early-access version 1676
This commit is contained in:
pineappleEA
6
externals/mbedtls/library/CMakeLists.txt
vendored
6
externals/mbedtls/library/CMakeLists.txt
vendored
@@ -165,15 +165,15 @@ endif(USE_STATIC_MBEDTLS_LIBRARY)
|
||||
|
||||
if(USE_SHARED_MBEDTLS_LIBRARY)
|
||||
add_library(mbedcrypto SHARED ${src_crypto})
|
||||
set_target_properties(mbedcrypto PROPERTIES VERSION 2.16.9 SOVERSION 3)
|
||||
set_target_properties(mbedcrypto PROPERTIES VERSION 2.16.10 SOVERSION 3)
|
||||
target_link_libraries(mbedcrypto ${libs})
|
||||
|
||||
add_library(mbedx509 SHARED ${src_x509})
|
||||
set_target_properties(mbedx509 PROPERTIES VERSION 2.16.9 SOVERSION 0)
|
||||
set_target_properties(mbedx509 PROPERTIES VERSION 2.16.10 SOVERSION 0)
|
||||
target_link_libraries(mbedx509 ${libs} mbedcrypto)
|
||||
|
||||
add_library(mbedtls SHARED ${src_tls})
|
||||
set_target_properties(mbedtls PROPERTIES VERSION 2.16.9 SOVERSION 12)
|
||||
set_target_properties(mbedtls PROPERTIES VERSION 2.16.10 SOVERSION 12)
|
||||
target_link_libraries(mbedtls ${libs} mbedx509)
|
||||
|
||||
install(TARGETS mbedtls mbedx509 mbedcrypto
|
||||
|
||||
131
externals/mbedtls/library/base64.c
vendored
131
externals/mbedtls/library/base64.c
vendored
@@ -96,6 +96,99 @@ static const unsigned char base64_dec_map[128] =
|
||||
|
||||
#define BASE64_SIZE_T_MAX ( (size_t) -1 ) /* SIZE_T_MAX is not standard */
|
||||
|
||||
/*
|
||||
* Constant flow conditional assignment to unsigned char
|
||||
*/
|
||||
static void mbedtls_base64_cond_assign_uchar( unsigned char * dest, const unsigned char * const src,
|
||||
unsigned char condition )
|
||||
{
|
||||
/* MSVC has a warning about unary minus on unsigned integer types,
|
||||
* but this is well-defined and precisely what we want to do here. */
|
||||
#if defined(_MSC_VER)
|
||||
#pragma warning( push )
|
||||
#pragma warning( disable : 4146 )
|
||||
#endif
|
||||
|
||||
/* Generate bitmask from condition, mask will either be 0xFF or 0 */
|
||||
unsigned char mask = ( condition | -condition );
|
||||
mask >>= 7;
|
||||
mask = -mask;
|
||||
|
||||
#if defined(_MSC_VER)
|
||||
#pragma warning( pop )
|
||||
#endif
|
||||
|
||||
*dest = ( ( *src ) & mask ) | ( ( *dest ) & ~mask );
|
||||
}
|
||||
|
||||
/*
|
||||
* Constant flow conditional assignment to uint_32
|
||||
*/
|
||||
static void mbedtls_base64_cond_assign_uint32( uint32_t * dest, const uint32_t src,
|
||||
uint32_t condition )
|
||||
{
|
||||
/* MSVC has a warning about unary minus on unsigned integer types,
|
||||
* but this is well-defined and precisely what we want to do here. */
|
||||
#if defined(_MSC_VER)
|
||||
#pragma warning( push )
|
||||
#pragma warning( disable : 4146 )
|
||||
#endif
|
||||
|
||||
/* Generate bitmask from condition, mask will either be 0xFFFFFFFF or 0 */
