It's 2.7.6. The 2.7.9 update will follow shortly, so I've updated the ticket.
Thanks, Thomas
On 2019-01-05 11:20, Pierre Schweitzer wrote:
Hey Thomas,
Is that an upgrade to 2.7.6 or 2.7.9? Your commit reads the first one, while Jira associated ticket reads the second one.
Cheers, Pierre
Le 05/01/2019 à 10:36, Thomas Faber a écrit :
https://git.reactos.org/?p=reactos.git;a=commitdiff;h=d9e6c9b539327f861c3068...
commit d9e6c9b539327f861c3068e89cfe80f0004ee4c5 Author: Thomas Faber thomas.faber@reactos.org AuthorDate: Wed Oct 31 16:00:34 2018 +0100 Commit: Thomas Faber thomas.faber@reactos.org CommitDate: Sat Jan 5 09:20:35 2019 +0100
[MBEDTLS] Update to version 2.7.6. CORE-15280 Note: this disables the MBEDTLS_DEPRECATED_REMOVED configuration value, because we require the now-deprecated MD5 & SHA functions for bcrypt.
dll/3rdparty/mbedtls/CMakeLists.txt | 1 + dll/3rdparty/mbedtls/aes.c | 238 ++-- dll/3rdparty/mbedtls/asn1write.c | 5 +- dll/3rdparty/mbedtls/bignum.c | 24 +- dll/3rdparty/mbedtls/ccm.c | 39 +- dll/3rdparty/mbedtls/cipher.c | 24 +- dll/3rdparty/mbedtls/cmac.c | 12 +- dll/3rdparty/mbedtls/ctr_drbg.c | 116 +- dll/3rdparty/mbedtls/debug.c | 2 +- dll/3rdparty/mbedtls/dhm.c | 62 +- dll/3rdparty/mbedtls/ecdh.c | 4 + dll/3rdparty/mbedtls/ecdsa.c | 13 + dll/3rdparty/mbedtls/ecjpake.c | 5 +- dll/3rdparty/mbedtls/ecp.c | 11 +- dll/3rdparty/mbedtls/entropy.c | 136 ++- dll/3rdparty/mbedtls/error.c | 135 ++- dll/3rdparty/mbedtls/gcm.c | 200 ++-- dll/3rdparty/mbedtls/hmac_drbg.c | 15 +- dll/3rdparty/mbedtls/md.c | 109 +- dll/3rdparty/mbedtls/md2.c | 119 +- dll/3rdparty/mbedtls/md4.c | 132 ++- dll/3rdparty/mbedtls/md5.c | 163 ++- dll/3rdparty/mbedtls/md_wrap.c | 171 +-- dll/3rdparty/mbedtls/memory_buffer_alloc.c | 31 +- dll/3rdparty/mbedtls/net_sockets.c | 18 +- dll/3rdparty/mbedtls/oid.c | 45 + dll/3rdparty/mbedtls/pem.c | 125 +- dll/3rdparty/mbedtls/pk.c | 7 +- dll/3rdparty/mbedtls/pk_wrap.c | 49 +- dll/3rdparty/mbedtls/pkcs5.c | 26 +- dll/3rdparty/mbedtls/pkparse.c | 229 +++- dll/3rdparty/mbedtls/pkwrite.c | 110 +- dll/3rdparty/mbedtls/platform.c | 15 +- dll/3rdparty/mbedtls/ripemd160.c | 157 ++- dll/3rdparty/mbedtls/rsa.c | 1244 ++++++++++++++------ dll/3rdparty/mbedtls/rsa_internal.c | 489 ++++++++ dll/3rdparty/mbedtls/sha1.c | 175 ++- dll/3rdparty/mbedtls/sha256.c | 182 ++- dll/3rdparty/mbedtls/sha512.c | 184 ++- dll/3rdparty/mbedtls/ssl_cache.c | 1 + dll/3rdparty/mbedtls/ssl_ciphersuites.c | 6 +- dll/3rdparty/mbedtls/ssl_cli.c | 301 ++--- dll/3rdparty/mbedtls/ssl_srv.c | 189 ++- dll/3rdparty/mbedtls/ssl_tls.c | 923 +++++++++++---- dll/3rdparty/mbedtls/threading.c | 12 + dll/3rdparty/mbedtls/timing.c | 131 ++- dll/3rdparty/mbedtls/version_features.c | 42 +- dll/3rdparty/mbedtls/x509.c | 23 +- dll/3rdparty/mbedtls/x509_crl.c | 65 +- dll/3rdparty/mbedtls/x509_crt.c | 114 +- dll/3rdparty/mbedtls/x509_csr.c | 29 +- dll/3rdparty/mbedtls/x509write_crt.c | 78 +- dll/3rdparty/mbedtls/x509write_csr.c | 23 +- sdk/include/reactos/libs/mbedtls/aes.h | 366 +++--- sdk/include/reactos/libs/mbedtls/aesni.h | 3 +- sdk/include/reactos/libs/mbedtls/arc4.h | 38 +- sdk/include/reactos/libs/mbedtls/asn1.h | 20 +- sdk/include/reactos/libs/mbedtls/asn1write.h | 3 +- sdk/include/reactos/libs/mbedtls/base64.h | 3 +- sdk/include/reactos/libs/mbedtls/bignum.h | 11 +- sdk/include/reactos/libs/mbedtls/blowfish.h | 4 +- sdk/include/reactos/libs/mbedtls/bn_mul.h | 20 +- sdk/include/reactos/libs/mbedtls/camellia.h | 4 +- sdk/include/reactos/libs/mbedtls/ccm.h | 153 ++- sdk/include/reactos/libs/mbedtls/certs.h | 3 +- sdk/include/reactos/libs/mbedtls/check_config.h | 7 +- sdk/include/reactos/libs/mbedtls/cipher.h | 561 +++++---- sdk/include/reactos/libs/mbedtls/cipher_internal.h | 3 +- sdk/include/reactos/libs/mbedtls/cmac.h | 184 +-- sdk/include/reactos/libs/mbedtls/compat-1.3.h | 3 +- sdk/include/reactos/libs/mbedtls/config.h | 141 ++- sdk/include/reactos/libs/mbedtls/ctr_drbg.h | 254 ++-- sdk/include/reactos/libs/mbedtls/debug.h | 3 +- sdk/include/reactos/libs/mbedtls/des.h | 51 + sdk/include/reactos/libs/mbedtls/dhm.h | 1114 +++++++++++++++--- sdk/include/reactos/libs/mbedtls/ecdh.h | 239 ++-- sdk/include/reactos/libs/mbedtls/ecdsa.h | 286 +++-- sdk/include/reactos/libs/mbedtls/ecjpake.h | 21 +- sdk/include/reactos/libs/mbedtls/ecp.h | 6 +- sdk/include/reactos/libs/mbedtls/ecp_internal.h | 5 +- sdk/include/reactos/libs/mbedtls/entropy.h | 4 +- sdk/include/reactos/libs/mbedtls/entropy_poll.h | 3 +- sdk/include/reactos/libs/mbedtls/error.h | 40 +- sdk/include/reactos/libs/mbedtls/gcm.h | 241 ++-- sdk/include/reactos/libs/mbedtls/havege.h | 3 +- sdk/include/reactos/libs/mbedtls/hmac_drbg.h | 5 +- sdk/include/reactos/libs/mbedtls/md.h | 371 +++--- sdk/include/reactos/libs/mbedtls/md2.h | 191 ++- sdk/include/reactos/libs/mbedtls/md4.h | 196 ++- sdk/include/reactos/libs/mbedtls/md5.h | 194 ++- sdk/include/reactos/libs/mbedtls/md_internal.h | 15 +- .../reactos/libs/mbedtls/memory_buffer_alloc.h | 3 +- sdk/include/reactos/libs/mbedtls/net.h | 9 +- sdk/include/reactos/libs/mbedtls/net_sockets.h | 8 +- sdk/include/reactos/libs/mbedtls/oid.h | 21 +- sdk/include/reactos/libs/mbedtls/padlock.h | 3 +- sdk/include/reactos/libs/mbedtls/pem.h | 3 +- sdk/include/reactos/libs/mbedtls/pk.h | 16 +- sdk/include/reactos/libs/mbedtls/pk_internal.h | 5 +- sdk/include/reactos/libs/mbedtls/pkcs11.h | 3 +- sdk/include/reactos/libs/mbedtls/pkcs12.h | 3 +- sdk/include/reactos/libs/mbedtls/pkcs5.h | 3 +- sdk/include/reactos/libs/mbedtls/platform.h | 111 +- sdk/include/reactos/libs/mbedtls/platform_time.h | 3 +- sdk/include/reactos/libs/mbedtls/ripemd160.h | 125 +- sdk/include/reactos/libs/mbedtls/rsa.h | 1166 ++++++++++++------ sdk/include/reactos/libs/mbedtls/rsa_internal.h | 228 ++++ sdk/include/reactos/libs/mbedtls/sha1.h | 248 +++- sdk/include/reactos/libs/mbedtls/sha256.h | 215 +++- sdk/include/reactos/libs/mbedtls/sha512.h | 221 +++- sdk/include/reactos/libs/mbedtls/ssl.h | 117 +- sdk/include/reactos/libs/mbedtls/ssl_cache.h | 3 +- .../reactos/libs/mbedtls/ssl_ciphersuites.h | 5 +- sdk/include/reactos/libs/mbedtls/ssl_cookie.h | 3 +- sdk/include/reactos/libs/mbedtls/ssl_internal.h | 70 +- sdk/include/reactos/libs/mbedtls/ssl_ticket.h | 3 +- sdk/include/reactos/libs/mbedtls/threading.h | 7 +- sdk/include/reactos/libs/mbedtls/timing.h | 30 +- sdk/include/reactos/libs/mbedtls/version.h | 13 +- sdk/include/reactos/libs/mbedtls/x509.h | 3 +- sdk/include/reactos/libs/mbedtls/x509_crl.h | 3 +- sdk/include/reactos/libs/mbedtls/x509_crt.h | 31 +- sdk/include/reactos/libs/mbedtls/x509_csr.h | 3 +- sdk/include/reactos/libs/mbedtls/xtea.h | 4 +- 124 files changed, 10395 insertions(+), 3822 deletions(-)
diff --git a/dll/3rdparty/mbedtls/CMakeLists.txt b/dll/3rdparty/mbedtls/CMakeLists.txt index 0fbb59bbf4..7a5210bdef 100644 --- a/dll/3rdparty/mbedtls/CMakeLists.txt +++ b/dll/3rdparty/mbedtls/CMakeLists.txt @@ -54,6 +54,7 @@ list(APPEND SOURCE platform.c ripemd160.c rsa.c
- rsa_internal.c sha1.c sha256.c sha512.c
diff --git a/dll/3rdparty/mbedtls/aes.c b/dll/3rdparty/mbedtls/aes.c index dadfbe3c68..fed58bbc01 100644 --- a/dll/3rdparty/mbedtls/aes.c +++ b/dll/3rdparty/mbedtls/aes.c @@ -767,12 +767,14 @@ int mbedtls_internal_aes_encrypt( mbedtls_aes_context *ctx, } #endif /* !MBEDTLS_AES_ENCRYPT_ALT */
+#if !defined(MBEDTLS_DEPRECATED_REMOVED) void mbedtls_aes_encrypt( mbedtls_aes_context *ctx, const unsigned char input[16], unsigned char output[16] ) { mbedtls_internal_aes_encrypt( ctx, input, output ); } +#endif /* !MBEDTLS_DEPRECATED_REMOVED */
/*
- AES-ECB block decryption
@@ -833,12 +835,14 @@ int mbedtls_internal_aes_decrypt( mbedtls_aes_context *ctx, } #endif /* !MBEDTLS_AES_DECRYPT_ALT */
+#if !defined(MBEDTLS_DEPRECATED_REMOVED) void mbedtls_aes_decrypt( mbedtls_aes_context *ctx, const unsigned char input[16], unsigned char output[16] ) { mbedtls_internal_aes_decrypt( ctx, input, output ); } +#endif /* !MBEDTLS_DEPRECATED_REMOVED */
/*
- AES-ECB block encryption/decryption
@@ -1237,9 +1241,11 @@ static const int aes_test_ctr_len[3] = */ int mbedtls_aes_self_test( int verbose ) {
- int ret = 0, i, j, u, v;
- int ret = 0, i, j, u, mode;
- unsigned int keybits; unsigned char key[32]; unsigned char buf[64];
- const unsigned char *aes_tests; #if defined(MBEDTLS_CIPHER_MODE_CBC) || defined(MBEDTLS_CIPHER_MODE_CFB) unsigned char iv[16]; #endif
@@ -1265,45 +1271,52 @@ int mbedtls_aes_self_test( int verbose ) for( i = 0; i < 6; i++ ) { u = i >> 1;
v = i & 1;
keybits = 128 + u * 64;mode = i & 1; if( verbose != 0 )
mbedtls_printf( " AES-ECB-%3d (%s): ", 128 + u * 64,( v == MBEDTLS_AES_DECRYPT ) ? "dec" : "enc" );
mbedtls_printf( " AES-ECB-%3d (%s): ", keybits,( mode == MBEDTLS_AES_DECRYPT ) ? "dec" : "enc" ); memset( buf, 0, 16 );
if( v == MBEDTLS_AES_DECRYPT )
if( mode == MBEDTLS_AES_DECRYPT ) {
mbedtls_aes_setkey_dec( &ctx, key, 128 + u * 64 );for( j = 0; j < 10000; j++ )mbedtls_aes_crypt_ecb( &ctx, v, buf, buf );if( memcmp( buf, aes_test_ecb_dec[u], 16 ) != 0 ){if( verbose != 0 )mbedtls_printf( "failed\n" );ret = 1;goto exit;}
ret = mbedtls_aes_setkey_dec( &ctx, key, keybits );aes_tests = aes_test_ecb_dec[u]; } else {
mbedtls_aes_setkey_enc( &ctx, key, 128 + u * 64 );for( j = 0; j < 10000; j++ )mbedtls_aes_crypt_ecb( &ctx, v, buf, buf );
ret = mbedtls_aes_setkey_enc( &ctx, key, keybits );aes_tests = aes_test_ecb_enc[u];}
if( memcmp( buf, aes_test_ecb_enc[u], 16 ) != 0 ){if( verbose != 0 )mbedtls_printf( "failed\n" );
/** AES-192 is an optional feature that may be unavailable when* there is an alternative underlying implementation i.e. when* MBEDTLS_AES_ALT is defined.*/if( ret == MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE && keybits == 192 ){mbedtls_printf( "skipped\n" );continue;}else if( ret != 0 ){goto exit;}
ret = 1;
for( j = 0; j < 10000; j++ ){ret = mbedtls_aes_crypt_ecb( &ctx, mode, buf, buf );if( ret != 0 ) goto exit;
}
}if( memcmp( buf, aes_tests, 16 ) != 0 ){ret = 1;goto exit; } if( verbose != 0 )@@ -1320,55 +1333,64 @@ int mbedtls_aes_self_test( int verbose ) for( i = 0; i < 6; i++ ) { u = i >> 1;
v = i & 1;
keybits = 128 + u * 64;mode = i & 1; if( verbose != 0 )
mbedtls_printf( " AES-CBC-%3d (%s): ", 128 + u * 64,( v == MBEDTLS_AES_DECRYPT ) ? "dec" : "enc" );
mbedtls_printf( " AES-CBC-%3d (%s): ", keybits,( mode == MBEDTLS_AES_DECRYPT ) ? "dec" : "enc" ); memset( iv , 0, 16 ); memset( prv, 0, 16 ); memset( buf, 0, 16 );
if( v == MBEDTLS_AES_DECRYPT )
if( mode == MBEDTLS_AES_DECRYPT ) {
mbedtls_aes_setkey_dec( &ctx, key, 128 + u * 64 );for( j = 0; j < 10000; j++ )mbedtls_aes_crypt_cbc( &ctx, v, 16, iv, buf, buf );if( memcmp( buf, aes_test_cbc_dec[u], 16 ) != 0 ){if( verbose != 0 )mbedtls_printf( "failed\n" );ret = 1;goto exit;}
ret = mbedtls_aes_setkey_dec( &ctx, key, keybits );aes_tests = aes_test_cbc_dec[u]; } else {
mbedtls_aes_setkey_enc( &ctx, key, 128 + u * 64 );
ret = mbedtls_aes_setkey_enc( &ctx, key, keybits );aes_tests = aes_test_cbc_enc[u];}/** AES-192 is an optional feature that may be unavailable when* there is an alternative underlying implementation i.e. when* MBEDTLS_AES_ALT is defined.*/if( ret == MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE && keybits == 192 ){mbedtls_printf( "skipped\n" );continue;}else if( ret != 0 ){goto exit;}
for( j = 0; j < 10000; j++ )
for( j = 0; j < 10000; j++ ){if( mode == MBEDTLS_AES_ENCRYPT ) { unsigned char tmp[16];
mbedtls_aes_crypt_cbc( &ctx, v, 16, iv, buf, buf );memcpy( tmp, prv, 16 ); memcpy( prv, buf, 16 ); memcpy( buf, tmp, 16 ); }if( memcmp( prv, aes_test_cbc_enc[u], 16 ) != 0 ){if( verbose != 0 )mbedtls_printf( "failed\n" );ret = 1;
ret = mbedtls_aes_crypt_cbc( &ctx, mode, 16, iv, buf, buf );if( ret != 0 ) goto exit;
}
}if( memcmp( buf, aes_tests, 16 ) != 0 ){ret = 1;goto exit; } if( verbose != 0 )@@ -1386,45 +1408,52 @@ int mbedtls_aes_self_test( int verbose ) for( i = 0; i < 6; i++ ) { u = i >> 1;
v = i & 1;
keybits = 128 + u * 64;mode = i & 1; if( verbose != 0 )
mbedtls_printf( " AES-CFB128-%3d (%s): ", 128 + u * 64,( v == MBEDTLS_AES_DECRYPT ) ? "dec" : "enc" );
mbedtls_printf( " AES-CFB128-%3d (%s): ", keybits,( mode == MBEDTLS_AES_DECRYPT ) ? "dec" : "enc" ); memcpy( iv, aes_test_cfb128_iv, 16 );
memcpy( key, aes_test_cfb128_key[u], 16 + u * 8 );
memcpy( key, aes_test_cfb128_key[u], keybits / 8 ); offset = 0;
mbedtls_aes_setkey_enc( &ctx, key, 128 + u * 64 );
ret = mbedtls_aes_setkey_enc( &ctx, key, keybits );/** AES-192 is an optional feature that may be unavailable when* there is an alternative underlying implementation i.e. when* MBEDTLS_AES_ALT is defined.*/if( ret == MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE && keybits == 192 ){mbedtls_printf( "skipped\n" );continue;}else if( ret != 0 ){goto exit;}
if( v == MBEDTLS_AES_DECRYPT )
if( mode == MBEDTLS_AES_DECRYPT ) { memcpy( buf, aes_test_cfb128_ct[u], 64 );
mbedtls_aes_crypt_cfb128( &ctx, v, 64, &offset, iv, buf, buf );if( memcmp( buf, aes_test_cfb128_pt, 64 ) != 0 ){if( verbose != 0 )mbedtls_printf( "failed\n" );ret = 1;goto exit;}
aes_tests = aes_test_cfb128_pt; } else { memcpy( buf, aes_test_cfb128_pt, 64 );
mbedtls_aes_crypt_cfb128( &ctx, v, 64, &offset, iv, buf, buf );
aes_tests = aes_test_cfb128_ct[u];}
if( memcmp( buf, aes_test_cfb128_ct[u], 64 ) != 0 ){if( verbose != 0 )mbedtls_printf( "failed\n" );
ret = mbedtls_aes_crypt_cfb128( &ctx, mode, 64, &offset, iv, buf, buf );if( ret != 0 )goto exit;
ret = 1;goto exit;}
if( memcmp( buf, aes_tests, 64 ) != 0 ){ret = 1;goto exit; } if( verbose != 0 )@@ -1442,51 +1471,41 @@ int mbedtls_aes_self_test( int verbose ) for( i = 0; i < 6; i++ ) { u = i >> 1;
v = i & 1;
mode = i & 1; if( verbose != 0 ) mbedtls_printf( " AES-CTR-128 (%s): ",
( v == MBEDTLS_AES_DECRYPT ) ? "dec" : "enc" );
( mode == MBEDTLS_AES_DECRYPT ) ? "dec" : "enc" ); memcpy( nonce_counter, aes_test_ctr_nonce_counter[u], 16 ); memcpy( key, aes_test_ctr_key[u], 16 ); offset = 0;
mbedtls_aes_setkey_enc( &ctx, key, 128 );
if( ( ret = mbedtls_aes_setkey_enc( &ctx, key, 128 ) ) != 0 )goto exit;len = aes_test_ctr_len[u];
if( v == MBEDTLS_AES_DECRYPT )
if( mode == MBEDTLS_AES_DECRYPT ) {
len = aes_test_ctr_len[u]; memcpy( buf, aes_test_ctr_ct[u], len );mbedtls_aes_crypt_ctr( &ctx, len, &offset, nonce_counter, stream_block,buf, buf );if( memcmp( buf, aes_test_ctr_pt[u], len ) != 0 ){if( verbose != 0 )mbedtls_printf( "failed\n" );ret = 1;goto exit;}
aes_tests = aes_test_ctr_pt[u]; } else {
len = aes_test_ctr_len[u]; memcpy( buf, aes_test_ctr_pt[u], len );
aes_tests = aes_test_ctr_ct[u];}
mbedtls_aes_crypt_ctr( &ctx, len, &offset, nonce_counter, stream_block,buf, buf );if( memcmp( buf, aes_test_ctr_ct[u], len ) != 0 ){if( verbose != 0 )mbedtls_printf( "failed\n" );
ret = mbedtls_aes_crypt_ctr( &ctx, len, &offset, nonce_counter,stream_block, buf, buf );if( ret != 0 )goto exit;
ret = 1;goto exit;}
if( memcmp( buf, aes_tests, len ) != 0 ){ret = 1;goto exit; } if( verbose != 0 )@@ -1500,6 +1519,9 @@ int mbedtls_aes_self_test( int verbose ) ret = 0;
exit:
if( ret != 0 && verbose != 0 )
mbedtls_printf( "failed\n" );mbedtls_aes_free( &ctx ); return( ret );diff --git a/dll/3rdparty/mbedtls/asn1write.c b/dll/3rdparty/mbedtls/asn1write.c index ba31c05909..00b5e7ad4f 100644 --- a/dll/3rdparty/mbedtls/asn1write.c +++ b/dll/3rdparty/mbedtls/asn1write.c @@ -85,7 +85,9 @@ int mbedtls_asn1_write_len( unsigned char **p, unsigned char *start, size_t len return( 4 ); }
+#if SIZE_MAX > 0xFFFFFFFF if( len <= 0xFFFFFFFF ) +#endif { if( *p - start < 5 ) return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL ); @@ -98,7 +100,9 @@ int mbedtls_asn1_write_len( unsigned char **p, unsigned char *start, size_t len return( 5 ); }
+#if SIZE_MAX > 0xFFFFFFFF return( MBEDTLS_ERR_ASN1_INVALID_LENGTH ); +#endif }
int mbedtls_asn1_write_tag( unsigned char **p, unsigned char *start, unsigned char tag ) @@ -234,7 +238,6 @@ int mbedtls_asn1_write_int( unsigned char **p, unsigned char *start, int val ) int ret; size_t len = 0;
- // TODO negative values and values larger than 128 // DER format assumes 2s complement for numbers, so the leftmost bit // should be 0 for positive numbers and 1 for negative numbers. //
diff --git a/dll/3rdparty/mbedtls/bignum.c b/dll/3rdparty/mbedtls/bignum.c index ab510e2df5..49441d19b8 100644 --- a/dll/3rdparty/mbedtls/bignum.c +++ b/dll/3rdparty/mbedtls/bignum.c @@ -65,6 +65,11 @@ static void mbedtls_mpi_zeroize( mbedtls_mpi_uint *v, size_t n ) { volatile mbedtls_mpi_uint *p = v; while( n-- ) *p++ = 0; }
+/* Implementation that should never be optimized out by the compiler */ +static void mbedtls_zeroize( void *v, size_t n ) {
- volatile unsigned char *p = v; while( n-- ) *p++ = 0;
+}
- #define ciL (sizeof(mbedtls_mpi_uint)) /* chars in limb */ #define biL (ciL << 3) /* bits in limb */ #define biH (ciL << 2) /* half limb size */
@@ -674,16 +679,20 @@ cleanup: int mbedtls_mpi_read_binary( mbedtls_mpi *X, const unsigned char *buf, size_t buflen ) { int ret;
- size_t i, j, n;
- size_t i, j;
- size_t const limbs = CHARS_TO_LIMBS( buflen );
- for( n = 0; n < buflen; n++ )
if( buf[n] != 0 )break;
- /* Ensure that target MPI has exactly the necessary number of limbs */
- if( X->n != limbs )
- {
mbedtls_mpi_free( X );mbedtls_mpi_init( X );MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, limbs ) );- }
MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, CHARS_TO_LIMBS( buflen - n ) ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_lset( X, 0 ) );
for( i = buflen, j = 0; i > n; i--, j++ )
for( i = buflen, j = 0; i > 0; i--, j++ ) X->p[j / ciL] |= ((mbedtls_mpi_uint) buf[i - 1]) << ((j % ciL) << 3);
cleanup:
@@ -1616,7 +1625,7 @@ int mbedtls_mpi_exp_mod( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi mbedtls_mpi RR, T, W[ 2 << MBEDTLS_MPI_WINDOW_SIZE ], Apos; int neg;
- if( mbedtls_mpi_cmp_int( N, 0 ) < 0 || ( N->p[0] & 1 ) == 0 )
if( mbedtls_mpi_cmp_int( N, 0 ) <= 0 || ( N->p[0] & 1 ) == 0 ) return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
if( mbedtls_mpi_cmp_int( E, 0 ) < 0 )
@@ -1884,6 +1893,7 @@ int mbedtls_mpi_fill_random( mbedtls_mpi *X, size_t size, MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( X, buf, size ) );
cleanup:
- mbedtls_zeroize( buf, sizeof( buf ) ); return( ret ); }
diff --git a/dll/3rdparty/mbedtls/ccm.c b/dll/3rdparty/mbedtls/ccm.c index b974aec829..07c1ab7029 100644 --- a/dll/3rdparty/mbedtls/ccm.c +++ b/dll/3rdparty/mbedtls/ccm.c @@ -51,6 +51,8 @@ #endif /* MBEDTLS_PLATFORM_C */ #endif /* MBEDTLS_SELF_TEST && MBEDTLS_AES_C */
+#if !defined(MBEDTLS_CCM_ALT)
- /* Implementation that should never be optimized out by the compiler */ static void mbedtls_zeroize( void *v, size_t n ) { volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0;
@@ -350,6 +352,7 @@ int mbedtls_ccm_auth_decrypt( mbedtls_ccm_context *ctx, size_t length, return( 0 ); }
+#endif /* !MBEDTLS_CCM_ALT */
#if defined(MBEDTLS_SELF_TEST) && defined(MBEDTLS_AES_C) /* @@ -357,7 +360,8 @@ int mbedtls_ccm_auth_decrypt( mbedtls_ccm_context *ctx, size_t length, */
#define NB_TESTS 3
+#define CCM_SELFTEST_PT_MAX_LEN 24 +#define CCM_SELFTEST_CT_MAX_LEN 32 /*
- The data is the same for all tests, only the used length changes
*/ @@ -377,7 +381,7 @@ static const unsigned char ad[] = { 0x10, 0x11, 0x12, 0x13 };
-static const unsigned char msg[] = { +static const unsigned char msg[CCM_SELFTEST_PT_MAX_LEN] = { 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, @@ -388,7 +392,7 @@ static const size_t add_len[NB_TESTS] = { 8, 16, 20 }; static const size_t msg_len[NB_TESTS] = { 4, 16, 24 }; static const size_t tag_len[NB_TESTS] = { 4, 6, 8 };
