https://git.reactos.org/?p=reactos.git;a=commitdiff;h=a01a8faa603f347cab19d…
commit a01a8faa603f347cab19dfc0c4ae4df1fe99bd28
Author: Thomas Faber <thomas.faber(a)reactos.org>
AuthorDate: Sat Sep 11 20:10:19 2021 -0400
Commit: Thomas Faber <thomas.faber(a)reactos.org>
CommitDate: Sun Sep 12 10:49:55 2021 -0400
[MBEDTLS] Update to version 2.7.19. CORE-17252
---
dll/3rdparty/mbedtls/base64.c | 131 ++++++++++++++++++++++---
dll/3rdparty/mbedtls/bignum.c | 6 ++
dll/3rdparty/mbedtls/ctr_drbg.c | 16 +--
dll/3rdparty/mbedtls/entropy.c | 7 +-
dll/3rdparty/mbedtls/hmac_drbg.c | 20 ++--
dll/3rdparty/mbedtls/net_sockets.c | 7 ++
dll/3rdparty/mbedtls/pkwrite.c | 22 ++---
dll/3rdparty/mbedtls/rsa.c | 31 +++---
dll/3rdparty/mbedtls/threading.c | 6 ++
dll/3rdparty/mbedtls/version_features.c | 3 +
media/doc/3rd Party Files.txt | 2 +-
sdk/include/reactos/libs/mbedtls/config.h | 17 ++++
sdk/include/reactos/libs/mbedtls/ctr_drbg.h | 50 +++++++++-
sdk/include/reactos/libs/mbedtls/entropy.h | 6 +-
sdk/include/reactos/libs/mbedtls/hmac_drbg.h | 63 +++++++++++-
sdk/include/reactos/libs/mbedtls/net_sockets.h | 14 ++-
sdk/include/reactos/libs/mbedtls/rsa.h | 6 +-
sdk/include/reactos/libs/mbedtls/threading.h | 3 +
sdk/include/reactos/libs/mbedtls/version.h | 8 +-
19 files changed, 352 insertions(+), 66 deletions(-)
diff --git a/dll/3rdparty/mbedtls/base64.c b/dll/3rdparty/mbedtls/base64.c
index bfafb05353c..692e11e3fae 100644
--- a/dll/3rdparty/mbedtls/base64.c
+++ b/dll/3rdparty/mbedtls/base64.c
@@ -96,6 +96,99 @@ static const unsigned char base64_dec_map[128] =
#define BASE64_SIZE_T_MAX ( (size_t) -1 ) /* SIZE_T_MAX is not standard */
+/*
+ * Constant flow conditional assignment to unsigned char
+ */
+static void mbedtls_base64_cond_assign_uchar( unsigned char * dest, const unsigned char * const src,
+ unsigned char condition )
+{
+ /* MSVC has a warning about unary minus on unsigned integer types,
+ * but this is well-defined and precisely what we want to do here. */
+#if defined(_MSC_VER)
+#pragma warning( push )
+#pragma warning( disable : 4146 )
+#endif
+
+ /* Generate bitmask from condition, mask will either be 0xFF or 0 */
+ unsigned char mask = ( condition | -condition );
+ mask >>= 7;
+ mask = -mask;
+
+#if defined(_MSC_VER)
+#pragma warning( pop )
+#endif
+
+ *dest = ( ( *src ) & mask ) | ( ( *dest ) & ~mask );
+}
+
+/*
+ * Constant flow conditional assignment to uint_32
+ */
+static void mbedtls_base64_cond_assign_uint32( uint32_t * dest, const uint32_t src,
+ uint32_t condition )
+{
+ /* MSVC has a warning about unary minus on unsigned integer types,
+ * but this is well-defined and precisely what we want to do here. */
+#if defined(_MSC_VER)
+#pragma warning( push )
+#pragma warning( disable : 4146 )
+#endif
+
+ /* Generate bitmask from condition, mask will either be 0xFFFFFFFF or 0 */
+ uint32_t mask = ( condition | -condition );
+ mask >>= 31;
+ mask = -mask;
+
+#if defined(_MSC_VER)
+#pragma warning( pop )
+#endif
+
+ *dest = ( src & mask ) | ( ( *dest ) & ~mask );
+}
+
+/*
+ * Constant flow check for equality
+ */
+static unsigned char mbedtls_base64_eq( size_t in_a, size_t in_b )
+{
+ size_t difference = in_a ^ in_b;
+
+ /* MSVC has a warning about unary minus on unsigned integer types,
+ * but this is well-defined and precisely what we want to do here. */
+#if defined(_MSC_VER)
+#pragma warning( push )
+#pragma warning( disable : 4146 )
+#endif
+
+ difference |= -difference;
+
+#if defined(_MSC_VER)
+#pragma warning( pop )
+#endif
+
+ /* cope with the varying size of size_t per platform */
+ difference >>= ( sizeof( difference ) * 8 - 1 );
+
+ return (unsigned char) ( 1 ^ difference );
+}
+
+/*
+ * Constant flow lookup into table.
+ */
+static unsigned char mbedtls_base64_table_lookup( const unsigned char * const table,
+ const size_t table_size, const size_t table_index )
+{
+ size_t i;
+ unsigned char result = 0;
+
+ for( i = 0; i < table_size; ++i )
+ {
+ mbedtls_base64_cond_assign_uchar( &result, &table[i], mbedtls_base64_eq( i, table_index ) );
+ }
+
+ return result;
+}
+
/*
* Encode a buffer into base64 format
*/
@@ -136,10 +229,17 @@ int mbedtls_base64_encode( unsigned char *dst, size_t dlen, size_t *olen,
C2 = *src++;
C3 = *src++;
- *p++ = base64_enc_map[(C1 >> 2) & 0x3F];
- *p++ = base64_enc_map[(((C1 & 3) << 4) + (C2 >> 4)) & 0x3F];
- *p++ = base64_enc_map[(((C2 & 15) << 2) + (C3 >> 6)) & 0x3F];
- *p++ = base64_enc_map[C3 & 0x3F];
+ *p++ = mbedtls_base64_table_lookup( base64_enc_map, sizeof( base64_enc_map ),
+ ( ( C1 >> 2 ) & 0x3F ) );
+
+ *p++ = mbedtls_base64_table_lookup( base64_enc_map, sizeof( base64_enc_map ),
+ ( ( ( ( C1 & 3 ) << 4 ) + ( C2 >> 4 ) ) & 0x3F ) );
+
+ *p++ = mbedtls_base64_table_lookup( base64_enc_map, sizeof( base64_enc_map ),
+ ( ( ( ( C2 & 15 ) << 2 ) + ( C3 >> 6 ) ) & 0x3F ) );
+
+ *p++ = mbedtls_base64_table_lookup( base64_enc_map, sizeof( base64_enc_map ),
+ ( C3 & 0x3F ) );
}
if( i < slen )
@@ -147,11 +247,15 @@ int mbedtls_base64_encode( unsigned char *dst, size_t dlen, size_t *olen,
C1 = *src++;
C2 = ( ( i + 1 ) < slen ) ? *src++ : 0;
- *p++ = base64_enc_map[(C1 >> 2) & 0x3F];
- *p++ = base64_enc_map[(((C1 & 3) << 4) + (C2 >> 4)) & 0x3F];
+ *p++ = mbedtls_base64_table_lookup( base64_enc_map, sizeof( base64_enc_map ),
+ ( ( C1 >> 2 ) & 0x3F ) );
+
+ *p++ = mbedtls_base64_table_lookup( base64_enc_map, sizeof( base64_enc_map ),
+ ( ( ( ( C1 & 3 ) << 4 ) + ( C2 >> 4 ) ) & 0x3F ) );
if( ( i + 1 ) < slen )
- *p++ = base64_enc_map[((C2 & 15) << 2) & 0x3F];
+ *p++ = mbedtls_base64_table_lookup( base64_enc_map, sizeof( base64_enc_map ),
+ ( ( ( C2 & 15 ) << 2 ) & 0x3F ) );
else *p++ = '=';
*p++ = '=';
@@ -172,6 +276,7 @@ int mbedtls_base64_decode( unsigned char *dst, size_t dlen, size_t *olen,
size_t i, n;
uint32_t j, x;
unsigned char *p;
+ unsigned char dec_map_lookup;
/* First pass: check for validity and get output length */
for( i = n = j = 0; i < slen; i++ )
@@ -202,10 +307,12 @@ int mbedtls_base64_decode( unsigned char *dst, size_t dlen, size_t *olen,
if( src[i] == '=' && ++j > 2 )
return( MBEDTLS_ERR_BASE64_INVALID_CHARACTER );
- if( src[i] > 127 || base64_dec_map[src[i]] == 127 )
+ dec_map_lookup = mbedtls_base64_table_lookup( base64_dec_map, sizeof( base64_dec_map ), src[i] );
+
+ if( src[i] > 127 || dec_map_lookup == 127 )
return( MBEDTLS_ERR_BASE64_INVALID_CHARACTER );
- if( base64_dec_map[src[i]] < 64 && j != 0 )
+ if( dec_map_lookup < 64 && j != 0 )
return( MBEDTLS_ERR_BASE64_INVALID_CHARACTER );
n++;
@@ -235,8 +342,10 @@ int mbedtls_base64_decode( unsigned char *dst, size_t dlen, size_t *olen,
if( *src == '\r' || *src == '\n' || *src == ' ' )
continue;
- j -= ( base64_dec_map[*src] == 64 );
- x = ( x << 6 ) | ( base64_dec_map[*src] & 0x3F );
+ dec_map_lookup = mbedtls_base64_table_lookup( base64_dec_map, sizeof( base64_dec_map ), *src );
+
+ mbedtls_base64_cond_assign_uint32( &j, j - 1, mbedtls_base64_eq( dec_map_lookup, 64 ) );
+ x = ( x << 6 ) | ( dec_map_lookup & 0x3F );
if( ++n == 4 )
{
diff --git a/dll/3rdparty/mbedtls/bignum.c b/dll/3rdparty/mbedtls/bignum.c
index 3ed2a12173c..bc3491cdef1 100644
--- a/dll/3rdparty/mbedtls/bignum.c
+++ b/dll/3rdparty/mbedtls/bignum.c
@@ -1191,6 +1191,12 @@ int mbedtls_mpi_sub_abs( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi
for( n = B->n; n > 0; n-- )
if( B->p[n - 1] != 0 )
break;
+ if( n > A->n )
+ {
+ /* B >= (2^ciL)^n > A */
+ ret = MBEDTLS_ERR_MPI_NEGATIVE_VALUE;
+ goto cleanup;
+ }
carry = mpi_sub_hlp( n, X->p, B->p );
if( carry != 0 )
diff --git a/dll/3rdparty/mbedtls/ctr_drbg.c b/dll/3rdparty/mbedtls/ctr_drbg.c
index bc5cc8f63f0..e275f1a7287 100644
--- a/dll/3rdparty/mbedtls/ctr_drbg.c
+++ b/dll/3rdparty/mbedtls/ctr_drbg.c
@@ -87,10 +87,6 @@ void mbedtls_ctr_drbg_init( mbedtls_ctr_drbg_context *ctx )
memset( ctx, 0, sizeof( mbedtls_ctr_drbg_context ) );
ctx->reseed_interval = MBEDTLS_CTR_DRBG_RESEED_INTERVAL;
-
-#if defined(MBEDTLS_THREADING_C)
- mbedtls_mutex_init( &ctx->mutex );
-#endif
}
/*
@@ -103,14 +99,13 @@ void mbedtls_ctr_drbg_free( mbedtls_ctr_drbg_context *ctx )
return;
#if defined(MBEDTLS_THREADING_C)
- mbedtls_mutex_free( &ctx->mutex );
+ /* The mutex is initialized iff f_entropy is set. */
+ if( ctx->f_entropy != NULL )
+ mbedtls_mutex_free( &ctx->mutex );
#endif
mbedtls_aes_free( &ctx->aes_ctx );
mbedtls_zeroize( ctx, sizeof( mbedtls_ctr_drbg_context ) );
ctx->reseed_interval = MBEDTLS_CTR_DRBG_RESEED_INTERVAL;
-#if defined(MBEDTLS_THREADING_C)
- mbedtls_mutex_init( &ctx->mutex );
-#endif
}
void mbedtls_ctr_drbg_set_prediction_resistance( mbedtls_ctr_drbg_context *ctx, int resistance )
@@ -382,6 +377,11 @@ int mbedtls_ctr_drbg_seed( mbedtls_ctr_drbg_context *ctx,
memset( key, 0, MBEDTLS_CTR_DRBG_KEYSIZE );
+ /* The mutex is initialized iff f_entropy is set. */
+#if defined(MBEDTLS_THREADING_C)
+ mbedtls_mutex_init( &ctx->mutex );
+#endif
+
mbedtls_aes_init( &ctx->aes_ctx );
ctx->f_entropy = f_entropy;
diff --git a/dll/3rdparty/mbedtls/entropy.c b/dll/3rdparty/mbedtls/entropy.c
index ee98e4cdb94..fb5e0eca663 100644
--- a/dll/3rdparty/mbedtls/entropy.c
+++ b/dll/3rdparty/mbedtls/entropy.c
@@ -150,6 +150,11 @@ void mbedtls_entropy_init( mbedtls_entropy_context *ctx )
void mbedtls_entropy_free( mbedtls_entropy_context *ctx )
{
+ /* If the context was already free, don't call free() again.