|
||||
uint32_t mask = ( condition | -condition );
|
||||
mask >>= 31;
|
||||
mask = -mask;
|
||||
|
||||
#if defined(_MSC_VER)
|
||||
#pragma warning( pop )
|
||||
#endif
|
||||
|
||||
*dest = ( src & mask ) | ( ( *dest ) & ~mask );
|
||||
}
|
||||
|
||||
/*
|
||||
* Constant flow check for equality
|
||||
*/
|
||||
static unsigned char mbedtls_base64_eq( size_t in_a, size_t in_b )
|
||||
{
|
||||
size_t difference = in_a ^ in_b;
|
||||
|
||||
/* MSVC has a warning about unary minus on unsigned integer types,
|
||||
* but this is well-defined and precisely what we want to do here. */
|
||||
#if defined(_MSC_VER)
|
||||
#pragma warning( push )
|
||||
#pragma warning( disable : 4146 )
|
||||
#endif
|
||||
|
||||
difference |= -difference;
|
||||
|
||||
#if defined(_MSC_VER)
|
||||
#pragma warning( pop )
|
||||
#endif
|
||||
|
||||
/* cope with the varying size of size_t per platform */
|
||||
difference >>= ( sizeof( difference ) * 8 - 1 );
|
||||
|
||||
return (unsigned char) ( 1 ^ difference );
|
||||
}
|
||||
|
||||
/*
|
||||
* Constant flow lookup into table.
|
||||
*/
|
||||
static unsigned char mbedtls_base64_table_lookup( const unsigned char * const table,
|
||||
const size_t table_size, const size_t table_index )
|
||||
{
|
||||
size_t i;
|
||||
unsigned char result = 0;
|
||||
|
||||
for( i = 0; i < table_size; ++i )
|
||||
{
|
||||
mbedtls_base64_cond_assign_uchar( &result, &table[i], mbedtls_base64_eq( i, table_index ) );
|
||||
}
|
||||
|
||||
return result;
|
||||
}
|
||||
|
||||
/*
|
||||
* Encode a buffer into base64 format
|
||||
*/
|
||||
@@ -136,10 +229,17 @@ int mbedtls_base64_encode( unsigned char *dst, size_t dlen, size_t *olen,
|
||||
C2 = *src++;
|
||||
C3 = *src++;
|
||||
|
||||
*p++ = base64_enc_map[(C1 >> 2) & 0x3F];
|
||||
*p++ = base64_enc_map[(((C1 & 3) << 4) + (C2 >> 4)) & 0x3F];
|
||||
*p++ = base64_enc_map[(((C2 & 15) << 2) + (C3 >> 6)) & 0x3F];
|
||||
*p++ = base64_enc_map[C3 & 0x3F];
|
||||
*p++ = mbedtls_base64_table_lookup( base64_enc_map, sizeof( base64_enc_map ),
|
||||
( ( C1 >> 2 ) & 0x3F ) );
|
||||
|
||||
*p++ = mbedtls_base64_table_lookup( base64_enc_map, sizeof( base64_enc_map ),
|
||||
( ( ( ( C1 & 3 ) << 4 ) + ( C2 >> 4 ) ) & 0x3F ) );
|
||||
|
||||
*p++ = mbedtls_base64_table_lookup( base64_enc_map, sizeof( base64_enc_map ),
|
||||
( ( ( ( C2 & 15 ) << 2 ) + ( C3 >> 6 ) ) & 0x3F ) );
|
||||
|
||||
*p++ = mbedtls_base64_table_lookup( base64_enc_map, sizeof( base64_enc_map ),
|
||||
( C3 & 0x3F ) );
|
||||
}
|
||||
|
||||
if( i < slen )
|
||||
@@ -147,11 +247,15 @@ int mbedtls_base64_encode( unsigned char *dst, size_t dlen, size_t *olen,
|
||||
C1 = *src++;
|
||||
C2 = ( ( i + 1 ) < slen ) ? *src++ : 0;
|
||||
|
||||
*p++ = base64_enc_map[(C1 >> 2) & 0x3F];