-static const unsigned char res[NB_TESTS][32] = { +static const unsigned char res[NB_TESTS][CCM_SELFTEST_CT_MAX_LEN] = { { 0x71, 0x62, 0x01, 0x5b, 0x4d, 0xac, 0x25, 0x5d }, { 0xd2, 0xa1, 0xf0, 0xe0, 0x51, 0xea, 0x5f, 0x62, 0x08, 0x1a, 0x77, 0x92, 0x07, 0x3d, 0x59, 0x3d, @@ -402,7 +406,13 @@ static const unsigned char res[NB_TESTS][32] = { int mbedtls_ccm_self_test( int verbose ) { mbedtls_ccm_context ctx;
- unsigned char out[32];
- /*
* Some hardware accelerators require the input and output buffers* would be in RAM, because the flash is not accessible.* Use buffers on the stack to hold the test vectors data.*/- unsigned char plaintext[CCM_SELFTEST_PT_MAX_LEN];
- unsigned char ciphertext[CCM_SELFTEST_CT_MAX_LEN]; size_t i; int ret;
@@ -421,27 +431,32 @@ int mbedtls_ccm_self_test( int verbose ) if( verbose != 0 ) mbedtls_printf( " CCM-AES #%u: ", (unsigned int) i + 1 );
memset( plaintext, 0, CCM_SELFTEST_PT_MAX_LEN );memset( ciphertext, 0, CCM_SELFTEST_CT_MAX_LEN );memcpy( plaintext, msg, msg_len[i] );ret = mbedtls_ccm_encrypt_and_tag( &ctx, msg_len[i],
iv, iv_len[i], ad, add_len[i],msg, out,out + msg_len[i], tag_len[i] );
iv, iv_len[i], ad, add_len[i],plaintext, ciphertext,ciphertext + msg_len[i], tag_len[i] ); if( ret != 0 ||
memcmp( out, res[i], msg_len[i] + tag_len[i] ) != 0 )
memcmp( ciphertext, res[i], msg_len[i] + tag_len[i] ) != 0 ) { if( verbose != 0 ) mbedtls_printf( "failed\n" ); return( 1 ); }memset( plaintext, 0, CCM_SELFTEST_PT_MAX_LEN ); ret = mbedtls_ccm_auth_decrypt( &ctx, msg_len[i],
iv, iv_len[i], ad, add_len[i],res[i], out,res[i] + msg_len[i], tag_len[i] );
iv, iv_len[i], ad, add_len[i],ciphertext, plaintext,ciphertext + msg_len[i], tag_len[i] ); if( ret != 0 ||
memcmp( out, msg, msg_len[i] ) != 0 )
memcmp( plaintext, msg, msg_len[i] ) != 0 ) { if( verbose != 0 ) mbedtls_printf( "failed\n" );diff --git a/dll/3rdparty/mbedtls/cipher.c b/dll/3rdparty/mbedtls/cipher.c index ff6f3cadeb..e36445f975 100644 --- a/dll/3rdparty/mbedtls/cipher.c +++ b/dll/3rdparty/mbedtls/cipher.c @@ -58,10 +58,6 @@ #define mbedtls_free free #endif
-#if defined(MBEDTLS_ARC4_C) || defined(MBEDTLS_CIPHER_NULL_CIPHER) -#define MBEDTLS_CIPHER_MODE_STREAM -#endif
- /* Implementation that should never be optimized out by the compiler */ static void mbedtls_zeroize( void *v, size_t n ) { volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0;
@@ -327,8 +323,10 @@ int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx, const unsigned char *i /* * If there is not enough data for a full block, cache it. */
if( ( ctx->operation == MBEDTLS_DECRYPT &&
if( ( ctx->operation == MBEDTLS_DECRYPT && NULL != ctx->add_padding && ilen <= block_size - ctx->unprocessed_len ) ||( ctx->operation == MBEDTLS_DECRYPT && NULL == ctx->add_padding &&ilen < block_size - ctx->unprocessed_len ) || ( ctx->operation == MBEDTLS_ENCRYPT && ilen < block_size - ctx->unprocessed_len ) ) {@@ -374,9 +372,17 @@ int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx, const unsigned char *i return MBEDTLS_ERR_CIPHER_INVALID_CONTEXT; }
/* Encryption: only cache partial blocks* Decryption w/ padding: always keep at least one whole block* Decryption w/o padding: only cache partial blocks*/ copy_len = ilen % block_size;
if( copy_len == 0 && ctx->operation == MBEDTLS_DECRYPT )
if( copy_len == 0 &&ctx->operation == MBEDTLS_DECRYPT &&NULL != ctx->add_padding){ copy_len = block_size;} memcpy( ctx->unprocessed_data, &( input[ilen - copy_len] ), copy_len );@@ -518,14 +524,14 @@ static int get_one_and_zeros_padding( unsigned char *input, size_t input_len, if( NULL == input || NULL == data_len ) return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
- bad = 0xFF;
- bad = 0x80; *data_len = 0; for( i = input_len; i > 0; i-- ) { prev_done = done;
done |= ( input[i-1] != 0 );
done |= ( input[i - 1] != 0 ); *data_len |= ( i - 1 ) * ( done != prev_done );
bad &= ( input[i-1] ^ 0x80 ) | ( done == prev_done );
bad ^= input[i - 1] * ( done != prev_done ); } return( MBEDTLS_ERR_CIPHER_INVALID_PADDING * ( bad != 0 ) );diff --git a/dll/3rdparty/mbedtls/cmac.c b/dll/3rdparty/mbedtls/cmac.c index c72c58f009..0809e2fef2 100644 --- a/dll/3rdparty/mbedtls/cmac.c +++ b/dll/3rdparty/mbedtls/cmac.c @@ -67,6 +67,8 @@ #endif /* MBEDTLS_SELF_TEST */ #endif /* MBEDTLS_PLATFORM_C */
+#if !defined(MBEDTLS_CMAC_ALT) || defined(MBEDTLS_SELF_TEST)
- /* Implementation that should never be optimized out by the compiler */ static void mbedtls_zeroize( void *v, size_t n ) { volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0;
@@ -166,7 +168,9 @@ exit:
return( ret );} +#endif /* !defined(MBEDTLS_CMAC_ALT) || defined(MBEDTLS_SELF_TEST) */
+#if !defined(MBEDTLS_CMAC_ALT) static void cmac_xor_block( unsigned char *output, const unsigned char *input1, const unsigned char *input2, const size_t block_size ) @@ -470,6 +474,8 @@ exit: } #endif /* MBEDTLS_AES_C */
+#endif /* !MBEDTLS_CMAC_ALT */
- #if defined(MBEDTLS_SELF_TEST) /*
- CMAC test data for SP800-38B
@@ -767,7 +773,7 @@ static int cmac_test_subkeys( int verbose, int block_size, int num_tests ) {
- int i, ret;
- int i, ret = 0; mbedtls_cipher_context_t ctx; const mbedtls_cipher_info_t *cipher_info; unsigned char K1[MBEDTLS_CIPHER_BLKSIZE_MAX];
@@ -828,6 +834,7 @@ static int cmac_test_subkeys( int verbose, mbedtls_cipher_free( &ctx ); }
ret = 0; goto exit;
cleanup:
@@ -849,7 +856,7 @@ static int cmac_test_wth_cipher( int verbose, int num_tests ) { const mbedtls_cipher_info_t *cipher_info;
- int i, ret;
int i, ret = 0; unsigned char output[MBEDTLS_CIPHER_BLKSIZE_MAX];
cipher_info = mbedtls_cipher_info_from_type( cipher_type );
@@ -883,6 +890,7 @@ static int cmac_test_wth_cipher( int verbose, if( verbose != 0 ) mbedtls_printf( "passed\n" ); }
ret = 0;
exit: return( ret );
diff --git a/dll/3rdparty/mbedtls/ctr_drbg.c b/dll/3rdparty/mbedtls/ctr_drbg.c index e032d58d22..7994b53383 100644 --- a/dll/3rdparty/mbedtls/ctr_drbg.c +++ b/dll/3rdparty/mbedtls/ctr_drbg.c @@ -21,7 +21,7 @@
- This file is part of mbed TLS (https://tls.mbed.org)
*/ /*
- The NIST SP 800-90 DRBGs are described in the following publucation.
*/
- The NIST SP 800-90 DRBGs are described in the following publication.
- http://csrc.nist.gov/publications/nistpubs/800-90/SP800-90revised_March2007....
@@ -96,11 +96,15 @@ int mbedtls_ctr_drbg_seed_entropy_len( /* * Initialize with an empty key */
- mbedtls_aes_setkey_enc( &ctx->aes_ctx, key, MBEDTLS_CTR_DRBG_KEYBITS );
if( ( ret = mbedtls_aes_setkey_enc( &ctx->aes_ctx, key, MBEDTLS_CTR_DRBG_KEYBITS ) ) != 0 )
{
return( ret );}
if( ( ret = mbedtls_ctr_drbg_reseed( ctx, custom, len ) ) != 0 )
{ return( ret );
- } return( 0 ); }
@@ -150,6 +154,7 @@ static int block_cipher_df( unsigned char *output, unsigned char chain[MBEDTLS_CTR_DRBG_BLOCKSIZE]; unsigned char *p, *iv; mbedtls_aes_context aes_ctx;
int ret = 0;
int i, j; size_t buf_len, use_len;
@@ -182,7 +187,10 @@ static int block_cipher_df( unsigned char *output, for( i = 0; i < MBEDTLS_CTR_DRBG_KEYSIZE; i++ ) key[i] = i;
- mbedtls_aes_setkey_enc( &aes_ctx, key, MBEDTLS_CTR_DRBG_KEYBITS );
if( ( ret = mbedtls_aes_setkey_enc( &aes_ctx, key, MBEDTLS_CTR_DRBG_KEYBITS ) ) != 0 )
{
goto exit;}
/*
- Reduce data to MBEDTLS_CTR_DRBG_SEEDLEN bytes of data
@@ -201,7 +209,10 @@ static int block_cipher_df( unsigned char *output, use_len -= ( use_len >= MBEDTLS_CTR_DRBG_BLOCKSIZE ) ? MBEDTLS_CTR_DRBG_BLOCKSIZE : use_len;
mbedtls_aes_crypt_ecb( &aes_ctx, MBEDTLS_AES_ENCRYPT, chain, chain );
if( ( ret = mbedtls_aes_crypt_ecb( &aes_ctx, MBEDTLS_AES_ENCRYPT, chain, chain ) ) != 0 ){goto exit;} } memcpy( tmp + j, chain, MBEDTLS_CTR_DRBG_BLOCKSIZE );@@ -215,20 +226,40 @@ static int block_cipher_df( unsigned char *output, /* * Do final encryption with reduced data */
- mbedtls_aes_setkey_enc( &aes_ctx, tmp, MBEDTLS_CTR_DRBG_KEYBITS );
if( ( ret = mbedtls_aes_setkey_enc( &aes_ctx, tmp, MBEDTLS_CTR_DRBG_KEYBITS ) ) != 0 )
{
goto exit;} iv = tmp + MBEDTLS_CTR_DRBG_KEYSIZE; p = output;
for( j = 0; j < MBEDTLS_CTR_DRBG_SEEDLEN; j += MBEDTLS_CTR_DRBG_BLOCKSIZE ) {
mbedtls_aes_crypt_ecb( &aes_ctx, MBEDTLS_AES_ENCRYPT, iv, iv );
if( ( ret = mbedtls_aes_crypt_ecb( &aes_ctx, MBEDTLS_AES_ENCRYPT, iv, iv ) ) != 0 ){goto exit;} memcpy( p, iv, MBEDTLS_CTR_DRBG_BLOCKSIZE ); p += MBEDTLS_CTR_DRBG_BLOCKSIZE; }
+exit: mbedtls_aes_free( &aes_ctx );
- /*
- tidy up the stack
- */
- mbedtls_zeroize( buf, sizeof( buf ) );
- mbedtls_zeroize( tmp, sizeof( tmp ) );
- mbedtls_zeroize( key, sizeof( key ) );
- mbedtls_zeroize( chain, sizeof( chain ) );
- if( 0 != ret )
- {
/** wipe partial seed from memory*/mbedtls_zeroize( output, MBEDTLS_CTR_DRBG_SEEDLEN );- }
- return( 0 );
return( ret ); }
static int ctr_drbg_update_internal( mbedtls_ctr_drbg_context *ctx,
@@ -237,6 +268,7 @@ static int ctr_drbg_update_internal( mbedtls_ctr_drbg_context *ctx, unsigned char tmp[MBEDTLS_CTR_DRBG_SEEDLEN]; unsigned char *p = tmp; int i, j;
int ret = 0;
memset( tmp, 0, MBEDTLS_CTR_DRBG_SEEDLEN );
@@ -252,7 +284,10 @@ static int ctr_drbg_update_internal( mbedtls_ctr_drbg_context *ctx, /* * Crypt counter block */
mbedtls_aes_crypt_ecb( &ctx->aes_ctx, MBEDTLS_AES_ENCRYPT, ctx->counter, p );
if( ( ret = mbedtls_aes_crypt_ecb( &ctx->aes_ctx, MBEDTLS_AES_ENCRYPT, ctx->counter, p ) ) != 0 ){return( ret );} p += MBEDTLS_CTR_DRBG_BLOCKSIZE; }@@ -263,7 +298,10 @@ static int ctr_drbg_update_internal( mbedtls_ctr_drbg_context *ctx, /* * Update key and counter */
- mbedtls_aes_setkey_enc( &ctx->aes_ctx, tmp, MBEDTLS_CTR_DRBG_KEYBITS );
if( ( ret = mbedtls_aes_setkey_enc( &ctx->aes_ctx, tmp, MBEDTLS_CTR_DRBG_KEYBITS ) ) != 0 )
{
return( ret );} memcpy( ctx->counter, tmp + MBEDTLS_CTR_DRBG_KEYSIZE, MBEDTLS_CTR_DRBG_BLOCKSIZE );
return( 0 );
@@ -291,6 +329,7 @@ int mbedtls_ctr_drbg_reseed( mbedtls_ctr_drbg_context *ctx, { unsigned char seed[MBEDTLS_CTR_DRBG_MAX_SEED_INPUT]; size_t seedlen = 0;
int ret;
if( ctx->entropy_len > MBEDTLS_CTR_DRBG_MAX_SEED_INPUT || len > MBEDTLS_CTR_DRBG_MAX_SEED_INPUT - ctx->entropy_len )
@@ -321,12 +360,18 @@ int mbedtls_ctr_drbg_reseed( mbedtls_ctr_drbg_context *ctx, /* * Reduce to 384 bits */
- block_cipher_df( seed, seed, seedlen );
if( ( ret = block_cipher_df( seed, seed, seedlen ) ) != 0 )
{
return( ret );}
/*
- Update state
*/
- ctr_drbg_update_internal( ctx, seed );
if( ( ret = ctr_drbg_update_internal( ctx, seed ) ) != 0 )
{
return( ret );} ctx->reseed_counter = 1;
return( 0 );
@@ -356,15 +401,22 @@ int mbedtls_ctr_drbg_random_with_add( void *p_rng, ctx->prediction_resistance ) { if( ( ret = mbedtls_ctr_drbg_reseed( ctx, additional, add_len ) ) != 0 )
{ return( ret );
} add_len = 0; } if( add_len > 0 ) {
block_cipher_df( add_input, additional, add_len );ctr_drbg_update_internal( ctx, add_input );
if( ( ret = block_cipher_df( add_input, additional, add_len ) ) != 0 ){return( ret );}if( ( ret = ctr_drbg_update_internal( ctx, add_input ) ) != 0 ){return( ret );} } while( output_len > 0 )@@ -379,7 +431,10 @@ int mbedtls_ctr_drbg_random_with_add( void *p_rng, /* * Crypt counter block */
mbedtls_aes_crypt_ecb( &ctx->aes_ctx, MBEDTLS_AES_ENCRYPT, ctx->counter, tmp );
if( ( ret = mbedtls_aes_crypt_ecb( &ctx->aes_ctx, MBEDTLS_AES_ENCRYPT, ctx->counter, tmp ) ) != 0 ){return( ret );} use_len = ( output_len > MBEDTLS_CTR_DRBG_BLOCKSIZE ) ? MBEDTLS_CTR_DRBG_BLOCKSIZE : output_len;@@ -391,7 +446,10 @@ int mbedtls_ctr_drbg_random_with_add( void *p_rng, output_len -= use_len; }
- ctr_drbg_update_internal( ctx, add_input );
if( ( ret = ctr_drbg_update_internal( ctx, add_input ) ) != 0 )
{
return( ret );}
ctx->reseed_counter++;
@@ -432,20 +490,20 @@ int mbedtls_ctr_drbg_write_seed_file( mbedtls_ctr_drbg_context *ctx, const char goto exit;
if( fwrite( buf, 1, MBEDTLS_CTR_DRBG_MAX_INPUT, f ) != MBEDTLS_CTR_DRBG_MAX_INPUT )
- { ret = MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR;
goto exit;- }
- ret = 0;
else
ret = 0;exit:
mbedtls_zeroize( buf, sizeof( buf ) );
fclose( f ); return( ret );}
int mbedtls_ctr_drbg_update_seed_file( mbedtls_ctr_drbg_context *ctx, const char *path ) {
int ret = 0; FILE *f; size_t n; unsigned char buf[ MBEDTLS_CTR_DRBG_MAX_INPUT ];
@@ -464,14 +522,16 @@ int mbedtls_ctr_drbg_update_seed_file( mbedtls_ctr_drbg_context *ctx, const char }
if( fread( buf, 1, n, f ) != n )
- {
fclose( f );return( MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR );- }
ret = MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR;else
mbedtls_ctr_drbg_update( ctx, buf, n ); fclose( f );
- mbedtls_ctr_drbg_update( ctx, buf, n );
mbedtls_zeroize( buf, sizeof( buf ) );
if( ret != 0 )
return( ret ); return( mbedtls_ctr_drbg_write_seed_file( ctx, path ) );}
diff --git a/dll/3rdparty/mbedtls/debug.c b/dll/3rdparty/mbedtls/debug.c index 502d0a31c5..92daafe9a8 100644 --- a/dll/3rdparty/mbedtls/debug.c +++ b/dll/3rdparty/mbedtls/debug.c @@ -93,7 +93,7 @@ void mbedtls_debug_print_msg( const mbedtls_ssl_context *ssl, int level,
va_start( argp, format );#if defined(_WIN32) -#if defined(_TRUNCATE) +#if defined(_TRUNCATE) && !defined(__MINGW32__) ret = _vsnprintf_s( str, DEBUG_BUF_SIZE, _TRUNCATE, format, argp ); #else ret = _vsnprintf( str, DEBUG_BUF_SIZE, format, argp ); diff --git a/dll/3rdparty/mbedtls/dhm.c b/dll/3rdparty/mbedtls/dhm.c index 5f825ba52f..c48fc82d2a 100644 --- a/dll/3rdparty/mbedtls/dhm.c +++ b/dll/3rdparty/mbedtls/dhm.c @@ -59,6 +59,7 @@ #define mbedtls_free free #endif
+#if !defined(MBEDTLS_DHM_ALT) /* Implementation that should never be optimized out by the compiler */ static void mbedtls_zeroize( void *v, size_t n ) { volatile unsigned char *p = v; while( n-- ) *p++ = 0; @@ -95,6 +96,9 @@ static int dhm_read_bignum( mbedtls_mpi *X,
- Parameter should be: 2 <= public_param <= P - 2
- This means that we need to return an error if
public_param < 2 or public_param > P-2
- For more information on the attack, see:
- http://www.cl.cam.ac.uk/~rja14/Papers/psandqs.pdf
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-2643
@@ -102,17 +106,17 @@ static int dhm_read_bignum( mbedtls_mpi *X, static int dhm_check_range( const mbedtls_mpi *param, const mbedtls_mpi *P ) { mbedtls_mpi L, U;
- int ret = MBEDTLS_ERR_DHM_BAD_INPUT_DATA;
int ret = 0;
mbedtls_mpi_init( &L ); mbedtls_mpi_init( &U );
MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &L, 2 ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &U, P, 2 ) );
- if( mbedtls_mpi_cmp_mpi( param, &L ) >= 0 &&
mbedtls_mpi_cmp_mpi( param, &U ) <= 0 )
- if( mbedtls_mpi_cmp_mpi( param, &L ) < 0 ||
mbedtls_mpi_cmp_mpi( param, &U ) > 0 ) {
ret = 0;
ret = MBEDTLS_ERR_DHM_BAD_INPUT_DATA; }cleanup:
@@ -189,10 +193,15 @@ int mbedtls_dhm_make_params( mbedtls_dhm_context *ctx, int x_size, /* * export P, G, GX */ -#define DHM_MPI_EXPORT(X,n) \
- MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( X, p + 2, n ) ); \
- *p++ = (unsigned char)( n >> 8 ); \
- *p++ = (unsigned char)( n ); p += n;
+#define DHM_MPI_EXPORT( X, n ) \
do { \
MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( ( X ), \p + 2, \( n ) ) ); \*p++ = (unsigned char)( ( n ) >> 8 ); \*p++ = (unsigned char)( ( n ) ); \p += ( n ); \} while( 0 )
n1 = mbedtls_mpi_size( &ctx->P ); n2 = mbedtls_mpi_size( &ctx->G );
@@ -203,7 +212,7 @@ int mbedtls_dhm_make_params( mbedtls_dhm_context *ctx, int x_size, DHM_MPI_EXPORT( &ctx->G , n2 ); DHM_MPI_EXPORT( &ctx->GX, n3 );
- *olen = p - output;
*olen = p - output;
ctx->len = n1;
@@ -215,6 +224,28 @@ cleanup: return( 0 ); }
+/*
- Set prime modulus and generator
- */
+int mbedtls_dhm_set_group( mbedtls_dhm_context *ctx,
const mbedtls_mpi *P,const mbedtls_mpi *G )+{
- int ret;
- if( ctx == NULL || P == NULL || G == NULL )
return( MBEDTLS_ERR_DHM_BAD_INPUT_DATA );- if( ( ret = mbedtls_mpi_copy( &ctx->P, P ) ) != 0 ||
( ret = mbedtls_mpi_copy( &ctx->G, G ) ) != 0 )- {
return( MBEDTLS_ERR_DHM_SET_GROUP_FAILED + ret );- }
- ctx->len = mbedtls_mpi_size( &ctx->P );
- return( 0 );
+}
- /*
*/
- Import the peer's public value G^Y
@@ -402,10 +433,11 @@ cleanup: */ void mbedtls_dhm_free( mbedtls_dhm_context *ctx ) {
- mbedtls_mpi_free( &ctx->pX); mbedtls_mpi_free( &ctx->Vf ); mbedtls_mpi_free( &ctx->Vi );
- mbedtls_mpi_free( &ctx->RP ); mbedtls_mpi_free( &ctx->K ); mbedtls_mpi_free( &ctx->GY );
- mbedtls_mpi_free( &ctx->GX ); mbedtls_mpi_free( &ctx->X ); mbedtls_mpi_free( &ctx->G );
- mbedtls_mpi_free( &ctx->P );
mbedtls_mpi_free( &ctx->pX ); mbedtls_mpi_free( &ctx->Vf );
mbedtls_mpi_free( &ctx->Vi ); mbedtls_mpi_free( &ctx->RP );
mbedtls_mpi_free( &ctx->K ); mbedtls_mpi_free( &ctx->GY );
mbedtls_mpi_free( &ctx->GX ); mbedtls_mpi_free( &ctx->X );
mbedtls_mpi_free( &ctx->G ); mbedtls_mpi_free( &ctx->P );
mbedtls_zeroize( ctx, sizeof( mbedtls_dhm_context ) ); }
@@ -544,7 +576,10 @@ static int load_file( const char *path, unsigned char **buf, size_t *n ) if( fread( *buf, 1, *n, f ) != *n ) { fclose( f );
mbedtls_zeroize( *buf, *n + 1 ); mbedtls_free( *buf );return( MBEDTLS_ERR_DHM_FILE_IO_ERROR ); }@@ -579,6 +614,7 @@ int mbedtls_dhm_parse_dhmfile( mbedtls_dhm_context *dhm, const char *path ) } #endif /* MBEDTLS_FS_IO */ #endif /* MBEDTLS_ASN1_PARSE_C */ +#endif /* MBEDTLS_DHM_ALT */
#if defined(MBEDTLS_SELF_TEST)
diff --git a/dll/3rdparty/mbedtls/ecdh.c b/dll/3rdparty/mbedtls/ecdh.c index 553ac03506..8056d090eb 100644 --- a/dll/3rdparty/mbedtls/ecdh.c +++ b/dll/3rdparty/mbedtls/ecdh.c @@ -40,6 +40,7 @@
#include <string.h>
+#if !defined(MBEDTLS_ECDH_GEN_PUBLIC_ALT) /*
- Generate public key: simple wrapper around mbedtls_ecp_gen_keypair
*/ @@ -49,7 +50,9 @@ int mbedtls_ecdh_gen_public( mbedtls_ecp_group *grp, mbedtls_mpi *d, mbedtls_ecp { return mbedtls_ecp_gen_keypair( grp, d, Q, f_rng, p_rng ); } +#endif /* MBEDTLS_ECDH_GEN_PUBLIC_ALT */
+#if !defined(MBEDTLS_ECDH_COMPUTE_SHARED_ALT) /*
- Compute shared secret (SEC1 3.3.1)
*/ @@ -83,6 +86,7 @@ cleanup:
return( ret );} +#endif /* MBEDTLS_ECDH_COMPUTE_SHARED_ALT */
/*
- Initialize context
diff --git a/dll/3rdparty/mbedtls/ecdsa.c b/dll/3rdparty/mbedtls/ecdsa.c index 69b587a29e..e97e6cb433 100644 --- a/dll/3rdparty/mbedtls/ecdsa.c +++ b/dll/3rdparty/mbedtls/ecdsa.c @@ -67,6 +67,7 @@ cleanup: return( ret ); }
+#if !defined(MBEDTLS_ECDSA_SIGN_ALT) /*
- Compute ECDSA signature of a hashed message (SEC1 4.1.3)
- Obviously, compared to SEC1 4.1.3, we skip step 4 (hash message)
@@ -83,6 +84,10 @@ int mbedtls_ecdsa_sign( mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi *s, if( grp->N.p == NULL ) return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
- /* Make sure d is in range 1..n-1 */
- if( mbedtls_mpi_cmp_int( d, 1 ) < 0 || mbedtls_mpi_cmp_mpi( d, &grp->N ) >= 0 )
return( MBEDTLS_ERR_ECP_INVALID_KEY );mbedtls_ecp_point_init( &R ); mbedtls_mpi_init( &k ); mbedtls_mpi_init( &e ); mbedtls_mpi_init( &t );@@ -155,6 +160,7 @@ cleanup:
return( ret );} +#endif /* MBEDTLS_ECDSA_SIGN_ALT */
#if defined(MBEDTLS_ECDSA_DETERMINISTIC) /* @@ -194,6 +200,7 @@ cleanup: } #endif /* MBEDTLS_ECDSA_DETERMINISTIC */
+#if !defined(MBEDTLS_ECDSA_VERIFY_ALT) /*
- Verify ECDSA signature of hashed message (SEC1 4.1.4)
- Obviously, compared to SEC1 4.1.3, we skip step 2 (hash message)
@@ -279,6 +286,7 @@ cleanup:
return( ret );} +#endif /* MBEDTLS_ECDSA_VERIFY_ALT */
/*
- Convert a signature (given by context) to ASN.1
@@ -394,6 +402,9 @@ int mbedtls_ecdsa_read_signature( mbedtls_ecdsa_context *ctx, &ctx->Q, &r, &s ) ) != 0 ) goto cleanup;
- /* At this point we know that the buffer starts with a valid signature.