+ * This is important for mutexes which don't allow double-free. */
+ if( ctx->accumulator_started == -1 )
+ return;
+
#if defined(MBEDTLS_HAVEGE_C)
mbedtls_havege_free( &ctx->havege_data );
#endif
@@ -166,7 +171,7 @@ void mbedtls_entropy_free( mbedtls_entropy_context *ctx )
#endif
ctx->source_count = 0;
mbedtls_zeroize( ctx->source, sizeof( ctx->source ) );
- ctx->accumulator_started = 0;
+ ctx->accumulator_started = -1;
}
int mbedtls_entropy_add_source( mbedtls_entropy_context *ctx,
diff --git a/dll/3rdparty/mbedtls/hmac_drbg.c b/dll/3rdparty/mbedtls/hmac_drbg.c
index 26b15e95273..876fa574a84 100644
--- a/dll/3rdparty/mbedtls/hmac_drbg.c
+++ b/dll/3rdparty/mbedtls/hmac_drbg.c
@@ -88,10 +88,6 @@ void mbedtls_hmac_drbg_init( mbedtls_hmac_drbg_context *ctx )
memset( ctx, 0, sizeof( mbedtls_hmac_drbg_context ) );
ctx->reseed_interval = MBEDTLS_HMAC_DRBG_RESEED_INTERVAL;
-
-#if defined(MBEDTLS_THREADING_C)
- mbedtls_mutex_init( &ctx->mutex );
-#endif
}
/*
@@ -161,6 +157,10 @@ int mbedtls_hmac_drbg_seed_buf( mbedtls_hmac_drbg_context *ctx,
if( ( ret = mbedtls_md_setup( &ctx->md_ctx, md_info, 1 ) ) != 0 )
return( ret );
+#if defined(MBEDTLS_THREADING_C)
+ mbedtls_mutex_init( &ctx->mutex );
+#endif
+
/*
* Set initial working state.
* Use the V memory location, which is currently all 0, to initialize the
@@ -286,6 +286,11 @@ int mbedtls_hmac_drbg_seed( mbedtls_hmac_drbg_context *ctx,
if( ( ret = mbedtls_md_setup( &ctx->md_ctx, md_info, 1 ) ) != 0 )
return( ret );
+ /* The mutex is initialized iff the md context is set up. */
+#if defined(MBEDTLS_THREADING_C)
+ mbedtls_mutex_init( &ctx->mutex );
+#endif
+
md_size = mbedtls_md_get_size( md_info );
/*
@@ -453,14 +458,13 @@ void mbedtls_hmac_drbg_free( mbedtls_hmac_drbg_context *ctx )
return;
#if defined(MBEDTLS_THREADING_C)
- mbedtls_mutex_free( &ctx->mutex );
+ /* The mutex is initialized iff the md context is set up. */
+ if( ctx->md_ctx.md_info != NULL )
+ mbedtls_mutex_free( &ctx->mutex );
#endif
mbedtls_md_free( &ctx->md_ctx );
mbedtls_zeroize( ctx, sizeof( mbedtls_hmac_drbg_context ) );
ctx->reseed_interval = MBEDTLS_HMAC_DRBG_RESEED_INTERVAL;
-#if defined(MBEDTLS_THREADING_C)
- mbedtls_mutex_init( &ctx->mutex );
-#endif
}
#if defined(MBEDTLS_FS_IO)
diff --git a/dll/3rdparty/mbedtls/net_sockets.c b/dll/3rdparty/mbedtls/net_sockets.c
index 2876f8fdd61..fa27603c131 100644
--- a/dll/3rdparty/mbedtls/net_sockets.c
+++ b/dll/3rdparty/mbedtls/net_sockets.c
@@ -535,6 +535,13 @@ int mbedtls_net_recv_timeout( void *ctx, unsigned char *buf, size_t len,
if( fd < 0 )
return( MBEDTLS_ERR_NET_INVALID_CONTEXT );
+ /* A limitation of select() is that it only works with file descriptors
+ * that are strictly less than FD_SETSIZE. This is a limitation of the
+ * fd_set type. Error out early, because attempting to call FD_SET on a
+ * large file descriptor is a buffer overflow on typical platforms. */
+ if( fd >= FD_SETSIZE )
+ return( MBEDTLS_ERR_NET_RECV_FAILED );
+
FD_ZERO( &read_fds );
FD_SET( fd, &read_fds );
diff --git a/dll/3rdparty/mbedtls/pkwrite.c b/dll/3rdparty/mbedtls/pkwrite.c
index b0295651904..d54c74a34eb 100644
--- a/dll/3rdparty/mbedtls/pkwrite.c
+++ b/dll/3rdparty/mbedtls/pkwrite.c
@@ -437,7 +437,7 @@ int mbedtls_pk_write_key_der( mbedtls_pk_context *key, unsigned char *buf, size_
* publicExponent INTEGER -- e 1 + 3 + MPI_MAX + 1
* }
*/
-#define RSA_PUB_DER_MAX_BYTES 38 + 2 * MBEDTLS_MPI_MAX_SIZE
+#define RSA_PUB_DER_MAX_BYTES ( 38 + 2 * MBEDTLS_MPI_MAX_SIZE )
/*
* RSA private keys:
@@ -454,10 +454,10 @@ int mbedtls_pk_write_key_der( mbedtls_pk_context *key, unsigned char *buf, size_
* otherPrimeInfos OtherPrimeInfos OPTIONAL 0 (not supported)
* }
*/
-#define MPI_MAX_SIZE_2 MBEDTLS_MPI_MAX_SIZE / 2 + \
- MBEDTLS_MPI_MAX_SIZE % 2
-#define RSA_PRV_DER_MAX_BYTES 47 + 3 * MBEDTLS_MPI_MAX_SIZE \
- + 5 * MPI_MAX_SIZE_2
+#define MPI_MAX_SIZE_2 ( MBEDTLS_MPI_MAX_SIZE / 2 + \
+ MBEDTLS_MPI_MAX_SIZE % 2 )
+#define RSA_PRV_DER_MAX_BYTES ( 47 + 3 * MBEDTLS_MPI_MAX_SIZE \
+ + 5 * MPI_MAX_SIZE_2 )
#else /* MBEDTLS_RSA_C */
@@ -478,7 +478,7 @@ int mbedtls_pk_write_key_der( mbedtls_pk_context *key, unsigned char *buf, size_
* + 2 * ECP_MAX (coords) [1]
* }
*/
-#define ECP_PUB_DER_MAX_BYTES 30 + 2 * MBEDTLS_ECP_MAX_BYTES
+#define ECP_PUB_DER_MAX_BYTES ( 30 + 2 * MBEDTLS_ECP_MAX_BYTES )
/*
* EC private keys:
@@ -489,7 +489,7 @@ int mbedtls_pk_write_key_der( mbedtls_pk_context *key, unsigned char *buf, size_
* publicKey [1] BIT STRING OPTIONAL 1 + 2 + [1] above
* }
*/
-#define ECP_PRV_DER_MAX_BYTES 29 + 3 * MBEDTLS_ECP_MAX_BYTES
+#define ECP_PRV_DER_MAX_BYTES ( 29 + 3 * MBEDTLS_ECP_MAX_BYTES )
#else /* MBEDTLS_ECP_C */
@@ -498,10 +498,10 @@ int mbedtls_pk_write_key_der( mbedtls_pk_context *key, unsigned char *buf, size_
#endif /* MBEDTLS_ECP_C */
-#define PUB_DER_MAX_BYTES RSA_PUB_DER_MAX_BYTES > ECP_PUB_DER_MAX_BYTES ? \
- RSA_PUB_DER_MAX_BYTES : ECP_PUB_DER_MAX_BYTES
-#define PRV_DER_MAX_BYTES RSA_PRV_DER_MAX_BYTES > ECP_PRV_DER_MAX_BYTES ? \
- RSA_PRV_DER_MAX_BYTES : ECP_PRV_DER_MAX_BYTES
+#define PUB_DER_MAX_BYTES ( RSA_PUB_DER_MAX_BYTES > ECP_PUB_DER_MAX_BYTES ? \
+ RSA_PUB_DER_MAX_BYTES : ECP_PUB_DER_MAX_BYTES )
+#define PRV_DER_MAX_BYTES ( RSA_PRV_DER_MAX_BYTES > ECP_PRV_DER_MAX_BYTES ? \
+ RSA_PRV_DER_MAX_BYTES : ECP_PRV_DER_MAX_BYTES )
int mbedtls_pk_write_pubkey_pem( mbedtls_pk_context *key, unsigned char *buf, size_t size )
{
diff --git a/dll/3rdparty/mbedtls/rsa.c b/dll/3rdparty/mbedtls/rsa.c
index 7e853b152cd..94ace5e2daf 100644
--- a/dll/3rdparty/mbedtls/rsa.c
+++ b/dll/3rdparty/mbedtls/rsa.c
@@ -499,6 +499,9 @@ void mbedtls_rsa_init( mbedtls_rsa_context *ctx,
mbedtls_rsa_set_padding( ctx, padding, hash_id );
#if defined(MBEDTLS_THREADING_C)
+ /* Set ctx->ver to nonzero to indicate that the mutex has been
+ * initialized and will need to be freed. */
+ ctx->ver = 1;
mbedtls_mutex_init( &ctx->mutex );
#endif
}
@@ -535,15 +538,15 @@ int mbedtls_rsa_gen_key( mbedtls_rsa_context *ctx,
int ret;
mbedtls_mpi H, G;
- if( f_rng == NULL || nbits < 128 || exponent < 3 )
- return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
-
- if( nbits % 2 )
- return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
-
mbedtls_mpi_init( &H );
mbedtls_mpi_init( &G );
+ if( f_rng == NULL || nbits < 128 || exponent < 3 || nbits % 2 != 0 )
+ {
+ ret = MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
+ goto cleanup;
+ }
+
/*
* find primes P and Q with Q < P so that:
* GCD( E, (P-1)*(Q-1) ) == 1
@@ -607,7 +610,9 @@ cleanup:
if( ret != 0 )
{
mbedtls_rsa_free( ctx );
- return( MBEDTLS_ERR_RSA_KEY_GEN_FAILED + ret );
+ if( ( -ret & ~0x7f ) == 0 )
+ ret = MBEDTLS_ERR_RSA_KEY_GEN_FAILED + ret;
+ return( ret );
}
return( 0 );
@@ -1040,10 +1045,10 @@ cleanup:
mbedtls_mpi_free( &C );
mbedtls_mpi_free( &I );
- if( ret != 0 )
+ if( ret != 0 && ret >= -0x007f )
return( MBEDTLS_ERR_RSA_PRIVATE_FAILED + ret );
- return( 0 );
+ return( ret );
}
#if defined(MBEDTLS_PKCS1_V21)
@@ -2325,7 +2330,6 @@ int mbedtls_rsa_copy( mbedtls_rsa_context *dst, const mbedtls_rsa_context *src )
{
int ret;
- dst->ver = src->ver;
dst->len = src->len;
MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->N, &src->N ) );
@@ -2375,7 +2379,12 @@ void mbedtls_rsa_free( mbedtls_rsa_context *ctx )
#endif /* MBEDTLS_RSA_NO_CRT */
#if defined(MBEDTLS_THREADING_C)
- mbedtls_mutex_free( &ctx->mutex );
+ /* Free the mutex, but only if it hasn't been freed already. */
+ if( ctx->ver != 0 )
+ {
+ mbedtls_mutex_free( &ctx->mutex );
+ ctx->ver = 0;
+ }
#endif
}
diff --git a/dll/3rdparty/mbedtls/threading.c b/dll/3rdparty/mbedtls/threading.c
index 838cd74d93d..df16fe72f0c 100644
--- a/dll/3rdparty/mbedtls/threading.c
+++ b/dll/3rdparty/mbedtls/threading.c
@@ -60,6 +60,12 @@ static void threading_mutex_init_pthread( mbedtls_threading_mutex_t *mutex )
if( mutex == NULL )
return;
+ /* A nonzero value of is_valid indicates a successfully initialized
+ * mutex. This is a workaround for not being able to return an error
+ * code for this function. The lock/unlock functions return an error
+ * if is_valid is nonzero. The Mbed TLS unit test code uses this field
+ * to distinguish more states of the mutex; see helpers.function for
+ * details. */
mutex->is_valid = pthread_mutex_init( &mutex->mutex, NULL ) == 0;
}
diff --git a/dll/3rdparty/mbedtls/version_features.c b/dll/3rdparty/mbedtls/version_features.c
index a3e3df4f998..ee13f7898a9 100644
--- a/dll/3rdparty/mbedtls/version_features.c
+++ b/dll/3rdparty/mbedtls/version_features.c
@@ -508,6 +508,9 @@ static const char *features[] = {
#if defined(MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT)
"MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT",
#endif /* MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT */
+#if defined(MBEDTLS_TEST_HOOKS)
+ "MBEDTLS_TEST_HOOKS",
+#endif /* MBEDTLS_TEST_HOOKS */
#if defined(MBEDTLS_THREADING_ALT)
"MBEDTLS_THREADING_ALT",
#endif /* MBEDTLS_THREADING_ALT */
diff --git a/media/doc/3rd Party Files.txt b/media/doc/3rd Party Files.txt
index 9aa71f6de61..cb355cf0aa4 100644
--- a/media/doc/3rd Party Files.txt
+++ b/media/doc/3rd Party Files.txt
@@ -51,7 +51,7 @@ URL: http://xmlsoft.org
Title: mbed TLS
Path: dll/3rdparty/mbedtls
-Used Version: 2.7.18
+Used Version: 2.7.19
License: Apache-2.0 (https://spdx.org/licenses/Apache-2.0.html)
URL: https://tls.mbed.org/
diff --git a/sdk/include/reactos/libs/mbedtls/config.h b/sdk/include/reactos/libs/mbedtls/config.h
index cb716d2a7c3..6c6524c8661 100644
--- a/sdk/include/reactos/libs/mbedtls/config.h
+++ b/sdk/include/reactos/libs/mbedtls/config.h
@@ -1549,6 +1549,23 @@
*/
//#define MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT
+/**
+ * \def MBEDTLS_TEST_HOOKS
+ *
+ * Enable features for invasive testing such as introspection functions and
+ * hooks for fault injection. This enables additional unit tests.
