static int pk_parse_key_pkcs1_der( mbedtls_rsa_context *rsa, * Furthermore, we also check the public part for consistency with * mbedtls_pk_parse_pubkey(), as it includes size minima for example. */ - if( ( ret = mbedtls_rsa_complete( rsa ) ) != 0 || - ( ret = mbedtls_rsa_check_pubkey( rsa ) ) != 0 ) - { + if ((ret = mbedtls_rsa_complete(rsa)) != 0 || + (ret = mbedtls_rsa_check_pubkey(rsa)) != 0) { goto cleanup; } - if( p != end ) - { - ret = MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); + if (p != end) { + ret = MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); } cleanup: - mbedtls_mpi_free( &T ); + mbedtls_mpi_free(&T); - if( ret != 0 ) - { + if (ret != 0) { /* Wrap error code if it's coming from a lower level */ - if( ( ret & 0xff80 ) == 0 ) - ret = MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret ); - else + if ((ret & 0xff80) == 0) { + ret = MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret); + } else { ret = MBEDTLS_ERR_PK_KEY_INVALID_FORMAT; + } - mbedtls_rsa_free( rsa ); + mbedtls_rsa_free(rsa); } - return( ret ); + return ret; } #endif /* MBEDTLS_RSA_C */ @@ -852,9 +878,9 @@ cleanup: /* * Parse a SEC1 encoded private EC key */ -static int pk_parse_key_sec1_der( mbedtls_ecp_keypair *eck, - const unsigned char *key, - size_t keylen ) +static int pk_parse_key_sec1_der(mbedtls_ecp_keypair *eck, + const unsigned char *key, + size_t keylen) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; int version, pubkey_done; @@ -874,106 +900,100 @@ static int pk_parse_key_sec1_der( mbedtls_ecp_keypair *eck, * publicKey [1] BIT STRING OPTIONAL * } */ - if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) - { - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret ) ); + if ((ret = mbedtls_asn1_get_tag(&p, end, &len, + MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret); } end = p + len; - if( ( ret = mbedtls_asn1_get_int( &p, end, &version ) ) != 0 ) - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret ) ); + if ((ret = mbedtls_asn1_get_int(&p, end, &version)) != 0) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret); + } - if( version != 1 ) - return( MBEDTLS_ERR_PK_KEY_INVALID_VERSION ); + if (version != 1) { + return MBEDTLS_ERR_PK_KEY_INVALID_VERSION; + } - if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 ) - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret ) ); + if ((ret = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_OCTET_STRING)) != 0) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret); + } - if( ( ret = mbedtls_mpi_read_binary( &eck->d, p, len ) ) != 0 ) - { - mbedtls_ecp_keypair_free( eck ); - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret ) ); + if ((ret = mbedtls_mpi_read_binary(&eck->d, p, len)) != 0) { + mbedtls_ecp_keypair_free(eck); + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret); } p += len; pubkey_done = 0; - if( p != end ) - { + if (p != end) { /* * Is 'parameters' present? */ - if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, - MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 0 ) ) == 0 ) - { - if( ( ret = pk_get_ecparams( &p, p + len, ¶ms) ) != 0 || - ( ret = pk_use_ecparams( ¶ms, &eck->grp ) ) != 0 ) - { - mbedtls_ecp_keypair_free( eck ); - return( ret ); + if ((ret = mbedtls_asn1_get_tag(&p, end, &len, + MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | + 0)) == 0) { + if ((ret = pk_get_ecparams(&p, p + len, ¶ms)) != 0 || + (ret = pk_use_ecparams(¶ms, &eck->grp)) != 0) { + mbedtls_ecp_keypair_free(eck); + return ret; } - } - else if( ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) - { - mbedtls_ecp_keypair_free( eck ); - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret ) ); + } else if (ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) { + mbedtls_ecp_keypair_free(eck); + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret); } } - if( p != end ) - { + if (p != end) { /* * Is 'publickey' present? If not, or if we can't read it (eg because it * is compressed), create it from the private key. */ - if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, - MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 1 ) ) == 0 ) - { + if ((ret = mbedtls_asn1_get_tag(&p, end, &len, + MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | + 1)) == 0) { end2 = p + len; - if( ( ret = mbedtls_asn1_get_bitstring_null( &p, end2, &len ) ) != 0 ) - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret ) ); + if ((ret = mbedtls_asn1_get_bitstring_null(&p, end2, &len)) != 0) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret); + } - if( p + len != end2 ) - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) ); + if (p + len != end2) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); + } - if( ( ret = pk_get_ecpubkey( &p, end2, eck ) ) == 0 ) + if ((ret = pk_get_ecpubkey(&p, end2, eck)) == 0) { pubkey_done = 1; - else - { + } else { /* * The only acceptable failure mode of pk_get_ecpubkey() above * is if the point format is not recognized. */ - if( ret != MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE ) - return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT ); + if (ret != MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE) { + return MBEDTLS_ERR_PK_KEY_INVALID_FORMAT; + } } - } - else if( ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) - { - mbedtls_ecp_keypair_free( eck ); - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret ) ); + } else if (ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) { + mbedtls_ecp_keypair_free(eck); + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret); } } - if( ! pubkey_done && - ( ret = mbedtls_ecp_mul( &eck->grp, &eck->Q, &eck->d, &eck->grp.G, - NULL, NULL ) ) != 0 ) - { - mbedtls_ecp_keypair_free( eck ); - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret ) ); + if (!pubkey_done && + (ret = mbedtls_ecp_mul(&eck->grp, &eck->Q, &eck->d, &eck->grp.G, + NULL, NULL)) != 0) { + mbedtls_ecp_keypair_free(eck); + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret); } - if( ( ret = mbedtls_ecp_check_privkey( &eck->grp, &eck->d ) ) != 0 ) - { - mbedtls_ecp_keypair_free( eck ); - return( ret ); + if ((ret = mbedtls_ecp_check_privkey(&eck->grp, &eck->d)) != 0) { + mbedtls_ecp_keypair_free(eck); + return ret; } - return( 0 ); + return 0; } #endif /* MBEDTLS_ECP_C */ @@ -991,9 +1011,9 @@ static int pk_parse_key_sec1_der( mbedtls_ecp_keypair *eck, * */ static int pk_parse_key_pkcs8_unencrypted_der( - mbedtls_pk_context *pk, - const unsigned char* key, - size_t keylen ) + mbedtls_pk_context *pk, + const unsigned char *key, + size_t keylen) { int ret, version; size_t len; @@ -1019,62 +1039,62 @@ static int pk_parse_key_pkcs8_unencrypted_der( * The PrivateKey OCTET STRING is a SEC1 ECPrivateKey */ - if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) - { - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret ) ); + if ((ret = mbedtls_asn1_get_tag(&p, end, &len, + MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret); } end = p + len; - if( ( ret = mbedtls_asn1_get_int( &p, end, &version ) ) != 0 ) - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret ) ); + if ((ret = mbedtls_asn1_get_int(&p, end, &version)) != 0) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret); + } - if( version != 0 ) - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_VERSION, ret ) ); + if (version != 0) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_VERSION, ret); + } - if( ( ret = pk_get_pk_alg( &p, end, &pk_alg, ¶ms ) ) != 0 ) - { - return( ret ); + if ((ret = pk_get_pk_alg(&p, end, &pk_alg, ¶ms)) != 0) { + return ret; } - if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 ) - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret ) ); + if ((ret = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_OCTET_STRING)) != 0) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret); + } - if( len < 1 ) - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, - MBEDTLS_ERR_ASN1_OUT_OF_DATA ) ); + if (len < 1) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, + MBEDTLS_ERR_ASN1_OUT_OF_DATA); + } - if( ( pk_info = mbedtls_pk_info_from_type( pk_alg ) ) == NULL ) - return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG ); + if ((pk_info = mbedtls_pk_info_from_type(pk_alg)) == NULL) { + return MBEDTLS_ERR_PK_UNKNOWN_PK_ALG; + } - if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 ) - return( ret ); + if ((ret = mbedtls_pk_setup(pk, pk_info)) != 0) { + return ret; + } #if defined(MBEDTLS_RSA_C) - if( pk_alg == MBEDTLS_PK_RSA ) - { - if( ( ret = pk_parse_key_pkcs1_der( mbedtls_pk_rsa( *pk ), p, len ) ) != 0 ) - { - mbedtls_pk_free( pk ); - return( ret ); + if (pk_alg == MBEDTLS_PK_RSA) { + if ((ret = pk_parse_key_pkcs1_der(mbedtls_pk_rsa(*pk), p, len)) != 0) { + mbedtls_pk_free(pk); + return ret; } } else #endif /* MBEDTLS_RSA_C */ #if defined(MBEDTLS_ECP_C) - if( pk_alg == MBEDTLS_PK_ECKEY || pk_alg == MBEDTLS_PK_ECKEY_DH ) - { - if( ( ret = pk_use_ecparams( ¶ms, &mbedtls_pk_ec( *pk )->grp ) ) != 0 || - ( ret = pk_parse_key_sec1_der( mbedtls_pk_ec( *pk ), p, len ) ) != 0 ) - { - mbedtls_pk_free( pk ); - return( ret ); + if (pk_alg == MBEDTLS_PK_ECKEY || pk_alg == MBEDTLS_PK_ECKEY_DH) { + if ((ret = pk_use_ecparams(¶ms, &mbedtls_pk_ec(*pk)->grp)) != 0 || + (ret = pk_parse_key_sec1_der(mbedtls_pk_ec(*pk), p, len)) != 0) { + mbedtls_pk_free(pk); + return ret; } } else #endif /* MBEDTLS_ECP_C */ - return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG ); + return MBEDTLS_ERR_PK_UNKNOWN_PK_ALG; - return( 0 ); + return 0; } /* @@ -1088,9 +1108,9 @@ static int pk_parse_key_pkcs8_unencrypted_der( */ #if defined(MBEDTLS_PKCS12_C) || defined(MBEDTLS_PKCS5_C) static int pk_parse_key_pkcs8_encrypted_der( - mbedtls_pk_context *pk, - unsigned char *key, size_t keylen, - const unsigned char *pwd, size_t pwdlen ) + mbedtls_pk_context *pk, + unsigned char *key, size_t keylen, + const unsigned char *pwd, size_t pwdlen) { int ret, decrypted = 0; size_t len; @@ -1105,8 +1125,9 @@ static int pk_parse_key_pkcs8_encrypted_der( p = key; end = p + keylen; - if( pwdlen == 0 ) - return( MBEDTLS_ERR_PK_PASSWORD_REQUIRED ); + if (pwdlen == 0) { + return MBEDTLS_ERR_PK_PASSWORD_REQUIRED; + } /* * This function parses the EncryptedPrivateKeyInfo object (PKCS#8) @@ -1123,19 +1144,20 @@ static int pk_parse_key_pkcs8_encrypted_der( * The EncryptedData OCTET STRING is a PKCS#8 PrivateKeyInfo * */ - if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) - { - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret ) ); + if ((ret = mbedtls_asn1_get_tag(&p, end, &len, + MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret); } end = p + len; - if( ( ret = mbedtls_asn1_get_alg( &p, end, &pbe_alg_oid, &pbe_params ) ) != 0 ) - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret ) ); + if ((ret = mbedtls_asn1_get_alg(&p, end, &pbe_alg_oid, &pbe_params)) != 0) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret); + } - if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 ) - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret ) ); + if ((ret = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_OCTET_STRING)) != 0) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret); + } buf = p; @@ -1143,73 +1165,68 @@ static int pk_parse_key_pkcs8_encrypted_der( * Decrypt EncryptedData with appropriate PBE */ #if defined(MBEDTLS_PKCS12_C) - if( mbedtls_oid_get_pkcs12_pbe_alg( &pbe_alg_oid, &md_alg, &cipher_alg ) == 0 ) - { - if( ( ret = mbedtls_pkcs12_pbe( &pbe_params, MBEDTLS_PKCS12_PBE_DECRYPT, - cipher_alg, md_alg, - pwd, pwdlen, p, len, buf ) ) != 0 ) - { - if( ret == MBEDTLS_ERR_PKCS12_PASSWORD_MISMATCH ) - return( MBEDTLS_ERR_PK_PASSWORD_MISMATCH ); - - return( ret ); + if (mbedtls_oid_get_pkcs12_pbe_alg(&pbe_alg_oid, &md_alg, &cipher_alg) == 0) { + if ((ret = mbedtls_pkcs12_pbe(&pbe_params, MBEDTLS_PKCS12_PBE_DECRYPT, + cipher_alg, md_alg, + pwd, pwdlen, p, len, buf)) != 0) { + if (ret == MBEDTLS_ERR_PKCS12_PASSWORD_MISMATCH) { + return MBEDTLS_ERR_PK_PASSWORD_MISMATCH; + } + + return ret; } decrypted = 1; - } - else if( MBEDTLS_OID_CMP( MBEDTLS_OID_PKCS12_PBE_SHA1_RC4_128, &pbe_alg_oid ) == 0 ) - { - if( ( ret = mbedtls_pkcs12_pbe_sha1_rc4_128( &pbe_params, - MBEDTLS_PKCS12_PBE_DECRYPT, - pwd, pwdlen, - p, len, buf ) ) != 0 ) - { - return( ret ); + } else if (MBEDTLS_OID_CMP(MBEDTLS_OID_PKCS12_PBE_SHA1_RC4_128, &pbe_alg_oid) == 0) { + if ((ret = mbedtls_pkcs12_pbe_sha1_rc4_128(&pbe_params, + MBEDTLS_PKCS12_PBE_DECRYPT, + pwd, pwdlen, + p, len, buf)) != 0) { + return ret; } // Best guess for password mismatch when using RC4. If first tag is // not MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE // - if( *buf != ( MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) - return( MBEDTLS_ERR_PK_PASSWORD_MISMATCH ); + if (*buf != (MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) { + return MBEDTLS_ERR_PK_PASSWORD_MISMATCH; + } decrypted = 1; - } - else + } else #endif /* MBEDTLS_PKCS12_C */ #if defined(MBEDTLS_PKCS5_C) - if( MBEDTLS_OID_CMP( MBEDTLS_OID_PKCS5_PBES2, &pbe_alg_oid ) == 0 ) - { - if( ( ret = mbedtls_pkcs5_pbes2( &pbe_params, MBEDTLS_PKCS5_DECRYPT, pwd, pwdlen, - p, len, buf ) ) != 0 ) - { - if( ret == MBEDTLS_ERR_PKCS5_PASSWORD_MISMATCH ) - return( MBEDTLS_ERR_PK_PASSWORD_MISMATCH ); + if (MBEDTLS_OID_CMP(MBEDTLS_OID_PKCS5_PBES2, &pbe_alg_oid) == 0) { + if ((ret = mbedtls_pkcs5_pbes2(&pbe_params, MBEDTLS_PKCS5_DECRYPT, pwd, pwdlen, + p, len, buf)) != 0) { + if (ret == MBEDTLS_ERR_PKCS5_PASSWORD_MISMATCH) { + return MBEDTLS_ERR_PK_PASSWORD_MISMATCH; + } - return( ret ); + return ret; } decrypted = 1; - } - else + } else #endif /* MBEDTLS_PKCS5_C */ { ((void) pwd); } - if( decrypted == 0 ) - return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE ); + if (decrypted == 0) { + return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE; + } - return( pk_parse_key_pkcs8_unencrypted_der( pk, buf, len ) ); + return pk_parse_key_pkcs8_unencrypted_der(pk, buf, len); } #endif /* MBEDTLS_PKCS12_C || MBEDTLS_PKCS5_C */ /* * Parse a private key */ -int mbedtls_pk_parse_key( mbedtls_pk_context *pk, - const unsigned char *key, size_t keylen, - const unsigned char *pwd, size_t pwdlen ) +int mbedtls_pk_parse_key(mbedtls_pk_context *pk, + const unsigned char *key, size_t keylen, + const unsigned char *pwd, size_t pwdlen) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; const mbedtls_pk_info_t *pk_info; @@ -1218,121 +1235,118 @@ int mbedtls_pk_parse_key( mbedtls_pk_context *pk, mbedtls_pem_context pem; #endif - PK_VALIDATE_RET( pk != NULL ); - if( keylen == 0 ) - return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT ); - PK_VALIDATE_RET( key != NULL ); + PK_VALIDATE_RET(pk != NULL); + if (keylen == 0) { + return MBEDTLS_ERR_PK_KEY_INVALID_FORMAT; + } + PK_VALIDATE_RET(key != NULL); #if defined(MBEDTLS_PEM_PARSE_C) - mbedtls_pem_init( &pem ); + mbedtls_pem_init(&pem); #if defined(MBEDTLS_RSA_C) /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */ - if( key[keylen - 1] != '\0' ) + if (key[keylen - 1] != '\0') { ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT; - else - ret = mbedtls_pem_read_buffer( &pem, - "-----BEGIN RSA PRIVATE KEY-----", - "-----END RSA PRIVATE KEY-----", - key, pwd, pwdlen, &len ); + } else { + ret = mbedtls_pem_read_buffer(&pem, + "-----BEGIN RSA PRIVATE KEY-----", + "-----END RSA PRIVATE KEY-----", + key, pwd, pwdlen, &len); + } - if( ret == 0 ) - { - pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ); - if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 || - ( ret = pk_parse_key_pkcs1_der( mbedtls_pk_rsa( *pk ), - pem.buf, pem.buflen ) ) != 0 ) - { - mbedtls_pk_free( pk ); + if (ret == 0) { + pk_info = mbedtls_pk_info_from_type(MBEDTLS_PK_RSA); + if ((ret = mbedtls_pk_setup(pk, pk_info)) != 0 || + (ret = pk_parse_key_pkcs1_der(mbedtls_pk_rsa(*pk), + pem.buf, pem.buflen)) != 0) { + mbedtls_pk_free(pk); } - mbedtls_pem_free( &pem ); - return( ret ); + mbedtls_pem_free(&pem); + return ret; + } else if (ret == MBEDTLS_ERR_PEM_PASSWORD_MISMATCH) { + return MBEDTLS_ERR_PK_PASSWORD_MISMATCH; + } else if (ret == MBEDTLS_ERR_PEM_PASSWORD_REQUIRED) { + return MBEDTLS_ERR_PK_PASSWORD_REQUIRED; + } else if (ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT) { + return ret; } - else if( ret == MBEDTLS_ERR_PEM_PASSWORD_MISMATCH ) - return( MBEDTLS_ERR_PK_PASSWORD_MISMATCH ); - else if( ret == MBEDTLS_ERR_PEM_PASSWORD_REQUIRED ) - return( MBEDTLS_ERR_PK_PASSWORD_REQUIRED ); - else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT ) - return( ret ); #endif /* MBEDTLS_RSA_C */ #if defined(MBEDTLS_ECP_C) /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */ - if( key[keylen - 1] != '\0' ) + if (key[keylen - 1] != '\0') { ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT; - else - ret = mbedtls_pem_read_buffer( &pem, - "-----BEGIN EC PRIVATE KEY-----", - "-----END EC PRIVATE KEY-----", - key, pwd, pwdlen, &len ); - if( ret == 0 ) - { - pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_ECKEY ); + } else { + ret = mbedtls_pem_read_buffer(&pem, + "-----BEGIN EC PRIVATE KEY-----", + "-----END EC PRIVATE KEY-----", + key, pwd, pwdlen, &len); + } + if (ret == 0) { + pk_info = mbedtls_pk_info_from_type(MBEDTLS_PK_ECKEY); - if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 || - ( ret = pk_parse_key_sec1_der( mbedtls_pk_ec( *pk ), - pem.buf, pem.buflen ) ) != 0 ) - { - mbedtls_pk_free( pk ); + if ((ret = mbedtls_pk_setup(pk, pk_info)) != 0 || + (ret = pk_parse_key_sec1_der(mbedtls_pk_ec(*pk), + pem.buf, pem.buflen)) != 0) { + mbedtls_pk_free(pk); } - mbedtls_pem_free( &pem ); - return( ret ); + mbedtls_pem_free(&pem); + return ret; + } else if (ret == MBEDTLS_ERR_PEM_PASSWORD_MISMATCH) { + return MBEDTLS_ERR_PK_PASSWORD_MISMATCH; + } else if (ret == MBEDTLS_ERR_PEM_PASSWORD_REQUIRED) { + return MBEDTLS_ERR_PK_PASSWORD_REQUIRED; + } else if (ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT) { + return ret; } - else if( ret == MBEDTLS_ERR_PEM_PASSWORD_MISMATCH ) - return( MBEDTLS_ERR_PK_PASSWORD_MISMATCH ); - else if( ret == MBEDTLS_ERR_PEM_PASSWORD_REQUIRED ) - return( MBEDTLS_ERR_PK_PASSWORD_REQUIRED ); - else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT ) - return( ret ); #endif /* MBEDTLS_ECP_C */ /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */ - if( key[keylen - 1] != '\0' ) + if (key[keylen - 1] != '\0') { ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT; - else - ret = mbedtls_pem_read_buffer( &pem, - "-----BEGIN PRIVATE KEY-----", - "-----END PRIVATE KEY-----", - key, NULL, 0, &len ); - if( ret == 0 ) - { - if( ( ret = pk_parse_key_pkcs8_unencrypted_der( pk, - pem.buf, pem.buflen ) ) != 0 ) - { - mbedtls_pk_free( pk ); + } else { + ret = mbedtls_pem_read_buffer(&pem, + "-----BEGIN PRIVATE KEY-----", + "-----END PRIVATE KEY-----", + key, NULL, 0, &len); + } + if (ret == 0) { + if ((ret = pk_parse_key_pkcs8_unencrypted_der(pk, + pem.buf, pem.buflen)) != 0) { + mbedtls_pk_free(pk); } - mbedtls_pem_free( &pem ); - return( ret ); + mbedtls_pem_free(&pem); + return ret; + } else if (ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT) { + return ret; } - else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT ) - return( ret ); #if defined(MBEDTLS_PKCS12_C) || defined(MBEDTLS_PKCS5_C) /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */ - if( key[keylen - 1] != '\0' ) + if (key[keylen - 1] != '\0') { ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT; - else - ret = mbedtls_pem_read_buffer( &pem, - "-----BEGIN ENCRYPTED PRIVATE KEY-----", - "-----END ENCRYPTED PRIVATE KEY-----", - key, NULL, 0, &len ); - if( ret == 0 ) - { - if( ( ret = pk_parse_key_pkcs8_encrypted_der( pk, - pem.buf, pem.buflen, - pwd, pwdlen ) ) != 0 ) - { - mbedtls_pk_free( pk ); + } else { + ret = mbedtls_pem_read_buffer(&pem, + "-----BEGIN ENCRYPTED PRIVATE KEY-----", + "-----END ENCRYPTED PRIVATE KEY-----", + key, NULL, 0, &len); + } + if (ret == 0) { + if ((ret = pk_parse_key_pkcs8_encrypted_der(pk, + pem.buf, pem.buflen, + pwd, pwdlen)) != 0) { + mbedtls_pk_free(pk); } - mbedtls_pem_free( &pem ); - return( ret ); + mbedtls_pem_free(&pem); + return ret; + } else if (ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT) { + return ret; } - else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT ) - return( ret ); #endif /* MBEDTLS_PKCS12_C || MBEDTLS_PKCS5_C */ #else ((void) pwd); @@ -1350,61 +1364,59 @@ int mbedtls_pk_parse_key( mbedtls_pk_context *pk, { unsigned char *key_copy; - if( ( key_copy = mbedtls_calloc( 1, keylen ) ) == NULL ) - return( MBEDTLS_ERR_PK_ALLOC_FAILED ); + if ((key_copy = mbedtls_calloc(1, keylen)) == NULL) { + return MBEDTLS_ERR_PK_ALLOC_FAILED; + } - memcpy( key_copy, key, keylen ); + memcpy(key_copy, key, keylen); - ret = pk_parse_key_pkcs8_encrypted_der( pk, key_copy, keylen, - pwd, pwdlen ); + ret = pk_parse_key_pkcs8_encrypted_der(pk, key_copy, keylen, + pwd, pwdlen); - mbedtls_platform_zeroize( key_copy, keylen ); - mbedtls_free( key_copy ); + mbedtls_platform_zeroize(key_copy, keylen); + mbedtls_free(key_copy); } - if( ret == 0 ) - return( 0 ); + if (ret == 0) { + return 0; + } - mbedtls_pk_free( pk ); - mbedtls_pk_init( pk ); + mbedtls_pk_free(pk); + mbedtls_pk_init(pk); - if( ret == MBEDTLS_ERR_PK_PASSWORD_MISMATCH ) - { - return( ret ); + if (ret == MBEDTLS_ERR_PK_PASSWORD_MISMATCH) { + return ret; } #endif /* MBEDTLS_PKCS12_C || MBEDTLS_PKCS5_C */ - ret = pk_parse_key_pkcs8_unencrypted_der( pk, key, keylen ); - if( ret == 0 ) - { - return( 0 ); + ret = pk_parse_key_pkcs8_unencrypted_der(pk, key, keylen); + if (ret == 0) { + return 0; } - mbedtls_pk_free( pk ); - mbedtls_pk_init( pk ); + mbedtls_pk_free(pk); + mbedtls_pk_init(pk); #if defined(MBEDTLS_RSA_C) - pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ); - if( mbedtls_pk_setup( pk, pk_info ) == 0 && - pk_parse_key_pkcs1_der( mbedtls_pk_rsa( *pk ), key, keylen ) == 0 ) - { - return( 0 ); + pk_info = mbedtls_pk_info_from_type(MBEDTLS_PK_RSA); + if (mbedtls_pk_setup(pk, pk_info) == 0 && + pk_parse_key_pkcs1_der(mbedtls_pk_rsa(*pk), key, keylen) == 0) { + return 0; } - mbedtls_pk_free( pk ); - mbedtls_pk_init( pk ); + mbedtls_pk_free(pk); + mbedtls_pk_init(pk); #endif /* MBEDTLS_RSA_C */ #if defined(MBEDTLS_ECP_C) - pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_ECKEY ); - if( mbedtls_pk_setup( pk, pk_info ) == 0 && - pk_parse_key_sec1_der( mbedtls_pk_ec( *pk ), - key, keylen ) == 0 ) - { - return( 0 ); + pk_info = mbedtls_pk_info_from_type(MBEDTLS_PK_ECKEY); + if (mbedtls_pk_setup(pk, pk_info) == 0 && + pk_parse_key_sec1_der(mbedtls_pk_ec(*pk), + key, keylen) == 0) { + return 0; } - mbedtls_pk_free( pk ); + mbedtls_pk_free(pk); #endif /* MBEDTLS_ECP_C */ /* If MBEDTLS_RSA_C is defined but MBEDTLS_ECP_C isn't, @@ -1417,14 +1429,14 @@ int mbedtls_pk_parse_key( mbedtls_pk_context *pk, * also ok and in line with the mbedtls_pk_free() calls * on failed PEM parsing attempts. */ - return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT ); + return MBEDTLS_ERR_PK_KEY_INVALID_FORMAT; } /* * Parse a public key */ -int mbedtls_pk_parse_public_key( mbedtls_pk_context *ctx, - const unsigned char *key, size_t keylen ) +int mbedtls_pk_parse_public_key(mbedtls_pk_context *ctx, + const unsigned char *key, size_t keylen) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char *p; @@ -1436,104 +1448,100 @@ int mbedtls_pk_parse_public_key( mbedtls_pk_context *ctx, mbedtls_pem_context pem; #endif - PK_VALIDATE_RET( ctx != NULL ); - if( keylen == 0 ) - return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT ); - PK_VALIDATE_RET( key != NULL || keylen == 0 ); + PK_VALIDATE_RET(ctx != NULL); + if (keylen == 0) { + return MBEDTLS_ERR_PK_KEY_INVALID_FORMAT; + } + PK_VALIDATE_RET(key != NULL || keylen == 0); #if defined(MBEDTLS_PEM_PARSE_C) - mbedtls_pem_init( &pem ); + mbedtls_pem_init(&pem); #if defined(MBEDTLS_RSA_C) /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */ - if( key[keylen - 1] != '\0' ) + if (key[keylen - 1] != '\0') { ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT; - else - ret = mbedtls_pem_read_buffer( &pem, - "-----BEGIN RSA PUBLIC KEY-----", - "-----END RSA PUBLIC KEY-----", - key, NULL, 0, &len ); + } else { + ret = mbedtls_pem_read_buffer(&pem, + "-----BEGIN RSA PUBLIC KEY-----", + "-----END RSA PUBLIC KEY-----", + key, NULL, 0, &len); + } - if( ret == 0 ) - { + if (ret == 0) { p = pem.buf; - if( ( pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ) ) == NULL ) - { - mbedtls_pem_free( &pem ); - return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG ); + if ((pk_info = mbedtls_pk_info_from_type(MBEDTLS_PK_RSA)) == NULL) { + mbedtls_pem_free(&pem); + return MBEDTLS_ERR_PK_UNKNOWN_PK_ALG; } - if( ( ret = mbedtls_pk_setup( ctx, pk_info ) ) != 0 ) - { - mbedtls_pem_free( &pem ); - return( ret ); + if ((ret = mbedtls_pk_setup(ctx, pk_info)) != 0) { + mbedtls_pem_free(&pem); + return ret; } - if ( ( ret = pk_get_rsapubkey( &p, p + pem.buflen, mbedtls_pk_rsa( *ctx ) ) ) != 0 ) - mbedtls_pk_free( ctx ); + if ((ret = pk_get_rsapubkey(&p, p + pem.buflen, mbedtls_pk_rsa(*ctx))) != 0) { + mbedtls_pk_free(ctx); + } - mbedtls_pem_free( &pem ); - return( ret ); - } - else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT ) - { - mbedtls_pem_free( &pem ); - return( ret ); + mbedtls_pem_free(&pem); + return ret; + } else if (ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT) { + mbedtls_pem_free(&pem); + return ret; } #endif /* MBEDTLS_RSA_C */ /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */ - if( key[keylen - 1] != '\0' ) + if (key[keylen - 1] != '\0') { ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT; - else - ret = mbedtls_pem_read_buffer( &pem, - "-----BEGIN PUBLIC KEY-----", - "-----END PUBLIC KEY-----", - key, NULL, 0, &len ); + } else { + ret = mbedtls_pem_read_buffer(&pem, + "-----BEGIN PUBLIC KEY-----", + "-----END PUBLIC KEY-----", + key, NULL, 0, &len); + } - if( ret == 0 ) - { + if (ret == 0) { /* * Was PEM encoded */ p = pem.buf; - ret = mbedtls_pk_parse_subpubkey( &p, p + pem.buflen, ctx ); - mbedtls_pem_free( &pem ); - return( ret ); + ret = mbedtls_pk_parse_subpubkey(&p, p + pem.buflen, ctx); + mbedtls_pem_free(&pem); + return ret; + } else if (ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT) { + mbedtls_pem_free(&pem); + return ret; } - else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT ) - { - mbedtls_pem_free( &pem ); - return( ret ); - } - mbedtls_pem_free( &pem ); + mbedtls_pem_free(&pem); #endif /* MBEDTLS_PEM_PARSE_C */ #if defined(MBEDTLS_RSA_C) - if( ( pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ) ) == NULL ) - return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG ); + if ((pk_info = mbedtls_pk_info_from_type(MBEDTLS_PK_RSA)) == NULL) { + return MBEDTLS_ERR_PK_UNKNOWN_PK_ALG; + } - if( ( ret = mbedtls_pk_setup( ctx, pk_info ) ) != 0 ) - return( ret ); + if ((ret = mbedtls_pk_setup(ctx, pk_info)) != 0) { + return ret; + } - p = (unsigned char *)key; - ret = pk_get_rsapubkey( &p, p + keylen, mbedtls_pk_rsa( *ctx ) ); - if( ret == 0 ) - { - return( ret ); + p = (unsigned char *) key; + ret = pk_get_rsapubkey(&p, p + keylen, mbedtls_pk_rsa(*ctx)); + if (ret == 0) { + return ret; } - mbedtls_pk_free( ctx ); - if( ret != ( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_INVALID_PUBKEY, - MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) ) ) - { - return( ret ); + mbedtls_pk_free(ctx); + if (ret != (MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_INVALID_PUBKEY, + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG))) { + return ret; } #endif /* MBEDTLS_RSA_C */ p = (unsigned char *) key; - ret = mbedtls_pk_parse_subpubkey( &p, p + keylen, ctx ); + ret = mbedtls_pk_parse_subpubkey(&p, p + keylen, ctx); - return( ret ); + return ret; } #endif /* MBEDTLS_PK_PARSE_C */ diff --git a/thirdparty/mbedtls/library/pkwrite.c b/thirdparty/mbedtls/library/pkwrite.c index c1ce0e3f02..0107f20b1d 100644 --- a/thirdparty/mbedtls/library/pkwrite.c +++ b/thirdparty/mbedtls/library/pkwrite.c @@ -51,10 +51,10 @@ #include "mbedtls/platform.h" /* Parameter validation macros based on platform_util.h */ -#define PK_VALIDATE_RET( cond ) \ - MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_PK_BAD_INPUT_DATA ) -#define PK_VALIDATE( cond ) \ - MBEDTLS_INTERNAL_VALIDATE( cond ) +#define PK_VALIDATE_RET(cond) \ + MBEDTLS_INTERNAL_VALIDATE_RET(cond, MBEDTLS_ERR_PK_BAD_INPUT_DATA) +#define PK_VALIDATE(cond) \ + MBEDTLS_INTERNAL_VALIDATE(cond) #if defined(MBEDTLS_RSA_C) /* @@ -63,38 +63,41 @@ * publicExponent INTEGER -- e * } */ -static int pk_write_rsa_pubkey( unsigned char **p, unsigned char *start, - mbedtls_rsa_context *rsa ) +static int pk_write_rsa_pubkey(unsigned char **p, unsigned char *start, + mbedtls_rsa_context *rsa) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len = 0; mbedtls_mpi T; - mbedtls_mpi_init( &T ); + mbedtls_mpi_init(&T); /* Export E */ - if ( ( ret = mbedtls_rsa_export( rsa, NULL, NULL, NULL, NULL, &T ) ) != 0 || - ( ret = mbedtls_asn1_write_mpi( p, start, &T ) ) < 0 ) + if ((ret = mbedtls_rsa_export(rsa, NULL, NULL, NULL, NULL, &T)) != 0 || + (ret = mbedtls_asn1_write_mpi(p, start, &T)) < 0) { goto end_of_export; + } len += ret; /* Export N */ - if ( ( ret = mbedtls_rsa_export( rsa, &T, NULL, NULL, NULL, NULL ) ) != 0 || - ( ret = mbedtls_asn1_write_mpi( p, start, &T ) ) < 0 ) + if ((ret = mbedtls_rsa_export(rsa, &T, NULL, NULL, NULL, NULL)) != 0 || + (ret = mbedtls_asn1_write_mpi(p, start, &T)) < 0) { goto end_of_export; + } len += ret; end_of_export: - mbedtls_mpi_free( &T ); - if( ret < 0 ) - return( ret ); + mbedtls_mpi_free(&T); + if (ret < 0) { + return ret; + } - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) ); - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start, MBEDTLS_ASN1_CONSTRUCTED | - MBEDTLS_ASN1_SEQUENCE ) ); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, len)); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start, MBEDTLS_ASN1_CONSTRUCTED | + MBEDTLS_ASN1_SEQUENCE)); - return( (int) len ); + return (int) len; } #endif /* MBEDTLS_RSA_C */ @@ -102,27 +105,27 @@ end_of_export: /* * EC public key is an EC point */ -static int pk_write_ec_pubkey( unsigned char **p, unsigned char *start, - mbedtls_ecp_keypair *ec ) +static int pk_write_ec_pubkey(unsigned char **p, unsigned char *start, + mbedtls_ecp_keypair *ec) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len = 0; unsigned char buf[MBEDTLS_ECP_MAX_PT_LEN]; - if( ( ret = mbedtls_ecp_point_write_binary( &ec->grp, &ec->Q, - MBEDTLS_ECP_PF_UNCOMPRESSED, - &len, buf, sizeof( buf ) ) ) != 0 ) - { - return( ret ); + if ((ret = mbedtls_ecp_point_write_binary(&ec->grp, &ec->Q, + MBEDTLS_ECP_PF_UNCOMPRESSED, + &len, buf, sizeof(buf))) != 0) { + return ret; } - if( *p < start || (size_t)( *p - start ) < len ) - return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL ); + if (*p < start || (size_t) (*p - start) < len) { + return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL; + } *p -= len; - memcpy( *p, buf, len ); + memcpy(*p, buf, len); - return( (int) len ); + return (int) len; } /* @@ -130,93 +133,91 @@ static int pk_write_ec_pubkey( unsigned char **p, unsigned char *start, * namedCurve OBJECT IDENTIFIER * } */ -static int pk_write_ec_param( unsigned char **p, unsigned char *start, - mbedtls_ecp_keypair *ec ) +static int pk_write_ec_param(unsigned char **p, unsigned char *start, + mbedtls_ecp_keypair *ec) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len = 0; const char *oid; size_t oid_len; - if( ( ret = mbedtls_oid_get_oid_by_ec_grp( ec->grp.id, &oid, &oid_len ) ) != 0 ) - return( ret ); + if ((ret = mbedtls_oid_get_oid_by_ec_grp(ec->grp.id, &oid, &oid_len)) != 0) { + return ret; + } - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_oid( p, start, oid, oid_len ) ); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_oid(p, start, oid, oid_len)); - return( (int) len ); + return (int) len; } /* * privateKey OCTET STRING -- always of length ceil(log2(n)/8) */ -static int pk_write_ec_private( unsigned char **p, unsigned char *start, - mbedtls_ecp_keypair *ec ) +static int pk_write_ec_private(unsigned char **p, unsigned char *start, + mbedtls_ecp_keypair *ec) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t byte_length = ( ec->grp.pbits + 7 ) / 8; + size_t byte_length = (ec->grp.pbits + 7) / 8; unsigned char tmp[MBEDTLS_ECP_MAX_BYTES]; - ret = mbedtls_ecp_write_key( ec, tmp, byte_length ); - if( ret != 0 ) + ret = mbedtls_ecp_write_key(ec, tmp, byte_length); + if (ret != 0) { goto exit; - ret = mbedtls_asn1_write_octet_string( p, start, tmp, byte_length ); + } + ret = mbedtls_asn1_write_octet_string(p, start, tmp, byte_length); exit: - mbedtls_platform_zeroize( tmp, byte_length ); - return( ret ); + mbedtls_platform_zeroize(tmp, byte_length); + return ret; } #endif /* MBEDTLS_ECP_C */ -int mbedtls_pk_write_pubkey( unsigned char **p, unsigned char *start, - const mbedtls_pk_context *key ) +int mbedtls_pk_write_pubkey(unsigned char **p, unsigned char *start, + const mbedtls_pk_context *key) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len = 0; - PK_VALIDATE_RET( p != NULL ); - PK_VALIDATE_RET( *p != NULL ); - PK_VALIDATE_RET( start != NULL ); - PK_VALIDATE_RET( key != NULL ); + PK_VALIDATE_RET(p != NULL); + PK_VALIDATE_RET(*p != NULL); + PK_VALIDATE_RET(start != NULL); + PK_VALIDATE_RET(key != NULL); #if defined(MBEDTLS_RSA_C) - if( mbedtls_pk_get_type( key ) == MBEDTLS_PK_RSA ) - MBEDTLS_ASN1_CHK_ADD( len, pk_write_rsa_pubkey( p, start, mbedtls_pk_rsa( *key ) ) ); - else + if (mbedtls_pk_get_type(key) == MBEDTLS_PK_RSA) { + MBEDTLS_ASN1_CHK_ADD(len, pk_write_rsa_pubkey(p, start, mbedtls_pk_rsa(*key))); + } else #endif #if defined(MBEDTLS_ECP_C) - if( mbedtls_pk_get_type( key ) == MBEDTLS_PK_ECKEY ) - MBEDTLS_ASN1_CHK_ADD( len, pk_write_ec_pubkey( p, start, mbedtls_pk_ec( *key ) ) ); - else + if (mbedtls_pk_get_type(key) == MBEDTLS_PK_ECKEY) { + MBEDTLS_ASN1_CHK_ADD(len, pk_write_ec_pubkey(p, start, mbedtls_pk_ec(*key))); + } else #endif #if defined(MBEDTLS_USE_PSA_CRYPTO) - if( mbedtls_pk_get_type( key ) == MBEDTLS_PK_OPAQUE ) - { + if (mbedtls_pk_get_type(key) == MBEDTLS_PK_OPAQUE) { size_t buffer_size; - psa_key_id_t* key_id = (psa_key_id_t*) key->pk_ctx; + psa_key_id_t *key_id = (psa_key_id_t *) key->pk_ctx; - if ( *p < start ) - return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); - - buffer_size = (size_t)( *p - start ); - if ( psa_export_public_key( *key_id, start, buffer_size, &len ) - != PSA_SUCCESS ) - { - return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); + if (*p < start) { + return MBEDTLS_ERR_PK_BAD_INPUT_DATA; } - else - { + + buffer_size = (size_t) (*p - start); + if (psa_export_public_key(*key_id, start, buffer_size, &len) + != PSA_SUCCESS) { + return MBEDTLS_ERR_PK_BAD_INPUT_DATA; + } else { *p -= len; - memmove( *p, start, len ); + memmove(*p, start, len); } - } - else + } else #endif /* MBEDTLS_USE_PSA_CRYPTO */ - return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE ); + return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE; - return( (int) len ); + return (int) len; } -int mbedtls_pk_write_pubkey_der( mbedtls_pk_context *key, unsigned char *buf, size_t size ) +int mbedtls_pk_write_pubkey_der(mbedtls_pk_context *key, unsigned char *buf, size_t size) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char *c; @@ -224,17 +225,19 @@ int mbedtls_pk_write_pubkey_der( mbedtls_pk_context *key, unsigned char *buf, si mbedtls_pk_type_t pk_type; const char *oid; - PK_VALIDATE_RET( key != NULL ); - if( size == 0 ) - return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL ); - PK_VALIDATE_RET( buf != NULL ); + PK_VALIDATE_RET(key != NULL); + if (size == 0) { + return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL; + } + PK_VALIDATE_RET(buf != NULL); c = buf + size; - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_pk_write_pubkey( &c, buf, key ) ); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_pk_write_pubkey(&c, buf, key)); - if( c - buf < 1 ) - return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL ); + if (c - buf < 1) { + return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL; + } /* * SubjectPublicKeyInfo ::= SEQUENCE { @@ -244,162 +247,169 @@ int mbedtls_pk_write_pubkey_der( mbedtls_pk_context *key, unsigned char *buf, si *--c = 0; len += 1; - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) ); - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, buf, MBEDTLS_ASN1_BIT_STRING ) ); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&c, buf, len)); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(&c, buf, MBEDTLS_ASN1_BIT_STRING)); - pk_type = mbedtls_pk_get_type( key ); + pk_type = mbedtls_pk_get_type(key); #if defined(MBEDTLS_ECP_C) - if( pk_type == MBEDTLS_PK_ECKEY ) - { - MBEDTLS_ASN1_CHK_ADD( par_len, pk_write_ec_param( &c, buf, mbedtls_pk_ec( *key ) ) ); + if (pk_type == MBEDTLS_PK_ECKEY) { + MBEDTLS_ASN1_CHK_ADD(par_len, pk_write_ec_param(&c, buf, mbedtls_pk_ec(*key))); } #endif #if defined(MBEDTLS_USE_PSA_CRYPTO) - if( pk_type == MBEDTLS_PK_OPAQUE ) - { + if (pk_type == MBEDTLS_PK_OPAQUE) { psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_key_type_t key_type; psa_key_id_t key_id; psa_ecc_family_t curve; size_t bits; - key_id = *((psa_key_id_t*) key->pk_ctx ); - if( PSA_SUCCESS != psa_get_key_attributes( key_id, &attributes ) ) - return( MBEDTLS_ERR_PK_HW_ACCEL_FAILED ); - key_type = psa_get_key_type( &attributes ); - bits = psa_get_key_bits( &attributes ); - psa_reset_key_attributes( &attributes ); + key_id = *((psa_key_id_t *) key->pk_ctx); + if (PSA_SUCCESS != psa_get_key_attributes(key_id, &attributes)) { + return MBEDTLS_ERR_PK_HW_ACCEL_FAILED; + } + key_type = psa_get_key_type(&attributes); + bits = psa_get_key_bits(&attributes); + psa_reset_key_attributes(&attributes); - curve = PSA_KEY_TYPE_ECC_GET_FAMILY( key_type ); - if( curve == 0 ) - return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE ); + curve = PSA_KEY_TYPE_ECC_GET_FAMILY(key_type); + if (curve == 0) { + return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE; + } - ret = mbedtls_psa_get_ecc_oid_from_id( curve, bits, &oid, &oid_len ); - if( ret != 0 ) - return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE ); + ret = mbedtls_psa_get_ecc_oid_from_id(curve, bits, &oid, &oid_len); + if (ret != 0) { + return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE; + } /* Write EC algorithm parameters; that's akin * to pk_write_ec_param() above. */ - MBEDTLS_ASN1_CHK_ADD( par_len, mbedtls_asn1_write_oid( &c, buf, - oid, oid_len ) ); + MBEDTLS_ASN1_CHK_ADD(par_len, mbedtls_asn1_write_oid(&c, buf, + oid, oid_len)); /* The rest of the function works as for legacy EC contexts. */ pk_type = MBEDTLS_PK_ECKEY; } #endif /* MBEDTLS_USE_PSA_CRYPTO */ - if( ( ret = mbedtls_oid_get_oid_by_pk_alg( pk_type, &oid, - &oid_len ) ) != 0 ) - { - return( ret ); + if ((ret = mbedtls_oid_get_oid_by_pk_alg(pk_type, &oid, + &oid_len)) != 0) { + return ret; } - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_algorithm_identifier( &c, buf, oid, oid_len, - par_len ) ); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_algorithm_identifier(&c, buf, oid, oid_len, + par_len)); - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) ); - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, buf, MBEDTLS_ASN1_CONSTRUCTED | - MBEDTLS_ASN1_SEQUENCE ) ); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&c, buf, len)); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(&c, buf, MBEDTLS_ASN1_CONSTRUCTED | + MBEDTLS_ASN1_SEQUENCE)); - return( (int) len ); + return (int) len; } -int mbedtls_pk_write_key_der( mbedtls_pk_context *key, unsigned char *buf, size_t size ) +int mbedtls_pk_write_key_der(mbedtls_pk_context *key, unsigned char *buf, size_t size) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char *c; size_t len = 0; - PK_VALIDATE_RET( key != NULL ); - if( size == 0 ) - return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL ); - PK_VALIDATE_RET( buf != NULL ); + PK_VALIDATE_RET(key != NULL); + if (size == 0) { + return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL; + } + PK_VALIDATE_RET(buf != NULL); c = buf + size; #if defined(MBEDTLS_RSA_C) - if( mbedtls_pk_get_type( key ) == MBEDTLS_PK_RSA ) - { + if (mbedtls_pk_get_type(key) == MBEDTLS_PK_RSA) { mbedtls_mpi T; /* Temporary holding the exported parameters */ - mbedtls_rsa_context *rsa = mbedtls_pk_rsa( *key ); + mbedtls_rsa_context *rsa = mbedtls_pk_rsa(*key); /* * Export the parameters one after another to avoid simultaneous copies. */ - mbedtls_mpi_init( &T ); + mbedtls_mpi_init(&T); /* Export QP */ - if( ( ret = mbedtls_rsa_export_crt( rsa, NULL, NULL, &T ) ) != 0 || - ( ret = mbedtls_asn1_write_mpi( &c, buf, &T ) ) < 0 ) + if ((ret = mbedtls_rsa_export_crt(rsa, NULL, NULL, &T)) != 0 || + (ret = mbedtls_asn1_write_mpi(&c, buf, &T)) < 0) { goto end_of_export; + } len += ret; /* Export DQ */ - if( ( ret = mbedtls_rsa_export_crt( rsa, NULL, &T, NULL ) ) != 0 || - ( ret = mbedtls_asn1_write_mpi( &c, buf, &T ) ) < 0 ) + if ((ret = mbedtls_rsa_export_crt(rsa, NULL, &T, NULL)) != 0 || + (ret = mbedtls_asn1_write_mpi(&c, buf, &T)) < 0) { goto end_of_export; + } len += ret; /* Export DP */ - if( ( ret = mbedtls_rsa_export_crt( rsa, &T, NULL, NULL ) ) != 0 || - ( ret = mbedtls_asn1_write_mpi( &c, buf, &T ) ) < 0 ) + if ((ret = mbedtls_rsa_export_crt(rsa, &T, NULL, NULL)) != 0 || + (ret = mbedtls_asn1_write_mpi(&c, buf, &T)) < 0) { goto end_of_export; + } len += ret; /* Export Q */ - if ( ( ret = mbedtls_rsa_export( rsa, NULL, NULL, - &T, NULL, NULL ) ) != 0 || - ( ret = mbedtls_asn1_write_mpi( &c, buf, &T ) ) < 0 ) + if ((ret = mbedtls_rsa_export(rsa, NULL, NULL, + &T, NULL, NULL)) != 0 || + (ret = mbedtls_asn1_write_mpi(&c, buf, &T)) < 0) { goto end_of_export; + } len += ret; /* Export P */ - if ( ( ret = mbedtls_rsa_export( rsa, NULL, &T, - NULL, NULL, NULL ) ) != 0 || - ( ret = mbedtls_asn1_write_mpi( &c, buf, &T ) ) < 0 ) + if ((ret = mbedtls_rsa_export(rsa, NULL, &T, + NULL, NULL, NULL)) != 0 || + (ret = mbedtls_asn1_write_mpi(&c, buf, &T)) < 0) { goto end_of_export; + } len += ret; /* Export D */ - if ( ( ret = mbedtls_rsa_export( rsa, NULL, NULL, - NULL, &T, NULL ) ) != 0 || - ( ret = mbedtls_asn1_write_mpi( &c, buf, &T ) ) < 0 ) + if ((ret = mbedtls_rsa_export(rsa, NULL, NULL, + NULL, &T, NULL)) != 0 || + (ret = mbedtls_asn1_write_mpi(&c, buf, &T)) < 0) { goto end_of_export; + } len += ret; /* Export E */ - if ( ( ret = mbedtls_rsa_export( rsa, NULL, NULL, - NULL, NULL, &T ) ) != 0 || - ( ret = mbedtls_asn1_write_mpi( &c, buf, &T ) ) < 0 ) + if ((ret = mbedtls_rsa_export(rsa, NULL, NULL, + NULL, NULL, &T)) != 0 || + (ret = mbedtls_asn1_write_mpi(&c, buf, &T)) < 0) { goto end_of_export; + } len += ret; /* Export N */ - if ( ( ret = mbedtls_rsa_export( rsa, &T, NULL, - NULL, NULL, NULL ) ) != 0 || - ( ret = mbedtls_asn1_write_mpi( &c, buf, &T ) ) < 0 ) + if ((ret = mbedtls_rsa_export(rsa, &T, NULL, + NULL, NULL, NULL)) != 0 || + (ret = mbedtls_asn1_write_mpi(&c, buf, &T)) < 0) { goto end_of_export; + } len += ret; - end_of_export: +end_of_export: - mbedtls_mpi_free( &T ); - if( ret < 0 ) - return( ret ); + mbedtls_mpi_free(&T); + if (ret < 0) { + return ret; + } - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_int( &c, buf, 0 ) ); - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) ); - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, - buf, MBEDTLS_ASN1_CONSTRUCTED | - MBEDTLS_ASN1_SEQUENCE ) ); - } - else + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_int(&c, buf, 0)); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&c, buf, len)); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(&c, + buf, MBEDTLS_ASN1_CONSTRUCTED | + MBEDTLS_ASN1_SEQUENCE)); + } else #endif /* MBEDTLS_RSA_C */ #if defined(MBEDTLS_ECP_C) - if( mbedtls_pk_get_type( key ) == MBEDTLS_PK_ECKEY ) - { - mbedtls_ecp_keypair *ec = mbedtls_pk_ec( *key ); + if (mbedtls_pk_get_type(key) == MBEDTLS_PK_ECKEY) { + mbedtls_ecp_keypair *ec = mbedtls_pk_ec(*key); size_t pub_len = 0, par_len = 0; /* @@ -414,44 +424,46 @@ int mbedtls_pk_write_key_der( mbedtls_pk_context *key, unsigned char *buf, size_ */ /* publicKey */ - MBEDTLS_ASN1_CHK_ADD( pub_len, pk_write_ec_pubkey( &c, buf, ec ) ); + MBEDTLS_ASN1_CHK_ADD(pub_len, pk_write_ec_pubkey(&c, buf, ec)); - if( c - buf < 1 ) - return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL ); + if (c - buf < 1) { + return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL; + } *--c = 0; pub_len += 1; - MBEDTLS_ASN1_CHK_ADD( pub_len, mbedtls_asn1_write_len( &c, buf, pub_len ) ); - MBEDTLS_ASN1_CHK_ADD( pub_len, mbedtls_asn1_write_tag( &c, buf, MBEDTLS_ASN1_BIT_STRING ) ); + MBEDTLS_ASN1_CHK_ADD(pub_len, mbedtls_asn1_write_len(&c, buf, pub_len)); + MBEDTLS_ASN1_CHK_ADD(pub_len, mbedtls_asn1_write_tag(&c, buf, MBEDTLS_ASN1_BIT_STRING)); - MBEDTLS_ASN1_CHK_ADD( pub_len, mbedtls_asn1_write_len( &c, buf, pub_len ) ); - MBEDTLS_ASN1_CHK_ADD( pub_len, mbedtls_asn1_write_tag( &c, buf, - MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 1 ) ); + MBEDTLS_ASN1_CHK_ADD(pub_len, mbedtls_asn1_write_len(&c, buf, pub_len)); + MBEDTLS_ASN1_CHK_ADD(pub_len, mbedtls_asn1_write_tag(&c, buf, + MBEDTLS_ASN1_CONTEXT_SPECIFIC | + MBEDTLS_ASN1_CONSTRUCTED | 1)); len += pub_len; /* parameters */ - MBEDTLS_ASN1_CHK_ADD( par_len, pk_write_ec_param( &c, buf, ec ) ); + MBEDTLS_ASN1_CHK_ADD(par_len, pk_write_ec_param(&c, buf, ec)); - MBEDTLS_ASN1_CHK_ADD( par_len, mbedtls_asn1_write_len( &c, buf, par_len ) ); - MBEDTLS_ASN1_CHK_ADD( par_len, mbedtls_asn1_write_tag( &c, buf, - MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 0 ) ); + MBEDTLS_ASN1_CHK_ADD(par_len, mbedtls_asn1_write_len(&c, buf, par_len)); + MBEDTLS_ASN1_CHK_ADD(par_len, mbedtls_asn1_write_tag(&c, buf, + MBEDTLS_ASN1_CONTEXT_SPECIFIC | + MBEDTLS_ASN1_CONSTRUCTED | 0)); len += par_len; /* privateKey */ - MBEDTLS_ASN1_CHK_ADD( len, pk_write_ec_private( &c, buf, ec ) ); + MBEDTLS_ASN1_CHK_ADD(len, pk_write_ec_private(&c, buf, ec)); /* version */ - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_int( &c, buf, 1 ) ); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_int(&c, buf, 1)); - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) ); - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, buf, MBEDTLS_ASN1_CONSTRUCTED | - MBEDTLS_ASN1_SEQUENCE ) ); - } - else + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&c, buf, len)); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(&c, buf, MBEDTLS_ASN1_CONSTRUCTED | + MBEDTLS_ASN1_SEQUENCE)); + } else #endif /* MBEDTLS_ECP_C */ - return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE ); + return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE; - return( (int) len ); + return (int) len; } #if defined(MBEDTLS_PEM_WRITE_C) @@ -481,7 +493,7 @@ int mbedtls_pk_write_key_der( mbedtls_pk_context *key, unsigned char *buf, size_ * publicExponent INTEGER -- e 1 + 3 + MPI_MAX + 1 * } */ -#define RSA_PUB_DER_MAX_BYTES ( 38 + 2 * MBEDTLS_MPI_MAX_SIZE ) +#define RSA_PUB_DER_MAX_BYTES (38 + 2 * MBEDTLS_MPI_MAX_SIZE) /* * RSA private keys: @@ -498,10 +510,10 @@ int mbedtls_pk_write_key_der( mbedtls_pk_context *key, unsigned char *buf, size_ * otherPrimeInfos OtherPrimeInfos OPTIONAL 0 (not supported) * } */ -#define MPI_MAX_SIZE_2 ( MBEDTLS_MPI_MAX_SIZE / 2 + \ - MBEDTLS_MPI_MAX_SIZE % 2 ) -#define RSA_PRV_DER_MAX_BYTES ( 47 + 3 * MBEDTLS_MPI_MAX_SIZE \ - + 5 * MPI_MAX_SIZE_2 ) +#define MPI_MAX_SIZE_2 (MBEDTLS_MPI_MAX_SIZE / 2 + \ + MBEDTLS_MPI_MAX_SIZE % 2) +#define RSA_PRV_DER_MAX_BYTES (47 + 3 * MBEDTLS_MPI_MAX_SIZE \ + + 5 * MPI_MAX_SIZE_2) #else /* MBEDTLS_RSA_C */ @@ -522,7 +534,7 @@ int mbedtls_pk_write_key_der( mbedtls_pk_context *key, unsigned char *buf, size_ * + 2 * ECP_MAX (coords) [1] * } */ -#define ECP_PUB_DER_MAX_BYTES ( 30 + 2 * MBEDTLS_ECP_MAX_BYTES ) +#define ECP_PUB_DER_MAX_BYTES (30 + 2 * MBEDTLS_ECP_MAX_BYTES) /* * EC private keys: @@ -533,7 +545,7 @@ int mbedtls_pk_write_key_der( mbedtls_pk_context *key, unsigned char *buf, size_ * publicKey [1] BIT STRING OPTIONAL 1 + 2 + [1] above * } */ -#define ECP_PRV_DER_MAX_BYTES ( 29 + 3 * MBEDTLS_ECP_MAX_BYTES ) +#define ECP_PRV_DER_MAX_BYTES (29 + 3 * MBEDTLS_ECP_MAX_BYTES) #else /* MBEDTLS_ECP_C */ @@ -542,75 +554,69 @@ int mbedtls_pk_write_key_der( mbedtls_pk_context *key, unsigned char *buf, size_ #endif /* MBEDTLS_ECP_C */ -#define PUB_DER_MAX_BYTES ( RSA_PUB_DER_MAX_BYTES > ECP_PUB_DER_MAX_BYTES ? \ - RSA_PUB_DER_MAX_BYTES : ECP_PUB_DER_MAX_BYTES ) -#define PRV_DER_MAX_BYTES ( RSA_PRV_DER_MAX_BYTES > ECP_PRV_DER_MAX_BYTES ? \ - RSA_PRV_DER_MAX_BYTES : ECP_PRV_DER_MAX_BYTES ) +#define PUB_DER_MAX_BYTES (RSA_PUB_DER_MAX_BYTES > ECP_PUB_DER_MAX_BYTES ? \ + RSA_PUB_DER_MAX_BYTES : ECP_PUB_DER_MAX_BYTES) +#define PRV_DER_MAX_BYTES (RSA_PRV_DER_MAX_BYTES > ECP_PRV_DER_MAX_BYTES ? \ + RSA_PRV_DER_MAX_BYTES : ECP_PRV_DER_MAX_BYTES) -int mbedtls_pk_write_pubkey_pem( mbedtls_pk_context *key, unsigned char *buf, size_t size ) +int mbedtls_pk_write_pubkey_pem(mbedtls_pk_context *key, unsigned char *buf, size_t size) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char output_buf[PUB_DER_MAX_BYTES]; size_t olen = 0; - PK_VALIDATE_RET( key != NULL ); - PK_VALIDATE_RET( buf != NULL || size == 0 ); + PK_VALIDATE_RET(key != NULL); + PK_VALIDATE_RET(buf != NULL || size == 0); - if( ( ret = mbedtls_pk_write_pubkey_der( key, output_buf, - sizeof(output_buf) ) ) < 0 ) - { - return( ret ); + if ((ret = mbedtls_pk_write_pubkey_der(key, output_buf, + sizeof(output_buf))) < 0) { + return ret; } - if( ( ret = mbedtls_pem_write_buffer( PEM_BEGIN_PUBLIC_KEY, PEM_END_PUBLIC_KEY, - output_buf + sizeof(output_buf) - ret, - ret, buf, size, &olen ) ) != 0 ) - { - return( ret ); + if ((ret = mbedtls_pem_write_buffer(PEM_BEGIN_PUBLIC_KEY, PEM_END_PUBLIC_KEY, + output_buf + sizeof(output_buf) - ret, + ret, buf, size, &olen)) != 0) { + return ret; } - return( 0 ); + return 0; } -int mbedtls_pk_write_key_pem( mbedtls_pk_context *key, unsigned char *buf, size_t size ) +int mbedtls_pk_write_key_pem(mbedtls_pk_context *key, unsigned char *buf, size_t size) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char output_buf[PRV_DER_MAX_BYTES]; const char *begin, *end; size_t olen = 0; - PK_VALIDATE_RET( key != NULL ); - PK_VALIDATE_RET( buf != NULL || size == 0 ); + PK_VALIDATE_RET(key != NULL); + PK_VALIDATE_RET(buf != NULL || size == 0); - if( ( ret = mbedtls_pk_write_key_der( key, output_buf, sizeof(output_buf) ) ) < 0 ) - return( ret ); + if ((ret = mbedtls_pk_write_key_der(key, output_buf, sizeof(output_buf))) < 0) { + return ret; + } #if defined(MBEDTLS_RSA_C) - if( mbedtls_pk_get_type( key ) == MBEDTLS_PK_RSA ) - { + if (mbedtls_pk_get_type(key) == MBEDTLS_PK_RSA) { begin = PEM_BEGIN_PRIVATE_KEY_RSA; end = PEM_END_PRIVATE_KEY_RSA; - } - else + } else #endif #if defined(MBEDTLS_ECP_C) - if( mbedtls_pk_get_type( key ) == MBEDTLS_PK_ECKEY ) - { + if (mbedtls_pk_get_type(key) == MBEDTLS_PK_ECKEY) { begin = PEM_BEGIN_PRIVATE_KEY_EC; end = PEM_END_PRIVATE_KEY_EC; - } - else + } else #endif - return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE ); + return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE; - if( ( ret = mbedtls_pem_write_buffer( begin, end, - output_buf + sizeof(output_buf) - ret, - ret, buf, size, &olen ) ) != 0 ) - { - return( ret ); + if ((ret = mbedtls_pem_write_buffer(begin, end, + output_buf + sizeof(output_buf) - ret, + ret, buf, size, &olen)) != 0) { + return ret; } - return( 0 ); + return 0; } #endif /* MBEDTLS_PEM_WRITE_C */ diff --git a/thirdparty/mbedtls/library/platform.c b/thirdparty/mbedtls/library/platform.c index e742fde7cc..c8b0328d1d 100644 --- a/thirdparty/mbedtls/library/platform.c +++ b/thirdparty/mbedtls/library/platform.c @@ -30,22 +30,22 @@ * configuration via mbedtls_platform_set_calloc_free(). So, omit everything * related to the latter if MBEDTLS_PLATFORM_{FREE/CALLOC}_MACRO are defined. */ #if defined(MBEDTLS_PLATFORM_MEMORY) && \ - !( defined(MBEDTLS_PLATFORM_CALLOC_MACRO) && \ - defined(MBEDTLS_PLATFORM_FREE_MACRO) ) + !(defined(MBEDTLS_PLATFORM_CALLOC_MACRO) && \ + defined(MBEDTLS_PLATFORM_FREE_MACRO)) #if !defined(MBEDTLS_PLATFORM_STD_CALLOC) -static void *platform_calloc_uninit( size_t n, size_t size ) +static void *platform_calloc_uninit(size_t n, size_t size) { ((void) n); ((void) size); - return( NULL ); + return NULL; } #define MBEDTLS_PLATFORM_STD_CALLOC platform_calloc_uninit #endif /* !MBEDTLS_PLATFORM_STD_CALLOC */ #if !defined(MBEDTLS_PLATFORM_STD_FREE) -static void platform_free_uninit( void *ptr ) +static void platform_free_uninit(void *ptr) { ((void) ptr); } @@ -53,25 +53,25 @@ static void platform_free_uninit( void *ptr ) #define MBEDTLS_PLATFORM_STD_FREE platform_free_uninit #endif /* !MBEDTLS_PLATFORM_STD_FREE */ -static void * (*mbedtls_calloc_func)( size_t, size_t ) = MBEDTLS_PLATFORM_STD_CALLOC; -static void (*mbedtls_free_func)( void * ) = MBEDTLS_PLATFORM_STD_FREE; +static void * (*mbedtls_calloc_func)(size_t, size_t) = MBEDTLS_PLATFORM_STD_CALLOC; +static void (*mbedtls_free_func)(void *) = MBEDTLS_PLATFORM_STD_FREE; -void * mbedtls_calloc( size_t nmemb, size_t size ) +void *mbedtls_calloc(size_t nmemb, size_t size) { - return (*mbedtls_calloc_func)( nmemb, size ); + return (*mbedtls_calloc_func)(nmemb, size); } -void mbedtls_free( void * ptr ) +void mbedtls_free(void *ptr) { - (*mbedtls_free_func)( ptr ); + (*mbedtls_free_func)(ptr); } -int mbedtls_platform_set_calloc_free( void * (*calloc_func)( size_t, size_t ), - void (*free_func)( void * ) ) +int mbedtls_platform_set_calloc_free(void *(*calloc_func)(size_t, size_t), + void (*free_func)(void *)) { mbedtls_calloc_func = calloc_func; mbedtls_free_func = free_func; - return( 0 ); + return 0; } #endif /* MBEDTLS_PLATFORM_MEMORY && !( defined(MBEDTLS_PLATFORM_CALLOC_MACRO) && @@ -79,16 +79,16 @@ int mbedtls_platform_set_calloc_free( void * (*calloc_func)( size_t, size_t ), #if defined(MBEDTLS_PLATFORM_HAS_NON_CONFORMING_SNPRINTF) #include -int mbedtls_platform_win32_snprintf( char *s, size_t n, const char *fmt, ... ) +int mbedtls_platform_win32_snprintf(char *s, size_t n, const char *fmt, ...) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; va_list argp; - va_start( argp, fmt ); - ret = mbedtls_vsnprintf( s, n, fmt, argp ); - va_end( argp ); + va_start(argp, fmt); + ret = mbedtls_vsnprintf(s, n, fmt, argp); + va_end(argp); - return( ret ); + return ret; } #endif @@ -97,53 +97,53 @@ int mbedtls_platform_win32_snprintf( char *s, size_t n, const char *fmt, ... ) /* * Make dummy function to prevent NULL pointer dereferences */ -static int platform_snprintf_uninit( char * s, size_t n, - const char * format, ... ) +static int platform_snprintf_uninit(char *s, size_t n, + const char *format, ...) { ((void) s); ((void) n); ((void) format); - return( 0 ); + return 0; } #define MBEDTLS_PLATFORM_STD_SNPRINTF platform_snprintf_uninit #endif /* !MBEDTLS_PLATFORM_STD_SNPRINTF */ -int (*mbedtls_snprintf)( char * s, size_t n, - const char * format, - ... ) = MBEDTLS_PLATFORM_STD_SNPRINTF; +int (*mbedtls_snprintf)(char *s, size_t n, + const char *format, + ...) = MBEDTLS_PLATFORM_STD_SNPRINTF; -int mbedtls_platform_set_snprintf( int (*snprintf_func)( char * s, size_t n, - const char * format, - ... ) ) +int mbedtls_platform_set_snprintf(int (*snprintf_func)(char *s, size_t n, + const char *format, + ...)) { mbedtls_snprintf = snprintf_func; - return( 0 ); + return 0; } #endif /* MBEDTLS_PLATFORM_SNPRINTF_ALT */ #if defined(MBEDTLS_PLATFORM_HAS_NON_CONFORMING_VSNPRINTF) #include -int mbedtls_platform_win32_vsnprintf( char *s, size_t n, const char *fmt, va_list arg ) +int mbedtls_platform_win32_vsnprintf(char *s, size_t n, const char *fmt, va_list arg) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; /* Avoid calling the invalid parameter handler by checking ourselves */ - if( s == NULL || n == 0 || fmt == NULL ) - return( -1 ); + if (s == NULL || n == 0 || fmt == NULL) { + return -1; + } #if defined(_TRUNCATE) - ret = vsnprintf_s( s, n, _TRUNCATE, fmt, arg ); + ret = vsnprintf_s(s, n, _TRUNCATE, fmt, arg); #else - ret = vsnprintf( s, n, fmt, arg ); - if( ret < 0 || (size_t) ret == n ) - { + ret = vsnprintf(s, n, fmt, arg); + if (ret < 0 || (size_t) ret == n) { s[n-1] = '\0'; ret = -1; } #endif - return( ret ); + return ret; } #endif @@ -152,29 +152,29 @@ int mbedtls_platform_win32_vsnprintf( char *s, size_t n, const char *fmt, va_lis /* * Make dummy function to prevent NULL pointer dereferences */ -static int platform_vsnprintf_uninit( char * s, size_t n, - const char * format, va_list arg ) +static int platform_vsnprintf_uninit(char *s, size_t n, + const char *format, va_list arg) { ((void) s); ((void) n); ((void) format); ((void) arg); - return( -1 ); + return -1; } #define MBEDTLS_PLATFORM_STD_VSNPRINTF platform_vsnprintf_uninit #endif /* !MBEDTLS_PLATFORM_STD_VSNPRINTF */ -int (*mbedtls_vsnprintf)( char * s, size_t n, - const char * format, - va_list arg ) = MBEDTLS_PLATFORM_STD_VSNPRINTF; +int (*mbedtls_vsnprintf)(char *s, size_t n, + const char *format, + va_list arg) = MBEDTLS_PLATFORM_STD_VSNPRINTF; -int mbedtls_platform_set_vsnprintf( int (*vsnprintf_func)( char * s, size_t n, - const char * format, - va_list arg ) ) +int mbedtls_platform_set_vsnprintf(int (*vsnprintf_func)(char *s, size_t n, + const char *format, + va_list arg)) { mbedtls_vsnprintf = vsnprintf_func; - return( 0 ); + return 0; } #endif /* MBEDTLS_PLATFORM_VSNPRINTF_ALT */ @@ -183,21 +183,21 @@ int mbedtls_platform_set_vsnprintf( int (*vsnprintf_func)( char * s, size_t n, /* * Make dummy function to prevent NULL pointer dereferences */ -static int platform_printf_uninit( const char *format, ... ) +static int platform_printf_uninit(const char *format, ...) { ((void) format); - return( 0 ); + return 0; } #define MBEDTLS_PLATFORM_STD_PRINTF platform_printf_uninit #endif /* !MBEDTLS_PLATFORM_STD_PRINTF */ -int (*mbedtls_printf)( const char *, ... ) = MBEDTLS_PLATFORM_STD_PRINTF; +int (*mbedtls_printf)(const char *, ...) = MBEDTLS_PLATFORM_STD_PRINTF; -int mbedtls_platform_set_printf( int (*printf_func)( const char *, ... ) ) +int mbedtls_platform_set_printf(int (*printf_func)(const char *, ...)) { mbedtls_printf = printf_func; - return( 0 ); + return 0; } #endif /* MBEDTLS_PLATFORM_PRINTF_ALT */ @@ -206,23 +206,23 @@ int mbedtls_platform_set_printf( int (*printf_func)( const char *, ... ) ) /* * Make dummy function to prevent NULL pointer dereferences */ -static int platform_fprintf_uninit( FILE *stream, const char *format, ... ) +static int platform_fprintf_uninit(FILE *stream, const char *format, ...) { ((void) stream); ((void) format); - return( 0 ); + return 0; } #define MBEDTLS_PLATFORM_STD_FPRINTF platform_fprintf_uninit #endif /* !MBEDTLS_PLATFORM_STD_FPRINTF */ -int (*mbedtls_fprintf)( FILE *, const char *, ... ) = - MBEDTLS_PLATFORM_STD_FPRINTF; +int (*mbedtls_fprintf)(FILE *, const char *, ...) = + MBEDTLS_PLATFORM_STD_FPRINTF; -int mbedtls_platform_set_fprintf( int (*fprintf_func)( FILE *, const char *, ... ) ) +int mbedtls_platform_set_fprintf(int (*fprintf_func)(FILE *, const char *, ...)) { mbedtls_fprintf = fprintf_func; - return( 0 ); + return 0; } #endif /* MBEDTLS_PLATFORM_FPRINTF_ALT */ @@ -231,7 +231,7 @@ int mbedtls_platform_set_fprintf( int (*fprintf_func)( FILE *, const char *, ... /* * Make dummy function to prevent NULL pointer dereferences */ -static void platform_exit_uninit( int status ) +static void platform_exit_uninit(int status) { ((void) status); } @@ -239,12 +239,12 @@ static void platform_exit_uninit( int status ) #define MBEDTLS_PLATFORM_STD_EXIT platform_exit_uninit #endif /* !MBEDTLS_PLATFORM_STD_EXIT */ -void (*mbedtls_exit)( int status ) = MBEDTLS_PLATFORM_STD_EXIT; +void (*mbedtls_exit)(int status) = MBEDTLS_PLATFORM_STD_EXIT; -int mbedtls_platform_set_exit( void (*exit_func)( int status ) ) +int mbedtls_platform_set_exit(void (*exit_func)(int status)) { mbedtls_exit = exit_func; - return( 0 ); + return 0; } #endif /* MBEDTLS_PLATFORM_EXIT_ALT */ @@ -255,21 +255,21 @@ int mbedtls_platform_set_exit( void (*exit_func)( int status ) ) /* * Make dummy function to prevent NULL pointer dereferences */ -static mbedtls_time_t platform_time_uninit( mbedtls_time_t* timer ) +static mbedtls_time_t platform_time_uninit(mbedtls_time_t *timer) { ((void) timer); - return( 0 ); + return 0; } #define MBEDTLS_PLATFORM_STD_TIME platform_time_uninit #endif /* !MBEDTLS_PLATFORM_STD_TIME */ -mbedtls_time_t (*mbedtls_time)( mbedtls_time_t* timer ) = MBEDTLS_PLATFORM_STD_TIME; +mbedtls_time_t (*mbedtls_time)(mbedtls_time_t *timer) = MBEDTLS_PLATFORM_STD_TIME; -int mbedtls_platform_set_time( mbedtls_time_t (*time_func)( mbedtls_time_t* timer ) ) +int mbedtls_platform_set_time(mbedtls_time_t (*time_func)(mbedtls_time_t *timer)) { mbedtls_time = time_func; - return( 0 ); + return 0; } #endif /* MBEDTLS_PLATFORM_TIME_ALT */ @@ -280,41 +280,41 @@ int mbedtls_platform_set_time( mbedtls_time_t (*time_func)( mbedtls_time_t* time /* Default implementations for the platform independent seed functions use * standard libc file functions to read from and write to a pre-defined filename */ -int mbedtls_platform_std_nv_seed_read( unsigned char *buf, size_t buf_len ) +int mbedtls_platform_std_nv_seed_read(unsigned char *buf, size_t buf_len) { FILE *file; size_t n; - if( ( file = fopen( MBEDTLS_PLATFORM_STD_NV_SEED_FILE, "rb" ) ) == NULL ) - return( -1 ); + if ((file = fopen(MBEDTLS_PLATFORM_STD_NV_SEED_FILE, "rb")) == NULL) { + return -1; + } - if( ( n = fread( buf, 1, buf_len, file ) ) != buf_len ) - { - fclose( file ); - mbedtls_platform_zeroize( buf, buf_len ); - return( -1 ); + if ((n = fread(buf, 1, buf_len, file)) != buf_len) { + fclose(file); + mbedtls_platform_zeroize(buf, buf_len); + return -1; } - fclose( file ); - return( (int)n ); + fclose(file); + return (int) n; } -int mbedtls_platform_std_nv_seed_write( unsigned char *buf, size_t buf_len ) +int mbedtls_platform_std_nv_seed_write(unsigned char *buf, size_t buf_len) { FILE *file; size_t n; - if( ( file = fopen( MBEDTLS_PLATFORM_STD_NV_SEED_FILE, "w" ) ) == NULL ) + if ((file = fopen(MBEDTLS_PLATFORM_STD_NV_SEED_FILE, "w")) == NULL) { return -1; + } - if( ( n = fwrite( buf, 1, buf_len, file ) ) != buf_len ) - { - fclose( file ); + if ((n = fwrite(buf, 1, buf_len, file)) != buf_len) { + fclose(file); return -1; } - fclose( file ); - return( (int)n ); + fclose(file); + return (int) n; } #endif /* MBEDTLS_PLATFORM_NO_STD_FUNCTIONS */ @@ -323,11 +323,11 @@ int mbedtls_platform_std_nv_seed_write( unsigned char *buf, size_t buf_len ) /* * Make dummy function to prevent NULL pointer dereferences */ -static int platform_nv_seed_read_uninit( unsigned char *buf, size_t buf_len ) +static int platform_nv_seed_read_uninit(unsigned char *buf, size_t buf_len) { ((void) buf); ((void) buf_len); - return( -1 ); + return -1; } #define MBEDTLS_PLATFORM_STD_NV_SEED_READ platform_nv_seed_read_uninit @@ -337,28 +337,28 @@ static int platform_nv_seed_read_uninit( unsigned char *buf, size_t buf_len ) /* * Make dummy function to prevent NULL pointer dereferences */ -static int platform_nv_seed_write_uninit( unsigned char *buf, size_t buf_len ) +static int platform_nv_seed_write_uninit(unsigned char *buf, size_t buf_len) { ((void) buf); ((void) buf_len); - return( -1 ); + return -1; } #define MBEDTLS_PLATFORM_STD_NV_SEED_WRITE platform_nv_seed_write_uninit #endif /* !MBEDTLS_PLATFORM_STD_NV_SEED_WRITE */ -int (*mbedtls_nv_seed_read)( unsigned char *buf, size_t buf_len ) = - MBEDTLS_PLATFORM_STD_NV_SEED_READ; -int (*mbedtls_nv_seed_write)( unsigned char *buf, size_t buf_len ) = - MBEDTLS_PLATFORM_STD_NV_SEED_WRITE; +int (*mbedtls_nv_seed_read)(unsigned char *buf, size_t buf_len) = + MBEDTLS_PLATFORM_STD_NV_SEED_READ; +int (*mbedtls_nv_seed_write)(unsigned char *buf, size_t buf_len) = + MBEDTLS_PLATFORM_STD_NV_SEED_WRITE; int mbedtls_platform_set_nv_seed( - int (*nv_seed_read_func)( unsigned char *buf, size_t buf_len ), - int (*nv_seed_write_func)( unsigned char *buf, size_t buf_len ) ) + int (*nv_seed_read_func)(unsigned char *buf, size_t buf_len), + int (*nv_seed_write_func)(unsigned char *buf, size_t buf_len)) { mbedtls_nv_seed_read = nv_seed_read_func; mbedtls_nv_seed_write = nv_seed_write_func; - return( 0 ); + return 0; } #endif /* MBEDTLS_PLATFORM_NV_SEED_ALT */ #endif /* MBEDTLS_ENTROPY_NV_SEED */ @@ -367,19 +367,19 @@ int mbedtls_platform_set_nv_seed( /* * Placeholder platform setup that does nothing by default */ -int mbedtls_platform_setup( mbedtls_platform_context *ctx ) +int mbedtls_platform_setup(mbedtls_platform_context *ctx) { - (void)ctx; + (void) ctx; - return( 0 ); + return 0; } /* * Placeholder platform teardown that does nothing by default */ -void mbedtls_platform_teardown( mbedtls_platform_context *ctx ) +void mbedtls_platform_teardown(mbedtls_platform_context *ctx) { - (void)ctx; + (void) ctx; } #endif /* MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT */ diff --git a/thirdparty/mbedtls/library/platform_util.c b/thirdparty/mbedtls/library/platform_util.c index 98fe5deb2d..3783f0eb84 100644 --- a/thirdparty/mbedtls/library/platform_util.c +++ b/thirdparty/mbedtls/library/platform_util.c @@ -62,14 +62,15 @@ * mbedtls_platform_zeroize() to use a suitable implementation for their * platform and needs. */ -static void * (* const volatile memset_func)( void *, int, size_t ) = memset; +static void *(*const volatile memset_func)(void *, int, size_t) = memset; -void mbedtls_platform_zeroize( void *buf, size_t len ) +void mbedtls_platform_zeroize(void *buf, size_t len) { - MBEDTLS_INTERNAL_VALIDATE( len == 0 || buf != NULL ); + MBEDTLS_INTERNAL_VALIDATE(len == 0 || buf != NULL); - if( len > 0 ) - memset_func( buf, 0, len ); + if (len > 0) { + memset_func(buf, 0, len); + } } #endif /* MBEDTLS_PLATFORM_ZEROIZE_ALT */ @@ -82,9 +83,9 @@ void mbedtls_platform_zeroize( void *buf, size_t len ) #endif /* !_WIN32 && (unix || __unix || __unix__ || * (__APPLE__ && __MACH__)) */ -#if !( ( defined(_POSIX_VERSION) && _POSIX_VERSION >= 200809L ) || \ - ( defined(_POSIX_THREAD_SAFE_FUNCTIONS ) && \ - _POSIX_THREAD_SAFE_FUNCTIONS >= 200112L ) ) +#if !((defined(_POSIX_VERSION) && _POSIX_VERSION >= 200809L) || \ + (defined(_POSIX_THREAD_SAFE_FUNCTIONS) && \ + _POSIX_THREAD_SAFE_FUNCTIONS >= 200112L)) /* * This is a convenience shorthand macro to avoid checking the long * preprocessor conditions above. Ideally, we could expose this macro in @@ -92,42 +93,43 @@ void mbedtls_platform_zeroize( void *buf, size_t len ) * threading.h. However, this macro is not part of the Mbed TLS public API, so * we keep it private by only defining it in this file */ -#if ! ( defined(_WIN32) && !defined(EFIX64) && !defined(EFI32) ) +#if !(defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)) #define PLATFORM_UTIL_USE_GMTIME #endif /* ! ( defined(_WIN32) && !defined(EFIX64) && !defined(EFI32) ) */ -#endif /* !( ( defined(_POSIX_VERSION) && _POSIX_VERSION >= 200809L ) || \ - ( defined(_POSIX_THREAD_SAFE_FUNCTIONS ) && \ +#endif /* !( ( defined(_POSIX_VERSION) && _POSIX_VERSION >= 200809L ) || \ + ( defined(_POSIX_THREAD_SAFE_FUNCTIONS ) && \ _POSIX_THREAD_SAFE_FUNCTIONS >= 200112L ) ) */ -struct tm *mbedtls_platform_gmtime_r( const mbedtls_time_t *tt, - struct tm *tm_buf ) +struct tm *mbedtls_platform_gmtime_r(const mbedtls_time_t *tt, + struct tm *tm_buf) { #if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32) - return( ( gmtime_s( tm_buf, tt ) == 0 ) ? tm_buf : NULL ); + return (gmtime_s(tm_buf, tt) == 0) ? tm_buf : NULL; #elif !defined(PLATFORM_UTIL_USE_GMTIME) - return( gmtime_r( tt, tm_buf ) ); + return gmtime_r(tt, tm_buf); #else struct tm *lt; #if defined(MBEDTLS_THREADING_C) - if( mbedtls_mutex_lock( &mbedtls_threading_gmtime_mutex ) != 0 ) - return( NULL ); + if (mbedtls_mutex_lock(&mbedtls_threading_gmtime_mutex) != 0) { + return NULL; + } #endif /* MBEDTLS_THREADING_C */ - lt = gmtime( tt ); + lt = gmtime(tt); - if( lt != NULL ) - { - memcpy( tm_buf, lt, sizeof( struct tm ) ); + if (lt != NULL) { + memcpy(tm_buf, lt, sizeof(struct tm)); } #if defined(MBEDTLS_THREADING_C) - if( mbedtls_mutex_unlock( &mbedtls_threading_gmtime_mutex ) != 0 ) - return( NULL ); + if (mbedtls_mutex_unlock(&mbedtls_threading_gmtime_mutex) != 0) { + return NULL; + } #endif /* MBEDTLS_THREADING_C */ - return( ( lt == NULL ) ? NULL : tm_buf ); + return (lt == NULL) ? NULL : tm_buf; #endif /* _WIN32 && !EFIX64 && !EFI32 */ } #endif /* MBEDTLS_HAVE_TIME_DATE && MBEDTLS_PLATFORM_GMTIME_R_ALT */ diff --git a/thirdparty/mbedtls/library/poly1305.c b/thirdparty/mbedtls/library/poly1305.c index a1c5b19d8e..510a45a698 100644 --- a/thirdparty/mbedtls/library/poly1305.c +++ b/thirdparty/mbedtls/library/poly1305.c @@ -33,19 +33,19 @@ #if !defined(MBEDTLS_POLY1305_ALT) /* Parameter validation macros */ -#define POLY1305_VALIDATE_RET( cond ) \ - MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA ) -#define POLY1305_VALIDATE( cond ) \ - MBEDTLS_INTERNAL_VALIDATE( cond ) +#define POLY1305_VALIDATE_RET(cond) \ + MBEDTLS_INTERNAL_VALIDATE_RET(cond, MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA) +#define POLY1305_VALIDATE(cond) \ + MBEDTLS_INTERNAL_VALIDATE(cond) -#define POLY1305_BLOCK_SIZE_BYTES ( 16U ) +#define POLY1305_BLOCK_SIZE_BYTES (16U) /* * Our implementation is tuned for 32-bit platforms with a 64-bit multiplier. * However we provided an alternative for platforms without such a multiplier. */ #if defined(MBEDTLS_NO_64BIT_MULTIPLICATION) -static uint64_t mul64( uint32_t a, uint32_t b ) +static uint64_t mul64(uint32_t a, uint32_t b) { /* a = al + 2**16 ah, b = bl + 2**16 bh */ const uint16_t al = (uint16_t) a; @@ -55,15 +55,15 @@ static uint64_t mul64( uint32_t a, uint32_t b ) /* ab = al*bl + 2**16 (ah*bl + bl*bh) + 2**32 ah*bh */ const uint32_t lo = (uint32_t) al * bl; - const uint64_t me = (uint64_t)( (uint32_t) ah * bl ) + (uint32_t) al * bh; + const uint64_t me = (uint64_t) ((uint32_t) ah * bl) + (uint32_t) al * bh; const uint32_t hi = (uint32_t) ah * bh; - return( lo + ( me << 16 ) + ( (uint64_t) hi << 32 ) ); + return lo + (me << 16) + ((uint64_t) hi << 32); } #else -static inline uint64_t mul64( uint32_t a, uint32_t b ) +static inline uint64_t mul64(uint32_t a, uint32_t b) { - return( (uint64_t) a * b ); + return (uint64_t) a * b; } #endif @@ -79,10 +79,10 @@ static inline uint64_t mul64( uint32_t a, uint32_t b ) * applied to the input data before calling this * function. Otherwise, set this parameter to 1. */ -static void poly1305_process( mbedtls_poly1305_context *ctx, - size_t nblocks, - const unsigned char *input, - uint32_t needs_padding ) +static void poly1305_process(mbedtls_poly1305_context *ctx, + size_t nblocks, + const unsigned char *input, + uint32_t needs_padding) { uint64_t d0, d1, d2, d3; uint32_t acc0, acc1, acc2, acc3, acc4; @@ -96,9 +96,9 @@ static void poly1305_process( mbedtls_poly1305_context *ctx, r2 = ctx->r[2]; r3 = ctx->r[3]; - rs1 = r1 + ( r1 >> 2U ); - rs2 = r2 + ( r2 >> 2U ); - rs3 = r3 + ( r3 >> 2U ); + rs1 = r1 + (r1 >> 2U); + rs2 = r2 + (r2 >> 2U); + rs3 = r3 + (r3 >> 2U); acc0 = ctx->acc[0]; acc1 = ctx->acc[1]; @@ -107,67 +107,66 @@ static void poly1305_process( mbedtls_poly1305_context *ctx, acc4 = ctx->acc[4]; /* Process full blocks */ - for( i = 0U; i < nblocks; i++ ) - { + for (i = 0U; i < nblocks; i++) { /* The input block is treated as a 128-bit little-endian integer */ - d0 = MBEDTLS_GET_UINT32_LE( input, offset + 0 ); - d1 = MBEDTLS_GET_UINT32_LE( input, offset + 4 ); - d2 = MBEDTLS_GET_UINT32_LE( input, offset + 8 ); - d3 = MBEDTLS_GET_UINT32_LE( input, offset + 12 ); + d0 = MBEDTLS_GET_UINT32_LE(input, offset + 0); + d1 = MBEDTLS_GET_UINT32_LE(input, offset + 4); + d2 = MBEDTLS_GET_UINT32_LE(input, offset + 8); + d3 = MBEDTLS_GET_UINT32_LE(input, offset + 12); /* Compute: acc += (padded) block as a 130-bit integer */ d0 += (uint64_t) acc0; - d1 += (uint64_t) acc1 + ( d0 >> 32U ); - d2 += (uint64_t) acc2 + ( d1 >> 32U ); - d3 += (uint64_t) acc3 + ( d2 >> 32U ); + d1 += (uint64_t) acc1 + (d0 >> 32U); + d2 += (uint64_t) acc2 + (d1 >> 32U); + d3 += (uint64_t) acc3 + (d2 >> 32U); acc0 = (uint32_t) d0; acc1 = (uint32_t) d1; acc2 = (uint32_t) d2; acc3 = (uint32_t) d3; - acc4 += (uint32_t) ( d3 >> 32U ) + needs_padding; + acc4 += (uint32_t) (d3 >> 32U) + needs_padding; /* Compute: acc *= r */ - d0 = mul64( acc0, r0 ) + - mul64( acc1, rs3 ) + - mul64( acc2, rs2 ) + - mul64( acc3, rs1 ); - d1 = mul64( acc0, r1 ) + - mul64( acc1, r0 ) + - mul64( acc2, rs3 ) + - mul64( acc3, rs2 ) + - mul64( acc4, rs1 ); - d2 = mul64( acc0, r2 ) + - mul64( acc1, r1 ) + - mul64( acc2, r0 ) + - mul64( acc3, rs3 ) + - mul64( acc4, rs2 ); - d3 = mul64( acc0, r3 ) + - mul64( acc1, r2 ) + - mul64( acc2, r1 ) + - mul64( acc3, r0 ) + - mul64( acc4, rs3 ); + d0 = mul64(acc0, r0) + + mul64(acc1, rs3) + + mul64(acc2, rs2) + + mul64(acc3, rs1); + d1 = mul64(acc0, r1) + + mul64(acc1, r0) + + mul64(acc2, rs3) + + mul64(acc3, rs2) + + mul64(acc4, rs1); + d2 = mul64(acc0, r2) + + mul64(acc1, r1) + + mul64(acc2, r0) + + mul64(acc3, rs3) + + mul64(acc4, rs2); + d3 = mul64(acc0, r3) + + mul64(acc1, r2) + + mul64(acc2, r1) + + mul64(acc3, r0) + + mul64(acc4, rs3); acc4 *= r0; /* Compute: acc %= (2^130 - 5) (partial remainder) */ - d1 += ( d0 >> 32 ); - d2 += ( d1 >> 32 ); - d3 += ( d2 >> 32 ); + d1 += (d0 >> 32); + d2 += (d1 >> 32); + d3 += (d2 >> 32); acc0 = (uint32_t) d0; acc1 = (uint32_t) d1; acc2 = (uint32_t) d2; acc3 = (uint32_t) d3; - acc4 = (uint32_t) ( d3 >> 32 ) + acc4; + acc4 = (uint32_t) (d3 >> 32) + acc4; - d0 = (uint64_t) acc0 + ( acc4 >> 2 ) + ( acc4 & 0xFFFFFFFCU ); + d0 = (uint64_t) acc0 + (acc4 >> 2) + (acc4 & 0xFFFFFFFCU); acc4 &= 3U; acc0 = (uint32_t) d0; - d0 = (uint64_t) acc1 + ( d0 >> 32U ); + d0 = (uint64_t) acc1 + (d0 >> 32U); acc1 = (uint32_t) d0; - d0 = (uint64_t) acc2 + ( d0 >> 32U ); + d0 = (uint64_t) acc2 + (d0 >> 32U); acc2 = (uint32_t) d0; - d0 = (uint64_t) acc3 + ( d0 >> 32U ); + d0 = (uint64_t) acc3 + (d0 >> 32U); acc3 = (uint32_t) d0; - d0 = (uint64_t) acc4 + ( d0 >> 32U ); + d0 = (uint64_t) acc4 + (d0 >> 32U); acc4 = (uint32_t) d0; offset += POLY1305_BLOCK_SIZE_BYTES; @@ -187,8 +186,8 @@ static void poly1305_process( mbedtls_poly1305_context *ctx, * \param mac The buffer to where the MAC is written. Must be * big enough to contain the 16-byte MAC. */ -static void poly1305_compute_mac( const mbedtls_poly1305_context *ctx, - unsigned char mac[16] ) +static void poly1305_compute_mac(const mbedtls_poly1305_context *ctx, + unsigned char mac[16]) { uint64_t d; uint32_t g0, g1, g2, g3, g4; @@ -208,73 +207,74 @@ static void poly1305_compute_mac( const mbedtls_poly1305_context *ctx, */ /* Calculate acc + -(2^130 - 5) */ - d = ( (uint64_t) acc0 + 5U ); + d = ((uint64_t) acc0 + 5U); g0 = (uint32_t) d; - d = ( (uint64_t) acc1 + ( d >> 32 ) ); + d = ((uint64_t) acc1 + (d >> 32)); g1 = (uint32_t) d; - d = ( (uint64_t) acc2 + ( d >> 32 ) ); + d = ((uint64_t) acc2 + (d >> 32)); g2 = (uint32_t) d; - d = ( (uint64_t) acc3 + ( d >> 32 ) ); + d = ((uint64_t) acc3 + (d >> 32)); g3 = (uint32_t) d; - g4 = acc4 + (uint32_t) ( d >> 32U ); + g4 = acc4 + (uint32_t) (d >> 32U); /* mask == 0xFFFFFFFF if 131st bit is set, otherwise mask == 0 */ - mask = (uint32_t) 0U - ( g4 >> 2U ); + mask = (uint32_t) 0U - (g4 >> 2U); mask_inv = ~mask; /* If 131st bit is set then acc=g, otherwise, acc is unmodified */ - acc0 = ( acc0 & mask_inv ) | ( g0 & mask ); - acc1 = ( acc1 & mask_inv ) | ( g1 & mask ); - acc2 = ( acc2 & mask_inv ) | ( g2 & mask ); - acc3 = ( acc3 & mask_inv ) | ( g3 & mask ); + acc0 = (acc0 & mask_inv) | (g0 & mask); + acc1 = (acc1 & mask_inv) | (g1 & mask); + acc2 = (acc2 & mask_inv) | (g2 & mask); + acc3 = (acc3 & mask_inv) | (g3 & mask); /* Add 's' */ d = (uint64_t) acc0 + ctx->s[0]; acc0 = (uint32_t) d; - d = (uint64_t) acc1 + ctx->s[1] + ( d >> 32U ); + d = (uint64_t) acc1 + ctx->s[1] + (d >> 32U); acc1 = (uint32_t) d; - d = (uint64_t) acc2 + ctx->s[2] + ( d >> 32U ); + d = (uint64_t) acc2 + ctx->s[2] + (d >> 32U); acc2 = (uint32_t) d; - acc3 += ctx->s[3] + (uint32_t) ( d >> 32U ); + acc3 += ctx->s[3] + (uint32_t) (d >> 32U); /* Compute MAC (128 least significant bits of the accumulator) */ - MBEDTLS_PUT_UINT32_LE( acc0, mac, 0 ); - MBEDTLS_PUT_UINT32_LE( acc1, mac, 4 ); - MBEDTLS_PUT_UINT32_LE( acc2, mac, 8 ); - MBEDTLS_PUT_UINT32_LE( acc3, mac, 12 ); + MBEDTLS_PUT_UINT32_LE(acc0, mac, 0); + MBEDTLS_PUT_UINT32_LE(acc1, mac, 4); + MBEDTLS_PUT_UINT32_LE(acc2, mac, 8); + MBEDTLS_PUT_UINT32_LE(acc3, mac, 12); } -void mbedtls_poly1305_init( mbedtls_poly1305_context *ctx ) +void mbedtls_poly1305_init(mbedtls_poly1305_context *ctx) { - POLY1305_VALIDATE( ctx != NULL ); + POLY1305_VALIDATE(ctx != NULL); - mbedtls_platform_zeroize( ctx, sizeof( mbedtls_poly1305_context ) ); + mbedtls_platform_zeroize(ctx, sizeof(mbedtls_poly1305_context)); } -void mbedtls_poly1305_free( mbedtls_poly1305_context *ctx ) +void mbedtls_poly1305_free(mbedtls_poly1305_context *ctx) { - if( ctx == NULL ) + if (ctx == NULL) { return; + } - mbedtls_platform_zeroize( ctx, sizeof( mbedtls_poly1305_context ) ); + mbedtls_platform_zeroize(ctx, sizeof(mbedtls_poly1305_context)); } -int mbedtls_poly1305_starts( mbedtls_poly1305_context *ctx, - const unsigned char key[32] ) +int mbedtls_poly1305_starts(mbedtls_poly1305_context *ctx, + const unsigned char key[32]) { - POLY1305_VALIDATE_RET( ctx != NULL ); - POLY1305_VALIDATE_RET( key != NULL ); + POLY1305_VALIDATE_RET(ctx != NULL); + POLY1305_VALIDATE_RET(key != NULL); /* r &= 0x0ffffffc0ffffffc0ffffffc0fffffff */ - ctx->r[0] = MBEDTLS_GET_UINT32_LE( key, 0 ) & 0x0FFFFFFFU; - ctx->r[1] = MBEDTLS_GET_UINT32_LE( key, 4 ) & 0x0FFFFFFCU; - ctx->r[2] = MBEDTLS_GET_UINT32_LE( key, 8 ) & 0x0FFFFFFCU; - ctx->r[3] = MBEDTLS_GET_UINT32_LE( key, 12 ) & 0x0FFFFFFCU; + ctx->r[0] = MBEDTLS_GET_UINT32_LE(key, 0) & 0x0FFFFFFFU; + ctx->r[1] = MBEDTLS_GET_UINT32_LE(key, 4) & 0x0FFFFFFCU; + ctx->r[2] = MBEDTLS_GET_UINT32_LE(key, 8) & 0x0FFFFFFCU; + ctx->r[3] = MBEDTLS_GET_UINT32_LE(key, 12) & 0x0FFFFFFCU; - ctx->s[0] = MBEDTLS_GET_UINT32_LE( key, 16 ); - ctx->s[1] = MBEDTLS_GET_UINT32_LE( key, 20 ); - ctx->s[2] = MBEDTLS_GET_UINT32_LE( key, 24 ); - ctx->s[3] = MBEDTLS_GET_UINT32_LE( key, 28 ); + ctx->s[0] = MBEDTLS_GET_UINT32_LE(key, 16); + ctx->s[1] = MBEDTLS_GET_UINT32_LE(key, 20); + ctx->s[2] = MBEDTLS_GET_UINT32_LE(key, 24); + ctx->s[3] = MBEDTLS_GET_UINT32_LE(key, 28); /* Initial accumulator state */ ctx->acc[0] = 0U; @@ -284,129 +284,124 @@ int mbedtls_poly1305_starts( mbedtls_poly1305_context *ctx, ctx->acc[4] = 0U; /* Queue initially empty */ - mbedtls_platform_zeroize( ctx->queue, sizeof( ctx->queue ) ); + mbedtls_platform_zeroize(ctx->queue, sizeof(ctx->queue)); ctx->queue_len = 0U; - return( 0 ); + return 0; } -int mbedtls_poly1305_update( mbedtls_poly1305_context *ctx, - const unsigned char *input, - size_t ilen ) +int mbedtls_poly1305_update(mbedtls_poly1305_context *ctx, + const unsigned char *input, + size_t ilen) { size_t offset = 0U; size_t remaining = ilen; size_t queue_free_len; size_t nblocks; - POLY1305_VALIDATE_RET( ctx != NULL ); - POLY1305_VALIDATE_RET( ilen == 0 || input != NULL ); + POLY1305_VALIDATE_RET(ctx != NULL); + POLY1305_VALIDATE_RET(ilen == 0 || input != NULL); - if( ( remaining > 0U ) && ( ctx->queue_len > 0U ) ) - { - queue_free_len = ( POLY1305_BLOCK_SIZE_BYTES - ctx->queue_len ); + if ((remaining > 0U) && (ctx->queue_len > 0U)) { + queue_free_len = (POLY1305_BLOCK_SIZE_BYTES - ctx->queue_len); - if( ilen < queue_free_len ) - { + if (ilen < queue_free_len) { /* Not enough data to complete the block. * Store this data with the other leftovers. */ - memcpy( &ctx->queue[ctx->queue_len], - input, - ilen ); + memcpy(&ctx->queue[ctx->queue_len], + input, + ilen); ctx->queue_len += ilen; remaining = 0U; - } - else - { + } else { /* Enough data to produce a complete block */ - memcpy( &ctx->queue[ctx->queue_len], - input, - queue_free_len ); + memcpy(&ctx->queue[ctx->queue_len], + input, + queue_free_len); ctx->queue_len = 0U; - poly1305_process( ctx, 1U, ctx->queue, 1U ); /* add padding bit */ + poly1305_process(ctx, 1U, ctx->queue, 1U); /* add padding bit */ offset += queue_free_len; remaining -= queue_free_len; } } - if( remaining >= POLY1305_BLOCK_SIZE_BYTES ) - { + if (remaining >= POLY1305_BLOCK_SIZE_BYTES) { nblocks = remaining / POLY1305_BLOCK_SIZE_BYTES; - poly1305_process( ctx, nblocks, &input[offset], 1U ); + poly1305_process(ctx, nblocks, &input[offset], 1U); offset += nblocks * POLY1305_BLOCK_SIZE_BYTES; remaining %= POLY1305_BLOCK_SIZE_BYTES; } - if( remaining > 0U ) - { + if (remaining > 0U) { /* Store partial block */ ctx->queue_len = remaining; - memcpy( ctx->queue, &input[offset], remaining ); + memcpy(ctx->queue, &input[offset], remaining); } - return( 0 ); + return 0; } -int mbedtls_poly1305_finish( mbedtls_poly1305_context *ctx, - unsigned char mac[16] ) +int mbedtls_poly1305_finish(mbedtls_poly1305_context *ctx, + unsigned char mac[16]) { - POLY1305_VALIDATE_RET( ctx != NULL ); - POLY1305_VALIDATE_RET( mac != NULL ); + POLY1305_VALIDATE_RET(ctx != NULL); + POLY1305_VALIDATE_RET(mac != NULL); /* Process any leftover data */ - if( ctx->queue_len > 0U ) - { + if (ctx->queue_len > 0U) { /* Add padding bit */ ctx->queue[ctx->queue_len] = 1U; ctx->queue_len++; /* Pad with zeroes */ - memset( &ctx->queue[ctx->queue_len], - 0, - POLY1305_BLOCK_SIZE_BYTES - ctx->queue_len ); + memset(&ctx->queue[ctx->queue_len], + 0, + POLY1305_BLOCK_SIZE_BYTES - ctx->queue_len); - poly1305_process( ctx, 1U, /* Process 1 block */ - ctx->queue, 0U ); /* Already padded above */ + poly1305_process(ctx, 1U, /* Process 1 block */ + ctx->queue, 0U); /* Already padded above */ } - poly1305_compute_mac( ctx, mac ); + poly1305_compute_mac(ctx, mac); - return( 0 ); + return 0; } -int mbedtls_poly1305_mac( const unsigned char key[32], - const unsigned char *input, - size_t ilen, - unsigned char mac[16] ) +int mbedtls_poly1305_mac(const unsigned char key[32], + const unsigned char *input, + size_t ilen, + unsigned char mac[16]) { mbedtls_poly1305_context ctx; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - POLY1305_VALIDATE_RET( key != NULL ); - POLY1305_VALIDATE_RET( mac != NULL ); - POLY1305_VALIDATE_RET( ilen == 0 || input != NULL ); + POLY1305_VALIDATE_RET(key != NULL); + POLY1305_VALIDATE_RET(mac != NULL); + POLY1305_VALIDATE_RET(ilen == 0 || input != NULL); - mbedtls_poly1305_init( &ctx ); + mbedtls_poly1305_init(&ctx); - ret = mbedtls_poly1305_starts( &ctx, key ); - if( ret != 0 ) + ret = mbedtls_poly1305_starts(&ctx, key); + if (ret != 0) { goto cleanup; + } - ret = mbedtls_poly1305_update( &ctx, input, ilen ); - if( ret != 0 ) + ret = mbedtls_poly1305_update(&ctx, input, ilen); + if (ret != 0) { goto cleanup; + } - ret = mbedtls_poly1305_finish( &ctx, mac ); + ret = mbedtls_poly1305_finish(&ctx, mac); cleanup: - mbedtls_poly1305_free( &ctx ); - return( ret ); + mbedtls_poly1305_free(&ctx); + return ret; } #endif /* MBEDTLS_POLY1305_ALT */ @@ -479,46 +474,48 @@ static const unsigned char test_mac[2][16] = /* Make sure no other definition is already present. */ #undef ASSERT -#define ASSERT( cond, args ) \ +#define ASSERT(cond, args) \ do \ { \ - if( ! ( cond ) ) \ + if (!(cond)) \ { \ - if( verbose != 0 ) \ - mbedtls_printf args; \ + if (verbose != 0) \ + mbedtls_printf args; \ \ - return( -1 ); \ + return -1; \ } \ } \ - while( 0 ) + while (0) -int mbedtls_poly1305_self_test( int verbose ) +int mbedtls_poly1305_self_test(int verbose) { unsigned char mac[16]; unsigned i; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - for( i = 0U; i < 2U; i++ ) - { - if( verbose != 0 ) - mbedtls_printf( " Poly1305 test %u ", i ); + for (i = 0U; i < 2U; i++) { + if (verbose != 0) { + mbedtls_printf(" Poly1305 test %u ", i); + } - ret = mbedtls_poly1305_mac( test_keys[i], - test_data[i], - test_data_len[i], - mac ); - ASSERT( 0 == ret, ( "error code: %i\n", ret ) ); + ret = mbedtls_poly1305_mac(test_keys[i], + test_data[i], + test_data_len[i], + mac); + ASSERT(0 == ret, ("error code: %i\n", ret)); - ASSERT( 0 == memcmp( mac, test_mac[i], 16U ), ( "failed (mac)\n" ) ); + ASSERT(0 == memcmp(mac, test_mac[i], 16U), ("failed (mac)\n")); - if( verbose != 0 ) - mbedtls_printf( "passed\n" ); + if (verbose != 0) { + mbedtls_printf("passed\n"); + } } - if( verbose != 0 ) - mbedtls_printf( "\n" ); + if (verbose != 0) { + mbedtls_printf("\n"); + } - return( 0 ); + return 0; } #endif /* MBEDTLS_SELF_TEST */ diff --git a/thirdparty/mbedtls/library/ripemd160.c b/thirdparty/mbedtls/library/ripemd160.c index 55e259e192..a2e11cdf08 100644 --- a/thirdparty/mbedtls/library/ripemd160.c +++ b/thirdparty/mbedtls/library/ripemd160.c @@ -37,21 +37,22 @@ #if !defined(MBEDTLS_RIPEMD160_ALT) -void mbedtls_ripemd160_init( mbedtls_ripemd160_context *ctx ) +void mbedtls_ripemd160_init(mbedtls_ripemd160_context *ctx) { - memset( ctx, 0, sizeof( mbedtls_ripemd160_context ) ); + memset(ctx, 0, sizeof(mbedtls_ripemd160_context)); } -void mbedtls_ripemd160_free( mbedtls_ripemd160_context *ctx ) +void mbedtls_ripemd160_free(mbedtls_ripemd160_context *ctx) { - if( ctx == NULL ) + if (ctx == NULL) { return; + } - mbedtls_platform_zeroize( ctx, sizeof( mbedtls_ripemd160_context ) ); + mbedtls_platform_zeroize(ctx, sizeof(mbedtls_ripemd160_context)); } -void mbedtls_ripemd160_clone( mbedtls_ripemd160_context *dst, - const mbedtls_ripemd160_context *src ) +void mbedtls_ripemd160_clone(mbedtls_ripemd160_context *dst, + const mbedtls_ripemd160_context *src) { *dst = *src; } @@ -59,7 +60,7 @@ void mbedtls_ripemd160_clone( mbedtls_ripemd160_context *dst, /* * RIPEMD-160 context setup */ -int mbedtls_ripemd160_starts_ret( mbedtls_ripemd160_context *ctx ) +int mbedtls_ripemd160_starts_ret(mbedtls_ripemd160_context *ctx) { ctx->total[0] = 0; ctx->total[1] = 0; @@ -70,13 +71,13 @@ int mbedtls_ripemd160_starts_ret( mbedtls_ripemd160_context *ctx ) ctx->state[3] = 0x10325476; ctx->state[4] = 0xC3D2E1F0; - return( 0 ); + return 0; } #if !defined(MBEDTLS_DEPRECATED_REMOVED) -void mbedtls_ripemd160_starts( mbedtls_ripemd160_context *ctx ) +void mbedtls_ripemd160_starts(mbedtls_ripemd160_context *ctx) { - mbedtls_ripemd160_starts_ret( ctx ); + mbedtls_ripemd160_starts_ret(ctx); } #endif @@ -84,30 +85,29 @@ void mbedtls_ripemd160_starts( mbedtls_ripemd160_context *ctx ) /* * Process one block */ -int mbedtls_internal_ripemd160_process( mbedtls_ripemd160_context *ctx, - const unsigned char data[64] ) +int mbedtls_internal_ripemd160_process(mbedtls_ripemd160_context *ctx, + const unsigned char data[64]) { - struct - { + struct { uint32_t A, B, C, D, E, Ap, Bp, Cp, Dp, Ep, X[16]; } local; - local.X[ 0] = MBEDTLS_GET_UINT32_LE( data, 0 ); - local.X[ 1] = MBEDTLS_GET_UINT32_LE( data, 4 ); - local.X[ 2] = MBEDTLS_GET_UINT32_LE( data, 8 ); - local.X[ 3] = MBEDTLS_GET_UINT32_LE( data, 12 ); - local.X[ 4] = MBEDTLS_GET_UINT32_LE( data, 16 ); - local.X[ 5] = MBEDTLS_GET_UINT32_LE( data, 20 ); - local.X[ 6] = MBEDTLS_GET_UINT32_LE( data, 24 ); - local.X[ 7] = MBEDTLS_GET_UINT32_LE( data, 28 ); - local.X[ 8] = MBEDTLS_GET_UINT32_LE( data, 32 ); - local.X[ 9] = MBEDTLS_GET_UINT32_LE( data, 36 ); - local.X[10] = MBEDTLS_GET_UINT32_LE( data, 40 ); - local.X[11] = MBEDTLS_GET_UINT32_LE( data, 44 ); - local.X[12] = MBEDTLS_GET_UINT32_LE( data, 48 ); - local.X[13] = MBEDTLS_GET_UINT32_LE( data, 52 ); - local.X[14] = MBEDTLS_GET_UINT32_LE( data, 56 ); - local.X[15] = MBEDTLS_GET_UINT32_LE( data, 60 ); + local.X[0] = MBEDTLS_GET_UINT32_LE(data, 0); + local.X[1] = MBEDTLS_GET_UINT32_LE(data, 4); + local.X[2] = MBEDTLS_GET_UINT32_LE(data, 8); + local.X[3] = MBEDTLS_GET_UINT32_LE(data, 12); + local.X[4] = MBEDTLS_GET_UINT32_LE(data, 16); + local.X[5] = MBEDTLS_GET_UINT32_LE(data, 20); + local.X[6] = MBEDTLS_GET_UINT32_LE(data, 24); + local.X[7] = MBEDTLS_GET_UINT32_LE(data, 28); + local.X[8] = MBEDTLS_GET_UINT32_LE(data, 32); + local.X[9] = MBEDTLS_GET_UINT32_LE(data, 36); + local.X[10] = MBEDTLS_GET_UINT32_LE(data, 40); + local.X[11] = MBEDTLS_GET_UINT32_LE(data, 44); + local.X[12] = MBEDTLS_GET_UINT32_LE(data, 48); + local.X[13] = MBEDTLS_GET_UINT32_LE(data, 52); + local.X[14] = MBEDTLS_GET_UINT32_LE(data, 56); + local.X[15] = MBEDTLS_GET_UINT32_LE(data, 60); local.A = local.Ap = ctx->state[0]; local.B = local.Bp = ctx->state[1]; @@ -115,50 +115,50 @@ int mbedtls_internal_ripemd160_process( mbedtls_ripemd160_context *ctx, local.D = local.Dp = ctx->state[3]; local.E = local.Ep = ctx->state[4]; -#define F1( x, y, z ) ( (x) ^ (y) ^ (z) ) -#define F2( x, y, z ) ( ( (x) & (y) ) | ( ~(x) & (z) ) ) -#define F3( x, y, z ) ( ( (x) | ~(y) ) ^ (z) ) -#define F4( x, y, z ) ( ( (x) & (z) ) | ( (y) & ~(z) ) ) -#define F5( x, y, z ) ( (x) ^ ( (y) | ~(z) ) ) +#define F1(x, y, z) ((x) ^ (y) ^ (z)) +#define F2(x, y, z) (((x) & (y)) | (~(x) & (z))) +#define F3(x, y, z) (((x) | ~(y)) ^ (z)) +#define F4(x, y, z) (((x) & (z)) | ((y) & ~(z))) +#define F5(x, y, z) ((x) ^ ((y) | ~(z))) -#define S( x, n ) ( ( (x) << (n) ) | ( (x) >> (32 - (n)) ) ) +#define S(x, n) (((x) << (n)) | ((x) >> (32 - (n)))) -#define P( a, b, c, d, e, r, s, f, k ) \ +#define P(a, b, c, d, e, r, s, f, k) \ do \ { \ - (a) += f( (b), (c), (d) ) + local.X[r] + (k); \ - (a) = S( (a), (s) ) + (e); \ - (c) = S( (c), 10 ); \ - } while( 0 ) + (a) += f((b), (c), (d)) + local.X[r] + (k); \ + (a) = S((a), (s)) + (e); \ + (c) = S((c), 10); \ + } while (0) -#define P2( a, b, c, d, e, r, s, rp, sp ) \ +#define P2(a, b, c, d, e, r, s, rp, sp) \ do \ { \ - P( (a), (b), (c), (d), (e), (r), (s), F, K ); \ - P( a ## p, b ## p, c ## p, d ## p, e ## p, \ - (rp), (sp), Fp, Kp ); \ - } while( 0 ) + P((a), (b), (c), (d), (e), (r), (s), F, K); \ + P(a ## p, b ## p, c ## p, d ## p, e ## p, \ + (rp), (sp), Fp, Kp); \ + } while (0) #define F F1 #define K 0x00000000 #define Fp F5 #define Kp 0x50A28BE6 - P2( local.A, local.B, local.C, local.D, local.E, 0, 11, 5, 8 ); - P2( local.E, local.A, local.B, local.C, local.D, 1, 14, 14, 9 ); - P2( local.D, local.E, local.A, local.B, local.C, 2, 15, 7, 9 ); - P2( local.C, local.D, local.E, local.A, local.B, 3, 12, 0, 11 ); - P2( local.B, local.C, local.D, local.E, local.A, 4, 5, 9, 13 ); - P2( local.A, local.B, local.C, local.D, local.E, 5, 8, 2, 15 ); - P2( local.E, local.A, local.B, local.C, local.D, 6, 7, 11, 15 ); - P2( local.D, local.E, local.A, local.B, local.C, 7, 9, 4, 5 ); - P2( local.C, local.D, local.E, local.A, local.B, 8, 11, 13, 7 ); - P2( local.B, local.C, local.D, local.E, local.A, 9, 13, 6, 7 ); - P2( local.A, local.B, local.C, local.D, local.E, 10, 14, 15, 8 ); - P2( local.E, local.A, local.B, local.C, local.D, 11, 15, 8, 11 ); - P2( local.D, local.E, local.A, local.B, local.C, 12, 6, 1, 14 ); - P2( local.C, local.D, local.E, local.A, local.B, 13, 7, 10, 14 ); - P2( local.B, local.C, local.D, local.E, local.A, 14, 9, 3, 12 ); - P2( local.A, local.B, local.C, local.D, local.E, 15, 8, 12, 6 ); + P2(local.A, local.B, local.C, local.D, local.E, 0, 11, 5, 8); + P2(local.E, local.A, local.B, local.C, local.D, 1, 14, 14, 9); + P2(local.D, local.E, local.A, local.B, local.C, 2, 15, 7, 9); + P2(local.C, local.D, local.E, local.A, local.B, 3, 12, 0, 11); + P2(local.B, local.C, local.D, local.E, local.A, 4, 5, 9, 13); + P2(local.A, local.B, local.C, local.D, local.E, 5, 8, 2, 15); + P2(local.E, local.A, local.B, local.C, local.D, 6, 7, 11, 15); + P2(local.D, local.E, local.A, local.B, local.C, 7, 9, 4, 5); + P2(local.C, local.D, local.E, local.A, local.B, 8, 11, 13, 7); + P2(local.B, local.C, local.D, local.E, local.A, 9, 13, 6, 7); + P2(local.A, local.B, local.C, local.D, local.E, 10, 14, 15, 8); + P2(local.E, local.A, local.B, local.C, local.D, 11, 15, 8, 11); + P2(local.D, local.E, local.A, local.B, local.C, 12, 6, 1, 14); + P2(local.C, local.D, local.E, local.A, local.B, 13, 7, 10, 14); + P2(local.B, local.C, local.D, local.E, local.A, 14, 9, 3, 12); + P2(local.A, local.B, local.C, local.D, local.E, 15, 8, 12, 6); #undef F #undef K #undef Fp @@ -168,22 +168,22 @@ int mbedtls_internal_ripemd160_process( mbedtls_ripemd160_context *ctx, #define K 0x5A827999 #define Fp F4 #define Kp 0x5C4DD124 - P2( local.E, local.A, local.B, local.C, local.D, 7, 7, 6, 9 ); - P2( local.D, local.E, local.A, local.B, local.C, 4, 6, 11, 13 ); - P2( local.C, local.D, local.E, local.A, local.B, 13, 8, 3, 15 ); - P2( local.B, local.C, local.D, local.E, local.A, 1, 13, 7, 7 ); - P2( local.A, local.B, local.C, local.D, local.E, 10, 11, 0, 12 ); - P2( local.E, local.A, local.B, local.C, local.D, 6, 9, 13, 8 ); - P2( local.D, local.E, local.A, local.B, local.C, 15, 7, 5, 9 ); - P2( local.C, local.D, local.E, local.A, local.B, 3, 15, 10, 11 ); - P2( local.B, local.C, local.D, local.E, local.A, 12, 7, 14, 7 ); - P2( local.A, local.B, local.C, local.D, local.E, 0, 12, 15, 7 ); - P2( local.E, local.A, local.B, local.C, local.D, 9, 15, 8, 12 ); - P2( local.D, local.E, local.A, local.B, local.C, 5, 9, 12, 7 ); - P2( local.C, local.D, local.E, local.A, local.B, 2, 11, 4, 6 ); - P2( local.B, local.C, local.D, local.E, local.A, 14, 7, 9, 15 ); - P2( local.A, local.B, local.C, local.D, local.E, 11, 13, 1, 13 ); - P2( local.E, local.A, local.B, local.C, local.D, 8, 12, 2, 11 ); + P2(local.E, local.A, local.B, local.C, local.D, 7, 7, 6, 9); + P2(local.D, local.E, local.A, local.B, local.C, 4, 6, 11, 13); + P2(local.C, local.D, local.E, local.A, local.B, 13, 8, 3, 15); + P2(local.B, local.C, local.D, local.E, local.A, 1, 13, 7, 7); + P2(local.A, local.B, local.C, local.D, local.E, 10, 11, 0, 12); + P2(local.E, local.A, local.B, local.C, local.D, 6, 9, 13, 8); + P2(local.D, local.E, local.A, local.B, local.C, 15, 7, 5, 9); + P2(local.C, local.D, local.E, local.A, local.B, 3, 15, 10, 11); + P2(local.B, local.C, local.D, local.E, local.A, 12, 7, 14, 7); + P2(local.A, local.B, local.C, local.D, local.E, 0, 12, 15, 7); + P2(local.E, local.A, local.B, local.C, local.D, 9, 15, 8, 12); + P2(local.D, local.E, local.A, local.B, local.C, 5, 9, 12, 7); + P2(local.C, local.D, local.E, local.A, local.B, 2, 11, 4, 6); + P2(local.B, local.C, local.D, local.E, local.A, 14, 7, 9, 15); + P2(local.A, local.B, local.C, local.D, local.E, 11, 13, 1, 13); + P2(local.E, local.A, local.B, local.C, local.D, 8, 12, 2, 11); #undef F #undef K #undef Fp @@ -193,22 +193,22 @@ int mbedtls_internal_ripemd160_process( mbedtls_ripemd160_context *ctx, #define K 0x6ED9EBA1 #define Fp F3 #define Kp 0x6D703EF3 - P2( local.D, local.E, local.A, local.B, local.C, 3, 11, 15, 9 ); - P2( local.C, local.D, local.E, local.A, local.B, 10, 13, 5, 7 ); - P2( local.B, local.C, local.D, local.E, local.A, 14, 6, 1, 15 ); - P2( local.A, local.B, local.C, local.D, local.E, 4, 7, 3, 11 ); - P2( local.E, local.A, local.B, local.C, local.D, 9, 14, 7, 8 ); - P2( local.D, local.E, local.A, local.B, local.C, 15, 9, 14, 6 ); - P2( local.C, local.D, local.E, local.A, local.B, 8, 13, 6, 6 ); - P2( local.B, local.C, local.D, local.E, local.A, 1, 15, 9, 14 ); - P2( local.A, local.B, local.C, local.D, local.E, 2, 14, 11, 12 ); - P2( local.E, local.A, local.B, local.C, local.D, 7, 8, 8, 13 ); - P2( local.D, local.E, local.A, local.B, local.C, 0, 13, 12, 5 ); - P2( local.C, local.D, local.E, local.A, local.B, 6, 6, 2, 14 ); - P2( local.B, local.C, local.D, local.E, local.A, 13, 5, 10, 13 ); - P2( local.A, local.B, local.C, local.D, local.E, 11, 12, 0, 13 ); - P2( local.E, local.A, local.B, local.C, local.D, 5, 7, 4, 7 ); - P2( local.D, local.E, local.A, local.B, local.C, 12, 5, 13, 5 ); + P2(local.D, local.E, local.A, local.B, local.C, 3, 11, 15, 9); + P2(local.C, local.D, local.E, local.A, local.B, 10, 13, 5, 7); + P2(local.B, local.C, local.D, local.E, local.A, 14, 6, 1, 15); + P2(local.A, local.B, local.C, local.D, local.E, 4, 7, 3, 11); + P2(local.E, local.A, local.B, local.C, local.D, 9, 14, 7, 8); + P2(local.D, local.E, local.A, local.B, local.C, 15, 9, 14, 6); + P2(local.C, local.D, local.E, local.A, local.B, 8, 13, 6, 6); + P2(local.B, local.C, local.D, local.E, local.A, 1, 15, 9, 14); + P2(local.A, local.B, local.C, local.D, local.E, 2, 14, 11, 12); + P2(local.E, local.A, local.B, local.C, local.D, 7, 8, 8, 13); + P2(local.D, local.E, local.A, local.B, local.C, 0, 13, 12, 5); + P2(local.C, local.D, local.E, local.A, local.B, 6, 6, 2, 14); + P2(local.B, local.C, local.D, local.E, local.A, 13, 5, 10, 13); + P2(local.A, local.B, local.C, local.D, local.E, 11, 12, 0, 13); + P2(local.E, local.A, local.B, local.C, local.D, 5, 7, 4, 7); + P2(local.D, local.E, local.A, local.B, local.C, 12, 5, 13, 5); #undef F #undef K #undef Fp @@ -218,22 +218,22 @@ int mbedtls_internal_ripemd160_process( mbedtls_ripemd160_context *ctx, #define K 0x8F1BBCDC #define Fp F2 #define Kp 0x7A6D76E9 - P2( local.C, local.D, local.E, local.A, local.B, 1, 11, 8, 15 ); - P2( local.B, local.C, local.D, local.E, local.A, 9, 12, 6, 5 ); - P2( local.A, local.B, local.C, local.D, local.E, 11, 14, 4, 8 ); - P2( local.E, local.A, local.B, local.C, local.D, 10, 15, 1, 11 ); - P2( local.D, local.E, local.A, local.B, local.C, 0, 14, 3, 14 ); - P2( local.C, local.D, local.E, local.A, local.B, 8, 15, 11, 14 ); - P2( local.B, local.C, local.D, local.E, local.A, 12, 9, 15, 6 ); - P2( local.A, local.B, local.C, local.D, local.E, 4, 8, 0, 14 ); - P2( local.E, local.A, local.B, local.C, local.D, 13, 9, 5, 6 ); - P2( local.D, local.E, local.A, local.B, local.C, 3, 14, 12, 9 ); - P2( local.C, local.D, local.E, local.A, local.B, 7, 5, 2, 12 ); - P2( local.B, local.C, local.D, local.E, local.A, 15, 6, 13, 9 ); - P2( local.A, local.B, local.C, local.D, local.E, 14, 8, 9, 12 ); - P2( local.E, local.A, local.B, local.C, local.D, 5, 6, 7, 5 ); - P2( local.D, local.E, local.A, local.B, local.C, 6, 5, 10, 15 ); - P2( local.C, local.D, local.E, local.A, local.B, 2, 12, 14, 8 ); + P2(local.C, local.D, local.E, local.A, local.B, 1, 11, 8, 15); + P2(local.B, local.C, local.D, local.E, local.A, 9, 12, 6, 5); + P2(local.A, local.B, local.C, local.D, local.E, 11, 14, 4, 8); + P2(local.E, local.A, local.B, local.C, local.D, 10, 15, 1, 11); + P2(local.D, local.E, local.A, local.B, local.C, 0, 14, 3, 14); + P2(local.C, local.D, local.E, local.A, local.B, 8, 15, 11, 14); + P2(local.B, local.C, local.D, local.E, local.A, 12, 9, 15, 6); + P2(local.A, local.B, local.C, local.D, local.E, 4, 8, 0, 14); + P2(local.E, local.A, local.B, local.C, local.D, 13, 9, 5, 6); + P2(local.D, local.E, local.A, local.B, local.C, 3, 14, 12, 9); + P2(local.C, local.D, local.E, local.A, local.B, 7, 5, 2, 12); + P2(local.B, local.C, local.D, local.E, local.A, 15, 6, 13, 9); + P2(local.A, local.B, local.C, local.D, local.E, 14, 8, 9, 12); + P2(local.E, local.A, local.B, local.C, local.D, 5, 6, 7, 5); + P2(local.D, local.E, local.A, local.B, local.C, 6, 5, 10, 15); + P2(local.C, local.D, local.E, local.A, local.B, 2, 12, 14, 8); #undef F #undef K #undef Fp @@ -243,22 +243,22 @@ int mbedtls_internal_ripemd160_process( mbedtls_ripemd160_context *ctx, #define K 0xA953FD4E #define Fp F1 #define Kp 0x00000000 - P2( local.B, local.C, local.D, local.E, local.A, 4, 9, 12, 8 ); - P2( local.A, local.B, local.C, local.D, local.E, 0, 15, 15, 5 ); - P2( local.E, local.A, local.B, local.C, local.D, 5, 5, 10, 12 ); - P2( local.D, local.E, local.A, local.B, local.C, 9, 11, 4, 9 ); - P2( local.C, local.D, local.E, local.A, local.B, 7, 6, 1, 12 ); - P2( local.B, local.C, local.D, local.E, local.A, 12, 8, 5, 5 ); - P2( local.A, local.B, local.C, local.D, local.E, 2, 13, 8, 14 ); - P2( local.E, local.A, local.B, local.C, local.D, 10, 12, 7, 6 ); - P2( local.D, local.E, local.A, local.B, local.C, 14, 5, 6, 8 ); - P2( local.C, local.D, local.E, local.A, local.B, 1, 12, 2, 13 ); - P2( local.B, local.C, local.D, local.E, local.A, 3, 13, 13, 6 ); - P2( local.A, local.B, local.C, local.D, local.E, 8, 14, 14, 5 ); - P2( local.E, local.A, local.B, local.C, local.D, 11, 11, 0, 15 ); - P2( local.D, local.E, local.A, local.B, local.C, 6, 8, 3, 13 ); - P2( local.C, local.D, local.E, local.A, local.B, 15, 5, 9, 11 ); - P2( local.B, local.C, local.D, local.E, local.A, 13, 6, 11, 11 ); + P2(local.B, local.C, local.D, local.E, local.A, 4, 9, 12, 8); + P2(local.A, local.B, local.C, local.D, local.E, 0, 15, 15, 5); + P2(local.E, local.A, local.B, local.C, local.D, 5, 5, 10, 12); + P2(local.D, local.E, local.A, local.B, local.C, 9, 11, 4, 9); + P2(local.C, local.D, local.E, local.A, local.B, 7, 6, 1, 12); + P2(local.B, local.C, local.D, local.E, local.A, 12, 8, 5, 5); + P2(local.A, local.B, local.C, local.D, local.E, 2, 13, 8, 14); + P2(local.E, local.A, local.B, local.C, local.D, 10, 12, 7, 6); + P2(local.D, local.E, local.A, local.B, local.C, 14, 5, 6, 8); + P2(local.C, local.D, local.E, local.A, local.B, 1, 12, 2, 13); + P2(local.B, local.C, local.D, local.E, local.A, 3, 13, 13, 6); + P2(local.A, local.B, local.C, local.D, local.E, 8, 14, 14, 5); + P2(local.E, local.A, local.B, local.C, local.D, 11, 11, 0, 15); + P2(local.D, local.E, local.A, local.B, local.C, 6, 8, 3, 13); + P2(local.C, local.D, local.E, local.A, local.B, 15, 5, 9, 11); + P2(local.B, local.C, local.D, local.E, local.A, 13, 6, 11, 11); #undef F #undef K #undef Fp @@ -272,16 +272,16 @@ int mbedtls_internal_ripemd160_process( mbedtls_ripemd160_context *ctx, ctx->state[0] = local.C; /* Zeroise variables to clear sensitive data from memory. */ - mbedtls_platform_zeroize( &local, sizeof( local ) ); + mbedtls_platform_zeroize(&local, sizeof(local)); - return( 0 ); + return 0; } #if !defined(MBEDTLS_DEPRECATED_REMOVED) -void mbedtls_ripemd160_process( mbedtls_ripemd160_context *ctx, - const unsigned char data[64] ) +void mbedtls_ripemd160_process(mbedtls_ripemd160_context *ctx, + const unsigned char data[64]) { - mbedtls_internal_ripemd160_process( ctx, data ); + mbedtls_internal_ripemd160_process(ctx, data); } #endif #endif /* !MBEDTLS_RIPEMD160_PROCESS_ALT */ @@ -289,16 +289,17 @@ void mbedtls_ripemd160_process( mbedtls_ripemd160_context *ctx, /* * RIPEMD-160 process buffer */ -int mbedtls_ripemd160_update_ret( mbedtls_ripemd160_context *ctx, - const unsigned char *input, - size_t ilen ) +int mbedtls_ripemd160_update_ret(mbedtls_ripemd160_context *ctx, + const unsigned char *input, + size_t ilen) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t fill; uint32_t left; - if( ilen == 0 ) - return( 0 ); + if (ilen == 0) { + return 0; + } left = ctx->total[0] & 0x3F; fill = 64 - left; @@ -306,50 +307,50 @@ int mbedtls_ripemd160_update_ret( mbedtls_ripemd160_context *ctx, ctx->total[0] += (uint32_t) ilen; ctx->total[0] &= 0xFFFFFFFF; - if( ctx->total[0] < (uint32_t) ilen ) + if (ctx->total[0] < (uint32_t) ilen) { ctx->total[1]++; + } - if( left && ilen >= fill ) - { - memcpy( (void *) (ctx->buffer + left), input, fill ); + if (left && ilen >= fill) { + memcpy((void *) (ctx->buffer + left), input, fill); - if( ( ret = mbedtls_internal_ripemd160_process( ctx, ctx->buffer ) ) != 0 ) - return( ret ); + if ((ret = mbedtls_internal_ripemd160_process(ctx, ctx->buffer)) != 0) { + return ret; + } input += fill; ilen -= fill; left = 0; } - while( ilen >= 64 ) - { - if( ( ret = mbedtls_internal_ripemd160_process( ctx, input ) ) != 0 ) - return( ret ); + while (ilen >= 64) { + if ((ret = mbedtls_internal_ripemd160_process(ctx, input)) != 0) { + return ret; + } input += 64; ilen -= 64; } - if( ilen > 0 ) - { - memcpy( (void *) (ctx->buffer + left), input, ilen ); + if (ilen > 0) { + memcpy((void *) (ctx->buffer + left), input, ilen); } - return( 0 ); + return 0; } #if !defined(MBEDTLS_DEPRECATED_REMOVED) -void mbedtls_ripemd160_update( mbedtls_ripemd160_context *ctx, - const unsigned char *input, - size_t ilen ) +void mbedtls_ripemd160_update(mbedtls_ripemd160_context *ctx, + const unsigned char *input, + size_t ilen) { - mbedtls_ripemd160_update_ret( ctx, input, ilen ); + mbedtls_ripemd160_update_ret(ctx, input, ilen); } #endif static const unsigned char ripemd160_padding[64] = { - 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 @@ -358,46 +359,48 @@ static const unsigned char ripemd160_padding[64] = /* * RIPEMD-160 final digest */ -int mbedtls_ripemd160_finish_ret( mbedtls_ripemd160_context *ctx, - unsigned char output[20] ) +int mbedtls_ripemd160_finish_ret(mbedtls_ripemd160_context *ctx, + unsigned char output[20]) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; uint32_t last, padn; uint32_t high, low; unsigned char msglen[8]; - high = ( ctx->total[0] >> 29 ) - | ( ctx->total[1] << 3 ); - low = ( ctx->total[0] << 3 ); + high = (ctx->total[0] >> 29) + | (ctx->total[1] << 3); + low = (ctx->total[0] << 3); - MBEDTLS_PUT_UINT32_LE( low, msglen, 0 ); - MBEDTLS_PUT_UINT32_LE( high, msglen, 4 ); + MBEDTLS_PUT_UINT32_LE(low, msglen, 0); + MBEDTLS_PUT_UINT32_LE(high, msglen, 4); last = ctx->total[0] & 0x3F; - padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last ); + padn = (last < 56) ? (56 - last) : (120 - last); - ret = mbedtls_ripemd160_update_ret( ctx, ripemd160_padding, padn ); - if( ret != 0 ) - return( ret ); + ret = mbedtls_ripemd160_update_ret(ctx, ripemd160_padding, padn); + if (ret != 0) { + return ret; + } - ret = mbedtls_ripemd160_update_ret( ctx, msglen, 8 ); - if( ret != 0 ) - return( ret ); + ret = mbedtls_ripemd160_update_ret(ctx, msglen, 8); + if (ret != 0) { + return ret; + } - MBEDTLS_PUT_UINT32_LE( ctx->state[0], output, 0 ); - MBEDTLS_PUT_UINT32_LE( ctx->state[1], output, 4 ); - MBEDTLS_PUT_UINT32_LE( ctx->state[2], output, 8 ); - MBEDTLS_PUT_UINT32_LE( ctx->state[3], output, 12 ); - MBEDTLS_PUT_UINT32_LE( ctx->state[4], output, 16 ); + MBEDTLS_PUT_UINT32_LE(ctx->state[0], output, 0); + MBEDTLS_PUT_UINT32_LE(ctx->state[1], output, 4); + MBEDTLS_PUT_UINT32_LE(ctx->state[2], output, 8); + MBEDTLS_PUT_UINT32_LE(ctx->state[3], output, 12); + MBEDTLS_PUT_UINT32_LE(ctx->state[4], output, 16); - return( 0 ); + return 0; } #if !defined(MBEDTLS_DEPRECATED_REMOVED) -void mbedtls_ripemd160_finish( mbedtls_ripemd160_context *ctx, - unsigned char output[20] ) +void mbedtls_ripemd160_finish(mbedtls_ripemd160_context *ctx, + unsigned char output[20]) { - mbedtls_ripemd160_finish_ret( ctx, output ); + mbedtls_ripemd160_finish_ret(ctx, output); } #endif @@ -406,36 +409,39 @@ void mbedtls_ripemd160_finish( mbedtls_ripemd160_context *ctx, /* * output = RIPEMD-160( input buffer ) */ -int mbedtls_ripemd160_ret( const unsigned char *input, - size_t ilen, - unsigned char output[20] ) +int mbedtls_ripemd160_ret(const unsigned char *input, + size_t ilen, + unsigned char output[20]) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_ripemd160_context ctx; - mbedtls_ripemd160_init( &ctx ); + mbedtls_ripemd160_init(&ctx); - if( ( ret = mbedtls_ripemd160_starts_ret( &ctx ) ) != 0 ) + if ((ret = mbedtls_ripemd160_starts_ret(&ctx)) != 0) { goto exit; + } - if( ( ret = mbedtls_ripemd160_update_ret( &ctx, input, ilen ) ) != 0 ) + if ((ret = mbedtls_ripemd160_update_ret(&ctx, input, ilen)) != 0) { goto exit; + } - if( ( ret = mbedtls_ripemd160_finish_ret( &ctx, output ) ) != 0 ) + if ((ret = mbedtls_ripemd160_finish_ret(&ctx, output)) != 0) { goto exit; + } exit: - mbedtls_ripemd160_free( &ctx ); + mbedtls_ripemd160_free(&ctx); - return( ret ); + return ret; } #if !defined(MBEDTLS_DEPRECATED_REMOVED) -void mbedtls_ripemd160( const unsigned char *input, - size_t ilen, - unsigned char output[20] ) +void mbedtls_ripemd160(const unsigned char *input, + size_t ilen, + unsigned char output[20]) { - mbedtls_ripemd160_ret( input, ilen, output ); + mbedtls_ripemd160_ret(input, ilen, output); } #endif @@ -485,43 +491,46 @@ static const unsigned char ripemd160_test_md[TESTS][20] = /* * Checkup routine */ -int mbedtls_ripemd160_self_test( int verbose ) +int mbedtls_ripemd160_self_test(int verbose) { int i, ret = 0; unsigned char output[20]; - memset( output, 0, sizeof output ); + memset(output, 0, sizeof(output)); - for( i = 0; i < TESTS; i++ ) - { - if( verbose != 0 ) - mbedtls_printf( " RIPEMD-160 test #%d: ", i + 1 ); + for (i = 0; i < TESTS; i++) { + if (verbose != 0) { + mbedtls_printf(" RIPEMD-160 test #%d: ", i + 1); + } - ret = mbedtls_ripemd160_ret( ripemd160_test_str[i], - ripemd160_test_strlen[i], output ); - if( ret != 0 ) + ret = mbedtls_ripemd160_ret(ripemd160_test_str[i], + ripemd160_test_strlen[i], output); + if (ret != 0) { goto fail; + } - if( memcmp( output, ripemd160_test_md[i], 20 ) != 0 ) - { + if (memcmp(output, ripemd160_test_md[i], 20) != 0) { ret = 1; goto fail; } - if( verbose != 0 ) - mbedtls_printf( "passed\n" ); + if (verbose != 0) { + mbedtls_printf("passed\n"); + } } - if( verbose != 0 ) - mbedtls_printf( "\n" ); + if (verbose != 0) { + mbedtls_printf("\n"); + } - return( 0 ); + return 0; fail: - if( verbose != 0 ) - mbedtls_printf( "failed\n" ); + if (verbose != 0) { + mbedtls_printf("failed\n"); + } - return( ret ); + return ret; } #endif /* MBEDTLS_SELF_TEST */ diff --git a/thirdparty/mbedtls/library/rsa.c b/thirdparty/mbedtls/library/rsa.c index 9c39fa5d91..f44b2c38b8 100644 --- a/thirdparty/mbedtls/library/rsa.c +++ b/thirdparty/mbedtls/library/rsa.c @@ -62,68 +62,72 @@ #if !defined(MBEDTLS_RSA_ALT) /* Parameter validation macros */ -#define RSA_VALIDATE_RET( cond ) \ - MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_RSA_BAD_INPUT_DATA ) -#define RSA_VALIDATE( cond ) \ - MBEDTLS_INTERNAL_VALIDATE( cond ) - -int mbedtls_rsa_import( mbedtls_rsa_context *ctx, - const mbedtls_mpi *N, - const mbedtls_mpi *P, const mbedtls_mpi *Q, - const mbedtls_mpi *D, const mbedtls_mpi *E ) +#define RSA_VALIDATE_RET(cond) \ + MBEDTLS_INTERNAL_VALIDATE_RET(cond, MBEDTLS_ERR_RSA_BAD_INPUT_DATA) +#define RSA_VALIDATE(cond) \ + MBEDTLS_INTERNAL_VALIDATE(cond) + +int mbedtls_rsa_import(mbedtls_rsa_context *ctx, + const mbedtls_mpi *N, + const mbedtls_mpi *P, const mbedtls_mpi *Q, + const mbedtls_mpi *D, const mbedtls_mpi *E) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - RSA_VALIDATE_RET( ctx != NULL ); + RSA_VALIDATE_RET(ctx != NULL); - if( ( N != NULL && ( ret = mbedtls_mpi_copy( &ctx->N, N ) ) != 0 ) || - ( P != NULL && ( ret = mbedtls_mpi_copy( &ctx->P, P ) ) != 0 ) || - ( Q != NULL && ( ret = mbedtls_mpi_copy( &ctx->Q, Q ) ) != 0 ) || - ( D != NULL && ( ret = mbedtls_mpi_copy( &ctx->D, D ) ) != 0 ) || - ( E != NULL && ( ret = mbedtls_mpi_copy( &ctx->E, E ) ) != 0 ) ) - { - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, ret ) ); + if ((N != NULL && (ret = mbedtls_mpi_copy(&ctx->N, N)) != 0) || + (P != NULL && (ret = mbedtls_mpi_copy(&ctx->P, P)) != 0) || + (Q != NULL && (ret = mbedtls_mpi_copy(&ctx->Q, Q)) != 0) || + (D != NULL && (ret = mbedtls_mpi_copy(&ctx->D, D)) != 0) || + (E != NULL && (ret = mbedtls_mpi_copy(&ctx->E, E)) != 0)) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_RSA_BAD_INPUT_DATA, ret); } - if( N != NULL ) - ctx->len = mbedtls_mpi_size( &ctx->N ); + if (N != NULL) { + ctx->len = mbedtls_mpi_size(&ctx->N); + } - return( 0 ); + return 0; } -int mbedtls_rsa_import_raw( mbedtls_rsa_context *ctx, - unsigned char const *N, size_t N_len, - unsigned char const *P, size_t P_len, - unsigned char const *Q, size_t Q_len, - unsigned char const *D, size_t D_len, - unsigned char const *E, size_t E_len ) +int mbedtls_rsa_import_raw(mbedtls_rsa_context *ctx, + unsigned char const *N, size_t N_len, + unsigned char const *P, size_t P_len, + unsigned char const *Q, size_t Q_len, + unsigned char const *D, size_t D_len, + unsigned char const *E, size_t E_len) { int ret = 0; - RSA_VALIDATE_RET( ctx != NULL ); + RSA_VALIDATE_RET(ctx != NULL); - if( N != NULL ) - { - MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &ctx->N, N, N_len ) ); - ctx->len = mbedtls_mpi_size( &ctx->N ); + if (N != NULL) { + MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&ctx->N, N, N_len)); + ctx->len = mbedtls_mpi_size(&ctx->N); } - if( P != NULL ) - MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &ctx->P, P, P_len ) ); + if (P != NULL) { + MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&ctx->P, P, P_len)); + } - if( Q != NULL ) - MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &ctx->Q, Q, Q_len ) ); + if (Q != NULL) { + MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&ctx->Q, Q, Q_len)); + } - if( D != NULL ) - MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &ctx->D, D, D_len ) ); + if (D != NULL) { + MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&ctx->D, D, D_len)); + } - if( E != NULL ) - MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &ctx->E, E, E_len ) ); + if (E != NULL) { + MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&ctx->E, E, E_len)); + } cleanup: - if( ret != 0 ) - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, ret ) ); + if (ret != 0) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_RSA_BAD_INPUT_DATA, ret); + } - return( 0 ); + return 0; } /* @@ -131,8 +135,8 @@ cleanup: * that the RSA primitives will be able to execute without error. * It does *not* make guarantees for consistency of the parameters. */ -static int rsa_check_context( mbedtls_rsa_context const *ctx, int is_priv, - int blinding_needed ) +static int rsa_check_context(mbedtls_rsa_context const *ctx, int is_priv, + int blinding_needed) { #if !defined(MBEDTLS_RSA_NO_CRT) /* blinding_needed is only used for NO_CRT to decide whether @@ -140,10 +144,9 @@ static int rsa_check_context( mbedtls_rsa_context const *ctx, int is_priv, ((void) blinding_needed); #endif - if( ctx->len != mbedtls_mpi_size( &ctx->N ) || - ctx->len > MBEDTLS_MPI_MAX_SIZE ) - { - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + if (ctx->len != mbedtls_mpi_size(&ctx->N) || + ctx->len > MBEDTLS_MPI_MAX_SIZE) { + return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; } /* @@ -152,23 +155,21 @@ static int rsa_check_context( mbedtls_rsa_context const *ctx, int is_priv, /* Modular exponentiation wrt. N is always used for * RSA public key operations. */ - if( mbedtls_mpi_cmp_int( &ctx->N, 0 ) <= 0 || - mbedtls_mpi_get_bit( &ctx->N, 0 ) == 0 ) - { - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + if (mbedtls_mpi_cmp_int(&ctx->N, 0) <= 0 || + mbedtls_mpi_get_bit(&ctx->N, 0) == 0) { + return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; } #if !defined(MBEDTLS_RSA_NO_CRT) /* Modular exponentiation for P and Q is only * used for private key operations and if CRT * is used. */ - if( is_priv && - ( mbedtls_mpi_cmp_int( &ctx->P, 0 ) <= 0 || - mbedtls_mpi_get_bit( &ctx->P, 0 ) == 0 || - mbedtls_mpi_cmp_int( &ctx->Q, 0 ) <= 0 || - mbedtls_mpi_get_bit( &ctx->Q, 0 ) == 0 ) ) - { - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + if (is_priv && + (mbedtls_mpi_cmp_int(&ctx->P, 0) <= 0 || + mbedtls_mpi_get_bit(&ctx->P, 0) == 0 || + mbedtls_mpi_cmp_int(&ctx->Q, 0) <= 0 || + mbedtls_mpi_get_bit(&ctx->Q, 0) == 0)) { + return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; } #endif /* !MBEDTLS_RSA_NO_CRT */ @@ -177,20 +178,21 @@ static int rsa_check_context( mbedtls_rsa_context const *ctx, int is_priv, */ /* Always need E for public key operations */ - if( mbedtls_mpi_cmp_int( &ctx->E, 0 ) <= 0 ) - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + if (mbedtls_mpi_cmp_int(&ctx->E, 0) <= 0) { + return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; + } #if defined(MBEDTLS_RSA_NO_CRT) /* For private key operations, use D or DP & DQ * as (unblinded) exponents. */ - if( is_priv && mbedtls_mpi_cmp_int( &ctx->D, 0 ) <= 0 ) - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + if (is_priv && mbedtls_mpi_cmp_int(&ctx->D, 0) <= 0) { + return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; + } #else - if( is_priv && - ( mbedtls_mpi_cmp_int( &ctx->DP, 0 ) <= 0 || - mbedtls_mpi_cmp_int( &ctx->DQ, 0 ) <= 0 ) ) - { - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + if (is_priv && + (mbedtls_mpi_cmp_int(&ctx->DP, 0) <= 0 || + mbedtls_mpi_cmp_int(&ctx->DQ, 0) <= 0)) { + return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; } #endif /* MBEDTLS_RSA_NO_CRT */ @@ -198,28 +200,26 @@ static int rsa_check_context( mbedtls_rsa_context const *ctx, int is_priv, * so check that P, Q >= 1 if that hasn't yet been * done as part of 1. */ #if defined(MBEDTLS_RSA_NO_CRT) - if( is_priv && blinding_needed && - ( mbedtls_mpi_cmp_int( &ctx->P, 0 ) <= 0 || - mbedtls_mpi_cmp_int( &ctx->Q, 0 ) <= 0 ) ) - { - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + if (is_priv && blinding_needed && + (mbedtls_mpi_cmp_int(&ctx->P, 0) <= 0 || + mbedtls_mpi_cmp_int(&ctx->Q, 0) <= 0)) { + return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; } #endif /* It wouldn't lead to an error if it wasn't satisfied, * but check for QP >= 1 nonetheless. */ #if !defined(MBEDTLS_RSA_NO_CRT) - if( is_priv && - mbedtls_mpi_cmp_int( &ctx->QP, 0 ) <= 0 ) - { - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + if (is_priv && + mbedtls_mpi_cmp_int(&ctx->QP, 0) <= 0) { + return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; } #endif - return( 0 ); + return 0; } -int mbedtls_rsa_complete( mbedtls_rsa_context *ctx ) +int mbedtls_rsa_complete(mbedtls_rsa_context *ctx) { int ret = 0; int have_N, have_P, have_Q, have_D, have_E; @@ -228,18 +228,18 @@ int mbedtls_rsa_complete( mbedtls_rsa_context *ctx ) #endif int n_missing, pq_missing, d_missing, is_pub, is_priv; - RSA_VALIDATE_RET( ctx != NULL ); + RSA_VALIDATE_RET(ctx != NULL); - have_N = ( mbedtls_mpi_cmp_int( &ctx->N, 0 ) != 0 ); - have_P = ( mbedtls_mpi_cmp_int( &ctx->P, 0 ) != 0 ); - have_Q = ( mbedtls_mpi_cmp_int( &ctx->Q, 0 ) != 0 ); - have_D = ( mbedtls_mpi_cmp_int( &ctx->D, 0 ) != 0 ); - have_E = ( mbedtls_mpi_cmp_int( &ctx->E, 0 ) != 0 ); + have_N = (mbedtls_mpi_cmp_int(&ctx->N, 0) != 0); + have_P = (mbedtls_mpi_cmp_int(&ctx->P, 0) != 0); + have_Q = (mbedtls_mpi_cmp_int(&ctx->Q, 0) != 0); + have_D = (mbedtls_mpi_cmp_int(&ctx->D, 0) != 0); + have_E = (mbedtls_mpi_cmp_int(&ctx->E, 0) != 0); #if !defined(MBEDTLS_RSA_NO_CRT) - have_DP = ( mbedtls_mpi_cmp_int( &ctx->DP, 0 ) != 0 ); - have_DQ = ( mbedtls_mpi_cmp_int( &ctx->DQ, 0 ) != 0 ); - have_QP = ( mbedtls_mpi_cmp_int( &ctx->QP, 0 ) != 0 ); + have_DP = (mbedtls_mpi_cmp_int(&ctx->DP, 0) != 0); + have_DQ = (mbedtls_mpi_cmp_int(&ctx->DQ, 0) != 0); + have_QP = (mbedtls_mpi_cmp_int(&ctx->QP, 0) != 0); #endif /* @@ -260,44 +260,40 @@ int mbedtls_rsa_complete( mbedtls_rsa_context *ctx ) /* These three alternatives are mutually exclusive */ is_priv = n_missing || pq_missing || d_missing; - if( !is_priv && !is_pub ) - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + if (!is_priv && !is_pub) { + return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; + } /* * Step 1: Deduce N if P, Q are provided. */ - if( !have_N && have_P && have_Q ) - { - if( ( ret = mbedtls_mpi_mul_mpi( &ctx->N, &ctx->P, - &ctx->Q ) ) != 0 ) - { - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, ret ) ); + if (!have_N && have_P && have_Q) { + if ((ret = mbedtls_mpi_mul_mpi(&ctx->N, &ctx->P, + &ctx->Q)) != 0) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_RSA_BAD_INPUT_DATA, ret); } - ctx->len = mbedtls_mpi_size( &ctx->N ); + ctx->len = mbedtls_mpi_size(&ctx->N); } /* * Step 2: Deduce and verify all remaining core parameters. */ - if( pq_missing ) - { - ret = mbedtls_rsa_deduce_primes( &ctx->N, &ctx->E, &ctx->D, - &ctx->P, &ctx->Q ); - if( ret != 0 ) - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, ret ) ); - - } - else if( d_missing ) - { - if( ( ret = mbedtls_rsa_deduce_private_exponent( &ctx->P, - &ctx->Q, - &ctx->E, - &ctx->D ) ) != 0 ) - { - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, ret ) ); + if (pq_missing) { + ret = mbedtls_rsa_deduce_primes(&ctx->N, &ctx->E, &ctx->D, + &ctx->P, &ctx->Q); + if (ret != 0) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_RSA_BAD_INPUT_DATA, ret); + } + + } else if (d_missing) { + if ((ret = mbedtls_rsa_deduce_private_exponent(&ctx->P, + &ctx->Q, + &ctx->E, + &ctx->D)) != 0) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_RSA_BAD_INPUT_DATA, ret); } } @@ -307,12 +303,12 @@ int mbedtls_rsa_complete( mbedtls_rsa_context *ctx ) */ #if !defined(MBEDTLS_RSA_NO_CRT) - if( is_priv && ! ( have_DP && have_DQ && have_QP ) ) - { - ret = mbedtls_rsa_deduce_crt( &ctx->P, &ctx->Q, &ctx->D, - &ctx->DP, &ctx->DQ, &ctx->QP ); - if( ret != 0 ) - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, ret ) ); + if (is_priv && !(have_DP && have_DQ && have_QP)) { + ret = mbedtls_rsa_deduce_crt(&ctx->P, &ctx->Q, &ctx->D, + &ctx->DP, &ctx->DQ, &ctx->QP); + if (ret != 0) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_RSA_BAD_INPUT_DATA, ret); + } } #endif /* MBEDTLS_RSA_NO_CRT */ @@ -320,94 +316,98 @@ int mbedtls_rsa_complete( mbedtls_rsa_context *ctx ) * Step 3: Basic sanity checks */ - return( rsa_check_context( ctx, is_priv, 1 ) ); + return rsa_check_context(ctx, is_priv, 1); } -int mbedtls_rsa_export_raw( const mbedtls_rsa_context *ctx, - unsigned char *N, size_t N_len, - unsigned char *P, size_t P_len, - unsigned char *Q, size_t Q_len, - unsigned char *D, size_t D_len, - unsigned char *E, size_t E_len ) +int mbedtls_rsa_export_raw(const mbedtls_rsa_context *ctx, + unsigned char *N, size_t N_len, + unsigned char *P, size_t P_len, + unsigned char *Q, size_t Q_len, + unsigned char *D, size_t D_len, + unsigned char *E, size_t E_len) { int ret = 0; int is_priv; - RSA_VALIDATE_RET( ctx != NULL ); + RSA_VALIDATE_RET(ctx != NULL); /* Check if key is private or public */ is_priv = - mbedtls_mpi_cmp_int( &ctx->N, 0 ) != 0 && - mbedtls_mpi_cmp_int( &ctx->P, 0 ) != 0 && - mbedtls_mpi_cmp_int( &ctx->Q, 0 ) != 0 && - mbedtls_mpi_cmp_int( &ctx->D, 0 ) != 0 && - mbedtls_mpi_cmp_int( &ctx->E, 0 ) != 0; - - if( !is_priv ) - { + mbedtls_mpi_cmp_int(&ctx->N, 0) != 0 && + mbedtls_mpi_cmp_int(&ctx->P, 0) != 0 && + mbedtls_mpi_cmp_int(&ctx->Q, 0) != 0 && + mbedtls_mpi_cmp_int(&ctx->D, 0) != 0 && + mbedtls_mpi_cmp_int(&ctx->E, 0) != 0; + + if (!is_priv) { /* If we're trying to export private parameters for a public key, * something must be wrong. */ - if( P != NULL || Q != NULL || D != NULL ) - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + if (P != NULL || Q != NULL || D != NULL) { + return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; + } } - if( N != NULL ) - MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &ctx->N, N, N_len ) ); + if (N != NULL) { + MBEDTLS_MPI_CHK(mbedtls_mpi_write_binary(&ctx->N, N, N_len)); + } - if( P != NULL ) - MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &ctx->P, P, P_len ) ); + if (P != NULL) { + MBEDTLS_MPI_CHK(mbedtls_mpi_write_binary(&ctx->P, P, P_len)); + } - if( Q != NULL ) - MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &ctx->Q, Q, Q_len ) ); + if (Q != NULL) { + MBEDTLS_MPI_CHK(mbedtls_mpi_write_binary(&ctx->Q, Q, Q_len)); + } - if( D != NULL ) - MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &ctx->D, D, D_len ) ); + if (D != NULL) { + MBEDTLS_MPI_CHK(mbedtls_mpi_write_binary(&ctx->D, D, D_len)); + } - if( E != NULL ) - MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &ctx->E, E, E_len ) ); + if (E != NULL) { + MBEDTLS_MPI_CHK(mbedtls_mpi_write_binary(&ctx->E, E, E_len)); + } cleanup: - return( ret ); + return ret; } -int mbedtls_rsa_export( const mbedtls_rsa_context *ctx, - mbedtls_mpi *N, mbedtls_mpi *P, mbedtls_mpi *Q, - mbedtls_mpi *D, mbedtls_mpi *E ) +int mbedtls_rsa_export(const mbedtls_rsa_context *ctx, + mbedtls_mpi *N, mbedtls_mpi *P, mbedtls_mpi *Q, + mbedtls_mpi *D, mbedtls_mpi *E) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; int is_priv; - RSA_VALIDATE_RET( ctx != NULL ); + RSA_VALIDATE_RET(ctx != NULL); /* Check if key is private or public */ is_priv = - mbedtls_mpi_cmp_int( &ctx->N, 0 ) != 0 && - mbedtls_mpi_cmp_int( &ctx->P, 0 ) != 0 && - mbedtls_mpi_cmp_int( &ctx->Q, 0 ) != 0 && - mbedtls_mpi_cmp_int( &ctx->D, 0 ) != 0 && - mbedtls_mpi_cmp_int( &ctx->E, 0 ) != 0; - - if( !is_priv ) - { + mbedtls_mpi_cmp_int(&ctx->N, 0) != 0 && + mbedtls_mpi_cmp_int(&ctx->P, 0) != 0 && + mbedtls_mpi_cmp_int(&ctx->Q, 0) != 0 && + mbedtls_mpi_cmp_int(&ctx->D, 0) != 0 && + mbedtls_mpi_cmp_int(&ctx->E, 0) != 0; + + if (!is_priv) { /* If we're trying to export private parameters for a public key, * something must be wrong. */ - if( P != NULL || Q != NULL || D != NULL ) - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + if (P != NULL || Q != NULL || D != NULL) { + return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; + } } /* Export all requested core parameters. */ - if( ( N != NULL && ( ret = mbedtls_mpi_copy( N, &ctx->N ) ) != 0 ) || - ( P != NULL && ( ret = mbedtls_mpi_copy( P, &ctx->P ) ) != 0 ) || - ( Q != NULL && ( ret = mbedtls_mpi_copy( Q, &ctx->Q ) ) != 0 ) || - ( D != NULL && ( ret = mbedtls_mpi_copy( D, &ctx->D ) ) != 0 ) || - ( E != NULL && ( ret = mbedtls_mpi_copy( E, &ctx->E ) ) != 0 ) ) - { - return( ret ); + if ((N != NULL && (ret = mbedtls_mpi_copy(N, &ctx->N)) != 0) || + (P != NULL && (ret = mbedtls_mpi_copy(P, &ctx->P)) != 0) || + (Q != NULL && (ret = mbedtls_mpi_copy(Q, &ctx->Q)) != 0) || + (D != NULL && (ret = mbedtls_mpi_copy(D, &ctx->D)) != 0) || + (E != NULL && (ret = mbedtls_mpi_copy(E, &ctx->E)) != 0)) { + return ret; } - return( 0 ); + return 0; } /* @@ -416,75 +416,74 @@ int mbedtls_rsa_export( const mbedtls_rsa_context *ctx, * write DER encoded RSA keys. The helper function mbedtls_rsa_deduce_crt * can be used in this case. */ -int mbedtls_rsa_export_crt( const mbedtls_rsa_context *ctx, - mbedtls_mpi *DP, mbedtls_mpi *DQ, mbedtls_mpi *QP ) +int mbedtls_rsa_export_crt(const mbedtls_rsa_context *ctx, + mbedtls_mpi *DP, mbedtls_mpi *DQ, mbedtls_mpi *QP) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; int is_priv; - RSA_VALIDATE_RET( ctx != NULL ); + RSA_VALIDATE_RET(ctx != NULL); /* Check if key is private or public */ is_priv = - mbedtls_mpi_cmp_int( &ctx->N, 0 ) != 0 && - mbedtls_mpi_cmp_int( &ctx->P, 0 ) != 0 && - mbedtls_mpi_cmp_int( &ctx->Q, 0 ) != 0 && - mbedtls_mpi_cmp_int( &ctx->D, 0 ) != 0 && - mbedtls_mpi_cmp_int( &ctx->E, 0 ) != 0; + mbedtls_mpi_cmp_int(&ctx->N, 0) != 0 && + mbedtls_mpi_cmp_int(&ctx->P, 0) != 0 && + mbedtls_mpi_cmp_int(&ctx->Q, 0) != 0 && + mbedtls_mpi_cmp_int(&ctx->D, 0) != 0 && + mbedtls_mpi_cmp_int(&ctx->E, 0) != 0; - if( !is_priv ) - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + if (!is_priv) { + return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; + } #if !defined(MBEDTLS_RSA_NO_CRT) /* Export all requested blinding parameters. */ - if( ( DP != NULL && ( ret = mbedtls_mpi_copy( DP, &ctx->DP ) ) != 0 ) || - ( DQ != NULL && ( ret = mbedtls_mpi_copy( DQ, &ctx->DQ ) ) != 0 ) || - ( QP != NULL && ( ret = mbedtls_mpi_copy( QP, &ctx->QP ) ) != 0 ) ) - { - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, ret ) ); + if ((DP != NULL && (ret = mbedtls_mpi_copy(DP, &ctx->DP)) != 0) || + (DQ != NULL && (ret = mbedtls_mpi_copy(DQ, &ctx->DQ)) != 0) || + (QP != NULL && (ret = mbedtls_mpi_copy(QP, &ctx->QP)) != 0)) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_RSA_BAD_INPUT_DATA, ret); } #else - if( ( ret = mbedtls_rsa_deduce_crt( &ctx->P, &ctx->Q, &ctx->D, - DP, DQ, QP ) ) != 0 ) - { - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, ret ) ); + if ((ret = mbedtls_rsa_deduce_crt(&ctx->P, &ctx->Q, &ctx->D, + DP, DQ, QP)) != 0) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_RSA_BAD_INPUT_DATA, ret); } #endif - return( 0 ); + return 0; } /* * Initialize an RSA context */ -void mbedtls_rsa_init( mbedtls_rsa_context *ctx, - int padding, - int hash_id ) +void mbedtls_rsa_init(mbedtls_rsa_context *ctx, + int padding, + int hash_id) { - RSA_VALIDATE( ctx != NULL ); - RSA_VALIDATE( padding == MBEDTLS_RSA_PKCS_V15 || - padding == MBEDTLS_RSA_PKCS_V21 ); + RSA_VALIDATE(ctx != NULL); + RSA_VALIDATE(padding == MBEDTLS_RSA_PKCS_V15 || + padding == MBEDTLS_RSA_PKCS_V21); - memset( ctx, 0, sizeof( mbedtls_rsa_context ) ); + memset(ctx, 0, sizeof(mbedtls_rsa_context)); - mbedtls_rsa_set_padding( ctx, padding, hash_id ); + mbedtls_rsa_set_padding(ctx, padding, hash_id); #if defined(MBEDTLS_THREADING_C) /* Set ctx->ver to nonzero to indicate that the mutex has been * initialized and will need to be freed. */ ctx->ver = 1; - mbedtls_mutex_init( &ctx->mutex ); + mbedtls_mutex_init(&ctx->mutex); #endif } /* * Set padding for an existing RSA context */ -void mbedtls_rsa_set_padding( mbedtls_rsa_context *ctx, int padding, - int hash_id ) +void mbedtls_rsa_set_padding(mbedtls_rsa_context *ctx, int padding, + int hash_id) { - RSA_VALIDATE( ctx != NULL ); - RSA_VALIDATE( padding == MBEDTLS_RSA_PKCS_V15 || - padding == MBEDTLS_RSA_PKCS_V21 ); + RSA_VALIDATE(ctx != NULL); + RSA_VALIDATE(padding == MBEDTLS_RSA_PKCS_V15 || + padding == MBEDTLS_RSA_PKCS_V21); ctx->padding = padding; ctx->hash_id = hash_id; @@ -494,9 +493,9 @@ void mbedtls_rsa_set_padding( mbedtls_rsa_context *ctx, int padding, * Get length in bytes of RSA modulus */ -size_t mbedtls_rsa_get_len( const mbedtls_rsa_context *ctx ) +size_t mbedtls_rsa_get_len(const mbedtls_rsa_context *ctx) { - return( ctx->len ); + return ctx->len; } @@ -508,31 +507,31 @@ size_t mbedtls_rsa_get_len( const mbedtls_rsa_context *ctx ) * This generation method follows the RSA key pair generation procedure of * FIPS 186-4 if 2^16 < exponent < 2^256 and nbits = 2048 or nbits = 3072. */ -int mbedtls_rsa_gen_key( mbedtls_rsa_context *ctx, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng, - unsigned int nbits, int exponent ) +int mbedtls_rsa_gen_key(mbedtls_rsa_context *ctx, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng, + unsigned int nbits, int exponent) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_mpi H, G, L; int prime_quality = 0; - RSA_VALIDATE_RET( ctx != NULL ); - RSA_VALIDATE_RET( f_rng != NULL ); + RSA_VALIDATE_RET(ctx != NULL); + RSA_VALIDATE_RET(f_rng != NULL); /* * If the modulus is 1024 bit long or shorter, then the security strength of * the RSA algorithm is less than or equal to 80 bits and therefore an error * rate of 2^-80 is sufficient. */ - if( nbits > 1024 ) + if (nbits > 1024) { prime_quality = MBEDTLS_MPI_GEN_PRIME_FLAG_LOW_ERR; + } - mbedtls_mpi_init( &H ); - mbedtls_mpi_init( &G ); - mbedtls_mpi_init( &L ); + mbedtls_mpi_init(&H); + mbedtls_mpi_init(&G); + mbedtls_mpi_init(&L); - if( nbits < 128 || exponent < 3 || nbits % 2 != 0 ) - { + if (nbits < 128 || exponent < 3 || nbits % 2 != 0) { ret = MBEDTLS_ERR_RSA_BAD_INPUT_DATA; goto cleanup; } @@ -543,54 +542,56 @@ int mbedtls_rsa_gen_key( mbedtls_rsa_context *ctx, * 2. GCD( E, (P-1)*(Q-1) ) == 1 * 3. E^-1 mod LCM(P-1, Q-1) > 2^( nbits / 2 ) */ - MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &ctx->E, exponent ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&ctx->E, exponent)); - do - { - MBEDTLS_MPI_CHK( mbedtls_mpi_gen_prime( &ctx->P, nbits >> 1, - prime_quality, f_rng, p_rng ) ); + do { + MBEDTLS_MPI_CHK(mbedtls_mpi_gen_prime(&ctx->P, nbits >> 1, + prime_quality, f_rng, p_rng)); - MBEDTLS_MPI_CHK( mbedtls_mpi_gen_prime( &ctx->Q, nbits >> 1, - prime_quality, f_rng, p_rng ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_gen_prime(&ctx->Q, nbits >> 1, + prime_quality, f_rng, p_rng)); /* make sure the difference between p and q is not too small (FIPS 186-4 §B.3.3 step 5.4) */ - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &H, &ctx->P, &ctx->Q ) ); - if( mbedtls_mpi_bitlen( &H ) <= ( ( nbits >= 200 ) ? ( ( nbits >> 1 ) - 99 ) : 0 ) ) + MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mpi(&H, &ctx->P, &ctx->Q)); + if (mbedtls_mpi_bitlen(&H) <= ((nbits >= 200) ? ((nbits >> 1) - 99) : 0)) { continue; + } /* not required by any standards, but some users rely on the fact that P > Q */ - if( H.s < 0 ) - mbedtls_mpi_swap( &ctx->P, &ctx->Q ); + if (H.s < 0) { + mbedtls_mpi_swap(&ctx->P, &ctx->Q); + } /* Temporarily replace P,Q by P-1, Q-1 */ - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &ctx->P, &ctx->P, 1 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &ctx->Q, &ctx->Q, 1 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &H, &ctx->P, &ctx->Q ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_sub_int(&ctx->P, &ctx->P, 1)); + MBEDTLS_MPI_CHK(mbedtls_mpi_sub_int(&ctx->Q, &ctx->Q, 1)); + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&H, &ctx->P, &ctx->Q)); /* check GCD( E, (P-1)*(Q-1) ) == 1 (FIPS 186-4 §B.3.1 criterion 2(a)) */ - MBEDTLS_MPI_CHK( mbedtls_mpi_gcd( &G, &ctx->E, &H ) ); - if( mbedtls_mpi_cmp_int( &G, 1 ) != 0 ) + MBEDTLS_MPI_CHK(mbedtls_mpi_gcd(&G, &ctx->E, &H)); + if (mbedtls_mpi_cmp_int(&G, 1) != 0) { continue; + } /* compute smallest possible D = E^-1 mod LCM(P-1, Q-1) (FIPS 186-4 §B.3.1 criterion 3(b)) */ - MBEDTLS_MPI_CHK( mbedtls_mpi_gcd( &G, &ctx->P, &ctx->Q ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_div_mpi( &L, NULL, &H, &G ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( &ctx->D, &ctx->E, &L ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_gcd(&G, &ctx->P, &ctx->Q)); + MBEDTLS_MPI_CHK(mbedtls_mpi_div_mpi(&L, NULL, &H, &G)); + MBEDTLS_MPI_CHK(mbedtls_mpi_inv_mod(&ctx->D, &ctx->E, &L)); - if( mbedtls_mpi_bitlen( &ctx->D ) <= ( ( nbits + 1 ) / 2 ) ) // (FIPS 186-4 §B.3.1 criterion 3(a)) + if (mbedtls_mpi_bitlen(&ctx->D) <= ((nbits + 1) / 2)) { // (FIPS 186-4 §B.3.1 criterion 3(a)) continue; + } break; - } - while( 1 ); + } while (1); /* Restore P,Q */ - MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( &ctx->P, &ctx->P, 1 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( &ctx->Q, &ctx->Q, 1 ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_add_int(&ctx->P, &ctx->P, 1)); + MBEDTLS_MPI_CHK(mbedtls_mpi_add_int(&ctx->Q, &ctx->Q, 1)); - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &ctx->N, &ctx->P, &ctx->Q ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&ctx->N, &ctx->P, &ctx->Q)); - ctx->len = mbedtls_mpi_size( &ctx->N ); + ctx->len = mbedtls_mpi_size(&ctx->N); #if !defined(MBEDTLS_RSA_NO_CRT) /* @@ -598,29 +599,29 @@ int mbedtls_rsa_gen_key( mbedtls_rsa_context *ctx, * DQ = D mod (Q - 1) * QP = Q^-1 mod P */ - MBEDTLS_MPI_CHK( mbedtls_rsa_deduce_crt( &ctx->P, &ctx->Q, &ctx->D, - &ctx->DP, &ctx->DQ, &ctx->QP ) ); + MBEDTLS_MPI_CHK(mbedtls_rsa_deduce_crt(&ctx->P, &ctx->Q, &ctx->D, + &ctx->DP, &ctx->DQ, &ctx->QP)); #endif /* MBEDTLS_RSA_NO_CRT */ /* Double-check */ - MBEDTLS_MPI_CHK( mbedtls_rsa_check_privkey( ctx ) ); + MBEDTLS_MPI_CHK(mbedtls_rsa_check_privkey(ctx)); cleanup: - mbedtls_mpi_free( &H ); - mbedtls_mpi_free( &G ); - mbedtls_mpi_free( &L ); + mbedtls_mpi_free(&H); + mbedtls_mpi_free(&G); + mbedtls_mpi_free(&L); - if( ret != 0 ) - { - mbedtls_rsa_free( ctx ); + if (ret != 0) { + mbedtls_rsa_free(ctx); - if( ( -ret & ~0x7f ) == 0 ) - ret = MBEDTLS_ERROR_ADD( MBEDTLS_ERR_RSA_KEY_GEN_FAILED, ret ); - return( ret ); + if ((-ret & ~0x7f) == 0) { + ret = MBEDTLS_ERROR_ADD(MBEDTLS_ERR_RSA_KEY_GEN_FAILED, ret); + } + return ret; } - return( 0 ); + return 0; } #endif /* MBEDTLS_GENPRIME */ @@ -628,130 +629,127 @@ cleanup: /* * Check a public RSA key */ -int mbedtls_rsa_check_pubkey( const mbedtls_rsa_context *ctx ) +int mbedtls_rsa_check_pubkey(const mbedtls_rsa_context *ctx) { - RSA_VALIDATE_RET( ctx != NULL ); + RSA_VALIDATE_RET(ctx != NULL); - if( rsa_check_context( ctx, 0 /* public */, 0 /* no blinding */ ) != 0 ) - return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED ); + if (rsa_check_context(ctx, 0 /* public */, 0 /* no blinding */) != 0) { + return MBEDTLS_ERR_RSA_KEY_CHECK_FAILED; + } - if( mbedtls_mpi_bitlen( &ctx->N ) < 128 ) - { - return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED ); + if (mbedtls_mpi_bitlen(&ctx->N) < 128) { + return MBEDTLS_ERR_RSA_KEY_CHECK_FAILED; } - if( mbedtls_mpi_get_bit( &ctx->E, 0 ) == 0 || - mbedtls_mpi_bitlen( &ctx->E ) < 2 || - mbedtls_mpi_cmp_mpi( &ctx->E, &ctx->N ) >= 0 ) - { - return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED ); + if (mbedtls_mpi_get_bit(&ctx->E, 0) == 0 || + mbedtls_mpi_bitlen(&ctx->E) < 2 || + mbedtls_mpi_cmp_mpi(&ctx->E, &ctx->N) >= 0) { + return MBEDTLS_ERR_RSA_KEY_CHECK_FAILED; } - return( 0 ); + return 0; } /* * Check for the consistency of all fields in an RSA private key context */ -int mbedtls_rsa_check_privkey( const mbedtls_rsa_context *ctx ) +int mbedtls_rsa_check_privkey(const mbedtls_rsa_context *ctx) { - RSA_VALIDATE_RET( ctx != NULL ); + RSA_VALIDATE_RET(ctx != NULL); - if( mbedtls_rsa_check_pubkey( ctx ) != 0 || - rsa_check_context( ctx, 1 /* private */, 1 /* blinding */ ) != 0 ) - { - return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED ); + if (mbedtls_rsa_check_pubkey(ctx) != 0 || + rsa_check_context(ctx, 1 /* private */, 1 /* blinding */) != 0) { + return MBEDTLS_ERR_RSA_KEY_CHECK_FAILED; } - if( mbedtls_rsa_validate_params( &ctx->N, &ctx->P, &ctx->Q, - &ctx->D, &ctx->E, NULL, NULL ) != 0 ) - { - return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED ); + if (mbedtls_rsa_validate_params(&ctx->N, &ctx->P, &ctx->Q, + &ctx->D, &ctx->E, NULL, NULL) != 0) { + return MBEDTLS_ERR_RSA_KEY_CHECK_FAILED; } #if !defined(MBEDTLS_RSA_NO_CRT) - else if( mbedtls_rsa_validate_crt( &ctx->P, &ctx->Q, &ctx->D, - &ctx->DP, &ctx->DQ, &ctx->QP ) != 0 ) - { - return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED ); + else if (mbedtls_rsa_validate_crt(&ctx->P, &ctx->Q, &ctx->D, + &ctx->DP, &ctx->DQ, &ctx->QP) != 0) { + return MBEDTLS_ERR_RSA_KEY_CHECK_FAILED; } #endif - return( 0 ); + return 0; } /* * Check if contexts holding a public and private key match */ -int mbedtls_rsa_check_pub_priv( const mbedtls_rsa_context *pub, - const mbedtls_rsa_context *prv ) +int mbedtls_rsa_check_pub_priv(const mbedtls_rsa_context *pub, + const mbedtls_rsa_context *prv) { - RSA_VALIDATE_RET( pub != NULL ); - RSA_VALIDATE_RET( prv != NULL ); + RSA_VALIDATE_RET(pub != NULL); + RSA_VALIDATE_RET(prv != NULL); - if( mbedtls_rsa_check_pubkey( pub ) != 0 || - mbedtls_rsa_check_privkey( prv ) != 0 ) - { - return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED ); + if (mbedtls_rsa_check_pubkey(pub) != 0 || + mbedtls_rsa_check_privkey(prv) != 0) { + return MBEDTLS_ERR_RSA_KEY_CHECK_FAILED; } - if( mbedtls_mpi_cmp_mpi( &pub->N, &prv->N ) != 0 || - mbedtls_mpi_cmp_mpi( &pub->E, &prv->E ) != 0 ) - { - return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED ); + if (mbedtls_mpi_cmp_mpi(&pub->N, &prv->N) != 0 || + mbedtls_mpi_cmp_mpi(&pub->E, &prv->E) != 0) { + return MBEDTLS_ERR_RSA_KEY_CHECK_FAILED; } - return( 0 ); + return 0; } /* * Do an RSA public key operation */ -int mbedtls_rsa_public( mbedtls_rsa_context *ctx, - const unsigned char *input, - unsigned char *output ) +int mbedtls_rsa_public(mbedtls_rsa_context *ctx, + const unsigned char *input, + unsigned char *output) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t olen; mbedtls_mpi T; - RSA_VALIDATE_RET( ctx != NULL ); - RSA_VALIDATE_RET( input != NULL ); - RSA_VALIDATE_RET( output != NULL ); + RSA_VALIDATE_RET(ctx != NULL); + RSA_VALIDATE_RET(input != NULL); + RSA_VALIDATE_RET(output != NULL); - if( rsa_check_context( ctx, 0 /* public */, 0 /* no blinding */ ) ) - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + if (rsa_check_context(ctx, 0 /* public */, 0 /* no blinding */)) { + return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; + } - mbedtls_mpi_init( &T ); + mbedtls_mpi_init(&T); #if defined(MBEDTLS_THREADING_C) - if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 ) - return( ret ); + if ((ret = mbedtls_mutex_lock(&ctx->mutex)) != 0) { + return ret; + } #endif - MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &T, input, ctx->len ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&T, input, ctx->len)); - if( mbedtls_mpi_cmp_mpi( &T, &ctx->N ) >= 0 ) - { + if (mbedtls_mpi_cmp_mpi(&T, &ctx->N) >= 0) { ret = MBEDTLS_ERR_MPI_BAD_INPUT_DATA; goto cleanup; } olen = ctx->len; - MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &T, &T, &ctx->E, &ctx->N, &ctx->RN ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &T, output, olen ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_exp_mod(&T, &T, &ctx->E, &ctx->N, &ctx->RN)); + MBEDTLS_MPI_CHK(mbedtls_mpi_write_binary(&T, output, olen)); cleanup: #if defined(MBEDTLS_THREADING_C) - if( mbedtls_mutex_unlock( &ctx->mutex ) != 0 ) - return( MBEDTLS_ERR_THREADING_MUTEX_ERROR ); + if (mbedtls_mutex_unlock(&ctx->mutex) != 0) { + return MBEDTLS_ERR_THREADING_MUTEX_ERROR; + } #endif - mbedtls_mpi_free( &T ); + mbedtls_mpi_free(&T); - if( ret != 0 ) - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_RSA_PUBLIC_FAILED, ret ) ); + if (ret != 0) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_RSA_PUBLIC_FAILED, ret); + } - return( 0 ); + return 0; } /* @@ -760,63 +758,62 @@ cleanup: * DSS, and other systems. In : Advances in Cryptology-CRYPTO'96. Springer * Berlin Heidelberg, 1996. p. 104-113. */ -static int rsa_prepare_blinding( mbedtls_rsa_context *ctx, - int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) +static int rsa_prepare_blinding(mbedtls_rsa_context *ctx, + int (*f_rng)(void *, unsigned char *, size_t), void *p_rng) { int ret, count = 0; mbedtls_mpi R; - mbedtls_mpi_init( &R ); + mbedtls_mpi_init(&R); - if( ctx->Vf.p != NULL ) - { + if (ctx->Vf.p != NULL) { /* We already have blinding values, just update them by squaring */ - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &ctx->Vi, &ctx->Vi, &ctx->Vi ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &ctx->Vi, &ctx->Vi, &ctx->N ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &ctx->Vf, &ctx->Vf, &ctx->Vf ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &ctx->Vf, &ctx->Vf, &ctx->N ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&ctx->Vi, &ctx->Vi, &ctx->Vi)); + MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(&ctx->Vi, &ctx->Vi, &ctx->N)); + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&ctx->Vf, &ctx->Vf, &ctx->Vf)); + MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(&ctx->Vf, &ctx->Vf, &ctx->N)); goto cleanup; } /* Unblinding value: Vf = random number, invertible mod N */ do { - if( count++ > 10 ) - { + if (count++ > 10) { ret = MBEDTLS_ERR_RSA_RNG_FAILED; goto cleanup; } - MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( &ctx->Vf, ctx->len - 1, f_rng, p_rng ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_fill_random(&ctx->Vf, ctx->len - 1, f_rng, p_rng)); /* Compute Vf^-1 as R * (R Vf)^-1 to avoid leaks from inv_mod. */ - MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( &R, ctx->len - 1, f_rng, p_rng ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &ctx->Vi, &ctx->Vf, &R ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &ctx->Vi, &ctx->Vi, &ctx->N ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_fill_random(&R, ctx->len - 1, f_rng, p_rng)); + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&ctx->Vi, &ctx->Vf, &R)); + MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(&ctx->Vi, &ctx->Vi, &ctx->N)); /* At this point, Vi is invertible mod N if and only if both Vf and R * are invertible mod N. If one of them isn't, we don't need to know * which one, we just loop and choose new values for both of them. * (Each iteration succeeds with overwhelming probability.) */ - ret = mbedtls_mpi_inv_mod( &ctx->Vi, &ctx->Vi, &ctx->N ); - if( ret != 0 && ret != MBEDTLS_ERR_MPI_NOT_ACCEPTABLE ) + ret = mbedtls_mpi_inv_mod(&ctx->Vi, &ctx->Vi, &ctx->N); + if (ret != 0 && ret != MBEDTLS_ERR_MPI_NOT_ACCEPTABLE) { goto cleanup; + } - } while( ret == MBEDTLS_ERR_MPI_NOT_ACCEPTABLE ); + } while (ret == MBEDTLS_ERR_MPI_NOT_ACCEPTABLE); /* Finish the computation of Vf^-1 = R * (R Vf)^-1 */ - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &ctx->Vi, &ctx->Vi, &R ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &ctx->Vi, &ctx->Vi, &ctx->N ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&ctx->Vi, &ctx->Vi, &R)); + MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(&ctx->Vi, &ctx->Vi, &ctx->N)); /* Blinding value: Vi = Vf^(-e) mod N * (Vi already contains Vf^-1 at this point) */ - MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &ctx->Vi, &ctx->Vi, &ctx->E, &ctx->N, &ctx->RN ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_exp_mod(&ctx->Vi, &ctx->Vi, &ctx->E, &ctx->N, &ctx->RN)); cleanup: - mbedtls_mpi_free( &R ); + mbedtls_mpi_free(&R); - return( ret ); + return ret; } /* @@ -843,11 +840,11 @@ cleanup: /* * Do an RSA private key operation */ -int mbedtls_rsa_private( mbedtls_rsa_context *ctx, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng, - const unsigned char *input, - unsigned char *output ) +int mbedtls_rsa_private(mbedtls_rsa_context *ctx, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng, + const unsigned char *input, + unsigned char *output) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t olen; @@ -884,110 +881,107 @@ int mbedtls_rsa_private( mbedtls_rsa_context *ctx, * checked result; should be the same in the end. */ mbedtls_mpi I, C; - RSA_VALIDATE_RET( ctx != NULL ); - RSA_VALIDATE_RET( input != NULL ); - RSA_VALIDATE_RET( output != NULL ); + RSA_VALIDATE_RET(ctx != NULL); + RSA_VALIDATE_RET(input != NULL); + RSA_VALIDATE_RET(output != NULL); - if( rsa_check_context( ctx, 1 /* private key checks */, - f_rng != NULL /* blinding y/n */ ) != 0 ) - { - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + if (rsa_check_context(ctx, 1 /* private key checks */, + f_rng != NULL /* blinding y/n */) != 0) { + return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; } #if defined(MBEDTLS_THREADING_C) - if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 ) - return( ret ); + if ((ret = mbedtls_mutex_lock(&ctx->mutex)) != 0) { + return ret; + } #endif /* MPI Initialization */ - mbedtls_mpi_init( &T ); + mbedtls_mpi_init(&T); - mbedtls_mpi_init( &P1 ); - mbedtls_mpi_init( &Q1 ); - mbedtls_mpi_init( &R ); + mbedtls_mpi_init(&P1); + mbedtls_mpi_init(&Q1); + mbedtls_mpi_init(&R); - if( f_rng != NULL ) - { + if (f_rng != NULL) { #if defined(MBEDTLS_RSA_NO_CRT) - mbedtls_mpi_init( &D_blind ); + mbedtls_mpi_init(&D_blind); #else - mbedtls_mpi_init( &DP_blind ); - mbedtls_mpi_init( &DQ_blind ); + mbedtls_mpi_init(&DP_blind); + mbedtls_mpi_init(&DQ_blind); #endif } #if !defined(MBEDTLS_RSA_NO_CRT) - mbedtls_mpi_init( &TP ); mbedtls_mpi_init( &TQ ); + mbedtls_mpi_init(&TP); mbedtls_mpi_init(&TQ); #endif - mbedtls_mpi_init( &I ); - mbedtls_mpi_init( &C ); + mbedtls_mpi_init(&I); + mbedtls_mpi_init(&C); /* End of MPI initialization */ - MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &T, input, ctx->len ) ); - if( mbedtls_mpi_cmp_mpi( &T, &ctx->N ) >= 0 ) - { + MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&T, input, ctx->len)); + if (mbedtls_mpi_cmp_mpi(&T, &ctx->N) >= 0) { ret = MBEDTLS_ERR_MPI_BAD_INPUT_DATA; goto cleanup; } - MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &I, &T ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&I, &T)); - if( f_rng != NULL ) - { + if (f_rng != NULL) { /* * Blinding * T = T * Vi mod N */ - MBEDTLS_MPI_CHK( rsa_prepare_blinding( ctx, f_rng, p_rng ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &T, &T, &ctx->Vi ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &T, &T, &ctx->N ) ); + MBEDTLS_MPI_CHK(rsa_prepare_blinding(ctx, f_rng, p_rng)); + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&T, &T, &ctx->Vi)); + MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(&T, &T, &ctx->N)); /* * Exponent blinding */ - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &P1, &ctx->P, 1 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &Q1, &ctx->Q, 1 ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_sub_int(&P1, &ctx->P, 1)); + MBEDTLS_MPI_CHK(mbedtls_mpi_sub_int(&Q1, &ctx->Q, 1)); #if defined(MBEDTLS_RSA_NO_CRT) /* * D_blind = ( P - 1 ) * ( Q - 1 ) * R + D */ - MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( &R, RSA_EXPONENT_BLINDING, - f_rng, p_rng ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &D_blind, &P1, &Q1 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &D_blind, &D_blind, &R ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &D_blind, &D_blind, &ctx->D ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_fill_random(&R, RSA_EXPONENT_BLINDING, + f_rng, p_rng)); + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&D_blind, &P1, &Q1)); + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&D_blind, &D_blind, &R)); + MBEDTLS_MPI_CHK(mbedtls_mpi_add_mpi(&D_blind, &D_blind, &ctx->D)); D = &D_blind; #else /* * DP_blind = ( P - 1 ) * R + DP */ - MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( &R, RSA_EXPONENT_BLINDING, - f_rng, p_rng ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &DP_blind, &P1, &R ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &DP_blind, &DP_blind, - &ctx->DP ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_fill_random(&R, RSA_EXPONENT_BLINDING, + f_rng, p_rng)); + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&DP_blind, &P1, &R)); + MBEDTLS_MPI_CHK(mbedtls_mpi_add_mpi(&DP_blind, &DP_blind, + &ctx->DP)); DP = &DP_blind; /* * DQ_blind = ( Q - 1 ) * R + DQ */ - MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( &R, RSA_EXPONENT_BLINDING, - f_rng, p_rng ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &DQ_blind, &Q1, &R ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &DQ_blind, &DQ_blind, - &ctx->DQ ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_fill_random(&R, RSA_EXPONENT_BLINDING, + f_rng, p_rng)); + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&DQ_blind, &Q1, &R)); + MBEDTLS_MPI_CHK(mbedtls_mpi_add_mpi(&DQ_blind, &DQ_blind, + &ctx->DQ)); DQ = &DQ_blind; #endif /* MBEDTLS_RSA_NO_CRT */ } #if defined(MBEDTLS_RSA_NO_CRT) - MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &T, &T, D, &ctx->N, &ctx->RN ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_exp_mod(&T, &T, D, &ctx->N, &ctx->RN)); #else /* * Faster decryption using the CRT @@ -996,78 +990,77 @@ int mbedtls_rsa_private( mbedtls_rsa_context *ctx, * TQ = input ^ dQ mod Q */ - MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &TP, &T, DP, &ctx->P, &ctx->RP ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &TQ, &T, DQ, &ctx->Q, &ctx->RQ ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_exp_mod(&TP, &T, DP, &ctx->P, &ctx->RP)); + MBEDTLS_MPI_CHK(mbedtls_mpi_exp_mod(&TQ, &T, DQ, &ctx->Q, &ctx->RQ)); /* * T = (TP - TQ) * (Q^-1 mod P) mod P */ - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &T, &TP, &TQ ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &TP, &T, &ctx->QP ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &T, &TP, &ctx->P ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mpi(&T, &TP, &TQ)); + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&TP, &T, &ctx->QP)); + MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(&T, &TP, &ctx->P)); /* * T = TQ + T * Q */ - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &TP, &T, &ctx->Q ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &T, &TQ, &TP ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&TP, &T, &ctx->Q)); + MBEDTLS_MPI_CHK(mbedtls_mpi_add_mpi(&T, &TQ, &TP)); #endif /* MBEDTLS_RSA_NO_CRT */ - if( f_rng != NULL ) - { + if (f_rng != NULL) { /* * Unblind * T = T * Vf mod N */ - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &T, &T, &ctx->Vf ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &T, &T, &ctx->N ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&T, &T, &ctx->Vf)); + MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(&T, &T, &ctx->N)); } /* Verify the result to prevent glitching attacks. */ - MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &C, &T, &ctx->E, - &ctx->N, &ctx->RN ) ); - if( mbedtls_mpi_cmp_mpi( &C, &I ) != 0 ) - { + MBEDTLS_MPI_CHK(mbedtls_mpi_exp_mod(&C, &T, &ctx->E, + &ctx->N, &ctx->RN)); + if (mbedtls_mpi_cmp_mpi(&C, &I) != 0) { ret = MBEDTLS_ERR_RSA_VERIFY_FAILED; goto cleanup; } olen = ctx->len; - MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &T, output, olen ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_write_binary(&T, output, olen)); cleanup: #if defined(MBEDTLS_THREADING_C) - if( mbedtls_mutex_unlock( &ctx->mutex ) != 0 ) - return( MBEDTLS_ERR_THREADING_MUTEX_ERROR ); + if (mbedtls_mutex_unlock(&ctx->mutex) != 0) { + return MBEDTLS_ERR_THREADING_MUTEX_ERROR; + } #endif - mbedtls_mpi_free( &P1 ); - mbedtls_mpi_free( &Q1 ); - mbedtls_mpi_free( &R ); + mbedtls_mpi_free(&P1); + mbedtls_mpi_free(&Q1); + mbedtls_mpi_free(&R); - if( f_rng != NULL ) - { + if (f_rng != NULL) { #if defined(MBEDTLS_RSA_NO_CRT) - mbedtls_mpi_free( &D_blind ); + mbedtls_mpi_free(&D_blind); #else - mbedtls_mpi_free( &DP_blind ); - mbedtls_mpi_free( &DQ_blind ); + mbedtls_mpi_free(&DP_blind); + mbedtls_mpi_free(&DQ_blind); #endif } - mbedtls_mpi_free( &T ); + mbedtls_mpi_free(&T); #if !defined(MBEDTLS_RSA_NO_CRT) - mbedtls_mpi_free( &TP ); mbedtls_mpi_free( &TQ ); + mbedtls_mpi_free(&TP); mbedtls_mpi_free(&TQ); #endif - mbedtls_mpi_free( &C ); - mbedtls_mpi_free( &I ); + mbedtls_mpi_free(&C); + mbedtls_mpi_free(&I); - if( ret != 0 && ret >= -0x007f ) - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_RSA_PRIVATE_FAILED, ret ) ); + if (ret != 0 && ret >= -0x007f) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_RSA_PRIVATE_FAILED, ret); + } - return( ret ); + return ret; } #if defined(MBEDTLS_PKCS1_V21) @@ -1080,8 +1073,8 @@ cleanup: * \param slen length of the source buffer * \param md_ctx message digest context to use */ -static int mgf_mask( unsigned char *dst, size_t dlen, unsigned char *src, - size_t slen, mbedtls_md_context_t *md_ctx ) +static int mgf_mask(unsigned char *dst, size_t dlen, unsigned char *src, + size_t slen, mbedtls_md_context_t *md_ctx) { unsigned char mask[MBEDTLS_MD_MAX_SIZE]; unsigned char counter[4]; @@ -1090,31 +1083,36 @@ static int mgf_mask( unsigned char *dst, size_t dlen, unsigned char *src, size_t i, use_len; int ret = 0; - memset( mask, 0, MBEDTLS_MD_MAX_SIZE ); - memset( counter, 0, 4 ); + memset(mask, 0, MBEDTLS_MD_MAX_SIZE); + memset(counter, 0, 4); - hlen = mbedtls_md_get_size( md_ctx->md_info ); + hlen = mbedtls_md_get_size(md_ctx->md_info); /* Generate and apply dbMask */ p = dst; - while( dlen > 0 ) - { + while (dlen > 0) { use_len = hlen; - if( dlen < hlen ) + if (dlen < hlen) { use_len = dlen; + } - if( ( ret = mbedtls_md_starts( md_ctx ) ) != 0 ) + if ((ret = mbedtls_md_starts(md_ctx)) != 0) { goto exit; - if( ( ret = mbedtls_md_update( md_ctx, src, slen ) ) != 0 ) + } + if ((ret = mbedtls_md_update(md_ctx, src, slen)) != 0) { goto exit; - if( ( ret = mbedtls_md_update( md_ctx, counter, 4 ) ) != 0 ) + } + if ((ret = mbedtls_md_update(md_ctx, counter, 4)) != 0) { goto exit; - if( ( ret = mbedtls_md_finish( md_ctx, mask ) ) != 0 ) + } + if ((ret = mbedtls_md_finish(md_ctx, mask)) != 0) { goto exit; + } - for( i = 0; i < use_len; ++i ) + for (i = 0; i < use_len; ++i) { *p++ ^= mask[i]; + } counter[3]++; @@ -1122,9 +1120,9 @@ static int mgf_mask( unsigned char *dst, size_t dlen, unsigned char *src, } exit: - mbedtls_platform_zeroize( mask, sizeof( mask ) ); + mbedtls_platform_zeroize(mask, sizeof(mask)); - return( ret ); + return ret; } #endif /* MBEDTLS_PKCS1_V21 */ @@ -1132,14 +1130,14 @@ exit: /* * Implementation of the PKCS#1 v2.1 RSAES-OAEP-ENCRYPT function */ -int mbedtls_rsa_rsaes_oaep_encrypt( mbedtls_rsa_context *ctx, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng, - int mode, - const unsigned char *label, size_t label_len, - size_t ilen, - const unsigned char *input, - unsigned char *output ) +int mbedtls_rsa_rsaes_oaep_encrypt(mbedtls_rsa_context *ctx, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng, + int mode, + const unsigned char *label, size_t label_len, + size_t ilen, + const unsigned char *input, + unsigned char *output) { size_t olen; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; @@ -1148,72 +1146,83 @@ int mbedtls_rsa_rsaes_oaep_encrypt( mbedtls_rsa_context *ctx, const mbedtls_md_info_t *md_info; mbedtls_md_context_t md_ctx; - RSA_VALIDATE_RET( ctx != NULL ); - RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE || - mode == MBEDTLS_RSA_PUBLIC ); - RSA_VALIDATE_RET( output != NULL ); - RSA_VALIDATE_RET( ilen == 0 || input != NULL ); - RSA_VALIDATE_RET( label_len == 0 || label != NULL ); + RSA_VALIDATE_RET(ctx != NULL); + RSA_VALIDATE_RET(mode == MBEDTLS_RSA_PRIVATE || + mode == MBEDTLS_RSA_PUBLIC); + RSA_VALIDATE_RET(output != NULL); + RSA_VALIDATE_RET(ilen == 0 || input != NULL); + RSA_VALIDATE_RET(label_len == 0 || label != NULL); - if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V21 ) - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + if (mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V21) { + return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; + } - if( f_rng == NULL ) - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + if (f_rng == NULL) { + return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; + } - md_info = mbedtls_md_info_from_type( (mbedtls_md_type_t) ctx->hash_id ); - if( md_info == NULL ) - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + md_info = mbedtls_md_info_from_type((mbedtls_md_type_t) ctx->hash_id); + if (md_info == NULL) { + return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; + } olen = ctx->len; - hlen = mbedtls_md_get_size( md_info ); + hlen = mbedtls_md_get_size(md_info); /* first comparison checks for overflow */ - if( ilen + 2 * hlen + 2 < ilen || olen < ilen + 2 * hlen + 2 ) - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + if (ilen + 2 * hlen + 2 < ilen || olen < ilen + 2 * hlen + 2) { + return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; + } - memset( output, 0, olen ); + memset(output, 0, olen); *p++ = 0; /* Generate a random octet string seed */ - if( ( ret = f_rng( p_rng, p, hlen ) ) != 0 ) - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_RSA_RNG_FAILED, ret ) ); + if ((ret = f_rng(p_rng, p, hlen)) != 0) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_RSA_RNG_FAILED, ret); + } p += hlen; /* Construct DB */ - if( ( ret = mbedtls_md( md_info, label, label_len, p ) ) != 0 ) - return( ret ); + if ((ret = mbedtls_md(md_info, label, label_len, p)) != 0) { + return ret; + } p += hlen; p += olen - 2 * hlen - 2 - ilen; *p++ = 1; - if( ilen != 0 ) - memcpy( p, input, ilen ); + if (ilen != 0) { + memcpy(p, input, ilen); + } - mbedtls_md_init( &md_ctx ); - if( ( ret = mbedtls_md_setup( &md_ctx, md_info, 0 ) ) != 0 ) + mbedtls_md_init(&md_ctx); + if ((ret = mbedtls_md_setup(&md_ctx, md_info, 0)) != 0) { goto exit; + } /* maskedDB: Apply dbMask to DB */ - if( ( ret = mgf_mask( output + hlen + 1, olen - hlen - 1, output + 1, hlen, - &md_ctx ) ) != 0 ) + if ((ret = mgf_mask(output + hlen + 1, olen - hlen - 1, output + 1, hlen, + &md_ctx)) != 0) { goto exit; + } /* maskedSeed: Apply seedMask to seed */ - if( ( ret = mgf_mask( output + 1, hlen, output + hlen + 1, olen - hlen - 1, - &md_ctx ) ) != 0 ) + if ((ret = mgf_mask(output + 1, hlen, output + hlen + 1, olen - hlen - 1, + &md_ctx)) != 0) { goto exit; + } exit: - mbedtls_md_free( &md_ctx ); + mbedtls_md_free(&md_ctx); - if( ret != 0 ) - return( ret ); + if (ret != 0) { + return ret; + } - return( ( mode == MBEDTLS_RSA_PUBLIC ) - ? mbedtls_rsa_public( ctx, output, output ) - : mbedtls_rsa_private( ctx, f_rng, p_rng, output, output ) ); + return (mode == MBEDTLS_RSA_PUBLIC) + ? mbedtls_rsa_public(ctx, output, output) + : mbedtls_rsa_private(ctx, f_rng, p_rng, output, output); } #endif /* MBEDTLS_PKCS1_V21 */ @@ -1221,107 +1230,108 @@ exit: /* * Implementation of the PKCS#1 v2.1 RSAES-PKCS1-V1_5-ENCRYPT function */ -int mbedtls_rsa_rsaes_pkcs1_v15_encrypt( mbedtls_rsa_context *ctx, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng, - int mode, size_t ilen, - const unsigned char *input, - unsigned char *output ) +int mbedtls_rsa_rsaes_pkcs1_v15_encrypt(mbedtls_rsa_context *ctx, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng, + int mode, size_t ilen, + const unsigned char *input, + unsigned char *output) { size_t nb_pad, olen; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char *p = output; - RSA_VALIDATE_RET( ctx != NULL ); - RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE || - mode == MBEDTLS_RSA_PUBLIC ); - RSA_VALIDATE_RET( output != NULL ); - RSA_VALIDATE_RET( ilen == 0 || input != NULL ); + RSA_VALIDATE_RET(ctx != NULL); + RSA_VALIDATE_RET(mode == MBEDTLS_RSA_PRIVATE || + mode == MBEDTLS_RSA_PUBLIC); + RSA_VALIDATE_RET(output != NULL); + RSA_VALIDATE_RET(ilen == 0 || input != NULL); - if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V15 ) - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + if (mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V15) { + return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; + } olen = ctx->len; /* first comparison checks for overflow */ - if( ilen + 11 < ilen || olen < ilen + 11 ) - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + if (ilen + 11 < ilen || olen < ilen + 11) { + return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; + } nb_pad = olen - 3 - ilen; *p++ = 0; - if( mode == MBEDTLS_RSA_PUBLIC ) - { - if( f_rng == NULL ) - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + if (mode == MBEDTLS_RSA_PUBLIC) { + if (f_rng == NULL) { + return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; + } *p++ = MBEDTLS_RSA_CRYPT; - while( nb_pad-- > 0 ) - { + while (nb_pad-- > 0) { int rng_dl = 100; do { - ret = f_rng( p_rng, p, 1 ); - } while( *p == 0 && --rng_dl && ret == 0 ); + ret = f_rng(p_rng, p, 1); + } while (*p == 0 && --rng_dl && ret == 0); /* Check if RNG failed to generate data */ - if( rng_dl == 0 || ret != 0 ) - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_RSA_RNG_FAILED, ret ) ); + if (rng_dl == 0 || ret != 0) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_RSA_RNG_FAILED, ret); + } p++; } - } - else - { + } else { *p++ = MBEDTLS_RSA_SIGN; - while( nb_pad-- > 0 ) + while (nb_pad-- > 0) { *p++ = 0xFF; + } } *p++ = 0; - if( ilen != 0 ) - memcpy( p, input, ilen ); + if (ilen != 0) { + memcpy(p, input, ilen); + } - return( ( mode == MBEDTLS_RSA_PUBLIC ) - ? mbedtls_rsa_public( ctx, output, output ) - : mbedtls_rsa_private( ctx, f_rng, p_rng, output, output ) ); + return (mode == MBEDTLS_RSA_PUBLIC) + ? mbedtls_rsa_public(ctx, output, output) + : mbedtls_rsa_private(ctx, f_rng, p_rng, output, output); } #endif /* MBEDTLS_PKCS1_V15 */ /* * Add the message padding, then do an RSA operation */ -int mbedtls_rsa_pkcs1_encrypt( mbedtls_rsa_context *ctx, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng, - int mode, size_t ilen, - const unsigned char *input, - unsigned char *output ) +int mbedtls_rsa_pkcs1_encrypt(mbedtls_rsa_context *ctx, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng, + int mode, size_t ilen, + const unsigned char *input, + unsigned char *output) { - RSA_VALIDATE_RET( ctx != NULL ); - RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE || - mode == MBEDTLS_RSA_PUBLIC ); - RSA_VALIDATE_RET( output != NULL ); - RSA_VALIDATE_RET( ilen == 0 || input != NULL ); - - switch( ctx->padding ) - { + RSA_VALIDATE_RET(ctx != NULL); + RSA_VALIDATE_RET(mode == MBEDTLS_RSA_PRIVATE || + mode == MBEDTLS_RSA_PUBLIC); + RSA_VALIDATE_RET(output != NULL); + RSA_VALIDATE_RET(ilen == 0 || input != NULL); + + switch (ctx->padding) { #if defined(MBEDTLS_PKCS1_V15) case MBEDTLS_RSA_PKCS_V15: - return mbedtls_rsa_rsaes_pkcs1_v15_encrypt( ctx, f_rng, p_rng, mode, ilen, - input, output ); + return mbedtls_rsa_rsaes_pkcs1_v15_encrypt(ctx, f_rng, p_rng, mode, ilen, + input, output); #endif #if defined(MBEDTLS_PKCS1_V21) case MBEDTLS_RSA_PKCS_V21: - return mbedtls_rsa_rsaes_oaep_encrypt( ctx, f_rng, p_rng, mode, NULL, 0, - ilen, input, output ); + return mbedtls_rsa_rsaes_oaep_encrypt(ctx, f_rng, p_rng, mode, NULL, 0, + ilen, input, output); #endif default: - return( MBEDTLS_ERR_RSA_INVALID_PADDING ); + return MBEDTLS_ERR_RSA_INVALID_PADDING; } } @@ -1329,15 +1339,15 @@ int mbedtls_rsa_pkcs1_encrypt( mbedtls_rsa_context *ctx, /* * Implementation of the PKCS#1 v2.1 RSAES-OAEP-DECRYPT function */ -int mbedtls_rsa_rsaes_oaep_decrypt( mbedtls_rsa_context *ctx, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng, - int mode, - const unsigned char *label, size_t label_len, - size_t *olen, - const unsigned char *input, - unsigned char *output, - size_t output_max_len ) +int mbedtls_rsa_rsaes_oaep_decrypt(mbedtls_rsa_context *ctx, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng, + int mode, + const unsigned char *label, size_t label_len, + size_t *olen, + const unsigned char *input, + unsigned char *output, + size_t output_max_len) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t ilen, i, pad_len; @@ -1348,71 +1358,75 @@ int mbedtls_rsa_rsaes_oaep_decrypt( mbedtls_rsa_context *ctx, const mbedtls_md_info_t *md_info; mbedtls_md_context_t md_ctx; - RSA_VALIDATE_RET( ctx != NULL ); - RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE || - mode == MBEDTLS_RSA_PUBLIC ); - RSA_VALIDATE_RET( output_max_len == 0 || output != NULL ); - RSA_VALIDATE_RET( label_len == 0 || label != NULL ); - RSA_VALIDATE_RET( input != NULL ); - RSA_VALIDATE_RET( olen != NULL ); + RSA_VALIDATE_RET(ctx != NULL); + RSA_VALIDATE_RET(mode == MBEDTLS_RSA_PRIVATE || + mode == MBEDTLS_RSA_PUBLIC); + RSA_VALIDATE_RET(output_max_len == 0 || output != NULL); + RSA_VALIDATE_RET(label_len == 0 || label != NULL); + RSA_VALIDATE_RET(input != NULL); + RSA_VALIDATE_RET(olen != NULL); /* * Parameters sanity checks */ - if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V21 ) - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + if (mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V21) { + return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; + } ilen = ctx->len; - if( ilen < 16 || ilen > sizeof( buf ) ) - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + if (ilen < 16 || ilen > sizeof(buf)) { + return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; + } - md_info = mbedtls_md_info_from_type( (mbedtls_md_type_t) ctx->hash_id ); - if( md_info == NULL ) - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + md_info = mbedtls_md_info_from_type((mbedtls_md_type_t) ctx->hash_id); + if (md_info == NULL) { + return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; + } - hlen = mbedtls_md_get_size( md_info ); + hlen = mbedtls_md_get_size(md_info); // checking for integer underflow - if( 2 * hlen + 2 > ilen ) - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + if (2 * hlen + 2 > ilen) { + return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; + } /* * RSA operation */ - ret = ( mode == MBEDTLS_RSA_PUBLIC ) - ? mbedtls_rsa_public( ctx, input, buf ) - : mbedtls_rsa_private( ctx, f_rng, p_rng, input, buf ); + ret = (mode == MBEDTLS_RSA_PUBLIC) + ? mbedtls_rsa_public(ctx, input, buf) + : mbedtls_rsa_private(ctx, f_rng, p_rng, input, buf); - if( ret != 0 ) + if (ret != 0) { goto cleanup; + } /* * Unmask data and generate lHash */ - mbedtls_md_init( &md_ctx ); - if( ( ret = mbedtls_md_setup( &md_ctx, md_info, 0 ) ) != 0 ) - { - mbedtls_md_free( &md_ctx ); + mbedtls_md_init(&md_ctx); + if ((ret = mbedtls_md_setup(&md_ctx, md_info, 0)) != 0) { + mbedtls_md_free(&md_ctx); goto cleanup; } /* seed: Apply seedMask to maskedSeed */ - if( ( ret = mgf_mask( buf + 1, hlen, buf + hlen + 1, ilen - hlen - 1, - &md_ctx ) ) != 0 || - /* DB: Apply dbMask to maskedDB */ - ( ret = mgf_mask( buf + hlen + 1, ilen - hlen - 1, buf + 1, hlen, - &md_ctx ) ) != 0 ) - { - mbedtls_md_free( &md_ctx ); + if ((ret = mgf_mask(buf + 1, hlen, buf + hlen + 1, ilen - hlen - 1, + &md_ctx)) != 0 || + /* DB: Apply dbMask to maskedDB */ + (ret = mgf_mask(buf + hlen + 1, ilen - hlen - 1, buf + 1, hlen, + &md_ctx)) != 0) { + mbedtls_md_free(&md_ctx); goto cleanup; } - mbedtls_md_free( &md_ctx ); + mbedtls_md_free(&md_ctx); /* Generate lHash */ - if( ( ret = mbedtls_md( md_info, label, label_len, lhash ) ) != 0 ) + if ((ret = mbedtls_md(md_info, label, label_len, lhash)) != 0) { goto cleanup; + } /* * Check contents, in "constant-time" @@ -1425,17 +1439,17 @@ int mbedtls_rsa_rsaes_oaep_decrypt( mbedtls_rsa_context *ctx, p += hlen; /* Skip seed */ /* Check lHash */ - for( i = 0; i < hlen; i++ ) + for (i = 0; i < hlen; i++) { bad |= lhash[i] ^ *p++; + } /* Get zero-padding len, but always read till end of buffer * (minus one, for the 01 byte) */ pad_len = 0; pad_done = 0; - for( i = 0; i < ilen - 2 * hlen - 2; i++ ) - { + for (i = 0; i < ilen - 2 * hlen - 2; i++) { pad_done |= p[i]; - pad_len += ((pad_done | (unsigned char)-pad_done) >> 7) ^ 1; + pad_len += ((pad_done | (unsigned char) -pad_done) >> 7) ^ 1; } p += pad_len; @@ -1447,28 +1461,27 @@ int mbedtls_rsa_rsaes_oaep_decrypt( mbedtls_rsa_context *ctx, * recommendations in PKCS#1 v2.2: an opponent cannot distinguish between * the different error conditions. */ - if( bad != 0 ) - { + if (bad != 0) { ret = MBEDTLS_ERR_RSA_INVALID_PADDING; goto cleanup; } - if( ilen - ( p - buf ) > output_max_len ) - { + if (ilen - (p - buf) > output_max_len) { ret = MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE; goto cleanup; } *olen = ilen - (p - buf); - if( *olen != 0 ) - memcpy( output, p, *olen ); + if (*olen != 0) { + memcpy(output, p, *olen); + } ret = 0; cleanup: - mbedtls_platform_zeroize( buf, sizeof( buf ) ); - mbedtls_platform_zeroize( lhash, sizeof( lhash ) ); + mbedtls_platform_zeroize(buf, sizeof(buf)); + mbedtls_platform_zeroize(lhash, sizeof(lhash)); - return( ret ); + return ret; } #endif /* MBEDTLS_PKCS1_V21 */ @@ -1476,99 +1489,101 @@ cleanup: /* * Implementation of the PKCS#1 v2.1 RSAES-PKCS1-V1_5-DECRYPT function */ -int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng, - int mode, - size_t *olen, - const unsigned char *input, - unsigned char *output, - size_t output_max_len ) +int mbedtls_rsa_rsaes_pkcs1_v15_decrypt(mbedtls_rsa_context *ctx, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng, + int mode, + size_t *olen, + const unsigned char *input, + unsigned char *output, + size_t output_max_len) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t ilen; unsigned char buf[MBEDTLS_MPI_MAX_SIZE]; - RSA_VALIDATE_RET( ctx != NULL ); - RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE || - mode == MBEDTLS_RSA_PUBLIC ); - RSA_VALIDATE_RET( output_max_len == 0 || output != NULL ); - RSA_VALIDATE_RET( input != NULL ); - RSA_VALIDATE_RET( olen != NULL ); + RSA_VALIDATE_RET(ctx != NULL); + RSA_VALIDATE_RET(mode == MBEDTLS_RSA_PRIVATE || + mode == MBEDTLS_RSA_PUBLIC); + RSA_VALIDATE_RET(output_max_len == 0 || output != NULL); + RSA_VALIDATE_RET(input != NULL); + RSA_VALIDATE_RET(olen != NULL); ilen = ctx->len; - if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V15 ) - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + if (mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V15) { + return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; + } - if( ilen < 16 || ilen > sizeof( buf ) ) - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + if (ilen < 16 || ilen > sizeof(buf)) { + return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; + } - ret = ( mode == MBEDTLS_RSA_PUBLIC ) - ? mbedtls_rsa_public( ctx, input, buf ) - : mbedtls_rsa_private( ctx, f_rng, p_rng, input, buf ); + ret = (mode == MBEDTLS_RSA_PUBLIC) + ? mbedtls_rsa_public(ctx, input, buf) + : mbedtls_rsa_private(ctx, f_rng, p_rng, input, buf); - if( ret != 0 ) + if (ret != 0) { goto cleanup; + } - ret = mbedtls_ct_rsaes_pkcs1_v15_unpadding( mode, buf, ilen, - output, output_max_len, olen ); + ret = mbedtls_ct_rsaes_pkcs1_v15_unpadding(mode, buf, ilen, + output, output_max_len, olen); cleanup: - mbedtls_platform_zeroize( buf, sizeof( buf ) ); + mbedtls_platform_zeroize(buf, sizeof(buf)); - return( ret ); + return ret; } #endif /* MBEDTLS_PKCS1_V15 */ /* * Do an RSA operation, then remove the message padding */ -int mbedtls_rsa_pkcs1_decrypt( mbedtls_rsa_context *ctx, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng, - int mode, size_t *olen, - const unsigned char *input, - unsigned char *output, - size_t output_max_len) +int mbedtls_rsa_pkcs1_decrypt(mbedtls_rsa_context *ctx, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng, + int mode, size_t *olen, + const unsigned char *input, + unsigned char *output, + size_t output_max_len) { - RSA_VALIDATE_RET( ctx != NULL ); - RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE || - mode == MBEDTLS_RSA_PUBLIC ); - RSA_VALIDATE_RET( output_max_len == 0 || output != NULL ); - RSA_VALIDATE_RET( input != NULL ); - RSA_VALIDATE_RET( olen != NULL ); - - switch( ctx->padding ) - { + RSA_VALIDATE_RET(ctx != NULL); + RSA_VALIDATE_RET(mode == MBEDTLS_RSA_PRIVATE || + mode == MBEDTLS_RSA_PUBLIC); + RSA_VALIDATE_RET(output_max_len == 0 || output != NULL); + RSA_VALIDATE_RET(input != NULL); + RSA_VALIDATE_RET(olen != NULL); + + switch (ctx->padding) { #if defined(MBEDTLS_PKCS1_V15) case MBEDTLS_RSA_PKCS_V15: - return mbedtls_rsa_rsaes_pkcs1_v15_decrypt( ctx, f_rng, p_rng, mode, olen, - input, output, output_max_len ); + return mbedtls_rsa_rsaes_pkcs1_v15_decrypt(ctx, f_rng, p_rng, mode, olen, + input, output, output_max_len); #endif #if defined(MBEDTLS_PKCS1_V21) case MBEDTLS_RSA_PKCS_V21: - return mbedtls_rsa_rsaes_oaep_decrypt( ctx, f_rng, p_rng, mode, NULL, 0, - olen, input, output, - output_max_len ); + return mbedtls_rsa_rsaes_oaep_decrypt(ctx, f_rng, p_rng, mode, NULL, 0, + olen, input, output, + output_max_len); #endif default: - return( MBEDTLS_ERR_RSA_INVALID_PADDING ); + return MBEDTLS_ERR_RSA_INVALID_PADDING; } } #if defined(MBEDTLS_PKCS1_V21) -static int rsa_rsassa_pss_sign( mbedtls_rsa_context *ctx, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng, - int mode, - mbedtls_md_type_t md_alg, - unsigned int hashlen, - const unsigned char *hash, - int saltlen, - unsigned char *sig ) +static int rsa_rsassa_pss_sign(mbedtls_rsa_context *ctx, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng, + int mode, + mbedtls_md_type_t md_alg, + unsigned int hashlen, + const unsigned char *hash, + int saltlen, + unsigned char *sig) { size_t olen; unsigned char *p = sig; @@ -1578,152 +1593,161 @@ static int rsa_rsassa_pss_sign( mbedtls_rsa_context *ctx, size_t msb; const mbedtls_md_info_t *md_info; mbedtls_md_context_t md_ctx; - RSA_VALIDATE_RET( ctx != NULL ); - RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE || - mode == MBEDTLS_RSA_PUBLIC ); - RSA_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE && - hashlen == 0 ) || - hash != NULL ); - RSA_VALIDATE_RET( sig != NULL ); + RSA_VALIDATE_RET(ctx != NULL); + RSA_VALIDATE_RET(mode == MBEDTLS_RSA_PRIVATE || + mode == MBEDTLS_RSA_PUBLIC); + RSA_VALIDATE_RET((md_alg == MBEDTLS_MD_NONE && + hashlen == 0) || + hash != NULL); + RSA_VALIDATE_RET(sig != NULL); - if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V21 ) - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + if (mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V21) { + return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; + } - if( f_rng == NULL ) - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + if (f_rng == NULL) { + return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; + } olen = ctx->len; - if( md_alg != MBEDTLS_MD_NONE ) - { + if (md_alg != MBEDTLS_MD_NONE) { /* Gather length of hash to sign */ - md_info = mbedtls_md_info_from_type( md_alg ); - if( md_info == NULL ) - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + md_info = mbedtls_md_info_from_type(md_alg); + if (md_info == NULL) { + return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; + } - hashlen = mbedtls_md_get_size( md_info ); + hashlen = mbedtls_md_get_size(md_info); } - md_info = mbedtls_md_info_from_type( (mbedtls_md_type_t) ctx->hash_id ); - if( md_info == NULL ) - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + md_info = mbedtls_md_info_from_type((mbedtls_md_type_t) ctx->hash_id); + if (md_info == NULL) { + return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; + } - hlen = mbedtls_md_get_size( md_info ); + hlen = mbedtls_md_get_size(md_info); - if (saltlen == MBEDTLS_RSA_SALT_LEN_ANY) - { - /* Calculate the largest possible salt length, up to the hash size. - * Normally this is the hash length, which is the maximum salt length - * according to FIPS 185-4 §5.5 (e) and common practice. If there is not - * enough room, use the maximum salt length that fits. The constraint is - * that the hash length plus the salt length plus 2 bytes must be at most - * the key length. This complies with FIPS 186-4 §5.5 (e) and RFC 8017 - * (PKCS#1 v2.2) §9.1.1 step 3. */ + if (saltlen == MBEDTLS_RSA_SALT_LEN_ANY) { + /* Calculate the largest possible salt length, up to the hash size. + * Normally this is the hash length, which is the maximum salt length + * according to FIPS 185-4 §5.5 (e) and common practice. If there is not + * enough room, use the maximum salt length that fits. The constraint is + * that the hash length plus the salt length plus 2 bytes must be at most + * the key length. This complies with FIPS 186-4 §5.5 (e) and RFC 8017 + * (PKCS#1 v2.2) §9.1.1 step 3. */ min_slen = hlen - 2; - if( olen < hlen + min_slen + 2 ) - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); - else if( olen >= hlen + hlen + 2 ) + if (olen < hlen + min_slen + 2) { + return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; + } else if (olen >= hlen + hlen + 2) { slen = hlen; - else + } else { slen = olen - hlen - 2; - } - else if ( (saltlen < 0) || (saltlen + hlen + 2 > olen) ) - { - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); - } - else - { + } + } else if ((saltlen < 0) || (saltlen + hlen + 2 > olen)) { + return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; + } else { slen = (size_t) saltlen; } - memset( sig, 0, olen ); + memset(sig, 0, olen); /* Note: EMSA-PSS encoding is over the length of N - 1 bits */ - msb = mbedtls_mpi_bitlen( &ctx->N ) - 1; + msb = mbedtls_mpi_bitlen(&ctx->N) - 1; p += olen - hlen - slen - 2; *p++ = 0x01; /* Generate salt of length slen in place in the encoded message */ salt = p; - if( ( ret = f_rng( p_rng, salt, slen ) ) != 0 ) - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_RSA_RNG_FAILED, ret ) ); + if ((ret = f_rng(p_rng, salt, slen)) != 0) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_RSA_RNG_FAILED, ret); + } p += slen; - mbedtls_md_init( &md_ctx ); - if( ( ret = mbedtls_md_setup( &md_ctx, md_info, 0 ) ) != 0 ) + mbedtls_md_init(&md_ctx); + if ((ret = mbedtls_md_setup(&md_ctx, md_info, 0)) != 0) { goto exit; + } /* Generate H = Hash( M' ) */ - if( ( ret = mbedtls_md_starts( &md_ctx ) ) != 0 ) + if ((ret = mbedtls_md_starts(&md_ctx)) != 0) { goto exit; - if( ( ret = mbedtls_md_update( &md_ctx, p, 8 ) ) != 0 ) + } + if ((ret = mbedtls_md_update(&md_ctx, p, 8)) != 0) { goto exit; - if( ( ret = mbedtls_md_update( &md_ctx, hash, hashlen ) ) != 0 ) + } + if ((ret = mbedtls_md_update(&md_ctx, hash, hashlen)) != 0) { goto exit; - if( ( ret = mbedtls_md_update( &md_ctx, salt, slen ) ) != 0 ) + } + if ((ret = mbedtls_md_update(&md_ctx, salt, slen)) != 0) { goto exit; - if( ( ret = mbedtls_md_finish( &md_ctx, p ) ) != 0 ) + } + if ((ret = mbedtls_md_finish(&md_ctx, p)) != 0) { goto exit; + } /* Compensate for boundary condition when applying mask */ - if( msb % 8 == 0 ) + if (msb % 8 == 0) { offset = 1; + } /* maskedDB: Apply dbMask to DB */ - if( ( ret = mgf_mask( sig + offset, olen - hlen - 1 - offset, p, hlen, - &md_ctx ) ) != 0 ) + if ((ret = mgf_mask(sig + offset, olen - hlen - 1 - offset, p, hlen, + &md_ctx)) != 0) { goto exit; + } - msb = mbedtls_mpi_bitlen( &ctx->N ) - 1; - sig[0] &= 0xFF >> ( olen * 8 - msb ); + msb = mbedtls_mpi_bitlen(&ctx->N) - 1; + sig[0] &= 0xFF >> (olen * 8 - msb); p += hlen; *p++ = 0xBC; exit: - mbedtls_md_free( &md_ctx ); + mbedtls_md_free(&md_ctx); - if( ret != 0 ) - return( ret ); + if (ret != 0) { + return ret; + } - return( ( mode == MBEDTLS_RSA_PUBLIC ) - ? mbedtls_rsa_public( ctx, sig, sig ) - : mbedtls_rsa_private( ctx, f_rng, p_rng, sig, sig ) ); + return (mode == MBEDTLS_RSA_PUBLIC) + ? mbedtls_rsa_public(ctx, sig, sig) + : mbedtls_rsa_private(ctx, f_rng, p_rng, sig, sig); } /* * Implementation of the PKCS#1 v2.1 RSASSA-PSS-SIGN function with * the option to pass in the salt length. */ -int mbedtls_rsa_rsassa_pss_sign_ext( mbedtls_rsa_context *ctx, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng, - mbedtls_md_type_t md_alg, - unsigned int hashlen, - const unsigned char *hash, - int saltlen, - unsigned char *sig ) +int mbedtls_rsa_rsassa_pss_sign_ext(mbedtls_rsa_context *ctx, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng, + mbedtls_md_type_t md_alg, + unsigned int hashlen, + const unsigned char *hash, + int saltlen, + unsigned char *sig) { - return rsa_rsassa_pss_sign( ctx, f_rng, p_rng, MBEDTLS_RSA_PRIVATE, md_alg, - hashlen, hash, saltlen, sig ); + return rsa_rsassa_pss_sign(ctx, f_rng, p_rng, MBEDTLS_RSA_PRIVATE, md_alg, + hashlen, hash, saltlen, sig); } /* * Implementation of the PKCS#1 v2.1 RSASSA-PSS-SIGN function */ -int mbedtls_rsa_rsassa_pss_sign( mbedtls_rsa_context *ctx, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng, - int mode, - mbedtls_md_type_t md_alg, - unsigned int hashlen, - const unsigned char *hash, - unsigned char *sig ) +int mbedtls_rsa_rsassa_pss_sign(mbedtls_rsa_context *ctx, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng, + int mode, + mbedtls_md_type_t md_alg, + unsigned int hashlen, + const unsigned char *hash, + unsigned char *sig) { - return rsa_rsassa_pss_sign( ctx, f_rng, p_rng, mode, md_alg, - hashlen, hash, MBEDTLS_RSA_SALT_LEN_ANY, sig ); + return rsa_rsassa_pss_sign(ctx, f_rng, p_rng, mode, md_alg, + hashlen, hash, MBEDTLS_RSA_SALT_LEN_ANY, sig); } #endif /* MBEDTLS_PKCS1_V21 */ @@ -1750,11 +1774,11 @@ int mbedtls_rsa_rsassa_pss_sign( mbedtls_rsa_context *ctx, * - dst points to a buffer of size at least dst_len. * */ -static int rsa_rsassa_pkcs1_v15_encode( mbedtls_md_type_t md_alg, - unsigned int hashlen, - const unsigned char *hash, - size_t dst_len, - unsigned char *dst ) +static int rsa_rsassa_pkcs1_v15_encode(mbedtls_md_type_t md_alg, + unsigned int hashlen, + const unsigned char *hash, + size_t dst_len, + unsigned char *dst) { size_t oid_size = 0; size_t nb_pad = dst_len; @@ -1762,23 +1786,25 @@ static int rsa_rsassa_pkcs1_v15_encode( mbedtls_md_type_t md_alg, const char *oid = NULL; /* Are we signing hashed or raw data? */ - if( md_alg != MBEDTLS_MD_NONE ) - { - const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type( md_alg ); - if( md_info == NULL ) - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + if (md_alg != MBEDTLS_MD_NONE) { + const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type(md_alg); + if (md_info == NULL) { + return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; + } - if( mbedtls_oid_get_oid_by_md( md_alg, &oid, &oid_size ) != 0 ) - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + if (mbedtls_oid_get_oid_by_md(md_alg, &oid, &oid_size) != 0) { + return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; + } - hashlen = mbedtls_md_get_size( md_info ); + hashlen = mbedtls_md_get_size(md_info); /* Double-check that 8 + hashlen + oid_size can be used as a * 1-byte ASN.1 length encoding and that there's no overflow. */ - if( 8 + hashlen + oid_size >= 0x80 || + if (8 + hashlen + oid_size >= 0x80 || 10 + hashlen < hashlen || - 10 + hashlen + oid_size < 10 + hashlen ) - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + 10 + hashlen + oid_size < 10 + hashlen) { + return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; + } /* * Static bounds check: @@ -1788,22 +1814,23 @@ static int rsa_rsassa_pkcs1_v15_encode( mbedtls_md_type_t md_alg, * - Need hashlen bytes for hash * - Need oid_size bytes for hash alg OID. */ - if( nb_pad < 10 + hashlen + oid_size ) - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + if (nb_pad < 10 + hashlen + oid_size) { + return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; + } nb_pad -= 10 + hashlen + oid_size; - } - else - { - if( nb_pad < hashlen ) - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + } else { + if (nb_pad < hashlen) { + return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; + } nb_pad -= hashlen; } /* Need space for signature header and padding delimiter (3 bytes), * and 8 bytes for the minimal padding */ - if( nb_pad < 3 + 8 ) - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + if (nb_pad < 3 + 8) { + return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; + } nb_pad -= 3; /* Now nb_pad is the amount of memory to be filled @@ -1812,15 +1839,14 @@ static int rsa_rsassa_pkcs1_v15_encode( mbedtls_md_type_t md_alg, /* Write signature header and padding */ *p++ = 0; *p++ = MBEDTLS_RSA_SIGN; - memset( p, 0xFF, nb_pad ); + memset(p, 0xFF, nb_pad); p += nb_pad; *p++ = 0; /* Are we signing raw data? */ - if( md_alg == MBEDTLS_MD_NONE ) - { - memcpy( p, hash, hashlen ); - return( 0 ); + if (md_alg == MBEDTLS_MD_NONE) { + memcpy(p, hash, hashlen); + return 0; } /* Signing hashed data, add corresponding ASN.1 structure @@ -1837,73 +1863,73 @@ static int rsa_rsassa_pkcs1_v15_encode( mbedtls_md_type_t md_alg, * TAG-OCTET + LEN [ HASH ] ] */ *p++ = MBEDTLS_ASN1_SEQUENCE | MBEDTLS_ASN1_CONSTRUCTED; - *p++ = (unsigned char)( 0x08 + oid_size + hashlen ); + *p++ = (unsigned char) (0x08 + oid_size + hashlen); *p++ = MBEDTLS_ASN1_SEQUENCE | MBEDTLS_ASN1_CONSTRUCTED; - *p++ = (unsigned char)( 0x04 + oid_size ); + *p++ = (unsigned char) (0x04 + oid_size); *p++ = MBEDTLS_ASN1_OID; *p++ = (unsigned char) oid_size; - memcpy( p, oid, oid_size ); + memcpy(p, oid, oid_size); p += oid_size; *p++ = MBEDTLS_ASN1_NULL; *p++ = 0x00; *p++ = MBEDTLS_ASN1_OCTET_STRING; *p++ = (unsigned char) hashlen; - memcpy( p, hash, hashlen ); + memcpy(p, hash, hashlen); p += hashlen; /* Just a sanity-check, should be automatic * after the initial bounds check. */ - if( p != dst + dst_len ) - { - mbedtls_platform_zeroize( dst, dst_len ); - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + if (p != dst + dst_len) { + mbedtls_platform_zeroize(dst, dst_len); + return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; } - return( 0 ); + return 0; } /* * Do an RSA operation to sign the message digest */ -int mbedtls_rsa_rsassa_pkcs1_v15_sign( mbedtls_rsa_context *ctx, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng, - int mode, - mbedtls_md_type_t md_alg, - unsigned int hashlen, - const unsigned char *hash, - unsigned char *sig ) +int mbedtls_rsa_rsassa_pkcs1_v15_sign(mbedtls_rsa_context *ctx, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng, + int mode, + mbedtls_md_type_t md_alg, + unsigned int hashlen, + const unsigned char *hash, + unsigned char *sig) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char *sig_try = NULL, *verif = NULL; - RSA_VALIDATE_RET( ctx != NULL ); - RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE || - mode == MBEDTLS_RSA_PUBLIC ); - RSA_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE && - hashlen == 0 ) || - hash != NULL ); - RSA_VALIDATE_RET( sig != NULL ); + RSA_VALIDATE_RET(ctx != NULL); + RSA_VALIDATE_RET(mode == MBEDTLS_RSA_PRIVATE || + mode == MBEDTLS_RSA_PUBLIC); + RSA_VALIDATE_RET((md_alg == MBEDTLS_MD_NONE && + hashlen == 0) || + hash != NULL); + RSA_VALIDATE_RET(sig != NULL); - if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V15 ) - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + if (mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V15) { + return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; + } /* * Prepare PKCS1-v1.5 encoding (padding and hash identifier) */ - if( ( ret = rsa_rsassa_pkcs1_v15_encode( md_alg, hashlen, hash, - ctx->len, sig ) ) != 0 ) - return( ret ); + if ((ret = rsa_rsassa_pkcs1_v15_encode(md_alg, hashlen, hash, + ctx->len, sig)) != 0) { + return ret; + } /* * Call respective RSA primitive */ - if( mode == MBEDTLS_RSA_PUBLIC ) - { + if (mode == MBEDTLS_RSA_PUBLIC) { /* Skip verification on a public key operation */ - return( mbedtls_rsa_public( ctx, sig, sig ) ); + return mbedtls_rsa_public(ctx, sig, sig); } /* Private key operation @@ -1912,76 +1938,75 @@ int mbedtls_rsa_rsassa_pkcs1_v15_sign( mbedtls_rsa_context *ctx, * temporary buffer and check it before returning it. */ - sig_try = mbedtls_calloc( 1, ctx->len ); - if( sig_try == NULL ) - return( MBEDTLS_ERR_MPI_ALLOC_FAILED ); + sig_try = mbedtls_calloc(1, ctx->len); + if (sig_try == NULL) { + return MBEDTLS_ERR_MPI_ALLOC_FAILED; + } - verif = mbedtls_calloc( 1, ctx->len ); - if( verif == NULL ) - { - mbedtls_free( sig_try ); - return( MBEDTLS_ERR_MPI_ALLOC_FAILED ); + verif = mbedtls_calloc(1, ctx->len); + if (verif == NULL) { + mbedtls_free(sig_try); + return MBEDTLS_ERR_MPI_ALLOC_FAILED; } - MBEDTLS_MPI_CHK( mbedtls_rsa_private( ctx, f_rng, p_rng, sig, sig_try ) ); - MBEDTLS_MPI_CHK( mbedtls_rsa_public( ctx, sig_try, verif ) ); + MBEDTLS_MPI_CHK(mbedtls_rsa_private(ctx, f_rng, p_rng, sig, sig_try)); + MBEDTLS_MPI_CHK(mbedtls_rsa_public(ctx, sig_try, verif)); - if( mbedtls_ct_memcmp( verif, sig, ctx->len ) != 0 ) - { + if (mbedtls_ct_memcmp(verif, sig, ctx->len) != 0) { ret = MBEDTLS_ERR_RSA_PRIVATE_FAILED; goto cleanup; } - memcpy( sig, sig_try, ctx->len ); + memcpy(sig, sig_try, ctx->len); cleanup: - mbedtls_platform_zeroize( sig_try, ctx->len ); - mbedtls_platform_zeroize( verif, ctx->len ); - mbedtls_free( sig_try ); - mbedtls_free( verif ); - - if( ret != 0 ) - memset( sig, '!', ctx->len ); - return( ret ); + mbedtls_platform_zeroize(sig_try, ctx->len); + mbedtls_platform_zeroize(verif, ctx->len); + mbedtls_free(sig_try); + mbedtls_free(verif); + + if (ret != 0) { + memset(sig, '!', ctx->len); + } + return ret; } #endif /* MBEDTLS_PKCS1_V15 */ /* * Do an RSA operation to sign the message digest */ -int mbedtls_rsa_pkcs1_sign( mbedtls_rsa_context *ctx, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng, - int mode, - mbedtls_md_type_t md_alg, - unsigned int hashlen, - const unsigned char *hash, - unsigned char *sig ) +int mbedtls_rsa_pkcs1_sign(mbedtls_rsa_context *ctx, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng, + int mode, + mbedtls_md_type_t md_alg, + unsigned int hashlen, + const unsigned char *hash, + unsigned char *sig) { - RSA_VALIDATE_RET( ctx != NULL ); - RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE || - mode == MBEDTLS_RSA_PUBLIC ); - RSA_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE && - hashlen == 0 ) || - hash != NULL ); - RSA_VALIDATE_RET( sig != NULL ); - - switch( ctx->padding ) - { + RSA_VALIDATE_RET(ctx != NULL); + RSA_VALIDATE_RET(mode == MBEDTLS_RSA_PRIVATE || + mode == MBEDTLS_RSA_PUBLIC); + RSA_VALIDATE_RET((md_alg == MBEDTLS_MD_NONE && + hashlen == 0) || + hash != NULL); + RSA_VALIDATE_RET(sig != NULL); + + switch (ctx->padding) { #if defined(MBEDTLS_PKCS1_V15) case MBEDTLS_RSA_PKCS_V15: - return mbedtls_rsa_rsassa_pkcs1_v15_sign( ctx, f_rng, p_rng, mode, md_alg, - hashlen, hash, sig ); + return mbedtls_rsa_rsassa_pkcs1_v15_sign(ctx, f_rng, p_rng, mode, md_alg, + hashlen, hash, sig); #endif #if defined(MBEDTLS_PKCS1_V21) case MBEDTLS_RSA_PKCS_V21: - return mbedtls_rsa_rsassa_pss_sign( ctx, f_rng, p_rng, mode, md_alg, - hashlen, hash, sig ); + return mbedtls_rsa_rsassa_pss_sign(ctx, f_rng, p_rng, mode, md_alg, + hashlen, hash, sig); #endif default: - return( MBEDTLS_ERR_RSA_INVALID_PADDING ); + return MBEDTLS_ERR_RSA_INVALID_PADDING; } } @@ -1989,16 +2014,16 @@ int mbedtls_rsa_pkcs1_sign( mbedtls_rsa_context *ctx, /* * Implementation of the PKCS#1 v2.1 RSASSA-PSS-VERIFY function */ -int mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_rsa_context *ctx, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng, - int mode, - mbedtls_md_type_t md_alg, - unsigned int hashlen, - const unsigned char *hash, - mbedtls_md_type_t mgf1_hash_id, - int expected_salt_len, - const unsigned char *sig ) +int mbedtls_rsa_rsassa_pss_verify_ext(mbedtls_rsa_context *ctx, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng, + int mode, + mbedtls_md_type_t md_alg, + unsigned int hashlen, + const unsigned char *hash, + mbedtls_md_type_t mgf1_hash_id, + int expected_salt_len, + const unsigned char *sig) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t siglen; @@ -2012,95 +2037,102 @@ int mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_rsa_context *ctx, mbedtls_md_context_t md_ctx; unsigned char buf[MBEDTLS_MPI_MAX_SIZE]; - RSA_VALIDATE_RET( ctx != NULL ); - RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE || - mode == MBEDTLS_RSA_PUBLIC ); - RSA_VALIDATE_RET( sig != NULL ); - RSA_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE && - hashlen == 0 ) || - hash != NULL ); + RSA_VALIDATE_RET(ctx != NULL); + RSA_VALIDATE_RET(mode == MBEDTLS_RSA_PRIVATE || + mode == MBEDTLS_RSA_PUBLIC); + RSA_VALIDATE_RET(sig != NULL); + RSA_VALIDATE_RET((md_alg == MBEDTLS_MD_NONE && + hashlen == 0) || + hash != NULL); - if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V21 ) - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + if (mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V21) { + return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; + } siglen = ctx->len; - if( siglen < 16 || siglen > sizeof( buf ) ) - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + if (siglen < 16 || siglen > sizeof(buf)) { + return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; + } - ret = ( mode == MBEDTLS_RSA_PUBLIC ) - ? mbedtls_rsa_public( ctx, sig, buf ) - : mbedtls_rsa_private( ctx, f_rng, p_rng, sig, buf ); + ret = (mode == MBEDTLS_RSA_PUBLIC) + ? mbedtls_rsa_public(ctx, sig, buf) + : mbedtls_rsa_private(ctx, f_rng, p_rng, sig, buf); - if( ret != 0 ) - return( ret ); + if (ret != 0) { + return ret; + } p = buf; - if( buf[siglen - 1] != 0xBC ) - return( MBEDTLS_ERR_RSA_INVALID_PADDING ); + if (buf[siglen - 1] != 0xBC) { + return MBEDTLS_ERR_RSA_INVALID_PADDING; + } - if( md_alg != MBEDTLS_MD_NONE ) - { + if (md_alg != MBEDTLS_MD_NONE) { /* Gather length of hash to sign */ - md_info = mbedtls_md_info_from_type( md_alg ); - if( md_info == NULL ) - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + md_info = mbedtls_md_info_from_type(md_alg); + if (md_info == NULL) { + return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; + } - hashlen = mbedtls_md_get_size( md_info ); + hashlen = mbedtls_md_get_size(md_info); } - md_info = mbedtls_md_info_from_type( mgf1_hash_id ); - if( md_info == NULL ) - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + md_info = mbedtls_md_info_from_type(mgf1_hash_id); + if (md_info == NULL) { + return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; + } - hlen = mbedtls_md_get_size( md_info ); + hlen = mbedtls_md_get_size(md_info); - memset( zeros, 0, 8 ); + memset(zeros, 0, 8); /* * Note: EMSA-PSS verification is over the length of N - 1 bits */ - msb = mbedtls_mpi_bitlen( &ctx->N ) - 1; + msb = mbedtls_mpi_bitlen(&ctx->N) - 1; - if( buf[0] >> ( 8 - siglen * 8 + msb ) ) - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + if (buf[0] >> (8 - siglen * 8 + msb)) { + return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; + } /* Compensate for boundary condition when applying mask */ - if( msb % 8 == 0 ) - { + if (msb % 8 == 0) { p++; siglen -= 1; } - if( siglen < hlen + 2 ) - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + if (siglen < hlen + 2) { + return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; + } hash_start = p + siglen - hlen - 1; - mbedtls_md_init( &md_ctx ); - if( ( ret = mbedtls_md_setup( &md_ctx, md_info, 0 ) ) != 0 ) + mbedtls_md_init(&md_ctx); + if ((ret = mbedtls_md_setup(&md_ctx, md_info, 0)) != 0) { goto exit; + } - ret = mgf_mask( p, siglen - hlen - 1, hash_start, hlen, &md_ctx ); - if( ret != 0 ) + ret = mgf_mask(p, siglen - hlen - 1, hash_start, hlen, &md_ctx); + if (ret != 0) { goto exit; + } - buf[0] &= 0xFF >> ( siglen * 8 - msb ); + buf[0] &= 0xFF >> (siglen * 8 - msb); - while( p < hash_start - 1 && *p == 0 ) + while (p < hash_start - 1 && *p == 0) { p++; + } - if( *p++ != 0x01 ) - { + if (*p++ != 0x01) { ret = MBEDTLS_ERR_RSA_INVALID_PADDING; goto exit; } observed_salt_len = hash_start - p; - if( expected_salt_len != MBEDTLS_RSA_SALT_LEN_ANY && - observed_salt_len != (size_t) expected_salt_len ) - { + if (expected_salt_len != MBEDTLS_RSA_SALT_LEN_ANY && + observed_salt_len != (size_t) expected_salt_len) { ret = MBEDTLS_ERR_RSA_INVALID_PADDING; goto exit; } @@ -2108,63 +2140,67 @@ int mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_rsa_context *ctx, /* * Generate H = Hash( M' ) */ - ret = mbedtls_md_starts( &md_ctx ); - if ( ret != 0 ) + ret = mbedtls_md_starts(&md_ctx); + if (ret != 0) { goto exit; - ret = mbedtls_md_update( &md_ctx, zeros, 8 ); - if ( ret != 0 ) + } + ret = mbedtls_md_update(&md_ctx, zeros, 8); + if (ret != 0) { goto exit; - ret = mbedtls_md_update( &md_ctx, hash, hashlen ); - if ( ret != 0 ) + } + ret = mbedtls_md_update(&md_ctx, hash, hashlen); + if (ret != 0) { goto exit; - ret = mbedtls_md_update( &md_ctx, p, observed_salt_len ); - if ( ret != 0 ) + } + ret = mbedtls_md_update(&md_ctx, p, observed_salt_len); + if (ret != 0) { goto exit; - ret = mbedtls_md_finish( &md_ctx, result ); - if ( ret != 0 ) + } + ret = mbedtls_md_finish(&md_ctx, result); + if (ret != 0) { goto exit; + } - if( memcmp( hash_start, result, hlen ) != 0 ) - { + if (memcmp(hash_start, result, hlen) != 0) { ret = MBEDTLS_ERR_RSA_VERIFY_FAILED; goto exit; } exit: - mbedtls_md_free( &md_ctx ); + mbedtls_md_free(&md_ctx); - return( ret ); + return ret; } /* * Simplified PKCS#1 v2.1 RSASSA-PSS-VERIFY function */ -int mbedtls_rsa_rsassa_pss_verify( mbedtls_rsa_context *ctx, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng, - int mode, - mbedtls_md_type_t md_alg, - unsigned int hashlen, - const unsigned char *hash, - const unsigned char *sig ) +int mbedtls_rsa_rsassa_pss_verify(mbedtls_rsa_context *ctx, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng, + int mode, + mbedtls_md_type_t md_alg, + unsigned int hashlen, + const unsigned char *hash, + const unsigned char *sig) { mbedtls_md_type_t mgf1_hash_id; - RSA_VALIDATE_RET( ctx != NULL ); - RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE || - mode == MBEDTLS_RSA_PUBLIC ); - RSA_VALIDATE_RET( sig != NULL ); - RSA_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE && - hashlen == 0 ) || - hash != NULL ); - - mgf1_hash_id = ( ctx->hash_id != MBEDTLS_MD_NONE ) + RSA_VALIDATE_RET(ctx != NULL); + RSA_VALIDATE_RET(mode == MBEDTLS_RSA_PRIVATE || + mode == MBEDTLS_RSA_PUBLIC); + RSA_VALIDATE_RET(sig != NULL); + RSA_VALIDATE_RET((md_alg == MBEDTLS_MD_NONE && + hashlen == 0) || + hash != NULL); + + mgf1_hash_id = (ctx->hash_id != MBEDTLS_MD_NONE) ? (mbedtls_md_type_t) ctx->hash_id : md_alg; - return( mbedtls_rsa_rsassa_pss_verify_ext( ctx, f_rng, p_rng, mode, - md_alg, hashlen, hash, - mgf1_hash_id, MBEDTLS_RSA_SALT_LEN_ANY, - sig ) ); + return mbedtls_rsa_rsassa_pss_verify_ext(ctx, f_rng, p_rng, mode, + md_alg, hashlen, hash, + mgf1_hash_id, MBEDTLS_RSA_SALT_LEN_ANY, + sig); } #endif /* MBEDTLS_PKCS1_V21 */ @@ -2173,196 +2209,195 @@ int mbedtls_rsa_rsassa_pss_verify( mbedtls_rsa_context *ctx, /* * Implementation of the PKCS#1 v2.1 RSASSA-PKCS1-v1_5-VERIFY function */ -int mbedtls_rsa_rsassa_pkcs1_v15_verify( mbedtls_rsa_context *ctx, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng, - int mode, - mbedtls_md_type_t md_alg, - unsigned int hashlen, - const unsigned char *hash, - const unsigned char *sig ) +int mbedtls_rsa_rsassa_pkcs1_v15_verify(mbedtls_rsa_context *ctx, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng, + int mode, + mbedtls_md_type_t md_alg, + unsigned int hashlen, + const unsigned char *hash, + const unsigned char *sig) { int ret = 0; size_t sig_len; unsigned char *encoded = NULL, *encoded_expected = NULL; - RSA_VALIDATE_RET( ctx != NULL ); - RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE || - mode == MBEDTLS_RSA_PUBLIC ); - RSA_VALIDATE_RET( sig != NULL ); - RSA_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE && - hashlen == 0 ) || - hash != NULL ); + RSA_VALIDATE_RET(ctx != NULL); + RSA_VALIDATE_RET(mode == MBEDTLS_RSA_PRIVATE || + mode == MBEDTLS_RSA_PUBLIC); + RSA_VALIDATE_RET(sig != NULL); + RSA_VALIDATE_RET((md_alg == MBEDTLS_MD_NONE && + hashlen == 0) || + hash != NULL); sig_len = ctx->len; - if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V15 ) - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + if (mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V15) { + return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; + } /* * Prepare expected PKCS1 v1.5 encoding of hash. */ - if( ( encoded = mbedtls_calloc( 1, sig_len ) ) == NULL || - ( encoded_expected = mbedtls_calloc( 1, sig_len ) ) == NULL ) - { + if ((encoded = mbedtls_calloc(1, sig_len)) == NULL || + (encoded_expected = mbedtls_calloc(1, sig_len)) == NULL) { ret = MBEDTLS_ERR_MPI_ALLOC_FAILED; goto cleanup; } - if( ( ret = rsa_rsassa_pkcs1_v15_encode( md_alg, hashlen, hash, sig_len, - encoded_expected ) ) != 0 ) + if ((ret = rsa_rsassa_pkcs1_v15_encode(md_alg, hashlen, hash, sig_len, + encoded_expected)) != 0) { goto cleanup; + } /* * Apply RSA primitive to get what should be PKCS1 encoded hash. */ - ret = ( mode == MBEDTLS_RSA_PUBLIC ) - ? mbedtls_rsa_public( ctx, sig, encoded ) - : mbedtls_rsa_private( ctx, f_rng, p_rng, sig, encoded ); - if( ret != 0 ) + ret = (mode == MBEDTLS_RSA_PUBLIC) + ? mbedtls_rsa_public(ctx, sig, encoded) + : mbedtls_rsa_private(ctx, f_rng, p_rng, sig, encoded); + if (ret != 0) { goto cleanup; + } /* * Compare */ - if( ( ret = mbedtls_ct_memcmp( encoded, encoded_expected, - sig_len ) ) != 0 ) - { + if ((ret = mbedtls_ct_memcmp(encoded, encoded_expected, + sig_len)) != 0) { ret = MBEDTLS_ERR_RSA_VERIFY_FAILED; goto cleanup; } cleanup: - if( encoded != NULL ) - { - mbedtls_platform_zeroize( encoded, sig_len ); - mbedtls_free( encoded ); + if (encoded != NULL) { + mbedtls_platform_zeroize(encoded, sig_len); + mbedtls_free(encoded); } - if( encoded_expected != NULL ) - { - mbedtls_platform_zeroize( encoded_expected, sig_len ); - mbedtls_free( encoded_expected ); + if (encoded_expected != NULL) { + mbedtls_platform_zeroize(encoded_expected, sig_len); + mbedtls_free(encoded_expected); } - return( ret ); + return ret; } #endif /* MBEDTLS_PKCS1_V15 */ /* * Do an RSA operation and check the message digest */ -int mbedtls_rsa_pkcs1_verify( mbedtls_rsa_context *ctx, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng, - int mode, - mbedtls_md_type_t md_alg, - unsigned int hashlen, - const unsigned char *hash, - const unsigned char *sig ) +int mbedtls_rsa_pkcs1_verify(mbedtls_rsa_context *ctx, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng, + int mode, + mbedtls_md_type_t md_alg, + unsigned int hashlen, + const unsigned char *hash, + const unsigned char *sig) { - RSA_VALIDATE_RET( ctx != NULL ); - RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE || - mode == MBEDTLS_RSA_PUBLIC ); - RSA_VALIDATE_RET( sig != NULL ); - RSA_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE && - hashlen == 0 ) || - hash != NULL ); - - switch( ctx->padding ) - { + RSA_VALIDATE_RET(ctx != NULL); + RSA_VALIDATE_RET(mode == MBEDTLS_RSA_PRIVATE || + mode == MBEDTLS_RSA_PUBLIC); + RSA_VALIDATE_RET(sig != NULL); + RSA_VALIDATE_RET((md_alg == MBEDTLS_MD_NONE && + hashlen == 0) || + hash != NULL); + + switch (ctx->padding) { #if defined(MBEDTLS_PKCS1_V15) case MBEDTLS_RSA_PKCS_V15: - return mbedtls_rsa_rsassa_pkcs1_v15_verify( ctx, f_rng, p_rng, mode, md_alg, - hashlen, hash, sig ); + return mbedtls_rsa_rsassa_pkcs1_v15_verify(ctx, f_rng, p_rng, mode, md_alg, + hashlen, hash, sig); #endif #if defined(MBEDTLS_PKCS1_V21) case MBEDTLS_RSA_PKCS_V21: - return mbedtls_rsa_rsassa_pss_verify( ctx, f_rng, p_rng, mode, md_alg, - hashlen, hash, sig ); + return mbedtls_rsa_rsassa_pss_verify(ctx, f_rng, p_rng, mode, md_alg, + hashlen, hash, sig); #endif default: - return( MBEDTLS_ERR_RSA_INVALID_PADDING ); + return MBEDTLS_ERR_RSA_INVALID_PADDING; } } /* * Copy the components of an RSA key */ -int mbedtls_rsa_copy( mbedtls_rsa_context *dst, const mbedtls_rsa_context *src ) +int mbedtls_rsa_copy(mbedtls_rsa_context *dst, const mbedtls_rsa_context *src) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - RSA_VALIDATE_RET( dst != NULL ); - RSA_VALIDATE_RET( src != NULL ); + RSA_VALIDATE_RET(dst != NULL); + RSA_VALIDATE_RET(src != NULL); dst->len = src->len; - MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->N, &src->N ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->E, &src->E ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&dst->N, &src->N)); + MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&dst->E, &src->E)); - MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->D, &src->D ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->P, &src->P ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->Q, &src->Q ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&dst->D, &src->D)); + MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&dst->P, &src->P)); + MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&dst->Q, &src->Q)); #if !defined(MBEDTLS_RSA_NO_CRT) - MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->DP, &src->DP ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->DQ, &src->DQ ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->QP, &src->QP ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->RP, &src->RP ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->RQ, &src->RQ ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&dst->DP, &src->DP)); + MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&dst->DQ, &src->DQ)); + MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&dst->QP, &src->QP)); + MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&dst->RP, &src->RP)); + MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&dst->RQ, &src->RQ)); #endif - MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->RN, &src->RN ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&dst->RN, &src->RN)); - MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->Vi, &src->Vi ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->Vf, &src->Vf ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&dst->Vi, &src->Vi)); + MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&dst->Vf, &src->Vf)); dst->padding = src->padding; dst->hash_id = src->hash_id; cleanup: - if( ret != 0 ) - mbedtls_rsa_free( dst ); + if (ret != 0) { + mbedtls_rsa_free(dst); + } - return( ret ); + return ret; } /* * Free the components of an RSA key */ -void mbedtls_rsa_free( mbedtls_rsa_context *ctx ) +void mbedtls_rsa_free(mbedtls_rsa_context *ctx) { - if( ctx == NULL ) + if (ctx == NULL) { return; + } - mbedtls_mpi_free( &ctx->Vi ); - mbedtls_mpi_free( &ctx->Vf ); - mbedtls_mpi_free( &ctx->RN ); - mbedtls_mpi_free( &ctx->D ); - mbedtls_mpi_free( &ctx->Q ); - mbedtls_mpi_free( &ctx->P ); - mbedtls_mpi_free( &ctx->E ); - mbedtls_mpi_free( &ctx->N ); + mbedtls_mpi_free(&ctx->Vi); + mbedtls_mpi_free(&ctx->Vf); + mbedtls_mpi_free(&ctx->RN); + mbedtls_mpi_free(&ctx->D); + mbedtls_mpi_free(&ctx->Q); + mbedtls_mpi_free(&ctx->P); + mbedtls_mpi_free(&ctx->E); + mbedtls_mpi_free(&ctx->N); #if !defined(MBEDTLS_RSA_NO_CRT) - mbedtls_mpi_free( &ctx->RQ ); - mbedtls_mpi_free( &ctx->RP ); - mbedtls_mpi_free( &ctx->QP ); - mbedtls_mpi_free( &ctx->DQ ); - mbedtls_mpi_free( &ctx->DP ); + mbedtls_mpi_free(&ctx->RQ); + mbedtls_mpi_free(&ctx->RP); + mbedtls_mpi_free(&ctx->QP); + mbedtls_mpi_free(&ctx->DQ); + mbedtls_mpi_free(&ctx->DP); #endif /* MBEDTLS_RSA_NO_CRT */ #if defined(MBEDTLS_THREADING_C) /* Free the mutex, but only if it hasn't been freed already. */ - if( ctx->ver != 0 ) - { - mbedtls_mutex_free( &ctx->mutex ); + if (ctx->ver != 0) { + mbedtls_mutex_free(&ctx->mutex); ctx->ver = 0; } #endif @@ -2414,31 +2449,34 @@ void mbedtls_rsa_free( mbedtls_rsa_context *ctx ) "\x11\x22\x33\x0A\x0B\x0C\xCC\xDD\xDD\xDD\xDD\xDD" #if defined(MBEDTLS_PKCS1_V15) -static int myrand( void *rng_state, unsigned char *output, size_t len ) +static int myrand(void *rng_state, unsigned char *output, size_t len) { #if !defined(__OpenBSD__) && !defined(__NetBSD__) size_t i; - if( rng_state != NULL ) + if (rng_state != NULL) { rng_state = NULL; + } - for( i = 0; i < len; ++i ) + for (i = 0; i < len; ++i) { output[i] = rand(); + } #else - if( rng_state != NULL ) + if (rng_state != NULL) { rng_state = NULL; + } - arc4random_buf( output, len ); + arc4random_buf(output, len); #endif /* !OpenBSD && !NetBSD */ - return( 0 ); + return 0; } #endif /* MBEDTLS_PKCS1_V15 */ /* * Checkup routine */ -int mbedtls_rsa_self_test( int verbose ) +int mbedtls_rsa_self_test(int verbose) { int ret = 0; #if defined(MBEDTLS_PKCS1_V15) @@ -2453,128 +2491,136 @@ int mbedtls_rsa_self_test( int verbose ) mbedtls_mpi K; - mbedtls_mpi_init( &K ); - mbedtls_rsa_init( &rsa, MBEDTLS_RSA_PKCS_V15, 0 ); + mbedtls_mpi_init(&K); + mbedtls_rsa_init(&rsa, MBEDTLS_RSA_PKCS_V15, 0); - MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &K, 16, RSA_N ) ); - MBEDTLS_MPI_CHK( mbedtls_rsa_import( &rsa, &K, NULL, NULL, NULL, NULL ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &K, 16, RSA_P ) ); - MBEDTLS_MPI_CHK( mbedtls_rsa_import( &rsa, NULL, &K, NULL, NULL, NULL ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &K, 16, RSA_Q ) ); - MBEDTLS_MPI_CHK( mbedtls_rsa_import( &rsa, NULL, NULL, &K, NULL, NULL ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &K, 16, RSA_D ) ); - MBEDTLS_MPI_CHK( mbedtls_rsa_import( &rsa, NULL, NULL, NULL, &K, NULL ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &K, 16, RSA_E ) ); - MBEDTLS_MPI_CHK( mbedtls_rsa_import( &rsa, NULL, NULL, NULL, NULL, &K ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_read_string(&K, 16, RSA_N)); + MBEDTLS_MPI_CHK(mbedtls_rsa_import(&rsa, &K, NULL, NULL, NULL, NULL)); + MBEDTLS_MPI_CHK(mbedtls_mpi_read_string(&K, 16, RSA_P)); + MBEDTLS_MPI_CHK(mbedtls_rsa_import(&rsa, NULL, &K, NULL, NULL, NULL)); + MBEDTLS_MPI_CHK(mbedtls_mpi_read_string(&K, 16, RSA_Q)); + MBEDTLS_MPI_CHK(mbedtls_rsa_import(&rsa, NULL, NULL, &K, NULL, NULL)); + MBEDTLS_MPI_CHK(mbedtls_mpi_read_string(&K, 16, RSA_D)); + MBEDTLS_MPI_CHK(mbedtls_rsa_import(&rsa, NULL, NULL, NULL, &K, NULL)); + MBEDTLS_MPI_CHK(mbedtls_mpi_read_string(&K, 16, RSA_E)); + MBEDTLS_MPI_CHK(mbedtls_rsa_import(&rsa, NULL, NULL, NULL, NULL, &K)); - MBEDTLS_MPI_CHK( mbedtls_rsa_complete( &rsa ) ); + MBEDTLS_MPI_CHK(mbedtls_rsa_complete(&rsa)); - if( verbose != 0 ) - mbedtls_printf( " RSA key validation: " ); + if (verbose != 0) { + mbedtls_printf(" RSA key validation: "); + } - if( mbedtls_rsa_check_pubkey( &rsa ) != 0 || - mbedtls_rsa_check_privkey( &rsa ) != 0 ) - { - if( verbose != 0 ) - mbedtls_printf( "failed\n" ); + if (mbedtls_rsa_check_pubkey(&rsa) != 0 || + mbedtls_rsa_check_privkey(&rsa) != 0) { + if (verbose != 0) { + mbedtls_printf("failed\n"); + } ret = 1; goto cleanup; } - if( verbose != 0 ) - mbedtls_printf( "passed\n PKCS#1 encryption : " ); + if (verbose != 0) { + mbedtls_printf("passed\n PKCS#1 encryption : "); + } - memcpy( rsa_plaintext, RSA_PT, PT_LEN ); + memcpy(rsa_plaintext, RSA_PT, PT_LEN); - if( mbedtls_rsa_pkcs1_encrypt( &rsa, myrand, NULL, MBEDTLS_RSA_PUBLIC, - PT_LEN, rsa_plaintext, - rsa_ciphertext ) != 0 ) - { - if( verbose != 0 ) - mbedtls_printf( "failed\n" ); + if (mbedtls_rsa_pkcs1_encrypt(&rsa, myrand, NULL, MBEDTLS_RSA_PUBLIC, + PT_LEN, rsa_plaintext, + rsa_ciphertext) != 0) { + if (verbose != 0) { + mbedtls_printf("failed\n"); + } ret = 1; goto cleanup; } - if( verbose != 0 ) - mbedtls_printf( "passed\n PKCS#1 decryption : " ); + if (verbose != 0) { + mbedtls_printf("passed\n PKCS#1 decryption : "); + } - if( mbedtls_rsa_pkcs1_decrypt( &rsa, myrand, NULL, MBEDTLS_RSA_PRIVATE, - &len, rsa_ciphertext, rsa_decrypted, - sizeof(rsa_decrypted) ) != 0 ) - { - if( verbose != 0 ) - mbedtls_printf( "failed\n" ); + if (mbedtls_rsa_pkcs1_decrypt(&rsa, myrand, NULL, MBEDTLS_RSA_PRIVATE, + &len, rsa_ciphertext, rsa_decrypted, + sizeof(rsa_decrypted)) != 0) { + if (verbose != 0) { + mbedtls_printf("failed\n"); + } ret = 1; goto cleanup; } - if( memcmp( rsa_decrypted, rsa_plaintext, len ) != 0 ) - { - if( verbose != 0 ) - mbedtls_printf( "failed\n" ); + if (memcmp(rsa_decrypted, rsa_plaintext, len) != 0) { + if (verbose != 0) { + mbedtls_printf("failed\n"); + } ret = 1; goto cleanup; } - if( verbose != 0 ) - mbedtls_printf( "passed\n" ); + if (verbose != 0) { + mbedtls_printf("passed\n"); + } #if defined(MBEDTLS_SHA1_C) - if( verbose != 0 ) - mbedtls_printf( " PKCS#1 data sign : " ); + if (verbose != 0) { + mbedtls_printf(" PKCS#1 data sign : "); + } - if( mbedtls_sha1_ret( rsa_plaintext, PT_LEN, sha1sum ) != 0 ) - { - if( verbose != 0 ) - mbedtls_printf( "failed\n" ); + if (mbedtls_sha1_ret(rsa_plaintext, PT_LEN, sha1sum) != 0) { + if (verbose != 0) { + mbedtls_printf("failed\n"); + } - return( 1 ); + return 1; } - if( mbedtls_rsa_pkcs1_sign( &rsa, myrand, NULL, - MBEDTLS_RSA_PRIVATE, MBEDTLS_MD_SHA1, 0, - sha1sum, rsa_ciphertext ) != 0 ) - { - if( verbose != 0 ) - mbedtls_printf( "failed\n" ); + if (mbedtls_rsa_pkcs1_sign(&rsa, myrand, NULL, + MBEDTLS_RSA_PRIVATE, MBEDTLS_MD_SHA1, 0, + sha1sum, rsa_ciphertext) != 0) { + if (verbose != 0) { + mbedtls_printf("failed\n"); + } ret = 1; goto cleanup; } - if( verbose != 0 ) - mbedtls_printf( "passed\n PKCS#1 sig. verify: " ); + if (verbose != 0) { + mbedtls_printf("passed\n PKCS#1 sig. verify: "); + } - if( mbedtls_rsa_pkcs1_verify( &rsa, NULL, NULL, - MBEDTLS_RSA_PUBLIC, MBEDTLS_MD_SHA1, 0, - sha1sum, rsa_ciphertext ) != 0 ) - { - if( verbose != 0 ) - mbedtls_printf( "failed\n" ); + if (mbedtls_rsa_pkcs1_verify(&rsa, NULL, NULL, + MBEDTLS_RSA_PUBLIC, MBEDTLS_MD_SHA1, 0, + sha1sum, rsa_ciphertext) != 0) { + if (verbose != 0) { + mbedtls_printf("failed\n"); + } ret = 1; goto cleanup; } - if( verbose != 0 ) - mbedtls_printf( "passed\n" ); + if (verbose != 0) { + mbedtls_printf("passed\n"); + } #endif /* MBEDTLS_SHA1_C */ - if( verbose != 0 ) - mbedtls_printf( "\n" ); + if (verbose != 0) { + mbedtls_printf("\n"); + } cleanup: - mbedtls_mpi_free( &K ); - mbedtls_rsa_free( &rsa ); + mbedtls_mpi_free(&K); + mbedtls_rsa_free(&rsa); #else /* MBEDTLS_PKCS1_V15 */ ((void) verbose); #endif /* MBEDTLS_PKCS1_V15 */ - return( ret ); + return ret; } #endif /* MBEDTLS_SELF_TEST */ diff --git a/thirdparty/mbedtls/library/rsa_internal.c b/thirdparty/mbedtls/library/rsa_internal.c index d6ba97a14b..2ff51c34b7 100644 --- a/thirdparty/mbedtls/library/rsa_internal.c +++ b/thirdparty/mbedtls/library/rsa_internal.c @@ -59,9 +59,9 @@ * of (a) and (b) above to attempt to factor N. * */ -int mbedtls_rsa_deduce_primes( mbedtls_mpi const *N, - mbedtls_mpi const *E, mbedtls_mpi const *D, - mbedtls_mpi *P, mbedtls_mpi *Q ) +int mbedtls_rsa_deduce_primes(mbedtls_mpi const *N, + mbedtls_mpi const *E, mbedtls_mpi const *D, + mbedtls_mpi *P, mbedtls_mpi *Q) { int ret = 0; @@ -74,48 +74,46 @@ int mbedtls_rsa_deduce_primes( mbedtls_mpi const *N, mbedtls_mpi K; /* Temporary holding the current candidate */ const unsigned char primes[] = { 2, - 3, 5, 7, 11, 13, 17, 19, 23, - 29, 31, 37, 41, 43, 47, 53, 59, - 61, 67, 71, 73, 79, 83, 89, 97, - 101, 103, 107, 109, 113, 127, 131, 137, - 139, 149, 151, 157, 163, 167, 173, 179, - 181, 191, 193, 197, 199, 211, 223, 227, - 229, 233, 239, 241, 251 - }; - - const size_t num_primes = sizeof( primes ) / sizeof( *primes ); - - if( P == NULL || Q == NULL || P->p != NULL || Q->p != NULL ) - return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA ); - - if( mbedtls_mpi_cmp_int( N, 0 ) <= 0 || - mbedtls_mpi_cmp_int( D, 1 ) <= 0 || - mbedtls_mpi_cmp_mpi( D, N ) >= 0 || - mbedtls_mpi_cmp_int( E, 1 ) <= 0 || - mbedtls_mpi_cmp_mpi( E, N ) >= 0 ) - { - return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA ); + 3, 5, 7, 11, 13, 17, 19, 23, + 29, 31, 37, 41, 43, 47, 53, 59, + 61, 67, 71, 73, 79, 83, 89, 97, + 101, 103, 107, 109, 113, 127, 131, 137, + 139, 149, 151, 157, 163, 167, 173, 179, + 181, 191, 193, 197, 199, 211, 223, 227, + 229, 233, 239, 241, 251 }; + + const size_t num_primes = sizeof(primes) / sizeof(*primes); + + if (P == NULL || Q == NULL || P->p != NULL || Q->p != NULL) { + return MBEDTLS_ERR_MPI_BAD_INPUT_DATA; + } + + if (mbedtls_mpi_cmp_int(N, 0) <= 0 || + mbedtls_mpi_cmp_int(D, 1) <= 0 || + mbedtls_mpi_cmp_mpi(D, N) >= 0 || + mbedtls_mpi_cmp_int(E, 1) <= 0 || + mbedtls_mpi_cmp_mpi(E, N) >= 0) { + return MBEDTLS_ERR_MPI_BAD_INPUT_DATA; } /* * Initializations and temporary changes */ - mbedtls_mpi_init( &K ); - mbedtls_mpi_init( &T ); + mbedtls_mpi_init(&K); + mbedtls_mpi_init(&T); /* T := DE - 1 */ - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &T, D, E ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &T, &T, 1 ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&T, D, E)); + MBEDTLS_MPI_CHK(mbedtls_mpi_sub_int(&T, &T, 1)); - if( ( order = (uint16_t) mbedtls_mpi_lsb( &T ) ) == 0 ) - { + if ((order = (uint16_t) mbedtls_mpi_lsb(&T)) == 0) { ret = MBEDTLS_ERR_MPI_BAD_INPUT_DATA; goto cleanup; } /* After this operation, T holds the largest odd divisor of DE - 1. */ - MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &T, order ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_shift_r(&T, order)); /* * Actual work @@ -123,49 +121,49 @@ int mbedtls_rsa_deduce_primes( mbedtls_mpi const *N, /* Skip trying 2 if N == 1 mod 8 */ attempt = 0; - if( N->p[0] % 8 == 1 ) + if (N->p[0] % 8 == 1) { attempt = 1; + } - for( ; attempt < num_primes; ++attempt ) - { - mbedtls_mpi_lset( &K, primes[attempt] ); + for (; attempt < num_primes; ++attempt) { + mbedtls_mpi_lset(&K, primes[attempt]); /* Check if gcd(K,N) = 1 */ - MBEDTLS_MPI_CHK( mbedtls_mpi_gcd( P, &K, N ) ); - if( mbedtls_mpi_cmp_int( P, 1 ) != 0 ) + MBEDTLS_MPI_CHK(mbedtls_mpi_gcd(P, &K, N)); + if (mbedtls_mpi_cmp_int(P, 1) != 0) { continue; + } /* Go through K^T + 1, K^(2T) + 1, K^(4T) + 1, ... * and check whether they have nontrivial GCD with N. */ - MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &K, &K, &T, N, - Q /* temporarily use Q for storing Montgomery - * multiplication helper values */ ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_exp_mod(&K, &K, &T, N, + Q /* temporarily use Q for storing Montgomery + * multiplication helper values */)); - for( iter = 1; iter <= order; ++iter ) - { + for (iter = 1; iter <= order; ++iter) { /* If we reach 1 prematurely, there's no point * in continuing to square K */ - if( mbedtls_mpi_cmp_int( &K, 1 ) == 0 ) + if (mbedtls_mpi_cmp_int(&K, 1) == 0) { break; + } - MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( &K, &K, 1 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_gcd( P, &K, N ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_add_int(&K, &K, 1)); + MBEDTLS_MPI_CHK(mbedtls_mpi_gcd(P, &K, N)); - if( mbedtls_mpi_cmp_int( P, 1 ) == 1 && - mbedtls_mpi_cmp_mpi( P, N ) == -1 ) - { + if (mbedtls_mpi_cmp_int(P, 1) == 1 && + mbedtls_mpi_cmp_mpi(P, N) == -1) { /* * Have found a nontrivial divisor P of N. * Set Q := N / P. */ - MBEDTLS_MPI_CHK( mbedtls_mpi_div_mpi( Q, NULL, N, P ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_div_mpi(Q, NULL, N, P)); goto cleanup; } - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &K, &K, 1 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &K, &K, &K ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &K, &K, N ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_sub_int(&K, &K, 1)); + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&K, &K, &K)); + MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(&K, &K, N)); } /* @@ -175,8 +173,7 @@ int mbedtls_rsa_deduce_primes( mbedtls_mpi const *N, * Check if that's the case and abort if not, to avoid very long, * yet eventually failing, computations if N,D,E were not sane. */ - if( mbedtls_mpi_cmp_int( &K, 1 ) != 0 ) - { + if (mbedtls_mpi_cmp_int(&K, 1) != 0) { break; } } @@ -185,125 +182,116 @@ int mbedtls_rsa_deduce_primes( mbedtls_mpi const *N, cleanup: - mbedtls_mpi_free( &K ); - mbedtls_mpi_free( &T ); - return( ret ); + mbedtls_mpi_free(&K); + mbedtls_mpi_free(&T); + return ret; } /* * Given P, Q and the public exponent E, deduce D. * This is essentially a modular inversion. */ -int mbedtls_rsa_deduce_private_exponent( mbedtls_mpi const *P, - mbedtls_mpi const *Q, - mbedtls_mpi const *E, - mbedtls_mpi *D ) +int mbedtls_rsa_deduce_private_exponent(mbedtls_mpi const *P, + mbedtls_mpi const *Q, + mbedtls_mpi const *E, + mbedtls_mpi *D) { int ret = 0; mbedtls_mpi K, L; - if( D == NULL || mbedtls_mpi_cmp_int( D, 0 ) != 0 ) - return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA ); + if (D == NULL || mbedtls_mpi_cmp_int(D, 0) != 0) { + return MBEDTLS_ERR_MPI_BAD_INPUT_DATA; + } - if( mbedtls_mpi_cmp_int( P, 1 ) <= 0 || - mbedtls_mpi_cmp_int( Q, 1 ) <= 0 || - mbedtls_mpi_cmp_int( E, 0 ) == 0 ) - { - return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA ); + if (mbedtls_mpi_cmp_int(P, 1) <= 0 || + mbedtls_mpi_cmp_int(Q, 1) <= 0 || + mbedtls_mpi_cmp_int(E, 0) == 0) { + return MBEDTLS_ERR_MPI_BAD_INPUT_DATA; } - mbedtls_mpi_init( &K ); - mbedtls_mpi_init( &L ); + mbedtls_mpi_init(&K); + mbedtls_mpi_init(&L); /* Temporarily put K := P-1 and L := Q-1 */ - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &K, P, 1 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &L, Q, 1 ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_sub_int(&K, P, 1)); + MBEDTLS_MPI_CHK(mbedtls_mpi_sub_int(&L, Q, 1)); /* Temporarily put D := gcd(P-1, Q-1) */ - MBEDTLS_MPI_CHK( mbedtls_mpi_gcd( D, &K, &L ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_gcd(D, &K, &L)); /* K := LCM(P-1, Q-1) */ - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &K, &K, &L ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_div_mpi( &K, NULL, &K, D ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&K, &K, &L)); + MBEDTLS_MPI_CHK(mbedtls_mpi_div_mpi(&K, NULL, &K, D)); /* Compute modular inverse of E in LCM(P-1, Q-1) */ - MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( D, E, &K ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_inv_mod(D, E, &K)); cleanup: - mbedtls_mpi_free( &K ); - mbedtls_mpi_free( &L ); + mbedtls_mpi_free(&K); + mbedtls_mpi_free(&L); - return( ret ); + return ret; } /* * Check that RSA CRT parameters are in accordance with core parameters. */ -int mbedtls_rsa_validate_crt( const mbedtls_mpi *P, const mbedtls_mpi *Q, - const mbedtls_mpi *D, const mbedtls_mpi *DP, - const mbedtls_mpi *DQ, const mbedtls_mpi *QP ) +int mbedtls_rsa_validate_crt(const mbedtls_mpi *P, const mbedtls_mpi *Q, + const mbedtls_mpi *D, const mbedtls_mpi *DP, + const mbedtls_mpi *DQ, const mbedtls_mpi *QP) { int ret = 0; mbedtls_mpi K, L; - mbedtls_mpi_init( &K ); - mbedtls_mpi_init( &L ); + mbedtls_mpi_init(&K); + mbedtls_mpi_init(&L); /* Check that DP - D == 0 mod P - 1 */ - if( DP != NULL ) - { - if( P == NULL ) - { + if (DP != NULL) { + if (P == NULL) { ret = MBEDTLS_ERR_RSA_BAD_INPUT_DATA; goto cleanup; } - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &K, P, 1 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &L, DP, D ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &L, &L, &K ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_sub_int(&K, P, 1)); + MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mpi(&L, DP, D)); + MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(&L, &L, &K)); - if( mbedtls_mpi_cmp_int( &L, 0 ) != 0 ) - { + if (mbedtls_mpi_cmp_int(&L, 0) != 0) { ret = MBEDTLS_ERR_RSA_KEY_CHECK_FAILED; goto cleanup; } } /* Check that DQ - D == 0 mod Q - 1 */ - if( DQ != NULL ) - { - if( Q == NULL ) - { + if (DQ != NULL) { + if (Q == NULL) { ret = MBEDTLS_ERR_RSA_BAD_INPUT_DATA; goto cleanup; } - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &K, Q, 1 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &L, DQ, D ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &L, &L, &K ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_sub_int(&K, Q, 1)); + MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mpi(&L, DQ, D)); + MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(&L, &L, &K)); - if( mbedtls_mpi_cmp_int( &L, 0 ) != 0 ) - { + if (mbedtls_mpi_cmp_int(&L, 0) != 0) { ret = MBEDTLS_ERR_RSA_KEY_CHECK_FAILED; goto cleanup; } } /* Check that QP * Q - 1 == 0 mod P */ - if( QP != NULL ) - { - if( P == NULL || Q == NULL ) - { + if (QP != NULL) { + if (P == NULL || Q == NULL) { ret = MBEDTLS_ERR_RSA_BAD_INPUT_DATA; goto cleanup; } - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &K, QP, Q ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &K, &K, 1 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &K, &K, P ) ); - if( mbedtls_mpi_cmp_int( &K, 0 ) != 0 ) - { + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&K, QP, Q)); + MBEDTLS_MPI_CHK(mbedtls_mpi_sub_int(&K, &K, 1)); + MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(&K, &K, P)); + if (mbedtls_mpi_cmp_int(&K, 0) != 0) { ret = MBEDTLS_ERR_RSA_KEY_CHECK_FAILED; goto cleanup; } @@ -312,33 +300,32 @@ int mbedtls_rsa_validate_crt( const mbedtls_mpi *P, const mbedtls_mpi *Q, cleanup: /* Wrap MPI error codes by RSA check failure error code */ - if( ret != 0 && + if (ret != 0 && ret != MBEDTLS_ERR_RSA_KEY_CHECK_FAILED && - ret != MBEDTLS_ERR_RSA_BAD_INPUT_DATA ) - { + ret != MBEDTLS_ERR_RSA_BAD_INPUT_DATA) { ret += MBEDTLS_ERR_RSA_KEY_CHECK_FAILED; } - mbedtls_mpi_free( &K ); - mbedtls_mpi_free( &L ); + mbedtls_mpi_free(&K); + mbedtls_mpi_free(&L); - return( ret ); + return ret; } /* * Check that core RSA parameters are sane. */ -int mbedtls_rsa_validate_params( const mbedtls_mpi *N, const mbedtls_mpi *P, - const mbedtls_mpi *Q, const mbedtls_mpi *D, - const mbedtls_mpi *E, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ) +int mbedtls_rsa_validate_params(const mbedtls_mpi *N, const mbedtls_mpi *P, + const mbedtls_mpi *Q, const mbedtls_mpi *D, + const mbedtls_mpi *E, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng) { int ret = 0; mbedtls_mpi K, L; - mbedtls_mpi_init( &K ); - mbedtls_mpi_init( &L ); + mbedtls_mpi_init(&K); + mbedtls_mpi_init(&L); /* * Step 1: If PRNG provided, check that P and Q are prime @@ -350,16 +337,14 @@ int mbedtls_rsa_validate_params( const mbedtls_mpi *N, const mbedtls_mpi *P, * rate of at most 2^-100 and we are aiming for the same certainty here as * well. */ - if( f_rng != NULL && P != NULL && - ( ret = mbedtls_mpi_is_prime_ext( P, 50, f_rng, p_rng ) ) != 0 ) - { + if (f_rng != NULL && P != NULL && + (ret = mbedtls_mpi_is_prime_ext(P, 50, f_rng, p_rng)) != 0) { ret = MBEDTLS_ERR_RSA_KEY_CHECK_FAILED; goto cleanup; } - if( f_rng != NULL && Q != NULL && - ( ret = mbedtls_mpi_is_prime_ext( Q, 50, f_rng, p_rng ) ) != 0 ) - { + if (f_rng != NULL && Q != NULL && + (ret = mbedtls_mpi_is_prime_ext(Q, 50, f_rng, p_rng)) != 0) { ret = MBEDTLS_ERR_RSA_KEY_CHECK_FAILED; goto cleanup; } @@ -372,12 +357,10 @@ int mbedtls_rsa_validate_params( const mbedtls_mpi *N, const mbedtls_mpi *P, * Step 2: Check that 1 < N = P * Q */ - if( P != NULL && Q != NULL && N != NULL ) - { - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &K, P, Q ) ); - if( mbedtls_mpi_cmp_int( N, 1 ) <= 0 || - mbedtls_mpi_cmp_mpi( &K, N ) != 0 ) - { + if (P != NULL && Q != NULL && N != NULL) { + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&K, P, Q)); + if (mbedtls_mpi_cmp_int(N, 1) <= 0 || + mbedtls_mpi_cmp_mpi(&K, N) != 0) { ret = MBEDTLS_ERR_RSA_KEY_CHECK_FAILED; goto cleanup; } @@ -387,13 +370,11 @@ int mbedtls_rsa_validate_params( const mbedtls_mpi *N, const mbedtls_mpi *P, * Step 3: Check and 1 < D, E < N if present. */ - if( N != NULL && D != NULL && E != NULL ) - { - if ( mbedtls_mpi_cmp_int( D, 1 ) <= 0 || - mbedtls_mpi_cmp_int( E, 1 ) <= 0 || - mbedtls_mpi_cmp_mpi( D, N ) >= 0 || - mbedtls_mpi_cmp_mpi( E, N ) >= 0 ) - { + if (N != NULL && D != NULL && E != NULL) { + if (mbedtls_mpi_cmp_int(D, 1) <= 0 || + mbedtls_mpi_cmp_int(E, 1) <= 0 || + mbedtls_mpi_cmp_mpi(D, N) >= 0 || + mbedtls_mpi_cmp_mpi(E, N) >= 0) { ret = MBEDTLS_ERR_RSA_KEY_CHECK_FAILED; goto cleanup; } @@ -403,33 +384,29 @@ int mbedtls_rsa_validate_params( const mbedtls_mpi *N, const mbedtls_mpi *P, * Step 4: Check that D, E are inverse modulo P-1 and Q-1 */ - if( P != NULL && Q != NULL && D != NULL && E != NULL ) - { - if( mbedtls_mpi_cmp_int( P, 1 ) <= 0 || - mbedtls_mpi_cmp_int( Q, 1 ) <= 0 ) - { + if (P != NULL && Q != NULL && D != NULL && E != NULL) { + if (mbedtls_mpi_cmp_int(P, 1) <= 0 || + mbedtls_mpi_cmp_int(Q, 1) <= 0) { ret = MBEDTLS_ERR_RSA_KEY_CHECK_FAILED; goto cleanup; } /* Compute DE-1 mod P-1 */ - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &K, D, E ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &K, &K, 1 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &L, P, 1 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &K, &K, &L ) ); - if( mbedtls_mpi_cmp_int( &K, 0 ) != 0 ) - { + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&K, D, E)); + MBEDTLS_MPI_CHK(mbedtls_mpi_sub_int(&K, &K, 1)); + MBEDTLS_MPI_CHK(mbedtls_mpi_sub_int(&L, P, 1)); + MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(&K, &K, &L)); + if (mbedtls_mpi_cmp_int(&K, 0) != 0) { ret = MBEDTLS_ERR_RSA_KEY_CHECK_FAILED; goto cleanup; } /* Compute DE-1 mod Q-1 */ - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &K, D, E ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &K, &K, 1 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &L, Q, 1 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &K, &K, &L ) ); - if( mbedtls_mpi_cmp_int( &K, 0 ) != 0 ) - { + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&K, D, E)); + MBEDTLS_MPI_CHK(mbedtls_mpi_sub_int(&K, &K, 1)); + MBEDTLS_MPI_CHK(mbedtls_mpi_sub_int(&L, Q, 1)); + MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(&K, &K, &L)); + if (mbedtls_mpi_cmp_int(&K, 0) != 0) { ret = MBEDTLS_ERR_RSA_KEY_CHECK_FAILED; goto cleanup; } @@ -437,50 +414,46 @@ int mbedtls_rsa_validate_params( const mbedtls_mpi *N, const mbedtls_mpi *P, cleanup: - mbedtls_mpi_free( &K ); - mbedtls_mpi_free( &L ); + mbedtls_mpi_free(&K); + mbedtls_mpi_free(&L); /* Wrap MPI error codes by RSA check failure error code */ - if( ret != 0 && ret != MBEDTLS_ERR_RSA_KEY_CHECK_FAILED ) - { + if (ret != 0 && ret != MBEDTLS_ERR_RSA_KEY_CHECK_FAILED) { ret += MBEDTLS_ERR_RSA_KEY_CHECK_FAILED; } - return( ret ); + return ret; } -int mbedtls_rsa_deduce_crt( const mbedtls_mpi *P, const mbedtls_mpi *Q, - const mbedtls_mpi *D, mbedtls_mpi *DP, - mbedtls_mpi *DQ, mbedtls_mpi *QP ) +int mbedtls_rsa_deduce_crt(const mbedtls_mpi *P, const mbedtls_mpi *Q, + const mbedtls_mpi *D, mbedtls_mpi *DP, + mbedtls_mpi *DQ, mbedtls_mpi *QP) { int ret = 0; mbedtls_mpi K; - mbedtls_mpi_init( &K ); + mbedtls_mpi_init(&K); /* DP = D mod P-1 */ - if( DP != NULL ) - { - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &K, P, 1 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( DP, D, &K ) ); + if (DP != NULL) { + MBEDTLS_MPI_CHK(mbedtls_mpi_sub_int(&K, P, 1)); + MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(DP, D, &K)); } /* DQ = D mod Q-1 */ - if( DQ != NULL ) - { - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &K, Q, 1 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( DQ, D, &K ) ); + if (DQ != NULL) { + MBEDTLS_MPI_CHK(mbedtls_mpi_sub_int(&K, Q, 1)); + MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(DQ, D, &K)); } /* QP = Q^{-1} mod P */ - if( QP != NULL ) - { - MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( QP, Q, P ) ); + if (QP != NULL) { + MBEDTLS_MPI_CHK(mbedtls_mpi_inv_mod(QP, Q, P)); } cleanup: - mbedtls_mpi_free( &K ); + mbedtls_mpi_free(&K); - return( ret ); + return ret; } #endif /* MBEDTLS_RSA_C */ diff --git a/thirdparty/mbedtls/library/sha1.c b/thirdparty/mbedtls/library/sha1.c index 7f0c8757db..6da641427c 100644 --- a/thirdparty/mbedtls/library/sha1.c +++ b/thirdparty/mbedtls/library/sha1.c @@ -35,32 +35,33 @@ #include "mbedtls/platform.h" #define SHA1_VALIDATE_RET(cond) \ - MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_SHA1_BAD_INPUT_DATA ) + MBEDTLS_INTERNAL_VALIDATE_RET(cond, MBEDTLS_ERR_SHA1_BAD_INPUT_DATA) -#define SHA1_VALIDATE(cond) MBEDTLS_INTERNAL_VALIDATE( cond ) +#define SHA1_VALIDATE(cond) MBEDTLS_INTERNAL_VALIDATE(cond) #if !defined(MBEDTLS_SHA1_ALT) -void mbedtls_sha1_init( mbedtls_sha1_context *ctx ) +void mbedtls_sha1_init(mbedtls_sha1_context *ctx) { - SHA1_VALIDATE( ctx != NULL ); + SHA1_VALIDATE(ctx != NULL); - memset( ctx, 0, sizeof( mbedtls_sha1_context ) ); + memset(ctx, 0, sizeof(mbedtls_sha1_context)); } -void mbedtls_sha1_free( mbedtls_sha1_context *ctx ) +void mbedtls_sha1_free(mbedtls_sha1_context *ctx) { - if( ctx == NULL ) + if (ctx == NULL) { return; + } - mbedtls_platform_zeroize( ctx, sizeof( mbedtls_sha1_context ) ); + mbedtls_platform_zeroize(ctx, sizeof(mbedtls_sha1_context)); } -void mbedtls_sha1_clone( mbedtls_sha1_context *dst, - const mbedtls_sha1_context *src ) +void mbedtls_sha1_clone(mbedtls_sha1_context *dst, + const mbedtls_sha1_context *src) { - SHA1_VALIDATE( dst != NULL ); - SHA1_VALIDATE( src != NULL ); + SHA1_VALIDATE(dst != NULL); + SHA1_VALIDATE(src != NULL); *dst = *src; } @@ -68,9 +69,9 @@ void mbedtls_sha1_clone( mbedtls_sha1_context *dst, /* * SHA-1 context setup */ -int mbedtls_sha1_starts_ret( mbedtls_sha1_context *ctx ) +int mbedtls_sha1_starts_ret(mbedtls_sha1_context *ctx) { - SHA1_VALIDATE_RET( ctx != NULL ); + SHA1_VALIDATE_RET(ctx != NULL); ctx->total[0] = 0; ctx->total[1] = 0; @@ -81,62 +82,61 @@ int mbedtls_sha1_starts_ret( mbedtls_sha1_context *ctx ) ctx->state[3] = 0x10325476; ctx->state[4] = 0xC3D2E1F0; - return( 0 ); + return 0; } #if !defined(MBEDTLS_DEPRECATED_REMOVED) -void mbedtls_sha1_starts( mbedtls_sha1_context *ctx ) +void mbedtls_sha1_starts(mbedtls_sha1_context *ctx) { - mbedtls_sha1_starts_ret( ctx ); + mbedtls_sha1_starts_ret(ctx); } #endif #if !defined(MBEDTLS_SHA1_PROCESS_ALT) -int mbedtls_internal_sha1_process( mbedtls_sha1_context *ctx, - const unsigned char data[64] ) +int mbedtls_internal_sha1_process(mbedtls_sha1_context *ctx, + const unsigned char data[64]) { - struct - { + struct { uint32_t temp, W[16], A, B, C, D, E; } local; - SHA1_VALIDATE_RET( ctx != NULL ); - SHA1_VALIDATE_RET( (const unsigned char *)data != NULL ); - - local.W[ 0] = MBEDTLS_GET_UINT32_BE( data, 0 ); - local.W[ 1] = MBEDTLS_GET_UINT32_BE( data, 4 ); - local.W[ 2] = MBEDTLS_GET_UINT32_BE( data, 8 ); - local.W[ 3] = MBEDTLS_GET_UINT32_BE( data, 12 ); - local.W[ 4] = MBEDTLS_GET_UINT32_BE( data, 16 ); - local.W[ 5] = MBEDTLS_GET_UINT32_BE( data, 20 ); - local.W[ 6] = MBEDTLS_GET_UINT32_BE( data, 24 ); - local.W[ 7] = MBEDTLS_GET_UINT32_BE( data, 28 ); - local.W[ 8] = MBEDTLS_GET_UINT32_BE( data, 32 ); - local.W[ 9] = MBEDTLS_GET_UINT32_BE( data, 36 ); - local.W[10] = MBEDTLS_GET_UINT32_BE( data, 40 ); - local.W[11] = MBEDTLS_GET_UINT32_BE( data, 44 ); - local.W[12] = MBEDTLS_GET_UINT32_BE( data, 48 ); - local.W[13] = MBEDTLS_GET_UINT32_BE( data, 52 ); - local.W[14] = MBEDTLS_GET_UINT32_BE( data, 56 ); - local.W[15] = MBEDTLS_GET_UINT32_BE( data, 60 ); - -#define S(x,n) (((x) << (n)) | (((x) & 0xFFFFFFFF) >> (32 - (n)))) + SHA1_VALIDATE_RET(ctx != NULL); + SHA1_VALIDATE_RET((const unsigned char *) data != NULL); + + local.W[0] = MBEDTLS_GET_UINT32_BE(data, 0); + local.W[1] = MBEDTLS_GET_UINT32_BE(data, 4); + local.W[2] = MBEDTLS_GET_UINT32_BE(data, 8); + local.W[3] = MBEDTLS_GET_UINT32_BE(data, 12); + local.W[4] = MBEDTLS_GET_UINT32_BE(data, 16); + local.W[5] = MBEDTLS_GET_UINT32_BE(data, 20); + local.W[6] = MBEDTLS_GET_UINT32_BE(data, 24); + local.W[7] = MBEDTLS_GET_UINT32_BE(data, 28); + local.W[8] = MBEDTLS_GET_UINT32_BE(data, 32); + local.W[9] = MBEDTLS_GET_UINT32_BE(data, 36); + local.W[10] = MBEDTLS_GET_UINT32_BE(data, 40); + local.W[11] = MBEDTLS_GET_UINT32_BE(data, 44); + local.W[12] = MBEDTLS_GET_UINT32_BE(data, 48); + local.W[13] = MBEDTLS_GET_UINT32_BE(data, 52); + local.W[14] = MBEDTLS_GET_UINT32_BE(data, 56); + local.W[15] = MBEDTLS_GET_UINT32_BE(data, 60); + +#define S(x, n) (((x) << (n)) | (((x) & 0xFFFFFFFF) >> (32 - (n)))) #define R(t) \ ( \ - local.temp = local.W[( (t) - 3 ) & 0x0F] ^ \ - local.W[( (t) - 8 ) & 0x0F] ^ \ - local.W[( (t) - 14 ) & 0x0F] ^ \ - local.W[ (t) & 0x0F], \ - ( local.W[(t) & 0x0F] = S(local.temp,1) ) \ + local.temp = local.W[((t) - 3) & 0x0F] ^ \ + local.W[((t) - 8) & 0x0F] ^ \ + local.W[((t) - 14) & 0x0F] ^ \ + local.W[(t) & 0x0F], \ + (local.W[(t) & 0x0F] = S(local.temp, 1)) \ ) -#define P(a,b,c,d,e,x) \ +#define P(a, b, c, d, e, x) \ do \ { \ - (e) += S((a),5) + F((b),(c),(d)) + K + (x); \ - (b) = S((b),30); \ - } while( 0 ) + (e) += S((a), 5) + F((b), (c), (d)) + K + (x); \ + (b) = S((b), 30); \ + } while (0) local.A = ctx->state[0]; local.B = ctx->state[1]; @@ -144,110 +144,110 @@ int mbedtls_internal_sha1_process( mbedtls_sha1_context *ctx, local.D = ctx->state[3]; local.E = ctx->state[4]; -#define F(x,y,z) ((z) ^ ((x) & ((y) ^ (z)))) +#define F(x, y, z) ((z) ^ ((x) & ((y) ^ (z)))) #define K 0x5A827999 - P( local.A, local.B, local.C, local.D, local.E, local.W[0] ); - P( local.E, local.A, local.B, local.C, local.D, local.W[1] ); - P( local.D, local.E, local.A, local.B, local.C, local.W[2] ); - P( local.C, local.D, local.E, local.A, local.B, local.W[3] ); - P( local.B, local.C, local.D, local.E, local.A, local.W[4] ); - P( local.A, local.B, local.C, local.D, local.E, local.W[5] ); - P( local.E, local.A, local.B, local.C, local.D, local.W[6] ); - P( local.D, local.E, local.A, local.B, local.C, local.W[7] ); - P( local.C, local.D, local.E, local.A, local.B, local.W[8] ); - P( local.B, local.C, local.D, local.E, local.A, local.W[9] ); - P( local.A, local.B, local.C, local.D, local.E, local.W[10] ); - P( local.E, local.A, local.B, local.C, local.D, local.W[11] ); - P( local.D, local.E, local.A, local.B, local.C, local.W[12] ); - P( local.C, local.D, local.E, local.A, local.B, local.W[13] ); - P( local.B, local.C, local.D, local.E, local.A, local.W[14] ); - P( local.A, local.B, local.C, local.D, local.E, local.W[15] ); - P( local.E, local.A, local.B, local.C, local.D, R(16) ); - P( local.D, local.E, local.A, local.B, local.C, R(17) ); - P( local.C, local.D, local.E, local.A, local.B, R(18) ); - P( local.B, local.C, local.D, local.E, local.A, R(19) ); + P(local.A, local.B, local.C, local.D, local.E, local.W[0]); + P(local.E, local.A, local.B, local.C, local.D, local.W[1]); + P(local.D, local.E, local.A, local.B, local.C, local.W[2]); + P(local.C, local.D, local.E, local.A, local.B, local.W[3]); + P(local.B, local.C, local.D, local.E, local.A, local.W[4]); + P(local.A, local.B, local.C, local.D, local.E, local.W[5]); + P(local.E, local.A, local.B, local.C, local.D, local.W[6]); + P(local.D, local.E, local.A, local.B, local.C, local.W[7]); + P(local.C, local.D, local.E, local.A, local.B, local.W[8]); + P(local.B, local.C, local.D, local.E, local.A, local.W[9]); + P(local.A, local.B, local.C, local.D, local.E, local.W[10]); + P(local.E, local.A, local.B, local.C, local.D, local.W[11]); + P(local.D, local.E, local.A, local.B, local.C, local.W[12]); + P(local.C, local.D, local.E, local.A, local.B, local.W[13]); + P(local.B, local.C, local.D, local.E, local.A, local.W[14]); + P(local.A, local.B, local.C, local.D, local.E, local.W[15]); + P(local.E, local.A, local.B, local.C, local.D, R(16)); + P(local.D, local.E, local.A, local.B, local.C, R(17)); + P(local.C, local.D, local.E, local.A, local.B, R(18)); + P(local.B, local.C, local.D, local.E, local.A, R(19)); #undef K #undef F -#define F(x,y,z) ((x) ^ (y) ^ (z)) +#define F(x, y, z) ((x) ^ (y) ^ (z)) #define K 0x6ED9EBA1 - P( local.A, local.B, local.C, local.D, local.E, R(20) ); - P( local.E, local.A, local.B, local.C, local.D, R(21) ); - P( local.D, local.E, local.A, local.B, local.C, R(22) ); - P( local.C, local.D, local.E, local.A, local.B, R(23) ); - P( local.B, local.C, local.D, local.E, local.A, R(24) ); - P( local.A, local.B, local.C, local.D, local.E, R(25) ); - P( local.E, local.A, local.B, local.C, local.D, R(26) ); - P( local.D, local.E, local.A, local.B, local.C, R(27) ); - P( local.C, local.D, local.E, local.A, local.B, R(28) ); - P( local.B, local.C, local.D, local.E, local.A, R(29) ); - P( local.A, local.B, local.C, local.D, local.E, R(30) ); - P( local.E, local.A, local.B, local.C, local.D, R(31) ); - P( local.D, local.E, local.A, local.B, local.C, R(32) ); - P( local.C, local.D, local.E, local.A, local.B, R(33) ); - P( local.B, local.C, local.D, local.E, local.A, R(34) ); - P( local.A, local.B, local.C, local.D, local.E, R(35) ); - P( local.E, local.A, local.B, local.C, local.D, R(36) ); - P( local.D, local.E, local.A, local.B, local.C, R(37) ); - P( local.C, local.D, local.E, local.A, local.B, R(38) ); - P( local.B, local.C, local.D, local.E, local.A, R(39) ); + P(local.A, local.B, local.C, local.D, local.E, R(20)); + P(local.E, local.A, local.B, local.C, local.D, R(21)); + P(local.D, local.E, local.A, local.B, local.C, R(22)); + P(local.C, local.D, local.E, local.A, local.B, R(23)); + P(local.B, local.C, local.D, local.E, local.A, R(24)); + P(local.A, local.B, local.C, local.D, local.E, R(25)); + P(local.E, local.A, local.B, local.C, local.D, R(26)); + P(local.D, local.E, local.A, local.B, local.C, R(27)); + P(local.C, local.D, local.E, local.A, local.B, R(28)); + P(local.B, local.C, local.D, local.E, local.A, R(29)); + P(local.A, local.B, local.C, local.D, local.E, R(30)); + P(local.E, local.A, local.B, local.C, local.D, R(31)); + P(local.D, local.E, local.A, local.B, local.C, R(32)); + P(local.C, local.D, local.E, local.A, local.B, R(33)); + P(local.B, local.C, local.D, local.E, local.A, R(34)); + P(local.A, local.B, local.C, local.D, local.E, R(35)); + P(local.E, local.A, local.B, local.C, local.D, R(36)); + P(local.D, local.E, local.A, local.B, local.C, R(37)); + P(local.C, local.D, local.E, local.A, local.B, R(38)); + P(local.B, local.C, local.D, local.E, local.A, R(39)); #undef K #undef F -#define F(x,y,z) (((x) & (y)) | ((z) & ((x) | (y)))) +#define F(x, y, z) (((x) & (y)) | ((z) & ((x) | (y)))) #define K 0x8F1BBCDC - P( local.A, local.B, local.C, local.D, local.E, R(40) ); - P( local.E, local.A, local.B, local.C, local.D, R(41) ); - P( local.D, local.E, local.A, local.B, local.C, R(42) ); - P( local.C, local.D, local.E, local.A, local.B, R(43) ); - P( local.B, local.C, local.D, local.E, local.A, R(44) ); - P( local.A, local.B, local.C, local.D, local.E, R(45) ); - P( local.E, local.A, local.B, local.C, local.D, R(46) ); - P( local.D, local.E, local.A, local.B, local.C, R(47) ); - P( local.C, local.D, local.E, local.A, local.B, R(48) ); - P( local.B, local.C, local.D, local.E, local.A, R(49) ); - P( local.A, local.B, local.C, local.D, local.E, R(50) ); - P( local.E, local.A, local.B, local.C, local.D, R(51) ); - P( local.D, local.E, local.A, local.B, local.C, R(52) ); - P( local.C, local.D, local.E, local.A, local.B, R(53) ); - P( local.B, local.C, local.D, local.E, local.A, R(54) ); - P( local.A, local.B, local.C, local.D, local.E, R(55) ); - P( local.E, local.A, local.B, local.C, local.D, R(56) ); - P( local.D, local.E, local.A, local.B, local.C, R(57) ); - P( local.C, local.D, local.E, local.A, local.B, R(58) ); - P( local.B, local.C, local.D, local.E, local.A, R(59) ); + P(local.A, local.B, local.C, local.D, local.E, R(40)); + P(local.E, local.A, local.B, local.C, local.D, R(41)); + P(local.D, local.E, local.A, local.B, local.C, R(42)); + P(local.C, local.D, local.E, local.A, local.B, R(43)); + P(local.B, local.C, local.D, local.E, local.A, R(44)); + P(local.A, local.B, local.C, local.D, local.E, R(45)); + P(local.E, local.A, local.B, local.C, local.D, R(46)); + P(local.D, local.E, local.A, local.B, local.C, R(47)); + P(local.C, local.D, local.E, local.A, local.B, R(48)); + P(local.B, local.C, local.D, local.E, local.A, R(49)); + P(local.A, local.B, local.C, local.D, local.E, R(50)); + P(local.E, local.A, local.B, local.C, local.D, R(51)); + P(local.D, local.E, local.A, local.B, local.C, R(52)); + P(local.C, local.D, local.E, local.A, local.B, R(53)); + P(local.B, local.C, local.D, local.E, local.A, R(54)); + P(local.A, local.B, local.C, local.D, local.E, R(55)); + P(local.E, local.A, local.B, local.C, local.D, R(56)); + P(local.D, local.E, local.A, local.B, local.C, R(57)); + P(local.C, local.D, local.E, local.A, local.B, R(58)); + P(local.B, local.C, local.D, local.E, local.A, R(59)); #undef K #undef F -#define F(x,y,z) ((x) ^ (y) ^ (z)) +#define F(x, y, z) ((x) ^ (y) ^ (z)) #define K 0xCA62C1D6 - P( local.A, local.B, local.C, local.D, local.E, R(60) ); - P( local.E, local.A, local.B, local.C, local.D, R(61) ); - P( local.D, local.E, local.A, local.B, local.C, R(62) ); - P( local.C, local.D, local.E, local.A, local.B, R(63) ); - P( local.B, local.C, local.D, local.E, local.A, R(64) ); - P( local.A, local.B, local.C, local.D, local.E, R(65) ); - P( local.E, local.A, local.B, local.C, local.D, R(66) ); - P( local.D, local.E, local.A, local.B, local.C, R(67) ); - P( local.C, local.D, local.E, local.A, local.B, R(68) ); - P( local.B, local.C, local.D, local.E, local.A, R(69) ); - P( local.A, local.B, local.C, local.D, local.E, R(70) ); - P( local.E, local.A, local.B, local.C, local.D, R(71) ); - P( local.D, local.E, local.A, local.B, local.C, R(72) ); - P( local.C, local.D, local.E, local.A, local.B, R(73) ); - P( local.B, local.C, local.D, local.E, local.A, R(74) ); - P( local.A, local.B, local.C, local.D, local.E, R(75) ); - P( local.E, local.A, local.B, local.C, local.D, R(76) ); - P( local.D, local.E, local.A, local.B, local.C, R(77) ); - P( local.C, local.D, local.E, local.A, local.B, R(78) ); - P( local.B, local.C, local.D, local.E, local.A, R(79) ); + P(local.A, local.B, local.C, local.D, local.E, R(60)); + P(local.E, local.A, local.B, local.C, local.D, R(61)); + P(local.D, local.E, local.A, local.B, local.C, R(62)); + P(local.C, local.D, local.E, local.A, local.B, R(63)); + P(local.B, local.C, local.D, local.E, local.A, R(64)); + P(local.A, local.B, local.C, local.D, local.E, R(65)); + P(local.E, local.A, local.B, local.C, local.D, R(66)); + P(local.D, local.E, local.A, local.B, local.C, R(67)); + P(local.C, local.D, local.E, local.A, local.B, R(68)); + P(local.B, local.C, local.D, local.E, local.A, R(69)); + P(local.A, local.B, local.C, local.D, local.E, R(70)); + P(local.E, local.A, local.B, local.C, local.D, R(71)); + P(local.D, local.E, local.A, local.B, local.C, R(72)); + P(local.C, local.D, local.E, local.A, local.B, R(73)); + P(local.B, local.C, local.D, local.E, local.A, R(74)); + P(local.A, local.B, local.C, local.D, local.E, R(75)); + P(local.E, local.A, local.B, local.C, local.D, R(76)); + P(local.D, local.E, local.A, local.B, local.C, R(77)); + P(local.C, local.D, local.E, local.A, local.B, R(78)); + P(local.B, local.C, local.D, local.E, local.A, R(79)); #undef K #undef F @@ -259,16 +259,16 @@ int mbedtls_internal_sha1_process( mbedtls_sha1_context *ctx, ctx->state[4] += local.E; /* Zeroise buffers and variables to clear sensitive data from memory. */ - mbedtls_platform_zeroize( &local, sizeof( local ) ); + mbedtls_platform_zeroize(&local, sizeof(local)); - return( 0 ); + return 0; } #if !defined(MBEDTLS_DEPRECATED_REMOVED) -void mbedtls_sha1_process( mbedtls_sha1_context *ctx, - const unsigned char data[64] ) +void mbedtls_sha1_process(mbedtls_sha1_context *ctx, + const unsigned char data[64]) { - mbedtls_internal_sha1_process( ctx, data ); + mbedtls_internal_sha1_process(ctx, data); } #endif #endif /* !MBEDTLS_SHA1_PROCESS_ALT */ @@ -276,19 +276,20 @@ void mbedtls_sha1_process( mbedtls_sha1_context *ctx, /* * SHA-1 process buffer */ -int mbedtls_sha1_update_ret( mbedtls_sha1_context *ctx, - const unsigned char *input, - size_t ilen ) +int mbedtls_sha1_update_ret(mbedtls_sha1_context *ctx, + const unsigned char *input, + size_t ilen) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t fill; uint32_t left; - SHA1_VALIDATE_RET( ctx != NULL ); - SHA1_VALIDATE_RET( ilen == 0 || input != NULL ); + SHA1_VALIDATE_RET(ctx != NULL); + SHA1_VALIDATE_RET(ilen == 0 || input != NULL); - if( ilen == 0 ) - return( 0 ); + if (ilen == 0) { + return 0; + } left = ctx->total[0] & 0x3F; fill = 64 - left; @@ -296,57 +297,59 @@ int mbedtls_sha1_update_ret( mbedtls_sha1_context *ctx, ctx->total[0] += (uint32_t) ilen; ctx->total[0] &= 0xFFFFFFFF; - if( ctx->total[0] < (uint32_t) ilen ) + if (ctx->total[0] < (uint32_t) ilen) { ctx->total[1]++; + } - if( left && ilen >= fill ) - { - memcpy( (void *) (ctx->buffer + left), input, fill ); + if (left && ilen >= fill) { + memcpy((void *) (ctx->buffer + left), input, fill); - if( ( ret = mbedtls_internal_sha1_process( ctx, ctx->buffer ) ) != 0 ) - return( ret ); + if ((ret = mbedtls_internal_sha1_process(ctx, ctx->buffer)) != 0) { + return ret; + } input += fill; ilen -= fill; left = 0; } - while( ilen >= 64 ) - { - if( ( ret = mbedtls_internal_sha1_process( ctx, input ) ) != 0 ) - return( ret ); + while (ilen >= 64) { + if ((ret = mbedtls_internal_sha1_process(ctx, input)) != 0) { + return ret; + } input += 64; ilen -= 64; } - if( ilen > 0 ) - memcpy( (void *) (ctx->buffer + left), input, ilen ); + if (ilen > 0) { + memcpy((void *) (ctx->buffer + left), input, ilen); + } - return( 0 ); + return 0; } #if !defined(MBEDTLS_DEPRECATED_REMOVED) -void mbedtls_sha1_update( mbedtls_sha1_context *ctx, - const unsigned char *input, - size_t ilen ) +void mbedtls_sha1_update(mbedtls_sha1_context *ctx, + const unsigned char *input, + size_t ilen) { - mbedtls_sha1_update_ret( ctx, input, ilen ); + mbedtls_sha1_update_ret(ctx, input, ilen); } #endif /* * SHA-1 final digest */ -int mbedtls_sha1_finish_ret( mbedtls_sha1_context *ctx, - unsigned char output[20] ) +int mbedtls_sha1_finish_ret(mbedtls_sha1_context *ctx, + unsigned char output[20]) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; uint32_t used; uint32_t high, low; - SHA1_VALIDATE_RET( ctx != NULL ); - SHA1_VALIDATE_RET( (unsigned char *)output != NULL ); + SHA1_VALIDATE_RET(ctx != NULL); + SHA1_VALIDATE_RET((unsigned char *) output != NULL); /* * Add padding: 0x80 then 0x00 until 8 bytes remain for the length @@ -355,52 +358,51 @@ int mbedtls_sha1_finish_ret( mbedtls_sha1_context *ctx, ctx->buffer[used++] = 0x80; - if( used <= 56 ) - { + if (used <= 56) { /* Enough room for padding + length in current block */ - memset( ctx->buffer + used, 0, 56 - used ); - } - else - { + memset(ctx->buffer + used, 0, 56 - used); + } else { /* We'll need an extra block */ - memset( ctx->buffer + used, 0, 64 - used ); + memset(ctx->buffer + used, 0, 64 - used); - if( ( ret = mbedtls_internal_sha1_process( ctx, ctx->buffer ) ) != 0 ) - return( ret ); + if ((ret = mbedtls_internal_sha1_process(ctx, ctx->buffer)) != 0) { + return ret; + } - memset( ctx->buffer, 0, 56 ); + memset(ctx->buffer, 0, 56); } /* * Add message length */ - high = ( ctx->total[0] >> 29 ) - | ( ctx->total[1] << 3 ); - low = ( ctx->total[0] << 3 ); + high = (ctx->total[0] >> 29) + | (ctx->total[1] << 3); + low = (ctx->total[0] << 3); - MBEDTLS_PUT_UINT32_BE( high, ctx->buffer, 56 ); - MBEDTLS_PUT_UINT32_BE( low, ctx->buffer, 60 ); + MBEDTLS_PUT_UINT32_BE(high, ctx->buffer, 56); + MBEDTLS_PUT_UINT32_BE(low, ctx->buffer, 60); - if( ( ret = mbedtls_internal_sha1_process( ctx, ctx->buffer ) ) != 0 ) - return( ret ); + if ((ret = mbedtls_internal_sha1_process(ctx, ctx->buffer)) != 0) { + return ret; + } /* * Output final state */ - MBEDTLS_PUT_UINT32_BE( ctx->state[0], output, 0 ); - MBEDTLS_PUT_UINT32_BE( ctx->state[1], output, 4 ); - MBEDTLS_PUT_UINT32_BE( ctx->state[2], output, 8 ); - MBEDTLS_PUT_UINT32_BE( ctx->state[3], output, 12 ); - MBEDTLS_PUT_UINT32_BE( ctx->state[4], output, 16 ); + MBEDTLS_PUT_UINT32_BE(ctx->state[0], output, 0); + MBEDTLS_PUT_UINT32_BE(ctx->state[1], output, 4); + MBEDTLS_PUT_UINT32_BE(ctx->state[2], output, 8); + MBEDTLS_PUT_UINT32_BE(ctx->state[3], output, 12); + MBEDTLS_PUT_UINT32_BE(ctx->state[4], output, 16); - return( 0 ); + return 0; } #if !defined(MBEDTLS_DEPRECATED_REMOVED) -void mbedtls_sha1_finish( mbedtls_sha1_context *ctx, - unsigned char output[20] ) +void mbedtls_sha1_finish(mbedtls_sha1_context *ctx, + unsigned char output[20]) { - mbedtls_sha1_finish_ret( ctx, output ); + mbedtls_sha1_finish_ret(ctx, output); } #endif @@ -409,39 +411,42 @@ void mbedtls_sha1_finish( mbedtls_sha1_context *ctx, /* * output = SHA-1( input buffer ) */ -int mbedtls_sha1_ret( const unsigned char *input, - size_t ilen, - unsigned char output[20] ) +int mbedtls_sha1_ret(const unsigned char *input, + size_t ilen, + unsigned char output[20]) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_sha1_context ctx; - SHA1_VALIDATE_RET( ilen == 0 || input != NULL ); - SHA1_VALIDATE_RET( (unsigned char *)output != NULL ); + SHA1_VALIDATE_RET(ilen == 0 || input != NULL); + SHA1_VALIDATE_RET((unsigned char *) output != NULL); - mbedtls_sha1_init( &ctx ); + mbedtls_sha1_init(&ctx); - if( ( ret = mbedtls_sha1_starts_ret( &ctx ) ) != 0 ) + if ((ret = mbedtls_sha1_starts_ret(&ctx)) != 0) { goto exit; + } - if( ( ret = mbedtls_sha1_update_ret( &ctx, input, ilen ) ) != 0 ) + if ((ret = mbedtls_sha1_update_ret(&ctx, input, ilen)) != 0) { goto exit; + } - if( ( ret = mbedtls_sha1_finish_ret( &ctx, output ) ) != 0 ) + if ((ret = mbedtls_sha1_finish_ret(&ctx, output)) != 0) { goto exit; + } exit: - mbedtls_sha1_free( &ctx ); + mbedtls_sha1_free(&ctx); - return( ret ); + return ret; } #if !defined(MBEDTLS_DEPRECATED_REMOVED) -void mbedtls_sha1( const unsigned char *input, - size_t ilen, - unsigned char output[20] ) +void mbedtls_sha1(const unsigned char *input, + size_t ilen, + unsigned char output[20]) { - mbedtls_sha1_ret( input, ilen, output ); + mbedtls_sha1_ret(input, ilen, output); } #endif @@ -474,71 +479,73 @@ static const unsigned char sha1_test_sum[3][20] = /* * Checkup routine */ -int mbedtls_sha1_self_test( int verbose ) +int mbedtls_sha1_self_test(int verbose) { int i, j, buflen, ret = 0; unsigned char buf[1024]; unsigned char sha1sum[20]; mbedtls_sha1_context ctx; - mbedtls_sha1_init( &ctx ); + mbedtls_sha1_init(&ctx); /* * SHA-1 */ - for( i = 0; i < 3; i++ ) - { - if( verbose != 0 ) - mbedtls_printf( " SHA-1 test #%d: ", i + 1 ); + for (i = 0; i < 3; i++) { + if (verbose != 0) { + mbedtls_printf(" SHA-1 test #%d: ", i + 1); + } - if( ( ret = mbedtls_sha1_starts_ret( &ctx ) ) != 0 ) + if ((ret = mbedtls_sha1_starts_ret(&ctx)) != 0) { goto fail; + } - if( i == 2 ) - { - memset( buf, 'a', buflen = 1000 ); + if (i == 2) { + memset(buf, 'a', buflen = 1000); - for( j = 0; j < 1000; j++ ) - { - ret = mbedtls_sha1_update_ret( &ctx, buf, buflen ); - if( ret != 0 ) + for (j = 0; j < 1000; j++) { + ret = mbedtls_sha1_update_ret(&ctx, buf, buflen); + if (ret != 0) { goto fail; + } } - } - else - { - ret = mbedtls_sha1_update_ret( &ctx, sha1_test_buf[i], - sha1_test_buflen[i] ); - if( ret != 0 ) + } else { + ret = mbedtls_sha1_update_ret(&ctx, sha1_test_buf[i], + sha1_test_buflen[i]); + if (ret != 0) { goto fail; + } } - if( ( ret = mbedtls_sha1_finish_ret( &ctx, sha1sum ) ) != 0 ) + if ((ret = mbedtls_sha1_finish_ret(&ctx, sha1sum)) != 0) { goto fail; + } - if( memcmp( sha1sum, sha1_test_sum[i], 20 ) != 0 ) - { + if (memcmp(sha1sum, sha1_test_sum[i], 20) != 0) { ret = 1; goto fail; } - if( verbose != 0 ) - mbedtls_printf( "passed\n" ); + if (verbose != 0) { + mbedtls_printf("passed\n"); + } } - if( verbose != 0 ) - mbedtls_printf( "\n" ); + if (verbose != 0) { + mbedtls_printf("\n"); + } goto exit; fail: - if( verbose != 0 ) - mbedtls_printf( "failed\n" ); + if (verbose != 0) { + mbedtls_printf("failed\n"); + } exit: - mbedtls_sha1_free( &ctx ); + mbedtls_sha1_free(&ctx); - return( ret ); + return ret; } #endif /* MBEDTLS_SELF_TEST */ diff --git a/thirdparty/mbedtls/library/sha256.c b/thirdparty/mbedtls/library/sha256.c index 6f1306ee66..f7090396d2 100644 --- a/thirdparty/mbedtls/library/sha256.c +++ b/thirdparty/mbedtls/library/sha256.c @@ -35,31 +35,32 @@ #include "mbedtls/platform.h" #define SHA256_VALIDATE_RET(cond) \ - MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_SHA256_BAD_INPUT_DATA ) -#define SHA256_VALIDATE(cond) MBEDTLS_INTERNAL_VALIDATE( cond ) + MBEDTLS_INTERNAL_VALIDATE_RET(cond, MBEDTLS_ERR_SHA256_BAD_INPUT_DATA) +#define SHA256_VALIDATE(cond) MBEDTLS_INTERNAL_VALIDATE(cond) #if !defined(MBEDTLS_SHA256_ALT) -void mbedtls_sha256_init( mbedtls_sha256_context *ctx ) +void mbedtls_sha256_init(mbedtls_sha256_context *ctx) { - SHA256_VALIDATE( ctx != NULL ); + SHA256_VALIDATE(ctx != NULL); - memset( ctx, 0, sizeof( mbedtls_sha256_context ) ); + memset(ctx, 0, sizeof(mbedtls_sha256_context)); } -void mbedtls_sha256_free( mbedtls_sha256_context *ctx ) +void mbedtls_sha256_free(mbedtls_sha256_context *ctx) { - if( ctx == NULL ) + if (ctx == NULL) { return; + } - mbedtls_platform_zeroize( ctx, sizeof( mbedtls_sha256_context ) ); + mbedtls_platform_zeroize(ctx, sizeof(mbedtls_sha256_context)); } -void mbedtls_sha256_clone( mbedtls_sha256_context *dst, - const mbedtls_sha256_context *src ) +void mbedtls_sha256_clone(mbedtls_sha256_context *dst, + const mbedtls_sha256_context *src) { - SHA256_VALIDATE( dst != NULL ); - SHA256_VALIDATE( src != NULL ); + SHA256_VALIDATE(dst != NULL); + SHA256_VALIDATE(src != NULL); *dst = *src; } @@ -67,16 +68,15 @@ void mbedtls_sha256_clone( mbedtls_sha256_context *dst, /* * SHA-256 context setup */ -int mbedtls_sha256_starts_ret( mbedtls_sha256_context *ctx, int is224 ) +int mbedtls_sha256_starts_ret(mbedtls_sha256_context *ctx, int is224) { - SHA256_VALIDATE_RET( ctx != NULL ); - SHA256_VALIDATE_RET( is224 == 0 || is224 == 1 ); + SHA256_VALIDATE_RET(ctx != NULL); + SHA256_VALIDATE_RET(is224 == 0 || is224 == 1); ctx->total[0] = 0; ctx->total[1] = 0; - if( is224 == 0 ) - { + if (is224 == 0) { /* SHA-256 */ ctx->state[0] = 0x6A09E667; ctx->state[1] = 0xBB67AE85; @@ -86,9 +86,7 @@ int mbedtls_sha256_starts_ret( mbedtls_sha256_context *ctx, int is224 ) ctx->state[5] = 0x9B05688C; ctx->state[6] = 0x1F83D9AB; ctx->state[7] = 0x5BE0CD19; - } - else - { + } else { /* SHA-224 */ ctx->state[0] = 0xC1059ED8; ctx->state[1] = 0x367CD507; @@ -102,14 +100,14 @@ int mbedtls_sha256_starts_ret( mbedtls_sha256_context *ctx, int is224 ) ctx->is224 = is224; - return( 0 ); + return 0; } #if !defined(MBEDTLS_DEPRECATED_REMOVED) -void mbedtls_sha256_starts( mbedtls_sha256_context *ctx, - int is224 ) +void mbedtls_sha256_starts(mbedtls_sha256_context *ctx, + int is224) { - mbedtls_sha256_starts_ret( ctx, is224 ); + mbedtls_sha256_starts_ret(ctx, is224); } #endif @@ -134,17 +132,17 @@ static const uint32_t K[] = 0x90BEFFFA, 0xA4506CEB, 0xBEF9A3F7, 0xC67178F2, }; -#define SHR(x,n) (((x) & 0xFFFFFFFF) >> (n)) -#define ROTR(x,n) (SHR(x,n) | ((x) << (32 - (n)))) +#define SHR(x, n) (((x) & 0xFFFFFFFF) >> (n)) +#define ROTR(x, n) (SHR(x, n) | ((x) << (32 - (n)))) -#define S0(x) (ROTR(x, 7) ^ ROTR(x,18) ^ SHR(x, 3)) -#define S1(x) (ROTR(x,17) ^ ROTR(x,19) ^ SHR(x,10)) +#define S0(x) (ROTR(x, 7) ^ ROTR(x, 18) ^ SHR(x, 3)) +#define S1(x) (ROTR(x, 17) ^ ROTR(x, 19) ^ SHR(x, 10)) -#define S2(x) (ROTR(x, 2) ^ ROTR(x,13) ^ ROTR(x,22)) -#define S3(x) (ROTR(x, 6) ^ ROTR(x,11) ^ ROTR(x,25)) +#define S2(x) (ROTR(x, 2) ^ ROTR(x, 13) ^ ROTR(x, 22)) +#define S3(x) (ROTR(x, 6) ^ ROTR(x, 11) ^ ROTR(x, 25)) -#define F0(x,y,z) (((x) & (y)) | ((z) & ((x) | (y)))) -#define F1(x,y,z) ((z) ^ ((x) & ((y) ^ (z)))) +#define F0(x, y, z) (((x) & (y)) | ((z) & ((x) | (y)))) +#define F1(x, y, z) ((z) ^ ((x) & ((y) ^ (z)))) #define R(t) \ ( \ @@ -152,41 +150,41 @@ static const uint32_t K[] = S0(local.W[(t) - 15]) + local.W[(t) - 16] \ ) -#define P(a,b,c,d,e,f,g,h,x,K) \ +#define P(a, b, c, d, e, f, g, h, x, K) \ do \ { \ - local.temp1 = (h) + S3(e) + F1((e),(f),(g)) + (K) + (x); \ - local.temp2 = S2(a) + F0((a),(b),(c)); \ + local.temp1 = (h) + S3(e) + F1((e), (f), (g)) + (K) + (x); \ + local.temp2 = S2(a) + F0((a), (b), (c)); \ (d) += local.temp1; (h) = local.temp1 + local.temp2; \ - } while( 0 ) + } while (0) -int mbedtls_internal_sha256_process( mbedtls_sha256_context *ctx, - const unsigned char data[64] ) +int mbedtls_internal_sha256_process(mbedtls_sha256_context *ctx, + const unsigned char data[64]) { - struct - { + struct { uint32_t temp1, temp2, W[64]; uint32_t A[8]; } local; unsigned int i; - SHA256_VALIDATE_RET( ctx != NULL ); - SHA256_VALIDATE_RET( (const unsigned char *)data != NULL ); + SHA256_VALIDATE_RET(ctx != NULL); + SHA256_VALIDATE_RET((const unsigned char *) data != NULL); - for( i = 0; i < 8; i++ ) + for (i = 0; i < 8; i++) { local.A[i] = ctx->state[i]; + } #if defined(MBEDTLS_SHA256_SMALLER) - for( i = 0; i < 64; i++ ) - { - if( i < 16 ) - local.W[i] = MBEDTLS_GET_UINT32_BE( data, 4 * i ); - else - R( i ); + for (i = 0; i < 64; i++) { + if (i < 16) { + local.W[i] = MBEDTLS_GET_UINT32_BE(data, 4 * i); + } else { + R(i); + } - P( local.A[0], local.A[1], local.A[2], local.A[3], local.A[4], - local.A[5], local.A[6], local.A[7], local.W[i], K[i] ); + P(local.A[0], local.A[1], local.A[2], local.A[3], local.A[4], + local.A[5], local.A[6], local.A[7], local.W[i], K[i]); local.temp1 = local.A[7]; local.A[7] = local.A[6]; local.A[6] = local.A[5]; local.A[5] = local.A[4]; @@ -195,64 +193,64 @@ int mbedtls_internal_sha256_process( mbedtls_sha256_context *ctx, local.A[0] = local.temp1; } #else /* MBEDTLS_SHA256_SMALLER */ - for( i = 0; i < 16; i++ ) - local.W[i] = MBEDTLS_GET_UINT32_BE( data, 4 * i ); - - for( i = 0; i < 16; i += 8 ) - { - P( local.A[0], local.A[1], local.A[2], local.A[3], local.A[4], - local.A[5], local.A[6], local.A[7], local.W[i+0], K[i+0] ); - P( local.A[7], local.A[0], local.A[1], local.A[2], local.A[3], - local.A[4], local.A[5], local.A[6], local.W[i+1], K[i+1] ); - P( local.A[6], local.A[7], local.A[0], local.A[1], local.A[2], - local.A[3], local.A[4], local.A[5], local.W[i+2], K[i+2] ); - P( local.A[5], local.A[6], local.A[7], local.A[0], local.A[1], - local.A[2], local.A[3], local.A[4], local.W[i+3], K[i+3] ); - P( local.A[4], local.A[5], local.A[6], local.A[7], local.A[0], - local.A[1], local.A[2], local.A[3], local.W[i+4], K[i+4] ); - P( local.A[3], local.A[4], local.A[5], local.A[6], local.A[7], - local.A[0], local.A[1], local.A[2], local.W[i+5], K[i+5] ); - P( local.A[2], local.A[3], local.A[4], local.A[5], local.A[6], - local.A[7], local.A[0], local.A[1], local.W[i+6], K[i+6] ); - P( local.A[1], local.A[2], local.A[3], local.A[4], local.A[5], - local.A[6], local.A[7], local.A[0], local.W[i+7], K[i+7] ); + for (i = 0; i < 16; i++) { + local.W[i] = MBEDTLS_GET_UINT32_BE(data, 4 * i); } - for( i = 16; i < 64; i += 8 ) - { - P( local.A[0], local.A[1], local.A[2], local.A[3], local.A[4], - local.A[5], local.A[6], local.A[7], R(i+0), K[i+0] ); - P( local.A[7], local.A[0], local.A[1], local.A[2], local.A[3], - local.A[4], local.A[5], local.A[6], R(i+1), K[i+1] ); - P( local.A[6], local.A[7], local.A[0], local.A[1], local.A[2], - local.A[3], local.A[4], local.A[5], R(i+2), K[i+2] ); - P( local.A[5], local.A[6], local.A[7], local.A[0], local.A[1], - local.A[2], local.A[3], local.A[4], R(i+3), K[i+3] ); - P( local.A[4], local.A[5], local.A[6], local.A[7], local.A[0], - local.A[1], local.A[2], local.A[3], R(i+4), K[i+4] ); - P( local.A[3], local.A[4], local.A[5], local.A[6], local.A[7], - local.A[0], local.A[1], local.A[2], R(i+5), K[i+5] ); - P( local.A[2], local.A[3], local.A[4], local.A[5], local.A[6], - local.A[7], local.A[0], local.A[1], R(i+6), K[i+6] ); - P( local.A[1], local.A[2], local.A[3], local.A[4], local.A[5], - local.A[6], local.A[7], local.A[0], R(i+7), K[i+7] ); + for (i = 0; i < 16; i += 8) { + P(local.A[0], local.A[1], local.A[2], local.A[3], local.A[4], + local.A[5], local.A[6], local.A[7], local.W[i+0], K[i+0]); + P(local.A[7], local.A[0], local.A[1], local.A[2], local.A[3], + local.A[4], local.A[5], local.A[6], local.W[i+1], K[i+1]); + P(local.A[6], local.A[7], local.A[0], local.A[1], local.A[2], + local.A[3], local.A[4], local.A[5], local.W[i+2], K[i+2]); + P(local.A[5], local.A[6], local.A[7], local.A[0], local.A[1], + local.A[2], local.A[3], local.A[4], local.W[i+3], K[i+3]); + P(local.A[4], local.A[5], local.A[6], local.A[7], local.A[0], + local.A[1], local.A[2], local.A[3], local.W[i+4], K[i+4]); + P(local.A[3], local.A[4], local.A[5], local.A[6], local.A[7], + local.A[0], local.A[1], local.A[2], local.W[i+5], K[i+5]); + P(local.A[2], local.A[3], local.A[4], local.A[5], local.A[6], + local.A[7], local.A[0], local.A[1], local.W[i+6], K[i+6]); + P(local.A[1], local.A[2], local.A[3], local.A[4], local.A[5], + local.A[6], local.A[7], local.A[0], local.W[i+7], K[i+7]); + } + + for (i = 16; i < 64; i += 8) { + P(local.A[0], local.A[1], local.A[2], local.A[3], local.A[4], + local.A[5], local.A[6], local.A[7], R(i+0), K[i+0]); + P(local.A[7], local.A[0], local.A[1], local.A[2], local.A[3], + local.A[4], local.A[5], local.A[6], R(i+1), K[i+1]); + P(local.A[6], local.A[7], local.A[0], local.A[1], local.A[2], + local.A[3], local.A[4], local.A[5], R(i+2), K[i+2]); + P(local.A[5], local.A[6], local.A[7], local.A[0], local.A[1], + local.A[2], local.A[3], local.A[4], R(i+3), K[i+3]); + P(local.A[4], local.A[5], local.A[6], local.A[7], local.A[0], + local.A[1], local.A[2], local.A[3], R(i+4), K[i+4]); + P(local.A[3], local.A[4], local.A[5], local.A[6], local.A[7], + local.A[0], local.A[1], local.A[2], R(i+5), K[i+5]); + P(local.A[2], local.A[3], local.A[4], local.A[5], local.A[6], + local.A[7], local.A[0], local.A[1], R(i+6), K[i+6]); + P(local.A[1], local.A[2], local.A[3], local.A[4], local.A[5], + local.A[6], local.A[7], local.A[0], R(i+7), K[i+7]); } #endif /* MBEDTLS_SHA256_SMALLER */ - for( i = 0; i < 8; i++ ) + for (i = 0; i < 8; i++) { ctx->state[i] += local.A[i]; + } /* Zeroise buffers and variables to clear sensitive data from memory. */ - mbedtls_platform_zeroize( &local, sizeof( local ) ); + mbedtls_platform_zeroize(&local, sizeof(local)); - return( 0 ); + return 0; } #if !defined(MBEDTLS_DEPRECATED_REMOVED) -void mbedtls_sha256_process( mbedtls_sha256_context *ctx, - const unsigned char data[64] ) +void mbedtls_sha256_process(mbedtls_sha256_context *ctx, + const unsigned char data[64]) { - mbedtls_internal_sha256_process( ctx, data ); + mbedtls_internal_sha256_process(ctx, data); } #endif #endif /* !MBEDTLS_SHA256_PROCESS_ALT */ @@ -260,19 +258,20 @@ void mbedtls_sha256_process( mbedtls_sha256_context *ctx, /* * SHA-256 process buffer */ -int mbedtls_sha256_update_ret( mbedtls_sha256_context *ctx, - const unsigned char *input, - size_t ilen ) +int mbedtls_sha256_update_ret(mbedtls_sha256_context *ctx, + const unsigned char *input, + size_t ilen) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t fill; uint32_t left; - SHA256_VALIDATE_RET( ctx != NULL ); - SHA256_VALIDATE_RET( ilen == 0 || input != NULL ); + SHA256_VALIDATE_RET(ctx != NULL); + SHA256_VALIDATE_RET(ilen == 0 || input != NULL); - if( ilen == 0 ) - return( 0 ); + if (ilen == 0) { + return 0; + } left = ctx->total[0] & 0x3F; fill = 64 - left; @@ -280,57 +279,59 @@ int mbedtls_sha256_update_ret( mbedtls_sha256_context *ctx, ctx->total[0] += (uint32_t) ilen; ctx->total[0] &= 0xFFFFFFFF; - if( ctx->total[0] < (uint32_t) ilen ) + if (ctx->total[0] < (uint32_t) ilen) { ctx->total[1]++; + } - if( left && ilen >= fill ) - { - memcpy( (void *) (ctx->buffer + left), input, fill ); + if (left && ilen >= fill) { + memcpy((void *) (ctx->buffer + left), input, fill); - if( ( ret = mbedtls_internal_sha256_process( ctx, ctx->buffer ) ) != 0 ) - return( ret ); + if ((ret = mbedtls_internal_sha256_process(ctx, ctx->buffer)) != 0) { + return ret; + } input += fill; ilen -= fill; left = 0; } - while( ilen >= 64 ) - { - if( ( ret = mbedtls_internal_sha256_process( ctx, input ) ) != 0 ) - return( ret ); + while (ilen >= 64) { + if ((ret = mbedtls_internal_sha256_process(ctx, input)) != 0) { + return ret; + } input += 64; ilen -= 64; } - if( ilen > 0 ) - memcpy( (void *) (ctx->buffer + left), input, ilen ); + if (ilen > 0) { + memcpy((void *) (ctx->buffer + left), input, ilen); + } - return( 0 ); + return 0; } #if !defined(MBEDTLS_DEPRECATED_REMOVED) -void mbedtls_sha256_update( mbedtls_sha256_context *ctx, - const unsigned char *input, - size_t ilen ) +void mbedtls_sha256_update(mbedtls_sha256_context *ctx, + const unsigned char *input, + size_t ilen) { - mbedtls_sha256_update_ret( ctx, input, ilen ); + mbedtls_sha256_update_ret(ctx, input, ilen); } #endif /* * SHA-256 final digest */ -int mbedtls_sha256_finish_ret( mbedtls_sha256_context *ctx, - unsigned char output[32] ) +int mbedtls_sha256_finish_ret(mbedtls_sha256_context *ctx, + unsigned char output[32]) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; uint32_t used; uint32_t high, low; - SHA256_VALIDATE_RET( ctx != NULL ); - SHA256_VALIDATE_RET( (unsigned char *)output != NULL ); + SHA256_VALIDATE_RET(ctx != NULL); + SHA256_VALIDATE_RET((unsigned char *) output != NULL); /* * Add padding: 0x80 then 0x00 until 8 bytes remain for the length @@ -339,57 +340,57 @@ int mbedtls_sha256_finish_ret( mbedtls_sha256_context *ctx, ctx->buffer[used++] = 0x80; - if( used <= 56 ) - { + if (used <= 56) { /* Enough room for padding + length in current block */ - memset( ctx->buffer + used, 0, 56 - used ); - } - else - { + memset(ctx->buffer + used, 0, 56 - used); + } else { /* We'll need an extra block */ - memset( ctx->buffer + used, 0, 64 - used ); + memset(ctx->buffer + used, 0, 64 - used); - if( ( ret = mbedtls_internal_sha256_process( ctx, ctx->buffer ) ) != 0 ) - return( ret ); + if ((ret = mbedtls_internal_sha256_process(ctx, ctx->buffer)) != 0) { + return ret; + } - memset( ctx->buffer, 0, 56 ); + memset(ctx->buffer, 0, 56); } /* * Add message length */ - high = ( ctx->total[0] >> 29 ) - | ( ctx->total[1] << 3 ); - low = ( ctx->total[0] << 3 ); + high = (ctx->total[0] >> 29) + | (ctx->total[1] << 3); + low = (ctx->total[0] << 3); - MBEDTLS_PUT_UINT32_BE( high, ctx->buffer, 56 ); - MBEDTLS_PUT_UINT32_BE( low, ctx->buffer, 60 ); + MBEDTLS_PUT_UINT32_BE(high, ctx->buffer, 56); + MBEDTLS_PUT_UINT32_BE(low, ctx->buffer, 60); - if( ( ret = mbedtls_internal_sha256_process( ctx, ctx->buffer ) ) != 0 ) - return( ret ); + if ((ret = mbedtls_internal_sha256_process(ctx, ctx->buffer)) != 0) { + return ret; + } /* * Output final state */ - MBEDTLS_PUT_UINT32_BE( ctx->state[0], output, 0 ); - MBEDTLS_PUT_UINT32_BE( ctx->state[1], output, 4 ); - MBEDTLS_PUT_UINT32_BE( ctx->state[2], output, 8 ); - MBEDTLS_PUT_UINT32_BE( ctx->state[3], output, 12 ); - MBEDTLS_PUT_UINT32_BE( ctx->state[4], output, 16 ); - MBEDTLS_PUT_UINT32_BE( ctx->state[5], output, 20 ); - MBEDTLS_PUT_UINT32_BE( ctx->state[6], output, 24 ); - - if( ctx->is224 == 0 ) - MBEDTLS_PUT_UINT32_BE( ctx->state[7], output, 28 ); - - return( 0 ); + MBEDTLS_PUT_UINT32_BE(ctx->state[0], output, 0); + MBEDTLS_PUT_UINT32_BE(ctx->state[1], output, 4); + MBEDTLS_PUT_UINT32_BE(ctx->state[2], output, 8); + MBEDTLS_PUT_UINT32_BE(ctx->state[3], output, 12); + MBEDTLS_PUT_UINT32_BE(ctx->state[4], output, 16); + MBEDTLS_PUT_UINT32_BE(ctx->state[5], output, 20); + MBEDTLS_PUT_UINT32_BE(ctx->state[6], output, 24); + + if (ctx->is224 == 0) { + MBEDTLS_PUT_UINT32_BE(ctx->state[7], output, 28); + } + + return 0; } #if !defined(MBEDTLS_DEPRECATED_REMOVED) -void mbedtls_sha256_finish( mbedtls_sha256_context *ctx, - unsigned char output[32] ) +void mbedtls_sha256_finish(mbedtls_sha256_context *ctx, + unsigned char output[32]) { - mbedtls_sha256_finish_ret( ctx, output ); + mbedtls_sha256_finish_ret(ctx, output); } #endif @@ -398,42 +399,45 @@ void mbedtls_sha256_finish( mbedtls_sha256_context *ctx, /* * output = SHA-256( input buffer ) */ -int mbedtls_sha256_ret( const unsigned char *input, - size_t ilen, - unsigned char output[32], - int is224 ) +int mbedtls_sha256_ret(const unsigned char *input, + size_t ilen, + unsigned char output[32], + int is224) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_sha256_context ctx; - SHA256_VALIDATE_RET( is224 == 0 || is224 == 1 ); - SHA256_VALIDATE_RET( ilen == 0 || input != NULL ); - SHA256_VALIDATE_RET( (unsigned char *)output != NULL ); + SHA256_VALIDATE_RET(is224 == 0 || is224 == 1); + SHA256_VALIDATE_RET(ilen == 0 || input != NULL); + SHA256_VALIDATE_RET((unsigned char *) output != NULL); - mbedtls_sha256_init( &ctx ); + mbedtls_sha256_init(&ctx); - if( ( ret = mbedtls_sha256_starts_ret( &ctx, is224 ) ) != 0 ) + if ((ret = mbedtls_sha256_starts_ret(&ctx, is224)) != 0) { goto exit; + } - if( ( ret = mbedtls_sha256_update_ret( &ctx, input, ilen ) ) != 0 ) + if ((ret = mbedtls_sha256_update_ret(&ctx, input, ilen)) != 0) { goto exit; + } - if( ( ret = mbedtls_sha256_finish_ret( &ctx, output ) ) != 0 ) + if ((ret = mbedtls_sha256_finish_ret(&ctx, output)) != 0) { goto exit; + } exit: - mbedtls_sha256_free( &ctx ); + mbedtls_sha256_free(&ctx); - return( ret ); + return ret; } #if !defined(MBEDTLS_DEPRECATED_REMOVED) -void mbedtls_sha256( const unsigned char *input, - size_t ilen, - unsigned char output[32], - int is224 ) +void mbedtls_sha256(const unsigned char *input, + size_t ilen, + unsigned char output[32], + int is224) { - mbedtls_sha256_ret( input, ilen, output, is224 ); + mbedtls_sha256_ret(input, ilen, output, is224); } #endif @@ -491,83 +495,85 @@ static const unsigned char sha256_test_sum[6][32] = /* * Checkup routine */ -int mbedtls_sha256_self_test( int verbose ) +int mbedtls_sha256_self_test(int verbose) { int i, j, k, buflen, ret = 0; unsigned char *buf; unsigned char sha256sum[32]; mbedtls_sha256_context ctx; - buf = mbedtls_calloc( 1024, sizeof(unsigned char) ); - if( NULL == buf ) - { - if( verbose != 0 ) - mbedtls_printf( "Buffer allocation failed\n" ); + buf = mbedtls_calloc(1024, sizeof(unsigned char)); + if (NULL == buf) { + if (verbose != 0) { + mbedtls_printf("Buffer allocation failed\n"); + } - return( 1 ); + return 1; } - mbedtls_sha256_init( &ctx ); + mbedtls_sha256_init(&ctx); - for( i = 0; i < 6; i++ ) - { + for (i = 0; i < 6; i++) { j = i % 3; k = i < 3; - if( verbose != 0 ) - mbedtls_printf( " SHA-%d test #%d: ", 256 - k * 32, j + 1 ); + if (verbose != 0) { + mbedtls_printf(" SHA-%d test #%d: ", 256 - k * 32, j + 1); + } - if( ( ret = mbedtls_sha256_starts_ret( &ctx, k ) ) != 0 ) + if ((ret = mbedtls_sha256_starts_ret(&ctx, k)) != 0) { goto fail; + } - if( j == 2 ) - { - memset( buf, 'a', buflen = 1000 ); + if (j == 2) { + memset(buf, 'a', buflen = 1000); - for( j = 0; j < 1000; j++ ) - { - ret = mbedtls_sha256_update_ret( &ctx, buf, buflen ); - if( ret != 0 ) + for (j = 0; j < 1000; j++) { + ret = mbedtls_sha256_update_ret(&ctx, buf, buflen); + if (ret != 0) { goto fail; + } } - } - else - { - ret = mbedtls_sha256_update_ret( &ctx, sha256_test_buf[j], - sha256_test_buflen[j] ); - if( ret != 0 ) - goto fail; + } else { + ret = mbedtls_sha256_update_ret(&ctx, sha256_test_buf[j], + sha256_test_buflen[j]); + if (ret != 0) { + goto fail; + } } - if( ( ret = mbedtls_sha256_finish_ret( &ctx, sha256sum ) ) != 0 ) + if ((ret = mbedtls_sha256_finish_ret(&ctx, sha256sum)) != 0) { goto fail; + } - if( memcmp( sha256sum, sha256_test_sum[i], 32 - k * 4 ) != 0 ) - { + if (memcmp(sha256sum, sha256_test_sum[i], 32 - k * 4) != 0) { ret = 1; goto fail; } - if( verbose != 0 ) - mbedtls_printf( "passed\n" ); + if (verbose != 0) { + mbedtls_printf("passed\n"); + } } - if( verbose != 0 ) - mbedtls_printf( "\n" ); + if (verbose != 0) { + mbedtls_printf("\n"); + } goto exit; fail: - if( verbose != 0 ) - mbedtls_printf( "failed\n" ); + if (verbose != 0) { + mbedtls_printf("failed\n"); + } exit: - mbedtls_sha256_free( &ctx ); - mbedtls_free( buf ); + mbedtls_sha256_free(&ctx); + mbedtls_free(buf); - return( ret ); + return ret; } #endif /* MBEDTLS_SELF_TEST */ diff --git a/thirdparty/mbedtls/library/sha512.c b/thirdparty/mbedtls/library/sha512.c index 1a6872c8aa..f6b7c1fbf1 100644 --- a/thirdparty/mbedtls/library/sha512.c +++ b/thirdparty/mbedtls/library/sha512.c @@ -41,13 +41,13 @@ #include "mbedtls/platform.h" #define SHA512_VALIDATE_RET(cond) \ - MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_SHA512_BAD_INPUT_DATA ) -#define SHA512_VALIDATE(cond) MBEDTLS_INTERNAL_VALIDATE( cond ) + MBEDTLS_INTERNAL_VALIDATE_RET(cond, MBEDTLS_ERR_SHA512_BAD_INPUT_DATA) +#define SHA512_VALIDATE(cond) MBEDTLS_INTERNAL_VALIDATE(cond) #if !defined(MBEDTLS_SHA512_ALT) #if defined(MBEDTLS_SHA512_SMALLER) -static void sha512_put_uint64_be( uint64_t n, unsigned char *b, uint8_t i ) +static void sha512_put_uint64_be(uint64_t n, unsigned char *b, uint8_t i) { MBEDTLS_PUT_UINT64_BE(n, b, i); } @@ -55,26 +55,27 @@ static void sha512_put_uint64_be( uint64_t n, unsigned char *b, uint8_t i ) #define sha512_put_uint64_be MBEDTLS_PUT_UINT64_BE #endif /* MBEDTLS_SHA512_SMALLER */ -void mbedtls_sha512_init( mbedtls_sha512_context *ctx ) +void mbedtls_sha512_init(mbedtls_sha512_context *ctx) { - SHA512_VALIDATE( ctx != NULL ); + SHA512_VALIDATE(ctx != NULL); - memset( ctx, 0, sizeof( mbedtls_sha512_context ) ); + memset(ctx, 0, sizeof(mbedtls_sha512_context)); } -void mbedtls_sha512_free( mbedtls_sha512_context *ctx ) +void mbedtls_sha512_free(mbedtls_sha512_context *ctx) { - if( ctx == NULL ) + if (ctx == NULL) { return; + } - mbedtls_platform_zeroize( ctx, sizeof( mbedtls_sha512_context ) ); + mbedtls_platform_zeroize(ctx, sizeof(mbedtls_sha512_context)); } -void mbedtls_sha512_clone( mbedtls_sha512_context *dst, - const mbedtls_sha512_context *src ) +void mbedtls_sha512_clone(mbedtls_sha512_context *dst, + const mbedtls_sha512_context *src) { - SHA512_VALIDATE( dst != NULL ); - SHA512_VALIDATE( src != NULL ); + SHA512_VALIDATE(dst != NULL); + SHA512_VALIDATE(src != NULL); *dst = *src; } @@ -82,20 +83,19 @@ void mbedtls_sha512_clone( mbedtls_sha512_context *dst, /* * SHA-512 context setup */ -int mbedtls_sha512_starts_ret( mbedtls_sha512_context *ctx, int is384 ) +int mbedtls_sha512_starts_ret(mbedtls_sha512_context *ctx, int is384) { - SHA512_VALIDATE_RET( ctx != NULL ); + SHA512_VALIDATE_RET(ctx != NULL); #if !defined(MBEDTLS_SHA512_NO_SHA384) - SHA512_VALIDATE_RET( is384 == 0 || is384 == 1 ); + SHA512_VALIDATE_RET(is384 == 0 || is384 == 1); #else - SHA512_VALIDATE_RET( is384 == 0 ); + SHA512_VALIDATE_RET(is384 == 0); #endif ctx->total[0] = 0; ctx->total[1] = 0; - if( is384 == 0 ) - { + if (is384 == 0) { /* SHA-512 */ ctx->state[0] = UL64(0x6A09E667F3BCC908); ctx->state[1] = UL64(0xBB67AE8584CAA73B); @@ -105,11 +105,9 @@ int mbedtls_sha512_starts_ret( mbedtls_sha512_context *ctx, int is384 ) ctx->state[5] = UL64(0x9B05688C2B3E6C1F); ctx->state[6] = UL64(0x1F83D9ABFB41BD6B); ctx->state[7] = UL64(0x5BE0CD19137E2179); - } - else - { + } else { #if defined(MBEDTLS_SHA512_NO_SHA384) - return( MBEDTLS_ERR_SHA512_BAD_INPUT_DATA ); + return MBEDTLS_ERR_SHA512_BAD_INPUT_DATA; #else /* SHA-384 */ ctx->state[0] = UL64(0xCBBB9D5DC1059ED8); @@ -127,14 +125,14 @@ int mbedtls_sha512_starts_ret( mbedtls_sha512_context *ctx, int is384 ) ctx->is384 = is384; #endif - return( 0 ); + return 0; } #if !defined(MBEDTLS_DEPRECATED_REMOVED) -void mbedtls_sha512_starts( mbedtls_sha512_context *ctx, - int is384 ) +void mbedtls_sha512_starts(mbedtls_sha512_context *ctx, + int is384) { - mbedtls_sha512_starts_ret( ctx, is384 ); + mbedtls_sha512_starts_ret(ctx, is384); } #endif @@ -187,57 +185,53 @@ static const uint64_t K[80] = UL64(0x5FCB6FAB3AD6FAEC), UL64(0x6C44198C4A475817) }; -int mbedtls_internal_sha512_process( mbedtls_sha512_context *ctx, - const unsigned char data[128] ) +int mbedtls_internal_sha512_process(mbedtls_sha512_context *ctx, + const unsigned char data[128]) { int i; - struct - { + struct { uint64_t temp1, temp2, W[80]; uint64_t A[8]; } local; - SHA512_VALIDATE_RET( ctx != NULL ); - SHA512_VALIDATE_RET( (const unsigned char *)data != NULL ); + SHA512_VALIDATE_RET(ctx != NULL); + SHA512_VALIDATE_RET((const unsigned char *) data != NULL); -#define SHR(x,n) ((x) >> (n)) -#define ROTR(x,n) (SHR((x),(n)) | ((x) << (64 - (n)))) +#define SHR(x, n) ((x) >> (n)) +#define ROTR(x, n) (SHR((x), (n)) | ((x) << (64 - (n)))) #define S0(x) (ROTR(x, 1) ^ ROTR(x, 8) ^ SHR(x, 7)) -#define S1(x) (ROTR(x,19) ^ ROTR(x,61) ^ SHR(x, 6)) +#define S1(x) (ROTR(x, 19) ^ ROTR(x, 61) ^ SHR(x, 6)) -#define S2(x) (ROTR(x,28) ^ ROTR(x,34) ^ ROTR(x,39)) -#define S3(x) (ROTR(x,14) ^ ROTR(x,18) ^ ROTR(x,41)) +#define S2(x) (ROTR(x, 28) ^ ROTR(x, 34) ^ ROTR(x, 39)) +#define S3(x) (ROTR(x, 14) ^ ROTR(x, 18) ^ ROTR(x, 41)) -#define F0(x,y,z) (((x) & (y)) | ((z) & ((x) | (y)))) -#define F1(x,y,z) ((z) ^ ((x) & ((y) ^ (z)))) +#define F0(x, y, z) (((x) & (y)) | ((z) & ((x) | (y)))) +#define F1(x, y, z) ((z) ^ ((x) & ((y) ^ (z)))) -#define P(a,b,c,d,e,f,g,h,x,K) \ +#define P(a, b, c, d, e, f, g, h, x, K) \ do \ { \ - local.temp1 = (h) + S3(e) + F1((e),(f),(g)) + (K) + (x); \ - local.temp2 = S2(a) + F0((a),(b),(c)); \ + local.temp1 = (h) + S3(e) + F1((e), (f), (g)) + (K) + (x); \ + local.temp2 = S2(a) + F0((a), (b), (c)); \ (d) += local.temp1; (h) = local.temp1 + local.temp2; \ - } while( 0 ) + } while (0) - for( i = 0; i < 8; i++ ) + for (i = 0; i < 8; i++) { local.A[i] = ctx->state[i]; + } #if defined(MBEDTLS_SHA512_SMALLER) - for( i = 0; i < 80; i++ ) - { - if( i < 16 ) - { - local.W[i] = MBEDTLS_GET_UINT64_BE( data, i << 3 ); - } - else - { + for (i = 0; i < 80; i++) { + if (i < 16) { + local.W[i] = MBEDTLS_GET_UINT64_BE(data, i << 3); + } else { local.W[i] = S1(local.W[i - 2]) + local.W[i - 7] + - S0(local.W[i - 15]) + local.W[i - 16]; + S0(local.W[i - 15]) + local.W[i - 16]; } - P( local.A[0], local.A[1], local.A[2], local.A[3], local.A[4], - local.A[5], local.A[6], local.A[7], local.W[i], K[i] ); + P(local.A[0], local.A[1], local.A[2], local.A[3], local.A[4], + local.A[5], local.A[6], local.A[7], local.W[i], K[i]); local.temp1 = local.A[7]; local.A[7] = local.A[6]; local.A[6] = local.A[5]; local.A[5] = local.A[4]; @@ -246,54 +240,51 @@ int mbedtls_internal_sha512_process( mbedtls_sha512_context *ctx, local.A[0] = local.temp1; } #else /* MBEDTLS_SHA512_SMALLER */ - for( i = 0; i < 16; i++ ) - { - local.W[i] = MBEDTLS_GET_UINT64_BE( data, i << 3 ); + for (i = 0; i < 16; i++) { + local.W[i] = MBEDTLS_GET_UINT64_BE(data, i << 3); } - for( ; i < 80; i++ ) - { + for (; i < 80; i++) { local.W[i] = S1(local.W[i - 2]) + local.W[i - 7] + - S0(local.W[i - 15]) + local.W[i - 16]; + S0(local.W[i - 15]) + local.W[i - 16]; } i = 0; - do - { - P( local.A[0], local.A[1], local.A[2], local.A[3], local.A[4], - local.A[5], local.A[6], local.A[7], local.W[i], K[i] ); i++; - P( local.A[7], local.A[0], local.A[1], local.A[2], local.A[3], - local.A[4], local.A[5], local.A[6], local.W[i], K[i] ); i++; - P( local.A[6], local.A[7], local.A[0], local.A[1], local.A[2], - local.A[3], local.A[4], local.A[5], local.W[i], K[i] ); i++; - P( local.A[5], local.A[6], local.A[7], local.A[0], local.A[1], - local.A[2], local.A[3], local.A[4], local.W[i], K[i] ); i++; - P( local.A[4], local.A[5], local.A[6], local.A[7], local.A[0], - local.A[1], local.A[2], local.A[3], local.W[i], K[i] ); i++; - P( local.A[3], local.A[4], local.A[5], local.A[6], local.A[7], - local.A[0], local.A[1], local.A[2], local.W[i], K[i] ); i++; - P( local.A[2], local.A[3], local.A[4], local.A[5], local.A[6], - local.A[7], local.A[0], local.A[1], local.W[i], K[i] ); i++; - P( local.A[1], local.A[2], local.A[3], local.A[4], local.A[5], - local.A[6], local.A[7], local.A[0], local.W[i], K[i] ); i++; - } - while( i < 80 ); + do { + P(local.A[0], local.A[1], local.A[2], local.A[3], local.A[4], + local.A[5], local.A[6], local.A[7], local.W[i], K[i]); i++; + P(local.A[7], local.A[0], local.A[1], local.A[2], local.A[3], + local.A[4], local.A[5], local.A[6], local.W[i], K[i]); i++; + P(local.A[6], local.A[7], local.A[0], local.A[1], local.A[2], + local.A[3], local.A[4], local.A[5], local.W[i], K[i]); i++; + P(local.A[5], local.A[6], local.A[7], local.A[0], local.A[1], + local.A[2], local.A[3], local.A[4], local.W[i], K[i]); i++; + P(local.A[4], local.A[5], local.A[6], local.A[7], local.A[0], + local.A[1], local.A[2], local.A[3], local.W[i], K[i]); i++; + P(local.A[3], local.A[4], local.A[5], local.A[6], local.A[7], + local.A[0], local.A[1], local.A[2], local.W[i], K[i]); i++; + P(local.A[2], local.A[3], local.A[4], local.A[5], local.A[6], + local.A[7], local.A[0], local.A[1], local.W[i], K[i]); i++; + P(local.A[1], local.A[2], local.A[3], local.A[4], local.A[5], + local.A[6], local.A[7], local.A[0], local.W[i], K[i]); i++; + } while (i < 80); #endif /* MBEDTLS_SHA512_SMALLER */ - for( i = 0; i < 8; i++ ) + for (i = 0; i < 8; i++) { ctx->state[i] += local.A[i]; + } /* Zeroise buffers and variables to clear sensitive data from memory. */ - mbedtls_platform_zeroize( &local, sizeof( local ) ); + mbedtls_platform_zeroize(&local, sizeof(local)); - return( 0 ); + return 0; } #if !defined(MBEDTLS_DEPRECATED_REMOVED) -void mbedtls_sha512_process( mbedtls_sha512_context *ctx, - const unsigned char data[128] ) +void mbedtls_sha512_process(mbedtls_sha512_context *ctx, + const unsigned char data[128]) { - mbedtls_internal_sha512_process( ctx, data ); + mbedtls_internal_sha512_process(ctx, data); } #endif #endif /* !MBEDTLS_SHA512_PROCESS_ALT */ @@ -301,76 +292,79 @@ void mbedtls_sha512_process( mbedtls_sha512_context *ctx, /* * SHA-512 process buffer */ -int mbedtls_sha512_update_ret( mbedtls_sha512_context *ctx, - const unsigned char *input, - size_t ilen ) +int mbedtls_sha512_update_ret(mbedtls_sha512_context *ctx, + const unsigned char *input, + size_t ilen) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t fill; unsigned int left; - SHA512_VALIDATE_RET( ctx != NULL ); - SHA512_VALIDATE_RET( ilen == 0 || input != NULL ); + SHA512_VALIDATE_RET(ctx != NULL); + SHA512_VALIDATE_RET(ilen == 0 || input != NULL); - if( ilen == 0 ) - return( 0 ); + if (ilen == 0) { + return 0; + } left = (unsigned int) (ctx->total[0] & 0x7F); fill = 128 - left; ctx->total[0] += (uint64_t) ilen; - if( ctx->total[0] < (uint64_t) ilen ) + if (ctx->total[0] < (uint64_t) ilen) { ctx->total[1]++; + } - if( left && ilen >= fill ) - { - memcpy( (void *) (ctx->buffer + left), input, fill ); + if (left && ilen >= fill) { + memcpy((void *) (ctx->buffer + left), input, fill); - if( ( ret = mbedtls_internal_sha512_process( ctx, ctx->buffer ) ) != 0 ) - return( ret ); + if ((ret = mbedtls_internal_sha512_process(ctx, ctx->buffer)) != 0) { + return ret; + } input += fill; ilen -= fill; left = 0; } - while( ilen >= 128 ) - { - if( ( ret = mbedtls_internal_sha512_process( ctx, input ) ) != 0 ) - return( ret ); + while (ilen >= 128) { + if ((ret = mbedtls_internal_sha512_process(ctx, input)) != 0) { + return ret; + } input += 128; ilen -= 128; } - if( ilen > 0 ) - memcpy( (void *) (ctx->buffer + left), input, ilen ); + if (ilen > 0) { + memcpy((void *) (ctx->buffer + left), input, ilen); + } - return( 0 ); + return 0; } #if !defined(MBEDTLS_DEPRECATED_REMOVED) -void mbedtls_sha512_update( mbedtls_sha512_context *ctx, - const unsigned char *input, - size_t ilen ) +void mbedtls_sha512_update(mbedtls_sha512_context *ctx, + const unsigned char *input, + size_t ilen) { - mbedtls_sha512_update_ret( ctx, input, ilen ); + mbedtls_sha512_update_ret(ctx, input, ilen); } #endif /* * SHA-512 final digest */ -int mbedtls_sha512_finish_ret( mbedtls_sha512_context *ctx, - unsigned char output[64] ) +int mbedtls_sha512_finish_ret(mbedtls_sha512_context *ctx, + unsigned char output[64]) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned used; uint64_t high, low; - SHA512_VALIDATE_RET( ctx != NULL ); - SHA512_VALIDATE_RET( (unsigned char *)output != NULL ); + SHA512_VALIDATE_RET(ctx != NULL); + SHA512_VALIDATE_RET((unsigned char *) output != NULL); /* * Add padding: 0x80 then 0x00 until 16 bytes remain for the length @@ -379,63 +373,61 @@ int mbedtls_sha512_finish_ret( mbedtls_sha512_context *ctx, ctx->buffer[used++] = 0x80; - if( used <= 112 ) - { + if (used <= 112) { /* Enough room for padding + length in current block */ - memset( ctx->buffer + used, 0, 112 - used ); - } - else - { + memset(ctx->buffer + used, 0, 112 - used); + } else { /* We'll need an extra block */ - memset( ctx->buffer + used, 0, 128 - used ); + memset(ctx->buffer + used, 0, 128 - used); - if( ( ret = mbedtls_internal_sha512_process( ctx, ctx->buffer ) ) != 0 ) - return( ret ); + if ((ret = mbedtls_internal_sha512_process(ctx, ctx->buffer)) != 0) { + return ret; + } - memset( ctx->buffer, 0, 112 ); + memset(ctx->buffer, 0, 112); } /* * Add message length */ - high = ( ctx->total[0] >> 61 ) - | ( ctx->total[1] << 3 ); - low = ( ctx->total[0] << 3 ); + high = (ctx->total[0] >> 61) + | (ctx->total[1] << 3); + low = (ctx->total[0] << 3); - sha512_put_uint64_be( high, ctx->buffer, 112 ); - sha512_put_uint64_be( low, ctx->buffer, 120 ); + sha512_put_uint64_be(high, ctx->buffer, 112); + sha512_put_uint64_be(low, ctx->buffer, 120); - if( ( ret = mbedtls_internal_sha512_process( ctx, ctx->buffer ) ) != 0 ) - return( ret ); + if ((ret = mbedtls_internal_sha512_process(ctx, ctx->buffer)) != 0) { + return ret; + } /* * Output final state */ - sha512_put_uint64_be( ctx->state[0], output, 0 ); - sha512_put_uint64_be( ctx->state[1], output, 8 ); - sha512_put_uint64_be( ctx->state[2], output, 16 ); - sha512_put_uint64_be( ctx->state[3], output, 24 ); - sha512_put_uint64_be( ctx->state[4], output, 32 ); - sha512_put_uint64_be( ctx->state[5], output, 40 ); + sha512_put_uint64_be(ctx->state[0], output, 0); + sha512_put_uint64_be(ctx->state[1], output, 8); + sha512_put_uint64_be(ctx->state[2], output, 16); + sha512_put_uint64_be(ctx->state[3], output, 24); + sha512_put_uint64_be(ctx->state[4], output, 32); + sha512_put_uint64_be(ctx->state[5], output, 40); int truncated = 0; #if !defined(MBEDTLS_SHA512_NO_SHA384) truncated = ctx->is384; #endif - if( !truncated ) - { - sha512_put_uint64_be( ctx->state[6], output, 48 ); - sha512_put_uint64_be( ctx->state[7], output, 56 ); + if (!truncated) { + sha512_put_uint64_be(ctx->state[6], output, 48); + sha512_put_uint64_be(ctx->state[7], output, 56); } - return( 0 ); + return 0; } #if !defined(MBEDTLS_DEPRECATED_REMOVED) -void mbedtls_sha512_finish( mbedtls_sha512_context *ctx, - unsigned char output[64] ) +void mbedtls_sha512_finish(mbedtls_sha512_context *ctx, + unsigned char output[64]) { - mbedtls_sha512_finish_ret( ctx, output ); + mbedtls_sha512_finish_ret(ctx, output); } #endif @@ -444,46 +436,49 @@ void mbedtls_sha512_finish( mbedtls_sha512_context *ctx, /* * output = SHA-512( input buffer ) */ -int mbedtls_sha512_ret( const unsigned char *input, - size_t ilen, - unsigned char output[64], - int is384 ) +int mbedtls_sha512_ret(const unsigned char *input, + size_t ilen, + unsigned char output[64], + int is384) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_sha512_context ctx; #if !defined(MBEDTLS_SHA512_NO_SHA384) - SHA512_VALIDATE_RET( is384 == 0 || is384 == 1 ); + SHA512_VALIDATE_RET(is384 == 0 || is384 == 1); #else - SHA512_VALIDATE_RET( is384 == 0 ); + SHA512_VALIDATE_RET(is384 == 0); #endif - SHA512_VALIDATE_RET( ilen == 0 || input != NULL ); - SHA512_VALIDATE_RET( (unsigned char *)output != NULL ); + SHA512_VALIDATE_RET(ilen == 0 || input != NULL); + SHA512_VALIDATE_RET((unsigned char *) output != NULL); - mbedtls_sha512_init( &ctx ); + mbedtls_sha512_init(&ctx); - if( ( ret = mbedtls_sha512_starts_ret( &ctx, is384 ) ) != 0 ) + if ((ret = mbedtls_sha512_starts_ret(&ctx, is384)) != 0) { goto exit; + } - if( ( ret = mbedtls_sha512_update_ret( &ctx, input, ilen ) ) != 0 ) + if ((ret = mbedtls_sha512_update_ret(&ctx, input, ilen)) != 0) { goto exit; + } - if( ( ret = mbedtls_sha512_finish_ret( &ctx, output ) ) != 0 ) + if ((ret = mbedtls_sha512_finish_ret(&ctx, output)) != 0) { goto exit; + } exit: - mbedtls_sha512_free( &ctx ); + mbedtls_sha512_free(&ctx); - return( ret ); + return ret; } #if !defined(MBEDTLS_DEPRECATED_REMOVED) -void mbedtls_sha512( const unsigned char *input, - size_t ilen, - unsigned char output[64], - int is384 ) +void mbedtls_sha512(const unsigned char *input, + size_t ilen, + unsigned char output[64], + int is384) { - mbedtls_sha512_ret( input, ilen, output, is384 ); + mbedtls_sha512_ret(input, ilen, output, is384); } #endif @@ -495,7 +490,9 @@ void mbedtls_sha512( const unsigned char *input, static const unsigned char sha512_test_buf[3][113] = { { "abc" }, - { "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu" }, + { + "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu" + }, { "" } }; @@ -559,31 +556,30 @@ static const unsigned char sha512_test_sum[][64] = 0x4E, 0xAD, 0xB2, 0x17, 0xAD, 0x8C, 0xC0, 0x9B } }; -#define ARRAY_LENGTH( a ) ( sizeof( a ) / sizeof( ( a )[0] ) ) +#define ARRAY_LENGTH(a) (sizeof(a) / sizeof((a)[0])) /* * Checkup routine */ -int mbedtls_sha512_self_test( int verbose ) +int mbedtls_sha512_self_test(int verbose) { int i, j, k, buflen, ret = 0; unsigned char *buf; unsigned char sha512sum[64]; mbedtls_sha512_context ctx; - buf = mbedtls_calloc( 1024, sizeof(unsigned char) ); - if( NULL == buf ) - { - if( verbose != 0 ) - mbedtls_printf( "Buffer allocation failed\n" ); + buf = mbedtls_calloc(1024, sizeof(unsigned char)); + if (NULL == buf) { + if (verbose != 0) { + mbedtls_printf("Buffer allocation failed\n"); + } - return( 1 ); + return 1; } - mbedtls_sha512_init( &ctx ); + mbedtls_sha512_init(&ctx); - for( i = 0; i < (int) ARRAY_LENGTH(sha512_test_sum); i++ ) - { + for (i = 0; i < (int) ARRAY_LENGTH(sha512_test_sum); i++) { j = i % 3; #if !defined(MBEDTLS_SHA512_NO_SHA384) k = i < 3; @@ -591,58 +587,61 @@ int mbedtls_sha512_self_test( int verbose ) k = 0; #endif - if( verbose != 0 ) - mbedtls_printf( " SHA-%d test #%d: ", 512 - k * 128, j + 1 ); + if (verbose != 0) { + mbedtls_printf(" SHA-%d test #%d: ", 512 - k * 128, j + 1); + } - if( ( ret = mbedtls_sha512_starts_ret( &ctx, k ) ) != 0 ) + if ((ret = mbedtls_sha512_starts_ret(&ctx, k)) != 0) { goto fail; + } - if( j == 2 ) - { - memset( buf, 'a', buflen = 1000 ); + if (j == 2) { + memset(buf, 'a', buflen = 1000); - for( j = 0; j < 1000; j++ ) - { - ret = mbedtls_sha512_update_ret( &ctx, buf, buflen ); - if( ret != 0 ) + for (j = 0; j < 1000; j++) { + ret = mbedtls_sha512_update_ret(&ctx, buf, buflen); + if (ret != 0) { goto fail; + } } - } - else - { - ret = mbedtls_sha512_update_ret( &ctx, sha512_test_buf[j], - sha512_test_buflen[j] ); - if( ret != 0 ) + } else { + ret = mbedtls_sha512_update_ret(&ctx, sha512_test_buf[j], + sha512_test_buflen[j]); + if (ret != 0) { goto fail; + } } - if( ( ret = mbedtls_sha512_finish_ret( &ctx, sha512sum ) ) != 0 ) + if ((ret = mbedtls_sha512_finish_ret(&ctx, sha512sum)) != 0) { goto fail; + } - if( memcmp( sha512sum, sha512_test_sum[i], 64 - k * 16 ) != 0 ) - { + if (memcmp(sha512sum, sha512_test_sum[i], 64 - k * 16) != 0) { ret = 1; goto fail; } - if( verbose != 0 ) - mbedtls_printf( "passed\n" ); + if (verbose != 0) { + mbedtls_printf("passed\n"); + } } - if( verbose != 0 ) - mbedtls_printf( "\n" ); + if (verbose != 0) { + mbedtls_printf("\n"); + } goto exit; fail: - if( verbose != 0 ) - mbedtls_printf( "failed\n" ); + if (verbose != 0) { + mbedtls_printf("failed\n"); + } exit: - mbedtls_sha512_free( &ctx ); - mbedtls_free( buf ); + mbedtls_sha512_free(&ctx); + mbedtls_free(buf); - return( ret ); + return ret; } #undef ARRAY_LENGTH diff --git a/thirdparty/mbedtls/library/ssl_cache.c b/thirdparty/mbedtls/library/ssl_cache.c index 7a600cad18..0f0e61077c 100644 --- a/thirdparty/mbedtls/library/ssl_cache.c +++ b/thirdparty/mbedtls/library/ssl_cache.c @@ -32,83 +32,79 @@ #include -void mbedtls_ssl_cache_init( mbedtls_ssl_cache_context *cache ) +void mbedtls_ssl_cache_init(mbedtls_ssl_cache_context *cache) { - memset( cache, 0, sizeof( mbedtls_ssl_cache_context ) ); + memset(cache, 0, sizeof(mbedtls_ssl_cache_context)); cache->timeout = MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT; cache->max_entries = MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES; #if defined(MBEDTLS_THREADING_C) - mbedtls_mutex_init( &cache->mutex ); + mbedtls_mutex_init(&cache->mutex); #endif } -int mbedtls_ssl_cache_get( void *data, mbedtls_ssl_session *session ) +int mbedtls_ssl_cache_get(void *data, mbedtls_ssl_session *session) { int ret = 1; #if defined(MBEDTLS_HAVE_TIME) - mbedtls_time_t t = mbedtls_time( NULL ); + mbedtls_time_t t = mbedtls_time(NULL); #endif mbedtls_ssl_cache_context *cache = (mbedtls_ssl_cache_context *) data; mbedtls_ssl_cache_entry *cur, *entry; #if defined(MBEDTLS_THREADING_C) - if( mbedtls_mutex_lock( &cache->mutex ) != 0 ) - return( 1 ); + if (mbedtls_mutex_lock(&cache->mutex) != 0) { + return 1; + } #endif cur = cache->chain; entry = NULL; - while( cur != NULL ) - { + while (cur != NULL) { entry = cur; cur = cur->next; #if defined(MBEDTLS_HAVE_TIME) - if( cache->timeout != 0 && - (int) ( t - entry->timestamp ) > cache->timeout ) + if (cache->timeout != 0 && + (int) (t - entry->timestamp) > cache->timeout) { continue; + } #endif - if( session->id_len != entry->session.id_len || - memcmp( session->id, entry->session.id, - entry->session.id_len ) != 0 ) - { + if (session->id_len != entry->session.id_len || + memcmp(session->id, entry->session.id, + entry->session.id_len) != 0) { continue; } - ret = mbedtls_ssl_session_copy( session, &entry->session ); - if( ret != 0 ) - { + ret = mbedtls_ssl_session_copy(session, &entry->session); + if (ret != 0) { ret = 1; goto exit; } #if defined(MBEDTLS_X509_CRT_PARSE_C) && \ - defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) + defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) /* * Restore peer certificate (without rest of the original chain) */ - if( entry->peer_cert.p != NULL ) - { + if (entry->peer_cert.p != NULL) { /* `session->peer_cert` is NULL after the call to * mbedtls_ssl_session_copy(), because cache entries * have the `peer_cert` field set to NULL. */ - if( ( session->peer_cert = mbedtls_calloc( 1, - sizeof(mbedtls_x509_crt) ) ) == NULL ) - { + if ((session->peer_cert = mbedtls_calloc(1, + sizeof(mbedtls_x509_crt))) == NULL) { ret = 1; goto exit; } - mbedtls_x509_crt_init( session->peer_cert ); - if( mbedtls_x509_crt_parse( session->peer_cert, entry->peer_cert.p, - entry->peer_cert.len ) != 0 ) - { - mbedtls_free( session->peer_cert ); + mbedtls_x509_crt_init(session->peer_cert); + if (mbedtls_x509_crt_parse(session->peer_cert, entry->peer_cert.p, + entry->peer_cert.len) != 0) { + mbedtls_free(session->peer_cert); session->peer_cert = NULL; ret = 1; goto exit; @@ -122,18 +118,19 @@ int mbedtls_ssl_cache_get( void *data, mbedtls_ssl_session *session ) exit: #if defined(MBEDTLS_THREADING_C) - if( mbedtls_mutex_unlock( &cache->mutex ) != 0 ) + if (mbedtls_mutex_unlock(&cache->mutex) != 0) { ret = 1; + } #endif - return( ret ); + return ret; } -int mbedtls_ssl_cache_set( void *data, const mbedtls_ssl_session *session ) +int mbedtls_ssl_cache_set(void *data, const mbedtls_ssl_session *session) { int ret = 1; #if defined(MBEDTLS_HAVE_TIME) - mbedtls_time_t t = mbedtls_time( NULL ), oldest = 0; + mbedtls_time_t t = mbedtls_time(NULL), oldest = 0; mbedtls_ssl_cache_entry *old = NULL; #endif mbedtls_ssl_cache_context *cache = (mbedtls_ssl_cache_context *) data; @@ -141,32 +138,31 @@ int mbedtls_ssl_cache_set( void *data, const mbedtls_ssl_session *session ) int count = 0; #if defined(MBEDTLS_THREADING_C) - if( ( ret = mbedtls_mutex_lock( &cache->mutex ) ) != 0 ) - return( ret ); + if ((ret = mbedtls_mutex_lock(&cache->mutex)) != 0) { + return ret; + } #endif cur = cache->chain; prv = NULL; - while( cur != NULL ) - { + while (cur != NULL) { count++; #if defined(MBEDTLS_HAVE_TIME) - if( cache->timeout != 0 && - (int) ( t - cur->timestamp ) > cache->timeout ) - { + if (cache->timeout != 0 && + (int) (t - cur->timestamp) > cache->timeout) { cur->timestamp = t; break; /* expired, reuse this slot, update timestamp */ } #endif - if( memcmp( session->id, cur->session.id, cur->session.id_len ) == 0 ) + if (memcmp(session->id, cur->session.id, cur->session.id_len) == 0) { break; /* client reconnected, keep timestamp for session id */ + } #if defined(MBEDTLS_HAVE_TIME) - if( oldest == 0 || cur->timestamp < oldest ) - { + if (oldest == 0 || cur->timestamp < oldest) { oldest = cur->timestamp; old = cur; } @@ -176,16 +172,13 @@ int mbedtls_ssl_cache_set( void *data, const mbedtls_ssl_session *session ) cur = cur->next; } - if( cur == NULL ) - { + if (cur == NULL) { #if defined(MBEDTLS_HAVE_TIME) /* * Reuse oldest entry if max_entries reached */ - if( count >= cache->max_entries ) - { - if( old == NULL ) - { + if (count >= cache->max_entries) { + if (old == NULL) { ret = 1; goto exit; } @@ -197,10 +190,8 @@ int mbedtls_ssl_cache_set( void *data, const mbedtls_ssl_session *session ) * Reuse first entry in chain if max_entries reached, * but move to last place */ - if( count >= cache->max_entries ) - { - if( cache->chain == NULL ) - { + if (count >= cache->max_entries) { + if (cache->chain == NULL) { ret = 1; goto exit; } @@ -211,22 +202,21 @@ int mbedtls_ssl_cache_set( void *data, const mbedtls_ssl_session *session ) prv->next = cur; } #endif /* MBEDTLS_HAVE_TIME */ - else - { + else { /* * max_entries not reached, create new entry */ - cur = mbedtls_calloc( 1, sizeof(mbedtls_ssl_cache_entry) ); - if( cur == NULL ) - { + cur = mbedtls_calloc(1, sizeof(mbedtls_ssl_cache_entry)); + if (cur == NULL) { ret = 1; goto exit; } - if( prv == NULL ) + if (prv == NULL) { cache->chain = cur; - else + } else { prv->next = cur; + } } #if defined(MBEDTLS_HAVE_TIME) @@ -239,10 +229,9 @@ int mbedtls_ssl_cache_set( void *data, const mbedtls_ssl_session *session ) /* * If we're reusing an entry, free its certificate first */ - if( cur->peer_cert.p != NULL ) - { - mbedtls_free( cur->peer_cert.p ); - memset( &cur->peer_cert, 0, sizeof(mbedtls_x509_buf) ); + if (cur->peer_cert.p != NULL) { + mbedtls_free(cur->peer_cert.p); + memset(&cur->peer_cert, 0, sizeof(mbedtls_x509_buf)); } #endif /* MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ @@ -251,9 +240,8 @@ int mbedtls_ssl_cache_set( void *data, const mbedtls_ssl_session *session ) * This inefficiency will go away as soon as we implement on-demand * parsing of CRTs, in which case there's no need for the `peer_cert` * field anymore in the first place, and we're done after this call. */ - ret = mbedtls_ssl_session_copy( &cur->session, session ); - if( ret != 0 ) - { + ret = mbedtls_ssl_session_copy(&cur->session, session); + if (ret != 0) { ret = 1; goto exit; } @@ -261,23 +249,21 @@ int mbedtls_ssl_cache_set( void *data, const mbedtls_ssl_session *session ) #if defined(MBEDTLS_X509_CRT_PARSE_C) && \ defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) /* If present, free the X.509 structure and only store the raw CRT data. */ - if( cur->session.peer_cert != NULL ) - { + if (cur->session.peer_cert != NULL) { cur->peer_cert.p = - mbedtls_calloc( 1, cur->session.peer_cert->raw.len ); - if( cur->peer_cert.p == NULL ) - { + mbedtls_calloc(1, cur->session.peer_cert->raw.len); + if (cur->peer_cert.p == NULL) { ret = 1; goto exit; } - memcpy( cur->peer_cert.p, - cur->session.peer_cert->raw.p, - cur->session.peer_cert->raw.len ); + memcpy(cur->peer_cert.p, + cur->session.peer_cert->raw.p, + cur->session.peer_cert->raw.len); cur->peer_cert.len = session->peer_cert->raw.len; - mbedtls_x509_crt_free( cur->session.peer_cert ); - mbedtls_free( cur->session.peer_cert ); + mbedtls_x509_crt_free(cur->session.peer_cert); + mbedtls_free(cur->session.peer_cert); cur->session.peer_cert = NULL; } #endif /* MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ @@ -286,52 +272,56 @@ int mbedtls_ssl_cache_set( void *data, const mbedtls_ssl_session *session ) exit: #if defined(MBEDTLS_THREADING_C) - if( mbedtls_mutex_unlock( &cache->mutex ) != 0 ) + if (mbedtls_mutex_unlock(&cache->mutex) != 0) { ret = 1; + } #endif - return( ret ); + return ret; } #if defined(MBEDTLS_HAVE_TIME) -void mbedtls_ssl_cache_set_timeout( mbedtls_ssl_cache_context *cache, int timeout ) +void mbedtls_ssl_cache_set_timeout(mbedtls_ssl_cache_context *cache, int timeout) { - if( timeout < 0 ) timeout = 0; + if (timeout < 0) { + timeout = 0; + } cache->timeout = timeout; } #endif /* MBEDTLS_HAVE_TIME */ -void mbedtls_ssl_cache_set_max_entries( mbedtls_ssl_cache_context *cache, int max ) +void mbedtls_ssl_cache_set_max_entries(mbedtls_ssl_cache_context *cache, int max) { - if( max < 0 ) max = 0; + if (max < 0) { + max = 0; + } cache->max_entries = max; } -void mbedtls_ssl_cache_free( mbedtls_ssl_cache_context *cache ) +void mbedtls_ssl_cache_free(mbedtls_ssl_cache_context *cache) { mbedtls_ssl_cache_entry *cur, *prv; cur = cache->chain; - while( cur != NULL ) - { + while (cur != NULL) { prv = cur; cur = cur->next; - mbedtls_ssl_session_free( &prv->session ); + mbedtls_ssl_session_free(&prv->session); #if defined(MBEDTLS_X509_CRT_PARSE_C) && \ - defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) - mbedtls_free( prv->peer_cert.p ); + defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) + mbedtls_free(prv->peer_cert.p); #endif /* MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ - mbedtls_free( prv ); + mbedtls_free(prv); } #if defined(MBEDTLS_THREADING_C) - mbedtls_mutex_free( &cache->mutex ); + mbedtls_mutex_free(&cache->mutex); #endif cache->chain = NULL; } diff --git a/thirdparty/mbedtls/library/ssl_ciphersuites.c b/thirdparty/mbedtls/library/ssl_ciphersuites.c index 2bc8a9bba0..b37921a1eb 100644 --- a/thirdparty/mbedtls/library/ssl_ciphersuites.c +++ b/thirdparty/mbedtls/library/ssl_ciphersuites.c @@ -455,14 +455,16 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #if defined(MBEDTLS_CAMELLIA_C) #if defined(MBEDTLS_CIPHER_MODE_CBC) #if defined(MBEDTLS_SHA256_C) - { MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-CBC-SHA256", + { MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256, + "TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-CBC-SHA256", MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 0 }, #endif /* MBEDTLS_SHA256_C */ #if defined(HAVE_SHA384) - { MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384, "TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-CBC-SHA384", + { MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384, + "TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-CBC-SHA384", MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, @@ -472,14 +474,16 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #if defined(MBEDTLS_GCM_C) #if defined(MBEDTLS_SHA256_C) - { MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256, "TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-GCM-SHA256", + { MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256, + "TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-GCM-SHA256", MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 0 }, #endif /* MBEDTLS_SHA256_C */ #if defined(HAVE_SHA384) - { MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384, "TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-GCM-SHA384", + { MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384, + "TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-GCM-SHA384", MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, @@ -574,14 +578,16 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #if defined(MBEDTLS_CAMELLIA_C) #if defined(MBEDTLS_CIPHER_MODE_CBC) #if defined(MBEDTLS_SHA256_C) - { MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA256", + { MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, + "TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA256", MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 0 }, #endif /* MBEDTLS_SHA256_C */ #if defined(HAVE_SHA384) - { MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384, "TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA384", + { MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384, + "TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA384", MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, @@ -591,14 +597,16 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #if defined(MBEDTLS_GCM_C) #if defined(MBEDTLS_SHA256_C) - { MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256, "TLS-ECDHE-RSA-WITH-CAMELLIA-128-GCM-SHA256", + { MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256, + "TLS-ECDHE-RSA-WITH-CAMELLIA-128-GCM-SHA256", MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 0 }, #endif /* MBEDTLS_SHA256_C */ #if defined(HAVE_SHA384) - { MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384, "TLS-ECDHE-RSA-WITH-CAMELLIA-256-GCM-SHA384", + { MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384, + "TLS-ECDHE-RSA-WITH-CAMELLIA-256-GCM-SHA384", MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, @@ -982,14 +990,16 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #if defined(MBEDTLS_CAMELLIA_C) #if defined(MBEDTLS_CIPHER_MODE_CBC) #if defined(MBEDTLS_SHA256_C) - { MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-ECDH-RSA-WITH-CAMELLIA-128-CBC-SHA256", + { MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256, + "TLS-ECDH-RSA-WITH-CAMELLIA-128-CBC-SHA256", MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 0 }, #endif /* MBEDTLS_SHA256_C */ #if defined(HAVE_SHA384) - { MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384, "TLS-ECDH-RSA-WITH-CAMELLIA-256-CBC-SHA384", + { MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384, + "TLS-ECDH-RSA-WITH-CAMELLIA-256-CBC-SHA384", MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, @@ -999,14 +1009,16 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #if defined(MBEDTLS_GCM_C) #if defined(MBEDTLS_SHA256_C) - { MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256, "TLS-ECDH-RSA-WITH-CAMELLIA-128-GCM-SHA256", + { MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256, + "TLS-ECDH-RSA-WITH-CAMELLIA-128-GCM-SHA256", MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 0 }, #endif /* MBEDTLS_SHA256_C */ #if defined(HAVE_SHA384) - { MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384, "TLS-ECDH-RSA-WITH-CAMELLIA-256-GCM-SHA384", + { MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384, + "TLS-ECDH-RSA-WITH-CAMELLIA-256-GCM-SHA384", MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, @@ -1101,14 +1113,16 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #if defined(MBEDTLS_CAMELLIA_C) #if defined(MBEDTLS_CIPHER_MODE_CBC) #if defined(MBEDTLS_SHA256_C) - { MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-ECDH-ECDSA-WITH-CAMELLIA-128-CBC-SHA256", + { MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256, + "TLS-ECDH-ECDSA-WITH-CAMELLIA-128-CBC-SHA256", MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 0 }, #endif /* MBEDTLS_SHA256_C */ #if defined(HAVE_SHA384) - { MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384, "TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384", + { MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384, + "TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384", MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, @@ -1118,14 +1132,16 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #if defined(MBEDTLS_GCM_C) #if defined(MBEDTLS_SHA256_C) - { MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256, "TLS-ECDH-ECDSA-WITH-CAMELLIA-128-GCM-SHA256", + { MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256, + "TLS-ECDH-ECDSA-WITH-CAMELLIA-128-GCM-SHA256", MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 0 }, #endif /* MBEDTLS_SHA256_C */ #if defined(HAVE_SHA384) - { MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384, "TLS-ECDH-ECDSA-WITH-CAMELLIA-256-GCM-SHA384", + { MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384, + "TLS-ECDH-ECDSA-WITH-CAMELLIA-256-GCM-SHA384", MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, @@ -1478,7 +1494,8 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #if defined(MBEDTLS_CAMELLIA_C) #if defined(MBEDTLS_CIPHER_MODE_CBC) #if defined(MBEDTLS_SHA256_C) - { MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256, "TLS-ECDHE-PSK-WITH-CAMELLIA-128-CBC-SHA256", + { MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256, + "TLS-ECDHE-PSK-WITH-CAMELLIA-128-CBC-SHA256", MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, @@ -1486,7 +1503,8 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #endif /* MBEDTLS_SHA256_C */ #if defined(HAVE_SHA384) - { MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384, "TLS-ECDHE-PSK-WITH-CAMELLIA-256-CBC-SHA384", + { MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384, + "TLS-ECDHE-PSK-WITH-CAMELLIA-256-CBC-SHA384", MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, @@ -1808,7 +1826,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #if (defined(MBEDTLS_GCM_C) && defined(HAVE_SHA384)) { MBEDTLS_TLS_RSA_WITH_ARIA_256_GCM_SHA384, - "TLS-RSA-WITH-ARIA-256-GCM-SHA384", + "TLS-RSA-WITH-ARIA-256-GCM-SHA384", MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, @@ -1816,7 +1834,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #endif #if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(HAVE_SHA384)) { MBEDTLS_TLS_RSA_WITH_ARIA_256_CBC_SHA384, - "TLS-RSA-WITH-ARIA-256-CBC-SHA384", + "TLS-RSA-WITH-ARIA-256-CBC-SHA384", MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, @@ -1824,7 +1842,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #endif #if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_SHA256_C)) { MBEDTLS_TLS_RSA_WITH_ARIA_128_GCM_SHA256, - "TLS-RSA-WITH-ARIA-128-GCM-SHA256", + "TLS-RSA-WITH-ARIA-128-GCM-SHA256", MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, @@ -1832,7 +1850,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #endif #if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_SHA256_C)) { MBEDTLS_TLS_RSA_WITH_ARIA_128_CBC_SHA256, - "TLS-RSA-WITH-ARIA-128-CBC-SHA256", + "TLS-RSA-WITH-ARIA-128-CBC-SHA256", MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, @@ -1845,7 +1863,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #if (defined(MBEDTLS_GCM_C) && defined(HAVE_SHA384)) { MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384, - "TLS-RSA-PSK-WITH-ARIA-256-GCM-SHA384", + "TLS-RSA-PSK-WITH-ARIA-256-GCM-SHA384", MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, @@ -1853,7 +1871,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #endif #if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(HAVE_SHA384)) { MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384, - "TLS-RSA-PSK-WITH-ARIA-256-CBC-SHA384", + "TLS-RSA-PSK-WITH-ARIA-256-CBC-SHA384", MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, @@ -1861,7 +1879,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #endif #if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_SHA256_C)) { MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256, - "TLS-RSA-PSK-WITH-ARIA-128-GCM-SHA256", + "TLS-RSA-PSK-WITH-ARIA-128-GCM-SHA256", MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, @@ -1869,7 +1887,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #endif #if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_SHA256_C)) { MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256, - "TLS-RSA-PSK-WITH-ARIA-128-CBC-SHA256", + "TLS-RSA-PSK-WITH-ARIA-128-CBC-SHA256", MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, @@ -1882,15 +1900,15 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #if (defined(MBEDTLS_GCM_C) && defined(HAVE_SHA384)) { MBEDTLS_TLS_PSK_WITH_ARIA_256_GCM_SHA384, - "TLS-PSK-WITH-ARIA-256-GCM-SHA384", - MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384,MBEDTLS_KEY_EXCHANGE_PSK, + "TLS-PSK-WITH-ARIA-256-GCM-SHA384", + MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 0 }, #endif #if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(HAVE_SHA384)) { MBEDTLS_TLS_PSK_WITH_ARIA_256_CBC_SHA384, - "TLS-PSK-WITH-ARIA-256-CBC-SHA384", + "TLS-PSK-WITH-ARIA-256-CBC-SHA384", MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, @@ -1898,7 +1916,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #endif #if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_SHA256_C)) { MBEDTLS_TLS_PSK_WITH_ARIA_128_GCM_SHA256, - "TLS-PSK-WITH-ARIA-128-GCM-SHA256", + "TLS-PSK-WITH-ARIA-128-GCM-SHA256", MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, @@ -1906,7 +1924,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #endif #if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_SHA256_C)) { MBEDTLS_TLS_PSK_WITH_ARIA_128_CBC_SHA256, - "TLS-PSK-WITH-ARIA-128-CBC-SHA256", + "TLS-PSK-WITH-ARIA-128-CBC-SHA256", MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, @@ -1919,7 +1937,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #if (defined(MBEDTLS_GCM_C) && defined(HAVE_SHA384)) { MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384, - "TLS-ECDH-RSA-WITH-ARIA-256-GCM-SHA384", + "TLS-ECDH-RSA-WITH-ARIA-256-GCM-SHA384", MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, @@ -1927,7 +1945,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #endif #if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(HAVE_SHA384)) { MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384, - "TLS-ECDH-RSA-WITH-ARIA-256-CBC-SHA384", + "TLS-ECDH-RSA-WITH-ARIA-256-CBC-SHA384", MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, @@ -1935,7 +1953,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #endif #if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_SHA256_C)) { MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256, - "TLS-ECDH-RSA-WITH-ARIA-128-GCM-SHA256", + "TLS-ECDH-RSA-WITH-ARIA-128-GCM-SHA256", MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, @@ -1943,7 +1961,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #endif #if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_SHA256_C)) { MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256, - "TLS-ECDH-RSA-WITH-ARIA-128-CBC-SHA256", + "TLS-ECDH-RSA-WITH-ARIA-128-CBC-SHA256", MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, @@ -1956,7 +1974,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #if (defined(MBEDTLS_GCM_C) && defined(HAVE_SHA384)) { MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384, - "TLS-ECDHE-RSA-WITH-ARIA-256-GCM-SHA384", + "TLS-ECDHE-RSA-WITH-ARIA-256-GCM-SHA384", MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, @@ -1964,7 +1982,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #endif #if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(HAVE_SHA384)) { MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384, - "TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384", + "TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384", MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, @@ -1972,7 +1990,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #endif #if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_SHA256_C)) { MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256, - "TLS-ECDHE-RSA-WITH-ARIA-128-GCM-SHA256", + "TLS-ECDHE-RSA-WITH-ARIA-128-GCM-SHA256", MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, @@ -1980,7 +1998,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #endif #if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_SHA256_C)) { MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256, - "TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256", + "TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256", MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, @@ -1993,7 +2011,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(HAVE_SHA384)) { MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384, - "TLS-ECDHE-PSK-WITH-ARIA-256-CBC-SHA384", + "TLS-ECDHE-PSK-WITH-ARIA-256-CBC-SHA384", MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, @@ -2001,7 +2019,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #endif #if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_SHA256_C)) { MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256, - "TLS-ECDHE-PSK-WITH-ARIA-128-CBC-SHA256", + "TLS-ECDHE-PSK-WITH-ARIA-128-CBC-SHA256", MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, @@ -2014,7 +2032,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #if (defined(MBEDTLS_GCM_C) && defined(HAVE_SHA384)) { MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384, - "TLS-ECDHE-ECDSA-WITH-ARIA-256-GCM-SHA384", + "TLS-ECDHE-ECDSA-WITH-ARIA-256-GCM-SHA384", MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, @@ -2022,7 +2040,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #endif #if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(HAVE_SHA384)) { MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384, - "TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384", + "TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384", MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, @@ -2030,7 +2048,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #endif #if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_SHA256_C)) { MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256, - "TLS-ECDHE-ECDSA-WITH-ARIA-128-GCM-SHA256", + "TLS-ECDHE-ECDSA-WITH-ARIA-128-GCM-SHA256", MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, @@ -2038,7 +2056,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #endif #if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_SHA256_C)) { MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256, - "TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256", + "TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256", MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, @@ -2051,7 +2069,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #if (defined(MBEDTLS_GCM_C) && defined(HAVE_SHA384)) { MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384, - "TLS-ECDH-ECDSA-WITH-ARIA-256-GCM-SHA384", + "TLS-ECDH-ECDSA-WITH-ARIA-256-GCM-SHA384", MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, @@ -2059,7 +2077,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #endif #if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(HAVE_SHA384)) { MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384, - "TLS-ECDH-ECDSA-WITH-ARIA-256-CBC-SHA384", + "TLS-ECDH-ECDSA-WITH-ARIA-256-CBC-SHA384", MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, @@ -2067,7 +2085,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #endif #if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_SHA256_C)) { MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256, - "TLS-ECDH-ECDSA-WITH-ARIA-128-GCM-SHA256", + "TLS-ECDH-ECDSA-WITH-ARIA-128-GCM-SHA256", MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, @@ -2075,7 +2093,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #endif #if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_SHA256_C)) { MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256, - "TLS-ECDH-ECDSA-WITH-ARIA-128-CBC-SHA256", + "TLS-ECDH-ECDSA-WITH-ARIA-128-CBC-SHA256", MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, @@ -2088,7 +2106,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #if (defined(MBEDTLS_GCM_C) && defined(HAVE_SHA384)) { MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384, - "TLS-DHE-RSA-WITH-ARIA-256-GCM-SHA384", + "TLS-DHE-RSA-WITH-ARIA-256-GCM-SHA384", MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_RSA, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, @@ -2096,7 +2114,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #endif #if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(HAVE_SHA384)) { MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384, - "TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384", + "TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384", MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_RSA, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, @@ -2104,7 +2122,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #endif #if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_SHA256_C)) { MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256, - "TLS-DHE-RSA-WITH-ARIA-128-GCM-SHA256", + "TLS-DHE-RSA-WITH-ARIA-128-GCM-SHA256", MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, @@ -2112,7 +2130,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #endif #if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_SHA256_C)) { MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256, - "TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256", + "TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256", MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, @@ -2125,7 +2143,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #if (defined(MBEDTLS_GCM_C) && defined(HAVE_SHA384)) { MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384, - "TLS-DHE-PSK-WITH-ARIA-256-GCM-SHA384", + "TLS-DHE-PSK-WITH-ARIA-256-GCM-SHA384", MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, @@ -2133,7 +2151,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #endif #if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(HAVE_SHA384)) { MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384, - "TLS-DHE-PSK-WITH-ARIA-256-CBC-SHA384", + "TLS-DHE-PSK-WITH-ARIA-256-CBC-SHA384", MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, @@ -2141,7 +2159,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #endif #if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_SHA256_C)) { MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256, - "TLS-DHE-PSK-WITH-ARIA-128-GCM-SHA256", + "TLS-DHE-PSK-WITH-ARIA-128-GCM-SHA256", MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, @@ -2149,7 +2167,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #endif #if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_SHA256_C)) { MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256, - "TLS-DHE-PSK-WITH-ARIA-128-CBC-SHA256", + "TLS-DHE-PSK-WITH-ARIA-128-CBC-SHA256", MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, @@ -2167,56 +2185,53 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = }; #if defined(MBEDTLS_SSL_CIPHERSUITES) -const int *mbedtls_ssl_list_ciphersuites( void ) +const int *mbedtls_ssl_list_ciphersuites(void) { - return( ciphersuite_preference ); + return ciphersuite_preference; } #else -#define MAX_CIPHERSUITES sizeof( ciphersuite_definitions ) / \ - sizeof( ciphersuite_definitions[0] ) +#define MAX_CIPHERSUITES sizeof(ciphersuite_definitions) / \ + sizeof(ciphersuite_definitions[0]) static int supported_ciphersuites[MAX_CIPHERSUITES]; static int supported_init = 0; MBEDTLS_CHECK_RETURN_CRITICAL -static int ciphersuite_is_removed( const mbedtls_ssl_ciphersuite_t *cs_info ) +static int ciphersuite_is_removed(const mbedtls_ssl_ciphersuite_t *cs_info) { - (void)cs_info; + (void) cs_info; #if defined(MBEDTLS_REMOVE_ARC4_CIPHERSUITES) - if( cs_info->cipher == MBEDTLS_CIPHER_ARC4_128 ) - return( 1 ); + if (cs_info->cipher == MBEDTLS_CIPHER_ARC4_128) { + return 1; + } #endif /* MBEDTLS_REMOVE_ARC4_CIPHERSUITES */ #if defined(MBEDTLS_REMOVE_3DES_CIPHERSUITES) - if( cs_info->cipher == MBEDTLS_CIPHER_DES_EDE3_ECB || - cs_info->cipher == MBEDTLS_CIPHER_DES_EDE3_CBC ) - { - return( 1 ); + if (cs_info->cipher == MBEDTLS_CIPHER_DES_EDE3_ECB || + cs_info->cipher == MBEDTLS_CIPHER_DES_EDE3_CBC) { + return 1; } #endif /* MBEDTLS_REMOVE_3DES_CIPHERSUITES */ - return( 0 ); + return 0; } -const int *mbedtls_ssl_list_ciphersuites( void ) +const int *mbedtls_ssl_list_ciphersuites(void) { /* * On initial call filter out all ciphersuites not supported by current * build based on presence in the ciphersuite_definitions. */ - if( supported_init == 0 ) - { + if (supported_init == 0) { const int *p; int *q; - for( p = ciphersuite_preference, q = supported_ciphersuites; + for (p = ciphersuite_preference, q = supported_ciphersuites; *p != 0 && q < supported_ciphersuites + MAX_CIPHERSUITES - 1; - p++ ) - { + p++) { const mbedtls_ssl_ciphersuite_t *cs_info; - if( ( cs_info = mbedtls_ssl_ciphersuite_from_id( *p ) ) != NULL && - !ciphersuite_is_removed( cs_info ) ) - { + if ((cs_info = mbedtls_ssl_ciphersuite_from_id(*p)) != NULL && + !ciphersuite_is_removed(cs_info)) { *(q++) = *p; } } @@ -2225,105 +2240,106 @@ const int *mbedtls_ssl_list_ciphersuites( void ) supported_init = 1; } - return( supported_ciphersuites ); + return supported_ciphersuites; } #endif /* MBEDTLS_SSL_CIPHERSUITES */ const mbedtls_ssl_ciphersuite_t *mbedtls_ssl_ciphersuite_from_string( - const char *ciphersuite_name ) + const char *ciphersuite_name) { const mbedtls_ssl_ciphersuite_t *cur = ciphersuite_definitions; - if( NULL == ciphersuite_name ) - return( NULL ); + if (NULL == ciphersuite_name) { + return NULL; + } - while( cur->id != 0 ) - { - if( 0 == strcmp( cur->name, ciphersuite_name ) ) - return( cur ); + while (cur->id != 0) { + if (0 == strcmp(cur->name, ciphersuite_name)) { + return cur; + } cur++; } - return( NULL ); + return NULL; } -const mbedtls_ssl_ciphersuite_t *mbedtls_ssl_ciphersuite_from_id( int ciphersuite ) +const mbedtls_ssl_ciphersuite_t *mbedtls_ssl_ciphersuite_from_id(int ciphersuite) { const mbedtls_ssl_ciphersuite_t *cur = ciphersuite_definitions; - while( cur->id != 0 ) - { - if( cur->id == ciphersuite ) - return( cur ); + while (cur->id != 0) { + if (cur->id == ciphersuite) { + return cur; + } cur++; } - return( NULL ); + return NULL; } -const char *mbedtls_ssl_get_ciphersuite_name( const int ciphersuite_id ) +const char *mbedtls_ssl_get_ciphersuite_name(const int ciphersuite_id) { const mbedtls_ssl_ciphersuite_t *cur; - cur = mbedtls_ssl_ciphersuite_from_id( ciphersuite_id ); + cur = mbedtls_ssl_ciphersuite_from_id(ciphersuite_id); - if( cur == NULL ) - return( "unknown" ); + if (cur == NULL) { + return "unknown"; + } - return( cur->name ); + return cur->name; } -int mbedtls_ssl_get_ciphersuite_id( const char *ciphersuite_name ) +int mbedtls_ssl_get_ciphersuite_id(const char *ciphersuite_name) { const mbedtls_ssl_ciphersuite_t *cur; - cur = mbedtls_ssl_ciphersuite_from_string( ciphersuite_name ); + cur = mbedtls_ssl_ciphersuite_from_string(ciphersuite_name); - if( cur == NULL ) - return( 0 ); + if (cur == NULL) { + return 0; + } - return( cur->id ); + return cur->id; } #if defined(MBEDTLS_PK_C) -mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_pk_alg( const mbedtls_ssl_ciphersuite_t *info ) +mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_pk_alg(const mbedtls_ssl_ciphersuite_t *info) { - switch( info->key_exchange ) - { + switch (info->key_exchange) { case MBEDTLS_KEY_EXCHANGE_RSA: case MBEDTLS_KEY_EXCHANGE_DHE_RSA: case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA: case MBEDTLS_KEY_EXCHANGE_RSA_PSK: - return( MBEDTLS_PK_RSA ); + return MBEDTLS_PK_RSA; case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA: - return( MBEDTLS_PK_ECDSA ); + return MBEDTLS_PK_ECDSA; case MBEDTLS_KEY_EXCHANGE_ECDH_RSA: case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA: - return( MBEDTLS_PK_ECKEY ); + return MBEDTLS_PK_ECKEY; default: - return( MBEDTLS_PK_NONE ); + return MBEDTLS_PK_NONE; } } -mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_alg( const mbedtls_ssl_ciphersuite_t *info ) +mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_alg(const mbedtls_ssl_ciphersuite_t *info) { - switch( info->key_exchange ) - { + switch (info->key_exchange) { case MBEDTLS_KEY_EXCHANGE_RSA: case MBEDTLS_KEY_EXCHANGE_DHE_RSA: case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA: - return( MBEDTLS_PK_RSA ); + return MBEDTLS_PK_RSA; case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA: - return( MBEDTLS_PK_ECDSA ); + return MBEDTLS_PK_ECDSA; default: - return( MBEDTLS_PK_NONE ); + return MBEDTLS_PK_NONE; } } @@ -2331,37 +2347,35 @@ mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_alg( const mbedtls_ssl_ciphers #if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \ defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) -int mbedtls_ssl_ciphersuite_uses_ec( const mbedtls_ssl_ciphersuite_t *info ) +int mbedtls_ssl_ciphersuite_uses_ec(const mbedtls_ssl_ciphersuite_t *info) { - switch( info->key_exchange ) - { + switch (info->key_exchange) { case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA: case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA: case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK: case MBEDTLS_KEY_EXCHANGE_ECDH_RSA: case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA: case MBEDTLS_KEY_EXCHANGE_ECJPAKE: - return( 1 ); + return 1; default: - return( 0 ); + return 0; } } #endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C || MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED*/ #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) -int mbedtls_ssl_ciphersuite_uses_psk( const mbedtls_ssl_ciphersuite_t *info ) +int mbedtls_ssl_ciphersuite_uses_psk(const mbedtls_ssl_ciphersuite_t *info) { - switch( info->key_exchange ) - { + switch (info->key_exchange) { case MBEDTLS_KEY_EXCHANGE_PSK: case MBEDTLS_KEY_EXCHANGE_RSA_PSK: case MBEDTLS_KEY_EXCHANGE_DHE_PSK: case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK: - return( 1 ); + return 1; default: - return( 0 ); + return 0; } } #endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ diff --git a/thirdparty/mbedtls/library/ssl_cli.c b/thirdparty/mbedtls/library/ssl_cli.c index b40ddb70b4..b693d53031 100644 --- a/thirdparty/mbedtls/library/ssl_cli.c +++ b/thirdparty/mbedtls/library/ssl_cli.c @@ -48,39 +48,40 @@ #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_conf_has_static_psk( mbedtls_ssl_config const *conf ) +static int ssl_conf_has_static_psk(mbedtls_ssl_config const *conf) { - if( conf->psk_identity == NULL || - conf->psk_identity_len == 0 ) - { - return( 0 ); + if (conf->psk_identity == NULL || + conf->psk_identity_len == 0) { + return 0; } - if( conf->psk != NULL && conf->psk_len != 0 ) - return( 1 ); + if (conf->psk != NULL && conf->psk_len != 0) { + return 1; + } #if defined(MBEDTLS_USE_PSA_CRYPTO) - if( ! mbedtls_svc_key_id_is_null( conf->psk_opaque ) ) - return( 1 ); + if (!mbedtls_svc_key_id_is_null(conf->psk_opaque)) { + return 1; + } #endif /* MBEDTLS_USE_PSA_CRYPTO */ - return( 0 ); + return 0; } #if defined(MBEDTLS_USE_PSA_CRYPTO) MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_conf_has_static_raw_psk( mbedtls_ssl_config const *conf ) +static int ssl_conf_has_static_raw_psk(mbedtls_ssl_config const *conf) { - if( conf->psk_identity == NULL || - conf->psk_identity_len == 0 ) - { - return( 0 ); + if (conf->psk_identity == NULL || + conf->psk_identity_len == 0) { + return 0; } - if( conf->psk != NULL && conf->psk_len != 0 ) - return( 1 ); + if (conf->psk != NULL && conf->psk_len != 0) { + return 1; + } - return( 0 ); + return 0; } #endif /* MBEDTLS_USE_PSA_CRYPTO */ @@ -88,26 +89,27 @@ static int ssl_conf_has_static_raw_psk( mbedtls_ssl_config const *conf ) #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_write_hostname_ext( mbedtls_ssl_context *ssl, - unsigned char *buf, - const unsigned char *end, - size_t *olen ) +static int ssl_write_hostname_ext(mbedtls_ssl_context *ssl, + unsigned char *buf, + const unsigned char *end, + size_t *olen) { unsigned char *p = buf; size_t hostname_len; *olen = 0; - if( ssl->hostname == NULL ) - return( 0 ); + if (ssl->hostname == NULL) { + return 0; + } - MBEDTLS_SSL_DEBUG_MSG( 3, - ( "client hello, adding server name extension: %s", - ssl->hostname ) ); + MBEDTLS_SSL_DEBUG_MSG(3, + ("client hello, adding server name extension: %s", + ssl->hostname)); - hostname_len = strlen( ssl->hostname ); + hostname_len = strlen(ssl->hostname); - MBEDTLS_SSL_CHK_BUF_PTR( p, end, hostname_len + 9 ); + MBEDTLS_SSL_CHK_BUF_PTR(p, end, hostname_len + 9); /* * Sect. 3, RFC 6066 (TLS Extensions Definitions) @@ -135,34 +137,34 @@ static int ssl_write_hostname_ext( mbedtls_ssl_context *ssl, * } ServerNameList; * */ - MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_SERVERNAME, p, 0 ); + MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_SERVERNAME, p, 0); p += 2; - MBEDTLS_PUT_UINT16_BE( hostname_len + 5, p, 0 ); + MBEDTLS_PUT_UINT16_BE(hostname_len + 5, p, 0); p += 2; - MBEDTLS_PUT_UINT16_BE( hostname_len + 3, p, 0 ); + MBEDTLS_PUT_UINT16_BE(hostname_len + 3, p, 0); p += 2; - *p++ = MBEDTLS_BYTE_0( MBEDTLS_TLS_EXT_SERVERNAME_HOSTNAME ); + *p++ = MBEDTLS_BYTE_0(MBEDTLS_TLS_EXT_SERVERNAME_HOSTNAME); - MBEDTLS_PUT_UINT16_BE( hostname_len, p, 0 ); + MBEDTLS_PUT_UINT16_BE(hostname_len, p, 0); p += 2; - memcpy( p, ssl->hostname, hostname_len ); + memcpy(p, ssl->hostname, hostname_len); *olen = hostname_len + 9; - return( 0 ); + return 0; } #endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */ #if defined(MBEDTLS_SSL_RENEGOTIATION) MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_write_renegotiation_ext( mbedtls_ssl_context *ssl, - unsigned char *buf, - const unsigned char *end, - size_t *olen ) +static int ssl_write_renegotiation_ext(mbedtls_ssl_context *ssl, + unsigned char *buf, + const unsigned char *end, + size_t *olen) { unsigned char *p = buf; @@ -171,29 +173,30 @@ static int ssl_write_renegotiation_ext( mbedtls_ssl_context *ssl, /* We're always including a TLS_EMPTY_RENEGOTIATION_INFO_SCSV in the * initial ClientHello, in which case also adding the renegotiation * info extension is NOT RECOMMENDED as per RFC 5746 Section 3.4. */ - if( ssl->renego_status != MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS ) - return( 0 ); + if (ssl->renego_status != MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS) { + return 0; + } - MBEDTLS_SSL_DEBUG_MSG( 3, - ( "client hello, adding renegotiation extension" ) ); + MBEDTLS_SSL_DEBUG_MSG(3, + ("client hello, adding renegotiation extension")); - MBEDTLS_SSL_CHK_BUF_PTR( p, end, 5 + ssl->verify_data_len ); + MBEDTLS_SSL_CHK_BUF_PTR(p, end, 5 + ssl->verify_data_len); /* * Secure renegotiation */ - MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_RENEGOTIATION_INFO, p, 0 ); + MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_RENEGOTIATION_INFO, p, 0); p += 2; *p++ = 0x00; - *p++ = MBEDTLS_BYTE_0( ssl->verify_data_len + 1 ); - *p++ = MBEDTLS_BYTE_0( ssl->verify_data_len ); + *p++ = MBEDTLS_BYTE_0(ssl->verify_data_len + 1); + *p++ = MBEDTLS_BYTE_0(ssl->verify_data_len); - memcpy( p, ssl->own_verify_data, ssl->verify_data_len ); + memcpy(p, ssl->own_verify_data, ssl->verify_data_len); *olen = 5 + ssl->verify_data_len; - return( 0 ); + return 0; } #endif /* MBEDTLS_SSL_RENEGOTIATION */ @@ -203,10 +206,10 @@ static int ssl_write_renegotiation_ext( mbedtls_ssl_context *ssl, #if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \ defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_write_signature_algorithms_ext( mbedtls_ssl_context *ssl, - unsigned char *buf, - const unsigned char *end, - size_t *olen ) +static int ssl_write_signature_algorithms_ext(mbedtls_ssl_context *ssl, + unsigned char *buf, + const unsigned char *end, + size_t *olen) { unsigned char *p = buf; size_t sig_alg_len = 0; @@ -218,50 +221,50 @@ static int ssl_write_signature_algorithms_ext( mbedtls_ssl_context *ssl, *olen = 0; - if( ssl->conf->max_minor_ver != MBEDTLS_SSL_MINOR_VERSION_3 ) - return( 0 ); + if (ssl->conf->max_minor_ver != MBEDTLS_SSL_MINOR_VERSION_3) { + return 0; + } - MBEDTLS_SSL_DEBUG_MSG( 3, - ( "client hello, adding signature_algorithms extension" ) ); + MBEDTLS_SSL_DEBUG_MSG(3, + ("client hello, adding signature_algorithms extension")); - if( ssl->conf->sig_hashes == NULL ) - return( MBEDTLS_ERR_SSL_BAD_CONFIG ); + if (ssl->conf->sig_hashes == NULL) { + return MBEDTLS_ERR_SSL_BAD_CONFIG; + } - for( md = ssl->conf->sig_hashes; *md != MBEDTLS_MD_NONE; md++ ) - { + for (md = ssl->conf->sig_hashes; *md != MBEDTLS_MD_NONE; md++) { #if defined(MBEDTLS_ECDSA_C) sig_alg_len += 2; #endif #if defined(MBEDTLS_RSA_C) sig_alg_len += 2; #endif - if( sig_alg_len > MBEDTLS_SSL_MAX_SIG_HASH_ALG_LIST_LEN ) - { - MBEDTLS_SSL_DEBUG_MSG( 3, - ( "length in bytes of sig-hash-alg extension too big" ) ); - return( MBEDTLS_ERR_SSL_BAD_CONFIG ); + if (sig_alg_len > MBEDTLS_SSL_MAX_SIG_HASH_ALG_LIST_LEN) { + MBEDTLS_SSL_DEBUG_MSG(3, + ("length in bytes of sig-hash-alg extension too big")); + return MBEDTLS_ERR_SSL_BAD_CONFIG; } } /* Empty signature algorithms list, this is a configuration error. */ - if( sig_alg_len == 0 ) - return( MBEDTLS_ERR_SSL_BAD_CONFIG ); + if (sig_alg_len == 0) { + return MBEDTLS_ERR_SSL_BAD_CONFIG; + } - MBEDTLS_SSL_CHK_BUF_PTR( p, end, sig_alg_len + 6 ); + MBEDTLS_SSL_CHK_BUF_PTR(p, end, sig_alg_len + 6); /* * Prepare signature_algorithms extension (TLS 1.2) */ sig_alg_len = 0; - for( md = ssl->conf->sig_hashes; *md != MBEDTLS_MD_NONE; md++ ) - { + for (md = ssl->conf->sig_hashes; *md != MBEDTLS_MD_NONE; md++) { #if defined(MBEDTLS_ECDSA_C) - sig_alg_list[sig_alg_len++] = mbedtls_ssl_hash_from_md_alg( *md ); + sig_alg_list[sig_alg_len++] = mbedtls_ssl_hash_from_md_alg(*md); sig_alg_list[sig_alg_len++] = MBEDTLS_SSL_SIG_ECDSA; #endif #if defined(MBEDTLS_RSA_C) - sig_alg_list[sig_alg_len++] = mbedtls_ssl_hash_from_md_alg( *md ); + sig_alg_list[sig_alg_len++] = mbedtls_ssl_hash_from_md_alg(*md); sig_alg_list[sig_alg_len++] = MBEDTLS_SSL_SIG_RSA; #endif } @@ -283,18 +286,18 @@ static int ssl_write_signature_algorithms_ext( mbedtls_ssl_context *ssl, * SignatureAndHashAlgorithm * supported_signature_algorithms<2..2^16-2>; */ - MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_SIG_ALG, p, 0 ); + MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_SIG_ALG, p, 0); p += 2; - MBEDTLS_PUT_UINT16_BE( sig_alg_len + 2, p, 0 ); + MBEDTLS_PUT_UINT16_BE(sig_alg_len + 2, p, 0); p += 2; - MBEDTLS_PUT_UINT16_BE( sig_alg_len, p, 0 ); + MBEDTLS_PUT_UINT16_BE(sig_alg_len, p, 0); p += 2; *olen = 6 + sig_alg_len; - return( 0 ); + return 0; } #endif /* MBEDTLS_SSL_PROTO_TLS1_2 && MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ @@ -302,10 +305,10 @@ static int ssl_write_signature_algorithms_ext( mbedtls_ssl_context *ssl, #if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \ defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_write_supported_elliptic_curves_ext( mbedtls_ssl_context *ssl, - unsigned char *buf, - const unsigned char *end, - size_t *olen ) +static int ssl_write_supported_elliptic_curves_ext(mbedtls_ssl_context *ssl, + unsigned char *buf, + const unsigned char *end, + size_t *olen) { unsigned char *p = buf; unsigned char *elliptic_curve_list = p + 6; @@ -315,80 +318,78 @@ static int ssl_write_supported_elliptic_curves_ext( mbedtls_ssl_context *ssl, *olen = 0; - MBEDTLS_SSL_DEBUG_MSG( 3, - ( "client hello, adding supported_elliptic_curves extension" ) ); + MBEDTLS_SSL_DEBUG_MSG(3, + ("client hello, adding supported_elliptic_curves extension")); - if( ssl->conf->curve_list == NULL ) - return( MBEDTLS_ERR_SSL_BAD_CONFIG ); + if (ssl->conf->curve_list == NULL) { + return MBEDTLS_ERR_SSL_BAD_CONFIG; + } - for( grp_id = ssl->conf->curve_list; + for (grp_id = ssl->conf->curve_list; *grp_id != MBEDTLS_ECP_DP_NONE; - grp_id++ ) - { - info = mbedtls_ecp_curve_info_from_grp_id( *grp_id ); - if( info == NULL ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, - ( "invalid curve in ssl configuration" ) ); - return( MBEDTLS_ERR_SSL_BAD_CONFIG ); + grp_id++) { + info = mbedtls_ecp_curve_info_from_grp_id(*grp_id); + if (info == NULL) { + MBEDTLS_SSL_DEBUG_MSG(1, + ("invalid curve in ssl configuration")); + return MBEDTLS_ERR_SSL_BAD_CONFIG; } elliptic_curve_len += 2; - if( elliptic_curve_len > MBEDTLS_SSL_MAX_CURVE_LIST_LEN ) - { - MBEDTLS_SSL_DEBUG_MSG( 3, - ( "malformed supported_elliptic_curves extension in config" ) ); - return( MBEDTLS_ERR_SSL_BAD_CONFIG ); + if (elliptic_curve_len > MBEDTLS_SSL_MAX_CURVE_LIST_LEN) { + MBEDTLS_SSL_DEBUG_MSG(3, + ("malformed supported_elliptic_curves extension in config")); + return MBEDTLS_ERR_SSL_BAD_CONFIG; } } /* Empty elliptic curve list, this is a configuration error. */ - if( elliptic_curve_len == 0 ) - return( MBEDTLS_ERR_SSL_BAD_CONFIG ); + if (elliptic_curve_len == 0) { + return MBEDTLS_ERR_SSL_BAD_CONFIG; + } - MBEDTLS_SSL_CHK_BUF_PTR( p, end, 6 + elliptic_curve_len ); + MBEDTLS_SSL_CHK_BUF_PTR(p, end, 6 + elliptic_curve_len); elliptic_curve_len = 0; - for( grp_id = ssl->conf->curve_list; + for (grp_id = ssl->conf->curve_list; *grp_id != MBEDTLS_ECP_DP_NONE; - grp_id++ ) - { - info = mbedtls_ecp_curve_info_from_grp_id( *grp_id ); - elliptic_curve_list[elliptic_curve_len++] = MBEDTLS_BYTE_1( info->tls_id ); - elliptic_curve_list[elliptic_curve_len++] = MBEDTLS_BYTE_0( info->tls_id ); + grp_id++) { + info = mbedtls_ecp_curve_info_from_grp_id(*grp_id); + elliptic_curve_list[elliptic_curve_len++] = MBEDTLS_BYTE_1(info->tls_id); + elliptic_curve_list[elliptic_curve_len++] = MBEDTLS_BYTE_0(info->tls_id); } - MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_SUPPORTED_ELLIPTIC_CURVES, p, 0 ); + MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_SUPPORTED_ELLIPTIC_CURVES, p, 0); p += 2; - MBEDTLS_PUT_UINT16_BE( elliptic_curve_len + 2, p, 0 ); + MBEDTLS_PUT_UINT16_BE(elliptic_curve_len + 2, p, 0); p += 2; - MBEDTLS_PUT_UINT16_BE( elliptic_curve_len, p, 0 ); + MBEDTLS_PUT_UINT16_BE(elliptic_curve_len, p, 0); p += 2; *olen = 6 + elliptic_curve_len; - return( 0 ); + return 0; } MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_write_supported_point_formats_ext( mbedtls_ssl_context *ssl, - unsigned char *buf, - const unsigned char *end, - size_t *olen ) +static int ssl_write_supported_point_formats_ext(mbedtls_ssl_context *ssl, + unsigned char *buf, + const unsigned char *end, + size_t *olen) { unsigned char *p = buf; (void) ssl; /* ssl used for debugging only */ *olen = 0; - MBEDTLS_SSL_DEBUG_MSG( 3, - ( "client hello, adding supported_point_formats extension" ) ); - MBEDTLS_SSL_CHK_BUF_PTR( p, end, 6 ); + MBEDTLS_SSL_DEBUG_MSG(3, + ("client hello, adding supported_point_formats extension")); + MBEDTLS_SSL_CHK_BUF_PTR(p, end, 6); - MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS, p, 0 ); + MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS, p, 0); p += 2; *p++ = 0x00; @@ -399,17 +400,17 @@ static int ssl_write_supported_point_formats_ext( mbedtls_ssl_context *ssl, *olen = 6; - return( 0 ); + return 0; } #endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C || MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_write_ecjpake_kkpp_ext( mbedtls_ssl_context *ssl, - unsigned char *buf, - const unsigned char *end, - size_t *olen ) +static int ssl_write_ecjpake_kkpp_ext(mbedtls_ssl_context *ssl, + unsigned char *buf, + const unsigned char *end, + size_t *olen) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char *p = buf; @@ -418,15 +419,16 @@ static int ssl_write_ecjpake_kkpp_ext( mbedtls_ssl_context *ssl, *olen = 0; /* Skip costly extension if we can't use EC J-PAKE anyway */ - if( mbedtls_ecjpake_check( &ssl->handshake->ecjpake_ctx ) != 0 ) - return( 0 ); + if (mbedtls_ecjpake_check(&ssl->handshake->ecjpake_ctx) != 0) { + return 0; + } - MBEDTLS_SSL_DEBUG_MSG( 3, - ( "client hello, adding ecjpake_kkpp extension" ) ); + MBEDTLS_SSL_DEBUG_MSG(3, + ("client hello, adding ecjpake_kkpp extension")); - MBEDTLS_SSL_CHK_BUF_PTR( p, end, 4 ); + MBEDTLS_SSL_CHK_BUF_PTR(p, end, 4); - MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_ECJPAKE_KKPP, p, 0 ); + MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_ECJPAKE_KKPP, p, 0); p += 2; /* @@ -434,56 +436,51 @@ static int ssl_write_ecjpake_kkpp_ext( mbedtls_ssl_context *ssl, * We don't want to compute fresh values every time (both for performance * and consistency reasons), so cache the extension content. */ - if( ssl->handshake->ecjpake_cache == NULL || - ssl->handshake->ecjpake_cache_len == 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 3, ( "generating new ecjpake parameters" ) ); - - ret = mbedtls_ecjpake_write_round_one( &ssl->handshake->ecjpake_ctx, - p + 2, end - p - 2, &kkpp_len, - ssl->conf->f_rng, ssl->conf->p_rng ); - if( ret != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1 , - "mbedtls_ecjpake_write_round_one", ret ); - return( ret ); + if (ssl->handshake->ecjpake_cache == NULL || + ssl->handshake->ecjpake_cache_len == 0) { + MBEDTLS_SSL_DEBUG_MSG(3, ("generating new ecjpake parameters")); + + ret = mbedtls_ecjpake_write_round_one(&ssl->handshake->ecjpake_ctx, + p + 2, end - p - 2, &kkpp_len, + ssl->conf->f_rng, ssl->conf->p_rng); + if (ret != 0) { + MBEDTLS_SSL_DEBUG_RET(1, + "mbedtls_ecjpake_write_round_one", ret); + return ret; } - ssl->handshake->ecjpake_cache = mbedtls_calloc( 1, kkpp_len ); - if( ssl->handshake->ecjpake_cache == NULL ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "allocation failed" ) ); - return( MBEDTLS_ERR_SSL_ALLOC_FAILED ); + ssl->handshake->ecjpake_cache = mbedtls_calloc(1, kkpp_len); + if (ssl->handshake->ecjpake_cache == NULL) { + MBEDTLS_SSL_DEBUG_MSG(1, ("allocation failed")); + return MBEDTLS_ERR_SSL_ALLOC_FAILED; } - memcpy( ssl->handshake->ecjpake_cache, p + 2, kkpp_len ); + memcpy(ssl->handshake->ecjpake_cache, p + 2, kkpp_len); ssl->handshake->ecjpake_cache_len = kkpp_len; - } - else - { - MBEDTLS_SSL_DEBUG_MSG( 3, ( "re-using cached ecjpake parameters" ) ); + } else { + MBEDTLS_SSL_DEBUG_MSG(3, ("re-using cached ecjpake parameters")); kkpp_len = ssl->handshake->ecjpake_cache_len; - MBEDTLS_SSL_CHK_BUF_PTR( p + 2, end, kkpp_len ); + MBEDTLS_SSL_CHK_BUF_PTR(p + 2, end, kkpp_len); - memcpy( p + 2, ssl->handshake->ecjpake_cache, kkpp_len ); + memcpy(p + 2, ssl->handshake->ecjpake_cache, kkpp_len); } - MBEDTLS_PUT_UINT16_BE( kkpp_len, p, 0 ); + MBEDTLS_PUT_UINT16_BE(kkpp_len, p, 0); p += 2; *olen = kkpp_len + 4; - return( 0 ); + return 0; } #endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_write_cid_ext( mbedtls_ssl_context *ssl, - unsigned char *buf, - const unsigned char *end, - size_t *olen ) +static int ssl_write_cid_ext(mbedtls_ssl_context *ssl, + unsigned char *buf, + const unsigned char *end, + size_t *olen) { unsigned char *p = buf; size_t ext_len; @@ -495,56 +492,56 @@ static int ssl_write_cid_ext( mbedtls_ssl_context *ssl, * struct { * opaque cid<0..2^8-1>; * } ConnectionId; - */ + */ *olen = 0; - if( ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM || - ssl->negotiate_cid == MBEDTLS_SSL_CID_DISABLED ) - { - return( 0 ); + if (ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM || + ssl->negotiate_cid == MBEDTLS_SSL_CID_DISABLED) { + return 0; } - MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding CID extension" ) ); + MBEDTLS_SSL_DEBUG_MSG(3, ("client hello, adding CID extension")); /* ssl->own_cid_len is at most MBEDTLS_SSL_CID_IN_LEN_MAX * which is at most 255, so the increment cannot overflow. */ - MBEDTLS_SSL_CHK_BUF_PTR( p, end, (unsigned)( ssl->own_cid_len + 5 ) ); + MBEDTLS_SSL_CHK_BUF_PTR(p, end, (unsigned) (ssl->own_cid_len + 5)); /* Add extension ID + size */ - MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_CID, p, 0 ); + MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_CID, p, 0); p += 2; ext_len = (size_t) ssl->own_cid_len + 1; - MBEDTLS_PUT_UINT16_BE( ext_len, p, 0 ); + MBEDTLS_PUT_UINT16_BE(ext_len, p, 0); p += 2; *p++ = (uint8_t) ssl->own_cid_len; - memcpy( p, ssl->own_cid, ssl->own_cid_len ); + memcpy(p, ssl->own_cid, ssl->own_cid_len); *olen = ssl->own_cid_len + 5; - return( 0 ); + return 0; } #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_write_max_fragment_length_ext( mbedtls_ssl_context *ssl, - unsigned char *buf, - const unsigned char *end, - size_t *olen ) +static int ssl_write_max_fragment_length_ext(mbedtls_ssl_context *ssl, + unsigned char *buf, + const unsigned char *end, + size_t *olen) { unsigned char *p = buf; *olen = 0; - if( ssl->conf->mfl_code == MBEDTLS_SSL_MAX_FRAG_LEN_NONE ) - return( 0 ); + if (ssl->conf->mfl_code == MBEDTLS_SSL_MAX_FRAG_LEN_NONE) { + return 0; + } - MBEDTLS_SSL_DEBUG_MSG( 3, - ( "client hello, adding max_fragment_length extension" ) ); + MBEDTLS_SSL_DEBUG_MSG(3, + ("client hello, adding max_fragment_length extension")); - MBEDTLS_SSL_CHK_BUF_PTR( p, end, 5 ); + MBEDTLS_SSL_CHK_BUF_PTR(p, end, 5); - MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH, p, 0 ); + MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH, p, 0); p += 2; *p++ = 0x00; @@ -554,30 +551,31 @@ static int ssl_write_max_fragment_length_ext( mbedtls_ssl_context *ssl, *olen = 5; - return( 0 ); + return 0; } #endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */ #if defined(MBEDTLS_SSL_TRUNCATED_HMAC) MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_write_truncated_hmac_ext( mbedtls_ssl_context *ssl, - unsigned char *buf, - const unsigned char *end, - size_t *olen ) +static int ssl_write_truncated_hmac_ext(mbedtls_ssl_context *ssl, + unsigned char *buf, + const unsigned char *end, + size_t *olen) { unsigned char *p = buf; *olen = 0; - if( ssl->conf->trunc_hmac == MBEDTLS_SSL_TRUNC_HMAC_DISABLED ) - return( 0 ); + if (ssl->conf->trunc_hmac == MBEDTLS_SSL_TRUNC_HMAC_DISABLED) { + return 0; + } - MBEDTLS_SSL_DEBUG_MSG( 3, - ( "client hello, adding truncated_hmac extension" ) ); + MBEDTLS_SSL_DEBUG_MSG(3, + ("client hello, adding truncated_hmac extension")); - MBEDTLS_SSL_CHK_BUF_PTR( p, end, 4 ); + MBEDTLS_SSL_CHK_BUF_PTR(p, end, 4); - MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_TRUNCATED_HMAC, p, 0 ); + MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_TRUNCATED_HMAC, p, 0); p += 2; *p++ = 0x00; @@ -585,31 +583,32 @@ static int ssl_write_truncated_hmac_ext( mbedtls_ssl_context *ssl, *olen = 4; - return( 0 ); + return 0; } #endif /* MBEDTLS_SSL_TRUNCATED_HMAC */ #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_write_encrypt_then_mac_ext( mbedtls_ssl_context *ssl, - unsigned char *buf, - const unsigned char *end, - size_t *olen ) +static int ssl_write_encrypt_then_mac_ext(mbedtls_ssl_context *ssl, + unsigned char *buf, + const unsigned char *end, + size_t *olen) { unsigned char *p = buf; *olen = 0; - if( ssl->conf->encrypt_then_mac == MBEDTLS_SSL_ETM_DISABLED || - ssl->conf->max_minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ) - return( 0 ); + if (ssl->conf->encrypt_then_mac == MBEDTLS_SSL_ETM_DISABLED || + ssl->conf->max_minor_ver == MBEDTLS_SSL_MINOR_VERSION_0) { + return 0; + } - MBEDTLS_SSL_DEBUG_MSG( 3, - ( "client hello, adding encrypt_then_mac extension" ) ); + MBEDTLS_SSL_DEBUG_MSG(3, + ("client hello, adding encrypt_then_mac extension")); - MBEDTLS_SSL_CHK_BUF_PTR( p, end, 4 ); + MBEDTLS_SSL_CHK_BUF_PTR(p, end, 4); - MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC, p, 0 ); + MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC, p, 0); p += 2; *p++ = 0x00; @@ -617,31 +616,32 @@ static int ssl_write_encrypt_then_mac_ext( mbedtls_ssl_context *ssl, *olen = 4; - return( 0 ); + return 0; } #endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */ #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_write_extended_ms_ext( mbedtls_ssl_context *ssl, - unsigned char *buf, - const unsigned char *end, - size_t *olen ) +static int ssl_write_extended_ms_ext(mbedtls_ssl_context *ssl, + unsigned char *buf, + const unsigned char *end, + size_t *olen) { unsigned char *p = buf; *olen = 0; - if( ssl->conf->extended_ms == MBEDTLS_SSL_EXTENDED_MS_DISABLED || - ssl->conf->max_minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ) - return( 0 ); + if (ssl->conf->extended_ms == MBEDTLS_SSL_EXTENDED_MS_DISABLED || + ssl->conf->max_minor_ver == MBEDTLS_SSL_MINOR_VERSION_0) { + return 0; + } - MBEDTLS_SSL_DEBUG_MSG( 3, - ( "client hello, adding extended_master_secret extension" ) ); + MBEDTLS_SSL_DEBUG_MSG(3, + ("client hello, adding extended_master_secret extension")); - MBEDTLS_SSL_CHK_BUF_PTR( p, end, 4 ); + MBEDTLS_SSL_CHK_BUF_PTR(p, end, 4); - MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET, p, 0 ); + MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET, p, 0); p += 2; *p++ = 0x00; @@ -649,59 +649,61 @@ static int ssl_write_extended_ms_ext( mbedtls_ssl_context *ssl, *olen = 4; - return( 0 ); + return 0; } #endif /* MBEDTLS_SSL_EXTENDED_MASTER_SECRET */ #if defined(MBEDTLS_SSL_SESSION_TICKETS) MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_write_session_ticket_ext( mbedtls_ssl_context *ssl, - unsigned char *buf, - const unsigned char *end, - size_t *olen ) +static int ssl_write_session_ticket_ext(mbedtls_ssl_context *ssl, + unsigned char *buf, + const unsigned char *end, + size_t *olen) { unsigned char *p = buf; size_t tlen = ssl->session_negotiate->ticket_len; *olen = 0; - if( ssl->conf->session_tickets == MBEDTLS_SSL_SESSION_TICKETS_DISABLED ) - return( 0 ); + if (ssl->conf->session_tickets == MBEDTLS_SSL_SESSION_TICKETS_DISABLED) { + return 0; + } - MBEDTLS_SSL_DEBUG_MSG( 3, - ( "client hello, adding session ticket extension" ) ); + MBEDTLS_SSL_DEBUG_MSG(3, + ("client hello, adding session ticket extension")); /* The addition is safe here since the ticket length is 16 bit. */ - MBEDTLS_SSL_CHK_BUF_PTR( p, end, 4 + tlen ); + MBEDTLS_SSL_CHK_BUF_PTR(p, end, 4 + tlen); - MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_SESSION_TICKET, p, 0 ); + MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_SESSION_TICKET, p, 0); p += 2; - MBEDTLS_PUT_UINT16_BE( tlen, p, 0 ); + MBEDTLS_PUT_UINT16_BE(tlen, p, 0); p += 2; *olen = 4; - if( ssl->session_negotiate->ticket == NULL || tlen == 0 ) - return( 0 ); + if (ssl->session_negotiate->ticket == NULL || tlen == 0) { + return 0; + } - MBEDTLS_SSL_DEBUG_MSG( 3, - ( "sending session ticket of length %" MBEDTLS_PRINTF_SIZET, tlen ) ); + MBEDTLS_SSL_DEBUG_MSG(3, + ("sending session ticket of length %" MBEDTLS_PRINTF_SIZET, tlen)); - memcpy( p, ssl->session_negotiate->ticket, tlen ); + memcpy(p, ssl->session_negotiate->ticket, tlen); *olen += tlen; - return( 0 ); + return 0; } #endif /* MBEDTLS_SSL_SESSION_TICKETS */ #if defined(MBEDTLS_SSL_ALPN) MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_write_alpn_ext( mbedtls_ssl_context *ssl, - unsigned char *buf, - const unsigned char *end, - size_t *olen ) +static int ssl_write_alpn_ext(mbedtls_ssl_context *ssl, + unsigned char *buf, + const unsigned char *end, + size_t *olen) { unsigned char *p = buf; size_t alpnlen = 0; @@ -709,17 +711,19 @@ static int ssl_write_alpn_ext( mbedtls_ssl_context *ssl, *olen = 0; - if( ssl->conf->alpn_list == NULL ) - return( 0 ); + if (ssl->conf->alpn_list == NULL) { + return 0; + } - MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding alpn extension" ) ); + MBEDTLS_SSL_DEBUG_MSG(3, ("client hello, adding alpn extension")); - for( cur = ssl->conf->alpn_list; *cur != NULL; cur++ ) - alpnlen += strlen( *cur ) + 1; + for (cur = ssl->conf->alpn_list; *cur != NULL; cur++) { + alpnlen += strlen(*cur) + 1; + } - MBEDTLS_SSL_CHK_BUF_PTR( p, end, 6 + alpnlen ); + MBEDTLS_SSL_CHK_BUF_PTR(p, end, 6 + alpnlen); - MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_ALPN, p, 0 ); + MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_ALPN, p, 0); p += 2; /* @@ -733,35 +737,34 @@ static int ssl_write_alpn_ext( mbedtls_ssl_context *ssl, /* Skip writing extension and list length for now */ p += 4; - for( cur = ssl->conf->alpn_list; *cur != NULL; cur++ ) - { + for (cur = ssl->conf->alpn_list; *cur != NULL; cur++) { /* * mbedtls_ssl_conf_set_alpn_protocols() checked that the length of * protocol names is less than 255. */ - *p = (unsigned char)strlen( *cur ); - memcpy( p + 1, *cur, *p ); + *p = (unsigned char) strlen(*cur); + memcpy(p + 1, *cur, *p); p += 1 + *p; } *olen = p - buf; /* List length = olen - 2 (ext_type) - 2 (ext_len) - 2 (list_len) */ - MBEDTLS_PUT_UINT16_BE( *olen - 6, buf, 4 ); + MBEDTLS_PUT_UINT16_BE(*olen - 6, buf, 4); /* Extension length = olen - 2 (ext_type) - 2 (ext_len) */ - MBEDTLS_PUT_UINT16_BE( *olen - 4, buf, 2 ); + MBEDTLS_PUT_UINT16_BE(*olen - 4, buf, 2); - return( 0 ); + return 0; } #endif /* MBEDTLS_SSL_ALPN */ #if defined(MBEDTLS_SSL_DTLS_SRTP) MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_write_use_srtp_ext( mbedtls_ssl_context *ssl, - unsigned char *buf, - const unsigned char *end, - size_t *olen ) +static int ssl_write_use_srtp_ext(mbedtls_ssl_context *ssl, + unsigned char *buf, + const unsigned char *end, + size_t *olen) { unsigned char *p = buf; size_t protection_profiles_index = 0, ext_len = 0; @@ -769,11 +772,10 @@ static int ssl_write_use_srtp_ext( mbedtls_ssl_context *ssl, *olen = 0; - if( ( ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM ) || - ( ssl->conf->dtls_srtp_profile_list == NULL ) || - ( ssl->conf->dtls_srtp_profile_list_len == 0 ) ) - { - return( 0 ); + if ((ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM) || + (ssl->conf->dtls_srtp_profile_list == NULL) || + (ssl->conf->dtls_srtp_profile_list_len == 0)) { + return 0; } /* RFC 5764 section 4.1.1 @@ -785,28 +787,27 @@ static int ssl_write_use_srtp_ext( mbedtls_ssl_context *ssl, * } UseSRTPData; * SRTPProtectionProfile SRTPProtectionProfiles<2..2^16-1>; */ - if( ssl->conf->dtls_srtp_mki_support == MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED ) - { + if (ssl->conf->dtls_srtp_mki_support == MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED) { mki_len = ssl->dtls_srtp_info.mki_len; } /* Extension length = 2 bytes for profiles length, * ssl->conf->dtls_srtp_profile_list_len * 2 (each profile is 2 bytes length ), * 1 byte for srtp_mki vector length and the mki_len value */ - ext_len = 2 + 2 * ( ssl->conf->dtls_srtp_profile_list_len ) + 1 + mki_len; + ext_len = 2 + 2 * (ssl->conf->dtls_srtp_profile_list_len) + 1 + mki_len; - MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding use_srtp extension" ) ); + MBEDTLS_SSL_DEBUG_MSG(3, ("client hello, adding use_srtp extension")); /* Check there is room in the buffer for the extension + 4 bytes * - the extension tag (2 bytes) * - the extension length (2 bytes) */ - MBEDTLS_SSL_CHK_BUF_PTR( p, end, ext_len + 4 ); + MBEDTLS_SSL_CHK_BUF_PTR(p, end, ext_len + 4); - MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_USE_SRTP, p, 0 ); + MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_USE_SRTP, p, 0); p += 2; - MBEDTLS_PUT_UINT16_BE( ext_len, p, 0 ); + MBEDTLS_PUT_UINT16_BE(ext_len, p, 0); p += 2; /* protection profile length: 2*(ssl->conf->dtls_srtp_profile_list_len) */ @@ -818,47 +819,42 @@ static int ssl_write_use_srtp_ext( mbedtls_ssl_context *ssl, * >> 8 ) & 0xFF ); */ *p++ = 0; - *p++ = MBEDTLS_BYTE_0( 2 * ssl->conf->dtls_srtp_profile_list_len ); + *p++ = MBEDTLS_BYTE_0(2 * ssl->conf->dtls_srtp_profile_list_len); - for( protection_profiles_index=0; + for (protection_profiles_index = 0; protection_profiles_index < ssl->conf->dtls_srtp_profile_list_len; - protection_profiles_index++ ) - { + protection_profiles_index++) { profile_value = mbedtls_ssl_check_srtp_profile_value - ( ssl->conf->dtls_srtp_profile_list[protection_profiles_index] ); - if( profile_value != MBEDTLS_TLS_SRTP_UNSET ) - { - MBEDTLS_SSL_DEBUG_MSG( 3, ( "ssl_write_use_srtp_ext, add profile: %04x", - profile_value ) ); - MBEDTLS_PUT_UINT16_BE( profile_value, p, 0 ); + (ssl->conf->dtls_srtp_profile_list[protection_profiles_index]); + if (profile_value != MBEDTLS_TLS_SRTP_UNSET) { + MBEDTLS_SSL_DEBUG_MSG(3, ("ssl_write_use_srtp_ext, add profile: %04x", + profile_value)); + MBEDTLS_PUT_UINT16_BE(profile_value, p, 0); p += 2; - } - else - { + } else { /* * Note: we shall never arrive here as protection profiles * is checked by mbedtls_ssl_conf_dtls_srtp_protection_profiles function */ - MBEDTLS_SSL_DEBUG_MSG( 3, - ( "client hello, " - "illegal DTLS-SRTP protection profile %d", - ssl->conf->dtls_srtp_profile_list[protection_profiles_index] - ) ); - return( MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED ); + MBEDTLS_SSL_DEBUG_MSG(3, + ("client hello, " + "illegal DTLS-SRTP protection profile %d", + ssl->conf->dtls_srtp_profile_list[protection_profiles_index] + )); + return MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; } } *p++ = mki_len & 0xFF; - if( mki_len != 0 ) - { - memcpy( p, ssl->dtls_srtp_info.mki_value, mki_len ); + if (mki_len != 0) { + memcpy(p, ssl->dtls_srtp_info.mki_value, mki_len); /* * Increment p to point to the current position. */ p += mki_len; - MBEDTLS_SSL_DEBUG_BUF( 3, "sending mki", ssl->dtls_srtp_info.mki_value, - ssl->dtls_srtp_info.mki_len ); + MBEDTLS_SSL_DEBUG_BUF(3, "sending mki", ssl->dtls_srtp_info.mki_value, + ssl->dtls_srtp_info.mki_len); } /* @@ -871,7 +867,7 @@ static int ssl_write_use_srtp_ext( mbedtls_ssl_context *ssl, */ *olen = p - buf; - return( 0 ); + return 0; } #endif /* MBEDTLS_SSL_DTLS_SRTP */ @@ -879,7 +875,7 @@ static int ssl_write_use_srtp_ext( mbedtls_ssl_context *ssl, * Generate random bytes for ClientHello */ MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_generate_random( mbedtls_ssl_context *ssl ) +static int ssl_generate_random(mbedtls_ssl_context *ssl) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char *p = ssl->handshake->randbytes; @@ -891,31 +887,32 @@ static int ssl_generate_random( mbedtls_ssl_context *ssl ) * When responding to a verify request, MUST reuse random (RFC 6347 4.2.1) */ #if defined(MBEDTLS_SSL_PROTO_DTLS) - if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && - ssl->handshake->verify_cookie != NULL ) - { - return( 0 ); + if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && + ssl->handshake->verify_cookie != NULL) { + return 0; } #endif #if defined(MBEDTLS_HAVE_TIME) - t = mbedtls_time( NULL ); - MBEDTLS_PUT_UINT32_BE( t, p, 0 ); + t = mbedtls_time(NULL); + MBEDTLS_PUT_UINT32_BE(t, p, 0); p += 4; - MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, current time: %" MBEDTLS_PRINTF_LONGLONG, - (long long) t ) ); + MBEDTLS_SSL_DEBUG_MSG(3, ("client hello, current time: %" MBEDTLS_PRINTF_LONGLONG, + (long long) t)); #else - if( ( ret = ssl->conf->f_rng( ssl->conf->p_rng, p, 4 ) ) != 0 ) - return( ret ); + if ((ret = ssl->conf->f_rng(ssl->conf->p_rng, p, 4)) != 0) { + return ret; + } p += 4; #endif /* MBEDTLS_HAVE_TIME */ - if( ( ret = ssl->conf->f_rng( ssl->conf->p_rng, p, 28 ) ) != 0 ) - return( ret ); + if ((ret = ssl->conf->f_rng(ssl->conf->p_rng, p, 28)) != 0) { + return ret; + } - return( 0 ); + return 0; } /** @@ -930,50 +927,54 @@ static int ssl_generate_random( mbedtls_ssl_context *ssl ) */ MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_validate_ciphersuite( - const mbedtls_ssl_ciphersuite_t * suite_info, - const mbedtls_ssl_context * ssl, - int min_minor_ver, int max_minor_ver ) + const mbedtls_ssl_ciphersuite_t *suite_info, + const mbedtls_ssl_context *ssl, + int min_minor_ver, int max_minor_ver) { (void) ssl; - if( suite_info == NULL ) - return( 1 ); + if (suite_info == NULL) { + return 1; + } - if( suite_info->min_minor_ver > max_minor_ver || - suite_info->max_minor_ver < min_minor_ver ) - return( 1 ); + if (suite_info->min_minor_ver > max_minor_ver || + suite_info->max_minor_ver < min_minor_ver) { + return 1; + } #if defined(MBEDTLS_SSL_PROTO_DTLS) - if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && - ( suite_info->flags & MBEDTLS_CIPHERSUITE_NODTLS ) ) - return( 1 ); + if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && + (suite_info->flags & MBEDTLS_CIPHERSUITE_NODTLS)) { + return 1; + } #endif #if defined(MBEDTLS_ARC4_C) - if( ssl->conf->arc4_disabled == MBEDTLS_SSL_ARC4_DISABLED && - suite_info->cipher == MBEDTLS_CIPHER_ARC4_128 ) - return( 1 ); + if (ssl->conf->arc4_disabled == MBEDTLS_SSL_ARC4_DISABLED && + suite_info->cipher == MBEDTLS_CIPHER_ARC4_128) { + return 1; + } #endif #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) - if( suite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE && - mbedtls_ecjpake_check( &ssl->handshake->ecjpake_ctx ) != 0 ) - return( 1 ); + if (suite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE && + mbedtls_ecjpake_check(&ssl->handshake->ecjpake_ctx) != 0) { + return 1; + } #endif /* Don't suggest PSK-based ciphersuite if no PSK is available. */ #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) - if( mbedtls_ssl_ciphersuite_uses_psk( suite_info ) && - ssl_conf_has_static_psk( ssl->conf ) == 0 ) - { - return( 1 ); + if (mbedtls_ssl_ciphersuite_uses_psk(suite_info) && + ssl_conf_has_static_psk(ssl->conf) == 0) { + return 1; } #endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ - return( 0 ); + return 0; } MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_write_client_hello( mbedtls_ssl_context *ssl ) +static int ssl_write_client_hello(mbedtls_ssl_context *ssl) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t i, n, olen, ext_len = 0; @@ -990,30 +991,29 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl ) int uses_ec = 0; #endif - MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write client hello" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("=> write client hello")); - if( ssl->conf->f_rng == NULL ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "no RNG provided") ); - return( MBEDTLS_ERR_SSL_NO_RNG ); + if (ssl->conf->f_rng == NULL) { + MBEDTLS_SSL_DEBUG_MSG(1, ("no RNG provided")); + return MBEDTLS_ERR_SSL_NO_RNG; } int renegotiating = 0; #if defined(MBEDTLS_SSL_RENEGOTIATION) - if( ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE ) + if (ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE) { renegotiating = 1; + } #endif - if( !renegotiating ) - { + if (!renegotiating) { ssl->major_ver = ssl->conf->min_major_ver; ssl->minor_ver = ssl->conf->min_minor_ver; } - if( ssl->conf->max_major_ver == 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, - ( "configured max major version is invalid, consider using mbedtls_ssl_config_defaults()" ) ); - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + if (ssl->conf->max_major_ver == 0) { + MBEDTLS_SSL_DEBUG_MSG(1, + ( + "configured max major version is invalid, consider using mbedtls_ssl_config_defaults()")); + return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; } buf = ssl->out_msg; @@ -1027,7 +1027,7 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl ) * Use static upper bounds instead of the actual values * to allow the compiler to optimize this away. */ - MBEDTLS_SSL_CHK_BUF_PTR( buf, end, 38 + 1 + 32 ); + MBEDTLS_SSL_CHK_BUF_PTR(buf, end, 38 + 1 + 32); /* * The 38 first bytes of the ClientHello: @@ -1043,22 +1043,21 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl ) */ p = buf + 4; - mbedtls_ssl_write_version( ssl->conf->max_major_ver, - ssl->conf->max_minor_ver, - ssl->conf->transport, p ); + mbedtls_ssl_write_version(ssl->conf->max_major_ver, + ssl->conf->max_minor_ver, + ssl->conf->transport, p); p += 2; - MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, max version: [%d:%d]", - buf[4], buf[5] ) ); + MBEDTLS_SSL_DEBUG_MSG(3, ("client hello, max version: [%d:%d]", + buf[4], buf[5])); - if( ( ret = ssl_generate_random( ssl ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "ssl_generate_random", ret ); - return( ret ); + if ((ret = ssl_generate_random(ssl)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "ssl_generate_random", ret); + return ret; } - memcpy( p, ssl->handshake->randbytes, 32 ); - MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, random bytes", p, 32 ); + memcpy(p, ssl->handshake->randbytes, 32); + MBEDTLS_SSL_DEBUG_BUF(3, "client hello, random bytes", p, 32); p += 32; /* @@ -1075,12 +1074,11 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl ) */ n = ssl->session_negotiate->id_len; - if( n < 16 || n > 32 || + if (n < 16 || n > 32 || #if defined(MBEDTLS_SSL_RENEGOTIATION) ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE || #endif - ssl->handshake->resume == 0 ) - { + ssl->handshake->resume == 0) { n = 0; } @@ -1089,16 +1087,15 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl ) * RFC 5077 section 3.4: "When presenting a ticket, the client MAY * generate and include a Session ID in the TLS ClientHello." */ - if( !renegotiating ) - { - if( ssl->session_negotiate->ticket != NULL && - ssl->session_negotiate->ticket_len != 0 ) - { - ret = ssl->conf->f_rng( ssl->conf->p_rng, - ssl->session_negotiate->id, 32 ); - - if( ret != 0 ) - return( ret ); + if (!renegotiating) { + if (ssl->session_negotiate->ticket != NULL && + ssl->session_negotiate->ticket_len != 0) { + ret = ssl->conf->f_rng(ssl->conf->p_rng, + ssl->session_negotiate->id, 32); + + if (ret != 0) { + return ret; + } ssl->session_negotiate->id_len = n = 32; } @@ -1113,11 +1110,12 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl ) */ *p++ = (unsigned char) n; - for( i = 0; i < n; i++ ) + for (i = 0; i < n; i++) { *p++ = ssl->session_negotiate->id[i]; + } - MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, session id len.: %" MBEDTLS_PRINTF_SIZET, n ) ); - MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, session id", buf + 39, n ); + MBEDTLS_SSL_DEBUG_MSG(3, ("client hello, session id len.: %" MBEDTLS_PRINTF_SIZET, n)); + MBEDTLS_SSL_DEBUG_BUF(3, "client hello, session id", buf + 39, n); /* * With 'n' being the length of the session identifier @@ -1136,27 +1134,23 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl ) * DTLS cookie */ #if defined(MBEDTLS_SSL_PROTO_DTLS) - if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) - { - MBEDTLS_SSL_CHK_BUF_PTR( p, end, 1 ); + if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { + MBEDTLS_SSL_CHK_BUF_PTR(p, end, 1); - if( ssl->handshake->verify_cookie == NULL ) - { - MBEDTLS_SSL_DEBUG_MSG( 3, ( "no verify cookie to send" ) ); + if (ssl->handshake->verify_cookie == NULL) { + MBEDTLS_SSL_DEBUG_MSG(3, ("no verify cookie to send")); *p++ = 0; - } - else - { - MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, cookie", - ssl->handshake->verify_cookie, - ssl->handshake->verify_cookie_len ); + } else { + MBEDTLS_SSL_DEBUG_BUF(3, "client hello, cookie", + ssl->handshake->verify_cookie, + ssl->handshake->verify_cookie_len); *p++ = ssl->handshake->verify_cookie_len; - MBEDTLS_SSL_CHK_BUF_PTR( p, end, - ssl->handshake->verify_cookie_len ); - memcpy( p, ssl->handshake->verify_cookie, - ssl->handshake->verify_cookie_len ); + MBEDTLS_SSL_CHK_BUF_PTR(p, end, + ssl->handshake->verify_cookie_len); + memcpy(p, ssl->handshake->verify_cookie, + ssl->handshake->verify_cookie_len); p += ssl->handshake->verify_cookie_len; } } @@ -1171,63 +1165,62 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl ) n = 0; q = p; - MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 ); + MBEDTLS_SSL_CHK_BUF_PTR(p, end, 2); p += 2; - for( i = 0; ciphersuites[i] != 0; i++ ) - { - ciphersuite_info = mbedtls_ssl_ciphersuite_from_id( ciphersuites[i] ); + for (i = 0; ciphersuites[i] != 0; i++) { + ciphersuite_info = mbedtls_ssl_ciphersuite_from_id(ciphersuites[i]); - if( ssl_validate_ciphersuite( ciphersuite_info, ssl, - ssl->conf->min_minor_ver, - ssl->conf->max_minor_ver ) != 0 ) + if (ssl_validate_ciphersuite(ciphersuite_info, ssl, + ssl->conf->min_minor_ver, + ssl->conf->max_minor_ver) != 0) { continue; + } - MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, add ciphersuite: %#04x (%s)", - (unsigned int)ciphersuites[i], ciphersuite_info->name ) ); + MBEDTLS_SSL_DEBUG_MSG(3, ("client hello, add ciphersuite: %#04x (%s)", + (unsigned int) ciphersuites[i], ciphersuite_info->name)); #if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) - uses_ec |= mbedtls_ssl_ciphersuite_uses_ec( ciphersuite_info ); + defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) + uses_ec |= mbedtls_ssl_ciphersuite_uses_ec(ciphersuite_info); #endif - MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 ); + MBEDTLS_SSL_CHK_BUF_PTR(p, end, 2); n++; - MBEDTLS_PUT_UINT16_BE( ciphersuites[i], p, 0 ); + MBEDTLS_PUT_UINT16_BE(ciphersuites[i], p, 0); p += 2; } - MBEDTLS_SSL_DEBUG_MSG( 3, - ( "client hello, got %" MBEDTLS_PRINTF_SIZET " ciphersuites (excluding SCSVs)", n ) ); + MBEDTLS_SSL_DEBUG_MSG(3, + ("client hello, got %" MBEDTLS_PRINTF_SIZET + " ciphersuites (excluding SCSVs)", n)); /* * Add TLS_EMPTY_RENEGOTIATION_INFO_SCSV */ - if( !renegotiating ) - { - MBEDTLS_SSL_DEBUG_MSG( 3, ( "adding EMPTY_RENEGOTIATION_INFO_SCSV" ) ); - MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 ); - MBEDTLS_PUT_UINT16_BE( MBEDTLS_SSL_EMPTY_RENEGOTIATION_INFO, p, 0 ); + if (!renegotiating) { + MBEDTLS_SSL_DEBUG_MSG(3, ("adding EMPTY_RENEGOTIATION_INFO_SCSV")); + MBEDTLS_SSL_CHK_BUF_PTR(p, end, 2); + MBEDTLS_PUT_UINT16_BE(MBEDTLS_SSL_EMPTY_RENEGOTIATION_INFO, p, 0); p += 2; n++; } /* Some versions of OpenSSL don't handle it correctly if not at end */ #if defined(MBEDTLS_SSL_FALLBACK_SCSV) - if( ssl->conf->fallback == MBEDTLS_SSL_IS_FALLBACK ) - { - MBEDTLS_SSL_DEBUG_MSG( 3, ( "adding FALLBACK_SCSV" ) ); + if (ssl->conf->fallback == MBEDTLS_SSL_IS_FALLBACK) { + MBEDTLS_SSL_DEBUG_MSG(3, ("adding FALLBACK_SCSV")); - MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 ); - MBEDTLS_PUT_UINT16_BE( MBEDTLS_SSL_FALLBACK_SCSV_VALUE, p, 0 ); + MBEDTLS_SSL_CHK_BUF_PTR(p, end, 2); + MBEDTLS_PUT_UINT16_BE(MBEDTLS_SSL_FALLBACK_SCSV_VALUE, p, 0); p += 2; n++; } #endif - *q++ = (unsigned char)( n >> 7 ); - *q++ = (unsigned char)( n << 1 ); + *q++ = (unsigned char) (n >> 7); + *q++ = (unsigned char) (n << 1); #if defined(MBEDTLS_ZLIB_SUPPORT) offer_compress = 1; @@ -1242,43 +1235,40 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl ) * an actual need for it. */ #if defined(MBEDTLS_SSL_PROTO_DTLS) - if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) + if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { offer_compress = 0; + } #endif - if( offer_compress ) - { - MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, compress len.: %d", 2 ) ); - MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, compress alg.: %d %d", - MBEDTLS_SSL_COMPRESS_DEFLATE, - MBEDTLS_SSL_COMPRESS_NULL ) ); + if (offer_compress) { + MBEDTLS_SSL_DEBUG_MSG(3, ("client hello, compress len.: %d", 2)); + MBEDTLS_SSL_DEBUG_MSG(3, ("client hello, compress alg.: %d %d", + MBEDTLS_SSL_COMPRESS_DEFLATE, + MBEDTLS_SSL_COMPRESS_NULL)); - MBEDTLS_SSL_CHK_BUF_PTR( p, end, 3 ); + MBEDTLS_SSL_CHK_BUF_PTR(p, end, 3); *p++ = 2; *p++ = MBEDTLS_SSL_COMPRESS_DEFLATE; *p++ = MBEDTLS_SSL_COMPRESS_NULL; - } - else - { - MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, compress len.: %d", 1 ) ); - MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, compress alg.: %d", - MBEDTLS_SSL_COMPRESS_NULL ) ); + } else { + MBEDTLS_SSL_DEBUG_MSG(3, ("client hello, compress len.: %d", 1)); + MBEDTLS_SSL_DEBUG_MSG(3, ("client hello, compress alg.: %d", + MBEDTLS_SSL_COMPRESS_NULL)); - MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 ); + MBEDTLS_SSL_CHK_BUF_PTR(p, end, 2); *p++ = 1; *p++ = MBEDTLS_SSL_COMPRESS_NULL; } /* First write extensions, then the total length */ - MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 ); + MBEDTLS_SSL_CHK_BUF_PTR(p, end, 2); #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) - if( ( ret = ssl_write_hostname_ext( ssl, p + 2 + ext_len, - end, &olen ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_hostname_ext", ret ); - return( ret ); + if ((ret = ssl_write_hostname_ext(ssl, p + 2 + ext_len, + end, &olen)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "ssl_write_hostname_ext", ret); + return ret; } ext_len += olen; #endif @@ -1286,133 +1276,119 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl ) /* Note that TLS_EMPTY_RENEGOTIATION_INFO_SCSV is always added * even if MBEDTLS_SSL_RENEGOTIATION is not defined. */ #if defined(MBEDTLS_SSL_RENEGOTIATION) - if( ( ret = ssl_write_renegotiation_ext( ssl, p + 2 + ext_len, - end, &olen ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_renegotiation_ext", ret ); - return( ret ); + if ((ret = ssl_write_renegotiation_ext(ssl, p + 2 + ext_len, + end, &olen)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "ssl_write_renegotiation_ext", ret); + return ret; } ext_len += olen; #endif #if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \ defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) - if( ( ret = ssl_write_signature_algorithms_ext( ssl, p + 2 + ext_len, - end, &olen ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_signature_algorithms_ext", ret ); - return( ret ); + if ((ret = ssl_write_signature_algorithms_ext(ssl, p + 2 + ext_len, + end, &olen)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "ssl_write_signature_algorithms_ext", ret); + return ret; } ext_len += olen; #endif #if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \ defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) - if( uses_ec ) - { - if( ( ret = ssl_write_supported_elliptic_curves_ext( ssl, p + 2 + ext_len, - end, &olen ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_supported_elliptic_curves_ext", ret ); - return( ret ); + if (uses_ec) { + if ((ret = ssl_write_supported_elliptic_curves_ext(ssl, p + 2 + ext_len, + end, &olen)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "ssl_write_supported_elliptic_curves_ext", ret); + return ret; } ext_len += olen; - if( ( ret = ssl_write_supported_point_formats_ext( ssl, p + 2 + ext_len, - end, &olen ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_supported_point_formats_ext", ret ); - return( ret ); + if ((ret = ssl_write_supported_point_formats_ext(ssl, p + 2 + ext_len, + end, &olen)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "ssl_write_supported_point_formats_ext", ret); + return ret; } ext_len += olen; } #endif #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) - if( ( ret = ssl_write_ecjpake_kkpp_ext( ssl, p + 2 + ext_len, - end, &olen ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_ecjpake_kkpp_ext", ret ); - return( ret ); + if ((ret = ssl_write_ecjpake_kkpp_ext(ssl, p + 2 + ext_len, + end, &olen)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "ssl_write_ecjpake_kkpp_ext", ret); + return ret; } ext_len += olen; #endif #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) - if( ( ret = ssl_write_cid_ext( ssl, p + 2 + ext_len, end, &olen ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_cid_ext", ret ); - return( ret ); + if ((ret = ssl_write_cid_ext(ssl, p + 2 + ext_len, end, &olen)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "ssl_write_cid_ext", ret); + return ret; } ext_len += olen; #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) - if( ( ret = ssl_write_max_fragment_length_ext( ssl, p + 2 + ext_len, - end, &olen ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_max_fragment_length_ext", ret ); - return( ret ); + if ((ret = ssl_write_max_fragment_length_ext(ssl, p + 2 + ext_len, + end, &olen)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "ssl_write_max_fragment_length_ext", ret); + return ret; } ext_len += olen; #endif #if defined(MBEDTLS_SSL_TRUNCATED_HMAC) - if( ( ret = ssl_write_truncated_hmac_ext( ssl, p + 2 + ext_len, - end, &olen ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_truncated_hmac_ext", ret ); - return( ret ); + if ((ret = ssl_write_truncated_hmac_ext(ssl, p + 2 + ext_len, + end, &olen)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "ssl_write_truncated_hmac_ext", ret); + return ret; } ext_len += olen; #endif #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) - if( ( ret = ssl_write_encrypt_then_mac_ext( ssl, p + 2 + ext_len, - end, &olen ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_encrypt_then_mac_ext", ret ); - return( ret ); + if ((ret = ssl_write_encrypt_then_mac_ext(ssl, p + 2 + ext_len, + end, &olen)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "ssl_write_encrypt_then_mac_ext", ret); + return ret; } ext_len += olen; #endif #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) - if( ( ret = ssl_write_extended_ms_ext( ssl, p + 2 + ext_len, - end, &olen ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_extended_ms_ext", ret ); - return( ret ); + if ((ret = ssl_write_extended_ms_ext(ssl, p + 2 + ext_len, + end, &olen)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "ssl_write_extended_ms_ext", ret); + return ret; } ext_len += olen; #endif #if defined(MBEDTLS_SSL_ALPN) - if( ( ret = ssl_write_alpn_ext( ssl, p + 2 + ext_len, - end, &olen ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_alpn_ext", ret ); - return( ret ); + if ((ret = ssl_write_alpn_ext(ssl, p + 2 + ext_len, + end, &olen)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "ssl_write_alpn_ext", ret); + return ret; } ext_len += olen; #endif #if defined(MBEDTLS_SSL_DTLS_SRTP) - if( ( ret = ssl_write_use_srtp_ext( ssl, p + 2 + ext_len, - end, &olen ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_use_srtp_ext", ret ); - return( ret ); + if ((ret = ssl_write_use_srtp_ext(ssl, p + 2 + ext_len, + end, &olen)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "ssl_write_use_srtp_ext", ret); + return ret; } ext_len += olen; #endif #if defined(MBEDTLS_SSL_SESSION_TICKETS) - if( ( ret = ssl_write_session_ticket_ext( ssl, p + 2 + ext_len, - end, &olen ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_session_ticket_ext", ret ); - return( ret ); + if ((ret = ssl_write_session_ticket_ext(ssl, p + 2 + ext_len, + end, &olen)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "ssl_write_session_ticket_ext", ret); + return ret; } ext_len += olen; #endif @@ -1420,14 +1396,13 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl ) /* olen unused if all extensions are disabled */ ((void) olen); - MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, total extension length: %" MBEDTLS_PRINTF_SIZET, - ext_len ) ); + MBEDTLS_SSL_DEBUG_MSG(3, ("client hello, total extension length: %" MBEDTLS_PRINTF_SIZET, + ext_len)); - if( ext_len > 0 ) - { + if (ext_len > 0) { /* No need to check for space here, because the extension * writing functions already took care of that. */ - MBEDTLS_PUT_UINT16_BE( ext_len, p, 0 ); + MBEDTLS_PUT_UINT16_BE(ext_len, p, 0); p += 2 + ext_len; } @@ -1438,363 +1413,343 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl ) ssl->state++; #if defined(MBEDTLS_SSL_PROTO_DTLS) - if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) - mbedtls_ssl_send_flight_completed( ssl ); + if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { + mbedtls_ssl_send_flight_completed(ssl); + } #endif - if( ( ret = mbedtls_ssl_write_handshake_msg( ssl ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_handshake_msg", ret ); - return( ret ); + if ((ret = mbedtls_ssl_write_handshake_msg(ssl)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg", ret); + return ret; } #if defined(MBEDTLS_SSL_PROTO_DTLS) - if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && - ( ret = mbedtls_ssl_flight_transmit( ssl ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_flight_transmit", ret ); - return( ret ); + if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && + (ret = mbedtls_ssl_flight_transmit(ssl)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_flight_transmit", ret); + return ret; } #endif /* MBEDTLS_SSL_PROTO_DTLS */ - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write client hello" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("<= write client hello")); - return( 0 ); + return 0; } MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_parse_renegotiation_info( mbedtls_ssl_context *ssl, - const unsigned char *buf, - size_t len ) +static int ssl_parse_renegotiation_info(mbedtls_ssl_context *ssl, + const unsigned char *buf, + size_t len) { #if defined(MBEDTLS_SSL_RENEGOTIATION) - if( ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE ) - { + if (ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE) { /* Check verify-data in constant-time. The length OTOH is no secret */ - if( len != 1 + ssl->verify_data_len * 2 || + if (len != 1 + ssl->verify_data_len * 2 || buf[0] != ssl->verify_data_len * 2 || - mbedtls_ct_memcmp( buf + 1, - ssl->own_verify_data, ssl->verify_data_len ) != 0 || - mbedtls_ct_memcmp( buf + 1 + ssl->verify_data_len, - ssl->peer_verify_data, ssl->verify_data_len ) != 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "non-matching renegotiation info" ) ); + mbedtls_ct_memcmp(buf + 1, + ssl->own_verify_data, ssl->verify_data_len) != 0 || + mbedtls_ct_memcmp(buf + 1 + ssl->verify_data_len, + ssl->peer_verify_data, ssl->verify_data_len) != 0) { + MBEDTLS_SSL_DEBUG_MSG(1, ("non-matching renegotiation info")); mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); - return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); + MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE); + return MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO; } - } - else + } else #endif /* MBEDTLS_SSL_RENEGOTIATION */ { - if( len != 1 || buf[0] != 0x00 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, - ( "non-zero length renegotiation info" ) ); + if (len != 1 || buf[0] != 0x00) { + MBEDTLS_SSL_DEBUG_MSG(1, + ("non-zero length renegotiation info")); mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); - return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); + MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE); + return MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO; } ssl->secure_renegotiation = MBEDTLS_SSL_SECURE_RENEGOTIATION; } - return( 0 ); + return 0; } #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_parse_max_fragment_length_ext( mbedtls_ssl_context *ssl, - const unsigned char *buf, - size_t len ) +static int ssl_parse_max_fragment_length_ext(mbedtls_ssl_context *ssl, + const unsigned char *buf, + size_t len) { /* * server should use the extension only if we did, * and if so the server's value should match ours (and len is always 1) */ - if( ssl->conf->mfl_code == MBEDTLS_SSL_MAX_FRAG_LEN_NONE || + if (ssl->conf->mfl_code == MBEDTLS_SSL_MAX_FRAG_LEN_NONE || len != 1 || - buf[0] != ssl->conf->mfl_code ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, - ( "non-matching max fragment length extension" ) ); + buf[0] != ssl->conf->mfl_code) { + MBEDTLS_SSL_DEBUG_MSG(1, + ("non-matching max fragment length extension")); mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER ); - return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); + MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER); + return MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO; } - return( 0 ); + return 0; } #endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */ #if defined(MBEDTLS_SSL_TRUNCATED_HMAC) MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_parse_truncated_hmac_ext( mbedtls_ssl_context *ssl, - const unsigned char *buf, - size_t len ) +static int ssl_parse_truncated_hmac_ext(mbedtls_ssl_context *ssl, + const unsigned char *buf, + size_t len) { - if( ssl->conf->trunc_hmac == MBEDTLS_SSL_TRUNC_HMAC_DISABLED || - len != 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, - ( "non-matching truncated HMAC extension" ) ); + if (ssl->conf->trunc_hmac == MBEDTLS_SSL_TRUNC_HMAC_DISABLED || + len != 0) { + MBEDTLS_SSL_DEBUG_MSG(1, + ("non-matching truncated HMAC extension")); mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); - return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); + MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE); + return MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO; } ((void) buf); ssl->session_negotiate->trunc_hmac = MBEDTLS_SSL_TRUNC_HMAC_ENABLED; - return( 0 ); + return 0; } #endif /* MBEDTLS_SSL_TRUNCATED_HMAC */ #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_parse_cid_ext( mbedtls_ssl_context *ssl, - const unsigned char *buf, - size_t len ) +static int ssl_parse_cid_ext(mbedtls_ssl_context *ssl, + const unsigned char *buf, + size_t len) { size_t peer_cid_len; - if( /* CID extension only makes sense in DTLS */ + if ( /* CID extension only makes sense in DTLS */ ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM || /* The server must only send the CID extension if we have offered it. */ - ssl->negotiate_cid == MBEDTLS_SSL_CID_DISABLED ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "CID extension unexpected" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT ); - return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); + ssl->negotiate_cid == MBEDTLS_SSL_CID_DISABLED) { + MBEDTLS_SSL_DEBUG_MSG(1, ("CID extension unexpected")); + mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT); + return MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO; } - if( len == 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "CID extension invalid" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); - return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); + if (len == 0) { + MBEDTLS_SSL_DEBUG_MSG(1, ("CID extension invalid")); + mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE); + return MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO; } peer_cid_len = *buf++; len--; - if( peer_cid_len > MBEDTLS_SSL_CID_OUT_LEN_MAX ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "CID extension invalid" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); - return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); + if (peer_cid_len > MBEDTLS_SSL_CID_OUT_LEN_MAX) { + MBEDTLS_SSL_DEBUG_MSG(1, ("CID extension invalid")); + mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE); + return MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO; } - if( len != peer_cid_len ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "CID extension invalid" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER ); - return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); + if (len != peer_cid_len) { + MBEDTLS_SSL_DEBUG_MSG(1, ("CID extension invalid")); + mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER); + return MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO; } ssl->handshake->cid_in_use = MBEDTLS_SSL_CID_ENABLED; ssl->handshake->peer_cid_len = (uint8_t) peer_cid_len; - memcpy( ssl->handshake->peer_cid, buf, peer_cid_len ); + memcpy(ssl->handshake->peer_cid, buf, peer_cid_len); - MBEDTLS_SSL_DEBUG_MSG( 3, ( "Use of CID extension negotiated" ) ); - MBEDTLS_SSL_DEBUG_BUF( 3, "Server CID", buf, peer_cid_len ); + MBEDTLS_SSL_DEBUG_MSG(3, ("Use of CID extension negotiated")); + MBEDTLS_SSL_DEBUG_BUF(3, "Server CID", buf, peer_cid_len); - return( 0 ); + return 0; } #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_parse_encrypt_then_mac_ext( mbedtls_ssl_context *ssl, - const unsigned char *buf, - size_t len ) +static int ssl_parse_encrypt_then_mac_ext(mbedtls_ssl_context *ssl, + const unsigned char *buf, + size_t len) { - if( ssl->conf->encrypt_then_mac == MBEDTLS_SSL_ETM_DISABLED || + if (ssl->conf->encrypt_then_mac == MBEDTLS_SSL_ETM_DISABLED || ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 || - len != 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, - ( "non-matching encrypt-then-MAC extension" ) ); + len != 0) { + MBEDTLS_SSL_DEBUG_MSG(1, + ("non-matching encrypt-then-MAC extension")); mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT ); - return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); + MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT); + return MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO; } ((void) buf); ssl->session_negotiate->encrypt_then_mac = MBEDTLS_SSL_ETM_ENABLED; - return( 0 ); + return 0; } #endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */ #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_parse_extended_ms_ext( mbedtls_ssl_context *ssl, - const unsigned char *buf, - size_t len ) +static int ssl_parse_extended_ms_ext(mbedtls_ssl_context *ssl, + const unsigned char *buf, + size_t len) { - if( ssl->conf->extended_ms == MBEDTLS_SSL_EXTENDED_MS_DISABLED || + if (ssl->conf->extended_ms == MBEDTLS_SSL_EXTENDED_MS_DISABLED || ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 || - len != 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, - ( "non-matching extended master secret extension" ) ); + len != 0) { + MBEDTLS_SSL_DEBUG_MSG(1, + ("non-matching extended master secret extension")); mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT ); - return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); + MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT); + return MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO; } ((void) buf); ssl->handshake->extended_ms = MBEDTLS_SSL_EXTENDED_MS_ENABLED; - return( 0 ); + return 0; } #endif /* MBEDTLS_SSL_EXTENDED_MASTER_SECRET */ #if defined(MBEDTLS_SSL_SESSION_TICKETS) MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_parse_session_ticket_ext( mbedtls_ssl_context *ssl, - const unsigned char *buf, - size_t len ) +static int ssl_parse_session_ticket_ext(mbedtls_ssl_context *ssl, + const unsigned char *buf, + size_t len) { - if( ssl->conf->session_tickets == MBEDTLS_SSL_SESSION_TICKETS_DISABLED || - len != 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, - ( "non-matching session ticket extension" ) ); + if (ssl->conf->session_tickets == MBEDTLS_SSL_SESSION_TICKETS_DISABLED || + len != 0) { + MBEDTLS_SSL_DEBUG_MSG(1, + ("non-matching session ticket extension")); mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT ); - return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); + MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT); + return MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO; } ((void) buf); ssl->handshake->new_session_ticket = 1; - return( 0 ); + return 0; } #endif /* MBEDTLS_SSL_SESSION_TICKETS */ #if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \ defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_parse_supported_point_formats_ext( mbedtls_ssl_context *ssl, - const unsigned char *buf, - size_t len ) +static int ssl_parse_supported_point_formats_ext(mbedtls_ssl_context *ssl, + const unsigned char *buf, + size_t len) { size_t list_size; const unsigned char *p; - if( len == 0 || (size_t)( buf[0] + 1 ) != len ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello message" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); - return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); + if (len == 0 || (size_t) (buf[0] + 1) != len) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad server hello message")); + mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); + return MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO; } list_size = buf[0]; p = buf + 1; - while( list_size > 0 ) - { - if( p[0] == MBEDTLS_ECP_PF_UNCOMPRESSED || - p[0] == MBEDTLS_ECP_PF_COMPRESSED ) - { + while (list_size > 0) { + if (p[0] == MBEDTLS_ECP_PF_UNCOMPRESSED || + p[0] == MBEDTLS_ECP_PF_COMPRESSED) { #if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) ssl->handshake->ecdh_ctx.point_format = p[0]; #endif #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) ssl->handshake->ecjpake_ctx.point_format = p[0]; #endif - MBEDTLS_SSL_DEBUG_MSG( 4, ( "point format selected: %d", p[0] ) ); - return( 0 ); + MBEDTLS_SSL_DEBUG_MSG(4, ("point format selected: %d", p[0])); + return 0; } list_size--; p++; } - MBEDTLS_SSL_DEBUG_MSG( 1, ( "no point format in common" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); - return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); + MBEDTLS_SSL_DEBUG_MSG(1, ("no point format in common")); + mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE); + return MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO; } #endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C || MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_parse_ecjpake_kkpp( mbedtls_ssl_context *ssl, - const unsigned char *buf, - size_t len ) +static int ssl_parse_ecjpake_kkpp(mbedtls_ssl_context *ssl, + const unsigned char *buf, + size_t len) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - if( ssl->handshake->ciphersuite_info->key_exchange != - MBEDTLS_KEY_EXCHANGE_ECJPAKE ) - { - MBEDTLS_SSL_DEBUG_MSG( 3, ( "skip ecjpake kkpp extension" ) ); - return( 0 ); + if (ssl->handshake->ciphersuite_info->key_exchange != + MBEDTLS_KEY_EXCHANGE_ECJPAKE) { + MBEDTLS_SSL_DEBUG_MSG(3, ("skip ecjpake kkpp extension")); + return 0; } /* If we got here, we no longer need our cached extension */ - mbedtls_free( ssl->handshake->ecjpake_cache ); + mbedtls_free(ssl->handshake->ecjpake_cache); ssl->handshake->ecjpake_cache = NULL; ssl->handshake->ecjpake_cache_len = 0; - if( ( ret = mbedtls_ecjpake_read_round_one( &ssl->handshake->ecjpake_ctx, - buf, len ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecjpake_read_round_one", ret ); + if ((ret = mbedtls_ecjpake_read_round_one(&ssl->handshake->ecjpake_ctx, + buf, len)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ecjpake_read_round_one", ret); mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); - return( ret ); + MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE); + return ret; } - return( 0 ); + return 0; } #endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ #if defined(MBEDTLS_SSL_ALPN) MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_parse_alpn_ext( mbedtls_ssl_context *ssl, - const unsigned char *buf, size_t len ) +static int ssl_parse_alpn_ext(mbedtls_ssl_context *ssl, + const unsigned char *buf, size_t len) { size_t list_len, name_len; const char **p; /* If we didn't send it, the server shouldn't send it */ - if( ssl->conf->alpn_list == NULL ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "non-matching ALPN extension" ) ); + if (ssl->conf->alpn_list == NULL) { + MBEDTLS_SSL_DEBUG_MSG(1, ("non-matching ALPN extension")); mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT ); - return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); + MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT); + return MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO; } /* @@ -1808,62 +1763,58 @@ static int ssl_parse_alpn_ext( mbedtls_ssl_context *ssl, */ /* Min length is 2 (list_len) + 1 (name_len) + 1 (name) */ - if( len < 4 ) - { - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); - return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); + if (len < 4) { + mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); + return MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO; } - list_len = ( buf[0] << 8 ) | buf[1]; - if( list_len != len - 2 ) - { - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); - return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); + list_len = (buf[0] << 8) | buf[1]; + if (list_len != len - 2) { + mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); + return MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO; } name_len = buf[2]; - if( name_len != list_len - 1 ) - { - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); - return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); + if (name_len != list_len - 1) { + mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); + return MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO; } /* Check that the server chosen protocol was in our list and save it */ - for( p = ssl->conf->alpn_list; *p != NULL; p++ ) - { - if( name_len == strlen( *p ) && - memcmp( buf + 3, *p, name_len ) == 0 ) - { + for (p = ssl->conf->alpn_list; *p != NULL; p++) { + if (name_len == strlen(*p) && + memcmp(buf + 3, *p, name_len) == 0) { ssl->alpn_chosen = *p; - return( 0 ); + return 0; } } - MBEDTLS_SSL_DEBUG_MSG( 1, ( "ALPN extension: no matching protocol" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); - return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); + MBEDTLS_SSL_DEBUG_MSG(1, ("ALPN extension: no matching protocol")); + mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE); + return MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO; } #endif /* MBEDTLS_SSL_ALPN */ #if defined(MBEDTLS_SSL_DTLS_SRTP) MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_parse_use_srtp_ext( mbedtls_ssl_context *ssl, - const unsigned char *buf, - size_t len ) +static int ssl_parse_use_srtp_ext(mbedtls_ssl_context *ssl, + const unsigned char *buf, + size_t len) { mbedtls_ssl_srtp_profile server_protection = MBEDTLS_TLS_SRTP_UNSET; size_t i, mki_len = 0; uint16_t server_protection_profile_value = 0; /* If use_srtp is not configured, just ignore the extension */ - if( ( ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM ) || - ( ssl->conf->dtls_srtp_profile_list == NULL ) || - ( ssl->conf->dtls_srtp_profile_list_len == 0 ) ) - return( 0 ); + if ((ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM) || + (ssl->conf->dtls_srtp_profile_list == NULL) || + (ssl->conf->dtls_srtp_profile_list_len == 0)) { + return 0; + } /* RFC 5764 section 4.1.1 * uint8 SRTPProtectionProfile[2]; @@ -1876,8 +1827,7 @@ static int ssl_parse_use_srtp_ext( mbedtls_ssl_context *ssl, * SRTPProtectionProfile SRTPProtectionProfiles<2..2^16-1>; * */ - if( ssl->conf->dtls_srtp_mki_support == MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED ) - { + if (ssl->conf->dtls_srtp_mki_support == MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED) { mki_len = ssl->dtls_srtp_info.mki_len; } @@ -1887,8 +1837,9 @@ static int ssl_parse_use_srtp_ext( mbedtls_ssl_context *ssl, * + mki_len(1 byte) * and optional srtp_mki */ - if( ( len < 5 ) || ( len != ( buf[4] + 5u ) ) ) - return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); + if ((len < 5) || (len != (buf[4] + 5u))) { + return MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO; + } /* * get the server protection profile @@ -1898,17 +1849,17 @@ static int ssl_parse_use_srtp_ext( mbedtls_ssl_context *ssl, * protection profile length must be 0x0002 as we must have only * one protection profile in server Hello */ - if( ( buf[0] != 0 ) || ( buf[1] != 2 ) ) - return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); + if ((buf[0] != 0) || (buf[1] != 2)) { + return MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO; + } - server_protection_profile_value = ( buf[2] << 8 ) | buf[3]; + server_protection_profile_value = (buf[2] << 8) | buf[3]; server_protection = mbedtls_ssl_check_srtp_profile_value( - server_protection_profile_value ); - if( server_protection != MBEDTLS_TLS_SRTP_UNSET ) - { - MBEDTLS_SSL_DEBUG_MSG( 3, ( "found srtp profile: %s", - mbedtls_ssl_get_srtp_profile_as_string( - server_protection ) ) ); + server_protection_profile_value); + if (server_protection != MBEDTLS_TLS_SRTP_UNSET) { + MBEDTLS_SSL_DEBUG_MSG(3, ("found srtp profile: %s", + mbedtls_ssl_get_srtp_profile_as_string( + server_protection))); } ssl->dtls_srtp_info.chosen_dtls_srtp_profile = MBEDTLS_TLS_SRTP_UNSET; @@ -1916,30 +1867,26 @@ static int ssl_parse_use_srtp_ext( mbedtls_ssl_context *ssl, /* * Check we have the server profile in our list */ - for( i=0; i < ssl->conf->dtls_srtp_profile_list_len; i++) - { - if( server_protection == ssl->conf->dtls_srtp_profile_list[i] ) - { + for (i = 0; i < ssl->conf->dtls_srtp_profile_list_len; i++) { + if (server_protection == ssl->conf->dtls_srtp_profile_list[i]) { ssl->dtls_srtp_info.chosen_dtls_srtp_profile = ssl->conf->dtls_srtp_profile_list[i]; - MBEDTLS_SSL_DEBUG_MSG( 3, ( "selected srtp profile: %s", + MBEDTLS_SSL_DEBUG_MSG(3, ("selected srtp profile: %s", mbedtls_ssl_get_srtp_profile_as_string( - server_protection ) ) ); + server_protection))); break; } } /* If no match was found : server problem, it shall never answer with incompatible profile */ - if( ssl->dtls_srtp_info.chosen_dtls_srtp_profile == MBEDTLS_TLS_SRTP_UNSET ) - { - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); - return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); + if (ssl->dtls_srtp_info.chosen_dtls_srtp_profile == MBEDTLS_TLS_SRTP_UNSET) { + mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE); + return MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO; } /* If server does not use mki in its reply, make sure the client won't keep * one as negotiated */ - if( len == 5 ) - { + if (len == 5) { ssl->dtls_srtp_info.mki_len = 0; } @@ -1949,21 +1896,19 @@ static int ssl_parse_use_srtp_ext( mbedtls_ssl_context *ssl, * that is different than the one the client offered, then the client * MUST abort the handshake and SHOULD send an invalid_parameter alert. */ - if( len > 5 && ( buf[4] != mki_len || - ( memcmp( ssl->dtls_srtp_info.mki_value, &buf[5], mki_len ) ) ) ) - { - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER ); - return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); + if (len > 5 && (buf[4] != mki_len || + (memcmp(ssl->dtls_srtp_info.mki_value, &buf[5], mki_len)))) { + mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER); + return MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO; } -#if defined (MBEDTLS_DEBUG_C) - if( len > 5 ) - { - MBEDTLS_SSL_DEBUG_BUF( 3, "received mki", ssl->dtls_srtp_info.mki_value, - ssl->dtls_srtp_info.mki_len ); +#if defined(MBEDTLS_DEBUG_C) + if (len > 5) { + MBEDTLS_SSL_DEBUG_BUF(3, "received mki", ssl->dtls_srtp_info.mki_value, + ssl->dtls_srtp_info.mki_len); } #endif - return( 0 ); + return 0; } #endif /* MBEDTLS_SSL_DTLS_SRTP */ @@ -1972,25 +1917,24 @@ static int ssl_parse_use_srtp_ext( mbedtls_ssl_context *ssl, */ #if defined(MBEDTLS_SSL_PROTO_DTLS) MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_parse_hello_verify_request( mbedtls_ssl_context *ssl ) +static int ssl_parse_hello_verify_request(mbedtls_ssl_context *ssl) { - const unsigned char *p = ssl->in_msg + mbedtls_ssl_hs_hdr_len( ssl ); + const unsigned char *p = ssl->in_msg + mbedtls_ssl_hs_hdr_len(ssl); int major_ver, minor_ver; unsigned char cookie_len; - MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse hello verify request" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("=> parse hello verify request")); /* Check that there is enough room for: * - 2 bytes of version * - 1 byte of cookie_len */ - if( mbedtls_ssl_hs_hdr_len( ssl ) + 3 > ssl->in_msglen ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, - ( "incoming HelloVerifyRequest message is too short" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); - return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); + if (mbedtls_ssl_hs_hdr_len(ssl) + 3 > ssl->in_msglen) { + MBEDTLS_SSL_DEBUG_MSG(1, + ("incoming HelloVerifyRequest message is too short")); + mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); + return MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO; } /* @@ -1999,63 +1943,60 @@ static int ssl_parse_hello_verify_request( mbedtls_ssl_context *ssl ) * opaque cookie<0..2^8-1>; * } HelloVerifyRequest; */ - MBEDTLS_SSL_DEBUG_BUF( 3, "server version", p, 2 ); - mbedtls_ssl_read_version( &major_ver, &minor_ver, ssl->conf->transport, p ); + MBEDTLS_SSL_DEBUG_BUF(3, "server version", p, 2); + mbedtls_ssl_read_version(&major_ver, &minor_ver, ssl->conf->transport, p); p += 2; /* * Since the RFC is not clear on this point, accept DTLS 1.0 (TLS 1.1) * even is lower than our min version. */ - if( major_ver < MBEDTLS_SSL_MAJOR_VERSION_3 || + if (major_ver < MBEDTLS_SSL_MAJOR_VERSION_3 || minor_ver < MBEDTLS_SSL_MINOR_VERSION_2 || major_ver > ssl->conf->max_major_ver || - minor_ver > ssl->conf->max_minor_ver ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server version" ) ); + minor_ver > ssl->conf->max_minor_ver) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad server version")); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_PROTOCOL_VERSION ); + mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_PROTOCOL_VERSION); - return( MBEDTLS_ERR_SSL_BAD_HS_PROTOCOL_VERSION ); + return MBEDTLS_ERR_SSL_BAD_HS_PROTOCOL_VERSION; } cookie_len = *p++; - if( ( ssl->in_msg + ssl->in_msglen ) - p < cookie_len ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, - ( "cookie length does not match incoming message size" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); - return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); + if ((ssl->in_msg + ssl->in_msglen) - p < cookie_len) { + MBEDTLS_SSL_DEBUG_MSG(1, + ("cookie length does not match incoming message size")); + mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); + return MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO; } - MBEDTLS_SSL_DEBUG_BUF( 3, "cookie", p, cookie_len ); + MBEDTLS_SSL_DEBUG_BUF(3, "cookie", p, cookie_len); - mbedtls_free( ssl->handshake->verify_cookie ); + mbedtls_free(ssl->handshake->verify_cookie); - ssl->handshake->verify_cookie = mbedtls_calloc( 1, cookie_len ); - if( ssl->handshake->verify_cookie == NULL ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc failed (%d bytes)", cookie_len ) ); - return( MBEDTLS_ERR_SSL_ALLOC_FAILED ); + ssl->handshake->verify_cookie = mbedtls_calloc(1, cookie_len); + if (ssl->handshake->verify_cookie == NULL) { + MBEDTLS_SSL_DEBUG_MSG(1, ("alloc failed (%d bytes)", cookie_len)); + return MBEDTLS_ERR_SSL_ALLOC_FAILED; } - memcpy( ssl->handshake->verify_cookie, p, cookie_len ); + memcpy(ssl->handshake->verify_cookie, p, cookie_len); ssl->handshake->verify_cookie_len = cookie_len; /* Start over at ClientHello */ ssl->state = MBEDTLS_SSL_CLIENT_HELLO; - mbedtls_ssl_reset_checksum( ssl ); + mbedtls_ssl_reset_checksum(ssl); - mbedtls_ssl_recv_flight_completed( ssl ); + mbedtls_ssl_recv_flight_completed(ssl); - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse hello verify request" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("<= parse hello verify request")); - return( 0 ); + return 0; } #endif /* MBEDTLS_SSL_PROTO_DTLS */ -static int is_compression_bad( mbedtls_ssl_context *ssl, unsigned char comp ) +static int is_compression_bad(mbedtls_ssl_context *ssl, unsigned char comp) { int bad_comp = 0; @@ -2064,23 +2005,26 @@ static int is_compression_bad( mbedtls_ssl_context *ssl, unsigned char comp ) #if defined(MBEDTLS_ZLIB_SUPPORT) /* See comments in ssl_write_client_hello() */ #if defined(MBEDTLS_SSL_PROTO_DTLS) - if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && - comp != MBEDTLS_SSL_COMPRESS_NULL ) + if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && + comp != MBEDTLS_SSL_COMPRESS_NULL) { bad_comp = 1; + } #endif - if( comp != MBEDTLS_SSL_COMPRESS_NULL && - comp != MBEDTLS_SSL_COMPRESS_DEFLATE ) + if (comp != MBEDTLS_SSL_COMPRESS_NULL && + comp != MBEDTLS_SSL_COMPRESS_DEFLATE) { bad_comp = 1; + } #else /* MBEDTLS_ZLIB_SUPPORT */ - if( comp != MBEDTLS_SSL_COMPRESS_NULL ) + if (comp != MBEDTLS_SSL_COMPRESS_NULL) { bad_comp = 1; -#endif/* MBEDTLS_ZLIB_SUPPORT */ + } +#endif /* MBEDTLS_ZLIB_SUPPORT */ return bad_comp; } MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_parse_server_hello( mbedtls_ssl_context *ssl ) +static int ssl_parse_server_hello(mbedtls_ssl_context *ssl) { int ret, i; size_t n; @@ -2093,74 +2037,65 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl ) int handshake_failure = 0; const mbedtls_ssl_ciphersuite_t *suite_info; - MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse server hello" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("=> parse server hello")); - if( ( ret = mbedtls_ssl_read_record( ssl, 1 ) ) != 0 ) - { + if ((ret = mbedtls_ssl_read_record(ssl, 1)) != 0) { /* No alert on a read error. */ - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_read_record", ret ); - return( ret ); + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_read_record", ret); + return ret; } buf = ssl->in_msg; - if( ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE ) - { + if (ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE) { #if defined(MBEDTLS_SSL_RENEGOTIATION) - if( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS ) - { + if (ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS) { ssl->renego_records_seen++; - if( ssl->conf->renego_max_records >= 0 && - ssl->renego_records_seen > ssl->conf->renego_max_records ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, - ( "renegotiation requested, but not honored by server" ) ); - return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE ); + if (ssl->conf->renego_max_records >= 0 && + ssl->renego_records_seen > ssl->conf->renego_max_records) { + MBEDTLS_SSL_DEBUG_MSG(1, + ("renegotiation requested, but not honored by server")); + return MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE; } - MBEDTLS_SSL_DEBUG_MSG( 1, - ( "non-handshake message during renegotiation" ) ); + MBEDTLS_SSL_DEBUG_MSG(1, + ("non-handshake message during renegotiation")); ssl->keep_current_message = 1; - return( MBEDTLS_ERR_SSL_WAITING_SERVER_HELLO_RENEGO ); + return MBEDTLS_ERR_SSL_WAITING_SERVER_HELLO_RENEGO; } #endif /* MBEDTLS_SSL_RENEGOTIATION */ - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello message" ) ); + MBEDTLS_SSL_DEBUG_MSG(1, ("bad server hello message")); mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE ); - return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE ); + MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE); + return MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE; } #if defined(MBEDTLS_SSL_PROTO_DTLS) - if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) - { - if( buf[0] == MBEDTLS_SSL_HS_HELLO_VERIFY_REQUEST ) - { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "received hello verify request" ) ); - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse server hello" ) ); - return( ssl_parse_hello_verify_request( ssl ) ); - } - else - { + if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { + if (buf[0] == MBEDTLS_SSL_HS_HELLO_VERIFY_REQUEST) { + MBEDTLS_SSL_DEBUG_MSG(2, ("received hello verify request")); + MBEDTLS_SSL_DEBUG_MSG(2, ("<= parse server hello")); + return ssl_parse_hello_verify_request(ssl); + } else { /* We made it through the verification process */ - mbedtls_free( ssl->handshake->verify_cookie ); + mbedtls_free(ssl->handshake->verify_cookie); ssl->handshake->verify_cookie = NULL; ssl->handshake->verify_cookie_len = 0; } } #endif /* MBEDTLS_SSL_PROTO_DTLS */ - if( ssl->in_hslen < 38 + mbedtls_ssl_hs_hdr_len( ssl ) || - buf[0] != MBEDTLS_SSL_HS_SERVER_HELLO ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello message" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); - return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); + if (ssl->in_hslen < 38 + mbedtls_ssl_hs_hdr_len(ssl) || + buf[0] != MBEDTLS_SSL_HS_SERVER_HELLO) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad server hello message")); + mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); + return MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO; } /* @@ -2174,389 +2109,363 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl ) * 38+n . 