* Return 0 if the buffer just contains the signature, and a specific* error code if the valid signature is followed by more data. */ if( p != end ) ret = MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH;@@ -404,6 +415,7 @@ cleanup: return( ret ); }
+#if !defined(MBEDTLS_ECDSA_GENKEY_ALT) /*
- Generate key pair
*/ @@ -413,6 +425,7 @@ int mbedtls_ecdsa_genkey( mbedtls_ecdsa_context *ctx, mbedtls_ecp_group_id gid, return( mbedtls_ecp_group_load( &ctx->grp, gid ) || mbedtls_ecp_gen_keypair( &ctx->grp, &ctx->d, &ctx->Q, f_rng, p_rng ) ); } +#endif /* MBEDTLS_ECDSA_GENKEY_ALT */
/*
- Set context from an mbedtls_ecp_keypair
diff --git a/dll/3rdparty/mbedtls/ecjpake.c b/dll/3rdparty/mbedtls/ecjpake.c index 4f4a102925..a205746aac 100644 --- a/dll/3rdparty/mbedtls/ecjpake.c +++ b/dll/3rdparty/mbedtls/ecjpake.c @@ -38,6 +38,8 @@
#include <string.h>
+#if !defined(MBEDTLS_ECJPAKE_ALT)
- /*
*/
- Convert a mbedtls_ecjpake_role to identifier string
@@ -301,7 +303,7 @@ cleanup: */ static int ecjpake_zkp_write( const mbedtls_md_info_t *md_info, const mbedtls_ecp_group *grp,
const int pf,
const int pf, const mbedtls_ecp_point *G, const mbedtls_mpi *x, const mbedtls_ecp_point *X,@@ -766,6 +768,7 @@ cleanup: #undef ID_MINE #undef ID_PEER
+#endif /* ! MBEDTLS_ECJPAKE_ALT */
#if defined(MBEDTLS_SELF_TEST)
diff --git a/dll/3rdparty/mbedtls/ecp.c b/dll/3rdparty/mbedtls/ecp.c index 055e70e409..bd473604eb 100644 --- a/dll/3rdparty/mbedtls/ecp.c +++ b/dll/3rdparty/mbedtls/ecp.c @@ -1450,7 +1450,12 @@ static int ecp_mul_comb( mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
cleanup:
- if( T != NULL && ! p_eq_g )
- /* There are two cases where T is not stored in grp:
* - P != G* - An intermediate operation failed before setting grp->T* In either case, T must be freed.*/- if( T != NULL && T != grp->T ) { for( i = 0; i < pre_len; i++ ) mbedtls_ecp_point_free( &T[i] );
@@ -1955,7 +1960,6 @@ int mbedtls_ecp_gen_keypair_base( mbedtls_ecp_group *grp, { /* SEC1 3.2.1: Generate d such that 1 <= n < N */ int count = 0;
unsigned char rnd[MBEDTLS_ECP_MAX_BYTES]; /* * Match the procedure given in RFC 6979 (deterministic ECDSA):@@ -1966,8 +1970,7 @@ int mbedtls_ecp_gen_keypair_base( mbedtls_ecp_group *grp, */ do {
MBEDTLS_MPI_CHK( f_rng( p_rng, rnd, n_size ) );MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( d, rnd, n_size ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( d, n_size, f_rng, p_rng ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( d, 8 * n_size - grp->nbits ) ); /*diff --git a/dll/3rdparty/mbedtls/entropy.c b/dll/3rdparty/mbedtls/entropy.c index c88fc51fa2..4e37cd8a3d 100644 --- a/dll/3rdparty/mbedtls/entropy.c +++ b/dll/3rdparty/mbedtls/entropy.c @@ -70,21 +70,26 @@ static void mbedtls_zeroize( void *v, size_t n ) {
void mbedtls_entropy_init( mbedtls_entropy_context *ctx ) {
- memset( ctx, 0, sizeof(mbedtls_entropy_context) );
ctx->source_count = 0;
memset( ctx->source, 0, sizeof( ctx->source ) );
#if defined(MBEDTLS_THREADING_C) mbedtls_mutex_init( &ctx->mutex ); #endif
ctx->accumulator_started = 0; #if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR)
- mbedtls_sha512_starts( &ctx->accumulator, 0 );
- mbedtls_sha512_init( &ctx->accumulator ); #else
- mbedtls_sha256_starts( &ctx->accumulator, 0 );
mbedtls_sha256_init( &ctx->accumulator ); #endif #if defined(MBEDTLS_HAVEGE_C) mbedtls_havege_init( &ctx->havege_data ); #endif
/* Reminder: Update ENTROPY_HAVE_STRONG in the test files
* when adding more strong entropy sources here. */#if defined(MBEDTLS_TEST_NULL_ENTROPY) mbedtls_entropy_add_source( ctx, mbedtls_null_entropy_poll, NULL, 1, MBEDTLS_ENTROPY_SOURCE_STRONG );
@@ -115,6 +120,7 @@ void mbedtls_entropy_init( mbedtls_entropy_context *ctx ) mbedtls_entropy_add_source( ctx, mbedtls_nv_seed_poll, NULL, MBEDTLS_ENTROPY_BLOCK_SIZE, MBEDTLS_ENTROPY_SOURCE_STRONG );
- ctx->initial_entropy_run = 0; #endif #endif /* MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES */ }
@@ -127,7 +133,17 @@ void mbedtls_entropy_free( mbedtls_entropy_context *ctx ) #if defined(MBEDTLS_THREADING_C) mbedtls_mutex_free( &ctx->mutex ); #endif
- mbedtls_zeroize( ctx, sizeof( mbedtls_entropy_context ) );
+#if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR)
- mbedtls_sha512_free( &ctx->accumulator );
+#else
- mbedtls_sha256_free( &ctx->accumulator );
+#endif +#if defined(MBEDTLS_ENTROPY_NV_SEED)
- ctx->initial_entropy_run = 0;
+#endif
ctx->source_count = 0;
mbedtls_zeroize( ctx->source, sizeof( ctx->source ) );
ctx->accumulator_started = 0; }
int mbedtls_entropy_add_source( mbedtls_entropy_context *ctx,
@@ -174,13 +190,16 @@ static int entropy_update( mbedtls_entropy_context *ctx, unsigned char source_id unsigned char tmp[MBEDTLS_ENTROPY_BLOCK_SIZE]; size_t use_len = len; const unsigned char *p = data;
int ret = 0;
if( use_len > MBEDTLS_ENTROPY_BLOCK_SIZE ) { #if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR)
mbedtls_sha512( data, len, tmp, 0 );
if( ( ret = mbedtls_sha512_ret( data, len, tmp, 0 ) ) != 0 )goto cleanup;
mbedtls_sha256( data, len, tmp, 0 );
if( ( ret = mbedtls_sha256_ret( data, len, tmp, 0 ) ) != 0 )goto cleanup;@@ -189,15 +208,35 @@ static int entropy_update( mbedtls_entropy_context *ctx, unsigned char source_id header[0] = source_id; header[1] = use_len & 0xFF;
- /*
* Start the accumulator if this has not already happened. Note that* it is sufficient to start the accumulator here only because all calls to* gather entropy eventually execute this code.*/
- mbedtls_sha512_update( &ctx->accumulator, header, 2 );
- mbedtls_sha512_update( &ctx->accumulator, p, use_len );
- if( ctx->accumulator_started == 0 &&
( ret = mbedtls_sha512_starts_ret( &ctx->accumulator, 0 ) ) != 0 )goto cleanup;- else
ctx->accumulator_started = 1;- if( ( ret = mbedtls_sha512_update_ret( &ctx->accumulator, header, 2 ) ) != 0 )
goto cleanup;- ret = mbedtls_sha512_update_ret( &ctx->accumulator, p, use_len ); #else
- mbedtls_sha256_update( &ctx->accumulator, header, 2 );
- mbedtls_sha256_update( &ctx->accumulator, p, use_len );
- if( ctx->accumulator_started == 0 &&
( ret = mbedtls_sha256_starts_ret( &ctx->accumulator, 0 ) ) != 0 )goto cleanup;- else
ctx->accumulator_started = 1;- if( ( ret = mbedtls_sha256_update_ret( &ctx->accumulator, header, 2 ) ) != 0 )
goto cleanup;- ret = mbedtls_sha256_update_ret( &ctx->accumulator, p, use_len ); #endif
- return( 0 );
+cleanup:
mbedtls_zeroize( tmp, sizeof( tmp ) );
return( ret ); }
int mbedtls_entropy_update_manual( mbedtls_entropy_context *ctx,
@@ -244,7 +283,7 @@ static int entropy_gather_internal( mbedtls_entropy_context *ctx ) if( ( ret = ctx->source[i].f_source( ctx->source[i].p_source, buf, MBEDTLS_ENTROPY_MAX_GATHER, &olen ) ) != 0 ) {
return( ret );
goto cleanup; } /*@@ -252,15 +291,20 @@ static int entropy_gather_internal( mbedtls_entropy_context *ctx ) */ if( olen > 0 ) {
entropy_update( ctx, (unsigned char) i, buf, olen );
if( ( ret = entropy_update( ctx, (unsigned char) i,buf, olen ) ) != 0 )return( ret ); ctx->source[i].size += olen; } } if( have_one_strong == 0 )
return( MBEDTLS_ERR_ENTROPY_NO_STRONG_SOURCE );
ret = MBEDTLS_ERR_ENTROPY_NO_STRONG_SOURCE;
- return( 0 );
+cleanup:
mbedtls_zeroize( buf, sizeof( buf ) );
return( ret ); }
/*
@@ -335,33 +379,52 @@ int mbedtls_entropy_func( void *data, unsigned char *output, size_t len ) memset( buf, 0, MBEDTLS_ENTROPY_BLOCK_SIZE );
#if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR)
- mbedtls_sha512_finish( &ctx->accumulator, buf );
/*
* Note that at this stage it is assumed that the accumulator was started* in a previous call to entropy_update(). If this is not guaranteed, the* code below will fail.*/if( ( ret = mbedtls_sha512_finish_ret( &ctx->accumulator, buf ) ) != 0 )
goto exit; /* * Reset accumulator and counters and recycle existing entropy */
- memset( &ctx->accumulator, 0, sizeof( mbedtls_sha512_context ) );
- mbedtls_sha512_starts( &ctx->accumulator, 0 );
- mbedtls_sha512_update( &ctx->accumulator, buf, MBEDTLS_ENTROPY_BLOCK_SIZE );
mbedtls_sha512_free( &ctx->accumulator );
mbedtls_sha512_init( &ctx->accumulator );
if( ( ret = mbedtls_sha512_starts_ret( &ctx->accumulator, 0 ) ) != 0 )
goto exit;if( ( ret = mbedtls_sha512_update_ret( &ctx->accumulator, buf,
MBEDTLS_ENTROPY_BLOCK_SIZE ) ) != 0 )goto exit; /* * Perform second SHA-512 on entropy */
- mbedtls_sha512( buf, MBEDTLS_ENTROPY_BLOCK_SIZE, buf, 0 );
- if( ( ret = mbedtls_sha512_ret( buf, MBEDTLS_ENTROPY_BLOCK_SIZE,
buf, 0 ) ) != 0 )goto exit;
- mbedtls_sha256_finish( &ctx->accumulator, buf );
if( ( ret = mbedtls_sha256_finish_ret( &ctx->accumulator, buf ) ) != 0 )
goto exit; /* * Reset accumulator and counters and recycle existing entropy */
- memset( &ctx->accumulator, 0, sizeof( mbedtls_sha256_context ) );
- mbedtls_sha256_starts( &ctx->accumulator, 0 );
- mbedtls_sha256_update( &ctx->accumulator, buf, MBEDTLS_ENTROPY_BLOCK_SIZE );
mbedtls_sha256_free( &ctx->accumulator );
mbedtls_sha256_init( &ctx->accumulator );
if( ( ret = mbedtls_sha256_starts_ret( &ctx->accumulator, 0 ) ) != 0 )
goto exit;if( ( ret = mbedtls_sha256_update_ret( &ctx->accumulator, buf,
MBEDTLS_ENTROPY_BLOCK_SIZE ) ) != 0 )goto exit; /* * Perform second SHA-256 on entropy */
- mbedtls_sha256( buf, MBEDTLS_ENTROPY_BLOCK_SIZE, buf, 0 );
if( ( ret = mbedtls_sha256_ret( buf, MBEDTLS_ENTROPY_BLOCK_SIZE,
buf, 0 ) ) != 0 )goto exit;#endif /* MBEDTLS_ENTROPY_SHA512_ACCUMULATOR */
for( i = 0; i < ctx->source_count; i++ )@@ -372,6 +435,8 @@ int mbedtls_entropy_func( void *data, unsigned char *output, size_t len ) ret = 0;
exit:
- mbedtls_zeroize( buf, sizeof( buf ) );
- #if defined(MBEDTLS_THREADING_C) if( mbedtls_mutex_unlock( &ctx->mutex ) != 0 ) return( MBEDTLS_ERR_THREADING_MUTEX_ERROR );
@@ -384,7 +449,7 @@ exit: int mbedtls_entropy_update_nv_seed( mbedtls_entropy_context *ctx ) { int ret = MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR;
- unsigned char buf[ MBEDTLS_ENTROPY_MAX_SEED_SIZE ];
unsigned char buf[MBEDTLS_ENTROPY_BLOCK_SIZE];
/* Read new seed and write it to NV */ if( ( ret = mbedtls_entropy_func( ctx, buf, MBEDTLS_ENTROPY_BLOCK_SIZE ) ) != 0 )
@@ -395,9 +460,9 @@ int mbedtls_entropy_update_nv_seed( mbedtls_entropy_context *ctx )
/* Manually update the remaining stream with a separator value to diverge */ memset( buf, 0, MBEDTLS_ENTROPY_BLOCK_SIZE );
- mbedtls_entropy_update_manual( ctx, buf, MBEDTLS_ENTROPY_BLOCK_SIZE );
- ret = mbedtls_entropy_update_manual( ctx, buf, MBEDTLS_ENTROPY_BLOCK_SIZE );
- return( 0 );
- return( ret ); } #endif /* MBEDTLS_ENTROPY_NV_SEED */
@@ -423,12 +488,15 @@ int mbedtls_entropy_write_seed_file( mbedtls_entropy_context *ctx, const char *p ret = 0;
exit:
mbedtls_zeroize( buf, sizeof( buf ) );
fclose( f ); return( ret );}
int mbedtls_entropy_update_seed_file( mbedtls_entropy_context *ctx, const char *path ) {
int ret = 0; FILE *f; size_t n; unsigned char buf[ MBEDTLS_ENTROPY_MAX_SEED_SIZE ];
@@ -444,14 +512,16 @@ int mbedtls_entropy_update_seed_file( mbedtls_entropy_context *ctx, const char * n = MBEDTLS_ENTROPY_MAX_SEED_SIZE;
if( fread( buf, 1, n, f ) != n )
- {
fclose( f );return( MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR );- }
ret = MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR;else
ret = mbedtls_entropy_update_manual( ctx, buf, n ); fclose( f );
- mbedtls_entropy_update_manual( ctx, buf, n );
mbedtls_zeroize( buf, sizeof( buf ) );
if( ret != 0 )
return( ret ); return( mbedtls_entropy_write_seed_file( ctx, path ) );}
diff --git a/dll/3rdparty/mbedtls/error.c b/dll/3rdparty/mbedtls/error.c index f80125ad81..bc135a7ad8 100644 --- a/dll/3rdparty/mbedtls/error.c +++ b/dll/3rdparty/mbedtls/error.c @@ -47,6 +47,10 @@ #include "mbedtls/aes.h" #endif
+#if defined(MBEDTLS_ARC4_C) +#include "mbedtls/arc4.h" +#endif
- #if defined(MBEDTLS_BASE64_C) #include "mbedtls/base64.h" #endif
@@ -71,6 +75,10 @@ #include "mbedtls/cipher.h" #endif
+#if defined(MBEDTLS_CMAC_C) +#include "mbedtls/cmac.h" +#endif
- #if defined(MBEDTLS_CTR_DRBG_C) #include "mbedtls/ctr_drbg.h" #endif
@@ -103,6 +111,18 @@ #include "mbedtls/md.h" #endif
+#if defined(MBEDTLS_MD2_C) +#include "mbedtls/md2.h" +#endif
+#if defined(MBEDTLS_MD4_C) +#include "mbedtls/md4.h" +#endif
+#if defined(MBEDTLS_MD5_C) +#include "mbedtls/md5.h" +#endif
- #if defined(MBEDTLS_NET_C) #include "mbedtls/net_sockets.h" #endif
@@ -131,10 +151,26 @@ #include "mbedtls/pkcs5.h" #endif
+#if defined(MBEDTLS_RIPEMD160_C) +#include "mbedtls/ripemd160.h" +#endif
- #if defined(MBEDTLS_RSA_C) #include "mbedtls/rsa.h" #endif
+#if defined(MBEDTLS_SHA1_C) +#include "mbedtls/sha1.h" +#endif
+#if defined(MBEDTLS_SHA256_C) +#include "mbedtls/sha256.h" +#endif
+#if defined(MBEDTLS_SHA512_C) +#include "mbedtls/sha512.h" +#endif
- #if defined(MBEDTLS_SSL_TLS_C) #include "mbedtls/ssl.h" #endif
@@ -176,7 +212,7 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen ) if( use_ret == -(MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE) ) mbedtls_snprintf( buf, buflen, "CIPHER - The selected feature is not available" ); if( use_ret == -(MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA) )
mbedtls_snprintf( buf, buflen, "CIPHER - Bad input parameters to function" );
mbedtls_snprintf( buf, buflen, "CIPHER - Bad input parameters" ); if( use_ret == -(MBEDTLS_ERR_CIPHER_ALLOC_FAILED) ) mbedtls_snprintf( buf, buflen, "CIPHER - Failed to allocate memory" ); if( use_ret == -(MBEDTLS_ERR_CIPHER_INVALID_PADDING) )@@ -186,12 +222,14 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen ) if( use_ret == -(MBEDTLS_ERR_CIPHER_AUTH_FAILED) ) mbedtls_snprintf( buf, buflen, "CIPHER - Authentication failed (for AEAD modes)" ); if( use_ret == -(MBEDTLS_ERR_CIPHER_INVALID_CONTEXT) )
mbedtls_snprintf( buf, buflen, "CIPHER - The context is invalid, eg because it was free()ed" );
mbedtls_snprintf( buf, buflen, "CIPHER - The context is invalid. For example, because it was freed" );if( use_ret == -(MBEDTLS_ERR_CIPHER_HW_ACCEL_FAILED) )mbedtls_snprintf( buf, buflen, "CIPHER - Cipher hardware accelerator failed" );#endif /* MBEDTLS_CIPHER_C */
#if defined(MBEDTLS_DHM_C) if( use_ret == -(MBEDTLS_ERR_DHM_BAD_INPUT_DATA) )
mbedtls_snprintf( buf, buflen, "DHM - Bad input parameters to function" );
mbedtls_snprintf( buf, buflen, "DHM - Bad input parameters" ); if( use_ret == -(MBEDTLS_ERR_DHM_READ_PARAMS_FAILED) ) mbedtls_snprintf( buf, buflen, "DHM - Reading of the DHM parameters failed" ); if( use_ret == -(MBEDTLS_ERR_DHM_MAKE_PARAMS_FAILED) )@@ -207,7 +245,11 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen ) if( use_ret == -(MBEDTLS_ERR_DHM_ALLOC_FAILED) ) mbedtls_snprintf( buf, buflen, "DHM - Allocation of memory failed" ); if( use_ret == -(MBEDTLS_ERR_DHM_FILE_IO_ERROR) )
mbedtls_snprintf( buf, buflen, "DHM - Read/write of file failed" );
mbedtls_snprintf( buf, buflen, "DHM - Read or write of file failed" );if( use_ret == -(MBEDTLS_ERR_DHM_HW_ACCEL_FAILED) )mbedtls_snprintf( buf, buflen, "DHM - DHM hardware accelerator failed" );if( use_ret == -(MBEDTLS_ERR_DHM_SET_GROUP_FAILED) )mbedtls_snprintf( buf, buflen, "DHM - Setting the modulus and generator failed" );#endif /* MBEDTLS_DHM_C */
#if defined(MBEDTLS_ECP_C)
@@ -226,7 +268,9 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen ) if( use_ret == -(MBEDTLS_ERR_ECP_INVALID_KEY) ) mbedtls_snprintf( buf, buflen, "ECP - Invalid private or public key" ); if( use_ret == -(MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH) )
mbedtls_snprintf( buf, buflen, "ECP - Signature is valid but shorter than the user-supplied length" );
mbedtls_snprintf( buf, buflen, "ECP - The buffer contains a valid signature followed by more data" );if( use_ret == -(MBEDTLS_ERR_ECP_HW_ACCEL_FAILED) )mbedtls_snprintf( buf, buflen, "ECP - ECP hardware accelerator failed" );#endif /* MBEDTLS_ECP_C */
#if defined(MBEDTLS_MD_C)
@@ -238,6 +282,8 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen ) mbedtls_snprintf( buf, buflen, "MD - Failed to allocate memory" ); if( use_ret == -(MBEDTLS_ERR_MD_FILE_IO_ERROR) ) mbedtls_snprintf( buf, buflen, "MD - Opening or reading of file failed" );
if( use_ret == -(MBEDTLS_ERR_MD_HW_ACCEL_FAILED) )mbedtls_snprintf( buf, buflen, "MD - MD hardware accelerator failed" );#endif /* MBEDTLS_MD_C */
#if defined(MBEDTLS_PEM_PARSE_C) || defined(MBEDTLS_PEM_WRITE_C)
@@ -289,7 +335,9 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen ) if( use_ret == -(MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE) ) mbedtls_snprintf( buf, buflen, "PK - Unavailable feature, e.g. RSA disabled for RSA key" ); if( use_ret == -(MBEDTLS_ERR_PK_SIG_LEN_MISMATCH) )
mbedtls_snprintf( buf, buflen, "PK - The signature is valid but its length is less than expected" );
mbedtls_snprintf( buf, buflen, "PK - The buffer contains a valid signature followed by more data" );if( use_ret == -(MBEDTLS_ERR_PK_HW_ACCEL_FAILED) )mbedtls_snprintf( buf, buflen, "PK - PK hardware accelerator failed" );#endif /* MBEDTLS_PK_C */
#if defined(MBEDTLS_PKCS12_C)
@@ -322,7 +370,7 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen ) if( use_ret == -(MBEDTLS_ERR_RSA_KEY_GEN_FAILED) ) mbedtls_snprintf( buf, buflen, "RSA - Something failed during generation of a key" ); if( use_ret == -(MBEDTLS_ERR_RSA_KEY_CHECK_FAILED) )
mbedtls_snprintf( buf, buflen, "RSA - Key failed to pass the library's validity check" );
mbedtls_snprintf( buf, buflen, "RSA - Key failed to pass the validity check of the library" ); if( use_ret == -(MBEDTLS_ERR_RSA_PUBLIC_FAILED) ) mbedtls_snprintf( buf, buflen, "RSA - The public key operation failed" ); if( use_ret == -(MBEDTLS_ERR_RSA_PRIVATE_FAILED) )@@ -333,6 +381,10 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen ) mbedtls_snprintf( buf, buflen, "RSA - The output buffer for decryption is not large enough" ); if( use_ret == -(MBEDTLS_ERR_RSA_RNG_FAILED) ) mbedtls_snprintf( buf, buflen, "RSA - The random generator failed to generate non-zeros" );