+ *
+ * Merely enabling this feature should not change the behavior of the product.
+ * It only adds new code, and new branching points where the default behavior
+ * is the same as when this feature is disabled.
+ * However, this feature increases the attack surface: there is an added
+ * risk of vulnerabilities, and more gadgets that can make exploits easier.
+ * Therefore this feature must never be enabled in production.
+ *
+ * Uncomment to enable invasive tests.
+ */
+//#define MBEDTLS_TEST_HOOKS
+
/**
* \def MBEDTLS_THREADING_ALT
*
diff --git a/sdk/include/reactos/libs/mbedtls/ctr_drbg.h b/sdk/include/reactos/libs/mbedtls/ctr_drbg.h
index 24d9870bee3..33fe63f482b 100644
--- a/sdk/include/reactos/libs/mbedtls/ctr_drbg.h
+++ b/sdk/include/reactos/libs/mbedtls/ctr_drbg.h
@@ -190,6 +190,13 @@ typedef struct
void *p_entropy; /*!< The context for the entropy function. */
#if defined(MBEDTLS_THREADING_C)
+ /* Invariant: the mutex is initialized if and only if f_entropy != NULL.
+ * This means that the mutex is initialized during the initial seeding
+ * in mbedtls_ctr_drbg_seed() and freed in mbedtls_ctr_drbg_free().
+ *
+ * Note that this invariant may change without notice. Do not rely on it
+ * and do not access the mutex directly in application code.
+ */
mbedtls_threading_mutex_t mutex;
#endif
}
@@ -252,6 +259,15 @@ void mbedtls_ctr_drbg_init( mbedtls_ctr_drbg_context *ctx );
* device.
*/
#endif
+#if defined(MBEDTLS_THREADING_C)
+/**
+ * \note When Mbed TLS is built with threading support,
+ * after this function returns successfully,
+ * it is safe to call mbedtls_ctr_drbg_random()
+ * from multiple threads. Other operations, including
+ * reseeding, are not thread-safe.
+ */
+#endif /* MBEDTLS_THREADING_C */
/**
* \param ctx The CTR_DRBG context to seed.
* It must have been initialized with
@@ -261,6 +277,8 @@ void mbedtls_ctr_drbg_init( mbedtls_ctr_drbg_context *ctx );
* the same context unless you call
* mbedtls_ctr_drbg_free() and mbedtls_ctr_drbg_init()
* again first.
+ * After a failed call to mbedtls_ctr_drbg_seed(),
+ * you must call mbedtls_ctr_drbg_free().
* \param f_entropy The entropy callback, taking as arguments the
* \p p_entropy context, the buffer to fill, and the
* length of the buffer.
@@ -344,6 +362,11 @@ void mbedtls_ctr_drbg_set_reseed_interval( mbedtls_ctr_drbg_context *ctx,
* \brief This function reseeds the CTR_DRBG context, that is
* extracts data from the entropy source.
*
+ * \note This function is not thread-safe. It is not safe
+ * to call this function if another thread might be
+ * concurrently obtaining random numbers from the same
+ * context or updating or reseeding the same context.
+ *
* \param ctx The CTR_DRBG context.
* \param additional Additional data to add to the state. Can be \c NULL.
* \param len The length of the additional data.
@@ -361,6 +384,11 @@ int mbedtls_ctr_drbg_reseed( mbedtls_ctr_drbg_context *ctx,
/**
* \brief This function updates the state of the CTR_DRBG context.
*
+ * \note This function is not thread-safe. It is not safe
+ * to call this function if another thread might be
+ * concurrently obtaining random numbers from the same
+ * context or updating or reseeding the same context.
+ *
* \param ctx The CTR_DRBG context.
* \param additional The data to update the state with. This must not be
* \c NULL unless \p add_len is \c 0.
@@ -388,6 +416,11 @@ int mbedtls_ctr_drbg_update_ret( mbedtls_ctr_drbg_context *ctx,
* #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT Bytes are used.
* The remaining Bytes are silently discarded.
*
+ * \note This function is not thread-safe. It is not safe
+ * to call this function if another thread might be
+ * concurrently obtaining random numbers from the same
+ * context or updating or reseeding the same context.
+ *
* \param ctx The CTR_DRBG context.
* \param additional The data to update the state with. This must not be
* \c NULL unless \p add_len is \c 0.
@@ -405,6 +438,11 @@ void mbedtls_ctr_drbg_update( mbedtls_ctr_drbg_context *ctx,
* This function automatically reseeds if the reseed counter is exceeded
* or prediction resistance is enabled.
*
+ * \note This function is not thread-safe. It is not safe
+ * to call this function if another thread might be
+ * concurrently obtaining random numbers from the same
+ * context or updating or reseeding the same context.
+ *
* \param p_rng The CTR_DRBG context. This must be a pointer to a
* #mbedtls_ctr_drbg_context structure.
* \param output The buffer to fill.
@@ -433,8 +471,16 @@ int mbedtls_ctr_drbg_random_with_add( void *p_rng,
*
* This function automatically reseeds if the reseed counter is exceeded
* or prediction resistance is enabled.
- *
- *
+ */
+#if defined(MBEDTLS_THREADING_C)
+/**
+ * \note When Mbed TLS is built with threading support,
+ * it is safe to call mbedtls_ctr_drbg_random()
+ * from multiple threads. Other operations, including
+ * reseeding, are not thread-safe.
+ */
+#endif /* MBEDTLS_THREADING_C */
+/**
* \param p_rng The CTR_DRBG context. This must be a pointer to a
* #mbedtls_ctr_drbg_context structure.
* \param output The buffer to fill.
diff --git a/sdk/include/reactos/libs/mbedtls/entropy.h b/sdk/include/reactos/libs/mbedtls/entropy.h
index cee6ab5a789..41648aaf20d 100644
--- a/sdk/include/reactos/libs/mbedtls/entropy.h
+++ b/sdk/include/reactos/libs/mbedtls/entropy.h
@@ -147,13 +147,15 @@ mbedtls_entropy_source_state;
*/
typedef struct
{
- int accumulator_started;
+ int accumulator_started; /* 0 after init.
+ * 1 after the first update.
+ * -1 after free. */
#if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR)
mbedtls_sha512_context accumulator;
#else
mbedtls_sha256_context accumulator;
#endif
- int source_count;
+ int source_count; /* Number of entries used in source. */
mbedtls_entropy_source_state source[MBEDTLS_ENTROPY_MAX_SOURCES];
#if defined(MBEDTLS_HAVEGE_C)
mbedtls_havege_state havege_data;
diff --git a/sdk/include/reactos/libs/mbedtls/hmac_drbg.h b/sdk/include/reactos/libs/mbedtls/hmac_drbg.h
index cd23a16af62..4a797d4725e 100644
--- a/sdk/include/reactos/libs/mbedtls/hmac_drbg.h
+++ b/sdk/include/reactos/libs/mbedtls/hmac_drbg.h
@@ -128,6 +128,14 @@ typedef struct
void *p_entropy; /*!< context for the entropy function */
#if defined(MBEDTLS_THREADING_C)
+ /* Invariant: the mutex is initialized if and only if
+ * md_ctx->md_info != NULL. This means that the mutex is initialized
+ * during the initial seeding in mbedtls_hmac_drbg_seed() or
+ * mbedtls_hmac_drbg_seed_buf() and freed in mbedtls_ctr_drbg_free().
+ *
+ * Note that this invariant may change without notice. Do not rely on it
+ * and do not access the mutex directly in application code.
+ */
mbedtls_threading_mutex_t mutex;
#endif
} mbedtls_hmac_drbg_context;
@@ -177,7 +185,17 @@ void mbedtls_hmac_drbg_init( mbedtls_hmac_drbg_context *ctx );
* \note During the initial seeding, this function calls
* the entropy source to obtain a nonce
* whose length is half the entropy length.
- *
+ */
+#if defined(MBEDTLS_THREADING_C)
+/**
+ * \note When Mbed TLS is built with threading support,
+ * after this function returns successfully,
+ * it is safe to call mbedtls_hmac_drbg_random()
+ * from multiple threads. Other operations, including
+ * reseeding, are not thread-safe.
+ */
+#endif /* MBEDTLS_THREADING_C */
+/**
* \param ctx HMAC_DRBG context to be seeded.
* \param md_info MD algorithm to use for HMAC_DRBG.
* \param f_entropy The entropy callback, taking as arguments the
@@ -216,7 +234,17 @@ int mbedtls_hmac_drbg_seed( mbedtls_hmac_drbg_context *ctx,
*
* This function is meant for use in algorithms that need a pseudorandom
* input such as deterministic ECDSA.
- *
+ */
+#if defined(MBEDTLS_THREADING_C)
+/**
+ * \note When Mbed TLS is built with threading support,
+ * after this function returns successfully,
+ * it is safe to call mbedtls_hmac_drbg_random()
+ * from multiple threads. Other operations, including
+ * reseeding, are not thread-safe.
+ */
+#endif /* MBEDTLS_THREADING_C */
+/**
* \param ctx HMAC_DRBG context to be initialised.
* \param md_info MD algorithm to use for HMAC_DRBG.
* \param data Concatenation of the initial entropy string and
@@ -279,6 +307,11 @@ void mbedtls_hmac_drbg_set_reseed_interval( mbedtls_hmac_drbg_context *ctx,
/**
* \brief This function updates the state of the HMAC_DRBG context.
*
+ * \note This function is not thread-safe. It is not safe
+ * to call this function if another thread might be
+ * concurrently obtaining random numbers from the same
+ * context or updating or reseeding the same context.
+ *
* \param ctx The HMAC_DRBG context.
* \param additional The data to update the state with.
* If this is \c NULL, there is no additional data.
@@ -297,6 +330,11 @@ int mbedtls_hmac_drbg_update_ret( mbedtls_hmac_drbg_context *ctx,
* \warning This function cannot report errors. You should use
* mbedtls_hmac_drbg_update_ret() instead.
*
+ * \note This function is not thread-safe. It is not safe
+ * to call this function if another thread might be
+ * concurrently obtaining random numbers from the same
+ * context or updating or reseeding the same context.
+ *
* \param ctx HMAC_DRBG context
* \param additional Additional data to update state with, or NULL
* \param add_len Length of additional data, or 0
@@ -312,6 +350,11 @@ void mbedtls_hmac_drbg_update( mbedtls_hmac_drbg_context *ctx,
* \brief This function reseeds the HMAC_DRBG context, that is
* extracts data from the entropy source.
*
+ * \note This function is not thread-safe. It is not safe
+ * to call this function if another thread might be
+ * concurrently obtaining random numbers from the same
+ * context or updating or reseeding the same context.
+ *
* \param ctx The HMAC_DRBG context.
* \param additional Additional data to add to the state.
* If this is \c NULL, there is no additional data
@@ -337,6 +380,11 @@ int mbedtls_hmac_drbg_reseed( mbedtls_hmac_drbg_context *ctx,
* This function automatically reseeds if the reseed counter is exceeded
* or prediction resistance is enabled.