39+n extensions length (optional) * 40+n . .. extensions */ - buf += mbedtls_ssl_hs_hdr_len( ssl ); + buf += mbedtls_ssl_hs_hdr_len(ssl); - MBEDTLS_SSL_DEBUG_BUF( 3, "server hello, version", buf + 0, 2 ); - mbedtls_ssl_read_version( &ssl->major_ver, &ssl->minor_ver, - ssl->conf->transport, buf + 0 ); + MBEDTLS_SSL_DEBUG_BUF(3, "server hello, version", buf + 0, 2); + mbedtls_ssl_read_version(&ssl->major_ver, &ssl->minor_ver, + ssl->conf->transport, buf + 0); - if( ssl->major_ver < ssl->conf->min_major_ver || + if (ssl->major_ver < ssl->conf->min_major_ver || ssl->minor_ver < ssl->conf->min_minor_ver || ssl->major_ver > ssl->conf->max_major_ver || - ssl->minor_ver > ssl->conf->max_minor_ver ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, - ( "server version out of bounds - min: [%d:%d], server: [%d:%d], max: [%d:%d]", - ssl->conf->min_major_ver, - ssl->conf->min_minor_ver, - ssl->major_ver, ssl->minor_ver, - ssl->conf->max_major_ver, - ssl->conf->max_minor_ver ) ); + ssl->minor_ver > ssl->conf->max_minor_ver) { + MBEDTLS_SSL_DEBUG_MSG(1, + ( + "server version out of bounds - min: [%d:%d], server: [%d:%d], max: [%d:%d]", + ssl->conf->min_major_ver, + ssl->conf->min_minor_ver, + ssl->major_ver, ssl->minor_ver, + ssl->conf->max_major_ver, + ssl->conf->max_minor_ver)); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_PROTOCOL_VERSION ); + mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_PROTOCOL_VERSION); - return( MBEDTLS_ERR_SSL_BAD_HS_PROTOCOL_VERSION ); + return MBEDTLS_ERR_SSL_BAD_HS_PROTOCOL_VERSION; } - MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, current time: %lu", - ( (unsigned long) buf[2] << 24 ) | - ( (unsigned long) buf[3] << 16 ) | - ( (unsigned long) buf[4] << 8 ) | - ( (unsigned long) buf[5] ) ) ); + MBEDTLS_SSL_DEBUG_MSG(3, ("server hello, current time: %lu", + ((unsigned long) buf[2] << 24) | + ((unsigned long) buf[3] << 16) | + ((unsigned long) buf[4] << 8) | + ((unsigned long) buf[5]))); - memcpy( ssl->handshake->randbytes + 32, buf + 2, 32 ); + memcpy(ssl->handshake->randbytes + 32, buf + 2, 32); n = buf[34]; - MBEDTLS_SSL_DEBUG_BUF( 3, "server hello, random bytes", buf + 2, 32 ); + MBEDTLS_SSL_DEBUG_BUF(3, "server hello, random bytes", buf + 2, 32); - if( n > 32 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello message" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); - return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); + if (n > 32) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad server hello message")); + mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); + return MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO; } - if( ssl->in_hslen > mbedtls_ssl_hs_hdr_len( ssl ) + 39 + n ) - { - ext_len = ( ( buf[38 + n] << 8 ) - | ( buf[39 + n] ) ); + if (ssl->in_hslen > mbedtls_ssl_hs_hdr_len(ssl) + 39 + n) { + ext_len = ((buf[38 + n] << 8) + | (buf[39 + n])); - if( ( ext_len > 0 && ext_len < 4 ) || - ssl->in_hslen != mbedtls_ssl_hs_hdr_len( ssl ) + 40 + n + ext_len ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello message" ) ); + if ((ext_len > 0 && ext_len < 4) || + ssl->in_hslen != mbedtls_ssl_hs_hdr_len(ssl) + 40 + n + ext_len) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad server hello message")); mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); - return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); + MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); + return MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO; } - } - else if( ssl->in_hslen == mbedtls_ssl_hs_hdr_len( ssl ) + 38 + n ) - { + } else if (ssl->in_hslen == mbedtls_ssl_hs_hdr_len(ssl) + 38 + n) { ext_len = 0; - } - else - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello message" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); - return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); + } else { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad server hello message")); + mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); + return MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO; } /* ciphersuite (used later) */ - i = ( buf[35 + n] << 8 ) | buf[36 + n]; + i = (buf[35 + n] << 8) | buf[36 + n]; /* * Read and check compression */ comp = buf[37 + n]; - if( is_compression_bad( ssl, comp ) ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, - ( "server hello, bad compression: %d", comp ) ); + if (is_compression_bad(ssl, comp)) { + MBEDTLS_SSL_DEBUG_MSG(1, + ("server hello, bad compression: %d", comp)); mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER ); - return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE ); + MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER); + return MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; } /* * Initialize update checksum functions */ - ssl->handshake->ciphersuite_info = mbedtls_ssl_ciphersuite_from_id( i ); - if( ssl->handshake->ciphersuite_info == NULL ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, - ( "ciphersuite info for %04x not found", (unsigned int)i ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR ); - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + ssl->handshake->ciphersuite_info = mbedtls_ssl_ciphersuite_from_id(i); + if (ssl->handshake->ciphersuite_info == NULL) { + MBEDTLS_SSL_DEBUG_MSG(1, + ("ciphersuite info for %04x not found", (unsigned int) i)); + mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR); + return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; } - mbedtls_ssl_optimize_checksum( ssl, ssl->handshake->ciphersuite_info ); + mbedtls_ssl_optimize_checksum(ssl, ssl->handshake->ciphersuite_info); - MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, session id len.: %" MBEDTLS_PRINTF_SIZET, n ) ); - MBEDTLS_SSL_DEBUG_BUF( 3, "server hello, session id", buf + 35, n ); + MBEDTLS_SSL_DEBUG_MSG(3, ("server hello, session id len.: %" MBEDTLS_PRINTF_SIZET, n)); + MBEDTLS_SSL_DEBUG_BUF(3, "server hello, session id", buf + 35, n); /* * Check if the session can be resumed */ - if( ssl->handshake->resume == 0 || n == 0 || + if (ssl->handshake->resume == 0 || n == 0 || #if defined(MBEDTLS_SSL_RENEGOTIATION) ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE || #endif ssl->session_negotiate->ciphersuite != i || ssl->session_negotiate->compression != comp || ssl->session_negotiate->id_len != n || - memcmp( ssl->session_negotiate->id, buf + 35, n ) != 0 ) - { + memcmp(ssl->session_negotiate->id, buf + 35, n) != 0) { ssl->state++; ssl->handshake->resume = 0; #if defined(MBEDTLS_HAVE_TIME) - ssl->session_negotiate->start = mbedtls_time( NULL ); + ssl->session_negotiate->start = mbedtls_time(NULL); #endif ssl->session_negotiate->ciphersuite = i; ssl->session_negotiate->compression = comp; ssl->session_negotiate->id_len = n; - memcpy( ssl->session_negotiate->id, buf + 35, n ); - } - else - { + memcpy(ssl->session_negotiate->id, buf + 35, n); + } else { ssl->state = MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC; } - MBEDTLS_SSL_DEBUG_MSG( 3, ( "%s session has been resumed", - ssl->handshake->resume ? "a" : "no" ) ); + MBEDTLS_SSL_DEBUG_MSG(3, ("%s session has been resumed", + ssl->handshake->resume ? "a" : "no")); - MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, chosen ciphersuite: %04x", (unsigned) i ) ); - MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, compress alg.: %d", - buf[37 + n] ) ); + MBEDTLS_SSL_DEBUG_MSG(3, ("server hello, chosen ciphersuite: %04x", (unsigned) i)); + MBEDTLS_SSL_DEBUG_MSG(3, ("server hello, compress alg.: %d", + buf[37 + n])); /* * Perform cipher suite validation in same way as in ssl_write_client_hello. */ i = 0; - while( 1 ) - { - if( ssl->conf->ciphersuite_list[ssl->minor_ver][i] == 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello message" ) ); + while (1) { + if (ssl->conf->ciphersuite_list[ssl->minor_ver][i] == 0) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad server hello message")); mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER ); - return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); + MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER); + return MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO; } - if( ssl->conf->ciphersuite_list[ssl->minor_ver][i++] == - ssl->session_negotiate->ciphersuite ) - { + if (ssl->conf->ciphersuite_list[ssl->minor_ver][i++] == + ssl->session_negotiate->ciphersuite) { break; } } suite_info = mbedtls_ssl_ciphersuite_from_id( - ssl->session_negotiate->ciphersuite ); - if( ssl_validate_ciphersuite( suite_info, ssl, ssl->minor_ver, - ssl->minor_ver ) != 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello message" ) ); + ssl->session_negotiate->ciphersuite); + if (ssl_validate_ciphersuite(suite_info, ssl, ssl->minor_ver, + ssl->minor_ver) != 0) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad server hello message")); mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER ); - return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); + MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER); + return MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO; } - MBEDTLS_SSL_DEBUG_MSG( 3, - ( "server hello, chosen ciphersuite: %s", suite_info->name ) ); + MBEDTLS_SSL_DEBUG_MSG(3, + ("server hello, chosen ciphersuite: %s", suite_info->name)); #if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED) - if( suite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA && - ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 ) - { + if (suite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA && + ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3) { ssl->handshake->ecrs_enabled = 1; } #endif - if( comp != MBEDTLS_SSL_COMPRESS_NULL + if (comp != MBEDTLS_SSL_COMPRESS_NULL #if defined(MBEDTLS_ZLIB_SUPPORT) && comp != MBEDTLS_SSL_COMPRESS_DEFLATE #endif - ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello message" ) ); + ) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad server hello message")); mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER ); - return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); + MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER); + return MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO; } ssl->session_negotiate->compression = comp; ext = buf + 40 + n; - MBEDTLS_SSL_DEBUG_MSG( 2, - ( "server hello, total extension length: %" MBEDTLS_PRINTF_SIZET, ext_len ) ); + MBEDTLS_SSL_DEBUG_MSG(2, + ("server hello, total extension length: %" MBEDTLS_PRINTF_SIZET, + ext_len)); - while( ext_len ) - { - unsigned int ext_id = ( ( ext[0] << 8 ) - | ( ext[1] ) ); - unsigned int ext_size = ( ( ext[2] << 8 ) - | ( ext[3] ) ); + while (ext_len) { + unsigned int ext_id = ((ext[0] << 8) + | (ext[1])); + unsigned int ext_size = ((ext[2] << 8) + | (ext[3])); - if( ext_size + 4 > ext_len ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello message" ) ); + if (ext_size + 4 > ext_len) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad server hello message")); mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); - return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); + MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); + return MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO; } - switch( ext_id ) - { - case MBEDTLS_TLS_EXT_RENEGOTIATION_INFO: - MBEDTLS_SSL_DEBUG_MSG( 3, ( "found renegotiation extension" ) ); + switch (ext_id) { + case MBEDTLS_TLS_EXT_RENEGOTIATION_INFO: + MBEDTLS_SSL_DEBUG_MSG(3, ("found renegotiation extension")); #if defined(MBEDTLS_SSL_RENEGOTIATION) - renegotiation_info_seen = 1; + renegotiation_info_seen = 1; #endif - if( ( ret = ssl_parse_renegotiation_info( ssl, ext + 4, - ext_size ) ) != 0 ) - return( ret ); + if ((ret = ssl_parse_renegotiation_info(ssl, ext + 4, + ext_size)) != 0) { + return ret; + } - break; + break; #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) - case MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH: - MBEDTLS_SSL_DEBUG_MSG( 3, - ( "found max_fragment_length extension" ) ); - - if( ( ret = ssl_parse_max_fragment_length_ext( ssl, - ext + 4, ext_size ) ) != 0 ) - { - return( ret ); - } + case MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH: + MBEDTLS_SSL_DEBUG_MSG(3, + ("found max_fragment_length extension")); - break; + if ((ret = ssl_parse_max_fragment_length_ext(ssl, + ext + 4, ext_size)) != 0) { + return ret; + } + + break; #endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */ #if defined(MBEDTLS_SSL_TRUNCATED_HMAC) - case MBEDTLS_TLS_EXT_TRUNCATED_HMAC: - MBEDTLS_SSL_DEBUG_MSG( 3, ( "found truncated_hmac extension" ) ); + case MBEDTLS_TLS_EXT_TRUNCATED_HMAC: + MBEDTLS_SSL_DEBUG_MSG(3, ("found truncated_hmac extension")); - if( ( ret = ssl_parse_truncated_hmac_ext( ssl, - ext + 4, ext_size ) ) != 0 ) - { - return( ret ); - } + if ((ret = ssl_parse_truncated_hmac_ext(ssl, + ext + 4, ext_size)) != 0) { + return ret; + } - break; + break; #endif /* MBEDTLS_SSL_TRUNCATED_HMAC */ #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) - case MBEDTLS_TLS_EXT_CID: - MBEDTLS_SSL_DEBUG_MSG( 3, ( "found CID extension" ) ); - - if( ( ret = ssl_parse_cid_ext( ssl, - ext + 4, - ext_size ) ) != 0 ) - { - return( ret ); - } + case MBEDTLS_TLS_EXT_CID: + MBEDTLS_SSL_DEBUG_MSG(3, ("found CID extension")); - break; + if ((ret = ssl_parse_cid_ext(ssl, + ext + 4, + ext_size)) != 0) { + return ret; + } + + break; #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) - case MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC: - MBEDTLS_SSL_DEBUG_MSG( 3, ( "found encrypt_then_mac extension" ) ); + case MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC: + MBEDTLS_SSL_DEBUG_MSG(3, ("found encrypt_then_mac extension")); - if( ( ret = ssl_parse_encrypt_then_mac_ext( ssl, - ext + 4, ext_size ) ) != 0 ) - { - return( ret ); - } + if ((ret = ssl_parse_encrypt_then_mac_ext(ssl, + ext + 4, ext_size)) != 0) { + return ret; + } - break; + break; #endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */ #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) - case MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET: - MBEDTLS_SSL_DEBUG_MSG( 3, - ( "found extended_master_secret extension" ) ); - - if( ( ret = ssl_parse_extended_ms_ext( ssl, - ext + 4, ext_size ) ) != 0 ) - { - return( ret ); - } + case MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET: + MBEDTLS_SSL_DEBUG_MSG(3, + ("found extended_master_secret extension")); - break; + if ((ret = ssl_parse_extended_ms_ext(ssl, + ext + 4, ext_size)) != 0) { + return ret; + } + + break; #endif /* MBEDTLS_SSL_EXTENDED_MASTER_SECRET */ #if defined(MBEDTLS_SSL_SESSION_TICKETS) - case MBEDTLS_TLS_EXT_SESSION_TICKET: - MBEDTLS_SSL_DEBUG_MSG( 3, ( "found session_ticket extension" ) ); + case MBEDTLS_TLS_EXT_SESSION_TICKET: + MBEDTLS_SSL_DEBUG_MSG(3, ("found session_ticket extension")); - if( ( ret = ssl_parse_session_ticket_ext( ssl, - ext + 4, ext_size ) ) != 0 ) - { - return( ret ); - } + if ((ret = ssl_parse_session_ticket_ext(ssl, + ext + 4, ext_size)) != 0) { + return ret; + } - break; + break; #endif /* MBEDTLS_SSL_SESSION_TICKETS */ #if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) - case MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS: - MBEDTLS_SSL_DEBUG_MSG( 3, - ( "found supported_point_formats extension" ) ); - - if( ( ret = ssl_parse_supported_point_formats_ext( ssl, - ext + 4, ext_size ) ) != 0 ) - { - return( ret ); - } + defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) + case MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS: + MBEDTLS_SSL_DEBUG_MSG(3, + ("found supported_point_formats extension")); - break; + if ((ret = ssl_parse_supported_point_formats_ext(ssl, + ext + 4, ext_size)) != 0) { + return ret; + } + + break; #endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C || MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) - case MBEDTLS_TLS_EXT_ECJPAKE_KKPP: - MBEDTLS_SSL_DEBUG_MSG( 3, ( "found ecjpake_kkpp extension" ) ); + case MBEDTLS_TLS_EXT_ECJPAKE_KKPP: + MBEDTLS_SSL_DEBUG_MSG(3, ("found ecjpake_kkpp extension")); - if( ( ret = ssl_parse_ecjpake_kkpp( ssl, - ext + 4, ext_size ) ) != 0 ) - { - return( ret ); - } + if ((ret = ssl_parse_ecjpake_kkpp(ssl, + ext + 4, ext_size)) != 0) { + return ret; + } - break; + break; #endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ #if defined(MBEDTLS_SSL_ALPN) - case MBEDTLS_TLS_EXT_ALPN: - MBEDTLS_SSL_DEBUG_MSG( 3, ( "found alpn extension" ) ); + case MBEDTLS_TLS_EXT_ALPN: + MBEDTLS_SSL_DEBUG_MSG(3, ("found alpn extension")); - if( ( ret = ssl_parse_alpn_ext( ssl, ext + 4, ext_size ) ) != 0 ) - return( ret ); + if ((ret = ssl_parse_alpn_ext(ssl, ext + 4, ext_size)) != 0) { + return ret; + } - break; + break; #endif /* MBEDTLS_SSL_ALPN */ #if defined(MBEDTLS_SSL_DTLS_SRTP) - case MBEDTLS_TLS_EXT_USE_SRTP: - MBEDTLS_SSL_DEBUG_MSG( 3, ( "found use_srtp extension" ) ); + case MBEDTLS_TLS_EXT_USE_SRTP: + MBEDTLS_SSL_DEBUG_MSG(3, ("found use_srtp extension")); - if( ( ret = ssl_parse_use_srtp_ext( ssl, ext + 4, ext_size ) ) != 0 ) - return( ret ); + if ((ret = ssl_parse_use_srtp_ext(ssl, ext + 4, ext_size)) != 0) { + return ret; + } - break; + break; #endif /* MBEDTLS_SSL_DTLS_SRTP */ - default: - MBEDTLS_SSL_DEBUG_MSG( 3, - ( "unknown extension found: %u (ignoring)", ext_id ) ); + default: + MBEDTLS_SSL_DEBUG_MSG(3, + ("unknown extension found: %u (ignoring)", ext_id)); } ext_len -= 4 + ext_size; ext += 4 + ext_size; - if( ext_len > 0 && ext_len < 4 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello message" ) ); - return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); + if (ext_len > 0 && ext_len < 4) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad server hello message")); + return MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO; } } @@ -2565,77 +2474,68 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl ) * extensions. It sets the transform data for the resumed session which in * case of DTLS includes the server CID extracted from the CID extension. */ - if( ssl->handshake->resume ) - { - if( ( ret = mbedtls_ssl_derive_keys( ssl ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_derive_keys", ret ); + if (ssl->handshake->resume) { + if ((ret = mbedtls_ssl_derive_keys(ssl)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_derive_keys", ret); mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR ); - return( ret ); + MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR); + return ret; } } /* * Renegotiation security checks */ - if( ssl->secure_renegotiation == MBEDTLS_SSL_LEGACY_RENEGOTIATION && + if (ssl->secure_renegotiation == MBEDTLS_SSL_LEGACY_RENEGOTIATION && ssl->conf->allow_legacy_renegotiation == - MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, - ( "legacy renegotiation, breaking off handshake" ) ); + MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE) { + MBEDTLS_SSL_DEBUG_MSG(1, + ("legacy renegotiation, breaking off handshake")); handshake_failure = 1; } #if defined(MBEDTLS_SSL_RENEGOTIATION) - else if( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS && + else if (ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS && ssl->secure_renegotiation == MBEDTLS_SSL_SECURE_RENEGOTIATION && - renegotiation_info_seen == 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, - ( "renegotiation_info extension missing (secure)" ) ); + renegotiation_info_seen == 0) { + MBEDTLS_SSL_DEBUG_MSG(1, + ("renegotiation_info extension missing (secure)")); handshake_failure = 1; - } - else if( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS && - ssl->secure_renegotiation == MBEDTLS_SSL_LEGACY_RENEGOTIATION && - ssl->conf->allow_legacy_renegotiation == - MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "legacy renegotiation not allowed" ) ); + } else if (ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS && + ssl->secure_renegotiation == MBEDTLS_SSL_LEGACY_RENEGOTIATION && + ssl->conf->allow_legacy_renegotiation == + MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION) { + MBEDTLS_SSL_DEBUG_MSG(1, ("legacy renegotiation not allowed")); handshake_failure = 1; - } - else if( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS && - ssl->secure_renegotiation == MBEDTLS_SSL_LEGACY_RENEGOTIATION && - renegotiation_info_seen == 1 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, - ( "renegotiation_info extension present (legacy)" ) ); + } else if (ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS && + ssl->secure_renegotiation == MBEDTLS_SSL_LEGACY_RENEGOTIATION && + renegotiation_info_seen == 1) { + MBEDTLS_SSL_DEBUG_MSG(1, + ("renegotiation_info extension present (legacy)")); handshake_failure = 1; } #endif /* MBEDTLS_SSL_RENEGOTIATION */ - if( handshake_failure == 1 ) - { + if (handshake_failure == 1) { mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); - return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); + MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE); + return MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO; } - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse server hello" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("<= parse server hello")); - return( 0 ); + return 0; } #if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_parse_server_dh_params( mbedtls_ssl_context *ssl, - unsigned char **p, - unsigned char *end ) +static int ssl_parse_server_dh_params(mbedtls_ssl_context *ssl, + unsigned char **p, + unsigned char *end) { int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; size_t dhm_actual_bitlen; @@ -2649,27 +2549,25 @@ static int ssl_parse_server_dh_params( mbedtls_ssl_context *ssl, * opaque dh_Ys<1..2^16-1>; * } ServerDHParams; */ - if( ( ret = mbedtls_dhm_read_params( &ssl->handshake->dhm_ctx, - p, end ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 2, ( "mbedtls_dhm_read_params" ), ret ); - return( ret ); + if ((ret = mbedtls_dhm_read_params(&ssl->handshake->dhm_ctx, + p, end)) != 0) { + MBEDTLS_SSL_DEBUG_RET(2, ("mbedtls_dhm_read_params"), ret); + return ret; } - dhm_actual_bitlen = mbedtls_mpi_bitlen( &ssl->handshake->dhm_ctx.P ); - if( dhm_actual_bitlen < ssl->conf->dhm_min_bitlen ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "DHM prime too short: %" MBEDTLS_PRINTF_SIZET " < %u", - dhm_actual_bitlen, - ssl->conf->dhm_min_bitlen ) ); - return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); + dhm_actual_bitlen = mbedtls_mpi_bitlen(&ssl->handshake->dhm_ctx.P); + if (dhm_actual_bitlen < ssl->conf->dhm_min_bitlen) { + MBEDTLS_SSL_DEBUG_MSG(1, ("DHM prime too short: %" MBEDTLS_PRINTF_SIZET " < %u", + dhm_actual_bitlen, + ssl->conf->dhm_min_bitlen)); + return MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE; } - MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: P ", &ssl->handshake->dhm_ctx.P ); - MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: G ", &ssl->handshake->dhm_ctx.G ); - MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: GY", &ssl->handshake->dhm_ctx.GY ); + MBEDTLS_SSL_DEBUG_MPI(3, "DHM: P ", &ssl->handshake->dhm_ctx.P); + MBEDTLS_SSL_DEBUG_MPI(3, "DHM: G ", &ssl->handshake->dhm_ctx.G); + MBEDTLS_SSL_DEBUG_MPI(3, "DHM: GY", &ssl->handshake->dhm_ctx.GY); - return( ret ); + return ret; } #endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED || MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */ @@ -2680,7 +2578,7 @@ static int ssl_parse_server_dh_params( mbedtls_ssl_context *ssl, defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_check_server_ecdh_params( const mbedtls_ssl_context *ssl ) +static int ssl_check_server_ecdh_params(const mbedtls_ssl_context *ssl) { const mbedtls_ecp_curve_info *curve_info; mbedtls_ecp_group_id grp_id; @@ -2690,28 +2588,29 @@ static int ssl_check_server_ecdh_params( const mbedtls_ssl_context *ssl ) grp_id = ssl->handshake->ecdh_ctx.grp_id; #endif /* MBEDTLS_ECDH_LEGACY_CONTEXT */ - curve_info = mbedtls_ecp_curve_info_from_grp_id( grp_id ); - if( curve_info == NULL ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + curve_info = mbedtls_ecp_curve_info_from_grp_id(grp_id); + if (curve_info == NULL) { + MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); + return MBEDTLS_ERR_SSL_INTERNAL_ERROR; } - MBEDTLS_SSL_DEBUG_MSG( 2, ( "ECDH curve: %s", curve_info->name ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("ECDH curve: %s", curve_info->name)); #if defined(MBEDTLS_ECP_C) - if( mbedtls_ssl_check_curve( ssl, grp_id ) != 0 ) - return( -1 ); + if (mbedtls_ssl_check_curve(ssl, grp_id) != 0) { + return -1; + } #else - if( ssl->handshake->ecdh_ctx.grp.nbits < 163 || - ssl->handshake->ecdh_ctx.grp.nbits > 521 ) - return( -1 ); + if (ssl->handshake->ecdh_ctx.grp.nbits < 163 || + ssl->handshake->ecdh_ctx.grp.nbits > 521) { + return -1; + } #endif /* MBEDTLS_ECP_C */ - MBEDTLS_SSL_DEBUG_ECDH( 3, &ssl->handshake->ecdh_ctx, - MBEDTLS_DEBUG_ECDH_QP ); + MBEDTLS_SSL_DEBUG_ECDH(3, &ssl->handshake->ecdh_ctx, + MBEDTLS_DEBUG_ECDH_QP); - return( 0 ); + return 0; } #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED || MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED || @@ -2720,12 +2619,12 @@ static int ssl_check_server_ecdh_params( const mbedtls_ssl_context *ssl ) MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */ #if defined(MBEDTLS_USE_PSA_CRYPTO) && \ - ( defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) ) + (defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ + defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)) MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_parse_server_ecdh_params_psa( mbedtls_ssl_context *ssl, - unsigned char **p, - unsigned char *end ) +static int ssl_parse_server_ecdh_params_psa(mbedtls_ssl_context *ssl, + unsigned char **p, + unsigned char *end) { uint16_t tls_id; size_t ecdh_bits = 0; @@ -2736,12 +2635,14 @@ static int ssl_parse_server_ecdh_params_psa( mbedtls_ssl_context *ssl, * Parse ECC group */ - if( end - *p < 4 ) - return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); + if (end - *p < 4) { + return MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE; + } /* First byte is curve_type; only named_curve is handled */ - if( *(*p)++ != MBEDTLS_ECP_TLS_NAMED_CURVE ) - return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); + if (*(*p)++ != MBEDTLS_ECP_TLS_NAMED_CURVE) { + return MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE; + } /* Next two bytes are the namedcurve value */ tls_id = *(*p)++; @@ -2749,17 +2650,18 @@ static int ssl_parse_server_ecdh_params_psa( mbedtls_ssl_context *ssl, tls_id |= *(*p)++; /* Check it's a curve we offered */ - if( mbedtls_ssl_check_curve_tls_id( ssl, tls_id ) != 0 ) - return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); + if (mbedtls_ssl_check_curve_tls_id(ssl, tls_id) != 0) { + return MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE; + } /* Convert EC group to PSA key type. */ - if( ( handshake->ecdh_psa_type = - mbedtls_psa_parse_tls_ecc_group( tls_id, &ecdh_bits ) ) == 0 ) - { - return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); + if ((handshake->ecdh_psa_type = + mbedtls_psa_parse_tls_ecc_group(tls_id, &ecdh_bits)) == 0) { + return MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE; + } + if (ecdh_bits > 0xffff) { + return MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE; } - if( ecdh_bits > 0xffff ) - return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); handshake->ecdh_bits = (uint16_t) ecdh_bits; /* @@ -2767,20 +2669,20 @@ static int ssl_parse_server_ecdh_params_psa( mbedtls_ssl_context *ssl, */ ecpoint_len = *(*p)++; - if( (size_t)( end - *p ) < ecpoint_len ) - return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); - - if( mbedtls_psa_tls_ecpoint_to_psa_ec( - *p, ecpoint_len, - handshake->ecdh_psa_peerkey, - sizeof( handshake->ecdh_psa_peerkey ), - &handshake->ecdh_psa_peerkey_len ) != 0 ) - { - return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); + if ((size_t) (end - *p) < ecpoint_len) { + return MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE; + } + + if (mbedtls_psa_tls_ecpoint_to_psa_ec( + *p, ecpoint_len, + handshake->ecdh_psa_peerkey, + sizeof(handshake->ecdh_psa_peerkey), + &handshake->ecdh_psa_peerkey_len) != 0) { + return MBEDTLS_ERR_SSL_HW_ACCEL_FAILED; } *p += ecpoint_len; - return( 0 ); + return 0; } #endif /* MBEDTLS_USE_PSA_CRYPTO && ( MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED || @@ -2790,9 +2692,9 @@ static int ssl_parse_server_ecdh_params_psa( mbedtls_ssl_context *ssl, defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_parse_server_ecdh_params( mbedtls_ssl_context *ssl, - unsigned char **p, - unsigned char *end ) +static int ssl_parse_server_ecdh_params(mbedtls_ssl_context *ssl, + unsigned char **p, + unsigned char *end) { int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; @@ -2804,25 +2706,24 @@ static int ssl_parse_server_ecdh_params( mbedtls_ssl_context *ssl, * ECPoint public; * } ServerECDHParams; */ - if( ( ret = mbedtls_ecdh_read_params( &ssl->handshake->ecdh_ctx, - (const unsigned char **) p, end ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, ( "mbedtls_ecdh_read_params" ), ret ); + if ((ret = mbedtls_ecdh_read_params(&ssl->handshake->ecdh_ctx, + (const unsigned char **) p, end)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, ("mbedtls_ecdh_read_params"), ret); #if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED) - if( ret == MBEDTLS_ERR_ECP_IN_PROGRESS ) + if (ret == MBEDTLS_ERR_ECP_IN_PROGRESS) { ret = MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS; + } #endif - return( ret ); + return ret; } - if( ssl_check_server_ecdh_params( ssl ) != 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, - ( "bad server key exchange message (ECDHE curve)" ) ); - return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); + if (ssl_check_server_ecdh_params(ssl) != 0) { + MBEDTLS_SSL_DEBUG_MSG(1, + ("bad server key exchange message (ECDHE curve)")); + return MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE; } - return( ret ); + return ret; } #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED || MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED || @@ -2830,9 +2731,9 @@ static int ssl_parse_server_ecdh_params( mbedtls_ssl_context *ssl, #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_parse_server_psk_hint( mbedtls_ssl_context *ssl, - unsigned char **p, - unsigned char *end ) +static int ssl_parse_server_psk_hint(mbedtls_ssl_context *ssl, + unsigned char **p, + unsigned char *end) { int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; uint16_t len; @@ -2843,20 +2744,18 @@ static int ssl_parse_server_psk_hint( mbedtls_ssl_context *ssl, * * opaque psk_identity_hint<0..2^16-1>; */ - if( end - (*p) < 2 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, - ( "bad server key exchange message (psk_identity_hint length)" ) ); - return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); + if (end - (*p) < 2) { + MBEDTLS_SSL_DEBUG_MSG(1, + ("bad server key exchange message (psk_identity_hint length)")); + return MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE; } len = (*p)[0] << 8 | (*p)[1]; *p += 2; - if( end - (*p) < len ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, - ( "bad server key exchange message (psk_identity_hint length)" ) ); - return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); + if (end - (*p) < len) { + MBEDTLS_SSL_DEBUG_MSG(1, + ("bad server key exchange message (psk_identity_hint length)")); + return MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE; } /* @@ -2867,7 +2766,7 @@ static int ssl_parse_server_psk_hint( mbedtls_ssl_context *ssl, *p += len; ret = 0; - return( ret ); + return ret; } #endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ @@ -2877,19 +2776,18 @@ static int ssl_parse_server_psk_hint( mbedtls_ssl_context *ssl, * Generate a pre-master secret and encrypt it with the server's RSA key */ MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_write_encrypted_pms( mbedtls_ssl_context *ssl, - size_t offset, size_t *olen, - size_t pms_offset ) +static int ssl_write_encrypted_pms(mbedtls_ssl_context *ssl, + size_t offset, size_t *olen, + size_t pms_offset) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len_bytes = ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ? 0 : 2; unsigned char *p = ssl->handshake->premaster + pms_offset; - mbedtls_pk_context * peer_pk; + mbedtls_pk_context *peer_pk; - if( offset + len_bytes > MBEDTLS_SSL_OUT_CONTENT_LEN ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small for encrypted pms" ) ); - return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL ); + if (offset + len_bytes > MBEDTLS_SSL_OUT_CONTENT_LEN) { + MBEDTLS_SSL_DEBUG_MSG(1, ("buffer too small for encrypted pms")); + return MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL; } /* @@ -2899,14 +2797,13 @@ static int ssl_write_encrypted_pms( mbedtls_ssl_context *ssl, * opaque random[46]; * } PreMasterSecret; */ - mbedtls_ssl_write_version( ssl->conf->max_major_ver, - ssl->conf->max_minor_ver, - ssl->conf->transport, p ); + mbedtls_ssl_write_version(ssl->conf->max_major_ver, + ssl->conf->max_minor_ver, + ssl->conf->transport, p); - if( ( ret = ssl->conf->f_rng( ssl->conf->p_rng, p + 2, 46 ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "f_rng", ret ); - return( ret ); + if ((ret = ssl->conf->f_rng(ssl->conf->p_rng, p + 2, 46)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "f_rng", ret); + return ret; } ssl->handshake->pmslen = 48; @@ -2914,11 +2811,10 @@ static int ssl_write_encrypted_pms( mbedtls_ssl_context *ssl, #if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) peer_pk = &ssl->handshake->peer_pubkey; #else /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ - if( ssl->session_negotiate->peer_cert == NULL ) - { + if (ssl->session_negotiate->peer_cert == NULL) { /* Should never happen */ - MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); + return MBEDTLS_ERR_SSL_INTERNAL_ERROR; } peer_pk = &ssl->session_negotiate->peer_cert->pk; #endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ @@ -2926,36 +2822,33 @@ static int ssl_write_encrypted_pms( mbedtls_ssl_context *ssl, /* * Now write it out, encrypted */ - if( ! mbedtls_pk_can_do( peer_pk, MBEDTLS_PK_RSA ) ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "certificate key type mismatch" ) ); - return( MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH ); + if (!mbedtls_pk_can_do(peer_pk, MBEDTLS_PK_RSA)) { + MBEDTLS_SSL_DEBUG_MSG(1, ("certificate key type mismatch")); + return MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH; } - if( ( ret = mbedtls_pk_encrypt( peer_pk, - p, ssl->handshake->pmslen, - ssl->out_msg + offset + len_bytes, olen, - MBEDTLS_SSL_OUT_CONTENT_LEN - offset - len_bytes, - ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_rsa_pkcs1_encrypt", ret ); - return( ret ); + if ((ret = mbedtls_pk_encrypt(peer_pk, + p, ssl->handshake->pmslen, + ssl->out_msg + offset + len_bytes, olen, + MBEDTLS_SSL_OUT_CONTENT_LEN - offset - len_bytes, + ssl->conf->f_rng, ssl->conf->p_rng)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_rsa_pkcs1_encrypt", ret); + return ret; } #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \ defined(MBEDTLS_SSL_PROTO_TLS1_2) - if( len_bytes == 2 ) - { - MBEDTLS_PUT_UINT16_BE( *olen, ssl->out_msg, offset ); + if (len_bytes == 2) { + MBEDTLS_PUT_UINT16_BE(*olen, ssl->out_msg, offset); *olen += 2; } #endif #if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) /* We don't need the peer's public key anymore. Free it. */ - mbedtls_pk_free( peer_pk ); + mbedtls_pk_free(peer_pk); #endif /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ - return( 0 ); + return 0; } #endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED || MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */ @@ -2965,64 +2858,61 @@ static int ssl_write_encrypted_pms( mbedtls_ssl_context *ssl, defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_parse_signature_algorithm( mbedtls_ssl_context *ssl, - unsigned char **p, - unsigned char *end, - mbedtls_md_type_t *md_alg, - mbedtls_pk_type_t *pk_alg ) +static int ssl_parse_signature_algorithm(mbedtls_ssl_context *ssl, + unsigned char **p, + unsigned char *end, + mbedtls_md_type_t *md_alg, + mbedtls_pk_type_t *pk_alg) { ((void) ssl); *md_alg = MBEDTLS_MD_NONE; *pk_alg = MBEDTLS_PK_NONE; /* Only in TLS 1.2 */ - if( ssl->minor_ver != MBEDTLS_SSL_MINOR_VERSION_3 ) - { - return( 0 ); + if (ssl->minor_ver != MBEDTLS_SSL_MINOR_VERSION_3) { + return 0; } - if( (*p) + 2 > end ) - return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); + if ((*p) + 2 > end) { + return MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE; + } /* * Get hash algorithm */ - if( ( *md_alg = mbedtls_ssl_md_alg_from_hash( (*p)[0] ) ) - == MBEDTLS_MD_NONE ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, - ( "Server used unsupported HashAlgorithm %d", *(p)[0] ) ); - return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); + if ((*md_alg = mbedtls_ssl_md_alg_from_hash((*p)[0])) + == MBEDTLS_MD_NONE) { + MBEDTLS_SSL_DEBUG_MSG(1, + ("Server used unsupported HashAlgorithm %d", *(p)[0])); + return MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE; } /* * Get signature algorithm */ - if( ( *pk_alg = mbedtls_ssl_pk_alg_from_sig( (*p)[1] ) ) - == MBEDTLS_PK_NONE ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, - ( "server used unsupported SignatureAlgorithm %d", (*p)[1] ) ); - return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); + if ((*pk_alg = mbedtls_ssl_pk_alg_from_sig((*p)[1])) + == MBEDTLS_PK_NONE) { + MBEDTLS_SSL_DEBUG_MSG(1, + ("server used unsupported SignatureAlgorithm %d", (*p)[1])); + return MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE; } /* * Check if the hash is acceptable */ - if( mbedtls_ssl_check_sig_hash( ssl, *md_alg ) != 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, - ( "server used HashAlgorithm %d that was not offered", *(p)[0] ) ); - return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); + if (mbedtls_ssl_check_sig_hash(ssl, *md_alg) != 0) { + MBEDTLS_SSL_DEBUG_MSG(1, + ("server used HashAlgorithm %d that was not offered", *(p)[0])); + return MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE; } - MBEDTLS_SSL_DEBUG_MSG( 2, ( "Server used SignatureAlgorithm %d", - (*p)[1] ) ); - MBEDTLS_SSL_DEBUG_MSG( 2, ( "Server used HashAlgorithm %d", - (*p)[0] ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("Server used SignatureAlgorithm %d", + (*p)[1])); + MBEDTLS_SSL_DEBUG_MSG(2, ("Server used HashAlgorithm %d", + (*p)[0])); *p += 2; - return( 0 ); + return 0; } #endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED || MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED || @@ -3032,75 +2922,70 @@ static int ssl_parse_signature_algorithm( mbedtls_ssl_context *ssl, #if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_get_ecdh_params_from_cert( mbedtls_ssl_context *ssl ) +static int ssl_get_ecdh_params_from_cert(mbedtls_ssl_context *ssl) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; const mbedtls_ecp_keypair *peer_key; - mbedtls_pk_context * peer_pk; + mbedtls_pk_context *peer_pk; #if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) peer_pk = &ssl->handshake->peer_pubkey; #else /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ - if( ssl->session_negotiate->peer_cert == NULL ) - { + if (ssl->session_negotiate->peer_cert == NULL) { /* Should never happen */ - MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); + return MBEDTLS_ERR_SSL_INTERNAL_ERROR; } peer_pk = &ssl->session_negotiate->peer_cert->pk; #endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ /* This is a public key, so it can't be opaque, so can_do() is a good * enough check to ensure pk_ec() is safe to use below. */ - if( ! mbedtls_pk_can_do( peer_pk, MBEDTLS_PK_ECKEY ) ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "server key not ECDH capable" ) ); - return( MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH ); + if (!mbedtls_pk_can_do(peer_pk, MBEDTLS_PK_ECKEY)) { + MBEDTLS_SSL_DEBUG_MSG(1, ("server key not ECDH capable")); + return MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH; } - peer_key = mbedtls_pk_ec( *peer_pk ); + peer_key = mbedtls_pk_ec(*peer_pk); - if( ( ret = mbedtls_ecdh_get_params( &ssl->handshake->ecdh_ctx, peer_key, - MBEDTLS_ECDH_THEIRS ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, ( "mbedtls_ecdh_get_params" ), ret ); - return( ret ); + if ((ret = mbedtls_ecdh_get_params(&ssl->handshake->ecdh_ctx, peer_key, + MBEDTLS_ECDH_THEIRS)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, ("mbedtls_ecdh_get_params"), ret); + return ret; } - if( ssl_check_server_ecdh_params( ssl ) != 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server certificate (ECDH curve)" ) ); - return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE ); + if (ssl_check_server_ecdh_params(ssl) != 0) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad server certificate (ECDH curve)")); + return MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE; } #if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) /* We don't need the peer's public key anymore. Free it, * so that more RAM is available for upcoming expensive * operations like ECDHE. */ - mbedtls_pk_free( peer_pk ); + mbedtls_pk_free(peer_pk); #endif /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ - return( ret ); + return ret; } #endif /* MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */ MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_parse_server_key_exchange( mbedtls_ssl_context *ssl ) +static int ssl_parse_server_key_exchange(mbedtls_ssl_context *ssl) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; const mbedtls_ssl_ciphersuite_t *ciphersuite_info = ssl->handshake->ciphersuite_info; unsigned char *p = NULL, *end = NULL; - MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse server key exchange" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("=> parse server key exchange")); #if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) - if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA ) - { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip parse server key exchange" ) ); + if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA) { + MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip parse server key exchange")); ssl->state++; - return( 0 ); + return 0; } ((void) p); ((void) end); @@ -3108,22 +2993,20 @@ static int ssl_parse_server_key_exchange( mbedtls_ssl_context *ssl ) #if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) - if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDH_RSA || - ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA ) - { - if( ( ret = ssl_get_ecdh_params_from_cert( ssl ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "ssl_get_ecdh_params_from_cert", ret ); + if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDH_RSA || + ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA) { + if ((ret = ssl_get_ecdh_params_from_cert(ssl)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "ssl_get_ecdh_params_from_cert", ret); mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); - return( ret ); + MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE); + return ret; } - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip parse server key exchange" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip parse server key exchange")); ssl->state++; - return( 0 ); + return 0; } ((void) p); ((void) end); @@ -3131,174 +3014,155 @@ static int ssl_parse_server_key_exchange( mbedtls_ssl_context *ssl ) MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */ #if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED) - if( ssl->handshake->ecrs_enabled && - ssl->handshake->ecrs_state == ssl_ecrs_ske_start_processing ) - { + if (ssl->handshake->ecrs_enabled && + ssl->handshake->ecrs_state == ssl_ecrs_ske_start_processing) { goto start_processing; } #endif - if( ( ret = mbedtls_ssl_read_record( ssl, 1 ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_read_record", ret ); - return( ret ); + if ((ret = mbedtls_ssl_read_record(ssl, 1)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_read_record", ret); + return ret; } - if( ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) ); + if (ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad server key exchange message")); mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE ); - return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE ); + MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE); + return MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE; } /* * ServerKeyExchange may be skipped with PSK and RSA-PSK when the server * doesn't use a psk_identity_hint */ - if( ssl->in_msg[0] != MBEDTLS_SSL_HS_SERVER_KEY_EXCHANGE ) - { - if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK || - ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK ) - { + if (ssl->in_msg[0] != MBEDTLS_SSL_HS_SERVER_KEY_EXCHANGE) { + if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK || + ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK) { /* Current message is probably either * CertificateRequest or ServerHelloDone */ ssl->keep_current_message = 1; goto exit; } - MBEDTLS_SSL_DEBUG_MSG( 1, - ( "server key exchange message must not be skipped" ) ); + MBEDTLS_SSL_DEBUG_MSG(1, + ("server key exchange message must not be skipped")); mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE ); + MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE); - return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE ); + return MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE; } #if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED) - if( ssl->handshake->ecrs_enabled ) + if (ssl->handshake->ecrs_enabled) { ssl->handshake->ecrs_state = ssl_ecrs_ske_start_processing; + } start_processing: #endif - p = ssl->in_msg + mbedtls_ssl_hs_hdr_len( ssl ); + p = ssl->in_msg + mbedtls_ssl_hs_hdr_len(ssl); end = ssl->in_msg + ssl->in_hslen; - MBEDTLS_SSL_DEBUG_BUF( 3, "server key exchange", p, end - p ); + MBEDTLS_SSL_DEBUG_BUF(3, "server key exchange", p, end - p); #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) - if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK || + if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK || ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK || ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK || - ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK ) - { - if( ssl_parse_server_psk_hint( ssl, &p, end ) != 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) ); + ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK) { + if (ssl_parse_server_psk_hint(ssl, &p, end) != 0) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad server key exchange message")); mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER ); - return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); + MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER); + return MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE; } } /* FALLTHROUGH */ #endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ #if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) - if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK || - ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK ) + if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK || + ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK) { ; /* nothing more to do */ - else + } else #endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED || MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */ #if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) - if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_RSA || - ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK ) - { - if( ssl_parse_server_dh_params( ssl, &p, end ) != 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) ); + if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_RSA || + ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK) { + if (ssl_parse_server_dh_params(ssl, &p, end) != 0) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad server key exchange message")); mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER ); - return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); + MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER); + return MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE; } - } - else + } else #endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED || MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */ #if defined(MBEDTLS_USE_PSA_CRYPTO) && \ - ( defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) ) - if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_RSA || - ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA ) - { - if( ssl_parse_server_ecdh_params_psa( ssl, &p, end ) != 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) ); + (defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ + defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)) + if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_RSA || + ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA) { + if (ssl_parse_server_ecdh_params_psa(ssl, &p, end) != 0) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad server key exchange message")); mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER ); - return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); + MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER); + return MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE; } - } - else + } else #endif /* MBEDTLS_USE_PSA_CRYPTO && ( MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED || MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED ) */ #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) - if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_RSA || + if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_RSA || ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK || - ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA ) - { - if( ssl_parse_server_ecdh_params( ssl, &p, end ) != 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) ); + ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA) { + if (ssl_parse_server_ecdh_params(ssl, &p, end) != 0) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad server key exchange message")); mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER ); - return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); + MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER); + return MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE; } - } - else + } else #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED || MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED || MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */ #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) - if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE ) - { - ret = mbedtls_ecjpake_read_round_two( &ssl->handshake->ecjpake_ctx, - p, end - p ); - if( ret != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecjpake_read_round_two", ret ); + if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE) { + ret = mbedtls_ecjpake_read_round_two(&ssl->handshake->ecjpake_ctx, + p, end - p); + if (ret != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ecjpake_read_round_two", ret); mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER ); - return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); + MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER); + return MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE; } - } - else + } else #endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); + return MBEDTLS_ERR_SSL_INTERNAL_ERROR; } #if defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED) - if( mbedtls_ssl_ciphersuite_uses_server_signature( ciphersuite_info ) ) - { + if (mbedtls_ssl_ciphersuite_uses_server_signature(ciphersuite_info)) { size_t sig_len, hashlen; #if defined(MBEDTLS_USE_PSA_CRYPTO) unsigned char hash[PSA_HASH_MAX_SIZE]; @@ -3307,133 +3171,123 @@ start_processing: #endif mbedtls_md_type_t md_alg = MBEDTLS_MD_NONE; mbedtls_pk_type_t pk_alg = MBEDTLS_PK_NONE; - unsigned char *params = ssl->in_msg + mbedtls_ssl_hs_hdr_len( ssl ); + unsigned char *params = ssl->in_msg + mbedtls_ssl_hs_hdr_len(ssl); size_t params_len = p - params; void *rs_ctx = NULL; - mbedtls_pk_context * peer_pk; + mbedtls_pk_context *peer_pk; /* * Handle the digitally-signed structure */ #if defined(MBEDTLS_SSL_PROTO_TLS1_2) - if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 ) - { - if( ssl_parse_signature_algorithm( ssl, &p, end, - &md_alg, &pk_alg ) != 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, - ( "bad server key exchange message" ) ); + if (ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3) { + if (ssl_parse_signature_algorithm(ssl, &p, end, + &md_alg, &pk_alg) != 0) { + MBEDTLS_SSL_DEBUG_MSG(1, + ("bad server key exchange message")); mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER ); - return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); + MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER); + return MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE; } - if( pk_alg != - mbedtls_ssl_get_ciphersuite_sig_pk_alg( ciphersuite_info ) ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, - ( "bad server key exchange message" ) ); + if (pk_alg != + mbedtls_ssl_get_ciphersuite_sig_pk_alg(ciphersuite_info)) { + MBEDTLS_SSL_DEBUG_MSG(1, + ("bad server key exchange message")); mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER ); - return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); + MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER); + return MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE; } - } - else + } else #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ #if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \ - defined(MBEDTLS_SSL_PROTO_TLS1_1) - if( ssl->minor_ver < MBEDTLS_SSL_MINOR_VERSION_3 ) - { - pk_alg = mbedtls_ssl_get_ciphersuite_sig_pk_alg( ciphersuite_info ); + defined(MBEDTLS_SSL_PROTO_TLS1_1) + if (ssl->minor_ver < MBEDTLS_SSL_MINOR_VERSION_3) { + pk_alg = mbedtls_ssl_get_ciphersuite_sig_pk_alg(ciphersuite_info); /* Default hash for ECDSA is SHA-1 */ - if( pk_alg == MBEDTLS_PK_ECDSA && md_alg == MBEDTLS_MD_NONE ) + if (pk_alg == MBEDTLS_PK_ECDSA && md_alg == MBEDTLS_MD_NONE) { md_alg = MBEDTLS_MD_SHA1; - } - else + } + } else #endif { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); + return MBEDTLS_ERR_SSL_INTERNAL_ERROR; } /* * Read signature */ - if( p > end - 2 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) ); + if (p > end - 2) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad server key exchange message")); mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); - return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); + MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); + return MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE; } - sig_len = ( p[0] << 8 ) | p[1]; + sig_len = (p[0] << 8) | p[1]; p += 2; - if( p != end - sig_len ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) ); + if (p != end - sig_len) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad server key exchange message")); mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); - return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); + MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); + return MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE; } - MBEDTLS_SSL_DEBUG_BUF( 3, "signature", p, sig_len ); + MBEDTLS_SSL_DEBUG_BUF(3, "signature", p, sig_len); /* * Compute the hash that has been signed */ #if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \ - defined(MBEDTLS_SSL_PROTO_TLS1_1) - if( md_alg == MBEDTLS_MD_NONE ) - { + defined(MBEDTLS_SSL_PROTO_TLS1_1) + if (md_alg == MBEDTLS_MD_NONE) { hashlen = 36; - ret = mbedtls_ssl_get_key_exchange_md_ssl_tls( ssl, hash, params, - params_len ); - if( ret != 0 ) - return( ret ); - } - else + ret = mbedtls_ssl_get_key_exchange_md_ssl_tls(ssl, hash, params, + params_len); + if (ret != 0) { + return ret; + } + } else #endif /* MBEDTLS_SSL_PROTO_SSL3 || MBEDTLS_SSL_PROTO_TLS1 || \ MBEDTLS_SSL_PROTO_TLS1_1 */ #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \ - defined(MBEDTLS_SSL_PROTO_TLS1_2) - if( md_alg != MBEDTLS_MD_NONE ) - { - ret = mbedtls_ssl_get_key_exchange_md_tls1_2( ssl, hash, &hashlen, - params, params_len, - md_alg ); - if( ret != 0 ) - return( ret ); - } - else + defined(MBEDTLS_SSL_PROTO_TLS1_2) + if (md_alg != MBEDTLS_MD_NONE) { + ret = mbedtls_ssl_get_key_exchange_md_tls1_2(ssl, hash, &hashlen, + params, params_len, + md_alg); + if (ret != 0) { + return ret; + } + } else #endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 || \ MBEDTLS_SSL_PROTO_TLS1_2 */ { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); + return MBEDTLS_ERR_SSL_INTERNAL_ERROR; } - MBEDTLS_SSL_DEBUG_BUF( 3, "parameters hash", hash, hashlen ); + MBEDTLS_SSL_DEBUG_BUF(3, "parameters hash", hash, hashlen); #if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) peer_pk = &ssl->handshake->peer_pubkey; #else /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ - if( ssl->session_negotiate->peer_cert == NULL ) - { + if (ssl->session_negotiate->peer_cert == NULL) { /* Should never happen */ - MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); + return MBEDTLS_ERR_SSL_INTERNAL_ERROR; } peer_pk = &ssl->session_negotiate->peer_cert->pk; #endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ @@ -3441,44 +3295,42 @@ start_processing: /* * Verify signature */ - if( !mbedtls_pk_can_do( peer_pk, pk_alg ) ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) ); + if (!mbedtls_pk_can_do(peer_pk, pk_alg)) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad server key exchange message")); mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); - return( MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH ); + MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE); + return MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH; } #if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED) - if( ssl->handshake->ecrs_enabled ) + if (ssl->handshake->ecrs_enabled) { rs_ctx = &ssl->handshake->ecrs_ctx.pk; + } #endif /* MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED */ - if( ( ret = mbedtls_pk_verify_restartable( peer_pk, - md_alg, hash, hashlen, p, sig_len, rs_ctx ) ) != 0 ) - { + if ((ret = mbedtls_pk_verify_restartable(peer_pk, + md_alg, hash, hashlen, p, sig_len, rs_ctx)) != 0) { #if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED) - if( ret == MBEDTLS_ERR_ECP_IN_PROGRESS ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_pk_verify", ret ); - return( MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS ); + if (ret == MBEDTLS_ERR_ECP_IN_PROGRESS) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_pk_verify", ret); + return MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS; } #endif /* MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED */ mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECRYPT_ERROR ); - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_pk_verify", ret ); - return( ret ); + MBEDTLS_SSL_ALERT_MSG_DECRYPT_ERROR); + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_pk_verify", ret); + return ret; } #if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) /* We don't need the peer's public key anymore. Free it, * so that more RAM is available for upcoming expensive * operations like ECDHE. */ - mbedtls_pk_free( peer_pk ); + mbedtls_pk_free(peer_pk); #endif /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ } #endif /* MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED */ @@ -3486,33 +3338,32 @@ start_processing: exit: ssl->state++; - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse server key exchange" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("<= parse server key exchange")); - return( 0 ); + return 0; } -#if ! defined(MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED) +#if !defined(MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED) MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_parse_certificate_request( mbedtls_ssl_context *ssl ) +static int ssl_parse_certificate_request(mbedtls_ssl_context *ssl) { const mbedtls_ssl_ciphersuite_t *ciphersuite_info = ssl->handshake->ciphersuite_info; - MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse certificate request" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("=> parse certificate request")); - if( ! mbedtls_ssl_ciphersuite_cert_req_allowed( ciphersuite_info ) ) - { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip parse certificate request" ) ); + if (!mbedtls_ssl_ciphersuite_cert_req_allowed(ciphersuite_info)) { + MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip parse certificate request")); ssl->state++; - return( 0 ); + return 0; } - MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); + return MBEDTLS_ERR_SSL_INTERNAL_ERROR; } #else /* MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED */ MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_parse_certificate_request( mbedtls_ssl_context *ssl ) +static int ssl_parse_certificate_request(mbedtls_ssl_context *ssl) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char *buf; @@ -3521,39 +3372,35 @@ static int ssl_parse_certificate_request( mbedtls_ssl_context *ssl ) const mbedtls_ssl_ciphersuite_t *ciphersuite_info = ssl->handshake->ciphersuite_info; - MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse certificate request" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("=> parse certificate request")); - if( ! mbedtls_ssl_ciphersuite_cert_req_allowed( ciphersuite_info ) ) - { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip parse certificate request" ) ); + if (!mbedtls_ssl_ciphersuite_cert_req_allowed(ciphersuite_info)) { + MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip parse certificate request")); ssl->state++; - return( 0 ); + return 0; } - if( ( ret = mbedtls_ssl_read_record( ssl, 1 ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_read_record", ret ); - return( ret ); + if ((ret = mbedtls_ssl_read_record(ssl, 1)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_read_record", ret); + return ret; } - if( ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate request message" ) ); + if (ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad certificate request message")); mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE ); - return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE ); + MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE); + return MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE; } ssl->state++; - ssl->client_auth = ( ssl->in_msg[0] == MBEDTLS_SSL_HS_CERTIFICATE_REQUEST ); + ssl->client_auth = (ssl->in_msg[0] == MBEDTLS_SSL_HS_CERTIFICATE_REQUEST); - MBEDTLS_SSL_DEBUG_MSG( 3, ( "got %s certificate request", - ssl->client_auth ? "a" : "no" ) ); + MBEDTLS_SSL_DEBUG_MSG(3, ("got %s certificate request", + ssl->client_auth ? "a" : "no")); - if( ssl->client_auth == 0 ) - { + if (ssl->client_auth == 0) { /* Current message is probably the ServerHelloDone */ ssl->keep_current_message = 1; goto exit; @@ -3586,14 +3433,13 @@ static int ssl_parse_certificate_request( mbedtls_ssl_context *ssl ) buf = ssl->in_msg; /* certificate_types */ - if( ssl->in_hslen <= mbedtls_ssl_hs_hdr_len( ssl ) ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate request message" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); - return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST ); + if (ssl->in_hslen <= mbedtls_ssl_hs_hdr_len(ssl)) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad certificate request message")); + mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); + return MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST; } - cert_type_len = buf[mbedtls_ssl_hs_hdr_len( ssl )]; + cert_type_len = buf[mbedtls_ssl_hs_hdr_len(ssl)]; n = cert_type_len; /* @@ -3606,23 +3452,21 @@ static int ssl_parse_certificate_request( mbedtls_ssl_context *ssl ) * therefore the buffer length at this point must be greater than that * regardless of the actual code path. */ - if( ssl->in_hslen <= mbedtls_ssl_hs_hdr_len( ssl ) + 2 + n ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate request message" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); - return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST ); + if (ssl->in_hslen <= mbedtls_ssl_hs_hdr_len(ssl) + 2 + n) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad certificate request message")); + mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); + return MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST; } /* supported_signature_algorithms */ #if defined(MBEDTLS_SSL_PROTO_TLS1_2) - if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 ) - { + if (ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3) { size_t sig_alg_len = - ( ( buf[mbedtls_ssl_hs_hdr_len( ssl ) + 1 + n] << 8 ) - | ( buf[mbedtls_ssl_hs_hdr_len( ssl ) + 2 + n] ) ); + ((buf[mbedtls_ssl_hs_hdr_len(ssl) + 1 + n] << 8) + | (buf[mbedtls_ssl_hs_hdr_len(ssl) + 2 + n])); #if defined(MBEDTLS_DEBUG_C) - unsigned char* sig_alg; + unsigned char *sig_alg; size_t i; #endif @@ -3638,24 +3482,22 @@ static int ssl_parse_certificate_request( mbedtls_ssl_context *ssl ) * buf[...hdr_len + 3 + n + sig_alg_len], * which is one less than we need the buf to be. */ - if( ssl->in_hslen <= mbedtls_ssl_hs_hdr_len( ssl ) - + 3 + n + sig_alg_len ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate request message" ) ); + if (ssl->in_hslen <= mbedtls_ssl_hs_hdr_len(ssl) + + 3 + n + sig_alg_len) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad certificate request message")); mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); - return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST ); + MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); + return MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST; } #if defined(MBEDTLS_DEBUG_C) - sig_alg = buf + mbedtls_ssl_hs_hdr_len( ssl ) + 3 + n; - for( i = 0; i < sig_alg_len; i += 2 ) - { - MBEDTLS_SSL_DEBUG_MSG( 3, - ( "Supported Signature Algorithm found: %d,%d", - sig_alg[i], sig_alg[i + 1] ) ); + sig_alg = buf + mbedtls_ssl_hs_hdr_len(ssl) + 3 + n; + for (i = 0; i < sig_alg_len; i += 2) { + MBEDTLS_SSL_DEBUG_MSG(3, + ("Supported Signature Algorithm found: %d,%d", + sig_alg[i], sig_alg[i + 1])); } #endif @@ -3664,67 +3506,64 @@ static int ssl_parse_certificate_request( mbedtls_ssl_context *ssl ) #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ /* certificate_authorities */ - dn_len = ( ( buf[mbedtls_ssl_hs_hdr_len( ssl ) + 1 + n] << 8 ) - | ( buf[mbedtls_ssl_hs_hdr_len( ssl ) + 2 + n] ) ); + dn_len = ((buf[mbedtls_ssl_hs_hdr_len(ssl) + 1 + n] << 8) + | (buf[mbedtls_ssl_hs_hdr_len(ssl) + 2 + n])); n += dn_len; - if( ssl->in_hslen != mbedtls_ssl_hs_hdr_len( ssl ) + 3 + n ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate request message" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); - return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST ); + if (ssl->in_hslen != mbedtls_ssl_hs_hdr_len(ssl) + 3 + n) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad certificate request message")); + mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); + return MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST; } exit: - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse certificate request" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("<= parse certificate request")); - return( 0 ); + return 0; } #endif /* MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED */ MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_parse_server_hello_done( mbedtls_ssl_context *ssl ) +static int ssl_parse_server_hello_done(mbedtls_ssl_context *ssl) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse server hello done" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("=> parse server hello done")); - if( ( ret = mbedtls_ssl_read_record( ssl, 1 ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_read_record", ret ); - return( ret ); + if ((ret = mbedtls_ssl_read_record(ssl, 1)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_read_record", ret); + return ret; } - if( ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello done message" ) ); - return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE ); + if (ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad server hello done message")); + return MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE; } - if( ssl->in_hslen != mbedtls_ssl_hs_hdr_len( ssl ) || - ssl->in_msg[0] != MBEDTLS_SSL_HS_SERVER_HELLO_DONE ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello done message" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); - return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO_DONE ); + if (ssl->in_hslen != mbedtls_ssl_hs_hdr_len(ssl) || + ssl->in_msg[0] != MBEDTLS_SSL_HS_SERVER_HELLO_DONE) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad server hello done message")); + mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); + return MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO_DONE; } ssl->state++; #if defined(MBEDTLS_SSL_PROTO_DTLS) - if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) - mbedtls_ssl_recv_flight_completed( ssl ); + if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { + mbedtls_ssl_recv_flight_completed(ssl); + } #endif - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse server hello done" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("<= parse server hello done")); - return( 0 ); + return 0; } MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_write_client_key_exchange( mbedtls_ssl_context *ssl ) +static int ssl_write_client_key_exchange(mbedtls_ssl_context *ssl) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; @@ -3733,52 +3572,47 @@ static int ssl_write_client_key_exchange( mbedtls_ssl_context *ssl ) const mbedtls_ssl_ciphersuite_t *ciphersuite_info = ssl->handshake->ciphersuite_info; - MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write client key exchange" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("=> write client key exchange")); #if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) - if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_RSA ) - { + if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_RSA) { /* * DHM key exchange -- send G^X mod P */ content_len = ssl->handshake->dhm_ctx.len; - MBEDTLS_PUT_UINT16_BE( content_len, ssl->out_msg, 4 ); + MBEDTLS_PUT_UINT16_BE(content_len, ssl->out_msg, 4); header_len = 6; - ret = mbedtls_dhm_make_public( &ssl->handshake->dhm_ctx, - (int) mbedtls_mpi_size( &ssl->handshake->dhm_ctx.P ), - &ssl->out_msg[header_len], content_len, - ssl->conf->f_rng, ssl->conf->p_rng ); - if( ret != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_dhm_make_public", ret ); - return( ret ); + ret = mbedtls_dhm_make_public(&ssl->handshake->dhm_ctx, + (int) mbedtls_mpi_size(&ssl->handshake->dhm_ctx.P), + &ssl->out_msg[header_len], content_len, + ssl->conf->f_rng, ssl->conf->p_rng); + if (ret != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_dhm_make_public", ret); + return ret; } - MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: X ", &ssl->handshake->dhm_ctx.X ); - MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: GX", &ssl->handshake->dhm_ctx.GX ); + MBEDTLS_SSL_DEBUG_MPI(3, "DHM: X ", &ssl->handshake->dhm_ctx.X); + MBEDTLS_SSL_DEBUG_MPI(3, "DHM: GX", &ssl->handshake->dhm_ctx.GX); - if( ( ret = mbedtls_dhm_calc_secret( &ssl->handshake->dhm_ctx, - ssl->handshake->premaster, - MBEDTLS_PREMASTER_SIZE, - &ssl->handshake->pmslen, - ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_dhm_calc_secret", ret ); - return( ret ); + if ((ret = mbedtls_dhm_calc_secret(&ssl->handshake->dhm_ctx, + ssl->handshake->premaster, + MBEDTLS_PREMASTER_SIZE, + &ssl->handshake->pmslen, + ssl->conf->f_rng, ssl->conf->p_rng)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_dhm_calc_secret", ret); + return ret; } - MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: K ", &ssl->handshake->dhm_ctx.K ); - } - else + MBEDTLS_SSL_DEBUG_MPI(3, "DHM: K ", &ssl->handshake->dhm_ctx.K); + } else #endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED */ #if defined(MBEDTLS_USE_PSA_CRYPTO) && \ - ( defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) ) - if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_RSA || - ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA ) - { + (defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ + defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)) + if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_RSA || + ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA) { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_status_t destruction_status = PSA_ERROR_CORRUPTION_DETECTED; psa_key_attributes_t key_attributes; @@ -3792,7 +3626,7 @@ static int ssl_write_client_key_exchange( mbedtls_ssl_context *ssl ) header_len = 4; - MBEDTLS_SSL_DEBUG_MSG( 1, ( "Perform PSA-based ECDH computation." ) ); + MBEDTLS_SSL_DEBUG_MSG(1, ("Perform PSA-based ECDH computation.")); /* * Generate EC private key for ECDHE exchange. @@ -3806,63 +3640,62 @@ static int ssl_write_client_key_exchange( mbedtls_ssl_context *ssl ) * For the time being, we therefore need to split the computation * of the ECDH secret and the application of the TLS 1.2 PRF. */ key_attributes = psa_key_attributes_init(); - psa_set_key_usage_flags( &key_attributes, PSA_KEY_USAGE_DERIVE ); - psa_set_key_algorithm( &key_attributes, PSA_ALG_ECDH ); - psa_set_key_type( &key_attributes, handshake->ecdh_psa_type ); - psa_set_key_bits( &key_attributes, handshake->ecdh_bits ); + psa_set_key_usage_flags(&key_attributes, PSA_KEY_USAGE_DERIVE); + psa_set_key_algorithm(&key_attributes, PSA_ALG_ECDH); + psa_set_key_type(&key_attributes, handshake->ecdh_psa_type); + psa_set_key_bits(&key_attributes, handshake->ecdh_bits); /* Generate ECDH private key. */ - status = psa_generate_key( &key_attributes, - &handshake->ecdh_psa_privkey ); - if( status != PSA_SUCCESS ) - return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); + status = psa_generate_key(&key_attributes, + &handshake->ecdh_psa_privkey); + if (status != PSA_SUCCESS) { + return MBEDTLS_ERR_SSL_HW_ACCEL_FAILED; + } /* Export the public part of the ECDH private key from PSA * and convert it to ECPoint format used in ClientKeyExchange. */ - status = psa_export_public_key( handshake->ecdh_psa_privkey, - own_pubkey, sizeof( own_pubkey ), - &own_pubkey_len ); - if( status != PSA_SUCCESS ) - { - psa_destroy_key( handshake->ecdh_psa_privkey ); + status = psa_export_public_key(handshake->ecdh_psa_privkey, + own_pubkey, sizeof(own_pubkey), + &own_pubkey_len); + if (status != PSA_SUCCESS) { + psa_destroy_key(handshake->ecdh_psa_privkey); handshake->ecdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT; - return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); + return MBEDTLS_ERR_SSL_HW_ACCEL_FAILED; } - if( mbedtls_psa_tls_psa_ec_to_ecpoint( own_pubkey, - own_pubkey_len, - &own_pubkey_ecpoint, - &own_pubkey_ecpoint_len ) != 0 ) - { - psa_destroy_key( handshake->ecdh_psa_privkey ); + if (mbedtls_psa_tls_psa_ec_to_ecpoint(own_pubkey, + own_pubkey_len, + &own_pubkey_ecpoint, + &own_pubkey_ecpoint_len) != 0) { + psa_destroy_key(handshake->ecdh_psa_privkey); handshake->ecdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT; - return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); + return MBEDTLS_ERR_SSL_HW_ACCEL_FAILED; } /* Copy ECPoint structure to outgoing message buffer. */ ssl->out_msg[header_len] = (unsigned char) own_pubkey_ecpoint_len; - memcpy( ssl->out_msg + header_len + 1, - own_pubkey_ecpoint, own_pubkey_ecpoint_len ); + memcpy(ssl->out_msg + header_len + 1, + own_pubkey_ecpoint, own_pubkey_ecpoint_len); content_len = own_pubkey_ecpoint_len + 1; /* The ECDH secret is the premaster secret used for key derivation. */ /* Compute ECDH shared secret. */ - status = psa_raw_key_agreement( PSA_ALG_ECDH, - handshake->ecdh_psa_privkey, - handshake->ecdh_psa_peerkey, - handshake->ecdh_psa_peerkey_len, - ssl->handshake->premaster, - sizeof( ssl->handshake->premaster ), - &ssl->handshake->pmslen ); - - destruction_status = psa_destroy_key( handshake->ecdh_psa_privkey ); + status = psa_raw_key_agreement(PSA_ALG_ECDH, + handshake->ecdh_psa_privkey, + handshake->ecdh_psa_peerkey, + handshake->ecdh_psa_peerkey_len, + ssl->handshake->premaster, + sizeof(ssl->handshake->premaster), + &ssl->handshake->pmslen); + + destruction_status = psa_destroy_key(handshake->ecdh_psa_privkey); handshake->ecdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT; - if( status != PSA_SUCCESS || destruction_status != PSA_SUCCESS ) - return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); - } - else + if (status != PSA_SUCCESS || destruction_status != PSA_SUCCESS) { + return MBEDTLS_ERR_SSL_HW_ACCEL_FAILED; + } + } else #endif /* MBEDTLS_USE_PSA_CRYPTO && ( MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED || MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED ) */ @@ -3870,142 +3703,131 @@ static int ssl_write_client_key_exchange( mbedtls_ssl_context *ssl ) defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) - if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_RSA || + if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_RSA || ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA || ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDH_RSA || - ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA ) - { + ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA) { /* * ECDH key exchange -- send client public value */ header_len = 4; #if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED) - if( ssl->handshake->ecrs_enabled ) - { - if( ssl->handshake->ecrs_state == ssl_ecrs_cke_ecdh_calc_secret ) + if (ssl->handshake->ecrs_enabled) { + if (ssl->handshake->ecrs_state == ssl_ecrs_cke_ecdh_calc_secret) { goto ecdh_calc_secret; + } - mbedtls_ecdh_enable_restart( &ssl->handshake->ecdh_ctx ); + mbedtls_ecdh_enable_restart(&ssl->handshake->ecdh_ctx); } #endif - ret = mbedtls_ecdh_make_public( &ssl->handshake->ecdh_ctx, - &content_len, - &ssl->out_msg[header_len], 1000, - ssl->conf->f_rng, ssl->conf->p_rng ); - if( ret != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecdh_make_public", ret ); + ret = mbedtls_ecdh_make_public(&ssl->handshake->ecdh_ctx, + &content_len, + &ssl->out_msg[header_len], 1000, + ssl->conf->f_rng, ssl->conf->p_rng); + if (ret != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ecdh_make_public", ret); #if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED) - if( ret == MBEDTLS_ERR_ECP_IN_PROGRESS ) + if (ret == MBEDTLS_ERR_ECP_IN_PROGRESS) { ret = MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS; + } #endif - return( ret ); + return ret; } - MBEDTLS_SSL_DEBUG_ECDH( 3, &ssl->handshake->ecdh_ctx, - MBEDTLS_DEBUG_ECDH_Q ); + MBEDTLS_SSL_DEBUG_ECDH(3, &ssl->handshake->ecdh_ctx, + MBEDTLS_DEBUG_ECDH_Q); #if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED) - if( ssl->handshake->ecrs_enabled ) - { + if (ssl->handshake->ecrs_enabled) { ssl->handshake->ecrs_n = content_len; ssl->handshake->ecrs_state = ssl_ecrs_cke_ecdh_calc_secret; } ecdh_calc_secret: - if( ssl->handshake->ecrs_enabled ) + if (ssl->handshake->ecrs_enabled) { content_len = ssl->handshake->ecrs_n; + } #endif - if( ( ret = mbedtls_ecdh_calc_secret( &ssl->handshake->ecdh_ctx, - &ssl->handshake->pmslen, - ssl->handshake->premaster, - MBEDTLS_MPI_MAX_SIZE, - ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecdh_calc_secret", ret ); + if ((ret = mbedtls_ecdh_calc_secret(&ssl->handshake->ecdh_ctx, + &ssl->handshake->pmslen, + ssl->handshake->premaster, + MBEDTLS_MPI_MAX_SIZE, + ssl->conf->f_rng, ssl->conf->p_rng)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ecdh_calc_secret", ret); #if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED) - if( ret == MBEDTLS_ERR_ECP_IN_PROGRESS ) + if (ret == MBEDTLS_ERR_ECP_IN_PROGRESS) { ret = MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS; + } #endif - return( ret ); + return ret; } - MBEDTLS_SSL_DEBUG_ECDH( 3, &ssl->handshake->ecdh_ctx, - MBEDTLS_DEBUG_ECDH_Z ); - } - else + MBEDTLS_SSL_DEBUG_ECDH(3, &ssl->handshake->ecdh_ctx, + MBEDTLS_DEBUG_ECDH_Z); + } else #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED || MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED || MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED || MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */ #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) - if( mbedtls_ssl_ciphersuite_uses_psk( ciphersuite_info ) ) - { + if (mbedtls_ssl_ciphersuite_uses_psk(ciphersuite_info)) { /* * opaque psk_identity<0..2^16-1>; */ - if( ssl_conf_has_static_psk( ssl->conf ) == 0 ) - { + if (ssl_conf_has_static_psk(ssl->conf) == 0) { /* We don't offer PSK suites if we don't have a PSK, * and we check that the server's choice is among the * ciphersuites we offered, so this should never happen. */ - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + return MBEDTLS_ERR_SSL_INTERNAL_ERROR; } header_len = 4; content_len = ssl->conf->psk_identity_len; - if( header_len + 2 + content_len > MBEDTLS_SSL_OUT_CONTENT_LEN ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, - ( "psk identity too long or SSL buffer too short" ) ); - return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL ); + if (header_len + 2 + content_len > MBEDTLS_SSL_OUT_CONTENT_LEN) { + MBEDTLS_SSL_DEBUG_MSG(1, + ("psk identity too long or SSL buffer too short")); + return MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL; } - ssl->out_msg[header_len++] = MBEDTLS_BYTE_1( content_len ); - ssl->out_msg[header_len++] = MBEDTLS_BYTE_0( content_len ); + ssl->out_msg[header_len++] = MBEDTLS_BYTE_1(content_len); + ssl->out_msg[header_len++] = MBEDTLS_BYTE_0(content_len); - memcpy( ssl->out_msg + header_len, - ssl->conf->psk_identity, - ssl->conf->psk_identity_len ); + memcpy(ssl->out_msg + header_len, + ssl->conf->psk_identity, + ssl->conf->psk_identity_len); header_len += ssl->conf->psk_identity_len; #if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) - if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK ) - { + if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK) { content_len = 0; - } - else + } else #endif #if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) - if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK ) - { + if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK) { #if defined(MBEDTLS_USE_PSA_CRYPTO) /* Opaque PSKs are currently only supported for PSK-only suites. */ - if( ssl_conf_has_static_raw_psk( ssl->conf ) == 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "opaque PSK not supported with RSA-PSK" ) ); - return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE ); + if (ssl_conf_has_static_raw_psk(ssl->conf) == 0) { + MBEDTLS_SSL_DEBUG_MSG(1, ("opaque PSK not supported with RSA-PSK")); + return MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; } #endif /* MBEDTLS_USE_PSA_CRYPTO */ - if( ( ret = ssl_write_encrypted_pms( ssl, header_len, - &content_len, 2 ) ) != 0 ) - return( ret ); - } - else + if ((ret = ssl_write_encrypted_pms(ssl, header_len, + &content_len, 2)) != 0) { + return ret; + } + } else #endif #if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) - if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK ) - { + if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK) { #if defined(MBEDTLS_USE_PSA_CRYPTO) /* Opaque PSKs are currently only supported for PSK-only suites. */ - if( ssl_conf_has_static_raw_psk( ssl->conf ) == 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "opaque PSK not supported with DHE-PSK" ) ); - return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE ); + if (ssl_conf_has_static_raw_psk(ssl->conf) == 0) { + MBEDTLS_SSL_DEBUG_MSG(1, ("opaque PSK not supported with DHE-PSK")); + return MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; } #endif /* MBEDTLS_USE_PSA_CRYPTO */ @@ -4014,128 +3836,112 @@ ecdh_calc_secret: */ content_len = ssl->handshake->dhm_ctx.len; - if( header_len + 2 + content_len > - MBEDTLS_SSL_OUT_CONTENT_LEN ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, - ( "psk identity or DHM size too long or SSL buffer too short" ) ); - return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL ); + if (header_len + 2 + content_len > + MBEDTLS_SSL_OUT_CONTENT_LEN) { + MBEDTLS_SSL_DEBUG_MSG(1, + ("psk identity or DHM size too long or SSL buffer too short")); + return MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL; } - ssl->out_msg[header_len++] = MBEDTLS_BYTE_1( content_len ); - ssl->out_msg[header_len++] = MBEDTLS_BYTE_0( content_len ); - - ret = mbedtls_dhm_make_public( &ssl->handshake->dhm_ctx, - (int) mbedtls_mpi_size( &ssl->handshake->dhm_ctx.P ), - &ssl->out_msg[header_len], content_len, - ssl->conf->f_rng, ssl->conf->p_rng ); - if( ret != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_dhm_make_public", ret ); - return( ret ); + ssl->out_msg[header_len++] = MBEDTLS_BYTE_1(content_len); + ssl->out_msg[header_len++] = MBEDTLS_BYTE_0(content_len); + + ret = mbedtls_dhm_make_public(&ssl->handshake->dhm_ctx, + (int) mbedtls_mpi_size(&ssl->handshake->dhm_ctx.P), + &ssl->out_msg[header_len], content_len, + ssl->conf->f_rng, ssl->conf->p_rng); + if (ret != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_dhm_make_public", ret); + return ret; } - } - else + } else #endif /* MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */ #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) - if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK ) - { + if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK) { #if defined(MBEDTLS_USE_PSA_CRYPTO) /* Opaque PSKs are currently only supported for PSK-only suites. */ - if( ssl_conf_has_static_raw_psk( ssl->conf ) == 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "opaque PSK not supported with ECDHE-PSK" ) ); - return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE ); + if (ssl_conf_has_static_raw_psk(ssl->conf) == 0) { + MBEDTLS_SSL_DEBUG_MSG(1, ("opaque PSK not supported with ECDHE-PSK")); + return MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; } #endif /* MBEDTLS_USE_PSA_CRYPTO */ /* * ClientECDiffieHellmanPublic public; */ - ret = mbedtls_ecdh_make_public( &ssl->handshake->ecdh_ctx, - &content_len, - &ssl->out_msg[header_len], - MBEDTLS_SSL_OUT_CONTENT_LEN - header_len, - ssl->conf->f_rng, ssl->conf->p_rng ); - if( ret != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecdh_make_public", ret ); - return( ret ); + ret = mbedtls_ecdh_make_public(&ssl->handshake->ecdh_ctx, + &content_len, + &ssl->out_msg[header_len], + MBEDTLS_SSL_OUT_CONTENT_LEN - header_len, + ssl->conf->f_rng, ssl->conf->p_rng); + if (ret != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ecdh_make_public", ret); + return ret; } - MBEDTLS_SSL_DEBUG_ECDH( 3, &ssl->handshake->ecdh_ctx, - MBEDTLS_DEBUG_ECDH_Q ); - } - else + MBEDTLS_SSL_DEBUG_ECDH(3, &ssl->handshake->ecdh_ctx, + MBEDTLS_DEBUG_ECDH_Q); + } else #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */ { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); + return MBEDTLS_ERR_SSL_INTERNAL_ERROR; } #if defined(MBEDTLS_USE_PSA_CRYPTO) && \ - defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) - if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK && + defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) + if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK && ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 && - ssl_conf_has_static_raw_psk( ssl->conf ) == 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, - ( "skip PMS generation for opaque PSK" ) ); - } - else + ssl_conf_has_static_raw_psk(ssl->conf) == 0) { + MBEDTLS_SSL_DEBUG_MSG(1, + ("skip PMS generation for opaque PSK")); + } else #endif /* MBEDTLS_USE_PSA_CRYPTO && MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */ - if( ( ret = mbedtls_ssl_psk_derive_premaster( ssl, - ciphersuite_info->key_exchange ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, - "mbedtls_ssl_psk_derive_premaster", ret ); - return( ret ); + if ((ret = mbedtls_ssl_psk_derive_premaster(ssl, + ciphersuite_info->key_exchange)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, + "mbedtls_ssl_psk_derive_premaster", ret); + return ret; } - } - else + } else #endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ #if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) - if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA ) - { + if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA) { header_len = 4; - if( ( ret = ssl_write_encrypted_pms( ssl, header_len, - &content_len, 0 ) ) != 0 ) - return( ret ); - } - else + if ((ret = ssl_write_encrypted_pms(ssl, header_len, + &content_len, 0)) != 0) { + return ret; + } + } else #endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */ #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) - if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE ) - { + if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE) { header_len = 4; - ret = mbedtls_ecjpake_write_round_two( &ssl->handshake->ecjpake_ctx, - ssl->out_msg + header_len, - MBEDTLS_SSL_OUT_CONTENT_LEN - header_len, - &content_len, - ssl->conf->f_rng, ssl->conf->p_rng ); - if( ret != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecjpake_write_round_two", ret ); - return( ret ); + ret = mbedtls_ecjpake_write_round_two(&ssl->handshake->ecjpake_ctx, + ssl->out_msg + header_len, + MBEDTLS_SSL_OUT_CONTENT_LEN - header_len, + &content_len, + ssl->conf->f_rng, ssl->conf->p_rng); + if (ret != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ecjpake_write_round_two", ret); + return ret; } - ret = mbedtls_ecjpake_derive_secret( &ssl->handshake->ecjpake_ctx, - ssl->handshake->premaster, 32, &ssl->handshake->pmslen, - ssl->conf->f_rng, ssl->conf->p_rng ); - if( ret != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecjpake_derive_secret", ret ); - return( ret ); + ret = mbedtls_ecjpake_derive_secret(&ssl->handshake->ecjpake_ctx, + ssl->handshake->premaster, 32, &ssl->handshake->pmslen, + ssl->conf->f_rng, ssl->conf->p_rng); + if (ret != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ecjpake_derive_secret", ret); + return ret; } - } - else + } else #endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */ { ((void) ciphersuite_info); - MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); + return MBEDTLS_ERR_SSL_INTERNAL_ERROR; } ssl->out_msglen = header_len + content_len; @@ -4144,46 +3950,43 @@ ecdh_calc_secret: ssl->state++; - if( ( ret = mbedtls_ssl_write_handshake_msg( ssl ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_handshake_msg", ret ); - return( ret ); + if ((ret = mbedtls_ssl_write_handshake_msg(ssl)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg", ret); + return ret; } - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write client key exchange" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("<= write client key exchange")); - return( 0 ); + return 0; } #if !defined(MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED) MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_write_certificate_verify( mbedtls_ssl_context *ssl ) +static int ssl_write_certificate_verify(mbedtls_ssl_context *ssl) { const mbedtls_ssl_ciphersuite_t *ciphersuite_info = ssl->handshake->ciphersuite_info; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write certificate verify" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("=> write certificate verify")); - if( ( ret = mbedtls_ssl_derive_keys( ssl ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_derive_keys", ret ); - return( ret ); + if ((ret = mbedtls_ssl_derive_keys(ssl)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_derive_keys", ret); + return ret; } - if( !mbedtls_ssl_ciphersuite_cert_req_allowed( ciphersuite_info ) ) - { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write certificate verify" ) ); + if (!mbedtls_ssl_ciphersuite_cert_req_allowed(ciphersuite_info)) { + MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip write certificate verify")); ssl->state++; - return( 0 ); + return 0; } - MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); + return MBEDTLS_ERR_SSL_INTERNAL_ERROR; } #else /* !MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED */ MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_write_certificate_verify( mbedtls_ssl_context *ssl ) +static int ssl_write_certificate_verify(mbedtls_ssl_context *ssl) { int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; const mbedtls_ssl_ciphersuite_t *ciphersuite_info = @@ -4195,58 +3998,53 @@ static int ssl_write_certificate_verify( mbedtls_ssl_context *ssl ) size_t hashlen; void *rs_ctx = NULL; - MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write certificate verify" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("=> write certificate verify")); #if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED) - if( ssl->handshake->ecrs_enabled && - ssl->handshake->ecrs_state == ssl_ecrs_crt_vrfy_sign ) - { + if (ssl->handshake->ecrs_enabled && + ssl->handshake->ecrs_state == ssl_ecrs_crt_vrfy_sign) { goto sign; } #endif - if( ( ret = mbedtls_ssl_derive_keys( ssl ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_derive_keys", ret ); - return( ret ); + if ((ret = mbedtls_ssl_derive_keys(ssl)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_derive_keys", ret); + return ret; } - if( !mbedtls_ssl_ciphersuite_cert_req_allowed( ciphersuite_info ) ) - { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write certificate verify" ) ); + if (!mbedtls_ssl_ciphersuite_cert_req_allowed(ciphersuite_info)) { + MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip write certificate verify")); ssl->state++; - return( 0 ); + return 0; } - if( ssl->client_auth == 0 || mbedtls_ssl_own_cert( ssl ) == NULL ) - { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write certificate verify" ) ); + if (ssl->client_auth == 0 || mbedtls_ssl_own_cert(ssl) == NULL) { + MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip write certificate verify")); ssl->state++; - return( 0 ); + return 0; } - if( mbedtls_ssl_own_key( ssl ) == NULL ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "got no private key for certificate" ) ); - return( MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED ); + if (mbedtls_ssl_own_key(ssl) == NULL) { + MBEDTLS_SSL_DEBUG_MSG(1, ("got no private key for certificate")); + return MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED; } /* * Make a signature of the handshake digests */ #if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED) - if( ssl->handshake->ecrs_enabled ) + if (ssl->handshake->ecrs_enabled) { ssl->handshake->ecrs_state = ssl_ecrs_crt_vrfy_sign; + } sign: #endif - ssl->handshake->calc_verify( ssl, hash, &hashlen ); + ssl->handshake->calc_verify(ssl, hash, &hashlen); #if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \ defined(MBEDTLS_SSL_PROTO_TLS1_1) - if( ssl->minor_ver != MBEDTLS_SSL_MINOR_VERSION_3 ) - { + if (ssl->minor_ver != MBEDTLS_SSL_MINOR_VERSION_3) { /* * digitally-signed struct { * opaque md5_hash[16]; @@ -4264,19 +4062,16 @@ sign: /* * For ECDSA, default hash is SHA-1 only */ - if( mbedtls_pk_can_do( mbedtls_ssl_own_key( ssl ), MBEDTLS_PK_ECDSA ) ) - { + if (mbedtls_pk_can_do(mbedtls_ssl_own_key(ssl), MBEDTLS_PK_ECDSA)) { hash_start += 16; hashlen -= 16; md_alg = MBEDTLS_MD_SHA1; } - } - else + } else #endif /* MBEDTLS_SSL_PROTO_SSL3 || MBEDTLS_SSL_PROTO_TLS1 || \ MBEDTLS_SSL_PROTO_TLS1_1 */ #if defined(MBEDTLS_SSL_PROTO_TLS1_2) - if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 ) - { + if (ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3) { /* * digitally-signed struct { * opaque handshake_messages[handshake_messages_length]; @@ -4293,48 +4088,45 @@ sign: * SHA224 in order to satisfy 'weird' needs from the server * side. */ - if( ssl->handshake->ciphersuite_info->mac == MBEDTLS_MD_SHA384 ) - { + if (ssl->handshake->ciphersuite_info->mac == MBEDTLS_MD_SHA384) { md_alg = MBEDTLS_MD_SHA384; ssl->out_msg[4] = MBEDTLS_SSL_HASH_SHA384; - } - else - { + } else { md_alg = MBEDTLS_MD_SHA256; ssl->out_msg[4] = MBEDTLS_SSL_HASH_SHA256; } - ssl->out_msg[5] = mbedtls_ssl_sig_from_pk( mbedtls_ssl_own_key( ssl ) ); + ssl->out_msg[5] = mbedtls_ssl_sig_from_pk(mbedtls_ssl_own_key(ssl)); /* Info from md_alg will be used instead */ hashlen = 0; offset = 2; - } - else + } else #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); + return MBEDTLS_ERR_SSL_INTERNAL_ERROR; } #if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED) - if( ssl->handshake->ecrs_enabled ) + if (ssl->handshake->ecrs_enabled) { rs_ctx = &ssl->handshake->ecrs_ctx.pk; + } #endif - if( ( ret = mbedtls_pk_sign_restartable( mbedtls_ssl_own_key( ssl ), - md_alg, hash_start, hashlen, - ssl->out_msg + 6 + offset, &n, - ssl->conf->f_rng, ssl->conf->p_rng, rs_ctx ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_pk_sign", ret ); + if ((ret = mbedtls_pk_sign_restartable(mbedtls_ssl_own_key(ssl), + md_alg, hash_start, hashlen, + ssl->out_msg + 6 + offset, &n, + ssl->conf->f_rng, ssl->conf->p_rng, rs_ctx)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_pk_sign", ret); #if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED) - if( ret == MBEDTLS_ERR_ECP_IN_PROGRESS ) + if (ret == MBEDTLS_ERR_ECP_IN_PROGRESS) { ret = MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS; + } #endif - return( ret ); + return ret; } - MBEDTLS_PUT_UINT16_BE( n, ssl->out_msg, offset + 4 ); + MBEDTLS_PUT_UINT16_BE(n, ssl->out_msg, offset + 4); ssl->out_msglen = 6 + n + offset; ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE; @@ -4342,21 +4134,20 @@ sign: ssl->state++; - if( ( ret = mbedtls_ssl_write_handshake_msg( ssl ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_handshake_msg", ret ); - return( ret ); + if ((ret = mbedtls_ssl_write_handshake_msg(ssl)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg", ret); + return ret; } - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write certificate verify" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("<= write certificate verify")); - return( ret ); + return ret; } #endif /* MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED */ #if defined(MBEDTLS_SSL_SESSION_TICKETS) MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_parse_new_session_ticket( mbedtls_ssl_context *ssl ) +static int ssl_parse_new_session_ticket(mbedtls_ssl_context *ssl) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; uint32_t lifetime; @@ -4364,22 +4155,20 @@ static int ssl_parse_new_session_ticket( mbedtls_ssl_context *ssl ) unsigned char *ticket; const unsigned char *msg; - MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse new session ticket" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("=> parse new session ticket")); - if( ( ret = mbedtls_ssl_read_record( ssl, 1 ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_read_record", ret ); - return( ret ); + if ((ret = mbedtls_ssl_read_record(ssl, 1)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_read_record", ret); + return ret; } - if( ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad new session ticket message" ) ); + if (ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad new session ticket message")); mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE ); - return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE ); + MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE); + return MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE; } /* @@ -4392,31 +4181,29 @@ static int ssl_parse_new_session_ticket( mbedtls_ssl_context *ssl ) * 4 . 5 ticket_len (n) * 6 . 5+n ticket content */ - if( ssl->in_msg[0] != MBEDTLS_SSL_HS_NEW_SESSION_TICKET || - ssl->in_hslen < 6 + mbedtls_ssl_hs_hdr_len( ssl ) ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad new session ticket message" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); - return( MBEDTLS_ERR_SSL_BAD_HS_NEW_SESSION_TICKET ); + if (ssl->in_msg[0] != MBEDTLS_SSL_HS_NEW_SESSION_TICKET || + ssl->in_hslen < 6 + mbedtls_ssl_hs_hdr_len(ssl)) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad new session ticket message")); + mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); + return MBEDTLS_ERR_SSL_BAD_HS_NEW_SESSION_TICKET; } - msg = ssl->in_msg + mbedtls_ssl_hs_hdr_len( ssl ); + msg = ssl->in_msg + mbedtls_ssl_hs_hdr_len(ssl); - lifetime = ( ((uint32_t) msg[0]) << 24 ) | ( msg[1] << 16 ) | - ( msg[2] << 8 ) | ( msg[3] ); + lifetime = (((uint32_t) msg[0]) << 24) | (msg[1] << 16) | + (msg[2] << 8) | (msg[3]); - ticket_len = ( msg[4] << 8 ) | ( msg[5] ); + ticket_len = (msg[4] << 8) | (msg[5]); - if( ticket_len + 6 + mbedtls_ssl_hs_hdr_len( ssl ) != ssl->in_hslen ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad new session ticket message" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); - return( MBEDTLS_ERR_SSL_BAD_HS_NEW_SESSION_TICKET ); + if (ticket_len + 6 + mbedtls_ssl_hs_hdr_len(ssl) != ssl->in_hslen) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad new session ticket message")); + mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); + return MBEDTLS_ERR_SSL_BAD_HS_NEW_SESSION_TICKET; } - MBEDTLS_SSL_DEBUG_MSG( 3, ( "ticket length: %" MBEDTLS_PRINTF_SIZET, ticket_len ) ); + MBEDTLS_SSL_DEBUG_MSG(3, ("ticket length: %" MBEDTLS_PRINTF_SIZET, ticket_len)); /* We're not waiting for a NewSessionTicket message any more */ ssl->handshake->new_session_ticket = 0; @@ -4426,33 +4213,32 @@ static int ssl_parse_new_session_ticket( mbedtls_ssl_context *ssl ) * Zero-length ticket means the server changed his mind and doesn't want * to send a ticket after all, so just forget it */ - if( ticket_len == 0 ) - return( 0 ); + if (ticket_len == 0) { + return 0; + } - if( ssl->session != NULL && ssl->session->ticket != NULL ) - { - mbedtls_platform_zeroize( ssl->session->ticket, - ssl->session->ticket_len ); - mbedtls_free( ssl->session->ticket ); + if (ssl->session != NULL && ssl->session->ticket != NULL) { + mbedtls_platform_zeroize(ssl->session->ticket, + ssl->session->ticket_len); + mbedtls_free(ssl->session->ticket); ssl->session->ticket = NULL; ssl->session->ticket_len = 0; } - mbedtls_platform_zeroize( ssl->session_negotiate->ticket, - ssl->session_negotiate->ticket_len ); - mbedtls_free( ssl->session_negotiate->ticket ); + mbedtls_platform_zeroize(ssl->session_negotiate->ticket, + ssl->session_negotiate->ticket_len); + mbedtls_free(ssl->session_negotiate->ticket); ssl->session_negotiate->ticket = NULL; ssl->session_negotiate->ticket_len = 0; - if( ( ticket = mbedtls_calloc( 1, ticket_len ) ) == NULL ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "ticket alloc failed" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR ); - return( MBEDTLS_ERR_SSL_ALLOC_FAILED ); + if ((ticket = mbedtls_calloc(1, ticket_len)) == NULL) { + MBEDTLS_SSL_DEBUG_MSG(1, ("ticket alloc failed")); + mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR); + return MBEDTLS_ERR_SSL_ALLOC_FAILED; } - memcpy( ticket, msg + 6, ticket_len ); + memcpy(ticket, msg + 6, ticket_len); ssl->session_negotiate->ticket = ticket; ssl->session_negotiate->ticket_len = ticket_len; @@ -4463,149 +4249,149 @@ static int ssl_parse_new_session_ticket( mbedtls_ssl_context *ssl ) * "If the client receives a session ticket from the server, then it * discards any Session ID that was sent in the ServerHello." */ - MBEDTLS_SSL_DEBUG_MSG( 3, ( "ticket in use, discarding session id" ) ); + MBEDTLS_SSL_DEBUG_MSG(3, ("ticket in use, discarding session id")); ssl->session_negotiate->id_len = 0; - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse new session ticket" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("<= parse new session ticket")); - return( 0 ); + return 0; } #endif /* MBEDTLS_SSL_SESSION_TICKETS */ /* * SSL handshake -- client side -- single step */ -int mbedtls_ssl_handshake_client_step( mbedtls_ssl_context *ssl ) +int mbedtls_ssl_handshake_client_step(mbedtls_ssl_context *ssl) { int ret = 0; - if( ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER || ssl->handshake == NULL ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + if (ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER || ssl->handshake == NULL) { + return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; + } - MBEDTLS_SSL_DEBUG_MSG( 2, ( "client state: %d", ssl->state ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("client state: %d", ssl->state)); - if( ( ret = mbedtls_ssl_flush_output( ssl ) ) != 0 ) - return( ret ); + if ((ret = mbedtls_ssl_flush_output(ssl)) != 0) { + return ret; + } #if defined(MBEDTLS_SSL_PROTO_DTLS) - if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && - ssl->handshake->retransmit_state == MBEDTLS_SSL_RETRANS_SENDING ) - { - if( ( ret = mbedtls_ssl_flight_transmit( ssl ) ) != 0 ) - return( ret ); + if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && + ssl->handshake->retransmit_state == MBEDTLS_SSL_RETRANS_SENDING) { + if ((ret = mbedtls_ssl_flight_transmit(ssl)) != 0) { + return ret; + } } #endif /* MBEDTLS_SSL_PROTO_DTLS */ /* Change state now, so that it is right in mbedtls_ssl_read_record(), used * by DTLS for dropping out-of-sequence ChangeCipherSpec records */ #if defined(MBEDTLS_SSL_SESSION_TICKETS) - if( ssl->state == MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC && - ssl->handshake->new_session_ticket != 0 ) - { + if (ssl->state == MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC && + ssl->handshake->new_session_ticket != 0) { ssl->state = MBEDTLS_SSL_SERVER_NEW_SESSION_TICKET; } #endif - switch( ssl->state ) - { + switch (ssl->state) { case MBEDTLS_SSL_HELLO_REQUEST: ssl->state = MBEDTLS_SSL_CLIENT_HELLO; break; - /* - * ==> ClientHello - */ - case MBEDTLS_SSL_CLIENT_HELLO: - ret = ssl_write_client_hello( ssl ); - break; - - /* - * <== ServerHello - * Certificate - * ( ServerKeyExchange ) - * ( CertificateRequest ) - * ServerHelloDone - */ - case MBEDTLS_SSL_SERVER_HELLO: - ret = ssl_parse_server_hello( ssl ); - break; - - case MBEDTLS_SSL_SERVER_CERTIFICATE: - ret = mbedtls_ssl_parse_certificate( ssl ); - break; - - case MBEDTLS_SSL_SERVER_KEY_EXCHANGE: - ret = ssl_parse_server_key_exchange( ssl ); - break; - - case MBEDTLS_SSL_CERTIFICATE_REQUEST: - ret = ssl_parse_certificate_request( ssl ); - break; - - case MBEDTLS_SSL_SERVER_HELLO_DONE: - ret = ssl_parse_server_hello_done( ssl ); - break; - - /* - * ==> ( Certificate/Alert ) - * ClientKeyExchange - * ( CertificateVerify ) - * ChangeCipherSpec - * Finished - */ - case MBEDTLS_SSL_CLIENT_CERTIFICATE: - ret = mbedtls_ssl_write_certificate( ssl ); - break; - - case MBEDTLS_SSL_CLIENT_KEY_EXCHANGE: - ret = ssl_write_client_key_exchange( ssl ); - break; - - case MBEDTLS_SSL_CERTIFICATE_VERIFY: - ret = ssl_write_certificate_verify( ssl ); - break; - - case MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC: - ret = mbedtls_ssl_write_change_cipher_spec( ssl ); - break; - - case MBEDTLS_SSL_CLIENT_FINISHED: - ret = mbedtls_ssl_write_finished( ssl ); - break; - - /* - * <== ( NewSessionTicket ) - * ChangeCipherSpec - * Finished - */ + /* + * ==> ClientHello + */ + case MBEDTLS_SSL_CLIENT_HELLO: + ret = ssl_write_client_hello(ssl); + break; + + /* + * <== ServerHello + * Certificate + * ( ServerKeyExchange ) + * ( CertificateRequest ) + * ServerHelloDone + */ + case MBEDTLS_SSL_SERVER_HELLO: + ret = ssl_parse_server_hello(ssl); + break; + + case MBEDTLS_SSL_SERVER_CERTIFICATE: + ret = mbedtls_ssl_parse_certificate(ssl); + break; + + case MBEDTLS_SSL_SERVER_KEY_EXCHANGE: + ret = ssl_parse_server_key_exchange(ssl); + break; + + case MBEDTLS_SSL_CERTIFICATE_REQUEST: + ret = ssl_parse_certificate_request(ssl); + break; + + case MBEDTLS_SSL_SERVER_HELLO_DONE: + ret = ssl_parse_server_hello_done(ssl); + break; + + /* + * ==> ( Certificate/Alert ) + * ClientKeyExchange + * ( CertificateVerify ) + * ChangeCipherSpec + * Finished + */ + case MBEDTLS_SSL_CLIENT_CERTIFICATE: + ret = mbedtls_ssl_write_certificate(ssl); + break; + + case MBEDTLS_SSL_CLIENT_KEY_EXCHANGE: + ret = ssl_write_client_key_exchange(ssl); + break; + + case MBEDTLS_SSL_CERTIFICATE_VERIFY: + ret = ssl_write_certificate_verify(ssl); + break; + + case MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC: + ret = mbedtls_ssl_write_change_cipher_spec(ssl); + break; + + case MBEDTLS_SSL_CLIENT_FINISHED: + ret = mbedtls_ssl_write_finished(ssl); + break; + + /* + * <== ( NewSessionTicket ) + * ChangeCipherSpec + * Finished + */ #if defined(MBEDTLS_SSL_SESSION_TICKETS) - case MBEDTLS_SSL_SERVER_NEW_SESSION_TICKET: - ret = ssl_parse_new_session_ticket( ssl ); - break; + case MBEDTLS_SSL_SERVER_NEW_SESSION_TICKET: + ret = ssl_parse_new_session_ticket(ssl); + break; #endif - case MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC: - ret = mbedtls_ssl_parse_change_cipher_spec( ssl ); - break; + case MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC: + ret = mbedtls_ssl_parse_change_cipher_spec(ssl); + break; - case MBEDTLS_SSL_SERVER_FINISHED: - ret = mbedtls_ssl_parse_finished( ssl ); - break; + case MBEDTLS_SSL_SERVER_FINISHED: + ret = mbedtls_ssl_parse_finished(ssl); + break; - case MBEDTLS_SSL_FLUSH_BUFFERS: - MBEDTLS_SSL_DEBUG_MSG( 2, ( "handshake: done" ) ); - ssl->state = MBEDTLS_SSL_HANDSHAKE_WRAPUP; - break; + case MBEDTLS_SSL_FLUSH_BUFFERS: + MBEDTLS_SSL_DEBUG_MSG(2, ("handshake: done")); + ssl->state = MBEDTLS_SSL_HANDSHAKE_WRAPUP; + break; - case MBEDTLS_SSL_HANDSHAKE_WRAPUP: - mbedtls_ssl_handshake_wrapup( ssl ); - break; + case MBEDTLS_SSL_HANDSHAKE_WRAPUP: + mbedtls_ssl_handshake_wrapup(ssl); + break; - default: - MBEDTLS_SSL_DEBUG_MSG( 1, ( "invalid state %d", ssl->state ) ); - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); - } + default: + MBEDTLS_SSL_DEBUG_MSG(1, ("invalid state %d", ssl->state)); + return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; + } - return( ret ); + return ret; } #endif /* MBEDTLS_SSL_CLI_C */ diff --git a/thirdparty/mbedtls/library/ssl_cookie.c b/thirdparty/mbedtls/library/ssl_cookie.c index f12f28e849..1ac9c41760 100644 --- a/thirdparty/mbedtls/library/ssl_cookie.c +++ b/thirdparty/mbedtls/library/ssl_cookie.c @@ -60,105 +60,108 @@ * Cookies are formed of a 4-bytes timestamp (or serial number) and * an HMAC of timestamp and client ID. */ -#define COOKIE_LEN ( 4 + COOKIE_HMAC_LEN ) +#define COOKIE_LEN (4 + COOKIE_HMAC_LEN) -void mbedtls_ssl_cookie_init( mbedtls_ssl_cookie_ctx *ctx ) +void mbedtls_ssl_cookie_init(mbedtls_ssl_cookie_ctx *ctx) { - mbedtls_md_init( &ctx->hmac_ctx ); + mbedtls_md_init(&ctx->hmac_ctx); #if !defined(MBEDTLS_HAVE_TIME) ctx->serial = 0; #endif ctx->timeout = MBEDTLS_SSL_COOKIE_TIMEOUT; #if defined(MBEDTLS_THREADING_C) - mbedtls_mutex_init( &ctx->mutex ); + mbedtls_mutex_init(&ctx->mutex); #endif } -void mbedtls_ssl_cookie_set_timeout( mbedtls_ssl_cookie_ctx *ctx, unsigned long delay ) +void mbedtls_ssl_cookie_set_timeout(mbedtls_ssl_cookie_ctx *ctx, unsigned long delay) { ctx->timeout = delay; } -void mbedtls_ssl_cookie_free( mbedtls_ssl_cookie_ctx *ctx ) +void mbedtls_ssl_cookie_free(mbedtls_ssl_cookie_ctx *ctx) { - mbedtls_md_free( &ctx->hmac_ctx ); + mbedtls_md_free(&ctx->hmac_ctx); #if defined(MBEDTLS_THREADING_C) - mbedtls_mutex_free( &ctx->mutex ); + mbedtls_mutex_free(&ctx->mutex); #endif - mbedtls_platform_zeroize( ctx, sizeof( mbedtls_ssl_cookie_ctx ) ); + mbedtls_platform_zeroize(ctx, sizeof(mbedtls_ssl_cookie_ctx)); } -int mbedtls_ssl_cookie_setup( mbedtls_ssl_cookie_ctx *ctx, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ) +int mbedtls_ssl_cookie_setup(mbedtls_ssl_cookie_ctx *ctx, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char key[COOKIE_MD_OUTLEN]; - if( ( ret = f_rng( p_rng, key, sizeof( key ) ) ) != 0 ) - return( ret ); + if ((ret = f_rng(p_rng, key, sizeof(key))) != 0) { + return ret; + } - ret = mbedtls_md_setup( &ctx->hmac_ctx, mbedtls_md_info_from_type( COOKIE_MD ), 1 ); - if( ret != 0 ) - return( ret ); + ret = mbedtls_md_setup(&ctx->hmac_ctx, mbedtls_md_info_from_type(COOKIE_MD), 1); + if (ret != 0) { + return ret; + } - ret = mbedtls_md_hmac_starts( &ctx->hmac_ctx, key, sizeof( key ) ); - if( ret != 0 ) - return( ret ); + ret = mbedtls_md_hmac_starts(&ctx->hmac_ctx, key, sizeof(key)); + if (ret != 0) { + return ret; + } - mbedtls_platform_zeroize( key, sizeof( key ) ); + mbedtls_platform_zeroize(key, sizeof(key)); - return( 0 ); + return 0; } /* * Generate the HMAC part of a cookie */ MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_cookie_hmac( mbedtls_md_context_t *hmac_ctx, - const unsigned char time[4], - unsigned char **p, unsigned char *end, - const unsigned char *cli_id, size_t cli_id_len ) +static int ssl_cookie_hmac(mbedtls_md_context_t *hmac_ctx, + const unsigned char time[4], + unsigned char **p, unsigned char *end, + const unsigned char *cli_id, size_t cli_id_len) { unsigned char hmac_out[COOKIE_MD_OUTLEN]; - MBEDTLS_SSL_CHK_BUF_PTR( *p, end, COOKIE_HMAC_LEN ); + MBEDTLS_SSL_CHK_BUF_PTR(*p, end, COOKIE_HMAC_LEN); - if( mbedtls_md_hmac_reset( hmac_ctx ) != 0 || - mbedtls_md_hmac_update( hmac_ctx, time, 4 ) != 0 || - mbedtls_md_hmac_update( hmac_ctx, cli_id, cli_id_len ) != 0 || - mbedtls_md_hmac_finish( hmac_ctx, hmac_out ) != 0 ) - { - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + if (mbedtls_md_hmac_reset(hmac_ctx) != 0 || + mbedtls_md_hmac_update(hmac_ctx, time, 4) != 0 || + mbedtls_md_hmac_update(hmac_ctx, cli_id, cli_id_len) != 0 || + mbedtls_md_hmac_finish(hmac_ctx, hmac_out) != 0) { + return MBEDTLS_ERR_SSL_INTERNAL_ERROR; } - memcpy( *p, hmac_out, COOKIE_HMAC_LEN ); + memcpy(*p, hmac_out, COOKIE_HMAC_LEN); *p += COOKIE_HMAC_LEN; - return( 0 ); + return 0; } /* * Generate cookie for DTLS ClientHello verification */ -int mbedtls_ssl_cookie_write( void *p_ctx, - unsigned char **p, unsigned char *end, - const unsigned char *cli_id, size_t cli_id_len ) +int mbedtls_ssl_cookie_write(void *p_ctx, + unsigned char **p, unsigned char *end, + const unsigned char *cli_id, size_t cli_id_len) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_ssl_cookie_ctx *ctx = (mbedtls_ssl_cookie_ctx *) p_ctx; unsigned long t; - if( ctx == NULL || cli_id == NULL ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + if (ctx == NULL || cli_id == NULL) { + return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; + } - MBEDTLS_SSL_CHK_BUF_PTR( *p, end, COOKIE_LEN ); + MBEDTLS_SSL_CHK_BUF_PTR(*p, end, COOKIE_LEN); #if defined(MBEDTLS_HAVE_TIME) - t = (unsigned long) mbedtls_time( NULL ); + t = (unsigned long) mbedtls_time(NULL); #else t = ctx->serial++; #endif @@ -167,28 +170,30 @@ int mbedtls_ssl_cookie_write( void *p_ctx, *p += 4; #if defined(MBEDTLS_THREADING_C) - if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 ) - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_SSL_INTERNAL_ERROR, ret ) ); + if ((ret = mbedtls_mutex_lock(&ctx->mutex)) != 0) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_SSL_INTERNAL_ERROR, ret); + } #endif - ret = ssl_cookie_hmac( &ctx->hmac_ctx, *p - 4, - p, end, cli_id, cli_id_len ); + ret = ssl_cookie_hmac(&ctx->hmac_ctx, *p - 4, + p, end, cli_id, cli_id_len); #if defined(MBEDTLS_THREADING_C) - if( mbedtls_mutex_unlock( &ctx->mutex ) != 0 ) - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_SSL_INTERNAL_ERROR, - MBEDTLS_ERR_THREADING_MUTEX_ERROR ) ); + if (mbedtls_mutex_unlock(&ctx->mutex) != 0) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_SSL_INTERNAL_ERROR, + MBEDTLS_ERR_THREADING_MUTEX_ERROR); + } #endif - return( ret ); + return ret; } /* * Check a cookie */ -int mbedtls_ssl_cookie_check( void *p_ctx, - const unsigned char *cookie, size_t cookie_len, - const unsigned char *cli_id, size_t cli_id_len ) +int mbedtls_ssl_cookie_check(void *p_ctx, + const unsigned char *cookie, size_t cookie_len, + const unsigned char *cli_id, size_t cli_id_len) { unsigned char ref_hmac[COOKIE_HMAC_LEN]; int ret = 0; @@ -196,58 +201,60 @@ int mbedtls_ssl_cookie_check( void *p_ctx, mbedtls_ssl_cookie_ctx *ctx = (mbedtls_ssl_cookie_ctx *) p_ctx; unsigned long cur_time, cookie_time; - if( ctx == NULL || cli_id == NULL ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + if (ctx == NULL || cli_id == NULL) { + return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; + } - if( cookie_len != COOKIE_LEN ) - return( -1 ); + if (cookie_len != COOKIE_LEN) { + return -1; + } #if defined(MBEDTLS_THREADING_C) - if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 ) - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_SSL_INTERNAL_ERROR, ret ) ); + if ((ret = mbedtls_mutex_lock(&ctx->mutex)) != 0) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_SSL_INTERNAL_ERROR, ret); + } #endif - if( ssl_cookie_hmac( &ctx->hmac_ctx, cookie, - &p, p + sizeof( ref_hmac ), - cli_id, cli_id_len ) != 0 ) + if (ssl_cookie_hmac(&ctx->hmac_ctx, cookie, + &p, p + sizeof(ref_hmac), + cli_id, cli_id_len) != 0) { ret = -1; + } #if defined(MBEDTLS_THREADING_C) - if( mbedtls_mutex_unlock( &ctx->mutex ) != 0 ) - { - ret = MBEDTLS_ERROR_ADD( MBEDTLS_ERR_SSL_INTERNAL_ERROR, - MBEDTLS_ERR_THREADING_MUTEX_ERROR ); + if (mbedtls_mutex_unlock(&ctx->mutex) != 0) { + ret = MBEDTLS_ERROR_ADD(MBEDTLS_ERR_SSL_INTERNAL_ERROR, + MBEDTLS_ERR_THREADING_MUTEX_ERROR); } #endif - if( ret != 0 ) + if (ret != 0) { goto exit; + } - if( mbedtls_ct_memcmp( cookie + 4, ref_hmac, sizeof( ref_hmac ) ) != 0 ) - { + if (mbedtls_ct_memcmp(cookie + 4, ref_hmac, sizeof(ref_hmac)) != 0) { ret = -1; goto exit; } #if defined(MBEDTLS_HAVE_TIME) - cur_time = (unsigned long) mbedtls_time( NULL ); + cur_time = (unsigned long) mbedtls_time(NULL); #else cur_time = ctx->serial; #endif - cookie_time = ( (unsigned long) cookie[0] << 24 ) | - ( (unsigned long) cookie[1] << 16 ) | - ( (unsigned long) cookie[2] << 8 ) | - ( (unsigned long) cookie[3] ); + cookie_time = ((unsigned long) cookie[0] << 24) | + ((unsigned long) cookie[1] << 16) | + ((unsigned long) cookie[2] << 8) | + ((unsigned long) cookie[3]); - if( ctx->timeout != 0 && cur_time - cookie_time > ctx->timeout ) - { + if (ctx->timeout != 0 && cur_time - cookie_time > ctx->timeout) { ret = -1; goto exit; } exit: - mbedtls_platform_zeroize( ref_hmac, sizeof( ref_hmac ) ); - return( ret ); + mbedtls_platform_zeroize(ref_hmac, sizeof(ref_hmac)); + return ret; } #endif /* MBEDTLS_SSL_COOKIE_C */ diff --git a/thirdparty/mbedtls/library/ssl_msg.c b/thirdparty/mbedtls/library/ssl_msg.c index d7bebe04d6..8a2ab7b9ba 100644 --- a/thirdparty/mbedtls/library/ssl_msg.c +++ b/thirdparty/mbedtls/library/ssl_msg.c @@ -52,81 +52,77 @@ #include "mbedtls/oid.h" #endif -static uint32_t ssl_get_hs_total_len( mbedtls_ssl_context const *ssl ); +static uint32_t ssl_get_hs_total_len(mbedtls_ssl_context const *ssl); /* * Start a timer. * Passing millisecs = 0 cancels a running timer. */ -void mbedtls_ssl_set_timer( mbedtls_ssl_context *ssl, uint32_t millisecs ) +void mbedtls_ssl_set_timer(mbedtls_ssl_context *ssl, uint32_t millisecs) { - if( ssl->f_set_timer == NULL ) + if (ssl->f_set_timer == NULL) { return; + } - MBEDTLS_SSL_DEBUG_MSG( 3, ( "set_timer to %d ms", (int) millisecs ) ); - ssl->f_set_timer( ssl->p_timer, millisecs / 4, millisecs ); + MBEDTLS_SSL_DEBUG_MSG(3, ("set_timer to %d ms", (int) millisecs)); + ssl->f_set_timer(ssl->p_timer, millisecs / 4, millisecs); } /* * Return -1 is timer is expired, 0 if it isn't. */ -int mbedtls_ssl_check_timer( mbedtls_ssl_context *ssl ) +int mbedtls_ssl_check_timer(mbedtls_ssl_context *ssl) { - if( ssl->f_get_timer == NULL ) - return( 0 ); + if (ssl->f_get_timer == NULL) { + return 0; + } - if( ssl->f_get_timer( ssl->p_timer ) == 2 ) - { - MBEDTLS_SSL_DEBUG_MSG( 3, ( "timer expired" ) ); - return( -1 ); + if (ssl->f_get_timer(ssl->p_timer) == 2) { + MBEDTLS_SSL_DEBUG_MSG(3, ("timer expired")); + return -1; } - return( 0 ); + return 0; } #if defined(MBEDTLS_SSL_RECORD_CHECKING) MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_parse_record_header( mbedtls_ssl_context const *ssl, - unsigned char *buf, - size_t len, - mbedtls_record *rec ); - -int mbedtls_ssl_check_record( mbedtls_ssl_context const *ssl, - unsigned char *buf, - size_t buflen ) +static int ssl_parse_record_header(mbedtls_ssl_context const *ssl, + unsigned char *buf, + size_t len, + mbedtls_record *rec); + +int mbedtls_ssl_check_record(mbedtls_ssl_context const *ssl, + unsigned char *buf, + size_t buflen) { int ret = 0; - MBEDTLS_SSL_DEBUG_MSG( 1, ( "=> mbedtls_ssl_check_record" ) ); - MBEDTLS_SSL_DEBUG_BUF( 3, "record buffer", buf, buflen ); + MBEDTLS_SSL_DEBUG_MSG(1, ("=> mbedtls_ssl_check_record")); + MBEDTLS_SSL_DEBUG_BUF(3, "record buffer", buf, buflen); /* We don't support record checking in TLS because * (a) there doesn't seem to be a usecase for it, and * (b) In SSLv3 and TLS 1.0, CBC record decryption has state * and we'd need to backup the transform here. */ - if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_STREAM ) - { + if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_STREAM) { ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; goto exit; } #if defined(MBEDTLS_SSL_PROTO_DTLS) - else - { + else { mbedtls_record rec; - ret = ssl_parse_record_header( ssl, buf, buflen, &rec ); - if( ret != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 3, "ssl_parse_record_header", ret ); + ret = ssl_parse_record_header(ssl, buf, buflen, &rec); + if (ret != 0) { + MBEDTLS_SSL_DEBUG_RET(3, "ssl_parse_record_header", ret); goto exit; } - if( ssl->transform_in != NULL ) - { - ret = mbedtls_ssl_decrypt_buf( ssl, ssl->transform_in, &rec ); - if( ret != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 3, "mbedtls_ssl_decrypt_buf", ret ); + if (ssl->transform_in != NULL) { + ret = mbedtls_ssl_decrypt_buf(ssl, ssl->transform_in, &rec); + if (ret != 0) { + MBEDTLS_SSL_DEBUG_RET(3, "mbedtls_ssl_decrypt_buf", ret); goto exit; } } @@ -136,18 +132,17 @@ int mbedtls_ssl_check_record( mbedtls_ssl_context const *ssl, exit: /* On success, we have decrypted the buffer in-place, so make * sure we don't leak any plaintext data. */ - mbedtls_platform_zeroize( buf, buflen ); + mbedtls_platform_zeroize(buf, buflen); /* For the purpose of this API, treat messages with unexpected CID * as well as such from future epochs as unexpected. */ - if( ret == MBEDTLS_ERR_SSL_UNEXPECTED_CID || - ret == MBEDTLS_ERR_SSL_EARLY_MESSAGE ) - { + if (ret == MBEDTLS_ERR_SSL_UNEXPECTED_CID || + ret == MBEDTLS_ERR_SSL_EARLY_MESSAGE) { ret = MBEDTLS_ERR_SSL_UNEXPECTED_RECORD; } - MBEDTLS_SSL_DEBUG_MSG( 1, ( "<= mbedtls_ssl_check_record" ) ); - return( ret ); + MBEDTLS_SSL_DEBUG_MSG(1, ("<= mbedtls_ssl_check_record")); + return ret; } #endif /* MBEDTLS_SSL_RECORD_CHECKING */ @@ -157,65 +152,66 @@ exit: #if defined(MBEDTLS_SSL_PROTO_DTLS) /* Forward declarations for functions related to message buffering. */ -static void ssl_buffering_free_slot( mbedtls_ssl_context *ssl, - uint8_t slot ); -static void ssl_free_buffered_record( mbedtls_ssl_context *ssl ); +static void ssl_buffering_free_slot(mbedtls_ssl_context *ssl, + uint8_t slot); +static void ssl_free_buffered_record(mbedtls_ssl_context *ssl); MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_load_buffered_message( mbedtls_ssl_context *ssl ); +static int ssl_load_buffered_message(mbedtls_ssl_context *ssl); MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_load_buffered_record( mbedtls_ssl_context *ssl ); +static int ssl_load_buffered_record(mbedtls_ssl_context *ssl); MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_buffer_message( mbedtls_ssl_context *ssl ); +static int ssl_buffer_message(mbedtls_ssl_context *ssl); MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_buffer_future_record( mbedtls_ssl_context *ssl, - mbedtls_record const *rec ); +static int ssl_buffer_future_record(mbedtls_ssl_context *ssl, + mbedtls_record const *rec); MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_next_record_is_in_datagram( mbedtls_ssl_context *ssl ); +static int ssl_next_record_is_in_datagram(mbedtls_ssl_context *ssl); -static size_t ssl_get_maximum_datagram_size( mbedtls_ssl_context const *ssl ) +static size_t ssl_get_maximum_datagram_size(mbedtls_ssl_context const *ssl) { - size_t mtu = mbedtls_ssl_get_current_mtu( ssl ); + size_t mtu = mbedtls_ssl_get_current_mtu(ssl); #if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) size_t out_buf_len = ssl->out_buf_len; #else size_t out_buf_len = MBEDTLS_SSL_OUT_BUFFER_LEN; #endif - if( mtu != 0 && mtu < out_buf_len ) - return( mtu ); + if (mtu != 0 && mtu < out_buf_len) { + return mtu; + } - return( out_buf_len ); + return out_buf_len; } MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_get_remaining_space_in_datagram( mbedtls_ssl_context const *ssl ) +static int ssl_get_remaining_space_in_datagram(mbedtls_ssl_context const *ssl) { size_t const bytes_written = ssl->out_left; - size_t const mtu = ssl_get_maximum_datagram_size( ssl ); + size_t const mtu = ssl_get_maximum_datagram_size(ssl); /* Double-check that the write-index hasn't gone * past what we can transmit in a single datagram. */ - if( bytes_written > mtu ) - { + if (bytes_written > mtu) { /* Should never happen... */ - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + return MBEDTLS_ERR_SSL_INTERNAL_ERROR; } - return( (int) ( mtu - bytes_written ) ); + return (int) (mtu - bytes_written); } MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_get_remaining_payload_in_datagram( mbedtls_ssl_context const *ssl ) +static int ssl_get_remaining_payload_in_datagram(mbedtls_ssl_context const *ssl) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t remaining, expansion; size_t max_len = MBEDTLS_SSL_OUT_CONTENT_LEN; #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) - const size_t mfl = mbedtls_ssl_get_output_max_frag_len( ssl ); + const size_t mfl = mbedtls_ssl_get_output_max_frag_len(ssl); - if( max_len > mfl ) + if (max_len > mfl) { max_len = mfl; + } /* By the standard (RFC 6066 Sect. 4), the MFL extension * only limits the maximum record payload size, so in theory @@ -226,30 +222,35 @@ static int ssl_get_remaining_payload_in_datagram( mbedtls_ssl_context const *ssl * The following reduction of max_len makes sure that we never * write datagrams larger than MFL + Record Expansion Overhead. */ - if( max_len <= ssl->out_left ) - return( 0 ); + if (max_len <= ssl->out_left) { + return 0; + } max_len -= ssl->out_left; #endif - ret = ssl_get_remaining_space_in_datagram( ssl ); - if( ret < 0 ) - return( ret ); + ret = ssl_get_remaining_space_in_datagram(ssl); + if (ret < 0) { + return ret; + } remaining = (size_t) ret; - ret = mbedtls_ssl_get_record_expansion( ssl ); - if( ret < 0 ) - return( ret ); + ret = mbedtls_ssl_get_record_expansion(ssl); + if (ret < 0) { + return ret; + } expansion = (size_t) ret; - if( remaining <= expansion ) - return( 0 ); + if (remaining <= expansion) { + return 0; + } remaining -= expansion; - if( remaining >= max_len ) + if (remaining >= max_len) { remaining = max_len; + } - return( (int) remaining ); + return (int) remaining; } /* @@ -257,12 +258,13 @@ static int ssl_get_remaining_payload_in_datagram( mbedtls_ssl_context const *ssl * returning -1 if the maximum value has already been reached. */ MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_double_retransmit_timeout( mbedtls_ssl_context *ssl ) +static int ssl_double_retransmit_timeout(mbedtls_ssl_context *ssl) { uint32_t new_timeout; - if( ssl->handshake->retransmit_timeout >= ssl->conf->hs_timeout_max ) - return( -1 ); + if (ssl->handshake->retransmit_timeout >= ssl->conf->hs_timeout_max) { + return -1; + } /* Implement the final paragraph of RFC 6347 section 4.1.1.1 * in the following way: after the initial transmission and a first @@ -270,49 +272,47 @@ static int ssl_double_retransmit_timeout( mbedtls_ssl_context *ssl ) * This value is guaranteed to be deliverable (if not guaranteed to be * delivered) of any compliant IPv4 (and IPv6) network, and should work * on most non-IP stacks too. */ - if( ssl->handshake->retransmit_timeout != ssl->conf->hs_timeout_min ) - { + if (ssl->handshake->retransmit_timeout != ssl->conf->hs_timeout_min) { ssl->handshake->mtu = 508; - MBEDTLS_SSL_DEBUG_MSG( 2, ( "mtu autoreduction to %d bytes", ssl->handshake->mtu ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("mtu autoreduction to %d bytes", ssl->handshake->mtu)); } new_timeout = 2 * ssl->handshake->retransmit_timeout; /* Avoid arithmetic overflow and range overflow */ - if( new_timeout < ssl->handshake->retransmit_timeout || - new_timeout > ssl->conf->hs_timeout_max ) - { + if (new_timeout < ssl->handshake->retransmit_timeout || + new_timeout > ssl->conf->hs_timeout_max) { new_timeout = ssl->conf->hs_timeout_max; } ssl->handshake->retransmit_timeout = new_timeout; - MBEDTLS_SSL_DEBUG_MSG( 3, ( "update timeout value to %lu millisecs", - (unsigned long) ssl->handshake->retransmit_timeout ) ); + MBEDTLS_SSL_DEBUG_MSG(3, ("update timeout value to %lu millisecs", + (unsigned long) ssl->handshake->retransmit_timeout)); - return( 0 ); + return 0; } -static void ssl_reset_retransmit_timeout( mbedtls_ssl_context *ssl ) +static void ssl_reset_retransmit_timeout(mbedtls_ssl_context *ssl) { ssl->handshake->retransmit_timeout = ssl->conf->hs_timeout_min; - MBEDTLS_SSL_DEBUG_MSG( 3, ( "update timeout value to %lu millisecs", - (unsigned long) ssl->handshake->retransmit_timeout ) ); + MBEDTLS_SSL_DEBUG_MSG(3, ("update timeout value to %lu millisecs", + (unsigned long) ssl->handshake->retransmit_timeout)); } #endif /* MBEDTLS_SSL_PROTO_DTLS */ #if defined(MBEDTLS_SSL_HW_RECORD_ACCEL) -int (*mbedtls_ssl_hw_record_init)( mbedtls_ssl_context *ssl, - const unsigned char *key_enc, const unsigned char *key_dec, - size_t keylen, - const unsigned char *iv_enc, const unsigned char *iv_dec, - size_t ivlen, - const unsigned char *mac_enc, const unsigned char *mac_dec, - size_t maclen ) = NULL; -int (*mbedtls_ssl_hw_record_activate)( mbedtls_ssl_context *ssl, int direction) = NULL; -int (*mbedtls_ssl_hw_record_reset)( mbedtls_ssl_context *ssl ) = NULL; -int (*mbedtls_ssl_hw_record_write)( mbedtls_ssl_context *ssl ) = NULL; -int (*mbedtls_ssl_hw_record_read)( mbedtls_ssl_context *ssl ) = NULL; -int (*mbedtls_ssl_hw_record_finish)( mbedtls_ssl_context *ssl ) = NULL; +int (*mbedtls_ssl_hw_record_init)(mbedtls_ssl_context *ssl, + const unsigned char *key_enc, const unsigned char *key_dec, + size_t keylen, + const unsigned char *iv_enc, const unsigned char *iv_dec, + size_t ivlen, + const unsigned char *mac_enc, const unsigned char *mac_dec, + size_t maclen) = NULL; +int (*mbedtls_ssl_hw_record_activate)(mbedtls_ssl_context *ssl, int direction) = NULL; +int (*mbedtls_ssl_hw_record_reset)(mbedtls_ssl_context *ssl) = NULL; +int (*mbedtls_ssl_hw_record_write)(mbedtls_ssl_context *ssl) = NULL; +int (*mbedtls_ssl_hw_record_read)(mbedtls_ssl_context *ssl) = NULL; +int (*mbedtls_ssl_hw_record_finish)(mbedtls_ssl_context *ssl) = NULL; #endif /* MBEDTLS_SSL_HW_RECORD_ACCEL */ /* @@ -322,10 +322,10 @@ int (*mbedtls_ssl_hw_record_finish)( mbedtls_ssl_context *ssl ) = NULL; #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) || \ defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) -static size_t ssl_compute_padding_length( size_t len, - size_t granularity ) +static size_t ssl_compute_padding_length(size_t len, + size_t granularity) { - return( ( granularity - ( len + 1 ) % granularity ) % granularity ); + return (granularity - (len + 1) % granularity) % granularity; } /* This functions transforms a (D)TLS plaintext fragment and a record content @@ -357,62 +357,64 @@ static size_t ssl_compute_padding_length( size_t len, * for the expansion. */ MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_build_inner_plaintext( unsigned char *content, - size_t *content_size, - size_t remaining, - uint8_t rec_type, - size_t pad ) +static int ssl_build_inner_plaintext(unsigned char *content, + size_t *content_size, + size_t remaining, + uint8_t rec_type, + size_t pad) { size_t len = *content_size; /* Write real content type */ - if( remaining == 0 ) - return( -1 ); - content[ len ] = rec_type; + if (remaining == 0) { + return -1; + } + content[len] = rec_type; len++; remaining--; - if( remaining < pad ) - return( -1 ); - memset( content + len, 0, pad ); + if (remaining < pad) { + return -1; + } + memset(content + len, 0, pad); len += pad; remaining -= pad; *content_size = len; - return( 0 ); + return 0; } /* This function parses a (D)TLSInnerPlaintext structure. * See ssl_build_inner_plaintext() for details. */ MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_parse_inner_plaintext( unsigned char const *content, - size_t *content_size, - uint8_t *rec_type ) +static int ssl_parse_inner_plaintext(unsigned char const *content, + size_t *content_size, + uint8_t *rec_type) { size_t remaining = *content_size; /* Determine length of padding by skipping zeroes from the back. */ - do - { - if( remaining == 0 ) - return( -1 ); + do { + if (remaining == 0) { + return -1; + } remaining--; - } while( content[ remaining ] == 0 ); + } while (content[remaining] == 0); *content_size = remaining; - *rec_type = content[ remaining ]; + *rec_type = content[remaining]; - return( 0 ); + return 0; } #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID || MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ /* `add_data` must have size 13 Bytes if the CID extension is disabled, * and 13 + 1 + CID-length Bytes if the CID extension is enabled. */ -static void ssl_extract_add_data_from_record( unsigned char* add_data, - size_t *add_data_len, - mbedtls_record *rec, - unsigned minor_ver ) +static void ssl_extract_add_data_from_record(unsigned char *add_data, + size_t *add_data_len, + mbedtls_record *rec, + unsigned minor_ver) { /* Quoting RFC 5246 (TLS 1.2): * @@ -437,38 +439,36 @@ static void ssl_extract_add_data_from_record( unsigned char* add_data, int is_tls13 = 0; #if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) - if( minor_ver == MBEDTLS_SSL_MINOR_VERSION_4 ) + if (minor_ver == MBEDTLS_SSL_MINOR_VERSION_4) { is_tls13 = 1; + } #endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ - if( !is_tls13 ) - { + if (!is_tls13) { ((void) minor_ver); - memcpy( cur, rec->ctr, sizeof( rec->ctr ) ); - cur += sizeof( rec->ctr ); + memcpy(cur, rec->ctr, sizeof(rec->ctr)); + cur += sizeof(rec->ctr); } *cur = rec->type; cur++; - memcpy( cur, rec->ver, sizeof( rec->ver ) ); - cur += sizeof( rec->ver ); + memcpy(cur, rec->ver, sizeof(rec->ver)); + cur += sizeof(rec->ver); #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) - if( rec->cid_len != 0 ) - { - memcpy( cur, rec->cid, rec->cid_len ); + if (rec->cid_len != 0) { + memcpy(cur, rec->cid, rec->cid_len); cur += rec->cid_len; *cur = rec->cid_len; cur++; - MBEDTLS_PUT_UINT16_BE( rec->data_len, cur, 0 ); + MBEDTLS_PUT_UINT16_BE(rec->data_len, cur, 0); cur += 2; - } - else + } else #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ { - MBEDTLS_PUT_UINT16_BE( rec->data_len, cur, 0 ); + MBEDTLS_PUT_UINT16_BE(rec->data_len, cur, 0); cur += 2; } @@ -483,67 +483,79 @@ static void ssl_extract_add_data_from_record( unsigned char* add_data, * SSLv3.0 MAC functions */ MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_mac( mbedtls_md_context_t *md_ctx, - const unsigned char *secret, - const unsigned char *buf, size_t len, - const unsigned char *ctr, int type, - unsigned char out[SSL3_MAC_MAX_BYTES] ) +static int ssl_mac(mbedtls_md_context_t *md_ctx, + const unsigned char *secret, + const unsigned char *buf, size_t len, + const unsigned char *ctr, int type, + unsigned char out[SSL3_MAC_MAX_BYTES]) { unsigned char header[11]; unsigned char padding[48]; int padlen; - int md_size = mbedtls_md_get_size( md_ctx->md_info ); - int md_type = mbedtls_md_get_type( md_ctx->md_info ); + int md_size = mbedtls_md_get_size(md_ctx->md_info); + int md_type = mbedtls_md_get_type(md_ctx->md_info); int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; /* Only MD5 and SHA-1 supported */ - if( md_type == MBEDTLS_MD_MD5 ) + if (md_type == MBEDTLS_MD_MD5) { padlen = 48; - else + } else { padlen = 40; + } - memcpy( header, ctr, 8 ); + memcpy(header, ctr, 8); header[8] = (unsigned char) type; - MBEDTLS_PUT_UINT16_BE( len, header, 9); - - memset( padding, 0x36, padlen ); - ret = mbedtls_md_starts( md_ctx ); - if( ret != 0 ) - return( ret ); - ret = mbedtls_md_update( md_ctx, secret, md_size ); - if( ret != 0 ) - return( ret ); - ret = mbedtls_md_update( md_ctx, padding, padlen ); - if( ret != 0 ) - return( ret ); - ret = mbedtls_md_update( md_ctx, header, 11 ); - if( ret != 0 ) - return( ret ); - ret = mbedtls_md_update( md_ctx, buf, len ); - if( ret != 0 ) - return( ret ); - ret = mbedtls_md_finish( md_ctx, out ); - if( ret != 0 ) - return( ret ); - - memset( padding, 0x5C, padlen ); - ret = mbedtls_md_starts( md_ctx ); - if( ret != 0 ) - return( ret ); - ret = mbedtls_md_update( md_ctx, secret, md_size ); - if( ret != 0 ) - return( ret ); - ret = mbedtls_md_update( md_ctx, padding, padlen ); - if( ret != 0 ) - return( ret ); - ret = mbedtls_md_update( md_ctx, out, md_size ); - if( ret != 0 ) - return( ret ); - ret = mbedtls_md_finish( md_ctx, out ); - if( ret != 0 ) - return( ret ); - - return( 0 ); + MBEDTLS_PUT_UINT16_BE(len, header, 9); + + memset(padding, 0x36, padlen); + ret = mbedtls_md_starts(md_ctx); + if (ret != 0) { + return ret; + } + ret = mbedtls_md_update(md_ctx, secret, md_size); + if (ret != 0) { + return ret; + } + ret = mbedtls_md_update(md_ctx, padding, padlen); + if (ret != 0) { + return ret; + } + ret = mbedtls_md_update(md_ctx, header, 11); + if (ret != 0) { + return ret; + } + ret = mbedtls_md_update(md_ctx, buf, len); + if (ret != 0) { + return ret; + } + ret = mbedtls_md_finish(md_ctx, out); + if (ret != 0) { + return ret; + } + + memset(padding, 0x5C, padlen); + ret = mbedtls_md_starts(md_ctx); + if (ret != 0) { + return ret; + } + ret = mbedtls_md_update(md_ctx, secret, md_size); + if (ret != 0) { + return ret; + } + ret = mbedtls_md_update(md_ctx, padding, padlen); + if (ret != 0) { + return ret; + } + ret = mbedtls_md_update(md_ctx, out, md_size); + if (ret != 0) { + return ret; + } + ret = mbedtls_md_finish(md_ctx, out); + if (ret != 0) { + return ret; + } + + return 0; } #endif /* MBEDTLS_SSL_PROTO_SSL3 */ @@ -552,9 +564,9 @@ static int ssl_mac( mbedtls_md_context_t *md_ctx, defined(MBEDTLS_CHACHAPOLY_C) MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_transform_aead_dynamic_iv_is_explicit( - mbedtls_ssl_transform const *transform ) + mbedtls_ssl_transform const *transform) { - return( transform->ivlen != transform->fixed_ivlen ); + return transform->ivlen != transform->fixed_ivlen; } /* Compute IV := ( fixed_iv || 0 ) XOR ( 0 || dynamic_IV ) @@ -580,35 +592,36 @@ static int ssl_transform_aead_dynamic_iv_is_explicit( * which has to be ensured by the caller. If this precondition * violated, the behavior of this function is undefined. */ -static void ssl_build_record_nonce( unsigned char *dst_iv, - size_t dst_iv_len, - unsigned char const *fixed_iv, - size_t fixed_iv_len, - unsigned char const *dynamic_iv, - size_t dynamic_iv_len ) +static void ssl_build_record_nonce(unsigned char *dst_iv, + size_t dst_iv_len, + unsigned char const *fixed_iv, + size_t fixed_iv_len, + unsigned char const *dynamic_iv, + size_t dynamic_iv_len) { size_t i; /* Start with Fixed IV || 0 */ - memset( dst_iv, 0, dst_iv_len ); - memcpy( dst_iv, fixed_iv, fixed_iv_len ); + memset(dst_iv, 0, dst_iv_len); + memcpy(dst_iv, fixed_iv, fixed_iv_len); dst_iv += dst_iv_len - dynamic_iv_len; - for( i = 0; i < dynamic_iv_len; i++ ) + for (i = 0; i < dynamic_iv_len; i++) { dst_iv[i] ^= dynamic_iv[i]; + } } #endif /* MBEDTLS_GCM_C || MBEDTLS_CCM_C || MBEDTLS_CHACHAPOLY_C */ -int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl, - mbedtls_ssl_transform *transform, - mbedtls_record *rec, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ) +int mbedtls_ssl_encrypt_buf(mbedtls_ssl_context *ssl, + mbedtls_ssl_transform *transform, + mbedtls_record *rec, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng) { mbedtls_cipher_mode_t mode; int auth_done = 0; - unsigned char * data; - unsigned char add_data[13 + 1 + MBEDTLS_SSL_CID_OUT_LEN_MAX ]; + unsigned char *data; + unsigned char add_data[13 + 1 + MBEDTLS_SSL_CID_OUT_LEN_MAX]; size_t add_data_len; size_t post_avail; @@ -620,46 +633,43 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl, /* The PRNG is used for dynamic IV generation that's used * for CBC transformations in TLS 1.1 and TLS 1.2. */ -#if !( defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC) && \ - ( defined(MBEDTLS_SSL_PROTO_TLS1_1) || defined(MBEDTLS_SSL_PROTO_TLS1_2) ) ) +#if !(defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC) && \ + (defined(MBEDTLS_SSL_PROTO_TLS1_1) || defined(MBEDTLS_SSL_PROTO_TLS1_2))) ((void) f_rng); ((void) p_rng); #endif - MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> encrypt buf" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("=> encrypt buf")); - if( transform == NULL ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "no transform provided to encrypt_buf" ) ); - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + if (transform == NULL) { + MBEDTLS_SSL_DEBUG_MSG(1, ("no transform provided to encrypt_buf")); + return MBEDTLS_ERR_SSL_INTERNAL_ERROR; } - if( rec == NULL + if (rec == NULL || rec->buf == NULL || rec->buf_len < rec->data_offset || rec->buf_len - rec->data_offset < rec->data_len #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) || rec->cid_len != 0 #endif - ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad record structure provided to encrypt_buf" ) ); - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + ) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad record structure provided to encrypt_buf")); + return MBEDTLS_ERR_SSL_INTERNAL_ERROR; } data = rec->buf + rec->data_offset; - post_avail = rec->buf_len - ( rec->data_len + rec->data_offset ); - MBEDTLS_SSL_DEBUG_BUF( 4, "before encrypt: output payload", - data, rec->data_len ); + post_avail = rec->buf_len - (rec->data_len + rec->data_offset); + MBEDTLS_SSL_DEBUG_BUF(4, "before encrypt: output payload", + data, rec->data_len); - mode = mbedtls_cipher_get_cipher_mode( &transform->cipher_ctx_enc ); + mode = mbedtls_cipher_get_cipher_mode(&transform->cipher_ctx_enc); - if( rec->data_len > MBEDTLS_SSL_OUT_CONTENT_LEN ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "Record content %" MBEDTLS_PRINTF_SIZET - " too large, maximum %" MBEDTLS_PRINTF_SIZET, - rec->data_len, - (size_t) MBEDTLS_SSL_OUT_CONTENT_LEN ) ); - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + if (rec->data_len > MBEDTLS_SSL_OUT_CONTENT_LEN) { + MBEDTLS_SSL_DEBUG_MSG(1, ("Record content %" MBEDTLS_PRINTF_SIZET + " too large, maximum %" MBEDTLS_PRINTF_SIZET, + rec->data_len, + (size_t) MBEDTLS_SSL_OUT_CONTENT_LEN)); + return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; } /* The following two code paths implement the (D)TLSInnerPlaintext @@ -675,18 +685,16 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl, * is hence no risk of double-addition of the inner plaintext. */ #if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) - if( transform->minor_ver == MBEDTLS_SSL_MINOR_VERSION_4 ) - { + if (transform->minor_ver == MBEDTLS_SSL_MINOR_VERSION_4) { size_t padding = - ssl_compute_padding_length( rec->data_len, - MBEDTLS_SSL_TLS1_3_PADDING_GRANULARITY ); - if( ssl_build_inner_plaintext( data, - &rec->data_len, - post_avail, - rec->type, - padding ) != 0 ) - { - return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL ); + ssl_compute_padding_length(rec->data_len, + MBEDTLS_SSL_TLS1_3_PADDING_GRANULARITY); + if (ssl_build_inner_plaintext(data, + &rec->data_len, + post_avail, + rec->type, + padding) != 0) { + return MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL; } rec->type = MBEDTLS_SSL_MSG_APPLICATION_DATA; @@ -698,14 +706,13 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl, * Add CID information */ rec->cid_len = transform->out_cid_len; - memcpy( rec->cid, transform->out_cid, transform->out_cid_len ); - MBEDTLS_SSL_DEBUG_BUF( 3, "CID", rec->cid, rec->cid_len ); + memcpy(rec->cid, transform->out_cid, transform->out_cid_len); + MBEDTLS_SSL_DEBUG_BUF(3, "CID", rec->cid, rec->cid_len); - if( rec->cid_len != 0 ) - { + if (rec->cid_len != 0) { size_t padding = - ssl_compute_padding_length( rec->data_len, - MBEDTLS_SSL_CID_PADDING_GRANULARITY ); + ssl_compute_padding_length(rec->data_len, + MBEDTLS_SSL_CID_PADDING_GRANULARITY); /* * Wrap plaintext into DTLSInnerPlaintext structure. * See ssl_build_inner_plaintext() for more information. @@ -713,100 +720,96 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl, * Note that this changes `rec->data_len`, and hence * `post_avail` needs to be recalculated afterwards. */ - if( ssl_build_inner_plaintext( data, - &rec->data_len, - post_avail, - rec->type, - padding ) != 0 ) - { - return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL ); + if (ssl_build_inner_plaintext(data, + &rec->data_len, + post_avail, + rec->type, + padding) != 0) { + return MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL; } rec->type = MBEDTLS_SSL_MSG_CID; } #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ - post_avail = rec->buf_len - ( rec->data_len + rec->data_offset ); + post_avail = rec->buf_len - (rec->data_len + rec->data_offset); /* * Add MAC before if needed */ #if defined(MBEDTLS_SSL_SOME_MODES_USE_MAC) - if( mode == MBEDTLS_MODE_STREAM || - ( mode == MBEDTLS_MODE_CBC + if (mode == MBEDTLS_MODE_STREAM || + (mode == MBEDTLS_MODE_CBC #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) - && transform->encrypt_then_mac == MBEDTLS_SSL_ETM_DISABLED + && transform->encrypt_then_mac == MBEDTLS_SSL_ETM_DISABLED #endif - ) ) - { - if( post_avail < transform->maclen ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "Buffer provided for encrypted record not large enough" ) ); - return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL ); + )) { + if (post_avail < transform->maclen) { + MBEDTLS_SSL_DEBUG_MSG(1, ("Buffer provided for encrypted record not large enough")); + return MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL; } #if defined(MBEDTLS_SSL_PROTO_SSL3) - if( transform->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ) - { + if (transform->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0) { unsigned char mac[SSL3_MAC_MAX_BYTES]; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - ret = ssl_mac( &transform->md_ctx_enc, transform->mac_enc, - data, rec->data_len, rec->ctr, rec->type, mac ); - if( ret == 0 ) - memcpy( data + rec->data_len, mac, transform->maclen ); - mbedtls_platform_zeroize( mac, transform->maclen ); - if( ret != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "ssl_mac", ret ); - return( ret ); + ret = ssl_mac(&transform->md_ctx_enc, transform->mac_enc, + data, rec->data_len, rec->ctr, rec->type, mac); + if (ret == 0) { + memcpy(data + rec->data_len, mac, transform->maclen); } - } - else + mbedtls_platform_zeroize(mac, transform->maclen); + if (ret != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "ssl_mac", ret); + return ret; + } + } else #endif #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \ defined(MBEDTLS_SSL_PROTO_TLS1_2) - if( transform->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_1 ) - { + if (transform->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_1) { unsigned char mac[MBEDTLS_SSL_MAC_ADD]; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - ssl_extract_add_data_from_record( add_data, &add_data_len, rec, - transform->minor_ver ); + ssl_extract_add_data_from_record(add_data, &add_data_len, rec, + transform->minor_ver); - ret = mbedtls_md_hmac_update( &transform->md_ctx_enc, - add_data, add_data_len ); - if( ret != 0 ) + ret = mbedtls_md_hmac_update(&transform->md_ctx_enc, + add_data, add_data_len); + if (ret != 0) { goto hmac_failed_etm_disabled; - ret = mbedtls_md_hmac_update( &transform->md_ctx_enc, - data, rec->data_len ); - if( ret != 0 ) + } + ret = mbedtls_md_hmac_update(&transform->md_ctx_enc, + data, rec->data_len); + if (ret != 0) { goto hmac_failed_etm_disabled; - ret = mbedtls_md_hmac_finish( &transform->md_ctx_enc, mac ); - if( ret != 0 ) + } + ret = mbedtls_md_hmac_finish(&transform->md_ctx_enc, mac); + if (ret != 0) { goto hmac_failed_etm_disabled; - ret = mbedtls_md_hmac_reset( &transform->md_ctx_enc ); - if( ret != 0 ) + } + ret = mbedtls_md_hmac_reset(&transform->md_ctx_enc); + if (ret != 0) { goto hmac_failed_etm_disabled; + } - memcpy( data + rec->data_len, mac, transform->maclen ); + memcpy(data + rec->data_len, mac, transform->maclen); - hmac_failed_etm_disabled: - mbedtls_platform_zeroize( mac, transform->maclen ); - if( ret != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md_hmac_xxx", ret ); - return( ret ); +hmac_failed_etm_disabled: + mbedtls_platform_zeroize(mac, transform->maclen); + if (ret != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_md_hmac_xxx", ret); + return ret; } - } - else + } else #endif { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); + return MBEDTLS_ERR_SSL_INTERNAL_ERROR; } - MBEDTLS_SSL_DEBUG_BUF( 4, "computed mac", data + rec->data_len, - transform->maclen ); + MBEDTLS_SSL_DEBUG_BUF(4, "computed mac", data + rec->data_len, + transform->maclen); rec->data_len += transform->maclen; post_avail -= transform->maclen; @@ -818,51 +821,45 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl, * Encrypt */ #if defined(MBEDTLS_ARC4_C) || defined(MBEDTLS_CIPHER_NULL_CIPHER) - if( mode == MBEDTLS_MODE_STREAM ) - { + if (mode == MBEDTLS_MODE_STREAM) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t olen; - MBEDTLS_SSL_DEBUG_MSG( 3, ( "before encrypt: msglen = %" MBEDTLS_PRINTF_SIZET ", " - "including %d bytes of padding", - rec->data_len, 0 ) ); - - if( ( ret = mbedtls_cipher_crypt( &transform->cipher_ctx_enc, - transform->iv_enc, transform->ivlen, - data, rec->data_len, - data, &olen ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_crypt", ret ); - return( ret ); + MBEDTLS_SSL_DEBUG_MSG(3, ("before encrypt: msglen = %" MBEDTLS_PRINTF_SIZET ", " + "including %d bytes of padding", + rec->data_len, 0)); + + if ((ret = mbedtls_cipher_crypt(&transform->cipher_ctx_enc, + transform->iv_enc, transform->ivlen, + data, rec->data_len, + data, &olen)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_cipher_crypt", ret); + return ret; } - if( rec->data_len != olen ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + if (rec->data_len != olen) { + MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); + return MBEDTLS_ERR_SSL_INTERNAL_ERROR; } - } - else + } else #endif /* MBEDTLS_ARC4_C || MBEDTLS_CIPHER_NULL_CIPHER */ #if defined(MBEDTLS_GCM_C) || \ defined(MBEDTLS_CCM_C) || \ defined(MBEDTLS_CHACHAPOLY_C) - if( mode == MBEDTLS_MODE_GCM || + if (mode == MBEDTLS_MODE_GCM || mode == MBEDTLS_MODE_CCM || - mode == MBEDTLS_MODE_CHACHAPOLY ) - { + mode == MBEDTLS_MODE_CHACHAPOLY) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char iv[12]; unsigned char *dynamic_iv; size_t dynamic_iv_len; int dynamic_iv_is_explicit = - ssl_transform_aead_dynamic_iv_is_explicit( transform ); + ssl_transform_aead_dynamic_iv_is_explicit(transform); /* Check that there's space for the authentication tag. */ - if( post_avail < transform->taglen ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "Buffer provided for encrypted record not large enough" ) ); - return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL ); + if (post_avail < transform->taglen) { + MBEDTLS_SSL_DEBUG_MSG(1, ("Buffer provided for encrypted record not large enough")); + return MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL; } /* @@ -878,95 +875,91 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl, * record sequence number here in all cases. */ dynamic_iv = rec->ctr; - dynamic_iv_len = sizeof( rec->ctr ); + dynamic_iv_len = sizeof(rec->ctr); - ssl_build_record_nonce( iv, sizeof( iv ), - transform->iv_enc, - transform->fixed_ivlen, - dynamic_iv, - dynamic_iv_len ); + ssl_build_record_nonce(iv, sizeof(iv), + transform->iv_enc, + transform->fixed_ivlen, + dynamic_iv, + dynamic_iv_len); /* * Build additional data for AEAD encryption. * This depends on the TLS version. */ - ssl_extract_add_data_from_record( add_data, &add_data_len, rec, - transform->minor_ver ); - - MBEDTLS_SSL_DEBUG_BUF( 4, "IV used (internal)", - iv, transform->ivlen ); - MBEDTLS_SSL_DEBUG_BUF( 4, "IV used (transmitted)", - dynamic_iv, - dynamic_iv_is_explicit ? dynamic_iv_len : 0 ); - MBEDTLS_SSL_DEBUG_BUF( 4, "additional data used for AEAD", - add_data, add_data_len ); - MBEDTLS_SSL_DEBUG_MSG( 3, ( "before encrypt: msglen = %" MBEDTLS_PRINTF_SIZET ", " - "including 0 bytes of padding", - rec->data_len ) ); + ssl_extract_add_data_from_record(add_data, &add_data_len, rec, + transform->minor_ver); + + MBEDTLS_SSL_DEBUG_BUF(4, "IV used (internal)", + iv, transform->ivlen); + MBEDTLS_SSL_DEBUG_BUF(4, "IV used (transmitted)", + dynamic_iv, + dynamic_iv_is_explicit ? dynamic_iv_len : 0); + MBEDTLS_SSL_DEBUG_BUF(4, "additional data used for AEAD", + add_data, add_data_len); + MBEDTLS_SSL_DEBUG_MSG(3, ("before encrypt: msglen = %" MBEDTLS_PRINTF_SIZET ", " + "including 0 bytes of padding", + rec->data_len)); /* * Encrypt and authenticate */ - if( ( ret = mbedtls_cipher_auth_encrypt_ext( &transform->cipher_ctx_enc, - iv, transform->ivlen, - add_data, add_data_len, - data, rec->data_len, /* src */ - data, rec->buf_len - (data - rec->buf), /* dst */ - &rec->data_len, - transform->taglen ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_auth_encrypt", ret ); - return( ret ); - } - MBEDTLS_SSL_DEBUG_BUF( 4, "after encrypt: tag", - data + rec->data_len - transform->taglen, - transform->taglen ); + if ((ret = mbedtls_cipher_auth_encrypt_ext(&transform->cipher_ctx_enc, + iv, transform->ivlen, + add_data, add_data_len, + data, rec->data_len, /* src */ + data, rec->buf_len - (data - rec->buf), /* dst */ + &rec->data_len, + transform->taglen)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_cipher_auth_encrypt", ret); + return ret; + } + MBEDTLS_SSL_DEBUG_BUF(4, "after encrypt: tag", + data + rec->data_len - transform->taglen, + transform->taglen); /* Account for authentication tag. */ post_avail -= transform->taglen; /* * Prefix record content with dynamic IV in case it is explicit. */ - if( dynamic_iv_is_explicit != 0 ) - { - if( rec->data_offset < dynamic_iv_len ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "Buffer provided for encrypted record not large enough" ) ); - return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL ); + if (dynamic_iv_is_explicit != 0) { + if (rec->data_offset < dynamic_iv_len) { + MBEDTLS_SSL_DEBUG_MSG(1, ("Buffer provided for encrypted record not large enough")); + return MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL; } - memcpy( data - dynamic_iv_len, dynamic_iv, dynamic_iv_len ); + memcpy(data - dynamic_iv_len, dynamic_iv, dynamic_iv_len); rec->data_offset -= dynamic_iv_len; rec->data_len += dynamic_iv_len; } auth_done++; - } - else + } else #endif /* MBEDTLS_GCM_C || MBEDTLS_CCM_C || MBEDTLS_CHACHAPOLY_C */ #if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC) - if( mode == MBEDTLS_MODE_CBC ) - { + if (mode == MBEDTLS_MODE_CBC) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t padlen, i; size_t olen; /* Currently we're always using minimal padding * (up to 255 bytes would be allowed). */ - padlen = transform->ivlen - ( rec->data_len + 1 ) % transform->ivlen; - if( padlen == transform->ivlen ) + padlen = transform->ivlen - (rec->data_len + 1) % transform->ivlen; + if (padlen == transform->ivlen) { padlen = 0; + } /* Check there's enough space in the buffer for the padding. */ - if( post_avail < padlen + 1 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "Buffer provided for encrypted record not large enough" ) ); - return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL ); + if (post_avail < padlen + 1) { + MBEDTLS_SSL_DEBUG_MSG(1, ("Buffer provided for encrypted record not large enough")); + return MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL; } - for( i = 0; i <= padlen; i++ ) + for (i = 0; i <= padlen; i++) { data[rec->data_len + i] = (unsigned char) padlen; + } rec->data_len += padlen + 1; post_avail -= padlen + 1; @@ -976,65 +969,60 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl, * Prepend per-record IV for block cipher in TLS v1.1 and up as per * Method 1 (6.2.3.2. in RFC4346 and RFC5246) */ - if( transform->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_2 ) - { - if( f_rng == NULL ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "No PRNG provided to encrypt_record routine" ) ); - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + if (transform->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_2) { + if (f_rng == NULL) { + MBEDTLS_SSL_DEBUG_MSG(1, ("No PRNG provided to encrypt_record routine")); + return MBEDTLS_ERR_SSL_INTERNAL_ERROR; } - if( rec->data_offset < transform->ivlen ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "Buffer provided for encrypted record not large enough" ) ); - return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL ); + if (rec->data_offset < transform->ivlen) { + MBEDTLS_SSL_DEBUG_MSG(1, ("Buffer provided for encrypted record not large enough")); + return MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL; } /* * Generate IV */ - ret = f_rng( p_rng, transform->iv_enc, transform->ivlen ); - if( ret != 0 ) - return( ret ); + ret = f_rng(p_rng, transform->iv_enc, transform->ivlen); + if (ret != 0) { + return ret; + } - memcpy( data - transform->ivlen, transform->iv_enc, - transform->ivlen ); + memcpy(data - transform->ivlen, transform->iv_enc, + transform->ivlen); } #endif /* MBEDTLS_SSL_PROTO_TLS1_1 || MBEDTLS_SSL_PROTO_TLS1_2 */ - MBEDTLS_SSL_DEBUG_MSG( 3, ( "before encrypt: msglen = %" MBEDTLS_PRINTF_SIZET ", " - "including %" MBEDTLS_PRINTF_SIZET - " bytes of IV and %" MBEDTLS_PRINTF_SIZET " bytes of padding", - rec->data_len, transform->ivlen, - padlen + 1 ) ); - - if( ( ret = mbedtls_cipher_crypt( &transform->cipher_ctx_enc, - transform->iv_enc, - transform->ivlen, - data, rec->data_len, - data, &olen ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_crypt", ret ); - return( ret ); + MBEDTLS_SSL_DEBUG_MSG(3, ("before encrypt: msglen = %" MBEDTLS_PRINTF_SIZET ", " + "including %" + MBEDTLS_PRINTF_SIZET + " bytes of IV and %" MBEDTLS_PRINTF_SIZET " bytes of padding", + rec->data_len, transform->ivlen, + padlen + 1)); + + if ((ret = mbedtls_cipher_crypt(&transform->cipher_ctx_enc, + transform->iv_enc, + transform->ivlen, + data, rec->data_len, + data, &olen)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_cipher_crypt", ret); + return ret; } - if( rec->data_len != olen ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + if (rec->data_len != olen) { + MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); + return MBEDTLS_ERR_SSL_INTERNAL_ERROR; } #if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) - if( transform->minor_ver < MBEDTLS_SSL_MINOR_VERSION_2 ) - { + if (transform->minor_ver < MBEDTLS_SSL_MINOR_VERSION_2) { /* * Save IV in SSL3 and TLS1 */ - memcpy( transform->iv_enc, transform->cipher_ctx_enc.iv, - transform->ivlen ); - } - else + memcpy(transform->iv_enc, transform->cipher_ctx_enc.iv, + transform->ivlen); + } else #endif { data -= transform->ivlen; @@ -1043,8 +1031,7 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl, } #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) - if( auth_done == 0 ) - { + if (auth_done == 0) { unsigned char mac[MBEDTLS_SSL_MAC_ADD]; /* @@ -1056,72 +1043,72 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl, * ENC(content + padding + padding_length)); */ - if( post_avail < transform->maclen) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "Buffer provided for encrypted record not large enough" ) ); - return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL ); + if (post_avail < transform->maclen) { + MBEDTLS_SSL_DEBUG_MSG(1, ("Buffer provided for encrypted record not large enough")); + return MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL; } - ssl_extract_add_data_from_record( add_data, &add_data_len, - rec, transform->minor_ver ); + ssl_extract_add_data_from_record(add_data, &add_data_len, + rec, transform->minor_ver); - MBEDTLS_SSL_DEBUG_MSG( 3, ( "using encrypt then mac" ) ); - MBEDTLS_SSL_DEBUG_BUF( 4, "MAC'd meta-data", add_data, - add_data_len ); + MBEDTLS_SSL_DEBUG_MSG(3, ("using encrypt then mac")); + MBEDTLS_SSL_DEBUG_BUF(4, "MAC'd meta-data", add_data, + add_data_len); - ret = mbedtls_md_hmac_update( &transform->md_ctx_enc, add_data, - add_data_len ); - if( ret != 0 ) + ret = mbedtls_md_hmac_update(&transform->md_ctx_enc, add_data, + add_data_len); + if (ret != 0) { goto hmac_failed_etm_enabled; - ret = mbedtls_md_hmac_update( &transform->md_ctx_enc, - data, rec->data_len ); - if( ret != 0 ) + } + ret = mbedtls_md_hmac_update(&transform->md_ctx_enc, + data, rec->data_len); + if (ret != 0) { goto hmac_failed_etm_enabled; - ret = mbedtls_md_hmac_finish( &transform->md_ctx_enc, mac ); - if( ret != 0 ) + } + ret = mbedtls_md_hmac_finish(&transform->md_ctx_enc, mac); + if (ret != 0) { goto hmac_failed_etm_enabled; - ret = mbedtls_md_hmac_reset( &transform->md_ctx_enc ); - if( ret != 0 ) + } + ret = mbedtls_md_hmac_reset(&transform->md_ctx_enc); + if (ret != 0) { goto hmac_failed_etm_enabled; + } - memcpy( data + rec->data_len, mac, transform->maclen ); + memcpy(data + rec->data_len, mac, transform->maclen); rec->data_len += transform->maclen; post_avail -= transform->maclen; auth_done++; - hmac_failed_etm_enabled: - mbedtls_platform_zeroize( mac, transform->maclen ); - if( ret != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "HMAC calculation failed", ret ); - return( ret ); +hmac_failed_etm_enabled: + mbedtls_platform_zeroize(mac, transform->maclen); + if (ret != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "HMAC calculation failed", ret); + return ret; } } #endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */ - } - else + } else #endif /* MBEDTLS_SSL_SOME_SUITES_USE_CBC) */ { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); + return MBEDTLS_ERR_SSL_INTERNAL_ERROR; } /* Make extra sure authentication was performed, exactly once */ - if( auth_done != 1 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + if (auth_done != 1) { + MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); + return MBEDTLS_ERR_SSL_INTERNAL_ERROR; } - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= encrypt buf" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("<= encrypt buf")); - return( 0 ); + return 0; } -int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl, - mbedtls_ssl_transform *transform, - mbedtls_record *rec ) +int mbedtls_ssl_decrypt_buf(mbedtls_ssl_context const *ssl, + mbedtls_ssl_transform *transform, + mbedtls_record *rec) { size_t olen; mbedtls_cipher_mode_t mode; @@ -1129,8 +1116,8 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl, #if defined(MBEDTLS_SSL_SOME_MODES_USE_MAC) size_t padlen = 0, correct = 1; #endif - unsigned char* data; - unsigned char add_data[13 + 1 + MBEDTLS_SSL_CID_IN_LEN_MAX ]; + unsigned char *data; + unsigned char add_data[13 + 1 + MBEDTLS_SSL_CID_IN_LEN_MAX]; size_t add_data_len; #if !defined(MBEDTLS_DEBUG_C) @@ -1138,59 +1125,52 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl, ((void) ssl); #endif - MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> decrypt buf" ) ); - if( rec == NULL || + MBEDTLS_SSL_DEBUG_MSG(2, ("=> decrypt buf")); + if (rec == NULL || rec->buf == NULL || rec->buf_len < rec->data_offset || - rec->buf_len - rec->data_offset < rec->data_len ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad record structure provided to decrypt_buf" ) ); - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + rec->buf_len - rec->data_offset < rec->data_len) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad record structure provided to decrypt_buf")); + return MBEDTLS_ERR_SSL_INTERNAL_ERROR; } data = rec->buf + rec->data_offset; - mode = mbedtls_cipher_get_cipher_mode( &transform->cipher_ctx_dec ); + mode = mbedtls_cipher_get_cipher_mode(&transform->cipher_ctx_dec); #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) /* * Match record's CID with incoming CID. */ - if( rec->cid_len != transform->in_cid_len || - memcmp( rec->cid, transform->in_cid, rec->cid_len ) != 0 ) - { - return( MBEDTLS_ERR_SSL_UNEXPECTED_CID ); + if (rec->cid_len != transform->in_cid_len || + memcmp(rec->cid, transform->in_cid, rec->cid_len) != 0) { + return MBEDTLS_ERR_SSL_UNEXPECTED_CID; } #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ #if defined(MBEDTLS_ARC4_C) || defined(MBEDTLS_CIPHER_NULL_CIPHER) - if( mode == MBEDTLS_MODE_STREAM ) - { + if (mode == MBEDTLS_MODE_STREAM) { padlen = 0; - if( ( ret = mbedtls_cipher_crypt( &transform->cipher_ctx_dec, - transform->iv_dec, - transform->ivlen, - data, rec->data_len, - data, &olen ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_crypt", ret ); - return( ret ); + if ((ret = mbedtls_cipher_crypt(&transform->cipher_ctx_dec, + transform->iv_dec, + transform->ivlen, + data, rec->data_len, + data, &olen)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_cipher_crypt", ret); + return ret; } - if( rec->data_len != olen ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + if (rec->data_len != olen) { + MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); + return MBEDTLS_ERR_SSL_INTERNAL_ERROR; } - } - else + } else #endif /* MBEDTLS_ARC4_C || MBEDTLS_CIPHER_NULL_CIPHER */ #if defined(MBEDTLS_GCM_C) || \ defined(MBEDTLS_CCM_C) || \ defined(MBEDTLS_CHACHAPOLY_C) - if( mode == MBEDTLS_MODE_GCM || + if (mode == MBEDTLS_MODE_GCM || mode == MBEDTLS_MODE_CCM || - mode == MBEDTLS_MODE_CHACHAPOLY ) - { + mode == MBEDTLS_MODE_CHACHAPOLY) { unsigned char iv[12]; unsigned char *dynamic_iv; size_t dynamic_iv_len; @@ -1203,56 +1183,51 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl, * can be chosen freely - in particular, it need not * agree with the record sequence number. */ - dynamic_iv_len = sizeof( rec->ctr ); - if( ssl_transform_aead_dynamic_iv_is_explicit( transform ) == 1 ) - { - if( rec->data_len < dynamic_iv_len ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "msglen (%" MBEDTLS_PRINTF_SIZET - " ) < explicit_iv_len (%" MBEDTLS_PRINTF_SIZET ") ", - rec->data_len, - dynamic_iv_len ) ); - return( MBEDTLS_ERR_SSL_INVALID_MAC ); + dynamic_iv_len = sizeof(rec->ctr); + if (ssl_transform_aead_dynamic_iv_is_explicit(transform) == 1) { + if (rec->data_len < dynamic_iv_len) { + MBEDTLS_SSL_DEBUG_MSG(1, ("msglen (%" MBEDTLS_PRINTF_SIZET + " ) < explicit_iv_len (%" MBEDTLS_PRINTF_SIZET ") ", + rec->data_len, + dynamic_iv_len)); + return MBEDTLS_ERR_SSL_INVALID_MAC; } dynamic_iv = data; data += dynamic_iv_len; rec->data_offset += dynamic_iv_len; rec->data_len -= dynamic_iv_len; - } - else - { + } else { dynamic_iv = rec->ctr; } /* Check that there's space for the authentication tag. */ - if( rec->data_len < transform->taglen ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "msglen (%" MBEDTLS_PRINTF_SIZET - ") < taglen (%" MBEDTLS_PRINTF_SIZET ") ", - rec->data_len, - transform->taglen ) ); - return( MBEDTLS_ERR_SSL_INVALID_MAC ); + if (rec->data_len < transform->taglen) { + MBEDTLS_SSL_DEBUG_MSG(1, ("msglen (%" MBEDTLS_PRINTF_SIZET + ") < taglen (%" MBEDTLS_PRINTF_SIZET ") ", + rec->data_len, + transform->taglen)); + return MBEDTLS_ERR_SSL_INVALID_MAC; } rec->data_len -= transform->taglen; /* * Prepare nonce from dynamic and static parts. */ - ssl_build_record_nonce( iv, sizeof( iv ), - transform->iv_dec, - transform->fixed_ivlen, - dynamic_iv, - dynamic_iv_len ); + ssl_build_record_nonce(iv, sizeof(iv), + transform->iv_dec, + transform->fixed_ivlen, + dynamic_iv, + dynamic_iv_len); /* * Build additional data for AEAD encryption. * This depends on the TLS version. */ - ssl_extract_add_data_from_record( add_data, &add_data_len, rec, - transform->minor_ver ); - MBEDTLS_SSL_DEBUG_BUF( 4, "additional data used for AEAD", - add_data, add_data_len ); + ssl_extract_add_data_from_record(add_data, &add_data_len, rec, + transform->minor_ver); + MBEDTLS_SSL_DEBUG_BUF(4, "additional data used for AEAD", + add_data, add_data_len); /* Because of the check above, we know that there are * explicit_iv_len Bytes preceding data, and taglen @@ -1260,49 +1235,45 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl, * the debug message and the invocation of * mbedtls_cipher_auth_decrypt() below. */ - MBEDTLS_SSL_DEBUG_BUF( 4, "IV used", iv, transform->ivlen ); - MBEDTLS_SSL_DEBUG_BUF( 4, "TAG used", data + rec->data_len, - transform->taglen ); + MBEDTLS_SSL_DEBUG_BUF(4, "IV used", iv, transform->ivlen); + MBEDTLS_SSL_DEBUG_BUF(4, "TAG used", data + rec->data_len, + transform->taglen); /* * Decrypt and authenticate */ - if( ( ret = mbedtls_cipher_auth_decrypt_ext( &transform->cipher_ctx_dec, - iv, transform->ivlen, - add_data, add_data_len, - data, rec->data_len + transform->taglen, /* src */ - data, rec->buf_len - (data - rec->buf), &olen, /* dst */ - transform->taglen ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_auth_decrypt", ret ); - - if( ret == MBEDTLS_ERR_CIPHER_AUTH_FAILED ) - return( MBEDTLS_ERR_SSL_INVALID_MAC ); + if ((ret = mbedtls_cipher_auth_decrypt_ext(&transform->cipher_ctx_dec, + iv, transform->ivlen, + add_data, add_data_len, + data, rec->data_len + transform->taglen, /* src */ + data, rec->buf_len - (data - rec->buf), &olen, /* dst */ + transform->taglen)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_cipher_auth_decrypt", ret); + + if (ret == MBEDTLS_ERR_CIPHER_AUTH_FAILED) { + return MBEDTLS_ERR_SSL_INVALID_MAC; + } - return( ret ); + return ret; } auth_done++; /* Double-check that AEAD decryption doesn't change content length. */ - if( olen != rec->data_len ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + if (olen != rec->data_len) { + MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); + return MBEDTLS_ERR_SSL_INTERNAL_ERROR; } - } - else + } else #endif /* MBEDTLS_GCM_C || MBEDTLS_CCM_C */ #if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC) - if( mode == MBEDTLS_MODE_CBC ) - { + if (mode == MBEDTLS_MODE_CBC) { size_t minlen = 0; /* * Check immediate ciphertext sanity */ #if defined(MBEDTLS_SSL_PROTO_TLS1_1) || defined(MBEDTLS_SSL_PROTO_TLS1_2) - if( transform->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_2 ) - { + if (transform->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_2) { /* The ciphertext is prefixed with the CBC IV. */ minlen += transform->ivlen; } @@ -1329,27 +1300,26 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl, * lower bound minlen + maclen + 1 on the record size, which * we test for in the second check below. */ - if( rec->data_len < minlen + transform->ivlen || - rec->data_len < minlen + transform->maclen + 1 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "msglen (%" MBEDTLS_PRINTF_SIZET - ") < max( ivlen(%" MBEDTLS_PRINTF_SIZET - "), maclen (%" MBEDTLS_PRINTF_SIZET ") " - "+ 1 ) ( + expl IV )", rec->data_len, - transform->ivlen, - transform->maclen ) ); - return( MBEDTLS_ERR_SSL_INVALID_MAC ); + if (rec->data_len < minlen + transform->ivlen || + rec->data_len < minlen + transform->maclen + 1) { + MBEDTLS_SSL_DEBUG_MSG(1, ("msglen (%" MBEDTLS_PRINTF_SIZET + ") < max( ivlen(%" MBEDTLS_PRINTF_SIZET + "), maclen (%" MBEDTLS_PRINTF_SIZET ") " + "+ 1 ) ( + expl IV )", + rec->data_len, + transform->ivlen, + transform->maclen)); + return MBEDTLS_ERR_SSL_INVALID_MAC; } /* * Authenticate before decrypt if enabled */ #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) - if( transform->encrypt_then_mac == MBEDTLS_SSL_ETM_ENABLED ) - { + if (transform->encrypt_then_mac == MBEDTLS_SSL_ETM_ENABLED) { unsigned char mac_expect[MBEDTLS_SSL_MAC_ADD]; - MBEDTLS_SSL_DEBUG_MSG( 3, ( "using encrypt then mac" ) ); + MBEDTLS_SSL_DEBUG_MSG(3, ("using encrypt then mac")); /* Update data_len in tandem with add_data. * @@ -1362,49 +1332,52 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl, * * Further, we still know that data_len > minlen */ rec->data_len -= transform->maclen; - ssl_extract_add_data_from_record( add_data, &add_data_len, rec, - transform->minor_ver ); + ssl_extract_add_data_from_record(add_data, &add_data_len, rec, + transform->minor_ver); /* Calculate expected MAC. */ - MBEDTLS_SSL_DEBUG_BUF( 4, "MAC'd meta-data", add_data, - add_data_len ); - ret = mbedtls_md_hmac_update( &transform->md_ctx_dec, add_data, - add_data_len ); - if( ret != 0 ) + MBEDTLS_SSL_DEBUG_BUF(4, "MAC'd meta-data", add_data, + add_data_len); + ret = mbedtls_md_hmac_update(&transform->md_ctx_dec, add_data, + add_data_len); + if (ret != 0) { goto hmac_failed_etm_enabled; - ret = mbedtls_md_hmac_update( &transform->md_ctx_dec, - data, rec->data_len ); - if( ret != 0 ) + } + ret = mbedtls_md_hmac_update(&transform->md_ctx_dec, + data, rec->data_len); + if (ret != 0) { goto hmac_failed_etm_enabled; - ret = mbedtls_md_hmac_finish( &transform->md_ctx_dec, mac_expect ); - if( ret != 0 ) + } + ret = mbedtls_md_hmac_finish(&transform->md_ctx_dec, mac_expect); + if (ret != 0) { goto hmac_failed_etm_enabled; - ret = mbedtls_md_hmac_reset( &transform->md_ctx_dec ); - if( ret != 0 ) + } + ret = mbedtls_md_hmac_reset(&transform->md_ctx_dec); + if (ret != 0) { goto hmac_failed_etm_enabled; + } - MBEDTLS_SSL_DEBUG_BUF( 4, "message mac", data + rec->data_len, - transform->maclen ); - MBEDTLS_SSL_DEBUG_BUF( 4, "expected mac", mac_expect, - transform->maclen ); + MBEDTLS_SSL_DEBUG_BUF(4, "message mac", data + rec->data_len, + transform->maclen); + MBEDTLS_SSL_DEBUG_BUF(4, "expected mac", mac_expect, + transform->maclen); /* Compare expected MAC with MAC at the end of the record. */ - if( mbedtls_ct_memcmp( data + rec->data_len, mac_expect, - transform->maclen ) != 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "message mac does not match" ) ); + if (mbedtls_ct_memcmp(data + rec->data_len, mac_expect, + transform->maclen) != 0) { + MBEDTLS_SSL_DEBUG_MSG(1, ("message mac does not match")); ret = MBEDTLS_ERR_SSL_INVALID_MAC; goto hmac_failed_etm_enabled; } auth_done++; - hmac_failed_etm_enabled: - mbedtls_platform_zeroize( mac_expect, transform->maclen ); - if( ret != 0 ) - { - if( ret != MBEDTLS_ERR_SSL_INVALID_MAC ) - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_hmac_xxx", ret ); - return( ret ); +hmac_failed_etm_enabled: + mbedtls_platform_zeroize(mac_expect, transform->maclen); + if (ret != 0) { + if (ret != MBEDTLS_ERR_SSL_INVALID_MAC) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_hmac_xxx", ret); + } + return ret; } } #endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */ @@ -1416,22 +1389,20 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl, /* We know from above that data_len > minlen >= 0, * so the following check in particular implies that * data_len >= minlen + ivlen ( = minlen or 2 * minlen ). */ - if( rec->data_len % transform->ivlen != 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "msglen (%" MBEDTLS_PRINTF_SIZET - ") %% ivlen (%" MBEDTLS_PRINTF_SIZET ") != 0", - rec->data_len, transform->ivlen ) ); - return( MBEDTLS_ERR_SSL_INVALID_MAC ); + if (rec->data_len % transform->ivlen != 0) { + MBEDTLS_SSL_DEBUG_MSG(1, ("msglen (%" MBEDTLS_PRINTF_SIZET + ") %% ivlen (%" MBEDTLS_PRINTF_SIZET ") != 0", + rec->data_len, transform->ivlen)); + return MBEDTLS_ERR_SSL_INVALID_MAC; } #if defined(MBEDTLS_SSL_PROTO_TLS1_1) || defined(MBEDTLS_SSL_PROTO_TLS1_2) /* * Initialize for prepended IV for block cipher in TLS v1.1 and up */ - if( transform->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_2 ) - { + if (transform->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_2) { /* Safe because data_len >= minlen + ivlen = 2 * ivlen. */ - memcpy( transform->iv_dec, data, transform->ivlen ); + memcpy(transform->iv_dec, data, transform->ivlen); data += transform->ivlen; rec->data_offset += transform->ivlen; @@ -1441,32 +1412,29 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl, /* We still have data_len % ivlen == 0 and data_len >= ivlen here. */ - if( ( ret = mbedtls_cipher_crypt( &transform->cipher_ctx_dec, - transform->iv_dec, transform->ivlen, - data, rec->data_len, data, &olen ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_crypt", ret ); - return( ret ); + if ((ret = mbedtls_cipher_crypt(&transform->cipher_ctx_dec, + transform->iv_dec, transform->ivlen, + data, rec->data_len, data, &olen)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_cipher_crypt", ret); + return ret; } /* Double-check that length hasn't changed during decryption. */ - if( rec->data_len != olen ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + if (rec->data_len != olen) { + MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); + return MBEDTLS_ERR_SSL_INTERNAL_ERROR; } #if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) - if( transform->minor_ver < MBEDTLS_SSL_MINOR_VERSION_2 ) - { + if (transform->minor_ver < MBEDTLS_SSL_MINOR_VERSION_2) { /* * Save IV in SSL3 and TLS1, where CBC decryption of consecutive * records is equivalent to CBC decryption of the concatenation * of the records; in other words, IVs are maintained across * record decryptions. */ - memcpy( transform->iv_dec, transform->cipher_ctx_dec.iv, - transform->ivlen ); + memcpy(transform->iv_dec, transform->cipher_ctx_dec.iv, + transform->ivlen); } #endif @@ -1476,31 +1444,27 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl, * >= ivlen ). */ padlen = data[rec->data_len - 1]; - if( auth_done == 1 ) - { + if (auth_done == 1) { const size_t mask = mbedtls_ct_size_mask_ge( - rec->data_len, - padlen + 1 ); + rec->data_len, + padlen + 1); correct &= mask; padlen &= mask; - } - else - { + } else { #if defined(MBEDTLS_SSL_DEBUG_ALL) - if( rec->data_len < transform->maclen + padlen + 1 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "msglen (%" MBEDTLS_PRINTF_SIZET - ") < maclen (%" MBEDTLS_PRINTF_SIZET - ") + padlen (%" MBEDTLS_PRINTF_SIZET ")", - rec->data_len, - transform->maclen, - padlen + 1 ) ); + if (rec->data_len < transform->maclen + padlen + 1) { + MBEDTLS_SSL_DEBUG_MSG(1, ("msglen (%" MBEDTLS_PRINTF_SIZET + ") < maclen (%" MBEDTLS_PRINTF_SIZET + ") + padlen (%" MBEDTLS_PRINTF_SIZET ")", + rec->data_len, + transform->maclen, + padlen + 1)); } #endif const size_t mask = mbedtls_ct_size_mask_ge( - rec->data_len, - transform->maclen + padlen + 1 ); + rec->data_len, + transform->maclen + padlen + 1); correct &= mask; padlen &= mask; } @@ -1511,28 +1475,25 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl, * we have data_len >= padlen here. */ #if defined(MBEDTLS_SSL_PROTO_SSL3) - if( transform->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ) - { + if (transform->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0) { /* This is the SSL 3.0 path, we don't have to worry about Lucky * 13, because there's a strictly worse padding attack built in * the protocol (known as part of POODLE), so we don't care if the * code is not constant-time, in particular branches are OK. */ - if( padlen > transform->ivlen ) - { + if (padlen > transform->ivlen) { #if defined(MBEDTLS_SSL_DEBUG_ALL) - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad padding length: is %" MBEDTLS_PRINTF_SIZET ", " - "should be no more than %" MBEDTLS_PRINTF_SIZET, - padlen, transform->ivlen ) ); + MBEDTLS_SSL_DEBUG_MSG(1, ("bad padding length: is %" MBEDTLS_PRINTF_SIZET ", " + "should be no more than %" + MBEDTLS_PRINTF_SIZET, + padlen, transform->ivlen)); #endif correct = 0; } - } - else + } else #endif /* MBEDTLS_SSL_PROTO_SSL3 */ #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \ - defined(MBEDTLS_SSL_PROTO_TLS1_2) - if( transform->minor_ver > MBEDTLS_SSL_MINOR_VERSION_0 ) - { + defined(MBEDTLS_SSL_PROTO_TLS1_2) + if (transform->minor_ver > MBEDTLS_SSL_MINOR_VERSION_0) { /* The padding check involves a series of up to 256 * consecutive memory reads at the end of the record * plaintext buffer. In order to hide the length and @@ -1540,7 +1501,7 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl, * `min(256,plaintext_len)` reads (but take into account * only the last `padlen` bytes for the padding check). */ size_t pad_count = 0; - volatile unsigned char* const check = data; + volatile unsigned char * const check = data; /* Index of first padding byte; it has been ensured above * that the subtraction is safe. */ @@ -1549,30 +1510,29 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl, size_t const start_idx = rec->data_len - num_checks; size_t idx; - for( idx = start_idx; idx < rec->data_len; idx++ ) - { + for (idx = start_idx; idx < rec->data_len; idx++) { /* pad_count += (idx >= padding_idx) && * (check[idx] == padlen - 1); */ - const size_t mask = mbedtls_ct_size_mask_ge( idx, padding_idx ); - const size_t equal = mbedtls_ct_size_bool_eq( check[idx], - padlen - 1 ); + const size_t mask = mbedtls_ct_size_mask_ge(idx, padding_idx); + const size_t equal = mbedtls_ct_size_bool_eq(check[idx], + padlen - 1); pad_count += mask & equal; } - correct &= mbedtls_ct_size_bool_eq( pad_count, padlen ); + correct &= mbedtls_ct_size_bool_eq(pad_count, padlen); #if defined(MBEDTLS_SSL_DEBUG_ALL) - if( padlen > 0 && correct == 0 ) - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad padding byte detected" ) ); + if (padlen > 0 && correct == 0) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad padding byte detected")); + } #endif - padlen &= mbedtls_ct_size_mask( correct ); - } - else + padlen &= mbedtls_ct_size_mask(correct); + } else #endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 || \ MBEDTLS_SSL_PROTO_TLS1_2 */ { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); + return MBEDTLS_ERR_SSL_INTERNAL_ERROR; } /* If the padding was found to be invalid, padlen == 0 @@ -1580,17 +1540,16 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl, * padlen hasn't been changed and the previous assertion * data_len >= padlen still holds. */ rec->data_len -= padlen; - } - else + } else #endif /* MBEDTLS_SSL_SOME_SUITES_USE_CBC */ { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); + return MBEDTLS_ERR_SSL_INTERNAL_ERROR; } #if defined(MBEDTLS_SSL_DEBUG_ALL) - MBEDTLS_SSL_DEBUG_BUF( 4, "raw buffer after decryption", - data, rec->data_len ); + MBEDTLS_SSL_DEBUG_BUF(4, "raw buffer after decryption", + data, rec->data_len); #endif /* @@ -1598,8 +1557,7 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl, * Compute the MAC regardless of the padding result (RFC4346, CBCTIME). */ #if defined(MBEDTLS_SSL_SOME_MODES_USE_MAC) - if( auth_done == 0 ) - { + if (auth_done == 0) { unsigned char mac_expect[MBEDTLS_SSL_MAC_ADD] = { 0 }; unsigned char mac_peer[MBEDTLS_SSL_MAC_ADD] = { 0 }; @@ -1617,30 +1575,26 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl, * hence data_len >= maclen in any case. */ rec->data_len -= transform->maclen; - ssl_extract_add_data_from_record( add_data, &add_data_len, rec, - transform->minor_ver ); + ssl_extract_add_data_from_record(add_data, &add_data_len, rec, + transform->minor_ver); #if defined(MBEDTLS_SSL_PROTO_SSL3) - if( transform->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ) - { - ret = ssl_mac( &transform->md_ctx_dec, - transform->mac_dec, - data, rec->data_len, - rec->ctr, rec->type, - mac_expect ); - if( ret != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "ssl_mac", ret ); + if (transform->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0) { + ret = ssl_mac(&transform->md_ctx_dec, + transform->mac_dec, + data, rec->data_len, + rec->ctr, rec->type, + mac_expect); + if (ret != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "ssl_mac", ret); goto hmac_failed_etm_disabled; } - memcpy( mac_peer, data + rec->data_len, transform->maclen ); - } - else + memcpy(mac_peer, data + rec->data_len, transform->maclen); + } else #endif /* MBEDTLS_SSL_PROTO_SSL3 */ #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \ defined(MBEDTLS_SSL_PROTO_TLS1_2) - if( transform->minor_ver > MBEDTLS_SSL_MINOR_VERSION_0 ) - { + if (transform->minor_ver > MBEDTLS_SSL_MINOR_VERSION_0) { /* * The next two sizes are the minimum and maximum values of * data_len over all padlen values. @@ -1652,92 +1606,90 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl, * length, as we previously did in_msglen -= maclen too. */ const size_t max_len = rec->data_len + padlen; - const size_t min_len = ( max_len > 256 ) ? max_len - 256 : 0; - - ret = mbedtls_ct_hmac( &transform->md_ctx_dec, - add_data, add_data_len, - data, rec->data_len, min_len, max_len, - mac_expect ); - if( ret != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ct_hmac", ret ); + const size_t min_len = (max_len > 256) ? max_len - 256 : 0; + + ret = mbedtls_ct_hmac(&transform->md_ctx_dec, + add_data, add_data_len, + data, rec->data_len, min_len, max_len, + mac_expect); + if (ret != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ct_hmac", ret); goto hmac_failed_etm_disabled; } - mbedtls_ct_memcpy_offset( mac_peer, data, - rec->data_len, - min_len, max_len, - transform->maclen ); - } - else + mbedtls_ct_memcpy_offset(mac_peer, data, + rec->data_len, + min_len, max_len, + transform->maclen); + } else #endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 || \ MBEDTLS_SSL_PROTO_TLS1_2 */ { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); + return MBEDTLS_ERR_SSL_INTERNAL_ERROR; } #if defined(MBEDTLS_SSL_DEBUG_ALL) - MBEDTLS_SSL_DEBUG_BUF( 4, "expected mac", mac_expect, transform->maclen ); - MBEDTLS_SSL_DEBUG_BUF( 4, "message mac", mac_peer, transform->maclen ); + MBEDTLS_SSL_DEBUG_BUF(4, "expected mac", mac_expect, transform->maclen); + MBEDTLS_SSL_DEBUG_BUF(4, "message mac", mac_peer, transform->maclen); #endif - if( mbedtls_ct_memcmp( mac_peer, mac_expect, - transform->maclen ) != 0 ) - { + if (mbedtls_ct_memcmp(mac_peer, mac_expect, + transform->maclen) != 0) { #if defined(MBEDTLS_SSL_DEBUG_ALL) - MBEDTLS_SSL_DEBUG_MSG( 1, ( "message mac does not match" ) ); + MBEDTLS_SSL_DEBUG_MSG(1, ("message mac does not match")); #endif correct = 0; } auth_done++; - hmac_failed_etm_disabled: - mbedtls_platform_zeroize( mac_peer, transform->maclen ); - mbedtls_platform_zeroize( mac_expect, transform->maclen ); - if( ret != 0 ) - return( ret ); +hmac_failed_etm_disabled: + mbedtls_platform_zeroize(mac_peer, transform->maclen); + mbedtls_platform_zeroize(mac_expect, transform->maclen); + if (ret != 0) { + return ret; + } } /* * Finally check the correct flag */ - if( correct == 0 ) - return( MBEDTLS_ERR_SSL_INVALID_MAC ); + if (correct == 0) { + return MBEDTLS_ERR_SSL_INVALID_MAC; + } #endif /* MBEDTLS_SSL_SOME_MODES_USE_MAC */ /* Make extra sure authentication was performed, exactly once */ - if( auth_done != 1 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + if (auth_done != 1) { + MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); + return MBEDTLS_ERR_SSL_INTERNAL_ERROR; } #if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) - if( transform->minor_ver == MBEDTLS_SSL_MINOR_VERSION_4 ) - { + if (transform->minor_ver == MBEDTLS_SSL_MINOR_VERSION_4) { /* Remove inner padding and infer true content type. */ - ret = ssl_parse_inner_plaintext( data, &rec->data_len, - &rec->type ); + ret = ssl_parse_inner_plaintext(data, &rec->data_len, + &rec->type); - if( ret != 0 ) - return( MBEDTLS_ERR_SSL_INVALID_RECORD ); + if (ret != 0) { + return MBEDTLS_ERR_SSL_INVALID_RECORD; + } } #endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) - if( rec->cid_len != 0 ) - { - ret = ssl_parse_inner_plaintext( data, &rec->data_len, - &rec->type ); - if( ret != 0 ) - return( MBEDTLS_ERR_SSL_INVALID_RECORD ); + if (rec->cid_len != 0) { + ret = ssl_parse_inner_plaintext(data, &rec->data_len, + &rec->type); + if (ret != 0) { + return MBEDTLS_ERR_SSL_INVALID_RECORD; + } } #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= decrypt buf" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("<= decrypt buf")); - return( 0 ); + return 0; } #undef MAC_NONE @@ -1749,7 +1701,7 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl, * Compression/decompression functions */ MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_compress_buf( mbedtls_ssl_context *ssl ) +static int ssl_compress_buf(mbedtls_ssl_context *ssl) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char *msg_post = ssl->out_msg; @@ -1762,47 +1714,47 @@ static int ssl_compress_buf( mbedtls_ssl_context *ssl ) size_t out_buf_len = MBEDTLS_SSL_OUT_BUFFER_LEN; #endif - MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> compress buf" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("=> compress buf")); - if( len_pre == 0 ) - return( 0 ); + if (len_pre == 0) { + return 0; + } - memcpy( msg_pre, ssl->out_msg, len_pre ); + memcpy(msg_pre, ssl->out_msg, len_pre); - MBEDTLS_SSL_DEBUG_MSG( 3, ( "before compression: msglen = %" MBEDTLS_PRINTF_SIZET ", ", - ssl->out_msglen ) ); + MBEDTLS_SSL_DEBUG_MSG(3, ("before compression: msglen = %" MBEDTLS_PRINTF_SIZET ", ", + ssl->out_msglen)); - MBEDTLS_SSL_DEBUG_BUF( 4, "before compression: output payload", - ssl->out_msg, ssl->out_msglen ); + MBEDTLS_SSL_DEBUG_BUF(4, "before compression: output payload", + ssl->out_msg, ssl->out_msglen); ssl->transform_out->ctx_deflate.next_in = msg_pre; ssl->transform_out->ctx_deflate.avail_in = len_pre; ssl->transform_out->ctx_deflate.next_out = msg_post; ssl->transform_out->ctx_deflate.avail_out = out_buf_len - bytes_written; - ret = deflate( &ssl->transform_out->ctx_deflate, Z_SYNC_FLUSH ); - if( ret != Z_OK ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "failed to perform compression (%d)", ret ) ); - return( MBEDTLS_ERR_SSL_COMPRESSION_FAILED ); + ret = deflate(&ssl->transform_out->ctx_deflate, Z_SYNC_FLUSH); + if (ret != Z_OK) { + MBEDTLS_SSL_DEBUG_MSG(1, ("failed to perform compression (%d)", ret)); + return MBEDTLS_ERR_SSL_COMPRESSION_FAILED; } ssl->out_msglen = out_buf_len - ssl->transform_out->ctx_deflate.avail_out - bytes_written; - MBEDTLS_SSL_DEBUG_MSG( 3, ( "after compression: msglen = %" MBEDTLS_PRINTF_SIZET ", ", - ssl->out_msglen ) ); + MBEDTLS_SSL_DEBUG_MSG(3, ("after compression: msglen = %" MBEDTLS_PRINTF_SIZET ", ", + ssl->out_msglen)); - MBEDTLS_SSL_DEBUG_BUF( 4, "after compression: output payload", - ssl->out_msg, ssl->out_msglen ); + MBEDTLS_SSL_DEBUG_BUF(4, "after compression: output payload", + ssl->out_msg, ssl->out_msglen); - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= compress buf" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("<= compress buf")); - return( 0 ); + return 0; } MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_decompress_buf( mbedtls_ssl_context *ssl ) +static int ssl_decompress_buf(mbedtls_ssl_context *ssl) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char *msg_post = ssl->in_msg; @@ -1815,43 +1767,43 @@ static int ssl_decompress_buf( mbedtls_ssl_context *ssl ) size_t in_buf_len = MBEDTLS_SSL_IN_BUFFER_LEN; #endif - MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> decompress buf" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("=> decompress buf")); - if( len_pre == 0 ) - return( 0 ); + if (len_pre == 0) { + return 0; + } - memcpy( msg_pre, ssl->in_msg, len_pre ); + memcpy(msg_pre, ssl->in_msg, len_pre); - MBEDTLS_SSL_DEBUG_MSG( 3, ( "before decompression: msglen = %" MBEDTLS_PRINTF_SIZET ", ", - ssl->in_msglen ) ); + MBEDTLS_SSL_DEBUG_MSG(3, ("before decompression: msglen = %" MBEDTLS_PRINTF_SIZET ", ", + ssl->in_msglen)); - MBEDTLS_SSL_DEBUG_BUF( 4, "before decompression: input payload", - ssl->in_msg, ssl->in_msglen ); + MBEDTLS_SSL_DEBUG_BUF(4, "before decompression: input payload", + ssl->in_msg, ssl->in_msglen); ssl->transform_in->ctx_inflate.next_in = msg_pre; ssl->transform_in->ctx_inflate.avail_in = len_pre; ssl->transform_in->ctx_inflate.next_out = msg_post; ssl->transform_in->ctx_inflate.avail_out = in_buf_len - header_bytes; - ret = inflate( &ssl->transform_in->ctx_inflate, Z_SYNC_FLUSH ); - if( ret != Z_OK ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "failed to perform decompression (%d)", ret ) ); - return( MBEDTLS_ERR_SSL_COMPRESSION_FAILED ); + ret = inflate(&ssl->transform_in->ctx_inflate, Z_SYNC_FLUSH); + if (ret != Z_OK) { + MBEDTLS_SSL_DEBUG_MSG(1, ("failed to perform decompression (%d)", ret)); + return MBEDTLS_ERR_SSL_COMPRESSION_FAILED; } ssl->in_msglen = in_buf_len - ssl->transform_in->ctx_inflate.avail_out - header_bytes; - MBEDTLS_SSL_DEBUG_MSG( 3, ( "after decompression: msglen = %" MBEDTLS_PRINTF_SIZET ", ", - ssl->in_msglen ) ); + MBEDTLS_SSL_DEBUG_MSG(3, ("after decompression: msglen = %" MBEDTLS_PRINTF_SIZET ", ", + ssl->in_msglen)); - MBEDTLS_SSL_DEBUG_BUF( 4, "after decompression: input payload", - ssl->in_msg, ssl->in_msglen ); + MBEDTLS_SSL_DEBUG_BUF(4, "after decompression: input payload", + ssl->in_msg, ssl->in_msglen); - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= decompress buf" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("<= decompress buf")); - return( 0 ); + return 0; } #endif /* MBEDTLS_ZLIB_SUPPORT */ @@ -1870,7 +1822,7 @@ static int ssl_decompress_buf( mbedtls_ssl_context *ssl ) * For DTLS, it is up to the caller to set ssl->next_record_offset when * they're done reading a record. */ -int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want ) +int mbedtls_ssl_fetch_input(mbedtls_ssl_context *ssl, size_t nb_want) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len; @@ -1880,23 +1832,20 @@ int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want ) size_t in_buf_len = MBEDTLS_SSL_IN_BUFFER_LEN; #endif - MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> fetch input" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("=> fetch input")); - if( ssl->f_recv == NULL && ssl->f_recv_timeout == NULL ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "Bad usage of mbedtls_ssl_set_bio() " ) ); - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + if (ssl->f_recv == NULL && ssl->f_recv_timeout == NULL) { + MBEDTLS_SSL_DEBUG_MSG(1, ("Bad usage of mbedtls_ssl_set_bio() ")); + return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; } - if( nb_want > in_buf_len - (size_t)( ssl->in_hdr - ssl->in_buf ) ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "requesting more data than fits" ) ); - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + if (nb_want > in_buf_len - (size_t) (ssl->in_hdr - ssl->in_buf)) { + MBEDTLS_SSL_DEBUG_MSG(1, ("requesting more data than fits")); + return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; } #if defined(MBEDTLS_SSL_PROTO_DTLS) - if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) - { + if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { uint32_t timeout; /* @@ -1909,40 +1858,36 @@ int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want ) /* * Move to the next record in the already read datagram if applicable */ - if( ssl->next_record_offset != 0 ) - { - if( ssl->in_left < ssl->next_record_offset ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + if (ssl->next_record_offset != 0) { + if (ssl->in_left < ssl->next_record_offset) { + MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); + return MBEDTLS_ERR_SSL_INTERNAL_ERROR; } ssl->in_left -= ssl->next_record_offset; - if( ssl->in_left != 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "next record in same datagram, offset: %" - MBEDTLS_PRINTF_SIZET, - ssl->next_record_offset ) ); - memmove( ssl->in_hdr, - ssl->in_hdr + ssl->next_record_offset, - ssl->in_left ); + if (ssl->in_left != 0) { + MBEDTLS_SSL_DEBUG_MSG(2, ("next record in same datagram, offset: %" + MBEDTLS_PRINTF_SIZET, + ssl->next_record_offset)); + memmove(ssl->in_hdr, + ssl->in_hdr + ssl->next_record_offset, + ssl->in_left); } ssl->next_record_offset = 0; } - MBEDTLS_SSL_DEBUG_MSG( 2, ( "in_left: %" MBEDTLS_PRINTF_SIZET - ", nb_want: %" MBEDTLS_PRINTF_SIZET, - ssl->in_left, nb_want ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("in_left: %" MBEDTLS_PRINTF_SIZET + ", nb_want: %" MBEDTLS_PRINTF_SIZET, + ssl->in_left, nb_want)); /* * Done if we already have enough data. */ - if( nb_want <= ssl->in_left) - { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= fetch input" ) ); - return( 0 ); + if (nb_want <= ssl->in_left) { + MBEDTLS_SSL_DEBUG_MSG(2, ("<= fetch input")); + return 0; } /* @@ -1950,10 +1895,9 @@ int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want ) * are not at the beginning of a new record, the caller did something * wrong. */ - if( ssl->in_left != 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + if (ssl->in_left != 0) { + MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); + return MBEDTLS_ERR_SSL_INTERNAL_ERROR; } /* @@ -1961,195 +1905,182 @@ int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want ) * This avoids by-passing the timer when repeatedly receiving messages * that will end up being dropped. */ - if( mbedtls_ssl_check_timer( ssl ) != 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "timer has expired" ) ); + if (mbedtls_ssl_check_timer(ssl) != 0) { + MBEDTLS_SSL_DEBUG_MSG(2, ("timer has expired")); ret = MBEDTLS_ERR_SSL_TIMEOUT; - } - else - { - len = in_buf_len - ( ssl->in_hdr - ssl->in_buf ); + } else { + len = in_buf_len - (ssl->in_hdr - ssl->in_buf); - if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER ) + if (ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER) { timeout = ssl->handshake->retransmit_timeout; - else + } else { timeout = ssl->conf->read_timeout; + } - MBEDTLS_SSL_DEBUG_MSG( 3, ( "f_recv_timeout: %lu ms", (unsigned long) timeout ) ); + MBEDTLS_SSL_DEBUG_MSG(3, ("f_recv_timeout: %lu ms", (unsigned long) timeout)); - if( ssl->f_recv_timeout != NULL ) - ret = ssl->f_recv_timeout( ssl->p_bio, ssl->in_hdr, len, - timeout ); - else - ret = ssl->f_recv( ssl->p_bio, ssl->in_hdr, len ); + if (ssl->f_recv_timeout != NULL) { + ret = ssl->f_recv_timeout(ssl->p_bio, ssl->in_hdr, len, + timeout); + } else { + ret = ssl->f_recv(ssl->p_bio, ssl->in_hdr, len); + } - MBEDTLS_SSL_DEBUG_RET( 2, "ssl->f_recv(_timeout)", ret ); + MBEDTLS_SSL_DEBUG_RET(2, "ssl->f_recv(_timeout)", ret); - if( ret == 0 ) - return( MBEDTLS_ERR_SSL_CONN_EOF ); + if (ret == 0) { + return MBEDTLS_ERR_SSL_CONN_EOF; + } } - if( ret == MBEDTLS_ERR_SSL_TIMEOUT ) - { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "timeout" ) ); - mbedtls_ssl_set_timer( ssl, 0 ); + if (ret == MBEDTLS_ERR_SSL_TIMEOUT) { + MBEDTLS_SSL_DEBUG_MSG(2, ("timeout")); + mbedtls_ssl_set_timer(ssl, 0); - if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER ) - { - if( ssl_double_retransmit_timeout( ssl ) != 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "handshake timeout" ) ); - return( MBEDTLS_ERR_SSL_TIMEOUT ); + if (ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER) { + if (ssl_double_retransmit_timeout(ssl) != 0) { + MBEDTLS_SSL_DEBUG_MSG(1, ("handshake timeout")); + return MBEDTLS_ERR_SSL_TIMEOUT; } - if( ( ret = mbedtls_ssl_resend( ssl ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_resend", ret ); - return( ret ); + if ((ret = mbedtls_ssl_resend(ssl)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_resend", ret); + return ret; } - return( MBEDTLS_ERR_SSL_WANT_READ ); + return MBEDTLS_ERR_SSL_WANT_READ; } #if defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_RENEGOTIATION) - else if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER && - ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_PENDING ) - { - if( ( ret = mbedtls_ssl_resend_hello_request( ssl ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_resend_hello_request", - ret ); - return( ret ); + else if (ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER && + ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_PENDING) { + if ((ret = mbedtls_ssl_resend_hello_request(ssl)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_resend_hello_request", + ret); + return ret; } - return( MBEDTLS_ERR_SSL_WANT_READ ); + return MBEDTLS_ERR_SSL_WANT_READ; } #endif /* MBEDTLS_SSL_SRV_C && MBEDTLS_SSL_RENEGOTIATION */ } - if( ret < 0 ) - return( ret ); + if (ret < 0) { + return ret; + } ssl->in_left = ret; - } - else + } else #endif { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "in_left: %" MBEDTLS_PRINTF_SIZET - ", nb_want: %" MBEDTLS_PRINTF_SIZET, - ssl->in_left, nb_want ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("in_left: %" MBEDTLS_PRINTF_SIZET + ", nb_want: %" MBEDTLS_PRINTF_SIZET, + ssl->in_left, nb_want)); - while( ssl->in_left < nb_want ) - { + while (ssl->in_left < nb_want) { len = nb_want - ssl->in_left; - if( mbedtls_ssl_check_timer( ssl ) != 0 ) + if (mbedtls_ssl_check_timer(ssl) != 0) { ret = MBEDTLS_ERR_SSL_TIMEOUT; - else - { - if( ssl->f_recv_timeout != NULL ) - { - ret = ssl->f_recv_timeout( ssl->p_bio, - ssl->in_hdr + ssl->in_left, len, - ssl->conf->read_timeout ); - } - else - { - ret = ssl->f_recv( ssl->p_bio, - ssl->in_hdr + ssl->in_left, len ); + } else { + if (ssl->f_recv_timeout != NULL) { + ret = ssl->f_recv_timeout(ssl->p_bio, + ssl->in_hdr + ssl->in_left, len, + ssl->conf->read_timeout); + } else { + ret = ssl->f_recv(ssl->p_bio, + ssl->in_hdr + ssl->in_left, len); } } - MBEDTLS_SSL_DEBUG_MSG( 2, ( "in_left: %" MBEDTLS_PRINTF_SIZET - ", nb_want: %" MBEDTLS_PRINTF_SIZET, - ssl->in_left, nb_want ) ); - MBEDTLS_SSL_DEBUG_RET( 2, "ssl->f_recv(_timeout)", ret ); + MBEDTLS_SSL_DEBUG_MSG(2, ("in_left: %" MBEDTLS_PRINTF_SIZET + ", nb_want: %" MBEDTLS_PRINTF_SIZET, + ssl->in_left, nb_want)); + MBEDTLS_SSL_DEBUG_RET(2, "ssl->f_recv(_timeout)", ret); - if( ret == 0 ) - return( MBEDTLS_ERR_SSL_CONN_EOF ); + if (ret == 0) { + return MBEDTLS_ERR_SSL_CONN_EOF; + } - if( ret < 0 ) - return( ret ); + if (ret < 0) { + return ret; + } - if ( (size_t)ret > len || ( INT_MAX > SIZE_MAX && ret > (int)SIZE_MAX ) ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, - ( "f_recv returned %d bytes but only %" MBEDTLS_PRINTF_SIZET " were requested", - ret, len ) ); - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + if ((size_t) ret > len || (INT_MAX > SIZE_MAX && ret > (int) SIZE_MAX)) { + MBEDTLS_SSL_DEBUG_MSG(1, + ("f_recv returned %d bytes but only %" MBEDTLS_PRINTF_SIZET + " were requested", + ret, len)); + return MBEDTLS_ERR_SSL_INTERNAL_ERROR; } ssl->in_left += ret; } } - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= fetch input" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("<= fetch input")); - return( 0 ); + return 0; } /* * Flush any data not yet written */ -int mbedtls_ssl_flush_output( mbedtls_ssl_context *ssl ) +int mbedtls_ssl_flush_output(mbedtls_ssl_context *ssl) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char *buf; - MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> flush output" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("=> flush output")); - if( ssl->f_send == NULL ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "Bad usage of mbedtls_ssl_set_bio() " ) ); - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + if (ssl->f_send == NULL) { + MBEDTLS_SSL_DEBUG_MSG(1, ("Bad usage of mbedtls_ssl_set_bio() ")); + return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; } /* Avoid incrementing counter if data is flushed */ - if( ssl->out_left == 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= flush output" ) ); - return( 0 ); + if (ssl->out_left == 0) { + MBEDTLS_SSL_DEBUG_MSG(2, ("<= flush output")); + return 0; } - while( ssl->out_left > 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "message length: %" MBEDTLS_PRINTF_SIZET - ", out_left: %" MBEDTLS_PRINTF_SIZET, - mbedtls_ssl_out_hdr_len( ssl ) + ssl->out_msglen, ssl->out_left ) ); + while (ssl->out_left > 0) { + MBEDTLS_SSL_DEBUG_MSG(2, ("message length: %" MBEDTLS_PRINTF_SIZET + ", out_left: %" MBEDTLS_PRINTF_SIZET, + mbedtls_ssl_out_hdr_len(ssl) + ssl->out_msglen, ssl->out_left)); buf = ssl->out_hdr - ssl->out_left; - ret = ssl->f_send( ssl->p_bio, buf, ssl->out_left ); + ret = ssl->f_send(ssl->p_bio, buf, ssl->out_left); - MBEDTLS_SSL_DEBUG_RET( 2, "ssl->f_send", ret ); + MBEDTLS_SSL_DEBUG_RET(2, "ssl->f_send", ret); - if( ret <= 0 ) - return( ret ); + if (ret <= 0) { + return ret; + } - if( (size_t)ret > ssl->out_left || ( INT_MAX > SIZE_MAX && ret > (int)SIZE_MAX ) ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, - ( "f_send returned %d bytes but only %" MBEDTLS_PRINTF_SIZET " bytes were sent", - ret, ssl->out_left ) ); - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + if ((size_t) ret > ssl->out_left || (INT_MAX > SIZE_MAX && ret > (int) SIZE_MAX)) { + MBEDTLS_SSL_DEBUG_MSG(1, + ("f_send returned %d bytes but only %" MBEDTLS_PRINTF_SIZET + " bytes were sent", + ret, ssl->out_left)); + return MBEDTLS_ERR_SSL_INTERNAL_ERROR; } ssl->out_left -= ret; } #if defined(MBEDTLS_SSL_PROTO_DTLS) - if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) - { + if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { ssl->out_hdr = ssl->out_buf; - } - else + } else #endif { ssl->out_hdr = ssl->out_buf + 8; } - mbedtls_ssl_update_out_pointers( ssl, ssl->transform_out ); + mbedtls_ssl_update_out_pointers(ssl, ssl->transform_out); - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= flush output" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("<= flush output")); - return( 0 ); + return 0; } /* @@ -2160,64 +2091,61 @@ int mbedtls_ssl_flush_output( mbedtls_ssl_context *ssl ) * Append current handshake message to current outgoing flight */ MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_flight_append( mbedtls_ssl_context *ssl ) +static int ssl_flight_append(mbedtls_ssl_context *ssl) { mbedtls_ssl_flight_item *msg; - MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> ssl_flight_append" ) ); - MBEDTLS_SSL_DEBUG_BUF( 4, "message appended to flight", - ssl->out_msg, ssl->out_msglen ); + MBEDTLS_SSL_DEBUG_MSG(2, ("=> ssl_flight_append")); + MBEDTLS_SSL_DEBUG_BUF(4, "message appended to flight", + ssl->out_msg, ssl->out_msglen); /* Allocate space for current message */ - if( ( msg = mbedtls_calloc( 1, sizeof( mbedtls_ssl_flight_item ) ) ) == NULL ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc %" MBEDTLS_PRINTF_SIZET " bytes failed", - sizeof( mbedtls_ssl_flight_item ) ) ); - return( MBEDTLS_ERR_SSL_ALLOC_FAILED ); + if ((msg = mbedtls_calloc(1, sizeof(mbedtls_ssl_flight_item))) == NULL) { + MBEDTLS_SSL_DEBUG_MSG(1, ("alloc %" MBEDTLS_PRINTF_SIZET " bytes failed", + sizeof(mbedtls_ssl_flight_item))); + return MBEDTLS_ERR_SSL_ALLOC_FAILED; } - if( ( msg->p = mbedtls_calloc( 1, ssl->out_msglen ) ) == NULL ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc %" MBEDTLS_PRINTF_SIZET " bytes failed", - ssl->out_msglen ) ); - mbedtls_free( msg ); - return( MBEDTLS_ERR_SSL_ALLOC_FAILED ); + if ((msg->p = mbedtls_calloc(1, ssl->out_msglen)) == NULL) { + MBEDTLS_SSL_DEBUG_MSG(1, ("alloc %" MBEDTLS_PRINTF_SIZET " bytes failed", + ssl->out_msglen)); + mbedtls_free(msg); + return MBEDTLS_ERR_SSL_ALLOC_FAILED; } /* Copy current handshake message with headers */ - memcpy( msg->p, ssl->out_msg, ssl->out_msglen ); + memcpy(msg->p, ssl->out_msg, ssl->out_msglen); msg->len = ssl->out_msglen; msg->type = ssl->out_msgtype; msg->next = NULL; /* Append to the current flight */ - if( ssl->handshake->flight == NULL ) + if (ssl->handshake->flight == NULL) { ssl->handshake->flight = msg; - else - { + } else { mbedtls_ssl_flight_item *cur = ssl->handshake->flight; - while( cur->next != NULL ) + while (cur->next != NULL) { cur = cur->next; + } cur->next = msg; } - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= ssl_flight_append" ) ); - return( 0 ); + MBEDTLS_SSL_DEBUG_MSG(2, ("<= ssl_flight_append")); + return 0; } /* * Free the current flight of handshake messages */ -void mbedtls_ssl_flight_free( mbedtls_ssl_flight_item *flight ) +void mbedtls_ssl_flight_free(mbedtls_ssl_flight_item *flight) { mbedtls_ssl_flight_item *cur = flight; mbedtls_ssl_flight_item *next; - while( cur != NULL ) - { + while (cur != NULL) { next = cur->next; - mbedtls_free( cur->p ); - mbedtls_free( cur ); + mbedtls_free(cur->p); + mbedtls_free(cur); cur = next; } @@ -2227,18 +2155,17 @@ void mbedtls_ssl_flight_free( mbedtls_ssl_flight_item *flight ) * Swap transform_out and out_ctr with the alternative ones */ MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_swap_epochs( mbedtls_ssl_context *ssl ) +static int ssl_swap_epochs(mbedtls_ssl_context *ssl) { mbedtls_ssl_transform *tmp_transform; unsigned char tmp_out_ctr[8]; - if( ssl->transform_out == ssl->handshake->alt_transform_out ) - { - MBEDTLS_SSL_DEBUG_MSG( 3, ( "skip swap epochs" ) ); - return( 0 ); + if (ssl->transform_out == ssl->handshake->alt_transform_out) { + MBEDTLS_SSL_DEBUG_MSG(3, ("skip swap epochs")); + return 0; } - MBEDTLS_SSL_DEBUG_MSG( 3, ( "swap epochs" ) ); + MBEDTLS_SSL_DEBUG_MSG(3, ("swap epochs")); /* Swap transforms */ tmp_transform = ssl->transform_out; @@ -2246,42 +2173,40 @@ static int ssl_swap_epochs( mbedtls_ssl_context *ssl ) ssl->handshake->alt_transform_out = tmp_transform; /* Swap epoch + sequence_number */ - memcpy( tmp_out_ctr, ssl->cur_out_ctr, 8 ); - memcpy( ssl->cur_out_ctr, ssl->handshake->alt_out_ctr, 8 ); - memcpy( ssl->handshake->alt_out_ctr, tmp_out_ctr, 8 ); + memcpy(tmp_out_ctr, ssl->cur_out_ctr, 8); + memcpy(ssl->cur_out_ctr, ssl->handshake->alt_out_ctr, 8); + memcpy(ssl->handshake->alt_out_ctr, tmp_out_ctr, 8); /* Adjust to the newly activated transform */ - mbedtls_ssl_update_out_pointers( ssl, ssl->transform_out ); + mbedtls_ssl_update_out_pointers(ssl, ssl->transform_out); #if defined(MBEDTLS_SSL_HW_RECORD_ACCEL) - if( mbedtls_ssl_hw_record_activate != NULL ) - { - int ret = mbedtls_ssl_hw_record_activate( ssl, MBEDTLS_SSL_CHANNEL_OUTBOUND ); - if( ret != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_hw_record_activate", ret ); - return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); + if (mbedtls_ssl_hw_record_activate != NULL) { + int ret = mbedtls_ssl_hw_record_activate(ssl, MBEDTLS_SSL_CHANNEL_OUTBOUND); + if (ret != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_hw_record_activate", ret); + return MBEDTLS_ERR_SSL_HW_ACCEL_FAILED; } } #endif - return( 0 ); + return 0; } /* * Retransmit the current flight of messages. */ -int mbedtls_ssl_resend( mbedtls_ssl_context *ssl ) +int mbedtls_ssl_resend(mbedtls_ssl_context *ssl) { int ret = 0; - MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> mbedtls_ssl_resend" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("=> mbedtls_ssl_resend")); - ret = mbedtls_ssl_flight_transmit( ssl ); + ret = mbedtls_ssl_flight_transmit(ssl); - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= mbedtls_ssl_resend" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("<= mbedtls_ssl_resend")); - return( ret ); + return ret; } /* @@ -2291,121 +2216,117 @@ int mbedtls_ssl_resend( mbedtls_ssl_context *ssl ) * WANT_WRITE, causing us to exit this function and come back later. * This function must be called until state is no longer SENDING. */ -int mbedtls_ssl_flight_transmit( mbedtls_ssl_context *ssl ) +int mbedtls_ssl_flight_transmit(mbedtls_ssl_context *ssl) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> mbedtls_ssl_flight_transmit" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("=> mbedtls_ssl_flight_transmit")); - if( ssl->handshake->retransmit_state != MBEDTLS_SSL_RETRANS_SENDING ) - { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "initialise flight transmission" ) ); + if (ssl->handshake->retransmit_state != MBEDTLS_SSL_RETRANS_SENDING) { + MBEDTLS_SSL_DEBUG_MSG(2, ("initialise flight transmission")); ssl->handshake->cur_msg = ssl->handshake->flight; ssl->handshake->cur_msg_p = ssl->handshake->flight->p + 12; - ret = ssl_swap_epochs( ssl ); - if( ret != 0 ) - return( ret ); + ret = ssl_swap_epochs(ssl); + if (ret != 0) { + return ret; + } ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_SENDING; } - while( ssl->handshake->cur_msg != NULL ) - { + while (ssl->handshake->cur_msg != NULL) { size_t max_frag_len; const mbedtls_ssl_flight_item * const cur = ssl->handshake->cur_msg; int const is_finished = - ( cur->type == MBEDTLS_SSL_MSG_HANDSHAKE && - cur->p[0] == MBEDTLS_SSL_HS_FINISHED ); + (cur->type == MBEDTLS_SSL_MSG_HANDSHAKE && + cur->p[0] == MBEDTLS_SSL_HS_FINISHED); uint8_t const force_flush = ssl->disable_datagram_packing == 1 ? - SSL_FORCE_FLUSH : SSL_DONT_FORCE_FLUSH; + SSL_FORCE_FLUSH : SSL_DONT_FORCE_FLUSH; /* Swap epochs before sending Finished: we can't do it after * sending ChangeCipherSpec, in case write returns WANT_READ. * Must be done before copying, may change out_msg pointer */ - if( is_finished && ssl->handshake->cur_msg_p == ( cur->p + 12 ) ) - { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "swap epochs to send finished message" ) ); - ret = ssl_swap_epochs( ssl ); - if( ret != 0 ) - return( ret ); + if (is_finished && ssl->handshake->cur_msg_p == (cur->p + 12)) { + MBEDTLS_SSL_DEBUG_MSG(2, ("swap epochs to send finished message")); + ret = ssl_swap_epochs(ssl); + if (ret != 0) { + return ret; + } } - ret = ssl_get_remaining_payload_in_datagram( ssl ); - if( ret < 0 ) - return( ret ); + ret = ssl_get_remaining_payload_in_datagram(ssl); + if (ret < 0) { + return ret; + } max_frag_len = (size_t) ret; /* CCS is copied as is, while HS messages may need fragmentation */ - if( cur->type == MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC ) - { - if( max_frag_len == 0 ) - { - if( ( ret = mbedtls_ssl_flush_output( ssl ) ) != 0 ) - return( ret ); + if (cur->type == MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC) { + if (max_frag_len == 0) { + if ((ret = mbedtls_ssl_flush_output(ssl)) != 0) { + return ret; + } continue; } - memcpy( ssl->out_msg, cur->p, cur->len ); + memcpy(ssl->out_msg, cur->p, cur->len); ssl->out_msglen = cur->len; ssl->out_msgtype = cur->type; /* Update position inside current message */ ssl->handshake->cur_msg_p += cur->len; - } - else - { + } else { const unsigned char * const p = ssl->handshake->cur_msg_p; const size_t hs_len = cur->len - 12; - const size_t frag_off = p - ( cur->p + 12 ); + const size_t frag_off = p - (cur->p + 12); const size_t rem_len = hs_len - frag_off; size_t cur_hs_frag_len, max_hs_frag_len; - if( ( max_frag_len < 12 ) || ( max_frag_len == 12 && hs_len != 0 ) ) - { - if( is_finished ) - { - ret = ssl_swap_epochs( ssl ); - if( ret != 0 ) - return( ret ); + if ((max_frag_len < 12) || (max_frag_len == 12 && hs_len != 0)) { + if (is_finished) { + ret = ssl_swap_epochs(ssl); + if (ret != 0) { + return ret; + } } - if( ( ret = mbedtls_ssl_flush_output( ssl ) ) != 0 ) - return( ret ); + if ((ret = mbedtls_ssl_flush_output(ssl)) != 0) { + return ret; + } continue; } max_hs_frag_len = max_frag_len - 12; cur_hs_frag_len = rem_len > max_hs_frag_len ? - max_hs_frag_len : rem_len; + max_hs_frag_len : rem_len; - if( frag_off == 0 && cur_hs_frag_len != hs_len ) - { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "fragmenting handshake message (%u > %u)", - (unsigned) cur_hs_frag_len, - (unsigned) max_hs_frag_len ) ); + if (frag_off == 0 && cur_hs_frag_len != hs_len) { + MBEDTLS_SSL_DEBUG_MSG(2, ("fragmenting handshake message (%u > %u)", + (unsigned) cur_hs_frag_len, + (unsigned) max_hs_frag_len)); } /* Messages are stored with handshake headers as if not fragmented, * copy beginning of headers then fill fragmentation fields. * Handshake headers: type(1) len(3) seq(2) f_off(3) f_len(3) */ - memcpy( ssl->out_msg, cur->p, 6 ); + memcpy(ssl->out_msg, cur->p, 6); - ssl->out_msg[6] = MBEDTLS_BYTE_2( frag_off ); - ssl->out_msg[7] = MBEDTLS_BYTE_1( frag_off ); - ssl->out_msg[8] = MBEDTLS_BYTE_0( frag_off ); + ssl->out_msg[6] = MBEDTLS_BYTE_2(frag_off); + ssl->out_msg[7] = MBEDTLS_BYTE_1(frag_off); + ssl->out_msg[8] = MBEDTLS_BYTE_0(frag_off); - ssl->out_msg[ 9] = MBEDTLS_BYTE_2( cur_hs_frag_len ); - ssl->out_msg[10] = MBEDTLS_BYTE_1( cur_hs_frag_len ); - ssl->out_msg[11] = MBEDTLS_BYTE_0( cur_hs_frag_len ); + ssl->out_msg[9] = MBEDTLS_BYTE_2(cur_hs_frag_len); + ssl->out_msg[10] = MBEDTLS_BYTE_1(cur_hs_frag_len); + ssl->out_msg[11] = MBEDTLS_BYTE_0(cur_hs_frag_len); - MBEDTLS_SSL_DEBUG_BUF( 3, "handshake header", ssl->out_msg, 12 ); + MBEDTLS_SSL_DEBUG_BUF(3, "handshake header", ssl->out_msg, 12); /* Copy the handshake message content and set records fields */ - memcpy( ssl->out_msg + 12, p, cur_hs_frag_len ); + memcpy(ssl->out_msg + 12, p, cur_hs_frag_len); ssl->out_msglen = cur_hs_frag_len + 12; ssl->out_msgtype = cur->type; @@ -2414,52 +2335,47 @@ int mbedtls_ssl_flight_transmit( mbedtls_ssl_context *ssl ) } /* If done with the current message move to the next one if any */ - if( ssl->handshake->cur_msg_p >= cur->p + cur->len ) - { - if( cur->next != NULL ) - { + if (ssl->handshake->cur_msg_p >= cur->p + cur->len) { + if (cur->next != NULL) { ssl->handshake->cur_msg = cur->next; ssl->handshake->cur_msg_p = cur->next->p + 12; - } - else - { + } else { ssl->handshake->cur_msg = NULL; ssl->handshake->cur_msg_p = NULL; } } /* Actually send the message out */ - if( ( ret = mbedtls_ssl_write_record( ssl, force_flush ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_record", ret ); - return( ret ); + if ((ret = mbedtls_ssl_write_record(ssl, force_flush)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_record", ret); + return ret; } } - if( ( ret = mbedtls_ssl_flush_output( ssl ) ) != 0 ) - return( ret ); + if ((ret = mbedtls_ssl_flush_output(ssl)) != 0) { + return ret; + } /* Update state and set timer */ - if( ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER ) + if (ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER) { ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_FINISHED; - else - { + } else { ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_WAITING; - mbedtls_ssl_set_timer( ssl, ssl->handshake->retransmit_timeout ); + mbedtls_ssl_set_timer(ssl, ssl->handshake->retransmit_timeout); } - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= mbedtls_ssl_flight_transmit" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("<= mbedtls_ssl_flight_transmit")); - return( 0 ); + return 0; } /* * To be called when the last message of an incoming flight is received. */ -void mbedtls_ssl_recv_flight_completed( mbedtls_ssl_context *ssl ) +void mbedtls_ssl_recv_flight_completed(mbedtls_ssl_context *ssl) { /* We won't need to resend that one any more */ - mbedtls_ssl_flight_free( ssl->handshake->flight ); + mbedtls_ssl_flight_free(ssl->handshake->flight); ssl->handshake->flight = NULL; ssl->handshake->cur_msg = NULL; @@ -2470,35 +2386,33 @@ void mbedtls_ssl_recv_flight_completed( mbedtls_ssl_context *ssl ) ssl->handshake->buffering.seen_ccs = 0; /* Clear future message buffering structure. */ - mbedtls_ssl_buffering_free( ssl ); + mbedtls_ssl_buffering_free(ssl); /* Cancel timer */ - mbedtls_ssl_set_timer( ssl, 0 ); + mbedtls_ssl_set_timer(ssl, 0); - if( ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE && - ssl->in_msg[0] == MBEDTLS_SSL_HS_FINISHED ) - { + if (ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE && + ssl->in_msg[0] == MBEDTLS_SSL_HS_FINISHED) { ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_FINISHED; - } - else + } else { ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_PREPARING; + } } /* * To be called when the last message of an outgoing flight is send. */ -void mbedtls_ssl_send_flight_completed( mbedtls_ssl_context *ssl ) +void mbedtls_ssl_send_flight_completed(mbedtls_ssl_context *ssl) { - ssl_reset_retransmit_timeout( ssl ); - mbedtls_ssl_set_timer( ssl, ssl->handshake->retransmit_timeout ); + ssl_reset_retransmit_timeout(ssl); + mbedtls_ssl_set_timer(ssl, ssl->handshake->retransmit_timeout); - if( ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE && - ssl->in_msg[0] == MBEDTLS_SSL_HS_FINISHED ) - { + if (ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE && + ssl->in_msg[0] == MBEDTLS_SSL_HS_FINISHED) { ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_FINISHED; - } - else + } else { ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_WAITING; + } } #endif /* MBEDTLS_SSL_PROTO_DTLS */ @@ -2528,49 +2442,46 @@ void mbedtls_ssl_send_flight_completed( mbedtls_ssl_context *ssl ) * (including handshake headers but excluding record headers) * - ssl->out_msg: the record contents (handshake headers + content) */ -int mbedtls_ssl_write_handshake_msg( mbedtls_ssl_context *ssl ) +int mbedtls_ssl_write_handshake_msg(mbedtls_ssl_context *ssl) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; const size_t hs_len = ssl->out_msglen - 4; const unsigned char hs_type = ssl->out_msg[0]; - MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write handshake message" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("=> write handshake message")); /* * Sanity checks */ - if( ssl->out_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE && - ssl->out_msgtype != MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC ) - { + if (ssl->out_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE && + ssl->out_msgtype != MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC) { /* In SSLv3, the client might send a NoCertificate alert. */ #if defined(MBEDTLS_SSL_PROTO_SSL3) && defined(MBEDTLS_SSL_CLI_C) - if( ! ( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 && - ssl->out_msgtype == MBEDTLS_SSL_MSG_ALERT && - ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT ) ) + if (!(ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 && + ssl->out_msgtype == MBEDTLS_SSL_MSG_ALERT && + ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT)) #endif /* MBEDTLS_SSL_PROTO_SSL3 && MBEDTLS_SSL_SRV_C */ { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); + return MBEDTLS_ERR_SSL_INTERNAL_ERROR; } } /* Whenever we send anything different from a * HelloRequest we should be in a handshake - double check. */ - if( ! ( ssl->out_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE && - hs_type == MBEDTLS_SSL_HS_HELLO_REQUEST ) && - ssl->handshake == NULL ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + if (!(ssl->out_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE && + hs_type == MBEDTLS_SSL_HS_HELLO_REQUEST) && + ssl->handshake == NULL) { + MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); + return MBEDTLS_ERR_SSL_INTERNAL_ERROR; } #if defined(MBEDTLS_SSL_PROTO_DTLS) - if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && + if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && ssl->handshake != NULL && - ssl->handshake->retransmit_state == MBEDTLS_SSL_RETRANS_SENDING ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + ssl->handshake->retransmit_state == MBEDTLS_SSL_RETRANS_SENDING) { + MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); + return MBEDTLS_ERR_SSL_INTERNAL_ERROR; } #endif @@ -2582,24 +2493,22 @@ int mbedtls_ssl_write_handshake_msg( mbedtls_ssl_context *ssl ) * * Note: We deliberately do not check for the MTU or MFL here. */ - if( ssl->out_msglen > MBEDTLS_SSL_OUT_CONTENT_LEN ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "Record too large: " - "size %" MBEDTLS_PRINTF_SIZET - ", maximum %" MBEDTLS_PRINTF_SIZET, - ssl->out_msglen, - (size_t) MBEDTLS_SSL_OUT_CONTENT_LEN ) ); - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + if (ssl->out_msglen > MBEDTLS_SSL_OUT_CONTENT_LEN) { + MBEDTLS_SSL_DEBUG_MSG(1, ("Record too large: " + "size %" MBEDTLS_PRINTF_SIZET + ", maximum %" MBEDTLS_PRINTF_SIZET, + ssl->out_msglen, + (size_t) MBEDTLS_SSL_OUT_CONTENT_LEN)); + return MBEDTLS_ERR_SSL_INTERNAL_ERROR; } /* * Fill handshake headers */ - if( ssl->out_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE ) - { - ssl->out_msg[1] = MBEDTLS_BYTE_2( hs_len ); - ssl->out_msg[2] = MBEDTLS_BYTE_1( hs_len ); - ssl->out_msg[3] = MBEDTLS_BYTE_0( hs_len ); + if (ssl->out_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE) { + ssl->out_msg[1] = MBEDTLS_BYTE_2(hs_len); + ssl->out_msg[2] = MBEDTLS_BYTE_1(hs_len); + ssl->out_msg[3] = MBEDTLS_BYTE_0(hs_len); /* * DTLS has additional fields in the Handshake layer, @@ -2609,70 +2518,63 @@ int mbedtls_ssl_write_handshake_msg( mbedtls_ssl_context *ssl ) * uint24 fragment_length; */ #if defined(MBEDTLS_SSL_PROTO_DTLS) - if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) - { + if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { /* Make room for the additional DTLS fields */ - if( MBEDTLS_SSL_OUT_CONTENT_LEN - ssl->out_msglen < 8 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "DTLS handshake message too large: " - "size %" MBEDTLS_PRINTF_SIZET ", maximum %" MBEDTLS_PRINTF_SIZET, - hs_len, - (size_t) ( MBEDTLS_SSL_OUT_CONTENT_LEN - 12 ) ) ); - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + if (MBEDTLS_SSL_OUT_CONTENT_LEN - ssl->out_msglen < 8) { + MBEDTLS_SSL_DEBUG_MSG(1, ("DTLS handshake message too large: " + "size %" MBEDTLS_PRINTF_SIZET ", maximum %" + MBEDTLS_PRINTF_SIZET, + hs_len, + (size_t) (MBEDTLS_SSL_OUT_CONTENT_LEN - 12))); + return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; } - memmove( ssl->out_msg + 12, ssl->out_msg + 4, hs_len ); + memmove(ssl->out_msg + 12, ssl->out_msg + 4, hs_len); ssl->out_msglen += 8; /* Write message_seq and update it, except for HelloRequest */ - if( hs_type != MBEDTLS_SSL_HS_HELLO_REQUEST ) - { - MBEDTLS_PUT_UINT16_BE( ssl->handshake->out_msg_seq, ssl->out_msg, 4 ); - ++( ssl->handshake->out_msg_seq ); - } - else - { + if (hs_type != MBEDTLS_SSL_HS_HELLO_REQUEST) { + MBEDTLS_PUT_UINT16_BE(ssl->handshake->out_msg_seq, ssl->out_msg, 4); + ++(ssl->handshake->out_msg_seq); + } else { ssl->out_msg[4] = 0; ssl->out_msg[5] = 0; } /* Handshake hashes are computed without fragmentation, * so set frag_offset = 0 and frag_len = hs_len for now */ - memset( ssl->out_msg + 6, 0x00, 3 ); - memcpy( ssl->out_msg + 9, ssl->out_msg + 1, 3 ); + memset(ssl->out_msg + 6, 0x00, 3); + memcpy(ssl->out_msg + 9, ssl->out_msg + 1, 3); } #endif /* MBEDTLS_SSL_PROTO_DTLS */ /* Update running hashes of handshake messages seen */ - if( hs_type != MBEDTLS_SSL_HS_HELLO_REQUEST ) - ssl->handshake->update_checksum( ssl, ssl->out_msg, ssl->out_msglen ); + if (hs_type != MBEDTLS_SSL_HS_HELLO_REQUEST) { + ssl->handshake->update_checksum(ssl, ssl->out_msg, ssl->out_msglen); + } } /* Either send now, or just save to be sent (and resent) later */ #if defined(MBEDTLS_SSL_PROTO_DTLS) - if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && - ! ( ssl->out_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE && - hs_type == MBEDTLS_SSL_HS_HELLO_REQUEST ) ) - { - if( ( ret = ssl_flight_append( ssl ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "ssl_flight_append", ret ); - return( ret ); - } - } - else + if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && + !(ssl->out_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE && + hs_type == MBEDTLS_SSL_HS_HELLO_REQUEST)) { + if ((ret = ssl_flight_append(ssl)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "ssl_flight_append", ret); + return ret; + } + } else #endif { - if( ( ret = mbedtls_ssl_write_record( ssl, SSL_FORCE_FLUSH ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_record", ret ); - return( ret ); + if ((ret = mbedtls_ssl_write_record(ssl, SSL_FORCE_FLUSH)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "ssl_write_record", ret); + return ret; } } - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write handshake message" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("<= write handshake message")); - return( 0 ); + return 0; } /* @@ -2687,22 +2589,20 @@ int mbedtls_ssl_write_handshake_msg( mbedtls_ssl_context *ssl ) * - ssl->out_msglen: length of the record content (excl headers) * - ssl->out_msg: record content */ -int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl, uint8_t force_flush ) +int mbedtls_ssl_write_record(mbedtls_ssl_context *ssl, uint8_t force_flush) { int ret, done = 0; size_t len = ssl->out_msglen; uint8_t flush = force_flush; - MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write record" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("=> write record")); #if defined(MBEDTLS_ZLIB_SUPPORT) - if( ssl->transform_out != NULL && - ssl->session_out->compression == MBEDTLS_SSL_COMPRESS_DEFLATE ) - { - if( ( ret = ssl_compress_buf( ssl ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "ssl_compress_buf", ret ); - return( ret ); + if (ssl->transform_out != NULL && + ssl->session_out->compression == MBEDTLS_SSL_COMPRESS_DEFLATE) { + if ((ret = ssl_compress_buf(ssl)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "ssl_compress_buf", ret); + return ret; } len = ssl->out_msglen; @@ -2710,23 +2610,21 @@ int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl, uint8_t force_flush ) #endif /*MBEDTLS_ZLIB_SUPPORT */ #if defined(MBEDTLS_SSL_HW_RECORD_ACCEL) - if( mbedtls_ssl_hw_record_write != NULL ) - { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "going for mbedtls_ssl_hw_record_write()" ) ); + if (mbedtls_ssl_hw_record_write != NULL) { + MBEDTLS_SSL_DEBUG_MSG(2, ("going for mbedtls_ssl_hw_record_write()")); - ret = mbedtls_ssl_hw_record_write( ssl ); - if( ret != 0 && ret != MBEDTLS_ERR_SSL_HW_ACCEL_FALLTHROUGH ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_hw_record_write", ret ); - return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); + ret = mbedtls_ssl_hw_record_write(ssl); + if (ret != 0 && ret != MBEDTLS_ERR_SSL_HW_ACCEL_FALLTHROUGH) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_hw_record_write", ret); + return MBEDTLS_ERR_SSL_HW_ACCEL_FAILED; } - if( ret == 0 ) + if (ret == 0) { done = 1; + } } #endif /* MBEDTLS_SSL_HW_RECORD_ACCEL */ - if( !done ) - { + if (!done) { unsigned i; size_t protected_record_size; #if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) @@ -2737,24 +2635,23 @@ int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl, uint8_t force_flush ) /* Skip writing the record content type to after the encryption, * as it may change when using the CID extension. */ - mbedtls_ssl_write_version( ssl->major_ver, ssl->minor_ver, - ssl->conf->transport, ssl->out_hdr + 1 ); + mbedtls_ssl_write_version(ssl->major_ver, ssl->minor_ver, + ssl->conf->transport, ssl->out_hdr + 1); - memcpy( ssl->out_ctr, ssl->cur_out_ctr, 8 ); - MBEDTLS_PUT_UINT16_BE( len, ssl->out_len, 0); + memcpy(ssl->out_ctr, ssl->cur_out_ctr, 8); + MBEDTLS_PUT_UINT16_BE(len, ssl->out_len, 0); - if( ssl->transform_out != NULL ) - { + if (ssl->transform_out != NULL) { mbedtls_record rec; rec.buf = ssl->out_iv; - rec.buf_len = out_buf_len - ( ssl->out_iv - ssl->out_buf ); + rec.buf_len = out_buf_len - (ssl->out_iv - ssl->out_buf); rec.data_len = ssl->out_msglen; rec.data_offset = ssl->out_msg - rec.buf; - memcpy( &rec.ctr[0], ssl->out_ctr, 8 ); - mbedtls_ssl_write_version( ssl->major_ver, ssl->minor_ver, - ssl->conf->transport, rec.ver ); + memcpy(&rec.ctr[0], ssl->out_ctr, 8); + mbedtls_ssl_write_version(ssl->major_ver, ssl->minor_ver, + ssl->conf->transport, rec.ver); rec.type = ssl->out_msgtype; #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) @@ -2762,43 +2659,40 @@ int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl, uint8_t force_flush ) rec.cid_len = 0; #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ - if( ( ret = mbedtls_ssl_encrypt_buf( ssl, ssl->transform_out, &rec, - ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "ssl_encrypt_buf", ret ); - return( ret ); + if ((ret = mbedtls_ssl_encrypt_buf(ssl, ssl->transform_out, &rec, + ssl->conf->f_rng, ssl->conf->p_rng)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "ssl_encrypt_buf", ret); + return ret; } - if( rec.data_offset != 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + if (rec.data_offset != 0) { + MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); + return MBEDTLS_ERR_SSL_INTERNAL_ERROR; } /* Update the record content type and CID. */ ssl->out_msgtype = rec.type; -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID ) - memcpy( ssl->out_cid, rec.cid, rec.cid_len ); +#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) + memcpy(ssl->out_cid, rec.cid, rec.cid_len); #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ ssl->out_msglen = len = rec.data_len; - MBEDTLS_PUT_UINT16_BE( rec.data_len, ssl->out_len, 0 ); + MBEDTLS_PUT_UINT16_BE(rec.data_len, ssl->out_len, 0); } - protected_record_size = len + mbedtls_ssl_out_hdr_len( ssl ); + protected_record_size = len + mbedtls_ssl_out_hdr_len(ssl); #if defined(MBEDTLS_SSL_PROTO_DTLS) /* In case of DTLS, double-check that we don't exceed * the remaining space in the datagram. */ - if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) - { - ret = ssl_get_remaining_space_in_datagram( ssl ); - if( ret < 0 ) - return( ret ); + if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { + ret = ssl_get_remaining_space_in_datagram(ssl); + if (ret < 0) { + return ret; + } - if( protected_record_size > (size_t) ret ) - { + if (protected_record_size > (size_t) ret) { /* Should never happen */ - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + return MBEDTLS_ERR_SSL_INTERNAL_ERROR; } } #endif /* MBEDTLS_SSL_PROTO_DTLS */ @@ -2806,133 +2700,131 @@ int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl, uint8_t force_flush ) /* Now write the potentially updated record content type. */ ssl->out_hdr[0] = (unsigned char) ssl->out_msgtype; - MBEDTLS_SSL_DEBUG_MSG( 3, ( "output record: msgtype = %u, " - "version = [%u:%u], msglen = %" MBEDTLS_PRINTF_SIZET, - ssl->out_hdr[0], ssl->out_hdr[1], - ssl->out_hdr[2], len ) ); + MBEDTLS_SSL_DEBUG_MSG(3, ("output record: msgtype = %u, " + "version = [%u:%u], msglen = %" MBEDTLS_PRINTF_SIZET, + ssl->out_hdr[0], ssl->out_hdr[1], + ssl->out_hdr[2], len)); - MBEDTLS_SSL_DEBUG_BUF( 4, "output record sent to network", - ssl->out_hdr, protected_record_size ); + MBEDTLS_SSL_DEBUG_BUF(4, "output record sent to network", + ssl->out_hdr, protected_record_size); ssl->out_left += protected_record_size; ssl->out_hdr += protected_record_size; - mbedtls_ssl_update_out_pointers( ssl, ssl->transform_out ); + mbedtls_ssl_update_out_pointers(ssl, ssl->transform_out); - for( i = 8; i > mbedtls_ssl_ep_len( ssl ); i-- ) - if( ++ssl->cur_out_ctr[i - 1] != 0 ) + for (i = 8; i > mbedtls_ssl_ep_len(ssl); i--) { + if (++ssl->cur_out_ctr[i - 1] != 0) { break; + } + } /* The loop goes to its end iff the counter is wrapping */ - if( i == mbedtls_ssl_ep_len( ssl ) ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "outgoing message counter would wrap" ) ); - return( MBEDTLS_ERR_SSL_COUNTER_WRAPPING ); + if (i == mbedtls_ssl_ep_len(ssl)) { + MBEDTLS_SSL_DEBUG_MSG(1, ("outgoing message counter would wrap")); + return MBEDTLS_ERR_SSL_COUNTER_WRAPPING; } } #if defined(MBEDTLS_SSL_PROTO_DTLS) - if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && - flush == SSL_DONT_FORCE_FLUSH ) - { + if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && + flush == SSL_DONT_FORCE_FLUSH) { size_t remaining; - ret = ssl_get_remaining_payload_in_datagram( ssl ); - if( ret < 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "ssl_get_remaining_payload_in_datagram", - ret ); - return( ret ); + ret = ssl_get_remaining_payload_in_datagram(ssl); + if (ret < 0) { + MBEDTLS_SSL_DEBUG_RET(1, "ssl_get_remaining_payload_in_datagram", + ret); + return ret; } remaining = (size_t) ret; - if( remaining == 0 ) - { + if (remaining == 0) { flush = SSL_FORCE_FLUSH; - } - else - { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "Still %u bytes available in current datagram", (unsigned) remaining ) ); + } else { + MBEDTLS_SSL_DEBUG_MSG(2, + ("Still %u bytes available in current datagram", + (unsigned) remaining)); } } #endif /* MBEDTLS_SSL_PROTO_DTLS */ - if( ( flush == SSL_FORCE_FLUSH ) && - ( ret = mbedtls_ssl_flush_output( ssl ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_flush_output", ret ); - return( ret ); + if ((flush == SSL_FORCE_FLUSH) && + (ret = mbedtls_ssl_flush_output(ssl)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_flush_output", ret); + return ret; } - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write record" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("<= write record")); - return( 0 ); + return 0; } #if defined(MBEDTLS_SSL_PROTO_DTLS) MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_hs_is_proper_fragment( mbedtls_ssl_context *ssl ) +static int ssl_hs_is_proper_fragment(mbedtls_ssl_context *ssl) { - if( ssl->in_msglen < ssl->in_hslen || - memcmp( ssl->in_msg + 6, "\0\0\0", 3 ) != 0 || - memcmp( ssl->in_msg + 9, ssl->in_msg + 1, 3 ) != 0 ) - { - return( 1 ); + if (ssl->in_msglen < ssl->in_hslen || + memcmp(ssl->in_msg + 6, "\0\0\0", 3) != 0 || + memcmp(ssl->in_msg + 9, ssl->in_msg + 1, 3) != 0) { + return 1; } - return( 0 ); + return 0; } -static uint32_t ssl_get_hs_frag_len( mbedtls_ssl_context const *ssl ) +static uint32_t ssl_get_hs_frag_len(mbedtls_ssl_context const *ssl) { - return( ( ssl->in_msg[9] << 16 ) | - ( ssl->in_msg[10] << 8 ) | - ssl->in_msg[11] ); + return (ssl->in_msg[9] << 16) | + (ssl->in_msg[10] << 8) | + ssl->in_msg[11]; } -static uint32_t ssl_get_hs_frag_off( mbedtls_ssl_context const *ssl ) +static uint32_t ssl_get_hs_frag_off(mbedtls_ssl_context const *ssl) { - return( ( ssl->in_msg[6] << 16 ) | - ( ssl->in_msg[7] << 8 ) | - ssl->in_msg[8] ); + return (ssl->in_msg[6] << 16) | + (ssl->in_msg[7] << 8) | + ssl->in_msg[8]; } MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_check_hs_header( mbedtls_ssl_context const *ssl ) +static int ssl_check_hs_header(mbedtls_ssl_context const *ssl) { uint32_t msg_len, frag_off, frag_len; - msg_len = ssl_get_hs_total_len( ssl ); - frag_off = ssl_get_hs_frag_off( ssl ); - frag_len = ssl_get_hs_frag_len( ssl ); + msg_len = ssl_get_hs_total_len(ssl); + frag_off = ssl_get_hs_frag_off(ssl); + frag_len = ssl_get_hs_frag_len(ssl); - if( frag_off > msg_len ) - return( -1 ); + if (frag_off > msg_len) { + return -1; + } - if( frag_len > msg_len - frag_off ) - return( -1 ); + if (frag_len > msg_len - frag_off) { + return -1; + } - if( frag_len + 12 > ssl->in_msglen ) - return( -1 ); + if (frag_len + 12 > ssl->in_msglen) { + return -1; + } - return( 0 ); + return 0; } /* * Mark bits in bitmask (used for DTLS HS reassembly) */ -static void ssl_bitmask_set( unsigned char *mask, size_t offset, size_t len ) +static void ssl_bitmask_set(unsigned char *mask, size_t offset, size_t len) { unsigned int start_bits, end_bits; - start_bits = 8 - ( offset % 8 ); - if( start_bits != 8 ) - { + start_bits = 8 - (offset % 8); + if (start_bits != 8) { size_t first_byte_idx = offset / 8; /* Special case */ - if( len <= start_bits ) - { - for( ; len != 0; len-- ) - mask[first_byte_idx] |= 1 << ( start_bits - len ); + if (len <= start_bits) { + for (; len != 0; len--) { + mask[first_byte_idx] |= 1 << (start_bits - len); + } /* Avoid potential issues with offset or len becoming invalid */ return; @@ -2941,134 +2833,134 @@ static void ssl_bitmask_set( unsigned char *mask, size_t offset, size_t len ) offset += start_bits; /* Now offset % 8 == 0 */ len -= start_bits; - for( ; start_bits != 0; start_bits-- ) - mask[first_byte_idx] |= 1 << ( start_bits - 1 ); + for (; start_bits != 0; start_bits--) { + mask[first_byte_idx] |= 1 << (start_bits - 1); + } } end_bits = len % 8; - if( end_bits != 0 ) - { - size_t last_byte_idx = ( offset + len ) / 8; + if (end_bits != 0) { + size_t last_byte_idx = (offset + len) / 8; len -= end_bits; /* Now len % 8 == 0 */ - for( ; end_bits != 0; end_bits-- ) - mask[last_byte_idx] |= 1 << ( 8 - end_bits ); + for (; end_bits != 0; end_bits--) { + mask[last_byte_idx] |= 1 << (8 - end_bits); + } } - memset( mask + offset / 8, 0xFF, len / 8 ); + memset(mask + offset / 8, 0xFF, len / 8); } /* * Check that bitmask is full */ MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_bitmask_check( unsigned char *mask, size_t len ) +static int ssl_bitmask_check(unsigned char *mask, size_t len) { size_t i; - for( i = 0; i < len / 8; i++ ) - if( mask[i] != 0xFF ) - return( -1 ); + for (i = 0; i < len / 8; i++) { + if (mask[i] != 0xFF) { + return -1; + } + } - for( i = 0; i < len % 8; i++ ) - if( ( mask[len / 8] & ( 1 << ( 7 - i ) ) ) == 0 ) - return( -1 ); + for (i = 0; i < len % 8; i++) { + if ((mask[len / 8] & (1 << (7 - i))) == 0) { + return -1; + } + } - return( 0 ); + return 0; } /* msg_len does not include the handshake header */ -static size_t ssl_get_reassembly_buffer_size( size_t msg_len, - unsigned add_bitmap ) +static size_t ssl_get_reassembly_buffer_size(size_t msg_len, + unsigned add_bitmap) { size_t alloc_len; alloc_len = 12; /* Handshake header */ alloc_len += msg_len; /* Content buffer */ - if( add_bitmap ) - alloc_len += msg_len / 8 + ( msg_len % 8 != 0 ); /* Bitmap */ + if (add_bitmap) { + alloc_len += msg_len / 8 + (msg_len % 8 != 0); /* Bitmap */ - return( alloc_len ); + } + return alloc_len; } #endif /* MBEDTLS_SSL_PROTO_DTLS */ -static uint32_t ssl_get_hs_total_len( mbedtls_ssl_context const *ssl ) +static uint32_t ssl_get_hs_total_len(mbedtls_ssl_context const *ssl) { - return( ( ssl->in_msg[1] << 16 ) | - ( ssl->in_msg[2] << 8 ) | - ssl->in_msg[3] ); + return (ssl->in_msg[1] << 16) | + (ssl->in_msg[2] << 8) | + ssl->in_msg[3]; } -int mbedtls_ssl_prepare_handshake_record( mbedtls_ssl_context *ssl ) +int mbedtls_ssl_prepare_handshake_record(mbedtls_ssl_context *ssl) { - if( ssl->in_msglen < mbedtls_ssl_hs_hdr_len( ssl ) ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "handshake message too short: %" MBEDTLS_PRINTF_SIZET, - ssl->in_msglen ) ); - return( MBEDTLS_ERR_SSL_INVALID_RECORD ); + if (ssl->in_msglen < mbedtls_ssl_hs_hdr_len(ssl)) { + MBEDTLS_SSL_DEBUG_MSG(1, ("handshake message too short: %" MBEDTLS_PRINTF_SIZET, + ssl->in_msglen)); + return MBEDTLS_ERR_SSL_INVALID_RECORD; } - ssl->in_hslen = mbedtls_ssl_hs_hdr_len( ssl ) + ssl_get_hs_total_len( ssl ); + ssl->in_hslen = mbedtls_ssl_hs_hdr_len(ssl) + ssl_get_hs_total_len(ssl); - MBEDTLS_SSL_DEBUG_MSG( 3, ( "handshake message: msglen =" - " %" MBEDTLS_PRINTF_SIZET ", type = %u, hslen = %" MBEDTLS_PRINTF_SIZET, - ssl->in_msglen, ssl->in_msg[0], ssl->in_hslen ) ); + MBEDTLS_SSL_DEBUG_MSG(3, ("handshake message: msglen =" + " %" MBEDTLS_PRINTF_SIZET ", type = %u, hslen = %" + MBEDTLS_PRINTF_SIZET, + ssl->in_msglen, ssl->in_msg[0], ssl->in_hslen)); #if defined(MBEDTLS_SSL_PROTO_DTLS) - if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) - { + if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - unsigned int recv_msg_seq = ( ssl->in_msg[4] << 8 ) | ssl->in_msg[5]; - - if( ssl_check_hs_header( ssl ) != 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "invalid handshake header" ) ); - return( MBEDTLS_ERR_SSL_INVALID_RECORD ); - } - - if( ssl->handshake != NULL && - ( ( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER && - recv_msg_seq != ssl->handshake->in_msg_seq ) || - ( ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER && - ssl->in_msg[0] != MBEDTLS_SSL_HS_CLIENT_HELLO ) ) ) - { - if( recv_msg_seq > ssl->handshake->in_msg_seq ) - { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "received future handshake message of sequence number %u (next %u)", - recv_msg_seq, - ssl->handshake->in_msg_seq ) ); - return( MBEDTLS_ERR_SSL_EARLY_MESSAGE ); + unsigned int recv_msg_seq = (ssl->in_msg[4] << 8) | ssl->in_msg[5]; + + if (ssl_check_hs_header(ssl) != 0) { + MBEDTLS_SSL_DEBUG_MSG(1, ("invalid handshake header")); + return MBEDTLS_ERR_SSL_INVALID_RECORD; + } + + if (ssl->handshake != NULL && + ((ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER && + recv_msg_seq != ssl->handshake->in_msg_seq) || + (ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER && + ssl->in_msg[0] != MBEDTLS_SSL_HS_CLIENT_HELLO))) { + if (recv_msg_seq > ssl->handshake->in_msg_seq) { + MBEDTLS_SSL_DEBUG_MSG(2, + ( + "received future handshake message of sequence number %u (next %u)", + recv_msg_seq, + ssl->handshake->in_msg_seq)); + return MBEDTLS_ERR_SSL_EARLY_MESSAGE; } /* Retransmit only on last message from previous flight, to avoid * too many retransmissions. * Besides, No sane server ever retransmits HelloVerifyRequest */ - if( recv_msg_seq == ssl->handshake->in_flight_start_seq - 1 && - ssl->in_msg[0] != MBEDTLS_SSL_HS_HELLO_VERIFY_REQUEST ) - { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "received message from last flight, " - "message_seq = %u, start_of_flight = %u", - recv_msg_seq, - ssl->handshake->in_flight_start_seq ) ); - - if( ( ret = mbedtls_ssl_resend( ssl ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_resend", ret ); - return( ret ); + if (recv_msg_seq == ssl->handshake->in_flight_start_seq - 1 && + ssl->in_msg[0] != MBEDTLS_SSL_HS_HELLO_VERIFY_REQUEST) { + MBEDTLS_SSL_DEBUG_MSG(2, ("received message from last flight, " + "message_seq = %u, start_of_flight = %u", + recv_msg_seq, + ssl->handshake->in_flight_start_seq)); + + if ((ret = mbedtls_ssl_resend(ssl)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_resend", ret); + return ret; } - } - else - { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "dropping out-of-sequence message: " - "message_seq = %u, expected = %u", - recv_msg_seq, - ssl->handshake->in_msg_seq ) ); + } else { + MBEDTLS_SSL_DEBUG_MSG(2, ("dropping out-of-sequence message: " + "message_seq = %u, expected = %u", + recv_msg_seq, + ssl->handshake->in_msg_seq)); } - return( MBEDTLS_ERR_SSL_CONTINUE_PROCESSING ); + return MBEDTLS_ERR_SSL_CONTINUE_PROCESSING; } /* Wait until message completion to increment in_msg_seq */ @@ -3076,38 +2968,33 @@ int mbedtls_ssl_prepare_handshake_record( mbedtls_ssl_context *ssl ) * messages; the commonality is that both handshake fragments and * future messages cannot be forwarded immediately to the * handshake logic layer. */ - if( ssl_hs_is_proper_fragment( ssl ) == 1 ) - { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "found fragmented DTLS handshake message" ) ); - return( MBEDTLS_ERR_SSL_EARLY_MESSAGE ); + if (ssl_hs_is_proper_fragment(ssl) == 1) { + MBEDTLS_SSL_DEBUG_MSG(2, ("found fragmented DTLS handshake message")); + return MBEDTLS_ERR_SSL_EARLY_MESSAGE; } - } - else + } else #endif /* MBEDTLS_SSL_PROTO_DTLS */ /* With TLS we don't handle fragmentation (for now) */ - if( ssl->in_msglen < ssl->in_hslen ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "TLS handshake fragmentation not supported" ) ); - return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE ); + if (ssl->in_msglen < ssl->in_hslen) { + MBEDTLS_SSL_DEBUG_MSG(1, ("TLS handshake fragmentation not supported")); + return MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; } - return( 0 ); + return 0; } -void mbedtls_ssl_update_handshake_status( mbedtls_ssl_context *ssl ) +void mbedtls_ssl_update_handshake_status(mbedtls_ssl_context *ssl) { mbedtls_ssl_handshake_params * const hs = ssl->handshake; - if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER && hs != NULL ) - { - ssl->handshake->update_checksum( ssl, ssl->in_msg, ssl->in_hslen ); + if (ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER && hs != NULL) { + ssl->handshake->update_checksum(ssl, ssl->in_msg, ssl->in_hslen); } /* Handshake message is complete, increment counter */ #if defined(MBEDTLS_SSL_PROTO_DTLS) - if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && - ssl->handshake != NULL ) - { + if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && + ssl->handshake != NULL) { unsigned offset; mbedtls_ssl_hs_buffer *hs_buf; @@ -3119,18 +3006,17 @@ void mbedtls_ssl_update_handshake_status( mbedtls_ssl_context *ssl ) */ /* Free first entry */ - ssl_buffering_free_slot( ssl, 0 ); + ssl_buffering_free_slot(ssl, 0); /* Shift all other entries */ - for( offset = 0, hs_buf = &hs->buffering.hs[0]; + for (offset = 0, hs_buf = &hs->buffering.hs[0]; offset + 1 < MBEDTLS_SSL_MAX_BUFFERED_HS; - offset++, hs_buf++ ) - { + offset++, hs_buf++) { *hs_buf = *(hs_buf + 1); } /* Create a fresh last entry */ - memset( hs_buf, 0, sizeof( mbedtls_ssl_hs_buffer ) ); + memset(hs_buf, 0, sizeof(mbedtls_ssl_hs_buffer)); } #endif } @@ -3146,24 +3032,24 @@ void mbedtls_ssl_update_handshake_status( mbedtls_ssl_context *ssl ) * not seen yet). */ #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) -void mbedtls_ssl_dtls_replay_reset( mbedtls_ssl_context *ssl ) +void mbedtls_ssl_dtls_replay_reset(mbedtls_ssl_context *ssl) { ssl->in_window_top = 0; ssl->in_window = 0; } -static inline uint64_t ssl_load_six_bytes( unsigned char *buf ) +static inline uint64_t ssl_load_six_bytes(unsigned char *buf) { - return( ( (uint64_t) buf[0] << 40 ) | - ( (uint64_t) buf[1] << 32 ) | - ( (uint64_t) buf[2] << 24 ) | - ( (uint64_t) buf[3] << 16 ) | - ( (uint64_t) buf[4] << 8 ) | - ( (uint64_t) buf[5] ) ); + return ((uint64_t) buf[0] << 40) | + ((uint64_t) buf[1] << 32) | + ((uint64_t) buf[2] << 24) | + ((uint64_t) buf[3] << 16) | + ((uint64_t) buf[4] << 8) | + ((uint64_t) buf[5]); } MBEDTLS_CHECK_RETURN_CRITICAL -static int mbedtls_ssl_dtls_record_replay_check( mbedtls_ssl_context *ssl, uint8_t *record_in_ctr ) +static int mbedtls_ssl_dtls_record_replay_check(mbedtls_ssl_context *ssl, uint8_t *record_in_ctr) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char *original_in_ctr; @@ -3174,7 +3060,7 @@ static int mbedtls_ssl_dtls_record_replay_check( mbedtls_ssl_context *ssl, uint8 // use counter from record ssl->in_ctr = record_in_ctr; - ret = mbedtls_ssl_dtls_replay_check( (mbedtls_ssl_context const *) ssl ); + ret = mbedtls_ssl_dtls_replay_check((mbedtls_ssl_context const *) ssl); // restore the counter ssl->in_ctr = original_in_ctr; @@ -3185,60 +3071,62 @@ static int mbedtls_ssl_dtls_record_replay_check( mbedtls_ssl_context *ssl, uint8 /* * Return 0 if sequence number is acceptable, -1 otherwise */ -int mbedtls_ssl_dtls_replay_check( mbedtls_ssl_context const *ssl ) +int mbedtls_ssl_dtls_replay_check(mbedtls_ssl_context const *ssl) { - uint64_t rec_seqnum = ssl_load_six_bytes( ssl->in_ctr + 2 ); + uint64_t rec_seqnum = ssl_load_six_bytes(ssl->in_ctr + 2); uint64_t bit; - if( ssl->conf->anti_replay == MBEDTLS_SSL_ANTI_REPLAY_DISABLED ) - return( 0 ); + if (ssl->conf->anti_replay == MBEDTLS_SSL_ANTI_REPLAY_DISABLED) { + return 0; + } - if( rec_seqnum > ssl->in_window_top ) - return( 0 ); + if (rec_seqnum > ssl->in_window_top) { + return 0; + } bit = ssl->in_window_top - rec_seqnum; - if( bit >= 64 ) - return( -1 ); + if (bit >= 64) { + return -1; + } - if( ( ssl->in_window & ( (uint64_t) 1 << bit ) ) != 0 ) - return( -1 ); + if ((ssl->in_window & ((uint64_t) 1 << bit)) != 0) { + return -1; + } - return( 0 ); + return 0; } /* * Update replay window on new validated record */ -void mbedtls_ssl_dtls_replay_update( mbedtls_ssl_context *ssl ) +void mbedtls_ssl_dtls_replay_update(mbedtls_ssl_context *ssl) { - uint64_t rec_seqnum = ssl_load_six_bytes( ssl->in_ctr + 2 ); + uint64_t rec_seqnum = ssl_load_six_bytes(ssl->in_ctr + 2); - if( ssl->conf->anti_replay == MBEDTLS_SSL_ANTI_REPLAY_DISABLED ) + if (ssl->conf->anti_replay == MBEDTLS_SSL_ANTI_REPLAY_DISABLED) { return; + } - if( rec_seqnum > ssl->in_window_top ) - { + if (rec_seqnum > ssl->in_window_top) { /* Update window_top and the contents of the window */ uint64_t shift = rec_seqnum - ssl->in_window_top; - if( shift >= 64 ) + if (shift >= 64) { ssl->in_window = 1; - else - { + } else { ssl->in_window <<= shift; ssl->in_window |= 1; } ssl->in_window_top = rec_seqnum; - } - else - { + } else { /* Mark that number as seen in the current window */ uint64_t bit = ssl->in_window_top - rec_seqnum; - if( bit < 64 ) /* Always true, but be extra sure */ + if (bit < 64) { /* Always true, but be extra sure */ ssl->in_window |= (uint64_t) 1 << bit; + } } } #endif /* MBEDTLS_SSL_DTLS_ANTI_REPLAY */ @@ -3258,10 +3146,10 @@ void mbedtls_ssl_dtls_replay_update( mbedtls_ssl_context *ssl ) MBEDTLS_CHECK_RETURN_CRITICAL MBEDTLS_STATIC_TESTABLE int mbedtls_ssl_check_dtls_clihlo_cookie( - mbedtls_ssl_context *ssl, - const unsigned char *cli_id, size_t cli_id_len, - const unsigned char *in, size_t in_len, - unsigned char *obuf, size_t buf_len, size_t *olen ) + mbedtls_ssl_context *ssl, + const unsigned char *cli_id, size_t cli_id_len, + const unsigned char *in, size_t in_len, + unsigned char *obuf, size_t buf_len, size_t *olen) { size_t sid_len, cookie_len; unsigned char *p; @@ -3292,54 +3180,49 @@ int mbedtls_ssl_check_dtls_clihlo_cookie( * * Minimum length is 61 bytes. */ - MBEDTLS_SSL_DEBUG_MSG( 4, ( "check cookie: in_len=%u", - (unsigned) in_len ) ); - MBEDTLS_SSL_DEBUG_BUF( 4, "cli_id", cli_id, cli_id_len ); - if( in_len < 61 ) - { - MBEDTLS_SSL_DEBUG_MSG( 4, ( "check cookie: record too short" ) ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); - } - if( in[0] != MBEDTLS_SSL_MSG_HANDSHAKE || + MBEDTLS_SSL_DEBUG_MSG(4, ("check cookie: in_len=%u", + (unsigned) in_len)); + MBEDTLS_SSL_DEBUG_BUF(4, "cli_id", cli_id, cli_id_len); + if (in_len < 61) { + MBEDTLS_SSL_DEBUG_MSG(4, ("check cookie: record too short")); + return MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO; + } + if (in[0] != MBEDTLS_SSL_MSG_HANDSHAKE || in[3] != 0 || in[4] != 0 || - in[19] != 0 || in[20] != 0 || in[21] != 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 4, ( "check cookie: not a good ClientHello" ) ); - MBEDTLS_SSL_DEBUG_MSG( 4, ( " type=%u epoch=%u fragment_offset=%u", - in[0], - (unsigned) in[3] << 8 | in[4], - (unsigned) in[19] << 16 | in[20] << 8 | in[21] ) ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + in[19] != 0 || in[20] != 0 || in[21] != 0) { + MBEDTLS_SSL_DEBUG_MSG(4, ("check cookie: not a good ClientHello")); + MBEDTLS_SSL_DEBUG_MSG(4, (" type=%u epoch=%u fragment_offset=%u", + in[0], + (unsigned) in[3] << 8 | in[4], + (unsigned) in[19] << 16 | in[20] << 8 | in[21])); + return MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO; } sid_len = in[59]; - if( 59 + 1 + sid_len + 1 > in_len ) - { - MBEDTLS_SSL_DEBUG_MSG( 4, ( "check cookie: sid_len=%u > %u", - (unsigned) sid_len, - (unsigned) in_len - 61 ) ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + if (59 + 1 + sid_len + 1 > in_len) { + MBEDTLS_SSL_DEBUG_MSG(4, ("check cookie: sid_len=%u > %u", + (unsigned) sid_len, + (unsigned) in_len - 61)); + return MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO; } - MBEDTLS_SSL_DEBUG_BUF( 4, "sid received from network", - in + 60, sid_len ); + MBEDTLS_SSL_DEBUG_BUF(4, "sid received from network", + in + 60, sid_len); cookie_len = in[60 + sid_len]; - if( 59 + 1 + sid_len + 1 + cookie_len > in_len ) - { - MBEDTLS_SSL_DEBUG_MSG( 4, ( "check cookie: cookie_len=%u > %u", - (unsigned) cookie_len, - (unsigned) ( in_len - sid_len - 61 ) ) ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + if (59 + 1 + sid_len + 1 + cookie_len > in_len) { + MBEDTLS_SSL_DEBUG_MSG(4, ("check cookie: cookie_len=%u > %u", + (unsigned) cookie_len, + (unsigned) (in_len - sid_len - 61))); + return MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO; } - MBEDTLS_SSL_DEBUG_BUF( 4, "cookie received from network", - in + sid_len + 61, cookie_len ); - if( ssl->conf->f_cookie_check( ssl->conf->p_cookie, - in + sid_len + 61, cookie_len, - cli_id, cli_id_len ) == 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 4, ( "check cookie: valid" ) ); - return( 0 ); + MBEDTLS_SSL_DEBUG_BUF(4, "cookie received from network", + in + sid_len + 61, cookie_len); + if (ssl->conf->f_cookie_check(ssl->conf->p_cookie, + in + sid_len + 61, cookie_len, + cli_id, cli_id_len) == 0) { + MBEDTLS_SSL_DEBUG_MSG(4, ("check cookie: valid")); + return 0; } /* @@ -3362,36 +3245,36 @@ int mbedtls_ssl_check_dtls_clihlo_cookie( * * Minimum length is 28. */ - if( buf_len < 28 ) - return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL ); + if (buf_len < 28) { + return MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL; + } /* Copy most fields and adapt others */ - memcpy( obuf, in, 25 ); + memcpy(obuf, in, 25); obuf[13] = MBEDTLS_SSL_HS_HELLO_VERIFY_REQUEST; obuf[25] = 0xfe; obuf[26] = 0xff; /* Generate and write actual cookie */ p = obuf + 28; - if( ssl->conf->f_cookie_write( ssl->conf->p_cookie, - &p, obuf + buf_len, - cli_id, cli_id_len ) != 0 ) - { - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + if (ssl->conf->f_cookie_write(ssl->conf->p_cookie, + &p, obuf + buf_len, + cli_id, cli_id_len) != 0) { + return MBEDTLS_ERR_SSL_INTERNAL_ERROR; } *olen = p - obuf; /* Go back and fill length fields */ - obuf[27] = (unsigned char)( *olen - 28 ); + obuf[27] = (unsigned char) (*olen - 28); - obuf[14] = obuf[22] = MBEDTLS_BYTE_2( *olen - 25 ); - obuf[15] = obuf[23] = MBEDTLS_BYTE_1( *olen - 25 ); - obuf[16] = obuf[24] = MBEDTLS_BYTE_0( *olen - 25 ); + obuf[14] = obuf[22] = MBEDTLS_BYTE_2(*olen - 25); + obuf[15] = obuf[23] = MBEDTLS_BYTE_1(*olen - 25); + obuf[16] = obuf[24] = MBEDTLS_BYTE_0(*olen - 25); - MBEDTLS_PUT_UINT16_BE( *olen - 13, obuf, 11 ); + MBEDTLS_PUT_UINT16_BE(*olen - 13, obuf, 11); - return( MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED ); + return MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED; } /* @@ -3415,73 +3298,68 @@ int mbedtls_ssl_check_dtls_clihlo_cookie( * errors, and is the right thing to do in both cases). */ MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_handle_possible_reconnect( mbedtls_ssl_context *ssl ) +static int ssl_handle_possible_reconnect(mbedtls_ssl_context *ssl) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len; - if( ssl->conf->f_cookie_write == NULL || - ssl->conf->f_cookie_check == NULL ) - { + if (ssl->conf->f_cookie_write == NULL || + ssl->conf->f_cookie_check == NULL) { /* If we can't use cookies to verify reachability of the peer, * drop the record. */ - MBEDTLS_SSL_DEBUG_MSG( 1, ( "no cookie callbacks, " - "can't check reconnect validity" ) ); - return( 0 ); + MBEDTLS_SSL_DEBUG_MSG(1, ("no cookie callbacks, " + "can't check reconnect validity")); + return 0; } ret = mbedtls_ssl_check_dtls_clihlo_cookie( - ssl, - ssl->cli_id, ssl->cli_id_len, - ssl->in_buf, ssl->in_left, - ssl->out_buf, MBEDTLS_SSL_OUT_CONTENT_LEN, &len ); + ssl, + ssl->cli_id, ssl->cli_id_len, + ssl->in_buf, ssl->in_left, + ssl->out_buf, MBEDTLS_SSL_OUT_CONTENT_LEN, &len); - MBEDTLS_SSL_DEBUG_RET( 2, "mbedtls_ssl_check_dtls_clihlo_cookie", ret ); + MBEDTLS_SSL_DEBUG_RET(2, "mbedtls_ssl_check_dtls_clihlo_cookie", ret); - if( ret == MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED ) - { + if (ret == MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED) { int send_ret; - MBEDTLS_SSL_DEBUG_MSG( 1, ( "sending HelloVerifyRequest" ) ); - MBEDTLS_SSL_DEBUG_BUF( 4, "output record sent to network", - ssl->out_buf, len ); + MBEDTLS_SSL_DEBUG_MSG(1, ("sending HelloVerifyRequest")); + MBEDTLS_SSL_DEBUG_BUF(4, "output record sent to network", + ssl->out_buf, len); /* Don't check write errors as we can't do anything here. * If the error is permanent we'll catch it later, * if it's not, then hopefully it'll work next time. */ - send_ret = ssl->f_send( ssl->p_bio, ssl->out_buf, len ); - MBEDTLS_SSL_DEBUG_RET( 2, "ssl->f_send", send_ret ); + send_ret = ssl->f_send(ssl->p_bio, ssl->out_buf, len); + MBEDTLS_SSL_DEBUG_RET(2, "ssl->f_send", send_ret); (void) send_ret; - return( 0 ); + return 0; } - if( ret == 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "cookie is valid, resetting context" ) ); - if( ( ret = mbedtls_ssl_session_reset_int( ssl, 1 ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "reset", ret ); - return( ret ); + if (ret == 0) { + MBEDTLS_SSL_DEBUG_MSG(1, ("cookie is valid, resetting context")); + if ((ret = mbedtls_ssl_session_reset_int(ssl, 1)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "reset", ret); + return ret; } - return( MBEDTLS_ERR_SSL_CLIENT_RECONNECT ); + return MBEDTLS_ERR_SSL_CLIENT_RECONNECT; } - return( ret ); + return ret; } #endif /* MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE && MBEDTLS_SSL_SRV_C */ MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_check_record_type( uint8_t record_type ) +static int ssl_check_record_type(uint8_t record_type) { - if( record_type != MBEDTLS_SSL_MSG_HANDSHAKE && + if (record_type != MBEDTLS_SSL_MSG_HANDSHAKE && record_type != MBEDTLS_SSL_MSG_ALERT && record_type != MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC && - record_type != MBEDTLS_SSL_MSG_APPLICATION_DATA ) - { - return( MBEDTLS_ERR_SSL_INVALID_RECORD ); + record_type != MBEDTLS_SSL_MSG_APPLICATION_DATA) { + return MBEDTLS_ERR_SSL_INVALID_RECORD; } - return( 0 ); + return 0; } /* @@ -3504,10 +3382,10 @@ static int ssl_check_record_type( uint8_t record_type ) * the first record from a datagram but are still waiting for the others. */ MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_parse_record_header( mbedtls_ssl_context const *ssl, - unsigned char *buf, - size_t len, - mbedtls_record *rec ) +static int ssl_parse_record_header(mbedtls_ssl_context const *ssl, + unsigned char *buf, + size_t len, + mbedtls_record *rec) { int major_ver, minor_ver; @@ -3539,38 +3417,36 @@ static int ssl_parse_record_header( mbedtls_ssl_context const *ssl, */ #if defined(MBEDTLS_SSL_PROTO_DTLS) - if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) - { + if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { rec_hdr_len_offset = rec_hdr_ctr_offset + rec_hdr_ctr_len; - } - else + } else #endif /* MBEDTLS_SSL_PROTO_DTLS */ { rec_hdr_len_offset = rec_hdr_version_offset + rec_hdr_version_len; } - if( len < rec_hdr_len_offset + rec_hdr_len_len ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "datagram of length %u too small to hold DTLS record header of length %u", - (unsigned) len, - (unsigned)( rec_hdr_len_len + rec_hdr_len_len ) ) ); - return( MBEDTLS_ERR_SSL_INVALID_RECORD ); + if (len < rec_hdr_len_offset + rec_hdr_len_len) { + MBEDTLS_SSL_DEBUG_MSG(1, + ( + "datagram of length %u too small to hold DTLS record header of length %u", + (unsigned) len, + (unsigned) (rec_hdr_len_len + rec_hdr_len_len))); + return MBEDTLS_ERR_SSL_INVALID_RECORD; } /* * Parse and validate record content type */ - rec->type = buf[ rec_hdr_type_offset ]; + rec->type = buf[rec_hdr_type_offset]; /* Check record content type */ #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) rec->cid_len = 0; - if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && + if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && ssl->conf->cid_len != 0 && - rec->type == MBEDTLS_SSL_MSG_CID ) - { + rec->type == MBEDTLS_SSL_MSG_CID) { /* Shift pointers to account for record header including CID * struct { * ContentType special_type = tls12_cid; @@ -3589,70 +3465,65 @@ static int ssl_parse_record_header( mbedtls_ssl_context const *ssl, rec_hdr_cid_len = ssl->conf->cid_len; rec_hdr_len_offset += rec_hdr_cid_len; - if( len < rec_hdr_len_offset + rec_hdr_len_len ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "datagram of length %u too small to hold DTLS record header including CID, length %u", - (unsigned) len, - (unsigned)( rec_hdr_len_offset + rec_hdr_len_len ) ) ); - return( MBEDTLS_ERR_SSL_INVALID_RECORD ); + if (len < rec_hdr_len_offset + rec_hdr_len_len) { + MBEDTLS_SSL_DEBUG_MSG(1, + ( + "datagram of length %u too small to hold DTLS record header including CID, length %u", + (unsigned) len, + (unsigned) (rec_hdr_len_offset + rec_hdr_len_len))); + return MBEDTLS_ERR_SSL_INVALID_RECORD; } /* configured CID len is guaranteed at most 255, see * MBEDTLS_SSL_CID_OUT_LEN_MAX in check_config.h */ rec->cid_len = (uint8_t) rec_hdr_cid_len; - memcpy( rec->cid, buf + rec_hdr_cid_offset, rec_hdr_cid_len ); - } - else + memcpy(rec->cid, buf + rec_hdr_cid_offset, rec_hdr_cid_len); + } else #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ { - if( ssl_check_record_type( rec->type ) ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "unknown record type %u", - (unsigned) rec->type ) ); - return( MBEDTLS_ERR_SSL_INVALID_RECORD ); + if (ssl_check_record_type(rec->type)) { + MBEDTLS_SSL_DEBUG_MSG(1, ("unknown record type %u", + (unsigned) rec->type)); + return MBEDTLS_ERR_SSL_INVALID_RECORD; } } /* * Parse and validate record version */ - rec->ver[0] = buf[ rec_hdr_version_offset + 0 ]; - rec->ver[1] = buf[ rec_hdr_version_offset + 1 ]; - mbedtls_ssl_read_version( &major_ver, &minor_ver, - ssl->conf->transport, - &rec->ver[0] ); + rec->ver[0] = buf[rec_hdr_version_offset + 0]; + rec->ver[1] = buf[rec_hdr_version_offset + 1]; + mbedtls_ssl_read_version(&major_ver, &minor_ver, + ssl->conf->transport, + &rec->ver[0]); - if( major_ver != ssl->major_ver ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "major version mismatch: got %u, expected %u", - (unsigned) major_ver, - (unsigned) ssl->major_ver ) ); - return( MBEDTLS_ERR_SSL_INVALID_RECORD ); + if (major_ver != ssl->major_ver) { + MBEDTLS_SSL_DEBUG_MSG(1, ("major version mismatch: got %u, expected %u", + (unsigned) major_ver, + (unsigned) ssl->major_ver)); + return MBEDTLS_ERR_SSL_INVALID_RECORD; } - if( minor_ver > ssl->conf->max_minor_ver ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "minor version mismatch: got %u, expected max %u", - (unsigned) minor_ver, - (unsigned) ssl->conf->max_minor_ver ) ); - return( MBEDTLS_ERR_SSL_INVALID_RECORD ); + if (minor_ver > ssl->conf->max_minor_ver) { + MBEDTLS_SSL_DEBUG_MSG(1, ("minor version mismatch: got %u, expected max %u", + (unsigned) minor_ver, + (unsigned) ssl->conf->max_minor_ver)); + return MBEDTLS_ERR_SSL_INVALID_RECORD; } /* * Parse/Copy record sequence number. */ #if defined(MBEDTLS_SSL_PROTO_DTLS) - if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) - { + if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { /* Copy explicit record sequence number from input buffer. */ - memcpy( &rec->ctr[0], buf + rec_hdr_ctr_offset, - rec_hdr_ctr_len ); - } - else + memcpy(&rec->ctr[0], buf + rec_hdr_ctr_offset, + rec_hdr_ctr_len); + } else #endif /* MBEDTLS_SSL_PROTO_DTLS */ { /* Copy implicit record sequence number from SSL context structure. */ - memcpy( &rec->ctr[0], ssl->in_ctr, rec_hdr_ctr_len ); + memcpy(&rec->ctr[0], ssl->in_ctr, rec_hdr_ctr_len); } /* @@ -3660,20 +3531,21 @@ static int ssl_parse_record_header( mbedtls_ssl_context const *ssl, */ rec->data_offset = rec_hdr_len_offset + rec_hdr_len_len; - rec->data_len = ( (size_t) buf[ rec_hdr_len_offset + 0 ] << 8 ) | - ( (size_t) buf[ rec_hdr_len_offset + 1 ] << 0 ); - MBEDTLS_SSL_DEBUG_BUF( 4, "input record header", buf, rec->data_offset ); + rec->data_len = ((size_t) buf[rec_hdr_len_offset + 0] << 8) | + ((size_t) buf[rec_hdr_len_offset + 1] << 0); + MBEDTLS_SSL_DEBUG_BUF(4, "input record header", buf, rec->data_offset); - MBEDTLS_SSL_DEBUG_MSG( 3, ( "input record: msgtype = %u, " - "version = [%d:%d], msglen = %" MBEDTLS_PRINTF_SIZET, - rec->type, - major_ver, minor_ver, rec->data_len ) ); + MBEDTLS_SSL_DEBUG_MSG(3, ("input record: msgtype = %u, " + "version = [%d:%d], msglen = %" MBEDTLS_PRINTF_SIZET, + rec->type, + major_ver, minor_ver, rec->data_len)); rec->buf = buf; rec->buf_len = rec->data_offset + rec->data_len; - if( rec->data_len == 0 ) - return( MBEDTLS_ERR_SSL_INVALID_RECORD ); + if (rec->data_len == 0) { + return MBEDTLS_ERR_SSL_INVALID_RECORD; + } /* * DTLS-related tests. @@ -3688,61 +3560,58 @@ static int ssl_parse_record_header( mbedtls_ssl_context const *ssl, * record leads to the entire datagram being dropped. */ #if defined(MBEDTLS_SSL_PROTO_DTLS) - if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) - { - rec_epoch = ( rec->ctr[0] << 8 ) | rec->ctr[1]; + if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { + rec_epoch = (rec->ctr[0] << 8) | rec->ctr[1]; /* Check that the datagram is large enough to contain a record * of the advertised length. */ - if( len < rec->data_offset + rec->data_len ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "Datagram of length %u too small to contain record of advertised length %u.", - (unsigned) len, - (unsigned)( rec->data_offset + rec->data_len ) ) ); - return( MBEDTLS_ERR_SSL_INVALID_RECORD ); + if (len < rec->data_offset + rec->data_len) { + MBEDTLS_SSL_DEBUG_MSG(1, + ( + "Datagram of length %u too small to contain record of advertised length %u.", + (unsigned) len, + (unsigned) (rec->data_offset + rec->data_len))); + return MBEDTLS_ERR_SSL_INVALID_RECORD; } /* Records from other, non-matching epochs are silently discarded. * (The case of same-port Client reconnects must be considered in * the caller). */ - if( rec_epoch != ssl->in_epoch ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "record from another epoch: " - "expected %u, received %lu", - ssl->in_epoch, (unsigned long) rec_epoch ) ); + if (rec_epoch != ssl->in_epoch) { + MBEDTLS_SSL_DEBUG_MSG(1, ("record from another epoch: " + "expected %u, received %lu", + ssl->in_epoch, (unsigned long) rec_epoch)); /* Records from the next epoch are considered for buffering * (concretely: early Finished messages). */ - if( rec_epoch == (unsigned) ssl->in_epoch + 1 ) - { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "Consider record for buffering" ) ); - return( MBEDTLS_ERR_SSL_EARLY_MESSAGE ); + if (rec_epoch == (unsigned) ssl->in_epoch + 1) { + MBEDTLS_SSL_DEBUG_MSG(2, ("Consider record for buffering")); + return MBEDTLS_ERR_SSL_EARLY_MESSAGE; } - return( MBEDTLS_ERR_SSL_UNEXPECTED_RECORD ); + return MBEDTLS_ERR_SSL_UNEXPECTED_RECORD; } #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) /* For records from the correct epoch, check whether their * sequence number has been seen before. */ - else if( mbedtls_ssl_dtls_record_replay_check( (mbedtls_ssl_context *) ssl, - &rec->ctr[0] ) != 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "replayed record" ) ); - return( MBEDTLS_ERR_SSL_UNEXPECTED_RECORD ); + else if (mbedtls_ssl_dtls_record_replay_check((mbedtls_ssl_context *) ssl, + &rec->ctr[0]) != 0) { + MBEDTLS_SSL_DEBUG_MSG(1, ("replayed record")); + return MBEDTLS_ERR_SSL_UNEXPECTED_RECORD; } #endif } #endif /* MBEDTLS_SSL_PROTO_DTLS */ - return( 0 ); + return 0; } #if defined(MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE) && defined(MBEDTLS_SSL_SRV_C) MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_check_client_reconnect( mbedtls_ssl_context *ssl ) +static int ssl_check_client_reconnect(mbedtls_ssl_context *ssl) { - unsigned int rec_epoch = ( ssl->in_ctr[0] << 8 ) | ssl->in_ctr[1]; + unsigned int rec_epoch = (ssl->in_ctr[0] << 8) | ssl->in_ctr[1]; /* * Check for an epoch 0 ClientHello. We can't use in_msg here to @@ -3750,19 +3619,18 @@ static int ssl_check_client_reconnect( mbedtls_ssl_context *ssl ) * have an active transform (possibly iv_len != 0), so use the * fact that the record header len is 13 instead. */ - if( rec_epoch == 0 && + if (rec_epoch == 0 && ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER && ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER && ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE && ssl->in_left > 13 && - ssl->in_buf[13] == MBEDTLS_SSL_HS_CLIENT_HELLO ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "possible client reconnect " - "from the same port" ) ); - return( ssl_handle_possible_reconnect( ssl ) ); + ssl->in_buf[13] == MBEDTLS_SSL_HS_CLIENT_HELLO) { + MBEDTLS_SSL_DEBUG_MSG(1, ("possible client reconnect " + "from the same port")); + return ssl_handle_possible_reconnect(ssl); } - return( 0 ); + return 0; } #endif /* MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE && MBEDTLS_SSL_SRV_C */ @@ -3770,60 +3638,55 @@ static int ssl_check_client_reconnect( mbedtls_ssl_context *ssl ) * If applicable, decrypt record content */ MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_prepare_record_content( mbedtls_ssl_context *ssl, - mbedtls_record *rec ) +static int ssl_prepare_record_content(mbedtls_ssl_context *ssl, + mbedtls_record *rec) { int ret, done = 0; - MBEDTLS_SSL_DEBUG_BUF( 4, "input record from network", - rec->buf, rec->buf_len ); + MBEDTLS_SSL_DEBUG_BUF(4, "input record from network", + rec->buf, rec->buf_len); #if defined(MBEDTLS_SSL_HW_RECORD_ACCEL) - if( mbedtls_ssl_hw_record_read != NULL ) - { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "going for mbedtls_ssl_hw_record_read()" ) ); + if (mbedtls_ssl_hw_record_read != NULL) { + MBEDTLS_SSL_DEBUG_MSG(2, ("going for mbedtls_ssl_hw_record_read()")); - ret = mbedtls_ssl_hw_record_read( ssl ); - if( ret != 0 && ret != MBEDTLS_ERR_SSL_HW_ACCEL_FALLTHROUGH ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_hw_record_read", ret ); - return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); + ret = mbedtls_ssl_hw_record_read(ssl); + if (ret != 0 && ret != MBEDTLS_ERR_SSL_HW_ACCEL_FALLTHROUGH) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_hw_record_read", ret); + return MBEDTLS_ERR_SSL_HW_ACCEL_FAILED; } - if( ret == 0 ) + if (ret == 0) { done = 1; + } } #endif /* MBEDTLS_SSL_HW_RECORD_ACCEL */ - if( !done && ssl->transform_in != NULL ) - { + if (!done && ssl->transform_in != NULL) { unsigned char const old_msg_type = rec->type; - if( ( ret = mbedtls_ssl_decrypt_buf( ssl, ssl->transform_in, - rec ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "ssl_decrypt_buf", ret ); + if ((ret = mbedtls_ssl_decrypt_buf(ssl, ssl->transform_in, + rec)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "ssl_decrypt_buf", ret); #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) - if( ret == MBEDTLS_ERR_SSL_UNEXPECTED_CID && + if (ret == MBEDTLS_ERR_SSL_UNEXPECTED_CID && ssl->conf->ignore_unexpected_cid - == MBEDTLS_SSL_UNEXPECTED_CID_IGNORE ) - { - MBEDTLS_SSL_DEBUG_MSG( 3, ( "ignoring unexpected CID" ) ); + == MBEDTLS_SSL_UNEXPECTED_CID_IGNORE) { + MBEDTLS_SSL_DEBUG_MSG(3, ("ignoring unexpected CID")); ret = MBEDTLS_ERR_SSL_CONTINUE_PROCESSING; } #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ - return( ret ); + return ret; } - if( old_msg_type != rec->type ) - { - MBEDTLS_SSL_DEBUG_MSG( 4, ( "record type after decrypt (before %d): %d", - old_msg_type, rec->type ) ); + if (old_msg_type != rec->type) { + MBEDTLS_SSL_DEBUG_MSG(4, ("record type after decrypt (before %d): %d", + old_msg_type, rec->type)); } - MBEDTLS_SSL_DEBUG_BUF( 4, "input payload after decrypt", - rec->buf + rec->data_offset, rec->data_len ); + MBEDTLS_SSL_DEBUG_BUF(4, "input payload after decrypt", + rec->buf + rec->data_offset, rec->data_len); #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) /* We have already checked the record content type @@ -3833,22 +3696,19 @@ static int ssl_prepare_record_content( mbedtls_ssl_context *ssl, * Since with the use of CIDs, the record content type * might change during decryption, re-check the record * content type, but treat a failure as fatal this time. */ - if( ssl_check_record_type( rec->type ) ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "unknown record type" ) ); - return( MBEDTLS_ERR_SSL_INVALID_RECORD ); + if (ssl_check_record_type(rec->type)) { + MBEDTLS_SSL_DEBUG_MSG(1, ("unknown record type")); + return MBEDTLS_ERR_SSL_INVALID_RECORD; } #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ - if( rec->data_len == 0 ) - { + if (rec->data_len == 0) { #if defined(MBEDTLS_SSL_PROTO_TLS1_2) - if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 - && rec->type != MBEDTLS_SSL_MSG_APPLICATION_DATA ) - { + if (ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 + && rec->type != MBEDTLS_SSL_MSG_APPLICATION_DATA) { /* TLS v1.2 explicitly disallows zero-length messages which are not application data */ - MBEDTLS_SSL_DEBUG_MSG( 1, ( "invalid zero-length message type: %d", ssl->in_msgtype ) ); - return( MBEDTLS_ERR_SSL_INVALID_RECORD ); + MBEDTLS_SSL_DEBUG_MSG(1, ("invalid zero-length message type: %d", ssl->in_msgtype)); + return MBEDTLS_ERR_SSL_INVALID_RECORD; } #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ @@ -3858,58 +3718,54 @@ static int ssl_prepare_record_content( mbedtls_ssl_context *ssl, * Three or more empty messages may be a DoS attack * (excessive CPU consumption). */ - if( ssl->nb_zero > 3 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "received four consecutive empty " - "messages, possible DoS attack" ) ); + if (ssl->nb_zero > 3) { + MBEDTLS_SSL_DEBUG_MSG(1, ("received four consecutive empty " + "messages, possible DoS attack")); /* Treat the records as if they were not properly authenticated, * thereby failing the connection if we see more than allowed * by the configured bad MAC threshold. */ - return( MBEDTLS_ERR_SSL_INVALID_MAC ); + return MBEDTLS_ERR_SSL_INVALID_MAC; } - } - else + } else { ssl->nb_zero = 0; + } #if defined(MBEDTLS_SSL_PROTO_DTLS) - if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) - { + if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { ; /* in_ctr read from peer, not maintained internally */ - } - else + } else #endif { unsigned i; - for( i = 8; i > mbedtls_ssl_ep_len( ssl ); i-- ) - if( ++ssl->in_ctr[i - 1] != 0 ) + for (i = 8; i > mbedtls_ssl_ep_len(ssl); i--) { + if (++ssl->in_ctr[i - 1] != 0) { break; + } + } /* The loop goes to its end iff the counter is wrapping */ - if( i == mbedtls_ssl_ep_len( ssl ) ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "incoming message counter would wrap" ) ); - return( MBEDTLS_ERR_SSL_COUNTER_WRAPPING ); + if (i == mbedtls_ssl_ep_len(ssl)) { + MBEDTLS_SSL_DEBUG_MSG(1, ("incoming message counter would wrap")); + return MBEDTLS_ERR_SSL_COUNTER_WRAPPING; } } } #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) - if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) - { - mbedtls_ssl_dtls_replay_update( ssl ); + if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { + mbedtls_ssl_dtls_replay_update(ssl); } #endif /* Check actual (decrypted) record content length against * configured maximum. */ - if( rec->data_len > MBEDTLS_SSL_IN_CONTENT_LEN ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad message length" ) ); - return( MBEDTLS_ERR_SSL_INVALID_RECORD ); + if (rec->data_len > MBEDTLS_SSL_IN_CONTENT_LEN) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad message length")); + return MBEDTLS_ERR_SSL_INVALID_RECORD; } - return( 0 ); + return 0; } /* @@ -3922,131 +3778,125 @@ static int ssl_prepare_record_content( mbedtls_ssl_context *ssl, /* Helper functions for mbedtls_ssl_read_record(). */ MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_consume_current_message( mbedtls_ssl_context *ssl ); +static int ssl_consume_current_message(mbedtls_ssl_context *ssl); MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_get_next_record( mbedtls_ssl_context *ssl ); +static int ssl_get_next_record(mbedtls_ssl_context *ssl); MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_record_is_in_progress( mbedtls_ssl_context *ssl ); +static int ssl_record_is_in_progress(mbedtls_ssl_context *ssl); -int mbedtls_ssl_read_record( mbedtls_ssl_context *ssl, - unsigned update_hs_digest ) +int mbedtls_ssl_read_record(mbedtls_ssl_context *ssl, + unsigned update_hs_digest) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> read record" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("=> read record")); - if( ssl->keep_current_message == 0 ) - { + if (ssl->keep_current_message == 0) { do { - ret = ssl_consume_current_message( ssl ); - if( ret != 0 ) - return( ret ); + ret = ssl_consume_current_message(ssl); + if (ret != 0) { + return ret; + } - if( ssl_record_is_in_progress( ssl ) == 0 ) - { + if (ssl_record_is_in_progress(ssl) == 0) { int dtls_have_buffered = 0; #if defined(MBEDTLS_SSL_PROTO_DTLS) /* We only check for buffered messages if the * current datagram is fully consumed. */ - if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && - ssl_next_record_is_in_datagram( ssl ) == 0 ) - { - if( ssl_load_buffered_message( ssl ) == 0 ) + if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && + ssl_next_record_is_in_datagram(ssl) == 0) { + if (ssl_load_buffered_message(ssl) == 0) { dtls_have_buffered = 1; + } } #endif /* MBEDTLS_SSL_PROTO_DTLS */ - if( dtls_have_buffered == 0 ) - { - ret = ssl_get_next_record( ssl ); - if( ret == MBEDTLS_ERR_SSL_CONTINUE_PROCESSING ) + if (dtls_have_buffered == 0) { + ret = ssl_get_next_record(ssl); + if (ret == MBEDTLS_ERR_SSL_CONTINUE_PROCESSING) { continue; + } - if( ret != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, ( "ssl_get_next_record" ), ret ); - return( ret ); + if (ret != 0) { + MBEDTLS_SSL_DEBUG_RET(1, ("ssl_get_next_record"), ret); + return ret; } } } - ret = mbedtls_ssl_handle_message_type( ssl ); + ret = mbedtls_ssl_handle_message_type(ssl); #if defined(MBEDTLS_SSL_PROTO_DTLS) - if( ret == MBEDTLS_ERR_SSL_EARLY_MESSAGE ) - { + if (ret == MBEDTLS_ERR_SSL_EARLY_MESSAGE) { /* Buffer future message */ - ret = ssl_buffer_message( ssl ); - if( ret != 0 ) - return( ret ); + ret = ssl_buffer_message(ssl); + if (ret != 0) { + return ret; + } ret = MBEDTLS_ERR_SSL_CONTINUE_PROCESSING; } #endif /* MBEDTLS_SSL_PROTO_DTLS */ - } while( MBEDTLS_ERR_SSL_NON_FATAL == ret || - MBEDTLS_ERR_SSL_CONTINUE_PROCESSING == ret ); + } while (MBEDTLS_ERR_SSL_NON_FATAL == ret || + MBEDTLS_ERR_SSL_CONTINUE_PROCESSING == ret); - if( 0 != ret ) - { - MBEDTLS_SSL_DEBUG_RET( 1, ( "mbedtls_ssl_handle_message_type" ), ret ); - return( ret ); + if (0 != ret) { + MBEDTLS_SSL_DEBUG_RET(1, ("mbedtls_ssl_handle_message_type"), ret); + return ret; } - if( ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE && - update_hs_digest == 1 ) - { - mbedtls_ssl_update_handshake_status( ssl ); + if (ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE && + update_hs_digest == 1) { + mbedtls_ssl_update_handshake_status(ssl); } - } - else - { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "reuse previously read message" ) ); + } else { + MBEDTLS_SSL_DEBUG_MSG(2, ("reuse previously read message")); ssl->keep_current_message = 0; } - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= read record" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("<= read record")); - return( 0 ); + return 0; } #if defined(MBEDTLS_SSL_PROTO_DTLS) MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_next_record_is_in_datagram( mbedtls_ssl_context *ssl ) +static int ssl_next_record_is_in_datagram(mbedtls_ssl_context *ssl) { - if( ssl->in_left > ssl->next_record_offset ) - return( 1 ); + if (ssl->in_left > ssl->next_record_offset) { + return 1; + } - return( 0 ); + return 0; } MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_load_buffered_message( mbedtls_ssl_context *ssl ) +static int ssl_load_buffered_message(mbedtls_ssl_context *ssl) { mbedtls_ssl_handshake_params * const hs = ssl->handshake; - mbedtls_ssl_hs_buffer * hs_buf; + mbedtls_ssl_hs_buffer *hs_buf; int ret = 0; - if( hs == NULL ) - return( -1 ); + if (hs == NULL) { + return -1; + } - MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> ssl_load_buffered_message" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("=> ssl_load_buffered_message")); - if( ssl->state == MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC || - ssl->state == MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC ) - { + if (ssl->state == MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC || + ssl->state == MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC) { /* Check if we have seen a ChangeCipherSpec before. * If yes, synthesize a CCS record. */ - if( !hs->buffering.seen_ccs ) - { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "CCS not seen in the current flight" ) ); + if (!hs->buffering.seen_ccs) { + MBEDTLS_SSL_DEBUG_MSG(2, ("CCS not seen in the current flight")); ret = -1; goto exit; } - MBEDTLS_SSL_DEBUG_MSG( 2, ( "Injecting buffered CCS message" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("Injecting buffered CCS message")); ssl->in_msgtype = MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC; ssl->in_msglen = 1; ssl->in_msg[0] = 1; @@ -4063,14 +3913,12 @@ static int ssl_load_buffered_message( mbedtls_ssl_context *ssl ) /* Debug only */ { unsigned offset; - for( offset = 1; offset < MBEDTLS_SSL_MAX_BUFFERED_HS; offset++ ) - { + for (offset = 1; offset < MBEDTLS_SSL_MAX_BUFFERED_HS; offset++) { hs_buf = &hs->buffering.hs[offset]; - if( hs_buf->is_valid == 1 ) - { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "Future message with sequence number %u %s buffered.", - hs->in_msg_seq + offset, - hs_buf->is_complete ? "fully" : "partially" ) ); + if (hs_buf->is_valid == 1) { + MBEDTLS_SSL_DEBUG_MSG(2, ("Future message with sequence number %u %s buffered.", + hs->in_msg_seq + offset, + hs_buf->is_complete ? "fully" : "partially")); } } } @@ -4079,105 +3927,100 @@ static int ssl_load_buffered_message( mbedtls_ssl_context *ssl ) /* Check if we have buffered and/or fully reassembled the * next handshake message. */ hs_buf = &hs->buffering.hs[0]; - if( ( hs_buf->is_valid == 1 ) && ( hs_buf->is_complete == 1 ) ) - { + if ((hs_buf->is_valid == 1) && (hs_buf->is_complete == 1)) { /* Synthesize a record containing the buffered HS message. */ - size_t msg_len = ( hs_buf->data[1] << 16 ) | - ( hs_buf->data[2] << 8 ) | - hs_buf->data[3]; + size_t msg_len = (hs_buf->data[1] << 16) | + (hs_buf->data[2] << 8) | + hs_buf->data[3]; /* Double-check that we haven't accidentally buffered * a message that doesn't fit into the input buffer. */ - if( msg_len + 12 > MBEDTLS_SSL_IN_CONTENT_LEN ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + if (msg_len + 12 > MBEDTLS_SSL_IN_CONTENT_LEN) { + MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); + return MBEDTLS_ERR_SSL_INTERNAL_ERROR; } - MBEDTLS_SSL_DEBUG_MSG( 2, ( "Next handshake message has been buffered - load" ) ); - MBEDTLS_SSL_DEBUG_BUF( 3, "Buffered handshake message (incl. header)", - hs_buf->data, msg_len + 12 ); + MBEDTLS_SSL_DEBUG_MSG(2, ("Next handshake message has been buffered - load")); + MBEDTLS_SSL_DEBUG_BUF(3, "Buffered handshake message (incl. header)", + hs_buf->data, msg_len + 12); ssl->in_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE; ssl->in_hslen = msg_len + 12; ssl->in_msglen = msg_len + 12; - memcpy( ssl->in_msg, hs_buf->data, ssl->in_hslen ); + memcpy(ssl->in_msg, hs_buf->data, ssl->in_hslen); ret = 0; goto exit; - } - else - { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "Next handshake message %u not or only partially bufffered", - hs->in_msg_seq ) ); + } else { + MBEDTLS_SSL_DEBUG_MSG(2, ("Next handshake message %u not or only partially bufffered", + hs->in_msg_seq)); } ret = -1; exit: - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= ssl_load_buffered_message" ) ); - return( ret ); + MBEDTLS_SSL_DEBUG_MSG(2, ("<= ssl_load_buffered_message")); + return ret; } MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_buffer_make_space( mbedtls_ssl_context *ssl, - size_t desired ) +static int ssl_buffer_make_space(mbedtls_ssl_context *ssl, + size_t desired) { int offset; mbedtls_ssl_handshake_params * const hs = ssl->handshake; - MBEDTLS_SSL_DEBUG_MSG( 2, ( "Attempt to free buffered messages to have %u bytes available", - (unsigned) desired ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("Attempt to free buffered messages to have %u bytes available", + (unsigned) desired)); /* Get rid of future records epoch first, if such exist. */ - ssl_free_buffered_record( ssl ); + ssl_free_buffered_record(ssl); /* Check if we have enough space available now. */ - if( desired <= ( MBEDTLS_SSL_DTLS_MAX_BUFFERING - - hs->buffering.total_bytes_buffered ) ) - { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "Enough space available after freeing future epoch record" ) ); - return( 0 ); + if (desired <= (MBEDTLS_SSL_DTLS_MAX_BUFFERING - + hs->buffering.total_bytes_buffered)) { + MBEDTLS_SSL_DEBUG_MSG(2, ("Enough space available after freeing future epoch record")); + return 0; } /* We don't have enough space to buffer the next expected handshake * message. Remove buffers used for future messages to gain space, * starting with the most distant one. */ - for( offset = MBEDTLS_SSL_MAX_BUFFERED_HS - 1; - offset >= 0; offset-- ) - { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "Free buffering slot %d to make space for reassembly of next handshake message", - offset ) ); + for (offset = MBEDTLS_SSL_MAX_BUFFERED_HS - 1; + offset >= 0; offset--) { + MBEDTLS_SSL_DEBUG_MSG(2, + ( + "Free buffering slot %d to make space for reassembly of next handshake message", + offset)); - ssl_buffering_free_slot( ssl, (uint8_t) offset ); + ssl_buffering_free_slot(ssl, (uint8_t) offset); /* Check if we have enough space available now. */ - if( desired <= ( MBEDTLS_SSL_DTLS_MAX_BUFFERING - - hs->buffering.total_bytes_buffered ) ) - { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "Enough space available after freeing buffered HS messages" ) ); - return( 0 ); + if (desired <= (MBEDTLS_SSL_DTLS_MAX_BUFFERING - + hs->buffering.total_bytes_buffered)) { + MBEDTLS_SSL_DEBUG_MSG(2, ("Enough space available after freeing buffered HS messages")); + return 0; } } - return( -1 ); + return -1; } MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_buffer_message( mbedtls_ssl_context *ssl ) +static int ssl_buffer_message(mbedtls_ssl_context *ssl) { int ret = 0; mbedtls_ssl_handshake_params * const hs = ssl->handshake; - if( hs == NULL ) - return( 0 ); + if (hs == NULL) { + return 0; + } - MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> ssl_buffer_message" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("=> ssl_buffer_message")); - switch( ssl->in_msgtype ) - { + switch (ssl->in_msgtype) { case MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC: - MBEDTLS_SSL_DEBUG_MSG( 2, ( "Remember CCS message" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("Remember CCS message")); hs->buffering.seen_ccs = 1; break; @@ -4185,113 +4028,115 @@ static int ssl_buffer_message( mbedtls_ssl_context *ssl ) case MBEDTLS_SSL_MSG_HANDSHAKE: { unsigned recv_msg_seq_offset; - unsigned recv_msg_seq = ( ssl->in_msg[4] << 8 ) | ssl->in_msg[5]; + unsigned recv_msg_seq = (ssl->in_msg[4] << 8) | ssl->in_msg[5]; mbedtls_ssl_hs_buffer *hs_buf; size_t msg_len = ssl->in_hslen - 12; /* We should never receive an old handshake * message - double-check nonetheless. */ - if( recv_msg_seq < ssl->handshake->in_msg_seq ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + if (recv_msg_seq < ssl->handshake->in_msg_seq) { + MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); + return MBEDTLS_ERR_SSL_INTERNAL_ERROR; } recv_msg_seq_offset = recv_msg_seq - ssl->handshake->in_msg_seq; - if( recv_msg_seq_offset >= MBEDTLS_SSL_MAX_BUFFERED_HS ) - { + if (recv_msg_seq_offset >= MBEDTLS_SSL_MAX_BUFFERED_HS) { /* Silently ignore -- message too far in the future */ - MBEDTLS_SSL_DEBUG_MSG( 2, - ( "Ignore future HS message with sequence number %u, " - "buffering window %u - %u", - recv_msg_seq, ssl->handshake->in_msg_seq, - ssl->handshake->in_msg_seq + MBEDTLS_SSL_MAX_BUFFERED_HS - 1 ) ); + MBEDTLS_SSL_DEBUG_MSG(2, + ("Ignore future HS message with sequence number %u, " + "buffering window %u - %u", + recv_msg_seq, ssl->handshake->in_msg_seq, + ssl->handshake->in_msg_seq + MBEDTLS_SSL_MAX_BUFFERED_HS - + 1)); goto exit; } - MBEDTLS_SSL_DEBUG_MSG( 2, ( "Buffering HS message with sequence number %u, offset %u ", - recv_msg_seq, recv_msg_seq_offset ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("Buffering HS message with sequence number %u, offset %u ", + recv_msg_seq, recv_msg_seq_offset)); - hs_buf = &hs->buffering.hs[ recv_msg_seq_offset ]; + hs_buf = &hs->buffering.hs[recv_msg_seq_offset]; /* Check if the buffering for this seq nr has already commenced. */ - if( !hs_buf->is_valid ) - { + if (!hs_buf->is_valid) { size_t reassembly_buf_sz; hs_buf->is_fragmented = - ( ssl_hs_is_proper_fragment( ssl ) == 1 ); + (ssl_hs_is_proper_fragment(ssl) == 1); /* We copy the message back into the input buffer * after reassembly, so check that it's not too large. * This is an implementation-specific limitation * and not one from the standard, hence it is not * checked in ssl_check_hs_header(). */ - if( msg_len + 12 > MBEDTLS_SSL_IN_CONTENT_LEN ) - { + if (msg_len + 12 > MBEDTLS_SSL_IN_CONTENT_LEN) { /* Ignore message */ goto exit; } /* Check if we have enough space to buffer the message. */ - if( hs->buffering.total_bytes_buffered > - MBEDTLS_SSL_DTLS_MAX_BUFFERING ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + if (hs->buffering.total_bytes_buffered > + MBEDTLS_SSL_DTLS_MAX_BUFFERING) { + MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); + return MBEDTLS_ERR_SSL_INTERNAL_ERROR; } - reassembly_buf_sz = ssl_get_reassembly_buffer_size( msg_len, - hs_buf->is_fragmented ); + reassembly_buf_sz = ssl_get_reassembly_buffer_size(msg_len, + hs_buf->is_fragmented); - if( reassembly_buf_sz > ( MBEDTLS_SSL_DTLS_MAX_BUFFERING - - hs->buffering.total_bytes_buffered ) ) - { - if( recv_msg_seq_offset > 0 ) - { + if (reassembly_buf_sz > (MBEDTLS_SSL_DTLS_MAX_BUFFERING - + hs->buffering.total_bytes_buffered)) { + if (recv_msg_seq_offset > 0) { /* If we can't buffer a future message because * of space limitations -- ignore. */ - MBEDTLS_SSL_DEBUG_MSG( 2, ( "Buffering of future message of size %" MBEDTLS_PRINTF_SIZET - " would exceed the compile-time limit %" MBEDTLS_PRINTF_SIZET - " (already %" MBEDTLS_PRINTF_SIZET - " bytes buffered) -- ignore\n", - msg_len, (size_t) MBEDTLS_SSL_DTLS_MAX_BUFFERING, - hs->buffering.total_bytes_buffered ) ); + MBEDTLS_SSL_DEBUG_MSG(2, + ("Buffering of future message of size %" + MBEDTLS_PRINTF_SIZET + " would exceed the compile-time limit %" + MBEDTLS_PRINTF_SIZET + " (already %" MBEDTLS_PRINTF_SIZET + " bytes buffered) -- ignore\n", + msg_len, (size_t) MBEDTLS_SSL_DTLS_MAX_BUFFERING, + hs->buffering.total_bytes_buffered)); goto exit; - } - else - { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "Buffering of future message of size %" MBEDTLS_PRINTF_SIZET - " would exceed the compile-time limit %" MBEDTLS_PRINTF_SIZET - " (already %" MBEDTLS_PRINTF_SIZET - " bytes buffered) -- attempt to make space by freeing buffered future messages\n", - msg_len, (size_t) MBEDTLS_SSL_DTLS_MAX_BUFFERING, - hs->buffering.total_bytes_buffered ) ); + } else { + MBEDTLS_SSL_DEBUG_MSG(2, + ("Buffering of future message of size %" + MBEDTLS_PRINTF_SIZET + " would exceed the compile-time limit %" + MBEDTLS_PRINTF_SIZET + " (already %" MBEDTLS_PRINTF_SIZET + " bytes buffered) -- attempt to make space by freeing buffered future messages\n", + msg_len, (size_t) MBEDTLS_SSL_DTLS_MAX_BUFFERING, + hs->buffering.total_bytes_buffered)); } - if( ssl_buffer_make_space( ssl, reassembly_buf_sz ) != 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "Reassembly of next message of size %" MBEDTLS_PRINTF_SIZET - " (%" MBEDTLS_PRINTF_SIZET " with bitmap) would exceed" - " the compile-time limit %" MBEDTLS_PRINTF_SIZET - " (already %" MBEDTLS_PRINTF_SIZET - " bytes buffered) -- fail\n", - msg_len, - reassembly_buf_sz, - (size_t) MBEDTLS_SSL_DTLS_MAX_BUFFERING, - hs->buffering.total_bytes_buffered ) ); + if (ssl_buffer_make_space(ssl, reassembly_buf_sz) != 0) { + MBEDTLS_SSL_DEBUG_MSG(2, + ("Reassembly of next message of size %" + MBEDTLS_PRINTF_SIZET + " (%" MBEDTLS_PRINTF_SIZET + " with bitmap) would exceed" + " the compile-time limit %" + MBEDTLS_PRINTF_SIZET + " (already %" MBEDTLS_PRINTF_SIZET + " bytes buffered) -- fail\n", + msg_len, + reassembly_buf_sz, + (size_t) MBEDTLS_SSL_DTLS_MAX_BUFFERING, + hs->buffering.total_bytes_buffered)); ret = MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL; goto exit; } } - MBEDTLS_SSL_DEBUG_MSG( 2, ( "initialize reassembly, total length = %" MBEDTLS_PRINTF_SIZET, - msg_len ) ); + MBEDTLS_SSL_DEBUG_MSG(2, + ("initialize reassembly, total length = %" + MBEDTLS_PRINTF_SIZET, + msg_len)); - hs_buf->data = mbedtls_calloc( 1, reassembly_buf_sz ); - if( hs_buf->data == NULL ) - { + hs_buf->data = mbedtls_calloc(1, reassembly_buf_sz); + if (hs_buf->data == NULL) { ret = MBEDTLS_ERR_SSL_ALLOC_FAILED; goto exit; } @@ -4299,27 +4144,23 @@ static int ssl_buffer_message( mbedtls_ssl_context *ssl ) /* Prepare final header: copy msg_type, length and message_seq, * then add standardised fragment_offset and fragment_length */ - memcpy( hs_buf->data, ssl->in_msg, 6 ); - memset( hs_buf->data + 6, 0, 3 ); - memcpy( hs_buf->data + 9, hs_buf->data + 1, 3 ); + memcpy(hs_buf->data, ssl->in_msg, 6); + memset(hs_buf->data + 6, 0, 3); + memcpy(hs_buf->data + 9, hs_buf->data + 1, 3); hs_buf->is_valid = 1; hs->buffering.total_bytes_buffered += reassembly_buf_sz; - } - else - { + } else { /* Make sure msg_type and length are consistent */ - if( memcmp( hs_buf->data, ssl->in_msg, 4 ) != 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "Fragment header mismatch - ignore" ) ); + if (memcmp(hs_buf->data, ssl->in_msg, 4) != 0) { + MBEDTLS_SSL_DEBUG_MSG(1, ("Fragment header mismatch - ignore")); /* Ignore */ goto exit; } } - if( !hs_buf->is_complete ) - { + if (!hs_buf->is_complete) { size_t frag_len, frag_off; unsigned char * const msg = hs_buf->data + 12; @@ -4329,28 +4170,25 @@ static int ssl_buffer_message( mbedtls_ssl_context *ssl ) /* Validation of header fields already done in * mbedtls_ssl_prepare_handshake_record(). */ - frag_off = ssl_get_hs_frag_off( ssl ); - frag_len = ssl_get_hs_frag_len( ssl ); + frag_off = ssl_get_hs_frag_off(ssl); + frag_len = ssl_get_hs_frag_len(ssl); - MBEDTLS_SSL_DEBUG_MSG( 2, ( "adding fragment, offset = %" MBEDTLS_PRINTF_SIZET - ", length = %" MBEDTLS_PRINTF_SIZET, - frag_off, frag_len ) ); - memcpy( msg + frag_off, ssl->in_msg + 12, frag_len ); + MBEDTLS_SSL_DEBUG_MSG(2, ("adding fragment, offset = %" MBEDTLS_PRINTF_SIZET + ", length = %" MBEDTLS_PRINTF_SIZET, + frag_off, frag_len)); + memcpy(msg + frag_off, ssl->in_msg + 12, frag_len); - if( hs_buf->is_fragmented ) - { + if (hs_buf->is_fragmented) { unsigned char * const bitmask = msg + msg_len; - ssl_bitmask_set( bitmask, frag_off, frag_len ); - hs_buf->is_complete = ( ssl_bitmask_check( bitmask, - msg_len ) == 0 ); - } - else - { + ssl_bitmask_set(bitmask, frag_off, frag_len); + hs_buf->is_complete = (ssl_bitmask_check(bitmask, + msg_len) == 0); + } else { hs_buf->is_complete = 1; } - MBEDTLS_SSL_DEBUG_MSG( 2, ( "message %scomplete", - hs_buf->is_complete ? "" : "not yet " ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("message %scomplete", + hs_buf->is_complete ? "" : "not yet ")); } break; @@ -4363,13 +4201,13 @@ static int ssl_buffer_message( mbedtls_ssl_context *ssl ) exit: - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= ssl_buffer_message" ) ); - return( ret ); + MBEDTLS_SSL_DEBUG_MSG(2, ("<= ssl_buffer_message")); + return ret; } #endif /* MBEDTLS_SSL_PROTO_DTLS */ MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_consume_current_message( mbedtls_ssl_context *ssl ) +static int ssl_consume_current_message(mbedtls_ssl_context *ssl) { /* * Consume last content-layer message and potentially @@ -4394,15 +4232,13 @@ static int ssl_consume_current_message( mbedtls_ssl_context *ssl ) */ /* Case (1): Handshake messages */ - if( ssl->in_hslen != 0 ) - { + if (ssl->in_hslen != 0) { /* Hard assertion to be sure that no application data * is in flight, as corrupting ssl->in_msglen during * ssl->in_offt != NULL is fatal. */ - if( ssl->in_offt != NULL ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + if (ssl->in_offt != NULL) { + MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); + return MBEDTLS_ERR_SSL_INTERNAL_ERROR; } /* @@ -4426,68 +4262,64 @@ static int ssl_consume_current_message( mbedtls_ssl_context *ssl ) * bounds after handling a DTLS message with an unexpected * sequence number, see mbedtls_ssl_prepare_handshake_record. */ - if( ssl->in_hslen < ssl->in_msglen ) - { + if (ssl->in_hslen < ssl->in_msglen) { ssl->in_msglen -= ssl->in_hslen; - memmove( ssl->in_msg, ssl->in_msg + ssl->in_hslen, - ssl->in_msglen ); + memmove(ssl->in_msg, ssl->in_msg + ssl->in_hslen, + ssl->in_msglen); - MBEDTLS_SSL_DEBUG_BUF( 4, "remaining content in record", - ssl->in_msg, ssl->in_msglen ); - } - else - { + MBEDTLS_SSL_DEBUG_BUF(4, "remaining content in record", + ssl->in_msg, ssl->in_msglen); + } else { ssl->in_msglen = 0; } ssl->in_hslen = 0; } /* Case (4): Application data */ - else if( ssl->in_offt != NULL ) - { - return( 0 ); + else if (ssl->in_offt != NULL) { + return 0; } /* Everything else (CCS & Alerts) */ - else - { + else { ssl->in_msglen = 0; } - return( 0 ); + return 0; } MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_record_is_in_progress( mbedtls_ssl_context *ssl ) +static int ssl_record_is_in_progress(mbedtls_ssl_context *ssl) { - if( ssl->in_msglen > 0 ) - return( 1 ); + if (ssl->in_msglen > 0) { + return 1; + } - return( 0 ); + return 0; } #if defined(MBEDTLS_SSL_PROTO_DTLS) -static void ssl_free_buffered_record( mbedtls_ssl_context *ssl ) +static void ssl_free_buffered_record(mbedtls_ssl_context *ssl) { mbedtls_ssl_handshake_params * const hs = ssl->handshake; - if( hs == NULL ) + if (hs == NULL) { return; + } - if( hs->buffering.future_record.data != NULL ) - { + if (hs->buffering.future_record.data != NULL) { hs->buffering.total_bytes_buffered -= hs->buffering.future_record.len; - mbedtls_free( hs->buffering.future_record.data ); + mbedtls_free(hs->buffering.future_record.data); hs->buffering.future_record.data = NULL; } } MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_load_buffered_record( mbedtls_ssl_context *ssl ) +static int ssl_load_buffered_record(mbedtls_ssl_context *ssl) { mbedtls_ssl_handshake_params * const hs = ssl->handshake; - unsigned char * rec; + unsigned char *rec; size_t rec_len; unsigned rec_epoch; #if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) @@ -4495,88 +4327,92 @@ static int ssl_load_buffered_record( mbedtls_ssl_context *ssl ) #else size_t in_buf_len = MBEDTLS_SSL_IN_BUFFER_LEN; #endif - if( ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM ) - return( 0 ); + if (ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM) { + return 0; + } - if( hs == NULL ) - return( 0 ); + if (hs == NULL) { + return 0; + } rec = hs->buffering.future_record.data; rec_len = hs->buffering.future_record.len; rec_epoch = hs->buffering.future_record.epoch; - if( rec == NULL ) - return( 0 ); + if (rec == NULL) { + return 0; + } /* Only consider loading future records if the * input buffer is empty. */ - if( ssl_next_record_is_in_datagram( ssl ) == 1 ) - return( 0 ); + if (ssl_next_record_is_in_datagram(ssl) == 1) { + return 0; + } - MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> ssl_load_buffered_record" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("=> ssl_load_buffered_record")); - if( rec_epoch != ssl->in_epoch ) - { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "Buffered record not from current epoch." ) ); + if (rec_epoch != ssl->in_epoch) { + MBEDTLS_SSL_DEBUG_MSG(2, ("Buffered record not from current epoch.")); goto exit; } - MBEDTLS_SSL_DEBUG_MSG( 2, ( "Found buffered record from current epoch - load" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("Found buffered record from current epoch - load")); /* Double-check that the record is not too large */ - if( rec_len > in_buf_len - (size_t)( ssl->in_hdr - ssl->in_buf ) ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + if (rec_len > in_buf_len - (size_t) (ssl->in_hdr - ssl->in_buf)) { + MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); + return MBEDTLS_ERR_SSL_INTERNAL_ERROR; } - memcpy( ssl->in_hdr, rec, rec_len ); + memcpy(ssl->in_hdr, rec, rec_len); ssl->in_left = rec_len; ssl->next_record_offset = 0; - ssl_free_buffered_record( ssl ); + ssl_free_buffered_record(ssl); exit: - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= ssl_load_buffered_record" ) ); - return( 0 ); + MBEDTLS_SSL_DEBUG_MSG(2, ("<= ssl_load_buffered_record")); + return 0; } MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_buffer_future_record( mbedtls_ssl_context *ssl, - mbedtls_record const *rec ) +static int ssl_buffer_future_record(mbedtls_ssl_context *ssl, + mbedtls_record const *rec) { mbedtls_ssl_handshake_params * const hs = ssl->handshake; /* Don't buffer future records outside handshakes. */ - if( hs == NULL ) - return( 0 ); + if (hs == NULL) { + return 0; + } /* Only buffer handshake records (we are only interested * in Finished messages). */ - if( rec->type != MBEDTLS_SSL_MSG_HANDSHAKE ) - return( 0 ); + if (rec->type != MBEDTLS_SSL_MSG_HANDSHAKE) { + return 0; + } /* Don't buffer more than one future epoch record. */ - if( hs->buffering.future_record.data != NULL ) - return( 0 ); + if (hs->buffering.future_record.data != NULL) { + return 0; + } /* Don't buffer record if there's not enough buffering space remaining. */ - if( rec->buf_len > ( MBEDTLS_SSL_DTLS_MAX_BUFFERING - - hs->buffering.total_bytes_buffered ) ) - { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "Buffering of future epoch record of size %" MBEDTLS_PRINTF_SIZET - " would exceed the compile-time limit %" MBEDTLS_PRINTF_SIZET - " (already %" MBEDTLS_PRINTF_SIZET - " bytes buffered) -- ignore\n", - rec->buf_len, (size_t) MBEDTLS_SSL_DTLS_MAX_BUFFERING, - hs->buffering.total_bytes_buffered ) ); - return( 0 ); + if (rec->buf_len > (MBEDTLS_SSL_DTLS_MAX_BUFFERING - + hs->buffering.total_bytes_buffered)) { + MBEDTLS_SSL_DEBUG_MSG(2, ("Buffering of future epoch record of size %" MBEDTLS_PRINTF_SIZET + " would exceed the compile-time limit %" MBEDTLS_PRINTF_SIZET + " (already %" MBEDTLS_PRINTF_SIZET + " bytes buffered) -- ignore\n", + rec->buf_len, (size_t) MBEDTLS_SSL_DTLS_MAX_BUFFERING, + hs->buffering.total_bytes_buffered)); + return 0; } /* Buffer record */ - MBEDTLS_SSL_DEBUG_MSG( 2, ( "Buffer record from epoch %u", - ssl->in_epoch + 1U ) ); - MBEDTLS_SSL_DEBUG_BUF( 3, "Buffered record", rec->buf, rec->buf_len ); + MBEDTLS_SSL_DEBUG_MSG(2, ("Buffer record from epoch %u", + ssl->in_epoch + 1U)); + MBEDTLS_SSL_DEBUG_BUF(3, "Buffered record", rec->buf, rec->buf_len); /* ssl_parse_record_header() only considers records * of the next epoch as candidates for buffering. */ @@ -4584,24 +4420,23 @@ static int ssl_buffer_future_record( mbedtls_ssl_context *ssl, hs->buffering.future_record.len = rec->buf_len; hs->buffering.future_record.data = - mbedtls_calloc( 1, hs->buffering.future_record.len ); - if( hs->buffering.future_record.data == NULL ) - { + mbedtls_calloc(1, hs->buffering.future_record.len); + if (hs->buffering.future_record.data == NULL) { /* If we run out of RAM trying to buffer a * record from the next epoch, just ignore. */ - return( 0 ); + return 0; } - memcpy( hs->buffering.future_record.data, rec->buf, rec->buf_len ); + memcpy(hs->buffering.future_record.data, rec->buf, rec->buf_len); hs->buffering.total_bytes_buffered += rec->buf_len; - return( 0 ); + return 0; } #endif /* MBEDTLS_SSL_PROTO_DTLS */ MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_get_next_record( mbedtls_ssl_context *ssl ) +static int ssl_get_next_record(mbedtls_ssl_context *ssl) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_record rec; @@ -4613,44 +4448,41 @@ static int ssl_get_next_record( mbedtls_ssl_context *ssl ) * the length of the buffered record, so that * the calls to ssl_fetch_input() below will * essentially be no-ops. */ - ret = ssl_load_buffered_record( ssl ); - if( ret != 0 ) - return( ret ); + ret = ssl_load_buffered_record(ssl); + if (ret != 0) { + return ret; + } #endif /* MBEDTLS_SSL_PROTO_DTLS */ /* Ensure that we have enough space available for the default form * of TLS / DTLS record headers (5 Bytes for TLS, 13 Bytes for DTLS, * with no space for CIDs counted in). */ - ret = mbedtls_ssl_fetch_input( ssl, mbedtls_ssl_in_hdr_len( ssl ) ); - if( ret != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_fetch_input", ret ); - return( ret ); + ret = mbedtls_ssl_fetch_input(ssl, mbedtls_ssl_in_hdr_len(ssl)); + if (ret != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_fetch_input", ret); + return ret; } - ret = ssl_parse_record_header( ssl, ssl->in_hdr, ssl->in_left, &rec ); - if( ret != 0 ) - { + ret = ssl_parse_record_header(ssl, ssl->in_hdr, ssl->in_left, &rec); + if (ret != 0) { #if defined(MBEDTLS_SSL_PROTO_DTLS) - if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) - { - if( ret == MBEDTLS_ERR_SSL_EARLY_MESSAGE ) - { - ret = ssl_buffer_future_record( ssl, &rec ); - if( ret != 0 ) - return( ret ); + if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { + if (ret == MBEDTLS_ERR_SSL_EARLY_MESSAGE) { + ret = ssl_buffer_future_record(ssl, &rec); + if (ret != 0) { + return ret; + } /* Fall through to handling of unexpected records */ ret = MBEDTLS_ERR_SSL_UNEXPECTED_RECORD; } - if( ret == MBEDTLS_ERR_SSL_UNEXPECTED_RECORD ) - { + if (ret == MBEDTLS_ERR_SSL_UNEXPECTED_RECORD) { #if defined(MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE) && defined(MBEDTLS_SSL_SRV_C) /* Reset in pointers to default state for TLS/DTLS records, * assuming no CID and no offset between record content and * record plaintext. */ - mbedtls_ssl_update_in_pointers( ssl ); + mbedtls_ssl_update_in_pointers(ssl); /* Setup internal message pointers from record structure. */ ssl->in_msgtype = rec.type; @@ -4660,59 +4492,53 @@ static int ssl_get_next_record( mbedtls_ssl_context *ssl ) ssl->in_iv = ssl->in_msg = ssl->in_len + 2; ssl->in_msglen = rec.data_len; - ret = ssl_check_client_reconnect( ssl ); - MBEDTLS_SSL_DEBUG_RET( 2, "ssl_check_client_reconnect", ret ); - if( ret != 0 ) - return( ret ); + ret = ssl_check_client_reconnect(ssl); + MBEDTLS_SSL_DEBUG_RET(2, "ssl_check_client_reconnect", ret); + if (ret != 0) { + return ret; + } #endif /* Skip unexpected record (but not whole datagram) */ ssl->next_record_offset = rec.buf_len; - MBEDTLS_SSL_DEBUG_MSG( 1, ( "discarding unexpected record " - "(header)" ) ); - } - else - { + MBEDTLS_SSL_DEBUG_MSG(1, ("discarding unexpected record " + "(header)")); + } else { /* Skip invalid record and the rest of the datagram */ ssl->next_record_offset = 0; ssl->in_left = 0; - MBEDTLS_SSL_DEBUG_MSG( 1, ( "discarding invalid record " - "(header)" ) ); + MBEDTLS_SSL_DEBUG_MSG(1, ("discarding invalid record " + "(header)")); } /* Get next record */ - return( MBEDTLS_ERR_SSL_CONTINUE_PROCESSING ); - } - else + return MBEDTLS_ERR_SSL_CONTINUE_PROCESSING; + } else #endif { - return( ret ); + return ret; } } #if defined(MBEDTLS_SSL_PROTO_DTLS) - if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) - { + if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { /* Remember offset of next record within datagram. */ ssl->next_record_offset = rec.buf_len; - if( ssl->next_record_offset < ssl->in_left ) - { - MBEDTLS_SSL_DEBUG_MSG( 3, ( "more than one record within datagram" ) ); + if (ssl->next_record_offset < ssl->in_left) { + MBEDTLS_SSL_DEBUG_MSG(3, ("more than one record within datagram")); } - } - else + } else #endif { /* * Fetch record contents from underlying transport. */ - ret = mbedtls_ssl_fetch_input( ssl, rec.buf_len ); - if( ret != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_fetch_input", ret ); - return( ret ); + ret = mbedtls_ssl_fetch_input(ssl, rec.buf_len); + if (ret != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_fetch_input", ret); + return ret; } ssl->in_left = 0; @@ -4722,37 +4548,31 @@ static int ssl_get_next_record( mbedtls_ssl_context *ssl ) * Decrypt record contents. */ - if( ( ret = ssl_prepare_record_content( ssl, &rec ) ) != 0 ) - { + if ((ret = ssl_prepare_record_content(ssl, &rec)) != 0) { #if defined(MBEDTLS_SSL_PROTO_DTLS) - if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) - { + if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { /* Silently discard invalid records */ - if( ret == MBEDTLS_ERR_SSL_INVALID_MAC ) - { + if (ret == MBEDTLS_ERR_SSL_INVALID_MAC) { /* Except when waiting for Finished as a bad mac here * probably means something went wrong in the handshake * (eg wrong psk used, mitm downgrade attempt, etc.) */ - if( ssl->state == MBEDTLS_SSL_CLIENT_FINISHED || - ssl->state == MBEDTLS_SSL_SERVER_FINISHED ) - { + if (ssl->state == MBEDTLS_SSL_CLIENT_FINISHED || + ssl->state == MBEDTLS_SSL_SERVER_FINISHED) { #if defined(MBEDTLS_SSL_ALL_ALERT_MESSAGES) - if( ret == MBEDTLS_ERR_SSL_INVALID_MAC ) - { - mbedtls_ssl_send_alert_message( ssl, - MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_BAD_RECORD_MAC ); + if (ret == MBEDTLS_ERR_SSL_INVALID_MAC) { + mbedtls_ssl_send_alert_message(ssl, + MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_BAD_RECORD_MAC); } #endif - return( ret ); + return ret; } #if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT) - if( ssl->conf->badmac_limit != 0 && - ++ssl->badmac_seen >= ssl->conf->badmac_limit ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "too many records with bad MAC" ) ); - return( MBEDTLS_ERR_SSL_INVALID_MAC ); + if (ssl->conf->badmac_limit != 0 && + ++ssl->badmac_seen >= ssl->conf->badmac_limit) { + MBEDTLS_SSL_DEBUG_MSG(1, ("too many records with bad MAC")); + return MBEDTLS_ERR_SSL_INVALID_MAC; } #endif @@ -4762,25 +4582,23 @@ static int ssl_get_next_record( mbedtls_ssl_context *ssl ) ssl->next_record_offset = 0; ssl->in_left = 0; - MBEDTLS_SSL_DEBUG_MSG( 1, ( "discarding invalid record (mac)" ) ); - return( MBEDTLS_ERR_SSL_CONTINUE_PROCESSING ); + MBEDTLS_SSL_DEBUG_MSG(1, ("discarding invalid record (mac)")); + return MBEDTLS_ERR_SSL_CONTINUE_PROCESSING; } - return( ret ); - } - else + return ret; + } else #endif { /* Error out (and send alert) on invalid records */ #if defined(MBEDTLS_SSL_ALL_ALERT_MESSAGES) - if( ret == MBEDTLS_ERR_SSL_INVALID_MAC ) - { - mbedtls_ssl_send_alert_message( ssl, - MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_BAD_RECORD_MAC ); + if (ret == MBEDTLS_ERR_SSL_INVALID_MAC) { + mbedtls_ssl_send_alert_message(ssl, + MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_BAD_RECORD_MAC); } #endif - return( ret ); + return ret; } } @@ -4788,7 +4606,7 @@ static int ssl_get_next_record( mbedtls_ssl_context *ssl ) /* Reset in pointers to default state for TLS/DTLS records, * assuming no CID and no offset between record content and * record plaintext. */ - mbedtls_ssl_update_in_pointers( ssl ); + mbedtls_ssl_update_in_pointers(ssl); #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) ssl->in_len = ssl->in_cid + rec.cid_len; #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ @@ -4804,130 +4622,114 @@ static int ssl_get_next_record( mbedtls_ssl_context *ssl ) ssl->in_hdr[0] = rec.type; ssl->in_msg = rec.buf + rec.data_offset; ssl->in_msglen = rec.data_len; - MBEDTLS_PUT_UINT16_BE( rec.data_len, ssl->in_len, 0 ); + MBEDTLS_PUT_UINT16_BE(rec.data_len, ssl->in_len, 0); #if defined(MBEDTLS_ZLIB_SUPPORT) - if( ssl->transform_in != NULL && - ssl->session_in->compression == MBEDTLS_SSL_COMPRESS_DEFLATE ) - { - if( ( ret = ssl_decompress_buf( ssl ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "ssl_decompress_buf", ret ); - return( ret ); + if (ssl->transform_in != NULL && + ssl->session_in->compression == MBEDTLS_SSL_COMPRESS_DEFLATE) { + if ((ret = ssl_decompress_buf(ssl)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "ssl_decompress_buf", ret); + return ret; } /* Check actual (decompress) record content length against * configured maximum. */ - if( ssl->in_msglen > MBEDTLS_SSL_IN_CONTENT_LEN ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad message length" ) ); - return( MBEDTLS_ERR_SSL_INVALID_RECORD ); + if (ssl->in_msglen > MBEDTLS_SSL_IN_CONTENT_LEN) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad message length")); + return MBEDTLS_ERR_SSL_INVALID_RECORD; } } #endif /* MBEDTLS_ZLIB_SUPPORT */ - return( 0 ); + return 0; } -int mbedtls_ssl_handle_message_type( mbedtls_ssl_context *ssl ) +int mbedtls_ssl_handle_message_type(mbedtls_ssl_context *ssl) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; /* * Handle particular types of records */ - if( ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE ) - { - if( ( ret = mbedtls_ssl_prepare_handshake_record( ssl ) ) != 0 ) - { - return( ret ); + if (ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE) { + if ((ret = mbedtls_ssl_prepare_handshake_record(ssl)) != 0) { + return ret; } } - if( ssl->in_msgtype == MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC ) - { - if( ssl->in_msglen != 1 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "invalid CCS message, len: %" MBEDTLS_PRINTF_SIZET, - ssl->in_msglen ) ); - return( MBEDTLS_ERR_SSL_INVALID_RECORD ); + if (ssl->in_msgtype == MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC) { + if (ssl->in_msglen != 1) { + MBEDTLS_SSL_DEBUG_MSG(1, ("invalid CCS message, len: %" MBEDTLS_PRINTF_SIZET, + ssl->in_msglen)); + return MBEDTLS_ERR_SSL_INVALID_RECORD; } - if( ssl->in_msg[0] != 1 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "invalid CCS message, content: %02x", - ssl->in_msg[0] ) ); - return( MBEDTLS_ERR_SSL_INVALID_RECORD ); + if (ssl->in_msg[0] != 1) { + MBEDTLS_SSL_DEBUG_MSG(1, ("invalid CCS message, content: %02x", + ssl->in_msg[0])); + return MBEDTLS_ERR_SSL_INVALID_RECORD; } #if defined(MBEDTLS_SSL_PROTO_DTLS) - if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && + if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && ssl->state != MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC && - ssl->state != MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC ) - { - if( ssl->handshake == NULL ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "dropping ChangeCipherSpec outside handshake" ) ); - return( MBEDTLS_ERR_SSL_UNEXPECTED_RECORD ); + ssl->state != MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC) { + if (ssl->handshake == NULL) { + MBEDTLS_SSL_DEBUG_MSG(1, ("dropping ChangeCipherSpec outside handshake")); + return MBEDTLS_ERR_SSL_UNEXPECTED_RECORD; } - MBEDTLS_SSL_DEBUG_MSG( 1, ( "received out-of-order ChangeCipherSpec - remember" ) ); - return( MBEDTLS_ERR_SSL_EARLY_MESSAGE ); + MBEDTLS_SSL_DEBUG_MSG(1, ("received out-of-order ChangeCipherSpec - remember")); + return MBEDTLS_ERR_SSL_EARLY_MESSAGE; } #endif } - if( ssl->in_msgtype == MBEDTLS_SSL_MSG_ALERT ) - { - if( ssl->in_msglen != 2 ) - { + if (ssl->in_msgtype == MBEDTLS_SSL_MSG_ALERT) { + if (ssl->in_msglen != 2) { /* Note: Standard allows for more than one 2 byte alert to be packed in a single message, but Mbed TLS doesn't currently support this. */ - MBEDTLS_SSL_DEBUG_MSG( 1, ( "invalid alert message, len: %" MBEDTLS_PRINTF_SIZET, - ssl->in_msglen ) ); - return( MBEDTLS_ERR_SSL_INVALID_RECORD ); + MBEDTLS_SSL_DEBUG_MSG(1, ("invalid alert message, len: %" MBEDTLS_PRINTF_SIZET, + ssl->in_msglen)); + return MBEDTLS_ERR_SSL_INVALID_RECORD; } - MBEDTLS_SSL_DEBUG_MSG( 2, ( "got an alert message, type: [%u:%u]", - ssl->in_msg[0], ssl->in_msg[1] ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("got an alert message, type: [%u:%u]", + ssl->in_msg[0], ssl->in_msg[1])); /* * Ignore non-fatal alerts, except close_notify and no_renegotiation */ - if( ssl->in_msg[0] == MBEDTLS_SSL_ALERT_LEVEL_FATAL ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "is a fatal alert message (msg %d)", - ssl->in_msg[1] ) ); - return( MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE ); + if (ssl->in_msg[0] == MBEDTLS_SSL_ALERT_LEVEL_FATAL) { + MBEDTLS_SSL_DEBUG_MSG(1, ("is a fatal alert message (msg %d)", + ssl->in_msg[1])); + return MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE; } - if( ssl->in_msg[0] == MBEDTLS_SSL_ALERT_LEVEL_WARNING && - ssl->in_msg[1] == MBEDTLS_SSL_ALERT_MSG_CLOSE_NOTIFY ) - { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "is a close notify message" ) ); - return( MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY ); + if (ssl->in_msg[0] == MBEDTLS_SSL_ALERT_LEVEL_WARNING && + ssl->in_msg[1] == MBEDTLS_SSL_ALERT_MSG_CLOSE_NOTIFY) { + MBEDTLS_SSL_DEBUG_MSG(2, ("is a close notify message")); + return MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY; } #if defined(MBEDTLS_SSL_RENEGOTIATION_ENABLED) - if( ssl->in_msg[0] == MBEDTLS_SSL_ALERT_LEVEL_WARNING && - ssl->in_msg[1] == MBEDTLS_SSL_ALERT_MSG_NO_RENEGOTIATION ) - { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "is a SSLv3 no renegotiation alert" ) ); + if (ssl->in_msg[0] == MBEDTLS_SSL_ALERT_LEVEL_WARNING && + ssl->in_msg[1] == MBEDTLS_SSL_ALERT_MSG_NO_RENEGOTIATION) { + MBEDTLS_SSL_DEBUG_MSG(2, ("is a SSLv3 no renegotiation alert")); /* Will be handled when trying to parse ServerHello */ - return( 0 ); + return 0; } #endif #if defined(MBEDTLS_SSL_PROTO_SSL3) && defined(MBEDTLS_SSL_SRV_C) - if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 && + if (ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 && ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER && ssl->in_msg[0] == MBEDTLS_SSL_ALERT_LEVEL_WARNING && - ssl->in_msg[1] == MBEDTLS_SSL_ALERT_MSG_NO_CERT ) - { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "is a SSLv3 no_cert" ) ); + ssl->in_msg[1] == MBEDTLS_SSL_ALERT_MSG_NO_CERT) { + MBEDTLS_SSL_DEBUG_MSG(2, ("is a SSLv3 no_cert")); /* Will be handled in mbedtls_ssl_parse_certificate() */ - return( 0 ); + return 0; } #endif /* MBEDTLS_SSL_PROTO_SSL3 && MBEDTLS_SSL_SRV_C */ @@ -4936,75 +4738,73 @@ int mbedtls_ssl_handle_message_type( mbedtls_ssl_context *ssl ) } #if defined(MBEDTLS_SSL_PROTO_DTLS) - if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) - { + if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { /* Drop unexpected ApplicationData records, * except at the beginning of renegotiations */ - if( ssl->in_msgtype == MBEDTLS_SSL_MSG_APPLICATION_DATA && + if (ssl->in_msgtype == MBEDTLS_SSL_MSG_APPLICATION_DATA && ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER #if defined(MBEDTLS_SSL_RENEGOTIATION) - && ! ( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS && - ssl->state == MBEDTLS_SSL_SERVER_HELLO ) + && !(ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS && + ssl->state == MBEDTLS_SSL_SERVER_HELLO) #endif - ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "dropping unexpected ApplicationData" ) ); - return( MBEDTLS_ERR_SSL_NON_FATAL ); + ) { + MBEDTLS_SSL_DEBUG_MSG(1, ("dropping unexpected ApplicationData")); + return MBEDTLS_ERR_SSL_NON_FATAL; } - if( ssl->handshake != NULL && - ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER ) - { - mbedtls_ssl_handshake_wrapup_free_hs_transform( ssl ); + if (ssl->handshake != NULL && + ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER) { + mbedtls_ssl_handshake_wrapup_free_hs_transform(ssl); } } #endif /* MBEDTLS_SSL_PROTO_DTLS */ - return( 0 ); + return 0; } -int mbedtls_ssl_send_fatal_handshake_failure( mbedtls_ssl_context *ssl ) +int mbedtls_ssl_send_fatal_handshake_failure(mbedtls_ssl_context *ssl) { - return( mbedtls_ssl_send_alert_message( ssl, - MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ) ); + return mbedtls_ssl_send_alert_message(ssl, + MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE); } -int mbedtls_ssl_send_alert_message( mbedtls_ssl_context *ssl, - unsigned char level, - unsigned char message ) +int mbedtls_ssl_send_alert_message(mbedtls_ssl_context *ssl, + unsigned char level, + unsigned char message) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - if( ssl == NULL || ssl->conf == NULL ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + if (ssl == NULL || ssl->conf == NULL) { + return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; + } - if( ssl->out_left != 0 ) - return( mbedtls_ssl_flush_output( ssl ) ); + if (ssl->out_left != 0) { + return mbedtls_ssl_flush_output(ssl); + } - MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> send alert message" ) ); - MBEDTLS_SSL_DEBUG_MSG( 3, ( "send alert level=%u message=%u", level, message )); + MBEDTLS_SSL_DEBUG_MSG(2, ("=> send alert message")); + MBEDTLS_SSL_DEBUG_MSG(3, ("send alert level=%u message=%u", level, message)); ssl->out_msgtype = MBEDTLS_SSL_MSG_ALERT; ssl->out_msglen = 2; ssl->out_msg[0] = level; ssl->out_msg[1] = message; - if( ( ret = mbedtls_ssl_write_record( ssl, SSL_FORCE_FLUSH ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_record", ret ); - return( ret ); + if ((ret = mbedtls_ssl_write_record(ssl, SSL_FORCE_FLUSH)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_record", ret); + return ret; } - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= send alert message" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("<= send alert message")); - return( 0 ); + return 0; } -int mbedtls_ssl_write_change_cipher_spec( mbedtls_ssl_context *ssl ) +int mbedtls_ssl_write_change_cipher_spec(mbedtls_ssl_context *ssl) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write change cipher spec" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("=> write change cipher spec")); ssl->out_msgtype = MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC; ssl->out_msglen = 1; @@ -5012,35 +4812,32 @@ int mbedtls_ssl_write_change_cipher_spec( mbedtls_ssl_context *ssl ) ssl->state++; - if( ( ret = mbedtls_ssl_write_handshake_msg( ssl ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_handshake_msg", ret ); - return( ret ); + if ((ret = mbedtls_ssl_write_handshake_msg(ssl)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg", ret); + return ret; } - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write change cipher spec" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("<= write change cipher spec")); - return( 0 ); + return 0; } -int mbedtls_ssl_parse_change_cipher_spec( mbedtls_ssl_context *ssl ) +int mbedtls_ssl_parse_change_cipher_spec(mbedtls_ssl_context *ssl) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse change cipher spec" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("=> parse change cipher spec")); - if( ( ret = mbedtls_ssl_read_record( ssl, 1 ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_read_record", ret ); - return( ret ); + if ((ret = mbedtls_ssl_read_record(ssl, 1)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_read_record", ret); + return ret; } - if( ssl->in_msgtype != MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad change cipher spec message" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE ); - return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE ); + if (ssl->in_msgtype != MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad change cipher spec message")); + mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE); + return MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE; } /* CCS records are only accepted if they have length 1 and content '1', @@ -5050,50 +4847,45 @@ int mbedtls_ssl_parse_change_cipher_spec( mbedtls_ssl_context *ssl ) * Switch to our negotiated transform and session parameters for inbound * data. */ - MBEDTLS_SSL_DEBUG_MSG( 3, ( "switching to new transform spec for inbound data" ) ); + MBEDTLS_SSL_DEBUG_MSG(3, ("switching to new transform spec for inbound data")); ssl->transform_in = ssl->transform_negotiate; ssl->session_in = ssl->session_negotiate; #if defined(MBEDTLS_SSL_PROTO_DTLS) - if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) - { + if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) - mbedtls_ssl_dtls_replay_reset( ssl ); + mbedtls_ssl_dtls_replay_reset(ssl); #endif /* Increment epoch */ - if( ++ssl->in_epoch == 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "DTLS epoch would wrap" ) ); + if (++ssl->in_epoch == 0) { + MBEDTLS_SSL_DEBUG_MSG(1, ("DTLS epoch would wrap")); /* This is highly unlikely to happen for legitimate reasons, so treat it as an attack and don't send an alert. */ - return( MBEDTLS_ERR_SSL_COUNTER_WRAPPING ); + return MBEDTLS_ERR_SSL_COUNTER_WRAPPING; } - } - else + } else #endif /* MBEDTLS_SSL_PROTO_DTLS */ - memset( ssl->in_ctr, 0, 8 ); + memset(ssl->in_ctr, 0, 8); - mbedtls_ssl_update_in_pointers( ssl ); + mbedtls_ssl_update_in_pointers(ssl); #if defined(MBEDTLS_SSL_HW_RECORD_ACCEL) - if( mbedtls_ssl_hw_record_activate != NULL ) - { - if( ( ret = mbedtls_ssl_hw_record_activate( ssl, MBEDTLS_SSL_CHANNEL_INBOUND ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_hw_record_activate", ret ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR ); - return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); + if (mbedtls_ssl_hw_record_activate != NULL) { + if ((ret = mbedtls_ssl_hw_record_activate(ssl, MBEDTLS_SSL_CHANNEL_INBOUND)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_hw_record_activate", ret); + mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR); + return MBEDTLS_ERR_SSL_HW_ACCEL_FAILED; } } #endif ssl->state++; - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse change cipher spec" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("<= parse change cipher spec")); - return( 0 ); + return 0; } /* Once ssl->out_hdr as the address of the beginning of the @@ -5105,32 +4897,32 @@ int mbedtls_ssl_parse_change_cipher_spec( mbedtls_ssl_context *ssl ) */ static size_t ssl_transform_get_explicit_iv_len( - mbedtls_ssl_transform const *transform ) + mbedtls_ssl_transform const *transform) { - if( transform->minor_ver < MBEDTLS_SSL_MINOR_VERSION_2 ) - return( 0 ); + if (transform->minor_ver < MBEDTLS_SSL_MINOR_VERSION_2) { + return 0; + } - return( transform->ivlen - transform->fixed_ivlen ); + return transform->ivlen - transform->fixed_ivlen; } -void mbedtls_ssl_update_out_pointers( mbedtls_ssl_context *ssl, - mbedtls_ssl_transform *transform ) +void mbedtls_ssl_update_out_pointers(mbedtls_ssl_context *ssl, + mbedtls_ssl_transform *transform) { #if defined(MBEDTLS_SSL_PROTO_DTLS) - if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) - { + if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { ssl->out_ctr = ssl->out_hdr + 3; #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) ssl->out_cid = ssl->out_ctr + 8; ssl->out_len = ssl->out_cid; - if( transform != NULL ) + if (transform != NULL) { ssl->out_len += transform->out_cid_len; + } #else /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ ssl->out_len = ssl->out_ctr + 8; #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ ssl->out_iv = ssl->out_len + 2; - } - else + } else #endif { ssl->out_ctr = ssl->out_hdr - 8; @@ -5143,8 +4935,9 @@ void mbedtls_ssl_update_out_pointers( mbedtls_ssl_context *ssl, ssl->out_msg = ssl->out_iv; /* Adjust out_msg to make space for explicit IV, if used. */ - if( transform != NULL ) - ssl->out_msg += ssl_transform_get_explicit_iv_len( transform ); + if (transform != NULL) { + ssl->out_msg += ssl_transform_get_explicit_iv_len(transform); + } } /* Once ssl->in_hdr as the address of the beginning of the @@ -5155,7 +4948,7 @@ void mbedtls_ssl_update_out_pointers( mbedtls_ssl_context *ssl, * and the caller has to make sure there's space for this. */ -void mbedtls_ssl_update_in_pointers( mbedtls_ssl_context *ssl ) +void mbedtls_ssl_update_in_pointers(mbedtls_ssl_context *ssl) { /* This function sets the pointers to match the case * of unprotected TLS/DTLS records, with both ssl->in_iv @@ -5168,8 +4961,7 @@ void mbedtls_ssl_update_in_pointers( mbedtls_ssl_context *ssl ) */ #if defined(MBEDTLS_SSL_PROTO_DTLS) - if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) - { + if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { /* This sets the header pointers to match records * without CID. When we receive a record containing * a CID, the fields are shifted accordingly in @@ -5182,8 +4974,7 @@ void mbedtls_ssl_update_in_pointers( mbedtls_ssl_context *ssl ) ssl->in_len = ssl->in_ctr + 8; #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ ssl->in_iv = ssl->in_len + 2; - } - else + } else #endif { ssl->in_ctr = ssl->in_hdr - 8; @@ -5202,16 +4993,14 @@ void mbedtls_ssl_update_in_pointers( mbedtls_ssl_context *ssl ) * Setup an SSL context */ -void mbedtls_ssl_reset_in_out_pointers( mbedtls_ssl_context *ssl ) +void mbedtls_ssl_reset_in_out_pointers(mbedtls_ssl_context *ssl) { /* Set the incoming and outgoing record pointers. */ #if defined(MBEDTLS_SSL_PROTO_DTLS) - if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) - { + if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { ssl->out_hdr = ssl->out_buf; ssl->in_hdr = ssl->in_buf; - } - else + } else #endif /* MBEDTLS_SSL_PROTO_DTLS */ { ssl->out_hdr = ssl->out_buf + 8; @@ -5219,29 +5008,28 @@ void mbedtls_ssl_reset_in_out_pointers( mbedtls_ssl_context *ssl ) } /* Derive other internal pointers. */ - mbedtls_ssl_update_out_pointers( ssl, NULL /* no transform enabled */ ); - mbedtls_ssl_update_in_pointers ( ssl ); + mbedtls_ssl_update_out_pointers(ssl, NULL /* no transform enabled */); + mbedtls_ssl_update_in_pointers(ssl); } /* * SSL get accessors */ -size_t mbedtls_ssl_get_bytes_avail( const mbedtls_ssl_context *ssl ) +size_t mbedtls_ssl_get_bytes_avail(const mbedtls_ssl_context *ssl) { - return( ssl->in_offt == NULL ? 0 : ssl->in_msglen ); + return ssl->in_offt == NULL ? 0 : ssl->in_msglen; } -int mbedtls_ssl_check_pending( const mbedtls_ssl_context *ssl ) +int mbedtls_ssl_check_pending(const mbedtls_ssl_context *ssl) { /* * Case A: We're currently holding back * a message for further processing. */ - if( ssl->keep_current_message == 1 ) - { - MBEDTLS_SSL_DEBUG_MSG( 3, ( "ssl_check_pending: record held back for processing" ) ); - return( 1 ); + if (ssl->keep_current_message == 1) { + MBEDTLS_SSL_DEBUG_MSG(3, ("ssl_check_pending: record held back for processing")); + return 1; } /* @@ -5249,11 +5037,10 @@ int mbedtls_ssl_check_pending( const mbedtls_ssl_context *ssl ) */ #if defined(MBEDTLS_SSL_PROTO_DTLS) - if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && - ssl->in_left > ssl->next_record_offset ) - { - MBEDTLS_SSL_DEBUG_MSG( 3, ( "ssl_check_pending: more records within current datagram" ) ); - return( 1 ); + if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && + ssl->in_left > ssl->next_record_offset) { + MBEDTLS_SSL_DEBUG_MSG(3, ("ssl_check_pending: more records within current datagram")); + return 1; } #endif /* MBEDTLS_SSL_PROTO_DTLS */ @@ -5261,19 +5048,18 @@ int mbedtls_ssl_check_pending( const mbedtls_ssl_context *ssl ) * Case C: A handshake message is being processed. */ - if( ssl->in_hslen > 0 && ssl->in_hslen < ssl->in_msglen ) - { - MBEDTLS_SSL_DEBUG_MSG( 3, ( "ssl_check_pending: more handshake messages within current record" ) ); - return( 1 ); + if (ssl->in_hslen > 0 && ssl->in_hslen < ssl->in_msglen) { + MBEDTLS_SSL_DEBUG_MSG(3, + ("ssl_check_pending: more handshake messages within current record")); + return 1; } /* * Case D: An application data message is being processed */ - if( ssl->in_offt != NULL ) - { - MBEDTLS_SSL_DEBUG_MSG( 3, ( "ssl_check_pending: application data record is being processed" ) ); - return( 1 ); + if (ssl->in_offt != NULL) { + MBEDTLS_SSL_DEBUG_MSG(3, ("ssl_check_pending: application data record is being processed")); + return 1; } /* @@ -5282,29 +5068,30 @@ int mbedtls_ssl_check_pending( const mbedtls_ssl_context *ssl ) * we implement support for multiple alerts in single records. */ - MBEDTLS_SSL_DEBUG_MSG( 3, ( "ssl_check_pending: nothing pending" ) ); - return( 0 ); + MBEDTLS_SSL_DEBUG_MSG(3, ("ssl_check_pending: nothing pending")); + return 0; } -int mbedtls_ssl_get_record_expansion( const mbedtls_ssl_context *ssl ) +int mbedtls_ssl_get_record_expansion(const mbedtls_ssl_context *ssl) { size_t transform_expansion = 0; const mbedtls_ssl_transform *transform = ssl->transform_out; unsigned block_size; - size_t out_hdr_len = mbedtls_ssl_out_hdr_len( ssl ); + size_t out_hdr_len = mbedtls_ssl_out_hdr_len(ssl); - if( transform == NULL ) - return( (int) out_hdr_len ); + if (transform == NULL) { + return (int) out_hdr_len; + } #if defined(MBEDTLS_ZLIB_SUPPORT) - if( ssl->session_out->compression != MBEDTLS_SSL_COMPRESS_NULL ) - return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE ); + if (ssl->session_out->compression != MBEDTLS_SSL_COMPRESS_NULL) { + return MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; + } #endif - switch( mbedtls_cipher_get_cipher_mode( &transform->cipher_ctx_enc ) ) - { + switch (mbedtls_cipher_get_cipher_mode(&transform->cipher_ctx_enc)) { case MBEDTLS_MODE_GCM: case MBEDTLS_MODE_CCM: case MBEDTLS_MODE_CHACHAPOLY: @@ -5315,7 +5102,7 @@ int mbedtls_ssl_get_record_expansion( const mbedtls_ssl_context *ssl ) case MBEDTLS_MODE_CBC: block_size = mbedtls_cipher_get_block_size( - &transform->cipher_ctx_enc ); + &transform->cipher_ctx_enc); /* Expansion due to the addition of the MAC. */ transform_expansion += transform->maclen; @@ -5328,23 +5115,25 @@ int mbedtls_ssl_get_record_expansion( const mbedtls_ssl_context *ssl ) /* For TLS 1.1 or higher, an explicit IV is added * after the record header. */ #if defined(MBEDTLS_SSL_PROTO_TLS1_1) || defined(MBEDTLS_SSL_PROTO_TLS1_2) - if( ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_2 ) + if (ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_2) { transform_expansion += block_size; + } #endif /* MBEDTLS_SSL_PROTO_TLS1_1 || MBEDTLS_SSL_PROTO_TLS1_2 */ break; default: - MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); + return MBEDTLS_ERR_SSL_INTERNAL_ERROR; } #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) - if( transform->out_cid_len != 0 ) + if (transform->out_cid_len != 0) { transform_expansion += MBEDTLS_SSL_MAX_CID_EXPANSION; + } #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ - return( (int)( out_hdr_len + transform_expansion ) ); + return (int) (out_hdr_len + transform_expansion); } #if defined(MBEDTLS_SSL_RENEGOTIATION) @@ -5352,58 +5141,57 @@ int mbedtls_ssl_get_record_expansion( const mbedtls_ssl_context *ssl ) * Check record counters and renegotiate if they're above the limit. */ MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_check_ctr_renegotiate( mbedtls_ssl_context *ssl ) +static int ssl_check_ctr_renegotiate(mbedtls_ssl_context *ssl) { - size_t ep_len = mbedtls_ssl_ep_len( ssl ); + size_t ep_len = mbedtls_ssl_ep_len(ssl); int in_ctr_cmp; int out_ctr_cmp; - if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER || + if (ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER || ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_PENDING || - ssl->conf->disable_renegotiation == MBEDTLS_SSL_RENEGOTIATION_DISABLED ) - { - return( 0 ); + ssl->conf->disable_renegotiation == MBEDTLS_SSL_RENEGOTIATION_DISABLED) { + return 0; } - in_ctr_cmp = memcmp( ssl->in_ctr + ep_len, - ssl->conf->renego_period + ep_len, 8 - ep_len ); - out_ctr_cmp = memcmp( ssl->cur_out_ctr + ep_len, - ssl->conf->renego_period + ep_len, 8 - ep_len ); + in_ctr_cmp = memcmp(ssl->in_ctr + ep_len, + ssl->conf->renego_period + ep_len, 8 - ep_len); + out_ctr_cmp = memcmp(ssl->cur_out_ctr + ep_len, + ssl->conf->renego_period + ep_len, 8 - ep_len); - if( in_ctr_cmp <= 0 && out_ctr_cmp <= 0 ) - { - return( 0 ); + if (in_ctr_cmp <= 0 && out_ctr_cmp <= 0) { + return 0; } - MBEDTLS_SSL_DEBUG_MSG( 1, ( "record counter limit reached: renegotiate" ) ); - return( mbedtls_ssl_renegotiate( ssl ) ); + MBEDTLS_SSL_DEBUG_MSG(1, ("record counter limit reached: renegotiate")); + return mbedtls_ssl_renegotiate(ssl); } #endif /* MBEDTLS_SSL_RENEGOTIATION */ /* * Receive application data decrypted from the SSL layer */ -int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len ) +int mbedtls_ssl_read(mbedtls_ssl_context *ssl, unsigned char *buf, size_t len) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t n; - if( ssl == NULL || ssl->conf == NULL ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + if (ssl == NULL || ssl->conf == NULL) { + return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; + } - MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> read" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("=> read")); #if defined(MBEDTLS_SSL_PROTO_DTLS) - if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) - { - if( ( ret = mbedtls_ssl_flush_output( ssl ) ) != 0 ) - return( ret ); + if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { + if ((ret = mbedtls_ssl_flush_output(ssl)) != 0) { + return ret; + } - if( ssl->handshake != NULL && - ssl->handshake->retransmit_state == MBEDTLS_SSL_RETRANS_SENDING ) - { - if( ( ret = mbedtls_ssl_flight_transmit( ssl ) ) != 0 ) - return( ret ); + if (ssl->handshake != NULL && + ssl->handshake->retransmit_state == MBEDTLS_SSL_RETRANS_SENDING) { + if ((ret = mbedtls_ssl_flight_transmit(ssl)) != 0) { + return ret; + } } } #endif @@ -5421,64 +5209,57 @@ int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len ) */ #if defined(MBEDTLS_SSL_RENEGOTIATION) - ret = ssl_check_ctr_renegotiate( ssl ); - if( ret != MBEDTLS_ERR_SSL_WAITING_SERVER_HELLO_RENEGO && - ret != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "ssl_check_ctr_renegotiate", ret ); - return( ret ); + ret = ssl_check_ctr_renegotiate(ssl); + if (ret != MBEDTLS_ERR_SSL_WAITING_SERVER_HELLO_RENEGO && + ret != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "ssl_check_ctr_renegotiate", ret); + return ret; } #endif - if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER ) - { - ret = mbedtls_ssl_handshake( ssl ); - if( ret != MBEDTLS_ERR_SSL_WAITING_SERVER_HELLO_RENEGO && - ret != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_handshake", ret ); - return( ret ); + if (ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER) { + ret = mbedtls_ssl_handshake(ssl); + if (ret != MBEDTLS_ERR_SSL_WAITING_SERVER_HELLO_RENEGO && + ret != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_handshake", ret); + return ret; } } /* Loop as long as no application data record is available */ - while( ssl->in_offt == NULL ) - { + while (ssl->in_offt == NULL) { /* Start timer if not already running */ - if( ssl->f_get_timer != NULL && - ssl->f_get_timer( ssl->p_timer ) == -1 ) - { - mbedtls_ssl_set_timer( ssl, ssl->conf->read_timeout ); + if (ssl->f_get_timer != NULL && + ssl->f_get_timer(ssl->p_timer) == -1) { + mbedtls_ssl_set_timer(ssl, ssl->conf->read_timeout); } - if( ( ret = mbedtls_ssl_read_record( ssl, 1 ) ) != 0 ) - { - if( ret == MBEDTLS_ERR_SSL_CONN_EOF ) - return( 0 ); + if ((ret = mbedtls_ssl_read_record(ssl, 1)) != 0) { + if (ret == MBEDTLS_ERR_SSL_CONN_EOF) { + return 0; + } - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_read_record", ret ); - return( ret ); + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_read_record", ret); + return ret; } - if( ssl->in_msglen == 0 && - ssl->in_msgtype == MBEDTLS_SSL_MSG_APPLICATION_DATA ) - { + if (ssl->in_msglen == 0 && + ssl->in_msgtype == MBEDTLS_SSL_MSG_APPLICATION_DATA) { /* * OpenSSL sends empty messages to randomize the IV */ - if( ( ret = mbedtls_ssl_read_record( ssl, 1 ) ) != 0 ) - { - if( ret == MBEDTLS_ERR_SSL_CONN_EOF ) - return( 0 ); + if ((ret = mbedtls_ssl_read_record(ssl, 1)) != 0) { + if (ret == MBEDTLS_ERR_SSL_CONN_EOF) { + return 0; + } - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_read_record", ret ); - return( ret ); + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_read_record", ret); + return ret; } } - if( ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "received handshake message" ) ); + if (ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE) { + MBEDTLS_SSL_DEBUG_MSG(1, ("received handshake message")); /* * - For client-side, expect SERVER_HELLO_REQUEST. @@ -5487,105 +5268,93 @@ int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len ) */ #if defined(MBEDTLS_SSL_CLI_C) - if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT && - ( ssl->in_msg[0] != MBEDTLS_SSL_HS_HELLO_REQUEST || - ssl->in_hslen != mbedtls_ssl_hs_hdr_len( ssl ) ) ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "handshake received (not HelloRequest)" ) ); + if (ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT && + (ssl->in_msg[0] != MBEDTLS_SSL_HS_HELLO_REQUEST || + ssl->in_hslen != mbedtls_ssl_hs_hdr_len(ssl))) { + MBEDTLS_SSL_DEBUG_MSG(1, ("handshake received (not HelloRequest)")); /* With DTLS, drop the packet (probably from last handshake) */ #if defined(MBEDTLS_SSL_PROTO_DTLS) - if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) - { + if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { continue; } #endif - return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE ); + return MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE; } #endif /* MBEDTLS_SSL_CLI_C */ #if defined(MBEDTLS_SSL_SRV_C) - if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER && - ssl->in_msg[0] != MBEDTLS_SSL_HS_CLIENT_HELLO ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "handshake received (not ClientHello)" ) ); + if (ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER && + ssl->in_msg[0] != MBEDTLS_SSL_HS_CLIENT_HELLO) { + MBEDTLS_SSL_DEBUG_MSG(1, ("handshake received (not ClientHello)")); /* With DTLS, drop the packet (probably from last handshake) */ #if defined(MBEDTLS_SSL_PROTO_DTLS) - if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) - { + if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { continue; } #endif - return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE ); + return MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE; } #endif /* MBEDTLS_SSL_SRV_C */ #if defined(MBEDTLS_SSL_RENEGOTIATION) /* Determine whether renegotiation attempt should be accepted */ - if( ! ( ssl->conf->disable_renegotiation == MBEDTLS_SSL_RENEGOTIATION_DISABLED || - ( ssl->secure_renegotiation == MBEDTLS_SSL_LEGACY_RENEGOTIATION && - ssl->conf->allow_legacy_renegotiation == - MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION ) ) ) - { + if (!(ssl->conf->disable_renegotiation == MBEDTLS_SSL_RENEGOTIATION_DISABLED || + (ssl->secure_renegotiation == MBEDTLS_SSL_LEGACY_RENEGOTIATION && + ssl->conf->allow_legacy_renegotiation == + MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION))) { /* * Accept renegotiation request */ /* DTLS clients need to know renego is server-initiated */ #if defined(MBEDTLS_SSL_PROTO_DTLS) - if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && - ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT ) - { + if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && + ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT) { ssl->renego_status = MBEDTLS_SSL_RENEGOTIATION_PENDING; } #endif - ret = mbedtls_ssl_start_renegotiation( ssl ); - if( ret != MBEDTLS_ERR_SSL_WAITING_SERVER_HELLO_RENEGO && - ret != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_start_renegotiation", - ret ); - return( ret ); + ret = mbedtls_ssl_start_renegotiation(ssl); + if (ret != MBEDTLS_ERR_SSL_WAITING_SERVER_HELLO_RENEGO && + ret != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_start_renegotiation", + ret); + return ret; } - } - else + } else #endif /* MBEDTLS_SSL_RENEGOTIATION */ { /* * Refuse renegotiation */ - MBEDTLS_SSL_DEBUG_MSG( 3, ( "refusing renegotiation, sending alert" ) ); + MBEDTLS_SSL_DEBUG_MSG(3, ("refusing renegotiation, sending alert")); #if defined(MBEDTLS_SSL_PROTO_SSL3) - if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ) - { + if (ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0) { /* SSLv3 does not have a "no_renegotiation" warning, so we send a fatal alert and abort the connection. */ - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE ); - return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE ); - } - else + mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE); + return MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE; + } else #endif /* MBEDTLS_SSL_PROTO_SSL3 */ #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \ - defined(MBEDTLS_SSL_PROTO_TLS1_2) - if( ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_1 ) - { - if( ( ret = mbedtls_ssl_send_alert_message( ssl, - MBEDTLS_SSL_ALERT_LEVEL_WARNING, - MBEDTLS_SSL_ALERT_MSG_NO_RENEGOTIATION ) ) != 0 ) - { - return( ret ); + defined(MBEDTLS_SSL_PROTO_TLS1_2) + if (ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_1) { + if ((ret = mbedtls_ssl_send_alert_message(ssl, + MBEDTLS_SSL_ALERT_LEVEL_WARNING, + MBEDTLS_SSL_ALERT_MSG_NO_RENEGOTIATION)) + != 0) { + return ret; } - } - else + } else #endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 || MBEDTLS_SSL_PROTO_TLS1_2 */ { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); + return MBEDTLS_ERR_SSL_INTERNAL_ERROR; } } @@ -5610,84 +5379,77 @@ int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len ) continue; } #if defined(MBEDTLS_SSL_RENEGOTIATION) - else if( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_PENDING ) - { - if( ssl->conf->renego_max_records >= 0 ) - { - if( ++ssl->renego_records_seen > ssl->conf->renego_max_records ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "renegotiation requested, " - "but not honored by client" ) ); - return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE ); + else if (ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_PENDING) { + if (ssl->conf->renego_max_records >= 0) { + if (++ssl->renego_records_seen > ssl->conf->renego_max_records) { + MBEDTLS_SSL_DEBUG_MSG(1, ("renegotiation requested, " + "but not honored by client")); + return MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE; } } } #endif /* MBEDTLS_SSL_RENEGOTIATION */ /* Fatal and closure alerts handled by mbedtls_ssl_read_record() */ - if( ssl->in_msgtype == MBEDTLS_SSL_MSG_ALERT ) - { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "ignoring non-fatal non-closure alert" ) ); - return( MBEDTLS_ERR_SSL_WANT_READ ); + if (ssl->in_msgtype == MBEDTLS_SSL_MSG_ALERT) { + MBEDTLS_SSL_DEBUG_MSG(2, ("ignoring non-fatal non-closure alert")); + return MBEDTLS_ERR_SSL_WANT_READ; } - if( ssl->in_msgtype != MBEDTLS_SSL_MSG_APPLICATION_DATA ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad application data message" ) ); - return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE ); + if (ssl->in_msgtype != MBEDTLS_SSL_MSG_APPLICATION_DATA) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad application data message")); + return MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE; } ssl->in_offt = ssl->in_msg; /* We're going to return something now, cancel timer, * except if handshake (renegotiation) is in progress */ - if( ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER ) - mbedtls_ssl_set_timer( ssl, 0 ); + if (ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER) { + mbedtls_ssl_set_timer(ssl, 0); + } #if defined(MBEDTLS_SSL_PROTO_DTLS) /* If we requested renego but received AppData, resend HelloRequest. * Do it now, after setting in_offt, to avoid taking this branch * again if ssl_write_hello_request() returns WANT_WRITE */ #if defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_RENEGOTIATION) - if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER && - ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_PENDING ) - { - if( ( ret = mbedtls_ssl_resend_hello_request( ssl ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_resend_hello_request", - ret ); - return( ret ); + if (ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER && + ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_PENDING) { + if ((ret = mbedtls_ssl_resend_hello_request(ssl)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_resend_hello_request", + ret); + return ret; } } #endif /* MBEDTLS_SSL_SRV_C && MBEDTLS_SSL_RENEGOTIATION */ #endif /* MBEDTLS_SSL_PROTO_DTLS */ } - n = ( len < ssl->in_msglen ) + n = (len < ssl->in_msglen) ? len : ssl->in_msglen; - memcpy( buf, ssl->in_offt, n ); - ssl->in_msglen -= n; + if (len != 0) { + memcpy(buf, ssl->in_offt, n); + ssl->in_msglen -= n; + } /* Zeroising the plaintext buffer to erase unused application data from the memory. */ - mbedtls_platform_zeroize( ssl->in_offt, n ); + mbedtls_platform_zeroize(ssl->in_offt, n); - if( ssl->in_msglen == 0 ) - { + if (ssl->in_msglen == 0) { /* all bytes consumed */ ssl->in_offt = NULL; ssl->keep_current_message = 0; - } - else - { + } else { /* more data available */ ssl->in_offt += n; } - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= read" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("<= read")); - return( (int) n ); + return (int) n; } /* @@ -5703,50 +5465,42 @@ int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len ) * corresponding return code is 0 on success. */ MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_write_real( mbedtls_ssl_context *ssl, - const unsigned char *buf, size_t len ) +static int ssl_write_real(mbedtls_ssl_context *ssl, + const unsigned char *buf, size_t len) { - int ret = mbedtls_ssl_get_max_out_record_payload( ssl ); + int ret = mbedtls_ssl_get_max_out_record_payload(ssl); const size_t max_len = (size_t) ret; - if( ret < 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_get_max_out_record_payload", ret ); - return( ret ); + if (ret < 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_get_max_out_record_payload", ret); + return ret; } - if( len > max_len ) - { + if (len > max_len) { #if defined(MBEDTLS_SSL_PROTO_DTLS) - if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "fragment larger than the (negotiated) " - "maximum fragment length: %" MBEDTLS_PRINTF_SIZET - " > %" MBEDTLS_PRINTF_SIZET, - len, max_len ) ); - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); - } - else + if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { + MBEDTLS_SSL_DEBUG_MSG(1, ("fragment larger than the (negotiated) " + "maximum fragment length: %" MBEDTLS_PRINTF_SIZET + " > %" MBEDTLS_PRINTF_SIZET, + len, max_len)); + return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; + } else #endif - len = max_len; + len = max_len; } - if( ssl->out_left != 0 ) - { + if (ssl->out_left != 0) { /* * The user has previously tried to send the data and * MBEDTLS_ERR_SSL_WANT_WRITE or the message was only partially * written. In this case, we expect the high-level write function * (e.g. mbedtls_ssl_write()) to be called with the same parameters */ - if( ( ret = mbedtls_ssl_flush_output( ssl ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_flush_output", ret ); - return( ret ); + if ((ret = mbedtls_ssl_flush_output(ssl)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_flush_output", ret); + return ret; } - } - else - { + } else { /* * The user is trying to send a message the first time, so we need to * copy the data into the internal buffers and setup the data structure @@ -5754,16 +5508,17 @@ static int ssl_write_real( mbedtls_ssl_context *ssl, */ ssl->out_msglen = len; ssl->out_msgtype = MBEDTLS_SSL_MSG_APPLICATION_DATA; - memcpy( ssl->out_msg, buf, len ); + if (len > 0) { + memcpy(ssl->out_msg, buf, len); + } - if( ( ret = mbedtls_ssl_write_record( ssl, SSL_FORCE_FLUSH ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_record", ret ); - return( ret ); + if ((ret = mbedtls_ssl_write_record(ssl, SSL_FORCE_FLUSH)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_record", ret); + return ret; } } - return( (int) len ); + return (int) len; } /* @@ -5775,156 +5530,156 @@ static int ssl_write_real( mbedtls_ssl_context *ssl, */ #if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING) MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_write_split( mbedtls_ssl_context *ssl, - const unsigned char *buf, size_t len ) +static int ssl_write_split(mbedtls_ssl_context *ssl, + const unsigned char *buf, size_t len) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - if( ssl->conf->cbc_record_splitting == - MBEDTLS_SSL_CBC_RECORD_SPLITTING_DISABLED || + if (ssl->conf->cbc_record_splitting == + MBEDTLS_SSL_CBC_RECORD_SPLITTING_DISABLED || len <= 1 || ssl->minor_ver > MBEDTLS_SSL_MINOR_VERSION_1 || - mbedtls_cipher_get_cipher_mode( &ssl->transform_out->cipher_ctx_enc ) - != MBEDTLS_MODE_CBC ) - { - return( ssl_write_real( ssl, buf, len ) ); + mbedtls_cipher_get_cipher_mode(&ssl->transform_out->cipher_ctx_enc) + != MBEDTLS_MODE_CBC) { + return ssl_write_real(ssl, buf, len); } - if( ssl->split_done == 0 ) - { - if( ( ret = ssl_write_real( ssl, buf, 1 ) ) <= 0 ) - return( ret ); + if (ssl->split_done == 0) { + if ((ret = ssl_write_real(ssl, buf, 1)) <= 0) { + return ret; + } ssl->split_done = 1; } - if( ( ret = ssl_write_real( ssl, buf + 1, len - 1 ) ) <= 0 ) - return( ret ); + if ((ret = ssl_write_real(ssl, buf + 1, len - 1)) <= 0) { + return ret; + } ssl->split_done = 0; - return( ret + 1 ); + return ret + 1; } #endif /* MBEDTLS_SSL_CBC_RECORD_SPLITTING */ /* * Write application data (public-facing wrapper) */ -int mbedtls_ssl_write( mbedtls_ssl_context *ssl, const unsigned char *buf, size_t len ) +int mbedtls_ssl_write(mbedtls_ssl_context *ssl, const unsigned char *buf, size_t len) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("=> write")); - if( ssl == NULL || ssl->conf == NULL ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + if (ssl == NULL || ssl->conf == NULL) { + return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; + } #if defined(MBEDTLS_SSL_RENEGOTIATION) - if( ( ret = ssl_check_ctr_renegotiate( ssl ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "ssl_check_ctr_renegotiate", ret ); - return( ret ); + if ((ret = ssl_check_ctr_renegotiate(ssl)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "ssl_check_ctr_renegotiate", ret); + return ret; } #endif - if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER ) - { - if( ( ret = mbedtls_ssl_handshake( ssl ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_handshake", ret ); - return( ret ); + if (ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER) { + if ((ret = mbedtls_ssl_handshake(ssl)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_handshake", ret); + return ret; } } #if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING) - ret = ssl_write_split( ssl, buf, len ); + ret = ssl_write_split(ssl, buf, len); #else - ret = ssl_write_real( ssl, buf, len ); + ret = ssl_write_real(ssl, buf, len); #endif - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("<= write")); - return( ret ); + return ret; } /* * Notify the peer that the connection is being closed */ -int mbedtls_ssl_close_notify( mbedtls_ssl_context *ssl ) +int mbedtls_ssl_close_notify(mbedtls_ssl_context *ssl) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - if( ssl == NULL || ssl->conf == NULL ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + if (ssl == NULL || ssl->conf == NULL) { + return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; + } - MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write close notify" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("=> write close notify")); - if( ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER ) - { - if( ( ret = mbedtls_ssl_send_alert_message( ssl, - MBEDTLS_SSL_ALERT_LEVEL_WARNING, - MBEDTLS_SSL_ALERT_MSG_CLOSE_NOTIFY ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_send_alert_message", ret ); - return( ret ); + if (ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER) { + if ((ret = mbedtls_ssl_send_alert_message(ssl, + MBEDTLS_SSL_ALERT_LEVEL_WARNING, + MBEDTLS_SSL_ALERT_MSG_CLOSE_NOTIFY)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_send_alert_message", ret); + return ret; } } - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write close notify" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("<= write close notify")); - return( 0 ); + return 0; } -void mbedtls_ssl_transform_free( mbedtls_ssl_transform *transform ) +void mbedtls_ssl_transform_free(mbedtls_ssl_transform *transform) { - if( transform == NULL ) + if (transform == NULL) { return; + } #if defined(MBEDTLS_ZLIB_SUPPORT) - deflateEnd( &transform->ctx_deflate ); - inflateEnd( &transform->ctx_inflate ); + deflateEnd(&transform->ctx_deflate); + inflateEnd(&transform->ctx_inflate); #endif - mbedtls_cipher_free( &transform->cipher_ctx_enc ); - mbedtls_cipher_free( &transform->cipher_ctx_dec ); + mbedtls_cipher_free(&transform->cipher_ctx_enc); + mbedtls_cipher_free(&transform->cipher_ctx_dec); #if defined(MBEDTLS_SSL_SOME_MODES_USE_MAC) - mbedtls_md_free( &transform->md_ctx_enc ); - mbedtls_md_free( &transform->md_ctx_dec ); + mbedtls_md_free(&transform->md_ctx_enc); + mbedtls_md_free(&transform->md_ctx_dec); #endif - mbedtls_platform_zeroize( transform, sizeof( mbedtls_ssl_transform ) ); + mbedtls_platform_zeroize(transform, sizeof(mbedtls_ssl_transform)); } #if defined(MBEDTLS_SSL_PROTO_DTLS) -void mbedtls_ssl_buffering_free( mbedtls_ssl_context *ssl ) +void mbedtls_ssl_buffering_free(mbedtls_ssl_context *ssl) { unsigned offset; mbedtls_ssl_handshake_params * const hs = ssl->handshake; - if( hs == NULL ) + if (hs == NULL) { return; + } - ssl_free_buffered_record( ssl ); + ssl_free_buffered_record(ssl); - for( offset = 0; offset < MBEDTLS_SSL_MAX_BUFFERED_HS; offset++ ) - ssl_buffering_free_slot( ssl, offset ); + for (offset = 0; offset < MBEDTLS_SSL_MAX_BUFFERED_HS; offset++) { + ssl_buffering_free_slot(ssl, offset); + } } -static void ssl_buffering_free_slot( mbedtls_ssl_context *ssl, - uint8_t slot ) +static void ssl_buffering_free_slot(mbedtls_ssl_context *ssl, + uint8_t slot) { mbedtls_ssl_handshake_params * const hs = ssl->handshake; mbedtls_ssl_hs_buffer * const hs_buf = &hs->buffering.hs[slot]; - if( slot >= MBEDTLS_SSL_MAX_BUFFERED_HS ) + if (slot >= MBEDTLS_SSL_MAX_BUFFERED_HS) { return; + } - if( hs_buf->is_valid == 1 ) - { + if (hs_buf->is_valid == 1) { hs->buffering.total_bytes_buffered -= hs_buf->data_len; - mbedtls_platform_zeroize( hs_buf->data, hs_buf->data_len ); - mbedtls_free( hs_buf->data ); - memset( hs_buf, 0, sizeof( mbedtls_ssl_hs_buffer ) ); + mbedtls_platform_zeroize(hs_buf->data, hs_buf->data_len); + mbedtls_free(hs_buf->data); + memset(hs_buf, 0, sizeof(mbedtls_ssl_hs_buffer)); } } @@ -5939,19 +5694,18 @@ static void ssl_buffering_free_slot( mbedtls_ssl_context *ssl, * 1.0 <-> 3.2 (DTLS 1.0 is based on TLS 1.1) * 1.x <-> 3.x+1 for x != 0 (DTLS 1.2 based on TLS 1.2) */ -void mbedtls_ssl_write_version( int major, int minor, int transport, - unsigned char ver[2] ) +void mbedtls_ssl_write_version(int major, int minor, int transport, + unsigned char ver[2]) { #if defined(MBEDTLS_SSL_PROTO_DTLS) - if( transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) - { - if( minor == MBEDTLS_SSL_MINOR_VERSION_2 ) + if (transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { + if (minor == MBEDTLS_SSL_MINOR_VERSION_2) { --minor; /* DTLS 1.0 stored as TLS 1.1 internally */ - ver[0] = (unsigned char)( 255 - ( major - 2 ) ); - ver[1] = (unsigned char)( 255 - ( minor - 1 ) ); - } - else + } + ver[0] = (unsigned char) (255 - (major - 2)); + ver[1] = (unsigned char) (255 - (minor - 1)); + } else #else ((void) transport); #endif @@ -5961,19 +5715,18 @@ void mbedtls_ssl_write_version( int major, int minor, int transport, } } -void mbedtls_ssl_read_version( int *major, int *minor, int transport, - const unsigned char ver[2] ) +void mbedtls_ssl_read_version(int *major, int *minor, int transport, + const unsigned char ver[2]) { #if defined(MBEDTLS_SSL_PROTO_DTLS) - if( transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) - { + if (transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { *major = 255 - ver[0] + 2; *minor = 255 - ver[1] + 1; - if( *minor == MBEDTLS_SSL_MINOR_VERSION_1 ) + if (*minor == MBEDTLS_SSL_MINOR_VERSION_1) { ++*minor; /* DTLS 1.0 stored as TLS 1.1 internally */ - } - else + } + } else #else ((void) transport); #endif diff --git a/thirdparty/mbedtls/library/ssl_srv.c b/thirdparty/mbedtls/library/ssl_srv.c index 0563c0b590..994661a44c 100644 --- a/thirdparty/mbedtls/library/ssl_srv.c +++ b/thirdparty/mbedtls/library/ssl_srv.c @@ -42,28 +42,30 @@ #endif #if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) -int mbedtls_ssl_set_client_transport_id( mbedtls_ssl_context *ssl, - const unsigned char *info, - size_t ilen ) +int mbedtls_ssl_set_client_transport_id(mbedtls_ssl_context *ssl, + const unsigned char *info, + size_t ilen) { - if( ssl->conf->endpoint != MBEDTLS_SSL_IS_SERVER ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + if (ssl->conf->endpoint != MBEDTLS_SSL_IS_SERVER) { + return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; + } - mbedtls_free( ssl->cli_id ); + mbedtls_free(ssl->cli_id); - if( ( ssl->cli_id = mbedtls_calloc( 1, ilen ) ) == NULL ) - return( MBEDTLS_ERR_SSL_ALLOC_FAILED ); + if ((ssl->cli_id = mbedtls_calloc(1, ilen)) == NULL) { + return MBEDTLS_ERR_SSL_ALLOC_FAILED; + } - memcpy( ssl->cli_id, info, ilen ); + memcpy(ssl->cli_id, info, ilen); ssl->cli_id_len = ilen; - return( 0 ); + return 0; } -void mbedtls_ssl_conf_dtls_cookies( mbedtls_ssl_config *conf, - mbedtls_ssl_cookie_write_t *f_cookie_write, - mbedtls_ssl_cookie_check_t *f_cookie_check, - void *p_cookie ) +void mbedtls_ssl_conf_dtls_cookies(mbedtls_ssl_config *conf, + mbedtls_ssl_cookie_write_t *f_cookie_write, + mbedtls_ssl_cookie_check_t *f_cookie_check, + void *p_cookie) { conf->f_cookie_write = f_cookie_write; conf->f_cookie_check = f_cookie_check; @@ -73,153 +75,147 @@ void mbedtls_ssl_conf_dtls_cookies( mbedtls_ssl_config *conf, #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_parse_servername_ext( mbedtls_ssl_context *ssl, - const unsigned char *buf, - size_t len ) +static int ssl_parse_servername_ext(mbedtls_ssl_context *ssl, + const unsigned char *buf, + size_t len) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t servername_list_size, hostname_len; const unsigned char *p; - MBEDTLS_SSL_DEBUG_MSG( 3, ( "parse ServerName extension" ) ); + MBEDTLS_SSL_DEBUG_MSG(3, ("parse ServerName extension")); - if( len < 2 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + if (len < 2) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message")); + mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); + return MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO; } - servername_list_size = ( ( buf[0] << 8 ) | ( buf[1] ) ); - if( servername_list_size + 2 != len ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + servername_list_size = ((buf[0] << 8) | (buf[1])); + if (servername_list_size + 2 != len) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message")); + mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); + return MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO; } p = buf + 2; - while( servername_list_size > 2 ) - { - hostname_len = ( ( p[1] << 8 ) | p[2] ); - if( hostname_len + 3 > servername_list_size ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + while (servername_list_size > 2) { + hostname_len = ((p[1] << 8) | p[2]); + if (hostname_len + 3 > servername_list_size) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message")); + mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); + return MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO; } - if( p[0] == MBEDTLS_TLS_EXT_SERVERNAME_HOSTNAME ) - { - ret = ssl->conf->f_sni( ssl->conf->p_sni, - ssl, p + 3, hostname_len ); - if( ret != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "ssl_sni_wrapper", ret ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_UNRECOGNIZED_NAME ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + if (p[0] == MBEDTLS_TLS_EXT_SERVERNAME_HOSTNAME) { + ret = ssl->conf->f_sni(ssl->conf->p_sni, + ssl, p + 3, hostname_len); + if (ret != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "ssl_sni_wrapper", ret); + mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_UNRECOGNIZED_NAME); + return MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO; } - return( 0 ); + return 0; } servername_list_size -= hostname_len + 3; p += hostname_len + 3; } - if( servername_list_size != 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + if (servername_list_size != 0) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message")); + mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER); + return MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO; } - return( 0 ); + return 0; } #endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */ #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_conf_has_psk_or_cb( mbedtls_ssl_config const *conf ) +static int ssl_conf_has_psk_or_cb(mbedtls_ssl_config const *conf) { - if( conf->f_psk != NULL ) - return( 1 ); + if (conf->f_psk != NULL) { + return 1; + } - if( conf->psk_identity_len == 0 || conf->psk_identity == NULL ) - return( 0 ); + if (conf->psk_identity_len == 0 || conf->psk_identity == NULL) { + return 0; + } - if( conf->psk != NULL && conf->psk_len != 0 ) - return( 1 ); + if (conf->psk != NULL && conf->psk_len != 0) { + return 1; + } #if defined(MBEDTLS_USE_PSA_CRYPTO) - if( ! mbedtls_svc_key_id_is_null( conf->psk_opaque ) ) - return( 1 ); + if (!mbedtls_svc_key_id_is_null(conf->psk_opaque)) { + return 1; + } #endif /* MBEDTLS_USE_PSA_CRYPTO */ - return( 0 ); + return 0; } #if defined(MBEDTLS_USE_PSA_CRYPTO) MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_use_opaque_psk( mbedtls_ssl_context const *ssl ) +static int ssl_use_opaque_psk(mbedtls_ssl_context const *ssl) { - if( ssl->conf->f_psk != NULL ) - { + if (ssl->conf->f_psk != NULL) { /* If we've used a callback to select the PSK, * the static configuration is irrelevant. */ - if( ! mbedtls_svc_key_id_is_null( ssl->handshake->psk_opaque ) ) - return( 1 ); + if (!mbedtls_svc_key_id_is_null(ssl->handshake->psk_opaque)) { + return 1; + } - return( 0 ); + return 0; } - if( ! mbedtls_svc_key_id_is_null( ssl->conf->psk_opaque ) ) - return( 1 ); + if (!mbedtls_svc_key_id_is_null(ssl->conf->psk_opaque)) { + return 1; + } - return( 0 ); + return 0; } #endif /* MBEDTLS_USE_PSA_CRYPTO */ #endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_parse_renegotiation_info( mbedtls_ssl_context *ssl, - const unsigned char *buf, - size_t len ) +static int ssl_parse_renegotiation_info(mbedtls_ssl_context *ssl, + const unsigned char *buf, + size_t len) { #if defined(MBEDTLS_SSL_RENEGOTIATION) - if( ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE ) - { + if (ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE) { /* Check verify-data in constant-time. The length OTOH is no secret */ - if( len != 1 + ssl->verify_data_len || + if (len != 1 + ssl->verify_data_len || buf[0] != ssl->verify_data_len || - mbedtls_ct_memcmp( buf + 1, ssl->peer_verify_data, - ssl->verify_data_len ) != 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "non-matching renegotiation info" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + mbedtls_ct_memcmp(buf + 1, ssl->peer_verify_data, + ssl->verify_data_len) != 0) { + MBEDTLS_SSL_DEBUG_MSG(1, ("non-matching renegotiation info")); + mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE); + return MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO; } - } - else + } else #endif /* MBEDTLS_SSL_RENEGOTIATION */ { - if( len != 1 || buf[0] != 0x0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "non-zero length renegotiation info" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + if (len != 1 || buf[0] != 0x0) { + MBEDTLS_SSL_DEBUG_MSG(1, ("non-zero length renegotiation info")); + mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE); + return MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO; } ssl->secure_renegotiation = MBEDTLS_SSL_SECURE_RENEGOTIATION; } - return( 0 ); + return 0; } #if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \ @@ -238,9 +234,9 @@ static int ssl_parse_renegotiation_info( mbedtls_ssl_context *ssl, * */ MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_parse_signature_algorithms_ext( mbedtls_ssl_context *ssl, - const unsigned char *buf, - size_t len ) +static int ssl_parse_signature_algorithms_ext(mbedtls_ssl_context *ssl, + const unsigned char *buf, + size_t len) { size_t sig_alg_list_size; @@ -250,20 +246,19 @@ static int ssl_parse_signature_algorithms_ext( mbedtls_ssl_context *ssl, mbedtls_md_type_t md_cur; mbedtls_pk_type_t sig_cur; - if ( len < 2 ) { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + if (len < 2) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message")); + mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); + return MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO; } - sig_alg_list_size = ( ( buf[0] << 8 ) | ( buf[1] ) ); - if( sig_alg_list_size + 2 != len || - sig_alg_list_size % 2 != 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + sig_alg_list_size = ((buf[0] << 8) | (buf[1])); + if (sig_alg_list_size + 2 != len || + sig_alg_list_size % 2 != 0) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message")); + mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); + return MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO; } /* Currently we only guarantee signing the ServerKeyExchange message according @@ -275,41 +270,35 @@ static int ssl_parse_signature_algorithms_ext( mbedtls_ssl_context *ssl, * pair list from the extension. */ - for( p = buf + 2; p < end; p += 2 ) - { + for (p = buf + 2; p < end; p += 2) { /* Silently ignore unknown signature or hash algorithms. */ - if( ( sig_cur = mbedtls_ssl_pk_alg_from_sig( p[1] ) ) == MBEDTLS_PK_NONE ) - { - MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello v3, signature_algorithm ext" - " unknown sig alg encoding %d", p[1] ) ); + if ((sig_cur = mbedtls_ssl_pk_alg_from_sig(p[1])) == MBEDTLS_PK_NONE) { + MBEDTLS_SSL_DEBUG_MSG(3, ("client hello v3, signature_algorithm ext" + " unknown sig alg encoding %d", p[1])); continue; } /* Check if we support the hash the user proposes */ - md_cur = mbedtls_ssl_md_alg_from_hash( p[0] ); - if( md_cur == MBEDTLS_MD_NONE ) - { - MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello v3, signature_algorithm ext:" - " unknown hash alg encoding %d", p[0] ) ); + md_cur = mbedtls_ssl_md_alg_from_hash(p[0]); + if (md_cur == MBEDTLS_MD_NONE) { + MBEDTLS_SSL_DEBUG_MSG(3, ("client hello v3, signature_algorithm ext:" + " unknown hash alg encoding %d", p[0])); continue; } - if( mbedtls_ssl_check_sig_hash( ssl, md_cur ) == 0 ) - { - mbedtls_ssl_sig_hash_set_add( &ssl->handshake->hash_algs, sig_cur, md_cur ); - MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello v3, signature_algorithm ext:" - " match sig %u and hash %u", - (unsigned) sig_cur, (unsigned) md_cur ) ); - } - else - { - MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello v3, signature_algorithm ext: " - "hash alg %u not supported", (unsigned) md_cur ) ); + if (mbedtls_ssl_check_sig_hash(ssl, md_cur) == 0) { + mbedtls_ssl_sig_hash_set_add(&ssl->handshake->hash_algs, sig_cur, md_cur); + MBEDTLS_SSL_DEBUG_MSG(3, ("client hello v3, signature_algorithm ext:" + " match sig %u and hash %u", + (unsigned) sig_cur, (unsigned) md_cur)); + } else { + MBEDTLS_SSL_DEBUG_MSG(3, ("client hello v3, signature_algorithm ext: " + "hash alg %u not supported", (unsigned) md_cur)); } } - return( 0 ); + return 0; } #endif /* MBEDTLS_SSL_PROTO_TLS1_2 && MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ @@ -317,61 +306,57 @@ static int ssl_parse_signature_algorithms_ext( mbedtls_ssl_context *ssl, #if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \ defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_parse_supported_elliptic_curves( mbedtls_ssl_context *ssl, - const unsigned char *buf, - size_t len ) +static int ssl_parse_supported_elliptic_curves(mbedtls_ssl_context *ssl, + const unsigned char *buf, + size_t len) { size_t list_size, our_size; const unsigned char *p; const mbedtls_ecp_curve_info *curve_info, **curves; - if ( len < 2 ) { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + if (len < 2) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message")); + mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); + return MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO; } - list_size = ( ( buf[0] << 8 ) | ( buf[1] ) ); - if( list_size + 2 != len || - list_size % 2 != 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + list_size = ((buf[0] << 8) | (buf[1])); + if (list_size + 2 != len || + list_size % 2 != 0) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message")); + mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); + return MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO; } /* Should never happen unless client duplicates the extension */ - if( ssl->handshake->curves != NULL ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + if (ssl->handshake->curves != NULL) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message")); + mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); + return MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO; } /* Don't allow our peer to make us allocate too much memory, * and leave room for a final 0 */ our_size = list_size / 2 + 1; - if( our_size > MBEDTLS_ECP_DP_MAX ) + if (our_size > MBEDTLS_ECP_DP_MAX) { our_size = MBEDTLS_ECP_DP_MAX; + } - if( ( curves = mbedtls_calloc( our_size, sizeof( *curves ) ) ) == NULL ) - { - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR ); - return( MBEDTLS_ERR_SSL_ALLOC_FAILED ); + if ((curves = mbedtls_calloc(our_size, sizeof(*curves))) == NULL) { + mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR); + return MBEDTLS_ERR_SSL_ALLOC_FAILED; } ssl->handshake->curves = curves; p = buf + 2; - while( list_size > 0 && our_size > 1 ) - { - curve_info = mbedtls_ecp_curve_info_from_tls_id( ( p[0] << 8 ) | p[1] ); + while (list_size > 0 && our_size > 1) { + curve_info = mbedtls_ecp_curve_info_from_tls_id((p[0] << 8) | p[1]); - if( curve_info != NULL ) - { + if (curve_info != NULL) { *curves++ = curve_info; our_size--; } @@ -380,116 +365,109 @@ static int ssl_parse_supported_elliptic_curves( mbedtls_ssl_context *ssl, p += 2; } - return( 0 ); + return 0; } MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_parse_supported_point_formats( mbedtls_ssl_context *ssl, - const unsigned char *buf, - size_t len ) +static int ssl_parse_supported_point_formats(mbedtls_ssl_context *ssl, + const unsigned char *buf, + size_t len) { size_t list_size; const unsigned char *p; - if( len == 0 || (size_t)( buf[0] + 1 ) != len ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + if (len == 0 || (size_t) (buf[0] + 1) != len) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message")); + mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); + return MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO; } list_size = buf[0]; p = buf + 1; - while( list_size > 0 ) - { - if( p[0] == MBEDTLS_ECP_PF_UNCOMPRESSED || - p[0] == MBEDTLS_ECP_PF_COMPRESSED ) - { + while (list_size > 0) { + if (p[0] == MBEDTLS_ECP_PF_UNCOMPRESSED || + p[0] == MBEDTLS_ECP_PF_COMPRESSED) { #if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) ssl->handshake->ecdh_ctx.point_format = p[0]; #endif #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) ssl->handshake->ecjpake_ctx.point_format = p[0]; #endif - MBEDTLS_SSL_DEBUG_MSG( 4, ( "point format selected: %d", p[0] ) ); - return( 0 ); + MBEDTLS_SSL_DEBUG_MSG(4, ("point format selected: %d", p[0])); + return 0; } list_size--; p++; } - return( 0 ); + return 0; } #endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C || MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_parse_ecjpake_kkpp( mbedtls_ssl_context *ssl, - const unsigned char *buf, - size_t len ) +static int ssl_parse_ecjpake_kkpp(mbedtls_ssl_context *ssl, + const unsigned char *buf, + size_t len) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - if( mbedtls_ecjpake_check( &ssl->handshake->ecjpake_ctx ) != 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 3, ( "skip ecjpake kkpp extension" ) ); - return( 0 ); + if (mbedtls_ecjpake_check(&ssl->handshake->ecjpake_ctx) != 0) { + MBEDTLS_SSL_DEBUG_MSG(3, ("skip ecjpake kkpp extension")); + return 0; } - if( ( ret = mbedtls_ecjpake_read_round_one( &ssl->handshake->ecjpake_ctx, - buf, len ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecjpake_read_round_one", ret ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER ); - return( ret ); + if ((ret = mbedtls_ecjpake_read_round_one(&ssl->handshake->ecjpake_ctx, + buf, len)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ecjpake_read_round_one", ret); + mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER); + return ret; } /* Only mark the extension as OK when we're sure it is */ ssl->handshake->cli_exts |= MBEDTLS_TLS_EXT_ECJPAKE_KKPP_OK; - return( 0 ); + return 0; } #endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_parse_max_fragment_length_ext( mbedtls_ssl_context *ssl, - const unsigned char *buf, - size_t len ) +static int ssl_parse_max_fragment_length_ext(mbedtls_ssl_context *ssl, + const unsigned char *buf, + size_t len) { - if( len != 1 || buf[0] >= MBEDTLS_SSL_MAX_FRAG_LEN_INVALID ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + if (len != 1 || buf[0] >= MBEDTLS_SSL_MAX_FRAG_LEN_INVALID) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message")); + mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER); + return MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO; } ssl->session_negotiate->mfl_code = buf[0]; - return( 0 ); + return 0; } #endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */ #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_parse_cid_ext( mbedtls_ssl_context *ssl, - const unsigned char *buf, - size_t len ) +static int ssl_parse_cid_ext(mbedtls_ssl_context *ssl, + const unsigned char *buf, + size_t len) { size_t peer_cid_len; /* CID extension only makes sense in DTLS */ - if( ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + if (ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message")); + mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER); + return MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO; } /* @@ -499,179 +477,170 @@ static int ssl_parse_cid_ext( mbedtls_ssl_context *ssl, * struct { * opaque cid<0..2^8-1>; * } ConnectionId; - */ + */ - if( len < 1 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + if (len < 1) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message")); + mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER); + return MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO; } peer_cid_len = *buf++; len--; - if( len != peer_cid_len ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + if (len != peer_cid_len) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message")); + mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER); + return MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO; } /* Ignore CID if the user has disabled its use. */ - if( ssl->negotiate_cid == MBEDTLS_SSL_CID_DISABLED ) - { + if (ssl->negotiate_cid == MBEDTLS_SSL_CID_DISABLED) { /* Leave ssl->handshake->cid_in_use in its default * value of MBEDTLS_SSL_CID_DISABLED. */ - MBEDTLS_SSL_DEBUG_MSG( 3, ( "Client sent CID extension, but CID disabled" ) ); - return( 0 ); + MBEDTLS_SSL_DEBUG_MSG(3, ("Client sent CID extension, but CID disabled")); + return 0; } - if( peer_cid_len > MBEDTLS_SSL_CID_OUT_LEN_MAX ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + if (peer_cid_len > MBEDTLS_SSL_CID_OUT_LEN_MAX) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message")); + mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER); + return MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO; } ssl->handshake->cid_in_use = MBEDTLS_SSL_CID_ENABLED; ssl->handshake->peer_cid_len = (uint8_t) peer_cid_len; - memcpy( ssl->handshake->peer_cid, buf, peer_cid_len ); + memcpy(ssl->handshake->peer_cid, buf, peer_cid_len); - MBEDTLS_SSL_DEBUG_MSG( 3, ( "Use of CID extension negotiated" ) ); - MBEDTLS_SSL_DEBUG_BUF( 3, "Client CID", buf, peer_cid_len ); + MBEDTLS_SSL_DEBUG_MSG(3, ("Use of CID extension negotiated")); + MBEDTLS_SSL_DEBUG_BUF(3, "Client CID", buf, peer_cid_len); - return( 0 ); + return 0; } #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ #if defined(MBEDTLS_SSL_TRUNCATED_HMAC) MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_parse_truncated_hmac_ext( mbedtls_ssl_context *ssl, - const unsigned char *buf, - size_t len ) +static int ssl_parse_truncated_hmac_ext(mbedtls_ssl_context *ssl, + const unsigned char *buf, + size_t len) { - if( len != 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + if (len != 0) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message")); + mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); + return MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO; } ((void) buf); - if( ssl->conf->trunc_hmac == MBEDTLS_SSL_TRUNC_HMAC_ENABLED ) + if (ssl->conf->trunc_hmac == MBEDTLS_SSL_TRUNC_HMAC_ENABLED) { ssl->session_negotiate->trunc_hmac = MBEDTLS_SSL_TRUNC_HMAC_ENABLED; + } - return( 0 ); + return 0; } #endif /* MBEDTLS_SSL_TRUNCATED_HMAC */ #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_parse_encrypt_then_mac_ext( mbedtls_ssl_context *ssl, - const unsigned char *buf, - size_t len ) +static int ssl_parse_encrypt_then_mac_ext(mbedtls_ssl_context *ssl, + const unsigned char *buf, + size_t len) { - if( len != 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + if (len != 0) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message")); + mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); + return MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO; } ((void) buf); - if( ssl->conf->encrypt_then_mac == MBEDTLS_SSL_ETM_ENABLED && - ssl->minor_ver != MBEDTLS_SSL_MINOR_VERSION_0 ) - { + if (ssl->conf->encrypt_then_mac == MBEDTLS_SSL_ETM_ENABLED && + ssl->minor_ver != MBEDTLS_SSL_MINOR_VERSION_0) { ssl->session_negotiate->encrypt_then_mac = MBEDTLS_SSL_ETM_ENABLED; } - return( 0 ); + return 0; } #endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */ #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_parse_extended_ms_ext( mbedtls_ssl_context *ssl, - const unsigned char *buf, - size_t len ) +static int ssl_parse_extended_ms_ext(mbedtls_ssl_context *ssl, + const unsigned char *buf, + size_t len) { - if( len != 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + if (len != 0) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message")); + mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); + return MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO; } ((void) buf); - if( ssl->conf->extended_ms == MBEDTLS_SSL_EXTENDED_MS_ENABLED && - ssl->minor_ver != MBEDTLS_SSL_MINOR_VERSION_0 ) - { + if (ssl->conf->extended_ms == MBEDTLS_SSL_EXTENDED_MS_ENABLED && + ssl->minor_ver != MBEDTLS_SSL_MINOR_VERSION_0) { ssl->handshake->extended_ms = MBEDTLS_SSL_EXTENDED_MS_ENABLED; } - return( 0 ); + return 0; } #endif /* MBEDTLS_SSL_EXTENDED_MASTER_SECRET */ #if defined(MBEDTLS_SSL_SESSION_TICKETS) MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_parse_session_ticket_ext( mbedtls_ssl_context *ssl, - unsigned char *buf, - size_t len ) +static int ssl_parse_session_ticket_ext(mbedtls_ssl_context *ssl, + unsigned char *buf, + size_t len) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_ssl_session session; - mbedtls_ssl_session_init( &session ); + mbedtls_ssl_session_init(&session); - if( ssl->conf->f_ticket_parse == NULL || - ssl->conf->f_ticket_write == NULL ) - { - return( 0 ); + if (ssl->conf->f_ticket_parse == NULL || + ssl->conf->f_ticket_write == NULL) { + return 0; } /* Remember the client asked us to send a new ticket */ ssl->handshake->new_session_ticket = 1; - MBEDTLS_SSL_DEBUG_MSG( 3, ( "ticket length: %" MBEDTLS_PRINTF_SIZET, len ) ); + MBEDTLS_SSL_DEBUG_MSG(3, ("ticket length: %" MBEDTLS_PRINTF_SIZET, len)); - if( len == 0 ) - return( 0 ); + if (len == 0) { + return 0; + } #if defined(MBEDTLS_SSL_RENEGOTIATION) - if( ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE ) - { - MBEDTLS_SSL_DEBUG_MSG( 3, ( "ticket rejected: renegotiating" ) ); - return( 0 ); + if (ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE) { + MBEDTLS_SSL_DEBUG_MSG(3, ("ticket rejected: renegotiating")); + return 0; } #endif /* MBEDTLS_SSL_RENEGOTIATION */ /* * Failures are ok: just ignore the ticket and proceed. */ - if( ( ret = ssl->conf->f_ticket_parse( ssl->conf->p_ticket, &session, - buf, len ) ) != 0 ) - { - mbedtls_ssl_session_free( &session ); - - if( ret == MBEDTLS_ERR_SSL_INVALID_MAC ) - MBEDTLS_SSL_DEBUG_MSG( 3, ( "ticket is not authentic" ) ); - else if( ret == MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED ) - MBEDTLS_SSL_DEBUG_MSG( 3, ( "ticket is expired" ) ); - else - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_ticket_parse", ret ); + if ((ret = ssl->conf->f_ticket_parse(ssl->conf->p_ticket, &session, + buf, len)) != 0) { + mbedtls_ssl_session_free(&session); + + if (ret == MBEDTLS_ERR_SSL_INVALID_MAC) { + MBEDTLS_SSL_DEBUG_MSG(3, ("ticket is not authentic")); + } else if (ret == MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED) { + MBEDTLS_SSL_DEBUG_MSG(3, ("ticket is expired")); + } else { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_ticket_parse", ret); + } - return( 0 ); + return 0; } /* @@ -679,37 +648,38 @@ static int ssl_parse_session_ticket_ext( mbedtls_ssl_context *ssl, * inform them we're accepting the ticket (RFC 5077 section 3.4) */ session.id_len = ssl->session_negotiate->id_len; - memcpy( &session.id, ssl->session_negotiate->id, session.id_len ); + memcpy(&session.id, ssl->session_negotiate->id, session.id_len); - mbedtls_ssl_session_free( ssl->session_negotiate ); - memcpy( ssl->session_negotiate, &session, sizeof( mbedtls_ssl_session ) ); + mbedtls_ssl_session_free(ssl->session_negotiate); + memcpy(ssl->session_negotiate, &session, sizeof(mbedtls_ssl_session)); /* Zeroize instead of free as we copied the content */ - mbedtls_platform_zeroize( &session, sizeof( mbedtls_ssl_session ) ); + mbedtls_platform_zeroize(&session, sizeof(mbedtls_ssl_session)); - MBEDTLS_SSL_DEBUG_MSG( 3, ( "session successfully restored from ticket" ) ); + MBEDTLS_SSL_DEBUG_MSG(3, ("session successfully restored from ticket")); ssl->handshake->resume = 1; /* Don't send a new ticket after all, this one is OK */ ssl->handshake->new_session_ticket = 0; - return( 0 ); + return 0; } #endif /* MBEDTLS_SSL_SESSION_TICKETS */ #if defined(MBEDTLS_SSL_ALPN) MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_parse_alpn_ext( mbedtls_ssl_context *ssl, - const unsigned char *buf, size_t len ) +static int ssl_parse_alpn_ext(mbedtls_ssl_context *ssl, + const unsigned char *buf, size_t len) { size_t list_len, cur_len, ours_len; const unsigned char *theirs, *start, *end; const char **ours; /* If ALPN not configured, just ignore the extension */ - if( ssl->conf->alpn_list == NULL ) - return( 0 ); + if (ssl->conf->alpn_list == NULL) { + return 0; + } /* * opaque ProtocolName<1..2^8-1>; @@ -720,19 +690,17 @@ static int ssl_parse_alpn_ext( mbedtls_ssl_context *ssl, */ /* Min length is 2 (list_len) + 1 (name_len) + 1 (name) */ - if( len < 4 ) - { - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + if (len < 4) { + mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); + return MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO; } - list_len = ( buf[0] << 8 ) | buf[1]; - if( list_len != len - 2 ) - { - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + list_len = (buf[0] << 8) | buf[1]; + if (list_len != len - 2) { + mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); + return MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO; } /* @@ -740,72 +708,65 @@ static int ssl_parse_alpn_ext( mbedtls_ssl_context *ssl, */ start = buf + 2; end = buf + len; - for( theirs = start; theirs != end; theirs += cur_len ) - { + for (theirs = start; theirs != end; theirs += cur_len) { cur_len = *theirs++; /* Current identifier must fit in list */ - if( cur_len > (size_t)( end - theirs ) ) - { - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + if (cur_len > (size_t) (end - theirs)) { + mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); + return MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO; } /* Empty strings MUST NOT be included */ - if( cur_len == 0 ) - { - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + if (cur_len == 0) { + mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER); + return MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO; } } /* * Use our order of preference */ - for( ours = ssl->conf->alpn_list; *ours != NULL; ours++ ) - { - ours_len = strlen( *ours ); - for( theirs = start; theirs != end; theirs += cur_len ) - { + for (ours = ssl->conf->alpn_list; *ours != NULL; ours++) { + ours_len = strlen(*ours); + for (theirs = start; theirs != end; theirs += cur_len) { cur_len = *theirs++; - if( cur_len == ours_len && - memcmp( theirs, *ours, cur_len ) == 0 ) - { + if (cur_len == ours_len && + memcmp(theirs, *ours, cur_len) == 0) { ssl->alpn_chosen = *ours; - return( 0 ); + return 0; } } } /* If we get there, no match was found */ - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_NO_APPLICATION_PROTOCOL ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_NO_APPLICATION_PROTOCOL); + return MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO; } #endif /* MBEDTLS_SSL_ALPN */ #if defined(MBEDTLS_SSL_DTLS_SRTP) MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_parse_use_srtp_ext( mbedtls_ssl_context *ssl, - const unsigned char *buf, - size_t len ) +static int ssl_parse_use_srtp_ext(mbedtls_ssl_context *ssl, + const unsigned char *buf, + size_t len) { mbedtls_ssl_srtp_profile client_protection = MBEDTLS_TLS_SRTP_UNSET; - size_t i,j; + size_t i, j; size_t profile_length; uint16_t mki_length; /*! 