if( use_ret == -(MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION) )mbedtls_snprintf( buf, buflen, "RSA - The implementation does not offer the requested operation, for example, because of security violations or lack of functionality" );if( use_ret == -(MBEDTLS_ERR_RSA_HW_ACCEL_FAILED) )mbedtls_snprintf( buf, buflen, "RSA - RSA hardware accelerator failed" );#endif /* MBEDTLS_RSA_C */
#if defined(MBEDTLS_SSL_TLS_C)
@@ -520,8 +572,17 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen ) mbedtls_snprintf( buf, buflen, "AES - Invalid key length" ); if( use_ret == -(MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH) ) mbedtls_snprintf( buf, buflen, "AES - Invalid data input length" );
- if( use_ret == -(MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE) )
mbedtls_snprintf( buf, buflen, "AES - Feature not available. For example, an unsupported AES key size" );- if( use_ret == -(MBEDTLS_ERR_AES_HW_ACCEL_FAILED) )
mbedtls_snprintf( buf, buflen, "AES - AES hardware accelerator failed" );+#if defined(MBEDTLS_ARC4_C)
- if( use_ret == -(MBEDTLS_ERR_ARC4_HW_ACCEL_FAILED) )
mbedtls_snprintf( buf, buflen, "ARC4 - ARC4 hardware accelerator failed" );+#endif /* MBEDTLS_ARC4_C */
- #if defined(MBEDTLS_ASN1_PARSE_C) if( use_ret == -(MBEDTLS_ERR_ASN1_OUT_OF_DATA) ) mbedtls_snprintf( buf, buflen, "ASN1 - Out of data when parsing an ASN1 data structure" );
@@ -568,6 +629,8 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen ) #if defined(MBEDTLS_BLOWFISH_C) if( use_ret == -(MBEDTLS_ERR_BLOWFISH_INVALID_KEY_LENGTH) ) mbedtls_snprintf( buf, buflen, "BLOWFISH - Invalid key length" );
- if( use_ret == -(MBEDTLS_ERR_BLOWFISH_HW_ACCEL_FAILED) )
mbedtls_snprintf( buf, buflen, "BLOWFISH - Blowfish hardware accelerator failed" ); if( use_ret == -(MBEDTLS_ERR_BLOWFISH_INVALID_INPUT_LENGTH) ) mbedtls_snprintf( buf, buflen, "BLOWFISH - Invalid data input length" );@@ -577,29 +640,40 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen ) mbedtls_snprintf( buf, buflen, "CAMELLIA - Invalid key length" ); if( use_ret == -(MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH) ) mbedtls_snprintf( buf, buflen, "CAMELLIA - Invalid data input length" );
if( use_ret == -(MBEDTLS_ERR_CAMELLIA_HW_ACCEL_FAILED) )
mbedtls_snprintf( buf, buflen, "CAMELLIA - Camellia hardware accelerator failed" );#endif /* MBEDTLS_CAMELLIA_C */
#if defined(MBEDTLS_CCM_C) if( use_ret == -(MBEDTLS_ERR_CCM_BAD_INPUT) )
mbedtls_snprintf( buf, buflen, "CCM - Bad input parameters to function" );
mbedtls_snprintf( buf, buflen, "CCM - Bad input parameters to the function" ); if( use_ret == -(MBEDTLS_ERR_CCM_AUTH_FAILED) ) mbedtls_snprintf( buf, buflen, "CCM - Authenticated decryption failed" );- if( use_ret == -(MBEDTLS_ERR_CCM_HW_ACCEL_FAILED) )
mbedtls_snprintf( buf, buflen, "CCM - CCM hardware accelerator failed" );+#if defined(MBEDTLS_CMAC_C)
- if( use_ret == -(MBEDTLS_ERR_CMAC_HW_ACCEL_FAILED) )
mbedtls_snprintf( buf, buflen, "CMAC - CMAC hardware accelerator failed" );+#endif /* MBEDTLS_CMAC_C */
- #if defined(MBEDTLS_CTR_DRBG_C) if( use_ret == -(MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED) ) mbedtls_snprintf( buf, buflen, "CTR_DRBG - The entropy source failed" ); if( use_ret == -(MBEDTLS_ERR_CTR_DRBG_REQUEST_TOO_BIG) )
mbedtls_snprintf( buf, buflen, "CTR_DRBG - Too many random requested in single call" );
mbedtls_snprintf( buf, buflen, "CTR_DRBG - The requested random buffer length is too big" ); if( use_ret == -(MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG) )
mbedtls_snprintf( buf, buflen, "CTR_DRBG - Input too large (Entropy + additional)" );
mbedtls_snprintf( buf, buflen, "CTR_DRBG - The input (entropy + additional data) is too large" ); if( use_ret == -(MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR) )
mbedtls_snprintf( buf, buflen, "CTR_DRBG - Read/write error in file" );
mbedtls_snprintf( buf, buflen, "CTR_DRBG - Read or write error in file" );#endif /* MBEDTLS_CTR_DRBG_C */
#if defined(MBEDTLS_DES_C) if( use_ret == -(MBEDTLS_ERR_DES_INVALID_INPUT_LENGTH) ) mbedtls_snprintf( buf, buflen, "DES - The data input has an invalid length" );
if( use_ret == -(MBEDTLS_ERR_DES_HW_ACCEL_FAILED) )
mbedtls_snprintf( buf, buflen, "DES - DES hardware accelerator failed" );#endif /* MBEDTLS_DES_C */
#if defined(MBEDTLS_ENTROPY_C)
@@ -618,6 +692,8 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen ) #if defined(MBEDTLS_GCM_C) if( use_ret == -(MBEDTLS_ERR_GCM_AUTH_FAILED) ) mbedtls_snprintf( buf, buflen, "GCM - Authenticated decryption failed" );
- if( use_ret == -(MBEDTLS_ERR_GCM_HW_ACCEL_FAILED) )
mbedtls_snprintf( buf, buflen, "GCM - GCM hardware accelerator failed" ); if( use_ret == -(MBEDTLS_ERR_GCM_BAD_INPUT) ) mbedtls_snprintf( buf, buflen, "GCM - Bad input parameters to function" );@@ -633,6 +709,21 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen ) mbedtls_snprintf( buf, buflen, "HMAC_DRBG - The entropy source failed" ); #endif /* MBEDTLS_HMAC_DRBG_C */
+#if defined(MBEDTLS_MD2_C)
- if( use_ret == -(MBEDTLS_ERR_MD2_HW_ACCEL_FAILED) )
mbedtls_snprintf( buf, buflen, "MD2 - MD2 hardware accelerator failed" );+#endif /* MBEDTLS_MD2_C */
+#if defined(MBEDTLS_MD4_C)
- if( use_ret == -(MBEDTLS_ERR_MD4_HW_ACCEL_FAILED) )
mbedtls_snprintf( buf, buflen, "MD4 - MD4 hardware accelerator failed" );+#endif /* MBEDTLS_MD4_C */
+#if defined(MBEDTLS_MD5_C)
- if( use_ret == -(MBEDTLS_ERR_MD5_HW_ACCEL_FAILED) )
mbedtls_snprintf( buf, buflen, "MD5 - MD5 hardware accelerator failed" );+#endif /* MBEDTLS_MD5_C */
- #if defined(MBEDTLS_NET_C) if( use_ret == -(MBEDTLS_ERR_NET_SOCKET_FAILED) ) mbedtls_snprintf( buf, buflen, "NET - Failed to open a socket" );
@@ -670,6 +761,26 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen ) mbedtls_snprintf( buf, buflen, "PADLOCK - Input data should be aligned" ); #endif /* MBEDTLS_PADLOCK_C */
+#if defined(MBEDTLS_RIPEMD160_C)
- if( use_ret == -(MBEDTLS_ERR_RIPEMD160_HW_ACCEL_FAILED) )
mbedtls_snprintf( buf, buflen, "RIPEMD160 - RIPEMD160 hardware accelerator failed" );+#endif /* MBEDTLS_RIPEMD160_C */
+#if defined(MBEDTLS_SHA1_C)
- if( use_ret == -(MBEDTLS_ERR_SHA1_HW_ACCEL_FAILED) )
mbedtls_snprintf( buf, buflen, "SHA1 - SHA-1 hardware accelerator failed" );+#endif /* MBEDTLS_SHA1_C */
+#if defined(MBEDTLS_SHA256_C)
- if( use_ret == -(MBEDTLS_ERR_SHA256_HW_ACCEL_FAILED) )
mbedtls_snprintf( buf, buflen, "SHA256 - SHA-256 hardware accelerator failed" );+#endif /* MBEDTLS_SHA256_C */
+#if defined(MBEDTLS_SHA512_C)
- if( use_ret == -(MBEDTLS_ERR_SHA512_HW_ACCEL_FAILED) )
mbedtls_snprintf( buf, buflen, "SHA512 - SHA-512 hardware accelerator failed" );+#endif /* MBEDTLS_SHA512_C */
- #if defined(MBEDTLS_THREADING_C) if( use_ret == -(MBEDTLS_ERR_THREADING_FEATURE_UNAVAILABLE) ) mbedtls_snprintf( buf, buflen, "THREADING - The selected feature is not available" );
@@ -682,6 +793,8 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen ) #if defined(MBEDTLS_XTEA_C) if( use_ret == -(MBEDTLS_ERR_XTEA_INVALID_INPUT_LENGTH) ) mbedtls_snprintf( buf, buflen, "XTEA - The data input has an invalid length" );
- if( use_ret == -(MBEDTLS_ERR_XTEA_HW_ACCEL_FAILED) )
mbedtls_snprintf( buf, buflen, "XTEA - XTEA hardware accelerator failed" );diff --git a/dll/3rdparty/mbedtls/gcm.c b/dll/3rdparty/mbedtls/gcm.c index 2f34930f4c..85a2907571 100644 --- a/dll/3rdparty/mbedtls/gcm.c +++ b/dll/3rdparty/mbedtls/gcm.c @@ -48,6 +48,7 @@ #endif
#if defined(MBEDTLS_SELF_TEST) && defined(MBEDTLS_AES_C) +#include "mbedtls/aes.h" #if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" #else @@ -56,6 +57,8 @@ #endif /* MBEDTLS_PLATFORM_C */ #endif /* MBEDTLS_SELF_TEST && MBEDTLS_AES_C */
+#if !defined(MBEDTLS_GCM_ALT)
- /*
*/
- 32-bit integer manipulation macros (big endian)
@@ -510,6 +513,8 @@ void mbedtls_gcm_free( mbedtls_gcm_context *ctx ) mbedtls_zeroize( ctx, sizeof( mbedtls_gcm_context ) ); }
+#endif /* !MBEDTLS_GCM_ALT */
- #if defined(MBEDTLS_SELF_TEST) && defined(MBEDTLS_AES_C) /*
- AES-GCM test vectors from:
@@ -746,34 +751,48 @@ int mbedtls_gcm_self_test( int verbose ) int i, j, ret; mbedtls_cipher_id_t cipher = MBEDTLS_CIPHER_ID_AES;
mbedtls_gcm_init( &ctx );
for( j = 0; j < 3; j++ ) { int key_len = 128 + 64 * j; for( i = 0; i < MAX_TESTS; i++ ) {
mbedtls_gcm_init( &ctx );if( verbose != 0 ) mbedtls_printf( " AES-GCM-%3d #%d (%s): ",
key_len, i, "enc" );mbedtls_gcm_setkey( &ctx, cipher, key[key_index[i]], key_len );
key_len, i, "enc" );ret = mbedtls_gcm_setkey( &ctx, cipher, key[key_index[i]],key_len );/** AES-192 is an optional feature that may be unavailable when* there is an alternative underlying implementation i.e. when* MBEDTLS_AES_ALT is defined.*/if( ret == MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE && key_len == 192 ){mbedtls_printf( "skipped\n" );break;}else if( ret != 0 ){goto exit;} ret = mbedtls_gcm_crypt_and_tag( &ctx, MBEDTLS_GCM_ENCRYPT,
pt_len[i],iv[iv_index[i]], iv_len[i],additional[add_index[i]], add_len[i],pt[pt_index[i]], buf, 16, tag_buf );
pt_len[i],iv[iv_index[i]], iv_len[i],additional[add_index[i]], add_len[i],pt[pt_index[i]], buf, 16, tag_buf );if( ret != 0 )goto exit;
if( ret != 0 ||memcmp( buf, ct[j * 6 + i], pt_len[i] ) != 0 ||memcmp( tag_buf, tag[j * 6 + i], 16 ) != 0 )
if ( memcmp( buf, ct[j * 6 + i], pt_len[i] ) != 0 ||memcmp( tag_buf, tag[j * 6 + i], 16 ) != 0 ) {
if( verbose != 0 )mbedtls_printf( "failed\n" );return( 1 );
ret = 1;goto exit; } mbedtls_gcm_free( &ctx );@@ -781,26 +800,31 @@ int mbedtls_gcm_self_test( int verbose ) if( verbose != 0 ) mbedtls_printf( "passed\n" );
mbedtls_gcm_init( &ctx );if( verbose != 0 ) mbedtls_printf( " AES-GCM-%3d #%d (%s): ",
key_len, i, "dec" );
key_len, i, "dec" );
mbedtls_gcm_setkey( &ctx, cipher, key[key_index[i]], key_len );
ret = mbedtls_gcm_setkey( &ctx, cipher, key[key_index[i]],key_len );if( ret != 0 )goto exit; ret = mbedtls_gcm_crypt_and_tag( &ctx, MBEDTLS_GCM_DECRYPT,
pt_len[i],iv[iv_index[i]], iv_len[i],additional[add_index[i]], add_len[i],ct[j * 6 + i], buf, 16, tag_buf );
pt_len[i],iv[iv_index[i]], iv_len[i],additional[add_index[i]], add_len[i],ct[j * 6 + i], buf, 16, tag_buf );if( ret != 0 )goto exit;
if( ret != 0 ||memcmp( buf, pt[pt_index[i]], pt_len[i] ) != 0 ||
if( memcmp( buf, pt[pt_index[i]], pt_len[i] ) != 0 || memcmp( tag_buf, tag[j * 6 + i], 16 ) != 0 ) {
if( verbose != 0 )mbedtls_printf( "failed\n" );return( 1 );
ret = 1;goto exit; } mbedtls_gcm_free( &ctx );@@ -808,66 +832,51 @@ int mbedtls_gcm_self_test( int verbose ) if( verbose != 0 ) mbedtls_printf( "passed\n" );
mbedtls_gcm_init( &ctx );if( verbose != 0 ) mbedtls_printf( " AES-GCM-%3d #%d split (%s): ",
key_len, i, "enc" );
key_len, i, "enc" );
mbedtls_gcm_setkey( &ctx, cipher, key[key_index[i]], key_len );
ret = mbedtls_gcm_setkey( &ctx, cipher, key[key_index[i]],key_len );if( ret != 0 )goto exit; ret = mbedtls_gcm_starts( &ctx, MBEDTLS_GCM_ENCRYPT,
iv[iv_index[i]], iv_len[i],additional[add_index[i]], add_len[i] );
iv[iv_index[i]], iv_len[i],additional[add_index[i]], add_len[i] ); if( ret != 0 )
{if( verbose != 0 )mbedtls_printf( "failed\n" );return( 1 );}
goto exit; if( pt_len[i] > 32 ) { size_t rest_len = pt_len[i] - 32; ret = mbedtls_gcm_update( &ctx, 32, pt[pt_index[i]], buf ); if( ret != 0 )
{if( verbose != 0 )mbedtls_printf( "failed\n" );return( 1 );}
goto exit; ret = mbedtls_gcm_update( &ctx, rest_len, pt[pt_index[i]] + 32, buf + 32 ); if( ret != 0 )
{if( verbose != 0 )mbedtls_printf( "failed\n" );return( 1 );}
goto exit; } else { ret = mbedtls_gcm_update( &ctx, pt_len[i], pt[pt_index[i]], buf ); if( ret != 0 )
{if( verbose != 0 )mbedtls_printf( "failed\n" );return( 1 );}
goto exit; } ret = mbedtls_gcm_finish( &ctx, tag_buf, 16 );
if( ret != 0 ||memcmp( buf, ct[j * 6 + i], pt_len[i] ) != 0 ||
if( ret != 0 )goto exit;if( memcmp( buf, ct[j * 6 + i], pt_len[i] ) != 0 || memcmp( tag_buf, tag[j * 6 + i], 16 ) != 0 ) {
if( verbose != 0 )mbedtls_printf( "failed\n" );return( 1 );
ret = 1;goto exit; } mbedtls_gcm_free( &ctx );@@ -875,80 +884,75 @@ int mbedtls_gcm_self_test( int verbose ) if( verbose != 0 ) mbedtls_printf( "passed\n" );
mbedtls_gcm_init( &ctx );if( verbose != 0 ) mbedtls_printf( " AES-GCM-%3d #%d split (%s): ",
key_len, i, "dec" );
key_len, i, "dec" );
mbedtls_gcm_setkey( &ctx, cipher, key[key_index[i]], key_len );
ret = mbedtls_gcm_setkey( &ctx, cipher, key[key_index[i]],key_len );if( ret != 0 )goto exit; ret = mbedtls_gcm_starts( &ctx, MBEDTLS_GCM_DECRYPT, iv[iv_index[i]], iv_len[i], additional[add_index[i]], add_len[i] ); if( ret != 0 )
{if( verbose != 0 )mbedtls_printf( "failed\n" );return( 1 );}
goto exit; if( pt_len[i] > 32 ) { size_t rest_len = pt_len[i] - 32; ret = mbedtls_gcm_update( &ctx, 32, ct[j * 6 + i], buf ); if( ret != 0 )
{if( verbose != 0 )mbedtls_printf( "failed\n" );return( 1 );}
goto exit; ret = mbedtls_gcm_update( &ctx, rest_len, ct[j * 6 + i] + 32,
buf + 32 );
buf + 32 ); if( ret != 0 )
{if( verbose != 0 )mbedtls_printf( "failed\n" );return( 1 );}
goto exit; } else {
ret = mbedtls_gcm_update( &ctx, pt_len[i], ct[j * 6 + i], buf );
ret = mbedtls_gcm_update( &ctx, pt_len[i], ct[j * 6 + i],buf ); if( ret != 0 )
{if( verbose != 0 )mbedtls_printf( "failed\n" );return( 1 );}
goto exit; } ret = mbedtls_gcm_finish( &ctx, tag_buf, 16 );
if( ret != 0 ||memcmp( buf, pt[pt_index[i]], pt_len[i] ) != 0 ||
if( ret != 0 )goto exit;if( memcmp( buf, pt[pt_index[i]], pt_len[i] ) != 0 || memcmp( tag_buf, tag[j * 6 + i], 16 ) != 0 ) {
if( verbose != 0 )mbedtls_printf( "failed\n" );return( 1 );
ret = 1;goto exit; } mbedtls_gcm_free( &ctx ); if( verbose != 0 ) mbedtls_printf( "passed\n" );
} } if( verbose != 0 ) mbedtls_printf( "\n" );return( 0 );
- ret = 0;
+exit:
if( ret != 0 )
{
if( verbose != 0 )mbedtls_printf( "failed\n" );mbedtls_gcm_free( &ctx );}
return( ret ); }
#endif /* MBEDTLS_SELF_TEST && MBEDTLS_AES_C */
diff --git a/dll/3rdparty/mbedtls/hmac_drbg.c b/dll/3rdparty/mbedtls/hmac_drbg.c index 2826cc204f..cda64a2713 100644 --- a/dll/3rdparty/mbedtls/hmac_drbg.c +++ b/dll/3rdparty/mbedtls/hmac_drbg.c @@ -366,11 +366,14 @@ int mbedtls_hmac_drbg_write_seed_file( mbedtls_hmac_drbg_context *ctx, const cha
exit: fclose( f );
mbedtls_zeroize( buf, sizeof( buf ) );
return( ret );}
int mbedtls_hmac_drbg_update_seed_file( mbedtls_hmac_drbg_context *ctx, const char *path ) {
int ret = 0; FILE *f; size_t n; unsigned char buf[ MBEDTLS_HMAC_DRBG_MAX_INPUT ];
@@ -389,14 +392,16 @@ int mbedtls_hmac_drbg_update_seed_file( mbedtls_hmac_drbg_context *ctx, const ch }
if( fread( buf, 1, n, f ) != n )
- {
fclose( f );return( MBEDTLS_ERR_HMAC_DRBG_FILE_IO_ERROR );- }
ret = MBEDTLS_ERR_HMAC_DRBG_FILE_IO_ERROR;else
mbedtls_hmac_drbg_update( ctx, buf, n ); fclose( f );
- mbedtls_hmac_drbg_update( ctx, buf, n );
mbedtls_zeroize( buf, sizeof( buf ) );
if( ret != 0 )
return( ret ); return( mbedtls_hmac_drbg_write_seed_file( ctx, path ) );}
diff --git a/dll/3rdparty/mbedtls/md.c b/dll/3rdparty/mbedtls/md.c index fa63762ec7..e41c367c74 100644 --- a/dll/3rdparty/mbedtls/md.c +++ b/dll/3rdparty/mbedtls/md.c @@ -252,9 +252,7 @@ int mbedtls_md_starts( mbedtls_md_context_t *ctx ) if( ctx == NULL || ctx->md_info == NULL ) return( MBEDTLS_ERR_MD_BAD_INPUT_DATA );
- ctx->md_info->starts_func( ctx->md_ctx );
- return( 0 );
return( ctx->md_info->starts_func( ctx->md_ctx ) ); }
int mbedtls_md_update( mbedtls_md_context_t *ctx, const unsigned char *input, size_t ilen )
@@ -262,9 +260,7 @@ int mbedtls_md_update( mbedtls_md_context_t *ctx, const unsigned char *input, si if( ctx == NULL || ctx->md_info == NULL ) return( MBEDTLS_ERR_MD_BAD_INPUT_DATA );
- ctx->md_info->update_func( ctx->md_ctx, input, ilen );
- return( 0 );
return( ctx->md_info->update_func( ctx->md_ctx, input, ilen ) ); }
int mbedtls_md_finish( mbedtls_md_context_t *ctx, unsigned char *output )
@@ -272,9 +268,7 @@ int mbedtls_md_finish( mbedtls_md_context_t *ctx, unsigned char *output ) if( ctx == NULL || ctx->md_info == NULL ) return( MBEDTLS_ERR_MD_BAD_INPUT_DATA );
- ctx->md_info->finish_func( ctx->md_ctx, output );
- return( 0 );
return( ctx->md_info->finish_func( ctx->md_ctx, output ) ); }
int mbedtls_md( const mbedtls_md_info_t *md_info, const unsigned char *input, size_t ilen,
@@ -283,9 +277,7 @@ int mbedtls_md( const mbedtls_md_info_t *md_info, const unsigned char *input, si if( md_info == NULL ) return( MBEDTLS_ERR_MD_BAD_INPUT_DATA );
- md_info->digest_func( input, ilen, output );
- return( 0 );
return( md_info->digest_func( input, ilen, output ) ); }
#if defined(MBEDTLS_FS_IO)
@@ -308,20 +300,20 @@ int mbedtls_md_file( const mbedtls_md_info_t *md_info, const char *path, unsigne if( ( ret = mbedtls_md_setup( &ctx, md_info, 0 ) ) != 0 ) goto cleanup;
- md_info->starts_func( ctx.md_ctx );
if( ( ret = md_info->starts_func( ctx.md_ctx ) ) != 0 )
goto cleanup; while( ( n = fread( buf, 1, sizeof( buf ), f ) ) > 0 )
md_info->update_func( ctx.md_ctx, buf, n );
if( ( ret = md_info->update_func( ctx.md_ctx, buf, n ) ) != 0 )goto cleanup; if( ferror( f ) != 0 )
- { ret = MBEDTLS_ERR_MD_FILE_IO_ERROR;
goto cleanup;- }
- md_info->finish_func( ctx.md_ctx, output );
else
ret = md_info->finish_func( ctx.md_ctx, output );cleanup:
mbedtls_zeroize( buf, sizeof( buf ) ); fclose( f ); mbedtls_md_free( &ctx );
@@ -331,6 +323,7 @@ cleanup:
int mbedtls_md_hmac_starts( mbedtls_md_context_t *ctx, const unsigned char *key, size_t keylen ) {
- int ret; unsigned char sum[MBEDTLS_MD_MAX_SIZE]; unsigned char *ipad, *opad; size_t i;
@@ -340,9 +333,12 @@ int mbedtls_md_hmac_starts( mbedtls_md_context_t *ctx, const unsigned char *key,
if( keylen > (size_t) ctx->md_info->block_size ) {