*
+ * \note This function is not thread-safe. It is not safe
+ * to call this function if another thread might be
+ * concurrently obtaining random numbers from the same
+ * context or updating or reseeding the same context.
+ *
* \param p_rng The HMAC_DRBG context. This must be a pointer to a
* #mbedtls_hmac_drbg_context structure.
* \param output The buffer to fill.
@@ -366,7 +414,16 @@ int mbedtls_hmac_drbg_random_with_add( void *p_rng,
*
* This function automatically reseeds if the reseed counter is exceeded
* or prediction resistance is enabled.
- *
+ */
+#if defined(MBEDTLS_THREADING_C)
+/**
+ * \note When Mbed TLS is built with threading support,
+ * it is safe to call mbedtls_ctr_drbg_random()
+ * from multiple threads. Other operations, including
+ * reseeding, are not thread-safe.
+ */
+#endif /* MBEDTLS_THREADING_C */
+/**
* \param p_rng The HMAC_DRBG context. This must be a pointer to a
* #mbedtls_hmac_drbg_context structure.
* \param output The buffer to fill.
diff --git a/sdk/include/reactos/libs/mbedtls/net_sockets.h b/sdk/include/reactos/libs/mbedtls/net_sockets.h
index 0d61547d09f..5f2b1c5028a 100644
--- a/sdk/include/reactos/libs/mbedtls/net_sockets.h
+++ b/sdk/include/reactos/libs/mbedtls/net_sockets.h
@@ -130,6 +130,7 @@ int mbedtls_net_connect( mbedtls_net_context *ctx, const char *host, const char
*
* \return 0 if successful, or one of:
* MBEDTLS_ERR_NET_SOCKET_FAILED,
+ * MBEDTLS_ERR_NET_UNKNOWN_HOST,
* MBEDTLS_ERR_NET_BIND_FAILED,
* MBEDTLS_ERR_NET_LISTEN_FAILED
*
@@ -149,6 +150,8 @@ int mbedtls_net_bind( mbedtls_net_context *ctx, const char *bind_ip, const char
* can be NULL if client_ip is null
*
* \return 0 if successful, or
+ * MBEDTLS_ERR_NET_SOCKET_FAILED,
+ * MBEDTLS_ERR_NET_BIND_FAILED,
* MBEDTLS_ERR_NET_ACCEPT_FAILED, or
* MBEDTLS_ERR_NET_BUFFER_TOO_SMALL if buf_size is too small,
* MBEDTLS_ERR_SSL_WANT_READ if bind_fd was set to
@@ -219,16 +222,21 @@ int mbedtls_net_send( void *ctx, const unsigned char *buf, size_t len );
* 'timeout' seconds. If no error occurs, the actual amount
* read is returned.
*
+ * \note The current implementation of this function uses
+ * select() and returns an error if the file descriptor
+ * is \c FD_SETSIZE or greater.
+ *
* \param ctx Socket
* \param buf The buffer to write to
* \param len Maximum length of the buffer
* \param timeout Maximum number of milliseconds to wait for data
* 0 means no timeout (wait forever)
*
- * \return the number of bytes received,
- * or a non-zero error code:
- * MBEDTLS_ERR_SSL_TIMEOUT if the operation timed out,
+ * \return The number of bytes received if successful.
+ * MBEDTLS_ERR_SSL_TIMEOUT if the operation timed out.
* MBEDTLS_ERR_SSL_WANT_READ if interrupted by a signal.
+ * Another negative error code (MBEDTLS_ERR_NET_xxx)
+ * for other failures.
*
* \note This function will block (until data becomes available or
* timeout is reached) even if the socket is set to
diff --git a/sdk/include/reactos/libs/mbedtls/rsa.h b/sdk/include/reactos/libs/mbedtls/rsa.h
index 7b508c5dcaa..cfb66dd8e61 100644
--- a/sdk/include/reactos/libs/mbedtls/rsa.h
+++ b/sdk/include/reactos/libs/mbedtls/rsa.h
@@ -118,7 +118,10 @@ extern "C" {
*/
typedef struct
{
- int ver; /*!< Always 0.*/
+ int ver; /*!< Reserved for internal purposes.
+ * Do not set this field in application
+ * code. Its meaning might change without
+ * notice. */
size_t len; /*!< The size of \p N in Bytes. */
mbedtls_mpi N; /*!< The public modulus. */
@@ -148,6 +151,7 @@ typedef struct
mask generating function used in the
EME-OAEP and EMSA-PSS encodings. */
#if defined(MBEDTLS_THREADING_C)
+ /* Invariant: the mutex is initialized iff ver != 0. */
mbedtls_threading_mutex_t mutex; /*!< Thread-safety mutex. */
#endif
}
diff --git a/sdk/include/reactos/libs/mbedtls/threading.h b/sdk/include/reactos/libs/mbedtls/threading.h
index a5d0a34a66f..f1d53bdb10b 100644
--- a/sdk/include/reactos/libs/mbedtls/threading.h
+++ b/sdk/include/reactos/libs/mbedtls/threading.h
@@ -70,6 +70,9 @@ extern "C" {
typedef struct
{
pthread_mutex_t mutex;
+ /* is_valid is 0 after a failed init or a free, and nonzero after a
+ * successful init. This field is not considered part of the public
+ * API of Mbed TLS and may change without notice. */
char is_valid;
} mbedtls_threading_mutex_t;
#endif
diff --git a/sdk/include/reactos/libs/mbedtls/version.h b/sdk/include/reactos/libs/mbedtls/version.h
index 6775a4a955c..622bebf5ad9 100644
--- a/sdk/include/reactos/libs/mbedtls/version.h
+++ b/sdk/include/reactos/libs/mbedtls/version.h
@@ -65,16 +65,16 @@
*/
#define MBEDTLS_VERSION_MAJOR 2
#define MBEDTLS_VERSION_MINOR 7
-#define MBEDTLS_VERSION_PATCH 18
+#define MBEDTLS_VERSION_PATCH 19
/**
* The single version number has the following structure:
* MMNNPP00
* Major version | Minor version | Patch version
*/
-#define MBEDTLS_VERSION_NUMBER 0x02071200
-#define MBEDTLS_VERSION_STRING "2.7.18"
-#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 2.7.18"
+#define MBEDTLS_VERSION_NUMBER 0x02071300
+#define MBEDTLS_VERSION_STRING "2.7.19"
+#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 2.7.19"
#if defined(MBEDTLS_VERSION_C)
https://git.reactos.org/?p=reactos.git;a=commitdiff;h=218e2596debcd9bc35360…
commit 218e2596debcd9bc353605a0f2ec03ce7d0fd8af
Author: Thomas Faber <thomas.faber(a)reactos.org>
AuthorDate: Sat Sep 11 19:41:25 2021 -0400
Commit: Thomas Faber <thomas.faber(a)reactos.org>
CommitDate: Sun Sep 12 10:49:47 2021 -0400
[MBEDTLS] Update to version 2.7.17. CORE-17252
---
dll/3rdparty/mbedtls/aes.c | 4 +-
dll/3rdparty/mbedtls/aesni.c | 4 +-
dll/3rdparty/mbedtls/arc4.c | 4 +-
dll/3rdparty/mbedtls/asn1parse.c | 4 +-
dll/3rdparty/mbedtls/asn1write.c | 4 +-
dll/3rdparty/mbedtls/base64.c | 4 +-
dll/3rdparty/mbedtls/bignum.c | 4 +-
dll/3rdparty/mbedtls/blowfish.c | 4 +-
dll/3rdparty/mbedtls/camellia.c | 4 +-
dll/3rdparty/mbedtls/ccm.c | 4 +-
dll/3rdparty/mbedtls/certs.c | 26 +-
dll/3rdparty/mbedtls/cipher.c | 4 +-
dll/3rdparty/mbedtls/cipher_wrap.c | 4 +-
dll/3rdparty/mbedtls/cmac.c | 4 +-
dll/3rdparty/mbedtls/ctr_drbg.c | 4 +-
dll/3rdparty/mbedtls/debug.c | 4 +-
dll/3rdparty/mbedtls/des.c | 4 +-
dll/3rdparty/mbedtls/dhm.c | 62 +++--
dll/3rdparty/mbedtls/ecdh.c | 4 +-
dll/3rdparty/mbedtls/ecdsa.c | 4 +-
dll/3rdparty/mbedtls/ecjpake.c | 4 +-
dll/3rdparty/mbedtls/ecp.c | 4 +-
dll/3rdparty/mbedtls/ecp_curves.c | 4 +-
dll/3rdparty/mbedtls/entropy.c | 4 +-
dll/3rdparty/mbedtls/entropy_poll.c | 4 +-
dll/3rdparty/mbedtls/error.c | 4 +-
dll/3rdparty/mbedtls/gcm.c | 4 +-
dll/3rdparty/mbedtls/havege.c | 4 +-
dll/3rdparty/mbedtls/hmac_drbg.c | 4 +-
dll/3rdparty/mbedtls/md.c | 4 +-
dll/3rdparty/mbedtls/md2.c | 4 +-
dll/3rdparty/mbedtls/md4.c | 4 +-
dll/3rdparty/mbedtls/md5.c | 4 +-
dll/3rdparty/mbedtls/md_wrap.c | 4 +-
dll/3rdparty/mbedtls/memory_buffer_alloc.c | 4 +-
dll/3rdparty/mbedtls/net_sockets.c | 9 +-
dll/3rdparty/mbedtls/oid.c | 4 +-
dll/3rdparty/mbedtls/padlock.c | 4 +-
dll/3rdparty/mbedtls/pem.c | 4 +-
dll/3rdparty/mbedtls/pk.c | 4 +-
dll/3rdparty/mbedtls/pk_wrap.c | 4 +-
dll/3rdparty/mbedtls/pkcs11.c | 4 +-
dll/3rdparty/mbedtls/pkcs12.c | 4 +-
dll/3rdparty/mbedtls/pkcs5.c | 4 +-
dll/3rdparty/mbedtls/pkparse.c | 4 +-
dll/3rdparty/mbedtls/pkwrite.c | 4 +-
dll/3rdparty/mbedtls/platform.c | 4 +-
dll/3rdparty/mbedtls/ripemd160.c | 4 +-
dll/3rdparty/mbedtls/rsa.c | 46 ++-
dll/3rdparty/mbedtls/rsa_internal.c | 4 +-
dll/3rdparty/mbedtls/sha1.c | 4 +-
dll/3rdparty/mbedtls/sha256.c | 4 +-
dll/3rdparty/mbedtls/sha512.c | 4 +-
dll/3rdparty/mbedtls/ssl_cache.c | 4 +-
dll/3rdparty/mbedtls/ssl_ciphersuites.c | 4 +-
dll/3rdparty/mbedtls/ssl_cli.c | 4 +-
dll/3rdparty/mbedtls/ssl_cookie.c | 4 +-
dll/3rdparty/mbedtls/ssl_srv.c | 4 +-
dll/3rdparty/mbedtls/ssl_ticket.c | 4 +-
dll/3rdparty/mbedtls/ssl_tls.c | 307 ++++++++++++---------
dll/3rdparty/mbedtls/threading.c | 4 +-
dll/3rdparty/mbedtls/timing.c | 4 +-
dll/3rdparty/mbedtls/version.c | 4 +-
dll/3rdparty/mbedtls/version_features.c | 10 +-
dll/3rdparty/mbedtls/x509.c | 4 +-
dll/3rdparty/mbedtls/x509_create.c | 4 +-
dll/3rdparty/mbedtls/x509_crl.c | 6 +-
dll/3rdparty/mbedtls/x509_crt.c | 7 +-
dll/3rdparty/mbedtls/x509_csr.c | 4 +-
dll/3rdparty/mbedtls/x509write_crt.c | 4 +-
dll/3rdparty/mbedtls/x509write_csr.c | 4 +-
dll/3rdparty/mbedtls/xtea.c | 4 +-
media/doc/3rd Party Files.txt | 2 +-
sdk/include/reactos/libs/mbedtls/aes.h | 4 +-
sdk/include/reactos/libs/mbedtls/aesni.h | 4 +-
sdk/include/reactos/libs/mbedtls/arc4.h | 4 +-
sdk/include/reactos/libs/mbedtls/asn1.h | 4 +-
sdk/include/reactos/libs/mbedtls/asn1write.h | 4 +-
sdk/include/reactos/libs/mbedtls/base64.h | 4 +-
sdk/include/reactos/libs/mbedtls/bignum.h | 4 +-
sdk/include/reactos/libs/mbedtls/blowfish.h | 4 +-
sdk/include/reactos/libs/mbedtls/bn_mul.h | 4 +-
sdk/include/reactos/libs/mbedtls/camellia.h | 4 +-
sdk/include/reactos/libs/mbedtls/ccm.h | 4 +-
sdk/include/reactos/libs/mbedtls/certs.h | 4 +-
sdk/include/reactos/libs/mbedtls/check_config.h | 14 +-
sdk/include/reactos/libs/mbedtls/cipher.h | 4 +-
sdk/include/reactos/libs/mbedtls/cipher_internal.h | 4 +-
sdk/include/reactos/libs/mbedtls/cmac.h | 4 +-
sdk/include/reactos/libs/mbedtls/compat-1.3.h | 4 +-
sdk/include/reactos/libs/mbedtls/config.h | 40 ++-
sdk/include/reactos/libs/mbedtls/ctr_drbg.h | 4 +-
sdk/include/reactos/libs/mbedtls/debug.h | 4 +-
sdk/include/reactos/libs/mbedtls/des.h | 4 +-
sdk/include/reactos/libs/mbedtls/dhm.h | 4 +-