|
||||
*p++ = base64_enc_map[(((C1 & 3) << 4) + (C2 >> 4)) & 0x3F];
|
||||
*p++ = mbedtls_base64_table_lookup( base64_enc_map, sizeof( base64_enc_map ),
|
||||
( ( C1 >> 2 ) & 0x3F ) );
|
||||
|
||||
*p++ = mbedtls_base64_table_lookup( base64_enc_map, sizeof( base64_enc_map ),
|
||||
( ( ( ( C1 & 3 ) << 4 ) + ( C2 >> 4 ) ) & 0x3F ) );
|
||||
|
||||
if( ( i + 1 ) < slen )
|
||||
*p++ = base64_enc_map[((C2 & 15) << 2) & 0x3F];
|
||||
*p++ = mbedtls_base64_table_lookup( base64_enc_map, sizeof( base64_enc_map ),
|
||||
( ( ( C2 & 15 ) << 2 ) & 0x3F ) );
|
||||
else *p++ = '=';
|
||||
|
||||
*p++ = '=';
|
||||
@@ -172,6 +276,7 @@ int mbedtls_base64_decode( unsigned char *dst, size_t dlen, size_t *olen,
|
||||
size_t i, n;
|
||||
uint32_t j, x;
|
||||
unsigned char *p;
|
||||
unsigned char dec_map_lookup;
|
||||
|
||||
/* First pass: check for validity and get output length */
|
||||
for( i = n = j = 0; i < slen; i++ )
|
||||
@@ -202,10 +307,12 @@ int mbedtls_base64_decode( unsigned char *dst, size_t dlen, size_t *olen,
|
||||
if( src[i] == '=' && ++j > 2 )
|
||||
return( MBEDTLS_ERR_BASE64_INVALID_CHARACTER );
|
||||
|
||||
if( src[i] > 127 || base64_dec_map[src[i]] == 127 )
|
||||
dec_map_lookup = mbedtls_base64_table_lookup( base64_dec_map, sizeof( base64_dec_map ), src[i] );
|
||||
|
||||
if( src[i] > 127 || dec_map_lookup == 127 )
|
||||
return( MBEDTLS_ERR_BASE64_INVALID_CHARACTER );
|
||||
|
||||
if( base64_dec_map[src[i]] < 64 && j != 0 )
|
||||
if( dec_map_lookup < 64 && j != 0 )
|
||||
return( MBEDTLS_ERR_BASE64_INVALID_CHARACTER );
|
||||
|
||||
n++;
|
||||
@@ -235,8 +342,10 @@ int mbedtls_base64_decode( unsigned char *dst, size_t dlen, size_t *olen,
|
||||
if( *src == '\r' || *src == '\n' || *src == ' ' )
|
||||
continue;
|
||||
|
||||
j -= ( base64_dec_map[*src] == 64 );
|
||||
x = ( x << 6 ) | ( base64_dec_map[*src] & 0x3F );
|
||||
dec_map_lookup = mbedtls_base64_table_lookup( base64_dec_map, sizeof( base64_dec_map ), *src );
|
||||
|
||||
mbedtls_base64_cond_assign_uint32( &j, j - 1, mbedtls_base64_eq( dec_map_lookup, 64 ) );
|
||||
x = ( x << 6 ) | ( dec_map_lookup & 0x3F );
|
||||
|
||||
if( ++n == 4 )
|
||||
{
|
||||
|
||||
32
externals/mbedtls/library/bignum.c
vendored
32
externals/mbedtls/library/bignum.c
vendored
@@ -500,6 +500,7 @@ int mbedtls_mpi_read_string( mbedtls_mpi *X, int radix, const char *s )
|
||||
{
|
||||
int ret;
|
||||
size_t i, j, slen, n;
|
||||
int sign = 1;
|
||||
mbedtls_mpi_uint d;
|
||||
mbedtls_mpi T;
|
||||
MPI_VALIDATE_RET( X != NULL );
|
||||
@@ -510,6 +511,12 @@ int mbedtls_mpi_read_string( mbedtls_mpi *X, int radix, const char *s )
|
||||
|
||||
mbedtls_mpi_init( &T );
|
||||
|
||||
if( s[0] == '-' )
|
||||
{
|
||||
++s;
|
||||
sign = -1;
|
||||
}
|
||||
|