ctx->md_info->starts_func( ctx->md_ctx );ctx->md_info->update_func( ctx->md_ctx, key, keylen );ctx->md_info->finish_func( ctx->md_ctx, sum );
if( ( ret = ctx->md_info->starts_func( ctx->md_ctx ) ) != 0 )goto cleanup;if( ( ret = ctx->md_info->update_func( ctx->md_ctx, key, keylen ) ) != 0 )goto cleanup;if( ( ret = ctx->md_info->finish_func( ctx->md_ctx, sum ) ) != 0 )goto cleanup; keylen = ctx->md_info->size; key = sum;@@ -360,12 +356,16 @@ int mbedtls_md_hmac_starts( mbedtls_md_context_t *ctx, const unsigned char *key, opad[i] = (unsigned char)( opad[i] ^ key[i] ); }
- mbedtls_zeroize( sum, sizeof( sum ) );
- if( ( ret = ctx->md_info->starts_func( ctx->md_ctx ) ) != 0 )
goto cleanup;- if( ( ret = ctx->md_info->update_func( ctx->md_ctx, ipad,
ctx->md_info->block_size ) ) != 0 )goto cleanup;
- ctx->md_info->starts_func( ctx->md_ctx );
- ctx->md_info->update_func( ctx->md_ctx, ipad, ctx->md_info->block_size );
+cleanup:
- mbedtls_zeroize( sum, sizeof( sum ) );
- return( 0 );
return( ret ); }
int mbedtls_md_hmac_update( mbedtls_md_context_t *ctx, const unsigned char *input, size_t ilen )
@@ -373,13 +373,12 @@ int mbedtls_md_hmac_update( mbedtls_md_context_t *ctx, const unsigned char *inpu if( ctx == NULL || ctx->md_info == NULL || ctx->hmac_ctx == NULL ) return( MBEDTLS_ERR_MD_BAD_INPUT_DATA );
- ctx->md_info->update_func( ctx->md_ctx, input, ilen );
- return( 0 );
return( ctx->md_info->update_func( ctx->md_ctx, input, ilen ) ); }
int mbedtls_md_hmac_finish( mbedtls_md_context_t *ctx, unsigned char *output ) {
int ret; unsigned char tmp[MBEDTLS_MD_MAX_SIZE]; unsigned char *opad;
@@ -388,17 +387,22 @@ int mbedtls_md_hmac_finish( mbedtls_md_context_t *ctx, unsigned char *output )
opad = (unsigned char *) ctx->hmac_ctx + ctx->md_info->block_size;
- ctx->md_info->finish_func( ctx->md_ctx, tmp );
- ctx->md_info->starts_func( ctx->md_ctx );
- ctx->md_info->update_func( ctx->md_ctx, opad, ctx->md_info->block_size );
- ctx->md_info->update_func( ctx->md_ctx, tmp, ctx->md_info->size );
- ctx->md_info->finish_func( ctx->md_ctx, output );
- return( 0 );
if( ( ret = ctx->md_info->finish_func( ctx->md_ctx, tmp ) ) != 0 )
return( ret );if( ( ret = ctx->md_info->starts_func( ctx->md_ctx ) ) != 0 )
return( ret );if( ( ret = ctx->md_info->update_func( ctx->md_ctx, opad,
ctx->md_info->block_size ) ) != 0 )return( ret );if( ( ret = ctx->md_info->update_func( ctx->md_ctx, tmp,
ctx->md_info->size ) ) != 0 )return( ret );return( ctx->md_info->finish_func( ctx->md_ctx, output ) ); }
int mbedtls_md_hmac_reset( mbedtls_md_context_t *ctx ) {
int ret; unsigned char *ipad;
if( ctx == NULL || ctx->md_info == NULL || ctx->hmac_ctx == NULL )
@@ -406,15 +410,16 @@ int mbedtls_md_hmac_reset( mbedtls_md_context_t *ctx )
ipad = (unsigned char *) ctx->hmac_ctx;
- ctx->md_info->starts_func( ctx->md_ctx );
- ctx->md_info->update_func( ctx->md_ctx, ipad, ctx->md_info->block_size );
- return( 0 );
- if( ( ret = ctx->md_info->starts_func( ctx->md_ctx ) ) != 0 )
return( ret );- return( ctx->md_info->update_func( ctx->md_ctx, ipad,
ctx->md_info->block_size ) );-int mbedtls_md_hmac( const mbedtls_md_info_t *md_info, const unsigned char *key, size_t keylen,
const unsigned char *input, size_t ilen,unsigned char *output )+int mbedtls_md_hmac( const mbedtls_md_info_t *md_info,
const unsigned char *key, size_t keylen,const unsigned char *input, size_t ilen,unsigned char *output )@@ -425,15 +430,19 @@ int mbedtls_md_hmac( const mbedtls_md_info_t *md_info, const unsigned char *key, mbedtls_md_init( &ctx );
if( ( ret = mbedtls_md_setup( &ctx, md_info, 1 ) ) != 0 )
return( ret );
goto cleanup;
- mbedtls_md_hmac_starts( &ctx, key, keylen );
- mbedtls_md_hmac_update( &ctx, input, ilen );
- mbedtls_md_hmac_finish( &ctx, output );
- if( ( ret = mbedtls_md_hmac_starts( &ctx, key, keylen ) ) != 0 )
goto cleanup;- if( ( ret = mbedtls_md_hmac_update( &ctx, input, ilen ) ) != 0 )
goto cleanup;- if( ( ret = mbedtls_md_hmac_finish( &ctx, output ) ) != 0 )
goto cleanup;+cleanup: mbedtls_md_free( &ctx );
- return( 0 );
return( ret ); }
int mbedtls_md_process( mbedtls_md_context_t *ctx, const unsigned char *data )
@@ -441,9 +450,7 @@ int mbedtls_md_process( mbedtls_md_context_t *ctx, const unsigned char *data ) if( ctx == NULL || ctx->md_info == NULL ) return( MBEDTLS_ERR_MD_BAD_INPUT_DATA );
- ctx->md_info->process_func( ctx->md_ctx, data );
- return( 0 );
return( ctx->md_info->process_func( ctx->md_ctx, data ) ); }
unsigned char mbedtls_md_get_size( const mbedtls_md_info_t *md_info )
diff --git a/dll/3rdparty/mbedtls/md2.c b/dll/3rdparty/mbedtls/md2.c index 9e0c43dabf..7ce86f9302 100644 --- a/dll/3rdparty/mbedtls/md2.c +++ b/dll/3rdparty/mbedtls/md2.c @@ -107,16 +107,25 @@ void mbedtls_md2_clone( mbedtls_md2_context *dst, /*
- MD2 context setup
*/ -void mbedtls_md2_starts( mbedtls_md2_context *ctx ) +int mbedtls_md2_starts_ret( mbedtls_md2_context *ctx ) { memset( ctx->cksum, 0, 16 ); memset( ctx->state, 0, 46 ); memset( ctx->buffer, 0, 16 ); ctx->left = 0;
- return( 0 ); }
+#if !defined(MBEDTLS_DEPRECATED_REMOVED) +void mbedtls_md2_starts( mbedtls_md2_context *ctx ) +{
- mbedtls_md2_starts_ret( ctx );
+} +#endif
- #if !defined(MBEDTLS_MD2_PROCESS_ALT)
-void mbedtls_md2_process( mbedtls_md2_context *ctx ) +int mbedtls_internal_md2_process( mbedtls_md2_context *ctx ) { int i, j; unsigned char t = 0; @@ -148,14 +157,26 @@ void mbedtls_md2_process( mbedtls_md2_context *ctx ) ( ctx->cksum[i] ^ PI_SUBST[ctx->buffer[i] ^ t] ); t = ctx->cksum[i]; }
- return( 0 ); }
+#if !defined(MBEDTLS_DEPRECATED_REMOVED) +void mbedtls_md2_process( mbedtls_md2_context *ctx ) +{
- mbedtls_internal_md2_process( ctx );
+} +#endif #endif /* !MBEDTLS_MD2_PROCESS_ALT */
/*
- MD2 process buffer
*/ -void mbedtls_md2_update( mbedtls_md2_context *ctx, const unsigned char *input, size_t ilen ) +int mbedtls_md2_update_ret( mbedtls_md2_context *ctx,
const unsigned char *input,size_t ilen ){
int ret; size_t fill;
while( ilen > 0 )
@@ -174,16 +195,30 @@ void mbedtls_md2_update( mbedtls_md2_context *ctx, const unsigned char *input, s if( ctx->left == 16 ) { ctx->left = 0;
mbedtls_md2_process( ctx );
if( ( ret = mbedtls_internal_md2_process( ctx ) ) != 0 )return( ret ); } }- return( 0 ); }
+#if !defined(MBEDTLS_DEPRECATED_REMOVED) +void mbedtls_md2_update( mbedtls_md2_context *ctx,
const unsigned char *input,size_t ilen )+{
- mbedtls_md2_update_ret( ctx, input, ilen );
+} +#endif
- /*
*/
- MD2 final digest
-void mbedtls_md2_finish( mbedtls_md2_context *ctx, unsigned char output[16] ) +int mbedtls_md2_finish_ret( mbedtls_md2_context *ctx,
unsigned char output[16] )- int ret; size_t i; unsigned char x;
@@ -192,36 +227,70 @@ void mbedtls_md2_finish( mbedtls_md2_context *ctx, unsigned char output[16] ) for( i = ctx->left; i < 16; i++ ) ctx->buffer[i] = x;
- mbedtls_md2_process( ctx );
if( ( ret = mbedtls_internal_md2_process( ctx ) ) != 0 )
return( ret ); memcpy( ctx->buffer, ctx->cksum, 16 );
- mbedtls_md2_process( ctx );
if( ( ret = mbedtls_internal_md2_process( ctx ) ) != 0 )
return( ret ); memcpy( output, ctx->state, 16 );return( 0 );
+}
+#if !defined(MBEDTLS_DEPRECATED_REMOVED) +void mbedtls_md2_finish( mbedtls_md2_context *ctx,
unsigned char output[16] )+{
- mbedtls_md2_finish_ret( ctx, output ); }
+#endif
#endif /* !MBEDTLS_MD2_ALT */
/*
- output = MD2( input buffer )
*/ -void mbedtls_md2( const unsigned char *input, size_t ilen, unsigned char output[16] ) +int mbedtls_md2_ret( const unsigned char *input,
size_t ilen,unsigned char output[16] ){
int ret; mbedtls_md2_context ctx;
mbedtls_md2_init( &ctx );
- mbedtls_md2_starts( &ctx );
- mbedtls_md2_update( &ctx, input, ilen );
- mbedtls_md2_finish( &ctx, output );
- if( ( ret = mbedtls_md2_starts_ret( &ctx ) ) != 0 )
goto exit;- if( ( ret = mbedtls_md2_update_ret( &ctx, input, ilen ) ) != 0 )
goto exit;- if( ( ret = mbedtls_md2_finish_ret( &ctx, output ) ) != 0 )
goto exit;+exit: mbedtls_md2_free( &ctx );
- return( ret ); }
+#if !defined(MBEDTLS_DEPRECATED_REMOVED) +void mbedtls_md2( const unsigned char *input,
size_t ilen,unsigned char output[16] )+{
- mbedtls_md2_ret( input, ilen, output );
+} +#endif
#if defined(MBEDTLS_SELF_TEST)
/*
- RFC 1319 test vectors
*/
-static const char md2_test_str[7][81] = +static const unsigned char md2_test_str[7][81] = { { "" }, { "a" }, @@ -229,10 +298,15 @@ static const char md2_test_str[7][81] = { "message digest" }, { "abcdefghijklmnopqrstuvwxyz" }, { "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789" },
- { "12345678901234567890123456789012345678901234567890123456789012" \
- { "12345678901234567890123456789012345678901234567890123456789012" "345678901234567890" } };
+static const size_t md2_test_strlen[7] = +{
- 0, 1, 3, 14, 26, 62, 80
+};
- static const unsigned char md2_test_sum[7][16] = { { 0x83, 0x50, 0xE5, 0xA3, 0xE2, 0x4C, 0x15, 0x3D,
@@ -256,7 +330,7 @@ static const unsigned char md2_test_sum[7][16] = */ int mbedtls_md2_self_test( int verbose ) {
- int i;
int i, ret = 0; unsigned char md2sum[16];
for( i = 0; i < 7; i++ )
@@ -264,15 +338,14 @@ int mbedtls_md2_self_test( int verbose ) if( verbose != 0 ) mbedtls_printf( " MD2 test #%d: ", i + 1 );
mbedtls_md2( (unsigned char *) md2_test_str[i],strlen( md2_test_str[i] ), md2sum );
ret = mbedtls_md2_ret( md2_test_str[i], md2_test_strlen[i], md2sum );if( ret != 0 )goto fail; if( memcmp( md2sum, md2_test_sum[i], 16 ) != 0 ) {
if( verbose != 0 )mbedtls_printf( "failed\n" );return( 1 );
ret = 1;goto fail; } if( verbose != 0 )@@ -283,6 +356,12 @@ int mbedtls_md2_self_test( int verbose ) mbedtls_printf( "\n" );
return( 0 );
+fail:
if( verbose != 0 )
mbedtls_printf( "failed\n" );return( ret ); }
#endif /* MBEDTLS_SELF_TEST */
diff --git a/dll/3rdparty/mbedtls/md4.c b/dll/3rdparty/mbedtls/md4.c index 2a66db49ec..f53efa8243 100644 --- a/dll/3rdparty/mbedtls/md4.c +++ b/dll/3rdparty/mbedtls/md4.c @@ -100,7 +100,7 @@ void mbedtls_md4_clone( mbedtls_md4_context *dst, /*
- MD4 context setup
*/ -void mbedtls_md4_starts( mbedtls_md4_context *ctx ) +int mbedtls_md4_starts_ret( mbedtls_md4_context *ctx ) { ctx->total[0] = 0; ctx->total[1] = 0; @@ -109,10 +109,20 @@ void mbedtls_md4_starts( mbedtls_md4_context *ctx ) ctx->state[1] = 0xEFCDAB89; ctx->state[2] = 0x98BADCFE; ctx->state[3] = 0x10325476;
- return( 0 );
+}
+#if !defined(MBEDTLS_DEPRECATED_REMOVED) +void mbedtls_md4_starts( mbedtls_md4_context *ctx ) +{
- mbedtls_md4_starts_ret( ctx ); }
+#endif
#if !defined(MBEDTLS_MD4_PROCESS_ALT) -void mbedtls_md4_process( mbedtls_md4_context *ctx, const unsigned char data[64] ) +int mbedtls_internal_md4_process( mbedtls_md4_context *ctx,
const unsigned char data[64] )@@ -213,19 +223,32 @@ void mbedtls_md4_process( mbedtls_md4_context *ctx, const unsigned char data[64] ctx->state[1] += B; ctx->state[2] += C; ctx->state[3] += D;
- return( 0 );
+}
+#if !defined(MBEDTLS_DEPRECATED_REMOVED) +void mbedtls_md4_process( mbedtls_md4_context *ctx,
const unsigned char data[64] )+{
- mbedtls_internal_md4_process( ctx, data ); }
+#endif #endif /* !MBEDTLS_MD4_PROCESS_ALT */
/*
- MD4 process buffer
*/ -void mbedtls_md4_update( mbedtls_md4_context *ctx, const unsigned char *input, size_t ilen ) +int mbedtls_md4_update_ret( mbedtls_md4_context *ctx,
const unsigned char *input,size_t ilen ){
int ret; size_t fill; uint32_t left;
if( ilen == 0 )
return;
return( 0 ); left = ctx->total[0] & 0x3F; fill = 64 - left;@@ -240,7 +263,10 @@ void mbedtls_md4_update( mbedtls_md4_context *ctx, const unsigned char *input, s { memcpy( (void *) (ctx->buffer + left), (void *) input, fill );
mbedtls_md4_process( ctx, ctx->buffer );
if( ( ret = mbedtls_internal_md4_process( ctx, ctx->buffer ) ) != 0 )return( ret );input += fill; ilen -= fill; left = 0;@@ -248,7 +274,9 @@ void mbedtls_md4_update( mbedtls_md4_context *ctx, const unsigned char *input, s
while( ilen >= 64 ) {
mbedtls_md4_process( ctx, input );
if( ( ret = mbedtls_internal_md4_process( ctx, input ) ) != 0 )return( ret );input += 64; ilen -= 64; }@@ -258,7 +286,18 @@ void mbedtls_md4_update( mbedtls_md4_context *ctx, const unsigned char *input, s memcpy( (void *) (ctx->buffer + left), (void *) input, ilen ); }
- return( 0 );
+}
+#if !defined(MBEDTLS_DEPRECATED_REMOVED) +void mbedtls_md4_update( mbedtls_md4_context *ctx,
const unsigned char *input,size_t ilen )+{
- mbedtls_md4_update_ret( ctx, input, ilen ); }
+#endif
static const unsigned char md4_padding[64] = { @@ -271,8 +310,10 @@ static const unsigned char md4_padding[64] = /*
- MD4 final digest
*/ -void mbedtls_md4_finish( mbedtls_md4_context *ctx, unsigned char output[16] ) +int mbedtls_md4_finish_ret( mbedtls_md4_context *ctx,
unsigned char output[16] )- int ret; uint32_t last, padn; uint32_t high, low; unsigned char msglen[8];
@@ -287,37 +328,74 @@ void mbedtls_md4_finish( mbedtls_md4_context *ctx, unsigned char output[16] ) last = ctx->total[0] & 0x3F; padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last );
- mbedtls_md4_update( ctx, (unsigned char *) md4_padding, padn );
- mbedtls_md4_update( ctx, msglen, 8 );
ret = mbedtls_md4_update_ret( ctx, (unsigned char *)md4_padding, padn );
if( ret != 0 )
return( ret );if( ( ret = mbedtls_md4_update_ret( ctx, msglen, 8 ) ) != 0 )
return( ret );PUT_UINT32_LE( ctx->state[0], output, 0 ); PUT_UINT32_LE( ctx->state[1], output, 4 ); PUT_UINT32_LE( ctx->state[2], output, 8 ); PUT_UINT32_LE( ctx->state[3], output, 12 );return( 0 );
+}
+#if !defined(MBEDTLS_DEPRECATED_REMOVED) +void mbedtls_md4_finish( mbedtls_md4_context *ctx,
unsigned char output[16] )+{
- mbedtls_md4_finish_ret( ctx, output ); }
+#endif
#endif /* !MBEDTLS_MD4_ALT */
/*
- output = MD4( input buffer )
*/ -void mbedtls_md4( const unsigned char *input, size_t ilen, unsigned char output[16] ) +int mbedtls_md4_ret( const unsigned char *input,
size_t ilen,unsigned char output[16] ){
int ret; mbedtls_md4_context ctx;
mbedtls_md4_init( &ctx );
- mbedtls_md4_starts( &ctx );
- mbedtls_md4_update( &ctx, input, ilen );
- mbedtls_md4_finish( &ctx, output );
- if( ( ret = mbedtls_md4_starts_ret( &ctx ) ) != 0 )
goto exit;- if( ( ret = mbedtls_md4_update_ret( &ctx, input, ilen ) ) != 0 )
goto exit;- if( ( ret = mbedtls_md4_finish_ret( &ctx, output ) ) != 0 )
goto exit;+exit: mbedtls_md4_free( &ctx );
- return( ret );
+}
+#if !defined(MBEDTLS_DEPRECATED_REMOVED) +void mbedtls_md4( const unsigned char *input,
size_t ilen,unsigned char output[16] )+{
- mbedtls_md4_ret( input, ilen, output ); }
+#endif
#if defined(MBEDTLS_SELF_TEST)
/*
- RFC 1320 test vectors
*/ -static const char md4_test_str[7][81] = +static const unsigned char md4_test_str[7][81] = { { "" }, { "a" }, @@ -325,10 +403,15 @@ static const char md4_test_str[7][81] = { "message digest" }, { "abcdefghijklmnopqrstuvwxyz" }, { "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789" },
- { "12345678901234567890123456789012345678901234567890123456789012" \
- { "12345678901234567890123456789012345678901234567890123456789012" "345678901234567890" } };
+static const size_t md4_test_strlen[7] = +{
- 0, 1, 3, 14, 26, 62, 80
+};
- static const unsigned char md4_test_sum[7][16] = { { 0x31, 0xD6, 0xCF, 0xE0, 0xD1, 0x6A, 0xE9, 0x31,
@@ -352,7 +435,7 @@ static const unsigned char md4_test_sum[7][16] = */ int mbedtls_md4_self_test( int verbose ) {
- int i;
int i, ret = 0; unsigned char md4sum[16];
for( i = 0; i < 7; i++ )
@@ -360,15 +443,14 @@ int mbedtls_md4_self_test( int verbose ) if( verbose != 0 ) mbedtls_printf( " MD4 test #%d: ", i + 1 );
mbedtls_md4( (unsigned char *) md4_test_str[i],strlen( md4_test_str[i] ), md4sum );
ret = mbedtls_md4_ret( md4_test_str[i], md4_test_strlen[i], md4sum );if( ret != 0 )goto fail; if( memcmp( md4sum, md4_test_sum[i], 16 ) != 0 ) {
if( verbose != 0 )mbedtls_printf( "failed\n" );return( 1 );
ret = 1;goto fail; } if( verbose != 0 )@@ -379,6 +461,12 @@ int mbedtls_md4_self_test( int verbose ) mbedtls_printf( "\n" );
return( 0 );
+fail:
if( verbose != 0 )
mbedtls_printf( "failed\n" );return( ret ); }
#endif /* MBEDTLS_SELF_TEST */
diff --git a/dll/3rdparty/mbedtls/md5.c b/dll/3rdparty/mbedtls/md5.c index 758eebeb66..b4bcf76e52 100644 --- a/dll/3rdparty/mbedtls/md5.c +++ b/dll/3rdparty/mbedtls/md5.c @@ -99,7 +99,7 @@ void mbedtls_md5_clone( mbedtls_md5_context *dst, /*
- MD5 context setup
*/ -void mbedtls_md5_starts( mbedtls_md5_context *ctx ) +int mbedtls_md5_starts_ret( mbedtls_md5_context *ctx ) { ctx->total[0] = 0; ctx->total[1] = 0; @@ -108,10 +108,20 @@ void mbedtls_md5_starts( mbedtls_md5_context *ctx ) ctx->state[1] = 0xEFCDAB89; ctx->state[2] = 0x98BADCFE; ctx->state[3] = 0x10325476;
- return( 0 ); }
+#if !defined(MBEDTLS_DEPRECATED_REMOVED) +void mbedtls_md5_starts( mbedtls_md5_context *ctx ) +{
- mbedtls_md5_starts_ret( ctx );
+} +#endif
- #if !defined(MBEDTLS_MD5_PROCESS_ALT)
-void mbedtls_md5_process( mbedtls_md5_context *ctx, const unsigned char data[64] ) +int mbedtls_internal_md5_process( mbedtls_md5_context *ctx,
const unsigned char data[64] )@@ -232,19 +242,32 @@ void mbedtls_md5_process( mbedtls_md5_context *ctx, const unsigned char data[64] ctx->state[1] += B; ctx->state[2] += C; ctx->state[3] += D;
- return( 0 );
+}
+#if !defined(MBEDTLS_DEPRECATED_REMOVED) +void mbedtls_md5_process( mbedtls_md5_context *ctx,
const unsigned char data[64] )+{
- mbedtls_internal_md5_process( ctx, data ); }
+#endif #endif /* !MBEDTLS_MD5_PROCESS_ALT */
/*
- MD5 process buffer
*/ -void mbedtls_md5_update( mbedtls_md5_context *ctx, const unsigned char *input, size_t ilen ) +int mbedtls_md5_update_ret( mbedtls_md5_context *ctx,
const unsigned char *input,size_t ilen ){
int ret; size_t fill; uint32_t left;
if( ilen == 0 )
return;