sdk/include/reactos/libs/mbedtls/ecdh.h | 4 +-
sdk/include/reactos/libs/mbedtls/ecdsa.h | 4 +-
sdk/include/reactos/libs/mbedtls/ecjpake.h | 4 +-
sdk/include/reactos/libs/mbedtls/ecp.h | 4 +-
sdk/include/reactos/libs/mbedtls/ecp_internal.h | 4 +-
sdk/include/reactos/libs/mbedtls/entropy.h | 4 +-
sdk/include/reactos/libs/mbedtls/entropy_poll.h | 4 +-
sdk/include/reactos/libs/mbedtls/error.h | 4 +-
sdk/include/reactos/libs/mbedtls/gcm.h | 4 +-
sdk/include/reactos/libs/mbedtls/havege.h | 4 +-
sdk/include/reactos/libs/mbedtls/hmac_drbg.h | 4 +-
sdk/include/reactos/libs/mbedtls/md.h | 4 +-
sdk/include/reactos/libs/mbedtls/md2.h | 4 +-
sdk/include/reactos/libs/mbedtls/md4.h | 4 +-
sdk/include/reactos/libs/mbedtls/md5.h | 4 +-
sdk/include/reactos/libs/mbedtls/md_internal.h | 4 +-
.../reactos/libs/mbedtls/memory_buffer_alloc.h | 4 +-
sdk/include/reactos/libs/mbedtls/net.h | 4 +-
sdk/include/reactos/libs/mbedtls/net_sockets.h | 4 +-
sdk/include/reactos/libs/mbedtls/oid.h | 4 +-
sdk/include/reactos/libs/mbedtls/padlock.h | 4 +-
sdk/include/reactos/libs/mbedtls/pem.h | 4 +-
sdk/include/reactos/libs/mbedtls/pk.h | 4 +-
sdk/include/reactos/libs/mbedtls/pk_internal.h | 4 +-
sdk/include/reactos/libs/mbedtls/pkcs11.h | 4 +-
sdk/include/reactos/libs/mbedtls/pkcs12.h | 4 +-
sdk/include/reactos/libs/mbedtls/pkcs5.h | 4 +-
sdk/include/reactos/libs/mbedtls/platform.h | 4 +-
sdk/include/reactos/libs/mbedtls/platform_time.h | 4 +-
sdk/include/reactos/libs/mbedtls/ripemd160.h | 4 +-
sdk/include/reactos/libs/mbedtls/rsa.h | 4 +-
sdk/include/reactos/libs/mbedtls/rsa_internal.h | 4 +-
sdk/include/reactos/libs/mbedtls/sha1.h | 4 +-
sdk/include/reactos/libs/mbedtls/sha256.h | 4 +-
sdk/include/reactos/libs/mbedtls/sha512.h | 4 +-
sdk/include/reactos/libs/mbedtls/ssl.h | 4 +-
sdk/include/reactos/libs/mbedtls/ssl_cache.h | 4 +-
.../reactos/libs/mbedtls/ssl_ciphersuites.h | 4 +-
sdk/include/reactos/libs/mbedtls/ssl_cookie.h | 4 +-
sdk/include/reactos/libs/mbedtls/ssl_internal.h | 88 +++++-
sdk/include/reactos/libs/mbedtls/ssl_ticket.h | 4 +-
sdk/include/reactos/libs/mbedtls/threading.h | 4 +-
sdk/include/reactos/libs/mbedtls/timing.h | 4 +-
sdk/include/reactos/libs/mbedtls/version.h | 12 +-
sdk/include/reactos/libs/mbedtls/x509.h | 4 +-
sdk/include/reactos/libs/mbedtls/x509_crl.h | 4 +-
sdk/include/reactos/libs/mbedtls/x509_crt.h | 4 +-
sdk/include/reactos/libs/mbedtls/x509_csr.h | 4 +-
sdk/include/reactos/libs/mbedtls/xtea.h | 4 +-
144 files changed, 558 insertions(+), 595 deletions(-)
diff --git a/dll/3rdparty/mbedtls/aes.c b/dll/3rdparty/mbedtls/aes.c
index cda63ef5203..e0c7a11c38e 100644
--- a/dll/3rdparty/mbedtls/aes.c
+++ b/dll/3rdparty/mbedtls/aes.c
@@ -1,7 +1,7 @@
/*
* FIPS-197 compliant AES implementation
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ * Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*
* This file is provided under the Apache License 2.0, or the
@@ -42,8 +42,6 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*
* **********
- *
- * This file is part of mbed TLS (https://tls.mbed.org)
*/
/*
* The AES block cipher was designed by Vincent Rijmen and Joan Daemen.
diff --git a/dll/3rdparty/mbedtls/aesni.c b/dll/3rdparty/mbedtls/aesni.c
index 18050d80337..d4969f521b1 100644
--- a/dll/3rdparty/mbedtls/aesni.c
+++ b/dll/3rdparty/mbedtls/aesni.c
@@ -1,7 +1,7 @@
/*
* AES-NI support functions
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ * Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*
* This file is provided under the Apache License 2.0, or the
@@ -42,8 +42,6 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*
* **********
- *
- * This file is part of mbed TLS (https://tls.mbed.org)
*/
/*
diff --git a/dll/3rdparty/mbedtls/arc4.c b/dll/3rdparty/mbedtls/arc4.c
index 052aa328f0c..338ecd7a7bb 100644
--- a/dll/3rdparty/mbedtls/arc4.c
+++ b/dll/3rdparty/mbedtls/arc4.c
@@ -1,7 +1,7 @@
/*
* An implementation of the ARCFOUR algorithm
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ * Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*
* This file is provided under the Apache License 2.0, or the
@@ -42,8 +42,6 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*
* **********
- *
- * This file is part of mbed TLS (https://tls.mbed.org)
*/
/*
* The ARCFOUR algorithm was publicly disclosed on 94/09.
diff --git a/dll/3rdparty/mbedtls/asn1parse.c b/dll/3rdparty/mbedtls/asn1parse.c
index 1ef388dcffe..9b4455857d7 100644
--- a/dll/3rdparty/mbedtls/asn1parse.c
+++ b/dll/3rdparty/mbedtls/asn1parse.c
@@ -1,7 +1,7 @@
/*
* Generic ASN.1 parsing
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ * Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*
* This file is provided under the Apache License 2.0, or the
@@ -42,8 +42,6 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*
* **********
- *
- * This file is part of mbed TLS (https://tls.mbed.org)
*/
#if !defined(MBEDTLS_CONFIG_FILE)
diff --git a/dll/3rdparty/mbedtls/asn1write.c b/dll/3rdparty/mbedtls/asn1write.c
index 6828b8ded5d..9740320b77e 100644
--- a/dll/3rdparty/mbedtls/asn1write.c
+++ b/dll/3rdparty/mbedtls/asn1write.c
@@ -1,7 +1,7 @@
/*
* ASN.1 buffer writing functionality
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ * Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*
* This file is provided under the Apache License 2.0, or the
@@ -42,8 +42,6 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*
* **********
- *
- * This file is part of mbed TLS (https://tls.mbed.org)
*/
#if !defined(MBEDTLS_CONFIG_FILE)
diff --git a/dll/3rdparty/mbedtls/base64.c b/dll/3rdparty/mbedtls/base64.c
index 75849d1214d..bfafb05353c 100644
--- a/dll/3rdparty/mbedtls/base64.c
+++ b/dll/3rdparty/mbedtls/base64.c
@@ -1,7 +1,7 @@
/*
* RFC 1521 base64 encoding/decoding
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ * Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*
* This file is provided under the Apache License 2.0, or the
@@ -42,8 +42,6 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*
* **********
- *
- * This file is part of mbed TLS (https://tls.mbed.org)
*/
#if !defined(MBEDTLS_CONFIG_FILE)
diff --git a/dll/3rdparty/mbedtls/bignum.c b/dll/3rdparty/mbedtls/bignum.c
index 84a43c8cba8..3135ec4adc6 100644
--- a/dll/3rdparty/mbedtls/bignum.c
+++ b/dll/3rdparty/mbedtls/bignum.c
@@ -1,7 +1,7 @@
/*
* Multi-precision integer library
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ * Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*
* This file is provided under the Apache License 2.0, or the
@@ -42,8 +42,6 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*
* **********
- *
- * This file is part of mbed TLS (https://tls.mbed.org)
*/
/*
diff --git a/dll/3rdparty/mbedtls/blowfish.c b/dll/3rdparty/mbedtls/blowfish.c
index eeafe2869bb..66bf355efd3 100644
--- a/dll/3rdparty/mbedtls/blowfish.c
+++ b/dll/3rdparty/mbedtls/blowfish.c
@@ -1,7 +1,7 @@
/*
* Blowfish implementation
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ * Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*
* This file is provided under the Apache License 2.0, or the
@@ -42,8 +42,6 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*
* **********
- *
- * This file is part of mbed TLS (https://tls.mbed.org)
*/
/*
* The Blowfish block cipher was designed by Bruce Schneier in 1993.
diff --git a/dll/3rdparty/mbedtls/camellia.c b/dll/3rdparty/mbedtls/camellia.c
index e3609d3554c..6ef4c213345 100644
--- a/dll/3rdparty/mbedtls/camellia.c
+++ b/dll/3rdparty/mbedtls/camellia.c
@@ -1,7 +1,7 @@
/*
* Camellia implementation
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ * Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*
* This file is provided under the Apache License 2.0, or the
@@ -42,8 +42,6 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*
* **********
- *
- * This file is part of mbed TLS (https://tls.mbed.org)
*/
/*
* The Camellia block cipher was designed by NTT and Mitsubishi Electric
diff --git a/dll/3rdparty/mbedtls/ccm.c b/dll/3rdparty/mbedtls/ccm.c
index 456fedc3125..ed3c74c8c61 100644
--- a/dll/3rdparty/mbedtls/ccm.c
+++ b/dll/3rdparty/mbedtls/ccm.c
@@ -1,7 +1,7 @@
/*
* NIST SP800-38C compliant CCM implementation
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ * Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*
* This file is provided under the Apache License 2.0, or the
@@ -42,8 +42,6 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*
* **********
- *
- * This file is part of mbed TLS (https://tls.mbed.org)
*/
/*
diff --git a/dll/3rdparty/mbedtls/certs.c b/dll/3rdparty/mbedtls/certs.c
index 73409afc99b..360325c85e8 100644
--- a/dll/3rdparty/mbedtls/certs.c
+++ b/dll/3rdparty/mbedtls/certs.c
@@ -1,7 +1,7 @@
/*
* X.509 test certificates
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ * Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*
* This file is provided under the Apache License 2.0, or the
@@ -42,8 +42,6 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*
* **********
- *
- * This file is part of mbed TLS (https://tls.mbed.org)
*/
#if !defined(MBEDTLS_CONFIG_FILE)
@@ -207,16 +205,12 @@ const size_t mbedtls_test_ca_crt_rsa_len = sizeof( mbedtls_test_ca_crt_rsa );
#if defined(MBEDTLS_SHA256_C)
/* tests/data_files/server2-sha256.crt */
-/* Or more precisely, this is the contents of the version of this file
- * that's in the mbedtls-2.16 branch, due to a backporting mistake.