2 bytes for profile length and 1 byte for mki len */ const size_t size_of_lengths = 3; /* If use_srtp is not configured, just ignore the extension */ - if( ( ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM ) || - ( ssl->conf->dtls_srtp_profile_list == NULL ) || - ( ssl->conf->dtls_srtp_profile_list_len == 0 ) ) - { - return( 0 ); + if ((ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM) || + (ssl->conf->dtls_srtp_profile_list == NULL) || + (ssl->conf->dtls_srtp_profile_list_len == 0)) { + return 0; } /* RFC5764 section 4.1.1 @@ -825,86 +786,77 @@ static int ssl_parse_use_srtp_ext( mbedtls_ssl_context *ssl, * Check here that we have at least 2 bytes of protection profiles length * and one of srtp_mki length */ - if( len < size_of_lengths ) - { - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + if (len < size_of_lengths) { + mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE); + return MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO; } - ssl->dtls_srtp_info.chosen_dtls_srtp_profile = MBEDTLS_TLS_SRTP_UNSET; + ssl->dtls_srtp_info.chosen_dtls_srtp_profile = MBEDTLS_TLS_SRTP_UNSET; /* first 2 bytes are protection profile length(in bytes) */ - profile_length = ( buf[0] << 8 ) | buf[1]; + profile_length = (buf[0] << 8) | buf[1]; buf += 2; /* The profile length cannot be bigger than input buffer size - lengths fields */ - if( profile_length > len - size_of_lengths || - profile_length % 2 != 0 ) /* profiles are 2 bytes long, so the length must be even */ - { - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + if (profile_length > len - size_of_lengths || + profile_length % 2 != 0) { /* profiles are 2 bytes long, so the length must be even */ + mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE); + return MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO; } /* * parse the extension list values are defined in * http://www.iana.org/assignments/srtp-protection/srtp-protection.xhtml */ - for( j = 0; j < profile_length; j += 2 ) - { + for (j = 0; j < profile_length; j += 2) { uint16_t protection_profile_value = buf[j] << 8 | buf[j + 1]; - client_protection = mbedtls_ssl_check_srtp_profile_value( protection_profile_value ); + client_protection = mbedtls_ssl_check_srtp_profile_value(protection_profile_value); - if( client_protection != MBEDTLS_TLS_SRTP_UNSET ) - { - MBEDTLS_SSL_DEBUG_MSG( 3, ( "found srtp profile: %s", - mbedtls_ssl_get_srtp_profile_as_string( - client_protection ) ) ); - } - else - { + if (client_protection != MBEDTLS_TLS_SRTP_UNSET) { + MBEDTLS_SSL_DEBUG_MSG(3, ("found srtp profile: %s", + mbedtls_ssl_get_srtp_profile_as_string( + client_protection))); + } else { continue; } /* check if suggested profile is in our list */ - for( i = 0; i < ssl->conf->dtls_srtp_profile_list_len; i++) - { - if( client_protection == ssl->conf->dtls_srtp_profile_list[i] ) - { + for (i = 0; i < ssl->conf->dtls_srtp_profile_list_len; i++) { + if (client_protection == ssl->conf->dtls_srtp_profile_list[i]) { ssl->dtls_srtp_info.chosen_dtls_srtp_profile = ssl->conf->dtls_srtp_profile_list[i]; - MBEDTLS_SSL_DEBUG_MSG( 3, ( "selected srtp profile: %s", - mbedtls_ssl_get_srtp_profile_as_string( - client_protection ) ) ); + MBEDTLS_SSL_DEBUG_MSG(3, ("selected srtp profile: %s", + mbedtls_ssl_get_srtp_profile_as_string( + client_protection))); break; } } - if( ssl->dtls_srtp_info.chosen_dtls_srtp_profile != MBEDTLS_TLS_SRTP_UNSET ) + if (ssl->dtls_srtp_info.chosen_dtls_srtp_profile != MBEDTLS_TLS_SRTP_UNSET) { break; + } } buf += profile_length; /* buf points to the mki length */ mki_length = *buf; buf++; - if( mki_length > MBEDTLS_TLS_SRTP_MAX_MKI_LENGTH || - mki_length + profile_length + size_of_lengths != len ) - { - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + if (mki_length > MBEDTLS_TLS_SRTP_MAX_MKI_LENGTH || + mki_length + profile_length + size_of_lengths != len) { + mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE); + return MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO; } /* Parse the mki only if present and mki is supported locally */ - if( ssl->conf->dtls_srtp_mki_support == MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED && - mki_length > 0 ) - { + if (ssl->conf->dtls_srtp_mki_support == MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED && + mki_length > 0) { ssl->dtls_srtp_info.mki_len = mki_length; - memcpy( ssl->dtls_srtp_info.mki_value, buf, mki_length ); + memcpy(ssl->dtls_srtp_info.mki_value, buf, mki_length); - MBEDTLS_SSL_DEBUG_BUF( 3, "using mki", ssl->dtls_srtp_info.mki_value, - ssl->dtls_srtp_info.mki_len ); + MBEDTLS_SSL_DEBUG_BUF(3, "using mki", ssl->dtls_srtp_info.mki_value, + ssl->dtls_srtp_info.mki_len); } - return( 0 ); + return 0; } #endif /* MBEDTLS_SSL_DTLS_SRTP */ @@ -918,20 +870,20 @@ static int ssl_parse_use_srtp_ext( mbedtls_ssl_context *ssl, */ #if defined(MBEDTLS_ECDSA_C) MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_check_key_curve( mbedtls_pk_context *pk, - const mbedtls_ecp_curve_info **curves ) +static int ssl_check_key_curve(mbedtls_pk_context *pk, + const mbedtls_ecp_curve_info **curves) { const mbedtls_ecp_curve_info **crv = curves; - mbedtls_ecp_group_id grp_id = mbedtls_pk_ec( *pk )->grp.id; + mbedtls_ecp_group_id grp_id = mbedtls_pk_ec(*pk)->grp.id; - while( *crv != NULL ) - { - if( (*crv)->grp_id == grp_id ) - return( 0 ); + while (*crv != NULL) { + if ((*crv)->grp_id == grp_id) { + return 0; + } crv++; } - return( -1 ); + return -1; } #endif /* MBEDTLS_ECDSA_C */ @@ -940,41 +892,39 @@ static int ssl_check_key_curve( mbedtls_pk_context *pk, * return 0 on success and -1 on failure. */ MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_pick_cert( mbedtls_ssl_context *ssl, - const mbedtls_ssl_ciphersuite_t * ciphersuite_info ) +static int ssl_pick_cert(mbedtls_ssl_context *ssl, + const mbedtls_ssl_ciphersuite_t *ciphersuite_info) { mbedtls_ssl_key_cert *cur, *list, *fallback = NULL; mbedtls_pk_type_t pk_alg = - mbedtls_ssl_get_ciphersuite_sig_pk_alg( ciphersuite_info ); + mbedtls_ssl_get_ciphersuite_sig_pk_alg(ciphersuite_info); uint32_t flags; #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) - if( ssl->handshake->sni_key_cert != NULL ) + if (ssl->handshake->sni_key_cert != NULL) { list = ssl->handshake->sni_key_cert; - else + } else #endif - list = ssl->conf->key_cert; + list = ssl->conf->key_cert; - if( pk_alg == MBEDTLS_PK_NONE ) - return( 0 ); + if (pk_alg == MBEDTLS_PK_NONE) { + return 0; + } - MBEDTLS_SSL_DEBUG_MSG( 3, ( "ciphersuite requires certificate" ) ); + MBEDTLS_SSL_DEBUG_MSG(3, ("ciphersuite requires certificate")); - if( list == NULL ) - { - MBEDTLS_SSL_DEBUG_MSG( 3, ( "server has no certificate" ) ); - return( -1 ); + if (list == NULL) { + MBEDTLS_SSL_DEBUG_MSG(3, ("server has no certificate")); + return -1; } - for( cur = list; cur != NULL; cur = cur->next ) - { + for (cur = list; cur != NULL; cur = cur->next) { flags = 0; - MBEDTLS_SSL_DEBUG_CRT( 3, "candidate certificate chain, certificate", - cur->cert ); + MBEDTLS_SSL_DEBUG_CRT(3, "candidate certificate chain, certificate", + cur->cert); - if( ! mbedtls_pk_can_do( &cur->cert->pk, pk_alg ) ) - { - MBEDTLS_SSL_DEBUG_MSG( 3, ( "certificate mismatch: key type" ) ); + if (!mbedtls_pk_can_do(&cur->cert->pk, pk_alg)) { + MBEDTLS_SSL_DEBUG_MSG(3, ("certificate mismatch: key type")); continue; } @@ -986,19 +936,17 @@ static int ssl_pick_cert( mbedtls_ssl_context *ssl, * different uses based on keyUsage, eg if they want to avoid signing * and decrypting with the same RSA key. */ - if( mbedtls_ssl_check_cert_usage( cur->cert, ciphersuite_info, - MBEDTLS_SSL_IS_SERVER, &flags ) != 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 3, ( "certificate mismatch: " - "(extended) key usage extension" ) ); + if (mbedtls_ssl_check_cert_usage(cur->cert, ciphersuite_info, + MBEDTLS_SSL_IS_SERVER, &flags) != 0) { + MBEDTLS_SSL_DEBUG_MSG(3, ("certificate mismatch: " + "(extended) key usage extension")); continue; } #if defined(MBEDTLS_ECDSA_C) - if( pk_alg == MBEDTLS_PK_ECDSA && - ssl_check_key_curve( &cur->cert->pk, ssl->handshake->curves ) != 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 3, ( "certificate mismatch: elliptic curve" ) ); + if (pk_alg == MBEDTLS_PK_ECDSA && + ssl_check_key_curve(&cur->cert->pk, ssl->handshake->curves) != 0) { + MBEDTLS_SSL_DEBUG_MSG(3, ("certificate mismatch: elliptic curve")); continue; } #endif @@ -1008,15 +956,15 @@ static int ssl_pick_cert( mbedtls_ssl_context *ssl, * present them a SHA-higher cert rather than failing if it's the only * one we got that satisfies the other conditions. */ - if( ssl->minor_ver < MBEDTLS_SSL_MINOR_VERSION_3 && - cur->cert->sig_md != MBEDTLS_MD_SHA1 ) - { - if( fallback == NULL ) + if (ssl->minor_ver < MBEDTLS_SSL_MINOR_VERSION_3 && + cur->cert->sig_md != MBEDTLS_MD_SHA1) { + if (fallback == NULL) { fallback = cur; + } { - MBEDTLS_SSL_DEBUG_MSG( 3, ( "certificate not preferred: " - "sha-2 with pre-TLS 1.2 client" ) ); - continue; + MBEDTLS_SSL_DEBUG_MSG(3, ("certificate not preferred: " + "sha-2 with pre-TLS 1.2 client")); + continue; } } @@ -1024,19 +972,19 @@ static int ssl_pick_cert( mbedtls_ssl_context *ssl, break; } - if( cur == NULL ) + if (cur == NULL) { cur = fallback; + } /* Do not update ssl->handshake->key_cert unless there is a match */ - if( cur != NULL ) - { + if (cur != NULL) { ssl->handshake->key_cert = cur; - MBEDTLS_SSL_DEBUG_CRT( 3, "selected certificate chain, certificate", - ssl->handshake->key_cert->cert ); - return( 0 ); + MBEDTLS_SSL_DEBUG_CRT(3, "selected certificate chain, certificate", + ssl->handshake->key_cert->cert); + return 0; } - return( -1 ); + return -1; } #endif /* MBEDTLS_X509_CRT_PARSE_C */ @@ -1045,8 +993,8 @@ static int ssl_pick_cert( mbedtls_ssl_context *ssl, * Sets ciphersuite_info only if the suite matches. */ MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_ciphersuite_match( mbedtls_ssl_context *ssl, int suite_id, - const mbedtls_ssl_ciphersuite_t **ciphersuite_info ) +static int ssl_ciphersuite_match(mbedtls_ssl_context *ssl, int suite_id, + const mbedtls_ssl_ciphersuite_t **ciphersuite_info) { const mbedtls_ssl_ciphersuite_t *suite_info; @@ -1055,68 +1003,63 @@ static int ssl_ciphersuite_match( mbedtls_ssl_context *ssl, int suite_id, mbedtls_pk_type_t sig_type; #endif - suite_info = mbedtls_ssl_ciphersuite_from_id( suite_id ); - if( suite_info == NULL ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + suite_info = mbedtls_ssl_ciphersuite_from_id(suite_id); + if (suite_info == NULL) { + MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); + return MBEDTLS_ERR_SSL_INTERNAL_ERROR; } - MBEDTLS_SSL_DEBUG_MSG( 3, ( "trying ciphersuite: %#04x (%s)", - (unsigned int) suite_id, suite_info->name ) ); + MBEDTLS_SSL_DEBUG_MSG(3, ("trying ciphersuite: %#04x (%s)", + (unsigned int) suite_id, suite_info->name)); - if( suite_info->min_minor_ver > ssl->minor_ver || - suite_info->max_minor_ver < ssl->minor_ver ) - { - MBEDTLS_SSL_DEBUG_MSG( 3, ( "ciphersuite mismatch: version" ) ); - return( 0 ); + if (suite_info->min_minor_ver > ssl->minor_ver || + suite_info->max_minor_ver < ssl->minor_ver) { + MBEDTLS_SSL_DEBUG_MSG(3, ("ciphersuite mismatch: version")); + return 0; } #if defined(MBEDTLS_SSL_PROTO_DTLS) - if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && - ( suite_info->flags & MBEDTLS_CIPHERSUITE_NODTLS ) ) - return( 0 ); + if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && + (suite_info->flags & MBEDTLS_CIPHERSUITE_NODTLS)) { + return 0; + } #endif #if defined(MBEDTLS_ARC4_C) - if( ssl->conf->arc4_disabled == MBEDTLS_SSL_ARC4_DISABLED && - suite_info->cipher == MBEDTLS_CIPHER_ARC4_128 ) - { - MBEDTLS_SSL_DEBUG_MSG( 3, ( "ciphersuite mismatch: rc4" ) ); - return( 0 ); + if (ssl->conf->arc4_disabled == MBEDTLS_SSL_ARC4_DISABLED && + suite_info->cipher == MBEDTLS_CIPHER_ARC4_128) { + MBEDTLS_SSL_DEBUG_MSG(3, ("ciphersuite mismatch: rc4")); + return 0; } #endif #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) - if( suite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE && - ( ssl->handshake->cli_exts & MBEDTLS_TLS_EXT_ECJPAKE_KKPP_OK ) == 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 3, ( "ciphersuite mismatch: ecjpake " - "not configured or ext missing" ) ); - return( 0 ); + if (suite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE && + (ssl->handshake->cli_exts & MBEDTLS_TLS_EXT_ECJPAKE_KKPP_OK) == 0) { + MBEDTLS_SSL_DEBUG_MSG(3, ("ciphersuite mismatch: ecjpake " + "not configured or ext missing")); + return 0; } #endif #if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) - if( mbedtls_ssl_ciphersuite_uses_ec( suite_info ) && - ( ssl->handshake->curves == NULL || - ssl->handshake->curves[0] == NULL ) ) - { - MBEDTLS_SSL_DEBUG_MSG( 3, ( "ciphersuite mismatch: " - "no common elliptic curve" ) ); - return( 0 ); + if (mbedtls_ssl_ciphersuite_uses_ec(suite_info) && + (ssl->handshake->curves == NULL || + ssl->handshake->curves[0] == NULL)) { + MBEDTLS_SSL_DEBUG_MSG(3, ("ciphersuite mismatch: " + "no common elliptic curve")); + return 0; } #endif #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) /* If the ciphersuite requires a pre-shared key and we don't * have one, skip it now rather than failing later */ - if( mbedtls_ssl_ciphersuite_uses_psk( suite_info ) && - ssl_conf_has_psk_or_cb( ssl->conf ) == 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 3, ( "ciphersuite mismatch: no pre-shared key" ) ); - return( 0 ); + if (mbedtls_ssl_ciphersuite_uses_psk(suite_info) && + ssl_conf_has_psk_or_cb(ssl->conf) == 0) { + MBEDTLS_SSL_DEBUG_MSG(3, ("ciphersuite mismatch: no pre-shared key")); + return 0; } #endif @@ -1124,15 +1067,14 @@ static int ssl_ciphersuite_match( mbedtls_ssl_context *ssl, int suite_id, defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) /* If the ciphersuite requires signing, check whether * a suitable hash algorithm is present. */ - if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 ) - { - sig_type = mbedtls_ssl_get_ciphersuite_sig_alg( suite_info ); - if( sig_type != MBEDTLS_PK_NONE && - mbedtls_ssl_sig_hash_set_find( &ssl->handshake->hash_algs, sig_type ) == MBEDTLS_MD_NONE ) - { - MBEDTLS_SSL_DEBUG_MSG( 3, ( "ciphersuite mismatch: no suitable hash algorithm " - "for signature algorithm %u", (unsigned) sig_type ) ); - return( 0 ); + if (ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3) { + sig_type = mbedtls_ssl_get_ciphersuite_sig_alg(suite_info); + if (sig_type != MBEDTLS_PK_NONE && + mbedtls_ssl_sig_hash_set_find(&ssl->handshake->hash_algs, + sig_type) == MBEDTLS_MD_NONE) { + MBEDTLS_SSL_DEBUG_MSG(3, ("ciphersuite mismatch: no suitable hash algorithm " + "for signature algorithm %u", (unsigned) sig_type)); + return 0; } } @@ -1147,21 +1089,20 @@ static int ssl_ciphersuite_match( mbedtls_ssl_context *ssl, int suite_id, * - try the next ciphersuite if we don't * This must be done last since we modify the key_cert list. */ - if( ssl_pick_cert( ssl, suite_info ) != 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 3, ( "ciphersuite mismatch: " - "no suitable certificate" ) ); - return( 0 ); + if (ssl_pick_cert(ssl, suite_info) != 0) { + MBEDTLS_SSL_DEBUG_MSG(3, ("ciphersuite mismatch: " + "no suitable certificate")); + return 0; } #endif *ciphersuite_info = suite_info; - return( 0 ); + return 0; } #if defined(MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO) MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_parse_client_hello_v2( mbedtls_ssl_context *ssl ) +static int ssl_parse_client_hello_v2(mbedtls_ssl_context *ssl) { int ret, got_common_suite; unsigned int i, j; @@ -1171,28 +1112,27 @@ static int ssl_parse_client_hello_v2( mbedtls_ssl_context *ssl ) const int *ciphersuites; const mbedtls_ssl_ciphersuite_t *ciphersuite_info; - MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse client hello v2" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("=> parse client hello v2")); #if defined(MBEDTLS_SSL_RENEGOTIATION) - if( ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "client hello v2 illegal for renegotiation" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + if (ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE) { + MBEDTLS_SSL_DEBUG_MSG(1, ("client hello v2 illegal for renegotiation")); + mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE); + return MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO; } #endif /* MBEDTLS_SSL_RENEGOTIATION */ buf = ssl->in_hdr; - MBEDTLS_SSL_DEBUG_BUF( 4, "record header", buf, 5 ); + MBEDTLS_SSL_DEBUG_BUF(4, "record header", buf, 5); - MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello v2, message type: %d", - buf[2] ) ); - MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello v2, message len.: %d", - ( ( buf[0] & 0x7F ) << 8 ) | buf[1] ) ); - MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello v2, max. version: [%d:%d]", - buf[3], buf[4] ) ); + MBEDTLS_SSL_DEBUG_MSG(3, ("client hello v2, message type: %d", + buf[2])); + MBEDTLS_SSL_DEBUG_MSG(3, ("client hello v2, message len.: %d", + ((buf[0] & 0x7F) << 8) | buf[1])); + MBEDTLS_SSL_DEBUG_MSG(3, ("client hello v2, max. version: [%d:%d]", + buf[3], buf[4])); /* * SSLv2 Client Hello @@ -1204,47 +1144,43 @@ static int ssl_parse_client_hello_v2( mbedtls_ssl_context *ssl ) * 2 . 2 message type * 3 . 4 protocol version */ - if( buf[2] != MBEDTLS_SSL_HS_CLIENT_HELLO || - buf[3] != MBEDTLS_SSL_MAJOR_VERSION_3 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + if (buf[2] != MBEDTLS_SSL_HS_CLIENT_HELLO || + buf[3] != MBEDTLS_SSL_MAJOR_VERSION_3) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message")); + return MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO; } - n = ( ( buf[0] << 8 ) | buf[1] ) & 0x7FFF; + n = ((buf[0] << 8) | buf[1]) & 0x7FFF; - if( n < 17 || n > 512 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + if (n < 17 || n > 512) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message")); + return MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO; } ssl->major_ver = MBEDTLS_SSL_MAJOR_VERSION_3; - ssl->minor_ver = ( buf[4] <= ssl->conf->max_minor_ver ) + ssl->minor_ver = (buf[4] <= ssl->conf->max_minor_ver) ? buf[4] : ssl->conf->max_minor_ver; - if( ssl->minor_ver < ssl->conf->min_minor_ver ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "client only supports ssl smaller than minimum" - " [%d:%d] < [%d:%d]", - ssl->major_ver, ssl->minor_ver, - ssl->conf->min_major_ver, ssl->conf->min_minor_ver ) ); + if (ssl->minor_ver < ssl->conf->min_minor_ver) { + MBEDTLS_SSL_DEBUG_MSG(1, ("client only supports ssl smaller than minimum" + " [%d:%d] < [%d:%d]", + ssl->major_ver, ssl->minor_ver, + ssl->conf->min_major_ver, ssl->conf->min_minor_ver)); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_PROTOCOL_VERSION ); - return( MBEDTLS_ERR_SSL_BAD_HS_PROTOCOL_VERSION ); + mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_PROTOCOL_VERSION); + return MBEDTLS_ERR_SSL_BAD_HS_PROTOCOL_VERSION; } ssl->handshake->max_major_ver = buf[3]; ssl->handshake->max_minor_ver = buf[4]; - if( ( ret = mbedtls_ssl_fetch_input( ssl, 2 + n ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_fetch_input", ret ); - return( ret ); + if ((ret = mbedtls_ssl_fetch_input(ssl, 2 + n)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_fetch_input", ret); + return ret; } - ssl->handshake->update_checksum( ssl, buf + 2, n ); + ssl->handshake->update_checksum(ssl, buf + 2, n); buf = ssl->in_msg; n = ssl->in_left - 5; @@ -1257,76 +1193,69 @@ static int ssl_parse_client_hello_v2( mbedtls_ssl_context *ssl ) * .. . .. session id * .. . .. challenge */ - MBEDTLS_SSL_DEBUG_BUF( 4, "record contents", buf, n ); + MBEDTLS_SSL_DEBUG_BUF(4, "record contents", buf, n); - ciph_len = ( buf[0] << 8 ) | buf[1]; - sess_len = ( buf[2] << 8 ) | buf[3]; - chal_len = ( buf[4] << 8 ) | buf[5]; + ciph_len = (buf[0] << 8) | buf[1]; + sess_len = (buf[2] << 8) | buf[3]; + chal_len = (buf[4] << 8) | buf[5]; - MBEDTLS_SSL_DEBUG_MSG( 3, ( "ciph_len: %u, sess_len: %u, chal_len: %u", - ciph_len, sess_len, chal_len ) ); + MBEDTLS_SSL_DEBUG_MSG(3, ("ciph_len: %u, sess_len: %u, chal_len: %u", + ciph_len, sess_len, chal_len)); /* * Make sure each parameter length is valid */ - if( ciph_len < 3 || ( ciph_len % 3 ) != 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + if (ciph_len < 3 || (ciph_len % 3) != 0) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message")); + return MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO; } - if( sess_len > 32 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + if (sess_len > 32) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message")); + return MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO; } - if( chal_len < 8 || chal_len > 32 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + if (chal_len < 8 || chal_len > 32) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message")); + return MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO; } - if( n != 6 + ciph_len + sess_len + chal_len ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + if (n != 6 + ciph_len + sess_len + chal_len) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message")); + return MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO; } - MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, ciphersuitelist", - buf + 6, ciph_len ); - MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, session id", - buf + 6 + ciph_len, sess_len ); - MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, challenge", - buf + 6 + ciph_len + sess_len, chal_len ); + MBEDTLS_SSL_DEBUG_BUF(3, "client hello, ciphersuitelist", + buf + 6, ciph_len); + MBEDTLS_SSL_DEBUG_BUF(3, "client hello, session id", + buf + 6 + ciph_len, sess_len); + MBEDTLS_SSL_DEBUG_BUF(3, "client hello, challenge", + buf + 6 + ciph_len + sess_len, chal_len); p = buf + 6 + ciph_len; ssl->session_negotiate->id_len = sess_len; - memset( ssl->session_negotiate->id, 0, - sizeof( ssl->session_negotiate->id ) ); - memcpy( ssl->session_negotiate->id, p, ssl->session_negotiate->id_len ); + memset(ssl->session_negotiate->id, 0, + sizeof(ssl->session_negotiate->id)); + memcpy(ssl->session_negotiate->id, p, ssl->session_negotiate->id_len); p += sess_len; - memset( ssl->handshake->randbytes, 0, 64 ); - memcpy( ssl->handshake->randbytes + 32 - chal_len, p, chal_len ); + memset(ssl->handshake->randbytes, 0, 64); + memcpy(ssl->handshake->randbytes + 32 - chal_len, p, chal_len); /* * Check for TLS_EMPTY_RENEGOTIATION_INFO_SCSV */ - for( i = 0, p = buf + 6; i < ciph_len; i += 3, p += 3 ) - { - if( p[0] == 0 && p[1] == 0 && p[2] == MBEDTLS_SSL_EMPTY_RENEGOTIATION_INFO ) - { - MBEDTLS_SSL_DEBUG_MSG( 3, ( "received TLS_EMPTY_RENEGOTIATION_INFO " ) ); + for (i = 0, p = buf + 6; i < ciph_len; i += 3, p += 3) { + if (p[0] == 0 && p[1] == 0 && p[2] == MBEDTLS_SSL_EMPTY_RENEGOTIATION_INFO) { + MBEDTLS_SSL_DEBUG_MSG(3, ("received TLS_EMPTY_RENEGOTIATION_INFO ")); #if defined(MBEDTLS_SSL_RENEGOTIATION) - if( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "received RENEGOTIATION SCSV " - "during renegotiation" ) ); + if (ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS) { + MBEDTLS_SSL_DEBUG_MSG(1, ("received RENEGOTIATION SCSV " + "during renegotiation")); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE); + return MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO; } #endif /* MBEDTLS_SSL_RENEGOTIATION */ ssl->secure_renegotiation = MBEDTLS_SSL_SECURE_RENEGOTIATION; @@ -1335,21 +1264,18 @@ static int ssl_parse_client_hello_v2( mbedtls_ssl_context *ssl ) } #if defined(MBEDTLS_SSL_FALLBACK_SCSV) - for( i = 0, p = buf + 6; i < ciph_len; i += 3, p += 3 ) - { - if( p[0] == 0 && - MBEDTLS_GET_UINT16_BE(p, 1) != MBEDTLS_SSL_FALLBACK_SCSV_VALUE ) - { - MBEDTLS_SSL_DEBUG_MSG( 3, ( "received FALLBACK_SCSV" ) ); + for (i = 0, p = buf + 6; i < ciph_len; i += 3, p += 3) { + if (p[0] == 0 && + MBEDTLS_GET_UINT16_BE(p, 1) != MBEDTLS_SSL_FALLBACK_SCSV_VALUE) { + MBEDTLS_SSL_DEBUG_MSG(3, ("received FALLBACK_SCSV")); - if( ssl->minor_ver < ssl->conf->max_minor_ver ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "inapropriate fallback" ) ); + if (ssl->minor_ver < ssl->conf->max_minor_ver) { + MBEDTLS_SSL_DEBUG_MSG(1, ("inapropriate fallback")); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_INAPROPRIATE_FALLBACK ); + mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_INAPROPRIATE_FALLBACK); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + return MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO; } break; @@ -1361,41 +1287,58 @@ static int ssl_parse_client_hello_v2( mbedtls_ssl_context *ssl ) ciphersuites = ssl->conf->ciphersuite_list[ssl->minor_ver]; ciphersuite_info = NULL; #if defined(MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE) - for( j = 0, p = buf + 6; j < ciph_len; j += 3, p += 3 ) - for( i = 0; ciphersuites[i] != 0; i++ ) -#else - for( i = 0; ciphersuites[i] != 0; i++ ) - for( j = 0, p = buf + 6; j < ciph_len; j += 3, p += 3 ) -#endif - { - if( p[0] != 0 || - MBEDTLS_GET_UINT16_BE(p, 1) != ciphersuites[i] ) + for (j = 0, p = buf + 6; j < ciph_len; j += 3, p += 3) { + for (i = 0; ciphersuites[i] != 0; i++) { + if (p[0] != 0 || + MBEDTLS_GET_UINT16_BE(p, 1) != ciphersuites[i]) { continue; + } got_common_suite = 1; - if( ( ret = ssl_ciphersuite_match( ssl, ciphersuites[i], - &ciphersuite_info ) ) != 0 ) - return( ret ); + if ((ret = ssl_ciphersuite_match(ssl, ciphersuites[i], + &ciphersuite_info)) != 0) { + return ret; + } - if( ciphersuite_info != NULL ) + if (ciphersuite_info != NULL) { goto have_ciphersuite_v2; + } } + } +#else + for (i = 0; ciphersuites[i] != 0; i++) { + for (j = 0, p = buf + 6; j < ciph_len; j += 3, p += 3) { + if (p[0] != 0 || + MBEDTLS_GET_UINT16_BE(p, 1) != ciphersuites[i]) { + continue; + } - if( got_common_suite ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "got ciphersuites in common, " - "but none of them usable" ) ); - return( MBEDTLS_ERR_SSL_NO_USABLE_CIPHERSUITE ); + got_common_suite = 1; + + if ((ret = ssl_ciphersuite_match(ssl, ciphersuites[i], + &ciphersuite_info)) != 0) { + return ret; + } + + if (ciphersuite_info != NULL) { + goto have_ciphersuite_v2; + } + } } - else - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "got no ciphersuites in common" ) ); - return( MBEDTLS_ERR_SSL_NO_CIPHER_CHOSEN ); +#endif + + if (got_common_suite) { + MBEDTLS_SSL_DEBUG_MSG(1, ("got ciphersuites in common, " + "but none of them usable")); + return MBEDTLS_ERR_SSL_NO_USABLE_CIPHERSUITE; + } else { + MBEDTLS_SSL_DEBUG_MSG(1, ("got no ciphersuites in common")); + return MBEDTLS_ERR_SSL_NO_CIPHER_CHOSEN; } have_ciphersuite_v2: - MBEDTLS_SSL_DEBUG_MSG( 2, ( "selected ciphersuite: %s", ciphersuite_info->name ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("selected ciphersuite: %s", ciphersuite_info->name)); ssl->session_negotiate->ciphersuite = ciphersuites[i]; ssl->handshake->ciphersuite_info = ciphersuite_info; @@ -1403,21 +1346,20 @@ have_ciphersuite_v2: /* * SSLv2 Client Hello relevant renegotiation security checks */ - if( ssl->secure_renegotiation == MBEDTLS_SSL_LEGACY_RENEGOTIATION && - ssl->conf->allow_legacy_renegotiation == MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "legacy renegotiation, breaking off handshake" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + if (ssl->secure_renegotiation == MBEDTLS_SSL_LEGACY_RENEGOTIATION && + ssl->conf->allow_legacy_renegotiation == MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE) { + MBEDTLS_SSL_DEBUG_MSG(1, ("legacy renegotiation, breaking off handshake")); + mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE); + return MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO; } ssl->in_left = 0; ssl->state++; - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse client hello v2" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("<= parse client hello v2")); - return( 0 ); + return 0; } #endif /* MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO */ @@ -1425,7 +1367,7 @@ have_ciphersuite_v2: ClientHello parsing because they might indicate that the client is not talking SSL/TLS at all and would not understand our alert. */ MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_parse_client_hello( mbedtls_ssl_context *ssl ) +static int ssl_parse_client_hello(mbedtls_ssl_context *ssl) { int ret, got_common_suite; size_t i, j; @@ -1452,7 +1394,7 @@ static int ssl_parse_client_hello( mbedtls_ssl_context *ssl ) #endif /* MBEDTLS_SSL_PROTO_TLS1_2 && MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ - MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse client hello" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("=> parse client hello")); int renegotiating = 0; #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) @@ -1464,16 +1406,15 @@ read_record_header: * ClientHello, which doesn't use the same record layer format. */ #if defined(MBEDTLS_SSL_RENEGOTIATION) - if( ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE ) + if (ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE) { renegotiating = 1; + } #endif - if( !renegotiating ) - { - if( ( ret = mbedtls_ssl_fetch_input( ssl, 5 ) ) != 0 ) - { + if (!renegotiating) { + if ((ret = mbedtls_ssl_fetch_input(ssl, 5)) != 0) { /* No alert on a read error. */ - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_fetch_input", ret ); - return( ret ); + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_fetch_input", ret); + return ret; } } @@ -1482,15 +1423,18 @@ read_record_header: #if defined(MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO) int is_dtls = 0; #if defined(MBEDTLS_SSL_PROTO_DTLS) - if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) + if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { is_dtls = 1; + } #endif - if( !is_dtls ) - if( ( buf[0] & 0x80 ) != 0 ) - return( ssl_parse_client_hello_v2( ssl ) ); + if (!is_dtls) { + if ((buf[0] & 0x80) != 0) { + return ssl_parse_client_hello_v2(ssl); + } + } #endif - MBEDTLS_SSL_DEBUG_BUF( 4, "record header", buf, mbedtls_ssl_in_hdr_len( ssl ) ); + MBEDTLS_SSL_DEBUG_BUF(4, "record header", buf, mbedtls_ssl_in_hdr_len(ssl)); /* * SSLv3/TLS Client Hello @@ -1501,104 +1445,95 @@ read_record_header: * 3 . 11 DTLS: epoch + record sequence number * 3 . 4 message length */ - MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello v3, message type: %d", - buf[0] ) ); + MBEDTLS_SSL_DEBUG_MSG(3, ("client hello v3, message type: %d", + buf[0])); - if( buf[0] != MBEDTLS_SSL_MSG_HANDSHAKE ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + if (buf[0] != MBEDTLS_SSL_MSG_HANDSHAKE) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message")); + return MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO; } - MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello v3, message len.: %d", - ( ssl->in_len[0] << 8 ) | ssl->in_len[1] ) ); + MBEDTLS_SSL_DEBUG_MSG(3, ("client hello v3, message len.: %d", + (ssl->in_len[0] << 8) | ssl->in_len[1])); - MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello v3, protocol version: [%d:%d]", - buf[1], buf[2] ) ); + MBEDTLS_SSL_DEBUG_MSG(3, ("client hello v3, protocol version: [%d:%d]", + buf[1], buf[2])); - mbedtls_ssl_read_version( &major, &minor, ssl->conf->transport, buf + 1 ); + mbedtls_ssl_read_version(&major, &minor, ssl->conf->transport, buf + 1); /* According to RFC 5246 Appendix E.1, the version here is typically * "{03,00}, the lowest version number supported by the client, [or] the * value of ClientHello.client_version", so the only meaningful check here * is the major version shouldn't be less than 3 */ - if( major < MBEDTLS_SSL_MAJOR_VERSION_3 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + if (major < MBEDTLS_SSL_MAJOR_VERSION_3) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message")); + return MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO; } /* For DTLS if this is the initial handshake, remember the client sequence * number to use it in our next message (RFC 6347 4.2.1) */ #if defined(MBEDTLS_SSL_PROTO_DTLS) - if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM + if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM #if defined(MBEDTLS_SSL_RENEGOTIATION) && ssl->renego_status == MBEDTLS_SSL_INITIAL_HANDSHAKE #endif - ) - { + ) { /* Epoch should be 0 for initial handshakes */ - if( ssl->in_ctr[0] != 0 || ssl->in_ctr[1] != 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + if (ssl->in_ctr[0] != 0 || ssl->in_ctr[1] != 0) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message")); + return MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO; } - memcpy( ssl->cur_out_ctr + 2, ssl->in_ctr + 2, 6 ); + memcpy(ssl->cur_out_ctr + 2, ssl->in_ctr + 2, 6); #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) - if( mbedtls_ssl_dtls_replay_check( ssl ) != 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "replayed record, discarding" ) ); + if (mbedtls_ssl_dtls_replay_check(ssl) != 0) { + MBEDTLS_SSL_DEBUG_MSG(1, ("replayed record, discarding")); ssl->next_record_offset = 0; ssl->in_left = 0; goto read_record_header; } /* No MAC to check yet, so we can update right now */ - mbedtls_ssl_dtls_replay_update( ssl ); + mbedtls_ssl_dtls_replay_update(ssl); #endif } #endif /* MBEDTLS_SSL_PROTO_DTLS */ - msg_len = ( ssl->in_len[0] << 8 ) | ssl->in_len[1]; + msg_len = (ssl->in_len[0] << 8) | ssl->in_len[1]; #if defined(MBEDTLS_SSL_RENEGOTIATION) - if( ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE ) - { + if (ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE) { /* Set by mbedtls_ssl_read_record() */ msg_len = ssl->in_hslen; - } - else + } else #endif { - if( msg_len > MBEDTLS_SSL_IN_CONTENT_LEN ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + if (msg_len > MBEDTLS_SSL_IN_CONTENT_LEN) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message")); + return MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO; } - if( ( ret = mbedtls_ssl_fetch_input( ssl, - mbedtls_ssl_in_hdr_len( ssl ) + msg_len ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_fetch_input", ret ); - return( ret ); + if ((ret = mbedtls_ssl_fetch_input(ssl, + mbedtls_ssl_in_hdr_len(ssl) + msg_len)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_fetch_input", ret); + return ret; } - /* Done reading this record, get ready for the next one */ + /* Done reading this record, get ready for the next one */ #if defined(MBEDTLS_SSL_PROTO_DTLS) - if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) - ssl->next_record_offset = msg_len + mbedtls_ssl_in_hdr_len( ssl ); - else + if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { + ssl->next_record_offset = msg_len + mbedtls_ssl_in_hdr_len(ssl); + } else #endif - ssl->in_left = 0; + ssl->in_left = 0; } buf = ssl->in_msg; - MBEDTLS_SSL_DEBUG_BUF( 4, "record contents", buf, msg_len ); + MBEDTLS_SSL_DEBUG_BUF(4, "record contents", buf, msg_len); - ssl->handshake->update_checksum( ssl, buf, msg_len ); + ssl->handshake->update_checksum(ssl, buf, msg_len); /* * Handshake layer: @@ -1608,68 +1543,60 @@ read_record_header: * 6 . 8 DTLS only: fragment offset * 9 . 11 DTLS only: fragment length */ - if( msg_len < mbedtls_ssl_hs_hdr_len( ssl ) ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + if (msg_len < mbedtls_ssl_hs_hdr_len(ssl)) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message")); + return MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO; } - MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello v3, handshake type: %d", buf[0] ) ); + MBEDTLS_SSL_DEBUG_MSG(3, ("client hello v3, handshake type: %d", buf[0])); - if( buf[0] != MBEDTLS_SSL_HS_CLIENT_HELLO ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + if (buf[0] != MBEDTLS_SSL_HS_CLIENT_HELLO) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message")); + return MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO; } - MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello v3, handshake len.: %d", - ( buf[1] << 16 ) | ( buf[2] << 8 ) | buf[3] ) ); + MBEDTLS_SSL_DEBUG_MSG(3, ("client hello v3, handshake len.: %d", + (buf[1] << 16) | (buf[2] << 8) | buf[3])); - if( buf[1] != 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message: %u != 0", - (unsigned) buf[1] ) ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + if (buf[1] != 0) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message: %u != 0", + (unsigned) buf[1])); + return MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO; } /* We don't support fragmentation of ClientHello (yet?) */ - if( msg_len != mbedtls_ssl_hs_hdr_len( ssl ) + ( ( buf[2] << 8 ) | buf[3] ) ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message: %u != %u + %u", - (unsigned) msg_len, - (unsigned) mbedtls_ssl_hs_hdr_len( ssl ), - (unsigned) ( buf[2] << 8 ) | buf[3] ) ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + if (msg_len != mbedtls_ssl_hs_hdr_len(ssl) + ((buf[2] << 8) | buf[3])) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message: %u != %u + %u", + (unsigned) msg_len, + (unsigned) mbedtls_ssl_hs_hdr_len(ssl), + (unsigned) (buf[2] << 8) | buf[3])); + return MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO; } #if defined(MBEDTLS_SSL_PROTO_DTLS) - if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) - { + if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { /* * Copy the client's handshake message_seq on initial handshakes, * check sequence number on renego. */ #if defined(MBEDTLS_SSL_RENEGOTIATION) - if( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS ) - { + if (ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS) { /* This couldn't be done in ssl_prepare_handshake_record() */ - unsigned int cli_msg_seq = ( ssl->in_msg[4] << 8 ) | - ssl->in_msg[5]; - - if( cli_msg_seq != ssl->handshake->in_msg_seq ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message_seq: " - "%u (expected %u)", cli_msg_seq, - ssl->handshake->in_msg_seq ) ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + unsigned int cli_msg_seq = (ssl->in_msg[4] << 8) | + ssl->in_msg[5]; + + if (cli_msg_seq != ssl->handshake->in_msg_seq) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message_seq: " + "%u (expected %u)", cli_msg_seq, + ssl->handshake->in_msg_seq)); + return MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO; } ssl->handshake->in_msg_seq++; - } - else + } else #endif { - unsigned int cli_msg_seq = ( ssl->in_msg[4] << 8 ) | - ssl->in_msg[5]; + unsigned int cli_msg_seq = (ssl->in_msg[4] << 8) | + ssl->in_msg[5]; ssl->handshake->out_msg_seq = cli_msg_seq; ssl->handshake->in_msg_seq = cli_msg_seq + 1; } @@ -1679,21 +1606,20 @@ read_record_header: * fragment_offset == 0 and fragment_length == length */ MBEDTLS_SSL_DEBUG_MSG( - 4, ( "fragment_offset=%u fragment_length=%u length=%u", - (unsigned) ( ssl->in_msg[6] << 16 | ssl->in_msg[7] << 8 | ssl->in_msg[8] ), - (unsigned) ( ssl->in_msg[9] << 16 | ssl->in_msg[10] << 8 | ssl->in_msg[11] ), - (unsigned) ( ssl->in_msg[1] << 16 | ssl->in_msg[2] << 8 | ssl->in_msg[3] ) ) ); - if( ssl->in_msg[6] != 0 || ssl->in_msg[7] != 0 || ssl->in_msg[8] != 0 || - memcmp( ssl->in_msg + 1, ssl->in_msg + 9, 3 ) != 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "ClientHello fragmentation not supported" ) ); - return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE ); + 4, ("fragment_offset=%u fragment_length=%u length=%u", + (unsigned) (ssl->in_msg[6] << 16 | ssl->in_msg[7] << 8 | ssl->in_msg[8]), + (unsigned) (ssl->in_msg[9] << 16 | ssl->in_msg[10] << 8 | ssl->in_msg[11]), + (unsigned) (ssl->in_msg[1] << 16 | ssl->in_msg[2] << 8 | ssl->in_msg[3]))); + if (ssl->in_msg[6] != 0 || ssl->in_msg[7] != 0 || ssl->in_msg[8] != 0 || + memcmp(ssl->in_msg + 1, ssl->in_msg + 9, 3) != 0) { + MBEDTLS_SSL_DEBUG_MSG(1, ("ClientHello fragmentation not supported")); + return MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; } } #endif /* MBEDTLS_SSL_PROTO_DTLS */ - buf += mbedtls_ssl_hs_hdr_len( ssl ); - msg_len -= mbedtls_ssl_hs_hdr_len( ssl ); + buf += mbedtls_ssl_hs_hdr_len(ssl); + msg_len -= mbedtls_ssl_hs_hdr_len(ssl); /* * ClientHello layer: @@ -1716,150 +1642,136 @@ read_record_header: * 2 + 32 + 1 + 2 + 1 = 38 bytes. Check that first, so that we can * read at least up to session id length without worrying. */ - if( msg_len < 38 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + if (msg_len < 38) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message")); + return MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO; } /* * Check and save the protocol version */ - MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, version", buf, 2 ); + MBEDTLS_SSL_DEBUG_BUF(3, "client hello, version", buf, 2); - mbedtls_ssl_read_version( &ssl->major_ver, &ssl->minor_ver, - ssl->conf->transport, buf ); + mbedtls_ssl_read_version(&ssl->major_ver, &ssl->minor_ver, + ssl->conf->transport, buf); ssl->handshake->max_major_ver = ssl->major_ver; ssl->handshake->max_minor_ver = ssl->minor_ver; - if( ssl->major_ver < ssl->conf->min_major_ver || - ssl->minor_ver < ssl->conf->min_minor_ver ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "client only supports ssl smaller than minimum" - " [%d:%d] < [%d:%d]", - ssl->major_ver, ssl->minor_ver, - ssl->conf->min_major_ver, ssl->conf->min_minor_ver ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_PROTOCOL_VERSION ); - return( MBEDTLS_ERR_SSL_BAD_HS_PROTOCOL_VERSION ); + if (ssl->major_ver < ssl->conf->min_major_ver || + ssl->minor_ver < ssl->conf->min_minor_ver) { + MBEDTLS_SSL_DEBUG_MSG(1, ("client only supports ssl smaller than minimum" + " [%d:%d] < [%d:%d]", + ssl->major_ver, ssl->minor_ver, + ssl->conf->min_major_ver, ssl->conf->min_minor_ver)); + mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_PROTOCOL_VERSION); + return MBEDTLS_ERR_SSL_BAD_HS_PROTOCOL_VERSION; } - if( ssl->major_ver > ssl->conf->max_major_ver ) - { + if (ssl->major_ver > ssl->conf->max_major_ver) { ssl->major_ver = ssl->conf->max_major_ver; ssl->minor_ver = ssl->conf->max_minor_ver; - } - else if( ssl->minor_ver > ssl->conf->max_minor_ver ) + } else if (ssl->minor_ver > ssl->conf->max_minor_ver) { ssl->minor_ver = ssl->conf->max_minor_ver; + } /* * Save client random (inc. Unix time) */ - MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, random bytes", buf + 2, 32 ); + MBEDTLS_SSL_DEBUG_BUF(3, "client hello, random bytes", buf + 2, 32); - memcpy( ssl->handshake->randbytes, buf + 2, 32 ); + memcpy(ssl->handshake->randbytes, buf + 2, 32); /* * Check the session ID length and save session ID */ sess_len = buf[34]; - if( sess_len > sizeof( ssl->session_negotiate->id ) || - sess_len + 34 + 2 > msg_len ) /* 2 for cipherlist length field */ - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + if (sess_len > sizeof(ssl->session_negotiate->id) || + sess_len + 34 + 2 > msg_len) { /* 2 for cipherlist length field */ + MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message")); + mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); + return MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO; } - MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, session id", buf + 35, sess_len ); + MBEDTLS_SSL_DEBUG_BUF(3, "client hello, session id", buf + 35, sess_len); ssl->session_negotiate->id_len = sess_len; - memset( ssl->session_negotiate->id, 0, - sizeof( ssl->session_negotiate->id ) ); - memcpy( ssl->session_negotiate->id, buf + 35, - ssl->session_negotiate->id_len ); + memset(ssl->session_negotiate->id, 0, + sizeof(ssl->session_negotiate->id)); + memcpy(ssl->session_negotiate->id, buf + 35, + ssl->session_negotiate->id_len); /* * Check the cookie length and content */ #if defined(MBEDTLS_SSL_PROTO_DTLS) - if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) - { + if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { cookie_offset = 35 + sess_len; cookie_len = buf[cookie_offset]; - if( cookie_offset + 1 + cookie_len + 2 > msg_len ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_PROTOCOL_VERSION ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + if (cookie_offset + 1 + cookie_len + 2 > msg_len) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message")); + mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_PROTOCOL_VERSION); + return MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO; } - MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, cookie", - buf + cookie_offset + 1, cookie_len ); + MBEDTLS_SSL_DEBUG_BUF(3, "client hello, cookie", + buf + cookie_offset + 1, cookie_len); #if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) - if( ssl->conf->f_cookie_check != NULL + if (ssl->conf->f_cookie_check != NULL #if defined(MBEDTLS_SSL_RENEGOTIATION) && ssl->renego_status == MBEDTLS_SSL_INITIAL_HANDSHAKE #endif - ) - { - if( ssl->conf->f_cookie_check( ssl->conf->p_cookie, - buf + cookie_offset + 1, cookie_len, - ssl->cli_id, ssl->cli_id_len ) != 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "cookie verification failed" ) ); + ) { + if (ssl->conf->f_cookie_check(ssl->conf->p_cookie, + buf + cookie_offset + 1, cookie_len, + ssl->cli_id, ssl->cli_id_len) != 0) { + MBEDTLS_SSL_DEBUG_MSG(2, ("cookie verification failed")); ssl->handshake->verify_cookie_len = 1; - } - else - { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "cookie verification passed" ) ); + } else { + MBEDTLS_SSL_DEBUG_MSG(2, ("cookie verification passed")); ssl->handshake->verify_cookie_len = 0; } - } - else + } else #endif /* MBEDTLS_SSL_DTLS_HELLO_VERIFY */ { /* We know we didn't send a cookie, so it should be empty */ - if( cookie_len != 0 ) - { + if (cookie_len != 0) { /* This may be an attacker's probe, so don't send an alert */ - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message")); + return MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO; } - MBEDTLS_SSL_DEBUG_MSG( 2, ( "cookie verification skipped" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("cookie verification skipped")); } - /* - * Check the ciphersuitelist length (will be parsed later) - */ + /* + * Check the ciphersuitelist length (will be parsed later) + */ ciph_offset = cookie_offset + 1 + cookie_len; - } - else + } else #endif /* MBEDTLS_SSL_PROTO_DTLS */ - ciph_offset = 35 + sess_len; + ciph_offset = 35 + sess_len; - ciph_len = ( buf[ciph_offset + 0] << 8 ) - | ( buf[ciph_offset + 1] ); + ciph_len = (buf[ciph_offset + 0] << 8) + | (buf[ciph_offset + 1]); - if( ciph_len < 2 || + if (ciph_len < 2 || ciph_len + 2 + ciph_offset + 1 > msg_len || /* 1 for comp. alg. len */ - ( ciph_len % 2 ) != 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + (ciph_len % 2) != 0) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message")); + mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); + return MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO; } - MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, ciphersuitelist", - buf + ciph_offset + 2, ciph_len ); + MBEDTLS_SSL_DEBUG_BUF(3, "client hello, ciphersuitelist", + buf + ciph_offset + 2, ciph_len); /* * Check the compression algorithms length and pick one @@ -1868,25 +1780,22 @@ read_record_header: comp_len = buf[comp_offset]; - if( comp_len < 1 || + if (comp_len < 1 || comp_len > 16 || - comp_len + comp_offset + 1 > msg_len ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + comp_len + comp_offset + 1 > msg_len) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message")); + mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); + return MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO; } - MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, compression", - buf + comp_offset + 1, comp_len ); + MBEDTLS_SSL_DEBUG_BUF(3, "client hello, compression", + buf + comp_offset + 1, comp_len); ssl->session_negotiate->compression = MBEDTLS_SSL_COMPRESS_NULL; #if defined(MBEDTLS_ZLIB_SUPPORT) - for( i = 0; i < comp_len; ++i ) - { - if( buf[comp_offset + 1 + i] == MBEDTLS_SSL_COMPRESS_DEFLATE ) - { + for (i = 0; i < comp_len; ++i) { + if (buf[comp_offset + 1 + i] == MBEDTLS_SSL_COMPRESS_DEFLATE) { ssl->session_negotiate->compression = MBEDTLS_SSL_COMPRESS_DEFLATE; break; } @@ -1895,99 +1804,97 @@ read_record_header: /* See comments in ssl_write_client_hello() */ #if defined(MBEDTLS_SSL_PROTO_DTLS) - if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) + if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { ssl->session_negotiate->compression = MBEDTLS_SSL_COMPRESS_NULL; + } #endif /* Do not parse the extensions if the protocol is SSLv3 */ #if defined(MBEDTLS_SSL_PROTO_SSL3) - if( ( ssl->major_ver != 3 ) || ( ssl->minor_ver != 0 ) ) - { + if ((ssl->major_ver != 3) || (ssl->minor_ver != 0)) { #endif - /* - * Check the extension length - */ - ext_offset = comp_offset + 1 + comp_len; - if( msg_len > ext_offset ) - { - if( msg_len < ext_offset + 2 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); - } + /* + * Check the extension length + */ + ext_offset = comp_offset + 1 + comp_len; + if (msg_len > ext_offset) { + if (msg_len < ext_offset + 2) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message")); + mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); + return MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO; + } - ext_len = ( buf[ext_offset + 0] << 8 ) - | ( buf[ext_offset + 1] ); + ext_len = (buf[ext_offset + 0] << 8) + | (buf[ext_offset + 1]); - if( msg_len != ext_offset + 2 + ext_len ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); - } + if (msg_len != ext_offset + 2 + ext_len) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message")); + mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); + return MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO; } - else - ext_len = 0; - - ext = buf + ext_offset + 2; - MBEDTLS_SSL_DEBUG_BUF( 3, "client hello extensions", ext, ext_len ); + } else { + ext_len = 0; + } - while( ext_len != 0 ) - { - unsigned int ext_id; - unsigned int ext_size; - if ( ext_len < 4 ) { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); - } - ext_id = ( ( ext[0] << 8 ) | ( ext[1] ) ); - ext_size = ( ( ext[2] << 8 ) | ( ext[3] ) ); + ext = buf + ext_offset + 2; + MBEDTLS_SSL_DEBUG_BUF(3, "client hello extensions", ext, ext_len); - if( ext_size + 4 > ext_len ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); - } - switch( ext_id ) - { + while (ext_len != 0) { + unsigned int ext_id; + unsigned int ext_size; + if (ext_len < 4) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message")); + mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); + return MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO; + } + ext_id = ((ext[0] << 8) | (ext[1])); + ext_size = ((ext[2] << 8) | (ext[3])); + + if (ext_size + 4 > ext_len) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message")); + mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); + return MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO; + } + switch (ext_id) { #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) case MBEDTLS_TLS_EXT_SERVERNAME: - MBEDTLS_SSL_DEBUG_MSG( 3, ( "found ServerName extension" ) ); - if( ssl->conf->f_sni == NULL ) + MBEDTLS_SSL_DEBUG_MSG(3, ("found ServerName extension")); + if (ssl->conf->f_sni == NULL) { break; + } - ret = ssl_parse_servername_ext( ssl, ext + 4, ext_size ); - if( ret != 0 ) - return( ret ); + ret = ssl_parse_servername_ext(ssl, ext + 4, ext_size); + if (ret != 0) { + return ret; + } break; #endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */ case MBEDTLS_TLS_EXT_RENEGOTIATION_INFO: - MBEDTLS_SSL_DEBUG_MSG( 3, ( "found renegotiation extension" ) ); + MBEDTLS_SSL_DEBUG_MSG(3, ("found renegotiation extension")); #if defined(MBEDTLS_SSL_RENEGOTIATION) renegotiation_info_seen = 1; #endif - ret = ssl_parse_renegotiation_info( ssl, ext + 4, ext_size ); - if( ret != 0 ) - return( ret ); + ret = ssl_parse_renegotiation_info(ssl, ext + 4, ext_size); + if (ret != 0) { + return ret; + } break; #if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \ - defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) + defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) case MBEDTLS_TLS_EXT_SIG_ALG: - MBEDTLS_SSL_DEBUG_MSG( 3, ( "found signature_algorithms extension" ) ); + MBEDTLS_SSL_DEBUG_MSG(3, ("found signature_algorithms extension")); - ret = ssl_parse_signature_algorithms_ext( ssl, ext + 4, ext_size ); - if( ret != 0 ) - return( ret ); + ret = ssl_parse_signature_algorithms_ext(ssl, ext + 4, ext_size); + if (ret != 0) { + return ret; + } sig_hash_alg_ext_present = 1; break; @@ -1995,143 +1902,151 @@ read_record_header: MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ #if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) + defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) case MBEDTLS_TLS_EXT_SUPPORTED_ELLIPTIC_CURVES: - MBEDTLS_SSL_DEBUG_MSG( 3, ( "found supported elliptic curves extension" ) ); + MBEDTLS_SSL_DEBUG_MSG(3, ("found supported elliptic curves extension")); - ret = ssl_parse_supported_elliptic_curves( ssl, ext + 4, ext_size ); - if( ret != 0 ) - return( ret ); + ret = ssl_parse_supported_elliptic_curves(ssl, ext + 4, ext_size); + if (ret != 0) { + return ret; + } break; case MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS: - MBEDTLS_SSL_DEBUG_MSG( 3, ( "found supported point formats extension" ) ); + MBEDTLS_SSL_DEBUG_MSG(3, ("found supported point formats extension")); ssl->handshake->cli_exts |= MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS_PRESENT; - ret = ssl_parse_supported_point_formats( ssl, ext + 4, ext_size ); - if( ret != 0 ) - return( ret ); + ret = ssl_parse_supported_point_formats(ssl, ext + 4, ext_size); + if (ret != 0) { + return ret; + } break; #endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C || MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) case MBEDTLS_TLS_EXT_ECJPAKE_KKPP: - MBEDTLS_SSL_DEBUG_MSG( 3, ( "found ecjpake kkpp extension" ) ); + MBEDTLS_SSL_DEBUG_MSG(3, ("found ecjpake kkpp extension")); - ret = ssl_parse_ecjpake_kkpp( ssl, ext + 4, ext_size ); - if( ret != 0 ) - return( ret ); + ret = ssl_parse_ecjpake_kkpp(ssl, ext + 4, ext_size); + if (ret != 0) { + return ret; + } break; #endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) case MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH: - MBEDTLS_SSL_DEBUG_MSG( 3, ( "found max fragment length extension" ) ); + MBEDTLS_SSL_DEBUG_MSG(3, ("found max fragment length extension")); - ret = ssl_parse_max_fragment_length_ext( ssl, ext + 4, ext_size ); - if( ret != 0 ) - return( ret ); + ret = ssl_parse_max_fragment_length_ext(ssl, ext + 4, ext_size); + if (ret != 0) { + return ret; + } break; #endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */ #if defined(MBEDTLS_SSL_TRUNCATED_HMAC) case MBEDTLS_TLS_EXT_TRUNCATED_HMAC: - MBEDTLS_SSL_DEBUG_MSG( 3, ( "found truncated hmac extension" ) ); + MBEDTLS_SSL_DEBUG_MSG(3, ("found truncated hmac extension")); - ret = ssl_parse_truncated_hmac_ext( ssl, ext + 4, ext_size ); - if( ret != 0 ) - return( ret ); + ret = ssl_parse_truncated_hmac_ext(ssl, ext + 4, ext_size); + if (ret != 0) { + return ret; + } break; #endif /* MBEDTLS_SSL_TRUNCATED_HMAC */ #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) case MBEDTLS_TLS_EXT_CID: - MBEDTLS_SSL_DEBUG_MSG( 3, ( "found CID extension" ) ); + MBEDTLS_SSL_DEBUG_MSG(3, ("found CID extension")); - ret = ssl_parse_cid_ext( ssl, ext + 4, ext_size ); - if( ret != 0 ) - return( ret ); + ret = ssl_parse_cid_ext(ssl, ext + 4, ext_size); + if (ret != 0) { + return ret; + } break; #endif /* MBEDTLS_SSL_TRUNCATED_HMAC */ #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) case MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC: - MBEDTLS_SSL_DEBUG_MSG( 3, ( "found encrypt then mac extension" ) ); + MBEDTLS_SSL_DEBUG_MSG(3, ("found encrypt then mac extension")); - ret = ssl_parse_encrypt_then_mac_ext( ssl, ext + 4, ext_size ); - if( ret != 0 ) - return( ret ); + ret = ssl_parse_encrypt_then_mac_ext(ssl, ext + 4, ext_size); + if (ret != 0) { + return ret; + } break; #endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */ #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) case MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET: - MBEDTLS_SSL_DEBUG_MSG( 3, ( "found extended master secret extension" ) ); + MBEDTLS_SSL_DEBUG_MSG(3, ("found extended master secret extension")); - ret = ssl_parse_extended_ms_ext( ssl, ext + 4, ext_size ); - if( ret != 0 ) - return( ret ); + ret = ssl_parse_extended_ms_ext(ssl, ext + 4, ext_size); + if (ret != 0) { + return ret; + } break; #endif /* MBEDTLS_SSL_EXTENDED_MASTER_SECRET */ #if defined(MBEDTLS_SSL_SESSION_TICKETS) case MBEDTLS_TLS_EXT_SESSION_TICKET: - MBEDTLS_SSL_DEBUG_MSG( 3, ( "found session ticket extension" ) ); + MBEDTLS_SSL_DEBUG_MSG(3, ("found session ticket extension")); - ret = ssl_parse_session_ticket_ext( ssl, ext + 4, ext_size ); - if( ret != 0 ) - return( ret ); + ret = ssl_parse_session_ticket_ext(ssl, ext + 4, ext_size); + if (ret != 0) { + return ret; + } break; #endif /* MBEDTLS_SSL_SESSION_TICKETS */ #if defined(MBEDTLS_SSL_ALPN) case MBEDTLS_TLS_EXT_ALPN: - MBEDTLS_SSL_DEBUG_MSG( 3, ( "found alpn extension" ) ); + MBEDTLS_SSL_DEBUG_MSG(3, ("found alpn extension")); - ret = ssl_parse_alpn_ext( ssl, ext + 4, ext_size ); - if( ret != 0 ) - return( ret ); + ret = ssl_parse_alpn_ext(ssl, ext + 4, ext_size); + if (ret != 0) { + return ret; + } break; #endif /* MBEDTLS_SSL_SESSION_TICKETS */ #if defined(MBEDTLS_SSL_DTLS_SRTP) case MBEDTLS_TLS_EXT_USE_SRTP: - MBEDTLS_SSL_DEBUG_MSG( 3, ( "found use_srtp extension" ) ); + MBEDTLS_SSL_DEBUG_MSG(3, ("found use_srtp extension")); - ret = ssl_parse_use_srtp_ext( ssl, ext + 4, ext_size ); - if( ret != 0 ) - return( ret ); + ret = ssl_parse_use_srtp_ext(ssl, ext + 4, ext_size); + if (ret != 0) { + return ret; + } break; #endif /* MBEDTLS_SSL_DTLS_SRTP */ default: - MBEDTLS_SSL_DEBUG_MSG( 3, ( "unknown extension found: %u (ignoring)", - ext_id ) ); - } - - ext_len -= 4 + ext_size; - ext += 4 + ext_size; + MBEDTLS_SSL_DEBUG_MSG(3, ("unknown extension found: %u (ignoring)", + ext_id)); } -#if defined(MBEDTLS_SSL_PROTO_SSL3) + + ext_len -= 4 + ext_size; + ext += 4 + ext_size; } +#if defined(MBEDTLS_SSL_PROTO_SSL3) +} #endif #if defined(MBEDTLS_SSL_FALLBACK_SCSV) - for( i = 0, p = buf + ciph_offset + 2; i < ciph_len; i += 2, p += 2 ) - { - if( MBEDTLS_GET_UINT16_BE( p, 0 ) == MBEDTLS_SSL_FALLBACK_SCSV_VALUE ) - { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "received FALLBACK_SCSV" ) ); + for (i = 0, p = buf + ciph_offset + 2; i < ciph_len; i += 2, p += 2) { + if (MBEDTLS_GET_UINT16_BE(p, 0) == MBEDTLS_SSL_FALLBACK_SCSV_VALUE) { + MBEDTLS_SSL_DEBUG_MSG(2, ("received FALLBACK_SCSV")); - if( ssl->minor_ver < ssl->conf->max_minor_ver ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "inapropriate fallback" ) ); + if (ssl->minor_ver < ssl->conf->max_minor_ver) { + MBEDTLS_SSL_DEBUG_MSG(1, ("inapropriate fallback")); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_INAPROPRIATE_FALLBACK ); + mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_INAPROPRIATE_FALLBACK); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + return MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO; } break; @@ -2146,14 +2061,14 @@ read_record_header: * Try to fall back to default hash SHA1 if the client * hasn't provided any preferred signature-hash combinations. */ - if( sig_hash_alg_ext_present == 0 ) - { + if (sig_hash_alg_ext_present == 0) { mbedtls_md_type_t md_default = MBEDTLS_MD_SHA1; - if( mbedtls_ssl_check_sig_hash( ssl, md_default ) != 0 ) + if (mbedtls_ssl_check_sig_hash(ssl, md_default) != 0) { md_default = MBEDTLS_MD_NONE; + } - mbedtls_ssl_sig_hash_set_const_hash( &ssl->handshake->hash_algs, md_default ); + mbedtls_ssl_sig_hash_set_const_hash(&ssl->handshake->hash_algs, md_default); } #endif /* MBEDTLS_SSL_PROTO_TLS1_2 && @@ -2162,19 +2077,16 @@ read_record_header: /* * Check for TLS_EMPTY_RENEGOTIATION_INFO_SCSV */ - for( i = 0, p = buf + ciph_offset + 2; i < ciph_len; i += 2, p += 2 ) - { - if( p[0] == 0 && p[1] == MBEDTLS_SSL_EMPTY_RENEGOTIATION_INFO ) - { - MBEDTLS_SSL_DEBUG_MSG( 3, ( "received TLS_EMPTY_RENEGOTIATION_INFO " ) ); + for (i = 0, p = buf + ciph_offset + 2; i < ciph_len; i += 2, p += 2) { + if (p[0] == 0 && p[1] == MBEDTLS_SSL_EMPTY_RENEGOTIATION_INFO) { + MBEDTLS_SSL_DEBUG_MSG(3, ("received TLS_EMPTY_RENEGOTIATION_INFO ")); #if defined(MBEDTLS_SSL_RENEGOTIATION) - if( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "received RENEGOTIATION SCSV " - "during renegotiation" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + if (ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS) { + MBEDTLS_SSL_DEBUG_MSG(1, ("received RENEGOTIATION SCSV " + "during renegotiation")); + mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE); + return MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO; } #endif ssl->secure_renegotiation = MBEDTLS_SSL_SECURE_RENEGOTIATION; @@ -2185,41 +2097,34 @@ read_record_header: /* * Renegotiation security checks */ - if( ssl->secure_renegotiation != MBEDTLS_SSL_SECURE_RENEGOTIATION && - ssl->conf->allow_legacy_renegotiation == MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "legacy renegotiation, breaking off handshake" ) ); + if (ssl->secure_renegotiation != MBEDTLS_SSL_SECURE_RENEGOTIATION && + ssl->conf->allow_legacy_renegotiation == MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE) { + MBEDTLS_SSL_DEBUG_MSG(1, ("legacy renegotiation, breaking off handshake")); handshake_failure = 1; } #if defined(MBEDTLS_SSL_RENEGOTIATION) - else if( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS && + else if (ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS && ssl->secure_renegotiation == MBEDTLS_SSL_SECURE_RENEGOTIATION && - renegotiation_info_seen == 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "renegotiation_info extension missing (secure)" ) ); + renegotiation_info_seen == 0) { + MBEDTLS_SSL_DEBUG_MSG(1, ("renegotiation_info extension missing (secure)")); handshake_failure = 1; - } - else if( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS && - ssl->secure_renegotiation == MBEDTLS_SSL_LEGACY_RENEGOTIATION && - ssl->conf->allow_legacy_renegotiation == MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "legacy renegotiation not allowed" ) ); + } else if (ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS && + ssl->secure_renegotiation == MBEDTLS_SSL_LEGACY_RENEGOTIATION && + ssl->conf->allow_legacy_renegotiation == MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION) { + MBEDTLS_SSL_DEBUG_MSG(1, ("legacy renegotiation not allowed")); handshake_failure = 1; - } - else if( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS && - ssl->secure_renegotiation == MBEDTLS_SSL_LEGACY_RENEGOTIATION && - renegotiation_info_seen == 1 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "renegotiation_info extension present (legacy)" ) ); + } else if (ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS && + ssl->secure_renegotiation == MBEDTLS_SSL_LEGACY_RENEGOTIATION && + renegotiation_info_seen == 1) { + MBEDTLS_SSL_DEBUG_MSG(1, ("renegotiation_info extension present (legacy)")); handshake_failure = 1; } #endif /* MBEDTLS_SSL_RENEGOTIATION */ - if( handshake_failure == 1 ) - { - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + if (handshake_failure == 1) { + mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE); + return MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO; } /* @@ -2231,44 +2136,60 @@ read_record_header: ciphersuites = ssl->conf->ciphersuite_list[ssl->minor_ver]; ciphersuite_info = NULL; #if defined(MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE) - for( j = 0, p = buf + ciph_offset + 2; j < ciph_len; j += 2, p += 2 ) - for( i = 0; ciphersuites[i] != 0; i++ ) -#else - for( i = 0; ciphersuites[i] != 0; i++ ) - for( j = 0, p = buf + ciph_offset + 2; j < ciph_len; j += 2, p += 2 ) -#endif - { - if( MBEDTLS_GET_UINT16_BE(p, 0) != ciphersuites[i] ) + for (j = 0, p = buf + ciph_offset + 2; j < ciph_len; j += 2, p += 2) { + for (i = 0; ciphersuites[i] != 0; i++) { + if (MBEDTLS_GET_UINT16_BE(p, 0) != ciphersuites[i]) { continue; + } got_common_suite = 1; - if( ( ret = ssl_ciphersuite_match( ssl, ciphersuites[i], - &ciphersuite_info ) ) != 0 ) - return( ret ); + if ((ret = ssl_ciphersuite_match(ssl, ciphersuites[i], + &ciphersuite_info)) != 0) { + return ret; + } - if( ciphersuite_info != NULL ) + if (ciphersuite_info != NULL) { goto have_ciphersuite; + } } + } +#else + for (i = 0; ciphersuites[i] != 0; i++) { + for (j = 0, p = buf + ciph_offset + 2; j < ciph_len; j += 2, p += 2) { + if (MBEDTLS_GET_UINT16_BE(p, 0) != ciphersuites[i]) { + continue; + } - if( got_common_suite ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "got ciphersuites in common, " - "but none of them usable" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); - return( MBEDTLS_ERR_SSL_NO_USABLE_CIPHERSUITE ); + got_common_suite = 1; + + if ((ret = ssl_ciphersuite_match(ssl, ciphersuites[i], + &ciphersuite_info)) != 0) { + return ret; + } + + if (ciphersuite_info != NULL) { + goto have_ciphersuite; + } + } } - else - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "got no ciphersuites in common" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); - return( MBEDTLS_ERR_SSL_NO_CIPHER_CHOSEN ); +#endif + + if (got_common_suite) { + MBEDTLS_SSL_DEBUG_MSG(1, ("got ciphersuites in common, " + "but none of them usable")); + mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE); + return MBEDTLS_ERR_SSL_NO_USABLE_CIPHERSUITE; + } else { + MBEDTLS_SSL_DEBUG_MSG(1, ("got no ciphersuites in common")); + mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE); + return MBEDTLS_ERR_SSL_NO_CIPHER_CHOSEN; } have_ciphersuite: - MBEDTLS_SSL_DEBUG_MSG( 2, ( "selected ciphersuite: %s", ciphersuite_info->name ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("selected ciphersuite: %s", ciphersuite_info->name)); ssl->session_negotiate->ciphersuite = ciphersuites[i]; ssl->handshake->ciphersuite_info = ciphersuite_info; @@ -2276,53 +2197,49 @@ have_ciphersuite: ssl->state++; #if defined(MBEDTLS_SSL_PROTO_DTLS) - if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) - mbedtls_ssl_recv_flight_completed( ssl ); + if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { + mbedtls_ssl_recv_flight_completed(ssl); + } #endif /* Debugging-only output for testsuite */ #if defined(MBEDTLS_DEBUG_C) && \ defined(MBEDTLS_SSL_PROTO_TLS1_2) && \ defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) - if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 ) - { - mbedtls_pk_type_t sig_alg = mbedtls_ssl_get_ciphersuite_sig_alg( ciphersuite_info ); - if( sig_alg != MBEDTLS_PK_NONE ) - { - mbedtls_md_type_t md_alg = mbedtls_ssl_sig_hash_set_find( &ssl->handshake->hash_algs, - sig_alg ); - MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello v3, signature_algorithm ext: %d", - mbedtls_ssl_hash_from_md_alg( md_alg ) ) ); - } - else - { - MBEDTLS_SSL_DEBUG_MSG( 3, ( "no hash algorithm for signature algorithm " - "%u - should not happen", (unsigned) sig_alg ) ); + if (ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3) { + mbedtls_pk_type_t sig_alg = mbedtls_ssl_get_ciphersuite_sig_alg(ciphersuite_info); + if (sig_alg != MBEDTLS_PK_NONE) { + mbedtls_md_type_t md_alg = mbedtls_ssl_sig_hash_set_find(&ssl->handshake->hash_algs, + sig_alg); + MBEDTLS_SSL_DEBUG_MSG(3, ("client hello v3, signature_algorithm ext: %d", + mbedtls_ssl_hash_from_md_alg(md_alg))); + } else { + MBEDTLS_SSL_DEBUG_MSG(3, ("no hash algorithm for signature algorithm " + "%u - should not happen", (unsigned) sig_alg)); } } #endif - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse client hello" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("<= parse client hello")); - return( 0 ); + return 0; } #if defined(MBEDTLS_SSL_TRUNCATED_HMAC) -static void ssl_write_truncated_hmac_ext( mbedtls_ssl_context *ssl, - unsigned char *buf, - size_t *olen ) +static void ssl_write_truncated_hmac_ext(mbedtls_ssl_context *ssl, + unsigned char *buf, + size_t *olen) { unsigned char *p = buf; - if( ssl->session_negotiate->trunc_hmac == MBEDTLS_SSL_TRUNC_HMAC_DISABLED ) - { + if (ssl->session_negotiate->trunc_hmac == MBEDTLS_SSL_TRUNC_HMAC_DISABLED) { *olen = 0; return; } - MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, adding truncated hmac extension" ) ); + MBEDTLS_SSL_DEBUG_MSG(3, ("server hello, adding truncated hmac extension")); - MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_TRUNCATED_HMAC, p, 0 ); + MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_TRUNCATED_HMAC, p, 0); p += 2; *p++ = 0x00; @@ -2333,9 +2250,9 @@ static void ssl_write_truncated_hmac_ext( mbedtls_ssl_context *ssl, #endif /* MBEDTLS_SSL_TRUNCATED_HMAC */ #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) -static void ssl_write_cid_ext( mbedtls_ssl_context *ssl, - unsigned char *buf, - size_t *olen ) +static void ssl_write_cid_ext(mbedtls_ssl_context *ssl, + unsigned char *buf, + size_t *olen) { unsigned char *p = buf; size_t ext_len; @@ -2345,18 +2262,18 @@ static void ssl_write_cid_ext( mbedtls_ssl_context *ssl, /* Skip writing the extension if we don't want to use it or if * the client hasn't offered it. */ - if( ssl->handshake->cid_in_use == MBEDTLS_SSL_CID_DISABLED ) + if (ssl->handshake->cid_in_use == MBEDTLS_SSL_CID_DISABLED) { return; + } /* ssl->own_cid_len is at most MBEDTLS_SSL_CID_IN_LEN_MAX * which is at most 255, so the increment cannot overflow. */ - if( end < p || (size_t)( end - p ) < (unsigned)( ssl->own_cid_len + 5 ) ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) ); + if (end < p || (size_t) (end - p) < (unsigned) (ssl->own_cid_len + 5)) { + MBEDTLS_SSL_DEBUG_MSG(1, ("buffer too small")); return; } - MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, adding CID extension" ) ); + MBEDTLS_SSL_DEBUG_MSG(3, ("server hello, adding CID extension")); /* * Quoting draft-ietf-tls-dtls-connection-id-05 @@ -2365,31 +2282,32 @@ static void ssl_write_cid_ext( mbedtls_ssl_context *ssl, * struct { * opaque cid<0..2^8-1>; * } ConnectionId; - */ - MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_CID, p, 0 ); + */ + MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_CID, p, 0); p += 2; ext_len = (size_t) ssl->own_cid_len + 1; - MBEDTLS_PUT_UINT16_BE( ext_len, p, 0 ); + MBEDTLS_PUT_UINT16_BE(ext_len, p, 0); p += 2; *p++ = (uint8_t) ssl->own_cid_len; - memcpy( p, ssl->own_cid, ssl->own_cid_len ); + memcpy(p, ssl->own_cid, ssl->own_cid_len); *olen = ssl->own_cid_len + 5; } #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) -static void ssl_write_encrypt_then_mac_ext( mbedtls_ssl_context *ssl, - unsigned char *buf, - size_t *olen ) +static void ssl_write_encrypt_then_mac_ext(mbedtls_ssl_context *ssl, + unsigned char *buf, + size_t *olen) { unsigned char *p = buf; const mbedtls_ssl_ciphersuite_t *suite = NULL; const mbedtls_cipher_info_t *cipher = NULL; - if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ) + if (ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0) { ssl->session_negotiate->encrypt_then_mac = MBEDTLS_SSL_ETM_DISABLED; + } /* * RFC 7366: "If a server receives an encrypt-then-MAC request extension @@ -2397,23 +2315,21 @@ static void ssl_write_encrypt_then_mac_ext( mbedtls_ssl_context *ssl, * with Associated Data (AEAD) ciphersuite, it MUST NOT send an * encrypt-then-MAC response extension back to the client." */ - if( ( suite = mbedtls_ssl_ciphersuite_from_id( - ssl->session_negotiate->ciphersuite ) ) == NULL || - ( cipher = mbedtls_cipher_info_from_type( suite->cipher ) ) == NULL || - cipher->mode != MBEDTLS_MODE_CBC ) - { + if ((suite = mbedtls_ssl_ciphersuite_from_id( + ssl->session_negotiate->ciphersuite)) == NULL || + (cipher = mbedtls_cipher_info_from_type(suite->cipher)) == NULL || + cipher->mode != MBEDTLS_MODE_CBC) { ssl->session_negotiate->encrypt_then_mac = MBEDTLS_SSL_ETM_DISABLED; } - if( ssl->session_negotiate->encrypt_then_mac == MBEDTLS_SSL_ETM_DISABLED ) - { + if (ssl->session_negotiate->encrypt_then_mac == MBEDTLS_SSL_ETM_DISABLED) { *olen = 0; return; } - MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, adding encrypt then mac extension" ) ); + MBEDTLS_SSL_DEBUG_MSG(3, ("server hello, adding encrypt then mac extension")); - MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC, p, 0 ); + MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC, p, 0); p += 2; *p++ = 0x00; @@ -2424,23 +2340,22 @@ static void ssl_write_encrypt_then_mac_ext( mbedtls_ssl_context *ssl, #endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */ #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) -static void ssl_write_extended_ms_ext( mbedtls_ssl_context *ssl, - unsigned char *buf, - size_t *olen ) +static void ssl_write_extended_ms_ext(mbedtls_ssl_context *ssl, + unsigned char *buf, + size_t *olen) { unsigned char *p = buf; - if( ssl->handshake->extended_ms == MBEDTLS_SSL_EXTENDED_MS_DISABLED || - ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ) - { + if (ssl->handshake->extended_ms == MBEDTLS_SSL_EXTENDED_MS_DISABLED || + ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0) { *olen = 0; return; } - MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, adding extended master secret " - "extension" ) ); + MBEDTLS_SSL_DEBUG_MSG(3, ("server hello, adding extended master secret " + "extension")); - MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET, p, 0 ); + MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET, p, 0); p += 2; *p++ = 0x00; @@ -2451,21 +2366,20 @@ static void ssl_write_extended_ms_ext( mbedtls_ssl_context *ssl, #endif /* MBEDTLS_SSL_EXTENDED_MASTER_SECRET */ #if defined(MBEDTLS_SSL_SESSION_TICKETS) -static void ssl_write_session_ticket_ext( mbedtls_ssl_context *ssl, - unsigned char *buf, - size_t *olen ) +static void ssl_write_session_ticket_ext(mbedtls_ssl_context *ssl, + unsigned char *buf, + size_t *olen) { unsigned char *p = buf; - if( ssl->handshake->new_session_ticket == 0 ) - { + if (ssl->handshake->new_session_ticket == 0) { *olen = 0; return; } - MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, adding session ticket extension" ) ); + MBEDTLS_SSL_DEBUG_MSG(3, ("server hello, adding session ticket extension")); - MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_SESSION_TICKET, p, 0 ); + MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_SESSION_TICKET, p, 0); p += 2; *p++ = 0x00; @@ -2475,36 +2389,33 @@ static void ssl_write_session_ticket_ext( mbedtls_ssl_context *ssl, } #endif /* MBEDTLS_SSL_SESSION_TICKETS */ -static void ssl_write_renegotiation_ext( mbedtls_ssl_context *ssl, - unsigned char *buf, - size_t *olen ) +static void ssl_write_renegotiation_ext(mbedtls_ssl_context *ssl, + unsigned char *buf, + size_t *olen) { unsigned char *p = buf; - if( ssl->secure_renegotiation != MBEDTLS_SSL_SECURE_RENEGOTIATION ) - { + if (ssl->secure_renegotiation != MBEDTLS_SSL_SECURE_RENEGOTIATION) { *olen = 0; return; } - MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, secure renegotiation extension" ) ); + MBEDTLS_SSL_DEBUG_MSG(3, ("server hello, secure renegotiation extension")); - MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_RENEGOTIATION_INFO, p, 0 ); + MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_RENEGOTIATION_INFO, p, 0); p += 2; #if defined(MBEDTLS_SSL_RENEGOTIATION) - if( ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE ) - { + if (ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE) { *p++ = 0x00; - *p++ = ( ssl->verify_data_len * 2 + 1 ) & 0xFF; + *p++ = (ssl->verify_data_len * 2 + 1) & 0xFF; *p++ = ssl->verify_data_len * 2 & 0xFF; - memcpy( p, ssl->peer_verify_data, ssl->verify_data_len ); + memcpy(p, ssl->peer_verify_data, ssl->verify_data_len); p += ssl->verify_data_len; - memcpy( p, ssl->own_verify_data, ssl->verify_data_len ); + memcpy(p, ssl->own_verify_data, ssl->verify_data_len); p += ssl->verify_data_len; - } - else + } else #endif /* MBEDTLS_SSL_RENEGOTIATION */ { *p++ = 0x00; @@ -2516,21 +2427,20 @@ static void ssl_write_renegotiation_ext( mbedtls_ssl_context *ssl, } #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) -static void ssl_write_max_fragment_length_ext( mbedtls_ssl_context *ssl, - unsigned char *buf, - size_t *olen ) +static void ssl_write_max_fragment_length_ext(mbedtls_ssl_context *ssl, + unsigned char *buf, + size_t *olen) { unsigned char *p = buf; - if( ssl->session_negotiate->mfl_code == MBEDTLS_SSL_MAX_FRAG_LEN_NONE ) - { + if (ssl->session_negotiate->mfl_code == MBEDTLS_SSL_MAX_FRAG_LEN_NONE) { *olen = 0; return; } - MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, max_fragment_length extension" ) ); + MBEDTLS_SSL_DEBUG_MSG(3, ("server hello, max_fragment_length extension")); - MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH, p, 0 ); + MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH, p, 0); p += 2; *p++ = 0x00; @@ -2544,23 +2454,22 @@ static void ssl_write_max_fragment_length_ext( mbedtls_ssl_context *ssl, #if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \ defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) -static void ssl_write_supported_point_formats_ext( mbedtls_ssl_context *ssl, - unsigned char *buf, - size_t *olen ) +static void ssl_write_supported_point_formats_ext(mbedtls_ssl_context *ssl, + unsigned char *buf, + size_t *olen) { unsigned char *p = buf; ((void) ssl); - if( ( ssl->handshake->cli_exts & - MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS_PRESENT ) == 0 ) - { + if ((ssl->handshake->cli_exts & + MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS_PRESENT) == 0) { *olen = 0; return; } - MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, supported_point_formats extension" ) ); + MBEDTLS_SSL_DEBUG_MSG(3, ("server hello, supported_point_formats extension")); - MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS, p, 0 ); + MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS, p, 0); p += 2; *p++ = 0x00; @@ -2574,9 +2483,9 @@ static void ssl_write_supported_point_formats_ext( mbedtls_ssl_context *ssl, #endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C || MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) -static void ssl_write_ecjpake_kkpp_ext( mbedtls_ssl_context *ssl, - unsigned char *buf, - size_t *olen ) +static void ssl_write_ecjpake_kkpp_ext(mbedtls_ssl_context *ssl, + unsigned char *buf, + size_t *olen) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char *p = buf; @@ -2586,48 +2495,46 @@ static void ssl_write_ecjpake_kkpp_ext( mbedtls_ssl_context *ssl, *olen = 0; /* Skip costly computation if not needed */ - if( ssl->handshake->ciphersuite_info->key_exchange != - MBEDTLS_KEY_EXCHANGE_ECJPAKE ) + if (ssl->handshake->ciphersuite_info->key_exchange != + MBEDTLS_KEY_EXCHANGE_ECJPAKE) { return; + } - MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, ecjpake kkpp extension" ) ); + MBEDTLS_SSL_DEBUG_MSG(3, ("server hello, ecjpake kkpp extension")); - if( end - p < 4 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) ); + if (end - p < 4) { + MBEDTLS_SSL_DEBUG_MSG(1, ("buffer too small")); return; } - MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_ECJPAKE_KKPP, p, 0 ); + MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_ECJPAKE_KKPP, p, 0); p += 2; - ret = mbedtls_ecjpake_write_round_one( &ssl->handshake->ecjpake_ctx, - p + 2, end - p - 2, &kkpp_len, - ssl->conf->f_rng, ssl->conf->p_rng ); - if( ret != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1 , "mbedtls_ecjpake_write_round_one", ret ); + ret = mbedtls_ecjpake_write_round_one(&ssl->handshake->ecjpake_ctx, + p + 2, end - p - 2, &kkpp_len, + ssl->conf->f_rng, ssl->conf->p_rng); + if (ret != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ecjpake_write_round_one", ret); return; } - MBEDTLS_PUT_UINT16_BE( kkpp_len, p, 0 ); + MBEDTLS_PUT_UINT16_BE(kkpp_len, p, 0); p += 2; *olen = kkpp_len + 4; } #endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ -#if defined(MBEDTLS_SSL_ALPN ) -static void ssl_write_alpn_ext( mbedtls_ssl_context *ssl, - unsigned char *buf, size_t *olen ) +#if defined(MBEDTLS_SSL_ALPN) +static void ssl_write_alpn_ext(mbedtls_ssl_context *ssl, + unsigned char *buf, size_t *olen) { - if( ssl->alpn_chosen == NULL ) - { + if (ssl->alpn_chosen == NULL) { *olen = 0; return; } - MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, adding alpn extension" ) ); + MBEDTLS_SSL_DEBUG_MSG(3, ("server hello, adding alpn extension")); /* * 0 . 1 ext identifier @@ -2636,24 +2543,24 @@ static void ssl_write_alpn_ext( mbedtls_ssl_context *ssl, * 6 . 6 protocol name length * 7 . 7+n protocol name */ - MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_ALPN, buf, 0); + MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_ALPN, buf, 0); - *olen = 7 + strlen( ssl->alpn_chosen ); + *olen = 7 + strlen(ssl->alpn_chosen); - MBEDTLS_PUT_UINT16_BE( *olen - 4, buf, 2 ); + MBEDTLS_PUT_UINT16_BE(*olen - 4, buf, 2); - MBEDTLS_PUT_UINT16_BE( *olen - 6, buf, 4 ); + MBEDTLS_PUT_UINT16_BE(*olen - 6, buf, 4); - buf[6] = MBEDTLS_BYTE_0( *olen - 7 ); + buf[6] = MBEDTLS_BYTE_0(*olen - 7); - memcpy( buf + 7, ssl->alpn_chosen, *olen - 7 ); + memcpy(buf + 7, ssl->alpn_chosen, *olen - 7); } #endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C */ -#if defined(MBEDTLS_SSL_DTLS_SRTP ) && defined(MBEDTLS_SSL_PROTO_DTLS) -static void ssl_write_use_srtp_ext( mbedtls_ssl_context *ssl, - unsigned char *buf, - size_t *olen ) +#if defined(MBEDTLS_SSL_DTLS_SRTP) && defined(MBEDTLS_SSL_PROTO_DTLS) +static void ssl_write_use_srtp_ext(mbedtls_ssl_context *ssl, + unsigned char *buf, + size_t *olen) { size_t mki_len = 0, ext_len = 0; uint16_t profile_value = 0; @@ -2661,16 +2568,14 @@ static void ssl_write_use_srtp_ext( mbedtls_ssl_context *ssl, *olen = 0; - if( ( ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM ) || - ( ssl->dtls_srtp_info.chosen_dtls_srtp_profile == MBEDTLS_TLS_SRTP_UNSET ) ) - { + if ((ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM) || + (ssl->dtls_srtp_info.chosen_dtls_srtp_profile == MBEDTLS_TLS_SRTP_UNSET)) { return; } - MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, adding use_srtp extension" ) ); + MBEDTLS_SSL_DEBUG_MSG(3, ("server hello, adding use_srtp extension")); - if( ssl->conf->dtls_srtp_mki_support == MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED ) - { + if (ssl->conf->dtls_srtp_mki_support == MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED) { mki_len = ssl->dtls_srtp_info.mki_len; } @@ -2682,38 +2587,34 @@ static void ssl_write_use_srtp_ext( mbedtls_ssl_context *ssl, * - 1 byte for the mki length * + the actual mki length * Check we have enough room in the output buffer */ - if( (size_t)( end - buf ) < mki_len + 9 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) ); + if ((size_t) (end - buf) < mki_len + 9) { + MBEDTLS_SSL_DEBUG_MSG(1, ("buffer too small")); return; } /* extension */ - MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_USE_SRTP, buf, 0 ); + MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_USE_SRTP, buf, 0); /* * total length 5 and mki value: only one profile(2 bytes) * and length(2 bytes) and srtp_mki ) */ ext_len = 5 + mki_len; - MBEDTLS_PUT_UINT16_BE( ext_len, buf, 2 ); + MBEDTLS_PUT_UINT16_BE(ext_len, buf, 2); /* protection profile length: 2 */ buf[4] = 0x00; buf[5] = 0x02; profile_value = mbedtls_ssl_check_srtp_profile_value( - ssl->dtls_srtp_info.chosen_dtls_srtp_profile ); - if( profile_value != MBEDTLS_TLS_SRTP_UNSET ) - { - MBEDTLS_PUT_UINT16_BE( profile_value, buf, 6 ); - } - else - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "use_srtp extension invalid profile" ) ); + ssl->dtls_srtp_info.chosen_dtls_srtp_profile); + if (profile_value != MBEDTLS_TLS_SRTP_UNSET) { + MBEDTLS_PUT_UINT16_BE(profile_value, buf, 6); + } else { + MBEDTLS_SSL_DEBUG_MSG(1, ("use_srtp extension invalid profile")); return; } buf[8] = mki_len & 0xFF; - memcpy( &buf[9], ssl->dtls_srtp_info.mki_value, mki_len ); + memcpy(&buf[9], ssl->dtls_srtp_info.mki_value, mki_len); *olen = 9 + mki_len; } @@ -2721,13 +2622,13 @@ static void ssl_write_use_srtp_ext( mbedtls_ssl_context *ssl, #if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_write_hello_verify_request( mbedtls_ssl_context *ssl ) +static int ssl_write_hello_verify_request(mbedtls_ssl_context *ssl) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char *p = ssl->out_msg + 4; unsigned char *cookie_len_byte; - MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write hello verify request" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("=> write hello verify request")); /* * struct { @@ -2738,32 +2639,30 @@ static int ssl_write_hello_verify_request( mbedtls_ssl_context *ssl ) /* The RFC is not clear on this point, but sending the actual negotiated * version looks like the most interoperable thing to do. */ - mbedtls_ssl_write_version( ssl->major_ver, ssl->minor_ver, - ssl->conf->transport, p ); - MBEDTLS_SSL_DEBUG_BUF( 3, "server version", p, 2 ); + mbedtls_ssl_write_version(ssl->major_ver, ssl->minor_ver, + ssl->conf->transport, p); + MBEDTLS_SSL_DEBUG_BUF(3, "server version", p, 2); p += 2; /* If we get here, f_cookie_check is not null */ - if( ssl->conf->f_cookie_write == NULL ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "inconsistent cookie callbacks" ) ); - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + if (ssl->conf->f_cookie_write == NULL) { + MBEDTLS_SSL_DEBUG_MSG(1, ("inconsistent cookie callbacks")); + return MBEDTLS_ERR_SSL_INTERNAL_ERROR; } /* Skip length byte until we know the length */ cookie_len_byte = p++; - if( ( ret = ssl->conf->f_cookie_write( ssl->conf->p_cookie, - &p, ssl->out_buf + MBEDTLS_SSL_OUT_BUFFER_LEN, - ssl->cli_id, ssl->cli_id_len ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "f_cookie_write", ret ); - return( ret ); + if ((ret = ssl->conf->f_cookie_write(ssl->conf->p_cookie, + &p, ssl->out_buf + MBEDTLS_SSL_OUT_BUFFER_LEN, + ssl->cli_id, ssl->cli_id_len)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "f_cookie_write", ret); + return ret; } - *cookie_len_byte = (unsigned char)( p - ( cookie_len_byte + 1 ) ); + *cookie_len_byte = (unsigned char) (p - (cookie_len_byte + 1)); - MBEDTLS_SSL_DEBUG_BUF( 3, "cookie sent", cookie_len_byte + 1, *cookie_len_byte ); + MBEDTLS_SSL_DEBUG_BUF(3, "cookie sent", cookie_len_byte + 1, *cookie_len_byte); ssl->out_msglen = p - ssl->out_msg; ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE; @@ -2771,28 +2670,26 @@ static int ssl_write_hello_verify_request( mbedtls_ssl_context *ssl ) ssl->state = MBEDTLS_SSL_SERVER_HELLO_VERIFY_REQUEST_SENT; - if( ( ret = mbedtls_ssl_write_handshake_msg( ssl ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_handshake_msg", ret ); - return( ret ); + if ((ret = mbedtls_ssl_write_handshake_msg(ssl)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg", ret); + return ret; } #if defined(MBEDTLS_SSL_PROTO_DTLS) - if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && - ( ret = mbedtls_ssl_flight_transmit( ssl ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_flight_transmit", ret ); - return( ret ); + if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && + (ret = mbedtls_ssl_flight_transmit(ssl)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_flight_transmit", ret); + return ret; } #endif /* MBEDTLS_SSL_PROTO_DTLS */ - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write hello verify request" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("<= write hello verify request")); - return( 0 ); + return 0; } #endif /* MBEDTLS_SSL_DTLS_HELLO_VERIFY */ -static void ssl_handle_id_based_session_resumption( mbedtls_ssl_context *ssl ) +static void ssl_handle_id_based_session_resumption(mbedtls_ssl_context *ssl) { int ret; mbedtls_ssl_session session_tmp; @@ -2800,49 +2697,53 @@ static void ssl_handle_id_based_session_resumption( mbedtls_ssl_context *ssl ) /* Resume is 0 by default, see ssl_handshake_init(). * It may be already set to 1 by ssl_parse_session_ticket_ext(). */ - if( ssl->handshake->resume == 1 ) + if (ssl->handshake->resume == 1) { return; - if( session->id_len == 0 ) + } + if (session->id_len == 0) { return; - if( ssl->conf->f_get_cache == NULL ) + } + if (ssl->conf->f_get_cache == NULL) { return; + } #if defined(MBEDTLS_SSL_RENEGOTIATION) - if( ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE ) + if (ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE) { return; + } #endif - mbedtls_ssl_session_init( &session_tmp ); + mbedtls_ssl_session_init(&session_tmp); session_tmp.id_len = session->id_len; - memcpy( session_tmp.id, session->id, session->id_len ); + memcpy(session_tmp.id, session->id, session->id_len); - ret = ssl->conf->f_get_cache( ssl->conf->p_cache, - &session_tmp ); - if( ret != 0 ) + ret = ssl->conf->f_get_cache(ssl->conf->p_cache, + &session_tmp); + if (ret != 0) { goto exit; + } - if( session->ciphersuite != session_tmp.ciphersuite || - session->compression != session_tmp.compression ) - { + if (session->ciphersuite != session_tmp.ciphersuite || + session->compression != session_tmp.compression) { /* Mismatch between cached and negotiated session */ goto exit; } /* Move semantics */ - mbedtls_ssl_session_free( session ); + mbedtls_ssl_session_free(session); *session = session_tmp; - memset( &session_tmp, 0, sizeof( session_tmp ) ); + memset(&session_tmp, 0, sizeof(session_tmp)); - MBEDTLS_SSL_DEBUG_MSG( 3, ( "session successfully restored from cache" ) ); + MBEDTLS_SSL_DEBUG_MSG(3, ("session successfully restored from cache")); ssl->handshake->resume = 1; exit: - mbedtls_ssl_session_free( &session_tmp ); + mbedtls_ssl_session_free(&session_tmp); } MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_write_server_hello( mbedtls_ssl_context *ssl ) +static int ssl_write_server_hello(mbedtls_ssl_context *ssl) { #if defined(MBEDTLS_HAVE_TIME) mbedtls_time_t t; @@ -2851,23 +2752,21 @@ static int ssl_write_server_hello( mbedtls_ssl_context *ssl ) size_t olen, ext_len = 0, n; unsigned char *buf, *p; - MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write server hello" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("=> write server hello")); #if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) - if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && - ssl->handshake->verify_cookie_len != 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "client hello was not authenticated" ) ); - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write server hello" ) ); + if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && + ssl->handshake->verify_cookie_len != 0) { + MBEDTLS_SSL_DEBUG_MSG(2, ("client hello was not authenticated")); + MBEDTLS_SSL_DEBUG_MSG(2, ("<= write server hello")); - return( ssl_write_hello_verify_request( ssl ) ); + return ssl_write_hello_verify_request(ssl); } #endif /* MBEDTLS_SSL_DTLS_HELLO_VERIFY */ - if( ssl->conf->f_rng == NULL ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "no RNG provided") ); - return( MBEDTLS_ERR_SSL_NO_RNG ); + if (ssl->conf->f_rng == NULL) { + MBEDTLS_SSL_DEBUG_MSG(1, ("no RNG provided")); + return MBEDTLS_ERR_SSL_NO_RNG; } /* @@ -2880,40 +2779,41 @@ static int ssl_write_server_hello( mbedtls_ssl_context *ssl ) buf = ssl->out_msg; p = buf + 4; - mbedtls_ssl_write_version( ssl->major_ver, ssl->minor_ver, - ssl->conf->transport, p ); + mbedtls_ssl_write_version(ssl->major_ver, ssl->minor_ver, + ssl->conf->transport, p); p += 2; - MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, chosen version: [%d:%d]", - buf[4], buf[5] ) ); + MBEDTLS_SSL_DEBUG_MSG(3, ("server hello, chosen version: [%d:%d]", + buf[4], buf[5])); #if defined(MBEDTLS_HAVE_TIME) - t = mbedtls_time( NULL ); - MBEDTLS_PUT_UINT32_BE( t, p, 0 ); + t = mbedtls_time(NULL); + MBEDTLS_PUT_UINT32_BE(t, p, 0); p += 4; - MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, current time: %" MBEDTLS_PRINTF_LONGLONG, - (long long) t ) ); + MBEDTLS_SSL_DEBUG_MSG(3, ("server hello, current time: %" MBEDTLS_PRINTF_LONGLONG, + (long long) t)); #else - if( ( ret = ssl->conf->f_rng( ssl->conf->p_rng, p, 4 ) ) != 0 ) - return( ret ); + if ((ret = ssl->conf->f_rng(ssl->conf->p_rng, p, 4)) != 0) { + return ret; + } p += 4; #endif /* MBEDTLS_HAVE_TIME */ - if( ( ret = ssl->conf->f_rng( ssl->conf->p_rng, p, 28 ) ) != 0 ) - return( ret ); + if ((ret = ssl->conf->f_rng(ssl->conf->p_rng, p, 28)) != 0) { + return ret; + } p += 28; - memcpy( ssl->handshake->randbytes + 32, buf + 6, 32 ); + memcpy(ssl->handshake->randbytes + 32, buf + 6, 32); - MBEDTLS_SSL_DEBUG_BUF( 3, "server hello, random bytes", buf + 6, 32 ); + MBEDTLS_SSL_DEBUG_BUF(3, "server hello, random bytes", buf + 6, 32); - ssl_handle_id_based_session_resumption( ssl ); + ssl_handle_id_based_session_resumption(ssl); - if( ssl->handshake->resume == 0 ) - { + if (ssl->handshake->resume == 0) { /* * New session, create a new session id, * unless we're about to issue a session ticket @@ -2921,36 +2821,32 @@ static int ssl_write_server_hello( mbedtls_ssl_context *ssl ) ssl->state++; #if defined(MBEDTLS_HAVE_TIME) - ssl->session_negotiate->start = mbedtls_time( NULL ); + ssl->session_negotiate->start = mbedtls_time(NULL); #endif #if defined(MBEDTLS_SSL_SESSION_TICKETS) - if( ssl->handshake->new_session_ticket != 0 ) - { + if (ssl->handshake->new_session_ticket != 0) { ssl->session_negotiate->id_len = n = 0; - memset( ssl->session_negotiate->id, 0, 32 ); - } - else + memset(ssl->session_negotiate->id, 0, 32); + } else #endif /* MBEDTLS_SSL_SESSION_TICKETS */ { ssl->session_negotiate->id_len = n = 32; - if( ( ret = ssl->conf->f_rng( ssl->conf->p_rng, ssl->session_negotiate->id, - n ) ) != 0 ) - return( ret ); + if ((ret = ssl->conf->f_rng(ssl->conf->p_rng, ssl->session_negotiate->id, + n)) != 0) { + return ret; + } } - } - else - { + } else { /* * Resuming a session */ n = ssl->session_negotiate->id_len; ssl->state = MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC; - if( ( ret = mbedtls_ssl_derive_keys( ssl ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_derive_keys", ret ); - return( ret ); + if ((ret = mbedtls_ssl_derive_keys(ssl)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_derive_keys", ret); + return ret; } } @@ -2963,136 +2859,132 @@ static int ssl_write_server_hello( mbedtls_ssl_context *ssl ) * 44+n . 43+n+m extensions */ *p++ = (unsigned char) ssl->session_negotiate->id_len; - memcpy( p, ssl->session_negotiate->id, ssl->session_negotiate->id_len ); + memcpy(p, ssl->session_negotiate->id, ssl->session_negotiate->id_len); p += ssl->session_negotiate->id_len; - MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, session id len.: %" MBEDTLS_PRINTF_SIZET, n ) ); - MBEDTLS_SSL_DEBUG_BUF( 3, "server hello, session id", buf + 39, n ); - MBEDTLS_SSL_DEBUG_MSG( 3, ( "%s session has been resumed", - ssl->handshake->resume ? "a" : "no" ) ); + MBEDTLS_SSL_DEBUG_MSG(3, ("server hello, session id len.: %" MBEDTLS_PRINTF_SIZET, n)); + MBEDTLS_SSL_DEBUG_BUF(3, "server hello, session id", buf + 39, n); + MBEDTLS_SSL_DEBUG_MSG(3, ("%s session has been resumed", + ssl->handshake->resume ? "a" : "no")); - MBEDTLS_PUT_UINT16_BE( ssl->session_negotiate->ciphersuite, p, 0 ); + MBEDTLS_PUT_UINT16_BE(ssl->session_negotiate->ciphersuite, p, 0); p += 2; - *p++ = MBEDTLS_BYTE_0( ssl->session_negotiate->compression ); + *p++ = MBEDTLS_BYTE_0(ssl->session_negotiate->compression); - MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, chosen ciphersuite: %s", - mbedtls_ssl_get_ciphersuite_name( ssl->session_negotiate->ciphersuite ) ) ); - MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, compress alg.: 0x%02X", - (unsigned int) ssl->session_negotiate->compression ) ); + MBEDTLS_SSL_DEBUG_MSG(3, ("server hello, chosen ciphersuite: %s", + mbedtls_ssl_get_ciphersuite_name(ssl->session_negotiate->ciphersuite))); + MBEDTLS_SSL_DEBUG_MSG(3, ("server hello, compress alg.: 0x%02X", + (unsigned int) ssl->session_negotiate->compression)); /* Do not write the extensions if the protocol is SSLv3 */ #if defined(MBEDTLS_SSL_PROTO_SSL3) - if( ( ssl->major_ver != 3 ) || ( ssl->minor_ver != 0 ) ) - { + if ((ssl->major_ver != 3) || (ssl->minor_ver != 0)) { #endif /* * First write extensions, then the total length */ - ssl_write_renegotiation_ext( ssl, p + 2 + ext_len, &olen ); + ssl_write_renegotiation_ext(ssl, p + 2 + ext_len, &olen); ext_len += olen; #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) - ssl_write_max_fragment_length_ext( ssl, p + 2 + ext_len, &olen ); + ssl_write_max_fragment_length_ext(ssl, p + 2 + ext_len, &olen); ext_len += olen; #endif #if defined(MBEDTLS_SSL_TRUNCATED_HMAC) - ssl_write_truncated_hmac_ext( ssl, p + 2 + ext_len, &olen ); + ssl_write_truncated_hmac_ext(ssl, p + 2 + ext_len, &olen); ext_len += olen; #endif #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) - ssl_write_cid_ext( ssl, p + 2 + ext_len, &olen ); + ssl_write_cid_ext(ssl, p + 2 + ext_len, &olen); ext_len += olen; #endif #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) - ssl_write_encrypt_then_mac_ext( ssl, p + 2 + ext_len, &olen ); + ssl_write_encrypt_then_mac_ext(ssl, p + 2 + ext_len, &olen); ext_len += olen; #endif #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) - ssl_write_extended_ms_ext( ssl, p + 2 + ext_len, &olen ); + ssl_write_extended_ms_ext(ssl, p + 2 + ext_len, &olen); ext_len += olen; #endif #if defined(MBEDTLS_SSL_SESSION_TICKETS) - ssl_write_session_ticket_ext( ssl, p + 2 + ext_len, &olen ); + ssl_write_session_ticket_ext(ssl, p + 2 + ext_len, &olen); ext_len += olen; #endif #if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \ defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) - if ( mbedtls_ssl_ciphersuite_uses_ec( - mbedtls_ssl_ciphersuite_from_id( ssl->session_negotiate->ciphersuite ) ) ) - { - ssl_write_supported_point_formats_ext( ssl, p + 2 + ext_len, &olen ); + if (mbedtls_ssl_ciphersuite_uses_ec( + mbedtls_ssl_ciphersuite_from_id(ssl->session_negotiate->ciphersuite))) { + ssl_write_supported_point_formats_ext(ssl, p + 2 + ext_len, &olen); ext_len += olen; } #endif #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) - ssl_write_ecjpake_kkpp_ext( ssl, p + 2 + ext_len, &olen ); + ssl_write_ecjpake_kkpp_ext(ssl, p + 2 + ext_len, &olen); ext_len += olen; #endif #if defined(MBEDTLS_SSL_ALPN) - ssl_write_alpn_ext( ssl, p + 2 + ext_len, &olen ); + ssl_write_alpn_ext(ssl, p + 2 + ext_len, &olen); ext_len += olen; #endif #if defined(MBEDTLS_SSL_DTLS_SRTP) - ssl_write_use_srtp_ext( ssl, p + 2 + ext_len, &olen ); + ssl_write_use_srtp_ext(ssl, p + 2 + ext_len, &olen); ext_len += olen; #endif - MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, total extension length: %" MBEDTLS_PRINTF_SIZET, - ext_len ) ); + MBEDTLS_SSL_DEBUG_MSG(3, ("server hello, total extension length: %" MBEDTLS_PRINTF_SIZET, + ext_len)); - if( ext_len > 0 ) - { - MBEDTLS_PUT_UINT16_BE( ext_len, p, 0 ); + if (ext_len > 0) { + MBEDTLS_PUT_UINT16_BE(ext_len, p, 0); p += 2 + ext_len; } #if defined(MBEDTLS_SSL_PROTO_SSL3) - } +} #endif ssl->out_msglen = p - buf; ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE; ssl->out_msg[0] = MBEDTLS_SSL_HS_SERVER_HELLO; - ret = mbedtls_ssl_write_handshake_msg( ssl ); + ret = mbedtls_ssl_write_handshake_msg(ssl); - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write server hello" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("<= write server hello")); - return( ret ); + return ret; } #if !defined(MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED) MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_write_certificate_request( mbedtls_ssl_context *ssl ) +static int ssl_write_certificate_request(mbedtls_ssl_context *ssl) { const mbedtls_ssl_ciphersuite_t *ciphersuite_info = ssl->handshake->ciphersuite_info; - MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write certificate request" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("=> write certificate request")); - if( !mbedtls_ssl_ciphersuite_cert_req_allowed( ciphersuite_info ) ) - { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write certificate request" ) ); + if (!mbedtls_ssl_ciphersuite_cert_req_allowed(ciphersuite_info)) { + MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip write certificate request")); ssl->state++; - return( 0 ); + return 0; } - MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); + return MBEDTLS_ERR_SSL_INTERNAL_ERROR; } #else /* !MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED */ MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_write_certificate_request( mbedtls_ssl_context *ssl ) +static int ssl_write_certificate_request(mbedtls_ssl_context *ssl) { int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; const mbedtls_ssl_ciphersuite_t *ciphersuite_info = @@ -3104,22 +2996,21 @@ static int ssl_write_certificate_request( mbedtls_ssl_context *ssl ) const mbedtls_x509_crt *crt; int authmode; - MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write certificate request" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("=> write certificate request")); ssl->state++; #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) - if( ssl->handshake->sni_authmode != MBEDTLS_SSL_VERIFY_UNSET ) + if (ssl->handshake->sni_authmode != MBEDTLS_SSL_VERIFY_UNSET) { authmode = ssl->handshake->sni_authmode; - else + } else #endif - authmode = ssl->conf->authmode; + authmode = ssl->conf->authmode; - if( !mbedtls_ssl_ciphersuite_cert_req_allowed( ciphersuite_info ) || - authmode == MBEDTLS_SSL_VERIFY_NONE ) - { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write certificate request" ) ); - return( 0 ); + if (!mbedtls_ssl_ciphersuite_cert_req_allowed(ciphersuite_info) || + authmode == MBEDTLS_SSL_VERIFY_NONE) { + MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip write certificate request")); + return 0; } /* @@ -3170,19 +3061,18 @@ static int ssl_write_certificate_request( mbedtls_ssl_context *ssl ) * enum { (255) } HashAlgorithm; * enum { (255) } SignatureAlgorithm; */ - if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 ) - { + if (ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3) { const int *cur; /* * Supported signature algorithms */ - for( cur = ssl->conf->sig_hashes; *cur != MBEDTLS_MD_NONE; cur++ ) - { - unsigned char hash = mbedtls_ssl_hash_from_md_alg( *cur ); + for (cur = ssl->conf->sig_hashes; *cur != MBEDTLS_MD_NONE; cur++) { + unsigned char hash = mbedtls_ssl_hash_from_md_alg(*cur); - if( MBEDTLS_SSL_HASH_NONE == hash || mbedtls_ssl_set_calc_verify_md( ssl, hash ) ) + if (MBEDTLS_SSL_HASH_NONE == hash || mbedtls_ssl_set_calc_verify_md(ssl, hash)) { continue; + } #if defined(MBEDTLS_RSA_C) p[2 + sa_len++] = hash; @@ -3194,7 +3084,7 @@ static int ssl_write_certificate_request( mbedtls_ssl_context *ssl ) #endif } - MBEDTLS_PUT_UINT16_BE( sa_len, p, 0 ); + MBEDTLS_PUT_UINT16_BE(sa_len, p, 0); sa_len += 2; p += sa_len; } @@ -3208,38 +3098,35 @@ static int ssl_write_certificate_request( mbedtls_ssl_context *ssl ) total_dn_size = 0; - if( ssl->conf->cert_req_ca_list == MBEDTLS_SSL_CERT_REQ_CA_LIST_ENABLED ) - { + if (ssl->conf->cert_req_ca_list == MBEDTLS_SSL_CERT_REQ_CA_LIST_ENABLED) { /* NOTE: If trusted certificates are provisioned * via a CA callback (configured through * `mbedtls_ssl_conf_ca_cb()`, then the * CertificateRequest is currently left empty. */ #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) - if( ssl->handshake->sni_ca_chain != NULL ) + if (ssl->handshake->sni_ca_chain != NULL) { crt = ssl->handshake->sni_ca_chain; - else + } else #endif - crt = ssl->conf->ca_chain; + crt = ssl->conf->ca_chain; - while( crt != NULL && crt->version != 0 ) - { + while (crt != NULL && crt->version != 0) { /* It follows from RFC 5280 A.1 that this length * can be represented in at most 11 bits. */ dn_size = (uint16_t) crt->subject_raw.len; - if( end < p || (size_t)( end - p ) < 2 + (size_t) dn_size ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "skipping CAs: buffer too short" ) ); + if (end < p || (size_t) (end - p) < 2 + (size_t) dn_size) { + MBEDTLS_SSL_DEBUG_MSG(1, ("skipping CAs: buffer too short")); break; } - MBEDTLS_PUT_UINT16_BE( dn_size, p, 0 ); + MBEDTLS_PUT_UINT16_BE(dn_size, p, 0); p += 2; - memcpy( p, crt->subject_raw.p, dn_size ); + memcpy(p, crt->subject_raw.p, dn_size); p += dn_size; - MBEDTLS_SSL_DEBUG_BUF( 3, "requested DN", p - dn_size, dn_size ); + MBEDTLS_SSL_DEBUG_BUF(3, "requested DN", p - dn_size, dn_size); total_dn_size += 2 + dn_size; crt = crt->next; @@ -3249,42 +3136,40 @@ static int ssl_write_certificate_request( mbedtls_ssl_context *ssl ) ssl->out_msglen = p - buf; ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE; ssl->out_msg[0] = MBEDTLS_SSL_HS_CERTIFICATE_REQUEST; - MBEDTLS_PUT_UINT16_BE( total_dn_size, ssl->out_msg, 4 + ct_len + sa_len ); + MBEDTLS_PUT_UINT16_BE(total_dn_size, ssl->out_msg, 4 + ct_len + sa_len); - ret = mbedtls_ssl_write_handshake_msg( ssl ); + ret = mbedtls_ssl_write_handshake_msg(ssl); - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write certificate request" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("<= write certificate request")); - return( ret ); + return ret; } #endif /* MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED */ #if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_get_ecdh_params_from_cert( mbedtls_ssl_context *ssl ) +static int ssl_get_ecdh_params_from_cert(mbedtls_ssl_context *ssl) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - mbedtls_pk_context *own_key = mbedtls_ssl_own_key( ssl ); + mbedtls_pk_context *own_key = mbedtls_ssl_own_key(ssl); /* Check if the key is a transparent ECDH key. * This also ensures that it is safe to call mbedtls_pk_ec(). */ - if( mbedtls_pk_get_type( own_key ) != MBEDTLS_PK_ECKEY && - mbedtls_pk_get_type( own_key ) != MBEDTLS_PK_ECKEY_DH ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "server key not ECDH capable" ) ); - return( MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH ); + if (mbedtls_pk_get_type(own_key) != MBEDTLS_PK_ECKEY && + mbedtls_pk_get_type(own_key) != MBEDTLS_PK_ECKEY_DH) { + MBEDTLS_SSL_DEBUG_MSG(1, ("server key not ECDH capable")); + return MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH; } - if( ( ret = mbedtls_ecdh_get_params( &ssl->handshake->ecdh_ctx, - mbedtls_pk_ec( *own_key ), - MBEDTLS_ECDH_OURS ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, ( "mbedtls_ecdh_get_params" ), ret ); - return( ret ); + if ((ret = mbedtls_ecdh_get_params(&ssl->handshake->ecdh_ctx, + mbedtls_pk_ec(*own_key), + MBEDTLS_ECDH_OURS)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, ("mbedtls_ecdh_get_params"), ret); + return ret; } - return( 0 ); + return 0; } #endif /* MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */ @@ -3292,8 +3177,8 @@ static int ssl_get_ecdh_params_from_cert( mbedtls_ssl_context *ssl ) #if defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED) && \ defined(MBEDTLS_SSL_ASYNC_PRIVATE) MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_resume_server_key_exchange( mbedtls_ssl_context *ssl, - size_t *signature_len ) +static int ssl_resume_server_key_exchange(mbedtls_ssl_context *ssl, + size_t *signature_len) { /* Append the signature to ssl->out_msg, leaving 2 bytes for the * signature length which will be added in ssl_write_server_key_exchange @@ -3301,17 +3186,16 @@ static int ssl_resume_server_key_exchange( mbedtls_ssl_context *ssl, * ssl_write_server_key_exchange also takes care of incrementing * ssl->out_msglen. */ unsigned char *sig_start = ssl->out_msg + ssl->out_msglen + 2; - size_t sig_max_len = ( ssl->out_buf + MBEDTLS_SSL_OUT_CONTENT_LEN - - sig_start ); - int ret = ssl->conf->f_async_resume( ssl, - sig_start, signature_len, sig_max_len ); - if( ret != MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS ) - { + size_t sig_max_len = (ssl->out_buf + MBEDTLS_SSL_OUT_CONTENT_LEN + - sig_start); + int ret = ssl->conf->f_async_resume(ssl, + sig_start, signature_len, sig_max_len); + if (ret != MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS) { ssl->handshake->async_in_progress = 0; - mbedtls_ssl_set_async_operation_data( ssl, NULL ); + mbedtls_ssl_set_async_operation_data(ssl, NULL); } - MBEDTLS_SSL_DEBUG_RET( 2, "ssl_resume_server_key_exchange", ret ); - return( ret ); + MBEDTLS_SSL_DEBUG_RET(2, "ssl_resume_server_key_exchange", ret); + return ret; } #endif /* defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED) && defined(MBEDTLS_SSL_ASYNC_PRIVATE) */ @@ -3320,8 +3204,8 @@ static int ssl_resume_server_key_exchange( mbedtls_ssl_context *ssl, * calculating the signature if any, but excluding formatting the * signature and sending the message. */ MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_prepare_server_key_exchange( mbedtls_ssl_context *ssl, - size_t *signature_len ) +static int ssl_prepare_server_key_exchange(mbedtls_ssl_context *ssl, + size_t *signature_len) { const mbedtls_ssl_ciphersuite_t *ciphersuite_info = ssl->handshake->ciphersuite_info; @@ -3349,8 +3233,7 @@ static int ssl_prepare_server_key_exchange( mbedtls_ssl_context *ssl, * - ECJPAKE key exchanges */ #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) - if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE ) - { + if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len = 0; @@ -3358,11 +3241,10 @@ static int ssl_prepare_server_key_exchange( mbedtls_ssl_context *ssl, &ssl->handshake->ecjpake_ctx, ssl->out_msg + ssl->out_msglen, MBEDTLS_SSL_OUT_CONTENT_LEN - ssl->out_msglen, &len, - ssl->conf->f_rng, ssl->conf->p_rng ); - if( ret != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecjpake_write_round_two", ret ); - return( ret ); + ssl->conf->f_rng, ssl->conf->p_rng); + if (ret != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ecjpake_write_round_two", ret); + return ret; } ssl->out_msglen += len; @@ -3376,9 +3258,8 @@ static int ssl_prepare_server_key_exchange( mbedtls_ssl_context *ssl, **/ #if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) - if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK || - ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK ) - { + if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK || + ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK) { ssl->out_msg[ssl->out_msglen++] = 0x00; ssl->out_msg[ssl->out_msglen++] = 0x00; } @@ -3389,15 +3270,13 @@ static int ssl_prepare_server_key_exchange( mbedtls_ssl_context *ssl, * - DHE key exchanges */ #if defined(MBEDTLS_KEY_EXCHANGE_SOME_DHE_ENABLED) - if( mbedtls_ssl_ciphersuite_uses_dhe( ciphersuite_info ) ) - { + if (mbedtls_ssl_ciphersuite_uses_dhe(ciphersuite_info)) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len = 0; - if( ssl->conf->dhm_P.p == NULL || ssl->conf->dhm_G.p == NULL ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "no DH parameters set" ) ); - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + if (ssl->conf->dhm_P.p == NULL || ssl->conf->dhm_G.p == NULL) { + MBEDTLS_SSL_DEBUG_MSG(1, ("no DH parameters set")); + return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; } /* @@ -3409,22 +3288,20 @@ static int ssl_prepare_server_key_exchange( mbedtls_ssl_context *ssl, * opaque dh_Ys<1..2^16-1>; * } ServerDHParams; */ - if( ( ret = mbedtls_dhm_set_group( &ssl->handshake->dhm_ctx, - &ssl->conf->dhm_P, - &ssl->conf->dhm_G ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_dhm_set_group", ret ); - return( ret ); + if ((ret = mbedtls_dhm_set_group(&ssl->handshake->dhm_ctx, + &ssl->conf->dhm_P, + &ssl->conf->dhm_G)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_dhm_set_group", ret); + return ret; } - if( ( ret = mbedtls_dhm_make_params( - &ssl->handshake->dhm_ctx, - (int) mbedtls_mpi_size( &ssl->handshake->dhm_ctx.P ), - ssl->out_msg + ssl->out_msglen, &len, - ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_dhm_make_params", ret ); - return( ret ); + if ((ret = mbedtls_dhm_make_params( + &ssl->handshake->dhm_ctx, + (int) mbedtls_mpi_size(&ssl->handshake->dhm_ctx.P), + ssl->out_msg + ssl->out_msglen, &len, + ssl->conf->f_rng, ssl->conf->p_rng)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_dhm_make_params", ret); + return ret; } #if defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED) @@ -3433,10 +3310,10 @@ static int ssl_prepare_server_key_exchange( mbedtls_ssl_context *ssl, ssl->out_msglen += len; - MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: X ", &ssl->handshake->dhm_ctx.X ); - MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: P ", &ssl->handshake->dhm_ctx.P ); - MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: G ", &ssl->handshake->dhm_ctx.G ); - MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: GX", &ssl->handshake->dhm_ctx.GX ); + MBEDTLS_SSL_DEBUG_MPI(3, "DHM: X ", &ssl->handshake->dhm_ctx.X); + MBEDTLS_SSL_DEBUG_MPI(3, "DHM: P ", &ssl->handshake->dhm_ctx.P); + MBEDTLS_SSL_DEBUG_MPI(3, "DHM: G ", &ssl->handshake->dhm_ctx.G); + MBEDTLS_SSL_DEBUG_MPI(3, "DHM: GX", &ssl->handshake->dhm_ctx.GX); } #endif /* MBEDTLS_KEY_EXCHANGE_SOME_DHE_ENABLED */ @@ -3444,8 +3321,7 @@ static int ssl_prepare_server_key_exchange( mbedtls_ssl_context *ssl, * - ECDHE key exchanges */ #if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED) - if( mbedtls_ssl_ciphersuite_uses_ecdhe( ciphersuite_info ) ) - { + if (mbedtls_ssl_ciphersuite_uses_ecdhe(ciphersuite_info)) { /* * Ephemeral ECDH parameters: * @@ -3460,35 +3336,35 @@ static int ssl_prepare_server_key_exchange( mbedtls_ssl_context *ssl, size_t len = 0; /* Match our preference list against the offered curves */ - for( gid = ssl->conf->curve_list; *gid != MBEDTLS_ECP_DP_NONE; gid++ ) - for( curve = ssl->handshake->curves; *curve != NULL; curve++ ) - if( (*curve)->grp_id == *gid ) + for (gid = ssl->conf->curve_list; *gid != MBEDTLS_ECP_DP_NONE; gid++) { + for (curve = ssl->handshake->curves; *curve != NULL; curve++) { + if ((*curve)->grp_id == *gid) { goto curve_matching_done; + } + } + } curve_matching_done: - if( curve == NULL || *curve == NULL ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "no matching curve for ECDHE" ) ); - return( MBEDTLS_ERR_SSL_NO_CIPHER_CHOSEN ); + if (curve == NULL || *curve == NULL) { + MBEDTLS_SSL_DEBUG_MSG(1, ("no matching curve for ECDHE")); + return MBEDTLS_ERR_SSL_NO_CIPHER_CHOSEN; } - MBEDTLS_SSL_DEBUG_MSG( 2, ( "ECDHE curve: %s", (*curve)->name ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("ECDHE curve: %s", (*curve)->name)); - if( ( ret = mbedtls_ecdh_setup( &ssl->handshake->ecdh_ctx, - (*curve)->grp_id ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecp_group_load", ret ); - return( ret ); + if ((ret = mbedtls_ecdh_setup(&ssl->handshake->ecdh_ctx, + (*curve)->grp_id)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ecp_group_load", ret); + return ret; } - if( ( ret = mbedtls_ecdh_make_params( - &ssl->handshake->ecdh_ctx, &len, - ssl->out_msg + ssl->out_msglen, - MBEDTLS_SSL_OUT_CONTENT_LEN - ssl->out_msglen, - ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecdh_make_params", ret ); - return( ret ); + if ((ret = mbedtls_ecdh_make_params( + &ssl->handshake->ecdh_ctx, &len, + ssl->out_msg + ssl->out_msglen, + MBEDTLS_SSL_OUT_CONTENT_LEN - ssl->out_msglen, + ssl->conf->f_rng, ssl->conf->p_rng)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ecdh_make_params", ret); + return ret; } #if defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED) @@ -3497,8 +3373,8 @@ curve_matching_done: ssl->out_msglen += len; - MBEDTLS_SSL_DEBUG_ECDH( 3, &ssl->handshake->ecdh_ctx, - MBEDTLS_DEBUG_ECDH_Q ); + MBEDTLS_SSL_DEBUG_ECDH(3, &ssl->handshake->ecdh_ctx, + MBEDTLS_DEBUG_ECDH_Q); } #endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED */ @@ -3509,8 +3385,7 @@ curve_matching_done: * */ #if defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED) - if( mbedtls_ssl_ciphersuite_uses_server_signature( ciphersuite_info ) ) - { + if (mbedtls_ssl_ciphersuite_uses_server_signature(ciphersuite_info)) { size_t dig_signed_len = ssl->out_msg + ssl->out_msglen - dig_signed; size_t hashlen = 0; #if defined(MBEDTLS_USE_PSA_CRYPTO) @@ -3533,31 +3408,26 @@ curve_matching_done: #if defined(MBEDTLS_SSL_PROTO_TLS1_2) mbedtls_pk_type_t sig_alg = - mbedtls_ssl_get_ciphersuite_sig_pk_alg( ciphersuite_info ); - if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 ) - { + mbedtls_ssl_get_ciphersuite_sig_pk_alg(ciphersuite_info); + if (ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3) { /* A: For TLS 1.2, obey signature-hash-algorithm extension * (RFC 5246, Sec. 7.4.1.4.1). */ - if( sig_alg == MBEDTLS_PK_NONE || - ( md_alg = mbedtls_ssl_sig_hash_set_find( &ssl->handshake->hash_algs, - sig_alg ) ) == MBEDTLS_MD_NONE ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); + if (sig_alg == MBEDTLS_PK_NONE || + (md_alg = mbedtls_ssl_sig_hash_set_find(&ssl->handshake->hash_algs, + sig_alg)) == MBEDTLS_MD_NONE) { + MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); /* (... because we choose a cipher suite * only if there is a matching hash.) */ - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + return MBEDTLS_ERR_SSL_INTERNAL_ERROR; } - } - else + } else #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ #if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \ - defined(MBEDTLS_SSL_PROTO_TLS1_1) - if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA ) - { + defined(MBEDTLS_SSL_PROTO_TLS1_1) + if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA) { /* B: Default hash SHA1 */ md_alg = MBEDTLS_MD_SHA1; - } - else + } else #endif /* MBEDTLS_SSL_PROTO_SSL3 || MBEDTLS_SSL_PROTO_TLS1 || \ MBEDTLS_SSL_PROTO_TLS1_1 */ { @@ -3565,52 +3435,49 @@ curve_matching_done: md_alg = MBEDTLS_MD_NONE; } - MBEDTLS_SSL_DEBUG_MSG( 3, ( "pick hash algorithm %u for signing", (unsigned) md_alg ) ); + MBEDTLS_SSL_DEBUG_MSG(3, ("pick hash algorithm %u for signing", (unsigned) md_alg)); /* * 2.2: Compute the hash to be signed */ #if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \ - defined(MBEDTLS_SSL_PROTO_TLS1_1) - if( md_alg == MBEDTLS_MD_NONE ) - { + defined(MBEDTLS_SSL_PROTO_TLS1_1) + if (md_alg == MBEDTLS_MD_NONE) { hashlen = 36; - ret = mbedtls_ssl_get_key_exchange_md_ssl_tls( ssl, hash, - dig_signed, - dig_signed_len ); - if( ret != 0 ) - return( ret ); - } - else + ret = mbedtls_ssl_get_key_exchange_md_ssl_tls(ssl, hash, + dig_signed, + dig_signed_len); + if (ret != 0) { + return ret; + } + } else #endif /* MBEDTLS_SSL_PROTO_SSL3 || MBEDTLS_SSL_PROTO_TLS1 || \ MBEDTLS_SSL_PROTO_TLS1_1 */ #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \ - defined(MBEDTLS_SSL_PROTO_TLS1_2) - if( md_alg != MBEDTLS_MD_NONE ) - { - ret = mbedtls_ssl_get_key_exchange_md_tls1_2( ssl, hash, &hashlen, - dig_signed, - dig_signed_len, - md_alg ); - if( ret != 0 ) - return( ret ); - } - else + defined(MBEDTLS_SSL_PROTO_TLS1_2) + if (md_alg != MBEDTLS_MD_NONE) { + ret = mbedtls_ssl_get_key_exchange_md_tls1_2(ssl, hash, &hashlen, + dig_signed, + dig_signed_len, + md_alg); + if (ret != 0) { + return ret; + } + } else #endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 || \ MBEDTLS_SSL_PROTO_TLS1_2 */ { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); + return MBEDTLS_ERR_SSL_INTERNAL_ERROR; } - MBEDTLS_SSL_DEBUG_BUF( 3, "parameters hash", hash, hashlen ); + MBEDTLS_SSL_DEBUG_BUF(3, "parameters hash", hash, hashlen); /* * 2.3: Compute and add the signature */ #if defined(MBEDTLS_SSL_PROTO_TLS1_2) - if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 ) - { + if (ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3) { /* * For TLS 1.2, we need to specify signature and hash algorithm * explicitly through a prefix to the signature. @@ -3628,40 +3495,37 @@ curve_matching_done: */ ssl->out_msg[ssl->out_msglen++] = - mbedtls_ssl_hash_from_md_alg( md_alg ); + mbedtls_ssl_hash_from_md_alg(md_alg); ssl->out_msg[ssl->out_msglen++] = - mbedtls_ssl_sig_from_pk_alg( sig_alg ); + mbedtls_ssl_sig_from_pk_alg(sig_alg); } #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ #if defined(MBEDTLS_SSL_ASYNC_PRIVATE) - if( ssl->conf->f_async_sign_start != NULL ) - { - ret = ssl->conf->f_async_sign_start( ssl, - mbedtls_ssl_own_cert( ssl ), - md_alg, hash, hashlen ); - switch( ret ) - { - case MBEDTLS_ERR_SSL_HW_ACCEL_FALLTHROUGH: - /* act as if f_async_sign was null */ - break; - case 0: - ssl->handshake->async_in_progress = 1; - return( ssl_resume_server_key_exchange( ssl, signature_len ) ); - case MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS: - ssl->handshake->async_in_progress = 1; - return( MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS ); - default: - MBEDTLS_SSL_DEBUG_RET( 1, "f_async_sign_start", ret ); - return( ret ); + if (ssl->conf->f_async_sign_start != NULL) { + ret = ssl->conf->f_async_sign_start(ssl, + mbedtls_ssl_own_cert(ssl), + md_alg, hash, hashlen); + switch (ret) { + case MBEDTLS_ERR_SSL_HW_ACCEL_FALLTHROUGH: + /* act as if f_async_sign was null */ + break; + case 0: + ssl->handshake->async_in_progress = 1; + return ssl_resume_server_key_exchange(ssl, signature_len); + case MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS: + ssl->handshake->async_in_progress = 1; + return MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS; + default: + MBEDTLS_SSL_DEBUG_RET(1, "f_async_sign_start", ret); + return ret; } } #endif /* MBEDTLS_SSL_ASYNC_PRIVATE */ - if( mbedtls_ssl_own_key( ssl ) == NULL ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "got no private key" ) ); - return( MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED ); + if (mbedtls_ssl_own_key(ssl) == NULL) { + MBEDTLS_SSL_DEBUG_MSG(1, ("got no private key")); + return MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED; } /* Append the signature to ssl->out_msg, leaving 2 bytes for the @@ -3669,20 +3533,19 @@ curve_matching_done: * after the call to ssl_prepare_server_key_exchange. * ssl_write_server_key_exchange also takes care of incrementing * ssl->out_msglen. */ - if( ( ret = mbedtls_pk_sign( mbedtls_ssl_own_key( ssl ), - md_alg, hash, hashlen, - ssl->out_msg + ssl->out_msglen + 2, - signature_len, - ssl->conf->f_rng, - ssl->conf->p_rng ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_pk_sign", ret ); - return( ret ); + if ((ret = mbedtls_pk_sign(mbedtls_ssl_own_key(ssl), + md_alg, hash, hashlen, + ssl->out_msg + ssl->out_msglen + 2, + signature_len, + ssl->conf->f_rng, + ssl->conf->p_rng)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_pk_sign", ret); + return ret; } } #endif /* MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED */ - return( 0 ); + return 0; } /* Prepare the ServerKeyExchange message and send it. For ciphersuites @@ -3690,41 +3553,38 @@ curve_matching_done: * way, if successful, move on to the next step in the SSL state * machine. */ MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_write_server_key_exchange( mbedtls_ssl_context *ssl ) +static int ssl_write_server_key_exchange(mbedtls_ssl_context *ssl) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t signature_len = 0; #if defined(MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED) const mbedtls_ssl_ciphersuite_t *ciphersuite_info = - ssl->handshake->ciphersuite_info; + ssl->handshake->ciphersuite_info; #endif /* MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED */ - MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write server key exchange" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("=> write server key exchange")); #if defined(MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED) /* Extract static ECDH parameters and abort if ServerKeyExchange * is not needed. */ - if( mbedtls_ssl_ciphersuite_no_pfs( ciphersuite_info ) ) - { + if (mbedtls_ssl_ciphersuite_no_pfs(ciphersuite_info)) { /* For suites involving ECDH, extract DH parameters * from certificate at this point. */ #if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_ENABLED) - if( mbedtls_ssl_ciphersuite_uses_ecdh( ciphersuite_info ) ) - { - ret = ssl_get_ecdh_params_from_cert( ssl ); - if( ret != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "ssl_get_ecdh_params_from_cert", ret ); - return( ret ); + if (mbedtls_ssl_ciphersuite_uses_ecdh(ciphersuite_info)) { + ret = ssl_get_ecdh_params_from_cert(ssl); + if (ret != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "ssl_get_ecdh_params_from_cert", ret); + return ret; } } #endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDH_ENABLED */ /* Key exchanges not involving ephemeral keys don't use * ServerKeyExchange, so end here. */ - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write server key exchange" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip write server key exchange")); ssl->state++; - return( 0 ); + return 0; } #endif /* MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED */ @@ -3732,44 +3592,41 @@ static int ssl_write_server_key_exchange( mbedtls_ssl_context *ssl ) defined(MBEDTLS_SSL_ASYNC_PRIVATE) /* If we have already prepared the message and there is an ongoing * signature operation, resume signing. */ - if( ssl->handshake->async_in_progress != 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "resuming signature operation" ) ); - ret = ssl_resume_server_key_exchange( ssl, &signature_len ); - } - else + if (ssl->handshake->async_in_progress != 0) { + MBEDTLS_SSL_DEBUG_MSG(2, ("resuming signature operation")); + ret = ssl_resume_server_key_exchange(ssl, &signature_len); + } else #endif /* defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED) && defined(MBEDTLS_SSL_ASYNC_PRIVATE) */ { /* ServerKeyExchange is needed. Prepare the message. */ - ret = ssl_prepare_server_key_exchange( ssl, &signature_len ); + ret = ssl_prepare_server_key_exchange(ssl, &signature_len); } - if( ret != 0 ) - { + if (ret != 0) { /* If we're starting to write a new message, set ssl->out_msglen * to 0. But if we're resuming after an asynchronous message, * out_msglen is the amount of data written so far and mst be * preserved. */ - if( ret == MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS ) - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write server key exchange (pending)" ) ); - else + if (ret == MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS) { + MBEDTLS_SSL_DEBUG_MSG(2, ("<= write server key exchange (pending)")); + } else { ssl->out_msglen = 0; - return( ret ); + } + return ret; } /* If there is a signature, write its length. * ssl_prepare_server_key_exchange already wrote the signature * itself at its proper place in the output buffer. */ #if defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED) - if( signature_len != 0 ) - { - ssl->out_msg[ssl->out_msglen++] = MBEDTLS_BYTE_1( signature_len ); - ssl->out_msg[ssl->out_msglen++] = MBEDTLS_BYTE_0( signature_len ); + if (signature_len != 0) { + ssl->out_msg[ssl->out_msglen++] = MBEDTLS_BYTE_1(signature_len); + ssl->out_msg[ssl->out_msglen++] = MBEDTLS_BYTE_0(signature_len); - MBEDTLS_SSL_DEBUG_BUF( 3, "my signature", - ssl->out_msg + ssl->out_msglen, - signature_len ); + MBEDTLS_SSL_DEBUG_BUF(3, "my signature", + ssl->out_msg + ssl->out_msglen, + signature_len); /* Skip over the already-written signature */ ssl->out_msglen += signature_len; @@ -3782,22 +3639,21 @@ static int ssl_write_server_key_exchange( mbedtls_ssl_context *ssl ) ssl->state++; - if( ( ret = mbedtls_ssl_write_handshake_msg( ssl ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_handshake_msg", ret ); - return( ret ); + if ((ret = mbedtls_ssl_write_handshake_msg(ssl)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg", ret); + return ret; } - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write server key exchange" ) ); - return( 0 ); + MBEDTLS_SSL_DEBUG_MSG(2, ("<= write server key exchange")); + return 0; } MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_write_server_hello_done( mbedtls_ssl_context *ssl ) +static int ssl_write_server_hello_done(mbedtls_ssl_context *ssl) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write server hello done" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("=> write server hello done")); ssl->out_msglen = 4; ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE; @@ -3806,35 +3662,34 @@ static int ssl_write_server_hello_done( mbedtls_ssl_context *ssl ) ssl->state++; #if defined(MBEDTLS_SSL_PROTO_DTLS) - if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) - mbedtls_ssl_send_flight_completed( ssl ); + if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { + mbedtls_ssl_send_flight_completed(ssl); + } #endif - if( ( ret = mbedtls_ssl_write_handshake_msg( ssl ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_handshake_msg", ret ); - return( ret ); + if ((ret = mbedtls_ssl_write_handshake_msg(ssl)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg", ret); + return ret; } #if defined(MBEDTLS_SSL_PROTO_DTLS) - if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && - ( ret = mbedtls_ssl_flight_transmit( ssl ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_flight_transmit", ret ); - return( ret ); + if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && + (ret = mbedtls_ssl_flight_transmit(ssl)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_flight_transmit", ret); + return ret; } #endif /* MBEDTLS_SSL_PROTO_DTLS */ - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write server hello done" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("<= write server hello done")); - return( 0 ); + return 0; } #if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_parse_client_dh_public( mbedtls_ssl_context *ssl, unsigned char **p, - const unsigned char *end ) +static int ssl_parse_client_dh_public(mbedtls_ssl_context *ssl, unsigned char **p, + const unsigned char *end) { int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; size_t n; @@ -3842,32 +3697,29 @@ static int ssl_parse_client_dh_public( mbedtls_ssl_context *ssl, unsigned char * /* * Receive G^Y mod P, premaster = (G^Y)^X mod P */ - if( *p + 2 > end ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client key exchange message" ) ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE ); + if (*p + 2 > end) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad client key exchange message")); + return MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE; } - n = ( (*p)[0] << 8 ) | (*p)[1]; + n = ((*p)[0] << 8) | (*p)[1]; *p += 2; - if( *p + n > end ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client key exchange message" ) ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE ); + if (*p + n > end) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad client key exchange message")); + return MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE; } - if( ( ret = mbedtls_dhm_read_public( &ssl->handshake->dhm_ctx, *p, n ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_dhm_read_public", ret ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_RP ); + if ((ret = mbedtls_dhm_read_public(&ssl->handshake->dhm_ctx, *p, n)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_dhm_read_public", ret); + return MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_RP; } *p += n; - MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: GY", &ssl->handshake->dhm_ctx.GY ); + MBEDTLS_SSL_DEBUG_MPI(3, "DHM: GY", &ssl->handshake->dhm_ctx.GY); - return( ret ); + return ret; } #endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED || MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */ @@ -3877,50 +3729,48 @@ static int ssl_parse_client_dh_public( mbedtls_ssl_context *ssl, unsigned char * #if defined(MBEDTLS_SSL_ASYNC_PRIVATE) MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_resume_decrypt_pms( mbedtls_ssl_context *ssl, - unsigned char *peer_pms, - size_t *peer_pmslen, - size_t peer_pmssize ) +static int ssl_resume_decrypt_pms(mbedtls_ssl_context *ssl, + unsigned char *peer_pms, + size_t *peer_pmslen, + size_t peer_pmssize) { - int ret = ssl->conf->f_async_resume( ssl, - peer_pms, peer_pmslen, peer_pmssize ); - if( ret != MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS ) - { + int ret = ssl->conf->f_async_resume(ssl, + peer_pms, peer_pmslen, peer_pmssize); + if (ret != MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS) { ssl->handshake->async_in_progress = 0; - mbedtls_ssl_set_async_operation_data( ssl, NULL ); + mbedtls_ssl_set_async_operation_data(ssl, NULL); } - MBEDTLS_SSL_DEBUG_RET( 2, "ssl_decrypt_encrypted_pms", ret ); - return( ret ); + MBEDTLS_SSL_DEBUG_RET(2, "ssl_decrypt_encrypted_pms", ret); + return ret; } #endif /* MBEDTLS_SSL_ASYNC_PRIVATE */ MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_decrypt_encrypted_pms( mbedtls_ssl_context *ssl, - const unsigned char *p, - const unsigned char *end, - unsigned char *peer_pms, - size_t *peer_pmslen, - size_t peer_pmssize ) +static int ssl_decrypt_encrypted_pms(mbedtls_ssl_context *ssl, + const unsigned char *p, + const unsigned char *end, + unsigned char *peer_pms, + size_t *peer_pmslen, + size_t peer_pmssize) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - mbedtls_x509_crt *own_cert = mbedtls_ssl_own_cert( ssl ); - if( own_cert == NULL ) { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "got no local certificate" ) ); - return( MBEDTLS_ERR_SSL_NO_CLIENT_CERTIFICATE ); + mbedtls_x509_crt *own_cert = mbedtls_ssl_own_cert(ssl); + if (own_cert == NULL) { + MBEDTLS_SSL_DEBUG_MSG(1, ("got no local certificate")); + return MBEDTLS_ERR_SSL_NO_CLIENT_CERTIFICATE; } mbedtls_pk_context *public_key = &own_cert->pk; - mbedtls_pk_context *private_key = mbedtls_ssl_own_key( ssl ); - size_t len = mbedtls_pk_get_len( public_key ); + mbedtls_pk_context *private_key = mbedtls_ssl_own_key(ssl); + size_t len = mbedtls_pk_get_len(public_key); #if defined(MBEDTLS_SSL_ASYNC_PRIVATE) /* If we have already started decoding the message and there is an ongoing * decryption operation, resume signing. */ - if( ssl->handshake->async_in_progress != 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "resuming decryption operation" ) ); - return( ssl_resume_decrypt_pms( ssl, - peer_pms, peer_pmslen, peer_pmssize ) ); + if (ssl->handshake->async_in_progress != 0) { + MBEDTLS_SSL_DEBUG_MSG(2, ("resuming decryption operation")); + return ssl_resume_decrypt_pms(ssl, + peer_pms, peer_pmslen, peer_pmssize); } #endif /* MBEDTLS_SSL_ASYNC_PRIVATE */ @@ -3929,75 +3779,68 @@ static int ssl_decrypt_encrypted_pms( mbedtls_ssl_context *ssl, */ #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \ defined(MBEDTLS_SSL_PROTO_TLS1_2) - if( ssl->minor_ver != MBEDTLS_SSL_MINOR_VERSION_0 ) - { - if ( p + 2 > end ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client key exchange message" ) ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE ); + if (ssl->minor_ver != MBEDTLS_SSL_MINOR_VERSION_0) { + if (p + 2 > end) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad client key exchange message")); + return MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE; } - if( *p++ != MBEDTLS_BYTE_1( len ) || - *p++ != MBEDTLS_BYTE_0( len ) ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client key exchange message" ) ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE ); + if (*p++ != MBEDTLS_BYTE_1(len) || + *p++ != MBEDTLS_BYTE_0(len)) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad client key exchange message")); + return MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE; } } #endif - if( p + len != end ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client key exchange message" ) ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE ); + if (p + len != end) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad client key exchange message")); + return MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE; } /* * Decrypt the premaster secret */ #if defined(MBEDTLS_SSL_ASYNC_PRIVATE) - if( ssl->conf->f_async_decrypt_start != NULL ) - { - ret = ssl->conf->f_async_decrypt_start( ssl, - mbedtls_ssl_own_cert( ssl ), - p, len ); - switch( ret ) - { - case MBEDTLS_ERR_SSL_HW_ACCEL_FALLTHROUGH: - /* act as if f_async_decrypt_start was null */ - break; - case 0: - ssl->handshake->async_in_progress = 1; - return( ssl_resume_decrypt_pms( ssl, - peer_pms, - peer_pmslen, - peer_pmssize ) ); - case MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS: - ssl->handshake->async_in_progress = 1; - return( MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS ); - default: - MBEDTLS_SSL_DEBUG_RET( 1, "f_async_decrypt_start", ret ); - return( ret ); + if (ssl->conf->f_async_decrypt_start != NULL) { + ret = ssl->conf->f_async_decrypt_start(ssl, + mbedtls_ssl_own_cert(ssl), + p, len); + switch (ret) { + case MBEDTLS_ERR_SSL_HW_ACCEL_FALLTHROUGH: + /* act as if f_async_decrypt_start was null */ + break; + case 0: + ssl->handshake->async_in_progress = 1; + return ssl_resume_decrypt_pms(ssl, + peer_pms, + peer_pmslen, + peer_pmssize); + case MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS: + ssl->handshake->async_in_progress = 1; + return MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS; + default: + MBEDTLS_SSL_DEBUG_RET(1, "f_async_decrypt_start", ret); + return ret; } } #endif /* MBEDTLS_SSL_ASYNC_PRIVATE */ - if( ! mbedtls_pk_can_do( private_key, MBEDTLS_PK_RSA ) ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "got no RSA private key" ) ); - return( MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED ); + if (!mbedtls_pk_can_do(private_key, MBEDTLS_PK_RSA)) { + MBEDTLS_SSL_DEBUG_MSG(1, ("got no RSA private key")); + return MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED; } - ret = mbedtls_pk_decrypt( private_key, p, len, - peer_pms, peer_pmslen, peer_pmssize, - ssl->conf->f_rng, ssl->conf->p_rng ); - return( ret ); + ret = mbedtls_pk_decrypt(private_key, p, len, + peer_pms, peer_pmslen, peer_pmssize, + ssl->conf->f_rng, ssl->conf->p_rng); + return ret; } MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_parse_encrypted_pms( mbedtls_ssl_context *ssl, - const unsigned char *p, - const unsigned char *end, - size_t pms_offset ) +static int ssl_parse_encrypted_pms(mbedtls_ssl_context *ssl, + const unsigned char *p, + const unsigned char *end, + size_t pms_offset) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char *pms = ssl->handshake->premaster + pms_offset; @@ -4017,19 +3860,20 @@ static int ssl_parse_encrypted_pms( mbedtls_ssl_context *ssl, peer_pms[0] = peer_pms[1] = ~0; peer_pmslen = 0; - ret = ssl_decrypt_encrypted_pms( ssl, p, end, - peer_pms, - &peer_pmslen, - sizeof( peer_pms ) ); + ret = ssl_decrypt_encrypted_pms(ssl, p, end, + peer_pms, + &peer_pmslen, + sizeof(peer_pms)); #if defined(MBEDTLS_SSL_ASYNC_PRIVATE) - if ( ret == MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS ) - return( ret ); + if (ret == MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS) { + return ret; + } #endif /* MBEDTLS_SSL_ASYNC_PRIVATE */ - mbedtls_ssl_write_version( ssl->handshake->max_major_ver, - ssl->handshake->max_minor_ver, - ssl->conf->transport, ver ); + mbedtls_ssl_write_version(ssl->handshake->max_major_ver, + ssl->handshake->max_minor_ver, + ssl->conf->transport, ver); /* Avoid data-dependent branches while checking for invalid * padding, to protect against timing-based Bleichenbacher-type @@ -4040,7 +3884,7 @@ static int ssl_parse_encrypted_pms( mbedtls_ssl_context *ssl, diff |= peer_pms[1] ^ ver[1]; /* mask = diff ? 0xff : 0x00 using bit operations to avoid branches */ - mask = mbedtls_ct_uint_mask( diff ); + mask = mbedtls_ct_uint_mask(diff); /* * Protection against Bleichenbacher's attack: invalid PKCS#1 v1.5 padding @@ -4051,101 +3895,94 @@ static int ssl_parse_encrypted_pms( mbedtls_ssl_context *ssl, * successful. In particular, always generate the fake premaster secret, * regardless of whether it will ultimately influence the output or not. */ - ret = ssl->conf->f_rng( ssl->conf->p_rng, fake_pms, sizeof( fake_pms ) ); - if( ret != 0 ) - { + ret = ssl->conf->f_rng(ssl->conf->p_rng, fake_pms, sizeof(fake_pms)); + if (ret != 0) { /* It's ok to abort on an RNG failure, since this does not reveal * anything about the RSA decryption. */ - return( ret ); + return ret; } #if defined(MBEDTLS_SSL_DEBUG_ALL) - if( diff != 0 ) - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client key exchange message" ) ); + if (diff != 0) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad client key exchange message")); + } #endif - if( sizeof( ssl->handshake->premaster ) < pms_offset || - sizeof( ssl->handshake->premaster ) - pms_offset < 48 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + if (sizeof(ssl->handshake->premaster) < pms_offset || + sizeof(ssl->handshake->premaster) - pms_offset < 48) { + MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); + return MBEDTLS_ERR_SSL_INTERNAL_ERROR; } ssl->handshake->pmslen = 48; /* Set pms to either the true or the fake PMS, without * data-dependent branches. */ - for( i = 0; i < ssl->handshake->pmslen; i++ ) - pms[i] = ( mask & fake_pms[i] ) | ( (~mask) & peer_pms[i] ); + for (i = 0; i < ssl->handshake->pmslen; i++) { + pms[i] = (mask & fake_pms[i]) | ((~mask) & peer_pms[i]); + } - return( 0 ); + return 0; } #endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED || MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */ #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_parse_client_psk_identity( mbedtls_ssl_context *ssl, unsigned char **p, - const unsigned char *end ) +static int ssl_parse_client_psk_identity(mbedtls_ssl_context *ssl, unsigned char **p, + const unsigned char *end) { int ret = 0; uint16_t n; - if( ssl_conf_has_psk_or_cb( ssl->conf ) == 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "got no pre-shared key" ) ); - return( MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED ); + if (ssl_conf_has_psk_or_cb(ssl->conf) == 0) { + MBEDTLS_SSL_DEBUG_MSG(1, ("got no pre-shared key")); + return MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED; } /* * Receive client pre-shared key identity name */ - if( end - *p < 2 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client key exchange message" ) ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE ); + if (end - *p < 2) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad client key exchange message")); + return MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE; } - n = ( (*p)[0] << 8 ) | (*p)[1]; + n = ((*p)[0] << 8) | (*p)[1]; *p += 2; - if( n == 0 || n > end - *p ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client key exchange message" ) ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE ); + if (n == 0 || n > end - *p) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad client key exchange message")); + return MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE; } - if( ssl->conf->f_psk != NULL ) - { - if( ssl->conf->f_psk( ssl->conf->p_psk, ssl, *p, n ) != 0 ) + if (ssl->conf->f_psk != NULL) { + if (ssl->conf->f_psk(ssl->conf->p_psk, ssl, *p, n) != 0) { ret = MBEDTLS_ERR_SSL_UNKNOWN_IDENTITY; - } - else - { + } + } else { /* Identity is not a big secret since clients send it in the clear, * but treat it carefully anyway, just in case */ - if( n != ssl->conf->psk_identity_len || - mbedtls_ct_memcmp( ssl->conf->psk_identity, *p, n ) != 0 ) - { + if (n != ssl->conf->psk_identity_len || + mbedtls_ct_memcmp(ssl->conf->psk_identity, *p, n) != 0) { ret = MBEDTLS_ERR_SSL_UNKNOWN_IDENTITY; } } - if( ret == MBEDTLS_ERR_SSL_UNKNOWN_IDENTITY ) - { - MBEDTLS_SSL_DEBUG_BUF( 3, "Unknown PSK identity", *p, n ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_UNKNOWN_PSK_IDENTITY ); - return( MBEDTLS_ERR_SSL_UNKNOWN_IDENTITY ); + if (ret == MBEDTLS_ERR_SSL_UNKNOWN_IDENTITY) { + MBEDTLS_SSL_DEBUG_BUF(3, "Unknown PSK identity", *p, n); + mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_UNKNOWN_PSK_IDENTITY); + return MBEDTLS_ERR_SSL_UNKNOWN_IDENTITY; } *p += n; - return( 0 ); + return 0; } #endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_parse_client_key_exchange( mbedtls_ssl_context *ssl ) +static int ssl_parse_client_key_exchange(mbedtls_ssl_context *ssl) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; const mbedtls_ssl_ciphersuite_t *ciphersuite_info; @@ -4153,334 +3990,285 @@ static int ssl_parse_client_key_exchange( mbedtls_ssl_context *ssl ) ciphersuite_info = ssl->handshake->ciphersuite_info; - MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse client key exchange" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("=> parse client key exchange")); #if defined(MBEDTLS_SSL_ASYNC_PRIVATE) && \ - ( defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) ) - if( ( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK || - ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA ) && - ( ssl->handshake->async_in_progress != 0 ) ) - { + (defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) || \ + defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED)) + if ((ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK || + ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA) && + (ssl->handshake->async_in_progress != 0)) { /* We've already read a record and there is an asynchronous * operation in progress to decrypt it. So skip reading the * record. */ - MBEDTLS_SSL_DEBUG_MSG( 3, ( "will resume decryption of previously-read record" ) ); - } - else + MBEDTLS_SSL_DEBUG_MSG(3, ("will resume decryption of previously-read record")); + } else #endif - if( ( ret = mbedtls_ssl_read_record( ssl, 1 ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_read_record", ret ); - return( ret ); + if ((ret = mbedtls_ssl_read_record(ssl, 1)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_read_record", ret); + return ret; } - p = ssl->in_msg + mbedtls_ssl_hs_hdr_len( ssl ); + p = ssl->in_msg + mbedtls_ssl_hs_hdr_len(ssl); end = ssl->in_msg + ssl->in_hslen; - if( ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client key exchange message" ) ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE ); + if (ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad client key exchange message")); + return MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE; } - if( ssl->in_msg[0] != MBEDTLS_SSL_HS_CLIENT_KEY_EXCHANGE ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client key exchange message" ) ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE ); + if (ssl->in_msg[0] != MBEDTLS_SSL_HS_CLIENT_KEY_EXCHANGE) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad client key exchange message")); + return MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE; } #if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) - if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_RSA ) - { - if( ( ret = ssl_parse_client_dh_public( ssl, &p, end ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, ( "ssl_parse_client_dh_public" ), ret ); - return( ret ); + if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_RSA) { + if ((ret = ssl_parse_client_dh_public(ssl, &p, end)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, ("ssl_parse_client_dh_public"), ret); + return ret; } - if( p != end ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client key exchange" ) ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE ); + if (p != end) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad client key exchange")); + return MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE; } - if( ( ret = mbedtls_dhm_calc_secret( &ssl->handshake->dhm_ctx, - ssl->handshake->premaster, - MBEDTLS_PREMASTER_SIZE, - &ssl->handshake->pmslen, - ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_dhm_calc_secret", ret ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_CS ); + if ((ret = mbedtls_dhm_calc_secret(&ssl->handshake->dhm_ctx, + ssl->handshake->premaster, + MBEDTLS_PREMASTER_SIZE, + &ssl->handshake->pmslen, + ssl->conf->f_rng, ssl->conf->p_rng)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_dhm_calc_secret", ret); + return MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_CS; } - MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: K ", &ssl->handshake->dhm_ctx.K ); - } - else + MBEDTLS_SSL_DEBUG_MPI(3, "DHM: K ", &ssl->handshake->dhm_ctx.K); + } else #endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED */ #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) - if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_RSA || + if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_RSA || ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA || ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDH_RSA || - ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA ) - { - if( ( ret = mbedtls_ecdh_read_public( &ssl->handshake->ecdh_ctx, - p, end - p) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecdh_read_public", ret ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_RP ); + ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA) { + if ((ret = mbedtls_ecdh_read_public(&ssl->handshake->ecdh_ctx, + p, end - p)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ecdh_read_public", ret); + return MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_RP; } - MBEDTLS_SSL_DEBUG_ECDH( 3, &ssl->handshake->ecdh_ctx, - MBEDTLS_DEBUG_ECDH_QP ); + MBEDTLS_SSL_DEBUG_ECDH(3, &ssl->handshake->ecdh_ctx, + MBEDTLS_DEBUG_ECDH_QP); - if( ( ret = mbedtls_ecdh_calc_secret( &ssl->handshake->ecdh_ctx, - &ssl->handshake->pmslen, - ssl->handshake->premaster, - MBEDTLS_MPI_MAX_SIZE, - ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecdh_calc_secret", ret ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_CS ); + if ((ret = mbedtls_ecdh_calc_secret(&ssl->handshake->ecdh_ctx, + &ssl->handshake->pmslen, + ssl->handshake->premaster, + MBEDTLS_MPI_MAX_SIZE, + ssl->conf->f_rng, ssl->conf->p_rng)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ecdh_calc_secret", ret); + return MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_CS; } - MBEDTLS_SSL_DEBUG_ECDH( 3, &ssl->handshake->ecdh_ctx, - MBEDTLS_DEBUG_ECDH_Z ); - } - else + MBEDTLS_SSL_DEBUG_ECDH(3, &ssl->handshake->ecdh_ctx, + MBEDTLS_DEBUG_ECDH_Z); + } else #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED || MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED || MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED || MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */ #if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) - if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK ) - { - if( ( ret = ssl_parse_client_psk_identity( ssl, &p, end ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, ( "ssl_parse_client_psk_identity" ), ret ); - return( ret ); + if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK) { + if ((ret = ssl_parse_client_psk_identity(ssl, &p, end)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, ("ssl_parse_client_psk_identity"), ret); + return ret; } - if( p != end ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client key exchange" ) ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE ); + if (p != end) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad client key exchange")); + return MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE; } #if defined(MBEDTLS_USE_PSA_CRYPTO) /* For opaque PSKs, we perform the PSK-to-MS derivation automatically * and skip the intermediate PMS. */ - if( ssl_use_opaque_psk( ssl ) == 1 ) - MBEDTLS_SSL_DEBUG_MSG( 1, ( "skip PMS generation for opaque PSK" ) ); - else + if (ssl_use_opaque_psk(ssl) == 1) { + MBEDTLS_SSL_DEBUG_MSG(1, ("skip PMS generation for opaque PSK")); + } else #endif /* MBEDTLS_USE_PSA_CRYPTO */ - if( ( ret = mbedtls_ssl_psk_derive_premaster( ssl, - ciphersuite_info->key_exchange ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_psk_derive_premaster", ret ); - return( ret ); + if ((ret = mbedtls_ssl_psk_derive_premaster(ssl, + ciphersuite_info->key_exchange)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_psk_derive_premaster", ret); + return ret; } - } - else + } else #endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */ #if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) - if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK ) - { + if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK) { #if defined(MBEDTLS_SSL_ASYNC_PRIVATE) - if ( ssl->handshake->async_in_progress != 0 ) - { + if (ssl->handshake->async_in_progress != 0) { /* There is an asynchronous operation in progress to * decrypt the encrypted premaster secret, so skip * directly to resuming this operation. */ - MBEDTLS_SSL_DEBUG_MSG( 3, ( "PSK identity already parsed" ) ); + MBEDTLS_SSL_DEBUG_MSG(3, ("PSK identity already parsed")); /* Update p to skip the PSK identity. ssl_parse_encrypted_pms * won't actually use it, but maintain p anyway for robustness. */ p += ssl->conf->psk_identity_len + 2; - } - else + } else #endif /* MBEDTLS_SSL_ASYNC_PRIVATE */ - if( ( ret = ssl_parse_client_psk_identity( ssl, &p, end ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, ( "ssl_parse_client_psk_identity" ), ret ); - return( ret ); + if ((ret = ssl_parse_client_psk_identity(ssl, &p, end)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, ("ssl_parse_client_psk_identity"), ret); + return ret; } #if defined(MBEDTLS_USE_PSA_CRYPTO) /* Opaque PSKs are currently only supported for PSK-only. */ - if( ssl_use_opaque_psk( ssl ) == 1 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "opaque PSK not supported with RSA-PSK" ) ); - return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE ); + if (ssl_use_opaque_psk(ssl) == 1) { + MBEDTLS_SSL_DEBUG_MSG(1, ("opaque PSK not supported with RSA-PSK")); + return MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; } #endif - if( ( ret = ssl_parse_encrypted_pms( ssl, p, end, 2 ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, ( "ssl_parse_encrypted_pms" ), ret ); - return( ret ); + if ((ret = ssl_parse_encrypted_pms(ssl, p, end, 2)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, ("ssl_parse_encrypted_pms"), ret); + return ret; } - if( ( ret = mbedtls_ssl_psk_derive_premaster( ssl, - ciphersuite_info->key_exchange ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_psk_derive_premaster", ret ); - return( ret ); + if ((ret = mbedtls_ssl_psk_derive_premaster(ssl, + ciphersuite_info->key_exchange)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_psk_derive_premaster", ret); + return ret; } - } - else + } else #endif /* MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */ #if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) - if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK ) - { - if( ( ret = ssl_parse_client_psk_identity( ssl, &p, end ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, ( "ssl_parse_client_psk_identity" ), ret ); - return( ret ); + if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK) { + if ((ret = ssl_parse_client_psk_identity(ssl, &p, end)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, ("ssl_parse_client_psk_identity"), ret); + return ret; } - if( ( ret = ssl_parse_client_dh_public( ssl, &p, end ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, ( "ssl_parse_client_dh_public" ), ret ); - return( ret ); + if ((ret = ssl_parse_client_dh_public(ssl, &p, end)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, ("ssl_parse_client_dh_public"), ret); + return ret; } #if defined(MBEDTLS_USE_PSA_CRYPTO) /* Opaque PSKs are currently only supported for PSK-only. */ - if( ssl_use_opaque_psk( ssl ) == 1 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "opaque PSK not supported with DHE-PSK" ) ); - return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE ); + if (ssl_use_opaque_psk(ssl) == 1) { + MBEDTLS_SSL_DEBUG_MSG(1, ("opaque PSK not supported with DHE-PSK")); + return MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; } #endif - if( p != end ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client key exchange" ) ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE ); + if (p != end) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad client key exchange")); + return MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE; } - if( ( ret = mbedtls_ssl_psk_derive_premaster( ssl, - ciphersuite_info->key_exchange ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_psk_derive_premaster", ret ); - return( ret ); + if ((ret = mbedtls_ssl_psk_derive_premaster(ssl, + ciphersuite_info->key_exchange)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_psk_derive_premaster", ret); + return ret; } - } - else + } else #endif /* MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */ #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) - if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK ) - { - if( ( ret = ssl_parse_client_psk_identity( ssl, &p, end ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, ( "ssl_parse_client_psk_identity" ), ret ); - return( ret ); + if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK) { + if ((ret = ssl_parse_client_psk_identity(ssl, &p, end)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, ("ssl_parse_client_psk_identity"), ret); + return ret; } - if( ( ret = mbedtls_ecdh_read_public( &ssl->handshake->ecdh_ctx, - p, end - p ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecdh_read_public", ret ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_RP ); + if ((ret = mbedtls_ecdh_read_public(&ssl->handshake->ecdh_ctx, + p, end - p)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ecdh_read_public", ret); + return MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_RP; } #if defined(MBEDTLS_USE_PSA_CRYPTO) /* Opaque PSKs are currently only supported for PSK-only. */ - if( ssl_use_opaque_psk( ssl ) == 1 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "opaque PSK not supported with ECDHE-PSK" ) ); - return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE ); + if (ssl_use_opaque_psk(ssl) == 1) { + MBEDTLS_SSL_DEBUG_MSG(1, ("opaque PSK not supported with ECDHE-PSK")); + return MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; } #endif - MBEDTLS_SSL_DEBUG_ECDH( 3, &ssl->handshake->ecdh_ctx, - MBEDTLS_DEBUG_ECDH_QP ); + MBEDTLS_SSL_DEBUG_ECDH(3, &ssl->handshake->ecdh_ctx, + MBEDTLS_DEBUG_ECDH_QP); - if( ( ret = mbedtls_ssl_psk_derive_premaster( ssl, - ciphersuite_info->key_exchange ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_psk_derive_premaster", ret ); - return( ret ); + if ((ret = mbedtls_ssl_psk_derive_premaster(ssl, + ciphersuite_info->key_exchange)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_psk_derive_premaster", ret); + return ret; } - } - else + } else #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */ #if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) - if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA ) - { - if( ( ret = ssl_parse_encrypted_pms( ssl, p, end, 0 ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, ( "ssl_parse_parse_encrypted_pms_secret" ), ret ); - return( ret ); + if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA) { + if ((ret = ssl_parse_encrypted_pms(ssl, p, end, 0)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, ("ssl_parse_parse_encrypted_pms_secret"), ret); + return ret; } - } - else + } else #endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */ #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) - if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE ) - { - ret = mbedtls_ecjpake_read_round_two( &ssl->handshake->ecjpake_ctx, - p, end - p ); - if( ret != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecjpake_read_round_two", ret ); - return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); + if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE) { + ret = mbedtls_ecjpake_read_round_two(&ssl->handshake->ecjpake_ctx, + p, end - p); + if (ret != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ecjpake_read_round_two", ret); + return MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE; } - ret = mbedtls_ecjpake_derive_secret( &ssl->handshake->ecjpake_ctx, - ssl->handshake->premaster, 32, &ssl->handshake->pmslen, - ssl->conf->f_rng, ssl->conf->p_rng ); - if( ret != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecjpake_derive_secret", ret ); - return( ret ); + ret = mbedtls_ecjpake_derive_secret(&ssl->handshake->ecjpake_ctx, + ssl->handshake->premaster, 32, &ssl->handshake->pmslen, + ssl->conf->f_rng, ssl->conf->p_rng); + if (ret != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ecjpake_derive_secret", ret); + return ret; } - } - else + } else #endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); + return MBEDTLS_ERR_SSL_INTERNAL_ERROR; } - if( ( ret = mbedtls_ssl_derive_keys( ssl ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_derive_keys", ret ); - return( ret ); + if ((ret = mbedtls_ssl_derive_keys(ssl)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_derive_keys", ret); + return ret; } ssl->state++; - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse client key exchange" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("<= parse client key exchange")); - return( 0 ); + return 0; } #if !defined(MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED) MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl ) +static int ssl_parse_certificate_verify(mbedtls_ssl_context *ssl) { const mbedtls_ssl_ciphersuite_t *ciphersuite_info = ssl->handshake->ciphersuite_info; - MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse certificate verify" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("=> parse certificate verify")); - if( !mbedtls_ssl_ciphersuite_cert_req_allowed( ciphersuite_info ) ) - { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip parse certificate verify" ) ); + if (!mbedtls_ssl_ciphersuite_cert_req_allowed(ciphersuite_info)) { + MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip parse certificate verify")); ssl->state++; - return( 0 ); + return 0; } - MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); + return MBEDTLS_ERR_SSL_INTERNAL_ERROR; } #else /* !MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED */ MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl ) +static int ssl_parse_certificate_verify(mbedtls_ssl_context *ssl) { int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; size_t i, sig_len; @@ -4493,60 +4281,54 @@ static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl ) mbedtls_md_type_t md_alg; const mbedtls_ssl_ciphersuite_t *ciphersuite_info = ssl->handshake->ciphersuite_info; - mbedtls_pk_context * peer_pk; + mbedtls_pk_context *peer_pk; - MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse certificate verify" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("=> parse certificate verify")); - if( !mbedtls_ssl_ciphersuite_cert_req_allowed( ciphersuite_info ) ) - { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip parse certificate verify" ) ); + if (!mbedtls_ssl_ciphersuite_cert_req_allowed(ciphersuite_info)) { + MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip parse certificate verify")); ssl->state++; - return( 0 ); + return 0; } #if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) - if( ssl->session_negotiate->peer_cert == NULL ) - { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip parse certificate verify" ) ); + if (ssl->session_negotiate->peer_cert == NULL) { + MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip parse certificate verify")); ssl->state++; - return( 0 ); + return 0; } #else /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ - if( ssl->session_negotiate->peer_cert_digest == NULL ) - { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip parse certificate verify" ) ); + if (ssl->session_negotiate->peer_cert_digest == NULL) { + MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip parse certificate verify")); ssl->state++; - return( 0 ); + return 0; } #endif /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ /* Read the message without adding it to the checksum */ - ret = mbedtls_ssl_read_record( ssl, 0 /* no checksum update */ ); - if( 0 != ret ) - { - MBEDTLS_SSL_DEBUG_RET( 1, ( "mbedtls_ssl_read_record" ), ret ); - return( ret ); + ret = mbedtls_ssl_read_record(ssl, 0 /* no checksum update */); + if (0 != ret) { + MBEDTLS_SSL_DEBUG_RET(1, ("mbedtls_ssl_read_record"), ret); + return ret; } ssl->state++; /* Process the message contents */ - if( ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE || - ssl->in_msg[0] != MBEDTLS_SSL_HS_CERTIFICATE_VERIFY ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate verify message" ) ); - return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY ); + if (ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE || + ssl->in_msg[0] != MBEDTLS_SSL_HS_CERTIFICATE_VERIFY) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad certificate verify message")); + return MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY; } - i = mbedtls_ssl_hs_hdr_len( ssl ); + i = mbedtls_ssl_hs_hdr_len(ssl); #if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) peer_pk = &ssl->handshake->peer_pubkey; #else /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ - if( ssl->session_negotiate->peer_cert == NULL ) - { + if (ssl->session_negotiate->peer_cert == NULL) { /* Should never happen */ - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + return MBEDTLS_ERR_SSL_INTERNAL_ERROR; } peer_pk = &ssl->session_negotiate->peer_cert->pk; #endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ @@ -4559,46 +4341,41 @@ static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl ) */ #if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \ defined(MBEDTLS_SSL_PROTO_TLS1_1) - if( ssl->minor_ver != MBEDTLS_SSL_MINOR_VERSION_3 ) - { + if (ssl->minor_ver != MBEDTLS_SSL_MINOR_VERSION_3) { md_alg = MBEDTLS_MD_NONE; hashlen = 36; /* For ECDSA, use SHA-1, not MD-5 + SHA-1 */ - if( mbedtls_pk_can_do( peer_pk, MBEDTLS_PK_ECDSA ) ) - { + if (mbedtls_pk_can_do(peer_pk, MBEDTLS_PK_ECDSA)) { hash_start += 16; hashlen -= 16; md_alg = MBEDTLS_MD_SHA1; } - } - else + } else #endif /* MBEDTLS_SSL_PROTO_SSL3 || MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 */ #if defined(MBEDTLS_SSL_PROTO_TLS1_2) - if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 ) - { - if( i + 2 > ssl->in_hslen ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate verify message" ) ); - return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY ); + if (ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3) { + if (i + 2 > ssl->in_hslen) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad certificate verify message")); + return MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY; } /* * Hash */ - md_alg = mbedtls_ssl_md_alg_from_hash( ssl->in_msg[i] ); + md_alg = mbedtls_ssl_md_alg_from_hash(ssl->in_msg[i]); - if( md_alg == MBEDTLS_MD_NONE || mbedtls_ssl_set_calc_verify_md( ssl, ssl->in_msg[i] ) ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "peer not adhering to requested sig_alg" - " for verify message" ) ); - return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY ); + if (md_alg == MBEDTLS_MD_NONE || mbedtls_ssl_set_calc_verify_md(ssl, ssl->in_msg[i])) { + MBEDTLS_SSL_DEBUG_MSG(1, ("peer not adhering to requested sig_alg" + " for verify message")); + return MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY; } #if !defined(MBEDTLS_MD_SHA1) - if( MBEDTLS_MD_SHA1 == md_alg ) + if (MBEDTLS_MD_SHA1 == md_alg) { hash_start += 16; + } #endif /* Info from md_alg will be used instead */ @@ -4609,78 +4386,72 @@ static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl ) /* * Signature */ - if( ( pk_alg = mbedtls_ssl_pk_alg_from_sig( ssl->in_msg[i] ) ) - == MBEDTLS_PK_NONE ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "peer not adhering to requested sig_alg" - " for verify message" ) ); - return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY ); + if ((pk_alg = mbedtls_ssl_pk_alg_from_sig(ssl->in_msg[i])) + == MBEDTLS_PK_NONE) { + MBEDTLS_SSL_DEBUG_MSG(1, ("peer not adhering to requested sig_alg" + " for verify message")); + return MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY; } /* * Check the certificate's key type matches the signature alg */ - if( !mbedtls_pk_can_do( peer_pk, pk_alg ) ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "sig_alg doesn't match cert key" ) ); - return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY ); + if (!mbedtls_pk_can_do(peer_pk, pk_alg)) { + MBEDTLS_SSL_DEBUG_MSG(1, ("sig_alg doesn't match cert key")); + return MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY; } i++; - } - else + } else #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); + return MBEDTLS_ERR_SSL_INTERNAL_ERROR; } - if( i + 2 > ssl->in_hslen ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate verify message" ) ); - return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY ); + if (i + 2 > ssl->in_hslen) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad certificate verify message")); + return MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY; } - sig_len = ( ssl->in_msg[i] << 8 ) | ssl->in_msg[i+1]; + sig_len = (ssl->in_msg[i] << 8) | ssl->in_msg[i+1]; i += 2; - if( i + sig_len != ssl->in_hslen ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate verify message" ) ); - return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY ); + if (i + sig_len != ssl->in_hslen) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad certificate verify message")); + return MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY; } /* Calculate hash and verify signature */ { size_t dummy_hlen; - ssl->handshake->calc_verify( ssl, hash, &dummy_hlen ); + ssl->handshake->calc_verify(ssl, hash, &dummy_hlen); } - if( ( ret = mbedtls_pk_verify( peer_pk, - md_alg, hash_start, hashlen, - ssl->in_msg + i, sig_len ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_pk_verify", ret ); - return( ret ); + if ((ret = mbedtls_pk_verify(peer_pk, + md_alg, hash_start, hashlen, + ssl->in_msg + i, sig_len)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_pk_verify", ret); + return ret; } - mbedtls_ssl_update_handshake_status( ssl ); + mbedtls_ssl_update_handshake_status(ssl); - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse certificate verify" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("<= parse certificate verify")); - return( ret ); + return ret; } #endif /* MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED */ #if defined(MBEDTLS_SSL_SESSION_TICKETS) MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_write_new_session_ticket( mbedtls_ssl_context *ssl ) +static int ssl_write_new_session_ticket(mbedtls_ssl_context *ssl) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t tlen; uint32_t lifetime; - MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write new session ticket" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("=> write new session ticket")); ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE; ssl->out_msg[0] = MBEDTLS_SSL_HS_NEW_SESSION_TICKET; @@ -4696,18 +4467,17 @@ static int ssl_write_new_session_ticket( mbedtls_ssl_context *ssl ) * 10 . 9+n ticket content */ - if( ( ret = ssl->conf->f_ticket_write( ssl->conf->p_ticket, - ssl->session_negotiate, - ssl->out_msg + 10, - ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN, - &tlen, &lifetime ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_ticket_write", ret ); + if ((ret = ssl->conf->f_ticket_write(ssl->conf->p_ticket, + ssl->session_negotiate, + ssl->out_msg + 10, + ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN, + &tlen, &lifetime)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_ticket_write", ret); tlen = 0; } - MBEDTLS_PUT_UINT32_BE( lifetime, ssl->out_msg, 4 ); - MBEDTLS_PUT_UINT16_BE( tlen, ssl->out_msg, 8 ); + MBEDTLS_PUT_UINT32_BE(lifetime, ssl->out_msg, 4); + MBEDTLS_PUT_UINT16_BE(tlen, ssl->out_msg, 8); ssl->out_msglen = 10 + tlen; /* @@ -4716,44 +4486,44 @@ static int ssl_write_new_session_ticket( mbedtls_ssl_context *ssl ) */ ssl->handshake->new_session_ticket = 0; - if( ( ret = mbedtls_ssl_write_handshake_msg( ssl ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_handshake_msg", ret ); - return( ret ); + if ((ret = mbedtls_ssl_write_handshake_msg(ssl)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg", ret); + return ret; } - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write new session ticket" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("<= write new session ticket")); - return( 0 ); + return 0; } #endif /* MBEDTLS_SSL_SESSION_TICKETS */ /* * SSL handshake -- server side -- single step */ -int mbedtls_ssl_handshake_server_step( mbedtls_ssl_context *ssl ) +int mbedtls_ssl_handshake_server_step(mbedtls_ssl_context *ssl) { int ret = 0; - if( ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER || ssl->handshake == NULL ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + if (ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER || ssl->handshake == NULL) { + return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; + } - MBEDTLS_SSL_DEBUG_MSG( 2, ( "server state: %d", ssl->state ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("server state: %d", ssl->state)); - if( ( ret = mbedtls_ssl_flush_output( ssl ) ) != 0 ) - return( ret ); + if ((ret = mbedtls_ssl_flush_output(ssl)) != 0) { + return ret; + } #if defined(MBEDTLS_SSL_PROTO_DTLS) - if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && - ssl->handshake->retransmit_state == MBEDTLS_SSL_RETRANS_SENDING ) - { - if( ( ret = mbedtls_ssl_flight_transmit( ssl ) ) != 0 ) - return( ret ); + if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && + ssl->handshake->retransmit_state == MBEDTLS_SSL_RETRANS_SENDING) { + if ((ret = mbedtls_ssl_flight_transmit(ssl)) != 0) { + return ret; + } } #endif /* MBEDTLS_SSL_PROTO_DTLS */ - switch( ssl->state ) - { + switch (ssl->state) { case MBEDTLS_SSL_HELLO_REQUEST: ssl->state = MBEDTLS_SSL_CLIENT_HELLO; break; @@ -4762,12 +4532,12 @@ int mbedtls_ssl_handshake_server_step( mbedtls_ssl_context *ssl ) * <== ClientHello */ case MBEDTLS_SSL_CLIENT_HELLO: - ret = ssl_parse_client_hello( ssl ); + ret = ssl_parse_client_hello(ssl); break; #if defined(MBEDTLS_SSL_PROTO_DTLS) case MBEDTLS_SSL_SERVER_HELLO_VERIFY_REQUEST_SENT: - return( MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED ); + return MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED; #endif /* @@ -4778,23 +4548,23 @@ int mbedtls_ssl_handshake_server_step( mbedtls_ssl_context *ssl ) * ServerHelloDone */ case MBEDTLS_SSL_SERVER_HELLO: - ret = ssl_write_server_hello( ssl ); + ret = ssl_write_server_hello(ssl); break; case MBEDTLS_SSL_SERVER_CERTIFICATE: - ret = mbedtls_ssl_write_certificate( ssl ); + ret = mbedtls_ssl_write_certificate(ssl); break; case MBEDTLS_SSL_SERVER_KEY_EXCHANGE: - ret = ssl_write_server_key_exchange( ssl ); + ret = ssl_write_server_key_exchange(ssl); break; case MBEDTLS_SSL_CERTIFICATE_REQUEST: - ret = ssl_write_certificate_request( ssl ); + ret = ssl_write_certificate_request(ssl); break; case MBEDTLS_SSL_SERVER_HELLO_DONE: - ret = ssl_write_server_hello_done( ssl ); + ret = ssl_write_server_hello_done(ssl); break; /* @@ -4805,23 +4575,23 @@ int mbedtls_ssl_handshake_server_step( mbedtls_ssl_context *ssl ) * Finished */ case MBEDTLS_SSL_CLIENT_CERTIFICATE: - ret = mbedtls_ssl_parse_certificate( ssl ); + ret = mbedtls_ssl_parse_certificate(ssl); break; case MBEDTLS_SSL_CLIENT_KEY_EXCHANGE: - ret = ssl_parse_client_key_exchange( ssl ); + ret = ssl_parse_client_key_exchange(ssl); break; case MBEDTLS_SSL_CERTIFICATE_VERIFY: - ret = ssl_parse_certificate_verify( ssl ); + ret = ssl_parse_certificate_verify(ssl); break; case MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC: - ret = mbedtls_ssl_parse_change_cipher_spec( ssl ); + ret = mbedtls_ssl_parse_change_cipher_spec(ssl); break; case MBEDTLS_SSL_CLIENT_FINISHED: - ret = mbedtls_ssl_parse_finished( ssl ); + ret = mbedtls_ssl_parse_finished(ssl); break; /* @@ -4831,31 +4601,31 @@ int mbedtls_ssl_handshake_server_step( mbedtls_ssl_context *ssl ) */ case MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC: #if defined(MBEDTLS_SSL_SESSION_TICKETS) - if( ssl->handshake->new_session_ticket != 0 ) - ret = ssl_write_new_session_ticket( ssl ); - else + if (ssl->handshake->new_session_ticket != 0) { + ret = ssl_write_new_session_ticket(ssl); + } else #endif - ret = mbedtls_ssl_write_change_cipher_spec( ssl ); + ret = mbedtls_ssl_write_change_cipher_spec(ssl); break; case MBEDTLS_SSL_SERVER_FINISHED: - ret = mbedtls_ssl_write_finished( ssl ); + ret = mbedtls_ssl_write_finished(ssl); break; case MBEDTLS_SSL_FLUSH_BUFFERS: - MBEDTLS_SSL_DEBUG_MSG( 2, ( "handshake: done" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("handshake: done")); ssl->state = MBEDTLS_SSL_HANDSHAKE_WRAPUP; break; case MBEDTLS_SSL_HANDSHAKE_WRAPUP: - mbedtls_ssl_handshake_wrapup( ssl ); + mbedtls_ssl_handshake_wrapup(ssl); break; default: - MBEDTLS_SSL_DEBUG_MSG( 1, ( "invalid state %d", ssl->state ) ); - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + MBEDTLS_SSL_DEBUG_MSG(1, ("invalid state %d", ssl->state)); + return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; } - return( ret ); + return ret; } #endif /* MBEDTLS_SSL_SRV_C */ diff --git a/thirdparty/mbedtls/library/ssl_ticket.c b/thirdparty/mbedtls/library/ssl_ticket.c index 8a57789f10..0789245bac 100644 --- a/thirdparty/mbedtls/library/ssl_ticket.c +++ b/thirdparty/mbedtls/library/ssl_ticket.c @@ -33,12 +33,12 @@ /* * Initialize context */ -void mbedtls_ssl_ticket_init( mbedtls_ssl_ticket_context *ctx ) +void mbedtls_ssl_ticket_init(mbedtls_ssl_ticket_context *ctx) { - memset( ctx, 0, sizeof( mbedtls_ssl_ticket_context ) ); + memset(ctx, 0, sizeof(mbedtls_ssl_ticket_context)); #if defined(MBEDTLS_THREADING_C) - mbedtls_mutex_init( &ctx->mutex ); + mbedtls_mutex_init(&ctx->mutex); #endif } @@ -49,81 +49,80 @@ void mbedtls_ssl_ticket_init( mbedtls_ssl_ticket_context *ctx ) #define TICKET_CRYPT_LEN_BYTES 2 #define TICKET_AUTH_TAG_BYTES 16 -#define TICKET_MIN_LEN ( TICKET_KEY_NAME_BYTES + \ - TICKET_IV_BYTES + \ - TICKET_CRYPT_LEN_BYTES + \ - TICKET_AUTH_TAG_BYTES ) -#define TICKET_ADD_DATA_LEN ( TICKET_KEY_NAME_BYTES + \ - TICKET_IV_BYTES + \ - TICKET_CRYPT_LEN_BYTES ) +#define TICKET_MIN_LEN (TICKET_KEY_NAME_BYTES + \ + TICKET_IV_BYTES + \ + TICKET_CRYPT_LEN_BYTES + \ + TICKET_AUTH_TAG_BYTES) +#define TICKET_ADD_DATA_LEN (TICKET_KEY_NAME_BYTES + \ + TICKET_IV_BYTES + \ + TICKET_CRYPT_LEN_BYTES) /* * Generate/update a key */ MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_ticket_gen_key( mbedtls_ssl_ticket_context *ctx, - unsigned char index ) +static int ssl_ticket_gen_key(mbedtls_ssl_ticket_context *ctx, + unsigned char index) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char buf[MAX_KEY_BYTES]; mbedtls_ssl_ticket_key *key = ctx->keys + index; #if defined(MBEDTLS_HAVE_TIME) - key->generation_time = (uint32_t) mbedtls_time( NULL ); + key->generation_time = (uint32_t) mbedtls_time(NULL); #endif - if( ( ret = ctx->f_rng( ctx->p_rng, key->name, sizeof( key->name ) ) ) != 0 ) - return( ret ); + if ((ret = ctx->f_rng(ctx->p_rng, key->name, sizeof(key->name))) != 0) { + return ret; + } - if( ( ret = ctx->f_rng( ctx->p_rng, buf, sizeof( buf ) ) ) != 0 ) - return( ret ); + if ((ret = ctx->f_rng(ctx->p_rng, buf, sizeof(buf))) != 0) { + return ret; + } /* With GCM and CCM, same context can encrypt & decrypt */ - ret = mbedtls_cipher_setkey( &key->ctx, buf, - mbedtls_cipher_get_key_bitlen( &key->ctx ), - MBEDTLS_ENCRYPT ); + ret = mbedtls_cipher_setkey(&key->ctx, buf, + mbedtls_cipher_get_key_bitlen(&key->ctx), + MBEDTLS_ENCRYPT); - mbedtls_platform_zeroize( buf, sizeof( buf ) ); + mbedtls_platform_zeroize(buf, sizeof(buf)); - return( ret ); + return ret; } /* * Rotate/generate keys if necessary */ MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_ticket_update_keys( mbedtls_ssl_ticket_context *ctx ) +static int ssl_ticket_update_keys(mbedtls_ssl_ticket_context *ctx) { #if !defined(MBEDTLS_HAVE_TIME) ((void) ctx); #else - if( ctx->ticket_lifetime != 0 ) - { - uint32_t current_time = (uint32_t) mbedtls_time( NULL ); + if (ctx->ticket_lifetime != 0) { + uint32_t current_time = (uint32_t) mbedtls_time(NULL); uint32_t key_time = ctx->keys[ctx->active].generation_time; - if( current_time >= key_time && - current_time - key_time < ctx->ticket_lifetime ) - { - return( 0 ); + if (current_time >= key_time && + current_time - key_time < ctx->ticket_lifetime) { + return 0; } ctx->active = 1 - ctx->active; - return( ssl_ticket_gen_key( ctx, ctx->active ) ); - } - else + return ssl_ticket_gen_key(ctx, ctx->active); + } else #endif /* MBEDTLS_HAVE_TIME */ - return( 0 ); + return 0; } /* * Setup context for actual use */ -int mbedtls_ssl_ticket_setup( mbedtls_ssl_ticket_context *ctx, - int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, - mbedtls_cipher_type_t cipher, - uint32_t lifetime ) +int mbedtls_ssl_ticket_setup(mbedtls_ssl_ticket_context *ctx, + int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, + mbedtls_cipher_type_t cipher, + uint32_t lifetime) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; const mbedtls_cipher_info_t *cipher_info; @@ -133,26 +132,26 @@ int mbedtls_ssl_ticket_setup( mbedtls_ssl_ticket_context *ctx, ctx->ticket_lifetime = lifetime; - cipher_info = mbedtls_cipher_info_from_type( cipher); - if( cipher_info == NULL ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + cipher_info = mbedtls_cipher_info_from_type(cipher); + if (cipher_info == NULL) { + return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; + } - if( cipher_info->mode != MBEDTLS_MODE_GCM && - cipher_info->mode != MBEDTLS_MODE_CCM ) - { - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + if (cipher_info->mode != MBEDTLS_MODE_GCM && + cipher_info->mode != MBEDTLS_MODE_CCM) { + return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; } - if( cipher_info->key_bitlen > 8 * MAX_KEY_BYTES ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + if (cipher_info->key_bitlen > 8 * MAX_KEY_BYTES) { + return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; + } int do_mbedtls_cipher_setup = 1; #if defined(MBEDTLS_USE_PSA_CRYPTO) - ret = mbedtls_cipher_setup_psa( &ctx->keys[0].ctx, - cipher_info, TICKET_AUTH_TAG_BYTES ); + ret = mbedtls_cipher_setup_psa(&ctx->keys[0].ctx, + cipher_info, TICKET_AUTH_TAG_BYTES); - switch( ret ) - { + switch (ret) { case 0: do_mbedtls_cipher_setup = 0; break; @@ -162,37 +161,42 @@ int mbedtls_ssl_ticket_setup( mbedtls_ssl_ticket_context *ctx, do_mbedtls_cipher_setup = 1; break; default: - return( ret ); + return ret; } #endif /* MBEDTLS_USE_PSA_CRYPTO */ - if( do_mbedtls_cipher_setup ) - if( ( ret = mbedtls_cipher_setup( &ctx->keys[0].ctx, cipher_info ) ) - != 0 ) - return( ret ); + if (do_mbedtls_cipher_setup) { + if ((ret = mbedtls_cipher_setup(&ctx->keys[0].ctx, cipher_info)) + != 0) { + return ret; + } + } do_mbedtls_cipher_setup = 1; #if defined(MBEDTLS_USE_PSA_CRYPTO) do_mbedtls_cipher_setup = 0; - ret = mbedtls_cipher_setup_psa( &ctx->keys[1].ctx, - cipher_info, TICKET_AUTH_TAG_BYTES ); - if( ret != 0 && ret != MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE ) - return( ret ); - if( ret == MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE ) + ret = mbedtls_cipher_setup_psa(&ctx->keys[1].ctx, + cipher_info, TICKET_AUTH_TAG_BYTES); + if (ret != 0 && ret != MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE) { + return ret; + } + if (ret == MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE) { do_mbedtls_cipher_setup = 1; + } #endif /* MBEDTLS_USE_PSA_CRYPTO */ - if( do_mbedtls_cipher_setup ) - if( ( ret = mbedtls_cipher_setup( &ctx->keys[1].ctx, cipher_info ) ) - != 0 ) - return( ret ); + if (do_mbedtls_cipher_setup) { + if ((ret = mbedtls_cipher_setup(&ctx->keys[1].ctx, cipher_info)) + != 0) { + return ret; + } + } - if( ( ret = ssl_ticket_gen_key( ctx, 0 ) ) != 0 || - ( ret = ssl_ticket_gen_key( ctx, 1 ) ) != 0 ) - { - return( ret ); + if ((ret = ssl_ticket_gen_key(ctx, 0)) != 0 || + (ret = ssl_ticket_gen_key(ctx, 1)) != 0) { + return ret; } - return( 0 ); + return 0; } /* @@ -209,12 +213,12 @@ int mbedtls_ssl_ticket_setup( mbedtls_ssl_ticket_context *ctx, * authenticated data. */ -int mbedtls_ssl_ticket_write( void *p_ticket, - const mbedtls_ssl_session *session, - unsigned char *start, - const unsigned char *end, - size_t *tlen, - uint32_t *ticket_lifetime ) +int mbedtls_ssl_ticket_write(void *p_ticket, + const mbedtls_ssl_session *session, + unsigned char *start, + const unsigned char *end, + size_t *tlen, + uint32_t *ticket_lifetime) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_ssl_ticket_context *ctx = p_ticket; @@ -227,53 +231,54 @@ int mbedtls_ssl_ticket_write( void *p_ticket, *tlen = 0; - if( ctx == NULL || ctx->f_rng == NULL ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + if (ctx == NULL || ctx->f_rng == NULL) { + return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; + } /* We need at least 4 bytes for key_name, 12 for IV, 2 for len 16 for tag, * in addition to session itself, that will be checked when writing it. */ - MBEDTLS_SSL_CHK_BUF_PTR( start, end, TICKET_MIN_LEN ); + MBEDTLS_SSL_CHK_BUF_PTR(start, end, TICKET_MIN_LEN); #if defined(MBEDTLS_THREADING_C) - if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 ) - return( ret ); + if ((ret = mbedtls_mutex_lock(&ctx->mutex)) != 0) { + return ret; + } #endif - if( ( ret = ssl_ticket_update_keys( ctx ) ) != 0 ) + if ((ret = ssl_ticket_update_keys(ctx)) != 0) { goto cleanup; + } key = &ctx->keys[ctx->active]; *ticket_lifetime = ctx->ticket_lifetime; - memcpy( key_name, key->name, TICKET_KEY_NAME_BYTES ); + memcpy(key_name, key->name, TICKET_KEY_NAME_BYTES); - if( ( ret = ctx->f_rng( ctx->p_rng, iv, TICKET_IV_BYTES ) ) != 0 ) + if ((ret = ctx->f_rng(ctx->p_rng, iv, TICKET_IV_BYTES)) != 0) { goto cleanup; + } /* Dump session state */ - if( ( ret = mbedtls_ssl_session_save( session, - state, end - state, - &clear_len ) ) != 0 || - (unsigned long) clear_len > 65535 ) - { - goto cleanup; + if ((ret = mbedtls_ssl_session_save(session, + state, end - state, + &clear_len)) != 0 || + (unsigned long) clear_len > 65535) { + goto cleanup; } - MBEDTLS_PUT_UINT16_BE( clear_len, state_len_bytes, 0 ); + MBEDTLS_PUT_UINT16_BE(clear_len, state_len_bytes, 0); /* Encrypt and authenticate */ - if( ( ret = mbedtls_cipher_auth_encrypt_ext( &key->ctx, - iv, TICKET_IV_BYTES, - /* Additional data: key name, IV and length */ - key_name, TICKET_ADD_DATA_LEN, - state, clear_len, - state, end - state, &ciph_len, - TICKET_AUTH_TAG_BYTES ) ) != 0 ) - { + if ((ret = mbedtls_cipher_auth_encrypt_ext(&key->ctx, + iv, TICKET_IV_BYTES, + /* Additional data: key name, IV and length */ + key_name, TICKET_ADD_DATA_LEN, + state, clear_len, + state, end - state, &ciph_len, + TICKET_AUTH_TAG_BYTES)) != 0) { goto cleanup; } - if( ciph_len != clear_len + TICKET_AUTH_TAG_BYTES ) - { + if (ciph_len != clear_len + TICKET_AUTH_TAG_BYTES) { ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR; goto cleanup; } @@ -282,36 +287,39 @@ int mbedtls_ssl_ticket_write( void *p_ticket, cleanup: #if defined(MBEDTLS_THREADING_C) - if( mbedtls_mutex_unlock( &ctx->mutex ) != 0 ) - return( MBEDTLS_ERR_THREADING_MUTEX_ERROR ); + if (mbedtls_mutex_unlock(&ctx->mutex) != 0) { + return MBEDTLS_ERR_THREADING_MUTEX_ERROR; + } #endif - return( ret ); + return ret; } /* * Select key based on name */ static mbedtls_ssl_ticket_key *ssl_ticket_select_key( - mbedtls_ssl_ticket_context *ctx, - const unsigned char name[4] ) + mbedtls_ssl_ticket_context *ctx, + const unsigned char name[4]) { unsigned char i; - for( i = 0; i < sizeof( ctx->keys ) / sizeof( *ctx->keys ); i++ ) - if( memcmp( name, ctx->keys[i].name, 4 ) == 0 ) - return( &ctx->keys[i] ); + for (i = 0; i < sizeof(ctx->keys) / sizeof(*ctx->keys); i++) { + if (memcmp(name, ctx->keys[i].name, 4) == 0) { + return &ctx->keys[i]; + } + } - return( NULL ); + return NULL; } /* * Load session ticket (see mbedtls_ssl_ticket_write for structure) */ -int mbedtls_ssl_ticket_parse( void *p_ticket, - mbedtls_ssl_session *session, - unsigned char *buf, - size_t len ) +int mbedtls_ssl_ticket_parse(void *p_ticket, + mbedtls_ssl_session *session, + unsigned char *buf, + size_t len) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_ssl_ticket_context *ctx = p_ticket; @@ -322,31 +330,33 @@ int mbedtls_ssl_ticket_parse( void *p_ticket, unsigned char *ticket = enc_len_p + TICKET_CRYPT_LEN_BYTES; size_t enc_len, clear_len; - if( ctx == NULL || ctx->f_rng == NULL ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + if (ctx == NULL || ctx->f_rng == NULL) { + return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; + } - if( len < TICKET_MIN_LEN ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + if (len < TICKET_MIN_LEN) { + return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; + } #if defined(MBEDTLS_THREADING_C) - if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 ) - return( ret ); + if ((ret = mbedtls_mutex_lock(&ctx->mutex)) != 0) { + return ret; + } #endif - if( ( ret = ssl_ticket_update_keys( ctx ) ) != 0 ) + if ((ret = ssl_ticket_update_keys(ctx)) != 0) { goto cleanup; + } - enc_len = ( enc_len_p[0] << 8 ) | enc_len_p[1]; + enc_len = (enc_len_p[0] << 8) | enc_len_p[1]; - if( len != TICKET_MIN_LEN + enc_len ) - { + if (len != TICKET_MIN_LEN + enc_len) { ret = MBEDTLS_ERR_SSL_BAD_INPUT_DATA; goto cleanup; } /* Select key */ - if( ( key = ssl_ticket_select_key( ctx, key_name ) ) == NULL ) - { + if ((key = ssl_ticket_select_key(ctx, key_name)) == NULL) { /* We can't know for sure but this is a likely option unless we're * under attack - this is only informative anyway */ ret = MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED; @@ -354,37 +364,36 @@ int mbedtls_ssl_ticket_parse( void *p_ticket, } /* Decrypt and authenticate */ - if( ( ret = mbedtls_cipher_auth_decrypt_ext( &key->ctx, - iv, TICKET_IV_BYTES, - /* Additional data: key name, IV and length */ - key_name, TICKET_ADD_DATA_LEN, - ticket, enc_len + TICKET_AUTH_TAG_BYTES, - ticket, enc_len, &clear_len, - TICKET_AUTH_TAG_BYTES ) ) != 0 ) - { - if( ret == MBEDTLS_ERR_CIPHER_AUTH_FAILED ) + if ((ret = mbedtls_cipher_auth_decrypt_ext(&key->ctx, + iv, TICKET_IV_BYTES, + /* Additional data: key name, IV and length */ + key_name, TICKET_ADD_DATA_LEN, + ticket, enc_len + TICKET_AUTH_TAG_BYTES, + ticket, enc_len, &clear_len, + TICKET_AUTH_TAG_BYTES)) != 0) { + if (ret == MBEDTLS_ERR_CIPHER_AUTH_FAILED) { ret = MBEDTLS_ERR_SSL_INVALID_MAC; + } goto cleanup; } - if( clear_len != enc_len ) - { + if (clear_len != enc_len) { ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR; goto cleanup; } /* Actually load session */ - if( ( ret = mbedtls_ssl_session_load( session, ticket, clear_len ) ) != 0 ) + if ((ret = mbedtls_ssl_session_load(session, ticket, clear_len)) != 0) { goto cleanup; + } #if defined(MBEDTLS_HAVE_TIME) { /* Check for expiration */ - mbedtls_time_t current_time = mbedtls_time( NULL ); + mbedtls_time_t current_time = mbedtls_time(NULL); - if( current_time < session->start || - (uint32_t)( current_time - session->start ) > ctx->ticket_lifetime ) - { + if (current_time < session->start || + (uint32_t) (current_time - session->start) > ctx->ticket_lifetime) { ret = MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED; goto cleanup; } @@ -393,26 +402,27 @@ int mbedtls_ssl_ticket_parse( void *p_ticket, cleanup: #if defined(MBEDTLS_THREADING_C) - if( mbedtls_mutex_unlock( &ctx->mutex ) != 0 ) - return( MBEDTLS_ERR_THREADING_MUTEX_ERROR ); + if (mbedtls_mutex_unlock(&ctx->mutex) != 0) { + return MBEDTLS_ERR_THREADING_MUTEX_ERROR; + } #endif - return( ret ); + return ret; } /* * Free context */ -void mbedtls_ssl_ticket_free( mbedtls_ssl_ticket_context *ctx ) +void mbedtls_ssl_ticket_free(mbedtls_ssl_ticket_context *ctx) { - mbedtls_cipher_free( &ctx->keys[0].ctx ); - mbedtls_cipher_free( &ctx->keys[1].ctx ); + mbedtls_cipher_free(&ctx->keys[0].ctx); + mbedtls_cipher_free(&ctx->keys[1].ctx); #if defined(MBEDTLS_THREADING_C) - mbedtls_mutex_free( &ctx->mutex ); + mbedtls_mutex_free(&ctx->mutex); #endif - mbedtls_platform_zeroize( ctx, sizeof( mbedtls_ssl_ticket_context ) ); + mbedtls_platform_zeroize(ctx, sizeof(mbedtls_ssl_ticket_context)); } #endif /* MBEDTLS_SSL_TICKET_C */ diff --git a/thirdparty/mbedtls/library/ssl_tls.c b/thirdparty/mbedtls/library/ssl_tls.c index 70196a4861..494de1b93e 100644 --- a/thirdparty/mbedtls/library/ssl_tls.c +++ b/thirdparty/mbedtls/library/ssl_tls.c @@ -55,93 +55,88 @@ #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) /* Top-level Connection ID API */ -int mbedtls_ssl_conf_cid( mbedtls_ssl_config *conf, - size_t len, - int ignore_other_cid ) +int mbedtls_ssl_conf_cid(mbedtls_ssl_config *conf, + size_t len, + int ignore_other_cid) { - if( len > MBEDTLS_SSL_CID_IN_LEN_MAX ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + if (len > MBEDTLS_SSL_CID_IN_LEN_MAX) { + return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; + } - if( ignore_other_cid != MBEDTLS_SSL_UNEXPECTED_CID_FAIL && - ignore_other_cid != MBEDTLS_SSL_UNEXPECTED_CID_IGNORE ) - { - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + if (ignore_other_cid != MBEDTLS_SSL_UNEXPECTED_CID_FAIL && + ignore_other_cid != MBEDTLS_SSL_UNEXPECTED_CID_IGNORE) { + return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; } conf->ignore_unexpected_cid = ignore_other_cid; conf->cid_len = len; - return( 0 ); + return 0; } -int mbedtls_ssl_set_cid( mbedtls_ssl_context *ssl, - int enable, - unsigned char const *own_cid, - size_t own_cid_len ) +int mbedtls_ssl_set_cid(mbedtls_ssl_context *ssl, + int enable, + unsigned char const *own_cid, + size_t own_cid_len) { - if( ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + if (ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM) { + return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; + } ssl->negotiate_cid = enable; - if( enable == MBEDTLS_SSL_CID_DISABLED ) - { - MBEDTLS_SSL_DEBUG_MSG( 3, ( "Disable use of CID extension." ) ); - return( 0 ); + if (enable == MBEDTLS_SSL_CID_DISABLED) { + MBEDTLS_SSL_DEBUG_MSG(3, ("Disable use of CID extension.")); + return 0; } - MBEDTLS_SSL_DEBUG_MSG( 3, ( "Enable use of CID extension." ) ); - MBEDTLS_SSL_DEBUG_BUF( 3, "Own CID", own_cid, own_cid_len ); + MBEDTLS_SSL_DEBUG_MSG(3, ("Enable use of CID extension.")); + MBEDTLS_SSL_DEBUG_BUF(3, "Own CID", own_cid, own_cid_len); - if( own_cid_len != ssl->conf->cid_len ) - { - MBEDTLS_SSL_DEBUG_MSG( 3, ( "CID length %u does not match CID length %u in config", - (unsigned) own_cid_len, - (unsigned) ssl->conf->cid_len ) ); - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + if (own_cid_len != ssl->conf->cid_len) { + MBEDTLS_SSL_DEBUG_MSG(3, ("CID length %u does not match CID length %u in config", + (unsigned) own_cid_len, + (unsigned) ssl->conf->cid_len)); + return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; } - memcpy( ssl->own_cid, own_cid, own_cid_len ); + memcpy(ssl->own_cid, own_cid, own_cid_len); /* Truncation is not an issue here because * MBEDTLS_SSL_CID_IN_LEN_MAX at most 255. */ ssl->own_cid_len = (uint8_t) own_cid_len; - return( 0 ); + return 0; } -int mbedtls_ssl_get_peer_cid( mbedtls_ssl_context *ssl, - int *enabled, - unsigned char peer_cid[ MBEDTLS_SSL_CID_OUT_LEN_MAX ], - size_t *peer_cid_len ) +int mbedtls_ssl_get_peer_cid(mbedtls_ssl_context *ssl, + int *enabled, + unsigned char peer_cid[MBEDTLS_SSL_CID_OUT_LEN_MAX], + size_t *peer_cid_len) { *enabled = MBEDTLS_SSL_CID_DISABLED; - if( ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM || - ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER ) - { - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + if (ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM || + ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER) { + return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; } /* We report MBEDTLS_SSL_CID_DISABLED in case the CID extensions * were used, but client and server requested the empty CID. * This is indistinguishable from not using the CID extension * in the first place. */ - if( ssl->transform_in->in_cid_len == 0 && - ssl->transform_in->out_cid_len == 0 ) - { - return( 0 ); + if (ssl->transform_in->in_cid_len == 0 && + ssl->transform_in->out_cid_len == 0) { + return 0; } - if( peer_cid_len != NULL ) - { + if (peer_cid_len != NULL) { *peer_cid_len = ssl->transform_in->out_cid_len; - if( peer_cid != NULL ) - { - memcpy( peer_cid, ssl->transform_in->out_cid, - ssl->transform_in->out_cid_len ); + if (peer_cid != NULL) { + memcpy(peer_cid, ssl->transform_in->out_cid, + ssl->transform_in->out_cid_len); } } *enabled = MBEDTLS_SSL_CID_ENABLED; - return( 0 ); + return 0; } #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ @@ -156,31 +151,30 @@ int mbedtls_ssl_get_peer_cid( mbedtls_ssl_context *ssl, * } MaxFragmentLength; * and we add 0 -> extension unused */ -static unsigned int ssl_mfl_code_to_length( int mfl ) -{ - switch( mfl ) - { - case MBEDTLS_SSL_MAX_FRAG_LEN_NONE: - return ( MBEDTLS_TLS_EXT_ADV_CONTENT_LEN ); - case MBEDTLS_SSL_MAX_FRAG_LEN_512: - return 512; - case MBEDTLS_SSL_MAX_FRAG_LEN_1024: - return 1024; - case MBEDTLS_SSL_MAX_FRAG_LEN_2048: - return 2048; - case MBEDTLS_SSL_MAX_FRAG_LEN_4096: - return 4096; - default: - return ( MBEDTLS_TLS_EXT_ADV_CONTENT_LEN ); +static unsigned int ssl_mfl_code_to_length(int mfl) +{ + switch (mfl) { + case MBEDTLS_SSL_MAX_FRAG_LEN_NONE: + return MBEDTLS_TLS_EXT_ADV_CONTENT_LEN; + case MBEDTLS_SSL_MAX_FRAG_LEN_512: + return 512; + case MBEDTLS_SSL_MAX_FRAG_LEN_1024: + return 1024; + case MBEDTLS_SSL_MAX_FRAG_LEN_2048: + return 2048; + case MBEDTLS_SSL_MAX_FRAG_LEN_4096: + return 4096; + default: + return MBEDTLS_TLS_EXT_ADV_CONTENT_LEN; } } #endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */ -int mbedtls_ssl_session_copy( mbedtls_ssl_session *dst, - const mbedtls_ssl_session *src ) +int mbedtls_ssl_session_copy(mbedtls_ssl_session *dst, + const mbedtls_ssl_session *src) { - mbedtls_ssl_session_free( dst ); - memcpy( dst, src, sizeof( mbedtls_ssl_session ) ); + mbedtls_ssl_session_free(dst); + memcpy(dst, src, sizeof(mbedtls_ssl_session)); #if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C) dst->ticket = NULL; @@ -189,34 +183,33 @@ int mbedtls_ssl_session_copy( mbedtls_ssl_session *dst, #if defined(MBEDTLS_X509_CRT_PARSE_C) #if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) - if( src->peer_cert != NULL ) - { + if (src->peer_cert != NULL) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - dst->peer_cert = mbedtls_calloc( 1, sizeof(mbedtls_x509_crt) ); - if( dst->peer_cert == NULL ) - return( MBEDTLS_ERR_SSL_ALLOC_FAILED ); + dst->peer_cert = mbedtls_calloc(1, sizeof(mbedtls_x509_crt)); + if (dst->peer_cert == NULL) { + return MBEDTLS_ERR_SSL_ALLOC_FAILED; + } - mbedtls_x509_crt_init( dst->peer_cert ); + mbedtls_x509_crt_init(dst->peer_cert); - if( ( ret = mbedtls_x509_crt_parse_der( dst->peer_cert, src->peer_cert->raw.p, - src->peer_cert->raw.len ) ) != 0 ) - { - mbedtls_free( dst->peer_cert ); + if ((ret = mbedtls_x509_crt_parse_der(dst->peer_cert, src->peer_cert->raw.p, + src->peer_cert->raw.len)) != 0) { + mbedtls_free(dst->peer_cert); dst->peer_cert = NULL; - return( ret ); + return ret; } } #else /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ - if( src->peer_cert_digest != NULL ) - { + if (src->peer_cert_digest != NULL) { dst->peer_cert_digest = - mbedtls_calloc( 1, src->peer_cert_digest_len ); - if( dst->peer_cert_digest == NULL ) - return( MBEDTLS_ERR_SSL_ALLOC_FAILED ); + mbedtls_calloc(1, src->peer_cert_digest_len); + if (dst->peer_cert_digest == NULL) { + return MBEDTLS_ERR_SSL_ALLOC_FAILED; + } - memcpy( dst->peer_cert_digest, src->peer_cert_digest, - src->peer_cert_digest_len ); + memcpy(dst->peer_cert_digest, src->peer_cert_digest, + src->peer_cert_digest_len); dst->peer_cert_digest_type = src->peer_cert_digest_type; dst->peer_cert_digest_len = src->peer_cert_digest_len; } @@ -225,35 +218,36 @@ int mbedtls_ssl_session_copy( mbedtls_ssl_session *dst, #endif /* MBEDTLS_X509_CRT_PARSE_C */ #if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C) - if( src->ticket != NULL ) - { - dst->ticket = mbedtls_calloc( 1, src->ticket_len ); - if( dst->ticket == NULL ) - return( MBEDTLS_ERR_SSL_ALLOC_FAILED ); + if (src->ticket != NULL) { + dst->ticket = mbedtls_calloc(1, src->ticket_len); + if (dst->ticket == NULL) { + return MBEDTLS_ERR_SSL_ALLOC_FAILED; + } - memcpy( dst->ticket, src->ticket, src->ticket_len ); + memcpy(dst->ticket, src->ticket, src->ticket_len); } #endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_CLI_C */ - return( 0 ); + return 0; } #if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) MBEDTLS_CHECK_RETURN_CRITICAL -static int resize_buffer( unsigned char **buffer, size_t len_new, size_t *len_old ) +static int resize_buffer(unsigned char **buffer, size_t len_new, size_t *len_old) { - unsigned char* resized_buffer = mbedtls_calloc( 1, len_new ); - if( resized_buffer == NULL ) + unsigned char *resized_buffer = mbedtls_calloc(1, len_new); + if (resized_buffer == NULL) { return -1; + } /* We want to copy len_new bytes when downsizing the buffer, and * len_old bytes when upsizing, so we choose the smaller of two sizes, * to fit one buffer into another. Size checks, ensuring that no data is * lost, are done outside of this function. */ - memcpy( resized_buffer, *buffer, - ( len_new < *len_old ) ? len_new : *len_old ); - mbedtls_platform_zeroize( *buffer, *len_old ); - mbedtls_free( *buffer ); + memcpy(resized_buffer, *buffer, + (len_new < *len_old) ? len_new : *len_old); + mbedtls_platform_zeroize(*buffer, *len_old); + mbedtls_free(*buffer); *buffer = resized_buffer; *len_old = len_new; @@ -261,60 +255,49 @@ static int resize_buffer( unsigned char **buffer, size_t len_new, size_t *len_ol return 0; } -static void handle_buffer_resizing( mbedtls_ssl_context *ssl, int downsizing, - size_t in_buf_new_len, - size_t out_buf_new_len ) +static void handle_buffer_resizing(mbedtls_ssl_context *ssl, int downsizing, + size_t in_buf_new_len, + size_t out_buf_new_len) { int modified = 0; size_t written_in = 0, iv_offset_in = 0, len_offset_in = 0; size_t written_out = 0, iv_offset_out = 0, len_offset_out = 0; - if( ssl->in_buf != NULL ) - { + if (ssl->in_buf != NULL) { written_in = ssl->in_msg - ssl->in_buf; iv_offset_in = ssl->in_iv - ssl->in_buf; len_offset_in = ssl->in_len - ssl->in_buf; - if( downsizing ? + if (downsizing ? ssl->in_buf_len > in_buf_new_len && ssl->in_left < in_buf_new_len : - ssl->in_buf_len < in_buf_new_len ) - { - if( resize_buffer( &ssl->in_buf, in_buf_new_len, &ssl->in_buf_len ) != 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "input buffer resizing failed - out of memory" ) ); - } - else - { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "Reallocating in_buf to %" MBEDTLS_PRINTF_SIZET, - in_buf_new_len ) ); + ssl->in_buf_len < in_buf_new_len) { + if (resize_buffer(&ssl->in_buf, in_buf_new_len, &ssl->in_buf_len) != 0) { + MBEDTLS_SSL_DEBUG_MSG(1, ("input buffer resizing failed - out of memory")); + } else { + MBEDTLS_SSL_DEBUG_MSG(2, ("Reallocating in_buf to %" MBEDTLS_PRINTF_SIZET, + in_buf_new_len)); modified = 1; } } } - if( ssl->out_buf != NULL ) - { + if (ssl->out_buf != NULL) { written_out = ssl->out_msg - ssl->out_buf; iv_offset_out = ssl->out_iv - ssl->out_buf; len_offset_out = ssl->out_len - ssl->out_buf; - if( downsizing ? + if (downsizing ? ssl->out_buf_len > out_buf_new_len && ssl->out_left < out_buf_new_len : - ssl->out_buf_len < out_buf_new_len ) - { - if( resize_buffer( &ssl->out_buf, out_buf_new_len, &ssl->out_buf_len ) != 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "output buffer resizing failed - out of memory" ) ); - } - else - { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "Reallocating out_buf to %" MBEDTLS_PRINTF_SIZET, - out_buf_new_len ) ); + ssl->out_buf_len < out_buf_new_len) { + if (resize_buffer(&ssl->out_buf, out_buf_new_len, &ssl->out_buf_len) != 0) { + MBEDTLS_SSL_DEBUG_MSG(1, ("output buffer resizing failed - out of memory")); + } else { + MBEDTLS_SSL_DEBUG_MSG(2, ("Reallocating out_buf to %" MBEDTLS_PRINTF_SIZET, + out_buf_new_len)); modified = 1; } } } - if( modified ) - { + if (modified) { /* Update pointers here to avoid doing it twice. */ - mbedtls_ssl_reset_in_out_pointers( ssl ); + mbedtls_ssl_reset_in_out_pointers(ssl); /* Fields below might not be properly updated with record * splitting or with CID, so they are manually updated here. */ ssl->out_msg = ssl->out_buf + written_out; @@ -333,10 +316,10 @@ static void handle_buffer_resizing( mbedtls_ssl_context *ssl, int downsizing, */ #if defined(MBEDTLS_SSL_PROTO_SSL3) MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl3_prf( const unsigned char *secret, size_t slen, - const char *label, - const unsigned char *random, size_t rlen, - unsigned char *dstbuf, size_t dlen ) +static int ssl3_prf(const unsigned char *secret, size_t slen, + const char *label, + const unsigned char *random, size_t rlen, + unsigned char *dstbuf, size_t dlen) { int ret = 0; size_t i; @@ -344,10 +327,10 @@ static int ssl3_prf( const unsigned char *secret, size_t slen, mbedtls_sha1_context sha1; unsigned char padding[16]; unsigned char sha1sum[20]; - ((void)label); + ((void) label); - mbedtls_md5_init( &md5 ); - mbedtls_sha1_init( &sha1 ); + mbedtls_md5_init(&md5); + mbedtls_sha1_init(&sha1); /* * SSLv3: @@ -357,48 +340,56 @@ static int ssl3_prf( const unsigned char *secret, size_t slen, * MD5( secret + SHA1( 'CCC' + secret + random ) ) + * ... */ - for( i = 0; i < dlen / 16; i++ ) - { - memset( padding, (unsigned char) ('A' + i), 1 + i ); + for (i = 0; i < dlen / 16; i++) { + memset(padding, (unsigned char) ('A' + i), 1 + i); - if( ( ret = mbedtls_sha1_starts_ret( &sha1 ) ) != 0 ) + if ((ret = mbedtls_sha1_starts_ret(&sha1)) != 0) { goto exit; - if( ( ret = mbedtls_sha1_update_ret( &sha1, padding, 1 + i ) ) != 0 ) + } + if ((ret = mbedtls_sha1_update_ret(&sha1, padding, 1 + i)) != 0) { goto exit; - if( ( ret = mbedtls_sha1_update_ret( &sha1, secret, slen ) ) != 0 ) + } + if ((ret = mbedtls_sha1_update_ret(&sha1, secret, slen)) != 0) { goto exit; - if( ( ret = mbedtls_sha1_update_ret( &sha1, random, rlen ) ) != 0 ) + } + if ((ret = mbedtls_sha1_update_ret(&sha1, random, rlen)) != 0) { goto exit; - if( ( ret = mbedtls_sha1_finish_ret( &sha1, sha1sum ) ) != 0 ) + } + if ((ret = mbedtls_sha1_finish_ret(&sha1, sha1sum)) != 0) { goto exit; + } - if( ( ret = mbedtls_md5_starts_ret( &md5 ) ) != 0 ) + if ((ret = mbedtls_md5_starts_ret(&md5)) != 0) { goto exit; - if( ( ret = mbedtls_md5_update_ret( &md5, secret, slen ) ) != 0 ) + } + if ((ret = mbedtls_md5_update_ret(&md5, secret, slen)) != 0) { goto exit; - if( ( ret = mbedtls_md5_update_ret( &md5, sha1sum, 20 ) ) != 0 ) + } + if ((ret = mbedtls_md5_update_ret(&md5, sha1sum, 20)) != 0) { goto exit; - if( ( ret = mbedtls_md5_finish_ret( &md5, dstbuf + i * 16 ) ) != 0 ) + } + if ((ret = mbedtls_md5_finish_ret(&md5, dstbuf + i * 16)) != 0) { goto exit; + } } exit: - mbedtls_md5_free( &md5 ); - mbedtls_sha1_free( &sha1 ); + mbedtls_md5_free(&md5); + mbedtls_sha1_free(&sha1); - mbedtls_platform_zeroize( padding, sizeof( padding ) ); - mbedtls_platform_zeroize( sha1sum, sizeof( sha1sum ) ); + mbedtls_platform_zeroize(padding, sizeof(padding)); + mbedtls_platform_zeroize(sha1sum, sizeof(sha1sum)); - return( ret ); + return ret; } #endif /* MBEDTLS_SSL_PROTO_SSL3 */ #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) MBEDTLS_CHECK_RETURN_CRITICAL -static int tls1_prf( const unsigned char *secret, size_t slen, - const char *label, - const unsigned char *random, size_t rlen, - unsigned char *dstbuf, size_t dlen ) +static int tls1_prf(const unsigned char *secret, size_t slen, + const char *label, + const unsigned char *random, size_t rlen, + unsigned char *dstbuf, size_t dlen) { size_t nb, hs; size_t i, j, k; @@ -410,204 +401,216 @@ static int tls1_prf( const unsigned char *secret, size_t slen, mbedtls_md_context_t md_ctx; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - mbedtls_md_init( &md_ctx ); + mbedtls_md_init(&md_ctx); - tmp_len = 20 + strlen( label ) + rlen; - tmp = mbedtls_calloc( 1, tmp_len ); - if( tmp == NULL ) - { + tmp_len = 20 + strlen(label) + rlen; + tmp = mbedtls_calloc(1, tmp_len); + if (tmp == NULL) { ret = MBEDTLS_ERR_SSL_ALLOC_FAILED; goto exit; } - hs = ( slen + 1 ) / 2; + hs = (slen + 1) / 2; S1 = secret; S2 = secret + slen - hs; - nb = strlen( label ); - memcpy( tmp + 20, label, nb ); - memcpy( tmp + 20 + nb, random, rlen ); + nb = strlen(label); + memcpy(tmp + 20, label, nb); + memcpy(tmp + 20 + nb, random, rlen); nb += rlen; /* * First compute P_md5(secret,label+random)[0..dlen] */ - if( ( md_info = mbedtls_md_info_from_type( MBEDTLS_MD_MD5 ) ) == NULL ) - { + if ((md_info = mbedtls_md_info_from_type(MBEDTLS_MD_MD5)) == NULL) { ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR; goto exit; } - if( ( ret = mbedtls_md_setup( &md_ctx, md_info, 1 ) ) != 0 ) - { + if ((ret = mbedtls_md_setup(&md_ctx, md_info, 1)) != 0) { goto exit; } - ret = mbedtls_md_hmac_starts( &md_ctx, S1, hs ); - if( ret != 0 ) + ret = mbedtls_md_hmac_starts(&md_ctx, S1, hs); + if (ret != 0) { goto exit; - ret = mbedtls_md_hmac_update( &md_ctx, tmp + 20, nb ); - if( ret != 0 ) + } + ret = mbedtls_md_hmac_update(&md_ctx, tmp + 20, nb); + if (ret != 0) { goto exit; - ret = mbedtls_md_hmac_finish( &md_ctx, 4 + tmp ); - if( ret != 0 ) + } + ret = mbedtls_md_hmac_finish(&md_ctx, 4 + tmp); + if (ret != 0) { goto exit; + } - for( i = 0; i < dlen; i += 16 ) - { - ret = mbedtls_md_hmac_reset ( &md_ctx ); - if( ret != 0 ) + for (i = 0; i < dlen; i += 16) { + ret = mbedtls_md_hmac_reset(&md_ctx); + if (ret != 0) { goto exit; - ret = mbedtls_md_hmac_update( &md_ctx, 4 + tmp, 16 + nb ); - if( ret != 0 ) + } + ret = mbedtls_md_hmac_update(&md_ctx, 4 + tmp, 16 + nb); + if (ret != 0) { goto exit; - ret = mbedtls_md_hmac_finish( &md_ctx, h_i ); - if( ret != 0 ) + } + ret = mbedtls_md_hmac_finish(&md_ctx, h_i); + if (ret != 0) { goto exit; + } - ret = mbedtls_md_hmac_reset ( &md_ctx ); - if( ret != 0 ) + ret = mbedtls_md_hmac_reset(&md_ctx); + if (ret != 0) { goto exit; - ret = mbedtls_md_hmac_update( &md_ctx, 4 + tmp, 16 ); - if( ret != 0 ) + } + ret = mbedtls_md_hmac_update(&md_ctx, 4 + tmp, 16); + if (ret != 0) { goto exit; - ret = mbedtls_md_hmac_finish( &md_ctx, 4 + tmp ); - if( ret != 0 ) + } + ret = mbedtls_md_hmac_finish(&md_ctx, 4 + tmp); + if (ret != 0) { goto exit; + } - k = ( i + 16 > dlen ) ? dlen % 16 : 16; + k = (i + 16 > dlen) ? dlen % 16 : 16; - for( j = 0; j < k; j++ ) + for (j = 0; j < k; j++) { dstbuf[i + j] = h_i[j]; + } } - mbedtls_md_free( &md_ctx ); + mbedtls_md_free(&md_ctx); /* * XOR out with P_sha1(secret,label+random)[0..dlen] */ - if( ( md_info = mbedtls_md_info_from_type( MBEDTLS_MD_SHA1 ) ) == NULL ) - { + if ((md_info = mbedtls_md_info_from_type(MBEDTLS_MD_SHA1)) == NULL) { ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR; goto exit; } - if( ( ret = mbedtls_md_setup( &md_ctx, md_info, 1 ) ) != 0 ) - { + if ((ret = mbedtls_md_setup(&md_ctx, md_info, 1)) != 0) { goto exit; } - ret = mbedtls_md_hmac_starts( &md_ctx, S2, hs ); - if( ret != 0 ) + ret = mbedtls_md_hmac_starts(&md_ctx, S2, hs); + if (ret != 0) { goto exit; - ret = mbedtls_md_hmac_update( &md_ctx, tmp + 20, nb ); - if( ret != 0 ) + } + ret = mbedtls_md_hmac_update(&md_ctx, tmp + 20, nb); + if (ret != 0) { goto exit; - ret = mbedtls_md_hmac_finish( &md_ctx, tmp ); - if( ret != 0 ) + } + ret = mbedtls_md_hmac_finish(&md_ctx, tmp); + if (ret != 0) { goto exit; + } - for( i = 0; i < dlen; i += 20 ) - { - ret = mbedtls_md_hmac_reset ( &md_ctx ); - if( ret != 0 ) + for (i = 0; i < dlen; i += 20) { + ret = mbedtls_md_hmac_reset(&md_ctx); + if (ret != 0) { goto exit; - ret = mbedtls_md_hmac_update( &md_ctx, tmp, 20 + nb ); - if( ret != 0 ) + } + ret = mbedtls_md_hmac_update(&md_ctx, tmp, 20 + nb); + if (ret != 0) { goto exit; - ret = mbedtls_md_hmac_finish( &md_ctx, h_i ); - if( ret != 0 ) + } + ret = mbedtls_md_hmac_finish(&md_ctx, h_i); + if (ret != 0) { goto exit; + } - ret = mbedtls_md_hmac_reset ( &md_ctx ); - if( ret != 0 ) + ret = mbedtls_md_hmac_reset(&md_ctx); + if (ret != 0) { goto exit; - ret = mbedtls_md_hmac_update( &md_ctx, tmp, 20 ); - if( ret != 0 ) + } + ret = mbedtls_md_hmac_update(&md_ctx, tmp, 20); + if (ret != 0) { goto exit; - ret = mbedtls_md_hmac_finish( &md_ctx, tmp ); - if( ret != 0 ) + } + ret = mbedtls_md_hmac_finish(&md_ctx, tmp); + if (ret != 0) { goto exit; + } - k = ( i + 20 > dlen ) ? dlen % 20 : 20; + k = (i + 20 > dlen) ? dlen % 20 : 20; - for( j = 0; j < k; j++ ) - dstbuf[i + j] = (unsigned char)( dstbuf[i + j] ^ h_i[j] ); + for (j = 0; j < k; j++) { + dstbuf[i + j] = (unsigned char) (dstbuf[i + j] ^ h_i[j]); + } } exit: - mbedtls_md_free( &md_ctx ); + mbedtls_md_free(&md_ctx); - mbedtls_platform_zeroize( tmp, tmp_len ); - mbedtls_platform_zeroize( h_i, sizeof( h_i ) ); + mbedtls_platform_zeroize(tmp, tmp_len); + mbedtls_platform_zeroize(h_i, sizeof(h_i)); - mbedtls_free( tmp ); - return( ret ); + mbedtls_free(tmp); + return ret; } #endif /* MBEDTLS_SSL_PROTO_TLS1) || MBEDTLS_SSL_PROTO_TLS1_1 */ #if defined(MBEDTLS_SSL_PROTO_TLS1_2) #if defined(MBEDTLS_USE_PSA_CRYPTO) -static psa_status_t setup_psa_key_derivation( psa_key_derivation_operation_t* derivation, - psa_key_id_t key, - psa_algorithm_t alg, - const unsigned char* seed, size_t seed_length, - const unsigned char* label, size_t label_length, - size_t capacity ) +static psa_status_t setup_psa_key_derivation(psa_key_derivation_operation_t *derivation, + psa_key_id_t key, + psa_algorithm_t alg, + const unsigned char *seed, size_t seed_length, + const unsigned char *label, size_t label_length, + size_t capacity) { psa_status_t status; - status = psa_key_derivation_setup( derivation, alg ); - if( status != PSA_SUCCESS ) - return( status ); + status = psa_key_derivation_setup(derivation, alg); + if (status != PSA_SUCCESS) { + return status; + } - if( PSA_ALG_IS_TLS12_PRF( alg ) || PSA_ALG_IS_TLS12_PSK_TO_MS( alg ) ) - { - status = psa_key_derivation_input_bytes( derivation, - PSA_KEY_DERIVATION_INPUT_SEED, - seed, seed_length ); - if( status != PSA_SUCCESS ) - return( status ); + if (PSA_ALG_IS_TLS12_PRF(alg) || PSA_ALG_IS_TLS12_PSK_TO_MS(alg)) { + status = psa_key_derivation_input_bytes(derivation, + PSA_KEY_DERIVATION_INPUT_SEED, + seed, seed_length); + if (status != PSA_SUCCESS) { + return status; + } - if( mbedtls_svc_key_id_is_null( key ) ) - { + if (mbedtls_svc_key_id_is_null(key)) { status = psa_key_derivation_input_bytes( derivation, PSA_KEY_DERIVATION_INPUT_SECRET, - NULL, 0 ); - } - else - { + NULL, 0); + } else { status = psa_key_derivation_input_key( - derivation, PSA_KEY_DERIVATION_INPUT_SECRET, key ); + derivation, PSA_KEY_DERIVATION_INPUT_SECRET, key); + } + if (status != PSA_SUCCESS) { + return status; } - if( status != PSA_SUCCESS ) - return( status ); - status = psa_key_derivation_input_bytes( derivation, - PSA_KEY_DERIVATION_INPUT_LABEL, - label, label_length ); - if( status != PSA_SUCCESS ) - return( status ); - } - else - { - return( PSA_ERROR_NOT_SUPPORTED ); + status = psa_key_derivation_input_bytes(derivation, + PSA_KEY_DERIVATION_INPUT_LABEL, + label, label_length); + if (status != PSA_SUCCESS) { + return status; + } + } else { + return PSA_ERROR_NOT_SUPPORTED; } - status = psa_key_derivation_set_capacity( derivation, capacity ); - if( status != PSA_SUCCESS ) - return( status ); + status = psa_key_derivation_set_capacity(derivation, capacity); + if (status != PSA_SUCCESS) { + return status; + } - return( PSA_SUCCESS ); + return PSA_SUCCESS; } MBEDTLS_CHECK_RETURN_CRITICAL -static int tls_prf_generic( mbedtls_md_type_t md_type, - const unsigned char *secret, size_t slen, - const char *label, - const unsigned char *random, size_t rlen, - unsigned char *dstbuf, size_t dlen ) +static int tls_prf_generic(mbedtls_md_type_t md_type, + const unsigned char *secret, size_t slen, + const char *label, + const unsigned char *random, size_t rlen, + unsigned char *dstbuf, size_t dlen) { psa_status_t status; psa_algorithm_t alg; @@ -615,10 +618,11 @@ static int tls_prf_generic( mbedtls_md_type_t md_type, psa_key_derivation_operation_t derivation = PSA_KEY_DERIVATION_OPERATION_INIT; - if( md_type == MBEDTLS_MD_SHA384 ) + if (md_type == MBEDTLS_MD_SHA384) { alg = PSA_ALG_TLS12_PRF(PSA_ALG_SHA_384); - else + } else { alg = PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256); + } /* Normally a "secret" should be long enough to be impossible to * find by brute force, and in particular should not be empty. But @@ -627,62 +631,61 @@ static int tls_prf_generic( mbedtls_md_type_t md_type, * Since the key API doesn't allow importing a key of length 0, * keep master_key=0, which setup_psa_key_derivation() understands * to mean a 0-length "secret" input. */ - if( slen != 0 ) - { + if (slen != 0) { psa_key_attributes_t key_attributes = psa_key_attributes_init(); - psa_set_key_usage_flags( &key_attributes, PSA_KEY_USAGE_DERIVE ); - psa_set_key_algorithm( &key_attributes, alg ); - psa_set_key_type( &key_attributes, PSA_KEY_TYPE_DERIVE ); - - status = psa_import_key( &key_attributes, secret, slen, &master_key ); - if( status != PSA_SUCCESS ) - return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); - } - - status = setup_psa_key_derivation( &derivation, - master_key, alg, - random, rlen, - (unsigned char const *) label, - (size_t) strlen( label ), - dlen ); - if( status != PSA_SUCCESS ) - { - psa_key_derivation_abort( &derivation ); - psa_destroy_key( master_key ); - return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); + psa_set_key_usage_flags(&key_attributes, PSA_KEY_USAGE_DERIVE); + psa_set_key_algorithm(&key_attributes, alg); + psa_set_key_type(&key_attributes, PSA_KEY_TYPE_DERIVE); + + status = psa_import_key(&key_attributes, secret, slen, &master_key); + if (status != PSA_SUCCESS) { + return MBEDTLS_ERR_SSL_HW_ACCEL_FAILED; + } } - status = psa_key_derivation_output_bytes( &derivation, dstbuf, dlen ); - if( status != PSA_SUCCESS ) - { - psa_key_derivation_abort( &derivation ); - psa_destroy_key( master_key ); - return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); + status = setup_psa_key_derivation(&derivation, + master_key, alg, + random, rlen, + (unsigned char const *) label, + (size_t) strlen(label), + dlen); + if (status != PSA_SUCCESS) { + psa_key_derivation_abort(&derivation); + psa_destroy_key(master_key); + return MBEDTLS_ERR_SSL_HW_ACCEL_FAILED; } - status = psa_key_derivation_abort( &derivation ); - if( status != PSA_SUCCESS ) - { - psa_destroy_key( master_key ); - return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); + status = psa_key_derivation_output_bytes(&derivation, dstbuf, dlen); + if (status != PSA_SUCCESS) { + psa_key_derivation_abort(&derivation); + psa_destroy_key(master_key); + return MBEDTLS_ERR_SSL_HW_ACCEL_FAILED; + } + + status = psa_key_derivation_abort(&derivation); + if (status != PSA_SUCCESS) { + psa_destroy_key(master_key); + return MBEDTLS_ERR_SSL_HW_ACCEL_FAILED; } - if( ! mbedtls_svc_key_id_is_null( master_key ) ) - status = psa_destroy_key( master_key ); - if( status != PSA_SUCCESS ) - return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); + if (!mbedtls_svc_key_id_is_null(master_key)) { + status = psa_destroy_key(master_key); + } + if (status != PSA_SUCCESS) { + return MBEDTLS_ERR_SSL_HW_ACCEL_FAILED; + } - return( 0 ); + return 0; } #else /* MBEDTLS_USE_PSA_CRYPTO */ MBEDTLS_CHECK_RETURN_CRITICAL -static int tls_prf_generic( mbedtls_md_type_t md_type, - const unsigned char *secret, size_t slen, - const char *label, - const unsigned char *random, size_t rlen, - unsigned char *dstbuf, size_t dlen ) +static int tls_prf_generic(mbedtls_md_type_t md_type, + const unsigned char *secret, size_t slen, + const char *label, + const unsigned char *random, size_t rlen, + unsigned char *dstbuf, size_t dlen) { size_t nb; size_t i, j, k, md_len; @@ -693,237 +696,240 @@ static int tls_prf_generic( mbedtls_md_type_t md_type, mbedtls_md_context_t md_ctx; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - mbedtls_md_init( &md_ctx ); + mbedtls_md_init(&md_ctx); - if( ( md_info = mbedtls_md_info_from_type( md_type ) ) == NULL ) - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + if ((md_info = mbedtls_md_info_from_type(md_type)) == NULL) { + return MBEDTLS_ERR_SSL_INTERNAL_ERROR; + } - md_len = mbedtls_md_get_size( md_info ); + md_len = mbedtls_md_get_size(md_info); - tmp_len = md_len + strlen( label ) + rlen; - tmp = mbedtls_calloc( 1, tmp_len ); - if( tmp == NULL ) - { + tmp_len = md_len + strlen(label) + rlen; + tmp = mbedtls_calloc(1, tmp_len); + if (tmp == NULL) { ret = MBEDTLS_ERR_SSL_ALLOC_FAILED; goto exit; } - nb = strlen( label ); - memcpy( tmp + md_len, label, nb ); - memcpy( tmp + md_len + nb, random, rlen ); + nb = strlen(label); + memcpy(tmp + md_len, label, nb); + memcpy(tmp + md_len + nb, random, rlen); nb += rlen; /* * Compute P_(secret, label + random)[0..dlen] */ - if ( ( ret = mbedtls_md_setup( &md_ctx, md_info, 1 ) ) != 0 ) + if ((ret = mbedtls_md_setup(&md_ctx, md_info, 1)) != 0) { goto exit; + } - ret = mbedtls_md_hmac_starts( &md_ctx, secret, slen ); - if( ret != 0 ) + ret = mbedtls_md_hmac_starts(&md_ctx, secret, slen); + if (ret != 0) { goto exit; - ret = mbedtls_md_hmac_update( &md_ctx, tmp + md_len, nb ); - if( ret != 0 ) + } + ret = mbedtls_md_hmac_update(&md_ctx, tmp + md_len, nb); + if (ret != 0) { goto exit; - ret = mbedtls_md_hmac_finish( &md_ctx, tmp ); - if( ret != 0 ) + } + ret = mbedtls_md_hmac_finish(&md_ctx, tmp); + if (ret != 0) { goto exit; + } - for( i = 0; i < dlen; i += md_len ) - { - ret = mbedtls_md_hmac_reset ( &md_ctx ); - if( ret != 0 ) + for (i = 0; i < dlen; i += md_len) { + ret = mbedtls_md_hmac_reset(&md_ctx); + if (ret != 0) { goto exit; - ret = mbedtls_md_hmac_update( &md_ctx, tmp, md_len + nb ); - if( ret != 0 ) + } + ret = mbedtls_md_hmac_update(&md_ctx, tmp, md_len + nb); + if (ret != 0) { goto exit; - ret = mbedtls_md_hmac_finish( &md_ctx, h_i ); - if( ret != 0 ) + } + ret = mbedtls_md_hmac_finish(&md_ctx, h_i); + if (ret != 0) { goto exit; + } - ret = mbedtls_md_hmac_reset ( &md_ctx ); - if( ret != 0 ) + ret = mbedtls_md_hmac_reset(&md_ctx); + if (ret != 0) { goto exit; - ret = mbedtls_md_hmac_update( &md_ctx, tmp, md_len ); - if( ret != 0 ) + } + ret = mbedtls_md_hmac_update(&md_ctx, tmp, md_len); + if (ret != 0) { goto exit; - ret = mbedtls_md_hmac_finish( &md_ctx, tmp ); - if( ret != 0 ) + } + ret = mbedtls_md_hmac_finish(&md_ctx, tmp); + if (ret != 0) { goto exit; + } - k = ( i + md_len > dlen ) ? dlen % md_len : md_len; + k = (i + md_len > dlen) ? dlen % md_len : md_len; - for( j = 0; j < k; j++ ) + for (j = 0; j < k; j++) { dstbuf[i + j] = h_i[j]; + } } exit: - mbedtls_md_free( &md_ctx ); + mbedtls_md_free(&md_ctx); - if ( tmp != NULL ) - mbedtls_platform_zeroize( tmp, tmp_len ); + if (tmp != NULL) { + mbedtls_platform_zeroize(tmp, tmp_len); + } - mbedtls_platform_zeroize( h_i, sizeof( h_i ) ); + mbedtls_platform_zeroize(h_i, sizeof(h_i)); - mbedtls_free( tmp ); + mbedtls_free(tmp); - return( ret ); + return ret; } #endif /* MBEDTLS_USE_PSA_CRYPTO */ #if defined(MBEDTLS_SHA256_C) MBEDTLS_CHECK_RETURN_CRITICAL -static int tls_prf_sha256( const unsigned char *secret, size_t slen, - const char *label, - const unsigned char *random, size_t rlen, - unsigned char *dstbuf, size_t dlen ) +static int tls_prf_sha256(const unsigned char *secret, size_t slen, + const char *label, + const unsigned char *random, size_t rlen, + unsigned char *dstbuf, size_t dlen) { - return( tls_prf_generic( MBEDTLS_MD_SHA256, secret, slen, - label, random, rlen, dstbuf, dlen ) ); + return tls_prf_generic(MBEDTLS_MD_SHA256, secret, slen, + label, random, rlen, dstbuf, dlen); } #endif /* MBEDTLS_SHA256_C */ #if defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_SHA512_NO_SHA384) MBEDTLS_CHECK_RETURN_CRITICAL -static int tls_prf_sha384( const unsigned char *secret, size_t slen, - const char *label, - const unsigned char *random, size_t rlen, - unsigned char *dstbuf, size_t dlen ) +static int tls_prf_sha384(const unsigned char *secret, size_t slen, + const char *label, + const unsigned char *random, size_t rlen, + unsigned char *dstbuf, size_t dlen) { - return( tls_prf_generic( MBEDTLS_MD_SHA384, secret, slen, - label, random, rlen, dstbuf, dlen ) ); + return tls_prf_generic(MBEDTLS_MD_SHA384, secret, slen, + label, random, rlen, dstbuf, dlen); } #endif /* MBEDTLS_SHA512_C && !MBEDTLS_SHA512_NO_SHA384 */ #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ -static void ssl_update_checksum_start( mbedtls_ssl_context *, const unsigned char *, size_t ); +static void ssl_update_checksum_start(mbedtls_ssl_context *, const unsigned char *, size_t); #if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \ defined(MBEDTLS_SSL_PROTO_TLS1_1) -static void ssl_update_checksum_md5sha1( mbedtls_ssl_context *, const unsigned char *, size_t ); +static void ssl_update_checksum_md5sha1(mbedtls_ssl_context *, const unsigned char *, size_t); #endif #if defined(MBEDTLS_SSL_PROTO_SSL3) -static void ssl_calc_verify_ssl( const mbedtls_ssl_context *, unsigned char *, size_t * ); -static void ssl_calc_finished_ssl( mbedtls_ssl_context *, unsigned char *, int ); +static void ssl_calc_verify_ssl(const mbedtls_ssl_context *, unsigned char *, size_t *); +static void ssl_calc_finished_ssl(mbedtls_ssl_context *, unsigned char *, int); #endif #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) -static void ssl_calc_verify_tls( const mbedtls_ssl_context *, unsigned char*, size_t * ); -static void ssl_calc_finished_tls( mbedtls_ssl_context *, unsigned char *, int ); +static void ssl_calc_verify_tls(const mbedtls_ssl_context *, unsigned char *, size_t *); +static void ssl_calc_finished_tls(mbedtls_ssl_context *, unsigned char *, int); #endif #if defined(MBEDTLS_SSL_PROTO_TLS1_2) #if defined(MBEDTLS_SHA256_C) -static void ssl_update_checksum_sha256( mbedtls_ssl_context *, const unsigned char *, size_t ); -static void ssl_calc_verify_tls_sha256( const mbedtls_ssl_context *,unsigned char*, size_t * ); -static void ssl_calc_finished_tls_sha256( mbedtls_ssl_context *,unsigned char *, int ); +static void ssl_update_checksum_sha256(mbedtls_ssl_context *, const unsigned char *, size_t); +static void ssl_calc_verify_tls_sha256(const mbedtls_ssl_context *, unsigned char *, size_t *); +static void ssl_calc_finished_tls_sha256(mbedtls_ssl_context *, unsigned char *, int); #endif #if defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_SHA512_NO_SHA384) -static void ssl_update_checksum_sha384( mbedtls_ssl_context *, const unsigned char *, size_t ); -static void ssl_calc_verify_tls_sha384( const mbedtls_ssl_context *, unsigned char*, size_t * ); -static void ssl_calc_finished_tls_sha384( mbedtls_ssl_context *, unsigned char *, int ); +static void ssl_update_checksum_sha384(mbedtls_ssl_context *, const unsigned char *, size_t); +static void ssl_calc_verify_tls_sha384(const mbedtls_ssl_context *, unsigned char *, size_t *); +static void ssl_calc_finished_tls_sha384(mbedtls_ssl_context *, unsigned char *, int); #endif #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ #if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) && \ defined(MBEDTLS_USE_PSA_CRYPTO) MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_use_opaque_psk( mbedtls_ssl_context const *ssl ) +static int ssl_use_opaque_psk(mbedtls_ssl_context const *ssl) { - if( ssl->conf->f_psk != NULL ) - { + if (ssl->conf->f_psk != NULL) { /* If we've used a callback to select the PSK, * the static configuration is irrelevant. */ - if( ! mbedtls_svc_key_id_is_null( ssl->handshake->psk_opaque ) ) - return( 1 ); + if (!mbedtls_svc_key_id_is_null(ssl->handshake->psk_opaque)) { + return 1; + } - return( 0 ); + return 0; } - if( ! mbedtls_svc_key_id_is_null( ssl->conf->psk_opaque ) ) - return( 1 ); + if (!mbedtls_svc_key_id_is_null(ssl->conf->psk_opaque)) { + return 1; + } - return( 0 ); + return 0; } #endif /* MBEDTLS_USE_PSA_CRYPTO && MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */ #if defined(MBEDTLS_SSL_EXPORT_KEYS) -static mbedtls_tls_prf_types tls_prf_get_type( mbedtls_ssl_tls_prf_cb *tls_prf ) +static mbedtls_tls_prf_types tls_prf_get_type(mbedtls_ssl_tls_prf_cb *tls_prf) { #if defined(MBEDTLS_SSL_PROTO_SSL3) - if( tls_prf == ssl3_prf ) - { - return( MBEDTLS_SSL_TLS_PRF_SSL3 ); - } - else + if (tls_prf == ssl3_prf) { + return MBEDTLS_SSL_TLS_PRF_SSL3; + } else #endif #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) - if( tls_prf == tls1_prf ) - { - return( MBEDTLS_SSL_TLS_PRF_TLS1 ); - } - else + if (tls_prf == tls1_prf) { + return MBEDTLS_SSL_TLS_PRF_TLS1; + } else #endif #if defined(MBEDTLS_SSL_PROTO_TLS1_2) #if defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_SHA512_NO_SHA384) - if( tls_prf == tls_prf_sha384 ) - { - return( MBEDTLS_SSL_TLS_PRF_SHA384 ); - } - else + if (tls_prf == tls_prf_sha384) { + return MBEDTLS_SSL_TLS_PRF_SHA384; + } else #endif #if defined(MBEDTLS_SHA256_C) - if( tls_prf == tls_prf_sha256 ) - { - return( MBEDTLS_SSL_TLS_PRF_SHA256 ); - } - else + if (tls_prf == tls_prf_sha256) { + return MBEDTLS_SSL_TLS_PRF_SHA256; + } else #endif #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ - return( MBEDTLS_SSL_TLS_PRF_NONE ); + return MBEDTLS_SSL_TLS_PRF_NONE; } #endif /* MBEDTLS_SSL_EXPORT_KEYS */ -int mbedtls_ssl_tls_prf( const mbedtls_tls_prf_types prf, - const unsigned char *secret, size_t slen, - const char *label, - const unsigned char *random, size_t rlen, - unsigned char *dstbuf, size_t dlen ) +int mbedtls_ssl_tls_prf(const mbedtls_tls_prf_types prf, + const unsigned char *secret, size_t slen, + const char *label, + const unsigned char *random, size_t rlen, + unsigned char *dstbuf, size_t dlen) { mbedtls_ssl_tls_prf_cb *tls_prf = NULL; - switch( prf ) - { + switch (prf) { #if defined(MBEDTLS_SSL_PROTO_SSL3) case MBEDTLS_SSL_TLS_PRF_SSL3: tls_prf = ssl3_prf; - break; + break; #endif /* MBEDTLS_SSL_PROTO_SSL3 */ #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) case MBEDTLS_SSL_TLS_PRF_TLS1: tls_prf = tls1_prf; - break; + break; #endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 */ #if defined(MBEDTLS_SSL_PROTO_TLS1_2) #if defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_SHA512_NO_SHA384) case MBEDTLS_SSL_TLS_PRF_SHA384: tls_prf = tls_prf_sha384; - break; + break; #endif /* MBEDTLS_SHA512_C && !MBEDTLS_SHA512_NO_SHA384 */ #if defined(MBEDTLS_SHA256_C) case MBEDTLS_SSL_TLS_PRF_SHA256: tls_prf = tls_prf_sha256; - break; + break; #endif /* MBEDTLS_SHA256_C */ #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ - default: - return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE ); + default: + return MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; } - return( tls_prf( secret, slen, label, random, rlen, dstbuf, dlen ) ); + return tls_prf(secret, slen, label, random, rlen, dstbuf, dlen); } /* Type for the TLS PRF */ @@ -954,28 +960,28 @@ typedef int ssl_tls_prf_t(const unsigned char *, size_t, const char *, * - MBEDTLS_DEBUG_C: ssl->conf->{f,p}_dbg */ MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_populate_transform( mbedtls_ssl_transform *transform, - int ciphersuite, - const unsigned char master[48], +static int ssl_populate_transform(mbedtls_ssl_transform *transform, + int ciphersuite, + const unsigned char master[48], #if defined(MBEDTLS_SSL_SOME_MODES_USE_MAC) #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) - int encrypt_then_mac, + int encrypt_then_mac, #endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */ #if defined(MBEDTLS_SSL_TRUNCATED_HMAC) - int trunc_hmac, + int trunc_hmac, #endif /* MBEDTLS_SSL_TRUNCATED_HMAC */ #endif /* MBEDTLS_SSL_SOME_MODES_USE_MAC */ #if defined(MBEDTLS_ZLIB_SUPPORT) - int compression, + int compression, #endif - ssl_tls_prf_t tls_prf, - const unsigned char randbytes[64], - int minor_ver, - unsigned endpoint, + ssl_tls_prf_t tls_prf, + const unsigned char randbytes[64], + int minor_ver, + unsigned endpoint, #if !defined(MBEDTLS_SSL_HW_RECORD_ACCEL) - const + const #endif - mbedtls_ssl_context *ssl ) + mbedtls_ssl_context *ssl) { int ret = 0; #if defined(MBEDTLS_USE_PSA_CRYPTO) @@ -1012,71 +1018,66 @@ static int ssl_populate_transform( mbedtls_ssl_transform *transform, transform->minor_ver = minor_ver; #if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) - memcpy( transform->randbytes, randbytes, sizeof( transform->randbytes ) ); + memcpy(transform->randbytes, randbytes, sizeof(transform->randbytes)); #endif /* * Get various info structures */ - ciphersuite_info = mbedtls_ssl_ciphersuite_from_id( ciphersuite ); - if( ciphersuite_info == NULL ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "ciphersuite info for %d not found", - ciphersuite ) ); - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + ciphersuite_info = mbedtls_ssl_ciphersuite_from_id(ciphersuite); + if (ciphersuite_info == NULL) { + MBEDTLS_SSL_DEBUG_MSG(1, ("ciphersuite info for %d not found", + ciphersuite)); + return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; } - cipher_info = mbedtls_cipher_info_from_type( ciphersuite_info->cipher ); - if( cipher_info == NULL ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "cipher info for %u not found", - ciphersuite_info->cipher ) ); - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + cipher_info = mbedtls_cipher_info_from_type(ciphersuite_info->cipher); + if (cipher_info == NULL) { + MBEDTLS_SSL_DEBUG_MSG(1, ("cipher info for %u not found", + ciphersuite_info->cipher)); + return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; } - md_info = mbedtls_md_info_from_type( ciphersuite_info->mac ); - if( md_info == NULL ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "mbedtls_md info for %u not found", - (unsigned) ciphersuite_info->mac ) ); - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + md_info = mbedtls_md_info_from_type(ciphersuite_info->mac); + if (md_info == NULL) { + MBEDTLS_SSL_DEBUG_MSG(1, ("mbedtls_md info for %u not found", + (unsigned) ciphersuite_info->mac)); + return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; } #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) /* Copy own and peer's CID if the use of the CID * extension has been negotiated. */ - if( ssl->handshake->cid_in_use == MBEDTLS_SSL_CID_ENABLED ) - { - MBEDTLS_SSL_DEBUG_MSG( 3, ( "Copy CIDs into SSL transform" ) ); + if (ssl->handshake->cid_in_use == MBEDTLS_SSL_CID_ENABLED) { + MBEDTLS_SSL_DEBUG_MSG(3, ("Copy CIDs into SSL transform")); transform->in_cid_len = ssl->own_cid_len; - memcpy( transform->in_cid, ssl->own_cid, ssl->own_cid_len ); - MBEDTLS_SSL_DEBUG_BUF( 3, "Incoming CID", transform->in_cid, - transform->in_cid_len ); + memcpy(transform->in_cid, ssl->own_cid, ssl->own_cid_len); + MBEDTLS_SSL_DEBUG_BUF(3, "Incoming CID", transform->in_cid, + transform->in_cid_len); transform->out_cid_len = ssl->handshake->peer_cid_len; - memcpy( transform->out_cid, ssl->handshake->peer_cid, - ssl->handshake->peer_cid_len ); - MBEDTLS_SSL_DEBUG_BUF( 3, "Outgoing CID", transform->out_cid, - transform->out_cid_len ); + memcpy(transform->out_cid, ssl->handshake->peer_cid, + ssl->handshake->peer_cid_len); + MBEDTLS_SSL_DEBUG_BUF(3, "Outgoing CID", transform->out_cid, + transform->out_cid_len); } #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ /* * Compute key block using the PRF */ - ret = tls_prf( master, 48, "key expansion", randbytes, 64, keyblk, 256 ); - if( ret != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "prf", ret ); - return( ret ); + ret = tls_prf(master, 48, "key expansion", randbytes, 64, keyblk, 256); + if (ret != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "prf", ret); + return ret; } - MBEDTLS_SSL_DEBUG_MSG( 3, ( "ciphersuite = %s", - mbedtls_ssl_get_ciphersuite_name( ciphersuite ) ) ); - MBEDTLS_SSL_DEBUG_BUF( 3, "master secret", master, 48 ); - MBEDTLS_SSL_DEBUG_BUF( 4, "random bytes", randbytes, 64 ); - MBEDTLS_SSL_DEBUG_BUF( 4, "key block", keyblk, 256 ); + MBEDTLS_SSL_DEBUG_MSG(3, ("ciphersuite = %s", + mbedtls_ssl_get_ciphersuite_name(ciphersuite))); + MBEDTLS_SSL_DEBUG_BUF(3, "master secret", master, 48); + MBEDTLS_SSL_DEBUG_BUF(4, "random bytes", randbytes, 64); + MBEDTLS_SSL_DEBUG_BUF(4, "key block", keyblk, 256); /* * Determine the appropriate key, IV and MAC length. @@ -1087,10 +1088,9 @@ static int ssl_populate_transform( mbedtls_ssl_transform *transform, #if defined(MBEDTLS_GCM_C) || \ defined(MBEDTLS_CCM_C) || \ defined(MBEDTLS_CHACHAPOLY_C) - if( cipher_info->mode == MBEDTLS_MODE_GCM || + if (cipher_info->mode == MBEDTLS_MODE_GCM || cipher_info->mode == MBEDTLS_MODE_CCM || - cipher_info->mode == MBEDTLS_MODE_CHACHAPOLY ) - { + cipher_info->mode == MBEDTLS_MODE_CHACHAPOLY) { size_t explicit_ivlen; transform->maclen = 0; @@ -1108,39 +1108,35 @@ static int ssl_populate_transform( mbedtls_ssl_transform *transform, */ transform->ivlen = 12; #if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) - if( minor_ver == MBEDTLS_SSL_MINOR_VERSION_4 ) - { + if (minor_ver == MBEDTLS_SSL_MINOR_VERSION_4) { transform->fixed_ivlen = 12; - } - else + } else #endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ { - if( cipher_info->mode == MBEDTLS_MODE_CHACHAPOLY ) + if (cipher_info->mode == MBEDTLS_MODE_CHACHAPOLY) { transform->fixed_ivlen = 12; - else + } else { transform->fixed_ivlen = 4; + } } /* Minimum length of encrypted record */ explicit_ivlen = transform->ivlen - transform->fixed_ivlen; transform->minlen = explicit_ivlen + transform->taglen; - } - else + } else #endif /* MBEDTLS_GCM_C || MBEDTLS_CCM_C || MBEDTLS_CHACHAPOLY_C */ #if defined(MBEDTLS_SSL_SOME_MODES_USE_MAC) - if( cipher_info->mode == MBEDTLS_MODE_STREAM || - cipher_info->mode == MBEDTLS_MODE_CBC ) - { + if (cipher_info->mode == MBEDTLS_MODE_STREAM || + cipher_info->mode == MBEDTLS_MODE_CBC) { /* Initialize HMAC contexts */ - if( ( ret = mbedtls_md_setup( &transform->md_ctx_enc, md_info, 1 ) ) != 0 || - ( ret = mbedtls_md_setup( &transform->md_ctx_dec, md_info, 1 ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md_setup", ret ); + if ((ret = mbedtls_md_setup(&transform->md_ctx_enc, md_info, 1)) != 0 || + (ret = mbedtls_md_setup(&transform->md_ctx_dec, md_info, 1)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_md_setup", ret); goto end; } /* Get MAC length */ - mac_key_len = mbedtls_md_get_size( md_info ); + mac_key_len = mbedtls_md_get_size(md_info); transform->maclen = mac_key_len; #if defined(MBEDTLS_SSL_TRUNCATED_HMAC) @@ -1149,8 +1145,7 @@ static int ssl_populate_transform( mbedtls_ssl_transform *transform, * (rfc 6066 page 13 or rfc 2104 section 4), * so we only need to adjust the length here. */ - if( trunc_hmac == MBEDTLS_SSL_TRUNC_HMAC_ENABLED ) - { + if (trunc_hmac == MBEDTLS_SSL_TRUNC_HMAC_ENABLED) { transform->maclen = MBEDTLS_SSL_TRUNCATED_HMAC_LEN; #if defined(MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT) @@ -1166,10 +1161,9 @@ static int ssl_populate_transform( mbedtls_ssl_transform *transform, transform->ivlen = cipher_info->iv_size; /* Minimum length */ - if( cipher_info->mode == MBEDTLS_MODE_STREAM ) + if (cipher_info->mode == MBEDTLS_MODE_STREAM) { transform->minlen = transform->maclen; - else - { + } else { /* * GenericBlockCipher: * 1. if EtM is in use: one block plus MAC @@ -1177,59 +1171,53 @@ static int ssl_populate_transform( mbedtls_ssl_transform *transform, * 2. IV except for SSL3 and TLS 1.0 */ #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) - if( encrypt_then_mac == MBEDTLS_SSL_ETM_ENABLED ) - { + if (encrypt_then_mac == MBEDTLS_SSL_ETM_ENABLED) { transform->minlen = transform->maclen - + cipher_info->block_size; - } - else + + cipher_info->block_size; + } else #endif { transform->minlen = transform->maclen - + cipher_info->block_size - - transform->maclen % cipher_info->block_size; + + cipher_info->block_size + - transform->maclen % cipher_info->block_size; } #if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) - if( minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 || - minor_ver == MBEDTLS_SSL_MINOR_VERSION_1 ) + if (minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 || + minor_ver == MBEDTLS_SSL_MINOR_VERSION_1) { ; /* No need to adjust minlen */ - else + } else #endif #if defined(MBEDTLS_SSL_PROTO_TLS1_1) || defined(MBEDTLS_SSL_PROTO_TLS1_2) - if( minor_ver == MBEDTLS_SSL_MINOR_VERSION_2 || - minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 ) - { + if (minor_ver == MBEDTLS_SSL_MINOR_VERSION_2 || + minor_ver == MBEDTLS_SSL_MINOR_VERSION_3) { transform->minlen += transform->ivlen; - } - else + } else #endif { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); + MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR; goto end; } } - } - else + } else #endif /* MBEDTLS_SSL_SOME_MODES_USE_MAC */ { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); + return MBEDTLS_ERR_SSL_INTERNAL_ERROR; } - MBEDTLS_SSL_DEBUG_MSG( 3, ( "keylen: %u, minlen: %u, ivlen: %u, maclen: %u", - (unsigned) keylen, - (unsigned) transform->minlen, - (unsigned) transform->ivlen, - (unsigned) transform->maclen ) ); + MBEDTLS_SSL_DEBUG_MSG(3, ("keylen: %u, minlen: %u, ivlen: %u, maclen: %u", + (unsigned) keylen, + (unsigned) transform->minlen, + (unsigned) transform->ivlen, + (unsigned) transform->maclen)); /* * Finally setup the cipher contexts, IVs and MAC secrets. */ #if defined(MBEDTLS_SSL_CLI_C) - if( endpoint == MBEDTLS_SSL_IS_CLIENT ) - { + if (endpoint == MBEDTLS_SSL_IS_CLIENT) { key1 = keyblk + mac_key_len * 2; key2 = keyblk + mac_key_len * 2 + keylen; @@ -1239,17 +1227,15 @@ static int ssl_populate_transform( mbedtls_ssl_transform *transform, /* * This is not used in TLS v1.1. */ - iv_copy_len = ( transform->fixed_ivlen ) ? - transform->fixed_ivlen : transform->ivlen; - memcpy( transform->iv_enc, key2 + keylen, iv_copy_len ); - memcpy( transform->iv_dec, key2 + keylen + iv_copy_len, - iv_copy_len ); - } - else + iv_copy_len = (transform->fixed_ivlen) ? + transform->fixed_ivlen : transform->ivlen; + memcpy(transform->iv_enc, key2 + keylen, iv_copy_len); + memcpy(transform->iv_dec, key2 + keylen + iv_copy_len, + iv_copy_len); + } else #endif /* MBEDTLS_SSL_CLI_C */ #if defined(MBEDTLS_SSL_SRV_C) - if( endpoint == MBEDTLS_SSL_IS_SERVER ) - { + if (endpoint == MBEDTLS_SSL_IS_SERVER) { key1 = keyblk + mac_key_len * 2 + keylen; key2 = keyblk + mac_key_len * 2; @@ -1259,77 +1245,70 @@ static int ssl_populate_transform( mbedtls_ssl_transform *transform, /* * This is not used in TLS v1.1. */ - iv_copy_len = ( transform->fixed_ivlen ) ? - transform->fixed_ivlen : transform->ivlen; - memcpy( transform->iv_dec, key1 + keylen, iv_copy_len ); - memcpy( transform->iv_enc, key1 + keylen + iv_copy_len, - iv_copy_len ); - } - else + iv_copy_len = (transform->fixed_ivlen) ? + transform->fixed_ivlen : transform->ivlen; + memcpy(transform->iv_dec, key1 + keylen, iv_copy_len); + memcpy(transform->iv_enc, key1 + keylen + iv_copy_len, + iv_copy_len); + } else #endif /* MBEDTLS_SSL_SRV_C */ { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); + MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR; goto end; } #if defined(MBEDTLS_SSL_SOME_MODES_USE_MAC) #if defined(MBEDTLS_SSL_PROTO_SSL3) - if( minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ) - { - if( mac_key_len > sizeof( transform->mac_enc ) ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); + if (minor_ver == MBEDTLS_SSL_MINOR_VERSION_0) { + if (mac_key_len > sizeof(transform->mac_enc)) { + MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR; goto end; } - memcpy( transform->mac_enc, mac_enc, mac_key_len ); - memcpy( transform->mac_dec, mac_dec, mac_key_len ); - } - else + memcpy(transform->mac_enc, mac_enc, mac_key_len); + memcpy(transform->mac_dec, mac_dec, mac_key_len); + } else #endif /* MBEDTLS_SSL_PROTO_SSL3 */ #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \ defined(MBEDTLS_SSL_PROTO_TLS1_2) - if( minor_ver >= MBEDTLS_SSL_MINOR_VERSION_1 ) - { + if (minor_ver >= MBEDTLS_SSL_MINOR_VERSION_1) { /* For HMAC-based ciphersuites, initialize the HMAC transforms. For AEAD-based ciphersuites, there is nothing to do here. */ - if( mac_key_len != 0 ) - { - ret = mbedtls_md_hmac_starts( &transform->md_ctx_enc, - mac_enc, mac_key_len ); - if( ret != 0 ) + if (mac_key_len != 0) { + ret = mbedtls_md_hmac_starts(&transform->md_ctx_enc, + mac_enc, mac_key_len); + if (ret != 0) { goto end; - ret = mbedtls_md_hmac_starts( &transform->md_ctx_dec, - mac_dec, mac_key_len ); - if( ret != 0 ) + } + ret = mbedtls_md_hmac_starts(&transform->md_ctx_dec, + mac_dec, mac_key_len); + if (ret != 0) { goto end; + } } - } - else + } else #endif { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); + MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR; goto end; } #endif /* MBEDTLS_SSL_SOME_MODES_USE_MAC */ #if defined(MBEDTLS_SSL_HW_RECORD_ACCEL) - if( mbedtls_ssl_hw_record_init != NULL ) - { + if (mbedtls_ssl_hw_record_init != NULL) { ret = 0; - MBEDTLS_SSL_DEBUG_MSG( 2, ( "going for mbedtls_ssl_hw_record_init()" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("going for mbedtls_ssl_hw_record_init()")); - if( ( ret = mbedtls_ssl_hw_record_init( ssl, key1, key2, keylen, - transform->iv_enc, transform->iv_dec, - iv_copy_len, - mac_enc, mac_dec, - mac_key_len ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_hw_record_init", ret ); + if ((ret = mbedtls_ssl_hw_record_init(ssl, key1, key2, keylen, + transform->iv_enc, transform->iv_dec, + iv_copy_len, + mac_enc, mac_dec, + mac_key_len)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_hw_record_init", ret); ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED; goto end; } @@ -1340,23 +1319,21 @@ static int ssl_populate_transform( mbedtls_ssl_transform *transform, #endif /* MBEDTLS_SSL_HW_RECORD_ACCEL */ #if defined(MBEDTLS_SSL_EXPORT_KEYS) - if( ssl->conf->f_export_keys != NULL ) - { - ssl->conf->f_export_keys( ssl->conf->p_export_keys, - master, keyblk, - mac_key_len, keylen, - iv_copy_len ); + if (ssl->conf->f_export_keys != NULL) { + ssl->conf->f_export_keys(ssl->conf->p_export_keys, + master, keyblk, + mac_key_len, keylen, + iv_copy_len); } - if( ssl->conf->f_export_keys_ext != NULL ) - { - ssl->conf->f_export_keys_ext( ssl->conf->p_export_keys, - master, keyblk, - mac_key_len, keylen, - iv_copy_len, - randbytes + 32, - randbytes, - tls_prf_get_type( tls_prf ) ); + if (ssl->conf->f_export_keys_ext != NULL) { + ssl->conf->f_export_keys_ext(ssl->conf->p_export_keys, + master, keyblk, + mac_key_len, keylen, + iv_copy_len, + randbytes + 32, + randbytes, + tls_prf_get_type(tls_prf)); } #endif @@ -1369,41 +1346,38 @@ static int ssl_populate_transform( mbedtls_ssl_transform *transform, * the structure field for the IV, which the PSA-based * implementation currently doesn't. */ #if defined(MBEDTLS_SSL_PROTO_TLS1_2) - if( minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 ) - { - ret = mbedtls_cipher_setup_psa( &transform->cipher_ctx_enc, - cipher_info, transform->taglen ); - if( ret != 0 && ret != MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setup_psa", ret ); + if (minor_ver == MBEDTLS_SSL_MINOR_VERSION_3) { + ret = mbedtls_cipher_setup_psa(&transform->cipher_ctx_enc, + cipher_info, transform->taglen); + if (ret != 0 && ret != MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_cipher_setup_psa", ret); goto end; } - if( ret == 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 3, ( "Successfully setup PSA-based encryption cipher context" ) ); + if (ret == 0) { + MBEDTLS_SSL_DEBUG_MSG(3, ("Successfully setup PSA-based encryption cipher context")); psa_fallthrough = 0; - } - else - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "Failed to setup PSA-based cipher context for record encryption - fall through to default setup." ) ); + } else { + MBEDTLS_SSL_DEBUG_MSG(1, + ( + "Failed to setup PSA-based cipher context for record encryption - fall through to default setup.")); psa_fallthrough = 1; } - } - else + } else { psa_fallthrough = 1; + } #else psa_fallthrough = 1; #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ - if( psa_fallthrough == 0 ) + if (psa_fallthrough == 0) { do_mbedtls_cipher_setup = 0; + } #endif /* MBEDTLS_USE_PSA_CRYPTO */ - if( do_mbedtls_cipher_setup && - ( ret = mbedtls_cipher_setup( &transform->cipher_ctx_enc, - cipher_info ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setup", ret ); + if (do_mbedtls_cipher_setup && + (ret = mbedtls_cipher_setup(&transform->cipher_ctx_enc, + cipher_info)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_cipher_setup", ret); goto end; } @@ -1415,74 +1389,66 @@ static int ssl_populate_transform( mbedtls_ssl_transform *transform, * the structure field for the IV, which the PSA-based * implementation currently doesn't. */ #if defined(MBEDTLS_SSL_PROTO_TLS1_2) - if( minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 ) - { - ret = mbedtls_cipher_setup_psa( &transform->cipher_ctx_dec, - cipher_info, transform->taglen ); - if( ret != 0 && ret != MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setup_psa", ret ); + if (minor_ver == MBEDTLS_SSL_MINOR_VERSION_3) { + ret = mbedtls_cipher_setup_psa(&transform->cipher_ctx_dec, + cipher_info, transform->taglen); + if (ret != 0 && ret != MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_cipher_setup_psa", ret); goto end; } - if( ret == 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 3, ( "Successfully setup PSA-based decryption cipher context" ) ); + if (ret == 0) { + MBEDTLS_SSL_DEBUG_MSG(3, ("Successfully setup PSA-based decryption cipher context")); psa_fallthrough = 0; - } - else - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "Failed to setup PSA-based cipher context for record decryption - fall through to default setup." ) ); + } else { + MBEDTLS_SSL_DEBUG_MSG(1, + ( + "Failed to setup PSA-based cipher context for record decryption - fall through to default setup.")); psa_fallthrough = 1; } - } - else + } else { psa_fallthrough = 1; + } #else psa_fallthrough = 1; #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ - if( psa_fallthrough == 0 ) + if (psa_fallthrough == 0) { do_mbedtls_cipher_setup = 0; + } #endif /* MBEDTLS_USE_PSA_CRYPTO */ - if( do_mbedtls_cipher_setup && - ( ret = mbedtls_cipher_setup( &transform->cipher_ctx_dec, - cipher_info ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setup", ret ); + if (do_mbedtls_cipher_setup && + (ret = mbedtls_cipher_setup(&transform->cipher_ctx_dec, + cipher_info)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_cipher_setup", ret); goto end; } - if( ( ret = mbedtls_cipher_setkey( &transform->cipher_ctx_enc, key1, - cipher_info->key_bitlen, - MBEDTLS_ENCRYPT ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setkey", ret ); + if ((ret = mbedtls_cipher_setkey(&transform->cipher_ctx_enc, key1, + cipher_info->key_bitlen, + MBEDTLS_ENCRYPT)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_cipher_setkey", ret); goto end; } - if( ( ret = mbedtls_cipher_setkey( &transform->cipher_ctx_dec, key2, - cipher_info->key_bitlen, - MBEDTLS_DECRYPT ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setkey", ret ); + if ((ret = mbedtls_cipher_setkey(&transform->cipher_ctx_dec, key2, + cipher_info->key_bitlen, + MBEDTLS_DECRYPT)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_cipher_setkey", ret); goto end; } #if defined(MBEDTLS_CIPHER_MODE_CBC) - if( cipher_info->mode == MBEDTLS_MODE_CBC ) - { - if( ( ret = mbedtls_cipher_set_padding_mode( &transform->cipher_ctx_enc, - MBEDTLS_PADDING_NONE ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_set_padding_mode", ret ); + if (cipher_info->mode == MBEDTLS_MODE_CBC) { + if ((ret = mbedtls_cipher_set_padding_mode(&transform->cipher_ctx_enc, + MBEDTLS_PADDING_NONE)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_cipher_set_padding_mode", ret); goto end; } - if( ( ret = mbedtls_cipher_set_padding_mode( &transform->cipher_ctx_dec, - MBEDTLS_PADDING_NONE ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_set_padding_mode", ret ); + if ((ret = mbedtls_cipher_set_padding_mode(&transform->cipher_ctx_dec, + MBEDTLS_PADDING_NONE)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_cipher_set_padding_mode", ret); goto end; } } @@ -1491,18 +1457,16 @@ static int ssl_populate_transform( mbedtls_ssl_transform *transform, /* Initialize Zlib contexts */ #if defined(MBEDTLS_ZLIB_SUPPORT) - if( compression == MBEDTLS_SSL_COMPRESS_DEFLATE ) - { - MBEDTLS_SSL_DEBUG_MSG( 3, ( "Initializing zlib states" ) ); + if (compression == MBEDTLS_SSL_COMPRESS_DEFLATE) { + MBEDTLS_SSL_DEBUG_MSG(3, ("Initializing zlib states")); - memset( &transform->ctx_deflate, 0, sizeof( transform->ctx_deflate ) ); - memset( &transform->ctx_inflate, 0, sizeof( transform->ctx_inflate ) ); + memset(&transform->ctx_deflate, 0, sizeof(transform->ctx_deflate)); + memset(&transform->ctx_inflate, 0, sizeof(transform->ctx_inflate)); - if( deflateInit( &transform->ctx_deflate, - Z_DEFAULT_COMPRESSION ) != Z_OK || - inflateInit( &transform->ctx_inflate ) != Z_OK ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "Failed to initialize compression" ) ); + if (deflateInit(&transform->ctx_deflate, + Z_DEFAULT_COMPRESSION) != Z_OK || + inflateInit(&transform->ctx_inflate) != Z_OK) { + MBEDTLS_SSL_DEBUG_MSG(1, ("Failed to initialize compression")); ret = MBEDTLS_ERR_SSL_COMPRESSION_FAILED; goto end; } @@ -1510,8 +1474,8 @@ static int ssl_populate_transform( mbedtls_ssl_transform *transform, #endif /* MBEDTLS_ZLIB_SUPPORT */ end: - mbedtls_platform_zeroize( keyblk, sizeof( keyblk ) ); - return( ret ); + mbedtls_platform_zeroize(keyblk, sizeof(keyblk)); + return ret; } /* @@ -1525,59 +1489,51 @@ end: * - the tls_prf, calc_verify and calc_finished members of handshake structure */ MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_set_handshake_prfs( mbedtls_ssl_handshake_params *handshake, - int minor_ver, - mbedtls_md_type_t hash ) +static int ssl_set_handshake_prfs(mbedtls_ssl_handshake_params *handshake, + int minor_ver, + mbedtls_md_type_t hash) { #if !defined(MBEDTLS_SSL_PROTO_TLS1_2) || \ - !( defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_SHA512_NO_SHA384) ) + !(defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_SHA512_NO_SHA384)) (void) hash; #endif #if defined(MBEDTLS_SSL_PROTO_SSL3) - if( minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ) - { + if (minor_ver == MBEDTLS_SSL_MINOR_VERSION_0) { handshake->tls_prf = ssl3_prf; handshake->calc_verify = ssl_calc_verify_ssl; handshake->calc_finished = ssl_calc_finished_ssl; - } - else + } else #endif #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) - if( minor_ver < MBEDTLS_SSL_MINOR_VERSION_3 ) - { + if (minor_ver < MBEDTLS_SSL_MINOR_VERSION_3) { handshake->tls_prf = tls1_prf; handshake->calc_verify = ssl_calc_verify_tls; handshake->calc_finished = ssl_calc_finished_tls; - } - else + } else #endif #if defined(MBEDTLS_SSL_PROTO_TLS1_2) #if defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_SHA512_NO_SHA384) - if( minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 && - hash == MBEDTLS_MD_SHA384 ) - { + if (minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 && + hash == MBEDTLS_MD_SHA384) { handshake->tls_prf = tls_prf_sha384; handshake->calc_verify = ssl_calc_verify_tls_sha384; handshake->calc_finished = ssl_calc_finished_tls_sha384; - } - else + } else #endif #if defined(MBEDTLS_SHA256_C) - if( minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 ) - { + if (minor_ver == MBEDTLS_SSL_MINOR_VERSION_3) { handshake->tls_prf = tls_prf_sha256; handshake->calc_verify = ssl_calc_verify_tls_sha256; handshake->calc_finished = ssl_calc_finished_tls_sha256; - } - else + } else #endif #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ { - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + return MBEDTLS_ERR_SSL_INTERNAL_ERROR; } - return( 0 ); + return 0; } /* @@ -1595,9 +1551,9 @@ static int ssl_set_handshake_prfs( mbedtls_ssl_handshake_params *handshake, * PSA-PSA: minor_ver, conf */ MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_compute_master( mbedtls_ssl_handshake_params *handshake, - unsigned char *master, - const mbedtls_ssl_context *ssl ) +static int ssl_compute_master(mbedtls_ssl_handshake_params *handshake, + unsigned char *master, + const mbedtls_ssl_context *ssl) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; @@ -1628,35 +1584,32 @@ static int ssl_compute_master( mbedtls_ssl_handshake_params *handshake, #if !defined(MBEDTLS_DEBUG_C) && \ !defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) && \ !(defined(MBEDTLS_USE_PSA_CRYPTO) && \ - defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)) + defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)) ssl = NULL; /* make sure we don't use it except for those cases */ (void) ssl; #endif - if( handshake->resume != 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 3, ( "no premaster (session resumed)" ) ); - return( 0 ); + if (handshake->resume != 0) { + MBEDTLS_SSL_DEBUG_MSG(3, ("no premaster (session resumed)")); + return 0; } #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) - if( handshake->extended_ms == MBEDTLS_SSL_EXTENDED_MS_ENABLED ) - { + if (handshake->extended_ms == MBEDTLS_SSL_EXTENDED_MS_ENABLED) { lbl = "extended master secret"; salt = session_hash; - handshake->calc_verify( ssl, session_hash, &salt_len ); + handshake->calc_verify(ssl, session_hash, &salt_len); - MBEDTLS_SSL_DEBUG_BUF( 3, "session hash for extended master secret", - session_hash, salt_len ); + MBEDTLS_SSL_DEBUG_BUF(3, "session hash for extended master secret", + session_hash, salt_len); } #endif /* MBEDTLS_SSL_EXTENDED_MS_ENABLED */ #if defined(MBEDTLS_USE_PSA_CRYPTO) && \ defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) - if( handshake->ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK && + if (handshake->ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK && ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 && - ssl_use_opaque_psk( ssl ) == 1 ) - { + ssl_use_opaque_psk(ssl) == 1) { /* Perform PSK-to-MS expansion in a single step. */ psa_status_t status; psa_algorithm_t alg; @@ -1665,89 +1618,85 @@ static int ssl_compute_master( mbedtls_ssl_handshake_params *handshake, PSA_KEY_DERIVATION_OPERATION_INIT; mbedtls_md_type_t hash_alg = handshake->ciphersuite_info->mac; - MBEDTLS_SSL_DEBUG_MSG( 2, ( "perform PSA-based PSK-to-MS expansion" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("perform PSA-based PSK-to-MS expansion")); - psk = mbedtls_ssl_get_opaque_psk( ssl ); + psk = mbedtls_ssl_get_opaque_psk(ssl); - if( hash_alg == MBEDTLS_MD_SHA384 ) + if (hash_alg == MBEDTLS_MD_SHA384) { alg = PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_384); - else + } else { alg = PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256); + } - status = setup_psa_key_derivation( &derivation, psk, alg, - salt, salt_len, - (unsigned char const *) lbl, - (size_t) strlen( lbl ), - master_secret_len ); - if( status != PSA_SUCCESS ) - { - psa_key_derivation_abort( &derivation ); - return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); + status = setup_psa_key_derivation(&derivation, psk, alg, + salt, salt_len, + (unsigned char const *) lbl, + (size_t) strlen(lbl), + master_secret_len); + if (status != PSA_SUCCESS) { + psa_key_derivation_abort(&derivation); + return MBEDTLS_ERR_SSL_HW_ACCEL_FAILED; } - status = psa_key_derivation_output_bytes( &derivation, - master, - master_secret_len ); - if( status != PSA_SUCCESS ) - { - psa_key_derivation_abort( &derivation ); - return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); + status = psa_key_derivation_output_bytes(&derivation, + master, + master_secret_len); + if (status != PSA_SUCCESS) { + psa_key_derivation_abort(&derivation); + return MBEDTLS_ERR_SSL_HW_ACCEL_FAILED; } - status = psa_key_derivation_abort( &derivation ); - if( status != PSA_SUCCESS ) - return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); - } - else + status = psa_key_derivation_abort(&derivation); + if (status != PSA_SUCCESS) { + return MBEDTLS_ERR_SSL_HW_ACCEL_FAILED; + } + } else #endif { - ret = handshake->tls_prf( handshake->premaster, handshake->pmslen, - lbl, salt, salt_len, - master, - master_secret_len ); - if( ret != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "prf", ret ); - return( ret ); + ret = handshake->tls_prf(handshake->premaster, handshake->pmslen, + lbl, salt, salt_len, + master, + master_secret_len); + if (ret != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "prf", ret); + return ret; } - MBEDTLS_SSL_DEBUG_BUF( 3, "premaster secret", - handshake->premaster, - handshake->pmslen ); + MBEDTLS_SSL_DEBUG_BUF(3, "premaster secret", + handshake->premaster, + handshake->pmslen); - mbedtls_platform_zeroize( handshake->premaster, - sizeof(handshake->premaster) ); + mbedtls_platform_zeroize(handshake->premaster, + sizeof(handshake->premaster)); } - return( 0 ); + return 0; } -int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl ) +int mbedtls_ssl_derive_keys(mbedtls_ssl_context *ssl) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; const mbedtls_ssl_ciphersuite_t * const ciphersuite_info = ssl->handshake->ciphersuite_info; - MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> derive keys" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("=> derive keys")); /* Set PRF, calc_verify and calc_finished function pointers */ - ret = ssl_set_handshake_prfs( ssl->handshake, - ssl->minor_ver, - ciphersuite_info->mac ); - if( ret != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "ssl_set_handshake_prfs", ret ); - return( ret ); + ret = ssl_set_handshake_prfs(ssl->handshake, + ssl->minor_ver, + ciphersuite_info->mac); + if (ret != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "ssl_set_handshake_prfs", ret); + return ret; } /* Compute master secret if needed */ - ret = ssl_compute_master( ssl->handshake, - ssl->session_negotiate->master, - ssl ); - if( ret != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "ssl_compute_master", ret ); - return( ret ); + ret = ssl_compute_master(ssl->handshake, + ssl->session_negotiate->master, + ssl); + if (ret != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "ssl_compute_master", ret); + return ret; } /* Swap the client and server random values: @@ -1755,142 +1704,139 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl ) * - key derivation wants server+client (RFC 5246 6.3) */ { unsigned char tmp[64]; - memcpy( tmp, ssl->handshake->randbytes, 64 ); - memcpy( ssl->handshake->randbytes, tmp + 32, 32 ); - memcpy( ssl->handshake->randbytes + 32, tmp, 32 ); - mbedtls_platform_zeroize( tmp, sizeof( tmp ) ); + memcpy(tmp, ssl->handshake->randbytes, 64); + memcpy(ssl->handshake->randbytes, tmp + 32, 32); + memcpy(ssl->handshake->randbytes + 32, tmp, 32); + mbedtls_platform_zeroize(tmp, sizeof(tmp)); } /* Populate transform structure */ - ret = ssl_populate_transform( ssl->transform_negotiate, - ssl->session_negotiate->ciphersuite, - ssl->session_negotiate->master, + ret = ssl_populate_transform(ssl->transform_negotiate, + ssl->session_negotiate->ciphersuite, + ssl->session_negotiate->master, #if defined(MBEDTLS_SSL_SOME_MODES_USE_MAC) #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) - ssl->session_negotiate->encrypt_then_mac, + ssl->session_negotiate->encrypt_then_mac, #endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */ #if defined(MBEDTLS_SSL_TRUNCATED_HMAC) - ssl->session_negotiate->trunc_hmac, + ssl->session_negotiate->trunc_hmac, #endif /* MBEDTLS_SSL_TRUNCATED_HMAC */ #endif /* MBEDTLS_SSL_SOME_MODES_USE_MAC */ #if defined(MBEDTLS_ZLIB_SUPPORT) - ssl->session_negotiate->compression, -#endif - ssl->handshake->tls_prf, - ssl->handshake->randbytes, - ssl->minor_ver, - ssl->conf->endpoint, - ssl ); - if( ret != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "ssl_populate_transform", ret ); - return( ret ); + ssl->session_negotiate->compression, +#endif + ssl->handshake->tls_prf, + ssl->handshake->randbytes, + ssl->minor_ver, + ssl->conf->endpoint, + ssl); + if (ret != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "ssl_populate_transform", ret); + return ret; } /* We no longer need Server/ClientHello.random values */ - mbedtls_platform_zeroize( ssl->handshake->randbytes, - sizeof( ssl->handshake->randbytes ) ); + mbedtls_platform_zeroize(ssl->handshake->randbytes, + sizeof(ssl->handshake->randbytes)); /* Allocate compression buffer */ #if defined(MBEDTLS_ZLIB_SUPPORT) - if( ssl->session_negotiate->compression == MBEDTLS_SSL_COMPRESS_DEFLATE && - ssl->compress_buf == NULL ) - { - MBEDTLS_SSL_DEBUG_MSG( 3, ( "Allocating compression buffer" ) ); - ssl->compress_buf = mbedtls_calloc( 1, MBEDTLS_SSL_COMPRESS_BUFFER_LEN ); - if( ssl->compress_buf == NULL ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc(%d bytes) failed", - MBEDTLS_SSL_COMPRESS_BUFFER_LEN ) ); - return( MBEDTLS_ERR_SSL_ALLOC_FAILED ); + if (ssl->session_negotiate->compression == MBEDTLS_SSL_COMPRESS_DEFLATE && + ssl->compress_buf == NULL) { + MBEDTLS_SSL_DEBUG_MSG(3, ("Allocating compression buffer")); + ssl->compress_buf = mbedtls_calloc(1, MBEDTLS_SSL_COMPRESS_BUFFER_LEN); + if (ssl->compress_buf == NULL) { + MBEDTLS_SSL_DEBUG_MSG(1, ("alloc(%d bytes) failed", + MBEDTLS_SSL_COMPRESS_BUFFER_LEN)); + return MBEDTLS_ERR_SSL_ALLOC_FAILED; } } #endif - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= derive keys" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("<= derive keys")); - return( 0 ); + return 0; } #if defined(MBEDTLS_SSL_PROTO_SSL3) -void ssl_calc_verify_ssl( const mbedtls_ssl_context *ssl, - unsigned char *hash, - size_t *hlen ) +void ssl_calc_verify_ssl(const mbedtls_ssl_context *ssl, + unsigned char *hash, + size_t *hlen) { mbedtls_md5_context md5; mbedtls_sha1_context sha1; unsigned char pad_1[48]; unsigned char pad_2[48]; - MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> calc verify ssl" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("=> calc verify ssl")); - mbedtls_md5_init( &md5 ); - mbedtls_sha1_init( &sha1 ); + mbedtls_md5_init(&md5); + mbedtls_sha1_init(&sha1); - mbedtls_md5_clone( &md5, &ssl->handshake->fin_md5 ); - mbedtls_sha1_clone( &sha1, &ssl->handshake->fin_sha1 ); + mbedtls_md5_clone(&md5, &ssl->handshake->fin_md5); + mbedtls_sha1_clone(&sha1, &ssl->handshake->fin_sha1); - memset( pad_1, 0x36, 48 ); - memset( pad_2, 0x5C, 48 ); + memset(pad_1, 0x36, 48); + memset(pad_2, 0x5C, 48); - mbedtls_md5_update_ret( &md5, ssl->session_negotiate->master, 48 ); - mbedtls_md5_update_ret( &md5, pad_1, 48 ); - mbedtls_md5_finish_ret( &md5, hash ); + mbedtls_md5_update_ret(&md5, ssl->session_negotiate->master, 48); + mbedtls_md5_update_ret(&md5, pad_1, 48); + mbedtls_md5_finish_ret(&md5, hash); - mbedtls_md5_starts_ret( &md5 ); - mbedtls_md5_update_ret( &md5, ssl->session_negotiate->master, 48 ); - mbedtls_md5_update_ret( &md5, pad_2, 48 ); - mbedtls_md5_update_ret( &md5, hash, 16 ); - mbedtls_md5_finish_ret( &md5, hash ); + mbedtls_md5_starts_ret(&md5); + mbedtls_md5_update_ret(&md5, ssl->session_negotiate->master, 48); + mbedtls_md5_update_ret(&md5, pad_2, 48); + mbedtls_md5_update_ret(&md5, hash, 16); + mbedtls_md5_finish_ret(&md5, hash); - mbedtls_sha1_update_ret( &sha1, ssl->session_negotiate->master, 48 ); - mbedtls_sha1_update_ret( &sha1, pad_1, 40 ); - mbedtls_sha1_finish_ret( &sha1, hash + 16 ); + mbedtls_sha1_update_ret(&sha1, ssl->session_negotiate->master, 48); + mbedtls_sha1_update_ret(&sha1, pad_1, 40); + mbedtls_sha1_finish_ret(&sha1, hash + 16); - mbedtls_sha1_starts_ret( &sha1 ); - mbedtls_sha1_update_ret( &sha1, ssl->session_negotiate->master, 48 ); - mbedtls_sha1_update_ret( &sha1, pad_2, 40 ); - mbedtls_sha1_update_ret( &sha1, hash + 16, 20 ); - mbedtls_sha1_finish_ret( &sha1, hash + 16 ); + mbedtls_sha1_starts_ret(&sha1); + mbedtls_sha1_update_ret(&sha1, ssl->session_negotiate->master, 48); + mbedtls_sha1_update_ret(&sha1, pad_2, 40); + mbedtls_sha1_update_ret(&sha1, hash + 16, 20); + mbedtls_sha1_finish_ret(&sha1, hash + 16); *hlen = 36; - MBEDTLS_SSL_DEBUG_BUF( 3, "calculated verify result", hash, *hlen ); - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc verify" ) ); + MBEDTLS_SSL_DEBUG_BUF(3, "calculated verify result", hash, *hlen); + MBEDTLS_SSL_DEBUG_MSG(2, ("<= calc verify")); - mbedtls_md5_free( &md5 ); - mbedtls_sha1_free( &sha1 ); + mbedtls_md5_free(&md5); + mbedtls_sha1_free(&sha1); return; } #endif /* MBEDTLS_SSL_PROTO_SSL3 */ #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) -void ssl_calc_verify_tls( const mbedtls_ssl_context *ssl, - unsigned char *hash, - size_t *hlen ) +void ssl_calc_verify_tls(const mbedtls_ssl_context *ssl, + unsigned char *hash, + size_t *hlen) { mbedtls_md5_context md5; mbedtls_sha1_context sha1; - MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> calc verify tls" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("=> calc verify tls")); - mbedtls_md5_init( &md5 ); - mbedtls_sha1_init( &sha1 ); + mbedtls_md5_init(&md5); + mbedtls_sha1_init(&sha1); - mbedtls_md5_clone( &md5, &ssl->handshake->fin_md5 ); - mbedtls_sha1_clone( &sha1, &ssl->handshake->fin_sha1 ); + mbedtls_md5_clone(&md5, &ssl->handshake->fin_md5); + mbedtls_sha1_clone(&sha1, &ssl->handshake->fin_sha1); - mbedtls_md5_finish_ret( &md5, hash ); - mbedtls_sha1_finish_ret( &sha1, hash + 16 ); + mbedtls_md5_finish_ret(&md5, hash); + mbedtls_sha1_finish_ret(&sha1, hash + 16); *hlen = 36; - MBEDTLS_SSL_DEBUG_BUF( 3, "calculated verify result", hash, *hlen ); - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc verify" ) ); + MBEDTLS_SSL_DEBUG_BUF(3, "calculated verify result", hash, *hlen); + MBEDTLS_SSL_DEBUG_MSG(2, ("<= calc verify")); - mbedtls_md5_free( &md5 ); - mbedtls_sha1_free( &sha1 ); + mbedtls_md5_free(&md5); + mbedtls_sha1_free(&sha1); return; } @@ -1898,98 +1844,94 @@ void ssl_calc_verify_tls( const mbedtls_ssl_context *ssl, #if defined(MBEDTLS_SSL_PROTO_TLS1_2) #if defined(MBEDTLS_SHA256_C) -void ssl_calc_verify_tls_sha256( const mbedtls_ssl_context *ssl, - unsigned char *hash, - size_t *hlen ) +void ssl_calc_verify_tls_sha256(const mbedtls_ssl_context *ssl, + unsigned char *hash, + size_t *hlen) { #if defined(MBEDTLS_USE_PSA_CRYPTO) size_t hash_size; psa_status_t status; psa_hash_operation_t sha256_psa = psa_hash_operation_init(); - MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> PSA calc verify sha256" ) ); - status = psa_hash_clone( &ssl->handshake->fin_sha256_psa, &sha256_psa ); - if( status != PSA_SUCCESS ) - { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "PSA hash clone failed" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("=> PSA calc verify sha256")); + status = psa_hash_clone(&ssl->handshake->fin_sha256_psa, &sha256_psa); + if (status != PSA_SUCCESS) { + MBEDTLS_SSL_DEBUG_MSG(2, ("PSA hash clone failed")); return; } - status = psa_hash_finish( &sha256_psa, hash, 32, &hash_size ); - if( status != PSA_SUCCESS ) - { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "PSA hash finish failed" ) ); + status = psa_hash_finish(&sha256_psa, hash, 32, &hash_size); + if (status != PSA_SUCCESS) { + MBEDTLS_SSL_DEBUG_MSG(2, ("PSA hash finish failed")); return; } *hlen = 32; - MBEDTLS_SSL_DEBUG_BUF( 3, "PSA calculated verify result", hash, *hlen ); - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= PSA calc verify" ) ); + MBEDTLS_SSL_DEBUG_BUF(3, "PSA calculated verify result", hash, *hlen); + MBEDTLS_SSL_DEBUG_MSG(2, ("<= PSA calc verify")); #else mbedtls_sha256_context sha256; - mbedtls_sha256_init( &sha256 ); + mbedtls_sha256_init(&sha256); - MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> calc verify sha256" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("=> calc verify sha256")); - mbedtls_sha256_clone( &sha256, &ssl->handshake->fin_sha256 ); - mbedtls_sha256_finish_ret( &sha256, hash ); + mbedtls_sha256_clone(&sha256, &ssl->handshake->fin_sha256); + mbedtls_sha256_finish_ret(&sha256, hash); *hlen = 32; - MBEDTLS_SSL_DEBUG_BUF( 3, "calculated verify result", hash, *hlen ); - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc verify" ) ); + MBEDTLS_SSL_DEBUG_BUF(3, "calculated verify result", hash, *hlen); + MBEDTLS_SSL_DEBUG_MSG(2, ("<= calc verify")); - mbedtls_sha256_free( &sha256 ); + mbedtls_sha256_free(&sha256); #endif /* MBEDTLS_USE_PSA_CRYPTO */ return; } #endif /* MBEDTLS_SHA256_C */ #if defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_SHA512_NO_SHA384) -void ssl_calc_verify_tls_sha384( const mbedtls_ssl_context *ssl, - unsigned char *hash, - size_t *hlen ) +void ssl_calc_verify_tls_sha384(const mbedtls_ssl_context *ssl, + unsigned char *hash, + size_t *hlen) { #if defined(MBEDTLS_USE_PSA_CRYPTO) size_t hash_size; psa_status_t status; psa_hash_operation_t sha384_psa = psa_hash_operation_init(); - MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> PSA calc verify sha384" ) ); - status = psa_hash_clone( &ssl->handshake->fin_sha384_psa, &sha384_psa ); - if( status != PSA_SUCCESS ) - { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "PSA hash clone failed" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("=> PSA calc verify sha384")); + status = psa_hash_clone(&ssl->handshake->fin_sha384_psa, &sha384_psa); + if (status != PSA_SUCCESS) { + MBEDTLS_SSL_DEBUG_MSG(2, ("PSA hash clone failed")); return; } - status = psa_hash_finish( &sha384_psa, hash, 48, &hash_size ); - if( status != PSA_SUCCESS ) - { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "PSA hash finish failed" ) ); + status = psa_hash_finish(&sha384_psa, hash, 48, &hash_size); + if (status != PSA_SUCCESS) { + MBEDTLS_SSL_DEBUG_MSG(2, ("PSA hash finish failed")); return; } *hlen = 48; - MBEDTLS_SSL_DEBUG_BUF( 3, "PSA calculated verify result", hash, *hlen ); - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= PSA calc verify" ) ); + MBEDTLS_SSL_DEBUG_BUF(3, "PSA calculated verify result", hash, *hlen); + MBEDTLS_SSL_DEBUG_MSG(2, ("<= PSA calc verify")); #else mbedtls_sha512_context sha512; - mbedtls_sha512_init( &sha512 ); + mbedtls_sha512_init(&sha512); - MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> calc verify sha384" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("=> calc verify sha384")); - mbedtls_sha512_clone( &sha512, &ssl->handshake->fin_sha512 ); - mbedtls_sha512_finish_ret( &sha512, hash ); + mbedtls_sha512_clone(&sha512, &ssl->handshake->fin_sha512); + mbedtls_sha512_finish_ret(&sha512, hash); *hlen = 48; - MBEDTLS_SSL_DEBUG_BUF( 3, "calculated verify result", hash, *hlen ); - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc verify" ) ); + MBEDTLS_SSL_DEBUG_BUF(3, "calculated verify result", hash, *hlen); + MBEDTLS_SSL_DEBUG_MSG(2, ("<= calc verify")); - mbedtls_sha512_free( &sha512 ); + mbedtls_sha512_free(&sha512); #endif /* MBEDTLS_USE_PSA_CRYPTO */ return; } @@ -1997,22 +1939,21 @@ void ssl_calc_verify_tls_sha384( const mbedtls_ssl_context *ssl, #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) -int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl, mbedtls_key_exchange_type_t key_ex ) +int mbedtls_ssl_psk_derive_premaster(mbedtls_ssl_context *ssl, mbedtls_key_exchange_type_t key_ex) { unsigned char *p = ssl->handshake->premaster; - unsigned char *end = p + sizeof( ssl->handshake->premaster ); + unsigned char *end = p + sizeof(ssl->handshake->premaster); const unsigned char *psk = NULL; size_t psk_len = 0; - if( mbedtls_ssl_get_psk( ssl, &psk, &psk_len ) - == MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED ) - { + if (mbedtls_ssl_get_psk(ssl, &psk, &psk_len) + == MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED) { /* * This should never happen because the existence of a PSK is always * checked before calling this function */ - MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); + return MBEDTLS_ERR_SSL_INTERNAL_ERROR; } /* @@ -2023,152 +1964,142 @@ int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl, mbedtls_key_exch * with "other_secret" depending on the particular key exchange */ #if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) - if( key_ex == MBEDTLS_KEY_EXCHANGE_PSK ) - { - if( end - p < 2 ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + if (key_ex == MBEDTLS_KEY_EXCHANGE_PSK) { + if (end - p < 2) { + return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; + } - MBEDTLS_PUT_UINT16_BE( psk_len, p, 0 ); + MBEDTLS_PUT_UINT16_BE(psk_len, p, 0); p += 2; - if( end < p || (size_t)( end - p ) < psk_len ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + if (end < p || (size_t) (end - p) < psk_len) { + return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; + } - memset( p, 0, psk_len ); + memset(p, 0, psk_len); p += psk_len; - } - else + } else #endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */ #if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) - if( key_ex == MBEDTLS_KEY_EXCHANGE_RSA_PSK ) - { + if (key_ex == MBEDTLS_KEY_EXCHANGE_RSA_PSK) { /* * other_secret already set by the ClientKeyExchange message, * and is 48 bytes long */ - if( end - p < 2 ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + if (end - p < 2) { + return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; + } *p++ = 0; *p++ = 48; p += 48; - } - else + } else #endif /* MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */ #if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) - if( key_ex == MBEDTLS_KEY_EXCHANGE_DHE_PSK ) - { + if (key_ex == MBEDTLS_KEY_EXCHANGE_DHE_PSK) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len; /* Write length only when we know the actual value */ - if( ( ret = mbedtls_dhm_calc_secret( &ssl->handshake->dhm_ctx, - p + 2, end - ( p + 2 ), &len, - ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_dhm_calc_secret", ret ); - return( ret ); + if ((ret = mbedtls_dhm_calc_secret(&ssl->handshake->dhm_ctx, + p + 2, end - (p + 2), &len, + ssl->conf->f_rng, ssl->conf->p_rng)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_dhm_calc_secret", ret); + return ret; } - MBEDTLS_PUT_UINT16_BE( len, p, 0 ); + MBEDTLS_PUT_UINT16_BE(len, p, 0); p += 2 + len; - MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: K ", &ssl->handshake->dhm_ctx.K ); - } - else + MBEDTLS_SSL_DEBUG_MPI(3, "DHM: K ", &ssl->handshake->dhm_ctx.K); + } else #endif /* MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */ #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) - if( key_ex == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK ) - { + if (key_ex == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t zlen; - if( ( ret = mbedtls_ecdh_calc_secret( &ssl->handshake->ecdh_ctx, &zlen, - p + 2, end - ( p + 2 ), - ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecdh_calc_secret", ret ); - return( ret ); + if ((ret = mbedtls_ecdh_calc_secret(&ssl->handshake->ecdh_ctx, &zlen, + p + 2, end - (p + 2), + ssl->conf->f_rng, ssl->conf->p_rng)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ecdh_calc_secret", ret); + return ret; } - MBEDTLS_PUT_UINT16_BE( zlen, p, 0 ); + MBEDTLS_PUT_UINT16_BE(zlen, p, 0); p += 2 + zlen; - MBEDTLS_SSL_DEBUG_ECDH( 3, &ssl->handshake->ecdh_ctx, - MBEDTLS_DEBUG_ECDH_Z ); - } - else + MBEDTLS_SSL_DEBUG_ECDH(3, &ssl->handshake->ecdh_ctx, + MBEDTLS_DEBUG_ECDH_Z); + } else #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */ { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); + return MBEDTLS_ERR_SSL_INTERNAL_ERROR; } /* opaque psk<0..2^16-1>; */ - if( end - p < 2 ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + if (end - p < 2) { + return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; + } - MBEDTLS_PUT_UINT16_BE( psk_len, p, 0 ); + MBEDTLS_PUT_UINT16_BE(psk_len, p, 0); p += 2; - if( end < p || (size_t)( end - p ) < psk_len ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + if (end < p || (size_t) (end - p) < psk_len) { + return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; + } - memcpy( p, psk, psk_len ); + memcpy(p, psk, psk_len); p += psk_len; ssl->handshake->pmslen = p - ssl->handshake->premaster; - return( 0 ); + return 0; } #endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ #if defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_RENEGOTIATION) MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_write_hello_request( mbedtls_ssl_context *ssl ); +static int ssl_write_hello_request(mbedtls_ssl_context *ssl); #if defined(MBEDTLS_SSL_PROTO_DTLS) -int mbedtls_ssl_resend_hello_request( mbedtls_ssl_context *ssl ) +int mbedtls_ssl_resend_hello_request(mbedtls_ssl_context *ssl) { /* If renegotiation is not enforced, retransmit until we would reach max * timeout if we were using the usual handshake doubling scheme */ - if( ssl->conf->renego_max_records < 0 ) - { + if (ssl->conf->renego_max_records < 0) { uint32_t ratio = ssl->conf->hs_timeout_max / ssl->conf->hs_timeout_min + 1; unsigned char doublings = 1; - while( ratio != 0 ) - { + while (ratio != 0) { ++doublings; ratio >>= 1; } - if( ++ssl->renego_records_seen > doublings ) - { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "no longer retransmitting hello request" ) ); - return( 0 ); + if (++ssl->renego_records_seen > doublings) { + MBEDTLS_SSL_DEBUG_MSG(2, ("no longer retransmitting hello request")); + return 0; } } - return( ssl_write_hello_request( ssl ) ); + return ssl_write_hello_request(ssl); } #endif #endif /* MBEDTLS_SSL_SRV_C && MBEDTLS_SSL_RENEGOTIATION */ #if defined(MBEDTLS_X509_CRT_PARSE_C) -static void ssl_clear_peer_cert( mbedtls_ssl_session *session ) +static void ssl_clear_peer_cert(mbedtls_ssl_session *session) { #if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) - if( session->peer_cert != NULL ) - { - mbedtls_x509_crt_free( session->peer_cert ); - mbedtls_free( session->peer_cert ); + if (session->peer_cert != NULL) { + mbedtls_x509_crt_free(session->peer_cert); + mbedtls_free(session->peer_cert); session->peer_cert = NULL; } #else /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ - if( session->peer_cert_digest != NULL ) - { + if (session->peer_cert_digest != NULL) { /* Zeroization is not necessary. */ - mbedtls_free( session->peer_cert_digest ); + mbedtls_free(session->peer_cert_digest); session->peer_cert_digest = NULL; session->peer_cert_digest_type = MBEDTLS_MD_NONE; session->peer_cert_digest_len = 0; @@ -2182,46 +2113,44 @@ static void ssl_clear_peer_cert( mbedtls_ssl_session *session ) */ #if !defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) /* No certificate support -> dummy functions */ -int mbedtls_ssl_write_certificate( mbedtls_ssl_context *ssl ) +int mbedtls_ssl_write_certificate(mbedtls_ssl_context *ssl) { const mbedtls_ssl_ciphersuite_t *ciphersuite_info = ssl->handshake->ciphersuite_info; - MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write certificate" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("=> write certificate")); - if( !mbedtls_ssl_ciphersuite_uses_srv_cert( ciphersuite_info ) ) - { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write certificate" ) ); + if (!mbedtls_ssl_ciphersuite_uses_srv_cert(ciphersuite_info)) { + MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip write certificate")); ssl->state++; - return( 0 ); + return 0; } - MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); + return MBEDTLS_ERR_SSL_INTERNAL_ERROR; } -int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl ) +int mbedtls_ssl_parse_certificate(mbedtls_ssl_context *ssl) { const mbedtls_ssl_ciphersuite_t *ciphersuite_info = ssl->handshake->ciphersuite_info; - MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse certificate" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("=> parse certificate")); - if( !mbedtls_ssl_ciphersuite_uses_srv_cert( ciphersuite_info ) ) - { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip parse certificate" ) ); + if (!mbedtls_ssl_ciphersuite_uses_srv_cert(ciphersuite_info)) { + MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip parse certificate")); ssl->state++; - return( 0 ); + return 0; } - MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); + return MBEDTLS_ERR_SSL_INTERNAL_ERROR; } #else /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ /* Some certificate support -> implement write and parse */ -int mbedtls_ssl_write_certificate( mbedtls_ssl_context *ssl ) +int mbedtls_ssl_write_certificate(mbedtls_ssl_context *ssl) { int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; size_t i, n; @@ -2229,23 +2158,20 @@ int mbedtls_ssl_write_certificate( mbedtls_ssl_context *ssl ) const mbedtls_ssl_ciphersuite_t *ciphersuite_info = ssl->handshake->ciphersuite_info; - MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write certificate" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("=> write certificate")); - if( !mbedtls_ssl_ciphersuite_uses_srv_cert( ciphersuite_info ) ) - { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write certificate" ) ); + if (!mbedtls_ssl_ciphersuite_uses_srv_cert(ciphersuite_info)) { + MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip write certificate")); ssl->state++; - return( 0 ); + return 0; } #if defined(MBEDTLS_SSL_CLI_C) - if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT ) - { - if( ssl->client_auth == 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write certificate" ) ); + if (ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT) { + if (ssl->client_auth == 0) { + MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip write certificate")); ssl->state++; - return( 0 ); + return 0; } #if defined(MBEDTLS_SSL_PROTO_SSL3) @@ -2253,32 +2179,29 @@ int mbedtls_ssl_write_certificate( mbedtls_ssl_context *ssl ) * If using SSLv3 and got no cert, send an Alert message * (otherwise an empty Certificate message will be sent). */ - if( mbedtls_ssl_own_cert( ssl ) == NULL && - ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ) - { + if (mbedtls_ssl_own_cert(ssl) == NULL && + ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0) { ssl->out_msglen = 2; ssl->out_msgtype = MBEDTLS_SSL_MSG_ALERT; ssl->out_msg[0] = MBEDTLS_SSL_ALERT_LEVEL_WARNING; ssl->out_msg[1] = MBEDTLS_SSL_ALERT_MSG_NO_CERT; - MBEDTLS_SSL_DEBUG_MSG( 2, ( "got no certificate to send" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("got no certificate to send")); goto write_msg; } #endif /* MBEDTLS_SSL_PROTO_SSL3 */ } #endif /* MBEDTLS_SSL_CLI_C */ #if defined(MBEDTLS_SSL_SRV_C) - if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER ) - { - if( mbedtls_ssl_own_cert( ssl ) == NULL ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "got no certificate to send" ) ); - return( MBEDTLS_ERR_SSL_CERTIFICATE_REQUIRED ); + if (ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER) { + if (mbedtls_ssl_own_cert(ssl) == NULL) { + MBEDTLS_SSL_DEBUG_MSG(1, ("got no certificate to send")); + return MBEDTLS_ERR_SSL_CERTIFICATE_REQUIRED; } } #endif - MBEDTLS_SSL_DEBUG_CRT( 3, "own certificate", mbedtls_ssl_own_cert( ssl ) ); + MBEDTLS_SSL_DEBUG_CRT(3, "own certificate", mbedtls_ssl_own_cert(ssl)); /* * 0 . 0 handshake type @@ -2290,30 +2213,28 @@ int mbedtls_ssl_write_certificate( mbedtls_ssl_context *ssl ) * n+3 . ... upper level cert, etc. */ i = 7; - crt = mbedtls_ssl_own_cert( ssl ); + crt = mbedtls_ssl_own_cert(ssl); - while( crt != NULL ) - { + while (crt != NULL) { n = crt->raw.len; - if( n > MBEDTLS_SSL_OUT_CONTENT_LEN - 3 - i ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "certificate too large, %" MBEDTLS_PRINTF_SIZET - " > %" MBEDTLS_PRINTF_SIZET, - i + 3 + n, (size_t) MBEDTLS_SSL_OUT_CONTENT_LEN ) ); - return( MBEDTLS_ERR_SSL_CERTIFICATE_TOO_LARGE ); + if (n > MBEDTLS_SSL_OUT_CONTENT_LEN - 3 - i) { + MBEDTLS_SSL_DEBUG_MSG(1, ("certificate too large, %" MBEDTLS_PRINTF_SIZET + " > %" MBEDTLS_PRINTF_SIZET, + i + 3 + n, (size_t) MBEDTLS_SSL_OUT_CONTENT_LEN)); + return MBEDTLS_ERR_SSL_CERTIFICATE_TOO_LARGE; } - ssl->out_msg[i ] = MBEDTLS_BYTE_2( n ); - ssl->out_msg[i + 1] = MBEDTLS_BYTE_1( n ); - ssl->out_msg[i + 2] = MBEDTLS_BYTE_0( n ); + ssl->out_msg[i] = MBEDTLS_BYTE_2(n); + ssl->out_msg[i + 1] = MBEDTLS_BYTE_1(n); + ssl->out_msg[i + 2] = MBEDTLS_BYTE_0(n); - i += 3; memcpy( ssl->out_msg + i, crt->raw.p, n ); + i += 3; memcpy(ssl->out_msg + i, crt->raw.p, n); i += n; crt = crt->next; } - ssl->out_msg[4] = MBEDTLS_BYTE_2( i - 7 ); - ssl->out_msg[5] = MBEDTLS_BYTE_1( i - 7 ); - ssl->out_msg[6] = MBEDTLS_BYTE_0( i - 7 ); + ssl->out_msg[4] = MBEDTLS_BYTE_2(i - 7); + ssl->out_msg[5] = MBEDTLS_BYTE_1(i - 7); + ssl->out_msg[6] = MBEDTLS_BYTE_0(i - 7); ssl->out_msglen = i; ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE; @@ -2325,40 +2246,41 @@ write_msg: ssl->state++; - if( ( ret = mbedtls_ssl_write_handshake_msg( ssl ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_handshake_msg", ret ); - return( ret ); + if ((ret = mbedtls_ssl_write_handshake_msg(ssl)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg", ret); + return ret; } - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write certificate" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("<= write certificate")); - return( ret ); + return ret; } #if defined(MBEDTLS_SSL_RENEGOTIATION) && defined(MBEDTLS_SSL_CLI_C) #if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_check_peer_crt_unchanged( mbedtls_ssl_context *ssl, - unsigned char *crt_buf, - size_t crt_buf_len ) +static int ssl_check_peer_crt_unchanged(mbedtls_ssl_context *ssl, + unsigned char *crt_buf, + size_t crt_buf_len) { mbedtls_x509_crt const * const peer_crt = ssl->session->peer_cert; - if( peer_crt == NULL ) - return( -1 ); + if (peer_crt == NULL) { + return -1; + } - if( peer_crt->raw.len != crt_buf_len ) - return( -1 ); + if (peer_crt->raw.len != crt_buf_len) { + return -1; + } - return( memcmp( peer_crt->raw.p, crt_buf, peer_crt->raw.len ) ); + return memcmp(peer_crt->raw.p, crt_buf, peer_crt->raw.len); } #else /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_check_peer_crt_unchanged( mbedtls_ssl_context *ssl, - unsigned char *crt_buf, - size_t crt_buf_len ) +static int ssl_check_peer_crt_unchanged(mbedtls_ssl_context *ssl, + unsigned char *crt_buf, + size_t crt_buf_len) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char const * const peer_cert_digest = @@ -2366,22 +2288,25 @@ static int ssl_check_peer_crt_unchanged( mbedtls_ssl_context *ssl, mbedtls_md_type_t const peer_cert_digest_type = ssl->session->peer_cert_digest_type; mbedtls_md_info_t const * const digest_info = - mbedtls_md_info_from_type( peer_cert_digest_type ); + mbedtls_md_info_from_type(peer_cert_digest_type); unsigned char tmp_digest[MBEDTLS_SSL_PEER_CERT_DIGEST_MAX_LEN]; size_t digest_len; - if( peer_cert_digest == NULL || digest_info == NULL ) - return( -1 ); + if (peer_cert_digest == NULL || digest_info == NULL) { + return -1; + } - digest_len = mbedtls_md_get_size( digest_info ); - if( digest_len > MBEDTLS_SSL_PEER_CERT_DIGEST_MAX_LEN ) - return( -1 ); + digest_len = mbedtls_md_get_size(digest_info); + if (digest_len > MBEDTLS_SSL_PEER_CERT_DIGEST_MAX_LEN) { + return -1; + } - ret = mbedtls_md( digest_info, crt_buf, crt_buf_len, tmp_digest ); - if( ret != 0 ) - return( -1 ); + ret = mbedtls_md(digest_info, crt_buf, crt_buf_len, tmp_digest); + if (ret != 0) { + return -1; + } - return( memcmp( tmp_digest, peer_cert_digest, digest_len ) ); + return memcmp(tmp_digest, peer_cert_digest, digest_len); } #endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ #endif /* MBEDTLS_SSL_RENEGOTIATION && MBEDTLS_SSL_CLI_C */ @@ -2391,125 +2316,116 @@ static int ssl_check_peer_crt_unchanged( mbedtls_ssl_context *ssl, * perform basic checks, but leave actual verification to the caller */ MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_parse_certificate_chain( mbedtls_ssl_context *ssl, - mbedtls_x509_crt *chain ) +static int ssl_parse_certificate_chain(mbedtls_ssl_context *ssl, + mbedtls_x509_crt *chain) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; #if defined(MBEDTLS_SSL_RENEGOTIATION) && defined(MBEDTLS_SSL_CLI_C) - int crt_cnt=0; + int crt_cnt = 0; #endif size_t i, n; uint8_t alert; - if( ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate message" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE ); - return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE ); + if (ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad certificate message")); + mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE); + return MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE; } - if( ssl->in_msg[0] != MBEDTLS_SSL_HS_CERTIFICATE || - ssl->in_hslen < mbedtls_ssl_hs_hdr_len( ssl ) + 3 + 3 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate message" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); - return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE ); + if (ssl->in_msg[0] != MBEDTLS_SSL_HS_CERTIFICATE || + ssl->in_hslen < mbedtls_ssl_hs_hdr_len(ssl) + 3 + 3) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad certificate message")); + mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); + return MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE; } - i = mbedtls_ssl_hs_hdr_len( ssl ); + i = mbedtls_ssl_hs_hdr_len(ssl); /* * Same message structure as in mbedtls_ssl_write_certificate() */ - n = ( ssl->in_msg[i+1] << 8 ) | ssl->in_msg[i+2]; + n = (ssl->in_msg[i+1] << 8) | ssl->in_msg[i+2]; - if( ssl->in_msg[i] != 0 || - ssl->in_hslen != n + 3 + mbedtls_ssl_hs_hdr_len( ssl ) ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate message" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); - return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE ); + if (ssl->in_msg[i] != 0 || + ssl->in_hslen != n + 3 + mbedtls_ssl_hs_hdr_len(ssl)) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad certificate message")); + mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); + return MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE; } /* Make &ssl->in_msg[i] point to the beginning of the CRT chain. */ i += 3; /* Iterate through and parse the CRTs in the provided chain. */ - while( i < ssl->in_hslen ) - { + while (i < ssl->in_hslen) { /* Check that there's room for the next CRT's length fields. */ - if ( i + 3 > ssl->in_hslen ) { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate message" ) ); - mbedtls_ssl_send_alert_message( ssl, - MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); - return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE ); + if (i + 3 > ssl->in_hslen) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad certificate message")); + mbedtls_ssl_send_alert_message(ssl, + MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); + return MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE; } /* In theory, the CRT can be up to 2**24 Bytes, but we don't support * anything beyond 2**16 ~ 64K. */ - if( ssl->in_msg[i] != 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate message" ) ); - mbedtls_ssl_send_alert_message( ssl, - MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); - return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE ); + if (ssl->in_msg[i] != 0) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad certificate message")); + mbedtls_ssl_send_alert_message(ssl, + MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); + return MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE; } /* Read length of the next CRT in the chain. */ - n = ( (unsigned int) ssl->in_msg[i + 1] << 8 ) + n = ((unsigned int) ssl->in_msg[i + 1] << 8) | (unsigned int) ssl->in_msg[i + 2]; i += 3; - if( n < 128 || i + n > ssl->in_hslen ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate message" ) ); - mbedtls_ssl_send_alert_message( ssl, - MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); - return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE ); + if (n < 128 || i + n > ssl->in_hslen) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad certificate message")); + mbedtls_ssl_send_alert_message(ssl, + MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); + return MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE; } /* Check if we're handling the first CRT in the chain. */ #if defined(MBEDTLS_SSL_RENEGOTIATION) && defined(MBEDTLS_SSL_CLI_C) - if( crt_cnt++ == 0 && + if (crt_cnt++ == 0 && ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT && - ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS ) - { + ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS) { /* During client-side renegotiation, check that the server's * end-CRTs hasn't changed compared to the initial handshake, * mitigating the triple handshake attack. On success, reuse * the original end-CRT instead of parsing it again. */ - MBEDTLS_SSL_DEBUG_MSG( 3, ( "Check that peer CRT hasn't changed during renegotiation" ) ); - if( ssl_check_peer_crt_unchanged( ssl, - &ssl->in_msg[i], - n ) != 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "new server cert during renegotiation" ) ); - mbedtls_ssl_send_alert_message( ssl, - MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_ACCESS_DENIED ); - return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE ); + MBEDTLS_SSL_DEBUG_MSG(3, ("Check that peer CRT hasn't changed during renegotiation")); + if (ssl_check_peer_crt_unchanged(ssl, + &ssl->in_msg[i], + n) != 0) { + MBEDTLS_SSL_DEBUG_MSG(1, ("new server cert during renegotiation")); + mbedtls_ssl_send_alert_message(ssl, + MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_ACCESS_DENIED); + return MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE; } /* Now we can safely free the original chain. */ - ssl_clear_peer_cert( ssl->session ); + ssl_clear_peer_cert(ssl->session); } #endif /* MBEDTLS_SSL_RENEGOTIATION && MBEDTLS_SSL_CLI_C */ /* Parse the next certificate in the chain. */ #if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) - ret = mbedtls_x509_crt_parse_der( chain, ssl->in_msg + i, n ); + ret = mbedtls_x509_crt_parse_der(chain, ssl->in_msg + i, n); #else /* If we don't need to store the CRT chain permanently, parse * it in-place from the input buffer instead of making a copy. */ - ret = mbedtls_x509_crt_parse_der_nocopy( chain, ssl->in_msg + i, n ); + ret = mbedtls_x509_crt_parse_der_nocopy(chain, ssl->in_msg + i, n); #endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ - switch( ret ) - { + switch (ret) { case 0: /*ok*/ case MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG + MBEDTLS_ERR_OID_NOT_FOUND: /* Ignore certificate with an unknown algorithm: maybe a @@ -2526,57 +2442,55 @@ static int ssl_parse_certificate_chain( mbedtls_ssl_context *ssl, default: alert = MBEDTLS_SSL_ALERT_MSG_BAD_CERT; - crt_parse_der_failed: - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, alert ); - MBEDTLS_SSL_DEBUG_RET( 1, " mbedtls_x509_crt_parse_der", ret ); - return( ret ); +crt_parse_der_failed: + mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, alert); + MBEDTLS_SSL_DEBUG_RET(1, " mbedtls_x509_crt_parse_der", ret); + return ret; } i += n; } - MBEDTLS_SSL_DEBUG_CRT( 3, "peer certificate", chain ); - return( 0 ); + MBEDTLS_SSL_DEBUG_CRT(3, "peer certificate", chain); + return 0; } #if defined(MBEDTLS_SSL_SRV_C) MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_srv_check_client_no_crt_notification( mbedtls_ssl_context *ssl ) +static int ssl_srv_check_client_no_crt_notification(mbedtls_ssl_context *ssl) { - if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT ) - return( -1 ); + if (ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT) { + return -1; + } #if defined(MBEDTLS_SSL_PROTO_SSL3) /* * Check if the client sent an empty certificate */ - if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ) - { - if( ssl->in_msglen == 2 && + if (ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0) { + if (ssl->in_msglen == 2 && ssl->in_msgtype == MBEDTLS_SSL_MSG_ALERT && ssl->in_msg[0] == MBEDTLS_SSL_ALERT_LEVEL_WARNING && - ssl->in_msg[1] == MBEDTLS_SSL_ALERT_MSG_NO_CERT ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "SSLv3 client has no certificate" ) ); - return( 0 ); + ssl->in_msg[1] == MBEDTLS_SSL_ALERT_MSG_NO_CERT) { + MBEDTLS_SSL_DEBUG_MSG(1, ("SSLv3 client has no certificate")); + return 0; } - return( -1 ); + return -1; } #endif /* MBEDTLS_SSL_PROTO_SSL3 */ #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \ defined(MBEDTLS_SSL_PROTO_TLS1_2) - if( ssl->in_hslen == 3 + mbedtls_ssl_hs_hdr_len( ssl ) && + if (ssl->in_hslen == 3 + mbedtls_ssl_hs_hdr_len(ssl) && ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE && ssl->in_msg[0] == MBEDTLS_SSL_HS_CERTIFICATE && - memcmp( ssl->in_msg + mbedtls_ssl_hs_hdr_len( ssl ), "\0\0\0", 3 ) == 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "TLSv1 client has no certificate" ) ); - return( 0 ); + memcmp(ssl->in_msg + mbedtls_ssl_hs_hdr_len(ssl), "\0\0\0", 3) == 0) { + MBEDTLS_SSL_DEBUG_MSG(1, ("TLSv1 client has no certificate")); + return 0; } - return( -1 ); + return -1; #endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 || \ MBEDTLS_SSL_PROTO_TLS1_2 */ } @@ -2591,40 +2505,40 @@ static int ssl_srv_check_client_no_crt_notification( mbedtls_ssl_context *ssl ) #define SSL_CERTIFICATE_EXPECTED 0 #define SSL_CERTIFICATE_SKIP 1 MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_parse_certificate_coordinate( mbedtls_ssl_context *ssl, - int authmode ) +static int ssl_parse_certificate_coordinate(mbedtls_ssl_context *ssl, + int authmode) { const mbedtls_ssl_ciphersuite_t *ciphersuite_info = ssl->handshake->ciphersuite_info; - if( !mbedtls_ssl_ciphersuite_uses_srv_cert( ciphersuite_info ) ) - return( SSL_CERTIFICATE_SKIP ); + if (!mbedtls_ssl_ciphersuite_uses_srv_cert(ciphersuite_info)) { + return SSL_CERTIFICATE_SKIP; + } #if defined(MBEDTLS_SSL_SRV_C) - if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER ) - { - if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK ) - return( SSL_CERTIFICATE_SKIP ); + if (ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER) { + if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK) { + return SSL_CERTIFICATE_SKIP; + } - if( authmode == MBEDTLS_SSL_VERIFY_NONE ) - { + if (authmode == MBEDTLS_SSL_VERIFY_NONE) { ssl->session_negotiate->verify_result = MBEDTLS_X509_BADCERT_SKIP_VERIFY; - return( SSL_CERTIFICATE_SKIP ); + return SSL_CERTIFICATE_SKIP; } } #else ((void) authmode); #endif /* MBEDTLS_SSL_SRV_C */ - return( SSL_CERTIFICATE_EXPECTED ); + return SSL_CERTIFICATE_EXPECTED; } MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl, - int authmode, - mbedtls_x509_crt *chain, - void *rs_ctx ) +static int ssl_parse_certificate_verify(mbedtls_ssl_context *ssl, + int authmode, + mbedtls_x509_crt *chain, + void *rs_ctx) { int ret = 0; const mbedtls_ssl_ciphersuite_t *ciphersuite_info = @@ -2634,18 +2548,16 @@ static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl, int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *); void *p_vrfy; - if( authmode == MBEDTLS_SSL_VERIFY_NONE ) - return( 0 ); + if (authmode == MBEDTLS_SSL_VERIFY_NONE) { + return 0; + } - if( ssl->f_vrfy != NULL ) - { - MBEDTLS_SSL_DEBUG_MSG( 3, ( "Use context-specific verification callback" ) ); + if (ssl->f_vrfy != NULL) { + MBEDTLS_SSL_DEBUG_MSG(3, ("Use context-specific verification callback")); f_vrfy = ssl->f_vrfy; p_vrfy = ssl->p_vrfy; - } - else - { - MBEDTLS_SSL_DEBUG_MSG( 3, ( "Use configuration-specific verification callback" ) ); + } else { + MBEDTLS_SSL_DEBUG_MSG(3, ("Use configuration-specific verification callback")); f_vrfy = ssl->conf->f_vrfy; p_vrfy = ssl->conf->p_vrfy; } @@ -2654,12 +2566,11 @@ static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl, * Main check: verify certificate */ #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) - if( ssl->conf->f_ca_cb != NULL ) - { + if (ssl->conf->f_ca_cb != NULL) { ((void) rs_ctx); have_ca_chain = 1; - MBEDTLS_SSL_DEBUG_MSG( 3, ( "use CA callback for X.509 CRT verification" ) ); + MBEDTLS_SSL_DEBUG_MSG(3, ("use CA callback for X.509 CRT verification")); ret = mbedtls_x509_crt_verify_with_ca_cb( chain, ssl->conf->f_ca_cb, @@ -2667,29 +2578,27 @@ static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl, ssl->conf->cert_profile, ssl->hostname, &ssl->session_negotiate->verify_result, - f_vrfy, p_vrfy ); - } - else + f_vrfy, p_vrfy); + } else #endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */ { mbedtls_x509_crt *ca_chain; mbedtls_x509_crl *ca_crl; #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) - if( ssl->handshake->sni_ca_chain != NULL ) - { + if (ssl->handshake->sni_ca_chain != NULL) { ca_chain = ssl->handshake->sni_ca_chain; ca_crl = ssl->handshake->sni_ca_crl; - } - else + } else #endif { ca_chain = ssl->conf->ca_chain; ca_crl = ssl->conf->ca_crl; } - if( ca_chain != NULL ) + if (ca_chain != NULL) { have_ca_chain = 1; + } ret = mbedtls_x509_crt_verify_restartable( chain, @@ -2697,17 +2606,17 @@ static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl, ssl->conf->cert_profile, ssl->hostname, &ssl->session_negotiate->verify_result, - f_vrfy, p_vrfy, rs_ctx ); + f_vrfy, p_vrfy, rs_ctx); } - if( ret != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "x509_verify_cert", ret ); + if (ret != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "x509_verify_cert", ret); } #if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED) - if( ret == MBEDTLS_ERR_ECP_IN_PROGRESS ) - return( MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS ); + if (ret == MBEDTLS_ERR_ECP_IN_PROGRESS) { + return MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS; + } #endif /* @@ -2721,26 +2630,26 @@ static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl, /* If certificate uses an EC key, make sure the curve is OK. * This is a public key, so it can't be opaque, so can_do() is a good * enough check to ensure pk_ec() is safe to use here. */ - if( mbedtls_pk_can_do( pk, MBEDTLS_PK_ECKEY ) && - mbedtls_ssl_check_curve( ssl, mbedtls_pk_ec( *pk )->grp.id ) != 0 ) - { + if (mbedtls_pk_can_do(pk, MBEDTLS_PK_ECKEY) && + mbedtls_ssl_check_curve(ssl, mbedtls_pk_ec(*pk)->grp.id) != 0) { ssl->session_negotiate->verify_result |= MBEDTLS_X509_BADCERT_BAD_KEY; - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate (EC key curve)" ) ); - if( ret == 0 ) + MBEDTLS_SSL_DEBUG_MSG(1, ("bad certificate (EC key curve)")); + if (ret == 0) { ret = MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE; + } } } #endif /* MBEDTLS_ECP_C */ - if( mbedtls_ssl_check_cert_usage( chain, - ciphersuite_info, - ! ssl->conf->endpoint, - &ssl->session_negotiate->verify_result ) != 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate (usage extensions)" ) ); - if( ret == 0 ) + if (mbedtls_ssl_check_cert_usage(chain, + ciphersuite_info, + !ssl->conf->endpoint, + &ssl->session_negotiate->verify_result) != 0) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad certificate (usage extensions)")); + if (ret == 0) { ret = MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE; + } } /* mbedtls_x509_crt_verify_with_profile is supposed to report a @@ -2749,122 +2658,115 @@ static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl, * of error codes, including those from the user provided f_vrfy * functions, are treated as fatal and lead to a failure of * ssl_parse_certificate even if verification was optional. */ - if( authmode == MBEDTLS_SSL_VERIFY_OPTIONAL && - ( ret == MBEDTLS_ERR_X509_CERT_VERIFY_FAILED || - ret == MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE ) ) - { + if (authmode == MBEDTLS_SSL_VERIFY_OPTIONAL && + (ret == MBEDTLS_ERR_X509_CERT_VERIFY_FAILED || + ret == MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE)) { ret = 0; } - if( have_ca_chain == 0 && authmode == MBEDTLS_SSL_VERIFY_REQUIRED ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "got no CA chain" ) ); + if (have_ca_chain == 0 && authmode == MBEDTLS_SSL_VERIFY_REQUIRED) { + MBEDTLS_SSL_DEBUG_MSG(1, ("got no CA chain")); ret = MBEDTLS_ERR_SSL_CA_CHAIN_REQUIRED; } - if( ret != 0 ) - { + if (ret != 0) { uint8_t alert; /* The certificate may have been rejected for several reasons. Pick one and send the corresponding alert. Which alert to send may be a subject of debate in some cases. */ - if( ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_OTHER ) + if (ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_OTHER) { alert = MBEDTLS_SSL_ALERT_MSG_ACCESS_DENIED; - else if( ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_CN_MISMATCH ) + } else if (ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_CN_MISMATCH) { alert = MBEDTLS_SSL_ALERT_MSG_BAD_CERT; - else if( ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_KEY_USAGE ) + } else if (ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_KEY_USAGE) { alert = MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT; - else if( ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_EXT_KEY_USAGE ) + } else if (ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_EXT_KEY_USAGE) { alert = MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT; - else if( ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_NS_CERT_TYPE ) + } else if (ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_NS_CERT_TYPE) { alert = MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT; - else if( ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_BAD_PK ) + } else if (ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_BAD_PK) { alert = MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT; - else if( ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_BAD_KEY ) + } else if (ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_BAD_KEY) { alert = MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT; - else if( ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_EXPIRED ) + } else if (ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_EXPIRED) { alert = MBEDTLS_SSL_ALERT_MSG_CERT_EXPIRED; - else if( ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_REVOKED ) + } else if (ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_REVOKED) { alert = MBEDTLS_SSL_ALERT_MSG_CERT_REVOKED; - else if( ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_NOT_TRUSTED ) + } else if (ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_NOT_TRUSTED) { alert = MBEDTLS_SSL_ALERT_MSG_UNKNOWN_CA; - else + } else { alert = MBEDTLS_SSL_ALERT_MSG_CERT_UNKNOWN; - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - alert ); + } + mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + alert); } #if defined(MBEDTLS_DEBUG_C) - if( ssl->session_negotiate->verify_result != 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 3, ( "! Certificate verification flags %08x", - (unsigned int) ssl->session_negotiate->verify_result ) ); - } - else - { - MBEDTLS_SSL_DEBUG_MSG( 3, ( "Certificate verification flags clear" ) ); + if (ssl->session_negotiate->verify_result != 0) { + MBEDTLS_SSL_DEBUG_MSG(3, ("! Certificate verification flags %08x", + (unsigned int) ssl->session_negotiate->verify_result)); + } else { + MBEDTLS_SSL_DEBUG_MSG(3, ("Certificate verification flags clear")); } #endif /* MBEDTLS_DEBUG_C */ - return( ret ); + return ret; } #if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_remember_peer_crt_digest( mbedtls_ssl_context *ssl, - unsigned char *start, size_t len ) +static int ssl_remember_peer_crt_digest(mbedtls_ssl_context *ssl, + unsigned char *start, size_t len) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; /* Remember digest of the peer's end-CRT. */ ssl->session_negotiate->peer_cert_digest = - mbedtls_calloc( 1, MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN ); - if( ssl->session_negotiate->peer_cert_digest == NULL ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc(%d bytes) failed", - MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN ) ); - mbedtls_ssl_send_alert_message( ssl, - MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR ); + mbedtls_calloc(1, MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN); + if (ssl->session_negotiate->peer_cert_digest == NULL) { + MBEDTLS_SSL_DEBUG_MSG(1, ("alloc(%d bytes) failed", + MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN)); + mbedtls_ssl_send_alert_message(ssl, + MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR); - return( MBEDTLS_ERR_SSL_ALLOC_FAILED ); + return MBEDTLS_ERR_SSL_ALLOC_FAILED; } - ret = mbedtls_md( mbedtls_md_info_from_type( - MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_TYPE ), - start, len, - ssl->session_negotiate->peer_cert_digest ); + ret = mbedtls_md(mbedtls_md_info_from_type( + MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_TYPE), + start, len, + ssl->session_negotiate->peer_cert_digest); ssl->session_negotiate->peer_cert_digest_type = MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_TYPE; ssl->session_negotiate->peer_cert_digest_len = MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN; - return( ret ); + return ret; } MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_remember_peer_pubkey( mbedtls_ssl_context *ssl, - unsigned char *start, size_t len ) +static int ssl_remember_peer_pubkey(mbedtls_ssl_context *ssl, + unsigned char *start, size_t len) { unsigned char *end = start + len; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; /* Make a copy of the peer's raw public key. */ - mbedtls_pk_init( &ssl->handshake->peer_pubkey ); - ret = mbedtls_pk_parse_subpubkey( &start, end, - &ssl->handshake->peer_pubkey ); - if( ret != 0 ) - { + mbedtls_pk_init(&ssl->handshake->peer_pubkey); + ret = mbedtls_pk_parse_subpubkey(&start, end, + &ssl->handshake->peer_pubkey); + if (ret != 0) { /* We should have parsed the public key before. */ - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + return MBEDTLS_ERR_SSL_INTERNAL_ERROR; } - return( 0 ); + return 0; } #endif /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ -int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl ) +int mbedtls_ssl_parse_certificate(mbedtls_ssl_context *ssl) { int ret = 0; int crt_expected; @@ -2878,40 +2780,37 @@ int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl ) void *rs_ctx = NULL; mbedtls_x509_crt *chain = NULL; - MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse certificate" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("=> parse certificate")); - crt_expected = ssl_parse_certificate_coordinate( ssl, authmode ); - if( crt_expected == SSL_CERTIFICATE_SKIP ) - { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip parse certificate" ) ); + crt_expected = ssl_parse_certificate_coordinate(ssl, authmode); + if (crt_expected == SSL_CERTIFICATE_SKIP) { + MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip parse certificate")); goto exit; } #if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED) - if( ssl->handshake->ecrs_enabled && - ssl->handshake->ecrs_state == ssl_ecrs_crt_verify ) - { + if (ssl->handshake->ecrs_enabled && + ssl->handshake->ecrs_state == ssl_ecrs_crt_verify) { chain = ssl->handshake->ecrs_peer_cert; ssl->handshake->ecrs_peer_cert = NULL; goto crt_verify; } #endif - if( ( ret = mbedtls_ssl_read_record( ssl, 1 ) ) != 0 ) - { + if ((ret = mbedtls_ssl_read_record(ssl, 1)) != 0) { /* mbedtls_ssl_read_record may have sent an alert already. We let it decide whether to alert. */ - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_read_record", ret ); + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_read_record", ret); goto exit; } #if defined(MBEDTLS_SSL_SRV_C) - if( ssl_srv_check_client_no_crt_notification( ssl ) == 0 ) - { + if (ssl_srv_check_client_no_crt_notification(ssl) == 0) { ssl->session_negotiate->verify_result = MBEDTLS_X509_BADCERT_MISSING; - if( authmode != MBEDTLS_SSL_VERIFY_OPTIONAL ) + if (authmode != MBEDTLS_SSL_VERIFY_OPTIONAL) { ret = MBEDTLS_ERR_SSL_NO_CLIENT_CERTIFICATE; + } goto exit; } @@ -2919,39 +2818,42 @@ int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl ) /* Clear existing peer CRT structure in case we tried to * reuse a session but it failed, and allocate a new one. */ - ssl_clear_peer_cert( ssl->session_negotiate ); + ssl_clear_peer_cert(ssl->session_negotiate); - chain = mbedtls_calloc( 1, sizeof( mbedtls_x509_crt ) ); - if( chain == NULL ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc(%" MBEDTLS_PRINTF_SIZET " bytes) failed", - sizeof( mbedtls_x509_crt ) ) ); - mbedtls_ssl_send_alert_message( ssl, - MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR ); + chain = mbedtls_calloc(1, sizeof(mbedtls_x509_crt)); + if (chain == NULL) { + MBEDTLS_SSL_DEBUG_MSG(1, ("alloc(%" MBEDTLS_PRINTF_SIZET " bytes) failed", + sizeof(mbedtls_x509_crt))); + mbedtls_ssl_send_alert_message(ssl, + MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR); ret = MBEDTLS_ERR_SSL_ALLOC_FAILED; goto exit; } - mbedtls_x509_crt_init( chain ); + mbedtls_x509_crt_init(chain); - ret = ssl_parse_certificate_chain( ssl, chain ); - if( ret != 0 ) + ret = ssl_parse_certificate_chain(ssl, chain); + if (ret != 0) { goto exit; + } #if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED) - if( ssl->handshake->ecrs_enabled) + if (ssl->handshake->ecrs_enabled) { ssl->handshake->ecrs_state = ssl_ecrs_crt_verify; + } crt_verify: - if( ssl->handshake->ecrs_enabled) + if (ssl->handshake->ecrs_enabled) { rs_ctx = &ssl->handshake->ecrs_ctx; + } #endif - ret = ssl_parse_certificate_verify( ssl, authmode, - chain, rs_ctx ); - if( ret != 0 ) + ret = ssl_parse_certificate_verify(ssl, authmode, + chain, rs_ctx); + if (ret != 0) { goto exit; + } #if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) { @@ -2971,17 +2873,19 @@ crt_verify: /* Free the CRT structures before computing * digest and copying the peer's public key. */ - mbedtls_x509_crt_free( chain ); - mbedtls_free( chain ); + mbedtls_x509_crt_free(chain); + mbedtls_free(chain); chain = NULL; - ret = ssl_remember_peer_crt_digest( ssl, crt_start, crt_len ); - if( ret != 0 ) + ret = ssl_remember_peer_crt_digest(ssl, crt_start, crt_len); + if (ret != 0) { goto exit; + } - ret = ssl_remember_peer_pubkey( ssl, pk_start, pk_len ); - if( ret != 0 ) + ret = ssl_remember_peer_pubkey(ssl, pk_start, pk_len); + if (ret != 0) { goto exit; + } } #else /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ /* Pass ownership to session structure. */ @@ -2989,108 +2893,107 @@ crt_verify: chain = NULL; #endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse certificate" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("<= parse certificate")); exit: - if( ret == 0 ) + if (ret == 0) { ssl->state++; + } #if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED) - if( ret == MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS ) - { + if (ret == MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS) { ssl->handshake->ecrs_peer_cert = chain; chain = NULL; } #endif - if( chain != NULL ) - { - mbedtls_x509_crt_free( chain ); - mbedtls_free( chain ); + if (chain != NULL) { + mbedtls_x509_crt_free(chain); + mbedtls_free(chain); } - return( ret ); + return ret; } #endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ -void mbedtls_ssl_optimize_checksum( mbedtls_ssl_context *ssl, - const mbedtls_ssl_ciphersuite_t *ciphersuite_info ) +void mbedtls_ssl_optimize_checksum(mbedtls_ssl_context *ssl, + const mbedtls_ssl_ciphersuite_t *ciphersuite_info) { ((void) ciphersuite_info); #if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \ defined(MBEDTLS_SSL_PROTO_TLS1_1) - if( ssl->minor_ver < MBEDTLS_SSL_MINOR_VERSION_3 ) + if (ssl->minor_ver < MBEDTLS_SSL_MINOR_VERSION_3) { ssl->handshake->update_checksum = ssl_update_checksum_md5sha1; - else + } else #endif #if defined(MBEDTLS_SSL_PROTO_TLS1_2) #if defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_SHA512_NO_SHA384) - if( ciphersuite_info->mac == MBEDTLS_MD_SHA384 ) + if (ciphersuite_info->mac == MBEDTLS_MD_SHA384) { ssl->handshake->update_checksum = ssl_update_checksum_sha384; - else + } else #endif #if defined(MBEDTLS_SHA256_C) - if( ciphersuite_info->mac != MBEDTLS_MD_SHA384 ) + if (ciphersuite_info->mac != MBEDTLS_MD_SHA384) { ssl->handshake->update_checksum = ssl_update_checksum_sha256; - else + } else #endif #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); + MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); return; } } -void mbedtls_ssl_reset_checksum( mbedtls_ssl_context *ssl ) +void mbedtls_ssl_reset_checksum(mbedtls_ssl_context *ssl) { #if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \ defined(MBEDTLS_SSL_PROTO_TLS1_1) - mbedtls_md5_starts_ret( &ssl->handshake->fin_md5 ); - mbedtls_sha1_starts_ret( &ssl->handshake->fin_sha1 ); + mbedtls_md5_starts_ret(&ssl->handshake->fin_md5); + mbedtls_sha1_starts_ret(&ssl->handshake->fin_sha1); #endif #if defined(MBEDTLS_SSL_PROTO_TLS1_2) #if defined(MBEDTLS_SHA256_C) #if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_hash_abort( &ssl->handshake->fin_sha256_psa ); - psa_hash_setup( &ssl->handshake->fin_sha256_psa, PSA_ALG_SHA_256 ); + psa_hash_abort(&ssl->handshake->fin_sha256_psa); + psa_hash_setup(&ssl->handshake->fin_sha256_psa, PSA_ALG_SHA_256); #else - mbedtls_sha256_starts_ret( &ssl->handshake->fin_sha256, 0 ); + mbedtls_sha256_starts_ret(&ssl->handshake->fin_sha256, 0); #endif #endif #if defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_SHA512_NO_SHA384) #if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_hash_abort( &ssl->handshake->fin_sha384_psa ); - psa_hash_setup( &ssl->handshake->fin_sha384_psa, PSA_ALG_SHA_384 ); + psa_hash_abort(&ssl->handshake->fin_sha384_psa); + psa_hash_setup(&ssl->handshake->fin_sha384_psa, PSA_ALG_SHA_384); #else - mbedtls_sha512_starts_ret( &ssl->handshake->fin_sha512, 1 ); + mbedtls_sha512_starts_ret(&ssl->handshake->fin_sha512, 1); #endif #endif #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ } -static void ssl_update_checksum_start( mbedtls_ssl_context *ssl, - const unsigned char *buf, size_t len ) +static void ssl_update_checksum_start(mbedtls_ssl_context *ssl, + const unsigned char *buf, size_t len) { #if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \ defined(MBEDTLS_SSL_PROTO_TLS1_1) - mbedtls_md5_update_ret( &ssl->handshake->fin_md5 , buf, len ); - mbedtls_sha1_update_ret( &ssl->handshake->fin_sha1, buf, len ); + mbedtls_md5_update_ret(&ssl->handshake->fin_md5, buf, len); + mbedtls_sha1_update_ret(&ssl->handshake->fin_sha1, buf, len); #endif #if defined(MBEDTLS_SSL_PROTO_TLS1_2) #if defined(MBEDTLS_SHA256_C) #if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_hash_update( &ssl->handshake->fin_sha256_psa, buf, len ); + psa_hash_update(&ssl->handshake->fin_sha256_psa, buf, len); #else - mbedtls_sha256_update_ret( &ssl->handshake->fin_sha256, buf, len ); + mbedtls_sha256_update_ret(&ssl->handshake->fin_sha256, buf, len); #endif #endif #if defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_SHA512_NO_SHA384) #if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_hash_update( &ssl->handshake->fin_sha384_psa, buf, len ); + psa_hash_update(&ssl->handshake->fin_sha384_psa, buf, len); #else - mbedtls_sha512_update_ret( &ssl->handshake->fin_sha512, buf, len ); + mbedtls_sha512_update_ret(&ssl->handshake->fin_sha512, buf, len); #endif #endif #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ @@ -3098,35 +3001,35 @@ static void ssl_update_checksum_start( mbedtls_ssl_context *ssl, #if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \ defined(MBEDTLS_SSL_PROTO_TLS1_1) -static void ssl_update_checksum_md5sha1( mbedtls_ssl_context *ssl, - const unsigned char *buf, size_t len ) +static void ssl_update_checksum_md5sha1(mbedtls_ssl_context *ssl, + const unsigned char *buf, size_t len) { - mbedtls_md5_update_ret( &ssl->handshake->fin_md5 , buf, len ); - mbedtls_sha1_update_ret( &ssl->handshake->fin_sha1, buf, len ); + mbedtls_md5_update_ret(&ssl->handshake->fin_md5, buf, len); + mbedtls_sha1_update_ret(&ssl->handshake->fin_sha1, buf, len); } #endif #if defined(MBEDTLS_SSL_PROTO_TLS1_2) #if defined(MBEDTLS_SHA256_C) -static void ssl_update_checksum_sha256( mbedtls_ssl_context *ssl, - const unsigned char *buf, size_t len ) +static void ssl_update_checksum_sha256(mbedtls_ssl_context *ssl, + const unsigned char *buf, size_t len) { #if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_hash_update( &ssl->handshake->fin_sha256_psa, buf, len ); + psa_hash_update(&ssl->handshake->fin_sha256_psa, buf, len); #else - mbedtls_sha256_update_ret( &ssl->handshake->fin_sha256, buf, len ); + mbedtls_sha256_update_ret(&ssl->handshake->fin_sha256, buf, len); #endif } #endif #if defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_SHA512_NO_SHA384) -static void ssl_update_checksum_sha384( mbedtls_ssl_context *ssl, - const unsigned char *buf, size_t len ) +static void ssl_update_checksum_sha384(mbedtls_ssl_context *ssl, + const unsigned char *buf, size_t len) { #if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_hash_update( &ssl->handshake->fin_sha384_psa, buf, len ); + psa_hash_update(&ssl->handshake->fin_sha384_psa, buf, len); #else - mbedtls_sha512_update_ret( &ssl->handshake->fin_sha512, buf, len ); + mbedtls_sha512_update_ret(&ssl->handshake->fin_sha512, buf, len); #endif } #endif @@ -3134,7 +3037,7 @@ static void ssl_update_checksum_sha384( mbedtls_ssl_context *ssl, #if defined(MBEDTLS_SSL_PROTO_SSL3) static void ssl_calc_finished_ssl( - mbedtls_ssl_context *ssl, unsigned char *buf, int from ) + mbedtls_ssl_context *ssl, unsigned char *buf, int from) { const char *sender; mbedtls_md5_context md5; @@ -3145,16 +3048,17 @@ static void ssl_calc_finished_ssl( unsigned char sha1sum[20]; mbedtls_ssl_session *session = ssl->session_negotiate; - if( !session ) + if (!session) { session = ssl->session; + } - MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> calc finished ssl" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("=> calc finished ssl")); - mbedtls_md5_init( &md5 ); - mbedtls_sha1_init( &sha1 ); + mbedtls_md5_init(&md5); + mbedtls_sha1_init(&sha1); - mbedtls_md5_clone( &md5, &ssl->handshake->fin_md5 ); - mbedtls_sha1_clone( &sha1, &ssl->handshake->fin_sha1 ); + mbedtls_md5_clone(&md5, &ssl->handshake->fin_md5); + mbedtls_sha1_clone(&sha1, &ssl->handshake->fin_sha1); /* * SSLv3: @@ -3166,60 +3070,60 @@ static void ssl_calc_finished_ssl( */ #if !defined(MBEDTLS_MD5_ALT) - MBEDTLS_SSL_DEBUG_BUF( 4, "finished md5 state", (unsigned char *) - md5.state, sizeof( md5.state ) ); + MBEDTLS_SSL_DEBUG_BUF(4, "finished md5 state", (unsigned char *) + md5.state, sizeof(md5.state)); #endif #if !defined(MBEDTLS_SHA1_ALT) - MBEDTLS_SSL_DEBUG_BUF( 4, "finished sha1 state", (unsigned char *) - sha1.state, sizeof( sha1.state ) ); + MBEDTLS_SSL_DEBUG_BUF(4, "finished sha1 state", (unsigned char *) + sha1.state, sizeof(sha1.state)); #endif - sender = ( from == MBEDTLS_SSL_IS_CLIENT ) ? "CLNT" + sender = (from == MBEDTLS_SSL_IS_CLIENT) ? "CLNT" : "SRVR"; - memset( padbuf, 0x36, 48 ); + memset(padbuf, 0x36, 48); - mbedtls_md5_update_ret( &md5, (const unsigned char *) sender, 4 ); - mbedtls_md5_update_ret( &md5, session->master, 48 ); - mbedtls_md5_update_ret( &md5, padbuf, 48 ); - mbedtls_md5_finish_ret( &md5, md5sum ); + mbedtls_md5_update_ret(&md5, (const unsigned char *) sender, 4); + mbedtls_md5_update_ret(&md5, session->master, 48); + mbedtls_md5_update_ret(&md5, padbuf, 48); + mbedtls_md5_finish_ret(&md5, md5sum); - mbedtls_sha1_update_ret( &sha1, (const unsigned char *) sender, 4 ); - mbedtls_sha1_update_ret( &sha1, session->master, 48 ); - mbedtls_sha1_update_ret( &sha1, padbuf, 40 ); - mbedtls_sha1_finish_ret( &sha1, sha1sum ); + mbedtls_sha1_update_ret(&sha1, (const unsigned char *) sender, 4); + mbedtls_sha1_update_ret(&sha1, session->master, 48); + mbedtls_sha1_update_ret(&sha1, padbuf, 40); + mbedtls_sha1_finish_ret(&sha1, sha1sum); - memset( padbuf, 0x5C, 48 ); + memset(padbuf, 0x5C, 48); - mbedtls_md5_starts_ret( &md5 ); - mbedtls_md5_update_ret( &md5, session->master, 48 ); - mbedtls_md5_update_ret( &md5, padbuf, 48 ); - mbedtls_md5_update_ret( &md5, md5sum, 16 ); - mbedtls_md5_finish_ret( &md5, buf ); + mbedtls_md5_starts_ret(&md5); + mbedtls_md5_update_ret(&md5, session->master, 48); + mbedtls_md5_update_ret(&md5, padbuf, 48); + mbedtls_md5_update_ret(&md5, md5sum, 16); + mbedtls_md5_finish_ret(&md5, buf); - mbedtls_sha1_starts_ret( &sha1 ); - mbedtls_sha1_update_ret( &sha1, session->master, 48 ); - mbedtls_sha1_update_ret( &sha1, padbuf , 40 ); - mbedtls_sha1_update_ret( &sha1, sha1sum, 20 ); - mbedtls_sha1_finish_ret( &sha1, buf + 16 ); + mbedtls_sha1_starts_ret(&sha1); + mbedtls_sha1_update_ret(&sha1, session->master, 48); + mbedtls_sha1_update_ret(&sha1, padbuf, 40); + mbedtls_sha1_update_ret(&sha1, sha1sum, 20); + mbedtls_sha1_finish_ret(&sha1, buf + 16); - MBEDTLS_SSL_DEBUG_BUF( 3, "calc finished result", buf, 36 ); + MBEDTLS_SSL_DEBUG_BUF(3, "calc finished result", buf, 36); - mbedtls_md5_free( &md5 ); - mbedtls_sha1_free( &sha1 ); + mbedtls_md5_free(&md5); + mbedtls_sha1_free(&sha1); - mbedtls_platform_zeroize( padbuf, sizeof( padbuf ) ); - mbedtls_platform_zeroize( md5sum, sizeof( md5sum ) ); - mbedtls_platform_zeroize( sha1sum, sizeof( sha1sum ) ); + mbedtls_platform_zeroize(padbuf, sizeof(padbuf)); + mbedtls_platform_zeroize(md5sum, sizeof(md5sum)); + mbedtls_platform_zeroize(sha1sum, sizeof(sha1sum)); - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc finished" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("<= calc finished")); } #endif /* MBEDTLS_SSL_PROTO_SSL3 */ #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) static void ssl_calc_finished_tls( - mbedtls_ssl_context *ssl, unsigned char *buf, int from ) + mbedtls_ssl_context *ssl, unsigned char *buf, int from) { int len = 12; const char *sender; @@ -3228,16 +3132,17 @@ static void ssl_calc_finished_tls( unsigned char padbuf[36]; mbedtls_ssl_session *session = ssl->session_negotiate; - if( !session ) + if (!session) { session = ssl->session; + } - MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> calc finished tls" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("=> calc finished tls")); - mbedtls_md5_init( &md5 ); - mbedtls_sha1_init( &sha1 ); + mbedtls_md5_init(&md5); + mbedtls_sha1_init(&sha1); - mbedtls_md5_clone( &md5, &ssl->handshake->fin_md5 ); - mbedtls_sha1_clone( &sha1, &ssl->handshake->fin_sha1 ); + mbedtls_md5_clone(&md5, &ssl->handshake->fin_md5); + mbedtls_sha1_clone(&sha1, &ssl->handshake->fin_sha1); /* * TLSv1: @@ -3246,40 +3151,40 @@ static void ssl_calc_finished_tls( */ #if !defined(MBEDTLS_MD5_ALT) - MBEDTLS_SSL_DEBUG_BUF( 4, "finished md5 state", (unsigned char *) - md5.state, sizeof( md5.state ) ); + MBEDTLS_SSL_DEBUG_BUF(4, "finished md5 state", (unsigned char *) + md5.state, sizeof(md5.state)); #endif #if !defined(MBEDTLS_SHA1_ALT) - MBEDTLS_SSL_DEBUG_BUF( 4, "finished sha1 state", (unsigned char *) - sha1.state, sizeof( sha1.state ) ); + MBEDTLS_SSL_DEBUG_BUF(4, "finished sha1 state", (unsigned char *) + sha1.state, sizeof(sha1.state)); #endif - sender = ( from == MBEDTLS_SSL_IS_CLIENT ) + sender = (from == MBEDTLS_SSL_IS_CLIENT) ? "client finished" : "server finished"; - mbedtls_md5_finish_ret( &md5, padbuf ); - mbedtls_sha1_finish_ret( &sha1, padbuf + 16 ); + mbedtls_md5_finish_ret(&md5, padbuf); + mbedtls_sha1_finish_ret(&sha1, padbuf + 16); - ssl->handshake->tls_prf( session->master, 48, sender, - padbuf, 36, buf, len ); + ssl->handshake->tls_prf(session->master, 48, sender, + padbuf, 36, buf, len); - MBEDTLS_SSL_DEBUG_BUF( 3, "calc finished result", buf, len ); + MBEDTLS_SSL_DEBUG_BUF(3, "calc finished result", buf, len); - mbedtls_md5_free( &md5 ); - mbedtls_sha1_free( &sha1 ); + mbedtls_md5_free(&md5); + mbedtls_sha1_free(&sha1); - mbedtls_platform_zeroize( padbuf, sizeof( padbuf ) ); + mbedtls_platform_zeroize(padbuf, sizeof(padbuf)); - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc finished" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("<= calc finished")); } #endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 */ #if defined(MBEDTLS_SSL_PROTO_TLS1_2) #if defined(MBEDTLS_SHA256_C) static void ssl_calc_finished_tls_sha256( - mbedtls_ssl_context *ssl, unsigned char *buf, int from ) + mbedtls_ssl_context *ssl, unsigned char *buf, int from) { int len = 12; const char *sender; @@ -3293,39 +3198,38 @@ static void ssl_calc_finished_tls_sha256( #endif mbedtls_ssl_session *session = ssl->session_negotiate; - if( !session ) + if (!session) { session = ssl->session; + } - sender = ( from == MBEDTLS_SSL_IS_CLIENT ) + sender = (from == MBEDTLS_SSL_IS_CLIENT) ? "client finished" : "server finished"; #if defined(MBEDTLS_USE_PSA_CRYPTO) sha256_psa = psa_hash_operation_init(); - MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> calc PSA finished tls sha256" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("=> calc PSA finished tls sha256")); - status = psa_hash_clone( &ssl->handshake->fin_sha256_psa, &sha256_psa ); - if( status != PSA_SUCCESS ) - { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "PSA hash clone failed" ) ); + status = psa_hash_clone(&ssl->handshake->fin_sha256_psa, &sha256_psa); + if (status != PSA_SUCCESS) { + MBEDTLS_SSL_DEBUG_MSG(2, ("PSA hash clone failed")); return; } - status = psa_hash_finish( &sha256_psa, padbuf, sizeof( padbuf ), &hash_size ); - if( status != PSA_SUCCESS ) - { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "PSA hash finish failed" ) ); + status = psa_hash_finish(&sha256_psa, padbuf, sizeof(padbuf), &hash_size); + if (status != PSA_SUCCESS) { + MBEDTLS_SSL_DEBUG_MSG(2, ("PSA hash finish failed")); return; } - MBEDTLS_SSL_DEBUG_BUF( 3, "PSA calculated padbuf", padbuf, 32 ); + MBEDTLS_SSL_DEBUG_BUF(3, "PSA calculated padbuf", padbuf, 32); #else - mbedtls_sha256_init( &sha256 ); + mbedtls_sha256_init(&sha256); - MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> calc finished tls sha256" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("=> calc finished tls sha256")); - mbedtls_sha256_clone( &sha256, &ssl->handshake->fin_sha256 ); + mbedtls_sha256_clone(&sha256, &ssl->handshake->fin_sha256); /* * TLSv1.2: @@ -3334,29 +3238,29 @@ static void ssl_calc_finished_tls_sha256( */ #if !defined(MBEDTLS_SHA256_ALT) - MBEDTLS_SSL_DEBUG_BUF( 4, "finished sha2 state", (unsigned char *) - sha256.state, sizeof( sha256.state ) ); + MBEDTLS_SSL_DEBUG_BUF(4, "finished sha2 state", (unsigned char *) + sha256.state, sizeof(sha256.state)); #endif - mbedtls_sha256_finish_ret( &sha256, padbuf ); - mbedtls_sha256_free( &sha256 ); + mbedtls_sha256_finish_ret(&sha256, padbuf); + mbedtls_sha256_free(&sha256); #endif /* MBEDTLS_USE_PSA_CRYPTO */ - ssl->handshake->tls_prf( session->master, 48, sender, - padbuf, 32, buf, len ); + ssl->handshake->tls_prf(session->master, 48, sender, + padbuf, 32, buf, len); - MBEDTLS_SSL_DEBUG_BUF( 3, "calc finished result", buf, len ); + MBEDTLS_SSL_DEBUG_BUF(3, "calc finished result", buf, len); - mbedtls_platform_zeroize( padbuf, sizeof( padbuf ) ); + mbedtls_platform_zeroize(padbuf, sizeof(padbuf)); - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc finished" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("<= calc finished")); } #endif /* MBEDTLS_SHA256_C */ #if defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_SHA512_NO_SHA384) static void ssl_calc_finished_tls_sha384( - mbedtls_ssl_context *ssl, unsigned char *buf, int from ) + mbedtls_ssl_context *ssl, unsigned char *buf, int from) { int len = 12; const char *sender; @@ -3370,38 +3274,37 @@ static void ssl_calc_finished_tls_sha384( #endif mbedtls_ssl_session *session = ssl->session_negotiate; - if( !session ) + if (!session) { session = ssl->session; + } - sender = ( from == MBEDTLS_SSL_IS_CLIENT ) + sender = (from == MBEDTLS_SSL_IS_CLIENT) ? "client finished" : "server finished"; #if defined(MBEDTLS_USE_PSA_CRYPTO) sha384_psa = psa_hash_operation_init(); - MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> calc PSA finished tls sha384" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("=> calc PSA finished tls sha384")); - status = psa_hash_clone( &ssl->handshake->fin_sha384_psa, &sha384_psa ); - if( status != PSA_SUCCESS ) - { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "PSA hash clone failed" ) ); + status = psa_hash_clone(&ssl->handshake->fin_sha384_psa, &sha384_psa); + if (status != PSA_SUCCESS) { + MBEDTLS_SSL_DEBUG_MSG(2, ("PSA hash clone failed")); return; } - status = psa_hash_finish( &sha384_psa, padbuf, sizeof( padbuf ), &hash_size ); - if( status != PSA_SUCCESS ) - { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "PSA hash finish failed" ) ); + status = psa_hash_finish(&sha384_psa, padbuf, sizeof(padbuf), &hash_size); + if (status != PSA_SUCCESS) { + MBEDTLS_SSL_DEBUG_MSG(2, ("PSA hash finish failed")); return; } - MBEDTLS_SSL_DEBUG_BUF( 3, "PSA calculated padbuf", padbuf, 48 ); + MBEDTLS_SSL_DEBUG_BUF(3, "PSA calculated padbuf", padbuf, 48); #else - mbedtls_sha512_init( &sha512 ); + mbedtls_sha512_init(&sha512); - MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> calc finished tls sha384" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("=> calc finished tls sha384")); - mbedtls_sha512_clone( &sha512, &ssl->handshake->fin_sha512 ); + mbedtls_sha512_clone(&sha512, &ssl->handshake->fin_sha512); /* * TLSv1.2: @@ -3410,8 +3313,8 @@ static void ssl_calc_finished_tls_sha384( */ #if !defined(MBEDTLS_SHA512_ALT) - MBEDTLS_SSL_DEBUG_BUF( 4, "finished sha512 state", (unsigned char *) - sha512.state, sizeof( sha512.state ) ); + MBEDTLS_SSL_DEBUG_BUF(4, "finished sha512 state", (unsigned char *) + sha512.state, sizeof(sha512.state)); #endif /* mbedtls_sha512_finish_ret's output parameter is declared as a * 64-byte buffer, but since we're using SHA-384, we know that the @@ -3422,60 +3325,58 @@ static void ssl_calc_finished_tls_sha384( #pragma GCC diagnostic push #pragma GCC diagnostic ignored "-Wstringop-overflow" #endif - mbedtls_sha512_finish_ret( &sha512, padbuf ); + mbedtls_sha512_finish_ret(&sha512, padbuf); #if defined(__GNUC__) && __GNUC__ >= 11 #pragma GCC diagnostic pop #endif - mbedtls_sha512_free( &sha512 ); + mbedtls_sha512_free(&sha512); #endif - ssl->handshake->tls_prf( session->master, 48, sender, - padbuf, 48, buf, len ); + ssl->handshake->tls_prf(session->master, 48, sender, + padbuf, 48, buf, len); - MBEDTLS_SSL_DEBUG_BUF( 3, "calc finished result", buf, len ); + MBEDTLS_SSL_DEBUG_BUF(3, "calc finished result", buf, len); - mbedtls_platform_zeroize( padbuf, sizeof( padbuf ) ); + mbedtls_platform_zeroize(padbuf, sizeof(padbuf)); - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc finished" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("<= calc finished")); } #endif /* MBEDTLS_SHA512_C && !MBEDTLS_SHA512_NO_SHA384 */ #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ -void mbedtls_ssl_handshake_wrapup_free_hs_transform( mbedtls_ssl_context *ssl ) +void mbedtls_ssl_handshake_wrapup_free_hs_transform(mbedtls_ssl_context *ssl) { - MBEDTLS_SSL_DEBUG_MSG( 3, ( "=> handshake wrapup: final free" ) ); + MBEDTLS_SSL_DEBUG_MSG(3, ("=> handshake wrapup: final free")); /* * Free our handshake params */ - mbedtls_ssl_handshake_free( ssl ); - mbedtls_free( ssl->handshake ); + mbedtls_ssl_handshake_free(ssl); + mbedtls_free(ssl->handshake); ssl->handshake = NULL; /* * Free the previous transform and switch in the current one */ - if( ssl->transform ) - { - mbedtls_ssl_transform_free( ssl->transform ); - mbedtls_free( ssl->transform ); + if (ssl->transform) { + mbedtls_ssl_transform_free(ssl->transform); + mbedtls_free(ssl->transform); } ssl->transform = ssl->transform_negotiate; ssl->transform_negotiate = NULL; - MBEDTLS_SSL_DEBUG_MSG( 3, ( "<= handshake wrapup: final free" ) ); + MBEDTLS_SSL_DEBUG_MSG(3, ("<= handshake wrapup: final free")); } -void mbedtls_ssl_handshake_wrapup( mbedtls_ssl_context *ssl ) +void mbedtls_ssl_handshake_wrapup(mbedtls_ssl_context *ssl) { int resume = ssl->handshake->resume; - MBEDTLS_SSL_DEBUG_MSG( 3, ( "=> handshake wrapup" ) ); + MBEDTLS_SSL_DEBUG_MSG(3, ("=> handshake wrapup")); #if defined(MBEDTLS_SSL_RENEGOTIATION) - if( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS ) - { + if (ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS) { ssl->renego_status = MBEDTLS_SSL_RENEGOTIATION_DONE; ssl->renego_records_seen = 0; } @@ -3484,16 +3385,15 @@ void mbedtls_ssl_handshake_wrapup( mbedtls_ssl_context *ssl ) /* * Free the previous session and switch in the current one */ - if( ssl->session ) - { + if (ssl->session) { #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) /* RFC 7366 3.1: keep the EtM state */ ssl->session_negotiate->encrypt_then_mac = - ssl->session->encrypt_then_mac; + ssl->session->encrypt_then_mac; #endif - mbedtls_ssl_session_free( ssl->session ); - mbedtls_free( ssl->session ); + mbedtls_ssl_session_free(ssl->session); + mbedtls_free(ssl->session); } ssl->session = ssl->session_negotiate; ssl->session_negotiate = NULL; @@ -3501,43 +3401,41 @@ void mbedtls_ssl_handshake_wrapup( mbedtls_ssl_context *ssl ) /* * Add cache entry */ - if( ssl->conf->f_set_cache != NULL && + if (ssl->conf->f_set_cache != NULL && ssl->session->id_len != 0 && - resume == 0 ) - { - if( ssl->conf->f_set_cache( ssl->conf->p_cache, ssl->session ) != 0 ) - MBEDTLS_SSL_DEBUG_MSG( 1, ( "cache did not store session" ) ); + resume == 0) { + if (ssl->conf->f_set_cache(ssl->conf->p_cache, ssl->session) != 0) { + MBEDTLS_SSL_DEBUG_MSG(1, ("cache did not store session")); + } } #if defined(MBEDTLS_SSL_PROTO_DTLS) - if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && - ssl->handshake->flight != NULL ) - { + if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && + ssl->handshake->flight != NULL) { /* Cancel handshake timer */ - mbedtls_ssl_set_timer( ssl, 0 ); + mbedtls_ssl_set_timer(ssl, 0); /* Keep last flight around in case we need to resend it: * we need the handshake and transform structures for that */ - MBEDTLS_SSL_DEBUG_MSG( 3, ( "skip freeing handshake and transform" ) ); - } - else + MBEDTLS_SSL_DEBUG_MSG(3, ("skip freeing handshake and transform")); + } else #endif - mbedtls_ssl_handshake_wrapup_free_hs_transform( ssl ); + mbedtls_ssl_handshake_wrapup_free_hs_transform(ssl); ssl->state++; - MBEDTLS_SSL_DEBUG_MSG( 3, ( "<= handshake wrapup" ) ); + MBEDTLS_SSL_DEBUG_MSG(3, ("<= handshake wrapup")); } -int mbedtls_ssl_write_finished( mbedtls_ssl_context *ssl ) +int mbedtls_ssl_write_finished(mbedtls_ssl_context *ssl) { int ret, hash_len; - MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write finished" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("=> write finished")); - mbedtls_ssl_update_out_pointers( ssl, ssl->transform_negotiate ); + mbedtls_ssl_update_out_pointers(ssl, ssl->transform_negotiate); - ssl->handshake->calc_finished( ssl, ssl->out_msg + 4, ssl->conf->endpoint ); + ssl->handshake->calc_finished(ssl, ssl->out_msg + 4, ssl->conf->endpoint); /* * RFC 5246 7.4.9 (Page 63) says 12 is the default length and ciphersuites @@ -3545,11 +3443,11 @@ int mbedtls_ssl_write_finished( mbedtls_ssl_context *ssl ) * ciphersuite does this (and this is unlikely to change as activity has * moved to TLS 1.3 now) so we can keep the hardcoded 12 here. */ - hash_len = ( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ) ? 36 : 12; + hash_len = (ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0) ? 36 : 12; #if defined(MBEDTLS_SSL_RENEGOTIATION) ssl->verify_data_len = hash_len; - memcpy( ssl->own_verify_data, ssl->out_msg + 4, hash_len ); + memcpy(ssl->own_verify_data, ssl->out_msg + 4, hash_len); #endif ssl->out_msglen = 4 + hash_len; @@ -3560,91 +3458,88 @@ int mbedtls_ssl_write_finished( mbedtls_ssl_context *ssl ) * In case of session resuming, invert the client and server * ChangeCipherSpec messages order. */ - if( ssl->handshake->resume != 0 ) - { + if (ssl->handshake->resume != 0) { #if defined(MBEDTLS_SSL_CLI_C) - if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT ) + if (ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT) { ssl->state = MBEDTLS_SSL_HANDSHAKE_WRAPUP; + } #endif #if defined(MBEDTLS_SSL_SRV_C) - if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER ) + if (ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER) { ssl->state = MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC; + } #endif - } - else + } else { ssl->state++; + } /* * Switch to our negotiated transform and session parameters for outbound * data. */ - MBEDTLS_SSL_DEBUG_MSG( 3, ( "switching to new transform spec for outbound data" ) ); + MBEDTLS_SSL_DEBUG_MSG(3, ("switching to new transform spec for outbound data")); #if defined(MBEDTLS_SSL_PROTO_DTLS) - if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) - { + if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { unsigned char i; /* Remember current epoch settings for resending */ ssl->handshake->alt_transform_out = ssl->transform_out; - memcpy( ssl->handshake->alt_out_ctr, ssl->cur_out_ctr, 8 ); + memcpy(ssl->handshake->alt_out_ctr, ssl->cur_out_ctr, 8); /* Set sequence_number to zero */ - memset( ssl->cur_out_ctr + 2, 0, 6 ); + memset(ssl->cur_out_ctr + 2, 0, 6); /* Increment epoch */ - for( i = 2; i > 0; i-- ) - if( ++ssl->cur_out_ctr[i - 1] != 0 ) + for (i = 2; i > 0; i--) { + if (++ssl->cur_out_ctr[i - 1] != 0) { break; + } + } /* The loop goes to its end iff the counter is wrapping */ - if( i == 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "DTLS epoch would wrap" ) ); - return( MBEDTLS_ERR_SSL_COUNTER_WRAPPING ); + if (i == 0) { + MBEDTLS_SSL_DEBUG_MSG(1, ("DTLS epoch would wrap")); + return MBEDTLS_ERR_SSL_COUNTER_WRAPPING; } - } - else + } else #endif /* MBEDTLS_SSL_PROTO_DTLS */ - memset( ssl->cur_out_ctr, 0, 8 ); + memset(ssl->cur_out_ctr, 0, 8); ssl->transform_out = ssl->transform_negotiate; ssl->session_out = ssl->session_negotiate; #if defined(MBEDTLS_SSL_HW_RECORD_ACCEL) - if( mbedtls_ssl_hw_record_activate != NULL ) - { - if( ( ret = mbedtls_ssl_hw_record_activate( ssl, MBEDTLS_SSL_CHANNEL_OUTBOUND ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_hw_record_activate", ret ); - return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); + if (mbedtls_ssl_hw_record_activate != NULL) { + if ((ret = mbedtls_ssl_hw_record_activate(ssl, MBEDTLS_SSL_CHANNEL_OUTBOUND)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_hw_record_activate", ret); + return MBEDTLS_ERR_SSL_HW_ACCEL_FAILED; } } #endif #if defined(MBEDTLS_SSL_PROTO_DTLS) - if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) - mbedtls_ssl_send_flight_completed( ssl ); + if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { + mbedtls_ssl_send_flight_completed(ssl); + } #endif - if( ( ret = mbedtls_ssl_write_handshake_msg( ssl ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_handshake_msg", ret ); - return( ret ); + if ((ret = mbedtls_ssl_write_handshake_msg(ssl)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg", ret); + return ret; } #if defined(MBEDTLS_SSL_PROTO_DTLS) - if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && - ( ret = mbedtls_ssl_flight_transmit( ssl ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_flight_transmit", ret ); - return( ret ); + if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && + (ret = mbedtls_ssl_flight_transmit(ssl)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_flight_transmit", ret); + return ret; } #endif - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write finished" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("<= write finished")); - return( 0 ); + return 0; } #if defined(MBEDTLS_SSL_PROTO_SSL3) @@ -3653,118 +3548,116 @@ int mbedtls_ssl_write_finished( mbedtls_ssl_context *ssl ) #define SSL_MAX_HASH_LEN 12 #endif -int mbedtls_ssl_parse_finished( mbedtls_ssl_context *ssl ) +int mbedtls_ssl_parse_finished(mbedtls_ssl_context *ssl) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned int hash_len; unsigned char buf[SSL_MAX_HASH_LEN]; - MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse finished" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("=> parse finished")); /* There is currently no ciphersuite using another length with TLS 1.2 */ #if defined(MBEDTLS_SSL_PROTO_SSL3) - if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ) + if (ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0) { hash_len = 36; - else + } else #endif - hash_len = 12; + hash_len = 12; - ssl->handshake->calc_finished( ssl, buf, ssl->conf->endpoint ^ 1 ); + ssl->handshake->calc_finished(ssl, buf, ssl->conf->endpoint ^ 1); - if( ( ret = mbedtls_ssl_read_record( ssl, 1 ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_read_record", ret ); + if ((ret = mbedtls_ssl_read_record(ssl, 1)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_read_record", ret); goto exit; } - if( ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad finished message" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE ); + if (ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad finished message")); + mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE); ret = MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE; goto exit; } - if( ssl->in_msg[0] != MBEDTLS_SSL_HS_FINISHED || - ssl->in_hslen != mbedtls_ssl_hs_hdr_len( ssl ) + hash_len ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad finished message" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); + if (ssl->in_msg[0] != MBEDTLS_SSL_HS_FINISHED || + ssl->in_hslen != mbedtls_ssl_hs_hdr_len(ssl) + hash_len) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad finished message")); + mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); ret = MBEDTLS_ERR_SSL_BAD_HS_FINISHED; goto exit; } - if( mbedtls_ct_memcmp( ssl->in_msg + mbedtls_ssl_hs_hdr_len( ssl ), - buf, hash_len ) != 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad finished message" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECRYPT_ERROR ); + if (mbedtls_ct_memcmp(ssl->in_msg + mbedtls_ssl_hs_hdr_len(ssl), + buf, hash_len) != 0) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad finished message")); + mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_DECRYPT_ERROR); ret = MBEDTLS_ERR_SSL_BAD_HS_FINISHED; goto exit; } #if defined(MBEDTLS_SSL_RENEGOTIATION) ssl->verify_data_len = hash_len; - memcpy( ssl->peer_verify_data, buf, hash_len ); + memcpy(ssl->peer_verify_data, buf, hash_len); #endif - if( ssl->handshake->resume != 0 ) - { + if (ssl->handshake->resume != 0) { #if defined(MBEDTLS_SSL_CLI_C) - if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT ) + if (ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT) { ssl->state = MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC; + } #endif #if defined(MBEDTLS_SSL_SRV_C) - if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER ) + if (ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER) { ssl->state = MBEDTLS_SSL_HANDSHAKE_WRAPUP; + } #endif - } - else + } else { ssl->state++; + } #if defined(MBEDTLS_SSL_PROTO_DTLS) - if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) - mbedtls_ssl_recv_flight_completed( ssl ); + if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { + mbedtls_ssl_recv_flight_completed(ssl); + } #endif - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse finished" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("<= parse finished")); exit: - mbedtls_platform_zeroize( buf, hash_len ); - return( ret ); + mbedtls_platform_zeroize(buf, hash_len); + return ret; } -static void ssl_handshake_params_init( mbedtls_ssl_handshake_params *handshake ) +static void ssl_handshake_params_init(mbedtls_ssl_handshake_params *handshake) { - memset( handshake, 0, sizeof( mbedtls_ssl_handshake_params ) ); + memset(handshake, 0, sizeof(mbedtls_ssl_handshake_params)); #if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \ defined(MBEDTLS_SSL_PROTO_TLS1_1) - mbedtls_md5_init( &handshake->fin_md5 ); - mbedtls_sha1_init( &handshake->fin_sha1 ); - mbedtls_md5_starts_ret( &handshake->fin_md5 ); - mbedtls_sha1_starts_ret( &handshake->fin_sha1 ); + mbedtls_md5_init(&handshake->fin_md5); + mbedtls_sha1_init(&handshake->fin_sha1); + mbedtls_md5_starts_ret(&handshake->fin_md5); + mbedtls_sha1_starts_ret(&handshake->fin_sha1); #endif #if defined(MBEDTLS_SSL_PROTO_TLS1_2) #if defined(MBEDTLS_SHA256_C) #if defined(MBEDTLS_USE_PSA_CRYPTO) handshake->fin_sha256_psa = psa_hash_operation_init(); - psa_hash_setup( &handshake->fin_sha256_psa, PSA_ALG_SHA_256 ); + psa_hash_setup(&handshake->fin_sha256_psa, PSA_ALG_SHA_256); #else - mbedtls_sha256_init( &handshake->fin_sha256 ); - mbedtls_sha256_starts_ret( &handshake->fin_sha256, 0 ); + mbedtls_sha256_init(&handshake->fin_sha256); + mbedtls_sha256_starts_ret(&handshake->fin_sha256, 0); #endif #endif #if defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_SHA512_NO_SHA384) #if defined(MBEDTLS_USE_PSA_CRYPTO) handshake->fin_sha384_psa = psa_hash_operation_init(); - psa_hash_setup( &handshake->fin_sha384_psa, PSA_ALG_SHA_384 ); + psa_hash_setup(&handshake->fin_sha384_psa, PSA_ALG_SHA_384); #else - mbedtls_sha512_init( &handshake->fin_sha512 ); - mbedtls_sha512_starts_ret( &handshake->fin_sha512, 1 ); + mbedtls_sha512_init(&handshake->fin_sha512); + mbedtls_sha512_starts_ret(&handshake->fin_sha512, 1); #endif #endif #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ @@ -3773,17 +3666,17 @@ static void ssl_handshake_params_init( mbedtls_ssl_handshake_params *handshake ) #if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \ defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) - mbedtls_ssl_sig_hash_set_init( &handshake->hash_algs ); + mbedtls_ssl_sig_hash_set_init(&handshake->hash_algs); #endif #if defined(MBEDTLS_DHM_C) - mbedtls_dhm_init( &handshake->dhm_ctx ); + mbedtls_dhm_init(&handshake->dhm_ctx); #endif #if defined(MBEDTLS_ECDH_C) - mbedtls_ecdh_init( &handshake->ecdh_ctx ); + mbedtls_ecdh_init(&handshake->ecdh_ctx); #endif #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) - mbedtls_ecjpake_init( &handshake->ecjpake_ctx ); + mbedtls_ecjpake_init(&handshake->ecjpake_ctx); #if defined(MBEDTLS_SSL_CLI_C) handshake->ecjpake_cache = NULL; handshake->ecjpake_cache_len = 0; @@ -3791,7 +3684,7 @@ static void ssl_handshake_params_init( mbedtls_ssl_handshake_params *handshake ) #endif #if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED) - mbedtls_x509_crt_restart_init( &handshake->ecrs_ctx ); + mbedtls_x509_crt_restart_init(&handshake->ecrs_ctx); #endif #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) @@ -3800,110 +3693,109 @@ static void ssl_handshake_params_init( mbedtls_ssl_handshake_params *handshake ) #if defined(MBEDTLS_X509_CRT_PARSE_C) && \ !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) - mbedtls_pk_init( &handshake->peer_pubkey ); + mbedtls_pk_init(&handshake->peer_pubkey); #endif } -void mbedtls_ssl_transform_init( mbedtls_ssl_transform *transform ) +void mbedtls_ssl_transform_init(mbedtls_ssl_transform *transform) { - memset( transform, 0, sizeof(mbedtls_ssl_transform) ); + memset(transform, 0, sizeof(mbedtls_ssl_transform)); - mbedtls_cipher_init( &transform->cipher_ctx_enc ); - mbedtls_cipher_init( &transform->cipher_ctx_dec ); + mbedtls_cipher_init(&transform->cipher_ctx_enc); + mbedtls_cipher_init(&transform->cipher_ctx_dec); #if defined(MBEDTLS_SSL_SOME_MODES_USE_MAC) - mbedtls_md_init( &transform->md_ctx_enc ); - mbedtls_md_init( &transform->md_ctx_dec ); + mbedtls_md_init(&transform->md_ctx_enc); + mbedtls_md_init(&transform->md_ctx_dec); #endif } -void mbedtls_ssl_session_init( mbedtls_ssl_session *session ) +void mbedtls_ssl_session_init(mbedtls_ssl_session *session) { - memset( session, 0, sizeof(mbedtls_ssl_session) ); + memset(session, 0, sizeof(mbedtls_ssl_session)); } MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_handshake_init( mbedtls_ssl_context *ssl ) +static int ssl_handshake_init(mbedtls_ssl_context *ssl) { /* Clear old handshake information if present */ - if( ssl->transform_negotiate ) - mbedtls_ssl_transform_free( ssl->transform_negotiate ); - if( ssl->session_negotiate ) - mbedtls_ssl_session_free( ssl->session_negotiate ); - if( ssl->handshake ) - mbedtls_ssl_handshake_free( ssl ); + if (ssl->transform_negotiate) { + mbedtls_ssl_transform_free(ssl->transform_negotiate); + } + if (ssl->session_negotiate) { + mbedtls_ssl_session_free(ssl->session_negotiate); + } + if (ssl->handshake) { + mbedtls_ssl_handshake_free(ssl); + } /* * Either the pointers are now NULL or cleared properly and can be freed. * Now allocate missing structures. */ - if( ssl->transform_negotiate == NULL ) - { - ssl->transform_negotiate = mbedtls_calloc( 1, sizeof(mbedtls_ssl_transform) ); + if (ssl->transform_negotiate == NULL) { + ssl->transform_negotiate = mbedtls_calloc(1, sizeof(mbedtls_ssl_transform)); } - if( ssl->session_negotiate == NULL ) - { - ssl->session_negotiate = mbedtls_calloc( 1, sizeof(mbedtls_ssl_session) ); + if (ssl->session_negotiate == NULL) { + ssl->session_negotiate = mbedtls_calloc(1, sizeof(mbedtls_ssl_session)); } - if( ssl->handshake == NULL ) - { - ssl->handshake = mbedtls_calloc( 1, sizeof(mbedtls_ssl_handshake_params) ); + if (ssl->handshake == NULL) { + ssl->handshake = mbedtls_calloc(1, sizeof(mbedtls_ssl_handshake_params)); } #if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) /* If the buffers are too small - reallocate */ - handle_buffer_resizing( ssl, 0, MBEDTLS_SSL_IN_BUFFER_LEN, - MBEDTLS_SSL_OUT_BUFFER_LEN ); + handle_buffer_resizing(ssl, 0, MBEDTLS_SSL_IN_BUFFER_LEN, + MBEDTLS_SSL_OUT_BUFFER_LEN); #endif /* All pointers should exist and can be directly freed without issue */ - if( ssl->handshake == NULL || + if (ssl->handshake == NULL || ssl->transform_negotiate == NULL || - ssl->session_negotiate == NULL ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc() of ssl sub-contexts failed" ) ); + ssl->session_negotiate == NULL) { + MBEDTLS_SSL_DEBUG_MSG(1, ("alloc() of ssl sub-contexts failed")); - mbedtls_free( ssl->handshake ); - mbedtls_free( ssl->transform_negotiate ); - mbedtls_free( ssl->session_negotiate ); + mbedtls_free(ssl->handshake); + mbedtls_free(ssl->transform_negotiate); + mbedtls_free(ssl->session_negotiate); ssl->handshake = NULL; ssl->transform_negotiate = NULL; ssl->session_negotiate = NULL; - return( MBEDTLS_ERR_SSL_ALLOC_FAILED ); + return MBEDTLS_ERR_SSL_ALLOC_FAILED; } /* Initialize structures */ - mbedtls_ssl_session_init( ssl->session_negotiate ); - mbedtls_ssl_transform_init( ssl->transform_negotiate ); - ssl_handshake_params_init( ssl->handshake ); + mbedtls_ssl_session_init(ssl->session_negotiate); + mbedtls_ssl_transform_init(ssl->transform_negotiate); + ssl_handshake_params_init(ssl->handshake); #if defined(MBEDTLS_SSL_PROTO_DTLS) - if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) - { + if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { ssl->handshake->alt_transform_out = ssl->transform_out; - if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT ) + if (ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT) { ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_PREPARING; - else + } else { ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_WAITING; + } - mbedtls_ssl_set_timer( ssl, 0 ); + mbedtls_ssl_set_timer(ssl, 0); } #endif - return( 0 ); + return 0; } #if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C) /* Dummy cookie callbacks for defaults */ MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_cookie_write_dummy( void *ctx, - unsigned char **p, unsigned char *end, - const unsigned char *cli_id, size_t cli_id_len ) +static int ssl_cookie_write_dummy(void *ctx, + unsigned char **p, unsigned char *end, + const unsigned char *cli_id, size_t cli_id_len) { ((void) ctx); ((void) p); @@ -3911,13 +3803,13 @@ static int ssl_cookie_write_dummy( void *ctx, ((void) cli_id); ((void) cli_id_len); - return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE ); + return MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; } MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_cookie_check_dummy( void *ctx, - const unsigned char *cookie, size_t cookie_len, - const unsigned char *cli_id, size_t cli_id_len ) +static int ssl_cookie_check_dummy(void *ctx, + const unsigned char *cookie, size_t cookie_len, + const unsigned char *cli_id, size_t cli_id_len) { ((void) ctx); ((void) cookie); @@ -3925,24 +3817,24 @@ static int ssl_cookie_check_dummy( void *ctx, ((void) cli_id); ((void) cli_id_len); - return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE ); + return MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; } #endif /* MBEDTLS_SSL_DTLS_HELLO_VERIFY && MBEDTLS_SSL_SRV_C */ /* * Initialize an SSL context */ -void mbedtls_ssl_init( mbedtls_ssl_context *ssl ) +void mbedtls_ssl_init(mbedtls_ssl_context *ssl) { - memset( ssl, 0, sizeof( mbedtls_ssl_context ) ); + memset(ssl, 0, sizeof(mbedtls_ssl_context)); } /* * Setup an SSL context */ -int mbedtls_ssl_setup( mbedtls_ssl_context *ssl, - const mbedtls_ssl_config *conf ) +int mbedtls_ssl_setup(mbedtls_ssl_context *ssl, + const mbedtls_ssl_config *conf) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t in_buf_len = MBEDTLS_SSL_IN_BUFFER_LEN; @@ -3960,10 +3852,9 @@ int mbedtls_ssl_setup( mbedtls_ssl_context *ssl, #if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) ssl->in_buf_len = in_buf_len; #endif - ssl->in_buf = mbedtls_calloc( 1, in_buf_len ); - if( ssl->in_buf == NULL ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc(%" MBEDTLS_PRINTF_SIZET " bytes) failed", in_buf_len ) ); + ssl->in_buf = mbedtls_calloc(1, in_buf_len); + if (ssl->in_buf == NULL) { + MBEDTLS_SSL_DEBUG_MSG(1, ("alloc(%" MBEDTLS_PRINTF_SIZET " bytes) failed", in_buf_len)); ret = MBEDTLS_ERR_SSL_ALLOC_FAILED; goto error; } @@ -3971,28 +3862,28 @@ int mbedtls_ssl_setup( mbedtls_ssl_context *ssl, #if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) ssl->out_buf_len = out_buf_len; #endif - ssl->out_buf = mbedtls_calloc( 1, out_buf_len ); - if( ssl->out_buf == NULL ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc(%" MBEDTLS_PRINTF_SIZET " bytes) failed", out_buf_len ) ); + ssl->out_buf = mbedtls_calloc(1, out_buf_len); + if (ssl->out_buf == NULL) { + MBEDTLS_SSL_DEBUG_MSG(1, ("alloc(%" MBEDTLS_PRINTF_SIZET " bytes) failed", out_buf_len)); ret = MBEDTLS_ERR_SSL_ALLOC_FAILED; goto error; } - mbedtls_ssl_reset_in_out_pointers( ssl ); + mbedtls_ssl_reset_in_out_pointers(ssl); #if defined(MBEDTLS_SSL_DTLS_SRTP) - memset( &ssl->dtls_srtp_info, 0, sizeof(ssl->dtls_srtp_info) ); + memset(&ssl->dtls_srtp_info, 0, sizeof(ssl->dtls_srtp_info)); #endif - if( ( ret = ssl_handshake_init( ssl ) ) != 0 ) + if ((ret = ssl_handshake_init(ssl)) != 0) { goto error; + } - return( 0 ); + return 0; error: - mbedtls_free( ssl->in_buf ); - mbedtls_free( ssl->out_buf ); + mbedtls_free(ssl->in_buf); + mbedtls_free(ssl->out_buf); ssl->conf = NULL; @@ -4015,7 +3906,7 @@ error: ssl->out_iv = NULL; ssl->out_msg = NULL; - return( ret ); + return ret; } /* @@ -4025,7 +3916,7 @@ error: * If partial is non-zero, keep data in the input buffer and client ID. * (Use when a DTLS client reconnects from the same port.) */ -int mbedtls_ssl_session_reset_int( mbedtls_ssl_context *ssl, int partial ) +int mbedtls_ssl_session_reset_int(mbedtls_ssl_context *ssl, int partial) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; #if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) @@ -4044,20 +3935,20 @@ int mbedtls_ssl_session_reset_int( mbedtls_ssl_context *ssl, int partial ) ssl->state = MBEDTLS_SSL_HELLO_REQUEST; /* Cancel any possibly running timer */ - mbedtls_ssl_set_timer( ssl, 0 ); + mbedtls_ssl_set_timer(ssl, 0); #if defined(MBEDTLS_SSL_RENEGOTIATION) ssl->renego_status = MBEDTLS_SSL_INITIAL_HANDSHAKE; ssl->renego_records_seen = 0; ssl->verify_data_len = 0; - memset( ssl->own_verify_data, 0, MBEDTLS_SSL_VERIFY_DATA_MAX_LEN ); - memset( ssl->peer_verify_data, 0, MBEDTLS_SSL_VERIFY_DATA_MAX_LEN ); + memset(ssl->own_verify_data, 0, MBEDTLS_SSL_VERIFY_DATA_MAX_LEN); + memset(ssl->peer_verify_data, 0, MBEDTLS_SSL_VERIFY_DATA_MAX_LEN); #endif ssl->secure_renegotiation = MBEDTLS_SSL_LEGACY_RENEGOTIATION; ssl->in_offt = NULL; - mbedtls_ssl_reset_in_out_pointers( ssl ); + mbedtls_ssl_reset_in_out_pointers(ssl); ssl->in_msgtype = 0; ssl->in_msglen = 0; @@ -4066,7 +3957,7 @@ int mbedtls_ssl_session_reset_int( mbedtls_ssl_context *ssl, int partial ) ssl->in_epoch = 0; #endif #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) - mbedtls_ssl_dtls_replay_reset( ssl ); + mbedtls_ssl_dtls_replay_reset(ssl); #endif ssl->in_hslen = 0; @@ -4078,11 +3969,12 @@ int mbedtls_ssl_session_reset_int( mbedtls_ssl_context *ssl, int partial ) ssl->out_msglen = 0; ssl->out_left = 0; #if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING) - if( ssl->split_done != MBEDTLS_SSL_CBC_RECORD_SPLITTING_DISABLED ) + if (ssl->split_done != MBEDTLS_SSL_CBC_RECORD_SPLITTING_DISABLED) { ssl->split_done = 0; + } #endif - memset( ssl->cur_out_ctr, 0, sizeof( ssl->cur_out_ctr ) ); + memset(ssl->cur_out_ctr, 0, sizeof(ssl->cur_out_ctr)); ssl->transform_in = NULL; ssl->transform_out = NULL; @@ -4090,42 +3982,38 @@ int mbedtls_ssl_session_reset_int( mbedtls_ssl_context *ssl, int partial ) ssl->session_in = NULL; ssl->session_out = NULL; - memset( ssl->out_buf, 0, out_buf_len ); + memset(ssl->out_buf, 0, out_buf_len); int clear_in_buf = 1; #if defined(MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE) && defined(MBEDTLS_SSL_SRV_C) - if( partial != 0 ) + if (partial != 0) { clear_in_buf = 0; + } #endif /* MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE && MBEDTLS_SSL_SRV_C */ - if( clear_in_buf ) - { + if (clear_in_buf) { ssl->in_left = 0; - memset( ssl->in_buf, 0, in_buf_len ); + memset(ssl->in_buf, 0, in_buf_len); } #if defined(MBEDTLS_SSL_HW_RECORD_ACCEL) - if( mbedtls_ssl_hw_record_reset != NULL ) - { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "going for mbedtls_ssl_hw_record_reset()" ) ); - if( ( ret = mbedtls_ssl_hw_record_reset( ssl ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_hw_record_reset", ret ); - return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); + if (mbedtls_ssl_hw_record_reset != NULL) { + MBEDTLS_SSL_DEBUG_MSG(2, ("going for mbedtls_ssl_hw_record_reset()")); + if ((ret = mbedtls_ssl_hw_record_reset(ssl)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_hw_record_reset", ret); + return MBEDTLS_ERR_SSL_HW_ACCEL_FAILED; } } #endif - if( ssl->transform ) - { - mbedtls_ssl_transform_free( ssl->transform ); - mbedtls_free( ssl->transform ); + if (ssl->transform) { + mbedtls_ssl_transform_free(ssl->transform); + mbedtls_free(ssl->transform); ssl->transform = NULL; } - if( ssl->session ) - { - mbedtls_ssl_session_free( ssl->session ); - mbedtls_free( ssl->session ); + if (ssl->session) { + mbedtls_ssl_session_free(ssl->session); + mbedtls_free(ssl->session); ssl->session = NULL; } @@ -4136,54 +4024,55 @@ int mbedtls_ssl_session_reset_int( mbedtls_ssl_context *ssl, int partial ) #if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C) int free_cli_id = 1; #if defined(MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE) - if( partial != 0 ) + if (partial != 0) { free_cli_id = 0; + } #endif - if( free_cli_id ) - { - mbedtls_free( ssl->cli_id ); + if (free_cli_id) { + mbedtls_free(ssl->cli_id); ssl->cli_id = NULL; ssl->cli_id_len = 0; } #endif - if( ( ret = ssl_handshake_init( ssl ) ) != 0 ) - return( ret ); + if ((ret = ssl_handshake_init(ssl)) != 0) { + return ret; + } - return( 0 ); + return 0; } /* * Reset an initialized and used SSL context for re-use while retaining * all application-set variables, function pointers and data. */ -int mbedtls_ssl_session_reset( mbedtls_ssl_context *ssl ) +int mbedtls_ssl_session_reset(mbedtls_ssl_context *ssl) { - return( mbedtls_ssl_session_reset_int( ssl, 0 ) ); + return mbedtls_ssl_session_reset_int(ssl, 0); } /* * SSL set accessors */ -void mbedtls_ssl_conf_endpoint( mbedtls_ssl_config *conf, int endpoint ) +void mbedtls_ssl_conf_endpoint(mbedtls_ssl_config *conf, int endpoint) { conf->endpoint = endpoint; } -void mbedtls_ssl_conf_transport( mbedtls_ssl_config *conf, int transport ) +void mbedtls_ssl_conf_transport(mbedtls_ssl_config *conf, int transport) { conf->transport = transport; } #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) -void mbedtls_ssl_conf_dtls_anti_replay( mbedtls_ssl_config *conf, char mode ) +void mbedtls_ssl_conf_dtls_anti_replay(mbedtls_ssl_config *conf, char mode) { conf->anti_replay = mode; } #endif #if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT) -void mbedtls_ssl_conf_dtls_badmac_limit( mbedtls_ssl_config *conf, unsigned limit ) +void mbedtls_ssl_conf_dtls_badmac_limit(mbedtls_ssl_config *conf, unsigned limit) { conf->badmac_limit = limit; } @@ -4191,56 +4080,56 @@ void mbedtls_ssl_conf_dtls_badmac_limit( mbedtls_ssl_config *conf, unsigned limi #if defined(MBEDTLS_SSL_PROTO_DTLS) -void mbedtls_ssl_set_datagram_packing( mbedtls_ssl_context *ssl, - unsigned allow_packing ) +void mbedtls_ssl_set_datagram_packing(mbedtls_ssl_context *ssl, + unsigned allow_packing) { ssl->disable_datagram_packing = !allow_packing; } -void mbedtls_ssl_conf_handshake_timeout( mbedtls_ssl_config *conf, - uint32_t min, uint32_t max ) +void mbedtls_ssl_conf_handshake_timeout(mbedtls_ssl_config *conf, + uint32_t min, uint32_t max) { conf->hs_timeout_min = min; conf->hs_timeout_max = max; } #endif -void mbedtls_ssl_conf_authmode( mbedtls_ssl_config *conf, int authmode ) +void mbedtls_ssl_conf_authmode(mbedtls_ssl_config *conf, int authmode) { conf->authmode = authmode; } #if defined(MBEDTLS_X509_CRT_PARSE_C) -void mbedtls_ssl_conf_verify( mbedtls_ssl_config *conf, - int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), - void *p_vrfy ) +void mbedtls_ssl_conf_verify(mbedtls_ssl_config *conf, + int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), + void *p_vrfy) { conf->f_vrfy = f_vrfy; conf->p_vrfy = p_vrfy; } #endif /* MBEDTLS_X509_CRT_PARSE_C */ -void mbedtls_ssl_conf_rng( mbedtls_ssl_config *conf, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ) +void mbedtls_ssl_conf_rng(mbedtls_ssl_config *conf, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng) { conf->f_rng = f_rng; conf->p_rng = p_rng; } -void mbedtls_ssl_conf_dbg( mbedtls_ssl_config *conf, - void (*f_dbg)(void *, int, const char *, int, const char *), - void *p_dbg ) +void mbedtls_ssl_conf_dbg(mbedtls_ssl_config *conf, + void (*f_dbg)(void *, int, const char *, int, const char *), + void *p_dbg) { conf->f_dbg = f_dbg; conf->p_dbg = p_dbg; } -void mbedtls_ssl_set_bio( mbedtls_ssl_context *ssl, - void *p_bio, - mbedtls_ssl_send_t *f_send, - mbedtls_ssl_recv_t *f_recv, - mbedtls_ssl_recv_timeout_t *f_recv_timeout ) +void mbedtls_ssl_set_bio(mbedtls_ssl_context *ssl, + void *p_bio, + mbedtls_ssl_send_t *f_send, + mbedtls_ssl_recv_t *f_recv, + mbedtls_ssl_recv_timeout_t *f_recv_timeout) { ssl->p_bio = p_bio; ssl->f_send = f_send; @@ -4249,35 +4138,35 @@ void mbedtls_ssl_set_bio( mbedtls_ssl_context *ssl, } #if defined(MBEDTLS_SSL_PROTO_DTLS) -void mbedtls_ssl_set_mtu( mbedtls_ssl_context *ssl, uint16_t mtu ) +void mbedtls_ssl_set_mtu(mbedtls_ssl_context *ssl, uint16_t mtu) { ssl->mtu = mtu; } #endif -void mbedtls_ssl_conf_read_timeout( mbedtls_ssl_config *conf, uint32_t timeout ) +void mbedtls_ssl_conf_read_timeout(mbedtls_ssl_config *conf, uint32_t timeout) { conf->read_timeout = timeout; } -void mbedtls_ssl_set_timer_cb( mbedtls_ssl_context *ssl, - void *p_timer, - mbedtls_ssl_set_timer_t *f_set_timer, - mbedtls_ssl_get_timer_t *f_get_timer ) +void mbedtls_ssl_set_timer_cb(mbedtls_ssl_context *ssl, + void *p_timer, + mbedtls_ssl_set_timer_t *f_set_timer, + mbedtls_ssl_get_timer_t *f_get_timer) { ssl->p_timer = p_timer; ssl->f_set_timer = f_set_timer; ssl->f_get_timer = f_get_timer; /* Make sure we start with no timer running */ - mbedtls_ssl_set_timer( ssl, 0 ); + mbedtls_ssl_set_timer(ssl, 0); } #if defined(MBEDTLS_SSL_SRV_C) -void mbedtls_ssl_conf_session_cache( mbedtls_ssl_config *conf, - void *p_cache, - int (*f_get_cache)(void *, mbedtls_ssl_session *), - int (*f_set_cache)(void *, const mbedtls_ssl_session *) ) +void mbedtls_ssl_conf_session_cache(mbedtls_ssl_config *conf, + void *p_cache, + int (*f_get_cache)(void *, mbedtls_ssl_session *), + int (*f_set_cache)(void *, const mbedtls_ssl_session *)) { conf->p_cache = p_cache; conf->f_get_cache = f_get_cache; @@ -4286,30 +4175,30 @@ void mbedtls_ssl_conf_session_cache( mbedtls_ssl_config *conf, #endif /* MBEDTLS_SSL_SRV_C */ #if defined(MBEDTLS_SSL_CLI_C) -int mbedtls_ssl_set_session( mbedtls_ssl_context *ssl, const mbedtls_ssl_session *session ) +int mbedtls_ssl_set_session(mbedtls_ssl_context *ssl, const mbedtls_ssl_session *session) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - if( ssl == NULL || + if (ssl == NULL || session == NULL || ssl->session_negotiate == NULL || - ssl->conf->endpoint != MBEDTLS_SSL_IS_CLIENT ) - { - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + ssl->conf->endpoint != MBEDTLS_SSL_IS_CLIENT) { + return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; } - if( ( ret = mbedtls_ssl_session_copy( ssl->session_negotiate, - session ) ) != 0 ) - return( ret ); + if ((ret = mbedtls_ssl_session_copy(ssl->session_negotiate, + session)) != 0) { + return ret; + } ssl->handshake->resume = 1; - return( 0 ); + return 0; } #endif /* MBEDTLS_SSL_CLI_C */ -void mbedtls_ssl_conf_ciphersuites( mbedtls_ssl_config *conf, - const int *ciphersuites ) +void mbedtls_ssl_conf_ciphersuites(mbedtls_ssl_config *conf, + const int *ciphersuites) { conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_0] = ciphersuites; conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_1] = ciphersuites; @@ -4317,68 +4206,69 @@ void mbedtls_ssl_conf_ciphersuites( mbedtls_ssl_config *conf, conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_3] = ciphersuites; } -void mbedtls_ssl_conf_ciphersuites_for_version( mbedtls_ssl_config *conf, - const int *ciphersuites, - int major, int minor ) +void mbedtls_ssl_conf_ciphersuites_for_version(mbedtls_ssl_config *conf, + const int *ciphersuites, + int major, int minor) { - if( major != MBEDTLS_SSL_MAJOR_VERSION_3 ) + if (major != MBEDTLS_SSL_MAJOR_VERSION_3) { return; + } - if( minor < MBEDTLS_SSL_MINOR_VERSION_0 || minor > MBEDTLS_SSL_MINOR_VERSION_3 ) + if (minor < MBEDTLS_SSL_MINOR_VERSION_0 || minor > MBEDTLS_SSL_MINOR_VERSION_3) { return; + } conf->ciphersuite_list[minor] = ciphersuites; } #if defined(MBEDTLS_X509_CRT_PARSE_C) -void mbedtls_ssl_conf_cert_profile( mbedtls_ssl_config *conf, - const mbedtls_x509_crt_profile *profile ) +void mbedtls_ssl_conf_cert_profile(mbedtls_ssl_config *conf, + const mbedtls_x509_crt_profile *profile) { conf->cert_profile = profile; } /* Append a new keycert entry to a (possibly empty) list */ MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_append_key_cert( mbedtls_ssl_key_cert **head, - mbedtls_x509_crt *cert, - mbedtls_pk_context *key ) +static int ssl_append_key_cert(mbedtls_ssl_key_cert **head, + mbedtls_x509_crt *cert, + mbedtls_pk_context *key) { mbedtls_ssl_key_cert *new_cert; - new_cert = mbedtls_calloc( 1, sizeof( mbedtls_ssl_key_cert ) ); - if( new_cert == NULL ) - return( MBEDTLS_ERR_SSL_ALLOC_FAILED ); + new_cert = mbedtls_calloc(1, sizeof(mbedtls_ssl_key_cert)); + if (new_cert == NULL) { + return MBEDTLS_ERR_SSL_ALLOC_FAILED; + } new_cert->cert = cert; new_cert->key = key; new_cert->next = NULL; /* Update head is the list was null, else add to the end */ - if( *head == NULL ) - { + if (*head == NULL) { *head = new_cert; - } - else - { + } else { mbedtls_ssl_key_cert *cur = *head; - while( cur->next != NULL ) + while (cur->next != NULL) { cur = cur->next; + } cur->next = new_cert; } - return( 0 ); + return 0; } -int mbedtls_ssl_conf_own_cert( mbedtls_ssl_config *conf, +int mbedtls_ssl_conf_own_cert(mbedtls_ssl_config *conf, mbedtls_x509_crt *own_cert, - mbedtls_pk_context *pk_key ) + mbedtls_pk_context *pk_key) { - return( ssl_append_key_cert( &conf->key_cert, own_cert, pk_key ) ); + return ssl_append_key_cert(&conf->key_cert, own_cert, pk_key); } -void mbedtls_ssl_conf_ca_chain( mbedtls_ssl_config *conf, +void mbedtls_ssl_conf_ca_chain(mbedtls_ssl_config *conf, mbedtls_x509_crt *ca_chain, - mbedtls_x509_crl *ca_crl ) + mbedtls_x509_crl *ca_crl) { conf->ca_chain = ca_chain; conf->ca_crl = ca_crl; @@ -4392,9 +4282,9 @@ void mbedtls_ssl_conf_ca_chain( mbedtls_ssl_config *conf, } #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) -void mbedtls_ssl_conf_ca_cb( mbedtls_ssl_config *conf, - mbedtls_x509_crt_ca_cb_t f_ca_cb, - void *p_ca_cb ) +void mbedtls_ssl_conf_ca_cb(mbedtls_ssl_config *conf, + mbedtls_x509_crt_ca_cb_t f_ca_cb, + void *p_ca_cb) { conf->f_ca_cb = f_ca_cb; conf->p_ca_cb = p_ca_cb; @@ -4408,33 +4298,33 @@ void mbedtls_ssl_conf_ca_cb( mbedtls_ssl_config *conf, #endif /* MBEDTLS_X509_CRT_PARSE_C */ #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) -int mbedtls_ssl_set_hs_own_cert( mbedtls_ssl_context *ssl, - mbedtls_x509_crt *own_cert, - mbedtls_pk_context *pk_key ) +int mbedtls_ssl_set_hs_own_cert(mbedtls_ssl_context *ssl, + mbedtls_x509_crt *own_cert, + mbedtls_pk_context *pk_key) { - return( ssl_append_key_cert( &ssl->handshake->sni_key_cert, - own_cert, pk_key ) ); + return ssl_append_key_cert(&ssl->handshake->sni_key_cert, + own_cert, pk_key); } -void mbedtls_ssl_set_hs_ca_chain( mbedtls_ssl_context *ssl, - mbedtls_x509_crt *ca_chain, - mbedtls_x509_crl *ca_crl ) +void mbedtls_ssl_set_hs_ca_chain(mbedtls_ssl_context *ssl, + mbedtls_x509_crt *ca_chain, + mbedtls_x509_crl *ca_crl) { ssl->handshake->sni_ca_chain = ca_chain; ssl->handshake->sni_ca_crl = ca_crl; } -void mbedtls_ssl_set_hs_authmode( mbedtls_ssl_context *ssl, - int authmode ) +void mbedtls_ssl_set_hs_authmode(mbedtls_ssl_context *ssl, + int authmode) { ssl->handshake->sni_authmode = authmode; } #endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */ #if defined(MBEDTLS_X509_CRT_PARSE_C) -void mbedtls_ssl_set_verify( mbedtls_ssl_context *ssl, - int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), - void *p_vrfy ) +void mbedtls_ssl_set_verify(mbedtls_ssl_context *ssl, + int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), + void *p_vrfy) { ssl->f_vrfy = f_vrfy; ssl->p_vrfy = p_vrfy; @@ -4445,36 +4335,37 @@ void mbedtls_ssl_set_verify( mbedtls_ssl_context *ssl, /* * Set EC J-PAKE password for current handshake */ -int mbedtls_ssl_set_hs_ecjpake_password( mbedtls_ssl_context *ssl, - const unsigned char *pw, - size_t pw_len ) +int mbedtls_ssl_set_hs_ecjpake_password(mbedtls_ssl_context *ssl, + const unsigned char *pw, + size_t pw_len) { mbedtls_ecjpake_role role; - if( ssl->handshake == NULL || ssl->conf == NULL ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + if (ssl->handshake == NULL || ssl->conf == NULL) { + return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; + } - if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER ) + if (ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER) { role = MBEDTLS_ECJPAKE_SERVER; - else + } else { role = MBEDTLS_ECJPAKE_CLIENT; + } - return( mbedtls_ecjpake_setup( &ssl->handshake->ecjpake_ctx, - role, - MBEDTLS_MD_SHA256, - MBEDTLS_ECP_DP_SECP256R1, - pw, pw_len ) ); + return mbedtls_ecjpake_setup(&ssl->handshake->ecjpake_ctx, + role, + MBEDTLS_MD_SHA256, + MBEDTLS_ECP_DP_SECP256R1, + pw, pw_len); } #endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) -static void ssl_conf_remove_psk( mbedtls_ssl_config *conf ) +static void ssl_conf_remove_psk(mbedtls_ssl_config *conf) { /* Remove reference to existing PSK, if any. */ #if defined(MBEDTLS_USE_PSA_CRYPTO) - if( ! mbedtls_svc_key_id_is_null( conf->psk_opaque ) ) - { + if (!mbedtls_svc_key_id_is_null(conf->psk_opaque)) { /* The maintenance of the PSK key slot is the * user's responsibility. */ conf->psk_opaque = MBEDTLS_SVC_KEY_ID_INIT; @@ -4485,19 +4376,17 @@ static void ssl_conf_remove_psk( mbedtls_ssl_config *conf ) * configured simultaneously. As a safeguard, * though, `else` is omitted here. */ #endif /* MBEDTLS_USE_PSA_CRYPTO */ - if( conf->psk != NULL ) - { - mbedtls_platform_zeroize( conf->psk, conf->psk_len ); + if (conf->psk != NULL) { + mbedtls_platform_zeroize(conf->psk, conf->psk_len); - mbedtls_free( conf->psk ); + mbedtls_free(conf->psk); conf->psk = NULL; conf->psk_len = 0; } /* Remove reference to PSK identity, if any. */ - if( conf->psk_identity != NULL ) - { - mbedtls_free( conf->psk_identity ); + if (conf->psk_identity != NULL) { + mbedtls_free(conf->psk_identity); conf->psk_identity = NULL; conf->psk_identity_len = 0; } @@ -4508,136 +4397,144 @@ static void ssl_conf_remove_psk( mbedtls_ssl_config *conf ) * to make a copy of it in the SSL config. * On failure, the PSK identity in the config remains unset. */ MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_conf_set_psk_identity( mbedtls_ssl_config *conf, - unsigned char const *psk_identity, - size_t psk_identity_len ) +static int ssl_conf_set_psk_identity(mbedtls_ssl_config *conf, + unsigned char const *psk_identity, + size_t psk_identity_len) { /* Identity len will be encoded on two bytes */ - if( psk_identity == NULL || - ( psk_identity_len >> 16 ) != 0 || - psk_identity_len > MBEDTLS_SSL_OUT_CONTENT_LEN ) - { - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + if (psk_identity == NULL || + (psk_identity_len >> 16) != 0 || + psk_identity_len > MBEDTLS_SSL_OUT_CONTENT_LEN) { + return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; } - conf->psk_identity = mbedtls_calloc( 1, psk_identity_len ); - if( conf->psk_identity == NULL ) - return( MBEDTLS_ERR_SSL_ALLOC_FAILED ); + conf->psk_identity = mbedtls_calloc(1, psk_identity_len); + if (conf->psk_identity == NULL) { + return MBEDTLS_ERR_SSL_ALLOC_FAILED; + } conf->psk_identity_len = psk_identity_len; - memcpy( conf->psk_identity, psk_identity, conf->psk_identity_len ); + memcpy(conf->psk_identity, psk_identity, conf->psk_identity_len); - return( 0 ); + return 0; } -int mbedtls_ssl_conf_psk( mbedtls_ssl_config *conf, - const unsigned char *psk, size_t psk_len, - const unsigned char *psk_identity, size_t psk_identity_len ) +int mbedtls_ssl_conf_psk(mbedtls_ssl_config *conf, + const unsigned char *psk, size_t psk_len, + const unsigned char *psk_identity, size_t psk_identity_len) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; /* Remove opaque/raw PSK + PSK Identity */ - ssl_conf_remove_psk( conf ); + ssl_conf_remove_psk(conf); /* Check and set raw PSK */ - if( psk == NULL ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); - if( psk_len == 0 ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); - if( psk_len > MBEDTLS_PSK_MAX_LEN ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); - - if( ( conf->psk = mbedtls_calloc( 1, psk_len ) ) == NULL ) - return( MBEDTLS_ERR_SSL_ALLOC_FAILED ); + if (psk == NULL) { + return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; + } + if (psk_len == 0) { + return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; + } + if (psk_len > MBEDTLS_PSK_MAX_LEN) { + return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; + } + + if ((conf->psk = mbedtls_calloc(1, psk_len)) == NULL) { + return MBEDTLS_ERR_SSL_ALLOC_FAILED; + } conf->psk_len = psk_len; - memcpy( conf->psk, psk, conf->psk_len ); + memcpy(conf->psk, psk, conf->psk_len); /* Check and set PSK Identity */ - ret = ssl_conf_set_psk_identity( conf, psk_identity, psk_identity_len ); - if( ret != 0 ) - ssl_conf_remove_psk( conf ); + ret = ssl_conf_set_psk_identity(conf, psk_identity, psk_identity_len); + if (ret != 0) { + ssl_conf_remove_psk(conf); + } - return( ret ); + return ret; } -static void ssl_remove_psk( mbedtls_ssl_context *ssl ) +static void ssl_remove_psk(mbedtls_ssl_context *ssl) { #if defined(MBEDTLS_USE_PSA_CRYPTO) - if( ! mbedtls_svc_key_id_is_null( ssl->handshake->psk_opaque ) ) - { + if (!mbedtls_svc_key_id_is_null(ssl->handshake->psk_opaque)) { ssl->handshake->psk_opaque = MBEDTLS_SVC_KEY_ID_INIT; - } - else + } else #endif /* MBEDTLS_USE_PSA_CRYPTO */ - if( ssl->handshake->psk != NULL ) - { - mbedtls_platform_zeroize( ssl->handshake->psk, - ssl->handshake->psk_len ); - mbedtls_free( ssl->handshake->psk ); + if (ssl->handshake->psk != NULL) { + mbedtls_platform_zeroize(ssl->handshake->psk, + ssl->handshake->psk_len); + mbedtls_free(ssl->handshake->psk); ssl->handshake->psk_len = 0; } } -int mbedtls_ssl_set_hs_psk( mbedtls_ssl_context *ssl, - const unsigned char *psk, size_t psk_len ) +int mbedtls_ssl_set_hs_psk(mbedtls_ssl_context *ssl, + const unsigned char *psk, size_t psk_len) { - if( psk == NULL || ssl->handshake == NULL ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + if (psk == NULL || ssl->handshake == NULL) { + return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; + } - if( psk_len > MBEDTLS_PSK_MAX_LEN ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + if (psk_len > MBEDTLS_PSK_MAX_LEN) { + return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; + } - ssl_remove_psk( ssl ); + ssl_remove_psk(ssl); - if( ( ssl->handshake->psk = mbedtls_calloc( 1, psk_len ) ) == NULL ) - return( MBEDTLS_ERR_SSL_ALLOC_FAILED ); + if ((ssl->handshake->psk = mbedtls_calloc(1, psk_len)) == NULL) { + return MBEDTLS_ERR_SSL_ALLOC_FAILED; + } ssl->handshake->psk_len = psk_len; - memcpy( ssl->handshake->psk, psk, ssl->handshake->psk_len ); + memcpy(ssl->handshake->psk, psk, ssl->handshake->psk_len); - return( 0 ); + return 0; } #if defined(MBEDTLS_USE_PSA_CRYPTO) -int mbedtls_ssl_conf_psk_opaque( mbedtls_ssl_config *conf, - psa_key_id_t psk, - const unsigned char *psk_identity, - size_t psk_identity_len ) +int mbedtls_ssl_conf_psk_opaque(mbedtls_ssl_config *conf, + psa_key_id_t psk, + const unsigned char *psk_identity, + size_t psk_identity_len) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; /* Clear opaque/raw PSK + PSK Identity, if present. */ - ssl_conf_remove_psk( conf ); + ssl_conf_remove_psk(conf); /* Check and set opaque PSK */ - if( mbedtls_svc_key_id_is_null( psk ) ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + if (mbedtls_svc_key_id_is_null(psk)) { + return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; + } conf->psk_opaque = psk; /* Check and set PSK Identity */ - ret = ssl_conf_set_psk_identity( conf, psk_identity, - psk_identity_len ); - if( ret != 0 ) - ssl_conf_remove_psk( conf ); + ret = ssl_conf_set_psk_identity(conf, psk_identity, + psk_identity_len); + if (ret != 0) { + ssl_conf_remove_psk(conf); + } - return( ret ); + return ret; } -int mbedtls_ssl_set_hs_psk_opaque( mbedtls_ssl_context *ssl, - psa_key_id_t psk ) +int mbedtls_ssl_set_hs_psk_opaque(mbedtls_ssl_context *ssl, + psa_key_id_t psk) { - if( ( mbedtls_svc_key_id_is_null( psk ) ) || - ( ssl->handshake == NULL ) ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + if ((mbedtls_svc_key_id_is_null(psk)) || + (ssl->handshake == NULL)) { + return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; + } - ssl_remove_psk( ssl ); + ssl_remove_psk(ssl); ssl->handshake->psk_opaque = psk; - return( 0 ); + return 0; } #endif /* MBEDTLS_USE_PSA_CRYPTO */ -void mbedtls_ssl_conf_psk_cb( mbedtls_ssl_config *conf, - int (*f_psk)(void *, mbedtls_ssl_context *, const unsigned char *, - size_t), - void *p_psk ) +void mbedtls_ssl_conf_psk_cb(mbedtls_ssl_config *conf, + int (*f_psk)(void *, mbedtls_ssl_context *, const unsigned char *, + size_t), + void *p_psk) { conf->f_psk = f_psk; conf->p_psk = p_psk; @@ -4647,58 +4544,55 @@ void mbedtls_ssl_conf_psk_cb( mbedtls_ssl_config *conf, #if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_SRV_C) #if !defined(MBEDTLS_DEPRECATED_REMOVED) -int mbedtls_ssl_conf_dh_param( mbedtls_ssl_config *conf, const char *dhm_P, const char *dhm_G ) +int mbedtls_ssl_conf_dh_param(mbedtls_ssl_config *conf, const char *dhm_P, const char *dhm_G) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - if( ( ret = mbedtls_mpi_read_string( &conf->dhm_P, 16, dhm_P ) ) != 0 || - ( ret = mbedtls_mpi_read_string( &conf->dhm_G, 16, dhm_G ) ) != 0 ) - { - mbedtls_mpi_free( &conf->dhm_P ); - mbedtls_mpi_free( &conf->dhm_G ); - return( ret ); + if ((ret = mbedtls_mpi_read_string(&conf->dhm_P, 16, dhm_P)) != 0 || + (ret = mbedtls_mpi_read_string(&conf->dhm_G, 16, dhm_G)) != 0) { + mbedtls_mpi_free(&conf->dhm_P); + mbedtls_mpi_free(&conf->dhm_G); + return ret; } - return( 0 ); + return 0; } #endif /* MBEDTLS_DEPRECATED_REMOVED */ -int mbedtls_ssl_conf_dh_param_bin( mbedtls_ssl_config *conf, - const unsigned char *dhm_P, size_t P_len, - const unsigned char *dhm_G, size_t G_len ) +int mbedtls_ssl_conf_dh_param_bin(mbedtls_ssl_config *conf, + const unsigned char *dhm_P, size_t P_len, + const unsigned char *dhm_G, size_t G_len) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - mbedtls_mpi_free( &conf->dhm_P ); - mbedtls_mpi_free( &conf->dhm_G ); + mbedtls_mpi_free(&conf->dhm_P); + mbedtls_mpi_free(&conf->dhm_G); - if( ( ret = mbedtls_mpi_read_binary( &conf->dhm_P, dhm_P, P_len ) ) != 0 || - ( ret = mbedtls_mpi_read_binary( &conf->dhm_G, dhm_G, G_len ) ) != 0 ) - { - mbedtls_mpi_free( &conf->dhm_P ); - mbedtls_mpi_free( &conf->dhm_G ); - return( ret ); + if ((ret = mbedtls_mpi_read_binary(&conf->dhm_P, dhm_P, P_len)) != 0 || + (ret = mbedtls_mpi_read_binary(&conf->dhm_G, dhm_G, G_len)) != 0) { + mbedtls_mpi_free(&conf->dhm_P); + mbedtls_mpi_free(&conf->dhm_G); + return ret; } - return( 0 ); + return 0; } -int mbedtls_ssl_conf_dh_param_ctx( mbedtls_ssl_config *conf, mbedtls_dhm_context *dhm_ctx ) +int mbedtls_ssl_conf_dh_param_ctx(mbedtls_ssl_config *conf, mbedtls_dhm_context *dhm_ctx) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - mbedtls_mpi_free( &conf->dhm_P ); - mbedtls_mpi_free( &conf->dhm_G ); + mbedtls_mpi_free(&conf->dhm_P); + mbedtls_mpi_free(&conf->dhm_G); - if( ( ret = mbedtls_mpi_copy( &conf->dhm_P, &dhm_ctx->P ) ) != 0 || - ( ret = mbedtls_mpi_copy( &conf->dhm_G, &dhm_ctx->G ) ) != 0 ) - { - mbedtls_mpi_free( &conf->dhm_P ); - mbedtls_mpi_free( &conf->dhm_G ); - return( ret ); + if ((ret = mbedtls_mpi_copy(&conf->dhm_P, &dhm_ctx->P)) != 0 || + (ret = mbedtls_mpi_copy(&conf->dhm_G, &dhm_ctx->G)) != 0) { + mbedtls_mpi_free(&conf->dhm_P); + mbedtls_mpi_free(&conf->dhm_G); + return ret; } - return( 0 ); + return 0; } #endif /* MBEDTLS_DHM_C && MBEDTLS_SSL_SRV_C */ @@ -4706,8 +4600,8 @@ int mbedtls_ssl_conf_dh_param_ctx( mbedtls_ssl_config *conf, mbedtls_dhm_context /* * Set the minimum length for Diffie-Hellman parameters */ -void mbedtls_ssl_conf_dhm_min_bitlen( mbedtls_ssl_config *conf, - unsigned int bitlen ) +void mbedtls_ssl_conf_dhm_min_bitlen(mbedtls_ssl_config *conf, + unsigned int bitlen) { conf->dhm_min_bitlen = bitlen; } @@ -4717,8 +4611,8 @@ void mbedtls_ssl_conf_dhm_min_bitlen( mbedtls_ssl_config *conf, /* * Set allowed/preferred hashes for handshake signatures */ -void mbedtls_ssl_conf_sig_hashes( mbedtls_ssl_config *conf, - const int *hashes ) +void mbedtls_ssl_conf_sig_hashes(mbedtls_ssl_config *conf, + const int *hashes) { conf->sig_hashes = hashes; } @@ -4728,64 +4622,61 @@ void mbedtls_ssl_conf_sig_hashes( mbedtls_ssl_config *conf, /* * Set the allowed elliptic curves */ -void mbedtls_ssl_conf_curves( mbedtls_ssl_config *conf, - const mbedtls_ecp_group_id *curve_list ) +void mbedtls_ssl_conf_curves(mbedtls_ssl_config *conf, + const mbedtls_ecp_group_id *curve_list) { conf->curve_list = curve_list; } #endif /* MBEDTLS_ECP_C */ #if defined(MBEDTLS_X509_CRT_PARSE_C) -int mbedtls_ssl_set_hostname( mbedtls_ssl_context *ssl, const char *hostname ) +int mbedtls_ssl_set_hostname(mbedtls_ssl_context *ssl, const char *hostname) { /* Initialize to suppress unnecessary compiler warning */ size_t hostname_len = 0; /* Check if new hostname is valid before * making any change to current one */ - if( hostname != NULL ) - { - hostname_len = strlen( hostname ); + if (hostname != NULL) { + hostname_len = strlen(hostname); - if( hostname_len > MBEDTLS_SSL_MAX_HOST_NAME_LEN ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + if (hostname_len > MBEDTLS_SSL_MAX_HOST_NAME_LEN) { + return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; + } } /* Now it's clear that we will overwrite the old hostname, * so we can free it safely */ - if( ssl->hostname != NULL ) - { - mbedtls_platform_zeroize( ssl->hostname, strlen( ssl->hostname ) ); - mbedtls_free( ssl->hostname ); + if (ssl->hostname != NULL) { + mbedtls_platform_zeroize(ssl->hostname, strlen(ssl->hostname)); + mbedtls_free(ssl->hostname); } /* Passing NULL as hostname shall clear the old one */ - if( hostname == NULL ) - { + if (hostname == NULL) { ssl->hostname = NULL; - } - else - { - ssl->hostname = mbedtls_calloc( 1, hostname_len + 1 ); - if( ssl->hostname == NULL ) - return( MBEDTLS_ERR_SSL_ALLOC_FAILED ); + } else { + ssl->hostname = mbedtls_calloc(1, hostname_len + 1); + if (ssl->hostname == NULL) { + return MBEDTLS_ERR_SSL_ALLOC_FAILED; + } - memcpy( ssl->hostname, hostname, hostname_len ); + memcpy(ssl->hostname, hostname, hostname_len); ssl->hostname[hostname_len] = '\0'; } - return( 0 ); + return 0; } #endif /* MBEDTLS_X509_CRT_PARSE_C */ #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) -void mbedtls_ssl_conf_sni( mbedtls_ssl_config *conf, - int (*f_sni)(void *, mbedtls_ssl_context *, - const unsigned char *, size_t), - void *p_sni ) +void mbedtls_ssl_conf_sni(mbedtls_ssl_config *conf, + int (*f_sni)(void *, mbedtls_ssl_context *, + const unsigned char *, size_t), + void *p_sni) { conf->f_sni = f_sni; conf->p_sni = p_sni; @@ -4793,7 +4684,7 @@ void mbedtls_ssl_conf_sni( mbedtls_ssl_config *conf, #endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */ #if defined(MBEDTLS_SSL_ALPN) -int mbedtls_ssl_conf_alpn_protocols( mbedtls_ssl_config *conf, const char **protos ) +int mbedtls_ssl_conf_alpn_protocols(mbedtls_ssl_config *conf, const char **protos) { size_t cur_len, tot_len; const char **p; @@ -4804,221 +4695,210 @@ int mbedtls_ssl_conf_alpn_protocols( mbedtls_ssl_config *conf, const char **prot * We check lengths now rather than later. */ tot_len = 0; - for( p = protos; *p != NULL; p++ ) - { - cur_len = strlen( *p ); + for (p = protos; *p != NULL; p++) { + cur_len = strlen(*p); tot_len += cur_len; - if( ( cur_len == 0 ) || - ( cur_len > MBEDTLS_SSL_MAX_ALPN_NAME_LEN ) || - ( tot_len > MBEDTLS_SSL_MAX_ALPN_LIST_LEN ) ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + if ((cur_len == 0) || + (cur_len > MBEDTLS_SSL_MAX_ALPN_NAME_LEN) || + (tot_len > MBEDTLS_SSL_MAX_ALPN_LIST_LEN)) { + return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; + } } conf->alpn_list = protos; - return( 0 ); + return 0; } -const char *mbedtls_ssl_get_alpn_protocol( const mbedtls_ssl_context *ssl ) +const char *mbedtls_ssl_get_alpn_protocol(const mbedtls_ssl_context *ssl) { - return( ssl->alpn_chosen ); + return ssl->alpn_chosen; } #endif /* MBEDTLS_SSL_ALPN */ #if defined(MBEDTLS_SSL_DTLS_SRTP) -void mbedtls_ssl_conf_srtp_mki_value_supported( mbedtls_ssl_config *conf, - int support_mki_value ) +void mbedtls_ssl_conf_srtp_mki_value_supported(mbedtls_ssl_config *conf, + int support_mki_value) { conf->dtls_srtp_mki_support = support_mki_value; } -int mbedtls_ssl_dtls_srtp_set_mki_value( mbedtls_ssl_context *ssl, - unsigned char *mki_value, - uint16_t mki_len ) +int mbedtls_ssl_dtls_srtp_set_mki_value(mbedtls_ssl_context *ssl, + unsigned char *mki_value, + uint16_t mki_len) { - if( mki_len > MBEDTLS_TLS_SRTP_MAX_MKI_LENGTH ) - { - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + if (mki_len > MBEDTLS_TLS_SRTP_MAX_MKI_LENGTH) { + return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; } - if( ssl->conf->dtls_srtp_mki_support == MBEDTLS_SSL_DTLS_SRTP_MKI_UNSUPPORTED ) - { - return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE ); + if (ssl->conf->dtls_srtp_mki_support == MBEDTLS_SSL_DTLS_SRTP_MKI_UNSUPPORTED) { + return MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; } - memcpy( ssl->dtls_srtp_info.mki_value, mki_value, mki_len ); + memcpy(ssl->dtls_srtp_info.mki_value, mki_value, mki_len); ssl->dtls_srtp_info.mki_len = mki_len; - return( 0 ); + return 0; } -int mbedtls_ssl_conf_dtls_srtp_protection_profiles( mbedtls_ssl_config *conf, - const mbedtls_ssl_srtp_profile *profiles ) +int mbedtls_ssl_conf_dtls_srtp_protection_profiles(mbedtls_ssl_config *conf, + const mbedtls_ssl_srtp_profile *profiles) { const mbedtls_ssl_srtp_profile *p; size_t list_size = 0; /* check the profiles list: all entry must be valid, * its size cannot be more than the total number of supported profiles, currently 4 */ - for( p = profiles; *p != MBEDTLS_TLS_SRTP_UNSET && - list_size <= MBEDTLS_TLS_SRTP_MAX_PROFILE_LIST_LENGTH; - p++ ) - { - if( mbedtls_ssl_check_srtp_profile_value( *p ) != MBEDTLS_TLS_SRTP_UNSET ) - { + for (p = profiles; *p != MBEDTLS_TLS_SRTP_UNSET && + list_size <= MBEDTLS_TLS_SRTP_MAX_PROFILE_LIST_LENGTH; + p++) { + if (mbedtls_ssl_check_srtp_profile_value(*p) != MBEDTLS_TLS_SRTP_UNSET) { list_size++; - } - else - { + } else { /* unsupported value, stop parsing and set the size to an error value */ list_size = MBEDTLS_TLS_SRTP_MAX_PROFILE_LIST_LENGTH + 1; } } - if( list_size > MBEDTLS_TLS_SRTP_MAX_PROFILE_LIST_LENGTH ) - { - conf->dtls_srtp_profile_list = NULL; - conf->dtls_srtp_profile_list_len = 0; - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + if (list_size > MBEDTLS_TLS_SRTP_MAX_PROFILE_LIST_LENGTH) { + conf->dtls_srtp_profile_list = NULL; + conf->dtls_srtp_profile_list_len = 0; + return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; } conf->dtls_srtp_profile_list = profiles; conf->dtls_srtp_profile_list_len = list_size; - return( 0 ); + return 0; } -void mbedtls_ssl_get_dtls_srtp_negotiation_result( const mbedtls_ssl_context *ssl, - mbedtls_dtls_srtp_info *dtls_srtp_info ) +void mbedtls_ssl_get_dtls_srtp_negotiation_result(const mbedtls_ssl_context *ssl, + mbedtls_dtls_srtp_info *dtls_srtp_info) { dtls_srtp_info->chosen_dtls_srtp_profile = ssl->dtls_srtp_info.chosen_dtls_srtp_profile; /* do not copy the mki value if there is no chosen profile */ - if( dtls_srtp_info->chosen_dtls_srtp_profile == MBEDTLS_TLS_SRTP_UNSET ) - { + if (dtls_srtp_info->chosen_dtls_srtp_profile == MBEDTLS_TLS_SRTP_UNSET) { dtls_srtp_info->mki_len = 0; - } - else - { + } else { dtls_srtp_info->mki_len = ssl->dtls_srtp_info.mki_len; - memcpy( dtls_srtp_info->mki_value, ssl->dtls_srtp_info.mki_value, - ssl->dtls_srtp_info.mki_len ); + memcpy(dtls_srtp_info->mki_value, ssl->dtls_srtp_info.mki_value, + ssl->dtls_srtp_info.mki_len); } } #endif /* MBEDTLS_SSL_DTLS_SRTP */ -void mbedtls_ssl_conf_max_version( mbedtls_ssl_config *conf, int major, int minor ) +void mbedtls_ssl_conf_max_version(mbedtls_ssl_config *conf, int major, int minor) { conf->max_major_ver = major; conf->max_minor_ver = minor; } -void mbedtls_ssl_conf_min_version( mbedtls_ssl_config *conf, int major, int minor ) +void mbedtls_ssl_conf_min_version(mbedtls_ssl_config *conf, int major, int minor) { conf->min_major_ver = major; conf->min_minor_ver = minor; } #if defined(MBEDTLS_SSL_FALLBACK_SCSV) && defined(MBEDTLS_SSL_CLI_C) -void mbedtls_ssl_conf_fallback( mbedtls_ssl_config *conf, char fallback ) +void mbedtls_ssl_conf_fallback(mbedtls_ssl_config *conf, char fallback) { conf->fallback = fallback; } #endif #if defined(MBEDTLS_SSL_SRV_C) -void mbedtls_ssl_conf_cert_req_ca_list( mbedtls_ssl_config *conf, - char cert_req_ca_list ) +void mbedtls_ssl_conf_cert_req_ca_list(mbedtls_ssl_config *conf, + char cert_req_ca_list) { conf->cert_req_ca_list = cert_req_ca_list; } #endif #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) -void mbedtls_ssl_conf_encrypt_then_mac( mbedtls_ssl_config *conf, char etm ) +void mbedtls_ssl_conf_encrypt_then_mac(mbedtls_ssl_config *conf, char etm) { conf->encrypt_then_mac = etm; } #endif #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) -void mbedtls_ssl_conf_extended_master_secret( mbedtls_ssl_config *conf, char ems ) +void mbedtls_ssl_conf_extended_master_secret(mbedtls_ssl_config *conf, char ems) { conf->extended_ms = ems; } #endif #if defined(MBEDTLS_ARC4_C) -void mbedtls_ssl_conf_arc4_support( mbedtls_ssl_config *conf, char arc4 ) +void mbedtls_ssl_conf_arc4_support(mbedtls_ssl_config *conf, char arc4) { conf->arc4_disabled = arc4; } #endif #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) -int mbedtls_ssl_conf_max_frag_len( mbedtls_ssl_config *conf, unsigned char mfl_code ) +int mbedtls_ssl_conf_max_frag_len(mbedtls_ssl_config *conf, unsigned char mfl_code) { - if( mfl_code >= MBEDTLS_SSL_MAX_FRAG_LEN_INVALID || - ssl_mfl_code_to_length( mfl_code ) > MBEDTLS_TLS_EXT_ADV_CONTENT_LEN ) - { - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + if (mfl_code >= MBEDTLS_SSL_MAX_FRAG_LEN_INVALID || + ssl_mfl_code_to_length(mfl_code) > MBEDTLS_TLS_EXT_ADV_CONTENT_LEN) { + return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; } conf->mfl_code = mfl_code; - return( 0 ); + return 0; } #endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */ #if defined(MBEDTLS_SSL_TRUNCATED_HMAC) -void mbedtls_ssl_conf_truncated_hmac( mbedtls_ssl_config *conf, int truncate ) +void mbedtls_ssl_conf_truncated_hmac(mbedtls_ssl_config *conf, int truncate) { conf->trunc_hmac = truncate; } #endif /* MBEDTLS_SSL_TRUNCATED_HMAC */ #if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING) -void mbedtls_ssl_conf_cbc_record_splitting( mbedtls_ssl_config *conf, char split ) +void mbedtls_ssl_conf_cbc_record_splitting(mbedtls_ssl_config *conf, char split) { conf->cbc_record_splitting = split; } #endif -void mbedtls_ssl_conf_legacy_renegotiation( mbedtls_ssl_config *conf, int allow_legacy ) +void mbedtls_ssl_conf_legacy_renegotiation(mbedtls_ssl_config *conf, int allow_legacy) { conf->allow_legacy_renegotiation = allow_legacy; } #if defined(MBEDTLS_SSL_RENEGOTIATION) -void mbedtls_ssl_conf_renegotiation( mbedtls_ssl_config *conf, int renegotiation ) +void mbedtls_ssl_conf_renegotiation(mbedtls_ssl_config *conf, int renegotiation) { conf->disable_renegotiation = renegotiation; } -void mbedtls_ssl_conf_renegotiation_enforced( mbedtls_ssl_config *conf, int max_records ) +void mbedtls_ssl_conf_renegotiation_enforced(mbedtls_ssl_config *conf, int max_records) { conf->renego_max_records = max_records; } -void mbedtls_ssl_conf_renegotiation_period( mbedtls_ssl_config *conf, - const unsigned char period[8] ) +void mbedtls_ssl_conf_renegotiation_period(mbedtls_ssl_config *conf, + const unsigned char period[8]) { - memcpy( conf->renego_period, period, 8 ); + memcpy(conf->renego_period, period, 8); } #endif /* MBEDTLS_SSL_RENEGOTIATION */ #if defined(MBEDTLS_SSL_SESSION_TICKETS) #if defined(MBEDTLS_SSL_CLI_C) -void mbedtls_ssl_conf_session_tickets( mbedtls_ssl_config *conf, int use_tickets ) +void mbedtls_ssl_conf_session_tickets(mbedtls_ssl_config *conf, int use_tickets) { conf->session_tickets = use_tickets; } #endif #if defined(MBEDTLS_SSL_SRV_C) -void mbedtls_ssl_conf_session_tickets_cb( mbedtls_ssl_config *conf, - mbedtls_ssl_ticket_write_t *f_ticket_write, - mbedtls_ssl_ticket_parse_t *f_ticket_parse, - void *p_ticket ) +void mbedtls_ssl_conf_session_tickets_cb(mbedtls_ssl_config *conf, + mbedtls_ssl_ticket_write_t *f_ticket_write, + mbedtls_ssl_ticket_parse_t *f_ticket_parse, + void *p_ticket) { conf->f_ticket_write = f_ticket_write; conf->f_ticket_parse = f_ticket_parse; @@ -5028,17 +4908,17 @@ void mbedtls_ssl_conf_session_tickets_cb( mbedtls_ssl_config *conf, #endif /* MBEDTLS_SSL_SESSION_TICKETS */ #if defined(MBEDTLS_SSL_EXPORT_KEYS) -void mbedtls_ssl_conf_export_keys_cb( mbedtls_ssl_config *conf, - mbedtls_ssl_export_keys_t *f_export_keys, - void *p_export_keys ) +void mbedtls_ssl_conf_export_keys_cb(mbedtls_ssl_config *conf, + mbedtls_ssl_export_keys_t *f_export_keys, + void *p_export_keys) { conf->f_export_keys = f_export_keys; conf->p_export_keys = p_export_keys; } -void mbedtls_ssl_conf_export_keys_ext_cb( mbedtls_ssl_config *conf, - mbedtls_ssl_export_keys_ext_t *f_export_keys_ext, - void *p_export_keys ) +void mbedtls_ssl_conf_export_keys_ext_cb(mbedtls_ssl_config *conf, + mbedtls_ssl_export_keys_ext_t *f_export_keys_ext, + void *p_export_keys) { conf->f_export_keys_ext = f_export_keys_ext; conf->p_export_keys = p_export_keys; @@ -5052,7 +4932,7 @@ void mbedtls_ssl_conf_async_private_cb( mbedtls_ssl_async_decrypt_t *f_async_decrypt, mbedtls_ssl_async_resume_t *f_async_resume, mbedtls_ssl_async_cancel_t *f_async_cancel, - void *async_config_data ) + void *async_config_data) { conf->f_async_sign_start = f_async_sign; conf->f_async_decrypt_start = f_async_decrypt; @@ -5061,178 +4941,176 @@ void mbedtls_ssl_conf_async_private_cb( conf->p_async_config_data = async_config_data; } -void *mbedtls_ssl_conf_get_async_config_data( const mbedtls_ssl_config *conf ) +void *mbedtls_ssl_conf_get_async_config_data(const mbedtls_ssl_config *conf) { - return( conf->p_async_config_data ); + return conf->p_async_config_data; } -void *mbedtls_ssl_get_async_operation_data( const mbedtls_ssl_context *ssl ) +void *mbedtls_ssl_get_async_operation_data(const mbedtls_ssl_context *ssl) { - if( ssl->handshake == NULL ) - return( NULL ); - else - return( ssl->handshake->user_async_ctx ); + if (ssl->handshake == NULL) { + return NULL; + } else { + return ssl->handshake->user_async_ctx; + } } -void mbedtls_ssl_set_async_operation_data( mbedtls_ssl_context *ssl, - void *ctx ) +void mbedtls_ssl_set_async_operation_data(mbedtls_ssl_context *ssl, + void *ctx) { - if( ssl->handshake != NULL ) + if (ssl->handshake != NULL) { ssl->handshake->user_async_ctx = ctx; + } } #endif /* MBEDTLS_SSL_ASYNC_PRIVATE */ /* * SSL get accessors */ -uint32_t mbedtls_ssl_get_verify_result( const mbedtls_ssl_context *ssl ) +uint32_t mbedtls_ssl_get_verify_result(const mbedtls_ssl_context *ssl) { - if( ssl->session != NULL ) - return( ssl->session->verify_result ); + if (ssl->session != NULL) { + return ssl->session->verify_result; + } - if( ssl->session_negotiate != NULL ) - return( ssl->session_negotiate->verify_result ); + if (ssl->session_negotiate != NULL) { + return ssl->session_negotiate->verify_result; + } - return( 0xFFFFFFFF ); + return 0xFFFFFFFF; } -const char *mbedtls_ssl_get_ciphersuite( const mbedtls_ssl_context *ssl ) +const char *mbedtls_ssl_get_ciphersuite(const mbedtls_ssl_context *ssl) { - if( ssl == NULL || ssl->session == NULL ) - return( NULL ); + if (ssl == NULL || ssl->session == NULL) { + return NULL; + } - return mbedtls_ssl_get_ciphersuite_name( ssl->session->ciphersuite ); + return mbedtls_ssl_get_ciphersuite_name(ssl->session->ciphersuite); } -const char *mbedtls_ssl_get_version( const mbedtls_ssl_context *ssl ) +const char *mbedtls_ssl_get_version(const mbedtls_ssl_context *ssl) { #if defined(MBEDTLS_SSL_PROTO_DTLS) - if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) - { - switch( ssl->minor_ver ) - { + if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { + switch (ssl->minor_ver) { case MBEDTLS_SSL_MINOR_VERSION_2: - return( "DTLSv1.0" ); + return "DTLSv1.0"; case MBEDTLS_SSL_MINOR_VERSION_3: - return( "DTLSv1.2" ); + return "DTLSv1.2"; default: - return( "unknown (DTLS)" ); + return "unknown (DTLS)"; } } #endif - switch( ssl->minor_ver ) - { + switch (ssl->minor_ver) { case MBEDTLS_SSL_MINOR_VERSION_0: - return( "SSLv3.0" ); + return "SSLv3.0"; case MBEDTLS_SSL_MINOR_VERSION_1: - return( "TLSv1.0" ); + return "TLSv1.0"; case MBEDTLS_SSL_MINOR_VERSION_2: - return( "TLSv1.1" ); + return "TLSv1.1"; case MBEDTLS_SSL_MINOR_VERSION_3: - return( "TLSv1.2" ); + return "TLSv1.2"; default: - return( "unknown" ); + return "unknown"; } } #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) -size_t mbedtls_ssl_get_input_max_frag_len( const mbedtls_ssl_context *ssl ) +size_t mbedtls_ssl_get_input_max_frag_len(const mbedtls_ssl_context *ssl) { size_t max_len = MBEDTLS_SSL_MAX_CONTENT_LEN; size_t read_mfl; /* Use the configured MFL for the client if we're past SERVER_HELLO_DONE */ - if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT && - ssl->state >= MBEDTLS_SSL_SERVER_HELLO_DONE ) - { - return ssl_mfl_code_to_length( ssl->conf->mfl_code ); + if (ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT && + ssl->state >= MBEDTLS_SSL_SERVER_HELLO_DONE) { + return ssl_mfl_code_to_length(ssl->conf->mfl_code); } /* Check