return( 0 ); left = ctx->total[0] & 0x3F; fill = 64 - left;@@ -258,7 +281,9 @@ void mbedtls_md5_update( mbedtls_md5_context *ctx, const unsigned char *input, s if( left && ilen >= fill ) { memcpy( (void *) (ctx->buffer + left), input, fill );
mbedtls_md5_process( ctx, ctx->buffer );
if( ( ret = mbedtls_internal_md5_process( ctx, ctx->buffer ) ) != 0 )return( ret );input += fill; ilen -= fill; left = 0;@@ -266,7 +291,9 @@ void mbedtls_md5_update( mbedtls_md5_context *ctx, const unsigned char *input, s
while( ilen >= 64 ) {
mbedtls_md5_process( ctx, input );
if( ( ret = mbedtls_internal_md5_process( ctx, input ) ) != 0 )return( ret );input += 64; ilen -= 64; }@@ -275,59 +302,121 @@ void mbedtls_md5_update( mbedtls_md5_context *ctx, const unsigned char *input, s { memcpy( (void *) (ctx->buffer + left), input, ilen ); }
- return( 0 ); }
-static const unsigned char md5_padding[64] = +#if !defined(MBEDTLS_DEPRECATED_REMOVED) +void mbedtls_md5_update( mbedtls_md5_context *ctx,
const unsigned char *input,size_t ilen )
- 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
-};
- mbedtls_md5_update_ret( ctx, input, ilen );
+} +#endif
/*
- MD5 final digest
*/ -void mbedtls_md5_finish( mbedtls_md5_context *ctx, unsigned char output[16] ) +int mbedtls_md5_finish_ret( mbedtls_md5_context *ctx,
unsigned char output[16] )
- uint32_t last, padn;
- int ret;
- uint32_t used; uint32_t high, low;
- unsigned char msglen[8];
- /*
* Add padding: 0x80 then 0x00 until 8 bytes remain for the length*/- used = ctx->total[0] & 0x3F;
- ctx->buffer[used++] = 0x80;
- if( used <= 56 )
- {
/* Enough room for padding + length in current block */memset( ctx->buffer + used, 0, 56 - used );- }
- else
- {
/* We'll need an extra block */memset( ctx->buffer + used, 0, 64 - used );if( ( ret = mbedtls_internal_md5_process( ctx, ctx->buffer ) ) != 0 )return( ret );memset( ctx->buffer, 0, 56 );- }
- /*
* Add message length*/ high = ( ctx->total[0] >> 29 ) | ( ctx->total[1] << 3 ); low = ( ctx->total[0] << 3 );
- PUT_UINT32_LE( low, msglen, 0 );
- PUT_UINT32_LE( high, msglen, 4 );
- last = ctx->total[0] & 0x3F;
- padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last );
- PUT_UINT32_LE( low, ctx->buffer, 56 );
- PUT_UINT32_LE( high, ctx->buffer, 60 );
- mbedtls_md5_update( ctx, md5_padding, padn );
- mbedtls_md5_update( ctx, msglen, 8 );
if( ( ret = mbedtls_internal_md5_process( ctx, ctx->buffer ) ) != 0 )
return( ret );/*
* Output final state*/ PUT_UINT32_LE( ctx->state[0], output, 0 ); PUT_UINT32_LE( ctx->state[1], output, 4 ); PUT_UINT32_LE( ctx->state[2], output, 8 ); PUT_UINT32_LE( ctx->state[3], output, 12 );return( 0 );
+}
+#if !defined(MBEDTLS_DEPRECATED_REMOVED) +void mbedtls_md5_finish( mbedtls_md5_context *ctx,
unsigned char output[16] )+{
- mbedtls_md5_finish_ret( ctx, output ); }
+#endif
#endif /* !MBEDTLS_MD5_ALT */
/*
- output = MD5( input buffer )
*/ -void mbedtls_md5( const unsigned char *input, size_t ilen, unsigned char output[16] ) +int mbedtls_md5_ret( const unsigned char *input,
size_t ilen,unsigned char output[16] ){
int ret; mbedtls_md5_context ctx;
mbedtls_md5_init( &ctx );
- mbedtls_md5_starts( &ctx );
- mbedtls_md5_update( &ctx, input, ilen );
- mbedtls_md5_finish( &ctx, output );
- if( ( ret = mbedtls_md5_starts_ret( &ctx ) ) != 0 )
goto exit;- if( ( ret = mbedtls_md5_update_ret( &ctx, input, ilen ) ) != 0 )
goto exit;- if( ( ret = mbedtls_md5_finish_ret( &ctx, output ) ) != 0 )
goto exit;+exit: mbedtls_md5_free( &ctx );
- return( ret );
+}
+#if !defined(MBEDTLS_DEPRECATED_REMOVED) +void mbedtls_md5( const unsigned char *input,
size_t ilen,unsigned char output[16] )+{
- mbedtls_md5_ret( input, ilen, output ); }
+#endif
#if defined(MBEDTLS_SELF_TEST) /* @@ -341,11 +430,11 @@ static const unsigned char md5_test_buf[7][81] = { "message digest" }, { "abcdefghijklmnopqrstuvwxyz" }, { "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789" },
- { "12345678901234567890123456789012345678901234567890123456789012" \
- { "12345678901234567890123456789012345678901234567890123456789012" "345678901234567890" } };
-static const int md5_test_buflen[7] = +static const size_t md5_test_buflen[7] = { 0, 1, 3, 14, 26, 62, 80 }; @@ -373,7 +462,7 @@ static const unsigned char md5_test_sum[7][16] = */ int mbedtls_md5_self_test( int verbose ) {
- int i;
int i, ret = 0; unsigned char md5sum[16];
for( i = 0; i < 7; i++ )
@@ -381,14 +470,14 @@ int mbedtls_md5_self_test( int verbose ) if( verbose != 0 ) mbedtls_printf( " MD5 test #%d: ", i + 1 );
mbedtls_md5( md5_test_buf[i], md5_test_buflen[i], md5sum );
ret = mbedtls_md5_ret( md5_test_buf[i], md5_test_buflen[i], md5sum );if( ret != 0 )goto fail; if( memcmp( md5sum, md5_test_sum[i], 16 ) != 0 ) {
if( verbose != 0 )mbedtls_printf( "failed\n" );return( 1 );
ret = 1;goto fail; } if( verbose != 0 )@@ -399,6 +488,12 @@ int mbedtls_md5_self_test( int verbose ) mbedtls_printf( "\n" );
return( 0 );
+fail:
if( verbose != 0 )
mbedtls_printf( "failed\n" );return( ret ); }
#endif /* MBEDTLS_SELF_TEST */
diff --git a/dll/3rdparty/mbedtls/md_wrap.c b/dll/3rdparty/mbedtls/md_wrap.c index 49c47d69d1..97067b0425 100644 --- a/dll/3rdparty/mbedtls/md_wrap.c +++ b/dll/3rdparty/mbedtls/md_wrap.c @@ -73,20 +73,20 @@
#if defined(MBEDTLS_MD2_C)
-static void md2_starts_wrap( void *ctx ) +static int md2_starts_wrap( void *ctx ) {
- mbedtls_md2_starts( (mbedtls_md2_context *) ctx );
- return( mbedtls_md2_starts_ret( (mbedtls_md2_context *) ctx ) ); }
-static void md2_update_wrap( void *ctx, const unsigned char *input, +static int md2_update_wrap( void *ctx, const unsigned char *input, size_t ilen ) {
- mbedtls_md2_update( (mbedtls_md2_context *) ctx, input, ilen );
- return( mbedtls_md2_update_ret( (mbedtls_md2_context *) ctx, input, ilen ) ); }
-static void md2_finish_wrap( void *ctx, unsigned char *output ) +static int md2_finish_wrap( void *ctx, unsigned char *output ) {
- mbedtls_md2_finish( (mbedtls_md2_context *) ctx, output );
return( mbedtls_md2_finish_ret( (mbedtls_md2_context *) ctx, output ) ); }
static void *md2_ctx_alloc( void )
@@ -111,11 +111,11 @@ static void md2_clone_wrap( void *dst, const void *src ) (const mbedtls_md2_context *) src ); }
-static void md2_process_wrap( void *ctx, const unsigned char *data ) +static int md2_process_wrap( void *ctx, const unsigned char *data ) { ((void) data);
- mbedtls_md2_process( (mbedtls_md2_context *) ctx );
return( mbedtls_internal_md2_process( (mbedtls_md2_context *) ctx ) ); }
const mbedtls_md_info_t mbedtls_md2_info = {
@@ -126,7 +126,7 @@ const mbedtls_md_info_t mbedtls_md2_info = { md2_starts_wrap, md2_update_wrap, md2_finish_wrap,
- mbedtls_md2,
- mbedtls_md2_ret, md2_ctx_alloc, md2_ctx_free, md2_clone_wrap,
@@ -137,20 +137,20 @@ const mbedtls_md_info_t mbedtls_md2_info = {
#if defined(MBEDTLS_MD4_C)
-static void md4_starts_wrap( void *ctx ) +static int md4_starts_wrap( void *ctx ) {
- mbedtls_md4_starts( (mbedtls_md4_context *) ctx );
- return( mbedtls_md4_starts_ret( (mbedtls_md4_context *) ctx ) ); }
-static void md4_update_wrap( void *ctx, const unsigned char *input, +static int md4_update_wrap( void *ctx, const unsigned char *input, size_t ilen ) {
- mbedtls_md4_update( (mbedtls_md4_context *) ctx, input, ilen );
- return( mbedtls_md4_update_ret( (mbedtls_md4_context *) ctx, input, ilen ) ); }
-static void md4_finish_wrap( void *ctx, unsigned char *output ) +static int md4_finish_wrap( void *ctx, unsigned char *output ) {
- mbedtls_md4_finish( (mbedtls_md4_context *) ctx, output );
return( mbedtls_md4_finish_ret( (mbedtls_md4_context *) ctx, output ) ); }
static void *md4_ctx_alloc( void )
@@ -172,12 +172,12 @@ static void md4_ctx_free( void *ctx ) static void md4_clone_wrap( void *dst, const void *src ) { mbedtls_md4_clone( (mbedtls_md4_context *) dst,
(const mbedtls_md4_context *) src );
(const mbedtls_md4_context *) src );-static void md4_process_wrap( void *ctx, const unsigned char *data ) +static int md4_process_wrap( void *ctx, const unsigned char *data ) {
- mbedtls_md4_process( (mbedtls_md4_context *) ctx, data );
return( mbedtls_internal_md4_process( (mbedtls_md4_context *) ctx, data ) ); }
const mbedtls_md_info_t mbedtls_md4_info = {
@@ -188,7 +188,7 @@ const mbedtls_md_info_t mbedtls_md4_info = { md4_starts_wrap, md4_update_wrap, md4_finish_wrap,
- mbedtls_md4,
- mbedtls_md4_ret, md4_ctx_alloc, md4_ctx_free, md4_clone_wrap,
@@ -199,20 +199,20 @@ const mbedtls_md_info_t mbedtls_md4_info = {
#if defined(MBEDTLS_MD5_C)
-static void md5_starts_wrap( void *ctx ) +static int md5_starts_wrap( void *ctx ) {
- mbedtls_md5_starts( (mbedtls_md5_context *) ctx );
- return( mbedtls_md5_starts_ret( (mbedtls_md5_context *) ctx ) ); }
-static void md5_update_wrap( void *ctx, const unsigned char *input, +static int md5_update_wrap( void *ctx, const unsigned char *input, size_t ilen ) {
- mbedtls_md5_update( (mbedtls_md5_context *) ctx, input, ilen );
- return( mbedtls_md5_update_ret( (mbedtls_md5_context *) ctx, input, ilen ) ); }
-static void md5_finish_wrap( void *ctx, unsigned char *output ) +static int md5_finish_wrap( void *ctx, unsigned char *output ) {
- mbedtls_md5_finish( (mbedtls_md5_context *) ctx, output );
return( mbedtls_md5_finish_ret( (mbedtls_md5_context *) ctx, output ) ); }
static void *md5_ctx_alloc( void )
@@ -234,12 +234,12 @@ static void md5_ctx_free( void *ctx ) static void md5_clone_wrap( void *dst, const void *src ) { mbedtls_md5_clone( (mbedtls_md5_context *) dst,
(const mbedtls_md5_context *) src );
(const mbedtls_md5_context *) src );-static void md5_process_wrap( void *ctx, const unsigned char *data ) +static int md5_process_wrap( void *ctx, const unsigned char *data ) {
- mbedtls_md5_process( (mbedtls_md5_context *) ctx, data );
return( mbedtls_internal_md5_process( (mbedtls_md5_context *) ctx, data ) ); }
const mbedtls_md_info_t mbedtls_md5_info = {
@@ -250,7 +250,7 @@ const mbedtls_md_info_t mbedtls_md5_info = { md5_starts_wrap, md5_update_wrap, md5_finish_wrap,
- mbedtls_md5,
- mbedtls_md5_ret, md5_ctx_alloc, md5_ctx_free, md5_clone_wrap,
@@ -261,20 +261,22 @@ const mbedtls_md_info_t mbedtls_md5_info = {
#if defined(MBEDTLS_RIPEMD160_C)
-static void ripemd160_starts_wrap( void *ctx ) +static int ripemd160_starts_wrap( void *ctx ) {
- mbedtls_ripemd160_starts( (mbedtls_ripemd160_context *) ctx );
- return( mbedtls_ripemd160_starts_ret( (mbedtls_ripemd160_context *) ctx ) ); }
-static void ripemd160_update_wrap( void *ctx, const unsigned char *input, +static int ripemd160_update_wrap( void *ctx, const unsigned char *input, size_t ilen ) {
- mbedtls_ripemd160_update( (mbedtls_ripemd160_context *) ctx, input, ilen );
- return( mbedtls_ripemd160_update_ret( (mbedtls_ripemd160_context *) ctx,
input, ilen ) );-static void ripemd160_finish_wrap( void *ctx, unsigned char *output ) +static int ripemd160_finish_wrap( void *ctx, unsigned char *output ) {
- mbedtls_ripemd160_finish( (mbedtls_ripemd160_context *) ctx, output );
return( mbedtls_ripemd160_finish_ret( (mbedtls_ripemd160_context *) ctx,
output ) );}
static void *ripemd160_ctx_alloc( void )
@@ -299,9 +301,10 @@ static void ripemd160_clone_wrap( void *dst, const void *src ) (const mbedtls_ripemd160_context *) src ); }
-static void ripemd160_process_wrap( void *ctx, const unsigned char *data ) +static int ripemd160_process_wrap( void *ctx, const unsigned char *data ) {
- mbedtls_ripemd160_process( (mbedtls_ripemd160_context *) ctx, data );
return( mbedtls_internal_ripemd160_process(
(mbedtls_ripemd160_context *) ctx, data ) );}
const mbedtls_md_info_t mbedtls_ripemd160_info = {
@@ -312,7 +315,7 @@ const mbedtls_md_info_t mbedtls_ripemd160_info = { ripemd160_starts_wrap, ripemd160_update_wrap, ripemd160_finish_wrap,
- mbedtls_ripemd160,
- mbedtls_ripemd160_ret, ripemd160_ctx_alloc, ripemd160_ctx_free, ripemd160_clone_wrap,
@@ -323,20 +326,21 @@ const mbedtls_md_info_t mbedtls_ripemd160_info = {
#if defined(MBEDTLS_SHA1_C)
-static void sha1_starts_wrap( void *ctx ) +static int sha1_starts_wrap( void *ctx ) {
- mbedtls_sha1_starts( (mbedtls_sha1_context *) ctx );
- return( mbedtls_sha1_starts_ret( (mbedtls_sha1_context *) ctx ) ); }
-static void sha1_update_wrap( void *ctx, const unsigned char *input, +static int sha1_update_wrap( void *ctx, const unsigned char *input, size_t ilen ) {
- mbedtls_sha1_update( (mbedtls_sha1_context *) ctx, input, ilen );
- return( mbedtls_sha1_update_ret( (mbedtls_sha1_context *) ctx,
input, ilen ) );-static void sha1_finish_wrap( void *ctx, unsigned char *output ) +static int sha1_finish_wrap( void *ctx, unsigned char *output ) {
- mbedtls_sha1_finish( (mbedtls_sha1_context *) ctx, output );
return( mbedtls_sha1_finish_ret( (mbedtls_sha1_context *) ctx, output ) ); }
static void *sha1_ctx_alloc( void )
@@ -361,9 +365,10 @@ static void sha1_ctx_free( void *ctx ) mbedtls_free( ctx ); }
-static void sha1_process_wrap( void *ctx, const unsigned char *data ) +static int sha1_process_wrap( void *ctx, const unsigned char *data ) {
- mbedtls_sha1_process( (mbedtls_sha1_context *) ctx, data );
return( mbedtls_internal_sha1_process( (mbedtls_sha1_context *) ctx,
data ) );}
const mbedtls_md_info_t mbedtls_sha1_info = {
@@ -374,7 +379,7 @@ const mbedtls_md_info_t mbedtls_sha1_info = { sha1_starts_wrap, sha1_update_wrap, sha1_finish_wrap,
- mbedtls_sha1,
- mbedtls_sha1_ret, sha1_ctx_alloc, sha1_ctx_free, sha1_clone_wrap,
@@ -388,26 +393,28 @@ const mbedtls_md_info_t mbedtls_sha1_info = { */ #if defined(MBEDTLS_SHA256_C)
-static void sha224_starts_wrap( void *ctx ) +static int sha224_starts_wrap( void *ctx ) {
- mbedtls_sha256_starts( (mbedtls_sha256_context *) ctx, 1 );
- return( mbedtls_sha256_starts_ret( (mbedtls_sha256_context *) ctx, 1 ) ); }
-static void sha224_update_wrap( void *ctx, const unsigned char *input, +static int sha224_update_wrap( void *ctx, const unsigned char *input, size_t ilen ) {
- mbedtls_sha256_update( (mbedtls_sha256_context *) ctx, input, ilen );
- return( mbedtls_sha256_update_ret( (mbedtls_sha256_context *) ctx,
input, ilen ) );-static void sha224_finish_wrap( void *ctx, unsigned char *output ) +static int sha224_finish_wrap( void *ctx, unsigned char *output ) {
- mbedtls_sha256_finish( (mbedtls_sha256_context *) ctx, output );
- return( mbedtls_sha256_finish_ret( (mbedtls_sha256_context *) ctx,
output ) );-static void sha224_wrap( const unsigned char *input, size_t ilen,
unsigned char *output )+static int sha224_wrap( const unsigned char *input, size_t ilen,
unsigned char *output )
- mbedtls_sha256( input, ilen, output, 1 );
return( mbedtls_sha256_ret( input, ilen, output, 1 ) ); }
static void *sha224_ctx_alloc( void )
@@ -432,9 +439,10 @@ static void sha224_clone_wrap( void *dst, const void *src ) (const mbedtls_sha256_context *) src ); }
-static void sha224_process_wrap( void *ctx, const unsigned char *data ) +static int sha224_process_wrap( void *ctx, const unsigned char *data ) {
- mbedtls_sha256_process( (mbedtls_sha256_context *) ctx, data );
return( mbedtls_internal_sha256_process( (mbedtls_sha256_context *) ctx,
data ) );}
const mbedtls_md_info_t mbedtls_sha224_info = {
@@ -452,15 +460,15 @@ const mbedtls_md_info_t mbedtls_sha224_info = { sha224_process_wrap, };
-static void sha256_starts_wrap( void *ctx ) +static int sha256_starts_wrap( void *ctx ) {
- mbedtls_sha256_starts( (mbedtls_sha256_context *) ctx, 0 );
- return( mbedtls_sha256_starts_ret( (mbedtls_sha256_context *) ctx, 0 ) ); }
-static void sha256_wrap( const unsigned char *input, size_t ilen,
unsigned char *output )+static int sha256_wrap( const unsigned char *input, size_t ilen,
unsigned char *output )
- mbedtls_sha256( input, ilen, output, 0 );
return( mbedtls_sha256_ret( input, ilen, output, 0 ) ); }
const mbedtls_md_info_t mbedtls_sha256_info = {
@@ -482,26 +490,28 @@ const mbedtls_md_info_t mbedtls_sha256_info = {
#if defined(MBEDTLS_SHA512_C)
-static void sha384_starts_wrap( void *ctx ) +static int sha384_starts_wrap( void *ctx ) {
- mbedtls_sha512_starts( (mbedtls_sha512_context *) ctx, 1 );
- return( mbedtls_sha512_starts_ret( (mbedtls_sha512_context *) ctx, 1 ) ); }
-static void sha384_update_wrap( void *ctx, const unsigned char *input,
size_t ilen )+static int sha384_update_wrap( void *ctx, const unsigned char *input,
size_t ilen )
- mbedtls_sha512_update( (mbedtls_sha512_context *) ctx, input, ilen );
- return( mbedtls_sha512_update_ret( (mbedtls_sha512_context *) ctx,
input, ilen ) );-static void sha384_finish_wrap( void *ctx, unsigned char *output ) +static int sha384_finish_wrap( void *ctx, unsigned char *output ) {
- mbedtls_sha512_finish( (mbedtls_sha512_context *) ctx, output );
- return( mbedtls_sha512_finish_ret( (mbedtls_sha512_context *) ctx,
output ) );-static void sha384_wrap( const unsigned char *input, size_t ilen,
unsigned char *output )+static int sha384_wrap( const unsigned char *input, size_t ilen,
unsigned char *output )
- mbedtls_sha512( input, ilen, output, 1 );
return( mbedtls_sha512_ret( input, ilen, output, 1 ) ); }
static void *sha384_ctx_alloc( void )
@@ -526,9 +536,10 @@ static void sha384_clone_wrap( void *dst, const void *src ) (const mbedtls_sha512_context *) src ); }
-static void sha384_process_wrap( void *ctx, const unsigned char *data ) +static int sha384_process_wrap( void *ctx, const unsigned char *data ) {
- mbedtls_sha512_process( (mbedtls_sha512_context *) ctx, data );
return( mbedtls_internal_sha512_process( (mbedtls_sha512_context *) ctx,
data ) );}
const mbedtls_md_info_t mbedtls_sha384_info = {
@@ -546,15 +557,15 @@ const mbedtls_md_info_t mbedtls_sha384_info = { sha384_process_wrap, };
-static void sha512_starts_wrap( void *ctx ) +static int sha512_starts_wrap( void *ctx ) {
- mbedtls_sha512_starts( (mbedtls_sha512_context *) ctx, 0 );
- return( mbedtls_sha512_starts_ret( (mbedtls_sha512_context *) ctx, 0 ) ); }