- * We don't want to change the contents now, as that would change the size
- * which is part of the ABI, which should be stable in LTS branches. */
#define TEST_SRV_CRT_RSA_SHA256 \
"-----BEGIN CERTIFICATE-----\r\n" \
"MIIDNzCCAh+gAwIBAgIBAjANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER\r\n" \
-"MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN\r\n" \
+"MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN\r\n" \
"MTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA0MQswCQYDVQQGEwJOTDERMA8G\r\n" \
-"A1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcN\r\n" \
+"A1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcN\r\n" \
"AQEBBQADggEPADCCAQoCggEBAMFNo93nzR3RBNdJcriZrA545Do8Ss86ExbQWuTN\r\n" \
"owCIp+4ea5anUrSQ7y1yej4kmvy2NKwk9XfgJmSMnLAofaHa6ozmyRyWvP7BBFKz\r\n" \
"NtSj+uGxdtiQwWG0ZlI2oiZTqqt0Xgd9GYLbKtgfoNkNHC1JZvdbJXNG6AuKT2kM\r\n" \
@@ -224,13 +218,13 @@ const size_t mbedtls_test_ca_crt_rsa_len = sizeof( mbedtls_test_ca_crt_rsa );
"hYvai0Re4hjGYi/HZo36Xdh98yeJKQHFkA4/J/EwyEoO79bex8cna8cFPXrEAjya\r\n" \
"HT4P6DSYW8tzS1KW2BGiLICIaTla0w+w3lkvEcf36hIBMJcCAwEAAaNNMEswCQYD\r\n" \
"VR0TBAIwADAdBgNVHQ4EFgQUpQXoZLjc32APUBJNYKhkr02LQ5MwHwYDVR0jBBgw\r\n" \
-"FoAUtFrkpbPe0lL2udWmlQ/rPrzH/f8wDQYJKoZIhvcNAQELBQADggEBAC465FJh\r\n" \
-"Pqel7zJngHIHJrqj/wVAxGAFOTF396XKATGAp+HRCqJ81Ry60CNK1jDzk8dv6M6U\r\n" \
-"HoS7RIFiM/9rXQCbJfiPD5xMTejZp5n5UYHAmxsxDaazfA5FuBhkfokKK6jD4Eq9\r\n" \
-"1C94xGKb6X4/VkaPF7cqoBBw/bHxawXc0UEPjqayiBpCYU/rJoVZgLqFVP7Px3sv\r\n" \
-"a1nOrNx8rPPI1hJ+ZOg8maiPTxHZnBVLakSSLQy/sWeWyazO1RnrbxjrbgQtYKz0\r\n" \
-"e3nwGpu1w13vfckFmUSBhHXH7AAS/HpKC4IH7G2GAk3+n8iSSN71sZzpxonQwVbo\r\n" \
-"pMZqLmbBm/7WPLc=\r\n" \
+"FoAUtFrkpbPe0lL2udWmlQ/rPrzH/f8wDQYJKoZIhvcNAQELBQADggEBALVvYxsd\r\n" \
+"o5YSOIaApPlpnFUnz5zD/TbI9/63iJH+ae61jvpjTY1bqLBBEcqMMg9tVFUdt4xd\r\n" \
+"9MifL5zRZOGqKpfhWyoUZv7kXXMtfJsy0A6sqK11FcUE9r2Mt50tAO1MLZLJ5tKD\r\n" \
+"XY9/dTqXnENPxCGUo89/UwIFuNhKPUDBRMeyx8FaKsGVksF/lGxYVFWrfzZFlW0M\r\n" \
+"SXduk5xjoHE83erLEtZoxWIgrx7LXXgkDtswGkH+VpFt9dFFXJaeAQPeUBDAhEE9\r\n" \
+"UDkaCx5tPlyriwUW1w1xDx40VFV+Dgg9CFxiHCF+ppg+MG8HV0LVDRJlhN94QHNg\r\n" \
+"DAAVd5iuv8P+00Y=\r\n" \
"-----END CERTIFICATE-----\r\n"
const char mbedtls_test_srv_crt_rsa[] = TEST_SRV_CRT_RSA_SHA256;
diff --git a/dll/3rdparty/mbedtls/cipher.c b/dll/3rdparty/mbedtls/cipher.c
index b8da586cbbd..7054f4bca5b 100644
--- a/dll/3rdparty/mbedtls/cipher.c
+++ b/dll/3rdparty/mbedtls/cipher.c
@@ -5,7 +5,7 @@
*
* \author Adriaan de Jong <dejong(a)fox-it.com>
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ * Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*
* This file is provided under the Apache License 2.0, or the
@@ -46,8 +46,6 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*
* **********
- *
- * This file is part of mbed TLS (https://tls.mbed.org)
*/
#if !defined(MBEDTLS_CONFIG_FILE)
diff --git a/dll/3rdparty/mbedtls/cipher_wrap.c b/dll/3rdparty/mbedtls/cipher_wrap.c
index 56a935efc80..51a90a591d3 100644
--- a/dll/3rdparty/mbedtls/cipher_wrap.c
+++ b/dll/3rdparty/mbedtls/cipher_wrap.c
@@ -5,7 +5,7 @@
*
* \author Adriaan de Jong <dejong(a)fox-it.com>
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ * Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*
* This file is provided under the Apache License 2.0, or the
@@ -46,8 +46,6 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*
* **********
- *
- * This file is part of mbed TLS (https://tls.mbed.org)
*/
#if !defined(MBEDTLS_CONFIG_FILE)
diff --git a/dll/3rdparty/mbedtls/cmac.c b/dll/3rdparty/mbedtls/cmac.c
index 0b769ff047a..0d8280416c8 100644
--- a/dll/3rdparty/mbedtls/cmac.c
+++ b/dll/3rdparty/mbedtls/cmac.c
@@ -3,7 +3,7 @@
*
* \brief NIST SP800-38B compliant CMAC implementation for AES and 3DES
*
- * Copyright (C) 2006-2016, ARM Limited, All Rights Reserved
+ * Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*
* This file is provided under the Apache License 2.0, or the
@@ -44,8 +44,6 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*
* **********
- *
- * This file is part of mbed TLS (https://tls.mbed.org)
*/
/*
diff --git a/dll/3rdparty/mbedtls/ctr_drbg.c b/dll/3rdparty/mbedtls/ctr_drbg.c
index ed00765c9ad..184e09fc104 100644
--- a/dll/3rdparty/mbedtls/ctr_drbg.c
+++ b/dll/3rdparty/mbedtls/ctr_drbg.c
@@ -1,7 +1,7 @@
/*
* CTR_DRBG implementation based on AES-256 (NIST SP 800-90)
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ * Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*
* This file is provided under the Apache License 2.0, or the
@@ -42,8 +42,6 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*
* **********
- *
- * This file is part of mbed TLS (https://tls.mbed.org)
*/
/*
* The NIST SP 800-90 DRBGs are described in the following publication.
diff --git a/dll/3rdparty/mbedtls/debug.c b/dll/3rdparty/mbedtls/debug.c
index 5fdb3a08fcc..25951eac5b4 100644
--- a/dll/3rdparty/mbedtls/debug.c
+++ b/dll/3rdparty/mbedtls/debug.c
@@ -1,7 +1,7 @@
/*
* Debugging routines
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ * Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*
* This file is provided under the Apache License 2.0, or the
@@ -42,8 +42,6 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*
* **********
- *
- * This file is part of mbed TLS (https://tls.mbed.org)
*/
#if !defined(MBEDTLS_CONFIG_FILE)
diff --git a/dll/3rdparty/mbedtls/des.c b/dll/3rdparty/mbedtls/des.c
index 3dc925897d9..f68dba0b3af 100644
--- a/dll/3rdparty/mbedtls/des.c
+++ b/dll/3rdparty/mbedtls/des.c
@@ -1,7 +1,7 @@
/*
* FIPS-46-3 compliant Triple-DES implementation
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ * Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*
* This file is provided under the Apache License 2.0, or the
@@ -42,8 +42,6 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*
* **********
- *
- * This file is part of mbed TLS (https://tls.mbed.org)
*/
/*
* DES, on which TDES is based, was originally designed by Horst Feistel
diff --git a/dll/3rdparty/mbedtls/dhm.c b/dll/3rdparty/mbedtls/dhm.c
index d14b7296df1..e15cc8e949e 100644
--- a/dll/3rdparty/mbedtls/dhm.c
+++ b/dll/3rdparty/mbedtls/dhm.c
@@ -1,7 +1,7 @@
/*
* Diffie-Hellman-Merkle key exchange
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ * Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*
* This file is provided under the Apache License 2.0, or the
@@ -42,8 +42,6 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*
* **********
- *
- * This file is part of mbed TLS (https://tls.mbed.org)
*/
/*
* The following sources were referenced in the design of this implementation
@@ -335,6 +333,32 @@ cleanup:
return( 0 );
}
+/*
+ * Pick a random R in the range [2, M) for blinding purposes
+ */
+static int dhm_random_below( mbedtls_mpi *R, const mbedtls_mpi *M,
+ int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
+{
+ int ret, count;
+
+ count = 0;
+ do
+ {
+ MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( R, mbedtls_mpi_size( M ), f_rng, p_rng ) );
+
+ while( mbedtls_mpi_cmp_mpi( R, M ) >= 0 )
+ MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( R, 1 ) );
+
+ if( count++ > 10 )
+ return( MBEDTLS_ERR_MPI_NOT_ACCEPTABLE );
+ }
+ while( mbedtls_mpi_cmp_int( R, 1 ) <= 0 );
+
+cleanup:
+ return( ret );
+}
+
+
/*
* Use the blinding method and optimisation suggested in section 10 of:
* KOCHER, Paul C. Timing attacks on implementations of Diffie-Hellman, RSA,
@@ -344,7 +368,10 @@ cleanup:
static int dhm_update_blinding( mbedtls_dhm_context *ctx,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
{
- int ret, count;
+ int ret;
+ mbedtls_mpi R;
+
+ mbedtls_mpi_init( &R );
/*
* Don't use any blinding the first time a particular X is used,
@@ -379,24 +406,23 @@ static int dhm_update_blinding( mbedtls_dhm_context *ctx,
*/
/* Vi = random( 2, P-1 ) */
- count = 0;
- do
- {
- MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( &ctx->Vi, mbedtls_mpi_size( &ctx->P ), f_rng, p_rng ) );
-
- while( mbedtls_mpi_cmp_mpi( &ctx->Vi, &ctx->P ) >= 0 )
- MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &ctx->Vi, 1 ) );
-
- if( count++ > 10 )
- return( MBEDTLS_ERR_MPI_NOT_ACCEPTABLE );
- }
- while( mbedtls_mpi_cmp_int( &ctx->Vi, 1 ) <= 0 );
+ MBEDTLS_MPI_CHK( dhm_random_below( &ctx->Vi, &ctx->P, f_rng, p_rng ) );
+
+ /* Vf = Vi^-X mod P
+ * First compute Vi^-1 = R * (R Vi)^-1, (avoiding leaks from inv_mod),
+ * then elevate to the Xth power. */
+ MBEDTLS_MPI_CHK( dhm_random_below( &R, &ctx->P, f_rng, p_rng ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &ctx->Vf, &ctx->Vi, &R ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &ctx->Vf, &ctx->Vf, &ctx->P ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( &ctx->Vf, &ctx->Vf, &ctx->P ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &ctx->Vf, &ctx->Vf, &R ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &ctx->Vf, &ctx->Vf, &ctx->P ) );
- /* Vf = Vi^-X mod P */
- MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( &ctx->Vf, &ctx->Vi, &ctx->P ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &ctx->Vf, &ctx->Vf, &ctx->X, &ctx->P, &ctx->RP ) );
cleanup:
+ mbedtls_mpi_free( &R );
+
return( ret );
}
diff --git a/dll/3rdparty/mbedtls/ecdh.c b/dll/3rdparty/mbedtls/ecdh.c
index 4c97f8ef359..a8ff5b94110 100644
--- a/dll/3rdparty/mbedtls/ecdh.c
+++ b/dll/3rdparty/mbedtls/ecdh.c
@@ -1,7 +1,7 @@
/*
* Elliptic curve Diffie-Hellman
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ * Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*
* This file is provided under the Apache License 2.0, or the
@@ -42,8 +42,6 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*
* **********
- *
- * This file is part of mbed TLS (https://tls.mbed.org)
*/
/*
diff --git a/dll/3rdparty/mbedtls/ecdsa.c b/dll/3rdparty/mbedtls/ecdsa.c
index 10ef218558b..59803d04e1e 100644
--- a/dll/3rdparty/mbedtls/ecdsa.c
+++ b/dll/3rdparty/mbedtls/ecdsa.c
@@ -1,7 +1,7 @@
/*
* Elliptic curve DSA
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ * Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*
* This file is provided under the Apache License 2.0, or the
@@ -42,8 +42,6 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*
* **********
- *
- * This file is part of mbed TLS (https://tls.mbed.org)
*/
/*
diff --git a/dll/3rdparty/mbedtls/ecjpake.c b/dll/3rdparty/mbedtls/ecjpake.c
index 09bd1fbc4c8..a6f50838651 100644
--- a/dll/3rdparty/mbedtls/ecjpake.c
+++ b/dll/3rdparty/mbedtls/ecjpake.c
@@ -1,7 +1,7 @@
/*
* Elliptic curve J-PAKE
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ * Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*
* This file is provided under the Apache License 2.0, or the
@@ -42,8 +42,6 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*
* **********
- *
- * This file is part of mbed TLS (https://tls.mbed.org)
*/
/*
diff --git a/dll/3rdparty/mbedtls/ecp.c b/dll/3rdparty/mbedtls/ecp.c
index f83f4db7a0b..897c01e1432 100644
--- a/dll/3rdparty/mbedtls/ecp.c
+++ b/dll/3rdparty/mbedtls/ecp.c
@@ -1,7 +1,7 @@
/*
* Elliptic curves over GF(p): generic functions
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ * Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*
* This file is provided under the Apache License 2.0, or the
@@ -42,8 +42,6 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*
* **********
- *
- * This file is part of mbed TLS (https://tls.mbed.org)
*/
/*
diff --git a/dll/3rdparty/mbedtls/ecp_curves.c b/dll/3rdparty/mbedtls/ecp_curves.c