if a smaller max length was negotiated */ - if( ssl->session_out != NULL ) - { - read_mfl = ssl_mfl_code_to_length( ssl->session_out->mfl_code ); - if( read_mfl < max_len ) - { + if (ssl->session_out != NULL) { + read_mfl = ssl_mfl_code_to_length(ssl->session_out->mfl_code); + if (read_mfl < max_len) { max_len = read_mfl; } } // During a handshake, use the value being negotiated - if( ssl->session_negotiate != NULL ) - { - read_mfl = ssl_mfl_code_to_length( ssl->session_negotiate->mfl_code ); - if( read_mfl < max_len ) - { + if (ssl->session_negotiate != NULL) { + read_mfl = ssl_mfl_code_to_length(ssl->session_negotiate->mfl_code); + if (read_mfl < max_len) { max_len = read_mfl; } } - return( max_len ); + return max_len; } -size_t mbedtls_ssl_get_output_max_frag_len( const mbedtls_ssl_context *ssl ) +size_t mbedtls_ssl_get_output_max_frag_len(const mbedtls_ssl_context *ssl) { size_t max_len; /* * Assume mfl_code is correct since it was checked when set */ - max_len = ssl_mfl_code_to_length( ssl->conf->mfl_code ); + max_len = ssl_mfl_code_to_length(ssl->conf->mfl_code); /* Check if a smaller max length was negotiated */ - if( ssl->session_out != NULL && - ssl_mfl_code_to_length( ssl->session_out->mfl_code ) < max_len ) - { - max_len = ssl_mfl_code_to_length( ssl->session_out->mfl_code ); + if (ssl->session_out != NULL && + ssl_mfl_code_to_length(ssl->session_out->mfl_code) < max_len) { + max_len = ssl_mfl_code_to_length(ssl->session_out->mfl_code); } /* During a handshake, use the value being negotiated */ - if( ssl->session_negotiate != NULL && - ssl_mfl_code_to_length( ssl->session_negotiate->mfl_code ) < max_len ) - { - max_len = ssl_mfl_code_to_length( ssl->session_negotiate->mfl_code ); + if (ssl->session_negotiate != NULL && + ssl_mfl_code_to_length(ssl->session_negotiate->mfl_code) < max_len) { + max_len = ssl_mfl_code_to_length(ssl->session_negotiate->mfl_code); } - return( max_len ); + return max_len; } #if !defined(MBEDTLS_DEPRECATED_REMOVED) -size_t mbedtls_ssl_get_max_frag_len( const mbedtls_ssl_context *ssl ) +size_t mbedtls_ssl_get_max_frag_len(const mbedtls_ssl_context *ssl) { - return mbedtls_ssl_get_output_max_frag_len( ssl ); + return mbedtls_ssl_get_output_max_frag_len(ssl); } #endif /* !MBEDTLS_DEPRECATED_REMOVED */ #endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */ #if defined(MBEDTLS_SSL_PROTO_DTLS) -size_t mbedtls_ssl_get_current_mtu( const mbedtls_ssl_context *ssl ) +size_t mbedtls_ssl_get_current_mtu(const mbedtls_ssl_context *ssl) { /* Return unlimited mtu for client hello messages to avoid fragmentation. */ - if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT && - ( ssl->state == MBEDTLS_SSL_CLIENT_HELLO || - ssl->state == MBEDTLS_SSL_SERVER_HELLO ) ) - return ( 0 ); + if (ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT && + (ssl->state == MBEDTLS_SSL_CLIENT_HELLO || + ssl->state == MBEDTLS_SSL_SERVER_HELLO)) { + return 0; + } - if( ssl->handshake == NULL || ssl->handshake->mtu == 0 ) - return( ssl->mtu ); + if (ssl->handshake == NULL || ssl->handshake->mtu == 0) { + return ssl->mtu; + } - if( ssl->mtu == 0 ) - return( ssl->handshake->mtu ); + if (ssl->mtu == 0) { + return ssl->handshake->mtu; + } - return( ssl->mtu < ssl->handshake->mtu ? - ssl->mtu : ssl->handshake->mtu ); + return ssl->mtu < ssl->handshake->mtu ? + ssl->mtu : ssl->handshake->mtu; } #endif /* MBEDTLS_SSL_PROTO_DTLS */ -int mbedtls_ssl_get_max_out_record_payload( const mbedtls_ssl_context *ssl ) +int mbedtls_ssl_get_max_out_record_payload(const mbedtls_ssl_context *ssl) { size_t max_len = MBEDTLS_SSL_OUT_CONTENT_LEN; @@ -5242,30 +5120,31 @@ int mbedtls_ssl_get_max_out_record_payload( const mbedtls_ssl_context *ssl ) #endif #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) - const size_t mfl = mbedtls_ssl_get_output_max_frag_len( ssl ); + const size_t mfl = mbedtls_ssl_get_output_max_frag_len(ssl); - if( max_len > mfl ) + if (max_len > mfl) { max_len = mfl; + } #endif #if defined(MBEDTLS_SSL_PROTO_DTLS) - if( mbedtls_ssl_get_current_mtu( ssl ) != 0 ) - { - const size_t mtu = mbedtls_ssl_get_current_mtu( ssl ); - const int ret = mbedtls_ssl_get_record_expansion( ssl ); + if (mbedtls_ssl_get_current_mtu(ssl) != 0) { + const size_t mtu = mbedtls_ssl_get_current_mtu(ssl); + const int ret = mbedtls_ssl_get_record_expansion(ssl); const size_t overhead = (size_t) ret; - if( ret < 0 ) - return( ret ); + if (ret < 0) { + return ret; + } - if( mtu <= overhead ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "MTU too low for record expansion" ) ); - return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE ); + if (mtu <= overhead) { + MBEDTLS_SSL_DEBUG_MSG(1, ("MTU too low for record expansion")); + return MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; } - if( max_len > mtu - overhead ) + if (max_len > mtu - overhead) { max_len = mtu - overhead; + } } #endif /* MBEDTLS_SSL_PROTO_DTLS */ @@ -5274,45 +5153,46 @@ int mbedtls_ssl_get_max_out_record_payload( const mbedtls_ssl_context *ssl ) ((void) ssl); #endif - return( (int) max_len ); + return (int) max_len; } #if defined(MBEDTLS_X509_CRT_PARSE_C) -const mbedtls_x509_crt *mbedtls_ssl_get_peer_cert( const mbedtls_ssl_context *ssl ) +const mbedtls_x509_crt *mbedtls_ssl_get_peer_cert(const mbedtls_ssl_context *ssl) { - if( ssl == NULL || ssl->session == NULL ) - return( NULL ); + if (ssl == NULL || ssl->session == NULL) { + return NULL; + } #if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) - return( ssl->session->peer_cert ); + return ssl->session->peer_cert; #else - return( NULL ); + return NULL; #endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ } #endif /* MBEDTLS_X509_CRT_PARSE_C */ #if defined(MBEDTLS_SSL_CLI_C) -int mbedtls_ssl_get_session( const mbedtls_ssl_context *ssl, - mbedtls_ssl_session *dst ) +int mbedtls_ssl_get_session(const mbedtls_ssl_context *ssl, + mbedtls_ssl_session *dst) { - if( ssl == NULL || + if (ssl == NULL || dst == NULL || ssl->session == NULL || - ssl->conf->endpoint != MBEDTLS_SSL_IS_CLIENT ) - { - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + ssl->conf->endpoint != MBEDTLS_SSL_IS_CLIENT) { + return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; } - return( mbedtls_ssl_session_copy( dst, ssl->session ) ); + return mbedtls_ssl_session_copy(dst, ssl->session); } #endif /* MBEDTLS_SSL_CLI_C */ -const mbedtls_ssl_session *mbedtls_ssl_get_session_pointer( const mbedtls_ssl_context *ssl ) +const mbedtls_ssl_session *mbedtls_ssl_get_session_pointer(const mbedtls_ssl_context *ssl) { - if( ssl == NULL ) - return( NULL ); + if (ssl == NULL) { + return NULL; + } - return( ssl->session ); + return ssl->session; } /* @@ -5376,21 +5256,23 @@ const mbedtls_ssl_session *mbedtls_ssl_get_session_pointer( const mbedtls_ssl_co #define SSL_SERIALIZED_SESSION_CONFIG_TICKET_BIT 6 #define SSL_SERIALIZED_SESSION_CONFIG_BITFLAG \ - ( (uint16_t) ( \ - ( SSL_SERIALIZED_SESSION_CONFIG_TIME << SSL_SERIALIZED_SESSION_CONFIG_TIME_BIT ) | \ - ( SSL_SERIALIZED_SESSION_CONFIG_CRT << SSL_SERIALIZED_SESSION_CONFIG_CRT_BIT ) | \ - ( SSL_SERIALIZED_SESSION_CONFIG_CLIENT_TICKET << SSL_SERIALIZED_SESSION_CONFIG_CLIENT_TICKET_BIT ) | \ - ( SSL_SERIALIZED_SESSION_CONFIG_MFL << SSL_SERIALIZED_SESSION_CONFIG_MFL_BIT ) | \ - ( SSL_SERIALIZED_SESSION_CONFIG_TRUNC_HMAC << SSL_SERIALIZED_SESSION_CONFIG_TRUNC_HMAC_BIT ) | \ - ( SSL_SERIALIZED_SESSION_CONFIG_ETM << SSL_SERIALIZED_SESSION_CONFIG_ETM_BIT ) | \ - ( SSL_SERIALIZED_SESSION_CONFIG_TICKET << SSL_SERIALIZED_SESSION_CONFIG_TICKET_BIT ) ) ) + ((uint16_t) ( \ + (SSL_SERIALIZED_SESSION_CONFIG_TIME << SSL_SERIALIZED_SESSION_CONFIG_TIME_BIT) | \ + (SSL_SERIALIZED_SESSION_CONFIG_CRT << SSL_SERIALIZED_SESSION_CONFIG_CRT_BIT) | \ + (SSL_SERIALIZED_SESSION_CONFIG_CLIENT_TICKET << \ + SSL_SERIALIZED_SESSION_CONFIG_CLIENT_TICKET_BIT) | \ + (SSL_SERIALIZED_SESSION_CONFIG_MFL << SSL_SERIALIZED_SESSION_CONFIG_MFL_BIT) | \ + (SSL_SERIALIZED_SESSION_CONFIG_TRUNC_HMAC << \ + SSL_SERIALIZED_SESSION_CONFIG_TRUNC_HMAC_BIT) | \ + (SSL_SERIALIZED_SESSION_CONFIG_ETM << SSL_SERIALIZED_SESSION_CONFIG_ETM_BIT) | \ + (SSL_SERIALIZED_SESSION_CONFIG_TICKET << SSL_SERIALIZED_SESSION_CONFIG_TICKET_BIT))) static unsigned char ssl_serialized_session_header[] = { MBEDTLS_VERSION_MAJOR, MBEDTLS_VERSION_MINOR, MBEDTLS_VERSION_PATCH, - MBEDTLS_BYTE_1( SSL_SERIALIZED_SESSION_CONFIG_BITFLAG ), - MBEDTLS_BYTE_0( SSL_SERIALIZED_SESSION_CONFIG_BITFLAG ), + MBEDTLS_BYTE_1(SSL_SERIALIZED_SESSION_CONFIG_BITFLAG), + MBEDTLS_BYTE_0(SSL_SERIALIZED_SESSION_CONFIG_BITFLAG), }; /* @@ -5428,11 +5310,11 @@ static unsigned char ssl_serialized_session_header[] = { * together in one block. */ MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_session_save( const mbedtls_ssl_session *session, - unsigned char omit_header, - unsigned char *buf, - size_t buf_len, - size_t *olen ) +static int ssl_session_save(const mbedtls_ssl_session *session, + unsigned char omit_header, + unsigned char *buf, + size_t buf_len, + size_t *olen) { unsigned char *p = buf; size_t used = 0; @@ -5446,19 +5328,17 @@ static int ssl_session_save( const mbedtls_ssl_session *session, #endif /* MBEDTLS_X509_CRT_PARSE_C */ - if( !omit_header ) - { + if (!omit_header) { /* * Add version identifier */ - used += sizeof( ssl_serialized_session_header ); + used += sizeof(ssl_serialized_session_header); - if( used <= buf_len ) - { - memcpy( p, ssl_serialized_session_header, - sizeof( ssl_serialized_session_header ) ); - p += sizeof( ssl_serialized_session_header ); + if (used <= buf_len) { + memcpy(p, ssl_serialized_session_header, + sizeof(ssl_serialized_session_header)); + p += sizeof(ssl_serialized_session_header); } } @@ -5468,11 +5348,10 @@ static int ssl_session_save( const mbedtls_ssl_session *session, #if defined(MBEDTLS_HAVE_TIME) used += 8; - if( used <= buf_len ) - { + if (used <= buf_len) { start = (uint64_t) session->start; - MBEDTLS_PUT_UINT64_BE( start, p, 0 ); + MBEDTLS_PUT_UINT64_BE(start, p, 0); p += 8; } #endif /* MBEDTLS_HAVE_TIME */ @@ -5481,27 +5360,26 @@ static int ssl_session_save( const mbedtls_ssl_session *session, * Basic mandatory fields */ used += 2 /* ciphersuite */ - + 1 /* compression */ - + 1 /* id_len */ - + sizeof( session->id ) - + sizeof( session->master ) - + 4; /* verify_result */ - - if( used <= buf_len ) - { - MBEDTLS_PUT_UINT16_BE( session->ciphersuite, p, 0 ); + + 1 /* compression */ + + 1 /* id_len */ + + sizeof(session->id) + + sizeof(session->master) + + 4; /* verify_result */ + + if (used <= buf_len) { + MBEDTLS_PUT_UINT16_BE(session->ciphersuite, p, 0); p += 2; - *p++ = MBEDTLS_BYTE_0( session->compression ); + *p++ = MBEDTLS_BYTE_0(session->compression); - *p++ = MBEDTLS_BYTE_0( session->id_len ); - memcpy( p, session->id, 32 ); + *p++ = MBEDTLS_BYTE_0(session->id_len); + memcpy(p, session->id, 32); p += 32; - memcpy( p, session->master, 48 ); + memcpy(p, session->master, 48); p += 48; - MBEDTLS_PUT_UINT32_BE( session->verify_result, p, 0 ); + MBEDTLS_PUT_UINT32_BE(session->verify_result, p, 0); p += 4; } @@ -5510,43 +5388,37 @@ static int ssl_session_save( const mbedtls_ssl_session *session, */ #if defined(MBEDTLS_X509_CRT_PARSE_C) #if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) - if( session->peer_cert == NULL ) + if (session->peer_cert == NULL) { cert_len = 0; - else + } else { cert_len = session->peer_cert->raw.len; + } used += 3 + cert_len; - if( used <= buf_len ) - { - *p++ = MBEDTLS_BYTE_2( cert_len ); - *p++ = MBEDTLS_BYTE_1( cert_len ); - *p++ = MBEDTLS_BYTE_0( cert_len ); + if (used <= buf_len) { + *p++ = MBEDTLS_BYTE_2(cert_len); + *p++ = MBEDTLS_BYTE_1(cert_len); + *p++ = MBEDTLS_BYTE_0(cert_len); - if( session->peer_cert != NULL ) - { - memcpy( p, session->peer_cert->raw.p, cert_len ); + if (session->peer_cert != NULL) { + memcpy(p, session->peer_cert->raw.p, cert_len); p += cert_len; } } #else /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ - if( session->peer_cert_digest != NULL ) - { + if (session->peer_cert_digest != NULL) { used += 1 /* type */ + 1 /* length */ + session->peer_cert_digest_len; - if( used <= buf_len ) - { + if (used <= buf_len) { *p++ = (unsigned char) session->peer_cert_digest_type; *p++ = (unsigned char) session->peer_cert_digest_len; - memcpy( p, session->peer_cert_digest, - session->peer_cert_digest_len ); + memcpy(p, session->peer_cert_digest, + session->peer_cert_digest_len); p += session->peer_cert_digest_len; } - } - else - { + } else { used += 2; - if( used <= buf_len ) - { + if (used <= buf_len) { *p++ = (unsigned char) MBEDTLS_MD_NONE; *p++ = 0; } @@ -5560,19 +5432,17 @@ static int ssl_session_save( const mbedtls_ssl_session *session, #if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C) used += 3 + session->ticket_len + 4; /* len + ticket + lifetime */ - if( used <= buf_len ) - { - *p++ = MBEDTLS_BYTE_2( session->ticket_len ); - *p++ = MBEDTLS_BYTE_1( session->ticket_len ); - *p++ = MBEDTLS_BYTE_0( session->ticket_len ); + if (used <= buf_len) { + *p++ = MBEDTLS_BYTE_2(session->ticket_len); + *p++ = MBEDTLS_BYTE_1(session->ticket_len); + *p++ = MBEDTLS_BYTE_0(session->ticket_len); - if( session->ticket != NULL ) - { - memcpy( p, session->ticket, session->ticket_len ); + if (session->ticket != NULL) { + memcpy(p, session->ticket, session->ticket_len); p += session->ticket_len; } - MBEDTLS_PUT_UINT32_BE( session->ticket_lifetime, p, 0 ); + MBEDTLS_PUT_UINT32_BE(session->ticket_lifetime, p, 0); p += 4; } #endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_CLI_C */ @@ -5583,42 +5453,46 @@ static int ssl_session_save( const mbedtls_ssl_session *session, #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) used += 1; - if( used <= buf_len ) + if (used <= buf_len) { *p++ = session->mfl_code; + } #endif #if defined(MBEDTLS_SSL_TRUNCATED_HMAC) used += 1; - if( used <= buf_len ) - *p++ = (unsigned char)( ( session->trunc_hmac ) & 0xFF ); + if (used <= buf_len) { + *p++ = (unsigned char) ((session->trunc_hmac) & 0xFF); + } #endif #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) used += 1; - if( used <= buf_len ) - *p++ = MBEDTLS_BYTE_0( session->encrypt_then_mac ); + if (used <= buf_len) { + *p++ = MBEDTLS_BYTE_0(session->encrypt_then_mac); + } #endif /* Done */ *olen = used; - if( used > buf_len ) - return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL ); + if (used > buf_len) { + return MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL; + } - return( 0 ); + return 0; } /* * Public wrapper for ssl_session_save() */ -int mbedtls_ssl_session_save( const mbedtls_ssl_session *session, - unsigned char *buf, - size_t buf_len, - size_t *olen ) +int mbedtls_ssl_session_save(const mbedtls_ssl_session *session, + unsigned char *buf, + size_t buf_len, + size_t *olen) { - return( ssl_session_save( session, 0, buf, buf_len, olen ) ); + return ssl_session_save(session, 0, buf, buf_len, olen); } /* @@ -5628,10 +5502,10 @@ int mbedtls_ssl_session_save( const mbedtls_ssl_session *session, * case of error, and has an extra option omit_header. */ MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_session_load( mbedtls_ssl_session *session, - unsigned char omit_header, - const unsigned char *buf, - size_t len ) +static int ssl_session_load(mbedtls_ssl_session *session, + unsigned char omit_header, + const unsigned char *buf, + size_t len) { const unsigned char *p = buf; const unsigned char * const end = buf + len; @@ -5644,38 +5518,38 @@ static int ssl_session_load( mbedtls_ssl_session *session, #endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ #endif /* MBEDTLS_X509_CRT_PARSE_C */ - if( !omit_header ) - { + if (!omit_header) { /* * Check version identifier */ - if( (size_t)( end - p ) < sizeof( ssl_serialized_session_header ) ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + if ((size_t) (end - p) < sizeof(ssl_serialized_session_header)) { + return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; + } - if( memcmp( p, ssl_serialized_session_header, - sizeof( ssl_serialized_session_header ) ) != 0 ) - { - return( MBEDTLS_ERR_SSL_VERSION_MISMATCH ); + if (memcmp(p, ssl_serialized_session_header, + sizeof(ssl_serialized_session_header)) != 0) { + return MBEDTLS_ERR_SSL_VERSION_MISMATCH; } - p += sizeof( ssl_serialized_session_header ); + p += sizeof(ssl_serialized_session_header); } /* * Time */ #if defined(MBEDTLS_HAVE_TIME) - if( 8 > (size_t)( end - p ) ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); - - start = ( (uint64_t) p[0] << 56 ) | - ( (uint64_t) p[1] << 48 ) | - ( (uint64_t) p[2] << 40 ) | - ( (uint64_t) p[3] << 32 ) | - ( (uint64_t) p[4] << 24 ) | - ( (uint64_t) p[5] << 16 ) | - ( (uint64_t) p[6] << 8 ) | - ( (uint64_t) p[7] ); + if (8 > (size_t) (end - p)) { + return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; + } + + start = ((uint64_t) p[0] << 56) | + ((uint64_t) p[1] << 48) | + ((uint64_t) p[2] << 40) | + ((uint64_t) p[3] << 32) | + ((uint64_t) p[4] << 24) | + ((uint64_t) p[5] << 16) | + ((uint64_t) p[6] << 8) | + ((uint64_t) p[7]); p += 8; session->start = (time_t) start; @@ -5684,25 +5558,26 @@ static int ssl_session_load( mbedtls_ssl_session *session, /* * Basic mandatory fields */ - if( 2 + 1 + 1 + 32 + 48 + 4 > (size_t)( end - p ) ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + if (2 + 1 + 1 + 32 + 48 + 4 > (size_t) (end - p)) { + return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; + } - session->ciphersuite = ( p[0] << 8 ) | p[1]; + session->ciphersuite = (p[0] << 8) | p[1]; p += 2; session->compression = *p++; session->id_len = *p++; - memcpy( session->id, p, 32 ); + memcpy(session->id, p, 32); p += 32; - memcpy( session->master, p, 48 ); + memcpy(session->master, p, 48); p += 48; - session->verify_result = ( (uint32_t) p[0] << 24 ) | - ( (uint32_t) p[1] << 16 ) | - ( (uint32_t) p[2] << 8 ) | - ( (uint32_t) p[3] ); + session->verify_result = ((uint32_t) p[0] << 24) | + ((uint32_t) p[1] << 16) | + ((uint32_t) p[2] << 8) | + ((uint32_t) p[3]); p += 4; /* Immediately clear invalid pointer values that have been read, in case @@ -5724,64 +5599,69 @@ static int ssl_session_load( mbedtls_ssl_session *session, #if defined(MBEDTLS_X509_CRT_PARSE_C) #if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) /* Deserialize CRT from the end of the ticket. */ - if( 3 > (size_t)( end - p ) ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + if (3 > (size_t) (end - p)) { + return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; + } - cert_len = ( p[0] << 16 ) | ( p[1] << 8 ) | p[2]; + cert_len = (p[0] << 16) | (p[1] << 8) | p[2]; p += 3; - if( cert_len != 0 ) - { + if (cert_len != 0) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - if( cert_len > (size_t)( end - p ) ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + if (cert_len > (size_t) (end - p)) { + return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; + } - session->peer_cert = mbedtls_calloc( 1, sizeof( mbedtls_x509_crt ) ); + session->peer_cert = mbedtls_calloc(1, sizeof(mbedtls_x509_crt)); - if( session->peer_cert == NULL ) - return( MBEDTLS_ERR_SSL_ALLOC_FAILED ); + if (session->peer_cert == NULL) { + return MBEDTLS_ERR_SSL_ALLOC_FAILED; + } - mbedtls_x509_crt_init( session->peer_cert ); + mbedtls_x509_crt_init(session->peer_cert); - if( ( ret = mbedtls_x509_crt_parse_der( session->peer_cert, - p, cert_len ) ) != 0 ) - { - mbedtls_x509_crt_free( session->peer_cert ); - mbedtls_free( session->peer_cert ); + if ((ret = mbedtls_x509_crt_parse_der(session->peer_cert, + p, cert_len)) != 0) { + mbedtls_x509_crt_free(session->peer_cert); + mbedtls_free(session->peer_cert); session->peer_cert = NULL; - return( ret ); + return ret; } p += cert_len; } #else /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ /* Deserialize CRT digest from the end of the ticket. */ - if( 2 > (size_t)( end - p ) ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + if (2 > (size_t) (end - p)) { + return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; + } session->peer_cert_digest_type = (mbedtls_md_type_t) *p++; session->peer_cert_digest_len = (size_t) *p++; - if( session->peer_cert_digest_len != 0 ) - { + if (session->peer_cert_digest_len != 0) { const mbedtls_md_info_t *md_info = - mbedtls_md_info_from_type( session->peer_cert_digest_type ); - if( md_info == NULL ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); - if( session->peer_cert_digest_len != mbedtls_md_get_size( md_info ) ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + mbedtls_md_info_from_type(session->peer_cert_digest_type); + if (md_info == NULL) { + return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; + } + if (session->peer_cert_digest_len != mbedtls_md_get_size(md_info)) { + return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; + } - if( session->peer_cert_digest_len > (size_t)( end - p ) ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + if (session->peer_cert_digest_len > (size_t) (end - p)) { + return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; + } session->peer_cert_digest = - mbedtls_calloc( 1, session->peer_cert_digest_len ); - if( session->peer_cert_digest == NULL ) - return( MBEDTLS_ERR_SSL_ALLOC_FAILED ); + mbedtls_calloc(1, session->peer_cert_digest_len); + if (session->peer_cert_digest == NULL) { + return MBEDTLS_ERR_SSL_ALLOC_FAILED; + } - memcpy( session->peer_cert_digest, p, - session->peer_cert_digest_len ); + memcpy(session->peer_cert_digest, p, + session->peer_cert_digest_len); p += session->peer_cert_digest_len; } #endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ @@ -5791,32 +5671,35 @@ static int ssl_session_load( mbedtls_ssl_session *session, * Session ticket and associated data */ #if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C) - if( 3 > (size_t)( end - p ) ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + if (3 > (size_t) (end - p)) { + return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; + } - session->ticket_len = ( p[0] << 16 ) | ( p[1] << 8 ) | p[2]; + session->ticket_len = (p[0] << 16) | (p[1] << 8) | p[2]; p += 3; - if( session->ticket_len != 0 ) - { - if( session->ticket_len > (size_t)( end - p ) ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + if (session->ticket_len != 0) { + if (session->ticket_len > (size_t) (end - p)) { + return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; + } - session->ticket = mbedtls_calloc( 1, session->ticket_len ); - if( session->ticket == NULL ) - return( MBEDTLS_ERR_SSL_ALLOC_FAILED ); + session->ticket = mbedtls_calloc(1, session->ticket_len); + if (session->ticket == NULL) { + return MBEDTLS_ERR_SSL_ALLOC_FAILED; + } - memcpy( session->ticket, p, session->ticket_len ); + memcpy(session->ticket, p, session->ticket_len); p += session->ticket_len; } - if( 4 > (size_t)( end - p ) ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + if (4 > (size_t) (end - p)) { + return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; + } - session->ticket_lifetime = ( (uint32_t) p[0] << 24 ) | - ( (uint32_t) p[1] << 16 ) | - ( (uint32_t) p[2] << 8 ) | - ( (uint32_t) p[3] ); + session->ticket_lifetime = ((uint32_t) p[0] << 24) | + ((uint32_t) p[1] << 16) | + ((uint32_t) p[2] << 8) | + ((uint32_t) p[3]); p += 4; #endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_CLI_C */ @@ -5824,106 +5707,114 @@ static int ssl_session_load( mbedtls_ssl_session *session, * Misc extension-related info */ #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) - if( 1 > (size_t)( end - p ) ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + if (1 > (size_t) (end - p)) { + return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; + } session->mfl_code = *p++; #endif #if defined(MBEDTLS_SSL_TRUNCATED_HMAC) - if( 1 > (size_t)( end - p ) ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + if (1 > (size_t) (end - p)) { + return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; + } session->trunc_hmac = *p++; #endif #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) - if( 1 > (size_t)( end - p ) ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + if (1 > (size_t) (end - p)) { + return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; + } session->encrypt_then_mac = *p++; #endif /* Done, should have consumed entire buffer */ - if( p != end ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + if (p != end) { + return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; + } - return( 0 ); + return 0; } /* * Deserialize session: public wrapper for error cleaning */ -int mbedtls_ssl_session_load( mbedtls_ssl_session *session, - const unsigned char *buf, - size_t len ) +int mbedtls_ssl_session_load(mbedtls_ssl_session *session, + const unsigned char *buf, + size_t len) { - int ret = ssl_session_load( session, 0, buf, len ); + int ret = ssl_session_load(session, 0, buf, len); - if( ret != 0 ) - mbedtls_ssl_session_free( session ); + if (ret != 0) { + mbedtls_ssl_session_free(session); + } - return( ret ); + return ret; } /* * Perform a single step of the SSL handshake */ -int mbedtls_ssl_handshake_step( mbedtls_ssl_context *ssl ) +int mbedtls_ssl_handshake_step(mbedtls_ssl_context *ssl) { int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; - if( ssl == NULL || ssl->conf == NULL ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + if (ssl == NULL || ssl->conf == NULL) { + return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; + } #if defined(MBEDTLS_SSL_CLI_C) - if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT ) - ret = mbedtls_ssl_handshake_client_step( ssl ); + if (ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT) { + ret = mbedtls_ssl_handshake_client_step(ssl); + } #endif #if defined(MBEDTLS_SSL_SRV_C) - if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER ) - ret = mbedtls_ssl_handshake_server_step( ssl ); + if (ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER) { + ret = mbedtls_ssl_handshake_server_step(ssl); + } #endif - return( ret ); + return ret; } /* * Perform the SSL handshake */ -int mbedtls_ssl_handshake( mbedtls_ssl_context *ssl ) +int mbedtls_ssl_handshake(mbedtls_ssl_context *ssl) { int ret = 0; /* Sanity checks */ - if( ssl == NULL || ssl->conf == NULL ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + if (ssl == NULL || ssl->conf == NULL) { + return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; + } #if defined(MBEDTLS_SSL_PROTO_DTLS) - if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && - ( ssl->f_set_timer == NULL || ssl->f_get_timer == NULL ) ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "You must use " - "mbedtls_ssl_set_timer_cb() for DTLS" ) ); - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && + (ssl->f_set_timer == NULL || ssl->f_get_timer == NULL)) { + MBEDTLS_SSL_DEBUG_MSG(1, ("You must use " + "mbedtls_ssl_set_timer_cb() for DTLS")); + return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; } #endif /* MBEDTLS_SSL_PROTO_DTLS */ - MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> handshake" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("=> handshake")); /* Main handshake loop */ - while( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER ) - { - ret = mbedtls_ssl_handshake_step( ssl ); + while (ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER) { + ret = mbedtls_ssl_handshake_step(ssl); - if( ret != 0 ) + if (ret != 0) { break; + } } - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= handshake" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("<= handshake")); - return( ret ); + return ret; } #if defined(MBEDTLS_SSL_RENEGOTIATION) @@ -5932,25 +5823,24 @@ int mbedtls_ssl_handshake( mbedtls_ssl_context *ssl ) * Write HelloRequest to request renegotiation on server */ MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_write_hello_request( mbedtls_ssl_context *ssl ) +static int ssl_write_hello_request(mbedtls_ssl_context *ssl) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write hello request" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("=> write hello request")); ssl->out_msglen = 4; ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE; ssl->out_msg[0] = MBEDTLS_SSL_HS_HELLO_REQUEST; - if( ( ret = mbedtls_ssl_write_handshake_msg( ssl ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_handshake_msg", ret ); - return( ret ); + if ((ret = mbedtls_ssl_write_handshake_msg(ssl)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg", ret); + return ret; } - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write hello request" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("<= write hello request")); - return( 0 ); + return 0; } #endif /* MBEDTLS_SSL_SRV_C */ @@ -5963,67 +5853,69 @@ static int ssl_write_hello_request( mbedtls_ssl_context *ssl ) * If the handshake doesn't complete due to waiting for I/O, it will continue * during the next calls to mbedtls_ssl_renegotiate() or mbedtls_ssl_read() respectively. */ -int mbedtls_ssl_start_renegotiation( mbedtls_ssl_context *ssl ) +int mbedtls_ssl_start_renegotiation(mbedtls_ssl_context *ssl) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> renegotiate" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("=> renegotiate")); - if( ( ret = ssl_handshake_init( ssl ) ) != 0 ) - return( ret ); + if ((ret = ssl_handshake_init(ssl)) != 0) { + return ret; + } /* RFC 6347 4.2.2: "[...] the HelloRequest will have message_seq = 0 and * the ServerHello will have message_seq = 1" */ #if defined(MBEDTLS_SSL_PROTO_DTLS) - if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && - ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_PENDING ) - { - if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER ) + if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && + ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_PENDING) { + if (ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER) { ssl->handshake->out_msg_seq = 1; - else + } else { ssl->handshake->in_msg_seq = 1; + } } #endif ssl->state = MBEDTLS_SSL_HELLO_REQUEST; ssl->renego_status = MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS; - if( ( ret = mbedtls_ssl_handshake( ssl ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_handshake", ret ); - return( ret ); + if ((ret = mbedtls_ssl_handshake(ssl)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_handshake", ret); + return ret; } - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= renegotiate" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("<= renegotiate")); - return( 0 ); + return 0; } /* * Renegotiate current connection on client, * or request renegotiation on server */ -int mbedtls_ssl_renegotiate( mbedtls_ssl_context *ssl ) +int mbedtls_ssl_renegotiate(mbedtls_ssl_context *ssl) { int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; - if( ssl == NULL || ssl->conf == NULL ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + if (ssl == NULL || ssl->conf == NULL) { + return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; + } #if defined(MBEDTLS_SSL_SRV_C) /* On server, just send the request */ - if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER ) - { - if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + if (ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER) { + if (ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER) { + return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; + } ssl->renego_status = MBEDTLS_SSL_RENEGOTIATION_PENDING; /* Did we already try/start sending HelloRequest? */ - if( ssl->out_left != 0 ) - return( mbedtls_ssl_flush_output( ssl ) ); + if (ssl->out_left != 0) { + return mbedtls_ssl_flush_output(ssl); + } - return( ssl_write_hello_request( ssl ) ); + return ssl_write_hello_request(ssl); } #endif /* MBEDTLS_SSL_SRV_C */ @@ -6032,92 +5924,87 @@ int mbedtls_ssl_renegotiate( mbedtls_ssl_context *ssl ) * On client, either start the renegotiation process or, * if already in progress, continue the handshake */ - if( ssl->renego_status != MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS ) - { - if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + if (ssl->renego_status != MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS) { + if (ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER) { + return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; + } - if( ( ret = mbedtls_ssl_start_renegotiation( ssl ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_start_renegotiation", ret ); - return( ret ); + if ((ret = mbedtls_ssl_start_renegotiation(ssl)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_start_renegotiation", ret); + return ret; } - } - else - { - if( ( ret = mbedtls_ssl_handshake( ssl ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_handshake", ret ); - return( ret ); + } else { + if ((ret = mbedtls_ssl_handshake(ssl)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_handshake", ret); + return ret; } } #endif /* MBEDTLS_SSL_CLI_C */ - return( ret ); + return ret; } #endif /* MBEDTLS_SSL_RENEGOTIATION */ #if defined(MBEDTLS_X509_CRT_PARSE_C) -static void ssl_key_cert_free( mbedtls_ssl_key_cert *key_cert ) +static void ssl_key_cert_free(mbedtls_ssl_key_cert *key_cert) { mbedtls_ssl_key_cert *cur = key_cert, *next; - while( cur != NULL ) - { + while (cur != NULL) { next = cur->next; - mbedtls_free( cur ); + mbedtls_free(cur); cur = next; } } #endif /* MBEDTLS_X509_CRT_PARSE_C */ -void mbedtls_ssl_handshake_free( mbedtls_ssl_context *ssl ) +void mbedtls_ssl_handshake_free(mbedtls_ssl_context *ssl) { mbedtls_ssl_handshake_params *handshake = ssl->handshake; - if( handshake == NULL ) + if (handshake == NULL) { return; + } #if defined(MBEDTLS_SSL_ASYNC_PRIVATE) - if( ssl->conf->f_async_cancel != NULL && handshake->async_in_progress != 0 ) - { - ssl->conf->f_async_cancel( ssl ); + if (ssl->conf->f_async_cancel != NULL && handshake->async_in_progress != 0) { + ssl->conf->f_async_cancel(ssl); handshake->async_in_progress = 0; } #endif /* MBEDTLS_SSL_ASYNC_PRIVATE */ #if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \ defined(MBEDTLS_SSL_PROTO_TLS1_1) - mbedtls_md5_free( &handshake->fin_md5 ); - mbedtls_sha1_free( &handshake->fin_sha1 ); + mbedtls_md5_free(&handshake->fin_md5); + mbedtls_sha1_free(&handshake->fin_sha1); #endif #if defined(MBEDTLS_SSL_PROTO_TLS1_2) #if defined(MBEDTLS_SHA256_C) #if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_hash_abort( &handshake->fin_sha256_psa ); + psa_hash_abort(&handshake->fin_sha256_psa); #else - mbedtls_sha256_free( &handshake->fin_sha256 ); + mbedtls_sha256_free(&handshake->fin_sha256); #endif #endif #if defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_SHA512_NO_SHA384) #if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_hash_abort( &handshake->fin_sha384_psa ); + psa_hash_abort(&handshake->fin_sha384_psa); #else - mbedtls_sha512_free( &handshake->fin_sha512 ); + mbedtls_sha512_free(&handshake->fin_sha512); #endif #endif #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ #if defined(MBEDTLS_DHM_C) - mbedtls_dhm_free( &handshake->dhm_ctx ); + mbedtls_dhm_free(&handshake->dhm_ctx); #endif #if defined(MBEDTLS_ECDH_C) - mbedtls_ecdh_free( &handshake->ecdh_ctx ); + mbedtls_ecdh_free(&handshake->ecdh_ctx); #endif #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) - mbedtls_ecjpake_free( &handshake->ecjpake_ctx ); + mbedtls_ecjpake_free(&handshake->ecjpake_ctx); #if defined(MBEDTLS_SSL_CLI_C) - mbedtls_free( handshake->ecjpake_cache ); + mbedtls_free(handshake->ecjpake_cache); handshake->ecjpake_cache = NULL; handshake->ecjpake_cache_len = 0; #endif @@ -6126,14 +6013,13 @@ void mbedtls_ssl_handshake_free( mbedtls_ssl_context *ssl ) #if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \ defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) /* explicit void pointer cast for buggy MS compiler */ - mbedtls_free( (void *) handshake->curves ); + mbedtls_free((void *) handshake->curves); #endif #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) - if( handshake->psk != NULL ) - { - mbedtls_platform_zeroize( handshake->psk, handshake->psk_len ); - mbedtls_free( handshake->psk ); + if (handshake->psk != NULL) { + mbedtls_platform_zeroize(handshake->psk, handshake->psk_len); + mbedtls_free(handshake->psk); } #endif @@ -6143,71 +6029,69 @@ void mbedtls_ssl_handshake_free( mbedtls_ssl_context *ssl ) * Free only the linked list wrapper, not the keys themselves * since the belong to the SNI callback */ - if( handshake->sni_key_cert != NULL ) - { + if (handshake->sni_key_cert != NULL) { mbedtls_ssl_key_cert *cur = handshake->sni_key_cert, *next; - while( cur != NULL ) - { + while (cur != NULL) { next = cur->next; - mbedtls_free( cur ); + mbedtls_free(cur); cur = next; } } #endif /* MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_SSL_SERVER_NAME_INDICATION */ #if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED) - mbedtls_x509_crt_restart_free( &handshake->ecrs_ctx ); - if( handshake->ecrs_peer_cert != NULL ) - { - mbedtls_x509_crt_free( handshake->ecrs_peer_cert ); - mbedtls_free( handshake->ecrs_peer_cert ); + mbedtls_x509_crt_restart_free(&handshake->ecrs_ctx); + if (handshake->ecrs_peer_cert != NULL) { + mbedtls_x509_crt_free(handshake->ecrs_peer_cert); + mbedtls_free(handshake->ecrs_peer_cert); } #endif #if defined(MBEDTLS_X509_CRT_PARSE_C) && \ !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) - mbedtls_pk_free( &handshake->peer_pubkey ); + mbedtls_pk_free(&handshake->peer_pubkey); #endif /* MBEDTLS_X509_CRT_PARSE_C && !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ #if defined(MBEDTLS_SSL_PROTO_DTLS) - mbedtls_free( handshake->verify_cookie ); - mbedtls_ssl_flight_free( handshake->flight ); - mbedtls_ssl_buffering_free( ssl ); + mbedtls_free(handshake->verify_cookie); + mbedtls_ssl_flight_free(handshake->flight); + mbedtls_ssl_buffering_free(ssl); #endif #if defined(MBEDTLS_ECDH_C) && \ defined(MBEDTLS_USE_PSA_CRYPTO) - psa_destroy_key( handshake->ecdh_psa_privkey ); + psa_destroy_key(handshake->ecdh_psa_privkey); #endif /* MBEDTLS_ECDH_C && MBEDTLS_USE_PSA_CRYPTO */ - mbedtls_platform_zeroize( handshake, - sizeof( mbedtls_ssl_handshake_params ) ); + mbedtls_platform_zeroize(handshake, + sizeof(mbedtls_ssl_handshake_params)); #if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) /* If the buffers are too big - reallocate. Because of the way Mbed TLS * processes datagrams and the fact that a datagram is allowed to have * several records in it, it is possible that the I/O buffers are not * empty at this stage */ - handle_buffer_resizing( ssl, 1, mbedtls_ssl_get_input_buflen( ssl ), - mbedtls_ssl_get_output_buflen( ssl ) ); + handle_buffer_resizing(ssl, 1, mbedtls_ssl_get_input_buflen(ssl), + mbedtls_ssl_get_output_buflen(ssl)); #endif } -void mbedtls_ssl_session_free( mbedtls_ssl_session *session ) +void mbedtls_ssl_session_free(mbedtls_ssl_session *session) { - if( session == NULL ) + if (session == NULL) { return; + } #if defined(MBEDTLS_X509_CRT_PARSE_C) - ssl_clear_peer_cert( session ); + ssl_clear_peer_cert(session); #endif #if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C) - mbedtls_free( session->ticket ); + mbedtls_free(session->ticket); #endif - mbedtls_platform_zeroize( session, sizeof( mbedtls_ssl_session ) ); + mbedtls_platform_zeroize(session, sizeof(mbedtls_ssl_session)); } #if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) @@ -6242,22 +6126,25 @@ void mbedtls_ssl_session_free( mbedtls_ssl_session *session ) #define SSL_SERIALIZED_CONTEXT_CONFIG_ALPN_BIT 3 #define SSL_SERIALIZED_CONTEXT_CONFIG_BITFLAG \ - ( (uint32_t) ( \ - ( SSL_SERIALIZED_CONTEXT_CONFIG_DTLS_CONNECTION_ID << SSL_SERIALIZED_CONTEXT_CONFIG_DTLS_CONNECTION_ID_BIT ) | \ - ( SSL_SERIALIZED_CONTEXT_CONFIG_DTLS_BADMAC_LIMIT << SSL_SERIALIZED_CONTEXT_CONFIG_DTLS_BADMAC_LIMIT_BIT ) | \ - ( SSL_SERIALIZED_CONTEXT_CONFIG_DTLS_ANTI_REPLAY << SSL_SERIALIZED_CONTEXT_CONFIG_DTLS_ANTI_REPLAY_BIT ) | \ - ( SSL_SERIALIZED_CONTEXT_CONFIG_ALPN << SSL_SERIALIZED_CONTEXT_CONFIG_ALPN_BIT ) | \ - 0u ) ) + ((uint32_t) ( \ + (SSL_SERIALIZED_CONTEXT_CONFIG_DTLS_CONNECTION_ID << \ + SSL_SERIALIZED_CONTEXT_CONFIG_DTLS_CONNECTION_ID_BIT) | \ + (SSL_SERIALIZED_CONTEXT_CONFIG_DTLS_BADMAC_LIMIT << \ + SSL_SERIALIZED_CONTEXT_CONFIG_DTLS_BADMAC_LIMIT_BIT) | \ + (SSL_SERIALIZED_CONTEXT_CONFIG_DTLS_ANTI_REPLAY << \ + SSL_SERIALIZED_CONTEXT_CONFIG_DTLS_ANTI_REPLAY_BIT) | \ + (SSL_SERIALIZED_CONTEXT_CONFIG_ALPN << SSL_SERIALIZED_CONTEXT_CONFIG_ALPN_BIT) | \ + 0u)) static unsigned char ssl_serialized_context_header[] = { MBEDTLS_VERSION_MAJOR, MBEDTLS_VERSION_MINOR, MBEDTLS_VERSION_PATCH, - MBEDTLS_BYTE_1( SSL_SERIALIZED_SESSION_CONFIG_BITFLAG ), - MBEDTLS_BYTE_0( SSL_SERIALIZED_SESSION_CONFIG_BITFLAG ), - MBEDTLS_BYTE_2( SSL_SERIALIZED_CONTEXT_CONFIG_BITFLAG ), - MBEDTLS_BYTE_1( SSL_SERIALIZED_CONTEXT_CONFIG_BITFLAG ), - MBEDTLS_BYTE_0( SSL_SERIALIZED_CONTEXT_CONFIG_BITFLAG ), + MBEDTLS_BYTE_1(SSL_SERIALIZED_SESSION_CONFIG_BITFLAG), + MBEDTLS_BYTE_0(SSL_SERIALIZED_SESSION_CONFIG_BITFLAG), + MBEDTLS_BYTE_2(SSL_SERIALIZED_CONTEXT_CONFIG_BITFLAG), + MBEDTLS_BYTE_1(SSL_SERIALIZED_CONTEXT_CONFIG_BITFLAG), + MBEDTLS_BYTE_0(SSL_SERIALIZED_CONTEXT_CONFIG_BITFLAG), }; /* @@ -6298,10 +6185,10 @@ static unsigned char ssl_serialized_context_header[] = { * 4. value was temporary (eg content of input buffer) * 5. value will be provided by the user again (eg I/O callbacks and context) */ -int mbedtls_ssl_context_save( mbedtls_ssl_context *ssl, - unsigned char *buf, - size_t buf_len, - size_t *olen ) +int mbedtls_ssl_context_save(mbedtls_ssl_context *ssl, + unsigned char *buf, + size_t buf_len, + size_t *olen) { unsigned char *p = buf; size_t used = 0; @@ -6317,94 +6204,84 @@ int mbedtls_ssl_context_save( mbedtls_ssl_context *ssl, * (only DTLS) but are currently used to simplify the implementation. */ /* The initial handshake must be over */ - if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "Initial handshake isn't over" ) ); - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + if (ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER) { + MBEDTLS_SSL_DEBUG_MSG(1, ("Initial handshake isn't over")); + return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; } - if( ssl->handshake != NULL ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "Handshake isn't completed" ) ); - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + if (ssl->handshake != NULL) { + MBEDTLS_SSL_DEBUG_MSG(1, ("Handshake isn't completed")); + return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; } /* Double-check that sub-structures are indeed ready */ - if( ssl->transform == NULL || ssl->session == NULL ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "Serialised structures aren't ready" ) ); - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + if (ssl->transform == NULL || ssl->session == NULL) { + MBEDTLS_SSL_DEBUG_MSG(1, ("Serialised structures aren't ready")); + return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; } /* There must be no pending incoming or outgoing data */ - if( mbedtls_ssl_check_pending( ssl ) != 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "There is pending incoming data" ) ); - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + if (mbedtls_ssl_check_pending(ssl) != 0) { + MBEDTLS_SSL_DEBUG_MSG(1, ("There is pending incoming data")); + return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; } - if( ssl->out_left != 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "There is pending outgoing data" ) ); - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + if (ssl->out_left != 0) { + MBEDTLS_SSL_DEBUG_MSG(1, ("There is pending outgoing data")); + return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; } /* Protocol must be DTLS, not TLS */ - if( ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "Only DTLS is supported" ) ); - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + if (ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM) { + MBEDTLS_SSL_DEBUG_MSG(1, ("Only DTLS is supported")); + return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; } /* Version must be 1.2 */ - if( ssl->major_ver != MBEDTLS_SSL_MAJOR_VERSION_3 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "Only version 1.2 supported" ) ); - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + if (ssl->major_ver != MBEDTLS_SSL_MAJOR_VERSION_3) { + MBEDTLS_SSL_DEBUG_MSG(1, ("Only version 1.2 supported")); + return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; } - if( ssl->minor_ver != MBEDTLS_SSL_MINOR_VERSION_3 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "Only version 1.2 supported" ) ); - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + if (ssl->minor_ver != MBEDTLS_SSL_MINOR_VERSION_3) { + MBEDTLS_SSL_DEBUG_MSG(1, ("Only version 1.2 supported")); + return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; } /* We must be using an AEAD ciphersuite */ - if( mbedtls_ssl_transform_uses_aead( ssl->transform ) != 1 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "Only AEAD ciphersuites supported" ) ); - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + if (mbedtls_ssl_transform_uses_aead(ssl->transform) != 1) { + MBEDTLS_SSL_DEBUG_MSG(1, ("Only AEAD ciphersuites supported")); + return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; } /* Renegotiation must not be enabled */ #if defined(MBEDTLS_SSL_RENEGOTIATION) - if( ssl->conf->disable_renegotiation != MBEDTLS_SSL_RENEGOTIATION_DISABLED ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "Renegotiation must not be enabled" ) ); - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + if (ssl->conf->disable_renegotiation != MBEDTLS_SSL_RENEGOTIATION_DISABLED) { + MBEDTLS_SSL_DEBUG_MSG(1, ("Renegotiation must not be enabled")); + return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; } #endif /* * Version and format identifier */ - used += sizeof( ssl_serialized_context_header ); + used += sizeof(ssl_serialized_context_header); - if( used <= buf_len ) - { - memcpy( p, ssl_serialized_context_header, - sizeof( ssl_serialized_context_header ) ); - p += sizeof( ssl_serialized_context_header ); + if (used <= buf_len) { + memcpy(p, ssl_serialized_context_header, + sizeof(ssl_serialized_context_header)); + p += sizeof(ssl_serialized_context_header); } /* * Session (length + data) */ - ret = ssl_session_save( ssl->session, 1, NULL, 0, &session_len ); - if( ret != MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL ) - return( ret ); + ret = ssl_session_save(ssl->session, 1, NULL, 0, &session_len); + if (ret != MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL) { + return ret; + } used += 4 + session_len; - if( used <= buf_len ) - { - MBEDTLS_PUT_UINT32_BE( session_len, p, 0 ); + if (used <= buf_len) { + MBEDTLS_PUT_UINT32_BE(session_len, p, 0); p += 4; - ret = ssl_session_save( ssl->session, 1, - p, session_len, &session_len ); - if( ret != 0 ) - return( ret ); + ret = ssl_session_save(ssl->session, 1, + p, session_len, &session_len); + if (ret != 0) { + return ret; + } p += session_len; } @@ -6412,24 +6289,22 @@ int mbedtls_ssl_context_save( mbedtls_ssl_context *ssl, /* * Transform */ - used += sizeof( ssl->transform->randbytes ); - if( used <= buf_len ) - { - memcpy( p, ssl->transform->randbytes, - sizeof( ssl->transform->randbytes ) ); - p += sizeof( ssl->transform->randbytes ); + used += sizeof(ssl->transform->randbytes); + if (used <= buf_len) { + memcpy(p, ssl->transform->randbytes, + sizeof(ssl->transform->randbytes)); + p += sizeof(ssl->transform->randbytes); } #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) used += 2 + ssl->transform->in_cid_len + ssl->transform->out_cid_len; - if( used <= buf_len ) - { + if (used <= buf_len) { *p++ = ssl->transform->in_cid_len; - memcpy( p, ssl->transform->in_cid, ssl->transform->in_cid_len ); + memcpy(p, ssl->transform->in_cid, ssl->transform->in_cid_len); p += ssl->transform->in_cid_len; *p++ = ssl->transform->out_cid_len; - memcpy( p, ssl->transform->out_cid, ssl->transform->out_cid_len ); + memcpy(p, ssl->transform->out_cid, ssl->transform->out_cid_len); p += ssl->transform->out_cid_len; } #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ @@ -6439,45 +6314,40 @@ int mbedtls_ssl_context_save( mbedtls_ssl_context *ssl, */ #if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT) used += 4; - if( used <= buf_len ) - { - MBEDTLS_PUT_UINT32_BE( ssl->badmac_seen, p, 0 ); + if (used <= buf_len) { + MBEDTLS_PUT_UINT32_BE(ssl->badmac_seen, p, 0); p += 4; } #endif /* MBEDTLS_SSL_DTLS_BADMAC_LIMIT */ #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) used += 16; - if( used <= buf_len ) - { - MBEDTLS_PUT_UINT64_BE( ssl->in_window_top, p, 0 ); + if (used <= buf_len) { + MBEDTLS_PUT_UINT64_BE(ssl->in_window_top, p, 0); p += 8; - MBEDTLS_PUT_UINT64_BE( ssl->in_window, p, 0 ); + MBEDTLS_PUT_UINT64_BE(ssl->in_window, p, 0); p += 8; } #endif /* MBEDTLS_SSL_DTLS_ANTI_REPLAY */ #if defined(MBEDTLS_SSL_PROTO_DTLS) used += 1; - if( used <= buf_len ) - { + if (used <= buf_len) { *p++ = ssl->disable_datagram_packing; } #endif /* MBEDTLS_SSL_PROTO_DTLS */ used += 8; - if( used <= buf_len ) - { - memcpy( p, ssl->cur_out_ctr, 8 ); + if (used <= buf_len) { + memcpy(p, ssl->cur_out_ctr, 8); p += 8; } #if defined(MBEDTLS_SSL_PROTO_DTLS) used += 2; - if( used <= buf_len ) - { - MBEDTLS_PUT_UINT16_BE( ssl->mtu, p, 0 ); + if (used <= buf_len) { + MBEDTLS_PUT_UINT16_BE(ssl->mtu, p, 0); p += 2; } #endif /* MBEDTLS_SSL_PROTO_DTLS */ @@ -6485,17 +6355,15 @@ int mbedtls_ssl_context_save( mbedtls_ssl_context *ssl, #if defined(MBEDTLS_SSL_ALPN) { const uint8_t alpn_len = ssl->alpn_chosen - ? (uint8_t) strlen( ssl->alpn_chosen ) + ? (uint8_t) strlen(ssl->alpn_chosen) : 0; used += 1 + alpn_len; - if( used <= buf_len ) - { + if (used <= buf_len) { *p++ = alpn_len; - if( ssl->alpn_chosen != NULL ) - { - memcpy( p, ssl->alpn_chosen, alpn_len ); + if (ssl->alpn_chosen != NULL) { + memcpy(p, ssl->alpn_chosen, alpn_len); p += alpn_len; } } @@ -6507,12 +6375,13 @@ int mbedtls_ssl_context_save( mbedtls_ssl_context *ssl, */ *olen = used; - if( used > buf_len ) - return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL ); + if (used > buf_len) { + return MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL; + } - MBEDTLS_SSL_DEBUG_BUF( 4, "saved context", buf, used ); + MBEDTLS_SSL_DEBUG_BUF(4, "saved context", buf, used); - return( mbedtls_ssl_session_reset_int( ssl, 0 ) ); + return mbedtls_ssl_session_reset_int(ssl, 0); } /* @@ -6521,34 +6390,36 @@ int mbedtls_ssl_context_save( mbedtls_ssl_context *ssl, */ #if defined(MBEDTLS_SHA256_C) || \ (defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_SHA512_NO_SHA384)) -typedef int (*tls_prf_fn)( const unsigned char *secret, size_t slen, - const char *label, - const unsigned char *random, size_t rlen, - unsigned char *dstbuf, size_t dlen ); -static tls_prf_fn ssl_tls12prf_from_cs( int ciphersuite_id ) +typedef int (*tls_prf_fn)(const unsigned char *secret, size_t slen, + const char *label, + const unsigned char *random, size_t rlen, + unsigned char *dstbuf, size_t dlen); +static tls_prf_fn ssl_tls12prf_from_cs(int ciphersuite_id) { const mbedtls_ssl_ciphersuite_t * const ciphersuite_info = - mbedtls_ssl_ciphersuite_from_id( ciphersuite_id ); + mbedtls_ssl_ciphersuite_from_id(ciphersuite_id); - if( ciphersuite_info == NULL ) - return( NULL ); + if (ciphersuite_info == NULL) { + return NULL; + } #if defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_SHA512_NO_SHA384) - if( ciphersuite_info->mac == MBEDTLS_MD_SHA384 ) - return( tls_prf_sha384 ); - else + if (ciphersuite_info->mac == MBEDTLS_MD_SHA384) { + return tls_prf_sha384; + } else #endif #if defined(MBEDTLS_SHA256_C) { - if( ciphersuite_info->mac == MBEDTLS_MD_SHA256 ) - return( tls_prf_sha256 ); + if (ciphersuite_info->mac == MBEDTLS_MD_SHA256) { + return tls_prf_sha256; + } } #endif #if !defined(MBEDTLS_SHA256_C) && \ (!defined(MBEDTLS_SHA512_C) || defined(MBEDTLS_SHA512_NO_SHA384)) (void) ciphersuite_info; #endif - return( NULL ); + return NULL; } #endif /* MBEDTLS_SHA256_C || @@ -6561,9 +6432,9 @@ static tls_prf_fn ssl_tls12prf_from_cs( int ciphersuite_id ) * case of error. */ MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_context_load( mbedtls_ssl_context *ssl, - const unsigned char *buf, - size_t len ) +static int ssl_context_load(mbedtls_ssl_context *ssl, + const unsigned char *buf, + size_t len) { const unsigned char *p = buf; const unsigned char * const end = buf + len; @@ -6577,17 +6448,16 @@ static int ssl_context_load( mbedtls_ssl_context *ssl, * (Checking session is useful because it won't be NULL if we're * renegotiating, or if the user mistakenly loaded a session first.) */ - if( ssl->state != MBEDTLS_SSL_HELLO_REQUEST || - ssl->session != NULL ) - { - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + if (ssl->state != MBEDTLS_SSL_HELLO_REQUEST || + ssl->session != NULL) { + return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; } /* * We can't check that the config matches the initial one, but we can at * least check it matches the requirements for serializing. */ - if( ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM || + if (ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM || ssl->conf->max_major_ver < MBEDTLS_SSL_MAJOR_VERSION_3 || ssl->conf->min_major_ver > MBEDTLS_SSL_MAJOR_VERSION_3 || ssl->conf->max_minor_ver < MBEDTLS_SSL_MINOR_VERSION_3 || @@ -6595,36 +6465,36 @@ static int ssl_context_load( mbedtls_ssl_context *ssl, #if defined(MBEDTLS_SSL_RENEGOTIATION) ssl->conf->disable_renegotiation != MBEDTLS_SSL_RENEGOTIATION_DISABLED || #endif - 0 ) - { - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + 0) { + return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; } - MBEDTLS_SSL_DEBUG_BUF( 4, "context to load", buf, len ); + MBEDTLS_SSL_DEBUG_BUF(4, "context to load", buf, len); /* * Check version identifier */ - if( (size_t)( end - p ) < sizeof( ssl_serialized_context_header ) ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + if ((size_t) (end - p) < sizeof(ssl_serialized_context_header)) { + return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; + } - if( memcmp( p, ssl_serialized_context_header, - sizeof( ssl_serialized_context_header ) ) != 0 ) - { - return( MBEDTLS_ERR_SSL_VERSION_MISMATCH ); + if (memcmp(p, ssl_serialized_context_header, + sizeof(ssl_serialized_context_header)) != 0) { + return MBEDTLS_ERR_SSL_VERSION_MISMATCH; } - p += sizeof( ssl_serialized_context_header ); + p += sizeof(ssl_serialized_context_header); /* * Session */ - if( (size_t)( end - p ) < 4 ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + if ((size_t) (end - p) < 4) { + return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; + } - session_len = ( (size_t) p[0] << 24 ) | - ( (size_t) p[1] << 16 ) | - ( (size_t) p[2] << 8 ) | - ( (size_t) p[3] ); + session_len = ((size_t) p[0] << 24) | + ((size_t) p[1] << 16) | + ((size_t) p[2] << 8) | + ((size_t) p[3]); p += 4; /* This has been allocated by ssl_handshake_init(), called by @@ -6634,14 +6504,14 @@ static int ssl_context_load( mbedtls_ssl_context *ssl, ssl->session_out = ssl->session; ssl->session_negotiate = NULL; - if( (size_t)( end - p ) < session_len ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + if ((size_t) (end - p) < session_len) { + return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; + } - ret = ssl_session_load( ssl->session, 1, p, session_len ); - if( ret != 0 ) - { - mbedtls_ssl_session_free( ssl->session ); - return( ret ); + ret = ssl_session_load(ssl->session, 1, p, session_len); + if (ret != 0) { + mbedtls_ssl_session_free(ssl->session); + return ret; } p += session_len; @@ -6657,57 +6527,63 @@ static int ssl_context_load( mbedtls_ssl_context *ssl, ssl->transform_out = ssl->transform; ssl->transform_negotiate = NULL; - prf_func = ssl_tls12prf_from_cs( ssl->session->ciphersuite ); - if( prf_func == NULL ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + prf_func = ssl_tls12prf_from_cs(ssl->session->ciphersuite); + if (prf_func == NULL) { + return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; + } /* Read random bytes and populate structure */ - if( (size_t)( end - p ) < sizeof( ssl->transform->randbytes ) ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + if ((size_t) (end - p) < sizeof(ssl->transform->randbytes)) { + return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; + } - ret = ssl_populate_transform( ssl->transform, - ssl->session->ciphersuite, - ssl->session->master, + ret = ssl_populate_transform(ssl->transform, + ssl->session->ciphersuite, + ssl->session->master, #if defined(MBEDTLS_SSL_SOME_MODES_USE_MAC) #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) - ssl->session->encrypt_then_mac, + ssl->session->encrypt_then_mac, #endif #if defined(MBEDTLS_SSL_TRUNCATED_HMAC) - ssl->session->trunc_hmac, + ssl->session->trunc_hmac, #endif #endif /* MBEDTLS_SSL_SOME_MODES_USE_MAC */ #if defined(MBEDTLS_ZLIB_SUPPORT) - ssl->session->compression, + ssl->session->compression, #endif - prf_func, - p, /* currently pointing to randbytes */ - MBEDTLS_SSL_MINOR_VERSION_3, /* (D)TLS 1.2 is forced */ - ssl->conf->endpoint, - ssl ); - if( ret != 0 ) - return( ret ); + prf_func, + p, /* currently pointing to randbytes */ + MBEDTLS_SSL_MINOR_VERSION_3, /* (D)TLS 1.2 is forced */ + ssl->conf->endpoint, + ssl); + if (ret != 0) { + return ret; + } - p += sizeof( ssl->transform->randbytes ); + p += sizeof(ssl->transform->randbytes); #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) /* Read connection IDs and store them */ - if( (size_t)( end - p ) < 1 ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + if ((size_t) (end - p) < 1) { + return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; + } ssl->transform->in_cid_len = *p++; - if( (size_t)( end - p ) < ssl->transform->in_cid_len + 1u ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + if ((size_t) (end - p) < ssl->transform->in_cid_len + 1u) { + return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; + } - memcpy( ssl->transform->in_cid, p, ssl->transform->in_cid_len ); + memcpy(ssl->transform->in_cid, p, ssl->transform->in_cid_len); p += ssl->transform->in_cid_len; ssl->transform->out_cid_len = *p++; - if( (size_t)( end - p ) < ssl->transform->out_cid_len ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + if ((size_t) (end - p) < ssl->transform->out_cid_len) { + return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; + } - memcpy( ssl->transform->out_cid, p, ssl->transform->out_cid_len ); + memcpy(ssl->transform->out_cid, p, ssl->transform->out_cid_len); p += ssl->transform->out_cid_len; #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ @@ -6715,59 +6591,64 @@ static int ssl_context_load( mbedtls_ssl_context *ssl, * Saved fields from top-level ssl_context structure */ #if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT) - if( (size_t)( end - p ) < 4 ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + if ((size_t) (end - p) < 4) { + return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; + } - ssl->badmac_seen = ( (uint32_t) p[0] << 24 ) | - ( (uint32_t) p[1] << 16 ) | - ( (uint32_t) p[2] << 8 ) | - ( (uint32_t) p[3] ); + ssl->badmac_seen = ((uint32_t) p[0] << 24) | + ((uint32_t) p[1] << 16) | + ((uint32_t) p[2] << 8) | + ((uint32_t) p[3]); p += 4; #endif /* MBEDTLS_SSL_DTLS_BADMAC_LIMIT */ #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) - if( (size_t)( end - p ) < 16 ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); - - ssl->in_window_top = ( (uint64_t) p[0] << 56 ) | - ( (uint64_t) p[1] << 48 ) | - ( (uint64_t) p[2] << 40 ) | - ( (uint64_t) p[3] << 32 ) | - ( (uint64_t) p[4] << 24 ) | - ( (uint64_t) p[5] << 16 ) | - ( (uint64_t) p[6] << 8 ) | - ( (uint64_t) p[7] ); + if ((size_t) (end - p) < 16) { + return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; + } + + ssl->in_window_top = ((uint64_t) p[0] << 56) | + ((uint64_t) p[1] << 48) | + ((uint64_t) p[2] << 40) | + ((uint64_t) p[3] << 32) | + ((uint64_t) p[4] << 24) | + ((uint64_t) p[5] << 16) | + ((uint64_t) p[6] << 8) | + ((uint64_t) p[7]); p += 8; - ssl->in_window = ( (uint64_t) p[0] << 56 ) | - ( (uint64_t) p[1] << 48 ) | - ( (uint64_t) p[2] << 40 ) | - ( (uint64_t) p[3] << 32 ) | - ( (uint64_t) p[4] << 24 ) | - ( (uint64_t) p[5] << 16 ) | - ( (uint64_t) p[6] << 8 ) | - ( (uint64_t) p[7] ); + ssl->in_window = ((uint64_t) p[0] << 56) | + ((uint64_t) p[1] << 48) | + ((uint64_t) p[2] << 40) | + ((uint64_t) p[3] << 32) | + ((uint64_t) p[4] << 24) | + ((uint64_t) p[5] << 16) | + ((uint64_t) p[6] << 8) | + ((uint64_t) p[7]); p += 8; #endif /* MBEDTLS_SSL_DTLS_ANTI_REPLAY */ #if defined(MBEDTLS_SSL_PROTO_DTLS) - if( (size_t)( end - p ) < 1 ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + if ((size_t) (end - p) < 1) { + return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; + } ssl->disable_datagram_packing = *p++; #endif /* MBEDTLS_SSL_PROTO_DTLS */ - if( (size_t)( end - p ) < 8 ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + if ((size_t) (end - p) < 8) { + return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; + } - memcpy( ssl->cur_out_ctr, p, 8 ); + memcpy(ssl->cur_out_ctr, p, 8); p += 8; #if defined(MBEDTLS_SSL_PROTO_DTLS) - if( (size_t)( end - p ) < 2 ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + if ((size_t) (end - p) < 2) { + return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; + } - ssl->mtu = ( p[0] << 8 ) | p[1]; + ssl->mtu = (p[0] << 8) | p[1]; p += 2; #endif /* MBEDTLS_SSL_PROTO_DTLS */ @@ -6776,19 +6657,17 @@ static int ssl_context_load( mbedtls_ssl_context *ssl, uint8_t alpn_len; const char **cur; - if( (size_t)( end - p ) < 1 ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + if ((size_t) (end - p) < 1) { + return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; + } alpn_len = *p++; - if( alpn_len != 0 && ssl->conf->alpn_list != NULL ) - { + if (alpn_len != 0 && ssl->conf->alpn_list != NULL) { /* alpn_chosen should point to an item in the configured list */ - for( cur = ssl->conf->alpn_list; *cur != NULL; cur++ ) - { - if( strlen( *cur ) == alpn_len && - memcmp( p, cur, alpn_len ) == 0 ) - { + for (cur = ssl->conf->alpn_list; *cur != NULL; cur++) { + if (strlen(*cur) == alpn_len && + memcmp(p, cur, alpn_len) == 0) { ssl->alpn_chosen = *cur; break; } @@ -6796,8 +6675,9 @@ static int ssl_context_load( mbedtls_ssl_context *ssl, } /* can only happen on conf mismatch */ - if( alpn_len != 0 && ssl->alpn_chosen == NULL ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + if (alpn_len != 0 && ssl->alpn_chosen == NULL) { + return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; + } p += alpn_len; } @@ -6816,7 +6696,7 @@ static int ssl_context_load( mbedtls_ssl_context *ssl, /* Adjust pointers for header fields of outgoing records to * the given transform, accounting for explicit IV and CID. */ - mbedtls_ssl_update_out_pointers( ssl, ssl->transform ); + mbedtls_ssl_update_out_pointers(ssl, ssl->transform); #if defined(MBEDTLS_SSL_PROTO_DTLS) ssl->in_epoch = 1; @@ -6826,137 +6706,131 @@ static int ssl_context_load( mbedtls_ssl_context *ssl, * which we don't want - otherwise we'd end up freeing the wrong transform * by calling mbedtls_ssl_handshake_wrapup_free_hs_transform() * inappropriately. */ - if( ssl->handshake != NULL ) - { - mbedtls_ssl_handshake_free( ssl ); - mbedtls_free( ssl->handshake ); + if (ssl->handshake != NULL) { + mbedtls_ssl_handshake_free(ssl); + mbedtls_free(ssl->handshake); ssl->handshake = NULL; } /* * Done - should have consumed entire buffer */ - if( p != end ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + if (p != end) { + return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; + } - return( 0 ); + return 0; } /* * Deserialize context: public wrapper for error cleaning */ -int mbedtls_ssl_context_load( mbedtls_ssl_context *context, - const unsigned char *buf, - size_t len ) +int mbedtls_ssl_context_load(mbedtls_ssl_context *context, + const unsigned char *buf, + size_t len) { - int ret = ssl_context_load( context, buf, len ); + int ret = ssl_context_load(context, buf, len); - if( ret != 0 ) - mbedtls_ssl_free( context ); + if (ret != 0) { + mbedtls_ssl_free(context); + } - return( ret ); + return ret; } #endif /* MBEDTLS_SSL_CONTEXT_SERIALIZATION */ /* * Free an SSL context */ -void mbedtls_ssl_free( mbedtls_ssl_context *ssl ) +void mbedtls_ssl_free(mbedtls_ssl_context *ssl) { - if( ssl == NULL ) + if (ssl == NULL) { return; + } - MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> free" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("=> free")); - if( ssl->out_buf != NULL ) - { + if (ssl->out_buf != NULL) { #if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) size_t out_buf_len = ssl->out_buf_len; #else size_t out_buf_len = MBEDTLS_SSL_OUT_BUFFER_LEN; #endif - mbedtls_platform_zeroize( ssl->out_buf, out_buf_len ); - mbedtls_free( ssl->out_buf ); + mbedtls_platform_zeroize(ssl->out_buf, out_buf_len); + mbedtls_free(ssl->out_buf); ssl->out_buf = NULL; } - if( ssl->in_buf != NULL ) - { + if (ssl->in_buf != NULL) { #if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) size_t in_buf_len = ssl->in_buf_len; #else size_t in_buf_len = MBEDTLS_SSL_IN_BUFFER_LEN; #endif - mbedtls_platform_zeroize( ssl->in_buf, in_buf_len ); - mbedtls_free( ssl->in_buf ); + mbedtls_platform_zeroize(ssl->in_buf, in_buf_len); + mbedtls_free(ssl->in_buf); ssl->in_buf = NULL; } #if defined(MBEDTLS_ZLIB_SUPPORT) - if( ssl->compress_buf != NULL ) - { - mbedtls_platform_zeroize( ssl->compress_buf, MBEDTLS_SSL_COMPRESS_BUFFER_LEN ); - mbedtls_free( ssl->compress_buf ); + if (ssl->compress_buf != NULL) { + mbedtls_platform_zeroize(ssl->compress_buf, MBEDTLS_SSL_COMPRESS_BUFFER_LEN); + mbedtls_free(ssl->compress_buf); } #endif - if( ssl->transform ) - { - mbedtls_ssl_transform_free( ssl->transform ); - mbedtls_free( ssl->transform ); + if (ssl->transform) { + mbedtls_ssl_transform_free(ssl->transform); + mbedtls_free(ssl->transform); } - if( ssl->handshake ) - { - mbedtls_ssl_handshake_free( ssl ); - mbedtls_ssl_transform_free( ssl->transform_negotiate ); - mbedtls_ssl_session_free( ssl->session_negotiate ); + if (ssl->handshake) { + mbedtls_ssl_handshake_free(ssl); + mbedtls_ssl_transform_free(ssl->transform_negotiate); + mbedtls_ssl_session_free(ssl->session_negotiate); - mbedtls_free( ssl->handshake ); - mbedtls_free( ssl->transform_negotiate ); - mbedtls_free( ssl->session_negotiate ); + mbedtls_free(ssl->handshake); + mbedtls_free(ssl->transform_negotiate); + mbedtls_free(ssl->session_negotiate); } - if( ssl->session ) - { - mbedtls_ssl_session_free( ssl->session ); - mbedtls_free( ssl->session ); + if (ssl->session) { + mbedtls_ssl_session_free(ssl->session); + mbedtls_free(ssl->session); } #if defined(MBEDTLS_X509_CRT_PARSE_C) - if( ssl->hostname != NULL ) - { - mbedtls_platform_zeroize( ssl->hostname, strlen( ssl->hostname ) ); - mbedtls_free( ssl->hostname ); + if (ssl->hostname != NULL) { + mbedtls_platform_zeroize(ssl->hostname, strlen(ssl->hostname)); + mbedtls_free(ssl->hostname); } #endif #if defined(MBEDTLS_SSL_HW_RECORD_ACCEL) - if( mbedtls_ssl_hw_record_finish != NULL ) - { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "going for mbedtls_ssl_hw_record_finish()" ) ); - mbedtls_ssl_hw_record_finish( ssl ); + if (mbedtls_ssl_hw_record_finish != NULL) { + MBEDTLS_SSL_DEBUG_MSG(2, ("going for mbedtls_ssl_hw_record_finish()")); + mbedtls_ssl_hw_record_finish(ssl); } #endif #if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C) - mbedtls_free( ssl->cli_id ); + mbedtls_free(ssl->cli_id); #endif - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= free" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("<= free")); /* Actually clear after last debug message */ - mbedtls_platform_zeroize( ssl, sizeof( mbedtls_ssl_context ) ); + mbedtls_platform_zeroize(ssl, sizeof(mbedtls_ssl_context)); } /* * Initialize mbedtls_ssl_config */ -void mbedtls_ssl_config_init( mbedtls_ssl_config *conf ) +void mbedtls_ssl_config_init(mbedtls_ssl_config *conf) { - memset( conf, 0, sizeof( mbedtls_ssl_config ) ); + memset(conf, 0, sizeof(mbedtls_ssl_config)); } #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) @@ -7007,8 +6881,8 @@ static mbedtls_ecp_group_id ssl_preset_suiteb_curves[] = { /* * Load default in mbedtls_ssl_config */ -int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf, - int endpoint, int transport, int preset ) +int mbedtls_ssl_config_defaults(mbedtls_ssl_config *conf, + int endpoint, int transport, int preset) { #if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_SRV_C) int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; @@ -7016,15 +6890,14 @@ int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf, /* Use the functions here so that they are covered in tests, * but otherwise access member directly for efficiency */ - mbedtls_ssl_conf_endpoint( conf, endpoint ); - mbedtls_ssl_conf_transport( conf, transport ); + mbedtls_ssl_conf_endpoint(conf, endpoint); + mbedtls_ssl_conf_transport(conf, transport); /* * Things that are common to all presets */ #if defined(MBEDTLS_SSL_CLI_C) - if( endpoint == MBEDTLS_SSL_IS_CLIENT ) - { + if (endpoint == MBEDTLS_SSL_IS_CLIENT) { conf->authmode = MBEDTLS_SSL_VERIFY_REQUIRED; #if defined(MBEDTLS_SSL_SESSION_TICKETS) conf->session_tickets = MBEDTLS_SSL_SESSION_TICKETS_ENABLED; @@ -7068,32 +6941,29 @@ int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf, #if defined(MBEDTLS_SSL_RENEGOTIATION) conf->renego_max_records = MBEDTLS_SSL_RENEGO_MAX_RECORDS_DEFAULT; - memset( conf->renego_period, 0x00, 2 ); - memset( conf->renego_period + 2, 0xFF, 6 ); + memset(conf->renego_period, 0x00, 2); + memset(conf->renego_period + 2, 0xFF, 6); #endif #if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_SRV_C) - if( endpoint == MBEDTLS_SSL_IS_SERVER ) - { - const unsigned char dhm_p[] = - MBEDTLS_DHM_RFC3526_MODP_2048_P_BIN; - const unsigned char dhm_g[] = - MBEDTLS_DHM_RFC3526_MODP_2048_G_BIN; - - if ( ( ret = mbedtls_ssl_conf_dh_param_bin( conf, - dhm_p, sizeof( dhm_p ), - dhm_g, sizeof( dhm_g ) ) ) != 0 ) - { - return( ret ); - } - } + if (endpoint == MBEDTLS_SSL_IS_SERVER) { + const unsigned char dhm_p[] = + MBEDTLS_DHM_RFC3526_MODP_2048_P_BIN; + const unsigned char dhm_g[] = + MBEDTLS_DHM_RFC3526_MODP_2048_G_BIN; + + if ((ret = mbedtls_ssl_conf_dh_param_bin(conf, + dhm_p, sizeof(dhm_p), + dhm_g, sizeof(dhm_g))) != 0) { + return ret; + } + } #endif /* * Preset-specific defaults */ - switch( preset ) - { + switch (preset) { /* * NSA Suite B */ @@ -7104,10 +6974,10 @@ int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf, conf->max_minor_ver = MBEDTLS_SSL_MAX_MINOR_VERSION; conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_0] = - conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_1] = - conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_2] = - conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_3] = - ssl_preset_suiteb_ciphersuites; + conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_1] = + conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_2] = + conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_3] = + ssl_preset_suiteb_ciphersuites; #if defined(MBEDTLS_X509_CRT_PARSE_C) conf->cert_profile = &mbedtls_x509_crt_profile_suiteb; @@ -7126,27 +6996,28 @@ int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf, * Default */ default: - conf->min_major_ver = ( MBEDTLS_SSL_MIN_MAJOR_VERSION > - MBEDTLS_SSL_MIN_VALID_MAJOR_VERSION ) ? - MBEDTLS_SSL_MIN_MAJOR_VERSION : - MBEDTLS_SSL_MIN_VALID_MAJOR_VERSION; - conf->min_minor_ver = ( MBEDTLS_SSL_MIN_MINOR_VERSION > - MBEDTLS_SSL_MIN_VALID_MINOR_VERSION ) ? - MBEDTLS_SSL_MIN_MINOR_VERSION : - MBEDTLS_SSL_MIN_VALID_MINOR_VERSION; + conf->min_major_ver = (MBEDTLS_SSL_MIN_MAJOR_VERSION > + MBEDTLS_SSL_MIN_VALID_MAJOR_VERSION) ? + MBEDTLS_SSL_MIN_MAJOR_VERSION : + MBEDTLS_SSL_MIN_VALID_MAJOR_VERSION; + conf->min_minor_ver = (MBEDTLS_SSL_MIN_MINOR_VERSION > + MBEDTLS_SSL_MIN_VALID_MINOR_VERSION) ? + MBEDTLS_SSL_MIN_MINOR_VERSION : + MBEDTLS_SSL_MIN_VALID_MINOR_VERSION; conf->max_major_ver = MBEDTLS_SSL_MAX_MAJOR_VERSION; conf->max_minor_ver = MBEDTLS_SSL_MAX_MINOR_VERSION; #if defined(MBEDTLS_SSL_PROTO_DTLS) - if( transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) + if (transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { conf->min_minor_ver = MBEDTLS_SSL_MINOR_VERSION_2; + } #endif conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_0] = - conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_1] = - conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_2] = - conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_3] = - mbedtls_ssl_list_ciphersuites(); + conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_1] = + conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_2] = + conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_3] = + mbedtls_ssl_list_ciphersuites(); #if defined(MBEDTLS_X509_CRT_PARSE_C) conf->cert_profile = &mbedtls_x509_crt_profile_default; @@ -7165,89 +7036,88 @@ int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf, #endif } - return( 0 ); + return 0; } /* * Free mbedtls_ssl_config */ -void mbedtls_ssl_config_free( mbedtls_ssl_config *conf ) +void mbedtls_ssl_config_free(mbedtls_ssl_config *conf) { #if defined(MBEDTLS_DHM_C) - mbedtls_mpi_free( &conf->dhm_P ); - mbedtls_mpi_free( &conf->dhm_G ); + mbedtls_mpi_free(&conf->dhm_P); + mbedtls_mpi_free(&conf->dhm_G); #endif #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) - if( conf->psk != NULL ) - { - mbedtls_platform_zeroize( conf->psk, conf->psk_len ); - mbedtls_free( conf->psk ); + if (conf->psk != NULL) { + mbedtls_platform_zeroize(conf->psk, conf->psk_len); + mbedtls_free(conf->psk); conf->psk = NULL; conf->psk_len = 0; } - if( conf->psk_identity != NULL ) - { - mbedtls_platform_zeroize( conf->psk_identity, conf->psk_identity_len ); - mbedtls_free( conf->psk_identity ); + if (conf->psk_identity != NULL) { + mbedtls_platform_zeroize(conf->psk_identity, conf->psk_identity_len); + mbedtls_free(conf->psk_identity); conf->psk_identity = NULL; conf->psk_identity_len = 0; } #endif #if defined(MBEDTLS_X509_CRT_PARSE_C) - ssl_key_cert_free( conf->key_cert ); + ssl_key_cert_free(conf->key_cert); #endif - mbedtls_platform_zeroize( conf, sizeof( mbedtls_ssl_config ) ); + mbedtls_platform_zeroize(conf, sizeof(mbedtls_ssl_config)); } #if defined(MBEDTLS_PK_C) && \ - ( defined(MBEDTLS_RSA_C) || defined(MBEDTLS_ECDSA_C) ) + (defined(MBEDTLS_RSA_C) || defined(MBEDTLS_ECDSA_C)) /* * Convert between MBEDTLS_PK_XXX and SSL_SIG_XXX */ -unsigned char mbedtls_ssl_sig_from_pk( mbedtls_pk_context *pk ) +unsigned char mbedtls_ssl_sig_from_pk(mbedtls_pk_context *pk) { #if defined(MBEDTLS_RSA_C) - if( mbedtls_pk_can_do( pk, MBEDTLS_PK_RSA ) ) - return( MBEDTLS_SSL_SIG_RSA ); + if (mbedtls_pk_can_do(pk, MBEDTLS_PK_RSA)) { + return MBEDTLS_SSL_SIG_RSA; + } #endif #if defined(MBEDTLS_ECDSA_C) - if( mbedtls_pk_can_do( pk, MBEDTLS_PK_ECDSA ) ) - return( MBEDTLS_SSL_SIG_ECDSA ); + if (mbedtls_pk_can_do(pk, MBEDTLS_PK_ECDSA)) { + return MBEDTLS_SSL_SIG_ECDSA; + } #endif - return( MBEDTLS_SSL_SIG_ANON ); + return MBEDTLS_SSL_SIG_ANON; } -unsigned char mbedtls_ssl_sig_from_pk_alg( mbedtls_pk_type_t type ) +unsigned char mbedtls_ssl_sig_from_pk_alg(mbedtls_pk_type_t type) { - switch( type ) { + switch (type) { case MBEDTLS_PK_RSA: - return( MBEDTLS_SSL_SIG_RSA ); + return MBEDTLS_SSL_SIG_RSA; case MBEDTLS_PK_ECDSA: case MBEDTLS_PK_ECKEY: - return( MBEDTLS_SSL_SIG_ECDSA ); + return MBEDTLS_SSL_SIG_ECDSA; default: - return( MBEDTLS_SSL_SIG_ANON ); + return MBEDTLS_SSL_SIG_ANON; } } -mbedtls_pk_type_t mbedtls_ssl_pk_alg_from_sig( unsigned char sig ) +mbedtls_pk_type_t mbedtls_ssl_pk_alg_from_sig(unsigned char sig) { - switch( sig ) - { + switch (sig) { #if defined(MBEDTLS_RSA_C) case MBEDTLS_SSL_SIG_RSA: - return( MBEDTLS_PK_RSA ); + return MBEDTLS_PK_RSA; #endif #if defined(MBEDTLS_ECDSA_C) case MBEDTLS_SSL_SIG_ECDSA: - return( MBEDTLS_PK_ECDSA ); + return MBEDTLS_PK_ECDSA; #endif default: - return( MBEDTLS_PK_NONE ); + return MBEDTLS_PK_NONE; } } #endif /* MBEDTLS_PK_C && ( MBEDTLS_RSA_C || MBEDTLS_ECDSA_C ) */ @@ -7256,35 +7126,35 @@ mbedtls_pk_type_t mbedtls_ssl_pk_alg_from_sig( unsigned char sig ) defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) /* Find an entry in a signature-hash set matching a given hash algorithm. */ -mbedtls_md_type_t mbedtls_ssl_sig_hash_set_find( mbedtls_ssl_sig_hash_set_t *set, - mbedtls_pk_type_t sig_alg ) +mbedtls_md_type_t mbedtls_ssl_sig_hash_set_find(mbedtls_ssl_sig_hash_set_t *set, + mbedtls_pk_type_t sig_alg) { - switch( sig_alg ) - { + switch (sig_alg) { case MBEDTLS_PK_RSA: - return( set->rsa ); + return set->rsa; case MBEDTLS_PK_ECDSA: - return( set->ecdsa ); + return set->ecdsa; default: - return( MBEDTLS_MD_NONE ); + return MBEDTLS_MD_NONE; } } /* Add a signature-hash-pair to a signature-hash set */ -void mbedtls_ssl_sig_hash_set_add( mbedtls_ssl_sig_hash_set_t *set, - mbedtls_pk_type_t sig_alg, - mbedtls_md_type_t md_alg ) +void mbedtls_ssl_sig_hash_set_add(mbedtls_ssl_sig_hash_set_t *set, + mbedtls_pk_type_t sig_alg, + mbedtls_md_type_t md_alg) { - switch( sig_alg ) - { + switch (sig_alg) { case MBEDTLS_PK_RSA: - if( set->rsa == MBEDTLS_MD_NONE ) + if (set->rsa == MBEDTLS_MD_NONE) { set->rsa = md_alg; + } break; case MBEDTLS_PK_ECDSA: - if( set->ecdsa == MBEDTLS_MD_NONE ) + if (set->ecdsa == MBEDTLS_MD_NONE) { set->ecdsa = md_alg; + } break; default: @@ -7293,8 +7163,8 @@ void mbedtls_ssl_sig_hash_set_add( mbedtls_ssl_sig_hash_set_t *set, } /* Allow exactly one hash algorithm for each signature. */ -void mbedtls_ssl_sig_hash_set_const_hash( mbedtls_ssl_sig_hash_set_t *set, - mbedtls_md_type_t md_alg ) +void mbedtls_ssl_sig_hash_set_const_hash(mbedtls_ssl_sig_hash_set_t *set, + mbedtls_md_type_t md_alg) { set->rsa = md_alg; set->ecdsa = md_alg; @@ -7306,68 +7176,66 @@ void mbedtls_ssl_sig_hash_set_const_hash( mbedtls_ssl_sig_hash_set_t *set, /* * Convert from MBEDTLS_SSL_HASH_XXX to MBEDTLS_MD_XXX */ -mbedtls_md_type_t mbedtls_ssl_md_alg_from_hash( unsigned char hash ) +mbedtls_md_type_t mbedtls_ssl_md_alg_from_hash(unsigned char hash) { - switch( hash ) - { + switch (hash) { #if defined(MBEDTLS_MD5_C) case MBEDTLS_SSL_HASH_MD5: - return( MBEDTLS_MD_MD5 ); + return MBEDTLS_MD_MD5; #endif #if defined(MBEDTLS_SHA1_C) case MBEDTLS_SSL_HASH_SHA1: - return( MBEDTLS_MD_SHA1 ); + return MBEDTLS_MD_SHA1; #endif #if defined(MBEDTLS_SHA256_C) case MBEDTLS_SSL_HASH_SHA224: - return( MBEDTLS_MD_SHA224 ); + return MBEDTLS_MD_SHA224; case MBEDTLS_SSL_HASH_SHA256: - return( MBEDTLS_MD_SHA256 ); + return MBEDTLS_MD_SHA256; #endif #if defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_SHA512_NO_SHA384) case MBEDTLS_SSL_HASH_SHA384: - return( MBEDTLS_MD_SHA384 ); + return MBEDTLS_MD_SHA384; #endif #if defined(MBEDTLS_SHA512_C) case MBEDTLS_SSL_HASH_SHA512: - return( MBEDTLS_MD_SHA512 ); + return MBEDTLS_MD_SHA512; #endif default: - return( MBEDTLS_MD_NONE ); + return MBEDTLS_MD_NONE; } } /* * Convert from MBEDTLS_MD_XXX to MBEDTLS_SSL_HASH_XXX */ -unsigned char mbedtls_ssl_hash_from_md_alg( int md ) +unsigned char mbedtls_ssl_hash_from_md_alg(int md) { - switch( md ) - { + switch (md) { #if defined(MBEDTLS_MD5_C) case MBEDTLS_MD_MD5: - return( MBEDTLS_SSL_HASH_MD5 ); + return MBEDTLS_SSL_HASH_MD5; #endif #if defined(MBEDTLS_SHA1_C) case MBEDTLS_MD_SHA1: - return( MBEDTLS_SSL_HASH_SHA1 ); + return MBEDTLS_SSL_HASH_SHA1; #endif #if defined(MBEDTLS_SHA256_C) case MBEDTLS_MD_SHA224: - return( MBEDTLS_SSL_HASH_SHA224 ); + return MBEDTLS_SSL_HASH_SHA224; case MBEDTLS_MD_SHA256: - return( MBEDTLS_SSL_HASH_SHA256 ); + return MBEDTLS_SSL_HASH_SHA256; #endif #if defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_SHA512_NO_SHA384) case MBEDTLS_MD_SHA384: - return( MBEDTLS_SSL_HASH_SHA384 ); + return MBEDTLS_SSL_HASH_SHA384; #endif #if defined(MBEDTLS_SHA512_C) case MBEDTLS_MD_SHA512: - return( MBEDTLS_SSL_HASH_SHA512 ); + return MBEDTLS_SSL_HASH_SHA512; #endif default: - return( MBEDTLS_SSL_HASH_NONE ); + return MBEDTLS_SSL_HASH_NONE; } } @@ -7376,30 +7244,34 @@ unsigned char mbedtls_ssl_hash_from_md_alg( int md ) * Check if a curve proposed by the peer is in our list. * Return 0 if we're willing to use it, -1 otherwise. */ -int mbedtls_ssl_check_curve( const mbedtls_ssl_context *ssl, mbedtls_ecp_group_id grp_id ) +int mbedtls_ssl_check_curve(const mbedtls_ssl_context *ssl, mbedtls_ecp_group_id grp_id) { const mbedtls_ecp_group_id *gid; - if( ssl->conf->curve_list == NULL ) - return( -1 ); + if (ssl->conf->curve_list == NULL) { + return -1; + } - for( gid = ssl->conf->curve_list; *gid != MBEDTLS_ECP_DP_NONE; gid++ ) - if( *gid == grp_id ) - return( 0 ); + for (gid = ssl->conf->curve_list; *gid != MBEDTLS_ECP_DP_NONE; gid++) { + if (*gid == grp_id) { + return 0; + } + } - return( -1 ); + return -1; } /* * Same as mbedtls_ssl_check_curve() but takes a TLS ID for the curve. */ -int mbedtls_ssl_check_curve_tls_id( const mbedtls_ssl_context *ssl, uint16_t tls_id ) +int mbedtls_ssl_check_curve_tls_id(const mbedtls_ssl_context *ssl, uint16_t tls_id) { const mbedtls_ecp_curve_info *curve_info = - mbedtls_ecp_curve_info_from_tls_id( tls_id ); - if( curve_info == NULL ) - return( -1 ); - return( mbedtls_ssl_check_curve( ssl, curve_info->grp_id ) ); + mbedtls_ecp_curve_info_from_tls_id(tls_id); + if (curve_info == NULL) { + return -1; + } + return mbedtls_ssl_check_curve(ssl, curve_info->grp_id); } #endif /* MBEDTLS_ECP_C */ @@ -7408,27 +7280,30 @@ int mbedtls_ssl_check_curve_tls_id( const mbedtls_ssl_context *ssl, uint16_t tls * Check if a hash proposed by the peer is in our list. * Return 0 if we're willing to use it, -1 otherwise. */ -int mbedtls_ssl_check_sig_hash( const mbedtls_ssl_context *ssl, - mbedtls_md_type_t md ) +int mbedtls_ssl_check_sig_hash(const mbedtls_ssl_context *ssl, + mbedtls_md_type_t md) { const int *cur; - if( ssl->conf->sig_hashes == NULL ) - return( -1 ); + if (ssl->conf->sig_hashes == NULL) { + return -1; + } - for( cur = ssl->conf->sig_hashes; *cur != MBEDTLS_MD_NONE; cur++ ) - if( *cur == (int) md ) - return( 0 ); + for (cur = ssl->conf->sig_hashes; *cur != MBEDTLS_MD_NONE; cur++) { + if (*cur == (int) md) { + return 0; + } + } - return( -1 ); + return -1; } #endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ #if defined(MBEDTLS_X509_CRT_PARSE_C) -int mbedtls_ssl_check_cert_usage( const mbedtls_x509_crt *cert, - const mbedtls_ssl_ciphersuite_t *ciphersuite, - int cert_endpoint, - uint32_t *flags ) +int mbedtls_ssl_check_cert_usage(const mbedtls_x509_crt *cert, + const mbedtls_ssl_ciphersuite_t *ciphersuite, + int cert_endpoint, + uint32_t *flags) { int ret = 0; #if defined(MBEDTLS_X509_CHECK_KEY_USAGE) @@ -7447,11 +7322,9 @@ int mbedtls_ssl_check_cert_usage( const mbedtls_x509_crt *cert, #endif #if defined(MBEDTLS_X509_CHECK_KEY_USAGE) - if( cert_endpoint == MBEDTLS_SSL_IS_SERVER ) - { + if (cert_endpoint == MBEDTLS_SSL_IS_SERVER) { /* Server part of the key exchange */ - switch( ciphersuite->key_exchange ) - { + switch (ciphersuite->key_exchange) { case MBEDTLS_KEY_EXCHANGE_RSA: case MBEDTLS_KEY_EXCHANGE_RSA_PSK: usage = MBEDTLS_X509_KU_KEY_ENCIPHERMENT; @@ -7476,15 +7349,12 @@ int mbedtls_ssl_check_cert_usage( const mbedtls_x509_crt *cert, case MBEDTLS_KEY_EXCHANGE_ECJPAKE: usage = 0; } - } - else - { + } else { /* Client auth: we only implement rsa_sign and mbedtls_ecdsa_sign for now */ usage = MBEDTLS_X509_KU_DIGITAL_SIGNATURE; } - if( mbedtls_x509_crt_check_key_usage( cert, usage ) != 0 ) - { + if (mbedtls_x509_crt_check_key_usage(cert, usage) != 0) { *flags |= MBEDTLS_X509_BADCERT_KEY_USAGE; ret = -1; } @@ -7493,36 +7363,32 @@ int mbedtls_ssl_check_cert_usage( const mbedtls_x509_crt *cert, #endif /* MBEDTLS_X509_CHECK_KEY_USAGE */ #if defined(MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE) - if( cert_endpoint == MBEDTLS_SSL_IS_SERVER ) - { + if (cert_endpoint == MBEDTLS_SSL_IS_SERVER) { ext_oid = MBEDTLS_OID_SERVER_AUTH; - ext_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_SERVER_AUTH ); - } - else - { + ext_len = MBEDTLS_OID_SIZE(MBEDTLS_OID_SERVER_AUTH); + } else { ext_oid = MBEDTLS_OID_CLIENT_AUTH; - ext_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_CLIENT_AUTH ); + ext_len = MBEDTLS_OID_SIZE(MBEDTLS_OID_CLIENT_AUTH); } - if( mbedtls_x509_crt_check_extended_key_usage( cert, ext_oid, ext_len ) != 0 ) - { + if (mbedtls_x509_crt_check_extended_key_usage(cert, ext_oid, ext_len) != 0) { *flags |= MBEDTLS_X509_BADCERT_EXT_KEY_USAGE; ret = -1; } #endif /* MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE */ - return( ret ); + return ret; } #endif /* MBEDTLS_X509_CRT_PARSE_C */ -int mbedtls_ssl_set_calc_verify_md( mbedtls_ssl_context *ssl, int md ) +int mbedtls_ssl_set_calc_verify_md(mbedtls_ssl_context *ssl, int md) { #if defined(MBEDTLS_SSL_PROTO_TLS1_2) - if( ssl->minor_ver != MBEDTLS_SSL_MINOR_VERSION_3 ) + if (ssl->minor_ver != MBEDTLS_SSL_MINOR_VERSION_3) { return MBEDTLS_ERR_SSL_INVALID_VERIFY_HASH; + } - switch( md ) - { + switch (md) { #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) #if defined(MBEDTLS_MD5_C) case MBEDTLS_SSL_HASH_MD5: @@ -7559,16 +7425,16 @@ int mbedtls_ssl_set_calc_verify_md( mbedtls_ssl_context *ssl, int md ) #if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \ defined(MBEDTLS_SSL_PROTO_TLS1_1) -int mbedtls_ssl_get_key_exchange_md_ssl_tls( mbedtls_ssl_context *ssl, - unsigned char *output, - unsigned char *data, size_t data_len ) +int mbedtls_ssl_get_key_exchange_md_ssl_tls(mbedtls_ssl_context *ssl, + unsigned char *output, + unsigned char *data, size_t data_len) { int ret = 0; mbedtls_md5_context mbedtls_md5; mbedtls_sha1_context mbedtls_sha1; - mbedtls_md5_init( &mbedtls_md5 ); - mbedtls_sha1_init( &mbedtls_sha1 ); + mbedtls_md5_init(&mbedtls_md5); + mbedtls_sha1_init(&mbedtls_sha1); /* * digitally-signed struct { @@ -7583,61 +7449,54 @@ int mbedtls_ssl_get_key_exchange_md_ssl_tls( mbedtls_ssl_context *ssl, * SHA(ClientHello.random + ServerHello.random * + ServerParams); */ - if( ( ret = mbedtls_md5_starts_ret( &mbedtls_md5 ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md5_starts_ret", ret ); + if ((ret = mbedtls_md5_starts_ret(&mbedtls_md5)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_md5_starts_ret", ret); goto exit; } - if( ( ret = mbedtls_md5_update_ret( &mbedtls_md5, - ssl->handshake->randbytes, 64 ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md5_update_ret", ret ); + if ((ret = mbedtls_md5_update_ret(&mbedtls_md5, + ssl->handshake->randbytes, 64)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_md5_update_ret", ret); goto exit; } - if( ( ret = mbedtls_md5_update_ret( &mbedtls_md5, data, data_len ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md5_update_ret", ret ); + if ((ret = mbedtls_md5_update_ret(&mbedtls_md5, data, data_len)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_md5_update_ret", ret); goto exit; } - if( ( ret = mbedtls_md5_finish_ret( &mbedtls_md5, output ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md5_finish_ret", ret ); + if ((ret = mbedtls_md5_finish_ret(&mbedtls_md5, output)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_md5_finish_ret", ret); goto exit; } - if( ( ret = mbedtls_sha1_starts_ret( &mbedtls_sha1 ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_sha1_starts_ret", ret ); + if ((ret = mbedtls_sha1_starts_ret(&mbedtls_sha1)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_sha1_starts_ret", ret); goto exit; } - if( ( ret = mbedtls_sha1_update_ret( &mbedtls_sha1, - ssl->handshake->randbytes, 64 ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_sha1_update_ret", ret ); + if ((ret = mbedtls_sha1_update_ret(&mbedtls_sha1, + ssl->handshake->randbytes, 64)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_sha1_update_ret", ret); goto exit; } - if( ( ret = mbedtls_sha1_update_ret( &mbedtls_sha1, data, - data_len ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_sha1_update_ret", ret ); + if ((ret = mbedtls_sha1_update_ret(&mbedtls_sha1, data, + data_len)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_sha1_update_ret", ret); goto exit; } - if( ( ret = mbedtls_sha1_finish_ret( &mbedtls_sha1, - output + 16 ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_sha1_finish_ret", ret ); + if ((ret = mbedtls_sha1_finish_ret(&mbedtls_sha1, + output + 16)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_sha1_finish_ret", ret); goto exit; } exit: - mbedtls_md5_free( &mbedtls_md5 ); - mbedtls_sha1_free( &mbedtls_sha1 ); + mbedtls_md5_free(&mbedtls_md5); + mbedtls_sha1_free(&mbedtls_sha1); - if( ret != 0 ) - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR ); + if (ret != 0) { + mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR); + } - return( ret ); + return ret; } #endif /* MBEDTLS_SSL_PROTO_SSL3 || MBEDTLS_SSL_PROTO_TLS1 || \ @@ -7647,81 +7506,75 @@ exit: defined(MBEDTLS_SSL_PROTO_TLS1_2) #if defined(MBEDTLS_USE_PSA_CRYPTO) -int mbedtls_ssl_get_key_exchange_md_tls1_2( mbedtls_ssl_context *ssl, - unsigned char *hash, size_t *hashlen, - unsigned char *data, size_t data_len, - mbedtls_md_type_t md_alg ) +int mbedtls_ssl_get_key_exchange_md_tls1_2(mbedtls_ssl_context *ssl, + unsigned char *hash, size_t *hashlen, + unsigned char *data, size_t data_len, + mbedtls_md_type_t md_alg) { psa_status_t status; psa_hash_operation_t hash_operation = PSA_HASH_OPERATION_INIT; - psa_algorithm_t hash_alg = mbedtls_psa_translate_md( md_alg ); + psa_algorithm_t hash_alg = mbedtls_psa_translate_md(md_alg); - MBEDTLS_SSL_DEBUG_MSG( 3, ( "Perform PSA-based computation of digest of ServerKeyExchange" ) ); + MBEDTLS_SSL_DEBUG_MSG(3, ("Perform PSA-based computation of digest of ServerKeyExchange")); - if( ( status = psa_hash_setup( &hash_operation, - hash_alg ) ) != PSA_SUCCESS ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "psa_hash_setup", status ); + if ((status = psa_hash_setup(&hash_operation, + hash_alg)) != PSA_SUCCESS) { + MBEDTLS_SSL_DEBUG_RET(1, "psa_hash_setup", status); goto exit; } - if( ( status = psa_hash_update( &hash_operation, ssl->handshake->randbytes, - 64 ) ) != PSA_SUCCESS ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "psa_hash_update", status ); + if ((status = psa_hash_update(&hash_operation, ssl->handshake->randbytes, + 64)) != PSA_SUCCESS) { + MBEDTLS_SSL_DEBUG_RET(1, "psa_hash_update", status); goto exit; } - if( ( status = psa_hash_update( &hash_operation, - data, data_len ) ) != PSA_SUCCESS ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "psa_hash_update", status ); + if ((status = psa_hash_update(&hash_operation, + data, data_len)) != PSA_SUCCESS) { + MBEDTLS_SSL_DEBUG_RET(1, "psa_hash_update", status); goto exit; } - if( ( status = psa_hash_finish( &hash_operation, hash, PSA_HASH_MAX_SIZE, - hashlen ) ) != PSA_SUCCESS ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "psa_hash_finish", status ); - goto exit; + if ((status = psa_hash_finish(&hash_operation, hash, PSA_HASH_MAX_SIZE, + hashlen)) != PSA_SUCCESS) { + MBEDTLS_SSL_DEBUG_RET(1, "psa_hash_finish", status); + goto exit; } exit: - if( status != PSA_SUCCESS ) - { - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR ); - switch( status ) - { + if (status != PSA_SUCCESS) { + mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR); + switch (status) { case PSA_ERROR_NOT_SUPPORTED: - return( MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE ); + return MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE; case PSA_ERROR_BAD_STATE: /* Intentional fallthrough */ case PSA_ERROR_BUFFER_TOO_SMALL: - return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); + return MBEDTLS_ERR_MD_BAD_INPUT_DATA; case PSA_ERROR_INSUFFICIENT_MEMORY: - return( MBEDTLS_ERR_MD_ALLOC_FAILED ); + return MBEDTLS_ERR_MD_ALLOC_FAILED; default: - return( MBEDTLS_ERR_MD_HW_ACCEL_FAILED ); + return MBEDTLS_ERR_MD_HW_ACCEL_FAILED; } } - return( 0 ); + return 0; } #else -int mbedtls_ssl_get_key_exchange_md_tls1_2( mbedtls_ssl_context *ssl, - unsigned char *hash, size_t *hashlen, - unsigned char *data, size_t data_len, - mbedtls_md_type_t md_alg ) +int mbedtls_ssl_get_key_exchange_md_tls1_2(mbedtls_ssl_context *ssl, + unsigned char *hash, size_t *hashlen, + unsigned char *data, size_t data_len, + mbedtls_md_type_t md_alg) { int ret = 0; mbedtls_md_context_t ctx; - const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type( md_alg ); - *hashlen = mbedtls_md_get_size( md_info ); + const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type(md_alg); + *hashlen = mbedtls_md_get_size(md_info); - MBEDTLS_SSL_DEBUG_MSG( 3, ( "Perform mbedtls-based computation of digest of ServerKeyExchange" ) ); + MBEDTLS_SSL_DEBUG_MSG(3, ("Perform mbedtls-based computation of digest of ServerKeyExchange")); - mbedtls_md_init( &ctx ); + mbedtls_md_init(&ctx); /* * digitally-signed struct { @@ -7730,40 +7583,36 @@ int mbedtls_ssl_get_key_exchange_md_tls1_2( mbedtls_ssl_context *ssl, * ServerDHParams params; * }; */ - if( ( ret = mbedtls_md_setup( &ctx, md_info, 0 ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md_setup", ret ); + if ((ret = mbedtls_md_setup(&ctx, md_info, 0)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_md_setup", ret); goto exit; } - if( ( ret = mbedtls_md_starts( &ctx ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md_starts", ret ); + if ((ret = mbedtls_md_starts(&ctx)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_md_starts", ret); goto exit; } - if( ( ret = mbedtls_md_update( &ctx, ssl->handshake->randbytes, 64 ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md_update", ret ); + if ((ret = mbedtls_md_update(&ctx, ssl->handshake->randbytes, 64)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_md_update", ret); goto exit; } - if( ( ret = mbedtls_md_update( &ctx, data, data_len ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md_update", ret ); + if ((ret = mbedtls_md_update(&ctx, data, data_len)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_md_update", ret); goto exit; } - if( ( ret = mbedtls_md_finish( &ctx, hash ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md_finish", ret ); + if ((ret = mbedtls_md_finish(&ctx, hash)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_md_finish", ret); goto exit; } exit: - mbedtls_md_free( &ctx ); + mbedtls_md_free(&ctx); - if( ret != 0 ) - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR ); + if (ret != 0) { + mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR); + } - return( ret ); + return ret; } #endif /* MBEDTLS_USE_PSA_CRYPTO */ diff --git a/thirdparty/mbedtls/library/ssl_tls13_keys.c b/thirdparty/mbedtls/library/ssl_tls13_keys.c index cc68773d3a..675414885f 100644 --- a/thirdparty/mbedtls/library/ssl_tls13_keys.c +++ b/thirdparty/mbedtls/library/ssl_tls13_keys.c @@ -29,11 +29,11 @@ #include #include -#define MBEDTLS_SSL_TLS1_3_LABEL( name, string ) \ +#define MBEDTLS_SSL_TLS1_3_LABEL(name, string) \ .name = string, -#define TLS1_3_EVOLVE_INPUT_SIZE ( PSA_HASH_MAX_SIZE > PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE ) ? \ - PSA_HASH_MAX_SIZE : PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE +#define TLS1_3_EVOLVE_INPUT_SIZE (PSA_HASH_MAX_SIZE > PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE) ? \ + PSA_HASH_MAX_SIZE : PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE struct mbedtls_ssl_tls1_3_labels_struct const mbedtls_ssl_tls1_3_labels = { @@ -81,29 +81,29 @@ struct mbedtls_ssl_tls1_3_labels_struct const mbedtls_ssl_tls1_3_labels = static const char tls1_3_label_prefix[6] = "tls13 "; -#define SSL_TLS1_3_KEY_SCHEDULE_HKDF_LABEL_LEN( label_len, context_len ) \ - ( 2 /* expansion length */ \ - + 1 /* label length */ \ - + label_len \ - + 1 /* context length */ \ - + context_len ) +#define SSL_TLS1_3_KEY_SCHEDULE_HKDF_LABEL_LEN(label_len, context_len) \ + (2 /* expansion length */ \ + + 1 /* label length */ \ + + label_len \ + + 1 /* context length */ \ + + context_len) #define SSL_TLS1_3_KEY_SCHEDULE_MAX_HKDF_LABEL_LEN \ SSL_TLS1_3_KEY_SCHEDULE_HKDF_LABEL_LEN( \ - sizeof(tls1_3_label_prefix) + \ - MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_LABEL_LEN, \ - MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_CONTEXT_LEN ) + sizeof(tls1_3_label_prefix) + \ + MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_LABEL_LEN, \ + MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_CONTEXT_LEN) static void ssl_tls1_3_hkdf_encode_label( - size_t desired_length, - const unsigned char *label, size_t llen, - const unsigned char *ctx, size_t clen, - unsigned char *dst, size_t *dlen ) + size_t desired_length, + const unsigned char *label, size_t llen, + const unsigned char *ctx, size_t clen, + unsigned char *dst, size_t *dlen) { size_t total_label_len = sizeof(tls1_3_label_prefix) + llen; size_t total_hkdf_lbl_len = - SSL_TLS1_3_KEY_SCHEDULE_HKDF_LABEL_LEN( total_label_len, clen ); + SSL_TLS1_3_KEY_SCHEDULE_HKDF_LABEL_LEN(total_label_len, clen); unsigned char *p = dst; @@ -112,73 +112,72 @@ static void ssl_tls1_3_hkdf_encode_label( * TLS 1.3 HKDF key expansion to more than 255 Bytes. */ #if MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_EXPANSION_LEN > 255 #error "The implementation of ssl_tls1_3_hkdf_encode_label() is not fit for the \ - value of MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_EXPANSION_LEN" + value of MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_EXPANSION_LEN" #endif *p++ = 0; - *p++ = MBEDTLS_BYTE_0( desired_length ); + *p++ = MBEDTLS_BYTE_0(desired_length); /* Add label incl. prefix */ - *p++ = MBEDTLS_BYTE_0( total_label_len ); - memcpy( p, tls1_3_label_prefix, sizeof(tls1_3_label_prefix) ); + *p++ = MBEDTLS_BYTE_0(total_label_len); + memcpy(p, tls1_3_label_prefix, sizeof(tls1_3_label_prefix)); p += sizeof(tls1_3_label_prefix); - memcpy( p, label, llen ); + memcpy(p, label, llen); p += llen; /* Add context value */ - *p++ = MBEDTLS_BYTE_0( clen ); - if( clen != 0 ) - memcpy( p, ctx, clen ); + *p++ = MBEDTLS_BYTE_0(clen); + if (clen != 0) { + memcpy(p, ctx, clen); + } /* Return total length to the caller. */ *dlen = total_hkdf_lbl_len; } int mbedtls_ssl_tls1_3_hkdf_expand_label( - mbedtls_md_type_t hash_alg, - const unsigned char *secret, size_t slen, - const unsigned char *label, size_t llen, - const unsigned char *ctx, size_t clen, - unsigned char *buf, size_t blen ) + mbedtls_md_type_t hash_alg, + const unsigned char *secret, size_t slen, + const unsigned char *label, size_t llen, + const unsigned char *ctx, size_t clen, + unsigned char *buf, size_t blen) { const mbedtls_md_info_t *md; - unsigned char hkdf_label[ SSL_TLS1_3_KEY_SCHEDULE_MAX_HKDF_LABEL_LEN ]; + unsigned char hkdf_label[SSL_TLS1_3_KEY_SCHEDULE_MAX_HKDF_LABEL_LEN]; size_t hkdf_label_len; - if( llen > MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_LABEL_LEN ) - { + if (llen > MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_LABEL_LEN) { /* Should never happen since this is an internal * function, and we know statically which labels * are allowed. */ - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + return MBEDTLS_ERR_SSL_INTERNAL_ERROR; } - if( clen > MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_CONTEXT_LEN ) - { + if (clen > MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_CONTEXT_LEN) { /* Should not happen, as above. */ - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + return MBEDTLS_ERR_SSL_INTERNAL_ERROR; } - if( blen > MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_EXPANSION_LEN ) - { + if (blen > MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_EXPANSION_LEN) { /* Should not happen, as above. */ - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + return MBEDTLS_ERR_SSL_INTERNAL_ERROR; } - md = mbedtls_md_info_from_type( hash_alg ); - if( md == NULL ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + md = mbedtls_md_info_from_type(hash_alg); + if (md == NULL) { + return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; + } - ssl_tls1_3_hkdf_encode_label( blen, - label, llen, - ctx, clen, - hkdf_label, - &hkdf_label_len ); + ssl_tls1_3_hkdf_encode_label(blen, + label, llen, + ctx, clen, + hkdf_label, + &hkdf_label_len); - return( mbedtls_hkdf_expand( md, - secret, slen, - hkdf_label, hkdf_label_len, - buf, blen ) ); + return mbedtls_hkdf_expand(md, + secret, slen, + hkdf_label, hkdf_label_len, + buf, blen); } /* @@ -198,156 +197,157 @@ int mbedtls_ssl_tls1_3_hkdf_expand_label( * keys in a single function call. */ int mbedtls_ssl_tls1_3_make_traffic_keys( - mbedtls_md_type_t hash_alg, - const unsigned char *client_secret, - const unsigned char *server_secret, - size_t slen, size_t key_len, size_t iv_len, - mbedtls_ssl_key_set *keys ) + mbedtls_md_type_t hash_alg, + const unsigned char *client_secret, + const unsigned char *server_secret, + size_t slen, size_t key_len, size_t iv_len, + mbedtls_ssl_key_set *keys) { int ret = 0; - ret = mbedtls_ssl_tls1_3_hkdf_expand_label( hash_alg, - client_secret, slen, - MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN( key ), - NULL, 0, - keys->client_write_key, key_len ); - if( ret != 0 ) - return( ret ); - - ret = mbedtls_ssl_tls1_3_hkdf_expand_label( hash_alg, - server_secret, slen, - MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN( key ), - NULL, 0, - keys->server_write_key, key_len ); - if( ret != 0 ) - return( ret ); - - ret = mbedtls_ssl_tls1_3_hkdf_expand_label( hash_alg, - client_secret, slen, - MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN( iv ), - NULL, 0, - keys->client_write_iv, iv_len ); - if( ret != 0 ) - return( ret ); - - ret = mbedtls_ssl_tls1_3_hkdf_expand_label( hash_alg, - server_secret, slen, - MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN( iv ), - NULL, 0, - keys->server_write_iv, iv_len ); - if( ret != 0 ) - return( ret ); + ret = mbedtls_ssl_tls1_3_hkdf_expand_label(hash_alg, + client_secret, slen, + MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN(key), + NULL, 0, + keys->client_write_key, key_len); + if (ret != 0) { + return ret; + } + + ret = mbedtls_ssl_tls1_3_hkdf_expand_label(hash_alg, + server_secret, slen, + MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN(key), + NULL, 0, + keys->server_write_key, key_len); + if (ret != 0) { + return ret; + } + + ret = mbedtls_ssl_tls1_3_hkdf_expand_label(hash_alg, + client_secret, slen, + MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN(iv), + NULL, 0, + keys->client_write_iv, iv_len); + if (ret != 0) { + return ret; + } + + ret = mbedtls_ssl_tls1_3_hkdf_expand_label(hash_alg, + server_secret, slen, + MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN(iv), + NULL, 0, + keys->server_write_iv, iv_len); + if (ret != 0) { + return ret; + } keys->key_len = key_len; keys->iv_len = iv_len; - return( 0 ); + return 0; } int mbedtls_ssl_tls1_3_derive_secret( - mbedtls_md_type_t hash_alg, - const unsigned char *secret, size_t slen, - const unsigned char *label, size_t llen, - const unsigned char *ctx, size_t clen, - int ctx_hashed, - unsigned char *dstbuf, size_t buflen ) + mbedtls_md_type_t hash_alg, + const unsigned char *secret, size_t slen, + const unsigned char *label, size_t llen, + const unsigned char *ctx, size_t clen, + int ctx_hashed, + unsigned char *dstbuf, size_t buflen) { int ret; - unsigned char hashed_context[ MBEDTLS_MD_MAX_SIZE ]; + unsigned char hashed_context[MBEDTLS_MD_MAX_SIZE]; const mbedtls_md_info_t *md; - md = mbedtls_md_info_from_type( hash_alg ); - if( md == NULL ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); - - if( ctx_hashed == MBEDTLS_SSL_TLS1_3_CONTEXT_UNHASHED ) - { - ret = mbedtls_md( md, ctx, clen, hashed_context ); - if( ret != 0 ) - return( ret ); - clen = mbedtls_md_get_size( md ); + md = mbedtls_md_info_from_type(hash_alg); + if (md == NULL) { + return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; } - else - { - if( clen > sizeof(hashed_context) ) - { + + if (ctx_hashed == MBEDTLS_SSL_TLS1_3_CONTEXT_UNHASHED) { + ret = mbedtls_md(md, ctx, clen, hashed_context); + if (ret != 0) { + return ret; + } + clen = mbedtls_md_get_size(md); + } else { + if (clen > sizeof(hashed_context)) { /* This should never happen since this function is internal * and the code sets `ctx_hashed` correctly. * Let's double-check nonetheless to not run at the risk * of getting a stack overflow. */ - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + return MBEDTLS_ERR_SSL_INTERNAL_ERROR; } - memcpy( hashed_context, ctx, clen ); + memcpy(hashed_context, ctx, clen); } - return( mbedtls_ssl_tls1_3_hkdf_expand_label( hash_alg, - secret, slen, - label, llen, - hashed_context, clen, - dstbuf, buflen ) ); + return mbedtls_ssl_tls1_3_hkdf_expand_label(hash_alg, + secret, slen, + label, llen, + hashed_context, clen, + dstbuf, buflen); } int mbedtls_ssl_tls1_3_evolve_secret( - mbedtls_md_type_t hash_alg, - const unsigned char *secret_old, - const unsigned char *input, size_t input_len, - unsigned char *secret_new ) + mbedtls_md_type_t hash_alg, + const unsigned char *secret_old, + const unsigned char *input, size_t input_len, + unsigned char *secret_new) { int ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR; size_t hlen, ilen; - unsigned char tmp_secret[ PSA_MAC_MAX_SIZE ] = { 0 }; - unsigned char tmp_input [ TLS1_3_EVOLVE_INPUT_SIZE ] = { 0 }; + unsigned char tmp_secret[PSA_MAC_MAX_SIZE] = { 0 }; + unsigned char tmp_input[TLS1_3_EVOLVE_INPUT_SIZE] = { 0 }; const mbedtls_md_info_t *md; - md = mbedtls_md_info_from_type( hash_alg ); - if( md == NULL ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + md = mbedtls_md_info_from_type(hash_alg); + if (md == NULL) { + return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; + } - hlen = mbedtls_md_get_size( md ); + hlen = mbedtls_md_get_size(md); /* For non-initial runs, call Derive-Secret( ., "derived", "") * on the old secret. */ - if( secret_old != NULL ) - { + if (secret_old != NULL) { ret = mbedtls_ssl_tls1_3_derive_secret( - hash_alg, - secret_old, hlen, - MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN( derived ), - NULL, 0, /* context */ - MBEDTLS_SSL_TLS1_3_CONTEXT_UNHASHED, - tmp_secret, hlen ); - if( ret != 0 ) + hash_alg, + secret_old, hlen, + MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN(derived), + NULL, 0, /* context */ + MBEDTLS_SSL_TLS1_3_CONTEXT_UNHASHED, + tmp_secret, hlen); + if (ret != 0) { goto cleanup; + } } - if( input != NULL ) - { - memcpy( tmp_input, input, input_len ); + if (input != NULL) { + memcpy(tmp_input, input, input_len); ilen = input_len; - } - else - { + } else { ilen = hlen; } /* HKDF-Extract takes a salt and input key material. * The salt is the old secret, and the input key material * is the input secret (PSK / ECDHE). */ - ret = mbedtls_hkdf_extract( md, - tmp_secret, hlen, - tmp_input, ilen, - secret_new ); - if( ret != 0 ) + ret = mbedtls_hkdf_extract(md, + tmp_secret, hlen, + tmp_input, ilen, + secret_new); + if (ret != 0) { goto cleanup; + } ret = 0; - cleanup: +cleanup: - mbedtls_platform_zeroize( tmp_secret, sizeof(tmp_secret) ); - mbedtls_platform_zeroize( tmp_input, sizeof(tmp_input) ); - return( ret ); + mbedtls_platform_zeroize(tmp_secret, sizeof(tmp_secret)); + mbedtls_platform_zeroize(tmp_input, sizeof(tmp_input)); + return ret; } #endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ diff --git a/thirdparty/mbedtls/library/ssl_tls13_keys.h b/thirdparty/mbedtls/library/ssl_tls13_keys.h index 7089049ce2..4c3b252fa2 100644 --- a/thirdparty/mbedtls/library/ssl_tls13_keys.h +++ b/thirdparty/mbedtls/library/ssl_tls13_keys.h @@ -23,46 +23,44 @@ * the point of use. See e.g. the definition of mbedtls_ssl_tls1_3_labels_union * below. */ #define MBEDTLS_SSL_TLS1_3_LABEL_LIST \ - MBEDTLS_SSL_TLS1_3_LABEL( finished , "finished" ) \ - MBEDTLS_SSL_TLS1_3_LABEL( resumption , "resumption" ) \ - MBEDTLS_SSL_TLS1_3_LABEL( traffic_upd , "traffic upd" ) \ - MBEDTLS_SSL_TLS1_3_LABEL( exporter , "exporter" ) \ - MBEDTLS_SSL_TLS1_3_LABEL( key , "key" ) \ - MBEDTLS_SSL_TLS1_3_LABEL( iv , "iv" ) \ - MBEDTLS_SSL_TLS1_3_LABEL( c_hs_traffic, "c hs traffic" ) \ - MBEDTLS_SSL_TLS1_3_LABEL( c_ap_traffic, "c ap traffic" ) \ - MBEDTLS_SSL_TLS1_3_LABEL( c_e_traffic , "c e traffic" ) \ - MBEDTLS_SSL_TLS1_3_LABEL( s_hs_traffic, "s hs traffic" ) \ - MBEDTLS_SSL_TLS1_3_LABEL( s_ap_traffic, "s ap traffic" ) \ - MBEDTLS_SSL_TLS1_3_LABEL( s_e_traffic , "s e traffic" ) \ - MBEDTLS_SSL_TLS1_3_LABEL( e_exp_master, "e exp master" ) \ - MBEDTLS_SSL_TLS1_3_LABEL( res_master , "res master" ) \ - MBEDTLS_SSL_TLS1_3_LABEL( exp_master , "exp master" ) \ - MBEDTLS_SSL_TLS1_3_LABEL( ext_binder , "ext binder" ) \ - MBEDTLS_SSL_TLS1_3_LABEL( res_binder , "res binder" ) \ - MBEDTLS_SSL_TLS1_3_LABEL( derived , "derived" ) + MBEDTLS_SSL_TLS1_3_LABEL(finished, "finished") \ + MBEDTLS_SSL_TLS1_3_LABEL(resumption, "resumption") \ + MBEDTLS_SSL_TLS1_3_LABEL(traffic_upd, "traffic upd") \ + MBEDTLS_SSL_TLS1_3_LABEL(exporter, "exporter") \ + MBEDTLS_SSL_TLS1_3_LABEL(key, "key") \ + MBEDTLS_SSL_TLS1_3_LABEL(iv, "iv") \ + MBEDTLS_SSL_TLS1_3_LABEL(c_hs_traffic, "c hs traffic") \ + MBEDTLS_SSL_TLS1_3_LABEL(c_ap_traffic, "c ap traffic") \ + MBEDTLS_SSL_TLS1_3_LABEL(c_e_traffic, "c e traffic") \ + MBEDTLS_SSL_TLS1_3_LABEL(s_hs_traffic, "s hs traffic") \ + MBEDTLS_SSL_TLS1_3_LABEL(s_ap_traffic, "s ap traffic") \ + MBEDTLS_SSL_TLS1_3_LABEL(s_e_traffic, "s e traffic") \ + MBEDTLS_SSL_TLS1_3_LABEL(e_exp_master, "e exp master") \ + MBEDTLS_SSL_TLS1_3_LABEL(res_master, "res master") \ + MBEDTLS_SSL_TLS1_3_LABEL(exp_master, "exp master") \ + MBEDTLS_SSL_TLS1_3_LABEL(ext_binder, "ext binder") \ + MBEDTLS_SSL_TLS1_3_LABEL(res_binder, "res binder") \ + MBEDTLS_SSL_TLS1_3_LABEL(derived, "derived") -#define MBEDTLS_SSL_TLS1_3_LABEL( name, string ) \ - const unsigned char name [ sizeof(string) - 1 ]; +#define MBEDTLS_SSL_TLS1_3_LABEL(name, string) \ + const unsigned char name [sizeof(string) - 1]; -union mbedtls_ssl_tls1_3_labels_union -{ +union mbedtls_ssl_tls1_3_labels_union { MBEDTLS_SSL_TLS1_3_LABEL_LIST }; -struct mbedtls_ssl_tls1_3_labels_struct -{ +struct mbedtls_ssl_tls1_3_labels_struct { MBEDTLS_SSL_TLS1_3_LABEL_LIST }; #undef MBEDTLS_SSL_TLS1_3_LABEL extern const struct mbedtls_ssl_tls1_3_labels_struct mbedtls_ssl_tls1_3_labels; -#define MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN( LABEL ) \ +#define MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN(LABEL) \ mbedtls_ssl_tls1_3_labels.LABEL, \ sizeof(mbedtls_ssl_tls1_3_labels.LABEL) #define MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_LABEL_LEN \ - sizeof( union mbedtls_ssl_tls1_3_labels_union ) + sizeof(union mbedtls_ssl_tls1_3_labels_union) /* The maximum length of HKDF contexts used in the TLS 1.3 standard. * Since contexts are always hashes of message transcripts, this can @@ -107,11 +105,11 @@ extern const struct mbedtls_ssl_tls1_3_labels_struct mbedtls_ssl_tls1_3_labels; */ int mbedtls_ssl_tls1_3_hkdf_expand_label( - mbedtls_md_type_t hash_alg, - const unsigned char *secret, size_t slen, - const unsigned char *label, size_t llen, - const unsigned char *ctx, size_t clen, - unsigned char *buf, size_t blen ); + mbedtls_md_type_t hash_alg, + const unsigned char *secret, size_t slen, + const unsigned char *label, size_t llen, + const unsigned char *ctx, size_t clen, + unsigned char *buf, size_t blen); /** * \brief This function is part of the TLS 1.3 key schedule. @@ -143,11 +141,11 @@ int mbedtls_ssl_tls1_3_hkdf_expand_label( */ int mbedtls_ssl_tls1_3_make_traffic_keys( - mbedtls_md_type_t hash_alg, - const unsigned char *client_secret, - const unsigned char *server_secret, - size_t slen, size_t key_len, size_t iv_len, - mbedtls_ssl_key_set *keys ); + mbedtls_md_type_t hash_alg, + const unsigned char *client_secret, + const unsigned char *server_secret, + size_t slen, size_t key_len, size_t iv_len, + mbedtls_ssl_key_set *keys); #define MBEDTLS_SSL_TLS1_3_CONTEXT_UNHASHED 0 @@ -191,12 +189,12 @@ int mbedtls_ssl_tls1_3_make_traffic_keys( * \returns A negative error code on failure. */ int mbedtls_ssl_tls1_3_derive_secret( - mbedtls_md_type_t hash_alg, - const unsigned char *secret, size_t slen, - const unsigned char *label, size_t llen, - const unsigned char *ctx, size_t clen, - int ctx_hashed, - unsigned char *dstbuf, size_t buflen ); + mbedtls_md_type_t hash_alg, + const unsigned char *secret, size_t slen, + const unsigned char *label, size_t llen, + const unsigned char *ctx, size_t clen, + int ctx_hashed, + unsigned char *dstbuf, size_t buflen); /** * \brief Compute the next secret in the TLS 1.3 key schedule @@ -266,9 +264,9 @@ int mbedtls_ssl_tls1_3_derive_secret( */ int mbedtls_ssl_tls1_3_evolve_secret( - mbedtls_md_type_t hash_alg, - const unsigned char *secret_old, - const unsigned char *input, size_t input_len, - unsigned char *secret_new ); + mbedtls_md_type_t hash_alg, + const unsigned char *secret_old, + const unsigned char *input, size_t input_len, + unsigned char *secret_new); #endif /* MBEDTLS_SSL_TLS1_3_KEYS_H */ diff --git a/thirdparty/mbedtls/library/threading.c b/thirdparty/mbedtls/library/threading.c index 5e0aaa4f21..0542f33f1a 100644 --- a/thirdparty/mbedtls/library/threading.c +++ b/thirdparty/mbedtls/library/threading.c @@ -40,9 +40,9 @@ #endif /* !_WIN32 && (unix || __unix || __unix__ || * (__APPLE__ && __MACH__)) */ -#if !( ( defined(_POSIX_VERSION) && _POSIX_VERSION >= 200809L ) || \ - ( defined(_POSIX_THREAD_SAFE_FUNCTIONS ) && \ - _POSIX_THREAD_SAFE_FUNCTIONS >= 200112L ) ) +#if !((defined(_POSIX_VERSION) && _POSIX_VERSION >= 200809L) || \ + (defined(_POSIX_THREAD_SAFE_FUNCTIONS) && \ + _POSIX_THREAD_SAFE_FUNCTIONS >= 200112L)) /* * This is a convenience shorthand macro to avoid checking the long * preprocessor conditions above. Ideally, we could expose this macro in @@ -51,21 +51,22 @@ * we keep it private by only defining it in this file */ -#if ! ( defined(_WIN32) && !defined(EFIX64) && !defined(EFI32) ) +#if !(defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)) #define THREADING_USE_GMTIME #endif /* ! ( defined(_WIN32) && !defined(EFIX64) && !defined(EFI32) ) */ -#endif /* !( ( defined(_POSIX_VERSION) && _POSIX_VERSION >= 200809L ) || \ - ( defined(_POSIX_THREAD_SAFE_FUNCTIONS ) && \ +#endif /* !( ( defined(_POSIX_VERSION) && _POSIX_VERSION >= 200809L ) || \ + ( defined(_POSIX_THREAD_SAFE_FUNCTIONS ) && \ _POSIX_THREAD_SAFE_FUNCTIONS >= 200112L ) ) */ #endif /* MBEDTLS_HAVE_TIME_DATE && !MBEDTLS_PLATFORM_GMTIME_R_ALT */ #if defined(MBEDTLS_THREADING_PTHREAD) -static void threading_mutex_init_pthread( mbedtls_threading_mutex_t *mutex ) +static void threading_mutex_init_pthread(mbedtls_threading_mutex_t *mutex) { - if( mutex == NULL ) + if (mutex == NULL) { return; + } /* A nonzero value of is_valid indicates a successfully initialized * mutex. This is a workaround for not being able to return an error @@ -73,44 +74,49 @@ static void threading_mutex_init_pthread( mbedtls_threading_mutex_t *mutex ) * if is_valid is nonzero. The Mbed TLS unit test code uses this field * to distinguish more states of the mutex; see * tests/src/threading_helpers for details. */ - mutex->is_valid = pthread_mutex_init( &mutex->mutex, NULL ) == 0; + mutex->is_valid = pthread_mutex_init(&mutex->mutex, NULL) == 0; } -static void threading_mutex_free_pthread( mbedtls_threading_mutex_t *mutex ) +static void threading_mutex_free_pthread(mbedtls_threading_mutex_t *mutex) { - if( mutex == NULL || !mutex->is_valid ) + if (mutex == NULL || !mutex->is_valid) { return; + } - (void) pthread_mutex_destroy( &mutex->mutex ); + (void) pthread_mutex_destroy(&mutex->mutex); mutex->is_valid = 0; } -static int threading_mutex_lock_pthread( mbedtls_threading_mutex_t *mutex ) +static int threading_mutex_lock_pthread(mbedtls_threading_mutex_t *mutex) { - if( mutex == NULL || ! mutex->is_valid ) - return( MBEDTLS_ERR_THREADING_BAD_INPUT_DATA ); + if (mutex == NULL || !mutex->is_valid) { + return MBEDTLS_ERR_THREADING_BAD_INPUT_DATA; + } - if( pthread_mutex_lock( &mutex->mutex ) != 0 ) - return( MBEDTLS_ERR_THREADING_MUTEX_ERROR ); + if (pthread_mutex_lock(&mutex->mutex) != 0) { + return MBEDTLS_ERR_THREADING_MUTEX_ERROR; + } - return( 0 ); + return 0; } -static int threading_mutex_unlock_pthread( mbedtls_threading_mutex_t *mutex ) +static int threading_mutex_unlock_pthread(mbedtls_threading_mutex_t *mutex) { - if( mutex == NULL || ! mutex->is_valid ) - return( MBEDTLS_ERR_THREADING_BAD_INPUT_DATA ); + if (mutex == NULL || !mutex->is_valid) { + return MBEDTLS_ERR_THREADING_BAD_INPUT_DATA; + } - if( pthread_mutex_unlock( &mutex->mutex ) != 0 ) - return( MBEDTLS_ERR_THREADING_MUTEX_ERROR ); + if (pthread_mutex_unlock(&mutex->mutex) != 0) { + return MBEDTLS_ERR_THREADING_MUTEX_ERROR; + } - return( 0 ); + return 0; } -void (*mbedtls_mutex_init)( mbedtls_threading_mutex_t * ) = threading_mutex_init_pthread; -void (*mbedtls_mutex_free)( mbedtls_threading_mutex_t * ) = threading_mutex_free_pthread; -int (*mbedtls_mutex_lock)( mbedtls_threading_mutex_t * ) = threading_mutex_lock_pthread; -int (*mbedtls_mutex_unlock)( mbedtls_threading_mutex_t * ) = threading_mutex_unlock_pthread; +void (*mbedtls_mutex_init)(mbedtls_threading_mutex_t *) = threading_mutex_init_pthread; +void (*mbedtls_mutex_free)(mbedtls_threading_mutex_t *) = threading_mutex_free_pthread; +int (*mbedtls_mutex_lock)(mbedtls_threading_mutex_t *) = threading_mutex_lock_pthread; +int (*mbedtls_mutex_unlock)(mbedtls_threading_mutex_t *) = threading_mutex_unlock_pthread; /* * With pthreads we can statically initialize mutexes @@ -120,29 +126,29 @@ int (*mbedtls_mutex_unlock)( mbedtls_threading_mutex_t * ) = threading_mutex_unl #endif /* MBEDTLS_THREADING_PTHREAD */ #if defined(MBEDTLS_THREADING_ALT) -static int threading_mutex_fail( mbedtls_threading_mutex_t *mutex ) +static int threading_mutex_fail(mbedtls_threading_mutex_t *mutex) { - ((void) mutex ); - return( MBEDTLS_ERR_THREADING_BAD_INPUT_DATA ); + ((void) mutex); + return MBEDTLS_ERR_THREADING_BAD_INPUT_DATA; } -static void threading_mutex_dummy( mbedtls_threading_mutex_t *mutex ) +static void threading_mutex_dummy(mbedtls_threading_mutex_t *mutex) { - ((void) mutex ); + ((void) mutex); return; } -void (*mbedtls_mutex_init)( mbedtls_threading_mutex_t * ) = threading_mutex_dummy; -void (*mbedtls_mutex_free)( mbedtls_threading_mutex_t * ) = threading_mutex_dummy; -int (*mbedtls_mutex_lock)( mbedtls_threading_mutex_t * ) = threading_mutex_fail; -int (*mbedtls_mutex_unlock)( mbedtls_threading_mutex_t * ) = threading_mutex_fail; +void (*mbedtls_mutex_init)(mbedtls_threading_mutex_t *) = threading_mutex_dummy; +void (*mbedtls_mutex_free)(mbedtls_threading_mutex_t *) = threading_mutex_dummy; +int (*mbedtls_mutex_lock)(mbedtls_threading_mutex_t *) = threading_mutex_fail; +int (*mbedtls_mutex_unlock)(mbedtls_threading_mutex_t *) = threading_mutex_fail; /* * Set functions pointers and initialize global mutexes */ -void mbedtls_threading_set_alt( void (*mutex_init)( mbedtls_threading_mutex_t * ), - void (*mutex_free)( mbedtls_threading_mutex_t * ), - int (*mutex_lock)( mbedtls_threading_mutex_t * ), - int (*mutex_unlock)( mbedtls_threading_mutex_t * ) ) +void mbedtls_threading_set_alt(void (*mutex_init)(mbedtls_threading_mutex_t *), + void (*mutex_free)(mbedtls_threading_mutex_t *), + int (*mutex_lock)(mbedtls_threading_mutex_t *), + int (*mutex_unlock)(mbedtls_threading_mutex_t *)) { mbedtls_mutex_init = mutex_init; mbedtls_mutex_free = mutex_free; @@ -150,23 +156,23 @@ void mbedtls_threading_set_alt( void (*mutex_init)( mbedtls_threading_mutex_t * mbedtls_mutex_unlock = mutex_unlock; #if defined(MBEDTLS_FS_IO) - mbedtls_mutex_init( &mbedtls_threading_readdir_mutex ); + mbedtls_mutex_init(&mbedtls_threading_readdir_mutex); #endif #if defined(THREADING_USE_GMTIME) - mbedtls_mutex_init( &mbedtls_threading_gmtime_mutex ); + mbedtls_mutex_init(&mbedtls_threading_gmtime_mutex); #endif } /* * Free global mutexes */ -void mbedtls_threading_free_alt( void ) +void mbedtls_threading_free_alt(void) { #if defined(MBEDTLS_FS_IO) - mbedtls_mutex_free( &mbedtls_threading_readdir_mutex ); + mbedtls_mutex_free(&mbedtls_threading_readdir_mutex); #endif #if defined(THREADING_USE_GMTIME) - mbedtls_mutex_free( &mbedtls_threading_gmtime_mutex ); + mbedtls_mutex_free(&mbedtls_threading_gmtime_mutex); #endif } #endif /* MBEDTLS_THREADING_ALT */ diff --git a/thirdparty/mbedtls/library/timing.c b/thirdparty/mbedtls/library/timing.c index 151292e325..eeb1d503a8 100644 --- a/thirdparty/mbedtls/library/timing.c +++ b/thirdparty/mbedtls/library/timing.c @@ -33,17 +33,18 @@ #error "This module only works on Unix and Windows, see MBEDTLS_TIMING_C in config.h" #endif +/* *INDENT-OFF* */ #ifndef asm #define asm __asm #endif +/* *INDENT-ON* */ #if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32) #include #include -struct _hr_time -{ +struct _hr_time { LARGE_INTEGER start; }; @@ -56,75 +57,72 @@ struct _hr_time * platform matches the ifdefs above, it will be used. */ #include #include -struct _hr_time -{ +struct _hr_time { struct timeval start; }; #endif /* _WIN32 && !EFIX64 && !EFI32 */ #if !defined(HAVE_HARDCLOCK) && defined(MBEDTLS_HAVE_ASM) && \ - ( defined(_MSC_VER) && defined(_M_IX86) ) || defined(__WATCOMC__) + (defined(_MSC_VER) && defined(_M_IX86)) || defined(__WATCOMC__) #define HAVE_HARDCLOCK -unsigned long mbedtls_timing_hardclock( void ) +unsigned long mbedtls_timing_hardclock(void) { unsigned long tsc; __asm rdtsc - __asm mov [tsc], eax - return( tsc ); + __asm mov[tsc], eax + return tsc; } #endif /* !HAVE_HARDCLOCK && MBEDTLS_HAVE_ASM && ( _MSC_VER && _M_IX86 ) || __WATCOMC__ */ /* some versions of mingw-64 have 32-bit longs even on x84_64 */ #if !defined(HAVE_HARDCLOCK) && defined(MBEDTLS_HAVE_ASM) && \ - defined(__GNUC__) && ( defined(__i386__) || ( \ - ( defined(__amd64__) || defined( __x86_64__) ) && __SIZEOF_LONG__ == 4 ) ) + defined(__GNUC__) && (defined(__i386__) || ( \ + (defined(__amd64__) || defined(__x86_64__)) && __SIZEOF_LONG__ == 4)) #define HAVE_HARDCLOCK -unsigned long mbedtls_timing_hardclock( void ) +unsigned long mbedtls_timing_hardclock(void) { unsigned long lo, hi; - asm volatile( "rdtsc" : "=a" (lo), "=d" (hi) ); - return( lo ); + asm volatile ("rdtsc" : "=a" (lo), "=d" (hi)); + return lo; } #endif /* !HAVE_HARDCLOCK && MBEDTLS_HAVE_ASM && __GNUC__ && __i386__ */ #if !defined(HAVE_HARDCLOCK) && defined(MBEDTLS_HAVE_ASM) && \ - defined(__GNUC__) && ( defined(__amd64__) || defined(__x86_64__) ) + defined(__GNUC__) && (defined(__amd64__) || defined(__x86_64__)) #define HAVE_HARDCLOCK -unsigned long mbedtls_timing_hardclock( void ) +unsigned long mbedtls_timing_hardclock(void) { unsigned long lo, hi; - asm volatile( "rdtsc" : "=a" (lo), "=d" (hi) ); - return( lo | ( hi << 32 ) ); + asm volatile ("rdtsc" : "=a" (lo), "=d" (hi)); + return lo | (hi << 32); } #endif /* !HAVE_HARDCLOCK && MBEDTLS_HAVE_ASM && __GNUC__ && ( __amd64__ || __x86_64__ ) */ #if !defined(HAVE_HARDCLOCK) && defined(MBEDTLS_HAVE_ASM) && \ - defined(__GNUC__) && ( defined(__powerpc__) || defined(__ppc__) ) + defined(__GNUC__) && (defined(__powerpc__) || defined(__ppc__)) #define HAVE_HARDCLOCK -unsigned long mbedtls_timing_hardclock( void ) +unsigned long mbedtls_timing_hardclock(void) { unsigned long tbl, tbu0, tbu1; - do - { - asm volatile( "mftbu %0" : "=r" (tbu0) ); - asm volatile( "mftb %0" : "=r" (tbl ) ); - asm volatile( "mftbu %0" : "=r" (tbu1) ); - } - while( tbu0 != tbu1 ); + do { + asm volatile ("mftbu %0" : "=r" (tbu0)); + asm volatile ("mftb %0" : "=r" (tbl)); + asm volatile ("mftbu %0" : "=r" (tbu1)); + } while (tbu0 != tbu1); - return( tbl ); + return tbl; } #endif /* !HAVE_HARDCLOCK && MBEDTLS_HAVE_ASM && __GNUC__ && ( __powerpc__ || __ppc__ ) */ @@ -137,11 +135,11 @@ unsigned long mbedtls_timing_hardclock( void ) #else #define HAVE_HARDCLOCK -unsigned long mbedtls_timing_hardclock( void ) +unsigned long mbedtls_timing_hardclock(void) { unsigned long tick; - asm volatile( "rdpr %%tick, %0;" : "=&r" (tick) ); - return( tick ); + asm volatile ("rdpr %%tick, %0;" : "=&r" (tick)); + return tick; } #endif /* __OpenBSD__ */ #endif /* !HAVE_HARDCLOCK && MBEDTLS_HAVE_ASM && @@ -152,12 +150,12 @@ unsigned long mbedtls_timing_hardclock( void ) #define HAVE_HARDCLOCK -unsigned long mbedtls_timing_hardclock( void ) +unsigned long mbedtls_timing_hardclock(void) { unsigned long tick; - asm volatile( ".byte 0x83, 0x41, 0x00, 0x00" ); - asm volatile( "mov %%g1, %0" : "=r" (tick) ); - return( tick ); + asm volatile (".byte 0x83, 0x41, 0x00, 0x00"); + asm volatile ("mov %%g1, %0" : "=r" (tick)); + return tick; } #endif /* !HAVE_HARDCLOCK && MBEDTLS_HAVE_ASM && __GNUC__ && __sparc__ && !__sparc64__ */ @@ -167,11 +165,11 @@ unsigned long mbedtls_timing_hardclock( void ) #define HAVE_HARDCLOCK -unsigned long mbedtls_timing_hardclock( void ) +unsigned long mbedtls_timing_hardclock(void) { unsigned long cc; - asm volatile( "rpcc %0" : "=r" (cc) ); - return( cc & 0xFFFFFFFF ); + asm volatile ("rpcc %0" : "=r" (cc)); + return cc & 0xFFFFFFFF; } #endif /* !HAVE_HARDCLOCK && MBEDTLS_HAVE_ASM && __GNUC__ && __alpha__ */ @@ -181,11 +179,11 @@ unsigned long mbedtls_timing_hardclock( void ) #define HAVE_HARDCLOCK -unsigned long mbedtls_timing_hardclock( void ) +unsigned long mbedtls_timing_hardclock(void) { unsigned long itc; - asm volatile( "mov %0 = ar.itc" : "=r" (itc) ); - return( itc ); + asm volatile ("mov %0 = ar.itc" : "=r" (itc)); + return itc; } #endif /* !HAVE_HARDCLOCK && MBEDTLS_HAVE_ASM && __GNUC__ && __ia64__ */ @@ -197,13 +195,13 @@ unsigned long mbedtls_timing_hardclock( void ) #define HAVE_HARDCLOCK -unsigned long mbedtls_timing_hardclock( void ) +unsigned long mbedtls_timing_hardclock(void) { LARGE_INTEGER offset; - QueryPerformanceCounter( &offset ); + QueryPerformanceCounter(&offset); - return( (unsigned long)( offset.QuadPart ) ); + return (unsigned long) (offset.QuadPart); } #endif /* !HAVE_HARDCLOCK && _MSC_VER && !EFIX64 && !EFI32 */ @@ -214,19 +212,18 @@ unsigned long mbedtls_timing_hardclock( void ) static int hardclock_init = 0; static struct timeval tv_init; -unsigned long mbedtls_timing_hardclock( void ) +unsigned long mbedtls_timing_hardclock(void) { struct timeval tv_cur; - if( hardclock_init == 0 ) - { - gettimeofday( &tv_init, NULL ); + if (hardclock_init == 0) { + gettimeofday(&tv_init, NULL); hardclock_init = 1; } - gettimeofday( &tv_cur, NULL ); - return( ( tv_cur.tv_sec - tv_init.tv_sec ) * 1000000 - + ( tv_cur.tv_usec - tv_init.tv_usec ) ); + gettimeofday(&tv_cur, NULL); + return (tv_cur.tv_sec - tv_init.tv_sec) * 1000000U + + (tv_cur.tv_usec - tv_init.tv_usec); } #endif /* !HAVE_HARDCLOCK */ @@ -234,43 +231,39 @@ volatile int mbedtls_timing_alarmed = 0; #if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32) -unsigned long mbedtls_timing_get_timer( struct mbedtls_timing_hr_time *val, int reset ) +unsigned long mbedtls_timing_get_timer(struct mbedtls_timing_hr_time *val, int reset) { struct _hr_time *t = (struct _hr_time *) val; - if( reset ) - { - QueryPerformanceCounter( &t->start ); - return( 0 ); - } - else - { + if (reset) { + QueryPerformanceCounter(&t->start); + return 0; + } else { unsigned long delta; LARGE_INTEGER now, hfreq; - QueryPerformanceCounter( &now ); - QueryPerformanceFrequency( &hfreq ); - delta = (unsigned long)( ( now.QuadPart - t->start.QuadPart ) * 1000ul - / hfreq.QuadPart ); - return( delta ); + QueryPerformanceCounter(&now); + QueryPerformanceFrequency(&hfreq); + delta = (unsigned long) ((now.QuadPart - t->start.QuadPart) * 1000ul + / hfreq.QuadPart); + return delta; } } /* It's OK to use a global because alarm() is supposed to be global anyway */ static DWORD alarmMs; -static void TimerProc( void *TimerContext ) +static void TimerProc(void *TimerContext) { (void) TimerContext; - Sleep( alarmMs ); + Sleep(alarmMs); mbedtls_timing_alarmed = 1; /* _endthread will be called implicitly on return * That ensures execution of thread function's epilogue */ } -void mbedtls_set_alarm( int seconds ) +void mbedtls_set_alarm(int seconds) { - if( seconds == 0 ) - { + if (seconds == 0) { /* No need to create a thread for this simple case. * Also, this shorcut is more reliable at least on MinGW32 */ mbedtls_timing_alarmed = 1; @@ -279,44 +272,40 @@ void mbedtls_set_alarm( int seconds ) mbedtls_timing_alarmed = 0; alarmMs = seconds * 1000; - (void) _beginthread( TimerProc, 0, NULL ); + (void) _beginthread(TimerProc, 0, NULL); } #else /* _WIN32 && !EFIX64 && !EFI32 */ -unsigned long mbedtls_timing_get_timer( struct mbedtls_timing_hr_time *val, int reset ) +unsigned long mbedtls_timing_get_timer(struct mbedtls_timing_hr_time *val, int reset) { struct _hr_time *t = (struct _hr_time *) val; - if( reset ) - { - gettimeofday( &t->start, NULL ); - return( 0 ); - } - else - { + if (reset) { + gettimeofday(&t->start, NULL); + return 0; + } else { unsigned long delta; struct timeval now; - gettimeofday( &now, NULL ); - delta = ( now.tv_sec - t->start.tv_sec ) * 1000ul - + ( now.tv_usec - t->start.tv_usec ) / 1000; - return( delta ); + gettimeofday(&now, NULL); + delta = (now.tv_sec - t->start.tv_sec) * 1000ul + + (now.tv_usec - t->start.tv_usec) / 1000; + return delta; } } -static void sighandler( int signum ) +static void sighandler(int signum) { mbedtls_timing_alarmed = 1; - signal( signum, sighandler ); + signal(signum, sighandler); } -void mbedtls_set_alarm( int seconds ) +void mbedtls_set_alarm(int seconds) { mbedtls_timing_alarmed = 0; - signal( SIGALRM, sighandler ); - alarm( seconds ); - if( seconds == 0 ) - { + signal(SIGALRM, sighandler); + alarm(seconds); + if (seconds == 0) { /* alarm(0) cancelled any previous pending alarm, but the handler won't fire, so raise the flag straight away. */ mbedtls_timing_alarmed = 1; @@ -328,56 +317,61 @@ void mbedtls_set_alarm( int seconds ) /* * Set delays to watch */ -void mbedtls_timing_set_delay( void *data, uint32_t int_ms, uint32_t fin_ms ) +void mbedtls_timing_set_delay(void *data, uint32_t int_ms, uint32_t fin_ms) { mbedtls_timing_delay_context *ctx = (mbedtls_timing_delay_context *) data; ctx->int_ms = int_ms; ctx->fin_ms = fin_ms; - if( fin_ms != 0 ) - (void) mbedtls_timing_get_timer( &ctx->timer, 1 ); + if (fin_ms != 0) { + (void) mbedtls_timing_get_timer(&ctx->timer, 1); + } } /* * Get number of delays expired */ -int mbedtls_timing_get_delay( void *data ) +int mbedtls_timing_get_delay(void *data) { mbedtls_timing_delay_context *ctx = (mbedtls_timing_delay_context *) data; unsigned long elapsed_ms; - if( ctx->fin_ms == 0 ) - return( -1 ); + if (ctx->fin_ms == 0) { + return -1; + } - elapsed_ms = mbedtls_timing_get_timer( &ctx->timer, 0 ); + elapsed_ms = mbedtls_timing_get_timer(&ctx->timer, 0); - if( elapsed_ms >= ctx->fin_ms ) - return( 2 ); + if (elapsed_ms >= ctx->fin_ms) { + return 2; + } - if( elapsed_ms >= ctx->int_ms ) - return( 1 ); + if (elapsed_ms >= ctx->int_ms) { + return 1; + } - return( 0 ); + return 0; } +#endif /* !MBEDTLS_TIMING_ALT */ #if defined(MBEDTLS_SELF_TEST) - /* * Busy-waits for the given number of milliseconds. * Used for testing mbedtls_timing_hardclock. */ -static void busy_msleep( unsigned long msec ) +static void busy_msleep(unsigned long msec) { struct mbedtls_timing_hr_time hires; unsigned long i = 0; /* for busy-waiting */ volatile unsigned long j; /* to prevent optimisation */ - (void) mbedtls_timing_get_timer( &hires, 1 ); + (void) mbedtls_timing_get_timer(&hires, 1); - while( mbedtls_timing_get_timer( &hires, 0 ) < msec ) + while (mbedtls_timing_get_timer(&hires, 0) < msec) { i++; + } j = i; (void) j; @@ -385,19 +379,18 @@ static void busy_msleep( unsigned long msec ) #define FAIL do \ { \ - if( verbose != 0 ) \ + if (verbose != 0) \ { \ - mbedtls_printf( "failed at line %d\n", __LINE__ ); \ - mbedtls_printf( " cycles=%lu ratio=%lu millisecs=%lu secs=%lu hardfail=%d a=%lu b=%lu\n", \ - cycles, ratio, millisecs, secs, hardfail, \ - (unsigned long) a, (unsigned long) b ); \ - mbedtls_printf( " elapsed(hires)=%lu elapsed(ctx)=%lu status(ctx)=%d\n", \ - mbedtls_timing_get_timer( &hires, 0 ), \ - mbedtls_timing_get_timer( &ctx.timer, 0 ), \ - mbedtls_timing_get_delay( &ctx ) ); \ + mbedtls_printf("failed at line %d\n", __LINE__); \ + mbedtls_printf(" cycles=%lu ratio=%lu millisecs=%lu secs=%lu hardfail=%d a=%lu b=%lu\n", \ + cycles, ratio, millisecs, secs, hardfail, \ + (unsigned long) a, (unsigned long) b); \ + mbedtls_printf(" elapsed(hires)=%lu status(ctx)=%d\n", \ + mbedtls_timing_get_timer(&hires, 0), \ + mbedtls_timing_get_delay(&ctx)); \ } \ - return( 1 ); \ - } while( 0 ) + return 1; \ + } while (0) /* * Checkup routine @@ -405,7 +398,7 @@ static void busy_msleep( unsigned long msec ) * Warning: this is work in progress, some tests may not be reliable enough * yet! False positives may happen. */ -int mbedtls_timing_self_test( int verbose ) +int mbedtls_timing_self_test(int verbose) { unsigned long cycles = 0, ratio = 0; unsigned long millisecs = 0, secs = 0; @@ -414,63 +407,75 @@ int mbedtls_timing_self_test( int verbose ) uint32_t a = 0, b = 0; mbedtls_timing_delay_context ctx; - if( verbose != 0 ) - mbedtls_printf( " TIMING tests note: will take some time!\n" ); + if (verbose != 0) { + mbedtls_printf(" TIMING tests note: will take some time!\n"); + } - if( verbose != 0 ) - mbedtls_printf( " TIMING test #1 (set_alarm / get_timer): " ); + if (verbose != 0) { + mbedtls_printf(" TIMING test #1 (set_alarm / get_timer): "); + } { secs = 1; - (void) mbedtls_timing_get_timer( &hires, 1 ); + (void) mbedtls_timing_get_timer(&hires, 1); - mbedtls_set_alarm( (int) secs ); - while( !mbedtls_timing_alarmed ) + mbedtls_set_alarm((int) secs); + while (!mbedtls_timing_alarmed) { ; + } - millisecs = mbedtls_timing_get_timer( &hires, 0 ); + millisecs = mbedtls_timing_get_timer(&hires, 0); /* For some reason on Windows it looks like alarm has an extra delay * (maybe related to creating a new thread). Allow some room here. */ - if( millisecs < 800 * secs || millisecs > 1200 * secs + 300 ) + if (millisecs < 800 * secs || millisecs > 1200 * secs + 300) { FAIL; + } } - if( verbose != 0 ) - mbedtls_printf( "passed\n" ); + if (verbose != 0) { + mbedtls_printf("passed\n"); + } - if( verbose != 0 ) - mbedtls_printf( " TIMING test #2 (set/get_delay ): " ); + if (verbose != 0) { + mbedtls_printf(" TIMING test #2 (set/get_delay ): "); + } { a = 800; b = 400; - mbedtls_timing_set_delay( &ctx, a, a + b ); /* T = 0 */ + mbedtls_timing_set_delay(&ctx, a, a + b); /* T = 0 */ - busy_msleep( a - a / 4 ); /* T = a - a/4 */ - if( mbedtls_timing_get_delay( &ctx ) != 0 ) + busy_msleep(a - a / 4); /* T = a - a/4 */ + if (mbedtls_timing_get_delay(&ctx) != 0) { FAIL; + } - busy_msleep( a / 4 + b / 4 ); /* T = a + b/4 */ - if( mbedtls_timing_get_delay( &ctx ) != 1 ) + busy_msleep(a / 4 + b / 4); /* T = a + b/4 */ + if (mbedtls_timing_get_delay(&ctx) != 1) { FAIL; + } - busy_msleep( b ); /* T = a + b + b/4 */ - if( mbedtls_timing_get_delay( &ctx ) != 2 ) + busy_msleep(b); /* T = a + b + b/4 */ + if (mbedtls_timing_get_delay(&ctx) != 2) { FAIL; + } } - mbedtls_timing_set_delay( &ctx, 0, 0 ); - busy_msleep( 200 ); - if( mbedtls_timing_get_delay( &ctx ) != -1 ) + mbedtls_timing_set_delay(&ctx, 0, 0); + busy_msleep(200); + if (mbedtls_timing_get_delay(&ctx) != -1) { FAIL; + } - if( verbose != 0 ) - mbedtls_printf( "passed\n" ); + if (verbose != 0) { + mbedtls_printf("passed\n"); + } - if( verbose != 0 ) - mbedtls_printf( " TIMING test #3 (hardclock / get_timer): " ); + if (verbose != 0) { + mbedtls_printf(" TIMING test #3 (hardclock / get_timer): "); + } /* * Allow one failure for possible counter wrapping. @@ -479,10 +484,10 @@ int mbedtls_timing_self_test( int verbose ) */ hard_test: - if( hardfail > 1 ) - { - if( verbose != 0 ) - mbedtls_printf( "failed (ignored)\n" ); + if (hardfail > 1) { + if (verbose != 0) { + mbedtls_printf("failed (ignored)\n"); + } goto hard_test_done; } @@ -490,37 +495,36 @@ hard_test: /* Get a reference ratio cycles/ms */ millisecs = 1; cycles = mbedtls_timing_hardclock(); - busy_msleep( millisecs ); + busy_msleep(millisecs); cycles = mbedtls_timing_hardclock() - cycles; ratio = cycles / millisecs; /* Check that the ratio is mostly constant */ - for( millisecs = 2; millisecs <= 4; millisecs++ ) - { + for (millisecs = 2; millisecs <= 4; millisecs++) { cycles = mbedtls_timing_hardclock(); - busy_msleep( millisecs ); + busy_msleep(millisecs); cycles = mbedtls_timing_hardclock() - cycles; /* Allow variation up to 20% */ - if( cycles / millisecs < ratio - ratio / 5 || - cycles / millisecs > ratio + ratio / 5 ) - { + if (cycles / millisecs < ratio - ratio / 5 || + cycles / millisecs > ratio + ratio / 5) { hardfail++; goto hard_test; } } - if( verbose != 0 ) - mbedtls_printf( "passed\n" ); + if (verbose != 0) { + mbedtls_printf("passed\n"); + } hard_test_done: - if( verbose != 0 ) - mbedtls_printf( "\n" ); + if (verbose != 0) { + mbedtls_printf("\n"); + } - return( 0 ); + return 0; } #endif /* MBEDTLS_SELF_TEST */ -#endif /* !MBEDTLS_TIMING_ALT */ #endif /* MBEDTLS_TIMING_C */ diff --git a/thirdparty/mbedtls/library/version.c b/thirdparty/mbedtls/library/version.c index 32a0d7d584..4f78c9cb12 100644 --- a/thirdparty/mbedtls/library/version.c +++ b/thirdparty/mbedtls/library/version.c @@ -24,21 +24,21 @@ #include "mbedtls/version.h" #include -unsigned int mbedtls_version_get_number( void ) +unsigned int mbedtls_version_get_number(void) { - return( MBEDTLS_VERSION_NUMBER ); + return MBEDTLS_VERSION_NUMBER; } -void mbedtls_version_get_string( char *string ) +void mbedtls_version_get_string(char *string) { - memcpy( string, MBEDTLS_VERSION_STRING, - sizeof( MBEDTLS_VERSION_STRING ) ); + memcpy(string, MBEDTLS_VERSION_STRING, + sizeof(MBEDTLS_VERSION_STRING)); } -void mbedtls_version_get_string_full( char *string ) +void mbedtls_version_get_string_full(char *string) { - memcpy( string, MBEDTLS_VERSION_STRING_FULL, - sizeof( MBEDTLS_VERSION_STRING_FULL ) ); + memcpy(string, MBEDTLS_VERSION_STRING_FULL, + sizeof(MBEDTLS_VERSION_STRING_FULL)); } #endif /* MBEDTLS_VERSION_C */ diff --git a/thirdparty/mbedtls/library/version_features.c b/thirdparty/mbedtls/library/version_features.c index 40c95201bc..049a58aa21 100644 --- a/thirdparty/mbedtls/library/version_features.c +++ b/thirdparty/mbedtls/library/version_features.c @@ -27,7 +27,7 @@ static const char * const features[] = { #if defined(MBEDTLS_VERSION_FEATURES) -#if defined(MBEDTLS_HAVE_ASM) + #if defined(MBEDTLS_HAVE_ASM) "MBEDTLS_HAVE_ASM", #endif /* MBEDTLS_HAVE_ASM */ #if defined(MBEDTLS_NO_UDBL_DIVISION) @@ -850,23 +850,25 @@ static const char * const features[] = { NULL }; -int mbedtls_version_check_feature( const char *feature ) +int mbedtls_version_check_feature(const char *feature) { const char * const *idx = features; - if( *idx == NULL ) - return( -2 ); + if (*idx == NULL) { + return -2; + } - if( feature == NULL ) - return( -1 ); + if (feature == NULL) { + return -1; + } - while( *idx != NULL ) - { - if( !strcmp( *idx, feature ) ) - return( 0 ); + while (*idx != NULL) { + if (!strcmp(*idx, feature)) { + return 0; + } idx++; } - return( -1 ); + return -1; } #endif /* MBEDTLS_VERSION_C */ diff --git a/thirdparty/mbedtls/library/x509.c b/thirdparty/mbedtls/library/x509.c index 54c8666d23..38eb2e6607 100644 --- a/thirdparty/mbedtls/library/x509.c +++ b/thirdparty/mbedtls/library/x509.c @@ -53,42 +53,45 @@ #include #endif -#define CHECK(code) if( ( ret = ( code ) ) != 0 ){ return( ret ); } +#define CHECK(code) if ((ret = (code)) != 0) { return ret; } #define CHECK_RANGE(min, max, val) \ do \ { \ - if( ( val ) < ( min ) || ( val ) > ( max ) ) \ + if ((val) < (min) || (val) > (max)) \ { \ - return( ret ); \ + return ret; \ } \ - } while( 0 ) + } while (0) /* * CertificateSerialNumber ::= INTEGER */ -int mbedtls_x509_get_serial( unsigned char **p, const unsigned char *end, - mbedtls_x509_buf *serial ) +int mbedtls_x509_get_serial(unsigned char **p, const unsigned char *end, + mbedtls_x509_buf *serial) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - if( ( end - *p ) < 1 ) - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_SERIAL, - MBEDTLS_ERR_ASN1_OUT_OF_DATA ) ); + if ((end - *p) < 1) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_SERIAL, + MBEDTLS_ERR_ASN1_OUT_OF_DATA); + } - if( **p != ( MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_PRIMITIVE | 2 ) && - **p != MBEDTLS_ASN1_INTEGER ) - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_SERIAL, - MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) ); + if (**p != (MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_PRIMITIVE | 2) && + **p != MBEDTLS_ASN1_INTEGER) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_SERIAL, + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG); + } serial->tag = *(*p)++; - if( ( ret = mbedtls_asn1_get_len( p, end, &serial->len ) ) != 0 ) - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_SERIAL, ret ) ); + if ((ret = mbedtls_asn1_get_len(p, end, &serial->len)) != 0) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_SERIAL, ret); + } serial->p = *p; *p += serial->len; - return( 0 ); + return 0; } /* Get an algorithm identifier without parameters (eg for signatures) @@ -97,29 +100,31 @@ int mbedtls_x509_get_serial( unsigned char **p, const unsigned char *end, * algorithm OBJECT IDENTIFIER, * parameters ANY DEFINED BY algorithm OPTIONAL } */ -int mbedtls_x509_get_alg_null( unsigned char **p, const unsigned char *end, - mbedtls_x509_buf *alg ) +int mbedtls_x509_get_alg_null(unsigned char **p, const unsigned char *end, + mbedtls_x509_buf *alg) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - if( ( ret = mbedtls_asn1_get_alg_null( p, end, alg ) ) != 0 ) - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_ALG, ret ) ); + if ((ret = mbedtls_asn1_get_alg_null(p, end, alg)) != 0) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, ret); + } - return( 0 ); + return 0; } /* * Parse an algorithm identifier with (optional) parameters */ -int mbedtls_x509_get_alg( unsigned char **p, const unsigned char *end, - mbedtls_x509_buf *alg, mbedtls_x509_buf *params ) +int mbedtls_x509_get_alg(unsigned char **p, const unsigned char *end, + mbedtls_x509_buf *alg, mbedtls_x509_buf *params) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - if( ( ret = mbedtls_asn1_get_alg( p, end, alg, params ) ) != 0 ) - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_ALG, ret ) ); + if ((ret = mbedtls_asn1_get_alg(p, end, alg, params)) != 0) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, ret); + } - return( 0 ); + return 0; } #if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) @@ -132,7 +137,7 @@ int mbedtls_x509_get_alg( unsigned char **p, const unsigned char *end, * * For HashAlgorithm, parameters MUST be NULL or absent. */ -static int x509_get_hash_alg( const mbedtls_x509_buf *alg, mbedtls_md_type_t *md_alg ) +static int x509_get_hash_alg(const mbedtls_x509_buf *alg, mbedtls_md_type_t *md_alg) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char *p; @@ -141,42 +146,49 @@ static int x509_get_hash_alg( const mbedtls_x509_buf *alg, mbedtls_md_type_t *md size_t len; /* Make sure we got a SEQUENCE and setup bounds */ - if( alg->tag != ( MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_ALG, - MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) ); + if (alg->tag != (MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG); + } p = alg->p; end = p + alg->len; - if( p >= end ) - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_ALG, - MBEDTLS_ERR_ASN1_OUT_OF_DATA ) ); + if (p >= end) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, + MBEDTLS_ERR_ASN1_OUT_OF_DATA); + } /* Parse md_oid */ md_oid.tag = *p; - if( ( ret = mbedtls_asn1_get_tag( &p, end, &md_oid.len, MBEDTLS_ASN1_OID ) ) != 0 ) - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_ALG, ret ) ); + if ((ret = mbedtls_asn1_get_tag(&p, end, &md_oid.len, MBEDTLS_ASN1_OID)) != 0) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, ret); + } md_oid.p = p; p += md_oid.len; /* Get md_alg from md_oid */ - if( ( ret = mbedtls_oid_get_md_alg( &md_oid, md_alg ) ) != 0 ) - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_ALG, ret ) ); + if ((ret = mbedtls_oid_get_md_alg(&md_oid, md_alg)) != 0) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, ret); + } /* Make sure params is absent of NULL */ - if( p == end ) - return( 0 ); + if (p == end) { + return 0; + } - if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_NULL ) ) != 0 || len != 0 ) - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_ALG, ret ) ); + if ((ret = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_NULL)) != 0 || len != 0) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, ret); + } - if( p != end ) - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_ALG, - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) ); + if (p != end) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); + } - return( 0 ); + return 0; } /* @@ -191,9 +203,9 @@ static int x509_get_hash_alg( const mbedtls_x509_buf *alg, mbedtls_md_type_t *md * of trailerField MUST be 1, and PKCS#1 v2.2 doesn't even define any other * option. Enforce this at parsing time. */ -int mbedtls_x509_get_rsassa_pss_params( const mbedtls_x509_buf *params, - mbedtls_md_type_t *md_alg, mbedtls_md_type_t *mgf_md, - int *salt_len ) +int mbedtls_x509_get_rsassa_pss_params(const mbedtls_x509_buf *params, + mbedtls_md_type_t *md_alg, mbedtls_md_type_t *mgf_md, + int *salt_len) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char *p; @@ -207,121 +219,139 @@ int mbedtls_x509_get_rsassa_pss_params( const mbedtls_x509_buf *params, *salt_len = 20; /* Make sure params is a SEQUENCE and setup bounds */ - if( params->tag != ( MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_ALG, - MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) ); + if (params->tag != (MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG); + } p = (unsigned char *) params->p; end = p + params->len; - if( p == end ) - return( 0 ); + if (p == end) { + return 0; + } /* * HashAlgorithm */ - if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, - MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 0 ) ) == 0 ) - { + if ((ret = mbedtls_asn1_get_tag(&p, end, &len, + MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | + 0)) == 0) { end2 = p + len; /* HashAlgorithm ::= AlgorithmIdentifier (without parameters) */ - if( ( ret = mbedtls_x509_get_alg_null( &p, end2, &alg_id ) ) != 0 ) - return( ret ); + if ((ret = mbedtls_x509_get_alg_null(&p, end2, &alg_id)) != 0) { + return ret; + } - if( ( ret = mbedtls_oid_get_md_alg( &alg_id, md_alg ) ) != 0 ) - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_ALG, ret ) ); + if ((ret = mbedtls_oid_get_md_alg(&alg_id, md_alg)) != 0) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, ret); + } - if( p != end2 ) - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_ALG, - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) ); + if (p != end2) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); + } + } else if (ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, ret); } - else if( ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_ALG, ret ) ); - if( p == end ) - return( 0 ); + if (p == end) { + return 0; + } /* * MaskGenAlgorithm */ - if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, - MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 1 ) ) == 0 ) - { + if ((ret = mbedtls_asn1_get_tag(&p, end, &len, + MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | + 1)) == 0) { end2 = p + len; /* MaskGenAlgorithm ::= AlgorithmIdentifier (params = HashAlgorithm) */ - if( ( ret = mbedtls_x509_get_alg( &p, end2, &alg_id, &alg_params ) ) != 0 ) - return( ret ); + if ((ret = mbedtls_x509_get_alg(&p, end2, &alg_id, &alg_params)) != 0) { + return ret; + } /* Only MFG1 is recognised for now */ - if( MBEDTLS_OID_CMP( MBEDTLS_OID_MGF1, &alg_id ) != 0 ) - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE, - MBEDTLS_ERR_OID_NOT_FOUND ) ); + if (MBEDTLS_OID_CMP(MBEDTLS_OID_MGF1, &alg_id) != 0) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE, + MBEDTLS_ERR_OID_NOT_FOUND); + } /* Parse HashAlgorithm */ - if( ( ret = x509_get_hash_alg( &alg_params, mgf_md ) ) != 0 ) - return( ret ); + if ((ret = x509_get_hash_alg(&alg_params, mgf_md)) != 0) { + return ret; + } - if( p != end2 ) - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_ALG, - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) ); + if (p != end2) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); + } + } else if (ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, ret); } - else if( ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_ALG, ret ) ); - if( p == end ) - return( 0 ); + if (p == end) { + return 0; + } /* * salt_len */ - if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, - MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 2 ) ) == 0 ) - { + if ((ret = mbedtls_asn1_get_tag(&p, end, &len, + MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | + 2)) == 0) { end2 = p + len; - if( ( ret = mbedtls_asn1_get_int( &p, end2, salt_len ) ) != 0 ) - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_ALG, ret ) ); + if ((ret = mbedtls_asn1_get_int(&p, end2, salt_len)) != 0) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, ret); + } - if( p != end2 ) - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_ALG, - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) ); + if (p != end2) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); + } + } else if (ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, ret); } - else if( ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_ALG, ret ) ); - if( p == end ) - return( 0 ); + if (p == end) { + return 0; + } /* * trailer_field (if present, must be 1) */ - if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, - MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 3 ) ) == 0 ) - { + if ((ret = mbedtls_asn1_get_tag(&p, end, &len, + MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | + 3)) == 0) { int trailer_field; end2 = p + len; - if( ( ret = mbedtls_asn1_get_int( &p, end2, &trailer_field ) ) != 0 ) - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_ALG, ret ) ); + if ((ret = mbedtls_asn1_get_int(&p, end2, &trailer_field)) != 0) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, ret); + } - if( p != end2 ) - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_ALG, - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) ); + if (p != end2) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); + } - if( trailer_field != 1 ) - return( MBEDTLS_ERR_X509_INVALID_ALG ); + if (trailer_field != 1) { + return MBEDTLS_ERR_X509_INVALID_ALG; + } + } else if (ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, ret); } - else if( ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_ALG, ret ) ); - if( p != end ) - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_ALG, - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) ); + if (p != end) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); + } - return( 0 ); + return 0; } #endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT */ @@ -334,63 +364,68 @@ int mbedtls_x509_get_rsassa_pss_params( const mbedtls_x509_buf *params, * * AttributeValue ::= ANY DEFINED BY AttributeType */ -static int x509_get_attr_type_value( unsigned char **p, - const unsigned char *end, - mbedtls_x509_name *cur ) +static int x509_get_attr_type_value(unsigned char **p, + const unsigned char *end, + mbedtls_x509_name *cur) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len; mbedtls_x509_buf *oid; mbedtls_x509_buf *val; - if( ( ret = mbedtls_asn1_get_tag( p, end, &len, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_NAME, ret ) ); + if ((ret = mbedtls_asn1_get_tag(p, end, &len, + MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, ret); + } end = *p + len; - if( ( end - *p ) < 1 ) - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_NAME, - MBEDTLS_ERR_ASN1_OUT_OF_DATA ) ); + if ((end - *p) < 1) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, + MBEDTLS_ERR_ASN1_OUT_OF_DATA); + } oid = &cur->oid; oid->tag = **p; - if( ( ret = mbedtls_asn1_get_tag( p, end, &oid->len, MBEDTLS_ASN1_OID ) ) != 0 ) - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_NAME, ret ) ); + if ((ret = mbedtls_asn1_get_tag(p, end, &oid->len, MBEDTLS_ASN1_OID)) != 0) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, ret); + } oid->p = *p; *p += oid->len; - if( ( end - *p ) < 1 ) - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_NAME, - MBEDTLS_ERR_ASN1_OUT_OF_DATA ) ); + if ((end - *p) < 1) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, + MBEDTLS_ERR_ASN1_OUT_OF_DATA); + } - if( **p != MBEDTLS_ASN1_BMP_STRING && **p != MBEDTLS_ASN1_UTF8_STRING && + if (**p != MBEDTLS_ASN1_BMP_STRING && **p != MBEDTLS_ASN1_UTF8_STRING && **p != MBEDTLS_ASN1_T61_STRING && **p != MBEDTLS_ASN1_PRINTABLE_STRING && **p != MBEDTLS_ASN1_IA5_STRING && **p != MBEDTLS_ASN1_UNIVERSAL_STRING && - **p != MBEDTLS_ASN1_BIT_STRING ) - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_NAME, - MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) ); + **p != MBEDTLS_ASN1_BIT_STRING) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG); + } val = &cur->val; val->tag = *(*p)++; - if( ( ret = mbedtls_asn1_get_len( p, end, &val->len ) ) != 0 ) - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_NAME, ret ) ); + if ((ret = mbedtls_asn1_get_len(p, end, &val->len)) != 0) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, ret); + } val->p = *p; *p += val->len; - if( *p != end ) - { - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_NAME, - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) ); + if (*p != end) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); } cur->next = NULL; - return( 0 ); + return 0; } /* @@ -421,8 +456,8 @@ static int x509_get_attr_type_value( unsigned char **p, * cases, this function frees all allocated memory internally and the caller * has no freeing responsibilities. */ -int mbedtls_x509_get_name( unsigned char **p, const unsigned char *end, - mbedtls_x509_name *cur ) +int mbedtls_x509_get_name(unsigned char **p, const unsigned char *end, + mbedtls_x509_name *cur) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t set_len; @@ -431,35 +466,33 @@ int mbedtls_x509_get_name( unsigned char **p, const unsigned char *end, mbedtls_x509_name *prev, *allocated; /* don't use recursion, we'd risk stack overflow if not optimized */ - while( 1 ) - { + while (1) { /* * parse SET */ - if( ( ret = mbedtls_asn1_get_tag( p, end, &set_len, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SET ) ) != 0 ) - { - ret = MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_NAME, ret ); + if ((ret = mbedtls_asn1_get_tag(p, end, &set_len, + MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SET)) != 0) { + ret = MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, ret); goto error; } end_set = *p + set_len; - while( 1 ) - { - if( ( ret = x509_get_attr_type_value( p, end_set, cur ) ) != 0 ) + while (1) { + if ((ret = x509_get_attr_type_value(p, end_set, cur)) != 0) { goto error; + } - if( *p == end_set ) + if (*p == end_set) { break; + } /* Mark this item as being no the only one in a set */ cur->next_merged = 1; - cur->next = mbedtls_calloc( 1, sizeof( mbedtls_x509_name ) ); + cur->next = mbedtls_calloc(1, sizeof(mbedtls_x509_name)); - if( cur->next == NULL ) - { + if (cur->next == NULL) { ret = MBEDTLS_ERR_X509_ALLOC_FAILED; goto error; } @@ -470,13 +503,13 @@ int mbedtls_x509_get_name( unsigned char **p, const unsigned char *end, /* * continue until end of SEQUENCE is reached */ - if( *p == end ) - return( 0 ); + if (*p == end) { + return 0; + } - cur->next = mbedtls_calloc( 1, sizeof( mbedtls_x509_name ) ); + cur->next = mbedtls_calloc(1, sizeof(mbedtls_x509_name)); - if( cur->next == NULL ) - { + if (cur->next == NULL) { ret = MBEDTLS_ERR_X509_ALLOC_FAILED; goto error; } @@ -488,48 +521,46 @@ error: /* Skip the first element as we did not allocate it */ allocated = head->next; - while( allocated != NULL ) - { + while (allocated != NULL) { prev = allocated; allocated = allocated->next; - mbedtls_platform_zeroize( prev, sizeof( *prev ) ); - mbedtls_free( prev ); + mbedtls_platform_zeroize(prev, sizeof(*prev)); + mbedtls_free(prev); } - mbedtls_platform_zeroize( head, sizeof( *head ) ); + mbedtls_platform_zeroize(head, sizeof(*head)); - return( ret ); + return ret; } -static int x509_parse_int( unsigned char **p, size_t n, int *res ) +static int x509_parse_int(unsigned char **p, size_t n, int *res) { *res = 0; - for( ; n > 0; --n ) - { - if( ( **p < '0') || ( **p > '9' ) ) - return ( MBEDTLS_ERR_X509_INVALID_DATE ); + for (; n > 0; --n) { + if ((**p < '0') || (**p > '9')) { + return MBEDTLS_ERR_X509_INVALID_DATE; + } *res *= 10; - *res += ( *(*p)++ - '0' ); + *res += (*(*p)++ - '0'); } - return( 0 ); + return 0; } -static int x509_date_is_valid(const mbedtls_x509_time *t ) +static int x509_date_is_valid(const mbedtls_x509_time *t) { int ret = MBEDTLS_ERR_X509_INVALID_DATE; int month_len; - CHECK_RANGE( 0, 9999, t->year ); - CHECK_RANGE( 0, 23, t->hour ); - CHECK_RANGE( 0, 59, t->min ); - CHECK_RANGE( 0, 59, t->sec ); + CHECK_RANGE(0, 9999, t->year); + CHECK_RANGE(0, 23, t->hour); + CHECK_RANGE(0, 59, t->min); + CHECK_RANGE(0, 59, t->sec); - switch( t->mon ) - { + switch (t->mon) { case 1: case 3: case 5: case 7: case 8: case 10: case 12: month_len = 31; break; @@ -537,69 +568,69 @@ static int x509_date_is_valid(const mbedtls_x509_time *t ) month_len = 30; break; case 2: - if( ( !( t->year % 4 ) && t->year % 100 ) || - !( t->year % 400 ) ) + if ((!(t->year % 4) && t->year % 100) || + !(t->year % 400)) { month_len = 29; - else + } else { month_len = 28; + } break; default: - return( ret ); + return ret; } - CHECK_RANGE( 1, month_len, t->day ); + CHECK_RANGE(1, month_len, t->day); - return( 0 ); + return 0; } /* * Parse an ASN1_UTC_TIME (yearlen=2) or ASN1_GENERALIZED_TIME (yearlen=4) * field. */ -static int x509_parse_time( unsigned char **p, size_t len, size_t yearlen, - mbedtls_x509_time *tm ) +static int x509_parse_time(unsigned char **p, size_t len, size_t yearlen, + mbedtls_x509_time *tm) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; /* * Minimum length is 10 or 12 depending on yearlen */ - if ( len < yearlen + 8 ) - return ( MBEDTLS_ERR_X509_INVALID_DATE ); + if (len < yearlen + 8) { + return MBEDTLS_ERR_X509_INVALID_DATE; + } len -= yearlen + 8; /* * Parse year, month, day, hour, minute */ - CHECK( x509_parse_int( p, yearlen, &tm->year ) ); - if ( 2 == yearlen ) - { - if ( tm->year < 50 ) + CHECK(x509_parse_int(p, yearlen, &tm->year)); + if (2 == yearlen) { + if (tm->year < 50) { tm->year += 100; + } tm->year += 1900; } - CHECK( x509_parse_int( p, 2, &tm->mon ) ); - CHECK( x509_parse_int( p, 2, &tm->day ) ); - CHECK( x509_parse_int( p, 2, &tm->hour ) ); - CHECK( x509_parse_int( p, 2, &tm->min ) ); + CHECK(x509_parse_int(p, 2, &tm->mon)); + CHECK(x509_parse_int(p, 2, &tm->day)); + CHECK(x509_parse_int(p, 2, &tm->hour)); + CHECK(x509_parse_int(p, 2, &tm->min)); /* * Parse seconds if present */ - if ( len >= 2 ) - { - CHECK( x509_parse_int( p, 2, &tm->sec ) ); + if (len >= 2) { + CHECK(x509_parse_int(p, 2, &tm->sec)); len -= 2; + } else { + return MBEDTLS_ERR_X509_INVALID_DATE; } - else - return ( MBEDTLS_ERR_X509_INVALID_DATE ); /* * Parse trailing 'Z' if present */ - if ( 1 == len && 'Z' == **p ) - { + if (1 == len && 'Z' == **p) { (*p)++; len--; } @@ -607,12 +638,13 @@ static int x509_parse_time( unsigned char **p, size_t len, size_t yearlen, /* * We should have parsed all characters at this point */ - if ( 0 != len ) - return ( MBEDTLS_ERR_X509_INVALID_DATE ); + if (0 != len) { + return MBEDTLS_ERR_X509_INVALID_DATE; + } - CHECK( x509_date_is_valid( tm ) ); + CHECK(x509_date_is_valid(tm)); - return ( 0 ); + return 0; } /* @@ -620,50 +652,55 @@ static int x509_parse_time( unsigned char **p, size_t len, size_t yearlen, * utcTime UTCTime, * generalTime GeneralizedTime } */ -int mbedtls_x509_get_time( unsigned char **p, const unsigned char *end, - mbedtls_x509_time *tm ) +int mbedtls_x509_get_time(unsigned char **p, const unsigned char *end, + mbedtls_x509_time *tm) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len, year_len; unsigned char tag; - if( ( end - *p ) < 1 ) - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_DATE, - MBEDTLS_ERR_ASN1_OUT_OF_DATA ) ); + if ((end - *p) < 1) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, + MBEDTLS_ERR_ASN1_OUT_OF_DATA); + } tag = **p; - if( tag == MBEDTLS_ASN1_UTC_TIME ) + if (tag == MBEDTLS_ASN1_UTC_TIME) { year_len = 2; - else if( tag == MBEDTLS_ASN1_GENERALIZED_TIME ) + } else if (tag == MBEDTLS_ASN1_GENERALIZED_TIME) { year_len = 4; - else - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_DATE, - MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) ); + } else { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG); + } (*p)++; - ret = mbedtls_asn1_get_len( p, end, &len ); + ret = mbedtls_asn1_get_len(p, end, &len); - if( ret != 0 ) - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_DATE, ret ) ); + if (ret != 0) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, ret); + } - return x509_parse_time( p, len, year_len, tm ); + return x509_parse_time(p, len, year_len, tm); } -int mbedtls_x509_get_sig( unsigned char **p, const unsigned char *end, mbedtls_x509_buf *sig ) +int mbedtls_x509_get_sig(unsigned char **p, const unsigned char *end, mbedtls_x509_buf *sig) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len; int tag_type; - if( ( end - *p ) < 1 ) - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_SIGNATURE, - MBEDTLS_ERR_ASN1_OUT_OF_DATA ) ); + if ((end - *p) < 1) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_SIGNATURE, + MBEDTLS_ERR_ASN1_OUT_OF_DATA); + } tag_type = **p; - if( ( ret = mbedtls_asn1_get_bitstring_null( p, end, &len ) ) != 0 ) - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_SIGNATURE, ret ) ); + if ((ret = mbedtls_asn1_get_bitstring_null(p, end, &len)) != 0) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_SIGNATURE, ret); + } sig->tag = tag_type; sig->len = len; @@ -671,63 +708,64 @@ int mbedtls_x509_get_sig( unsigned char **p, const unsigned char *end, mbedtls_x *p += len; - return( 0 ); + return 0; } /* * Get signature algorithm from alg OID and optional parameters */ -int mbedtls_x509_get_sig_alg( const mbedtls_x509_buf *sig_oid, const mbedtls_x509_buf *sig_params, - mbedtls_md_type_t *md_alg, mbedtls_pk_type_t *pk_alg, - void **sig_opts ) +int mbedtls_x509_get_sig_alg(const mbedtls_x509_buf *sig_oid, const mbedtls_x509_buf *sig_params, + mbedtls_md_type_t *md_alg, mbedtls_pk_type_t *pk_alg, + void **sig_opts) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - if( *sig_opts != NULL ) - return( MBEDTLS_ERR_X509_BAD_INPUT_DATA ); + if (*sig_opts != NULL) { + return MBEDTLS_ERR_X509_BAD_INPUT_DATA; + } - if( ( ret = mbedtls_oid_get_sig_alg( sig_oid, md_alg, pk_alg ) ) != 0 ) - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG, ret ) ); + if ((ret = mbedtls_oid_get_sig_alg(sig_oid, md_alg, pk_alg)) != 0) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG, ret); + } #if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) - if( *pk_alg == MBEDTLS_PK_RSASSA_PSS ) - { + if (*pk_alg == MBEDTLS_PK_RSASSA_PSS) { mbedtls_pk_rsassa_pss_options *pss_opts; - pss_opts = mbedtls_calloc( 1, sizeof( mbedtls_pk_rsassa_pss_options ) ); - if( pss_opts == NULL ) - return( MBEDTLS_ERR_X509_ALLOC_FAILED ); - - ret = mbedtls_x509_get_rsassa_pss_params( sig_params, - md_alg, - &pss_opts->mgf1_hash_id, - &pss_opts->expected_salt_len ); - if( ret != 0 ) - { - mbedtls_free( pss_opts ); - return( ret ); + pss_opts = mbedtls_calloc(1, sizeof(mbedtls_pk_rsassa_pss_options)); + if (pss_opts == NULL) { + return MBEDTLS_ERR_X509_ALLOC_FAILED; + } + + ret = mbedtls_x509_get_rsassa_pss_params(sig_params, + md_alg, + &pss_opts->mgf1_hash_id, + &pss_opts->expected_salt_len); + if (ret != 0) { + mbedtls_free(pss_opts); + return ret; } *sig_opts = (void *) pss_opts; - } - else + } else #endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT */ { /* Make sure parameters are absent or NULL */ - if( ( sig_params->tag != MBEDTLS_ASN1_NULL && sig_params->tag != 0 ) || - sig_params->len != 0 ) - return( MBEDTLS_ERR_X509_INVALID_ALG ); + if ((sig_params->tag != MBEDTLS_ASN1_NULL && sig_params->tag != 0) || + sig_params->len != 0) { + return MBEDTLS_ERR_X509_INVALID_ALG; + } } - return( 0 ); + return 0; } /* * X.509 Extensions (No parsing of extensions, pointer should * be either manually updated or extensions should be parsed!) */ -int mbedtls_x509_get_ext( unsigned char **p, const unsigned char *end, - mbedtls_x509_buf *ext, int tag ) +int mbedtls_x509_get_ext(unsigned char **p, const unsigned char *end, + mbedtls_x509_buf *ext, int tag) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len; @@ -735,10 +773,11 @@ int mbedtls_x509_get_ext( unsigned char **p, const unsigned char *end, /* Extension structure use EXPLICIT tagging. That is, the actual * `Extensions` structure is wrapped by a tag-length pair using * the respective context-specific tag. */ - ret = mbedtls_asn1_get_tag( p, end, &ext->len, - MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | tag ); - if( ret != 0 ) - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) ); + ret = mbedtls_asn1_get_tag(p, end, &ext->len, + MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | tag); + if (ret != 0) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); + } ext->tag = MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | tag; ext->p = *p; @@ -747,22 +786,24 @@ int mbedtls_x509_get_ext( unsigned char **p, const unsigned char *end, /* * Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension */ - if( ( ret = mbedtls_asn1_get_tag( p, end, &len, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) ); + if ((ret = mbedtls_asn1_get_tag(p, end, &len, + MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); + } - if( end != *p + len ) - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) ); + if (end != *p + len) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); + } - return( 0 ); + return 0; } /* * Store the name in printable form into buf; no more * than size characters will be written */ -int mbedtls_x509_dn_gets( char *buf, size_t size, const mbedtls_x509_name *dn ) +int mbedtls_x509_dn_gets(char *buf, size_t size, const mbedtls_x509_name *dn) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t i, j, n; @@ -771,67 +812,67 @@ int mbedtls_x509_dn_gets( char *buf, size_t size, const mbedtls_x509_name *dn ) const char *short_name = NULL; char s[MBEDTLS_X509_MAX_DN_NAME_SIZE], *p; - memset( s, 0, sizeof( s ) ); + memset(s, 0, sizeof(s)); name = dn; p = buf; n = size; - while( name != NULL ) - { - if( !name->oid.p ) - { + while (name != NULL) { + if (!name->oid.p) { name = name->next; continue; } - if( name != dn ) - { - ret = mbedtls_snprintf( p, n, merge ? " + " : ", " ); + if (name != dn) { + ret = mbedtls_snprintf(p, n, merge ? " + " : ", "); MBEDTLS_X509_SAFE_SNPRINTF; } - ret = mbedtls_oid_get_attr_short_name( &name->oid, &short_name ); + ret = mbedtls_oid_get_attr_short_name(&name->oid, &short_name); - if( ret == 0 ) - ret = mbedtls_snprintf( p, n, "%s=", short_name ); - else - ret = mbedtls_snprintf( p, n, "\?\?=" ); + if (ret == 0) { + ret = mbedtls_snprintf(p, n, "%s=", short_name); + } else { + ret = mbedtls_snprintf(p, n, "\?\?="); + } MBEDTLS_X509_SAFE_SNPRINTF; - for( i = 0, j = 0; i < name->val.len; i++, j++ ) - { - if( j >= sizeof( s ) - 1 ) - return( MBEDTLS_ERR_X509_BUFFER_TOO_SMALL ); + for (i = 0, j = 0; i < name->val.len; i++, j++) { + if (j >= sizeof(s) - 1) { + return MBEDTLS_ERR_X509_BUFFER_TOO_SMALL; + } c = name->val.p[i]; // Special characters requiring escaping, RFC 1779 - if( c && strchr( ",=+<>#;\"\\", c ) ) - { - if( j + 1 >= sizeof( s ) - 1 ) - return( MBEDTLS_ERR_X509_BUFFER_TOO_SMALL ); + if (c && strchr(",=+<>#;\"\\", c)) { + if (j + 1 >= sizeof(s) - 1) { + return MBEDTLS_ERR_X509_BUFFER_TOO_SMALL; + } s[j++] = '\\'; } - if( c < 32 || c >= 127 ) - s[j] = '?'; - else s[j] = c; + if (c < 32 || c >= 127) { + s[j] = '?'; + } else { + s[j] = c; + } } s[j] = '\0'; - ret = mbedtls_snprintf( p, n, "%s", s ); + ret = mbedtls_snprintf(p, n, "%s", s); MBEDTLS_X509_SAFE_SNPRINTF; merge = name->next_merged; name = name->next; } - return( (int) ( size - n ) ); + return (int) (size - n); } /* * Store the serial in printable form into buf; no more * than size characters will be written */ -int mbedtls_x509_serial_gets( char *buf, size_t size, const mbedtls_x509_buf *serial ) +int mbedtls_x509_serial_gets(char *buf, size_t size, const mbedtls_x509_buf *serial) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t i, n, nr; @@ -840,62 +881,61 @@ int mbedtls_x509_serial_gets( char *buf, size_t size, const mbedtls_x509_buf *se p = buf; n = size; - nr = ( serial->len <= 32 ) + nr = (serial->len <= 32) ? serial->len : 28; - for( i = 0; i < nr; i++ ) - { - if( i == 0 && nr > 1 && serial->p[i] == 0x0 ) + for (i = 0; i < nr; i++) { + if (i == 0 && nr > 1 && serial->p[i] == 0x0) { continue; + } - ret = mbedtls_snprintf( p, n, "%02X%s", - serial->p[i], ( i < nr - 1 ) ? ":" : "" ); + ret = mbedtls_snprintf(p, n, "%02X%s", + serial->p[i], (i < nr - 1) ? ":" : ""); MBEDTLS_X509_SAFE_SNPRINTF; } - if( nr != serial->len ) - { - ret = mbedtls_snprintf( p, n, "...." ); + if (nr != serial->len) { + ret = mbedtls_snprintf(p, n, "...."); MBEDTLS_X509_SAFE_SNPRINTF; } - return( (int) ( size - n ) ); + return (int) (size - n); } /* * Helper for writing signature algorithms */ -int mbedtls_x509_sig_alg_gets( char *buf, size_t size, const mbedtls_x509_buf *sig_oid, - mbedtls_pk_type_t pk_alg, mbedtls_md_type_t md_alg, - const void *sig_opts ) +int mbedtls_x509_sig_alg_gets(char *buf, size_t size, const mbedtls_x509_buf *sig_oid, + mbedtls_pk_type_t pk_alg, mbedtls_md_type_t md_alg, + const void *sig_opts) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; char *p = buf; size_t n = size; const char *desc = NULL; - ret = mbedtls_oid_get_sig_alg_desc( sig_oid, &desc ); - if( ret != 0 ) - ret = mbedtls_snprintf( p, n, "???" ); - else - ret = mbedtls_snprintf( p, n, "%s", desc ); + ret = mbedtls_oid_get_sig_alg_desc(sig_oid, &desc); + if (ret != 0) { + ret = mbedtls_snprintf(p, n, "???"); + } else { + ret = mbedtls_snprintf(p, n, "%s", desc); + } MBEDTLS_X509_SAFE_SNPRINTF; #if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) - if( pk_alg == MBEDTLS_PK_RSASSA_PSS ) - { + if (pk_alg == MBEDTLS_PK_RSASSA_PSS) { const mbedtls_pk_rsassa_pss_options *pss_opts; const mbedtls_md_info_t *md_info, *mgf_md_info; pss_opts = (const mbedtls_pk_rsassa_pss_options *) sig_opts; - md_info = mbedtls_md_info_from_type( md_alg ); - mgf_md_info = mbedtls_md_info_from_type( pss_opts->mgf1_hash_id ); + md_info = mbedtls_md_info_from_type(md_alg); + mgf_md_info = mbedtls_md_info_from_type(pss_opts->mgf1_hash_id); - ret = mbedtls_snprintf( p, n, " (%s, MGF1-%s, 0x%02X)", - md_info ? mbedtls_md_get_name( md_info ) : "???", - mgf_md_info ? mbedtls_md_get_name( mgf_md_info ) : "???", - (unsigned int) pss_opts->expected_salt_len ); + ret = mbedtls_snprintf(p, n, " (%s, MGF1-%s, 0x%02X)", + md_info ? mbedtls_md_get_name(md_info) : "???", + mgf_md_info ? mbedtls_md_get_name(mgf_md_info) : "???", + (unsigned int) pss_opts->expected_salt_len); MBEDTLS_X509_SAFE_SNPRINTF; } #else @@ -904,22 +944,22 @@ int mbedtls_x509_sig_alg_gets( char *buf, size_t size, const mbedtls_x509_buf *s ((void) sig_opts); #endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT */ - return( (int)( size - n ) ); + return (int) (size - n); } /* * Helper for writing "RSA key size", "EC key size", etc */ -int mbedtls_x509_key_size_helper( char *buf, size_t buf_size, const char *name ) +int mbedtls_x509_key_size_helper(char *buf, size_t buf_size, const char *name) { char *p = buf; size_t n = buf_size; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - ret = mbedtls_snprintf( p, n, "%s key size", name ); + ret = mbedtls_snprintf(p, n, "%s key size", name); MBEDTLS_X509_SAFE_SNPRINTF; - return( 0 ); + return 0; } #if defined(MBEDTLS_HAVE_TIME_DATE) @@ -927,19 +967,18 @@ int mbedtls_x509_key_size_helper( char *buf, size_t buf_size, const char *name ) * Set the time structure to the current time. * Return 0 on success, non-zero on failure. */ -static int x509_get_current_time( mbedtls_x509_time *now ) +static int x509_get_current_time(mbedtls_x509_time *now) { struct tm *lt, tm_buf; mbedtls_time_t tt; int ret = 0; - tt = mbedtls_time( NULL ); - lt = mbedtls_platform_gmtime_r( &tt, &tm_buf ); + tt = mbedtls_time(NULL); + lt = mbedtls_platform_gmtime_r(&tt, &tm_buf); - if( lt == NULL ) + if (lt == NULL) { ret = -1; - else - { + } else { now->year = lt->tm_year + 1900; now->mon = lt->tm_mon + 1; now->day = lt->tm_mday; @@ -948,82 +987,90 @@ static int x509_get_current_time( mbedtls_x509_time *now ) now->sec = lt->tm_sec; } - return( ret ); + return ret; } /* * Return 0 if before <= after, 1 otherwise */ -static int x509_check_time( const mbedtls_x509_time *before, const mbedtls_x509_time *after ) +static int x509_check_time(const mbedtls_x509_time *before, const mbedtls_x509_time *after) { - if( before->year > after->year ) - return( 1 ); + if (before->year > after->year) { + return 1; + } - if( before->year == after->year && - before->mon > after->mon ) - return( 1 ); + if (before->year == after->year && + before->mon > after->mon) { + return 1; + } - if( before->year == after->year && + if (before->year == after->year && before->mon == after->mon && - before->day > after->day ) - return( 1 ); + before->day > after->day) { + return 1; + } - if( before->year == after->year && + if (before->year == after->year && before->mon == after->mon && before->day == after->day && - before->hour > after->hour ) - return( 1 ); + before->hour > after->hour) { + return 1; + } - if( before->year == after->year && + if (before->year == after->year && before->mon == after->mon && before->day == after->day && before->hour == after->hour && - before->min > after->min ) - return( 1 ); + before->min > after->min) { + return 1; + } - if( before->year == after->year && + if (before->year == after->year && before->mon == after->mon && before->day == after->day && before->hour == after->hour && before->min == after->min && - before->sec > after->sec ) - return( 1 ); + before->sec > after->sec) { + return 1; + } - return( 0 ); + return 0; } -int mbedtls_x509_time_is_past( const mbedtls_x509_time *to ) +int mbedtls_x509_time_is_past(const mbedtls_x509_time *to) { mbedtls_x509_time now; - if( x509_get_current_time( &now ) != 0 ) - return( 1 ); + if (x509_get_current_time(&now) != 0) { + return 1; + } - return( x509_check_time( &now, to ) ); + return x509_check_time(&now, to); } -int mbedtls_x509_time_is_future( const mbedtls_x509_time *from ) +int mbedtls_x509_time_is_future(const mbedtls_x509_time *from) { mbedtls_x509_time now; - if( x509_get_current_time( &now ) != 0 ) - return( 1 ); + if (x509_get_current_time(&now) != 0) { + return 1; + } - return( x509_check_time( from, &now ) ); + return x509_check_time(from, &now); } #else /* MBEDTLS_HAVE_TIME_DATE */ -int mbedtls_x509_time_is_past( const mbedtls_x509_time *to ) +int mbedtls_x509_time_is_past(const mbedtls_x509_time *to) { ((void) to); - return( 0 ); + return 0; } -int mbedtls_x509_time_is_future( const mbedtls_x509_time *from ) +int mbedtls_x509_time_is_future(const mbedtls_x509_time *from) { ((void) from); - return( 0 ); + return 0; } #endif /* MBEDTLS_HAVE_TIME_DATE */ @@ -1035,7 +1082,7 @@ int mbedtls_x509_time_is_future( const mbedtls_x509_time *from ) /* * Checkup routine */ -int mbedtls_x509_self_test( int verbose ) +int mbedtls_x509_self_test(int verbose) { int ret = 0; #if defined(MBEDTLS_CERTS_C) && defined(MBEDTLS_SHA256_C) @@ -1043,54 +1090,57 @@ int mbedtls_x509_self_test( int verbose ) mbedtls_x509_crt cacert; mbedtls_x509_crt clicert; - if( verbose != 0 ) - mbedtls_printf( " X.509 certificate load: " ); + if (verbose != 0) { + mbedtls_printf(" X.509 certificate load: "); + } - mbedtls_x509_crt_init( &cacert ); - mbedtls_x509_crt_init( &clicert ); + mbedtls_x509_crt_init(&cacert); + mbedtls_x509_crt_init(&clicert); - ret = mbedtls_x509_crt_parse( &clicert, (const unsigned char *) mbedtls_test_cli_crt, - mbedtls_test_cli_crt_len ); - if( ret != 0 ) - { - if( verbose != 0 ) - mbedtls_printf( "failed\n" ); + ret = mbedtls_x509_crt_parse(&clicert, (const unsigned char *) mbedtls_test_cli_crt, + mbedtls_test_cli_crt_len); + if (ret != 0) { + if (verbose != 0) { + mbedtls_printf("failed\n"); + } goto cleanup; } - ret = mbedtls_x509_crt_parse( &cacert, (const unsigned char *) mbedtls_test_ca_crt, - mbedtls_test_ca_crt_len ); - if( ret != 0 ) - { - if( verbose != 0 ) - mbedtls_printf( "failed\n" ); + ret = mbedtls_x509_crt_parse(&cacert, (const unsigned char *) mbedtls_test_ca_crt, + mbedtls_test_ca_crt_len); + if (ret != 0) { + if (verbose != 0) { + mbedtls_printf("failed\n"); + } goto cleanup; } - if( verbose != 0 ) - mbedtls_printf( "passed\n X.509 signature verify: "); + if (verbose != 0) { + mbedtls_printf("passed\n X.509 signature verify: "); + } - ret = mbedtls_x509_crt_verify( &clicert, &cacert, NULL, NULL, &flags, NULL, NULL ); - if( ret != 0 ) - { - if( verbose != 0 ) - mbedtls_printf( "failed\n" ); + ret = mbedtls_x509_crt_verify(&clicert, &cacert, NULL, NULL, &flags, NULL, NULL); + if (ret != 0) { + if (verbose != 0) { + mbedtls_printf("failed\n"); + } goto cleanup; } - if( verbose != 0 ) - mbedtls_printf( "passed\n\n"); + if (verbose != 0) { + mbedtls_printf("passed\n\n"); + } cleanup: - mbedtls_x509_crt_free( &cacert ); - mbedtls_x509_crt_free( &clicert ); + mbedtls_x509_crt_free(&cacert); + mbedtls_x509_crt_free(&clicert); #else ((void) verbose); #endif /* MBEDTLS_CERTS_C && MBEDTLS_SHA256_C */ - return( ret ); + return ret; } #endif /* MBEDTLS_SELF_TEST */ diff --git a/thirdparty/mbedtls/library/x509_create.c b/thirdparty/mbedtls/library/x509_create.c index 056bbaa786..50db95688f 100644 --- a/thirdparty/mbedtls/library/x509_create.c +++ b/thirdparty/mbedtls/library/x509_create.c @@ -31,115 +31,115 @@ /* Structure linking OIDs for X.509 DN AttributeTypes to their * string representations and default string encodings used by Mbed TLS. */ typedef struct { - const char *name; /* String representation of AttributeType, e.g. - * "CN" or "emailAddress". */ - size_t name_len; /* Length of 'name', without trailing 0 byte. */ - const char *oid; /* String representation of OID of AttributeType, + const char *name; /* String representation of AttributeType, e.g. + * "CN" or "emailAddress". */ + size_t name_len; /* Length of 'name', without trailing 0 byte. */ + const char *oid; /* String representation of OID of AttributeType, * as per RFC 5280, Appendix A.1. */ - int default_tag; /* The default character encoding used for the + int default_tag; /* The default character encoding used for the * given attribute type, e.g. * MBEDTLS_ASN1_UTF8_STRING for UTF-8. */ } x509_attr_descriptor_t; -#define ADD_STRLEN( s ) s, sizeof( s ) - 1 +#define ADD_STRLEN(s) s, sizeof(s) - 1 /* X.509 DN attributes from RFC 5280, Appendix A.1. */ static const x509_attr_descriptor_t x509_attrs[] = { - { ADD_STRLEN( "CN" ), + { ADD_STRLEN("CN"), MBEDTLS_OID_AT_CN, MBEDTLS_ASN1_UTF8_STRING }, - { ADD_STRLEN( "commonName" ), + { ADD_STRLEN("commonName"), MBEDTLS_OID_AT_CN, MBEDTLS_ASN1_UTF8_STRING }, - { ADD_STRLEN( "C" ), + { ADD_STRLEN("C"), MBEDTLS_OID_AT_COUNTRY, MBEDTLS_ASN1_PRINTABLE_STRING }, - { ADD_STRLEN( "countryName" ), + { ADD_STRLEN("countryName"), MBEDTLS_OID_AT_COUNTRY, MBEDTLS_ASN1_PRINTABLE_STRING }, - { ADD_STRLEN( "O" ), + { ADD_STRLEN("O"), MBEDTLS_OID_AT_ORGANIZATION, MBEDTLS_ASN1_UTF8_STRING }, - { ADD_STRLEN( "organizationName" ), + { ADD_STRLEN("organizationName"), MBEDTLS_OID_AT_ORGANIZATION, MBEDTLS_ASN1_UTF8_STRING }, - { ADD_STRLEN( "L" ), + { ADD_STRLEN("L"), MBEDTLS_OID_AT_LOCALITY, MBEDTLS_ASN1_UTF8_STRING }, - { ADD_STRLEN( "locality" ), + { ADD_STRLEN("locality"), MBEDTLS_OID_AT_LOCALITY, MBEDTLS_ASN1_UTF8_STRING }, - { ADD_STRLEN( "R" ), + { ADD_STRLEN("R"), MBEDTLS_OID_PKCS9_EMAIL, MBEDTLS_ASN1_IA5_STRING }, - { ADD_STRLEN( "OU" ), + { ADD_STRLEN("OU"), MBEDTLS_OID_AT_ORG_UNIT, MBEDTLS_ASN1_UTF8_STRING }, - { ADD_STRLEN( "organizationalUnitName" ), + { ADD_STRLEN("organizationalUnitName"), MBEDTLS_OID_AT_ORG_UNIT, MBEDTLS_ASN1_UTF8_STRING }, - { ADD_STRLEN( "ST" ), + { ADD_STRLEN("ST"), MBEDTLS_OID_AT_STATE, MBEDTLS_ASN1_UTF8_STRING }, - { ADD_STRLEN( "stateOrProvinceName" ), + { ADD_STRLEN("stateOrProvinceName"), MBEDTLS_OID_AT_STATE, MBEDTLS_ASN1_UTF8_STRING }, - { ADD_STRLEN( "emailAddress" ), + { ADD_STRLEN("emailAddress"), MBEDTLS_OID_PKCS9_EMAIL, MBEDTLS_ASN1_IA5_STRING }, - { ADD_STRLEN( "serialNumber" ), + { ADD_STRLEN("serialNumber"), MBEDTLS_OID_AT_SERIAL_NUMBER, MBEDTLS_ASN1_PRINTABLE_STRING }, - { ADD_STRLEN( "postalAddress" ), + { ADD_STRLEN("postalAddress"), MBEDTLS_OID_AT_POSTAL_ADDRESS, MBEDTLS_ASN1_PRINTABLE_STRING }, - { ADD_STRLEN( "postalCode" ), + { ADD_STRLEN("postalCode"), MBEDTLS_OID_AT_POSTAL_CODE, MBEDTLS_ASN1_PRINTABLE_STRING }, - { ADD_STRLEN( "dnQualifier" ), + { ADD_STRLEN("dnQualifier"), MBEDTLS_OID_AT_DN_QUALIFIER, MBEDTLS_ASN1_PRINTABLE_STRING }, - { ADD_STRLEN( "title" ), + { ADD_STRLEN("title"), MBEDTLS_OID_AT_TITLE, MBEDTLS_ASN1_UTF8_STRING }, - { ADD_STRLEN( "surName" ), + { ADD_STRLEN("surName"), MBEDTLS_OID_AT_SUR_NAME, MBEDTLS_ASN1_UTF8_STRING }, - { ADD_STRLEN( "SN" ), + { ADD_STRLEN("SN"), MBEDTLS_OID_AT_SUR_NAME, MBEDTLS_ASN1_UTF8_STRING }, - { ADD_STRLEN( "givenName" ), + { ADD_STRLEN("givenName"), MBEDTLS_OID_AT_GIVEN_NAME, MBEDTLS_ASN1_UTF8_STRING }, - { ADD_STRLEN( "GN" ), + { ADD_STRLEN("GN"), MBEDTLS_OID_AT_GIVEN_NAME, MBEDTLS_ASN1_UTF8_STRING }, - { ADD_STRLEN( "initials" ), + { ADD_STRLEN("initials"), MBEDTLS_OID_AT_INITIALS, MBEDTLS_ASN1_UTF8_STRING }, - { ADD_STRLEN( "pseudonym" ), + { ADD_STRLEN("pseudonym"), MBEDTLS_OID_AT_PSEUDONYM, MBEDTLS_ASN1_UTF8_STRING }, - { ADD_STRLEN( "generationQualifier" ), + { ADD_STRLEN("generationQualifier"), MBEDTLS_OID_AT_GENERATION_QUALIFIER, MBEDTLS_ASN1_UTF8_STRING }, - { ADD_STRLEN( "domainComponent" ), + { ADD_STRLEN("domainComponent"), MBEDTLS_OID_DOMAIN_COMPONENT, MBEDTLS_ASN1_IA5_STRING }, - { ADD_STRLEN( "DC" ), + { ADD_STRLEN("DC"), MBEDTLS_OID_DOMAIN_COMPONENT, MBEDTLS_ASN1_IA5_STRING }, { NULL, 0, NULL, MBEDTLS_ASN1_NULL } }; -static const x509_attr_descriptor_t *x509_attr_descr_from_name( const char *name, size_t name_len ) +static const x509_attr_descriptor_t *x509_attr_descr_from_name(const char *name, size_t name_len) { const x509_attr_descriptor_t *cur; - for( cur = x509_attrs; cur->name != NULL; cur++ ) - if( cur->name_len == name_len && - strncmp( cur->name, name, name_len ) == 0 ) + for (cur = x509_attrs; cur->name != NULL; cur++) { + if (cur->name_len == name_len && + strncmp(cur->name, name, name_len) == 0) { break; + } + } - if ( cur->name == NULL ) - return( NULL ); + if (cur->name == NULL) { + return NULL; + } - return( cur ); + return cur; } -int mbedtls_x509_string_to_names( mbedtls_asn1_named_data **head, const char *name ) +int mbedtls_x509_string_to_names(mbedtls_asn1_named_data **head, const char *name) { int ret = 0; const char *s = name, *c = s; - const char *end = s + strlen( s ); + const char *end = s + strlen(s); const char *oid = NULL; - const x509_attr_descriptor_t* attr_descr = NULL; + const x509_attr_descriptor_t *attr_descr = NULL; int in_tag = 1; char data[MBEDTLS_X509_MAX_DN_NAME_SIZE]; char *d = data; /* Clear existing chain if present */ - mbedtls_asn1_free_named_data_list( head ); - - while( c <= end ) - { - if( in_tag && *c == '=' ) - { - if( ( attr_descr = x509_attr_descr_from_name( s, c - s ) ) == NULL ) - { + mbedtls_asn1_free_named_data_list(head); + + while (c <= end) { + if (in_tag && *c == '=') { + if ((attr_descr = x509_attr_descr_from_name(s, c - s)) == NULL) { ret = MBEDTLS_ERR_X509_UNKNOWN_OID; goto exit; } @@ -150,45 +150,39 @@ int mbedtls_x509_string_to_names( mbedtls_asn1_named_data **head, const char *na d = data; } - if( !in_tag && *c == '\\' && c != end ) - { + if (!in_tag && *c == '\\' && c != end) { c++; /* Check for valid escaped characters */ - if( c == end || *c != ',' ) - { + if (c == end || *c != ',') { ret = MBEDTLS_ERR_X509_INVALID_NAME; goto exit; } - } - else if( !in_tag && ( *c == ',' || c == end ) ) - { - mbedtls_asn1_named_data* cur = - mbedtls_asn1_store_named_data( head, oid, strlen( oid ), - (unsigned char *) data, - d - data ); - - if(cur == NULL ) - { - return( MBEDTLS_ERR_X509_ALLOC_FAILED ); + } else if (!in_tag && (*c == ',' || c == end)) { + mbedtls_asn1_named_data *cur = + mbedtls_asn1_store_named_data(head, oid, strlen(oid), + (unsigned char *) data, + d - data); + + if (cur == NULL) { + return MBEDTLS_ERR_X509_ALLOC_FAILED; } // set tagType cur->val.tag = attr_descr->default_tag; - while( c < end && *(c + 1) == ' ' ) + while (c < end && *(c + 1) == ' ') { c++; + } s = c + 1; in_tag = 1; } - if( !in_tag && s != c + 1 ) - { + if (!in_tag && s != c + 1) { *(d++) = *c; - if( d - data == MBEDTLS_X509_MAX_DN_NAME_SIZE ) - { + if (d - data == MBEDTLS_X509_MAX_DN_NAME_SIZE) { ret = MBEDTLS_ERR_X509_INVALID_NAME; goto exit; } @@ -199,27 +193,26 @@ int mbedtls_x509_string_to_names( mbedtls_asn1_named_data **head, const char *na exit: - return( ret ); + return ret; } /* The first byte of the value in the mbedtls_asn1_named_data structure is reserved * to store the critical boolean for us */ -int mbedtls_x509_set_extension( mbedtls_asn1_named_data **head, const char *oid, size_t oid_len, - int critical, const unsigned char *val, size_t val_len ) +int mbedtls_x509_set_extension(mbedtls_asn1_named_data **head, const char *oid, size_t oid_len, + int critical, const unsigned char *val, size_t val_len) { mbedtls_asn1_named_data *cur; - if( ( cur = mbedtls_asn1_store_named_data( head, oid, oid_len, - NULL, val_len + 1 ) ) == NULL ) - { - return( MBEDTLS_ERR_X509_ALLOC_FAILED ); + if ((cur = mbedtls_asn1_store_named_data(head, oid, oid_len, + NULL, val_len + 1)) == NULL) { + return MBEDTLS_ERR_X509_ALLOC_FAILED; } cur->val.p[0] = critical; - memcpy( cur->val.p + 1, val, val_len ); + memcpy(cur->val.p + 1, val, val_len); - return( 0 ); + return 0; } /* @@ -234,115 +227,117 @@ int mbedtls_x509_set_extension( mbedtls_asn1_named_data **head, const char *oid, * * AttributeValue ::= ANY DEFINED BY AttributeType */ -static int x509_write_name( unsigned char **p, unsigned char *start, mbedtls_asn1_named_data* cur_name) +static int x509_write_name(unsigned char **p, + unsigned char *start, + mbedtls_asn1_named_data *cur_name) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len = 0; - const char *oid = (const char*)cur_name->oid.p; + const char *oid = (const char *) cur_name->oid.p; size_t oid_len = cur_name->oid.len; const unsigned char *name = cur_name->val.p; size_t name_len = cur_name->val.len; // Write correct string tag and value - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tagged_string( p, start, - cur_name->val.tag, - (const char *) name, - name_len ) ); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tagged_string(p, start, + cur_name->val.tag, + (const char *) name, + name_len)); // Write OID // - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_oid( p, start, oid, - oid_len ) ); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_oid(p, start, oid, + oid_len)); - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) ); - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start, - MBEDTLS_ASN1_CONSTRUCTED | - MBEDTLS_ASN1_SEQUENCE ) ); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, len)); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start, + MBEDTLS_ASN1_CONSTRUCTED | + MBEDTLS_ASN1_SEQUENCE)); - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) ); - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start, - MBEDTLS_ASN1_CONSTRUCTED | - MBEDTLS_ASN1_SET ) ); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, len)); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start, + MBEDTLS_ASN1_CONSTRUCTED | + MBEDTLS_ASN1_SET)); - return( (int) len ); + return (int) len; } -int mbedtls_x509_write_names( unsigned char **p, unsigned char *start, - mbedtls_asn1_named_data *first ) +int mbedtls_x509_write_names(unsigned char **p, unsigned char *start, + mbedtls_asn1_named_data *first) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len = 0; mbedtls_asn1_named_data *cur = first; - while( cur != NULL ) - { - MBEDTLS_ASN1_CHK_ADD( len, x509_write_name( p, start, cur ) ); + while (cur != NULL) { + MBEDTLS_ASN1_CHK_ADD(len, x509_write_name(p, start, cur)); cur = cur->next; } - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) ); - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start, MBEDTLS_ASN1_CONSTRUCTED | - MBEDTLS_ASN1_SEQUENCE ) ); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, len)); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start, MBEDTLS_ASN1_CONSTRUCTED | + MBEDTLS_ASN1_SEQUENCE)); - return( (int) len ); + return (int) len; } -int mbedtls_x509_write_sig( unsigned char **p, unsigned char *start, - const char *oid, size_t oid_len, - unsigned char *sig, size_t size ) +int mbedtls_x509_write_sig(unsigned char **p, unsigned char *start, + const char *oid, size_t oid_len, + unsigned char *sig, size_t size) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len = 0; - if( *p < start || (size_t)( *p - start ) < size ) - return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL ); + if (*p < start || (size_t) (*p - start) < size) { + return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL; + } len = size; (*p) -= len; - memcpy( *p, sig, len ); + memcpy(*p, sig, len); - if( *p - start < 1 ) - return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL ); + if (*p - start < 1) { + return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL; + } *--(*p) = 0; len += 1; - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) ); - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start, MBEDTLS_ASN1_BIT_STRING ) ); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, len)); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start, MBEDTLS_ASN1_BIT_STRING)); // Write OID // - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_algorithm_identifier( p, start, oid, - oid_len, 0 ) ); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_algorithm_identifier(p, start, oid, + oid_len, 0)); - return( (int) len ); + return (int) len; } -static int x509_write_extension( unsigned char **p, unsigned char *start, - mbedtls_asn1_named_data *ext ) +static int x509_write_extension(unsigned char **p, unsigned char *start, + mbedtls_asn1_named_data *ext) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len = 0; - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_raw_buffer( p, start, ext->val.p + 1, - ext->val.len - 1 ) ); - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, ext->val.len - 1 ) ); - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start, MBEDTLS_ASN1_OCTET_STRING ) ); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_raw_buffer(p, start, ext->val.p + 1, + ext->val.len - 1)); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, ext->val.len - 1)); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start, MBEDTLS_ASN1_OCTET_STRING)); - if( ext->val.p[0] != 0 ) - { - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_bool( p, start, 1 ) ); + if (ext->val.p[0] != 0) { + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_bool(p, start, 1)); } - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_raw_buffer( p, start, ext->oid.p, - ext->oid.len ) ); - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, ext->oid.len ) ); - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start, MBEDTLS_ASN1_OID ) ); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_raw_buffer(p, start, ext->oid.p, + ext->oid.len)); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, ext->oid.len)); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start, MBEDTLS_ASN1_OID)); - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) ); - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start, MBEDTLS_ASN1_CONSTRUCTED | - MBEDTLS_ASN1_SEQUENCE ) ); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, len)); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start, MBEDTLS_ASN1_CONSTRUCTED | + MBEDTLS_ASN1_SEQUENCE)); - return( (int) len ); + return (int) len; } /* @@ -355,20 +350,19 @@ static int x509_write_extension( unsigned char **p, unsigned char *start, * -- by extnID * } */ -int mbedtls_x509_write_extensions( unsigned char **p, unsigned char *start, - mbedtls_asn1_named_data *first ) +int mbedtls_x509_write_extensions(unsigned char **p, unsigned char *start, + mbedtls_asn1_named_data *first) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len = 0; mbedtls_asn1_named_data *cur_ext = first; - while( cur_ext != NULL ) - { - MBEDTLS_ASN1_CHK_ADD( len, x509_write_extension( p, start, cur_ext ) ); + while (cur_ext != NULL) { + MBEDTLS_ASN1_CHK_ADD(len, x509_write_extension(p, start, cur_ext)); cur_ext = cur_ext->next; } - return( (int) len ); + return (int) len; } #endif /* MBEDTLS_X509_CREATE_C */ diff --git a/thirdparty/mbedtls/library/x509_crl.c b/thirdparty/mbedtls/library/x509_crl.c index b943a8d6da..d5357ea4e8 100644 --- a/thirdparty/mbedtls/library/x509_crl.c +++ b/thirdparty/mbedtls/library/x509_crl.c @@ -59,24 +59,22 @@ /* * Version ::= INTEGER { v1(0), v2(1) } */ -static int x509_crl_get_version( unsigned char **p, - const unsigned char *end, - int *ver ) +static int x509_crl_get_version(unsigned char **p, + const unsigned char *end, + int *ver) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - if( ( ret = mbedtls_asn1_get_int( p, end, ver ) ) != 0 ) - { - if( ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) - { + if ((ret = mbedtls_asn1_get_int(p, end, ver)) != 0) { + if (ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) { *ver = 0; - return( 0 ); + return 0; } - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_VERSION, ret ) ); + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_VERSION, ret); } - return( 0 ); + return 0; } /* @@ -86,26 +84,27 @@ static int x509_crl_get_version( unsigned char **p, * list of extensions is well-formed and abort on critical extensions (that * are unsupported as we don't support any extension so far) */ -static int x509_get_crl_ext( unsigned char **p, - const unsigned char *end, - mbedtls_x509_buf *ext ) +static int x509_get_crl_ext(unsigned char **p, + const unsigned char *end, + mbedtls_x509_buf *ext) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - if( *p == end ) - return( 0 ); + if (*p == end) { + return 0; + } /* * crlExtensions [0] EXPLICIT Extensions OPTIONAL * -- if present, version MUST be v2 */ - if( ( ret = mbedtls_x509_get_ext( p, end, ext, 0 ) ) != 0 ) - return( ret ); + if ((ret = mbedtls_x509_get_ext(p, end, ext, 0)) != 0) { + return ret; + } end = ext->p + ext->len; - while( *p < end ) - { + while (*p < end) { /* * Extension ::= SEQUENCE { * extnID OBJECT IDENTIFIER, @@ -117,65 +116,69 @@ static int x509_get_crl_ext( unsigned char **p, size_t len; /* Get enclosing sequence tag */ - if( ( ret = mbedtls_asn1_get_tag( p, end, &len, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) ); + if ((ret = mbedtls_asn1_get_tag(p, end, &len, + MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); + } end_ext_data = *p + len; /* Get OID (currently ignored) */ - if( ( ret = mbedtls_asn1_get_tag( p, end_ext_data, &len, - MBEDTLS_ASN1_OID ) ) != 0 ) - { - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) ); + if ((ret = mbedtls_asn1_get_tag(p, end_ext_data, &len, + MBEDTLS_ASN1_OID)) != 0) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); } *p += len; /* Get optional critical */ - if( ( ret = mbedtls_asn1_get_bool( p, end_ext_data, - &is_critical ) ) != 0 && - ( ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) ) - { - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) ); + if ((ret = mbedtls_asn1_get_bool(p, end_ext_data, + &is_critical)) != 0 && + (ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); } /* Data should be octet string type */ - if( ( ret = mbedtls_asn1_get_tag( p, end_ext_data, &len, - MBEDTLS_ASN1_OCTET_STRING ) ) != 0 ) - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) ); + if ((ret = mbedtls_asn1_get_tag(p, end_ext_data, &len, + MBEDTLS_ASN1_OCTET_STRING)) != 0) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); + } /* Ignore data so far and just check its length */ *p += len; - if( *p != end_ext_data ) - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) ); + if (*p != end_ext_data) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); + } /* Abort on (unsupported) critical extensions */ - if( is_critical ) - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, - MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) ); + if (is_critical) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG); + } } - if( *p != end ) - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) ); + if (*p != end) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); + } - return( 0 ); + return 0; } /* * X.509 CRL v2 entry extensions (no extensions parsed yet.) */ -static int x509_get_crl_entry_ext( unsigned char **p, - const unsigned char *end, - mbedtls_x509_buf *ext ) +static int x509_get_crl_entry_ext(unsigned char **p, + const unsigned char *end, + mbedtls_x509_buf *ext) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len = 0; /* OPTIONAL */ - if( end <= *p ) - return( 0 ); + if (end <= *p) { + return 0; + } ext->tag = **p; ext->p = *p; @@ -184,110 +187,112 @@ static int x509_get_crl_entry_ext( unsigned char **p, * Get CRL-entry extension sequence header * crlEntryExtensions Extensions OPTIONAL -- if present, MUST be v2 */ - if( ( ret = mbedtls_asn1_get_tag( p, end, &ext->len, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) - { - if( ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) - { + if ((ret = mbedtls_asn1_get_tag(p, end, &ext->len, + MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { + if (ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) { ext->p = NULL; - return( 0 ); + return 0; } - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) ); + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); } end = *p + ext->len; - if( end != *p + ext->len ) - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) ); + if (end != *p + ext->len) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); + } - while( *p < end ) - { - if( ( ret = mbedtls_asn1_get_tag( p, end, &len, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) ); + while (*p < end) { + if ((ret = mbedtls_asn1_get_tag(p, end, &len, + MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); + } *p += len; } - if( *p != end ) - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) ); + if (*p != end) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); + } - return( 0 ); + return 0; } /* * X.509 CRL Entries */ -static int x509_get_entries( unsigned char **p, - const unsigned char *end, - mbedtls_x509_crl_entry *entry ) +static int x509_get_entries(unsigned char **p, + const unsigned char *end, + mbedtls_x509_crl_entry *entry) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t entry_len; mbedtls_x509_crl_entry *cur_entry = entry; - if( *p == end ) - return( 0 ); + if (*p == end) { + return 0; + } - if( ( ret = mbedtls_asn1_get_tag( p, end, &entry_len, - MBEDTLS_ASN1_SEQUENCE | MBEDTLS_ASN1_CONSTRUCTED ) ) != 0 ) - { - if( ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) - return( 0 ); + if ((ret = mbedtls_asn1_get_tag(p, end, &entry_len, + MBEDTLS_ASN1_SEQUENCE | MBEDTLS_ASN1_CONSTRUCTED)) != 0) { + if (ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) { + return 0; + } - return( ret ); + return ret; } end = *p + entry_len; - while( *p < end ) - { + while (*p < end) { size_t len2; const unsigned char *end2; cur_entry->raw.tag = **p; - if( ( ret = mbedtls_asn1_get_tag( p, end, &len2, - MBEDTLS_ASN1_SEQUENCE | MBEDTLS_ASN1_CONSTRUCTED ) ) != 0 ) - { - return( ret ); + if ((ret = mbedtls_asn1_get_tag(p, end, &len2, + MBEDTLS_ASN1_SEQUENCE | MBEDTLS_ASN1_CONSTRUCTED)) != 0) { + return ret; } cur_entry->raw.p = *p; cur_entry->raw.len = len2; end2 = *p + len2; - if( ( ret = mbedtls_x509_get_serial( p, end2, &cur_entry->serial ) ) != 0 ) - return( ret ); + if ((ret = mbedtls_x509_get_serial(p, end2, &cur_entry->serial)) != 0) { + return ret; + } - if( ( ret = mbedtls_x509_get_time( p, end2, - &cur_entry->revocation_date ) ) != 0 ) - return( ret ); + if ((ret = mbedtls_x509_get_time(p, end2, + &cur_entry->revocation_date)) != 0) { + return ret; + } - if( ( ret = x509_get_crl_entry_ext( p, end2, - &cur_entry->entry_ext ) ) != 0 ) - return( ret ); + if ((ret = x509_get_crl_entry_ext(p, end2, + &cur_entry->entry_ext)) != 0) { + return ret; + } - if( *p < end ) - { - cur_entry->next = mbedtls_calloc( 1, sizeof( mbedtls_x509_crl_entry ) ); + if (*p < end) { + cur_entry->next = mbedtls_calloc(1, sizeof(mbedtls_x509_crl_entry)); - if( cur_entry->next == NULL ) - return( MBEDTLS_ERR_X509_ALLOC_FAILED ); + if (cur_entry->next == NULL) { + return MBEDTLS_ERR_X509_ALLOC_FAILED; + } cur_entry = cur_entry->next; } } - return( 0 ); + return 0; } /* * Parse one CRLs in DER format and append it to the chained list */ -int mbedtls_x509_crl_parse_der( mbedtls_x509_crl *chain, - const unsigned char *buf, size_t buflen ) +int mbedtls_x509_crl_parse_der(mbedtls_x509_crl *chain, + const unsigned char *buf, size_t buflen) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len; @@ -298,44 +303,46 @@ int mbedtls_x509_crl_parse_der( mbedtls_x509_crl *chain, /* * Check for valid input */ - if( crl == NULL || buf == NULL ) - return( MBEDTLS_ERR_X509_BAD_INPUT_DATA ); + if (crl == NULL || buf == NULL) { + return MBEDTLS_ERR_X509_BAD_INPUT_DATA; + } - memset( &sig_params1, 0, sizeof( mbedtls_x509_buf ) ); - memset( &sig_params2, 0, sizeof( mbedtls_x509_buf ) ); - memset( &sig_oid2, 0, sizeof( mbedtls_x509_buf ) ); + memset(&sig_params1, 0, sizeof(mbedtls_x509_buf)); + memset(&sig_params2, 0, sizeof(mbedtls_x509_buf)); + memset(&sig_oid2, 0, sizeof(mbedtls_x509_buf)); /* * Add new CRL on the end of the chain if needed. */ - while( crl->version != 0 && crl->next != NULL ) + while (crl->version != 0 && crl->next != NULL) { crl = crl->next; + } - if( crl->version != 0 && crl->next == NULL ) - { - crl->next = mbedtls_calloc( 1, sizeof( mbedtls_x509_crl ) ); + if (crl->version != 0 && crl->next == NULL) { + crl->next = mbedtls_calloc(1, sizeof(mbedtls_x509_crl)); - if( crl->next == NULL ) - { - mbedtls_x509_crl_free( crl ); - return( MBEDTLS_ERR_X509_ALLOC_FAILED ); + if (crl->next == NULL) { + mbedtls_x509_crl_free(crl); + return MBEDTLS_ERR_X509_ALLOC_FAILED; } - mbedtls_x509_crl_init( crl->next ); + mbedtls_x509_crl_init(crl->next); crl = crl->next; } /* * Copy raw DER-encoded CRL */ - if( buflen == 0 ) - return( MBEDTLS_ERR_X509_INVALID_FORMAT ); + if (buflen == 0) { + return MBEDTLS_ERR_X509_INVALID_FORMAT; + } - p = mbedtls_calloc( 1, buflen ); - if( p == NULL ) - return( MBEDTLS_ERR_X509_ALLOC_FAILED ); + p = mbedtls_calloc(1, buflen); + if (p == NULL) { + return MBEDTLS_ERR_X509_ALLOC_FAILED; + } - memcpy( p, buf, buflen ); + memcpy(p, buf, buflen); crl->raw.p = p; crl->raw.len = buflen; @@ -348,18 +355,16 @@ int mbedtls_x509_crl_parse_der( mbedtls_x509_crl *chain, * signatureAlgorithm AlgorithmIdentifier, * signatureValue BIT STRING } */ - if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) - { - mbedtls_x509_crl_free( crl ); - return( MBEDTLS_ERR_X509_INVALID_FORMAT ); + if ((ret = mbedtls_asn1_get_tag(&p, end, &len, + MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { + mbedtls_x509_crl_free(crl); + return MBEDTLS_ERR_X509_INVALID_FORMAT; } - if( len != (size_t) ( end - p ) ) - { - mbedtls_x509_crl_free( crl ); - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_FORMAT, - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) ); + if (len != (size_t) (end - p)) { + mbedtls_x509_crl_free(crl); + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); } /* @@ -367,11 +372,10 @@ int mbedtls_x509_crl_parse_der( mbedtls_x509_crl *chain, */ crl->tbs.p = p; - if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) - { - mbedtls_x509_crl_free( crl ); - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_FORMAT, ret ) ); + if ((ret = mbedtls_asn1_get_tag(&p, end, &len, + MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { + mbedtls_x509_crl_free(crl); + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, ret); } end = p + len; @@ -383,27 +387,24 @@ int mbedtls_x509_crl_parse_der( mbedtls_x509_crl *chain, * * signature AlgorithmIdentifier */ - if( ( ret = x509_crl_get_version( &p, end, &crl->version ) ) != 0 || - ( ret = mbedtls_x509_get_alg( &p, end, &crl->sig_oid, &sig_params1 ) ) != 0 ) - { - mbedtls_x509_crl_free( crl ); - return( ret ); + if ((ret = x509_crl_get_version(&p, end, &crl->version)) != 0 || + (ret = mbedtls_x509_get_alg(&p, end, &crl->sig_oid, &sig_params1)) != 0) { + mbedtls_x509_crl_free(crl); + return ret; } - if( crl->version < 0 || crl->version > 1 ) - { - mbedtls_x509_crl_free( crl ); - return( MBEDTLS_ERR_X509_UNKNOWN_VERSION ); + if (crl->version < 0 || crl->version > 1) { + mbedtls_x509_crl_free(crl); + return MBEDTLS_ERR_X509_UNKNOWN_VERSION; } crl->version++; - if( ( ret = mbedtls_x509_get_sig_alg( &crl->sig_oid, &sig_params1, - &crl->sig_md, &crl->sig_pk, - &crl->sig_opts ) ) != 0 ) - { - mbedtls_x509_crl_free( crl ); - return( MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG ); + if ((ret = mbedtls_x509_get_sig_alg(&crl->sig_oid, &sig_params1, + &crl->sig_md, &crl->sig_pk, + &crl->sig_opts)) != 0) { + mbedtls_x509_crl_free(crl); + return MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG; } /* @@ -411,17 +412,15 @@ int mbedtls_x509_crl_parse_der( mbedtls_x509_crl *chain, */ crl->issuer_raw.p = p; - if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) - { - mbedtls_x509_crl_free( crl ); - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_FORMAT, ret ) ); + if ((ret = mbedtls_asn1_get_tag(&p, end, &len, + MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { + mbedtls_x509_crl_free(crl); + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, ret); } - if( ( ret = mbedtls_x509_get_name( &p, p + len, &crl->issuer ) ) != 0 ) - { - mbedtls_x509_crl_free( crl ); - return( ret ); + if ((ret = mbedtls_x509_get_name(&p, p + len, &crl->issuer)) != 0) { + mbedtls_x509_crl_free(crl); + return ret; } crl->issuer_raw.len = p - crl->issuer_raw.p; @@ -430,21 +429,18 @@ int mbedtls_x509_crl_parse_der( mbedtls_x509_crl *chain, * thisUpdate Time * nextUpdate Time OPTIONAL */ - if( ( ret = mbedtls_x509_get_time( &p, end, &crl->this_update ) ) != 0 ) - { - mbedtls_x509_crl_free( crl ); - return( ret ); - } - - if( ( ret = mbedtls_x509_get_time( &p, end, &crl->next_update ) ) != 0 ) - { - if( ret != ( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_DATE, - MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) ) && - ret != ( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_DATE, - MBEDTLS_ERR_ASN1_OUT_OF_DATA ) ) ) - { - mbedtls_x509_crl_free( crl ); - return( ret ); + if ((ret = mbedtls_x509_get_time(&p, end, &crl->this_update)) != 0) { + mbedtls_x509_crl_free(crl); + return ret; + } + + if ((ret = mbedtls_x509_get_time(&p, end, &crl->next_update)) != 0) { + if (ret != (MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)) && + ret != (MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, + MBEDTLS_ERR_ASN1_OUT_OF_DATA))) { + mbedtls_x509_crl_free(crl); + return ret; } } @@ -456,32 +452,28 @@ int mbedtls_x509_crl_parse_der( mbedtls_x509_crl *chain, * -- if present, MUST be v2 * } OPTIONAL */ - if( ( ret = x509_get_entries( &p, end, &crl->entry ) ) != 0 ) - { - mbedtls_x509_crl_free( crl ); - return( ret ); + if ((ret = x509_get_entries(&p, end, &crl->entry)) != 0) { + mbedtls_x509_crl_free(crl); + return ret; } /* * crlExtensions EXPLICIT Extensions OPTIONAL * -- if present, MUST be v2 */ - if( crl->version == 2 ) - { - ret = x509_get_crl_ext( &p, end, &crl->crl_ext ); - - if( ret != 0 ) - { - mbedtls_x509_crl_free( crl ); - return( ret ); + if (crl->version == 2) { + ret = x509_get_crl_ext(&p, end, &crl->crl_ext); + + if (ret != 0) { + mbedtls_x509_crl_free(crl); + return ret; } } - if( p != end ) - { - mbedtls_x509_crl_free( crl ); - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_FORMAT, - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) ); + if (p != end) { + mbedtls_x509_crl_free(crl); + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); } end = crl->raw.p + crl->raw.len; @@ -490,42 +482,38 @@ int mbedtls_x509_crl_parse_der( mbedtls_x509_crl *chain, * signatureAlgorithm AlgorithmIdentifier, * signatureValue BIT STRING */ - if( ( ret = mbedtls_x509_get_alg( &p, end, &sig_oid2, &sig_params2 ) ) != 0 ) - { - mbedtls_x509_crl_free( crl ); - return( ret ); + if ((ret = mbedtls_x509_get_alg(&p, end, &sig_oid2, &sig_params2)) != 0) { + mbedtls_x509_crl_free(crl); + return ret; } - if( crl->sig_oid.len != sig_oid2.len || - memcmp( crl->sig_oid.p, sig_oid2.p, crl->sig_oid.len ) != 0 || + if (crl->sig_oid.len != sig_oid2.len || + memcmp(crl->sig_oid.p, sig_oid2.p, crl->sig_oid.len) != 0 || sig_params1.len != sig_params2.len || - ( sig_params1.len != 0 && - memcmp( sig_params1.p, sig_params2.p, sig_params1.len ) != 0 ) ) - { - mbedtls_x509_crl_free( crl ); - return( MBEDTLS_ERR_X509_SIG_MISMATCH ); + (sig_params1.len != 0 && + memcmp(sig_params1.p, sig_params2.p, sig_params1.len) != 0)) { + mbedtls_x509_crl_free(crl); + return MBEDTLS_ERR_X509_SIG_MISMATCH; } - if( ( ret = mbedtls_x509_get_sig( &p, end, &crl->sig ) ) != 0 ) - { - mbedtls_x509_crl_free( crl ); - return( ret ); + if ((ret = mbedtls_x509_get_sig(&p, end, &crl->sig)) != 0) { + mbedtls_x509_crl_free(crl); + return ret; } - if( p != end ) - { - mbedtls_x509_crl_free( crl ); - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_FORMAT, - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) ); + if (p != end) { + mbedtls_x509_crl_free(crl); + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); } - return( 0 ); + return 0; } /* * Parse one or more CRLs and add them to the chained list */ -int mbedtls_x509_crl_parse( mbedtls_x509_crl *chain, const unsigned char *buf, size_t buflen ) +int mbedtls_x509_crl_parse(mbedtls_x509_crl *chain, const unsigned char *buf, size_t buflen) { #if defined(MBEDTLS_PEM_PARSE_C) int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; @@ -533,25 +521,25 @@ int mbedtls_x509_crl_parse( mbedtls_x509_crl *chain, const unsigned char *buf, s mbedtls_pem_context pem; int is_pem = 0; - if( chain == NULL || buf == NULL ) - return( MBEDTLS_ERR_X509_BAD_INPUT_DATA ); + if (chain == NULL || buf == NULL) { + return MBEDTLS_ERR_X509_BAD_INPUT_DATA; + } - do - { - mbedtls_pem_init( &pem ); + do { + mbedtls_pem_init(&pem); // Avoid calling mbedtls_pem_read_buffer() on non-null-terminated // string - if( buflen == 0 || buf[buflen - 1] != '\0' ) + if (buflen == 0 || buf[buflen - 1] != '\0') { ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT; - else - ret = mbedtls_pem_read_buffer( &pem, - "-----BEGIN X509 CRL-----", - "-----END X509 CRL-----", - buf, NULL, 0, &use_len ); - - if( ret == 0 ) - { + } else { + ret = mbedtls_pem_read_buffer(&pem, + "-----BEGIN X509 CRL-----", + "-----END X509 CRL-----", + buf, NULL, 0, &use_len); + } + + if (ret == 0) { /* * Was PEM encoded */ @@ -560,51 +548,49 @@ int mbedtls_x509_crl_parse( mbedtls_x509_crl *chain, const unsigned char *buf, s buflen -= use_len; buf += use_len; - if( ( ret = mbedtls_x509_crl_parse_der( chain, - pem.buf, pem.buflen ) ) != 0 ) - { - mbedtls_pem_free( &pem ); - return( ret ); + if ((ret = mbedtls_x509_crl_parse_der(chain, + pem.buf, pem.buflen)) != 0) { + mbedtls_pem_free(&pem); + return ret; } - } - else if( is_pem ) - { - mbedtls_pem_free( &pem ); - return( ret ); + } else if (is_pem) { + mbedtls_pem_free(&pem); + return ret; } - mbedtls_pem_free( &pem ); + mbedtls_pem_free(&pem); } /* In the PEM case, buflen is 1 at the end, for the terminated NULL byte. * And a valid CRL cannot be less than 1 byte anyway. */ - while( is_pem && buflen > 1 ); + while (is_pem && buflen > 1); - if( is_pem ) - return( 0 ); - else + if (is_pem) { + return 0; + } else #endif /* MBEDTLS_PEM_PARSE_C */ - return( mbedtls_x509_crl_parse_der( chain, buf, buflen ) ); + return mbedtls_x509_crl_parse_der(chain, buf, buflen); } #if defined(MBEDTLS_FS_IO) /* * Load one or more CRLs and add them to the chained list */ -int mbedtls_x509_crl_parse_file( mbedtls_x509_crl *chain, const char *path ) +int mbedtls_x509_crl_parse_file(mbedtls_x509_crl *chain, const char *path) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t n; unsigned char *buf; - if( ( ret = mbedtls_pk_load_file( path, &buf, &n ) ) != 0 ) - return( ret ); + if ((ret = mbedtls_pk_load_file(path, &buf, &n)) != 0) { + return ret; + } - ret = mbedtls_x509_crl_parse( chain, buf, n ); + ret = mbedtls_x509_crl_parse(chain, buf, n); - mbedtls_platform_zeroize( buf, n ); - mbedtls_free( buf ); + mbedtls_platform_zeroize(buf, n); + mbedtls_free(buf); - return( ret ); + return ret; } #endif /* MBEDTLS_FS_IO */ @@ -616,8 +602,8 @@ int mbedtls_x509_crl_parse_file( mbedtls_x509_crl *chain, const char *path ) /* * Return an informational string about the CRL. */ -int mbedtls_x509_crl_info( char *buf, size_t size, const char *prefix, - const mbedtls_x509_crl *crl ) +int mbedtls_x509_crl_info(char *buf, size_t size, const char *prefix, + const mbedtls_x509_crl *crl) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t n; @@ -627,79 +613,78 @@ int mbedtls_x509_crl_info( char *buf, size_t size, const char *prefix, p = buf; n = size; - ret = mbedtls_snprintf( p, n, "%sCRL version : %d", - prefix, crl->version ); + ret = mbedtls_snprintf(p, n, "%sCRL version : %d", + prefix, crl->version); MBEDTLS_X509_SAFE_SNPRINTF; - ret = mbedtls_snprintf( p, n, "\n%sissuer name : ", prefix ); + ret = mbedtls_snprintf(p, n, "\n%sissuer name : ", prefix); MBEDTLS_X509_SAFE_SNPRINTF; - ret = mbedtls_x509_dn_gets( p, n, &crl->issuer ); + ret = mbedtls_x509_dn_gets(p, n, &crl->issuer); MBEDTLS_X509_SAFE_SNPRINTF; - ret = mbedtls_snprintf( p, n, "\n%sthis update : " \ - "%04d-%02d-%02d %02d:%02d:%02d", prefix, - crl->this_update.year, crl->this_update.mon, - crl->this_update.day, crl->this_update.hour, - crl->this_update.min, crl->this_update.sec ); + ret = mbedtls_snprintf(p, n, "\n%sthis update : " \ + "%04d-%02d-%02d %02d:%02d:%02d", prefix, + crl->this_update.year, crl->this_update.mon, + crl->this_update.day, crl->this_update.hour, + crl->this_update.min, crl->this_update.sec); MBEDTLS_X509_SAFE_SNPRINTF; - ret = mbedtls_snprintf( p, n, "\n%snext update : " \ - "%04d-%02d-%02d %02d:%02d:%02d", prefix, - crl->next_update.year, crl->next_update.mon, - crl->next_update.day, crl->next_update.hour, - crl->next_update.min, crl->next_update.sec ); + ret = mbedtls_snprintf(p, n, "\n%snext update : " \ + "%04d-%02d-%02d %02d:%02d:%02d", prefix, + crl->next_update.year, crl->next_update.mon, + crl->next_update.day, crl->next_update.hour, + crl->next_update.min, crl->next_update.sec); MBEDTLS_X509_SAFE_SNPRINTF; entry = &crl->entry; - ret = mbedtls_snprintf( p, n, "\n%sRevoked certificates:", - prefix ); + ret = mbedtls_snprintf(p, n, "\n%sRevoked certificates:", + prefix); MBEDTLS_X509_SAFE_SNPRINTF; - while( entry != NULL && entry->raw.len != 0 ) - { - ret = mbedtls_snprintf( p, n, "\n%sserial number: ", - prefix ); + while (entry != NULL && entry->raw.len != 0) { + ret = mbedtls_snprintf(p, n, "\n%sserial number: ", + prefix); MBEDTLS_X509_SAFE_SNPRINTF; - ret = mbedtls_x509_serial_gets( p, n, &entry->serial ); + ret = mbedtls_x509_serial_gets(p, n, &entry->serial); MBEDTLS_X509_SAFE_SNPRINTF; - ret = mbedtls_snprintf( p, n, " revocation date: " \ - "%04d-%02d-%02d %02d:%02d:%02d", - entry->revocation_date.year, entry->revocation_date.mon, - entry->revocation_date.day, entry->revocation_date.hour, - entry->revocation_date.min, entry->revocation_date.sec ); + ret = mbedtls_snprintf(p, n, " revocation date: " \ + "%04d-%02d-%02d %02d:%02d:%02d", + entry->revocation_date.year, entry->revocation_date.mon, + entry->revocation_date.day, entry->revocation_date.hour, + entry->revocation_date.min, entry->revocation_date.sec); MBEDTLS_X509_SAFE_SNPRINTF; entry = entry->next; } - ret = mbedtls_snprintf( p, n, "\n%ssigned using : ", prefix ); + ret = mbedtls_snprintf(p, n, "\n%ssigned using : ", prefix); MBEDTLS_X509_SAFE_SNPRINTF; - ret = mbedtls_x509_sig_alg_gets( p, n, &crl->sig_oid, crl->sig_pk, crl->sig_md, - crl->sig_opts ); + ret = mbedtls_x509_sig_alg_gets(p, n, &crl->sig_oid, crl->sig_pk, crl->sig_md, + crl->sig_opts); MBEDTLS_X509_SAFE_SNPRINTF; - ret = mbedtls_snprintf( p, n, "\n" ); + ret = mbedtls_snprintf(p, n, "\n"); MBEDTLS_X509_SAFE_SNPRINTF; - return( (int) ( size - n ) ); + return (int) (size - n); } /* * Initialize a CRL chain */ -void mbedtls_x509_crl_init( mbedtls_x509_crl *crl ) +void mbedtls_x509_crl_init(mbedtls_x509_crl *crl) { - memset( crl, 0, sizeof(mbedtls_x509_crl) ); + memset(crl, 0, sizeof(mbedtls_x509_crl)); } /* * Unallocate all CRL data */ -void mbedtls_x509_crl_free( mbedtls_x509_crl *crl ) +void mbedtls_x509_crl_free(mbedtls_x509_crl *crl) { mbedtls_x509_crl *crl_cur = crl; mbedtls_x509_crl *crl_prv; @@ -708,55 +693,50 @@ void mbedtls_x509_crl_free( mbedtls_x509_crl *crl ) mbedtls_x509_crl_entry *entry_cur; mbedtls_x509_crl_entry *entry_prv; - if( crl == NULL ) + if (crl == NULL) { return; + } - do - { + do { #if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) - mbedtls_free( crl_cur->sig_opts ); + mbedtls_free(crl_cur->sig_opts); #endif name_cur = crl_cur->issuer.next; - while( name_cur != NULL ) - { + while (name_cur != NULL) { name_prv = name_cur; name_cur = name_cur->next; - mbedtls_platform_zeroize( name_prv, sizeof( mbedtls_x509_name ) ); - mbedtls_free( name_prv ); + mbedtls_platform_zeroize(name_prv, sizeof(mbedtls_x509_name)); + mbedtls_free(name_prv); } entry_cur = crl_cur->entry.next; - while( entry_cur != NULL ) - { + while (entry_cur != NULL) { entry_prv = entry_cur; entry_cur = entry_cur->next; - mbedtls_platform_zeroize( entry_prv, - sizeof( mbedtls_x509_crl_entry ) ); - mbedtls_free( entry_prv ); + mbedtls_platform_zeroize(entry_prv, + sizeof(mbedtls_x509_crl_entry)); + mbedtls_free(entry_prv); } - if( crl_cur->raw.p != NULL ) - { - mbedtls_platform_zeroize( crl_cur->raw.p, crl_cur->raw.len ); - mbedtls_free( crl_cur->raw.p ); + if (crl_cur->raw.p != NULL) { + mbedtls_platform_zeroize(crl_cur->raw.p, crl_cur->raw.len); + mbedtls_free(crl_cur->raw.p); } crl_cur = crl_cur->next; - } - while( crl_cur != NULL ); + } while (crl_cur != NULL); crl_cur = crl; - do - { + do { crl_prv = crl_cur; crl_cur = crl_cur->next; - mbedtls_platform_zeroize( crl_prv, sizeof( mbedtls_x509_crl ) ); - if( crl_prv != crl ) - mbedtls_free( crl_prv ); - } - while( crl_cur != NULL ); + mbedtls_platform_zeroize(crl_prv, sizeof(mbedtls_x509_crl)); + if (crl_prv != crl) { + mbedtls_free(crl_prv); + } + } while (crl_cur != NULL); } #endif /* MBEDTLS_X509_CRL_PARSE_C */ diff --git a/thirdparty/mbedtls/library/x509_crt.c b/thirdparty/mbedtls/library/x509_crt.c index 4361f43ed0..e7fcaf4627 100644 --- a/thirdparty/mbedtls/library/x509_crt.c +++ b/thirdparty/mbedtls/library/x509_crt.c @@ -58,19 +58,6 @@ #if defined(MBEDTLS_HAVE_TIME) #if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32) #include -#if defined(_MSC_VER) && _MSC_VER <= 1600 -/* Visual Studio 2010 and earlier issue a warning when both and - * are included, as they redefine a number of _MAX constants. - * These constants are guaranteed to be the same, though, so we suppress the - * warning when including intsafe.h. - */ -#pragma warning( push ) -#pragma warning( disable : 4005 ) -#endif -#include -#if defined(_MSC_VER) && _MSC_VER <= 1600 -#pragma warning( pop ) -#endif #else #include #endif @@ -97,17 +84,17 @@ typedef struct { /* * Max size of verification chain: end-entity + intermediates + trusted root */ -#define X509_MAX_VERIFY_CHAIN_SIZE ( MBEDTLS_X509_MAX_INTERMEDIATE_CA + 2 ) +#define X509_MAX_VERIFY_CHAIN_SIZE (MBEDTLS_X509_MAX_INTERMEDIATE_CA + 2) /* Default profile. Do not remove items unless there are serious security * concerns. */ const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_default = { /* Only SHA-2 hashes */ - MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA224 ) | - MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA256 ) | - MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA384 ) | - MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA512 ), + MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA224) | + MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA256) | + MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA384) | + MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA512), 0xFFFFFFF, /* Any PK alg */ 0xFFFFFFF, /* Any curve */ 2048, @@ -119,19 +106,19 @@ const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_default = const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_next = { /* Hashes from SHA-256 and above */ - MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA256 ) | - MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA384 ) | - MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA512 ), + MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA256) | + MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA384) | + MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA512), 0xFFFFFFF, /* Any PK alg */ #if defined(MBEDTLS_ECP_C) /* Curves at or above 128-bit security level */ - MBEDTLS_X509_ID_FLAG( MBEDTLS_ECP_DP_SECP256R1 ) | - MBEDTLS_X509_ID_FLAG( MBEDTLS_ECP_DP_SECP384R1 ) | - MBEDTLS_X509_ID_FLAG( MBEDTLS_ECP_DP_SECP521R1 ) | - MBEDTLS_X509_ID_FLAG( MBEDTLS_ECP_DP_BP256R1 ) | - MBEDTLS_X509_ID_FLAG( MBEDTLS_ECP_DP_BP384R1 ) | - MBEDTLS_X509_ID_FLAG( MBEDTLS_ECP_DP_BP512R1 ) | - MBEDTLS_X509_ID_FLAG( MBEDTLS_ECP_DP_SECP256K1 ), + MBEDTLS_X509_ID_FLAG(MBEDTLS_ECP_DP_SECP256R1) | + MBEDTLS_X509_ID_FLAG(MBEDTLS_ECP_DP_SECP384R1) | + MBEDTLS_X509_ID_FLAG(MBEDTLS_ECP_DP_SECP521R1) | + MBEDTLS_X509_ID_FLAG(MBEDTLS_ECP_DP_BP256R1) | + MBEDTLS_X509_ID_FLAG(MBEDTLS_ECP_DP_BP384R1) | + MBEDTLS_X509_ID_FLAG(MBEDTLS_ECP_DP_BP512R1) | + MBEDTLS_X509_ID_FLAG(MBEDTLS_ECP_DP_SECP256K1), #else 0, #endif @@ -144,15 +131,15 @@ const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_next = const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_suiteb = { /* Only SHA-256 and 384 */ - MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA256 ) | - MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA384 ), + MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA256) | + MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA384), /* Only ECDSA */ - MBEDTLS_X509_ID_FLAG( MBEDTLS_PK_ECDSA ) | - MBEDTLS_X509_ID_FLAG( MBEDTLS_PK_ECKEY ), + MBEDTLS_X509_ID_FLAG(MBEDTLS_PK_ECDSA) | + MBEDTLS_X509_ID_FLAG(MBEDTLS_PK_ECKEY), #if defined(MBEDTLS_ECP_C) /* Only NIST P-256 and P-384 */ - MBEDTLS_X509_ID_FLAG( MBEDTLS_ECP_DP_SECP256R1 ) | - MBEDTLS_X509_ID_FLAG( MBEDTLS_ECP_DP_SECP384R1 ), + MBEDTLS_X509_ID_FLAG(MBEDTLS_ECP_DP_SECP256R1) | + MBEDTLS_X509_ID_FLAG(MBEDTLS_ECP_DP_SECP384R1), #else 0, #endif @@ -163,133 +150,136 @@ const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_suiteb = * Check md_alg against profile * Return 0 if md_alg is acceptable for this profile, -1 otherwise */ -static int x509_profile_check_md_alg( const mbedtls_x509_crt_profile *profile, - mbedtls_md_type_t md_alg ) +static int x509_profile_check_md_alg(const mbedtls_x509_crt_profile *profile, + mbedtls_md_type_t md_alg) { - if( md_alg == MBEDTLS_MD_NONE ) - return( -1 ); + if (md_alg == MBEDTLS_MD_NONE) { + return -1; + } - if( ( profile->allowed_mds & MBEDTLS_X509_ID_FLAG( md_alg ) ) != 0 ) - return( 0 ); + if ((profile->allowed_mds & MBEDTLS_X509_ID_FLAG(md_alg)) != 0) { + return 0; + } - return( -1 ); + return -1; } /* * Check pk_alg against profile * Return 0 if pk_alg is acceptable for this profile, -1 otherwise */ -static int x509_profile_check_pk_alg( const mbedtls_x509_crt_profile *profile, - mbedtls_pk_type_t pk_alg ) +static int x509_profile_check_pk_alg(const mbedtls_x509_crt_profile *profile, + mbedtls_pk_type_t pk_alg) { - if( pk_alg == MBEDTLS_PK_NONE ) - return( -1 ); + if (pk_alg == MBEDTLS_PK_NONE) { + return -1; + } - if( ( profile->allowed_pks & MBEDTLS_X509_ID_FLAG( pk_alg ) ) != 0 ) - return( 0 ); + if ((profile->allowed_pks & MBEDTLS_X509_ID_FLAG(pk_alg)) != 0) { + return 0; + } - return( -1 ); + return -1; } /* * Check key against profile * Return 0 if pk is acceptable for this profile, -1 otherwise */ -static int x509_profile_check_key( const mbedtls_x509_crt_profile *profile, - const mbedtls_pk_context *pk ) +static int x509_profile_check_key(const mbedtls_x509_crt_profile *profile, + const mbedtls_pk_context *pk) { - const mbedtls_pk_type_t pk_alg = mbedtls_pk_get_type( pk ); + const mbedtls_pk_type_t pk_alg = mbedtls_pk_get_type(pk); #if defined(MBEDTLS_RSA_C) - if( pk_alg == MBEDTLS_PK_RSA || pk_alg == MBEDTLS_PK_RSASSA_PSS ) - { - if( mbedtls_pk_get_bitlen( pk ) >= profile->rsa_min_bitlen ) - return( 0 ); + if (pk_alg == MBEDTLS_PK_RSA || pk_alg == MBEDTLS_PK_RSASSA_PSS) { + if (mbedtls_pk_get_bitlen(pk) >= profile->rsa_min_bitlen) { + return 0; + } - return( -1 ); + return -1; } #endif #if defined(MBEDTLS_ECP_C) - if( pk_alg == MBEDTLS_PK_ECDSA || + if (pk_alg == MBEDTLS_PK_ECDSA || pk_alg == MBEDTLS_PK_ECKEY || - pk_alg == MBEDTLS_PK_ECKEY_DH ) - { - const mbedtls_ecp_group_id gid = mbedtls_pk_ec( *pk )->grp.id; + pk_alg == MBEDTLS_PK_ECKEY_DH) { + const mbedtls_ecp_group_id gid = mbedtls_pk_ec(*pk)->grp.id; - if( gid == MBEDTLS_ECP_DP_NONE ) - return( -1 ); + if (gid == MBEDTLS_ECP_DP_NONE) { + return -1; + } - if( ( profile->allowed_curves & MBEDTLS_X509_ID_FLAG( gid ) ) != 0 ) - return( 0 ); + if ((profile->allowed_curves & MBEDTLS_X509_ID_FLAG(gid)) != 0) { + return 0; + } - return( -1 ); + return -1; } #endif - return( -1 ); + return -1; } /* * Like memcmp, but case-insensitive and always returns -1 if different */ -static int x509_memcasecmp( const void *s1, const void *s2, size_t len ) +static int x509_memcasecmp(const void *s1, const void *s2, size_t len) { size_t i; unsigned char diff; const unsigned char *n1 = s1, *n2 = s2; - for( i = 0; i < len; i++ ) - { + for (i = 0; i < len; i++) { diff = n1[i] ^ n2[i]; - if( diff == 0 ) + if (diff == 0) { continue; + } - if( diff == 32 && - ( ( n1[i] >= 'a' && n1[i] <= 'z' ) || - ( n1[i] >= 'A' && n1[i] <= 'Z' ) ) ) - { + if (diff == 32 && + ((n1[i] >= 'a' && n1[i] <= 'z') || + (n1[i] >= 'A' && n1[i] <= 'Z'))) { continue; } - return( -1 ); + return -1; } - return( 0 ); + return 0; } /* * Return 0 if name matches wildcard, -1 otherwise */ -static int x509_check_wildcard( const char *cn, const mbedtls_x509_buf *name ) +static int x509_check_wildcard(const char *cn, const mbedtls_x509_buf *name) { size_t i; - size_t cn_idx = 0, cn_len = strlen( cn ); + size_t cn_idx = 0, cn_len = strlen(cn); /* We can't have a match if there is no wildcard to match */ - if( name->len < 3 || name->p[0] != '*' || name->p[1] != '.' ) - return( -1 ); + if (name->len < 3 || name->p[0] != '*' || name->p[1] != '.') { + return -1; + } - for( i = 0; i < cn_len; ++i ) - { - if( cn[i] == '.' ) - { + for (i = 0; i < cn_len; ++i) { + if (cn[i] == '.') { cn_idx = i; break; } } - if( cn_idx == 0 ) - return( -1 ); + if (cn_idx == 0) { + return -1; + } - if( cn_len - cn_idx == name->len - 1 && - x509_memcasecmp( name->p + 1, cn + cn_idx, name->len - 1 ) == 0 ) - { - return( 0 ); + if (cn_len - cn_idx == name->len - 1 && + x509_memcasecmp(name->p + 1, cn + cn_idx, name->len - 1) == 0) { + return 0; } - return( -1 ); + return -1; } /* @@ -298,24 +288,22 @@ static int x509_check_wildcard( const char *cn, const mbedtls_x509_buf *name ) * * Return 0 if equal, -1 otherwise. */ -static int x509_string_cmp( const mbedtls_x509_buf *a, const mbedtls_x509_buf *b ) +static int x509_string_cmp(const mbedtls_x509_buf *a, const mbedtls_x509_buf *b) { - if( a->tag == b->tag && + if (a->tag == b->tag && a->len == b->len && - memcmp( a->p, b->p, b->len ) == 0 ) - { - return( 0 ); + memcmp(a->p, b->p, b->len) == 0) { + return 0; } - if( ( a->tag == MBEDTLS_ASN1_UTF8_STRING || a->tag == MBEDTLS_ASN1_PRINTABLE_STRING ) && - ( b->tag == MBEDTLS_ASN1_UTF8_STRING || b->tag == MBEDTLS_ASN1_PRINTABLE_STRING ) && + if ((a->tag == MBEDTLS_ASN1_UTF8_STRING || a->tag == MBEDTLS_ASN1_PRINTABLE_STRING) && + (b->tag == MBEDTLS_ASN1_UTF8_STRING || b->tag == MBEDTLS_ASN1_PRINTABLE_STRING) && a->len == b->len && - x509_memcasecmp( a->p, b->p, b->len ) == 0 ) - { - return( 0 ); + x509_memcasecmp(a->p, b->p, b->len) == 0) { + return 0; } - return( -1 ); + return -1; } /* @@ -328,48 +316,48 @@ static int x509_string_cmp( const mbedtls_x509_buf *a, const mbedtls_x509_buf *b * * Return 0 if equal, -1 otherwise. */ -static int x509_name_cmp( const mbedtls_x509_name *a, const mbedtls_x509_name *b ) +static int x509_name_cmp(const mbedtls_x509_name *a, const mbedtls_x509_name *b) { /* Avoid recursion, it might not be optimised by the compiler */ - while( a != NULL || b != NULL ) - { - if( a == NULL || b == NULL ) - return( -1 ); + while (a != NULL || b != NULL) { + if (a == NULL || b == NULL) { + return -1; + } /* type */ - if( a->oid.tag != b->oid.tag || + if (a->oid.tag != b->oid.tag || a->oid.len != b->oid.len || - memcmp( a->oid.p, b->oid.p, b->oid.len ) != 0 ) - { - return( -1 ); + memcmp(a->oid.p, b->oid.p, b->oid.len) != 0) { + return -1; } /* value */ - if( x509_string_cmp( &a->val, &b->val ) != 0 ) - return( -1 ); + if (x509_string_cmp(&a->val, &b->val) != 0) { + return -1; + } /* structure of the list of sets */ - if( a->next_merged != b->next_merged ) - return( -1 ); + if (a->next_merged != b->next_merged) { + return -1; + } a = a->next; b = b->next; } /* a == NULL == b */ - return( 0 ); + return 0; } /* * Reset (init or clear) a verify_chain */ static void x509_crt_verify_chain_reset( - mbedtls_x509_crt_verify_chain *ver_chain ) + mbedtls_x509_crt_verify_chain *ver_chain) { size_t i; - for( i = 0; i < MBEDTLS_X509_MAX_VERIFY_CHAIN_SIZE; i++ ) - { + for (i = 0; i < MBEDTLS_X509_MAX_VERIFY_CHAIN_SIZE; i++) { ver_chain->items[i].crt = NULL; ver_chain->items[i].flags = (uint32_t) -1; } @@ -384,35 +372,36 @@ static void x509_crt_verify_chain_reset( /* * Version ::= INTEGER { v1(0), v2(1), v3(2) } */ -static int x509_get_version( unsigned char **p, - const unsigned char *end, - int *ver ) +static int x509_get_version(unsigned char **p, + const unsigned char *end, + int *ver) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len; - if( ( ret = mbedtls_asn1_get_tag( p, end, &len, - MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 0 ) ) != 0 ) - { - if( ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) - { + if ((ret = mbedtls_asn1_get_tag(p, end, &len, + MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | + 0)) != 0) { + if (ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) { *ver = 0; - return( 0 ); + return 0; } - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_FORMAT, ret ) ); + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, ret); } end = *p + len; - if( ( ret = mbedtls_asn1_get_int( p, end, ver ) ) != 0 ) - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_VERSION, ret ) ); + if ((ret = mbedtls_asn1_get_int(p, end, ver)) != 0) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_VERSION, ret); + } - if( *p != end ) - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_VERSION, - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) ); + if (*p != end) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_VERSION, + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); + } - return( 0 ); + return 0; } /* @@ -420,66 +409,72 @@ static int x509_get_version( unsigned char **p, * notBefore Time, * notAfter Time } */ -static int x509_get_dates( unsigned char **p, - const unsigned char *end, - mbedtls_x509_time *from, - mbedtls_x509_time *to ) +static int x509_get_dates(unsigned char **p, + const unsigned char *end, + mbedtls_x509_time *from, + mbedtls_x509_time *to) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len; - if( ( ret = mbedtls_asn1_get_tag( p, end, &len, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_DATE, ret ) ); + if ((ret = mbedtls_asn1_get_tag(p, end, &len, + MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, ret); + } end = *p + len; - if( ( ret = mbedtls_x509_get_time( p, end, from ) ) != 0 ) - return( ret ); + if ((ret = mbedtls_x509_get_time(p, end, from)) != 0) { + return ret; + } - if( ( ret = mbedtls_x509_get_time( p, end, to ) ) != 0 ) - return( ret ); + if ((ret = mbedtls_x509_get_time(p, end, to)) != 0) { + return ret; + } - if( *p != end ) - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_DATE, - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) ); + if (*p != end) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); + } - return( 0 ); + return 0; } /* * X.509 v2/v3 unique identifier (not parsed) */ -static int x509_get_uid( unsigned char **p, - const unsigned char *end, - mbedtls_x509_buf *uid, int n ) +static int x509_get_uid(unsigned char **p, + const unsigned char *end, + mbedtls_x509_buf *uid, int n) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - if( *p == end ) - return( 0 ); + if (*p == end) { + return 0; + } uid->tag = **p; - if( ( ret = mbedtls_asn1_get_tag( p, end, &uid->len, - MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | n ) ) != 0 ) - { - if( ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) - return( 0 ); + if ((ret = mbedtls_asn1_get_tag(p, end, &uid->len, + MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | + n)) != 0) { + if (ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) { + return 0; + } - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_FORMAT, ret ) ); + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, ret); } uid->p = *p; *p += uid->len; - return( 0 ); + return 0; } -static int x509_get_basic_constraints( unsigned char **p, - const unsigned char *end, - int *ca_istrue, - int *max_pathlen ) +static int x509_get_basic_constraints(unsigned char **p, + const unsigned char *end, + int *ca_istrue, + int *max_pathlen) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len; @@ -492,88 +487,99 @@ static int x509_get_basic_constraints( unsigned char **p, *ca_istrue = 0; /* DEFAULT FALSE */ *max_pathlen = 0; /* endless */ - if( ( ret = mbedtls_asn1_get_tag( p, end, &len, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) ); + if ((ret = mbedtls_asn1_get_tag(p, end, &len, + MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); + } - if( *p == end ) - return( 0 ); + if (*p == end) { + return 0; + } - if( ( ret = mbedtls_asn1_get_bool( p, end, ca_istrue ) ) != 0 ) - { - if( ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) - ret = mbedtls_asn1_get_int( p, end, ca_istrue ); + if ((ret = mbedtls_asn1_get_bool(p, end, ca_istrue)) != 0) { + if (ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) { + ret = mbedtls_asn1_get_int(p, end, ca_istrue); + } - if( ret != 0 ) - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) ); + if (ret != 0) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); + } - if( *ca_istrue != 0 ) + if (*ca_istrue != 0) { *ca_istrue = 1; + } } - if( *p == end ) - return( 0 ); + if (*p == end) { + return 0; + } - if( ( ret = mbedtls_asn1_get_int( p, end, max_pathlen ) ) != 0 ) - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) ); + if ((ret = mbedtls_asn1_get_int(p, end, max_pathlen)) != 0) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); + } - if( *p != end ) - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) ); + if (*p != end) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); + } /* Do not accept max_pathlen equal to INT_MAX to avoid a signed integer * overflow, which is an undefined behavior. */ - if( *max_pathlen == INT_MAX ) - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, - MBEDTLS_ERR_ASN1_INVALID_LENGTH ) ); + if (*max_pathlen == INT_MAX) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, + MBEDTLS_ERR_ASN1_INVALID_LENGTH); + } (*max_pathlen)++; - return( 0 ); + return 0; } -static int x509_get_ns_cert_type( unsigned char **p, - const unsigned char *end, - unsigned char *ns_cert_type) +static int x509_get_ns_cert_type(unsigned char **p, + const unsigned char *end, + unsigned char *ns_cert_type) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_x509_bitstring bs = { 0, 0, NULL }; - if( ( ret = mbedtls_asn1_get_bitstring( p, end, &bs ) ) != 0 ) - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) ); + if ((ret = mbedtls_asn1_get_bitstring(p, end, &bs)) != 0) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); + } - if( bs.len != 1 ) - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, - MBEDTLS_ERR_ASN1_INVALID_LENGTH ) ); + if (bs.len != 1) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, + MBEDTLS_ERR_ASN1_INVALID_LENGTH); + } /* Get actual bitstring */ *ns_cert_type = *bs.p; - return( 0 ); + return 0; } -static int x509_get_key_usage( unsigned char **p, - const unsigned char *end, - unsigned int *key_usage) +static int x509_get_key_usage(unsigned char **p, + const unsigned char *end, + unsigned int *key_usage) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t i; mbedtls_x509_bitstring bs = { 0, 0, NULL }; - if( ( ret = mbedtls_asn1_get_bitstring( p, end, &bs ) ) != 0 ) - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) ); + if ((ret = mbedtls_asn1_get_bitstring(p, end, &bs)) != 0) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); + } - if( bs.len < 1 ) - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, - MBEDTLS_ERR_ASN1_INVALID_LENGTH ) ); + if (bs.len < 1) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, + MBEDTLS_ERR_ASN1_INVALID_LENGTH); + } /* Get actual bitstring */ *key_usage = 0; - for( i = 0; i < bs.len && i < sizeof( unsigned int ); i++ ) - { + for (i = 0; i < bs.len && i < sizeof(unsigned int); i++) { *key_usage |= (unsigned int) bs.p[i] << (8*i); } - return( 0 ); + return 0; } /* @@ -581,21 +587,23 @@ static int x509_get_key_usage( unsigned char **p, * * KeyPurposeId ::= OBJECT IDENTIFIER */ -static int x509_get_ext_key_usage( unsigned char **p, - const unsigned char *end, - mbedtls_x509_sequence *ext_key_usage) +static int x509_get_ext_key_usage(unsigned char **p, + const unsigned char *end, + mbedtls_x509_sequence *ext_key_usage) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - if( ( ret = mbedtls_asn1_get_sequence_of( p, end, ext_key_usage, MBEDTLS_ASN1_OID ) ) != 0 ) - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) ); + if ((ret = mbedtls_asn1_get_sequence_of(p, end, ext_key_usage, MBEDTLS_ASN1_OID)) != 0) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); + } /* Sequence length must be >= 1 */ - if( ext_key_usage->buf.p == NULL ) - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, - MBEDTLS_ERR_ASN1_INVALID_LENGTH ) ); + if (ext_key_usage->buf.p == NULL) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, + MBEDTLS_ERR_ASN1_INVALID_LENGTH); + } - return( 0 ); + return 0; } /* @@ -625,96 +633,97 @@ static int x509_get_ext_key_usage( unsigned char **p, * NOTE: we list all types, but only use dNSName and otherName * of type HwModuleName, as defined in RFC 4108, at this point. */ -static int x509_get_subject_alt_name( unsigned char **p, - const unsigned char *end, - mbedtls_x509_sequence *subject_alt_name ) +static int x509_get_subject_alt_name(unsigned char **p, + const unsigned char *end, + mbedtls_x509_sequence *subject_alt_name) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len, tag_len; - mbedtls_asn1_buf *buf; - unsigned char tag; mbedtls_asn1_sequence *cur = subject_alt_name; /* Get main sequence tag */ - if( ( ret = mbedtls_asn1_get_tag( p, end, &len, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) ); + if ((ret = mbedtls_asn1_get_tag(p, end, &len, + MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); + } - if( *p + len != end ) - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) ); + if (*p + len != end) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); + } - while( *p < end ) - { + while (*p < end) { mbedtls_x509_subject_alternative_name dummy_san_buf; - memset( &dummy_san_buf, 0, sizeof( dummy_san_buf ) ); + mbedtls_x509_buf tmp_san_buf; + memset(&dummy_san_buf, 0, sizeof(dummy_san_buf)); - tag = **p; + tmp_san_buf.tag = **p; (*p)++; - if( ( ret = mbedtls_asn1_get_len( p, end, &tag_len ) ) != 0 ) - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) ); - if( ( tag & MBEDTLS_ASN1_TAG_CLASS_MASK ) != - MBEDTLS_ASN1_CONTEXT_SPECIFIC ) - { - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, - MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) ); + if ((ret = mbedtls_asn1_get_len(p, end, &tag_len)) != 0) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); + } + + tmp_san_buf.p = *p; + tmp_san_buf.len = tag_len; + + if ((tmp_san_buf.tag & MBEDTLS_ASN1_TAG_CLASS_MASK) != + MBEDTLS_ASN1_CONTEXT_SPECIFIC) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG); } /* * Check that the SAN is structured correctly. */ - ret = mbedtls_x509_parse_subject_alt_name( &(cur->buf), &dummy_san_buf ); + ret = mbedtls_x509_parse_subject_alt_name(&tmp_san_buf, &dummy_san_buf); /* * In case the extension is malformed, return an error, * and clear the allocated sequences. */ - if( ret != 0 && ret != MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE ) - { + if (ret != 0 && ret != MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE) { mbedtls_x509_sequence *seq_cur = subject_alt_name->next; mbedtls_x509_sequence *seq_prv; - while( seq_cur != NULL ) - { + while (seq_cur != NULL) { seq_prv = seq_cur; seq_cur = seq_cur->next; - mbedtls_platform_zeroize( seq_prv, - sizeof( mbedtls_x509_sequence ) ); - mbedtls_free( seq_prv ); + mbedtls_platform_zeroize(seq_prv, + sizeof(mbedtls_x509_sequence)); + mbedtls_free(seq_prv); } subject_alt_name->next = NULL; - return( ret ); + return ret; } /* Allocate and assign next pointer */ - if( cur->buf.p != NULL ) - { - if( cur->next != NULL ) - return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS ); + if (cur->buf.p != NULL) { + if (cur->next != NULL) { + return MBEDTLS_ERR_X509_INVALID_EXTENSIONS; + } - cur->next = mbedtls_calloc( 1, sizeof( mbedtls_asn1_sequence ) ); + cur->next = mbedtls_calloc(1, sizeof(mbedtls_asn1_sequence)); - if( cur->next == NULL ) - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, - MBEDTLS_ERR_ASN1_ALLOC_FAILED ) ); + if (cur->next == NULL) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, + MBEDTLS_ERR_ASN1_ALLOC_FAILED); + } cur = cur->next; } - buf = &(cur->buf); - buf->tag = tag; - buf->p = *p; - buf->len = tag_len; - *p += buf->len; + cur->buf = tmp_san_buf; + *p += tmp_san_buf.len; } /* Set final sequence entry's next pointer to NULL */ cur->next = NULL; - if( *p != end ) - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) ); + if (*p != end) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); + } - return( 0 ); + return 0; } /* @@ -766,9 +775,9 @@ static int x509_get_subject_alt_name( unsigned char **p, * NOTE: we only parse and use anyPolicy without qualifiers at this point * as defined in RFC 5280. */ -static int x509_get_certificate_policies( unsigned char **p, - const unsigned char *end, - mbedtls_x509_sequence *certificate_policies ) +static int x509_get_certificate_policies(unsigned char **p, + const unsigned char *end, + mbedtls_x509_sequence *certificate_policies) { int ret, parse_ret = 0; size_t len; @@ -776,39 +785,43 @@ static int x509_get_certificate_policies( unsigned char **p, mbedtls_asn1_sequence *cur = certificate_policies; /* Get main sequence tag */ - ret = mbedtls_asn1_get_tag( p, end, &len, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ); - if( ret != 0 ) - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) ); + ret = mbedtls_asn1_get_tag(p, end, &len, + MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE); + if (ret != 0) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); + } - if( *p + len != end ) - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) ); + if (*p + len != end) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); + } /* * Cannot be an empty sequence. */ - if( len == 0 ) - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) ); + if (len == 0) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); + } - while( *p < end ) - { + while (*p < end) { mbedtls_x509_buf policy_oid; const unsigned char *policy_end; /* * Get the policy sequence */ - if( ( ret = mbedtls_asn1_get_tag( p, end, &len, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) ); + if ((ret = mbedtls_asn1_get_tag(p, end, &len, + MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); + } policy_end = *p + len; - if( ( ret = mbedtls_asn1_get_tag( p, policy_end, &len, - MBEDTLS_ASN1_OID ) ) != 0 ) - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) ); + if ((ret = mbedtls_asn1_get_tag(p, policy_end, &len, + MBEDTLS_ASN1_OID)) != 0) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); + } policy_oid.tag = MBEDTLS_ASN1_OID; policy_oid.len = len; @@ -817,8 +830,7 @@ static int x509_get_certificate_policies( unsigned char **p, /* * Only AnyPolicy is currently supported when enforcing policy. */ - if( MBEDTLS_OID_CMP( MBEDTLS_OID_ANY_POLICY, &policy_oid ) != 0 ) - { + if (MBEDTLS_OID_CMP(MBEDTLS_OID_ANY_POLICY, &policy_oid) != 0) { /* * Set the parsing return code but continue parsing, in case this * extension is critical and MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION @@ -828,135 +840,144 @@ static int x509_get_certificate_policies( unsigned char **p, } /* Allocate and assign next pointer */ - if( cur->buf.p != NULL ) - { - if( cur->next != NULL ) - return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS ); + if (cur->buf.p != NULL) { + if (cur->next != NULL) { + return MBEDTLS_ERR_X509_INVALID_EXTENSIONS; + } - cur->next = mbedtls_calloc( 1, sizeof( mbedtls_asn1_sequence ) ); + cur->next = mbedtls_calloc(1, sizeof(mbedtls_asn1_sequence)); - if( cur->next == NULL ) - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, - MBEDTLS_ERR_ASN1_ALLOC_FAILED ) ); + if (cur->next == NULL) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, + MBEDTLS_ERR_ASN1_ALLOC_FAILED); + } cur = cur->next; } - buf = &( cur->buf ); + buf = &(cur->buf); buf->tag = policy_oid.tag; buf->p = policy_oid.p; buf->len = policy_oid.len; *p += len; - /* - * If there is an optional qualifier, then *p < policy_end - * Check the Qualifier len to verify it doesn't exceed policy_end. - */ - if( *p < policy_end ) - { - if( ( ret = mbedtls_asn1_get_tag( p, policy_end, &len, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) ); + /* + * If there is an optional qualifier, then *p < policy_end + * Check the Qualifier len to verify it doesn't exceed policy_end. + */ + if (*p < policy_end) { + if ((ret = mbedtls_asn1_get_tag(p, policy_end, &len, + MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != + 0) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); + } /* * Skip the optional policy qualifiers. */ *p += len; } - if( *p != policy_end ) - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) ); + if (*p != policy_end) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); + } } /* Set final sequence entry's next pointer to NULL */ cur->next = NULL; - if( *p != end ) - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) ); + if (*p != end) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); + } - return( parse_ret ); + return parse_ret; } /* * X.509 v3 extensions * */ -static int x509_get_crt_ext( unsigned char **p, - const unsigned char *end, - mbedtls_x509_crt *crt, - mbedtls_x509_crt_ext_cb_t cb, - void *p_ctx ) +static int x509_get_crt_ext(unsigned char **p, + const unsigned char *end, + mbedtls_x509_crt *crt, + mbedtls_x509_crt_ext_cb_t cb, + void *p_ctx) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len; unsigned char *end_ext_data, *start_ext_octet, *end_ext_octet; - if( *p == end ) - return( 0 ); + if (*p == end) { + return 0; + } - if( ( ret = mbedtls_x509_get_ext( p, end, &crt->v3_ext, 3 ) ) != 0 ) - return( ret ); + if ((ret = mbedtls_x509_get_ext(p, end, &crt->v3_ext, 3)) != 0) { + return ret; + } end = crt->v3_ext.p + crt->v3_ext.len; - while( *p < end ) - { + while (*p < end) { /* * Extension ::= SEQUENCE { * extnID OBJECT IDENTIFIER, * critical BOOLEAN DEFAULT FALSE, * extnValue OCTET STRING } */ - mbedtls_x509_buf extn_oid = {0, 0, NULL}; + mbedtls_x509_buf extn_oid = { 0, 0, NULL }; int is_critical = 0; /* DEFAULT FALSE */ int ext_type = 0; - if( ( ret = mbedtls_asn1_get_tag( p, end, &len, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) ); + if ((ret = mbedtls_asn1_get_tag(p, end, &len, + MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); + } end_ext_data = *p + len; /* Get extension ID */ - if( ( ret = mbedtls_asn1_get_tag( p, end_ext_data, &extn_oid.len, - MBEDTLS_ASN1_OID ) ) != 0 ) - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) ); + if ((ret = mbedtls_asn1_get_tag(p, end_ext_data, &extn_oid.len, + MBEDTLS_ASN1_OID)) != 0) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); + } extn_oid.tag = MBEDTLS_ASN1_OID; extn_oid.p = *p; *p += extn_oid.len; /* Get optional critical */ - if( ( ret = mbedtls_asn1_get_bool( p, end_ext_data, &is_critical ) ) != 0 && - ( ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) ) - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) ); + if ((ret = mbedtls_asn1_get_bool(p, end_ext_data, &is_critical)) != 0 && + (ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); + } /* Data should be octet string type */ - if( ( ret = mbedtls_asn1_get_tag( p, end_ext_data, &len, - MBEDTLS_ASN1_OCTET_STRING ) ) != 0 ) - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) ); + if ((ret = mbedtls_asn1_get_tag(p, end_ext_data, &len, + MBEDTLS_ASN1_OCTET_STRING)) != 0) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); + } start_ext_octet = *p; end_ext_octet = *p + len; - if( end_ext_octet != end_ext_data ) - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) ); + if (end_ext_octet != end_ext_data) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); + } /* * Detect supported extensions */ - ret = mbedtls_oid_get_x509_ext_type( &extn_oid, &ext_type ); + ret = mbedtls_oid_get_x509_ext_type(&extn_oid, &ext_type); - if( ret != 0 ) - { + if (ret != 0) { /* Give the callback (if any) a chance to handle the extension */ - if( cb != NULL ) - { - ret = cb( p_ctx, crt, &extn_oid, is_critical, *p, end_ext_octet ); - if( ret != 0 && is_critical ) - return( ret ); + if (cb != NULL) { + ret = cb(p_ctx, crt, &extn_oid, is_critical, *p, end_ext_octet); + if (ret != 0 && is_critical) { + return ret; + } *p = end_ext_octet; continue; } @@ -965,136 +986,143 @@ static int x509_get_crt_ext( unsigned char **p, *p = end_ext_octet; #if !defined(MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION) - if( is_critical ) - { + if (is_critical) { /* Data is marked as critical: fail */ - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, - MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) ); + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG); } #endif continue; } /* Forbid repeated extensions */ - if( ( crt->ext_types & ext_type ) != 0 ) - return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS ); + if ((crt->ext_types & ext_type) != 0) { + return MBEDTLS_ERR_X509_INVALID_EXTENSIONS; + } crt->ext_types |= ext_type; - switch( ext_type ) - { - case MBEDTLS_X509_EXT_BASIC_CONSTRAINTS: - /* Parse basic constraints */ - if( ( ret = x509_get_basic_constraints( p, end_ext_octet, - &crt->ca_istrue, &crt->max_pathlen ) ) != 0 ) - return( ret ); - break; + switch (ext_type) { + case MBEDTLS_X509_EXT_BASIC_CONSTRAINTS: + /* Parse basic constraints */ + if ((ret = x509_get_basic_constraints(p, end_ext_octet, + &crt->ca_istrue, &crt->max_pathlen)) != 0) { + return ret; + } + break; - case MBEDTLS_X509_EXT_KEY_USAGE: - /* Parse key usage */ - if( ( ret = x509_get_key_usage( p, end_ext_octet, - &crt->key_usage ) ) != 0 ) - return( ret ); - break; + case MBEDTLS_X509_EXT_KEY_USAGE: + /* Parse key usage */ + if ((ret = x509_get_key_usage(p, end_ext_octet, + &crt->key_usage)) != 0) { + return ret; + } + break; - case MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE: - /* Parse extended key usage */ - if( ( ret = x509_get_ext_key_usage( p, end_ext_octet, - &crt->ext_key_usage ) ) != 0 ) - return( ret ); - break; + case MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE: + /* Parse extended key usage */ + if ((ret = x509_get_ext_key_usage(p, end_ext_octet, + &crt->ext_key_usage)) != 0) { + return ret; + } + break; - case MBEDTLS_X509_EXT_SUBJECT_ALT_NAME: - /* Parse subject alt name */ - if( ( ret = x509_get_subject_alt_name( p, end_ext_octet, - &crt->subject_alt_names ) ) != 0 ) - return( ret ); - break; + case MBEDTLS_X509_EXT_SUBJECT_ALT_NAME: + /* Parse subject alt name */ + if ((ret = x509_get_subject_alt_name(p, end_ext_octet, + &crt->subject_alt_names)) != 0) { + return ret; + } + break; - case MBEDTLS_X509_EXT_NS_CERT_TYPE: - /* Parse netscape certificate type */ - if( ( ret = x509_get_ns_cert_type( p, end_ext_octet, - &crt->ns_cert_type ) ) != 0 ) - return( ret ); - break; + case MBEDTLS_X509_EXT_NS_CERT_TYPE: + /* Parse netscape certificate type */ + if ((ret = x509_get_ns_cert_type(p, end_ext_octet, + &crt->ns_cert_type)) != 0) { + return ret; + } + break; - case MBEDTLS_OID_X509_EXT_CERTIFICATE_POLICIES: - /* Parse certificate policies type */ - if( ( ret = x509_get_certificate_policies( p, end_ext_octet, - &crt->certificate_policies ) ) != 0 ) - { - /* Give the callback (if any) a chance to handle the extension - * if it contains unsupported policies */ - if( ret == MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE && cb != NULL && - cb( p_ctx, crt, &extn_oid, is_critical, - start_ext_octet, end_ext_octet ) == 0 ) - break; + case MBEDTLS_OID_X509_EXT_CERTIFICATE_POLICIES: + /* Parse certificate policies type */ + if ((ret = x509_get_certificate_policies(p, end_ext_octet, + &crt->certificate_policies)) != 0) { + /* Give the callback (if any) a chance to handle the extension + * if it contains unsupported policies */ + if (ret == MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE && cb != NULL && + cb(p_ctx, crt, &extn_oid, is_critical, + start_ext_octet, end_ext_octet) == 0) { + break; + } #if !defined(MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION) - if( is_critical ) - return( ret ); - else + if (is_critical) { + return ret; + } else #endif + /* + * If MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE is returned, then we + * cannot interpret or enforce the policy. However, it is up to + * the user to choose how to enforce the policies, + * unless the extension is critical. + */ + if (ret != MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE) { + return ret; + } + } + break; + + default: /* - * If MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE is returned, then we - * cannot interpret or enforce the policy. However, it is up to - * the user to choose how to enforce the policies, - * unless the extension is critical. + * If this is a non-critical extension, which the oid layer + * supports, but there isn't an x509 parser for it, + * skip the extension. */ - if( ret != MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE ) - return( ret ); - } - break; - - default: - /* - * If this is a non-critical extension, which the oid layer - * supports, but there isn't an x509 parser for it, - * skip the extension. - */ #if !defined(MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION) - if( is_critical ) - return( MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE ); - else + if (is_critical) { + return MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE; + } else #endif *p = end_ext_octet; } } - if( *p != end ) - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) ); + if (*p != end) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); + } - return( 0 ); + return 0; } /* * Parse and fill a single X.509 certificate in DER format */ -static int x509_crt_parse_der_core( mbedtls_x509_crt *crt, - const unsigned char *buf, - size_t buflen, - int make_copy, - mbedtls_x509_crt_ext_cb_t cb, - void *p_ctx ) +static int x509_crt_parse_der_core(mbedtls_x509_crt *crt, + const unsigned char *buf, + size_t buflen, + int make_copy, + mbedtls_x509_crt_ext_cb_t cb, + void *p_ctx) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len; unsigned char *p, *end, *crt_end; mbedtls_x509_buf sig_params1, sig_params2, sig_oid2; - memset( &sig_params1, 0, sizeof( mbedtls_x509_buf ) ); - memset( &sig_params2, 0, sizeof( mbedtls_x509_buf ) ); - memset( &sig_oid2, 0, sizeof( mbedtls_x509_buf ) ); + memset(&sig_params1, 0, sizeof(mbedtls_x509_buf)); + memset(&sig_params2, 0, sizeof(mbedtls_x509_buf)); + memset(&sig_oid2, 0, sizeof(mbedtls_x509_buf)); /* * Check for valid input */ - if( crt == NULL || buf == NULL ) - return( MBEDTLS_ERR_X509_BAD_INPUT_DATA ); + if (crt == NULL || buf == NULL) { + return MBEDTLS_ERR_X509_BAD_INPUT_DATA; + } /* Use the original buffer until we figure out actual length. */ - p = (unsigned char*) buf; + p = (unsigned char *) buf; len = buflen; end = p + len; @@ -1104,31 +1132,28 @@ static int x509_crt_parse_der_core( mbedtls_x509_crt *crt, * signatureAlgorithm AlgorithmIdentifier, * signatureValue BIT STRING } */ - if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) - { - mbedtls_x509_crt_free( crt ); - return( MBEDTLS_ERR_X509_INVALID_FORMAT ); + if ((ret = mbedtls_asn1_get_tag(&p, end, &len, + MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { + mbedtls_x509_crt_free(crt); + return MBEDTLS_ERR_X509_INVALID_FORMAT; } end = crt_end = p + len; crt->raw.len = crt_end - buf; - if( make_copy != 0 ) - { + if (make_copy != 0) { /* Create and populate a new buffer for the raw field. */ - crt->raw.p = p = mbedtls_calloc( 1, crt->raw.len ); - if( crt->raw.p == NULL ) - return( MBEDTLS_ERR_X509_ALLOC_FAILED ); + crt->raw.p = p = mbedtls_calloc(1, crt->raw.len); + if (crt->raw.p == NULL) { + return MBEDTLS_ERR_X509_ALLOC_FAILED; + } - memcpy( crt->raw.p, buf, crt->raw.len ); + memcpy(crt->raw.p, buf, crt->raw.len); crt->own_buffer = 1; p += crt->raw.len - len; end = crt_end = p + len; - } - else - { - crt->raw.p = (unsigned char*) buf; + } else { + crt->raw.p = (unsigned char *) buf; crt->own_buffer = 0; } @@ -1137,11 +1162,10 @@ static int x509_crt_parse_der_core( mbedtls_x509_crt *crt, */ crt->tbs.p = p; - if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) - { - mbedtls_x509_crt_free( crt ); - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_FORMAT, ret ) ); + if ((ret = mbedtls_asn1_get_tag(&p, end, &len, + MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { + mbedtls_x509_crt_free(crt); + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, ret); } end = p + len; @@ -1154,29 +1178,26 @@ static int x509_crt_parse_der_core( mbedtls_x509_crt *crt, * * signature AlgorithmIdentifier */ - if( ( ret = x509_get_version( &p, end, &crt->version ) ) != 0 || - ( ret = mbedtls_x509_get_serial( &p, end, &crt->serial ) ) != 0 || - ( ret = mbedtls_x509_get_alg( &p, end, &crt->sig_oid, - &sig_params1 ) ) != 0 ) - { - mbedtls_x509_crt_free( crt ); - return( ret ); + if ((ret = x509_get_version(&p, end, &crt->version)) != 0 || + (ret = mbedtls_x509_get_serial(&p, end, &crt->serial)) != 0 || + (ret = mbedtls_x509_get_alg(&p, end, &crt->sig_oid, + &sig_params1)) != 0) { + mbedtls_x509_crt_free(crt); + return ret; } - if( crt->version < 0 || crt->version > 2 ) - { - mbedtls_x509_crt_free( crt ); - return( MBEDTLS_ERR_X509_UNKNOWN_VERSION ); + if (crt->version < 0 || crt->version > 2) { + mbedtls_x509_crt_free(crt); + return MBEDTLS_ERR_X509_UNKNOWN_VERSION; } crt->version++; - if( ( ret = mbedtls_x509_get_sig_alg( &crt->sig_oid, &sig_params1, - &crt->sig_md, &crt->sig_pk, - &crt->sig_opts ) ) != 0 ) - { - mbedtls_x509_crt_free( crt ); - return( ret ); + if ((ret = mbedtls_x509_get_sig_alg(&crt->sig_oid, &sig_params1, + &crt->sig_md, &crt->sig_pk, + &crt->sig_opts)) != 0) { + mbedtls_x509_crt_free(crt); + return ret; } /* @@ -1184,17 +1205,15 @@ static int x509_crt_parse_der_core( mbedtls_x509_crt *crt, */ crt->issuer_raw.p = p; - if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) - { - mbedtls_x509_crt_free( crt ); - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_FORMAT, ret ) ); + if ((ret = mbedtls_asn1_get_tag(&p, end, &len, + MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { + mbedtls_x509_crt_free(crt); + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, ret); } - if( ( ret = mbedtls_x509_get_name( &p, p + len, &crt->issuer ) ) != 0 ) - { - mbedtls_x509_crt_free( crt ); - return( ret ); + if ((ret = mbedtls_x509_get_name(&p, p + len, &crt->issuer)) != 0) { + mbedtls_x509_crt_free(crt); + return ret; } crt->issuer_raw.len = p - crt->issuer_raw.p; @@ -1205,11 +1224,10 @@ static int x509_crt_parse_der_core( mbedtls_x509_crt *crt, * notAfter Time } * */ - if( ( ret = x509_get_dates( &p, end, &crt->valid_from, - &crt->valid_to ) ) != 0 ) - { - mbedtls_x509_crt_free( crt ); - return( ret ); + if ((ret = x509_get_dates(&p, end, &crt->valid_from, + &crt->valid_to)) != 0) { + mbedtls_x509_crt_free(crt); + return ret; } /* @@ -1217,17 +1235,15 @@ static int x509_crt_parse_der_core( mbedtls_x509_crt *crt, */ crt->subject_raw.p = p; - if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) - { - mbedtls_x509_crt_free( crt ); - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_FORMAT, ret ) ); + if ((ret = mbedtls_asn1_get_tag(&p, end, &len, + MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { + mbedtls_x509_crt_free(crt); + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, ret); } - if( len && ( ret = mbedtls_x509_get_name( &p, p + len, &crt->subject ) ) != 0 ) - { - mbedtls_x509_crt_free( crt ); - return( ret ); + if (len && (ret = mbedtls_x509_get_name(&p, p + len, &crt->subject)) != 0) { + mbedtls_x509_crt_free(crt); + return ret; } crt->subject_raw.len = p - crt->subject_raw.p; @@ -1236,10 +1252,9 @@ static int x509_crt_parse_der_core( mbedtls_x509_crt *crt, * SubjectPublicKeyInfo */ crt->pk_raw.p = p; - if( ( ret = mbedtls_pk_parse_subpubkey( &p, end, &crt->pk ) ) != 0 ) - { - mbedtls_x509_crt_free( crt ); - return( ret ); + if ((ret = mbedtls_pk_parse_subpubkey(&p, end, &crt->pk)) != 0) { + mbedtls_x509_crt_free(crt); + return ret; } crt->pk_raw.len = p - crt->pk_raw.p; @@ -1251,46 +1266,40 @@ static int x509_crt_parse_der_core( mbedtls_x509_crt *crt, * extensions [3] EXPLICIT Extensions OPTIONAL * -- If present, version shall be v3 */ - if( crt->version == 2 || crt->version == 3 ) - { - ret = x509_get_uid( &p, end, &crt->issuer_id, 1 ); - if( ret != 0 ) - { - mbedtls_x509_crt_free( crt ); - return( ret ); + if (crt->version == 2 || crt->version == 3) { + ret = x509_get_uid(&p, end, &crt->issuer_id, 1); + if (ret != 0) { + mbedtls_x509_crt_free(crt); + return ret; } } - if( crt->version == 2 || crt->version == 3 ) - { - ret = x509_get_uid( &p, end, &crt->subject_id, 2 ); - if( ret != 0 ) - { - mbedtls_x509_crt_free( crt ); - return( ret ); + if (crt->version == 2 || crt->version == 3) { + ret = x509_get_uid(&p, end, &crt->subject_id, 2); + if (ret != 0) { + mbedtls_x509_crt_free(crt); + return ret; } } int extensions_allowed = 1; #if !defined(MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3) - if( crt->version != 3 ) + if (crt->version != 3) { extensions_allowed = 0; + } #endif - if( extensions_allowed ) - { - ret = x509_get_crt_ext( &p, end, crt, cb, p_ctx ); - if( ret != 0 ) - { - mbedtls_x509_crt_free( crt ); - return( ret ); + if (extensions_allowed) { + ret = x509_get_crt_ext(&p, end, crt, cb, p_ctx); + if (ret != 0) { + mbedtls_x509_crt_free(crt); + return ret; } } - if( p != end ) - { - mbedtls_x509_crt_free( crt ); - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_FORMAT, - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) ); + if (p != end) { + mbedtls_x509_crt_free(crt); + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); } end = crt_end; @@ -1302,49 +1311,45 @@ static int x509_crt_parse_der_core( mbedtls_x509_crt *crt, * signatureAlgorithm AlgorithmIdentifier, * signatureValue BIT STRING */ - if( ( ret = mbedtls_x509_get_alg( &p, end, &sig_oid2, &sig_params2 ) ) != 0 ) - { - mbedtls_x509_crt_free( crt ); - return( ret ); + if ((ret = mbedtls_x509_get_alg(&p, end, &sig_oid2, &sig_params2)) != 0) { + mbedtls_x509_crt_free(crt); + return ret; } - if( crt->sig_oid.len != sig_oid2.len || - memcmp( crt->sig_oid.p, sig_oid2.p, crt->sig_oid.len ) != 0 || + if (crt->sig_oid.len != sig_oid2.len || + memcmp(crt->sig_oid.p, sig_oid2.p, crt->sig_oid.len) != 0 || sig_params1.tag != sig_params2.tag || sig_params1.len != sig_params2.len || - ( sig_params1.len != 0 && - memcmp( sig_params1.p, sig_params2.p, sig_params1.len ) != 0 ) ) - { - mbedtls_x509_crt_free( crt ); - return( MBEDTLS_ERR_X509_SIG_MISMATCH ); + (sig_params1.len != 0 && + memcmp(sig_params1.p, sig_params2.p, sig_params1.len) != 0)) { + mbedtls_x509_crt_free(crt); + return MBEDTLS_ERR_X509_SIG_MISMATCH; } - if( ( ret = mbedtls_x509_get_sig( &p, end, &crt->sig ) ) != 0 ) - { - mbedtls_x509_crt_free( crt ); - return( ret ); + if ((ret = mbedtls_x509_get_sig(&p, end, &crt->sig)) != 0) { + mbedtls_x509_crt_free(crt); + return ret; } - if( p != end ) - { - mbedtls_x509_crt_free( crt ); - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_FORMAT, - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) ); + if (p != end) { + mbedtls_x509_crt_free(crt); + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); } - return( 0 ); + return 0; } /* * Parse one X.509 certificate in DER format from a buffer and add them to a * chained list */ -static int mbedtls_x509_crt_parse_der_internal( mbedtls_x509_crt *chain, - const unsigned char *buf, - size_t buflen, - int make_copy, - mbedtls_x509_crt_ext_cb_t cb, - void *p_ctx ) +static int mbedtls_x509_crt_parse_der_internal(mbedtls_x509_crt *chain, + const unsigned char *buf, + size_t buflen, + int make_copy, + mbedtls_x509_crt_ext_cb_t cb, + void *p_ctx) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_x509_crt *crt = chain, *prev = NULL; @@ -1352,11 +1357,11 @@ static int mbedtls_x509_crt_parse_der_internal( mbedtls_x509_crt *chain, /* * Check for valid input */ - if( crt == NULL || buf == NULL ) - return( MBEDTLS_ERR_X509_BAD_INPUT_DATA ); + if (crt == NULL || buf == NULL) { + return MBEDTLS_ERR_X509_BAD_INPUT_DATA; + } - while( crt->version != 0 && crt->next != NULL ) - { + while (crt->version != 0 && crt->next != NULL) { prev = crt; crt = crt->next; } @@ -1364,64 +1369,65 @@ static int mbedtls_x509_crt_parse_der_internal( mbedtls_x509_crt *chain, /* * Add new certificate on the end of the chain if needed. */ - if( crt->version != 0 && crt->next == NULL ) - { - crt->next = mbedtls_calloc( 1, sizeof( mbedtls_x509_crt ) ); + if (crt->version != 0 && crt->next == NULL) { + crt->next = mbedtls_calloc(1, sizeof(mbedtls_x509_crt)); - if( crt->next == NULL ) - return( MBEDTLS_ERR_X509_ALLOC_FAILED ); + if (crt->next == NULL) { + return MBEDTLS_ERR_X509_ALLOC_FAILED; + } prev = crt; - mbedtls_x509_crt_init( crt->next ); + mbedtls_x509_crt_init(crt->next); crt = crt->next; } - ret = x509_crt_parse_der_core( crt, buf, buflen, make_copy, cb, p_ctx ); - if( ret != 0 ) - { - if( prev ) + ret = x509_crt_parse_der_core(crt, buf, buflen, make_copy, cb, p_ctx); + if (ret != 0) { + if (prev) { prev->next = NULL; + } - if( crt != chain ) - mbedtls_free( crt ); + if (crt != chain) { + mbedtls_free(crt); + } - return( ret ); + return ret; } - return( 0 ); + return 0; } -int mbedtls_x509_crt_parse_der_nocopy( mbedtls_x509_crt *chain, - const unsigned char *buf, - size_t buflen ) +int mbedtls_x509_crt_parse_der_nocopy(mbedtls_x509_crt *chain, + const unsigned char *buf, + size_t buflen) { - return( mbedtls_x509_crt_parse_der_internal( chain, buf, buflen, 0, NULL, NULL ) ); + return mbedtls_x509_crt_parse_der_internal(chain, buf, buflen, 0, NULL, NULL); } -int mbedtls_x509_crt_parse_der_with_ext_cb( mbedtls_x509_crt *chain, - const unsigned char *buf, - size_t buflen, - int make_copy, - mbedtls_x509_crt_ext_cb_t cb, - void *p_ctx ) +int mbedtls_x509_crt_parse_der_with_ext_cb(mbedtls_x509_crt *chain, + const unsigned char *buf, + size_t buflen, + int make_copy, + mbedtls_x509_crt_ext_cb_t cb, + void *p_ctx) { - return( mbedtls_x509_crt_parse_der_internal( chain, buf, buflen, make_copy, cb, p_ctx ) ); + return mbedtls_x509_crt_parse_der_internal(chain, buf, buflen, make_copy, cb, p_ctx); } -int mbedtls_x509_crt_parse_der( mbedtls_x509_crt *chain, - const unsigned char *buf, - size_t buflen ) +int mbedtls_x509_crt_parse_der(mbedtls_x509_crt *chain, + const unsigned char *buf, + size_t buflen) { - return( mbedtls_x509_crt_parse_der_internal( chain, buf, buflen, 1, NULL, NULL ) ); + return mbedtls_x509_crt_parse_der_internal(chain, buf, buflen, 1, NULL, NULL); } /* * Parse one or more PEM certificates from a buffer and add them to the chained * list */ -int mbedtls_x509_crt_parse( mbedtls_x509_crt *chain, - const unsigned char *buf, - size_t buflen ) +int mbedtls_x509_crt_parse(mbedtls_x509_crt *chain, + const unsigned char *buf, + size_t buflen) { #if defined(MBEDTLS_PEM_PARSE_C) int success = 0, first_error = 0, total_failed = 0; @@ -1431,59 +1437,53 @@ int mbedtls_x509_crt_parse( mbedtls_x509_crt *chain, /* * Check for valid input */ - if( chain == NULL || buf == NULL ) - return( MBEDTLS_ERR_X509_BAD_INPUT_DATA ); + if (chain == NULL || buf == NULL) { + return MBEDTLS_ERR_X509_BAD_INPUT_DATA; + } /* * Determine buffer content. Buffer contains either one DER certificate or * one or more PEM certificates. */ #if defined(MBEDTLS_PEM_PARSE_C) - if( buflen != 0 && buf[buflen - 1] == '\0' && - strstr( (const char *) buf, "-----BEGIN CERTIFICATE-----" ) != NULL ) - { + if (buflen != 0 && buf[buflen - 1] == '\0' && + strstr((const char *) buf, "-----BEGIN CERTIFICATE-----") != NULL) { buf_format = MBEDTLS_X509_FORMAT_PEM; } - if( buf_format == MBEDTLS_X509_FORMAT_DER ) - return mbedtls_x509_crt_parse_der( chain, buf, buflen ); + if (buf_format == MBEDTLS_X509_FORMAT_DER) { + return mbedtls_x509_crt_parse_der(chain, buf, buflen); + } #else - return mbedtls_x509_crt_parse_der( chain, buf, buflen ); + return mbedtls_x509_crt_parse_der(chain, buf, buflen); #endif #if defined(MBEDTLS_PEM_PARSE_C) - if( buf_format == MBEDTLS_X509_FORMAT_PEM ) - { + if (buf_format == MBEDTLS_X509_FORMAT_PEM) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_pem_context pem; /* 1 rather than 0 since the terminating NULL byte is counted in */ - while( buflen > 1 ) - { + while (buflen > 1) { size_t use_len; - mbedtls_pem_init( &pem ); + mbedtls_pem_init(&pem); /* If we get there, we know the string is null-terminated */ - ret = mbedtls_pem_read_buffer( &pem, - "-----BEGIN CERTIFICATE-----", - "-----END CERTIFICATE-----", - buf, NULL, 0, &use_len ); + ret = mbedtls_pem_read_buffer(&pem, + "-----BEGIN CERTIFICATE-----", + "-----END CERTIFICATE-----", + buf, NULL, 0, &use_len); - if( ret == 0 ) - { + if (ret == 0) { /* * Was PEM encoded */ buflen -= use_len; buf += use_len; - } - else if( ret == MBEDTLS_ERR_PEM_BAD_INPUT_DATA ) - { - return( ret ); - } - else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT ) - { - mbedtls_pem_free( &pem ); + } else if (ret == MBEDTLS_ERR_PEM_BAD_INPUT_DATA) { + return ret; + } else if (ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT) { + mbedtls_pem_free(&pem); /* * PEM header and footer were found @@ -1491,29 +1491,31 @@ int mbedtls_x509_crt_parse( mbedtls_x509_crt *chain, buflen -= use_len; buf += use_len; - if( first_error == 0 ) + if (first_error == 0) { first_error = ret; + } total_failed++; continue; - } - else + } else { break; + } - ret = mbedtls_x509_crt_parse_der( chain, pem.buf, pem.buflen ); + ret = mbedtls_x509_crt_parse_der(chain, pem.buf, pem.buflen); - mbedtls_pem_free( &pem ); + mbedtls_pem_free(&pem); - if( ret != 0 ) - { + if (ret != 0) { /* * Quit parsing on a memory error */ - if( ret == MBEDTLS_ERR_X509_ALLOC_FAILED ) - return( ret ); + if (ret == MBEDTLS_ERR_X509_ALLOC_FAILED) { + return ret; + } - if( first_error == 0 ) + if (first_error == 0) { first_error = ret; + } total_failed++; continue; @@ -1523,12 +1525,13 @@ int mbedtls_x509_crt_parse( mbedtls_x509_crt *chain, } } - if( success ) - return( total_failed ); - else if( first_error ) - return( first_error ); - else - return( MBEDTLS_ERR_X509_CERT_UNKNOWN_FORMAT ); + if (success) { + return total_failed; + } else if (first_error) { + return first_error; + } else { + return MBEDTLS_ERR_X509_CERT_UNKNOWN_FORMAT; + } #endif /* MBEDTLS_PEM_PARSE_C */ } @@ -1536,24 +1539,25 @@ int mbedtls_x509_crt_parse( mbedtls_x509_crt *chain, /* * Load one or more certificates and add them to the chained list */ -int mbedtls_x509_crt_parse_file( mbedtls_x509_crt *chain, const char *path ) +int mbedtls_x509_crt_parse_file(mbedtls_x509_crt *chain, const char *path) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t n; unsigned char *buf; - if( ( ret = mbedtls_pk_load_file( path, &buf, &n ) ) != 0 ) - return( ret ); + if ((ret = mbedtls_pk_load_file(path, &buf, &n)) != 0) { + return ret; + } - ret = mbedtls_x509_crt_parse( chain, buf, n ); + ret = mbedtls_x509_crt_parse(chain, buf, n); - mbedtls_platform_zeroize( buf, n ); - mbedtls_free( buf ); + mbedtls_platform_zeroize(buf, n); + mbedtls_free(buf); - return( ret ); + return ret; } -int mbedtls_x509_crt_parse_path( mbedtls_x509_crt *chain, const char *path ) +int mbedtls_x509_crt_parse_path(mbedtls_x509_crt *chain, const char *path) { int ret = 0; #if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32) @@ -1561,111 +1565,94 @@ int mbedtls_x509_crt_parse_path( mbedtls_x509_crt *chain, const char *path ) WCHAR szDir[MAX_PATH]; char filename[MAX_PATH]; char *p; - size_t len = strlen( path ); - int lengthAsInt = 0; + size_t len = strlen(path); WIN32_FIND_DATAW file_data; HANDLE hFind; - if( len > MAX_PATH - 3 ) - return( MBEDTLS_ERR_X509_BAD_INPUT_DATA ); + if (len > MAX_PATH - 3) { + return MBEDTLS_ERR_X509_BAD_INPUT_DATA; + } - memset( szDir, 0, sizeof(szDir) ); - memset( filename, 0, MAX_PATH ); - memcpy( filename, path, len ); + memset(szDir, 0, sizeof(szDir)); + memset(filename, 0, MAX_PATH); + memcpy(filename, path, len); filename[len++] = '\\'; p = filename + len; filename[len++] = '*'; - if ( FAILED ( SizeTToInt( len, &lengthAsInt ) ) ) - return( MBEDTLS_ERR_X509_FILE_IO_ERROR ); - - /* - * Note this function uses the code page CP_ACP, and assumes the incoming - * string is encoded in ANSI, before translating it into Unicode. If the - * incoming string were changed to be UTF-8, then the length check needs to - * change to check the number of characters, not the number of bytes, in the - * incoming string are less than MAX_PATH to avoid a buffer overrun with - * MultiByteToWideChar(). - */ - w_ret = MultiByteToWideChar( CP_ACP, 0, filename, lengthAsInt, szDir, - MAX_PATH - 3 ); - if( w_ret == 0 ) - return( MBEDTLS_ERR_X509_BAD_INPUT_DATA ); + w_ret = MultiByteToWideChar(CP_ACP, 0, filename, (int) len, szDir, + MAX_PATH - 3); + if (w_ret == 0) { + return MBEDTLS_ERR_X509_BAD_INPUT_DATA; + } - hFind = FindFirstFileW( szDir, &file_data ); - if( hFind == INVALID_HANDLE_VALUE ) - return( MBEDTLS_ERR_X509_FILE_IO_ERROR ); + hFind = FindFirstFileW(szDir, &file_data); + if (hFind == INVALID_HANDLE_VALUE) { + return MBEDTLS_ERR_X509_FILE_IO_ERROR; + } len = MAX_PATH - len; - do - { - memset( p, 0, len ); + do { + memset(p, 0, len); - if( file_data.dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY ) + if (file_data.dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY) { continue; + } - if ( FAILED( SizeTToInt( wcslen( file_data.cFileName ), &lengthAsInt ) ) ) - return( MBEDTLS_ERR_X509_FILE_IO_ERROR ); - - w_ret = WideCharToMultiByte( CP_ACP, 0, file_data.cFileName, - lengthAsInt, - p, (int) len - 1, - NULL, NULL ); - if( w_ret == 0 ) - { + w_ret = WideCharToMultiByte(CP_ACP, 0, file_data.cFileName, + -1, + p, (int) len, + NULL, NULL); + if (w_ret == 0) { ret = MBEDTLS_ERR_X509_FILE_IO_ERROR; goto cleanup; } - w_ret = mbedtls_x509_crt_parse_file( chain, filename ); - if( w_ret < 0 ) + w_ret = mbedtls_x509_crt_parse_file(chain, filename); + if (w_ret < 0) { ret++; - else + } else { ret += w_ret; - } - while( FindNextFileW( hFind, &file_data ) != 0 ); + } + } while (FindNextFileW(hFind, &file_data) != 0); - if( GetLastError() != ERROR_NO_MORE_FILES ) + if (GetLastError() != ERROR_NO_MORE_FILES) { ret = MBEDTLS_ERR_X509_FILE_IO_ERROR; + } cleanup: - FindClose( hFind ); + FindClose(hFind); #else /* _WIN32 */ int t_ret; int snp_ret; struct stat sb; struct dirent *entry; char entry_name[MBEDTLS_X509_MAX_FILE_PATH_LEN]; - DIR *dir = opendir( path ); + DIR *dir = opendir(path); - if( dir == NULL ) - return( MBEDTLS_ERR_X509_FILE_IO_ERROR ); + if (dir == NULL) { + return MBEDTLS_ERR_X509_FILE_IO_ERROR; + } #if defined(MBEDTLS_THREADING_C) - if( ( ret = mbedtls_mutex_lock( &mbedtls_threading_readdir_mutex ) ) != 0 ) - { - closedir( dir ); - return( ret ); + if ((ret = mbedtls_mutex_lock(&mbedtls_threading_readdir_mutex)) != 0) { + closedir(dir); + return ret; } #endif /* MBEDTLS_THREADING_C */ - memset( &sb, 0, sizeof( sb ) ); + memset(&sb, 0, sizeof(sb)); - while( ( entry = readdir( dir ) ) != NULL ) - { - snp_ret = mbedtls_snprintf( entry_name, sizeof entry_name, - "%s/%s", path, entry->d_name ); + while ((entry = readdir(dir)) != NULL) { + snp_ret = mbedtls_snprintf(entry_name, sizeof(entry_name), + "%s/%s", path, entry->d_name); - if( snp_ret < 0 || (size_t)snp_ret >= sizeof entry_name ) - { + if (snp_ret < 0 || (size_t) snp_ret >= sizeof(entry_name)) { ret = MBEDTLS_ERR_X509_BUFFER_TOO_SMALL; goto cleanup; - } - else if( stat( entry_name, &sb ) == -1 ) - { - if( errno == ENOENT ) - { + } else if (stat(entry_name, &sb) == -1) { + if (errno == ENOENT) { /* Broken symbolic link - ignore this entry. stat(2) will return this error for either (a) a dangling symlink or (b) a missing file. @@ -1673,38 +1660,39 @@ cleanup: assume that it does exist and therefore treat this as a dangling symlink. */ continue; - } - else - { + } else { /* Some other file error; report the error. */ ret = MBEDTLS_ERR_X509_FILE_IO_ERROR; goto cleanup; } } - if( !S_ISREG( sb.st_mode ) ) + if (!S_ISREG(sb.st_mode)) { continue; + } // Ignore parse errors // - t_ret = mbedtls_x509_crt_parse_file( chain, entry_name ); - if( t_ret < 0 ) + t_ret = mbedtls_x509_crt_parse_file(chain, entry_name); + if (t_ret < 0) { ret++; - else + } else { ret += t_ret; + } } cleanup: - closedir( dir ); + closedir(dir); #if defined(MBEDTLS_THREADING_C) - if( mbedtls_mutex_unlock( &mbedtls_threading_readdir_mutex ) != 0 ) + if (mbedtls_mutex_unlock(&mbedtls_threading_readdir_mutex) != 0) { ret = MBEDTLS_ERR_THREADING_MUTEX_ERROR; + } #endif /* MBEDTLS_THREADING_C */ #endif /* _WIN32 */ - return( ret ); + return ret; } #endif /* MBEDTLS_FS_IO */ @@ -1720,8 +1708,8 @@ cleanup: * NOTE: we currently only parse and use otherName of type HwModuleName, * as defined in RFC 4108. */ -static int x509_get_other_name( const mbedtls_x509_buf *subject_alt_name, - mbedtls_x509_san_other_name *other_name ) +static int x509_get_other_name(const mbedtls_x509_buf *subject_alt_name, + mbedtls_x509_san_other_name *other_name) { int ret = 0; size_t len; @@ -1729,19 +1717,19 @@ static int x509_get_other_name( const mbedtls_x509_buf *subject_alt_name, const unsigned char *end = p + subject_alt_name->len; mbedtls_x509_buf cur_oid; - if( ( subject_alt_name->tag & - ( MBEDTLS_ASN1_TAG_CLASS_MASK | MBEDTLS_ASN1_TAG_VALUE_MASK ) ) != - ( MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_X509_SAN_OTHER_NAME ) ) - { + if ((subject_alt_name->tag & + (MBEDTLS_ASN1_TAG_CLASS_MASK | MBEDTLS_ASN1_TAG_VALUE_MASK)) != + (MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_X509_SAN_OTHER_NAME)) { /* * The given subject alternative name is not of type "othername". */ - return( MBEDTLS_ERR_X509_BAD_INPUT_DATA ); + return MBEDTLS_ERR_X509_BAD_INPUT_DATA; } - if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, - MBEDTLS_ASN1_OID ) ) != 0 ) - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) ); + if ((ret = mbedtls_asn1_get_tag(&p, end, &len, + MBEDTLS_ASN1_OID)) != 0) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); + } cur_oid.tag = MBEDTLS_ASN1_OID; cur_oid.p = p; @@ -1750,62 +1738,61 @@ static int x509_get_other_name( const mbedtls_x509_buf *subject_alt_name, /* * Only HwModuleName is currently supported. */ - if( MBEDTLS_OID_CMP( MBEDTLS_OID_ON_HW_MODULE_NAME, &cur_oid ) != 0 ) - { - return( MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE ); + if (MBEDTLS_OID_CMP(MBEDTLS_OID_ON_HW_MODULE_NAME, &cur_oid) != 0) { + return MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE; } - if( p + len >= end ) - { - mbedtls_platform_zeroize( other_name, sizeof( *other_name ) ); - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) ); - } p += len; - if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_CONTEXT_SPECIFIC ) ) != 0 ) - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) ); + if ((ret = mbedtls_asn1_get_tag(&p, end, &len, + MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_CONTEXT_SPECIFIC)) != + 0) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); + } - if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) ); + if (end != p + len) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); + } - if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_OID ) ) != 0 ) - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) ); + if ((ret = mbedtls_asn1_get_tag(&p, end, &len, + MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); + } + + if (end != p + len) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); + } + + if ((ret = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_OID)) != 0) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); + } other_name->value.hardware_module_name.oid.tag = MBEDTLS_ASN1_OID; other_name->value.hardware_module_name.oid.p = p; other_name->value.hardware_module_name.oid.len = len; - if( p + len >= end ) - { - mbedtls_platform_zeroize( other_name, sizeof( *other_name ) ); - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) ); - } p += len; - if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, - MBEDTLS_ASN1_OCTET_STRING ) ) != 0 ) - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) ); + if ((ret = mbedtls_asn1_get_tag(&p, end, &len, + MBEDTLS_ASN1_OCTET_STRING)) != 0) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); + } other_name->value.hardware_module_name.val.tag = MBEDTLS_ASN1_OCTET_STRING; other_name->value.hardware_module_name.val.p = p; other_name->value.hardware_module_name.val.len = len; p += len; - if( p != end ) - { - mbedtls_platform_zeroize( other_name, - sizeof( *other_name ) ); - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) ); - } - return( 0 ); + if (p != end) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); + } + return 0; } -static int x509_info_subject_alt_name( char **buf, size_t *size, - const mbedtls_x509_sequence - *subject_alt_name, - const char *prefix ) +static int x509_info_subject_alt_name(char **buf, size_t *size, + const mbedtls_x509_sequence + *subject_alt_name, + const char *prefix) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t i; @@ -1815,28 +1802,22 @@ static int x509_info_subject_alt_name( char **buf, size_t *size, mbedtls_x509_subject_alternative_name san; int parse_ret; - while( cur != NULL ) - { - memset( &san, 0, sizeof( san ) ); - parse_ret = mbedtls_x509_parse_subject_alt_name( &cur->buf, &san ); - if( parse_ret != 0 ) - { - if( parse_ret == MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE ) - { - ret = mbedtls_snprintf( p, n, "\n%s ", prefix ); + while (cur != NULL) { + memset(&san, 0, sizeof(san)); + parse_ret = mbedtls_x509_parse_subject_alt_name(&cur->buf, &san); + if (parse_ret != 0) { + if (parse_ret == MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE) { + ret = mbedtls_snprintf(p, n, "\n%s ", prefix); MBEDTLS_X509_SAFE_SNPRINTF; - } - else - { - ret = mbedtls_snprintf( p, n, "\n%s ", prefix ); + } else { + ret = mbedtls_snprintf(p, n, "\n%s ", prefix); MBEDTLS_X509_SAFE_SNPRINTF; } cur = cur->next; continue; } - switch( san.type ) - { + switch (san.type) { /* * otherName */ @@ -1844,26 +1825,31 @@ static int x509_info_subject_alt_name( char **buf, size_t *size, { mbedtls_x509_san_other_name *other_name = &san.san.other_name; - ret = mbedtls_snprintf( p, n, "\n%s otherName :", prefix ); + ret = mbedtls_snprintf(p, n, "\n%s otherName :", prefix); MBEDTLS_X509_SAFE_SNPRINTF; - if( MBEDTLS_OID_CMP( MBEDTLS_OID_ON_HW_MODULE_NAME, - &other_name->value.hardware_module_name.oid ) != 0 ) - { - ret = mbedtls_snprintf( p, n, "\n%s hardware module name :", prefix ); + if (MBEDTLS_OID_CMP(MBEDTLS_OID_ON_HW_MODULE_NAME, + &other_name->value.hardware_module_name.oid) != 0) { + ret = mbedtls_snprintf(p, n, "\n%s hardware module name :", prefix); MBEDTLS_X509_SAFE_SNPRINTF; - ret = mbedtls_snprintf( p, n, "\n%s hardware type : ", prefix ); + ret = + mbedtls_snprintf(p, n, "\n%s hardware type : ", prefix); MBEDTLS_X509_SAFE_SNPRINTF; - ret = mbedtls_oid_get_numeric_string( p, n, &other_name->value.hardware_module_name.oid ); + ret = mbedtls_oid_get_numeric_string(p, + n, + &other_name->value.hardware_module_name.oid); MBEDTLS_X509_SAFE_SNPRINTF; - ret = mbedtls_snprintf( p, n, "\n%s hardware serial number : ", prefix ); + ret = + mbedtls_snprintf(p, n, "\n%s hardware serial number : ", prefix); MBEDTLS_X509_SAFE_SNPRINTF; - for( i = 0; i < other_name->value.hardware_module_name.val.len; i++ ) - { - ret = mbedtls_snprintf( p, n, "%02X", other_name->value.hardware_module_name.val.p[i] ); + for (i = 0; i < other_name->value.hardware_module_name.val.len; i++) { + ret = mbedtls_snprintf(p, + n, + "%02X", + other_name->value.hardware_module_name.val.p[i]); MBEDTLS_X509_SAFE_SNPRINTF; } }/* MBEDTLS_OID_ON_HW_MODULE_NAME */ @@ -1875,15 +1861,14 @@ static int x509_info_subject_alt_name( char **buf, size_t *size, */ case MBEDTLS_X509_SAN_DNS_NAME: { - ret = mbedtls_snprintf( p, n, "\n%s dNSName : ", prefix ); + ret = mbedtls_snprintf(p, n, "\n%s dNSName : ", prefix); MBEDTLS_X509_SAFE_SNPRINTF; - if( san.san.unstructured_name.len >= n ) - { + if (san.san.unstructured_name.len >= n) { *p = '\0'; - return( MBEDTLS_ERR_X509_BUFFER_TOO_SMALL ); + return MBEDTLS_ERR_X509_BUFFER_TOO_SMALL; } - memcpy( p, san.san.unstructured_name.p, san.san.unstructured_name.len ); + memcpy(p, san.san.unstructured_name.p, san.san.unstructured_name.len); p += san.san.unstructured_name.len; n -= san.san.unstructured_name.len; } @@ -1893,7 +1878,7 @@ static int x509_info_subject_alt_name( char **buf, size_t *size, * Type not supported, skip item. */ default: - ret = mbedtls_snprintf( p, n, "\n%s ", prefix ); + ret = mbedtls_snprintf(p, n, "\n%s ", prefix); MBEDTLS_X509_SAFE_SNPRINTF; break; } @@ -1906,32 +1891,32 @@ static int x509_info_subject_alt_name( char **buf, size_t *size, *size = n; *buf = p; - return( 0 ); + return 0; } -int mbedtls_x509_parse_subject_alt_name( const mbedtls_x509_buf *san_buf, - mbedtls_x509_subject_alternative_name *san ) +int mbedtls_x509_parse_subject_alt_name(const mbedtls_x509_buf *san_buf, + mbedtls_x509_subject_alternative_name *san) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - switch( san_buf->tag & - ( MBEDTLS_ASN1_TAG_CLASS_MASK | - MBEDTLS_ASN1_TAG_VALUE_MASK ) ) - { + switch (san_buf->tag & + (MBEDTLS_ASN1_TAG_CLASS_MASK | + MBEDTLS_ASN1_TAG_VALUE_MASK)) { /* * otherName */ - case( MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_X509_SAN_OTHER_NAME ): + case (MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_X509_SAN_OTHER_NAME): { mbedtls_x509_san_other_name other_name; - ret = x509_get_other_name( san_buf, &other_name ); - if( ret != 0 ) - return( ret ); + ret = x509_get_other_name(san_buf, &other_name); + if (ret != 0) { + return ret; + } - memset( san, 0, sizeof( mbedtls_x509_subject_alternative_name ) ); + memset(san, 0, sizeof(mbedtls_x509_subject_alternative_name)); san->type = MBEDTLS_X509_SAN_OTHER_NAME; - memcpy( &san->san.other_name, - &other_name, sizeof( other_name ) ); + memcpy(&san->san.other_name, + &other_name, sizeof(other_name)); } break; @@ -1939,13 +1924,13 @@ int mbedtls_x509_parse_subject_alt_name( const mbedtls_x509_buf *san_buf, /* * dNSName */ - case( MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_X509_SAN_DNS_NAME ): + case (MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_X509_SAN_DNS_NAME): { - memset( san, 0, sizeof( mbedtls_x509_subject_alternative_name ) ); + memset(san, 0, sizeof(mbedtls_x509_subject_alternative_name)); san->type = MBEDTLS_X509_SAN_DNS_NAME; - memcpy( &san->san.unstructured_name, - san_buf, sizeof( *san_buf ) ); + memcpy(&san->san.unstructured_name, + san_buf, sizeof(*san_buf)); } break; @@ -1954,75 +1939,75 @@ int mbedtls_x509_parse_subject_alt_name( const mbedtls_x509_buf *san_buf, * Type not supported */ default: - return( MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE ); + return MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE; } - return( 0 ); + return 0; } #define PRINT_ITEM(i) \ { \ - ret = mbedtls_snprintf( p, n, "%s" i, sep ); \ + ret = mbedtls_snprintf(p, n, "%s" i, sep); \ MBEDTLS_X509_SAFE_SNPRINTF; \ sep = ", "; \ } -#define CERT_TYPE(type,name) \ - if( ns_cert_type & (type) ) \ - PRINT_ITEM( name ); +#define CERT_TYPE(type, name) \ + if (ns_cert_type & (type)) \ + PRINT_ITEM(name); -static int x509_info_cert_type( char **buf, size_t *size, - unsigned char ns_cert_type ) +static int x509_info_cert_type(char **buf, size_t *size, + unsigned char ns_cert_type) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t n = *size; char *p = *buf; const char *sep = ""; - CERT_TYPE( MBEDTLS_X509_NS_CERT_TYPE_SSL_CLIENT, "SSL Client" ); - CERT_TYPE( MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER, "SSL Server" ); - CERT_TYPE( MBEDTLS_X509_NS_CERT_TYPE_EMAIL, "Email" ); - CERT_TYPE( MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING, "Object Signing" ); - CERT_TYPE( MBEDTLS_X509_NS_CERT_TYPE_RESERVED, "Reserved" ); - CERT_TYPE( MBEDTLS_X509_NS_CERT_TYPE_SSL_CA, "SSL CA" ); - CERT_TYPE( MBEDTLS_X509_NS_CERT_TYPE_EMAIL_CA, "Email CA" ); - CERT_TYPE( MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING_CA, "Object Signing CA" ); + CERT_TYPE(MBEDTLS_X509_NS_CERT_TYPE_SSL_CLIENT, "SSL Client"); + CERT_TYPE(MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER, "SSL Server"); + CERT_TYPE(MBEDTLS_X509_NS_CERT_TYPE_EMAIL, "Email"); + CERT_TYPE(MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING, "Object Signing"); + CERT_TYPE(MBEDTLS_X509_NS_CERT_TYPE_RESERVED, "Reserved"); + CERT_TYPE(MBEDTLS_X509_NS_CERT_TYPE_SSL_CA, "SSL CA"); + CERT_TYPE(MBEDTLS_X509_NS_CERT_TYPE_EMAIL_CA, "Email CA"); + CERT_TYPE(MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING_CA, "Object Signing CA"); *size = n; *buf = p; - return( 0 ); + return 0; } -#define KEY_USAGE(code,name) \ - if( key_usage & (code) ) \ - PRINT_ITEM( name ); +#define KEY_USAGE(code, name) \ + if (key_usage & (code)) \ + PRINT_ITEM(name); -static int x509_info_key_usage( char **buf, size_t *size, - unsigned int key_usage ) +static int x509_info_key_usage(char **buf, size_t *size, + unsigned int key_usage) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t n = *size; char *p = *buf; const char *sep = ""; - KEY_USAGE( MBEDTLS_X509_KU_DIGITAL_SIGNATURE, "Digital Signature" ); - KEY_USAGE( MBEDTLS_X509_KU_NON_REPUDIATION, "Non Repudiation" ); - KEY_USAGE( MBEDTLS_X509_KU_KEY_ENCIPHERMENT, "Key Encipherment" ); - KEY_USAGE( MBEDTLS_X509_KU_DATA_ENCIPHERMENT, "Data Encipherment" ); - KEY_USAGE( MBEDTLS_X509_KU_KEY_AGREEMENT, "Key Agreement" ); - KEY_USAGE( MBEDTLS_X509_KU_KEY_CERT_SIGN, "Key Cert Sign" ); - KEY_USAGE( MBEDTLS_X509_KU_CRL_SIGN, "CRL Sign" ); - KEY_USAGE( MBEDTLS_X509_KU_ENCIPHER_ONLY, "Encipher Only" ); - KEY_USAGE( MBEDTLS_X509_KU_DECIPHER_ONLY, "Decipher Only" ); + KEY_USAGE(MBEDTLS_X509_KU_DIGITAL_SIGNATURE, "Digital Signature"); + KEY_USAGE(MBEDTLS_X509_KU_NON_REPUDIATION, "Non Repudiation"); + KEY_USAGE(MBEDTLS_X509_KU_KEY_ENCIPHERMENT, "Key Encipherment"); + KEY_USAGE(MBEDTLS_X509_KU_DATA_ENCIPHERMENT, "Data Encipherment"); + KEY_USAGE(MBEDTLS_X509_KU_KEY_AGREEMENT, "Key Agreement"); + KEY_USAGE(MBEDTLS_X509_KU_KEY_CERT_SIGN, "Key Cert Sign"); + KEY_USAGE(MBEDTLS_X509_KU_CRL_SIGN, "CRL Sign"); + KEY_USAGE(MBEDTLS_X509_KU_ENCIPHER_ONLY, "Encipher Only"); + KEY_USAGE(MBEDTLS_X509_KU_DECIPHER_ONLY, "Decipher Only"); *size = n; *buf = p; - return( 0 ); + return 0; } -static int x509_info_ext_key_usage( char **buf, size_t *size, - const mbedtls_x509_sequence *extended_key_usage ) +static int x509_info_ext_key_usage(char **buf, size_t *size, + const mbedtls_x509_sequence *extended_key_usage) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; const char *desc; @@ -2031,12 +2016,12 @@ static int x509_info_ext_key_usage( char **buf, size_t *size, const mbedtls_x509_sequence *cur = extended_key_usage; const char *sep = ""; - while( cur != NULL ) - { - if( mbedtls_oid_get_extended_key_usage( &cur->buf, &desc ) != 0 ) + while (cur != NULL) { + if (mbedtls_oid_get_extended_key_usage(&cur->buf, &desc) != 0) { desc = "???"; + } - ret = mbedtls_snprintf( p, n, "%s%s", sep, desc ); + ret = mbedtls_snprintf(p, n, "%s%s", sep, desc); MBEDTLS_X509_SAFE_SNPRINTF; sep = ", "; @@ -2047,11 +2032,11 @@ static int x509_info_ext_key_usage( char **buf, size_t *size, *size = n; *buf = p; - return( 0 ); + return 0; } -static int x509_info_cert_policies( char **buf, size_t *size, - const mbedtls_x509_sequence *certificate_policies ) +static int x509_info_cert_policies(char **buf, size_t *size, + const mbedtls_x509_sequence *certificate_policies) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; const char *desc; @@ -2060,12 +2045,12 @@ static int x509_info_cert_policies( char **buf, size_t *size, const mbedtls_x509_sequence *cur = certificate_policies; const char *sep = ""; - while( cur != NULL ) - { - if( mbedtls_oid_get_certificate_policies( &cur->buf, &desc ) != 0 ) + while (cur != NULL) { + if (mbedtls_oid_get_certificate_policies(&cur->buf, &desc) != 0) { desc = "???"; + } - ret = mbedtls_snprintf( p, n, "%s%s", sep, desc ); + ret = mbedtls_snprintf(p, n, "%s%s", sep, desc); MBEDTLS_X509_SAFE_SNPRINTF; sep = ", "; @@ -2076,7 +2061,7 @@ static int x509_info_cert_policies( char **buf, size_t *size, *size = n; *buf = p; - return( 0 ); + return 0; } /* @@ -2084,8 +2069,8 @@ static int x509_info_cert_policies( char **buf, size_t *size, */ #define BEFORE_COLON 18 #define BC "18" -int mbedtls_x509_crt_info( char *buf, size_t size, const char *prefix, - const mbedtls_x509_crt *crt ) +int mbedtls_x509_crt_info(char *buf, size_t size, const char *prefix, + const mbedtls_x509_crt *crt) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t n; @@ -2095,136 +2080,132 @@ int mbedtls_x509_crt_info( char *buf, size_t size, const char *prefix, p = buf; n = size; - if( NULL == crt ) - { - ret = mbedtls_snprintf( p, n, "\nCertificate is uninitialised!\n" ); + if (NULL == crt) { + ret = mbedtls_snprintf(p, n, "\nCertificate is uninitialised!\n"); MBEDTLS_X509_SAFE_SNPRINTF; - return( (int) ( size - n ) ); + return (int) (size - n); } - ret = mbedtls_snprintf( p, n, "%scert. version : %d\n", - prefix, crt->version ); + ret = mbedtls_snprintf(p, n, "%scert. version : %d\n", + prefix, crt->version); MBEDTLS_X509_SAFE_SNPRINTF; - ret = mbedtls_snprintf( p, n, "%sserial number : ", - prefix ); + ret = mbedtls_snprintf(p, n, "%sserial number : ", + prefix); MBEDTLS_X509_SAFE_SNPRINTF; - ret = mbedtls_x509_serial_gets( p, n, &crt->serial ); + ret = mbedtls_x509_serial_gets(p, n, &crt->serial); MBEDTLS_X509_SAFE_SNPRINTF; - ret = mbedtls_snprintf( p, n, "\n%sissuer name : ", prefix ); + ret = mbedtls_snprintf(p, n, "\n%sissuer name : ", prefix); MBEDTLS_X509_SAFE_SNPRINTF; - ret = mbedtls_x509_dn_gets( p, n, &crt->issuer ); + ret = mbedtls_x509_dn_gets(p, n, &crt->issuer); MBEDTLS_X509_SAFE_SNPRINTF; - ret = mbedtls_snprintf( p, n, "\n%ssubject name : ", prefix ); + ret = mbedtls_snprintf(p, n, "\n%ssubject name : ", prefix); MBEDTLS_X509_SAFE_SNPRINTF; - ret = mbedtls_x509_dn_gets( p, n, &crt->subject ); + ret = mbedtls_x509_dn_gets(p, n, &crt->subject); MBEDTLS_X509_SAFE_SNPRINTF; - ret = mbedtls_snprintf( p, n, "\n%sissued on : " \ - "%04d-%02d-%02d %02d:%02d:%02d", prefix, - crt->valid_from.year, crt->valid_from.mon, - crt->valid_from.day, crt->valid_from.hour, - crt->valid_from.min, crt->valid_from.sec ); + ret = mbedtls_snprintf(p, n, "\n%sissued on : " \ + "%04d-%02d-%02d %02d:%02d:%02d", prefix, + crt->valid_from.year, crt->valid_from.mon, + crt->valid_from.day, crt->valid_from.hour, + crt->valid_from.min, crt->valid_from.sec); MBEDTLS_X509_SAFE_SNPRINTF; - ret = mbedtls_snprintf( p, n, "\n%sexpires on : " \ - "%04d-%02d-%02d %02d:%02d:%02d", prefix, - crt->valid_to.year, crt->valid_to.mon, - crt->valid_to.day, crt->valid_to.hour, - crt->valid_to.min, crt->valid_to.sec ); + ret = mbedtls_snprintf(p, n, "\n%sexpires on : " \ + "%04d-%02d-%02d %02d:%02d:%02d", prefix, + crt->valid_to.year, crt->valid_to.mon, + crt->valid_to.day, crt->valid_to.hour, + crt->valid_to.min, crt->valid_to.sec); MBEDTLS_X509_SAFE_SNPRINTF; - ret = mbedtls_snprintf( p, n, "\n%ssigned using : ", prefix ); + ret = mbedtls_snprintf(p, n, "\n%ssigned using : ", prefix); MBEDTLS_X509_SAFE_SNPRINTF; - ret = mbedtls_x509_sig_alg_gets( p, n, &crt->sig_oid, crt->sig_pk, - crt->sig_md, crt->sig_opts ); + ret = mbedtls_x509_sig_alg_gets(p, n, &crt->sig_oid, crt->sig_pk, + crt->sig_md, crt->sig_opts); MBEDTLS_X509_SAFE_SNPRINTF; /* Key size */ - if( ( ret = mbedtls_x509_key_size_helper( key_size_str, BEFORE_COLON, - mbedtls_pk_get_name( &crt->pk ) ) ) != 0 ) - { - return( ret ); + if ((ret = mbedtls_x509_key_size_helper(key_size_str, BEFORE_COLON, + mbedtls_pk_get_name(&crt->pk))) != 0) { + return ret; } - ret = mbedtls_snprintf( p, n, "\n%s%-" BC "s: %d bits", prefix, key_size_str, - (int) mbedtls_pk_get_bitlen( &crt->pk ) ); + ret = mbedtls_snprintf(p, n, "\n%s%-" BC "s: %d bits", prefix, key_size_str, + (int) mbedtls_pk_get_bitlen(&crt->pk)); MBEDTLS_X509_SAFE_SNPRINTF; /* * Optional extensions */ - if( crt->ext_types & MBEDTLS_X509_EXT_BASIC_CONSTRAINTS ) - { - ret = mbedtls_snprintf( p, n, "\n%sbasic constraints : CA=%s", prefix, - crt->ca_istrue ? "true" : "false" ); + if (crt->ext_types & MBEDTLS_X509_EXT_BASIC_CONSTRAINTS) { + ret = mbedtls_snprintf(p, n, "\n%sbasic constraints : CA=%s", prefix, + crt->ca_istrue ? "true" : "false"); MBEDTLS_X509_SAFE_SNPRINTF; - if( crt->max_pathlen > 0 ) - { - ret = mbedtls_snprintf( p, n, ", max_pathlen=%d", crt->max_pathlen - 1 ); + if (crt->max_pathlen > 0) { + ret = mbedtls_snprintf(p, n, ", max_pathlen=%d", crt->max_pathlen - 1); MBEDTLS_X509_SAFE_SNPRINTF; } } - if( crt->ext_types & MBEDTLS_X509_EXT_SUBJECT_ALT_NAME ) - { - ret = mbedtls_snprintf( p, n, "\n%ssubject alt name :", prefix ); + if (crt->ext_types & MBEDTLS_X509_EXT_SUBJECT_ALT_NAME) { + ret = mbedtls_snprintf(p, n, "\n%ssubject alt name :", prefix); MBEDTLS_X509_SAFE_SNPRINTF; - if( ( ret = x509_info_subject_alt_name( &p, &n, - &crt->subject_alt_names, - prefix ) ) != 0 ) - return( ret ); + if ((ret = x509_info_subject_alt_name(&p, &n, + &crt->subject_alt_names, + prefix)) != 0) { + return ret; + } } - if( crt->ext_types & MBEDTLS_X509_EXT_NS_CERT_TYPE ) - { - ret = mbedtls_snprintf( p, n, "\n%scert. type : ", prefix ); + if (crt->ext_types & MBEDTLS_X509_EXT_NS_CERT_TYPE) { + ret = mbedtls_snprintf(p, n, "\n%scert. type : ", prefix); MBEDTLS_X509_SAFE_SNPRINTF; - if( ( ret = x509_info_cert_type( &p, &n, crt->ns_cert_type ) ) != 0 ) - return( ret ); + if ((ret = x509_info_cert_type(&p, &n, crt->ns_cert_type)) != 0) { + return ret; + } } - if( crt->ext_types & MBEDTLS_X509_EXT_KEY_USAGE ) - { - ret = mbedtls_snprintf( p, n, "\n%skey usage : ", prefix ); + if (crt->ext_types & MBEDTLS_X509_EXT_KEY_USAGE) { + ret = mbedtls_snprintf(p, n, "\n%skey usage : ", prefix); MBEDTLS_X509_SAFE_SNPRINTF; - if( ( ret = x509_info_key_usage( &p, &n, crt->key_usage ) ) != 0 ) - return( ret ); + if ((ret = x509_info_key_usage(&p, &n, crt->key_usage)) != 0) { + return ret; + } } - if( crt->ext_types & MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE ) - { - ret = mbedtls_snprintf( p, n, "\n%sext key usage : ", prefix ); + if (crt->ext_types & MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE) { + ret = mbedtls_snprintf(p, n, "\n%sext key usage : ", prefix); MBEDTLS_X509_SAFE_SNPRINTF; - if( ( ret = x509_info_ext_key_usage( &p, &n, - &crt->ext_key_usage ) ) != 0 ) - return( ret ); + if ((ret = x509_info_ext_key_usage(&p, &n, + &crt->ext_key_usage)) != 0) { + return ret; + } } - if( crt->ext_types & MBEDTLS_OID_X509_EXT_CERTIFICATE_POLICIES ) - { - ret = mbedtls_snprintf( p, n, "\n%scertificate policies : ", prefix ); + if (crt->ext_types & MBEDTLS_OID_X509_EXT_CERTIFICATE_POLICIES) { + ret = mbedtls_snprintf(p, n, "\n%scertificate policies : ", prefix); MBEDTLS_X509_SAFE_SNPRINTF; - if( ( ret = x509_info_cert_policies( &p, &n, - &crt->certificate_policies ) ) != 0 ) - return( ret ); + if ((ret = x509_info_cert_policies(&p, &n, + &crt->certificate_policies)) != 0) { + return ret; + } } - ret = mbedtls_snprintf( p, n, "\n" ); + ret = mbedtls_snprintf(p, n, "\n"); MBEDTLS_X509_SAFE_SNPRINTF; - return( (int) ( size - n ) ); + return (int) (size - n); } struct x509_crt_verify_string { @@ -2235,8 +2216,10 @@ struct x509_crt_verify_string { static const struct x509_crt_verify_string x509_crt_verify_strings[] = { { MBEDTLS_X509_BADCERT_EXPIRED, "The certificate validity has expired" }, { MBEDTLS_X509_BADCERT_REVOKED, "The certificate has been revoked (is on a CRL)" }, - { MBEDTLS_X509_BADCERT_CN_MISMATCH, "The certificate Common Name (CN) does not match with the expected CN" }, - { MBEDTLS_X509_BADCERT_NOT_TRUSTED, "The certificate is not correctly signed by the trusted CA" }, + { MBEDTLS_X509_BADCERT_CN_MISMATCH, + "The certificate Common Name (CN) does not match with the expected CN" }, + { MBEDTLS_X509_BADCERT_NOT_TRUSTED, + "The certificate is not correctly signed by the trusted CA" }, { MBEDTLS_X509_BADCRL_NOT_TRUSTED, "The CRL is not correctly signed by the trusted CA" }, { MBEDTLS_X509_BADCRL_EXPIRED, "The CRL is expired" }, { MBEDTLS_X509_BADCERT_MISSING, "Certificate was missing" }, @@ -2248,96 +2231,102 @@ static const struct x509_crt_verify_string x509_crt_verify_strings[] = { { MBEDTLS_X509_BADCERT_EXT_KEY_USAGE, "Usage does not match the extendedKeyUsage extension" }, { MBEDTLS_X509_BADCERT_NS_CERT_TYPE, "Usage does not match the nsCertType extension" }, { MBEDTLS_X509_BADCERT_BAD_MD, "The certificate is signed with an unacceptable hash." }, - { MBEDTLS_X509_BADCERT_BAD_PK, "The certificate is signed with an unacceptable PK alg (eg RSA vs ECDSA)." }, - { MBEDTLS_X509_BADCERT_BAD_KEY, "The certificate is signed with an unacceptable key (eg bad curve, RSA too short)." }, + { MBEDTLS_X509_BADCERT_BAD_PK, + "The certificate is signed with an unacceptable PK alg (eg RSA vs ECDSA)." }, + { MBEDTLS_X509_BADCERT_BAD_KEY, + "The certificate is signed with an unacceptable key (eg bad curve, RSA too short)." }, { MBEDTLS_X509_BADCRL_BAD_MD, "The CRL is signed with an unacceptable hash." }, - { MBEDTLS_X509_BADCRL_BAD_PK, "The CRL is signed with an unacceptable PK alg (eg RSA vs ECDSA)." }, - { MBEDTLS_X509_BADCRL_BAD_KEY, "The CRL is signed with an unacceptable key (eg bad curve, RSA too short)." }, + { MBEDTLS_X509_BADCRL_BAD_PK, + "The CRL is signed with an unacceptable PK alg (eg RSA vs ECDSA)." }, + { MBEDTLS_X509_BADCRL_BAD_KEY, + "The CRL is signed with an unacceptable key (eg bad curve, RSA too short)." }, { 0, NULL } }; -int mbedtls_x509_crt_verify_info( char *buf, size_t size, const char *prefix, - uint32_t flags ) +int mbedtls_x509_crt_verify_info(char *buf, size_t size, const char *prefix, + uint32_t flags) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; const struct x509_crt_verify_string *cur; char *p = buf; size_t n = size; - for( cur = x509_crt_verify_strings; cur->string != NULL ; cur++ ) - { - if( ( flags & cur->code ) == 0 ) + for (cur = x509_crt_verify_strings; cur->string != NULL; cur++) { + if ((flags & cur->code) == 0) { continue; + } - ret = mbedtls_snprintf( p, n, "%s%s\n", prefix, cur->string ); + ret = mbedtls_snprintf(p, n, "%s%s\n", prefix, cur->string); MBEDTLS_X509_SAFE_SNPRINTF; flags ^= cur->code; } - if( flags != 0 ) - { - ret = mbedtls_snprintf( p, n, "%sUnknown reason " - "(this should not happen)\n", prefix ); + if (flags != 0) { + ret = mbedtls_snprintf(p, n, "%sUnknown reason " + "(this should not happen)\n", prefix); MBEDTLS_X509_SAFE_SNPRINTF; } - return( (int) ( size - n ) ); + return (int) (size - n); } #if defined(MBEDTLS_X509_CHECK_KEY_USAGE) -int mbedtls_x509_crt_check_key_usage( const mbedtls_x509_crt *crt, - unsigned int usage ) +int mbedtls_x509_crt_check_key_usage(const mbedtls_x509_crt *crt, + unsigned int usage) { unsigned int usage_must, usage_may; unsigned int may_mask = MBEDTLS_X509_KU_ENCIPHER_ONLY - | MBEDTLS_X509_KU_DECIPHER_ONLY; + | MBEDTLS_X509_KU_DECIPHER_ONLY; - if( ( crt->ext_types & MBEDTLS_X509_EXT_KEY_USAGE ) == 0 ) - return( 0 ); + if ((crt->ext_types & MBEDTLS_X509_EXT_KEY_USAGE) == 0) { + return 0; + } usage_must = usage & ~may_mask; - if( ( ( crt->key_usage & ~may_mask ) & usage_must ) != usage_must ) - return( MBEDTLS_ERR_X509_BAD_INPUT_DATA ); + if (((crt->key_usage & ~may_mask) & usage_must) != usage_must) { + return MBEDTLS_ERR_X509_BAD_INPUT_DATA; + } usage_may = usage & may_mask; - if( ( ( crt->key_usage & may_mask ) | usage_may ) != usage_may ) - return( MBEDTLS_ERR_X509_BAD_INPUT_DATA ); + if (((crt->key_usage & may_mask) | usage_may) != usage_may) { + return MBEDTLS_ERR_X509_BAD_INPUT_DATA; + } - return( 0 ); + return 0; } #endif #if defined(MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE) -int mbedtls_x509_crt_check_extended_key_usage( const mbedtls_x509_crt *crt, - const char *usage_oid, - size_t usage_len ) +int mbedtls_x509_crt_check_extended_key_usage(const mbedtls_x509_crt *crt, + const char *usage_oid, + size_t usage_len) { const mbedtls_x509_sequence *cur; /* Extension is not mandatory, absent means no restriction */ - if( ( crt->ext_types & MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE ) == 0 ) - return( 0 ); + if ((crt->ext_types & MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE) == 0) { + return 0; + } /* * Look for the requested usage (or wildcard ANY) in our list */ - for( cur = &crt->ext_key_usage; cur != NULL; cur = cur->next ) - { + for (cur = &crt->ext_key_usage; cur != NULL; cur = cur->next) { const mbedtls_x509_buf *cur_oid = &cur->buf; - if( cur_oid->len == usage_len && - memcmp( cur_oid->p, usage_oid, usage_len ) == 0 ) - { - return( 0 ); + if (cur_oid->len == usage_len && + memcmp(cur_oid->p, usage_oid, usage_len) == 0) { + return 0; } - if( MBEDTLS_OID_CMP( MBEDTLS_OID_ANY_EXTENDED_KEY_USAGE, cur_oid ) == 0 ) - return( 0 ); + if (MBEDTLS_OID_CMP(MBEDTLS_OID_ANY_EXTENDED_KEY_USAGE, cur_oid) == 0) { + return 0; + } } - return( MBEDTLS_ERR_X509_BAD_INPUT_DATA ); + return MBEDTLS_ERR_X509_BAD_INPUT_DATA; } #endif /* MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE */ @@ -2345,44 +2334,41 @@ int mbedtls_x509_crt_check_extended_key_usage( const mbedtls_x509_crt *crt, /* * Return 1 if the certificate is revoked, or 0 otherwise. */ -int mbedtls_x509_crt_is_revoked( const mbedtls_x509_crt *crt, const mbedtls_x509_crl *crl ) +int mbedtls_x509_crt_is_revoked(const mbedtls_x509_crt *crt, const mbedtls_x509_crl *crl) { const mbedtls_x509_crl_entry *cur = &crl->entry; - while( cur != NULL && cur->serial.len != 0 ) - { - if( crt->serial.len == cur->serial.len && - memcmp( crt->serial.p, cur->serial.p, crt->serial.len ) == 0 ) - { - return( 1 ); + while (cur != NULL && cur->serial.len != 0) { + if (crt->serial.len == cur->serial.len && + memcmp(crt->serial.p, cur->serial.p, crt->serial.len) == 0) { + return 1; } cur = cur->next; } - return( 0 ); + return 0; } /* * Check that the given certificate is not revoked according to the CRL. * Skip validation if no CRL for the given CA is present. */ -static int x509_crt_verifycrl( mbedtls_x509_crt *crt, mbedtls_x509_crt *ca, - mbedtls_x509_crl *crl_list, - const mbedtls_x509_crt_profile *profile ) +static int x509_crt_verifycrl(mbedtls_x509_crt *crt, mbedtls_x509_crt *ca, + mbedtls_x509_crl *crl_list, + const mbedtls_x509_crt_profile *profile) { int flags = 0; unsigned char hash[MBEDTLS_MD_MAX_SIZE]; const mbedtls_md_info_t *md_info; - if( ca == NULL ) - return( flags ); + if (ca == NULL) { + return flags; + } - while( crl_list != NULL ) - { - if( crl_list->version == 0 || - x509_name_cmp( &crl_list->issuer, &ca->subject ) != 0 ) - { + while (crl_list != NULL) { + if (crl_list->version == 0 || + x509_name_cmp(&crl_list->issuer, &ca->subject) != 0) { crl_list = crl_list->next; continue; } @@ -2391,9 +2377,8 @@ static int x509_crt_verifycrl( mbedtls_x509_crt *crt, mbedtls_x509_crt *ca, * Check if the CA is configured to sign CRLs */ #if defined(MBEDTLS_X509_CHECK_KEY_USAGE) - if( mbedtls_x509_crt_check_key_usage( ca, - MBEDTLS_X509_KU_CRL_SIGN ) != 0 ) - { + if (mbedtls_x509_crt_check_key_usage(ca, + MBEDTLS_X509_KU_CRL_SIGN) != 0) { flags |= MBEDTLS_X509_BADCRL_NOT_TRUSTED; break; } @@ -2402,27 +2387,28 @@ static int x509_crt_verifycrl( mbedtls_x509_crt *crt, mbedtls_x509_crt *ca, /* * Check if CRL is correctly signed by the trusted CA */ - if( x509_profile_check_md_alg( profile, crl_list->sig_md ) != 0 ) + if (x509_profile_check_md_alg(profile, crl_list->sig_md) != 0) { flags |= MBEDTLS_X509_BADCRL_BAD_MD; + } - if( x509_profile_check_pk_alg( profile, crl_list->sig_pk ) != 0 ) + if (x509_profile_check_pk_alg(profile, crl_list->sig_pk) != 0) { flags |= MBEDTLS_X509_BADCRL_BAD_PK; + } - md_info = mbedtls_md_info_from_type( crl_list->sig_md ); - if( mbedtls_md( md_info, crl_list->tbs.p, crl_list->tbs.len, hash ) != 0 ) - { + md_info = mbedtls_md_info_from_type(crl_list->sig_md); + if (mbedtls_md(md_info, crl_list->tbs.p, crl_list->tbs.len, hash) != 0) { /* Note: this can't happen except after an internal error */ flags |= MBEDTLS_X509_BADCRL_NOT_TRUSTED; break; } - if( x509_profile_check_key( profile, &ca->pk ) != 0 ) + if (x509_profile_check_key(profile, &ca->pk) != 0) { flags |= MBEDTLS_X509_BADCERT_BAD_KEY; + } - if( mbedtls_pk_verify_ext( crl_list->sig_pk, crl_list->sig_opts, &ca->pk, - crl_list->sig_md, hash, mbedtls_md_get_size( md_info ), - crl_list->sig.p, crl_list->sig.len ) != 0 ) - { + if (mbedtls_pk_verify_ext(crl_list->sig_pk, crl_list->sig_opts, &ca->pk, + crl_list->sig_md, hash, mbedtls_md_get_size(md_info), + crl_list->sig.p, crl_list->sig.len) != 0) { flags |= MBEDTLS_X509_BADCRL_NOT_TRUSTED; break; } @@ -2430,17 +2416,18 @@ static int x509_crt_verifycrl( mbedtls_x509_crt *crt, mbedtls_x509_crt *ca, /* * Check for validity of CRL (Do not drop out) */ - if( mbedtls_x509_time_is_past( &crl_list->next_update ) ) + if (mbedtls_x509_time_is_past(&crl_list->next_update)) { flags |= MBEDTLS_X509_BADCRL_EXPIRED; + } - if( mbedtls_x509_time_is_future( &crl_list->this_update ) ) + if (mbedtls_x509_time_is_future(&crl_list->this_update)) { flags |= MBEDTLS_X509_BADCRL_FUTURE; + } /* * Check if certificate is revoked */ - if( mbedtls_x509_crt_is_revoked( crt, crl_list ) ) - { + if (mbedtls_x509_crt_is_revoked(crt, crl_list)) { flags |= MBEDTLS_X509_BADCERT_REVOKED; break; } @@ -2448,64 +2435,64 @@ static int x509_crt_verifycrl( mbedtls_x509_crt *crt, mbedtls_x509_crt *ca, crl_list = crl_list->next; } - return( flags ); + return flags; } #endif /* MBEDTLS_X509_CRL_PARSE_C */ /* * Check the signature of a certificate by its parent */ -static int x509_crt_check_signature( const mbedtls_x509_crt *child, - mbedtls_x509_crt *parent, - mbedtls_x509_crt_restart_ctx *rs_ctx ) +static int x509_crt_check_signature(const mbedtls_x509_crt *child, + mbedtls_x509_crt *parent, + mbedtls_x509_crt_restart_ctx *rs_ctx) { unsigned char hash[MBEDTLS_MD_MAX_SIZE]; size_t hash_len; #if !defined(MBEDTLS_USE_PSA_CRYPTO) const mbedtls_md_info_t *md_info; - md_info = mbedtls_md_info_from_type( child->sig_md ); - hash_len = mbedtls_md_get_size( md_info ); + md_info = mbedtls_md_info_from_type(child->sig_md); + hash_len = mbedtls_md_get_size(md_info); /* Note: hash errors can happen only after an internal error */ - if( mbedtls_md( md_info, child->tbs.p, child->tbs.len, hash ) != 0 ) - return( -1 ); + if (mbedtls_md(md_info, child->tbs.p, child->tbs.len, hash) != 0) { + return -1; + } #else psa_hash_operation_t hash_operation = PSA_HASH_OPERATION_INIT; - psa_algorithm_t hash_alg = mbedtls_psa_translate_md( child->sig_md ); + psa_algorithm_t hash_alg = mbedtls_psa_translate_md(child->sig_md); - if( psa_hash_setup( &hash_operation, hash_alg ) != PSA_SUCCESS ) - return( -1 ); + if (psa_hash_setup(&hash_operation, hash_alg) != PSA_SUCCESS) { + return -1; + } - if( psa_hash_update( &hash_operation, child->tbs.p, child->tbs.len ) - != PSA_SUCCESS ) - { - return( -1 ); + if (psa_hash_update(&hash_operation, child->tbs.p, child->tbs.len) + != PSA_SUCCESS) { + return -1; } - if( psa_hash_finish( &hash_operation, hash, sizeof( hash ), &hash_len ) - != PSA_SUCCESS ) - { - return( -1 ); + if (psa_hash_finish(&hash_operation, hash, sizeof(hash), &hash_len) + != PSA_SUCCESS) { + return -1; } #endif /* MBEDTLS_USE_PSA_CRYPTO */ /* Skip expensive computation on obvious mismatch */ - if( ! mbedtls_pk_can_do( &parent->pk, child->sig_pk ) ) - return( -1 ); + if (!mbedtls_pk_can_do(&parent->pk, child->sig_pk)) { + return -1; + } #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) - if( rs_ctx != NULL && child->sig_pk == MBEDTLS_PK_ECDSA ) - { - return( mbedtls_pk_verify_restartable( &parent->pk, - child->sig_md, hash, hash_len, - child->sig.p, child->sig.len, &rs_ctx->pk ) ); + if (rs_ctx != NULL && child->sig_pk == MBEDTLS_PK_ECDSA) { + return mbedtls_pk_verify_restartable(&parent->pk, + child->sig_md, hash, hash_len, + child->sig.p, child->sig.len, &rs_ctx->pk); } #else (void) rs_ctx; #endif - return( mbedtls_pk_verify_ext( child->sig_pk, child->sig_opts, &parent->pk, - child->sig_md, hash, hash_len, - child->sig.p, child->sig.len ) ); + return mbedtls_pk_verify_ext(child->sig_pk, child->sig_opts, &parent->pk, + child->sig_md, hash, hash_len, + child->sig.p, child->sig.len); } /* @@ -2514,35 +2501,37 @@ static int x509_crt_check_signature( const mbedtls_x509_crt *child, * * top means parent is a locally-trusted certificate */ -static int x509_crt_check_parent( const mbedtls_x509_crt *child, - const mbedtls_x509_crt *parent, - int top ) +static int x509_crt_check_parent(const mbedtls_x509_crt *child, + const mbedtls_x509_crt *parent, + int top) { int need_ca_bit; /* Parent must be the issuer */ - if( x509_name_cmp( &child->issuer, &parent->subject ) != 0 ) - return( -1 ); + if (x509_name_cmp(&child->issuer, &parent->subject) != 0) { + return -1; + } /* Parent must have the basicConstraints CA bit set as a general rule */ need_ca_bit = 1; /* Exception: v1/v2 certificates that are locally trusted. */ - if( top && parent->version < 3 ) + if (top && parent->version < 3) { need_ca_bit = 0; + } - if( need_ca_bit && ! parent->ca_istrue ) - return( -1 ); + if (need_ca_bit && !parent->ca_istrue) { + return -1; + } #if defined(MBEDTLS_X509_CHECK_KEY_USAGE) - if( need_ca_bit && - mbedtls_x509_crt_check_key_usage( parent, MBEDTLS_X509_KU_KEY_CERT_SIGN ) != 0 ) - { - return( -1 ); + if (need_ca_bit && + mbedtls_x509_crt_check_key_usage(parent, MBEDTLS_X509_KU_KEY_CERT_SIGN) != 0) { + return -1; } #endif - return( 0 ); + return 0; } /* @@ -2589,14 +2578,14 @@ static int x509_crt_check_parent( const mbedtls_x509_crt *child, * - MBEDTLS_ERR_ECP_IN_PROGRESS otherwise */ static int x509_crt_find_parent_in( - mbedtls_x509_crt *child, - mbedtls_x509_crt *candidates, - mbedtls_x509_crt **r_parent, - int *r_signature_is_good, - int top, - unsigned path_cnt, - unsigned self_cnt, - mbedtls_x509_crt_restart_ctx *rs_ctx ) + mbedtls_x509_crt *child, + mbedtls_x509_crt *candidates, + mbedtls_x509_crt **r_parent, + int *r_signature_is_good, + int top, + unsigned path_cnt, + unsigned self_cnt, + mbedtls_x509_crt_restart_ctx *rs_ctx) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_x509_crt *parent, *fallback_parent; @@ -2604,8 +2593,7 @@ static int x509_crt_find_parent_in( #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) /* did we have something in progress? */ - if( rs_ctx != NULL && rs_ctx->parent != NULL ) - { + if (rs_ctx != NULL && rs_ctx->parent != NULL) { /* restore saved state */ parent = rs_ctx->parent; fallback_parent = rs_ctx->fallback_parent; @@ -2624,16 +2612,15 @@ static int x509_crt_find_parent_in( fallback_parent = NULL; fallback_signature_is_good = 0; - for( parent = candidates; parent != NULL; parent = parent->next ) - { + for (parent = candidates; parent != NULL; parent = parent->next) { /* basic parenting skills (name, CA bit, key usage) */ - if( x509_crt_check_parent( child, parent, top ) != 0 ) + if (x509_crt_check_parent(child, parent, top) != 0) { continue; + } /* +1 because stored max_pathlen is 1 higher that the actual value */ - if( parent->max_pathlen > 0 && - (size_t) parent->max_pathlen < 1 + path_cnt - self_cnt ) - { + if (parent->max_pathlen > 0 && + (size_t) parent->max_pathlen < 1 + path_cnt - self_cnt) { continue; } @@ -2641,32 +2628,30 @@ static int x509_crt_find_parent_in( #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) check_signature: #endif - ret = x509_crt_check_signature( child, parent, rs_ctx ); + ret = x509_crt_check_signature(child, parent, rs_ctx); #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) - if( rs_ctx != NULL && ret == MBEDTLS_ERR_ECP_IN_PROGRESS ) - { + if (rs_ctx != NULL && ret == MBEDTLS_ERR_ECP_IN_PROGRESS) { /* save state */ rs_ctx->parent = parent; rs_ctx->fallback_parent = fallback_parent; rs_ctx->fallback_signature_is_good = fallback_signature_is_good; - return( ret ); + return ret; } #else (void) ret; #endif signature_is_good = ret == 0; - if( top && ! signature_is_good ) + if (top && !signature_is_good) { continue; + } /* optional time check */ - if( mbedtls_x509_time_is_past( &parent->valid_to ) || - mbedtls_x509_time_is_future( &parent->valid_from ) ) - { - if( fallback_parent == NULL ) - { + if (mbedtls_x509_time_is_past(&parent->valid_to) || + mbedtls_x509_time_is_future(&parent->valid_from)) { + if (fallback_parent == NULL) { fallback_parent = parent; fallback_signature_is_good = signature_is_good; } @@ -2680,13 +2665,12 @@ check_signature: break; } - if( parent == NULL ) - { + if (parent == NULL) { *r_parent = fallback_parent; *r_signature_is_good = fallback_signature_is_good; } - return( 0 ); + return 0; } /* @@ -2712,14 +2696,14 @@ check_signature: * - MBEDTLS_ERR_ECP_IN_PROGRESS otherwise */ static int x509_crt_find_parent( - mbedtls_x509_crt *child, - mbedtls_x509_crt *trust_ca, - mbedtls_x509_crt **parent, - int *parent_is_trusted, - int *signature_is_good, - unsigned path_cnt, - unsigned self_cnt, - mbedtls_x509_crt_restart_ctx *rs_ctx ) + mbedtls_x509_crt *child, + mbedtls_x509_crt *trust_ca, + mbedtls_x509_crt **parent, + int *parent_is_trusted, + int *signature_is_good, + unsigned path_cnt, + unsigned self_cnt, + mbedtls_x509_crt_restart_ctx *rs_ctx) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_x509_crt *search_list; @@ -2728,48 +2712,46 @@ static int x509_crt_find_parent( #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) /* restore then clear saved state if we have some stored */ - if( rs_ctx != NULL && rs_ctx->parent_is_trusted != -1 ) - { + if (rs_ctx != NULL && rs_ctx->parent_is_trusted != -1) { *parent_is_trusted = rs_ctx->parent_is_trusted; rs_ctx->parent_is_trusted = -1; } #endif - while( 1 ) { + while (1) { search_list = *parent_is_trusted ? trust_ca : child->next; - ret = x509_crt_find_parent_in( child, search_list, - parent, signature_is_good, - *parent_is_trusted, - path_cnt, self_cnt, rs_ctx ); + ret = x509_crt_find_parent_in(child, search_list, + parent, signature_is_good, + *parent_is_trusted, + path_cnt, self_cnt, rs_ctx); #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) - if( rs_ctx != NULL && ret == MBEDTLS_ERR_ECP_IN_PROGRESS ) - { + if (rs_ctx != NULL && ret == MBEDTLS_ERR_ECP_IN_PROGRESS) { /* save state */ rs_ctx->parent_is_trusted = *parent_is_trusted; - return( ret ); + return ret; } #else (void) ret; #endif /* stop here if found or already in second iteration */ - if( *parent != NULL || *parent_is_trusted == 0 ) + if (*parent != NULL || *parent_is_trusted == 0) { break; + } /* prepare second iteration */ *parent_is_trusted = 0; } /* extra precaution against mistakes in the caller */ - if( *parent == NULL ) - { + if (*parent == NULL) { *parent_is_trusted = 0; *signature_is_good = 0; } - return( 0 ); + return 0; } /* @@ -2779,27 +2761,26 @@ static int x509_crt_find_parent( * check for self-issued as self-signatures are not checked) */ static int x509_crt_check_ee_locally_trusted( - mbedtls_x509_crt *crt, - mbedtls_x509_crt *trust_ca ) + mbedtls_x509_crt *crt, + mbedtls_x509_crt *trust_ca) { mbedtls_x509_crt *cur; /* must be self-issued */ - if( x509_name_cmp( &crt->issuer, &crt->subject ) != 0 ) - return( -1 ); + if (x509_name_cmp(&crt->issuer, &crt->subject) != 0) { + return -1; + } /* look for an exact match with trusted cert */ - for( cur = trust_ca; cur != NULL; cur = cur->next ) - { - if( crt->raw.len == cur->raw.len && - memcmp( crt->raw.p, cur->raw.p, crt->raw.len ) == 0 ) - { - return( 0 ); + for (cur = trust_ca; cur != NULL; cur = cur->next) { + if (crt->raw.len == cur->raw.len && + memcmp(crt->raw.p, cur->raw.p, crt->raw.len) == 0) { + return 0; } } /* too bad */ - return( -1 ); + return -1; } /* @@ -2843,14 +2824,14 @@ static int x509_crt_check_ee_locally_trusted( * even if it was found to be invalid */ static int x509_crt_verify_chain( - mbedtls_x509_crt *crt, - mbedtls_x509_crt *trust_ca, - mbedtls_x509_crl *ca_crl, - mbedtls_x509_crt_ca_cb_t f_ca_cb, - void *p_ca_cb, - const mbedtls_x509_crt_profile *profile, - mbedtls_x509_crt_verify_chain *ver_chain, - mbedtls_x509_crt_restart_ctx *rs_ctx ) + mbedtls_x509_crt *crt, + mbedtls_x509_crt *trust_ca, + mbedtls_x509_crl *ca_crl, + mbedtls_x509_crt_ca_cb_t f_ca_cb, + void *p_ca_cb, + const mbedtls_x509_crt_profile *profile, + mbedtls_x509_crt_verify_chain *ver_chain, + mbedtls_x509_crt_restart_ctx *rs_ctx) { /* Don't initialize any of those variables here, so that the compiler can * catch potential issues with jumping ahead when restarting */ @@ -2867,8 +2848,7 @@ static int x509_crt_verify_chain( #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) /* resume if we had an operation in progress */ - if( rs_ctx != NULL && rs_ctx->in_progress == x509_crt_rs_find_parent ) - { + if (rs_ctx != NULL && rs_ctx->in_progress == x509_crt_rs_find_parent) { /* restore saved state */ *ver_chain = rs_ctx->ver_chain; /* struct copy */ self_cnt = rs_ctx->self_cnt; @@ -2887,7 +2867,7 @@ static int x509_crt_verify_chain( parent_is_trusted = 0; child_is_trusted = 0; - while( 1 ) { + while (1) { /* Add certificate to the verification chain */ cur = &ver_chain->items[ver_chain->len]; cur->crt = child; @@ -2896,28 +2876,32 @@ static int x509_crt_verify_chain( flags = &cur->flags; /* Check time-validity (all certificates) */ - if( mbedtls_x509_time_is_past( &child->valid_to ) ) + if (mbedtls_x509_time_is_past(&child->valid_to)) { *flags |= MBEDTLS_X509_BADCERT_EXPIRED; + } - if( mbedtls_x509_time_is_future( &child->valid_from ) ) + if (mbedtls_x509_time_is_future(&child->valid_from)) { *flags |= MBEDTLS_X509_BADCERT_FUTURE; + } /* Stop here for trusted roots (but not for trusted EE certs) */ - if( child_is_trusted ) - return( 0 ); + if (child_is_trusted) { + return 0; + } /* Check signature algorithm: MD & PK algs */ - if( x509_profile_check_md_alg( profile, child->sig_md ) != 0 ) + if (x509_profile_check_md_alg(profile, child->sig_md) != 0) { *flags |= MBEDTLS_X509_BADCERT_BAD_MD; + } - if( x509_profile_check_pk_alg( profile, child->sig_pk ) != 0 ) + if (x509_profile_check_pk_alg(profile, child->sig_pk) != 0) { *flags |= MBEDTLS_X509_BADCERT_BAD_PK; + } /* Special case: EE certs that are locally trusted */ - if( ver_chain->len == 1 && - x509_crt_check_ee_locally_trusted( child, trust_ca ) == 0 ) - { - return( 0 ); + if (ver_chain->len == 1 && + x509_crt_check_ee_locally_trusted(child, trust_ca) == 0) { + return 0; } #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) @@ -2927,19 +2911,18 @@ find_parent: /* Obtain list of potential trusted signers from CA callback, * or use statically provided list. */ #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) - if( f_ca_cb != NULL ) - { - mbedtls_x509_crt_free( ver_chain->trust_ca_cb_result ); - mbedtls_free( ver_chain->trust_ca_cb_result ); + if (f_ca_cb != NULL) { + mbedtls_x509_crt_free(ver_chain->trust_ca_cb_result); + mbedtls_free(ver_chain->trust_ca_cb_result); ver_chain->trust_ca_cb_result = NULL; - ret = f_ca_cb( p_ca_cb, child, &ver_chain->trust_ca_cb_result ); - if( ret != 0 ) - return( MBEDTLS_ERR_X509_FATAL_ERROR ); + ret = f_ca_cb(p_ca_cb, child, &ver_chain->trust_ca_cb_result); + if (ret != 0) { + return MBEDTLS_ERR_X509_FATAL_ERROR; + } cur_trust_ca = ver_chain->trust_ca_cb_result; - } - else + } else #endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */ { ((void) f_ca_cb); @@ -2948,60 +2931,58 @@ find_parent: } /* Look for a parent in trusted CAs or up the chain */ - ret = x509_crt_find_parent( child, cur_trust_ca, &parent, - &parent_is_trusted, &signature_is_good, - ver_chain->len - 1, self_cnt, rs_ctx ); + ret = x509_crt_find_parent(child, cur_trust_ca, &parent, + &parent_is_trusted, &signature_is_good, + ver_chain->len - 1, self_cnt, rs_ctx); #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) - if( rs_ctx != NULL && ret == MBEDTLS_ERR_ECP_IN_PROGRESS ) - { + if (rs_ctx != NULL && ret == MBEDTLS_ERR_ECP_IN_PROGRESS) { /* save state */ rs_ctx->in_progress = x509_crt_rs_find_parent; rs_ctx->self_cnt = self_cnt; rs_ctx->ver_chain = *ver_chain; /* struct copy */ - return( ret ); + return ret; } #else (void) ret; #endif /* No parent? We're done here */ - if( parent == NULL ) - { + if (parent == NULL) { *flags |= MBEDTLS_X509_BADCERT_NOT_TRUSTED; - return( 0 ); + return 0; } /* Count intermediate self-issued (not necessarily self-signed) certs. * These can occur with some strategies for key rollover, see [SIRO], * and should be excluded from max_pathlen checks. */ - if( ver_chain->len != 1 && - x509_name_cmp( &child->issuer, &child->subject ) == 0 ) - { + if (ver_chain->len != 1 && + x509_name_cmp(&child->issuer, &child->subject) == 0) { self_cnt++; } /* path_cnt is 0 for the first intermediate CA, * and if parent is trusted it's not an intermediate CA */ - if( ! parent_is_trusted && - ver_chain->len > MBEDTLS_X509_MAX_INTERMEDIATE_CA ) - { + if (!parent_is_trusted && + ver_chain->len > MBEDTLS_X509_MAX_INTERMEDIATE_CA) { /* return immediately to avoid overflow the chain array */ - return( MBEDTLS_ERR_X509_FATAL_ERROR ); + return MBEDTLS_ERR_X509_FATAL_ERROR; } /* signature was checked while searching parent */ - if( ! signature_is_good ) + if (!signature_is_good) { *flags |= MBEDTLS_X509_BADCERT_NOT_TRUSTED; + } /* check size of signing key */ - if( x509_profile_check_key( profile, &parent->pk ) != 0 ) + if (x509_profile_check_key(profile, &parent->pk) != 0) { *flags |= MBEDTLS_X509_BADCERT_BAD_KEY; + } #if defined(MBEDTLS_X509_CRL_PARSE_C) /* Check trusted CA's CRL for the given crt */ - *flags |= x509_crt_verifycrl( child, parent, ca_crl, profile ); + *flags |= x509_crt_verifycrl(child, parent, ca_crl, profile); #else (void) ca_crl; #endif @@ -3017,79 +2998,75 @@ find_parent: /* * Check for CN match */ -static int x509_crt_check_cn( const mbedtls_x509_buf *name, - const char *cn, size_t cn_len ) +static int x509_crt_check_cn(const mbedtls_x509_buf *name, + const char *cn, size_t cn_len) { /* try exact match */ - if( name->len == cn_len && - x509_memcasecmp( cn, name->p, cn_len ) == 0 ) - { - return( 0 ); + if (name->len == cn_len && + x509_memcasecmp(cn, name->p, cn_len) == 0) { + return 0; } /* try wildcard match */ - if( x509_check_wildcard( cn, name ) == 0 ) - { - return( 0 ); + if (x509_check_wildcard(cn, name) == 0) { + return 0; } - return( -1 ); + return -1; } /* * Check for SAN match, see RFC 5280 Section 4.2.1.6 */ -static int x509_crt_check_san( const mbedtls_x509_buf *name, - const char *cn, size_t cn_len ) +static int x509_crt_check_san(const mbedtls_x509_buf *name, + const char *cn, size_t cn_len) { const unsigned char san_type = (unsigned char) name->tag & MBEDTLS_ASN1_TAG_VALUE_MASK; /* dNSName */ - if( san_type == MBEDTLS_X509_SAN_DNS_NAME ) - return( x509_crt_check_cn( name, cn, cn_len ) ); + if (san_type == MBEDTLS_X509_SAN_DNS_NAME) { + return x509_crt_check_cn(name, cn, cn_len); + } /* (We may handle other types here later.) */ /* Unrecognized type */ - return( -1 ); + return -1; } /* * Verify the requested CN - only call this if cn is not NULL! */ -static void x509_crt_verify_name( const mbedtls_x509_crt *crt, - const char *cn, - uint32_t *flags ) +static void x509_crt_verify_name(const mbedtls_x509_crt *crt, + const char *cn, + uint32_t *flags) { const mbedtls_x509_name *name; const mbedtls_x509_sequence *cur; - size_t cn_len = strlen( cn ); + size_t cn_len = strlen(cn); - if( crt->ext_types & MBEDTLS_X509_EXT_SUBJECT_ALT_NAME ) - { - for( cur = &crt->subject_alt_names; cur != NULL; cur = cur->next ) - { - if( x509_crt_check_san( &cur->buf, cn, cn_len ) == 0 ) + if (crt->ext_types & MBEDTLS_X509_EXT_SUBJECT_ALT_NAME) { + for (cur = &crt->subject_alt_names; cur != NULL; cur = cur->next) { + if (x509_crt_check_san(&cur->buf, cn, cn_len) == 0) { break; + } } - if( cur == NULL ) + if (cur == NULL) { *flags |= MBEDTLS_X509_BADCERT_CN_MISMATCH; - } - else - { - for( name = &crt->subject; name != NULL; name = name->next ) - { - if( MBEDTLS_OID_CMP( MBEDTLS_OID_AT_CN, &name->oid ) == 0 && - x509_crt_check_cn( &name->val, cn, cn_len ) == 0 ) - { + } + } else { + for (name = &crt->subject; name != NULL; name = name->next) { + if (MBEDTLS_OID_CMP(MBEDTLS_OID_AT_CN, &name->oid) == 0 && + x509_crt_check_cn(&name->val, cn, cn_len) == 0) { break; } } - if( name == NULL ) + if (name == NULL) { *flags |= MBEDTLS_X509_BADCERT_CN_MISMATCH; + } } } @@ -3097,29 +3074,30 @@ static void x509_crt_verify_name( const mbedtls_x509_crt *crt, * Merge the flags for all certs in the chain, after calling callback */ static int x509_crt_merge_flags_with_cb( - uint32_t *flags, - const mbedtls_x509_crt_verify_chain *ver_chain, - int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), - void *p_vrfy ) + uint32_t *flags, + const mbedtls_x509_crt_verify_chain *ver_chain, + int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), + void *p_vrfy) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned i; uint32_t cur_flags; const mbedtls_x509_crt_verify_chain_item *cur; - for( i = ver_chain->len; i != 0; --i ) - { + for (i = ver_chain->len; i != 0; --i) { cur = &ver_chain->items[i-1]; cur_flags = cur->flags; - if( NULL != f_vrfy ) - if( ( ret = f_vrfy( p_vrfy, cur->crt, (int) i-1, &cur_flags ) ) != 0 ) - return( ret ); + if (NULL != f_vrfy) { + if ((ret = f_vrfy(p_vrfy, cur->crt, (int) i-1, &cur_flags)) != 0) { + return ret; + } + } *flags |= cur_flags; } - return( 0 ); + return 0; } /* @@ -3139,16 +3117,19 @@ static int x509_crt_merge_flags_with_cb( * of trusted signers, and `ca_crl` will be use as the static list * of CRLs. */ -static int x509_crt_verify_restartable_ca_cb( mbedtls_x509_crt *crt, - mbedtls_x509_crt *trust_ca, - mbedtls_x509_crl *ca_crl, - mbedtls_x509_crt_ca_cb_t f_ca_cb, - void *p_ca_cb, - const mbedtls_x509_crt_profile *profile, - const char *cn, uint32_t *flags, - int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), - void *p_vrfy, - mbedtls_x509_crt_restart_ctx *rs_ctx ) +static int x509_crt_verify_restartable_ca_cb(mbedtls_x509_crt *crt, + mbedtls_x509_crt *trust_ca, + mbedtls_x509_crl *ca_crl, + mbedtls_x509_crt_ca_cb_t f_ca_cb, + void *p_ca_cb, + const mbedtls_x509_crt_profile *profile, + const char *cn, uint32_t *flags, + int (*f_vrfy)(void *, + mbedtls_x509_crt *, + int, + uint32_t *), + void *p_vrfy, + mbedtls_x509_crt_restart_ctx *rs_ctx) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_pk_type_t pk_type; @@ -3157,105 +3138,110 @@ static int x509_crt_verify_restartable_ca_cb( mbedtls_x509_crt *crt, *flags = 0; ee_flags = 0; - x509_crt_verify_chain_reset( &ver_chain ); + x509_crt_verify_chain_reset(&ver_chain); - if( profile == NULL ) - { + if (profile == NULL) { ret = MBEDTLS_ERR_X509_BAD_INPUT_DATA; goto exit; } /* check name if requested */ - if( cn != NULL ) - x509_crt_verify_name( crt, cn, &ee_flags ); + if (cn != NULL) { + x509_crt_verify_name(crt, cn, &ee_flags); + } /* Check the type and size of the key */ - pk_type = mbedtls_pk_get_type( &crt->pk ); + pk_type = mbedtls_pk_get_type(&crt->pk); - if( x509_profile_check_pk_alg( profile, pk_type ) != 0 ) + if (x509_profile_check_pk_alg(profile, pk_type) != 0) { ee_flags |= MBEDTLS_X509_BADCERT_BAD_PK; + } - if( x509_profile_check_key( profile, &crt->pk ) != 0 ) + if (x509_profile_check_key(profile, &crt->pk) != 0) { ee_flags |= MBEDTLS_X509_BADCERT_BAD_KEY; + } /* Check the chain */ - ret = x509_crt_verify_chain( crt, trust_ca, ca_crl, - f_ca_cb, p_ca_cb, profile, - &ver_chain, rs_ctx ); + ret = x509_crt_verify_chain(crt, trust_ca, ca_crl, + f_ca_cb, p_ca_cb, profile, + &ver_chain, rs_ctx); - if( ret != 0 ) + if (ret != 0) { goto exit; + } /* Merge end-entity flags */ ver_chain.items[0].flags |= ee_flags; /* Build final flags, calling callback on the way if any */ - ret = x509_crt_merge_flags_with_cb( flags, &ver_chain, f_vrfy, p_vrfy ); + ret = x509_crt_merge_flags_with_cb(flags, &ver_chain, f_vrfy, p_vrfy); exit: #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) - mbedtls_x509_crt_free( ver_chain.trust_ca_cb_result ); - mbedtls_free( ver_chain.trust_ca_cb_result ); + mbedtls_x509_crt_free(ver_chain.trust_ca_cb_result); + mbedtls_free(ver_chain.trust_ca_cb_result); ver_chain.trust_ca_cb_result = NULL; #endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */ #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) - if( rs_ctx != NULL && ret != MBEDTLS_ERR_ECP_IN_PROGRESS ) - mbedtls_x509_crt_restart_free( rs_ctx ); + if (rs_ctx != NULL && ret != MBEDTLS_ERR_ECP_IN_PROGRESS) { + mbedtls_x509_crt_restart_free(rs_ctx); + } #endif /* prevent misuse of the vrfy callback - VERIFY_FAILED would be ignored by * the SSL module for authmode optional, but non-zero return from the * callback means a fatal error so it shouldn't be ignored */ - if( ret == MBEDTLS_ERR_X509_CERT_VERIFY_FAILED ) + if (ret == MBEDTLS_ERR_X509_CERT_VERIFY_FAILED) { ret = MBEDTLS_ERR_X509_FATAL_ERROR; + } - if( ret != 0 ) - { + if (ret != 0) { *flags = (uint32_t) -1; - return( ret ); + return ret; } - if( *flags != 0 ) - return( MBEDTLS_ERR_X509_CERT_VERIFY_FAILED ); + if (*flags != 0) { + return MBEDTLS_ERR_X509_CERT_VERIFY_FAILED; + } - return( 0 ); + return 0; } /* * Verify the certificate validity (default profile, not restartable) */ -int mbedtls_x509_crt_verify( mbedtls_x509_crt *crt, - mbedtls_x509_crt *trust_ca, - mbedtls_x509_crl *ca_crl, - const char *cn, uint32_t *flags, - int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), - void *p_vrfy ) +int mbedtls_x509_crt_verify(mbedtls_x509_crt *crt, + mbedtls_x509_crt *trust_ca, + mbedtls_x509_crl *ca_crl, + const char *cn, uint32_t *flags, + int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), + void *p_vrfy) { - return( x509_crt_verify_restartable_ca_cb( crt, trust_ca, ca_crl, - NULL, NULL, - &mbedtls_x509_crt_profile_default, - cn, flags, - f_vrfy, p_vrfy, NULL ) ); + return x509_crt_verify_restartable_ca_cb(crt, trust_ca, ca_crl, + NULL, NULL, + &mbedtls_x509_crt_profile_default, + cn, flags, + f_vrfy, p_vrfy, NULL); } /* * Verify the certificate validity (user-chosen profile, not restartable) */ -int mbedtls_x509_crt_verify_with_profile( mbedtls_x509_crt *crt, - mbedtls_x509_crt *trust_ca, - mbedtls_x509_crl *ca_crl, - const mbedtls_x509_crt_profile *profile, - const char *cn, uint32_t *flags, - int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), - void *p_vrfy ) +int mbedtls_x509_crt_verify_with_profile(mbedtls_x509_crt *crt, + mbedtls_x509_crt *trust_ca, + mbedtls_x509_crl *ca_crl, + const mbedtls_x509_crt_profile *profile, + const char *cn, uint32_t *flags, + int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), + void *p_vrfy) { - return( x509_crt_verify_restartable_ca_cb( crt, trust_ca, ca_crl, - NULL, NULL, - profile, cn, flags, - f_vrfy, p_vrfy, NULL ) ); + return x509_crt_verify_restartable_ca_cb(crt, trust_ca, ca_crl, + NULL, NULL, + profile, cn, flags, + f_vrfy, p_vrfy, NULL); } #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) @@ -3263,49 +3249,49 @@ int mbedtls_x509_crt_verify_with_profile( mbedtls_x509_crt *crt, * Verify the certificate validity (user-chosen profile, CA callback, * not restartable). */ -int mbedtls_x509_crt_verify_with_ca_cb( mbedtls_x509_crt *crt, - mbedtls_x509_crt_ca_cb_t f_ca_cb, - void *p_ca_cb, - const mbedtls_x509_crt_profile *profile, - const char *cn, uint32_t *flags, - int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), - void *p_vrfy ) +int mbedtls_x509_crt_verify_with_ca_cb(mbedtls_x509_crt *crt, + mbedtls_x509_crt_ca_cb_t f_ca_cb, + void *p_ca_cb, + const mbedtls_x509_crt_profile *profile, + const char *cn, uint32_t *flags, + int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), + void *p_vrfy) { - return( x509_crt_verify_restartable_ca_cb( crt, NULL, NULL, - f_ca_cb, p_ca_cb, - profile, cn, flags, - f_vrfy, p_vrfy, NULL ) ); + return x509_crt_verify_restartable_ca_cb(crt, NULL, NULL, + f_ca_cb, p_ca_cb, + profile, cn, flags, + f_vrfy, p_vrfy, NULL); } #endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */ -int mbedtls_x509_crt_verify_restartable( mbedtls_x509_crt *crt, - mbedtls_x509_crt *trust_ca, - mbedtls_x509_crl *ca_crl, - const mbedtls_x509_crt_profile *profile, - const char *cn, uint32_t *flags, - int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), - void *p_vrfy, - mbedtls_x509_crt_restart_ctx *rs_ctx ) +int mbedtls_x509_crt_verify_restartable(mbedtls_x509_crt *crt, + mbedtls_x509_crt *trust_ca, + mbedtls_x509_crl *ca_crl, + const mbedtls_x509_crt_profile *profile, + const char *cn, uint32_t *flags, + int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), + void *p_vrfy, + mbedtls_x509_crt_restart_ctx *rs_ctx) { - return( x509_crt_verify_restartable_ca_cb( crt, trust_ca, ca_crl, - NULL, NULL, - profile, cn, flags, - f_vrfy, p_vrfy, rs_ctx ) ); + return x509_crt_verify_restartable_ca_cb(crt, trust_ca, ca_crl, + NULL, NULL, + profile, cn, flags, + f_vrfy, p_vrfy, rs_ctx); } /* * Initialize a certificate chain */ -void mbedtls_x509_crt_init( mbedtls_x509_crt *crt ) +void mbedtls_x509_crt_init(mbedtls_x509_crt *crt) { - memset( crt, 0, sizeof(mbedtls_x509_crt) ); + memset(crt, 0, sizeof(mbedtls_x509_crt)); } /* * Unallocate all certificate data */ -void mbedtls_x509_crt_free( mbedtls_x509_crt *crt ) +void mbedtls_x509_crt_free(mbedtls_x509_crt *crt) { mbedtls_x509_crt *cert_cur = crt; mbedtls_x509_crt *cert_prv; @@ -3314,95 +3300,87 @@ void mbedtls_x509_crt_free( mbedtls_x509_crt *crt ) mbedtls_x509_sequence *seq_cur; mbedtls_x509_sequence *seq_prv; - if( crt == NULL ) + if (crt == NULL) { return; + } - do - { - mbedtls_pk_free( &cert_cur->pk ); + do { + mbedtls_pk_free(&cert_cur->pk); #if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) - mbedtls_free( cert_cur->sig_opts ); + mbedtls_free(cert_cur->sig_opts); #endif name_cur = cert_cur->issuer.next; - while( name_cur != NULL ) - { + while (name_cur != NULL) { name_prv = name_cur; name_cur = name_cur->next; - mbedtls_platform_zeroize( name_prv, sizeof( mbedtls_x509_name ) ); - mbedtls_free( name_prv ); + mbedtls_platform_zeroize(name_prv, sizeof(mbedtls_x509_name)); + mbedtls_free(name_prv); } name_cur = cert_cur->subject.next; - while( name_cur != NULL ) - { + while (name_cur != NULL) { name_prv = name_cur; name_cur = name_cur->next; - mbedtls_platform_zeroize( name_prv, sizeof( mbedtls_x509_name ) ); - mbedtls_free( name_prv ); + mbedtls_platform_zeroize(name_prv, sizeof(mbedtls_x509_name)); + mbedtls_free(name_prv); } seq_cur = cert_cur->ext_key_usage.next; - while( seq_cur != NULL ) - { + while (seq_cur != NULL) { seq_prv = seq_cur; seq_cur = seq_cur->next; - mbedtls_platform_zeroize( seq_prv, - sizeof( mbedtls_x509_sequence ) ); - mbedtls_free( seq_prv ); + mbedtls_platform_zeroize(seq_prv, + sizeof(mbedtls_x509_sequence)); + mbedtls_free(seq_prv); } seq_cur = cert_cur->subject_alt_names.next; - while( seq_cur != NULL ) - { + while (seq_cur != NULL) { seq_prv = seq_cur; seq_cur = seq_cur->next; - mbedtls_platform_zeroize( seq_prv, - sizeof( mbedtls_x509_sequence ) ); - mbedtls_free( seq_prv ); + mbedtls_platform_zeroize(seq_prv, + sizeof(mbedtls_x509_sequence)); + mbedtls_free(seq_prv); } seq_cur = cert_cur->certificate_policies.next; - while( seq_cur != NULL ) - { + while (seq_cur != NULL) { seq_prv = seq_cur; seq_cur = seq_cur->next; - mbedtls_platform_zeroize( seq_prv, - sizeof( mbedtls_x509_sequence ) ); - mbedtls_free( seq_prv ); + mbedtls_platform_zeroize(seq_prv, + sizeof(mbedtls_x509_sequence)); + mbedtls_free(seq_prv); } - if( cert_cur->raw.p != NULL && cert_cur->own_buffer ) - { - mbedtls_platform_zeroize( cert_cur->raw.p, cert_cur->raw.len ); - mbedtls_free( cert_cur->raw.p ); + if (cert_cur->raw.p != NULL && cert_cur->own_buffer) { + mbedtls_platform_zeroize(cert_cur->raw.p, cert_cur->raw.len); + mbedtls_free(cert_cur->raw.p); } cert_cur = cert_cur->next; - } - while( cert_cur != NULL ); + } while (cert_cur != NULL); cert_cur = crt; - do - { + do { cert_prv = cert_cur; cert_cur = cert_cur->next; - mbedtls_platform_zeroize( cert_prv, sizeof( mbedtls_x509_crt ) ); - if( cert_prv != crt ) - mbedtls_free( cert_prv ); - } - while( cert_cur != NULL ); + mbedtls_platform_zeroize(cert_prv, sizeof(mbedtls_x509_crt)); + if (cert_prv != crt) { + mbedtls_free(cert_prv); + } + } while (cert_cur != NULL); } #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) /* * Initialize a restart context */ -void mbedtls_x509_crt_restart_init( mbedtls_x509_crt_restart_ctx *ctx ) +void mbedtls_x509_crt_restart_init(mbedtls_x509_crt_restart_ctx *ctx) { - mbedtls_pk_restart_init( &ctx->pk ); + mbedtls_pk_restart_init(&ctx->pk); ctx->parent = NULL; ctx->fallback_parent = NULL; @@ -3412,19 +3390,20 @@ void mbedtls_x509_crt_restart_init( mbedtls_x509_crt_restart_ctx *ctx ) ctx->in_progress = x509_crt_rs_none; ctx->self_cnt = 0; - x509_crt_verify_chain_reset( &ctx->ver_chain ); + x509_crt_verify_chain_reset(&ctx->ver_chain); } /* * Free the components of a restart context */ -void mbedtls_x509_crt_restart_free( mbedtls_x509_crt_restart_ctx *ctx ) +void mbedtls_x509_crt_restart_free(mbedtls_x509_crt_restart_ctx *ctx) { - if( ctx == NULL ) + if (ctx == NULL) { return; + } - mbedtls_pk_restart_free( &ctx->pk ); - mbedtls_x509_crt_restart_init( ctx ); + mbedtls_pk_restart_free(&ctx->pk); + mbedtls_x509_crt_restart_init(ctx); } #endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */ diff --git a/thirdparty/mbedtls/library/x509_csr.c b/thirdparty/mbedtls/library/x509_csr.c index 1a22b77086..89344d183b 100644 --- a/thirdparty/mbedtls/library/x509_csr.c +++ b/thirdparty/mbedtls/library/x509_csr.c @@ -51,56 +51,56 @@ /* * Version ::= INTEGER { v1(0) } */ -static int x509_csr_get_version( unsigned char **p, - const unsigned char *end, - int *ver ) +static int x509_csr_get_version(unsigned char **p, + const unsigned char *end, + int *ver) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - if( ( ret = mbedtls_asn1_get_int( p, end, ver ) ) != 0 ) - { - if( ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) - { + if ((ret = mbedtls_asn1_get_int(p, end, ver)) != 0) { + if (ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) { *ver = 0; - return( 0 ); + return 0; } - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_VERSION, ret ) ); + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_VERSION, ret); } - return( 0 ); + return 0; } /* * Parse a CSR in DER format */ -int mbedtls_x509_csr_parse_der( mbedtls_x509_csr *csr, - const unsigned char *buf, size_t buflen ) +int mbedtls_x509_csr_parse_der(mbedtls_x509_csr *csr, + const unsigned char *buf, size_t buflen) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len; unsigned char *p, *end; mbedtls_x509_buf sig_params; - memset( &sig_params, 0, sizeof( mbedtls_x509_buf ) ); + memset(&sig_params, 0, sizeof(mbedtls_x509_buf)); /* * Check for valid input */ - if( csr == NULL || buf == NULL || buflen == 0 ) - return( MBEDTLS_ERR_X509_BAD_INPUT_DATA ); + if (csr == NULL || buf == NULL || buflen == 0) { + return MBEDTLS_ERR_X509_BAD_INPUT_DATA; + } - mbedtls_x509_csr_init( csr ); + mbedtls_x509_csr_init(csr); /* * first copy the raw DER data */ - p = mbedtls_calloc( 1, len = buflen ); + p = mbedtls_calloc(1, len = buflen); - if( p == NULL ) - return( MBEDTLS_ERR_X509_ALLOC_FAILED ); + if (p == NULL) { + return MBEDTLS_ERR_X509_ALLOC_FAILED; + } - memcpy( p, buf, buflen ); + memcpy(p, buf, buflen); csr->raw.p = p; csr->raw.len = len; @@ -113,18 +113,16 @@ int mbedtls_x509_csr_parse_der( mbedtls_x509_csr *csr, * signature BIT STRING * } */ - if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) - { - mbedtls_x509_csr_free( csr ); - return( MBEDTLS_ERR_X509_INVALID_FORMAT ); + if ((ret = mbedtls_asn1_get_tag(&p, end, &len, + MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { + mbedtls_x509_csr_free(csr); + return MBEDTLS_ERR_X509_INVALID_FORMAT; } - if( len != (size_t) ( end - p ) ) - { - mbedtls_x509_csr_free( csr ); - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_FORMAT, - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) ); + if (len != (size_t) (end - p)) { + mbedtls_x509_csr_free(csr); + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); } /* @@ -132,11 +130,10 @@ int mbedtls_x509_csr_parse_der( mbedtls_x509_csr *csr, */ csr->cri.p = p; - if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) - { - mbedtls_x509_csr_free( csr ); - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_FORMAT, ret ) ); + if ((ret = mbedtls_asn1_get_tag(&p, end, &len, + MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { + mbedtls_x509_csr_free(csr); + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, ret); } end = p + len; @@ -145,16 +142,14 @@ int mbedtls_x509_csr_parse_der( mbedtls_x509_csr *csr, /* * Version ::= INTEGER { v1(0) } */ - if( ( ret = x509_csr_get_version( &p, end, &csr->version ) ) != 0 ) - { - mbedtls_x509_csr_free( csr ); - return( ret ); + if ((ret = x509_csr_get_version(&p, end, &csr->version)) != 0) { + mbedtls_x509_csr_free(csr); + return ret; } - if( csr->version != 0 ) - { - mbedtls_x509_csr_free( csr ); - return( MBEDTLS_ERR_X509_UNKNOWN_VERSION ); + if (csr->version != 0) { + mbedtls_x509_csr_free(csr); + return MBEDTLS_ERR_X509_UNKNOWN_VERSION; } csr->version++; @@ -164,17 +159,15 @@ int mbedtls_x509_csr_parse_der( mbedtls_x509_csr *csr, */ csr->subject_raw.p = p; - if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) - { - mbedtls_x509_csr_free( csr ); - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_FORMAT, ret ) ); + if ((ret = mbedtls_asn1_get_tag(&p, end, &len, + MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { + mbedtls_x509_csr_free(csr); + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, ret); } - if( ( ret = mbedtls_x509_get_name( &p, p + len, &csr->subject ) ) != 0 ) - { - mbedtls_x509_csr_free( csr ); - return( ret ); + if ((ret = mbedtls_x509_get_name(&p, p + len, &csr->subject)) != 0) { + mbedtls_x509_csr_free(csr); + return ret; } csr->subject_raw.len = p - csr->subject_raw.p; @@ -182,10 +175,9 @@ int mbedtls_x509_csr_parse_der( mbedtls_x509_csr *csr, /* * subjectPKInfo SubjectPublicKeyInfo */ - if( ( ret = mbedtls_pk_parse_subpubkey( &p, end, &csr->pk ) ) != 0 ) - { - mbedtls_x509_csr_free( csr ); - return( ret ); + if ((ret = mbedtls_pk_parse_subpubkey(&p, end, &csr->pk)) != 0) { + mbedtls_x509_csr_free(csr); + return ret; } /* @@ -198,11 +190,11 @@ int mbedtls_x509_csr_parse_der( mbedtls_x509_csr *csr, * the requester's expectations - this cannot cause a violation of our * signature policies. */ - if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_CONTEXT_SPECIFIC ) ) != 0 ) - { - mbedtls_x509_csr_free( csr ); - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_FORMAT, ret ) ); + if ((ret = mbedtls_asn1_get_tag(&p, end, &len, + MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_CONTEXT_SPECIFIC)) != + 0) { + mbedtls_x509_csr_free(csr); + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, ret); } p += len; @@ -213,40 +205,36 @@ int mbedtls_x509_csr_parse_der( mbedtls_x509_csr *csr, * signatureAlgorithm AlgorithmIdentifier, * signature BIT STRING */ - if( ( ret = mbedtls_x509_get_alg( &p, end, &csr->sig_oid, &sig_params ) ) != 0 ) - { - mbedtls_x509_csr_free( csr ); - return( ret ); + if ((ret = mbedtls_x509_get_alg(&p, end, &csr->sig_oid, &sig_params)) != 0) { + mbedtls_x509_csr_free(csr); + return ret; } - if( ( ret = mbedtls_x509_get_sig_alg( &csr->sig_oid, &sig_params, - &csr->sig_md, &csr->sig_pk, - &csr->sig_opts ) ) != 0 ) - { - mbedtls_x509_csr_free( csr ); - return( MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG ); + if ((ret = mbedtls_x509_get_sig_alg(&csr->sig_oid, &sig_params, + &csr->sig_md, &csr->sig_pk, + &csr->sig_opts)) != 0) { + mbedtls_x509_csr_free(csr); + return MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG; } - if( ( ret = mbedtls_x509_get_sig( &p, end, &csr->sig ) ) != 0 ) - { - mbedtls_x509_csr_free( csr ); - return( ret ); + if ((ret = mbedtls_x509_get_sig(&p, end, &csr->sig)) != 0) { + mbedtls_x509_csr_free(csr); + return ret; } - if( p != end ) - { - mbedtls_x509_csr_free( csr ); - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_FORMAT, - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) ); + if (p != end) { + mbedtls_x509_csr_free(csr); + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); } - return( 0 ); + return 0; } /* * Parse a CSR, allowing for PEM or raw DER encoding */ -int mbedtls_x509_csr_parse( mbedtls_x509_csr *csr, const unsigned char *buf, size_t buflen ) +int mbedtls_x509_csr_parse(mbedtls_x509_csr *csr, const unsigned char *buf, size_t buflen) { #if defined(MBEDTLS_PEM_PARSE_C) int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; @@ -257,61 +245,61 @@ int mbedtls_x509_csr_parse( mbedtls_x509_csr *csr, const unsigned char *buf, siz /* * Check for valid input */ - if( csr == NULL || buf == NULL || buflen == 0 ) - return( MBEDTLS_ERR_X509_BAD_INPUT_DATA ); + if (csr == NULL || buf == NULL || buflen == 0) { + return MBEDTLS_ERR_X509_BAD_INPUT_DATA; + } #if defined(MBEDTLS_PEM_PARSE_C) /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */ - if( buf[buflen - 1] == '\0' ) - { - mbedtls_pem_init( &pem ); - ret = mbedtls_pem_read_buffer( &pem, - "-----BEGIN CERTIFICATE REQUEST-----", - "-----END CERTIFICATE REQUEST-----", - buf, NULL, 0, &use_len ); - if( ret == MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT ) - { - ret = mbedtls_pem_read_buffer( &pem, - "-----BEGIN NEW CERTIFICATE REQUEST-----", - "-----END NEW CERTIFICATE REQUEST-----", - buf, NULL, 0, &use_len ); + if (buf[buflen - 1] == '\0') { + mbedtls_pem_init(&pem); + ret = mbedtls_pem_read_buffer(&pem, + "-----BEGIN CERTIFICATE REQUEST-----", + "-----END CERTIFICATE REQUEST-----", + buf, NULL, 0, &use_len); + if (ret == MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT) { + ret = mbedtls_pem_read_buffer(&pem, + "-----BEGIN NEW CERTIFICATE REQUEST-----", + "-----END NEW CERTIFICATE REQUEST-----", + buf, NULL, 0, &use_len); } - if( ret == 0 ) - { + if (ret == 0) { /* * Was PEM encoded, parse the result */ - ret = mbedtls_x509_csr_parse_der( csr, pem.buf, pem.buflen ); + ret = mbedtls_x509_csr_parse_der(csr, pem.buf, pem.buflen); } - mbedtls_pem_free( &pem ); - if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT ) - return( ret ); + mbedtls_pem_free(&pem); + if (ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT) { + return ret; + } } #endif /* MBEDTLS_PEM_PARSE_C */ - return( mbedtls_x509_csr_parse_der( csr, buf, buflen ) ); + return mbedtls_x509_csr_parse_der(csr, buf, buflen); } #if defined(MBEDTLS_FS_IO) /* * Load a CSR into the structure */ -int mbedtls_x509_csr_parse_file( mbedtls_x509_csr *csr, const char *path ) +int mbedtls_x509_csr_parse_file(mbedtls_x509_csr *csr, const char *path) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t n; unsigned char *buf; - if( ( ret = mbedtls_pk_load_file( path, &buf, &n ) ) != 0 ) - return( ret ); + if ((ret = mbedtls_pk_load_file(path, &buf, &n)) != 0) { + return ret; + } - ret = mbedtls_x509_csr_parse( csr, buf, n ); + ret = mbedtls_x509_csr_parse(csr, buf, n); - mbedtls_platform_zeroize( buf, n ); - mbedtls_free( buf ); + mbedtls_platform_zeroize(buf, n); + mbedtls_free(buf); - return( ret ); + return ret; } #endif /* MBEDTLS_FS_IO */ @@ -320,8 +308,8 @@ int mbedtls_x509_csr_parse_file( mbedtls_x509_csr *csr, const char *path ) /* * Return an informational string about the CSR. */ -int mbedtls_x509_csr_info( char *buf, size_t size, const char *prefix, - const mbedtls_x509_csr *csr ) +int mbedtls_x509_csr_info(char *buf, size_t size, const char *prefix, + const mbedtls_x509_csr *csr) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t n; @@ -331,76 +319,74 @@ int mbedtls_x509_csr_info( char *buf, size_t size, const char *prefix, p = buf; n = size; - ret = mbedtls_snprintf( p, n, "%sCSR version : %d", - prefix, csr->version ); + ret = mbedtls_snprintf(p, n, "%sCSR version : %d", + prefix, csr->version); MBEDTLS_X509_SAFE_SNPRINTF; - ret = mbedtls_snprintf( p, n, "\n%ssubject name : ", prefix ); + ret = mbedtls_snprintf(p, n, "\n%ssubject name : ", prefix); MBEDTLS_X509_SAFE_SNPRINTF; - ret = mbedtls_x509_dn_gets( p, n, &csr->subject ); + ret = mbedtls_x509_dn_gets(p, n, &csr->subject); MBEDTLS_X509_SAFE_SNPRINTF; - ret = mbedtls_snprintf( p, n, "\n%ssigned using : ", prefix ); + ret = mbedtls_snprintf(p, n, "\n%ssigned using : ", prefix); MBEDTLS_X509_SAFE_SNPRINTF; - ret = mbedtls_x509_sig_alg_gets( p, n, &csr->sig_oid, csr->sig_pk, csr->sig_md, - csr->sig_opts ); + ret = mbedtls_x509_sig_alg_gets(p, n, &csr->sig_oid, csr->sig_pk, csr->sig_md, + csr->sig_opts); MBEDTLS_X509_SAFE_SNPRINTF; - if( ( ret = mbedtls_x509_key_size_helper( key_size_str, BEFORE_COLON, - mbedtls_pk_get_name( &csr->pk ) ) ) != 0 ) - { - return( ret ); + if ((ret = mbedtls_x509_key_size_helper(key_size_str, BEFORE_COLON, + mbedtls_pk_get_name(&csr->pk))) != 0) { + return ret; } - ret = mbedtls_snprintf( p, n, "\n%s%-" BC "s: %d bits\n", prefix, key_size_str, - (int) mbedtls_pk_get_bitlen( &csr->pk ) ); + ret = mbedtls_snprintf(p, n, "\n%s%-" BC "s: %d bits\n", prefix, key_size_str, + (int) mbedtls_pk_get_bitlen(&csr->pk)); MBEDTLS_X509_SAFE_SNPRINTF; - return( (int) ( size - n ) ); + return (int) (size - n); } /* * Initialize a CSR */ -void mbedtls_x509_csr_init( mbedtls_x509_csr *csr ) +void mbedtls_x509_csr_init(mbedtls_x509_csr *csr) { - memset( csr, 0, sizeof(mbedtls_x509_csr) ); + memset(csr, 0, sizeof(mbedtls_x509_csr)); } /* * Unallocate all CSR data */ -void mbedtls_x509_csr_free( mbedtls_x509_csr *csr ) +void mbedtls_x509_csr_free(mbedtls_x509_csr *csr) { mbedtls_x509_name *name_cur; mbedtls_x509_name *name_prv; - if( csr == NULL ) + if (csr == NULL) { return; + } - mbedtls_pk_free( &csr->pk ); + mbedtls_pk_free(&csr->pk); #if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) - mbedtls_free( csr->sig_opts ); + mbedtls_free(csr->sig_opts); #endif name_cur = csr->subject.next; - while( name_cur != NULL ) - { + while (name_cur != NULL) { name_prv = name_cur; name_cur = name_cur->next; - mbedtls_platform_zeroize( name_prv, sizeof( mbedtls_x509_name ) ); - mbedtls_free( name_prv ); + mbedtls_platform_zeroize(name_prv, sizeof(mbedtls_x509_name)); + mbedtls_free(name_prv); } - if( csr->raw.p != NULL ) - { - mbedtls_platform_zeroize( csr->raw.p, csr->raw.len ); - mbedtls_free( csr->raw.p ); + if (csr->raw.p != NULL) { + mbedtls_platform_zeroize(csr->raw.p, csr->raw.len); + mbedtls_free(csr->raw.p); } - mbedtls_platform_zeroize( csr, sizeof( mbedtls_x509_csr ) ); + mbedtls_platform_zeroize(csr, sizeof(mbedtls_x509_csr)); } #endif /* MBEDTLS_X509_CSR_PARSE_C */ diff --git a/thirdparty/mbedtls/library/x509write_crt.c b/thirdparty/mbedtls/library/x509write_crt.c index 0c5e991834..a8f4c286ee 100644 --- a/thirdparty/mbedtls/library/x509write_crt.c +++ b/thirdparty/mbedtls/library/x509write_crt.c @@ -40,258 +40,268 @@ #include "mbedtls/pem.h" #endif /* MBEDTLS_PEM_WRITE_C */ -void mbedtls_x509write_crt_init( mbedtls_x509write_cert *ctx ) +void mbedtls_x509write_crt_init(mbedtls_x509write_cert *ctx) { - memset( ctx, 0, sizeof( mbedtls_x509write_cert ) ); + memset(ctx, 0, sizeof(mbedtls_x509write_cert)); - mbedtls_mpi_init( &ctx->serial ); + mbedtls_mpi_init(&ctx->serial); ctx->version = MBEDTLS_X509_CRT_VERSION_3; } -void mbedtls_x509write_crt_free( mbedtls_x509write_cert *ctx ) +void mbedtls_x509write_crt_free(mbedtls_x509write_cert *ctx) { - mbedtls_mpi_free( &ctx->serial ); + mbedtls_mpi_free(&ctx->serial); - mbedtls_asn1_free_named_data_list( &ctx->subject ); - mbedtls_asn1_free_named_data_list( &ctx->issuer ); - mbedtls_asn1_free_named_data_list( &ctx->extensions ); + mbedtls_asn1_free_named_data_list(&ctx->subject); + mbedtls_asn1_free_named_data_list(&ctx->issuer); + mbedtls_asn1_free_named_data_list(&ctx->extensions); - mbedtls_platform_zeroize( ctx, sizeof( mbedtls_x509write_cert ) ); + mbedtls_platform_zeroize(ctx, sizeof(mbedtls_x509write_cert)); } -void mbedtls_x509write_crt_set_version( mbedtls_x509write_cert *ctx, - int version ) +void mbedtls_x509write_crt_set_version(mbedtls_x509write_cert *ctx, + int version) { ctx->version = version; } -void mbedtls_x509write_crt_set_md_alg( mbedtls_x509write_cert *ctx, - mbedtls_md_type_t md_alg ) +void mbedtls_x509write_crt_set_md_alg(mbedtls_x509write_cert *ctx, + mbedtls_md_type_t md_alg) { ctx->md_alg = md_alg; } -void mbedtls_x509write_crt_set_subject_key( mbedtls_x509write_cert *ctx, - mbedtls_pk_context *key ) +void mbedtls_x509write_crt_set_subject_key(mbedtls_x509write_cert *ctx, + mbedtls_pk_context *key) { ctx->subject_key = key; } -void mbedtls_x509write_crt_set_issuer_key( mbedtls_x509write_cert *ctx, - mbedtls_pk_context *key ) +void mbedtls_x509write_crt_set_issuer_key(mbedtls_x509write_cert *ctx, + mbedtls_pk_context *key) { ctx->issuer_key = key; } -int mbedtls_x509write_crt_set_subject_name( mbedtls_x509write_cert *ctx, - const char *subject_name ) +int mbedtls_x509write_crt_set_subject_name(mbedtls_x509write_cert *ctx, + const char *subject_name) { - return mbedtls_x509_string_to_names( &ctx->subject, subject_name ); + return mbedtls_x509_string_to_names(&ctx->subject, subject_name); } -int mbedtls_x509write_crt_set_issuer_name( mbedtls_x509write_cert *ctx, - const char *issuer_name ) +int mbedtls_x509write_crt_set_issuer_name(mbedtls_x509write_cert *ctx, + const char *issuer_name) { - return mbedtls_x509_string_to_names( &ctx->issuer, issuer_name ); + return mbedtls_x509_string_to_names(&ctx->issuer, issuer_name); } -int mbedtls_x509write_crt_set_serial( mbedtls_x509write_cert *ctx, - const mbedtls_mpi *serial ) +int mbedtls_x509write_crt_set_serial(mbedtls_x509write_cert *ctx, + const mbedtls_mpi *serial) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - if( ( ret = mbedtls_mpi_copy( &ctx->serial, serial ) ) != 0 ) - return( ret ); + if (mbedtls_mpi_size(serial) > MBEDTLS_X509_RFC5280_MAX_SERIAL_LEN) { + return MBEDTLS_ERR_X509_BAD_INPUT_DATA; + } + + if ((ret = mbedtls_mpi_copy(&ctx->serial, serial)) != 0) { + return ret; + } - return( 0 ); + return 0; } -int mbedtls_x509write_crt_set_validity( mbedtls_x509write_cert *ctx, - const char *not_before, - const char *not_after ) +int mbedtls_x509write_crt_set_validity(mbedtls_x509write_cert *ctx, + const char *not_before, + const char *not_after) { - if( strlen( not_before ) != MBEDTLS_X509_RFC5280_UTC_TIME_LEN - 1 || - strlen( not_after ) != MBEDTLS_X509_RFC5280_UTC_TIME_LEN - 1 ) - { - return( MBEDTLS_ERR_X509_BAD_INPUT_DATA ); + if (strlen(not_before) != MBEDTLS_X509_RFC5280_UTC_TIME_LEN - 1 || + strlen(not_after) != MBEDTLS_X509_RFC5280_UTC_TIME_LEN - 1) { + return MBEDTLS_ERR_X509_BAD_INPUT_DATA; } - strncpy( ctx->not_before, not_before, MBEDTLS_X509_RFC5280_UTC_TIME_LEN ); - strncpy( ctx->not_after , not_after , MBEDTLS_X509_RFC5280_UTC_TIME_LEN ); + strncpy(ctx->not_before, not_before, MBEDTLS_X509_RFC5280_UTC_TIME_LEN); + strncpy(ctx->not_after, not_after, MBEDTLS_X509_RFC5280_UTC_TIME_LEN); ctx->not_before[MBEDTLS_X509_RFC5280_UTC_TIME_LEN - 1] = 'Z'; ctx->not_after[MBEDTLS_X509_RFC5280_UTC_TIME_LEN - 1] = 'Z'; - return( 0 ); + return 0; } -int mbedtls_x509write_crt_set_extension( mbedtls_x509write_cert *ctx, - const char *oid, size_t oid_len, - int critical, - const unsigned char *val, size_t val_len ) +int mbedtls_x509write_crt_set_extension(mbedtls_x509write_cert *ctx, + const char *oid, size_t oid_len, + int critical, + const unsigned char *val, size_t val_len) { - return( mbedtls_x509_set_extension( &ctx->extensions, oid, oid_len, - critical, val, val_len ) ); + return mbedtls_x509_set_extension(&ctx->extensions, oid, oid_len, + critical, val, val_len); } -int mbedtls_x509write_crt_set_basic_constraints( mbedtls_x509write_cert *ctx, - int is_ca, int max_pathlen ) +int mbedtls_x509write_crt_set_basic_constraints(mbedtls_x509write_cert *ctx, + int is_ca, int max_pathlen) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char buf[9]; unsigned char *c = buf + sizeof(buf); size_t len = 0; - memset( buf, 0, sizeof(buf) ); + memset(buf, 0, sizeof(buf)); - if( is_ca && max_pathlen > 127 ) - return( MBEDTLS_ERR_X509_BAD_INPUT_DATA ); + if (is_ca && max_pathlen > 127) { + return MBEDTLS_ERR_X509_BAD_INPUT_DATA; + } - if( is_ca ) - { - if( max_pathlen >= 0 ) - { - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_int( &c, buf, - max_pathlen ) ); + if (is_ca) { + if (max_pathlen >= 0) { + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_int(&c, buf, + max_pathlen)); } - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_bool( &c, buf, 1 ) ); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_bool(&c, buf, 1)); } - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) ); - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, buf, - MBEDTLS_ASN1_CONSTRUCTED | - MBEDTLS_ASN1_SEQUENCE ) ); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&c, buf, len)); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(&c, buf, + MBEDTLS_ASN1_CONSTRUCTED | + MBEDTLS_ASN1_SEQUENCE)); - return( - mbedtls_x509write_crt_set_extension( ctx, MBEDTLS_OID_BASIC_CONSTRAINTS, - MBEDTLS_OID_SIZE( MBEDTLS_OID_BASIC_CONSTRAINTS ), - is_ca, buf + sizeof(buf) - len, len ) ); + return + mbedtls_x509write_crt_set_extension(ctx, MBEDTLS_OID_BASIC_CONSTRAINTS, + MBEDTLS_OID_SIZE(MBEDTLS_OID_BASIC_CONSTRAINTS), + is_ca, buf + sizeof(buf) - len, len); } #if defined(MBEDTLS_SHA1_C) -int mbedtls_x509write_crt_set_subject_key_identifier( mbedtls_x509write_cert *ctx ) +int mbedtls_x509write_crt_set_subject_key_identifier(mbedtls_x509write_cert *ctx) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char buf[MBEDTLS_MPI_MAX_SIZE * 2 + 20]; /* tag, length + 2xMPI */ unsigned char *c = buf + sizeof(buf); size_t len = 0; - memset( buf, 0, sizeof(buf) ); - MBEDTLS_ASN1_CHK_ADD( len, - mbedtls_pk_write_pubkey( &c, buf, ctx->subject_key ) ); + memset(buf, 0, sizeof(buf)); + MBEDTLS_ASN1_CHK_ADD(len, + mbedtls_pk_write_pubkey(&c, buf, ctx->subject_key)); - ret = mbedtls_sha1_ret( buf + sizeof( buf ) - len, len, - buf + sizeof( buf ) - 20 ); - if( ret != 0 ) - return( ret ); - c = buf + sizeof( buf ) - 20; + ret = mbedtls_sha1_ret(buf + sizeof(buf) - len, len, + buf + sizeof(buf) - 20); + if (ret != 0) { + return ret; + } + c = buf + sizeof(buf) - 20; len = 20; - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) ); - MBEDTLS_ASN1_CHK_ADD( len, - mbedtls_asn1_write_tag( &c, buf, MBEDTLS_ASN1_OCTET_STRING ) ); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&c, buf, len)); + MBEDTLS_ASN1_CHK_ADD(len, + mbedtls_asn1_write_tag(&c, buf, MBEDTLS_ASN1_OCTET_STRING)); - return mbedtls_x509write_crt_set_extension( ctx, - MBEDTLS_OID_SUBJECT_KEY_IDENTIFIER, - MBEDTLS_OID_SIZE( MBEDTLS_OID_SUBJECT_KEY_IDENTIFIER ), - 0, buf + sizeof(buf) - len, len ); + return mbedtls_x509write_crt_set_extension(ctx, + MBEDTLS_OID_SUBJECT_KEY_IDENTIFIER, + MBEDTLS_OID_SIZE(MBEDTLS_OID_SUBJECT_KEY_IDENTIFIER), + 0, buf + sizeof(buf) - len, len); } -int mbedtls_x509write_crt_set_authority_key_identifier( mbedtls_x509write_cert *ctx ) +int mbedtls_x509write_crt_set_authority_key_identifier(mbedtls_x509write_cert *ctx) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char buf[MBEDTLS_MPI_MAX_SIZE * 2 + 20]; /* tag, length + 2xMPI */ - unsigned char *c = buf + sizeof( buf ); + unsigned char *c = buf + sizeof(buf); size_t len = 0; - memset( buf, 0, sizeof(buf) ); - MBEDTLS_ASN1_CHK_ADD( len, - mbedtls_pk_write_pubkey( &c, buf, ctx->issuer_key ) ); + memset(buf, 0, sizeof(buf)); + MBEDTLS_ASN1_CHK_ADD(len, + mbedtls_pk_write_pubkey(&c, buf, ctx->issuer_key)); - ret = mbedtls_sha1_ret( buf + sizeof( buf ) - len, len, - buf + sizeof( buf ) - 20 ); - if( ret != 0 ) - return( ret ); - c = buf + sizeof( buf ) - 20; + ret = mbedtls_sha1_ret(buf + sizeof(buf) - len, len, + buf + sizeof(buf) - 20); + if (ret != 0) { + return ret; + } + c = buf + sizeof(buf) - 20; len = 20; - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) ); - MBEDTLS_ASN1_CHK_ADD( len, - mbedtls_asn1_write_tag( &c, buf, MBEDTLS_ASN1_CONTEXT_SPECIFIC | 0 ) ); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&c, buf, len)); + MBEDTLS_ASN1_CHK_ADD(len, + mbedtls_asn1_write_tag(&c, buf, MBEDTLS_ASN1_CONTEXT_SPECIFIC | 0)); - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) ); - MBEDTLS_ASN1_CHK_ADD( len, - mbedtls_asn1_write_tag( &c, buf, - MBEDTLS_ASN1_CONSTRUCTED | - MBEDTLS_ASN1_SEQUENCE ) ); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&c, buf, len)); + MBEDTLS_ASN1_CHK_ADD(len, + mbedtls_asn1_write_tag(&c, buf, + MBEDTLS_ASN1_CONSTRUCTED | + MBEDTLS_ASN1_SEQUENCE)); return mbedtls_x509write_crt_set_extension( ctx, MBEDTLS_OID_AUTHORITY_KEY_IDENTIFIER, - MBEDTLS_OID_SIZE( MBEDTLS_OID_AUTHORITY_KEY_IDENTIFIER ), - 0, buf + sizeof( buf ) - len, len ); + MBEDTLS_OID_SIZE(MBEDTLS_OID_AUTHORITY_KEY_IDENTIFIER), + 0, buf + sizeof(buf) - len, len); } #endif /* MBEDTLS_SHA1_C */ -int mbedtls_x509write_crt_set_key_usage( mbedtls_x509write_cert *ctx, - unsigned int key_usage ) +int mbedtls_x509write_crt_set_key_usage(mbedtls_x509write_cert *ctx, + unsigned int key_usage) { - unsigned char buf[5] = {0}, ku[2] = {0}; + unsigned char buf[5] = { 0 }, ku[2] = { 0 }; unsigned char *c; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; const unsigned int allowed_bits = MBEDTLS_X509_KU_DIGITAL_SIGNATURE | - MBEDTLS_X509_KU_NON_REPUDIATION | - MBEDTLS_X509_KU_KEY_ENCIPHERMENT | - MBEDTLS_X509_KU_DATA_ENCIPHERMENT | - MBEDTLS_X509_KU_KEY_AGREEMENT | - MBEDTLS_X509_KU_KEY_CERT_SIGN | - MBEDTLS_X509_KU_CRL_SIGN | - MBEDTLS_X509_KU_ENCIPHER_ONLY | - MBEDTLS_X509_KU_DECIPHER_ONLY; + MBEDTLS_X509_KU_NON_REPUDIATION | + MBEDTLS_X509_KU_KEY_ENCIPHERMENT | + MBEDTLS_X509_KU_DATA_ENCIPHERMENT | + MBEDTLS_X509_KU_KEY_AGREEMENT | + MBEDTLS_X509_KU_KEY_CERT_SIGN | + MBEDTLS_X509_KU_CRL_SIGN | + MBEDTLS_X509_KU_ENCIPHER_ONLY | + MBEDTLS_X509_KU_DECIPHER_ONLY; /* Check that nothing other than the allowed flags is set */ - if( ( key_usage & ~allowed_bits ) != 0 ) - return( MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE ); + if ((key_usage & ~allowed_bits) != 0) { + return MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE; + } c = buf + 5; - MBEDTLS_PUT_UINT16_LE( key_usage, ku, 0 ); - ret = mbedtls_asn1_write_named_bitstring( &c, buf, ku, 9 ); + MBEDTLS_PUT_UINT16_LE(key_usage, ku, 0); + ret = mbedtls_asn1_write_named_bitstring(&c, buf, ku, 9); - if( ret < 0 ) - return( ret ); - else if( ret < 3 || ret > 5 ) - return( MBEDTLS_ERR_X509_INVALID_FORMAT ); + if (ret < 0) { + return ret; + } else if (ret < 3 || ret > 5) { + return MBEDTLS_ERR_X509_INVALID_FORMAT; + } - ret = mbedtls_x509write_crt_set_extension( ctx, MBEDTLS_OID_KEY_USAGE, - MBEDTLS_OID_SIZE( MBEDTLS_OID_KEY_USAGE ), - 1, c, (size_t)ret ); - if( ret != 0 ) - return( ret ); + ret = mbedtls_x509write_crt_set_extension(ctx, MBEDTLS_OID_KEY_USAGE, + MBEDTLS_OID_SIZE(MBEDTLS_OID_KEY_USAGE), + 1, c, (size_t) ret); + if (ret != 0) { + return ret; + } - return( 0 ); + return 0; } -int mbedtls_x509write_crt_set_ns_cert_type( mbedtls_x509write_cert *ctx, - unsigned char ns_cert_type ) +int mbedtls_x509write_crt_set_ns_cert_type(mbedtls_x509write_cert *ctx, + unsigned char ns_cert_type) { - unsigned char buf[4] = {0}; + unsigned char buf[4] = { 0 }; unsigned char *c; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; c = buf + 4; - ret = mbedtls_asn1_write_named_bitstring( &c, buf, &ns_cert_type, 8 ); - if( ret < 3 || ret > 4 ) - return( ret ); + ret = mbedtls_asn1_write_named_bitstring(&c, buf, &ns_cert_type, 8); + if (ret < 3 || ret > 4) { + return ret; + } - ret = mbedtls_x509write_crt_set_extension( ctx, MBEDTLS_OID_NS_CERT_TYPE, - MBEDTLS_OID_SIZE( MBEDTLS_OID_NS_CERT_TYPE ), - 0, c, (size_t)ret ); - if( ret != 0 ) - return( ret ); + ret = mbedtls_x509write_crt_set_extension(ctx, MBEDTLS_OID_NS_CERT_TYPE, + MBEDTLS_OID_SIZE(MBEDTLS_OID_NS_CERT_TYPE), + 0, c, (size_t) ret); + if (ret != 0) { + return ret; + } - return( 0 ); + return 0; } -static int x509_write_time( unsigned char **p, unsigned char *start, - const char *t, size_t size ) +static int x509_write_time(unsigned char **p, unsigned char *start, + const char *t, size_t size) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len = 0; @@ -299,32 +309,29 @@ static int x509_write_time( unsigned char **p, unsigned char *start, /* * write MBEDTLS_ASN1_UTC_TIME if year < 2050 (2 bytes shorter) */ - if( t[0] < '2' || ( t[0] == '2' && t[1] == '0' && t[2] < '5' ) ) - { - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_raw_buffer( p, start, - (const unsigned char *) t + 2, - size - 2 ) ); - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) ); - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start, - MBEDTLS_ASN1_UTC_TIME ) ); - } - else - { - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_raw_buffer( p, start, - (const unsigned char *) t, - size ) ); - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) ); - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start, - MBEDTLS_ASN1_GENERALIZED_TIME ) ); + if (t[0] < '2' || (t[0] == '2' && t[1] == '0' && t[2] < '5')) { + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_raw_buffer(p, start, + (const unsigned char *) t + 2, + size - 2)); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, len)); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start, + MBEDTLS_ASN1_UTC_TIME)); + } else { + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_raw_buffer(p, start, + (const unsigned char *) t, + size)); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, len)); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start, + MBEDTLS_ASN1_GENERALIZED_TIME)); } - return( (int) len ); + return (int) len; } -int mbedtls_x509write_crt_der( mbedtls_x509write_cert *ctx, - unsigned char *buf, size_t size, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ) +int mbedtls_x509write_crt_der(mbedtls_x509write_cert *ctx, + unsigned char *buf, size_t size, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; const char *sig_oid; @@ -345,17 +352,17 @@ int mbedtls_x509write_crt_der( mbedtls_x509write_cert *ctx, /* There's no direct way of extracting a signature algorithm * (represented as an element of mbedtls_pk_type_t) from a PK instance. */ - if( mbedtls_pk_can_do( ctx->issuer_key, MBEDTLS_PK_RSA ) ) + if (mbedtls_pk_can_do(ctx->issuer_key, MBEDTLS_PK_RSA)) { pk_alg = MBEDTLS_PK_RSA; - else if( mbedtls_pk_can_do( ctx->issuer_key, MBEDTLS_PK_ECDSA ) ) + } else if (mbedtls_pk_can_do(ctx->issuer_key, MBEDTLS_PK_ECDSA)) { pk_alg = MBEDTLS_PK_ECDSA; - else - return( MBEDTLS_ERR_X509_INVALID_ALG ); + } else { + return MBEDTLS_ERR_X509_INVALID_ALG; + } - if( ( ret = mbedtls_oid_get_oid_by_sig_alg( pk_alg, ctx->md_alg, - &sig_oid, &sig_oid_len ) ) != 0 ) - { - return( ret ); + if ((ret = mbedtls_oid_get_oid_by_sig_alg(pk_alg, ctx->md_alg, + &sig_oid, &sig_oid_len)) != 0) { + return ret; } /* @@ -363,38 +370,37 @@ int mbedtls_x509write_crt_der( mbedtls_x509write_cert *ctx, */ /* Only for v3 */ - if( ctx->version == MBEDTLS_X509_CRT_VERSION_3 ) - { - MBEDTLS_ASN1_CHK_ADD( len, - mbedtls_x509_write_extensions( &c, - buf, ctx->extensions ) ); - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) ); - MBEDTLS_ASN1_CHK_ADD( len, - mbedtls_asn1_write_tag( &c, buf, - MBEDTLS_ASN1_CONSTRUCTED | - MBEDTLS_ASN1_SEQUENCE ) ); - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) ); - MBEDTLS_ASN1_CHK_ADD( len, - mbedtls_asn1_write_tag( &c, buf, - MBEDTLS_ASN1_CONTEXT_SPECIFIC | - MBEDTLS_ASN1_CONSTRUCTED | 3 ) ); + if (ctx->version == MBEDTLS_X509_CRT_VERSION_3) { + MBEDTLS_ASN1_CHK_ADD(len, + mbedtls_x509_write_extensions(&c, + buf, ctx->extensions)); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&c, buf, len)); + MBEDTLS_ASN1_CHK_ADD(len, + mbedtls_asn1_write_tag(&c, buf, + MBEDTLS_ASN1_CONSTRUCTED | + MBEDTLS_ASN1_SEQUENCE)); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&c, buf, len)); + MBEDTLS_ASN1_CHK_ADD(len, + mbedtls_asn1_write_tag(&c, buf, + MBEDTLS_ASN1_CONTEXT_SPECIFIC | + MBEDTLS_ASN1_CONSTRUCTED | 3)); } /* * SubjectPublicKeyInfo */ - MBEDTLS_ASN1_CHK_ADD( pub_len, - mbedtls_pk_write_pubkey_der( ctx->subject_key, - buf, c - buf ) ); + MBEDTLS_ASN1_CHK_ADD(pub_len, + mbedtls_pk_write_pubkey_der(ctx->subject_key, + buf, c - buf)); c -= pub_len; len += pub_len; /* * Subject ::= Name */ - MBEDTLS_ASN1_CHK_ADD( len, - mbedtls_x509_write_names( &c, buf, - ctx->subject ) ); + MBEDTLS_ASN1_CHK_ADD(len, + mbedtls_x509_write_names(&c, buf, + ctx->subject)); /* * Validity ::= SEQUENCE { @@ -403,93 +409,91 @@ int mbedtls_x509write_crt_der( mbedtls_x509write_cert *ctx, */ sub_len = 0; - MBEDTLS_ASN1_CHK_ADD( sub_len, - x509_write_time( &c, buf, ctx->not_after, - MBEDTLS_X509_RFC5280_UTC_TIME_LEN ) ); + MBEDTLS_ASN1_CHK_ADD(sub_len, + x509_write_time(&c, buf, ctx->not_after, + MBEDTLS_X509_RFC5280_UTC_TIME_LEN)); - MBEDTLS_ASN1_CHK_ADD( sub_len, - x509_write_time( &c, buf, ctx->not_before, - MBEDTLS_X509_RFC5280_UTC_TIME_LEN ) ); + MBEDTLS_ASN1_CHK_ADD(sub_len, + x509_write_time(&c, buf, ctx->not_before, + MBEDTLS_X509_RFC5280_UTC_TIME_LEN)); len += sub_len; - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, sub_len ) ); - MBEDTLS_ASN1_CHK_ADD( len, - mbedtls_asn1_write_tag( &c, buf, - MBEDTLS_ASN1_CONSTRUCTED | - MBEDTLS_ASN1_SEQUENCE ) ); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&c, buf, sub_len)); + MBEDTLS_ASN1_CHK_ADD(len, + mbedtls_asn1_write_tag(&c, buf, + MBEDTLS_ASN1_CONSTRUCTED | + MBEDTLS_ASN1_SEQUENCE)); /* * Issuer ::= Name */ - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_x509_write_names( &c, buf, - ctx->issuer ) ); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_x509_write_names(&c, buf, + ctx->issuer)); /* * Signature ::= AlgorithmIdentifier */ - MBEDTLS_ASN1_CHK_ADD( len, - mbedtls_asn1_write_algorithm_identifier( &c, buf, - sig_oid, strlen( sig_oid ), 0 ) ); + MBEDTLS_ASN1_CHK_ADD(len, + mbedtls_asn1_write_algorithm_identifier(&c, buf, + sig_oid, strlen(sig_oid), 0)); /* * Serial ::= INTEGER */ - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_mpi( &c, buf, - &ctx->serial ) ); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_mpi(&c, buf, + &ctx->serial)); /* * Version ::= INTEGER { v1(0), v2(1), v3(2) } */ /* Can be omitted for v1 */ - if( ctx->version != MBEDTLS_X509_CRT_VERSION_1 ) - { + if (ctx->version != MBEDTLS_X509_CRT_VERSION_1) { sub_len = 0; - MBEDTLS_ASN1_CHK_ADD( sub_len, - mbedtls_asn1_write_int( &c, buf, ctx->version ) ); + MBEDTLS_ASN1_CHK_ADD(sub_len, + mbedtls_asn1_write_int(&c, buf, ctx->version)); len += sub_len; - MBEDTLS_ASN1_CHK_ADD( len, - mbedtls_asn1_write_len( &c, buf, sub_len ) ); - MBEDTLS_ASN1_CHK_ADD( len, - mbedtls_asn1_write_tag( &c, buf, - MBEDTLS_ASN1_CONTEXT_SPECIFIC | - MBEDTLS_ASN1_CONSTRUCTED | 0 ) ); + MBEDTLS_ASN1_CHK_ADD(len, + mbedtls_asn1_write_len(&c, buf, sub_len)); + MBEDTLS_ASN1_CHK_ADD(len, + mbedtls_asn1_write_tag(&c, buf, + MBEDTLS_ASN1_CONTEXT_SPECIFIC | + MBEDTLS_ASN1_CONSTRUCTED | 0)); } - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) ); - MBEDTLS_ASN1_CHK_ADD( len, - mbedtls_asn1_write_tag( &c, buf, MBEDTLS_ASN1_CONSTRUCTED | - MBEDTLS_ASN1_SEQUENCE ) ); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&c, buf, len)); + MBEDTLS_ASN1_CHK_ADD(len, + mbedtls_asn1_write_tag(&c, buf, MBEDTLS_ASN1_CONSTRUCTED | + MBEDTLS_ASN1_SEQUENCE)); /* * Make signature */ /* Compute hash of CRT. */ - if( ( ret = mbedtls_md( mbedtls_md_info_from_type( ctx->md_alg ), c, - len, hash ) ) != 0 ) - { - return( ret ); + if ((ret = mbedtls_md(mbedtls_md_info_from_type(ctx->md_alg), c, + len, hash)) != 0) { + return ret; } - if( ( ret = mbedtls_pk_sign( ctx->issuer_key, ctx->md_alg, - hash, 0, sig, &sig_len, - f_rng, p_rng ) ) != 0 ) - { - return( ret ); + if ((ret = mbedtls_pk_sign(ctx->issuer_key, ctx->md_alg, + hash, 0, sig, &sig_len, + f_rng, p_rng)) != 0) { + return ret; } /* Move CRT to the front of the buffer to have space * for the signature. */ - memmove( buf, c, len ); + memmove(buf, c, len); c = buf + len; /* Add signature at the end of the buffer, * making sure that it doesn't underflow * into the CRT buffer. */ c2 = buf + size; - MBEDTLS_ASN1_CHK_ADD( sig_and_oid_len, mbedtls_x509_write_sig( &c2, c, - sig_oid, sig_oid_len, sig, sig_len ) ); + MBEDTLS_ASN1_CHK_ADD(sig_and_oid_len, mbedtls_x509_write_sig(&c2, c, + sig_oid, sig_oid_len, sig, + sig_len)); /* * Memory layout after this step: @@ -500,43 +504,41 @@ int mbedtls_x509write_crt_der( mbedtls_x509write_cert *ctx, /* Move raw CRT to just before the signature. */ c = c2 - len; - memmove( c, buf, len ); + memmove(c, buf, len); len += sig_and_oid_len; - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) ); - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, buf, - MBEDTLS_ASN1_CONSTRUCTED | - MBEDTLS_ASN1_SEQUENCE ) ); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&c, buf, len)); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(&c, buf, + MBEDTLS_ASN1_CONSTRUCTED | + MBEDTLS_ASN1_SEQUENCE)); - return( (int) len ); + return (int) len; } #define PEM_BEGIN_CRT "-----BEGIN CERTIFICATE-----\n" #define PEM_END_CRT "-----END CERTIFICATE-----\n" #if defined(MBEDTLS_PEM_WRITE_C) -int mbedtls_x509write_crt_pem( mbedtls_x509write_cert *crt, - unsigned char *buf, size_t size, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ) +int mbedtls_x509write_crt_pem(mbedtls_x509write_cert *crt, + unsigned char *buf, size_t size, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t olen; - if( ( ret = mbedtls_x509write_crt_der( crt, buf, size, - f_rng, p_rng ) ) < 0 ) - { - return( ret ); + if ((ret = mbedtls_x509write_crt_der(crt, buf, size, + f_rng, p_rng)) < 0) { + return ret; } - if( ( ret = mbedtls_pem_write_buffer( PEM_BEGIN_CRT, PEM_END_CRT, - buf + size - ret, ret, - buf, size, &olen ) ) != 0 ) - { - return( ret ); + if ((ret = mbedtls_pem_write_buffer(PEM_BEGIN_CRT, PEM_END_CRT, + buf + size - ret, ret, + buf, size, &olen)) != 0) { + return ret; } - return( 0 ); + return 0; } #endif /* MBEDTLS_PEM_WRITE_C */ diff --git a/thirdparty/mbedtls/library/x509write_csr.c b/thirdparty/mbedtls/library/x509write_csr.c index 707dd001f0..a421fde97e 100644 --- a/thirdparty/mbedtls/library/x509write_csr.c +++ b/thirdparty/mbedtls/library/x509write_csr.c @@ -46,92 +46,96 @@ #include "mbedtls/platform.h" -void mbedtls_x509write_csr_init( mbedtls_x509write_csr *ctx ) +void mbedtls_x509write_csr_init(mbedtls_x509write_csr *ctx) { - memset( ctx, 0, sizeof( mbedtls_x509write_csr ) ); + memset(ctx, 0, sizeof(mbedtls_x509write_csr)); } -void mbedtls_x509write_csr_free( mbedtls_x509write_csr *ctx ) +void mbedtls_x509write_csr_free(mbedtls_x509write_csr *ctx) { - mbedtls_asn1_free_named_data_list( &ctx->subject ); - mbedtls_asn1_free_named_data_list( &ctx->extensions ); + mbedtls_asn1_free_named_data_list(&ctx->subject); + mbedtls_asn1_free_named_data_list(&ctx->extensions); - mbedtls_platform_zeroize( ctx, sizeof( mbedtls_x509write_csr ) ); + mbedtls_platform_zeroize(ctx, sizeof(mbedtls_x509write_csr)); } -void mbedtls_x509write_csr_set_md_alg( mbedtls_x509write_csr *ctx, mbedtls_md_type_t md_alg ) +void mbedtls_x509write_csr_set_md_alg(mbedtls_x509write_csr *ctx, mbedtls_md_type_t md_alg) { ctx->md_alg = md_alg; } -void mbedtls_x509write_csr_set_key( mbedtls_x509write_csr *ctx, mbedtls_pk_context *key ) +void mbedtls_x509write_csr_set_key(mbedtls_x509write_csr *ctx, mbedtls_pk_context *key) { ctx->key = key; } -int mbedtls_x509write_csr_set_subject_name( mbedtls_x509write_csr *ctx, - const char *subject_name ) +int mbedtls_x509write_csr_set_subject_name(mbedtls_x509write_csr *ctx, + const char *subject_name) { - return mbedtls_x509_string_to_names( &ctx->subject, subject_name ); + return mbedtls_x509_string_to_names(&ctx->subject, subject_name); } -int mbedtls_x509write_csr_set_extension( mbedtls_x509write_csr *ctx, - const char *oid, size_t oid_len, - const unsigned char *val, size_t val_len ) +int mbedtls_x509write_csr_set_extension(mbedtls_x509write_csr *ctx, + const char *oid, size_t oid_len, + const unsigned char *val, size_t val_len) { - return mbedtls_x509_set_extension( &ctx->extensions, oid, oid_len, - 0, val, val_len ); + return mbedtls_x509_set_extension(&ctx->extensions, oid, oid_len, + 0, val, val_len); } -int mbedtls_x509write_csr_set_key_usage( mbedtls_x509write_csr *ctx, unsigned char key_usage ) +int mbedtls_x509write_csr_set_key_usage(mbedtls_x509write_csr *ctx, unsigned char key_usage) { - unsigned char buf[4] = {0}; + unsigned char buf[4] = { 0 }; unsigned char *c; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; c = buf + 4; - ret = mbedtls_asn1_write_named_bitstring( &c, buf, &key_usage, 8 ); - if( ret < 3 || ret > 4 ) - return( ret ); + ret = mbedtls_asn1_write_named_bitstring(&c, buf, &key_usage, 8); + if (ret < 3 || ret > 4) { + return ret; + } - ret = mbedtls_x509write_csr_set_extension( ctx, MBEDTLS_OID_KEY_USAGE, - MBEDTLS_OID_SIZE( MBEDTLS_OID_KEY_USAGE ), - c, (size_t)ret ); - if( ret != 0 ) - return( ret ); + ret = mbedtls_x509write_csr_set_extension(ctx, MBEDTLS_OID_KEY_USAGE, + MBEDTLS_OID_SIZE(MBEDTLS_OID_KEY_USAGE), + c, (size_t) ret); + if (ret != 0) { + return ret; + } - return( 0 ); + return 0; } -int mbedtls_x509write_csr_set_ns_cert_type( mbedtls_x509write_csr *ctx, - unsigned char ns_cert_type ) +int mbedtls_x509write_csr_set_ns_cert_type(mbedtls_x509write_csr *ctx, + unsigned char ns_cert_type) { - unsigned char buf[4] = {0}; + unsigned char buf[4] = { 0 }; unsigned char *c; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; c = buf + 4; - ret = mbedtls_asn1_write_named_bitstring( &c, buf, &ns_cert_type, 8 ); - if( ret < 3 || ret > 4 ) - return( ret ); + ret = mbedtls_asn1_write_named_bitstring(&c, buf, &ns_cert_type, 8); + if (ret < 3 || ret > 4) { + return ret; + } - ret = mbedtls_x509write_csr_set_extension( ctx, MBEDTLS_OID_NS_CERT_TYPE, - MBEDTLS_OID_SIZE( MBEDTLS_OID_NS_CERT_TYPE ), - c, (size_t)ret ); - if( ret != 0 ) - return( ret ); + ret = mbedtls_x509write_csr_set_extension(ctx, MBEDTLS_OID_NS_CERT_TYPE, + MBEDTLS_OID_SIZE(MBEDTLS_OID_NS_CERT_TYPE), + c, (size_t) ret); + if (ret != 0) { + return ret; + } - return( 0 ); + return 0; } -static int x509write_csr_der_internal( mbedtls_x509write_csr *ctx, - unsigned char *buf, - size_t size, - unsigned char *sig, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ) +static int x509write_csr_der_internal(mbedtls_x509write_csr *ctx, + unsigned char *buf, + size_t size, + unsigned char *sig, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; const char *sig_oid; @@ -144,114 +148,114 @@ static int x509write_csr_der_internal( mbedtls_x509write_csr *ctx, #if defined(MBEDTLS_USE_PSA_CRYPTO) psa_hash_operation_t hash_operation = PSA_HASH_OPERATION_INIT; size_t hash_len; - psa_algorithm_t hash_alg = mbedtls_psa_translate_md( ctx->md_alg ); + psa_algorithm_t hash_alg = mbedtls_psa_translate_md(ctx->md_alg); #endif /* MBEDTLS_USE_PSA_CRYPTO */ /* Write the CSR backwards starting from the end of buf */ c = buf + size; - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_x509_write_extensions( &c, buf, - ctx->extensions ) ); - - if( len ) - { - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) ); - MBEDTLS_ASN1_CHK_ADD( len, - mbedtls_asn1_write_tag( - &c, buf, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ); - - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) ); - MBEDTLS_ASN1_CHK_ADD( len, - mbedtls_asn1_write_tag( - &c, buf, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SET ) ); - - MBEDTLS_ASN1_CHK_ADD( len, - mbedtls_asn1_write_oid( - &c, buf, MBEDTLS_OID_PKCS9_CSR_EXT_REQ, - MBEDTLS_OID_SIZE( MBEDTLS_OID_PKCS9_CSR_EXT_REQ ) ) ); - - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) ); - MBEDTLS_ASN1_CHK_ADD( len, - mbedtls_asn1_write_tag( - &c, buf, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_x509_write_extensions(&c, buf, + ctx->extensions)); + + if (len) { + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&c, buf, len)); + MBEDTLS_ASN1_CHK_ADD(len, + mbedtls_asn1_write_tag( + &c, buf, + MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)); + + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&c, buf, len)); + MBEDTLS_ASN1_CHK_ADD(len, + mbedtls_asn1_write_tag( + &c, buf, + MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SET)); + + MBEDTLS_ASN1_CHK_ADD(len, + mbedtls_asn1_write_oid( + &c, buf, MBEDTLS_OID_PKCS9_CSR_EXT_REQ, + MBEDTLS_OID_SIZE(MBEDTLS_OID_PKCS9_CSR_EXT_REQ))); + + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&c, buf, len)); + MBEDTLS_ASN1_CHK_ADD(len, + mbedtls_asn1_write_tag( + &c, buf, + MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)); } - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) ); - MBEDTLS_ASN1_CHK_ADD( len, - mbedtls_asn1_write_tag( - &c, buf, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_CONTEXT_SPECIFIC ) ); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&c, buf, len)); + MBEDTLS_ASN1_CHK_ADD(len, + mbedtls_asn1_write_tag( + &c, buf, + MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_CONTEXT_SPECIFIC)); - MBEDTLS_ASN1_CHK_ADD( pub_len, mbedtls_pk_write_pubkey_der( ctx->key, - buf, c - buf ) ); + MBEDTLS_ASN1_CHK_ADD(pub_len, mbedtls_pk_write_pubkey_der(ctx->key, + buf, c - buf)); c -= pub_len; len += pub_len; /* * Subject ::= Name */ - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_x509_write_names( &c, buf, - ctx->subject ) ); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_x509_write_names(&c, buf, + ctx->subject)); /* * Version ::= INTEGER { v1(0), v2(1), v3(2) } */ - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_int( &c, buf, 0 ) ); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_int(&c, buf, 0)); - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) ); - MBEDTLS_ASN1_CHK_ADD( len, - mbedtls_asn1_write_tag( - &c, buf, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&c, buf, len)); + MBEDTLS_ASN1_CHK_ADD(len, + mbedtls_asn1_write_tag( + &c, buf, + MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)); /* * Sign the written CSR data into the sig buffer * Note: hash errors can happen only after an internal error */ #if defined(MBEDTLS_USE_PSA_CRYPTO) - if( psa_hash_setup( &hash_operation, hash_alg ) != PSA_SUCCESS ) - return( MBEDTLS_ERR_X509_FATAL_ERROR ); + if (psa_hash_setup(&hash_operation, hash_alg) != PSA_SUCCESS) { + return MBEDTLS_ERR_X509_FATAL_ERROR; + } - if( psa_hash_update( &hash_operation, c, len ) != PSA_SUCCESS ) - return( MBEDTLS_ERR_X509_FATAL_ERROR ); + if (psa_hash_update(&hash_operation, c, len) != PSA_SUCCESS) { + return MBEDTLS_ERR_X509_FATAL_ERROR; + } - if( psa_hash_finish( &hash_operation, hash, sizeof( hash ), &hash_len ) - != PSA_SUCCESS ) - { - return( MBEDTLS_ERR_X509_FATAL_ERROR ); + if (psa_hash_finish(&hash_operation, hash, sizeof(hash), &hash_len) + != PSA_SUCCESS) { + return MBEDTLS_ERR_X509_FATAL_ERROR; } #else /* MBEDTLS_USE_PSA_CRYPTO */ - ret = mbedtls_md( mbedtls_md_info_from_type( ctx->md_alg ), c, len, hash ); - if( ret != 0 ) - return( ret ); + ret = mbedtls_md(mbedtls_md_info_from_type(ctx->md_alg), c, len, hash); + if (ret != 0) { + return ret; + } #endif - if( ( ret = mbedtls_pk_sign( ctx->key, ctx->md_alg, hash, 0, sig, &sig_len, - f_rng, p_rng ) ) != 0 ) - { - return( ret ); + if ((ret = mbedtls_pk_sign(ctx->key, ctx->md_alg, hash, 0, sig, &sig_len, + f_rng, p_rng)) != 0) { + return ret; } - if( mbedtls_pk_can_do( ctx->key, MBEDTLS_PK_RSA ) ) + if (mbedtls_pk_can_do(ctx->key, MBEDTLS_PK_RSA)) { pk_alg = MBEDTLS_PK_RSA; - else if( mbedtls_pk_can_do( ctx->key, MBEDTLS_PK_ECDSA ) ) + } else if (mbedtls_pk_can_do(ctx->key, MBEDTLS_PK_ECDSA)) { pk_alg = MBEDTLS_PK_ECDSA; - else - return( MBEDTLS_ERR_X509_INVALID_ALG ); + } else { + return MBEDTLS_ERR_X509_INVALID_ALG; + } - if( ( ret = mbedtls_oid_get_oid_by_sig_alg( pk_alg, ctx->md_alg, - &sig_oid, &sig_oid_len ) ) != 0 ) - { - return( ret ); + if ((ret = mbedtls_oid_get_oid_by_sig_alg(pk_alg, ctx->md_alg, + &sig_oid, &sig_oid_len)) != 0) { + return ret; } /* * Move the written CSR data to the start of buf to create space for * writing the signature into buf. */ - memmove( buf, c, len ); + memmove(buf, c, len); /* * Write sig and its OID into buf backwards from the end of buf. @@ -259,76 +263,73 @@ static int x509write_csr_der_internal( mbedtls_x509write_csr *ctx, * and return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL if needed. */ c2 = buf + size; - MBEDTLS_ASN1_CHK_ADD( sig_and_oid_len, - mbedtls_x509_write_sig( &c2, buf + len, sig_oid, sig_oid_len, - sig, sig_len ) ); + MBEDTLS_ASN1_CHK_ADD(sig_and_oid_len, + mbedtls_x509_write_sig(&c2, buf + len, sig_oid, sig_oid_len, + sig, sig_len)); /* * Compact the space between the CSR data and signature by moving the * CSR data to the start of the signature. */ c2 -= len; - memmove( c2, buf, len ); + memmove(c2, buf, len); /* ASN encode the total size and tag the CSR data with it. */ len += sig_and_oid_len; - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c2, buf, len ) ); - MBEDTLS_ASN1_CHK_ADD( len, - mbedtls_asn1_write_tag( - &c2, buf, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&c2, buf, len)); + MBEDTLS_ASN1_CHK_ADD(len, + mbedtls_asn1_write_tag( + &c2, buf, + MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)); /* Zero the unused bytes at the start of buf */ - memset( buf, 0, c2 - buf); + memset(buf, 0, c2 - buf); - return( (int) len ); + return (int) len; } -int mbedtls_x509write_csr_der( mbedtls_x509write_csr *ctx, unsigned char *buf, - size_t size, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ) +int mbedtls_x509write_csr_der(mbedtls_x509write_csr *ctx, unsigned char *buf, + size_t size, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng) { int ret; unsigned char *sig; - if( ( sig = mbedtls_calloc( 1, MBEDTLS_PK_SIGNATURE_MAX_SIZE ) ) == NULL ) - { - return( MBEDTLS_ERR_X509_ALLOC_FAILED ); + if ((sig = mbedtls_calloc(1, MBEDTLS_PK_SIGNATURE_MAX_SIZE)) == NULL) { + return MBEDTLS_ERR_X509_ALLOC_FAILED; } - ret = x509write_csr_der_internal( ctx, buf, size, sig, f_rng, p_rng ); + ret = x509write_csr_der_internal(ctx, buf, size, sig, f_rng, p_rng); - mbedtls_free( sig ); + mbedtls_free(sig); - return( ret ); + return ret; } #define PEM_BEGIN_CSR "-----BEGIN CERTIFICATE REQUEST-----\n" #define PEM_END_CSR "-----END CERTIFICATE REQUEST-----\n" #if defined(MBEDTLS_PEM_WRITE_C) -int mbedtls_x509write_csr_pem( mbedtls_x509write_csr *ctx, unsigned char *buf, size_t size, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ) +int mbedtls_x509write_csr_pem(mbedtls_x509write_csr *ctx, unsigned char *buf, size_t size, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t olen = 0; - if( ( ret = mbedtls_x509write_csr_der( ctx, buf, size, - f_rng, p_rng ) ) < 0 ) - { - return( ret ); + if ((ret = mbedtls_x509write_csr_der(ctx, buf, size, + f_rng, p_rng)) < 0) { + return ret; } - if( ( ret = mbedtls_pem_write_buffer( PEM_BEGIN_CSR, PEM_END_CSR, - buf + size - ret, - ret, buf, size, &olen ) ) != 0 ) - { - return( ret ); + if ((ret = mbedtls_pem_write_buffer(PEM_BEGIN_CSR, PEM_END_CSR, + buf + size - ret, + ret, buf, size, &olen)) != 0) { + return ret; } - return( 0 ); + return 0; } #endif /* MBEDTLS_PEM_WRITE_C */ diff --git a/thirdparty/mbedtls/library/xtea.c b/thirdparty/mbedtls/library/xtea.c index 28e6972aa8..27651cc0e5 100644 --- a/thirdparty/mbedtls/library/xtea.c +++ b/thirdparty/mbedtls/library/xtea.c @@ -30,116 +30,109 @@ #if !defined(MBEDTLS_XTEA_ALT) -void mbedtls_xtea_init( mbedtls_xtea_context *ctx ) +void mbedtls_xtea_init(mbedtls_xtea_context *ctx) { - memset( ctx, 0, sizeof( mbedtls_xtea_context ) ); + memset(ctx, 0, sizeof(mbedtls_xtea_context)); } -void mbedtls_xtea_free( mbedtls_xtea_context *ctx ) +void mbedtls_xtea_free(mbedtls_xtea_context *ctx) { - if( ctx == NULL ) + if (ctx == NULL) { return; + } - mbedtls_platform_zeroize( ctx, sizeof( mbedtls_xtea_context ) ); + mbedtls_platform_zeroize(ctx, sizeof(mbedtls_xtea_context)); } /* * XTEA key schedule */ -void mbedtls_xtea_setup( mbedtls_xtea_context *ctx, const unsigned char key[16] ) +void mbedtls_xtea_setup(mbedtls_xtea_context *ctx, const unsigned char key[16]) { int i; - memset( ctx, 0, sizeof(mbedtls_xtea_context) ); + memset(ctx, 0, sizeof(mbedtls_xtea_context)); - for( i = 0; i < 4; i++ ) - { - ctx->k[i] = MBEDTLS_GET_UINT32_BE( key, i << 2 ); + for (i = 0; i < 4; i++) { + ctx->k[i] = MBEDTLS_GET_UINT32_BE(key, i << 2); } } /* * XTEA encrypt function */ -int mbedtls_xtea_crypt_ecb( mbedtls_xtea_context *ctx, int mode, - const unsigned char input[8], unsigned char output[8]) +int mbedtls_xtea_crypt_ecb(mbedtls_xtea_context *ctx, int mode, + const unsigned char input[8], unsigned char output[8]) { uint32_t *k, v0, v1, i; k = ctx->k; - v0 = MBEDTLS_GET_UINT32_BE( input, 0 ); - v1 = MBEDTLS_GET_UINT32_BE( input, 4 ); + v0 = MBEDTLS_GET_UINT32_BE(input, 0); + v1 = MBEDTLS_GET_UINT32_BE(input, 4); - if( mode == MBEDTLS_XTEA_ENCRYPT ) - { + if (mode == MBEDTLS_XTEA_ENCRYPT) { uint32_t sum = 0, delta = 0x9E3779B9; - for( i = 0; i < 32; i++ ) - { + for (i = 0; i < 32; i++) { v0 += (((v1 << 4) ^ (v1 >> 5)) + v1) ^ (sum + k[sum & 3]); sum += delta; v1 += (((v0 << 4) ^ (v0 >> 5)) + v0) ^ (sum + k[(sum>>11) & 3]); } - } - else /* MBEDTLS_XTEA_DECRYPT */ - { + } else { /* MBEDTLS_XTEA_DECRYPT */ uint32_t delta = 0x9E3779B9, sum = delta * 32; - for( i = 0; i < 32; i++ ) - { + for (i = 0; i < 32; i++) { v1 -= (((v0 << 4) ^ (v0 >> 5)) + v0) ^ (sum + k[(sum>>11) & 3]); sum -= delta; v0 -= (((v1 << 4) ^ (v1 >> 5)) + v1) ^ (sum + k[sum & 3]); } } - MBEDTLS_PUT_UINT32_BE( v0, output, 0 ); - MBEDTLS_PUT_UINT32_BE( v1, output, 4 ); + MBEDTLS_PUT_UINT32_BE(v0, output, 0); + MBEDTLS_PUT_UINT32_BE(v1, output, 4); - return( 0 ); + return 0; } #if defined(MBEDTLS_CIPHER_MODE_CBC) /* * XTEA-CBC buffer encryption/decryption */ -int mbedtls_xtea_crypt_cbc( mbedtls_xtea_context *ctx, int mode, size_t length, - unsigned char iv[8], const unsigned char *input, - unsigned char *output) +int mbedtls_xtea_crypt_cbc(mbedtls_xtea_context *ctx, int mode, size_t length, + unsigned char iv[8], const unsigned char *input, + unsigned char *output) { int i; unsigned char temp[8]; - if( length % 8 ) - return( MBEDTLS_ERR_XTEA_INVALID_INPUT_LENGTH ); + if (length % 8) { + return MBEDTLS_ERR_XTEA_INVALID_INPUT_LENGTH; + } - if( mode == MBEDTLS_XTEA_DECRYPT ) - { - while( length > 0 ) - { - memcpy( temp, input, 8 ); - mbedtls_xtea_crypt_ecb( ctx, mode, input, output ); + if (mode == MBEDTLS_XTEA_DECRYPT) { + while (length > 0) { + memcpy(temp, input, 8); + mbedtls_xtea_crypt_ecb(ctx, mode, input, output); - for( i = 0; i < 8; i++ ) - output[i] = (unsigned char)( output[i] ^ iv[i] ); + for (i = 0; i < 8; i++) { + output[i] = (unsigned char) (output[i] ^ iv[i]); + } - memcpy( iv, temp, 8 ); + memcpy(iv, temp, 8); input += 8; output += 8; length -= 8; } - } - else - { - while( length > 0 ) - { - for( i = 0; i < 8; i++ ) - output[i] = (unsigned char)( input[i] ^ iv[i] ); + } else { + while (length > 0) { + for (i = 0; i < 8; i++) { + output[i] = (unsigned char) (input[i] ^ iv[i]); + } - mbedtls_xtea_crypt_ecb( ctx, mode, output, output ); - memcpy( iv, output, 8 ); + mbedtls_xtea_crypt_ecb(ctx, mode, output, output); + memcpy(iv, output, 8); input += 8; output += 8; @@ -147,7 +140,7 @@ int mbedtls_xtea_crypt_cbc( mbedtls_xtea_context *ctx, int mode, size_t length, } } - return( 0 ); + return 0; } #endif /* MBEDTLS_CIPHER_MODE_CBC */ #endif /* !MBEDTLS_XTEA_ALT */ @@ -160,18 +153,18 @@ int mbedtls_xtea_crypt_cbc( mbedtls_xtea_context *ctx, int mode, size_t length, static const unsigned char xtea_test_key[6][16] = { - { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, - 0x0c, 0x0d, 0x0e, 0x0f }, - { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, - 0x0c, 0x0d, 0x0e, 0x0f }, - { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, - 0x0c, 0x0d, 0x0e, 0x0f }, - { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00 }, - { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00 }, - { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00 } + { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, + 0x0c, 0x0d, 0x0e, 0x0f }, + { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, + 0x0c, 0x0d, 0x0e, 0x0f }, + { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, + 0x0c, 0x0d, 0x0e, 0x0f }, + { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00 }, + { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00 }, + { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00 } }; static const unsigned char xtea_test_pt[6][8] = @@ -197,43 +190,45 @@ static const unsigned char xtea_test_ct[6][8] = /* * Checkup routine */ -int mbedtls_xtea_self_test( int verbose ) +int mbedtls_xtea_self_test(int verbose) { int i, ret = 0; unsigned char buf[8]; mbedtls_xtea_context ctx; - mbedtls_xtea_init( &ctx ); - for( i = 0; i < 6; i++ ) - { - if( verbose != 0 ) - mbedtls_printf( " XTEA test #%d: ", i + 1 ); + mbedtls_xtea_init(&ctx); + for (i = 0; i < 6; i++) { + if (verbose != 0) { + mbedtls_printf(" XTEA test #%d: ", i + 1); + } - memcpy( buf, xtea_test_pt[i], 8 ); + memcpy(buf, xtea_test_pt[i], 8); - mbedtls_xtea_setup( &ctx, xtea_test_key[i] ); - mbedtls_xtea_crypt_ecb( &ctx, MBEDTLS_XTEA_ENCRYPT, buf, buf ); + mbedtls_xtea_setup(&ctx, xtea_test_key[i]); + mbedtls_xtea_crypt_ecb(&ctx, MBEDTLS_XTEA_ENCRYPT, buf, buf); - if( memcmp( buf, xtea_test_ct[i], 8 ) != 0 ) - { - if( verbose != 0 ) - mbedtls_printf( "failed\n" ); + if (memcmp(buf, xtea_test_ct[i], 8) != 0) { + if (verbose != 0) { + mbedtls_printf("failed\n"); + } ret = 1; goto exit; } - if( verbose != 0 ) - mbedtls_printf( "passed\n" ); + if (verbose != 0) { + mbedtls_printf("passed\n"); + } } - if( verbose != 0 ) - mbedtls_printf( "\n" ); + if (verbose != 0) { + mbedtls_printf("\n"); + } exit: - mbedtls_xtea_free( &ctx ); + mbedtls_xtea_free(&ctx); - return( ret ); + return ret; } #endif /* MBEDTLS_SELF_TEST */ diff --git a/thirdparty/mbedtls/patches/1453.diff b/thirdparty/mbedtls/patches/1453.diff index 4a7ca1570b..a29a928dd3 100644 --- a/thirdparty/mbedtls/patches/1453.diff +++ b/thirdparty/mbedtls/patches/1453.diff @@ -1,8 +1,8 @@ diff --git a/thirdparty/mbedtls/library/entropy_poll.c b/thirdparty/mbedtls/library/entropy_poll.c -index a858c1892b..69ac29e4f7 100644 +index 3420616a06..57fddd4d62 100644 --- a/thirdparty/mbedtls/library/entropy_poll.c +++ b/thirdparty/mbedtls/library/entropy_poll.c -@@ -54,28 +54,43 @@ +@@ -55,26 +55,41 @@ #define _WIN32_WINNT 0x0400 #endif #include @@ -22,99 +22,32 @@ index a858c1892b..69ac29e4f7 100644 +#pragma warning( pop ) +#endif - int mbedtls_platform_entropy_poll( void *data, unsigned char *output, size_t len, - size_t *olen ) + int mbedtls_platform_entropy_poll(void *data, unsigned char *output, size_t len, + size_t *olen) { - HCRYPTPROV provider; + ULONG len_as_ulong = 0; ((void) data); *olen = 0; -- if( CryptAcquireContext( &provider, NULL, NULL, -- PROV_RSA_FULL, CRYPT_VERIFYCONTEXT ) == FALSE ) +- if (CryptAcquireContext(&provider, NULL, NULL, +- PROV_RSA_FULL, CRYPT_VERIFYCONTEXT) == FALSE) { + /* + * BCryptGenRandom takes ULONG for size, which is smaller than size_t on + * 64-bit Windows platforms. Ensure len's value can be safely converted into + * a ULONG. + */ -+ if ( FAILED( SizeTToULong( len, &len_as_ulong ) ) ) - { - return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED ); ++ if (FAILED(SizeTToULong(len, &len_as_ulong))) { + return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED; } -- if( CryptGenRandom( provider, (DWORD) len, output ) == FALSE ) -+ if ( !BCRYPT_SUCCESS( BCryptGenRandom( NULL, output, len_as_ulong, BCRYPT_USE_SYSTEM_PREFERRED_RNG ) ) ) - { -- CryptReleaseContext( provider, 0 ); - return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED ); +- if (CryptGenRandom(provider, (DWORD) len, output) == FALSE) { +- CryptReleaseContext(provider, 0); ++ if (!BCRYPT_SUCCESS(BCryptGenRandom(NULL, output, len_as_ulong, BCRYPT_USE_SYSTEM_PREFERRED_RNG))) { + return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED; } -- CryptReleaseContext( provider, 0 ); +- CryptReleaseContext(provider, 0); *olen = len; - return( 0 ); -diff --git a/thirdparty/mbedtls/library/x509_crt.c b/thirdparty/mbedtls/library/x509_crt.c -index def1414eca..4361f43ed0 100644 ---- a/thirdparty/mbedtls/library/x509_crt.c -+++ b/thirdparty/mbedtls/library/x509_crt.c -@@ -58,6 +58,19 @@ - #if defined(MBEDTLS_HAVE_TIME) - #if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32) - #include -+#if defined(_MSC_VER) && _MSC_VER <= 1600 -+/* Visual Studio 2010 and earlier issue a warning when both and -+ * are included, as they redefine a number of _MAX constants. -+ * These constants are guaranteed to be the same, though, so we suppress the -+ * warning when including intsafe.h. -+ */ -+#pragma warning( push ) -+#pragma warning( disable : 4005 ) -+#endif -+#include -+#if defined(_MSC_VER) && _MSC_VER <= 1600 -+#pragma warning( pop ) -+#endif - #else - #include - #endif -@@ -1549,6 +1562,7 @@ int mbedtls_x509_crt_parse_path( mbedtls_x509_crt *chain, const char *path ) - char filename[MAX_PATH]; - char *p; - size_t len = strlen( path ); -+ int lengthAsInt = 0; - - WIN32_FIND_DATAW file_data; - HANDLE hFind; -@@ -1563,7 +1577,18 @@ int mbedtls_x509_crt_parse_path( mbedtls_x509_crt *chain, const char *path ) - p = filename + len; - filename[len++] = '*'; - -- w_ret = MultiByteToWideChar( CP_ACP, 0, filename, (int)len, szDir, -+ if ( FAILED ( SizeTToInt( len, &lengthAsInt ) ) ) -+ return( MBEDTLS_ERR_X509_FILE_IO_ERROR ); -+ -+ /* -+ * Note this function uses the code page CP_ACP, and assumes the incoming -+ * string is encoded in ANSI, before translating it into Unicode. If the -+ * incoming string were changed to be UTF-8, then the length check needs to -+ * change to check the number of characters, not the number of bytes, in the -+ * incoming string are less than MAX_PATH to avoid a buffer overrun with -+ * MultiByteToWideChar(). -+ */ -+ w_ret = MultiByteToWideChar( CP_ACP, 0, filename, lengthAsInt, szDir, - MAX_PATH - 3 ); - if( w_ret == 0 ) - return( MBEDTLS_ERR_X509_BAD_INPUT_DATA ); -@@ -1580,8 +1605,11 @@ int mbedtls_x509_crt_parse_path( mbedtls_x509_crt *chain, const char *path ) - if( file_data.dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY ) - continue; - -+ if ( FAILED( SizeTToInt( wcslen( file_data.cFileName ), &lengthAsInt ) ) ) -+ return( MBEDTLS_ERR_X509_FILE_IO_ERROR ); -+ - w_ret = WideCharToMultiByte( CP_ACP, 0, file_data.cFileName, -- lstrlenW( file_data.cFileName ), -+ lengthAsInt, - p, (int) len - 1, - NULL, NULL ); - if( w_ret == 0 ) + return 0; diff --git a/thirdparty/mbedtls/patches/windows-arm64-hardclock.diff b/thirdparty/mbedtls/patches/windows-arm64-hardclock.diff index c7c5a7e282..9a0c430216 100644 --- a/thirdparty/mbedtls/patches/windows-arm64-hardclock.diff +++ b/thirdparty/mbedtls/patches/windows-arm64-hardclock.diff @@ -1,8 +1,8 @@ diff --git a/thirdparty/mbedtls/library/timing.c b/thirdparty/mbedtls/library/timing.c -index 6c14a4fd01..151292e325 100644 +index 47e34f9227..eeb1d503a8 100644 --- a/thirdparty/mbedtls/library/timing.c +++ b/thirdparty/mbedtls/library/timing.c -@@ -190,8 +190,10 @@ unsigned long mbedtls_timing_hardclock( void ) +@@ -188,8 +188,10 @@ unsigned long mbedtls_timing_hardclock(void) #endif /* !HAVE_HARDCLOCK && MBEDTLS_HAVE_ASM && __GNUC__ && __ia64__ */ -- cgit v1.2.3