-static void sha512_wrap( const unsigned char *input, size_t ilen,
unsigned char *output )+static int sha512_wrap( const unsigned char *input, size_t ilen,
unsigned char *output )
- mbedtls_sha512( input, ilen, output, 0 );
return( mbedtls_sha512_ret( input, ilen, output, 0 ) ); }
const mbedtls_md_info_t mbedtls_sha512_info = {
diff --git a/dll/3rdparty/mbedtls/memory_buffer_alloc.c b/dll/3rdparty/mbedtls/memory_buffer_alloc.c index cf0a2c69c5..73504c05e1 100644 --- a/dll/3rdparty/mbedtls/memory_buffer_alloc.c +++ b/dll/3rdparty/mbedtls/memory_buffer_alloc.c @@ -184,9 +184,9 @@ static int verify_header( memory_header *hdr )
static int verify_chain() {
- memory_header *prv = heap.first, *cur = heap.first->next;
- memory_header *prv = heap.first, *cur;
- if( verify_header( heap.first ) != 0 )
- if( prv == NULL || verify_header( prv ) != 0 ) { #if defined(MBEDTLS_MEMORY_DEBUG) mbedtls_fprintf( stderr, "FATAL: verification of first header "
@@ -204,6 +204,8 @@ static int verify_chain() return( 1 ); }
- cur = heap.first->next;
while( cur != NULL ) { if( verify_header( cur ) != 0 )@@ -247,7 +249,9 @@ static void *buffer_alloc_calloc( size_t n, size_t size )
original_len = len = n * size;
- if( n != 0 && len / n != size )
if( n == 0 || size == 0 || len / n != size )
return( NULL );else if( len > (size_t)-MBEDTLS_MEMORY_ALIGN_MULTIPLE ) return( NULL );
if( len % MBEDTLS_MEMORY_ALIGN_MULTIPLE )
@@ -388,7 +392,7 @@ static void buffer_alloc_free( void *ptr ) if( ptr == NULL || heap.buf == NULL || heap.first == NULL ) return;
- if( p < heap.buf || p > heap.buf + heap.len )
- if( p < heap.buf || p >= heap.buf + heap.len ) { #if defined(MBEDTLS_MEMORY_DEBUG) mbedtls_fprintf( stderr, "FATAL: mbedtls_free() outside of managed "
@@ -520,7 +524,9 @@ void mbedtls_memory_buffer_alloc_status() heap.alloc_count, heap.free_count );
if( heap.first->next == NULL )
- { mbedtls_fprintf( stderr, "All memory de-allocated in stack buffer\n" );
- } else { mbedtls_fprintf( stderr, "Memory currently allocated:\n" );
@@ -572,8 +578,7 @@ static void buffer_alloc_free_mutexed( void *ptr )
void mbedtls_memory_buffer_alloc_init( unsigned char *buf, size_t len ) {
- memset( &heap, 0, sizeof(buffer_alloc_ctx) );
- memset( buf, 0, len );
memset( &heap, 0, sizeof( buffer_alloc_ctx ) );
#if defined(MBEDTLS_THREADING_C) mbedtls_mutex_init( &heap.mutex );
@@ -583,20 +588,24 @@ void mbedtls_memory_buffer_alloc_init( unsigned char *buf, size_t len ) mbedtls_platform_set_calloc_free( buffer_alloc_calloc, buffer_alloc_free ); #endif
- if( (size_t) buf % MBEDTLS_MEMORY_ALIGN_MULTIPLE )
- if( len < sizeof( memory_header ) + MBEDTLS_MEMORY_ALIGN_MULTIPLE )
return;- else if( (size_t)buf % MBEDTLS_MEMORY_ALIGN_MULTIPLE ) { /* Adjust len first since buf is used in the computation */ len -= MBEDTLS_MEMORY_ALIGN_MULTIPLE
- (size_t) buf % MBEDTLS_MEMORY_ALIGN_MULTIPLE;
- (size_t)buf % MBEDTLS_MEMORY_ALIGN_MULTIPLE; buf += MBEDTLS_MEMORY_ALIGN_MULTIPLE
- (size_t) buf % MBEDTLS_MEMORY_ALIGN_MULTIPLE;
- (size_t)buf % MBEDTLS_MEMORY_ALIGN_MULTIPLE; }memset( buf, 0, len );
heap.buf = buf; heap.len = len;
- heap.first = (memory_header *) buf;
- heap.first->size = len - sizeof(memory_header);
- heap.first = (memory_header *)buf;
- heap.first->size = len - sizeof( memory_header ); heap.first->magic1 = MAGIC1; heap.first->magic2 = MAGIC2; heap.first_free = heap.first;
diff --git a/dll/3rdparty/mbedtls/net_sockets.c b/dll/3rdparty/mbedtls/net_sockets.c index 6b421999af..99348dc04f 100644 --- a/dll/3rdparty/mbedtls/net_sockets.c +++ b/dll/3rdparty/mbedtls/net_sockets.c @@ -47,11 +47,12 @@ #if (defined(_WIN32) || defined(_WIN32_WCE)) && !defined(EFIX64) && \ !defined(EFI32)
-#ifdef _WIN32_WINNT +#if !defined(_WIN32_WINNT) || (_WIN32_WINNT < 0x0501) #undef _WIN32_WINNT -#endif /* Enables getaddrinfo() & Co */ #define _WIN32_WINNT 0x0501 +#endif
#include <ws2tcpip.h>
#include <winsock2.h>
@@ -65,8 +66,8 @@ #endif #endif /* _MSC_VER */
-#define read(fd,buf,len) recv(fd,(char*)buf,(int) len,0) -#define write(fd,buf,len) send(fd,(char*)buf,(int) len,0) +#define read(fd,buf,len) recv( fd, (char*)( buf ), (int)( len ), 0 ) +#define write(fd,buf,len) send( fd, (char*)( buf ), (int)( len ), 0 ) #define close(fd) closesocket(fd)
static int wsa_init_done = 0; @@ -87,7 +88,7 @@ static int wsa_init_done = 0; #endif /* ( _WIN32 || _WIN32_WCE ) && !EFIX64 && !EFI32 */
/* Some MS functions want int and MSVC warns if we pass size_t,
- but the standard fucntions use socklen_t, so cast only for MSVC */
#if defined(_MSC_VER) #define MSVC_INT_CAST (int) #else
- but the standard functions use socklen_t, so cast only for MSVC */
@@ -272,13 +273,18 @@ static int net_would_block( const mbedtls_net_context *ctx ) */ static int net_would_block( const mbedtls_net_context *ctx ) {
- int err = errno;
/* * Never return 'WOULD BLOCK' on a non-blocking socket */ if( ( fcntl( ctx->fd, F_GETFL ) & O_NONBLOCK ) != O_NONBLOCK )- {
errno = err; return( 0 );- }
- switch( errno )
- switch( errno = err ) { #if defined EAGAIN case EAGAIN:
diff --git a/dll/3rdparty/mbedtls/oid.c b/dll/3rdparty/mbedtls/oid.c index e6fbb30dcb..962bd189a2 100644 --- a/dll/3rdparty/mbedtls/oid.c +++ b/dll/3rdparty/mbedtls/oid.c @@ -627,6 +627,51 @@ static const oid_md_alg_t oid_md_alg[] = FN_OID_TYPED_FROM_ASN1(oid_md_alg_t, md_alg, oid_md_alg) FN_OID_GET_ATTR1(mbedtls_oid_get_md_alg, oid_md_alg_t, md_alg, mbedtls_md_type_t, md_alg) FN_OID_GET_OID_BY_ATTR1(mbedtls_oid_get_oid_by_md, oid_md_alg_t, oid_md_alg, mbedtls_md_type_t, md_alg)
+/*
- For HMAC digestAlgorithm
- */
+typedef struct {
- mbedtls_oid_descriptor_t descriptor;
- mbedtls_md_type_t md_hmac;
+} oid_md_hmac_t;
+static const oid_md_hmac_t oid_md_hmac[] = +{ +#if defined(MBEDTLS_SHA1_C)
- {
{ ADD_LEN( MBEDTLS_OID_HMAC_SHA1 ), "hmacSHA1", "HMAC-SHA-1" },MBEDTLS_MD_SHA1,- },
+#endif /* MBEDTLS_SHA1_C */ +#if defined(MBEDTLS_SHA256_C)
- {
{ ADD_LEN( MBEDTLS_OID_HMAC_SHA224 ), "hmacSHA224", "HMAC-SHA-224" },MBEDTLS_MD_SHA224,- },
- {
{ ADD_LEN( MBEDTLS_OID_HMAC_SHA256 ), "hmacSHA256", "HMAC-SHA-256" },MBEDTLS_MD_SHA256,- },
+#endif /* MBEDTLS_SHA256_C */ +#if defined(MBEDTLS_SHA512_C)
- {
{ ADD_LEN( MBEDTLS_OID_HMAC_SHA384 ), "hmacSHA384", "HMAC-SHA-384" },MBEDTLS_MD_SHA384,- },
- {
{ ADD_LEN( MBEDTLS_OID_HMAC_SHA512 ), "hmacSHA512", "HMAC-SHA-512" },MBEDTLS_MD_SHA512,- },
+#endif /* MBEDTLS_SHA512_C */
- {
{ NULL, 0, NULL, NULL },MBEDTLS_MD_NONE,- },
+};
+FN_OID_TYPED_FROM_ASN1(oid_md_hmac_t, md_hmac, oid_md_hmac) +FN_OID_GET_ATTR1(mbedtls_oid_get_md_hmac, oid_md_hmac_t, md_hmac, mbedtls_md_type_t, md_hmac) #endif /* MBEDTLS_MD_C */
#if defined(MBEDTLS_PKCS12_C) diff --git a/dll/3rdparty/mbedtls/pem.c b/dll/3rdparty/mbedtls/pem.c index 2377685228..401c906eec 100644 --- a/dll/3rdparty/mbedtls/pem.c +++ b/dll/3rdparty/mbedtls/pem.c @@ -84,31 +84,33 @@ static int pem_get_iv( const unsigned char *s, unsigned char *iv, return( 0 ); }
-static void pem_pbkdf1( unsigned char *key, size_t keylen,
unsigned char *iv,const unsigned char *pwd, size_t pwdlen )+static int pem_pbkdf1( unsigned char *key, size_t keylen,
unsigned char *iv,const unsigned char *pwd, size_t pwdlen ){ mbedtls_md5_context md5_ctx; unsigned char md5sum[16]; size_t use_len;
int ret;
mbedtls_md5_init( &md5_ctx );
/*
- key[ 0..15] = MD5(pwd || IV)
*/
- mbedtls_md5_starts( &md5_ctx );
- mbedtls_md5_update( &md5_ctx, pwd, pwdlen );
- mbedtls_md5_update( &md5_ctx, iv, 8 );
- mbedtls_md5_finish( &md5_ctx, md5sum );
if( ( ret = mbedtls_md5_starts_ret( &md5_ctx ) ) != 0 )
goto exit;if( ( ret = mbedtls_md5_update_ret( &md5_ctx, pwd, pwdlen ) ) != 0 )
goto exit;if( ( ret = mbedtls_md5_update_ret( &md5_ctx, iv, 8 ) ) != 0 )
goto exit;if( ( ret = mbedtls_md5_finish_ret( &md5_ctx, md5sum ) ) != 0 )
goto exit; if( keylen <= 16 ) { memcpy( key, md5sum, keylen );
mbedtls_md5_free( &md5_ctx );mbedtls_zeroize( md5sum, 16 );return;
goto exit; } memcpy( key, md5sum, 16 );@@ -116,11 +118,16 @@ static void pem_pbkdf1( unsigned char *key, size_t keylen, /* * key[16..23] = MD5(key[ 0..15] || pwd || IV]) */
- mbedtls_md5_starts( &md5_ctx );
- mbedtls_md5_update( &md5_ctx, md5sum, 16 );
- mbedtls_md5_update( &md5_ctx, pwd, pwdlen );
- mbedtls_md5_update( &md5_ctx, iv, 8 );
- mbedtls_md5_finish( &md5_ctx, md5sum );
if( ( ret = mbedtls_md5_starts_ret( &md5_ctx ) ) != 0 )
goto exit;if( ( ret = mbedtls_md5_update_ret( &md5_ctx, md5sum, 16 ) ) != 0 )
goto exit;if( ( ret = mbedtls_md5_update_ret( &md5_ctx, pwd, pwdlen ) ) != 0 )
goto exit;if( ( ret = mbedtls_md5_update_ret( &md5_ctx, iv, 8 ) ) != 0 )
goto exit;if( ( ret = mbedtls_md5_finish_ret( &md5_ctx, md5sum ) ) != 0 )
goto exit; use_len = 16; if( keylen < 32 )@@ -128,53 +135,68 @@ static void pem_pbkdf1( unsigned char *key, size_t keylen,
memcpy( key + 16, md5sum, use_len );+exit: mbedtls_md5_free( &md5_ctx ); mbedtls_zeroize( md5sum, 16 );
return( ret ); }
#if defined(MBEDTLS_DES_C) /*
- Decrypt with DES-CBC, using PBKDF1 for key derivation
*/
-static void pem_des_decrypt( unsigned char des_iv[8],
unsigned char *buf, size_t buflen,const unsigned char *pwd, size_t pwdlen )+static int pem_des_decrypt( unsigned char des_iv[8],
unsigned char *buf, size_t buflen,const unsigned char *pwd, size_t pwdlen ){ mbedtls_des_context des_ctx; unsigned char des_key[8];
int ret;
mbedtls_des_init( &des_ctx );
- pem_pbkdf1( des_key, 8, des_iv, pwd, pwdlen );
- if( ( ret = pem_pbkdf1( des_key, 8, des_iv, pwd, pwdlen ) ) != 0 )
goto exit;
- mbedtls_des_setkey_dec( &des_ctx, des_key );
- mbedtls_des_crypt_cbc( &des_ctx, MBEDTLS_DES_DECRYPT, buflen,
- if( ( ret = mbedtls_des_setkey_dec( &des_ctx, des_key ) ) != 0 )
goto exit;- ret = mbedtls_des_crypt_cbc( &des_ctx, MBEDTLS_DES_DECRYPT, buflen, des_iv, buf, buf );
+exit: mbedtls_des_free( &des_ctx ); mbedtls_zeroize( des_key, 8 );
return( ret ); }
/*
- Decrypt with 3DES-CBC, using PBKDF1 for key derivation
*/
-static void pem_des3_decrypt( unsigned char des3_iv[8],
unsigned char *buf, size_t buflen,const unsigned char *pwd, size_t pwdlen )+static int pem_des3_decrypt( unsigned char des3_iv[8],
unsigned char *buf, size_t buflen,const unsigned char *pwd, size_t pwdlen ){ mbedtls_des3_context des3_ctx; unsigned char des3_key[24];
int ret;
mbedtls_des3_init( &des3_ctx );
- pem_pbkdf1( des3_key, 24, des3_iv, pwd, pwdlen );
- if( ( ret = pem_pbkdf1( des3_key, 24, des3_iv, pwd, pwdlen ) ) != 0 )
goto exit;
- mbedtls_des3_set3key_dec( &des3_ctx, des3_key );
- mbedtls_des3_crypt_cbc( &des3_ctx, MBEDTLS_DES_DECRYPT, buflen,
- if( ( ret = mbedtls_des3_set3key_dec( &des3_ctx, des3_key ) ) != 0 )
goto exit;- ret = mbedtls_des3_crypt_cbc( &des3_ctx, MBEDTLS_DES_DECRYPT, buflen, des3_iv, buf, buf );
+exit: mbedtls_des3_free( &des3_ctx ); mbedtls_zeroize( des3_key, 24 );
- return( ret ); } #endif /* MBEDTLS_DES_C */
@@ -182,23 +204,29 @@ static void pem_des3_decrypt( unsigned char des3_iv[8], /*
- Decrypt with AES-XXX-CBC, using PBKDF1 for key derivation
*/ -static void pem_aes_decrypt( unsigned char aes_iv[16], unsigned int keylen,
unsigned char *buf, size_t buflen,const unsigned char *pwd, size_t pwdlen )+static int pem_aes_decrypt( unsigned char aes_iv[16], unsigned int keylen,
unsigned char *buf, size_t buflen,const unsigned char *pwd, size_t pwdlen ){ mbedtls_aes_context aes_ctx; unsigned char aes_key[32];
int ret;
mbedtls_aes_init( &aes_ctx );
- pem_pbkdf1( aes_key, keylen, aes_iv, pwd, pwdlen );
- if( ( ret = pem_pbkdf1( aes_key, keylen, aes_iv, pwd, pwdlen ) ) != 0 )
goto exit;
- mbedtls_aes_setkey_dec( &aes_ctx, aes_key, keylen * 8 );
- mbedtls_aes_crypt_cbc( &aes_ctx, MBEDTLS_AES_DECRYPT, buflen,
- if( ( ret = mbedtls_aes_setkey_dec( &aes_ctx, aes_key, keylen * 8 ) ) != 0 )
goto exit;- ret = mbedtls_aes_crypt_cbc( &aes_ctx, MBEDTLS_AES_DECRYPT, buflen, aes_iv, buf, buf );
+exit: mbedtls_aes_free( &aes_ctx ); mbedtls_zeroize( aes_key, keylen );
- return( ret ); } #endif /* MBEDTLS_AES_C */
@@ -333,6 +361,7 @@ int mbedtls_pem_read_buffer( mbedtls_pem_context *ctx, const char *header, const
if( ( ret = mbedtls_base64_decode( buf, len, &len, s1, s2 - s1 ) ) != 0 ) {
mbedtls_zeroize( buf, len ); mbedtls_free( buf ); return( MBEDTLS_ERR_PEM_INVALID_DATA + ret ); }@@ -343,26 +372,35 @@ int mbedtls_pem_read_buffer( mbedtls_pem_context *ctx, const char *header, const ( defined(MBEDTLS_DES_C) || defined(MBEDTLS_AES_C) ) if( pwd == NULL ) {
mbedtls_zeroize( buf, len ); mbedtls_free( buf ); return( MBEDTLS_ERR_PEM_PASSWORD_REQUIRED ); }ret = 0;#if defined(MBEDTLS_DES_C) if( enc_alg == MBEDTLS_CIPHER_DES_EDE3_CBC )
pem_des3_decrypt( pem_iv, buf, len, pwd, pwdlen );
ret = pem_des3_decrypt( pem_iv, buf, len, pwd, pwdlen ); else if( enc_alg == MBEDTLS_CIPHER_DES_CBC )
pem_des_decrypt( pem_iv, buf, len, pwd, pwdlen );
ret = pem_des_decrypt( pem_iv, buf, len, pwd, pwdlen );#endif /* MBEDTLS_DES_C */
#if defined(MBEDTLS_AES_C) if( enc_alg == MBEDTLS_CIPHER_AES_128_CBC )
pem_aes_decrypt( pem_iv, 16, buf, len, pwd, pwdlen );
ret = pem_aes_decrypt( pem_iv, 16, buf, len, pwd, pwdlen ); else if( enc_alg == MBEDTLS_CIPHER_AES_192_CBC )
pem_aes_decrypt( pem_iv, 24, buf, len, pwd, pwdlen );
ret = pem_aes_decrypt( pem_iv, 24, buf, len, pwd, pwdlen ); else if( enc_alg == MBEDTLS_CIPHER_AES_256_CBC )
pem_aes_decrypt( pem_iv, 32, buf, len, pwd, pwdlen );
ret = pem_aes_decrypt( pem_iv, 32, buf, len, pwd, pwdlen );#endif /* MBEDTLS_AES_C */
if( ret != 0 ){mbedtls_free( buf );return( ret );}/* * The result will be ASN.1 starting with a SEQUENCE tag, with 1 to 3 * length bytes (allow 4 to be sure) in all known use cases.@@ -371,10 +409,12 @@ int mbedtls_pem_read_buffer( mbedtls_pem_context *ctx, const char *header, const */ if( len <= 2 || buf[0] != 0x30 || buf[1] > 0x83 ) {
mbedtls_zeroize( buf, len ); mbedtls_free( buf ); return( MBEDTLS_ERR_PEM_PASSWORD_MISMATCH ); }mbedtls_zeroize( buf, len ); mbedtls_free( buf ); return( MBEDTLS_ERR_PEM_FEATURE_UNAVAILABLE );@@ -389,6 +429,8 @@ int mbedtls_pem_read_buffer( mbedtls_pem_context *ctx, const char *header, const
void mbedtls_pem_free( mbedtls_pem_context *ctx ) {
- if( ctx->buf != NULL )
mbedtls_zeroize( ctx->buf, ctx->buflen ); mbedtls_free( ctx->buf ); mbedtls_free( ctx->info );@@ -402,7 +444,7 @@ int mbedtls_pem_write_buffer( const char *header, const char *footer, unsigned char *buf, size_t buf_len, size_t *olen ) { int ret;
- unsigned char *encode_buf, *c, *p = buf;
unsigned char *encode_buf = NULL, *c, *p = buf; size_t len = 0, use_len, add_len = 0;
mbedtls_base64_encode( NULL, 0, &use_len, der_data, der_len );
@@ -414,7 +456,8 @@ int mbedtls_pem_write_buffer( const char *header, const char *footer, return( MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL ); }
- if( ( encode_buf = mbedtls_calloc( 1, use_len ) ) == NULL )
if( use_len != 0 &&
( ( encode_buf = mbedtls_calloc( 1, use_len ) ) == NULL ) ) return( MBEDTLS_ERR_PEM_ALLOC_FAILED ); if( ( ret = mbedtls_base64_encode( encode_buf, use_len, &use_len, der_data,diff --git a/dll/3rdparty/mbedtls/pk.c b/dll/3rdparty/mbedtls/pk.c index 1b2f829e3f..a369df2a9e 100644 --- a/dll/3rdparty/mbedtls/pk.c +++ b/dll/3rdparty/mbedtls/pk.c @@ -31,8 +31,6 @@ #include "mbedtls/pk.h" #include "mbedtls/pk_internal.h"
-#include "mbedtls/bignum.h"
- #if defined(MBEDTLS_RSA_C) #include "mbedtls/rsa.h" #endif
@@ -44,6 +42,7 @@ #endif
#include <limits.h> +#include <stdint.h>
/* Implementation that should never be optimized out by the compiler */ static void mbedtls_zeroize( void *v, size_t n ) { @@ -215,10 +214,10 @@ int mbedtls_pk_verify_ext( mbedtls_pk_type_t type, const void *options, int ret; const mbedtls_pk_rsassa_pss_options *pss_opts;
-#if defined(MBEDTLS_HAVE_INT64) +#if SIZE_MAX > UINT_MAX if( md_alg == MBEDTLS_MD_NONE && UINT_MAX < hash_len ) return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); -#endif /* MBEDTLS_HAVE_INT64 */ +#endif /* SIZE_MAX > UINT_MAX */
if( options == NULL ) return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );diff --git a/dll/3rdparty/mbedtls/pk_wrap.c b/dll/3rdparty/mbedtls/pk_wrap.c index e7443b23db..2c24799e38 100644 --- a/dll/3rdparty/mbedtls/pk_wrap.c +++ b/dll/3rdparty/mbedtls/pk_wrap.c @@ -32,7 +32,6 @@
/* Even if RSA not activated, for the sake of RSA-alt */ #include "mbedtls/rsa.h" -#include "mbedtls/bignum.h"
#include <string.h>
@@ -53,6 +52,7 @@ #endif
#include <limits.h> +#include <stdint.h>
#if defined(MBEDTLS_PK_RSA_ALT_SUPPORT) /* Implementation that should never be optimized out by the compiler */ @@ -70,7 +70,8 @@ static int rsa_can_do( mbedtls_pk_type_t type )
static size_t rsa_get_bitlen( const void *ctx ) {
- return( 8 * ((const mbedtls_rsa_context *) ctx)->len );
const mbedtls_rsa_context * rsa = (const mbedtls_rsa_context *) ctx;
return( 8 * mbedtls_rsa_get_len( rsa ) ); }
static int rsa_verify_wrap( void *ctx, mbedtls_md_type_t md_alg,
@@ -78,21 +79,28 @@ static int rsa_verify_wrap( void *ctx, mbedtls_md_type_t md_alg, const unsigned char *sig, size_t sig_len ) { int ret;
- mbedtls_rsa_context * rsa = (mbedtls_rsa_context *) ctx;
- size_t rsa_len = mbedtls_rsa_get_len( rsa );
-#if defined(MBEDTLS_HAVE_INT64) +#if SIZE_MAX > UINT_MAX if( md_alg == MBEDTLS_MD_NONE && UINT_MAX < hash_len ) return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); -#endif /* MBEDTLS_HAVE_INT64 */ +#endif /* SIZE_MAX > UINT_MAX */
- if( sig_len < ((mbedtls_rsa_context *) ctx)->len )
- if( sig_len < rsa_len ) return( MBEDTLS_ERR_RSA_VERIFY_FAILED );
- if( ( ret = mbedtls_rsa_pkcs1_verify( (mbedtls_rsa_context *) ctx, NULL, NULL,
- if( ( ret = mbedtls_rsa_pkcs1_verify( rsa, NULL, NULL, MBEDTLS_RSA_PUBLIC, md_alg, (unsigned int) hash_len, hash, sig ) ) != 0 ) return( ret );
- if( sig_len > ((mbedtls_rsa_context *) ctx)->len )
/* The buffer contains a valid signature followed by extra data.