index e2d46c90c44..26f62584c35 100644
--- a/dll/3rdparty/mbedtls/ecp_curves.c
+++ b/dll/3rdparty/mbedtls/ecp_curves.c
@@ -1,7 +1,7 @@
/*
* Elliptic curves over GF(p): curve-specific data and functions
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ * Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*
* This file is provided under the Apache License 2.0, or the
@@ -42,8 +42,6 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*
* **********
- *
- * This file is part of mbed TLS (https://tls.mbed.org)
*/
#if !defined(MBEDTLS_CONFIG_FILE)
diff --git a/dll/3rdparty/mbedtls/entropy.c b/dll/3rdparty/mbedtls/entropy.c
index 4d7a9b32c3e..ee98e4cdb94 100644
--- a/dll/3rdparty/mbedtls/entropy.c
+++ b/dll/3rdparty/mbedtls/entropy.c
@@ -1,7 +1,7 @@
/*
* Entropy accumulator implementation
*
- * Copyright (C) 2006-2016, ARM Limited, All Rights Reserved
+ * Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*
* This file is provided under the Apache License 2.0, or the
@@ -42,8 +42,6 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*
* **********
- *
- * This file is part of mbed TLS (https://tls.mbed.org)
*/
#if !defined(MBEDTLS_CONFIG_FILE)
diff --git a/dll/3rdparty/mbedtls/entropy_poll.c b/dll/3rdparty/mbedtls/entropy_poll.c
index c3b21312d09..dbb57008e32 100644
--- a/dll/3rdparty/mbedtls/entropy_poll.c
+++ b/dll/3rdparty/mbedtls/entropy_poll.c
@@ -1,7 +1,7 @@
/*
* Platform-specific and custom entropy polling functions
*
- * Copyright (C) 2006-2016, ARM Limited, All Rights Reserved
+ * Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*
* This file is provided under the Apache License 2.0, or the
@@ -42,8 +42,6 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*
* **********
- *
- * This file is part of mbed TLS (https://tls.mbed.org)
*/
#if !defined(MBEDTLS_CONFIG_FILE)
diff --git a/dll/3rdparty/mbedtls/error.c b/dll/3rdparty/mbedtls/error.c
index fa0e01f919a..0757268f250 100644
--- a/dll/3rdparty/mbedtls/error.c
+++ b/dll/3rdparty/mbedtls/error.c
@@ -1,7 +1,7 @@
/*
* Error message information
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ * Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*
* This file is provided under the Apache License 2.0, or the
@@ -42,8 +42,6 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*
* **********
- *
- * This file is part of mbed TLS (https://tls.mbed.org)
*/
#if !defined(MBEDTLS_CONFIG_FILE)
diff --git a/dll/3rdparty/mbedtls/gcm.c b/dll/3rdparty/mbedtls/gcm.c
index 9a9de2d2b47..a7e6706364e 100644
--- a/dll/3rdparty/mbedtls/gcm.c
+++ b/dll/3rdparty/mbedtls/gcm.c
@@ -1,7 +1,7 @@
/*
* NIST SP800-38D compliant GCM implementation
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ * Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*
* This file is provided under the Apache License 2.0, or the
@@ -42,8 +42,6 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*
* **********
- *
- * This file is part of mbed TLS (https://tls.mbed.org)
*/
/*
diff --git a/dll/3rdparty/mbedtls/havege.c b/dll/3rdparty/mbedtls/havege.c
index fed80017e6a..8d106df895c 100644
--- a/dll/3rdparty/mbedtls/havege.c
+++ b/dll/3rdparty/mbedtls/havege.c
@@ -1,7 +1,7 @@
/**
* \brief HAVEGE: HArdware Volatile Entropy Gathering and Expansion
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ * Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*
* This file is provided under the Apache License 2.0, or the
@@ -42,8 +42,6 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*
* **********
- *
- * This file is part of mbed TLS (https://tls.mbed.org)
*/
/*
* The HAVEGE RNG was designed by Andre Seznec in 2002.
diff --git a/dll/3rdparty/mbedtls/hmac_drbg.c b/dll/3rdparty/mbedtls/hmac_drbg.c
index 2ce20bc63b5..f24a66c852f 100644
--- a/dll/3rdparty/mbedtls/hmac_drbg.c
+++ b/dll/3rdparty/mbedtls/hmac_drbg.c
@@ -1,7 +1,7 @@
/*
* HMAC_DRBG implementation (NIST SP 800-90)
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ * Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*
* This file is provided under the Apache License 2.0, or the
@@ -42,8 +42,6 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*
* **********
- *
- * This file is part of mbed TLS (https://tls.mbed.org)
*/
/*
diff --git a/dll/3rdparty/mbedtls/md.c b/dll/3rdparty/mbedtls/md.c
index 2af2f5fab40..ba48471c6cb 100644
--- a/dll/3rdparty/mbedtls/md.c
+++ b/dll/3rdparty/mbedtls/md.c
@@ -5,7 +5,7 @@
*
* \author Adriaan de Jong <dejong(a)fox-it.com>
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ * Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*
* This file is provided under the Apache License 2.0, or the
@@ -46,8 +46,6 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*
* **********
- *
- * This file is part of mbed TLS (https://tls.mbed.org)
*/
#if !defined(MBEDTLS_CONFIG_FILE)
diff --git a/dll/3rdparty/mbedtls/md2.c b/dll/3rdparty/mbedtls/md2.c
index dbe2417a20c..293ada30451 100644
--- a/dll/3rdparty/mbedtls/md2.c
+++ b/dll/3rdparty/mbedtls/md2.c
@@ -1,7 +1,7 @@
/*
* RFC 1115/1319 compliant MD2 implementation
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ * Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*
* This file is provided under the Apache License 2.0, or the
@@ -42,8 +42,6 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*
* **********
- *
- * This file is part of mbed TLS (https://tls.mbed.org)
*/
/*
* The MD2 algorithm was designed by Ron Rivest in 1989.
diff --git a/dll/3rdparty/mbedtls/md4.c b/dll/3rdparty/mbedtls/md4.c
index 7a60bbafc47..69825595f66 100644
--- a/dll/3rdparty/mbedtls/md4.c
+++ b/dll/3rdparty/mbedtls/md4.c
@@ -1,7 +1,7 @@
/*
* RFC 1186/1320 compliant MD4 implementation
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ * Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*
* This file is provided under the Apache License 2.0, or the
@@ -42,8 +42,6 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*
* **********
- *
- * This file is part of mbed TLS (https://tls.mbed.org)
*/
/*
* The MD4 algorithm was designed by Ron Rivest in 1990.
diff --git a/dll/3rdparty/mbedtls/md5.c b/dll/3rdparty/mbedtls/md5.c
index 6924dc0487f..009a013ef05 100644
--- a/dll/3rdparty/mbedtls/md5.c
+++ b/dll/3rdparty/mbedtls/md5.c
@@ -1,7 +1,7 @@
/*
* RFC 1321 compliant MD5 implementation
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ * Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*
* This file is provided under the Apache License 2.0, or the
@@ -42,8 +42,6 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*
* **********
- *
- * This file is part of mbed TLS (https://tls.mbed.org)
*/
/*
* The MD5 algorithm was designed by Ron Rivest in 1991.
diff --git a/dll/3rdparty/mbedtls/md_wrap.c b/dll/3rdparty/mbedtls/md_wrap.c
index 7c737d87e98..7459db2faf9 100644
--- a/dll/3rdparty/mbedtls/md_wrap.c
+++ b/dll/3rdparty/mbedtls/md_wrap.c
@@ -5,7 +5,7 @@
*
* \author Adriaan de Jong <dejong(a)fox-it.com>
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ * Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*
* This file is provided under the Apache License 2.0, or the
@@ -46,8 +46,6 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*
* **********
- *
- * This file is part of mbed TLS (https://tls.mbed.org)
*/
#if !defined(MBEDTLS_CONFIG_FILE)
diff --git a/dll/3rdparty/mbedtls/memory_buffer_alloc.c b/dll/3rdparty/mbedtls/memory_buffer_alloc.c
index 056a6ea63d9..dc8b4bf09f5 100644
--- a/dll/3rdparty/mbedtls/memory_buffer_alloc.c
+++ b/dll/3rdparty/mbedtls/memory_buffer_alloc.c
@@ -1,7 +1,7 @@
/*
* Buffer-based memory allocator
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ * Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*
* This file is provided under the Apache License 2.0, or the
@@ -42,8 +42,6 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*
* **********
- *
- * This file is part of mbed TLS (https://tls.mbed.org)
*/
#if !defined(MBEDTLS_CONFIG_FILE)
diff --git a/dll/3rdparty/mbedtls/net_sockets.c b/dll/3rdparty/mbedtls/net_sockets.c
index 7a56917007e..2876f8fdd61 100644
--- a/dll/3rdparty/mbedtls/net_sockets.c
+++ b/dll/3rdparty/mbedtls/net_sockets.c
@@ -1,7 +1,7 @@
/*
* TCP/IP or UDP/IP networking functions
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ * Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*
* This file is provided under the Apache License 2.0, or the
@@ -42,8 +42,6 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*
* **********
- *
- * This file is part of mbed TLS (https://tls.mbed.org)
*/
#if !defined(MBEDTLS_CONFIG_FILE)
@@ -335,8 +333,9 @@ int mbedtls_net_accept( mbedtls_net_context *bind_ctx,
struct sockaddr_storage client_addr;
-#if defined(__socklen_t_defined) || defined(_SOCKLEN_T) || \
- defined(_SOCKLEN_T_DECLARED) || defined(__DEFINED_socklen_t)
+#if defined(__socklen_t_defined) || defined(_SOCKLEN_T) || \
+ defined(_SOCKLEN_T_DECLARED) || defined(__DEFINED_socklen_t) || \
+ ( defined(__NetBSD__) && defined(socklen_t) )
socklen_t n = (socklen_t) sizeof( client_addr );
socklen_t type_len = (socklen_t) sizeof( type );
#else
diff --git a/dll/3rdparty/mbedtls/oid.c b/dll/3rdparty/mbedtls/oid.c
index 9d0101310d9..ad2c32221d6 100644
--- a/dll/3rdparty/mbedtls/oid.c
+++ b/dll/3rdparty/mbedtls/oid.c
@@ -3,7 +3,7 @@
*
* \brief Object Identifier (OID) database
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ * Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*
* This file is provided under the Apache License 2.0, or the
@@ -44,8 +44,6 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*
* **********
- *
- * This file is part of mbed TLS (https://tls.mbed.org)
*/
#if !defined(MBEDTLS_CONFIG_FILE)
diff --git a/dll/3rdparty/mbedtls/padlock.c b/dll/3rdparty/mbedtls/padlock.c
index fe6e7f9cf37..afb7e0ad42b 100644
--- a/dll/3rdparty/mbedtls/padlock.c
+++ b/dll/3rdparty/mbedtls/padlock.c
@@ -1,7 +1,7 @@
/*
* VIA PadLock support functions
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ * Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*
* This file is provided under the Apache License 2.0, or the
@@ -42,8 +42,6 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*
* **********
- *
- * This file is part of mbed TLS (https://tls.mbed.org)
*/
/*
* This implementation is based on the VIA PadLock Programming Guide:
diff --git a/dll/3rdparty/mbedtls/pem.c b/dll/3rdparty/mbedtls/pem.c
index 6ff4b01a4db..9eff10ea1db 100644
--- a/dll/3rdparty/mbedtls/pem.c
+++ b/dll/3rdparty/mbedtls/pem.c
@@ -1,7 +1,7 @@
/*
* Privacy Enhanced Mail (PEM) decoding
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ * Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*
* This file is provided under the Apache License 2.0, or the
@@ -42,8 +42,6 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*
* **********
- *
- * This file is part of mbed TLS (https://tls.mbed.org)
*/
#if !defined(MBEDTLS_CONFIG_FILE)
diff --git a/dll/3rdparty/mbedtls/pk.c b/dll/3rdparty/mbedtls/pk.c
index 637fd49dd00..bf96debba13 100644
--- a/dll/3rdparty/mbedtls/pk.c
+++ b/dll/3rdparty/mbedtls/pk.c
@@ -1,7 +1,7 @@
/*
* Public Key abstraction layer
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ * Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*
* This file is provided under the Apache License 2.0, or the
@@ -42,8 +42,6 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*
* **********
- *
- * This file is part of mbed TLS (https://tls.mbed.org)
*/
#if !defined(MBEDTLS_CONFIG_FILE)