||||
slen = strlen( s );
|
||||
|
||||
if( radix == 16 )
|
||||
@@ -524,12 +531,6 @@ int mbedtls_mpi_read_string( mbedtls_mpi *X, int radix, const char *s )
|
||||
|
||||
for( i = slen, j = 0; i > 0; i--, j++ )
|
||||
{
|
||||
if( i == 1 && s[i - 1] == '-' )
|
||||
{
|
||||
X->s = -1;
|
||||
break;
|
||||
}
|
||||
|
||||
MBEDTLS_MPI_CHK( mpi_get_digit( &d, radix, s[i - 1] ) );
|
||||
X->p[j / ( 2 * ciL )] |= d << ( ( j % ( 2 * ciL ) ) << 2 );
|
||||
}
|
||||
@@ -540,26 +541,15 @@ int mbedtls_mpi_read_string( mbedtls_mpi *X, int radix, const char *s )
|
||||
|
||||
for( i = 0; i < slen; i++ )
|
||||
{
|
||||
if( i == 0 && s[i] == '-' )
|
||||
{
|
||||
X->s = -1;
|
||||
continue;
|
||||
}
|
||||
|
||||
MBEDTLS_MPI_CHK( mpi_get_digit( &d, radix, s[i] ) );
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_mul_int( &T, X, radix ) );
|
||||
|
||||
if( X->s == 1 )
|
||||
{
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( X, &T, d ) );
|
||||
}
|
||||
else
|
||||
{
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( X, &T, d ) );
|
||||
}
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( X, &T, d ) );
|
||||
}
|
||||
}
|
||||
|
||||
if( sign < 0 && mbedtls_mpi_bitlen( X ) != 0 )
|
||||
X->s = -1;
|
||||
|
||||
cleanup:
|
||||
|
||||
mbedtls_mpi_free( &T );
|
||||
|
||||
2
externals/mbedtls/library/ecp.c
vendored
2
externals/mbedtls/library/ecp.c
vendored
@@ -2505,7 +2505,7 @@ static int ecp_randomize_mxz( const mbedtls_ecp_group *grp, mbedtls_ecp_point *P
|
||||
|
||||
#if defined(MBEDTLS_ECP_RANDOMIZE_MXZ_ALT)
|
||||
if( mbedtls_internal_ecp_grp_capable( grp ) )
|
||||
return( mbedtls_internal_ecp_randomize_mxz( grp, P, f_rng, p_rng );
|
||||
return( mbedtls_internal_ecp_randomize_mxz( grp, P, f_rng, p_rng ) );
|
||||
#endif /* MBEDTLS_ECP_RANDOMIZE_MXZ_ALT */
|
||||
|
||||
p_size = ( grp->pbits + 7 ) / 8;
|
||||
|
||||
4
externals/mbedtls/library/ecp_curves.c
vendored
4
externals/mbedtls/library/ecp_curves.c
vendored
@@ -1048,13 +1048,13 @@ static inline void sub32( uint32_t *dst, uint32_t src, signed char *carry )
|
||||
|
||||
/*
|
||||
* If the result is negative, we get it in the form
|
||||
* c * 2^(bits + 32) + N, with c negative and N positive shorter than 'bits'
|
||||
* c * 2^bits + N, with c negative and N positive shorter than 'bits'
|
||||
*/
|
||||
static inline int fix_negative( mbedtls_mpi *N, signed char c, mbedtls_mpi *C, size_t bits )
|
||||
{
|
||||
int ret;
|
||||
|
||||
/* C = - c * 2^(bits + 32) */
|
||||
/* C = - c * 2^bits */
|
||||
#if !defined(MBEDTLS_HAVE_INT64)
|
||||
((void) bits);
|
||||
#else
|
||||
|
||||
18
externals/mbedtls/library/entropy.c
vendored
18
externals/mbedtls/library/entropy.c
vendored
@@ -494,14 +494,20 @@ int mbedtls_entropy_update_nv_seed( mbedtls_entropy_context *ctx )