* We have a special error code for that so that so that callers can* use mbedtls_pk_verify() to check "Does the buffer start with a* valid signature?" and not just "Does the buffer contain a valid* signature?". */if( sig_len > rsa_len ) return( MBEDTLS_ERR_PK_SIG_LEN_MISMATCH );
return( 0 );
@@ -103,14 +111,16 @@ static int rsa_sign_wrap( void *ctx, mbedtls_md_type_t md_alg, unsigned char *sig, size_t *sig_len, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) { -#if defined(MBEDTLS_HAVE_INT64)
- mbedtls_rsa_context * rsa = (mbedtls_rsa_context *) ctx;
+#if SIZE_MAX > UINT_MAX if( md_alg == MBEDTLS_MD_NONE && UINT_MAX < hash_len ) return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); -#endif /* MBEDTLS_HAVE_INT64 */ +#endif /* SIZE_MAX > UINT_MAX */
- *sig_len = ((mbedtls_rsa_context *) ctx)->len;
- *sig_len = mbedtls_rsa_get_len( rsa );
- return( mbedtls_rsa_pkcs1_sign( (mbedtls_rsa_context *) ctx, f_rng, p_rng, MBEDTLS_RSA_PRIVATE,
- return( mbedtls_rsa_pkcs1_sign( rsa, f_rng, p_rng, MBEDTLS_RSA_PRIVATE, md_alg, (unsigned int) hash_len, hash, sig ) ); }
@@ -119,10 +129,12 @@ static int rsa_decrypt_wrap( void *ctx, unsigned char *output, size_t *olen, size_t osize, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) {
- if( ilen != ((mbedtls_rsa_context *) ctx)->len )
- mbedtls_rsa_context * rsa = (mbedtls_rsa_context *) ctx;
- if( ilen != mbedtls_rsa_get_len( rsa ) ) return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
- return( mbedtls_rsa_pkcs1_decrypt( (mbedtls_rsa_context *) ctx, f_rng, p_rng,
- return( mbedtls_rsa_pkcs1_decrypt( rsa, f_rng, p_rng, MBEDTLS_RSA_PRIVATE, olen, input, output, osize ) ); }
@@ -131,13 +143,14 @@ static int rsa_encrypt_wrap( void *ctx, unsigned char *output, size_t *olen, size_t osize, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) {
- *olen = ((mbedtls_rsa_context *) ctx)->len;
mbedtls_rsa_context * rsa = (mbedtls_rsa_context *) ctx;
*olen = mbedtls_rsa_get_len( rsa );
if( *olen > osize ) return( MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE );
- return( mbedtls_rsa_pkcs1_encrypt( (mbedtls_rsa_context *) ctx,
f_rng, p_rng, MBEDTLS_RSA_PUBLIC, ilen, input, output ) );
return( mbedtls_rsa_pkcs1_encrypt( rsa, f_rng, p_rng, MBEDTLS_RSA_PUBLIC,
ilen, input, output ) );}
static int rsa_check_pair_wrap( const void *pub, const void *prv )
@@ -417,10 +430,10 @@ static int rsa_alt_sign_wrap( void *ctx, mbedtls_md_type_t md_alg, { mbedtls_rsa_alt_context *rsa_alt = (mbedtls_rsa_alt_context *) ctx;
-#if defined(MBEDTLS_HAVE_INT64) +#if SIZE_MAX > UINT_MAX if( UINT_MAX < hash_len ) return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); -#endif /* MBEDTLS_HAVE_INT64 */ +#endif /* SIZE_MAX > UINT_MAX */
*sig_len = rsa_alt->key_len_func( rsa_alt->key );diff --git a/dll/3rdparty/mbedtls/pkcs5.c b/dll/3rdparty/mbedtls/pkcs5.c index 96f7a04064..e62d663d25 100644 --- a/dll/3rdparty/mbedtls/pkcs5.c +++ b/dll/3rdparty/mbedtls/pkcs5.c @@ -40,9 +40,12 @@ #if defined(MBEDTLS_PKCS5_C)
#include "mbedtls/pkcs5.h"
+#if defined(MBEDTLS_ASN1_PARSE_C) #include "mbedtls/asn1.h" #include "mbedtls/cipher.h" #include "mbedtls/oid.h" +#endif /* MBEDTLS_ASN1_PARSE_C */
#include <string.h>
@@ -53,6 +56,22 @@ #define mbedtls_printf printf #endif
+#if !defined(MBEDTLS_ASN1_PARSE_C) +int mbedtls_pkcs5_pbes2( const mbedtls_asn1_buf *pbe_params, int mode,
const unsigned char *pwd, size_t pwdlen,const unsigned char *data, size_t datalen,unsigned char *output )+{
- ((void) pbe_params);
- ((void) mode);
- ((void) pwd);
- ((void) pwdlen);
- ((void) data);
- ((void) datalen);
- ((void) output);
- return( MBEDTLS_ERR_PKCS5_FEATURE_UNAVAILABLE );
+} +#else static int pkcs5_parse_pbkdf2_params( const mbedtls_asn1_buf *params, mbedtls_asn1_buf *salt, int *iterations, int *keylen, mbedtls_md_type_t *md_type ) @@ -98,11 +117,9 @@ static int pkcs5_parse_pbkdf2_params( const mbedtls_asn1_buf *params, if( ( ret = mbedtls_asn1_get_alg_null( &p, end, &prf_alg_oid ) ) != 0 ) return( MBEDTLS_ERR_PKCS5_INVALID_FORMAT + ret );
- if( MBEDTLS_OID_CMP( MBEDTLS_OID_HMAC_SHA1, &prf_alg_oid ) != 0 )
- if( mbedtls_oid_get_md_hmac( &prf_alg_oid, md_type ) != 0 ) return( MBEDTLS_ERR_PKCS5_FEATURE_UNAVAILABLE );
- *md_type = MBEDTLS_MD_SHA1;
if( p != end ) return( MBEDTLS_ERR_PKCS5_INVALID_FORMAT + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );@@ -215,6 +232,7 @@ exit:
return( ret );} +#endif /* MBEDTLS_ASN1_PARSE_C */
int mbedtls_pkcs5_pbkdf2_hmac( mbedtls_md_context_t *ctx, const unsigned char *password, size_t plen, const unsigned char *salt, size_t slen, @@ -233,8 +251,10 @@ int mbedtls_pkcs5_pbkdf2_hmac( mbedtls_md_context_t *ctx, const unsigned char *p memset( counter, 0, 4 ); counter[3] = 1;
+#if UINT_MAX > 0xFFFFFFFF if( iteration_count > 0xFFFFFFFF ) return( MBEDTLS_ERR_PKCS5_BAD_INPUT_DATA ); +#endif
while( key_length ) {diff --git a/dll/3rdparty/mbedtls/pkparse.c b/dll/3rdparty/mbedtls/pkparse.c index 569ebf7953..c8da059163 100644 --- a/dll/3rdparty/mbedtls/pkparse.c +++ b/dll/3rdparty/mbedtls/pkparse.c @@ -62,12 +62,15 @@ #define mbedtls_free free #endif
-#if defined(MBEDTLS_FS_IO) +#if defined(MBEDTLS_FS_IO) || \
- defined(MBEDTLS_PKCS12_C) || defined(MBEDTLS_PKCS5_C) /* Implementation that should never be optimized out by the compiler */ static void mbedtls_zeroize( void *v, size_t n ) { volatile unsigned char *p = v; while( n-- ) *p++ = 0; }
+#endif
+#if defined(MBEDTLS_FS_IO) /*
- Load all data from a file into a given buffer.
@@ -103,7 +106,10 @@ int mbedtls_pk_load_file( const char *path, unsigned char **buf, size_t *n ) if( fread( *buf, 1, *n, f ) != *n ) { fclose( f );
mbedtls_zeroize( *buf, *n ); mbedtls_free( *buf );return( MBEDTLS_ERR_PK_FILE_IO_ERROR ); }@@ -177,6 +183,10 @@ static int pk_get_ecparams( unsigned char **p, const unsigned char *end, { int ret;
- if ( end - *p < 1 )
return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT +MBEDTLS_ERR_ASN1_OUT_OF_DATA );/* Tag may be either OID or SEQUENCE */ params->tag = **p; if( params->tag != MBEDTLS_ASN1_OID@@ -522,18 +532,35 @@ static int pk_get_rsapubkey( unsigned char **p, return( MBEDTLS_ERR_PK_INVALID_PUBKEY + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
- if( ( ret = mbedtls_asn1_get_mpi( p, end, &rsa->N ) ) != 0 ||
( ret = mbedtls_asn1_get_mpi( p, end, &rsa->E ) ) != 0 )
- /* Import N */
- if( ( ret = mbedtls_asn1_get_tag( p, end, &len, MBEDTLS_ASN1_INTEGER ) ) != 0 ) return( MBEDTLS_ERR_PK_INVALID_PUBKEY + ret );
- if( *p != end )
return( MBEDTLS_ERR_PK_INVALID_PUBKEY +MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
- if( ( ret = mbedtls_rsa_import_raw( rsa, *p, len, NULL, 0, NULL, 0,
NULL, 0, NULL, 0 ) ) != 0 )return( MBEDTLS_ERR_PK_INVALID_PUBKEY );- *p += len;
- if( ( ret = mbedtls_rsa_check_pubkey( rsa ) ) != 0 )
- /* Import E */
- if( ( ret = mbedtls_asn1_get_tag( p, end, &len, MBEDTLS_ASN1_INTEGER ) ) != 0 )
return( MBEDTLS_ERR_PK_INVALID_PUBKEY + ret );- if( ( ret = mbedtls_rsa_import_raw( rsa, NULL, 0, NULL, 0, NULL, 0,
NULL, 0, *p, len ) ) != 0 ) return( MBEDTLS_ERR_PK_INVALID_PUBKEY );
- rsa->len = mbedtls_mpi_size( &rsa->N );
*p += len;
if( mbedtls_rsa_complete( rsa ) != 0 ||
mbedtls_rsa_check_pubkey( rsa ) != 0 ){
return( MBEDTLS_ERR_PK_INVALID_PUBKEY );}
if( *p != end )
return( MBEDTLS_ERR_PK_INVALID_PUBKEY +MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); return( 0 );}
@@ -645,10 +672,13 @@ static int pk_parse_key_pkcs1_der( mbedtls_rsa_context *rsa, const unsigned char *key, size_t keylen ) {
- int ret;
int ret, version; size_t len; unsigned char *p, *end;
mbedtls_mpi T;
mbedtls_mpi_init( &T );
p = (unsigned char *) key; end = p + keylen;@@ -676,45 +706,88 @@ static int pk_parse_key_pkcs1_der( mbedtls_rsa_context *rsa,
end = p + len;
- if( ( ret = mbedtls_asn1_get_int( &p, end, &rsa->ver ) ) != 0 )
- if( ( ret = mbedtls_asn1_get_int( &p, end, &version ) ) != 0 ) { return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); }
- if( rsa->ver != 0 )
- if( version != 0 ) { return( MBEDTLS_ERR_PK_KEY_INVALID_VERSION ); }
- if( ( ret = mbedtls_asn1_get_mpi( &p, end, &rsa->N ) ) != 0 ||
( ret = mbedtls_asn1_get_mpi( &p, end, &rsa->E ) ) != 0 ||( ret = mbedtls_asn1_get_mpi( &p, end, &rsa->D ) ) != 0 ||( ret = mbedtls_asn1_get_mpi( &p, end, &rsa->P ) ) != 0 ||( ret = mbedtls_asn1_get_mpi( &p, end, &rsa->Q ) ) != 0 ||( ret = mbedtls_asn1_get_mpi( &p, end, &rsa->DP ) ) != 0 ||( ret = mbedtls_asn1_get_mpi( &p, end, &rsa->DQ ) ) != 0 ||( ret = mbedtls_asn1_get_mpi( &p, end, &rsa->QP ) ) != 0 )- {
mbedtls_rsa_free( rsa );return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );- }
- /* Import N */
- if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
MBEDTLS_ASN1_INTEGER ) ) != 0 ||( ret = mbedtls_rsa_import_raw( rsa, p, len, NULL, 0, NULL, 0,NULL, 0, NULL, 0 ) ) != 0 )goto cleanup;- p += len;
- rsa->len = mbedtls_mpi_size( &rsa->N );
/* Import E */
if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
MBEDTLS_ASN1_INTEGER ) ) != 0 ||( ret = mbedtls_rsa_import_raw( rsa, NULL, 0, NULL, 0, NULL, 0,NULL, 0, p, len ) ) != 0 )goto cleanup;p += len;
/* Import D */
if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
MBEDTLS_ASN1_INTEGER ) ) != 0 ||( ret = mbedtls_rsa_import_raw( rsa, NULL, 0, NULL, 0, NULL, 0,p, len, NULL, 0 ) ) != 0 )goto cleanup;p += len;
/* Import P */
if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
MBEDTLS_ASN1_INTEGER ) ) != 0 ||( ret = mbedtls_rsa_import_raw( rsa, NULL, 0, p, len, NULL, 0,NULL, 0, NULL, 0 ) ) != 0 )goto cleanup;p += len;
/* Import Q */
if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
MBEDTLS_ASN1_INTEGER ) ) != 0 ||( ret = mbedtls_rsa_import_raw( rsa, NULL, 0, NULL, 0, p, len,NULL, 0, NULL, 0 ) ) != 0 )goto cleanup;p += len;
/* Complete the RSA private key */
if( ( ret = mbedtls_rsa_complete( rsa ) ) != 0 )
goto cleanup;/* Check optional parameters */
if( ( ret = mbedtls_asn1_get_mpi( &p, end, &T ) ) != 0 ||
( ret = mbedtls_asn1_get_mpi( &p, end, &T ) ) != 0 ||( ret = mbedtls_asn1_get_mpi( &p, end, &T ) ) != 0 )goto cleanup; if( p != end ) {
mbedtls_rsa_free( rsa );return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT +MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
ret = MBEDTLS_ERR_PK_KEY_INVALID_FORMAT +MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ; }
- if( ( ret = mbedtls_rsa_check_privkey( rsa ) ) != 0 )
+cleanup:
- mbedtls_mpi_free( &T );
- if( ret != 0 ) {
/* Wrap error code if it's coming from a lower level */if( ( ret & 0xff80 ) == 0 )ret = MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret;elseret = MBEDTLS_ERR_PK_KEY_INVALID_FORMAT;mbedtls_rsa_free( rsa );
return( ret ); }return( 0 );
- return( ret ); } #endif /* MBEDTLS_RSA_C */
@@ -790,7 +863,10 @@ static int pk_parse_key_sec1_der( mbedtls_ecp_keypair *eck, mbedtls_ecp_keypair_free( eck ); return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); }
}
if( p != end )
{ /* * Is 'publickey' present? If not, or if we can't read it (eg because it * is compressed), create it from the private key.
@@ -846,6 +922,16 @@ static int pk_parse_key_sec1_der( mbedtls_ecp_keypair *eck,
/*
- Parse an unencrypted PKCS#8 encoded private key
- Notes:
- This function does not own the key buffer. It is the
- responsibility of the caller to take care of zeroizing
- and freeing it after use.
- The function is responsible for freeing the provided
- PK context on failure.
*/ static int pk_parse_key_pkcs8_unencrypted_der( mbedtls_pk_context *pk,
@@ -861,7 +947,7 @@ static int pk_parse_key_pkcs8_unencrypted_der( const mbedtls_pk_info_t *pk_info;
/*
* This function parses the PrivatKeyInfo object (PKCS#8 v1.2 = RFC 5208)
* This function parses the PrivateKeyInfo object (PKCS#8 v1.2 = RFC 5208) * * PrivateKeyInfo ::= SEQUENCE { * version Version,@@ -934,16 +1020,22 @@ static int pk_parse_key_pkcs8_unencrypted_der(
/*
- Parse an encrypted PKCS#8 encoded private key
- To save space, the decryption happens in-place on the given key buffer.
- Also, while this function may modify the keybuffer, it doesn't own it,
- and instead it is the responsibility of the caller to zeroize and properly
- free it after use.
*/ #if defined(MBEDTLS_PKCS12_C) || defined(MBEDTLS_PKCS5_C) static int pk_parse_key_pkcs8_encrypted_der( mbedtls_pk_context *pk,
const unsigned char *key, size_t keylen,
unsigned char *key, size_t keylen, const unsigned char *pwd, size_t pwdlen )
- unsigned char buf[2048];
- unsigned char *buf; unsigned char *p, *end; mbedtls_asn1_buf pbe_alg_oid, pbe_params; #if defined(MBEDTLS_PKCS12_C)
@@ -951,16 +1043,14 @@ static int pk_parse_key_pkcs8_encrypted_der( mbedtls_md_type_t md_alg; #endif
- memset( buf, 0, sizeof( buf ) );
- p = (unsigned char *) key;
p = key; end = p + keylen;
if( pwdlen == 0 ) return( MBEDTLS_ERR_PK_PASSWORD_REQUIRED );
/*
* This function parses the EncryptedPrivatKeyInfo object (PKCS#8)
* This function parses the EncryptedPrivateKeyInfo object (PKCS#8) * * EncryptedPrivateKeyInfo ::= SEQUENCE { * encryptionAlgorithm EncryptionAlgorithmIdentifier,@@ -972,6 +1062,7 @@ static int pk_parse_key_pkcs8_encrypted_der( * EncryptedData ::= OCTET STRING * * The EncryptedData OCTET STRING is a PKCS#8 PrivateKeyInfo
* */ if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )@@ -987,11 +1078,10 @@ static int pk_parse_key_pkcs8_encrypted_der( if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 ) return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
- if( len > sizeof( buf ) )
return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
buf = p;
/*
* Decrypt EncryptedData with appropriate PDE
* Decrypt EncryptedData with appropriate PBE */@@ -1083,10 +1173,8 @@ int mbedtls_pk_parse_key( mbedtls_pk_context *pk,
if( ret == 0 ) {
if( ( pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ) ) == NULL )return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG );if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 ||
pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_RSA );if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 || ( ret = pk_parse_key_pkcs1_der( mbedtls_pk_rsa( *pk ), pem.buf, pem.buflen ) ) != 0 ) {@@ -1115,10 +1203,9 @@ int mbedtls_pk_parse_key( mbedtls_pk_context *pk, key, pwd, pwdlen, &len ); if( ret == 0 ) {
if( ( pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_ECKEY ) ) == NULL )return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG );
pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_ECKEY );
if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 ||
if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 || ( ret = pk_parse_key_sec1_der( mbedtls_pk_ec( *pk ), pem.buf, pem.buflen ) ) != 0 ) {@@ -1183,7 +1270,6 @@ int mbedtls_pk_parse_key( mbedtls_pk_context *pk, return( ret ); #endif /* MBEDTLS_PKCS12_C || MBEDTLS_PKCS5_C */ #else
- ((void) ret); ((void) pwd); ((void) pwdlen); #endif /* MBEDTLS_PEM_PARSE_C */
@@ -1196,12 +1282,27 @@ int mbedtls_pk_parse_key( mbedtls_pk_context *pk, * error */ #if defined(MBEDTLS_PKCS12_C) || defined(MBEDTLS_PKCS5_C)
- if( ( ret = pk_parse_key_pkcs8_encrypted_der( pk, key, keylen,
pwd, pwdlen ) ) == 0 ) {return( 0 );
unsigned char *key_copy;if( keylen == 0 )return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT );if( ( key_copy = mbedtls_calloc( 1, keylen ) ) == NULL )return( MBEDTLS_ERR_PK_ALLOC_FAILED );memcpy( key_copy, key, keylen );ret = pk_parse_key_pkcs8_encrypted_der( pk, key_copy, keylen,pwd, pwdlen );mbedtls_zeroize( key_copy, keylen );mbedtls_free( key_copy ); }if( ret == 0 )
return( 0 );mbedtls_pk_free( pk ); if( ret == MBEDTLS_ERR_PK_PASSWORD_MISMATCH )@@ -1216,29 +1317,35 @@ int mbedtls_pk_parse_key( mbedtls_pk_context *pk, mbedtls_pk_free( pk );
#if defined(MBEDTLS_RSA_C)
if( ( pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ) ) == NULL )
return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG );if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 ||
( ret = pk_parse_key_pkcs1_der( mbedtls_pk_rsa( *pk ), key, keylen ) ) == 0 )
- pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_RSA );
- if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 ||
( ret = pk_parse_key_pkcs1_der( mbedtls_pk_rsa( *pk ),key, keylen ) ) != 0 )- {
mbedtls_pk_free( pk );- }
- else { return( 0 ); }
mbedtls_pk_free( pk ); #endif /* MBEDTLS_RSA_C */
#if defined(MBEDTLS_ECP_C)
if( ( pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_ECKEY ) ) == NULL )
return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG );if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 ||
( ret = pk_parse_key_sec1_der( mbedtls_pk_ec( *pk ), key, keylen ) ) == 0 )
- pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_ECKEY );
- if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 ||
( ret = pk_parse_key_sec1_der( mbedtls_pk_ec( *pk ),key, keylen ) ) != 0 )- {
mbedtls_pk_free( pk );- }
- else { return( 0 ); }
mbedtls_pk_free( pk ); #endif /* MBEDTLS_ECP_C */
return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT );
diff --git a/dll/3rdparty/mbedtls/pkwrite.c b/dll/3rdparty/mbedtls/pkwrite.c index ae79cf4131..8e0bb2e605 100644 --- a/dll/3rdparty/mbedtls/pkwrite.c +++ b/dll/3rdparty/mbedtls/pkwrite.c @@ -64,13 +64,31 @@
- }
*/ static int pk_write_rsa_pubkey( unsigned char **p, unsigned char *start,
mbedtls_rsa_context *rsa )
mbedtls_rsa_context *rsa )- mbedtls_mpi T;
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_mpi( p, start, &rsa->E ) );
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_mpi( p, start, &rsa->N ) );
- mbedtls_mpi_init( &T );
- /* Export E */
- if ( ( ret = mbedtls_rsa_export( rsa, NULL, NULL, NULL, NULL, &T ) ) != 0 ||
( ret = mbedtls_asn1_write_mpi( p, start, &T ) ) < 0 )goto end_of_export;- len += ret;
- /* Export N */
- if ( ( ret = mbedtls_rsa_export( rsa, &T, NULL, NULL, NULL, NULL ) ) != 0 ||
( ret = mbedtls_asn1_write_mpi( p, start, &T ) ) < 0 )goto end_of_export;... 18470 lines suppressed ...