|
||||
int mbedtls_entropy_write_seed_file( mbedtls_entropy_context *ctx, const char *path )
|
||||
{
|
||||
int ret = MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR;
|
||||
FILE *f;
|
||||
FILE *f = NULL;
|
||||
unsigned char buf[MBEDTLS_ENTROPY_BLOCK_SIZE];
|
||||
|
||||
if( ( f = fopen( path, "wb" ) ) == NULL )
|
||||
return( MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR );
|
||||
|
||||
if( ( ret = mbedtls_entropy_func( ctx, buf, MBEDTLS_ENTROPY_BLOCK_SIZE ) ) != 0 )
|
||||
{
|
||||
ret = MBEDTLS_ERR_ENTROPY_SOURCE_FAILED;
|
||||
goto exit;
|
||||
}
|
||||
|
||||
if( ( f = fopen( path, "wb" ) ) == NULL )
|
||||
{
|
||||
ret = MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR;
|
||||
goto exit;
|
||||
}
|
||||
|
||||
if( fwrite( buf, 1, MBEDTLS_ENTROPY_BLOCK_SIZE, f ) != MBEDTLS_ENTROPY_BLOCK_SIZE )
|
||||
{
|
||||
@@ -514,7 +520,9 @@ int mbedtls_entropy_write_seed_file( mbedtls_entropy_context *ctx, const char *p
|
||||
exit:
|
||||
mbedtls_platform_zeroize( buf, sizeof( buf ) );
|
||||
|
||||
fclose( f );
|
||||
if( f != NULL )
|
||||
fclose( f );
|
||||
|
||||
return( ret );
|
||||
}
|
||||
|
||||
|
||||
2
externals/mbedtls/library/pkparse.c
vendored
2
externals/mbedtls/library/pkparse.c
vendored
@@ -1070,7 +1070,7 @@ static int pk_parse_key_pkcs8_unencrypted_der(
|
||||
return( MBEDTLS_ERR_PK_KEY_INVALID_VERSION + ret );
|
||||
|
||||
if( ( ret = pk_get_pk_alg( &p, end, &pk_alg, ¶ms ) ) != 0 )
|
||||
return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
|
||||
return( ret );
|
||||
|
||||
if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 )
|
||||
return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
|
||||
|
||||
8
externals/mbedtls/library/ssl_cli.c
vendored
8
externals/mbedtls/library/ssl_cli.c
vendored
@@ -2209,6 +2209,7 @@ static int ssl_parse_server_dh_params( mbedtls_ssl_context *ssl,
|
||||
unsigned char *end )
|
||||
{
|
||||
int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
|
||||
size_t dhm_actual_bitlen;
|
||||
|
||||
/*
|
||||
* Ephemeral DH parameters:
|
||||
@@ -2226,10 +2227,11 @@ static int ssl_parse_server_dh_params( mbedtls_ssl_context *ssl,
|
||||
return( ret );
|
||||
}
|
||||
|
||||
if( ssl->handshake->dhm_ctx.len * 8 < ssl->conf->dhm_min_bitlen )
|
||||
dhm_actual_bitlen = mbedtls_mpi_bitlen( &ssl->handshake->dhm_ctx.P );
|
||||
if( dhm_actual_bitlen < ssl->conf->dhm_min_bitlen )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "DHM prime too short: %d < %d",
|
||||
ssl->handshake->dhm_ctx.len * 8,
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "DHM prime too short: %u < %u",
|
||||
(unsigned) dhm_actual_bitlen,
|
||||
ssl->conf->dhm_min_bitlen ) );
|
||||
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user