diff --git a/dll/3rdparty/mbedtls/pk_wrap.c b/dll/3rdparty/mbedtls/pk_wrap.c
index f73992886ee..966a17c1855 100644
--- a/dll/3rdparty/mbedtls/pk_wrap.c
+++ b/dll/3rdparty/mbedtls/pk_wrap.c
@@ -1,7 +1,7 @@
/*
* Public Key abstraction layer: wrapper functions
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ * Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*
* This file is provided under the Apache License 2.0, or the
@@ -42,8 +42,6 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*
* **********
- *
- * This file is part of mbed TLS (https://tls.mbed.org)
*/
#if !defined(MBEDTLS_CONFIG_FILE)
diff --git a/dll/3rdparty/mbedtls/pkcs11.c b/dll/3rdparty/mbedtls/pkcs11.c
index 30d045bf18e..cf484b86eb4 100644
--- a/dll/3rdparty/mbedtls/pkcs11.c
+++ b/dll/3rdparty/mbedtls/pkcs11.c
@@ -5,7 +5,7 @@
*
* \author Adriaan de Jong <dejong(a)fox-it.com>
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ * Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*
* This file is provided under the Apache License 2.0, or the
@@ -46,8 +46,6 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*
* **********
- *
- * This file is part of mbed TLS (https://tls.mbed.org)
*/
#include "mbedtls/pkcs11.h"
diff --git a/dll/3rdparty/mbedtls/pkcs12.c b/dll/3rdparty/mbedtls/pkcs12.c
index 5a522c16faf..9ee63c2d323 100644
--- a/dll/3rdparty/mbedtls/pkcs12.c
+++ b/dll/3rdparty/mbedtls/pkcs12.c
@@ -1,7 +1,7 @@
/*
* PKCS#12 Personal Information Exchange Syntax
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ * Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*
* This file is provided under the Apache License 2.0, or the
@@ -42,8 +42,6 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*
* **********
- *
- * This file is part of mbed TLS (https://tls.mbed.org)
*/
/*
* The PKCS #12 Personal Information Exchange Syntax Standard v1.1
diff --git a/dll/3rdparty/mbedtls/pkcs5.c b/dll/3rdparty/mbedtls/pkcs5.c
index 7ac67093c02..8a80aa5d05c 100644
--- a/dll/3rdparty/mbedtls/pkcs5.c
+++ b/dll/3rdparty/mbedtls/pkcs5.c
@@ -5,7 +5,7 @@
*
* \author Mathias Olsson <mathias(a)kompetensum.com>
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ * Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*
* This file is provided under the Apache License 2.0, or the
@@ -46,8 +46,6 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*
* **********
- *
- * This file is part of mbed TLS (https://tls.mbed.org)
*/
/*
* PKCS#5 includes PBKDF2 and more
diff --git a/dll/3rdparty/mbedtls/pkparse.c b/dll/3rdparty/mbedtls/pkparse.c
index 9a5e1b88c57..77d48c1ad86 100644
--- a/dll/3rdparty/mbedtls/pkparse.c
+++ b/dll/3rdparty/mbedtls/pkparse.c
@@ -1,7 +1,7 @@
/*
* Public Key layer for parsing key files and structures
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ * Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*
* This file is provided under the Apache License 2.0, or the
@@ -42,8 +42,6 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*
* **********
- *
- * This file is part of mbed TLS (https://tls.mbed.org)
*/
#if !defined(MBEDTLS_CONFIG_FILE)
diff --git a/dll/3rdparty/mbedtls/pkwrite.c b/dll/3rdparty/mbedtls/pkwrite.c
index e1076251f00..b0295651904 100644
--- a/dll/3rdparty/mbedtls/pkwrite.c
+++ b/dll/3rdparty/mbedtls/pkwrite.c
@@ -1,7 +1,7 @@
/*
* Public Key layer for writing key files and structures
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ * Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*
* This file is provided under the Apache License 2.0, or the
@@ -42,8 +42,6 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*
* **********
- *
- * This file is part of mbed TLS (https://tls.mbed.org)
*/
#if !defined(MBEDTLS_CONFIG_FILE)
diff --git a/dll/3rdparty/mbedtls/platform.c b/dll/3rdparty/mbedtls/platform.c
index a8b30f0bdd5..a9267b16f84 100644
--- a/dll/3rdparty/mbedtls/platform.c
+++ b/dll/3rdparty/mbedtls/platform.c
@@ -1,7 +1,7 @@
/*
* Platform abstraction layer
*
- * Copyright (C) 2006-2016, ARM Limited, All Rights Reserved
+ * Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*
* This file is provided under the Apache License 2.0, or the
@@ -42,8 +42,6 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*
* **********
- *
- * This file is part of mbed TLS (https://tls.mbed.org)
*/
#if !defined(MBEDTLS_CONFIG_FILE)
diff --git a/dll/3rdparty/mbedtls/ripemd160.c b/dll/3rdparty/mbedtls/ripemd160.c
index f5868e287ae..aee1123114b 100644
--- a/dll/3rdparty/mbedtls/ripemd160.c
+++ b/dll/3rdparty/mbedtls/ripemd160.c
@@ -1,7 +1,7 @@
/*
* RIPE MD-160 implementation
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ * Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*
* This file is provided under the Apache License 2.0, or the
@@ -42,8 +42,6 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*
* **********
- *
- * This file is part of mbed TLS (https://tls.mbed.org)
*/
/*
diff --git a/dll/3rdparty/mbedtls/rsa.c b/dll/3rdparty/mbedtls/rsa.c
index 96afccb0e4b..c5dbdacf22a 100644
--- a/dll/3rdparty/mbedtls/rsa.c
+++ b/dll/3rdparty/mbedtls/rsa.c
@@ -1,7 +1,7 @@
/*
* The RSA public-key cryptosystem
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ * Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*
* This file is provided under the Apache License 2.0, or the
@@ -42,8 +42,6 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*
* **********
- *
- * This file is part of mbed TLS (https://tls.mbed.org)
*/
/*
@@ -82,7 +80,7 @@
#include "mbedtls/md.h"
#endif
-#if defined(MBEDTLS_PKCS1_V15) && !defined(__OpenBSD__)
+#if defined(MBEDTLS_PKCS1_V15) && !defined(__OpenBSD__) && !defined(__NetBSD__)
#include <stdlib.h>
#endif
@@ -746,6 +744,9 @@ static int rsa_prepare_blinding( mbedtls_rsa_context *ctx,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
{
int ret, count = 0;
+ mbedtls_mpi R;
+
+ mbedtls_mpi_init( &R );
if( ctx->Vf.p != NULL )
{
@@ -761,18 +762,41 @@ static int rsa_prepare_blinding( mbedtls_rsa_context *ctx,
/* Unblinding value: Vf = random number, invertible mod N */
do {
if( count++ > 10 )
- return( MBEDTLS_ERR_RSA_RNG_FAILED );
+ {
+ ret = MBEDTLS_ERR_RSA_RNG_FAILED;
+ goto cleanup;
+ }
MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( &ctx->Vf, ctx->len - 1, f_rng, p_rng ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_gcd( &ctx->Vi, &ctx->Vf, &ctx->N ) );
- } while( mbedtls_mpi_cmp_int( &ctx->Vi, 1 ) != 0 );
- /* Blinding value: Vi = Vf^(-e) mod N */
- MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( &ctx->Vi, &ctx->Vf, &ctx->N ) );
+ /* Compute Vf^-1 as R * (R Vf)^-1 to avoid leaks from inv_mod. */
+ MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( &R, ctx->len - 1, f_rng, p_rng ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &ctx->Vi, &ctx->Vf, &R ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &ctx->Vi, &ctx->Vi, &ctx->N ) );
+
+ /* At this point, Vi is invertible mod N if and only if both Vf and R
+ * are invertible mod N. If one of them isn't, we don't need to know
+ * which one, we just loop and choose new values for both of them.
+ * (Each iteration succeeds with overwhelming probability.) */
+ ret = mbedtls_mpi_inv_mod( &ctx->Vi, &ctx->Vi, &ctx->N );
+ if( ret == MBEDTLS_ERR_MPI_NOT_ACCEPTABLE )
+ continue;
+ if( ret != 0 )
+ goto cleanup;
+
+ /* Finish the computation of Vf^-1 = R * (R Vf)^-1 */
+ MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &ctx->Vi, &ctx->Vi, &R ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &ctx->Vi, &ctx->Vi, &ctx->N ) );
+ } while( 0 );
+
+ /* Blinding value: Vi = Vf^(-e) mod N
+ * (Vi already contains Vf^-1 at this point) */
MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &ctx->Vi, &ctx->Vi, &ctx->E, &ctx->N, &ctx->RN ) );
cleanup:
+ mbedtls_mpi_free( &R );
+
return( ret );
}
@@ -2404,7 +2428,7 @@ void mbedtls_rsa_free( mbedtls_rsa_context *ctx )
#if defined(MBEDTLS_PKCS1_V15)
static int myrand( void *rng_state, unsigned char *output, size_t len )
{
-#if !defined(__OpenBSD__)
+#if !defined(__OpenBSD__) && !defined(__NetBSD__)
size_t i;
if( rng_state != NULL )
@@ -2417,7 +2441,7 @@ static int myrand( void *rng_state, unsigned char *output, size_t len )
rng_state = NULL;
arc4random_buf( output, len );
-#endif /* !OpenBSD */
+#endif /* !OpenBSD && !NetBSD */
return( 0 );
}
diff --git a/dll/3rdparty/mbedtls/rsa_internal.c b/dll/3rdparty/mbedtls/rsa_internal.c
index 39fbe09b73e..30115a0d383 100644
--- a/dll/3rdparty/mbedtls/rsa_internal.c
+++ b/dll/3rdparty/mbedtls/rsa_internal.c
@@ -1,7 +1,7 @@
/*
* Helper functions for the RSA module
*
- * Copyright (C) 2006-2017, ARM Limited, All Rights Reserved
+ * Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*
* This file is provided under the Apache License 2.0, or the
@@ -43,8 +43,6 @@
*
* **********
*
- * This file is part of mbed TLS (https://tls.mbed.org)
- *
*/
#if !defined(MBEDTLS_CONFIG_FILE)
diff --git a/dll/3rdparty/mbedtls/sha1.c b/dll/3rdparty/mbedtls/sha1.c
index 1b1a1d7ecae..83ef9bdbdad 100644
--- a/dll/3rdparty/mbedtls/sha1.c
+++ b/dll/3rdparty/mbedtls/sha1.c
@@ -1,7 +1,7 @@
/*
* FIPS-180-1 compliant SHA-1 implementation
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ * Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*
* This file is provided under the Apache License 2.0, or the
@@ -42,8 +42,6 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*
* **********
- *
- * This file is part of mbed TLS (https://tls.mbed.org)
*/
/*
* The SHA-1 standard was published by NIST in 1993.
diff --git a/dll/3rdparty/mbedtls/sha256.c b/dll/3rdparty/mbedtls/sha256.c
index 987580c8108..6ae6a0ef6ec 100644
--- a/dll/3rdparty/mbedtls/sha256.c
+++ b/dll/3rdparty/mbedtls/sha256.c
@@ -1,7 +1,7 @@
/*
* FIPS-180-2 compliant SHA-256 implementation
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ * Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*
* This file is provided under the Apache License 2.0, or the
@@ -42,8 +42,6 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*
* **********
- *
- * This file is part of mbed TLS (https://tls.mbed.org)
*/
/*
* The SHA-256 Secure Hash Standard was published by NIST in 2002.
diff --git a/dll/3rdparty/mbedtls/sha512.c b/dll/3rdparty/mbedtls/sha512.c
index 265923674a8..0a42f55634f 100644
--- a/dll/3rdparty/mbedtls/sha512.c
+++ b/dll/3rdparty/mbedtls/sha512.c
@@ -1,7 +1,7 @@
/*
* FIPS-180-2 compliant SHA-384/512 implementation
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ * Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*
* This file is provided under the Apache License 2.0, or the
@@ -42,8 +42,6 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*
* **********
- *
- * This file is part of mbed TLS (https://tls.mbed.org)
*/
/*
* The SHA-512 Secure Hash Standard was published by NIST in 2002.
diff --git a/dll/3rdparty/mbedtls/ssl_cache.c b/dll/3rdparty/mbedtls/ssl_cache.c
index 3cbfeb740a8..1d2558a1893 100644
--- a/dll/3rdparty/mbedtls/ssl_cache.c
+++ b/dll/3rdparty/mbedtls/ssl_cache.c
@@ -1,7 +1,7 @@
/*
* SSL session cache implementation
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ * Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*
* This file is provided under the Apache License 2.0, or the
@@ -42,8 +42,6 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*
* **********
- *
- * This file is part of mbed TLS (https://tls.mbed.org)
*/
/*
* These session callbacks use a simple chained list
diff --git a/dll/3rdparty/mbedtls/ssl_ciphersuites.c b/dll/3rdparty/mbedtls/ssl_ciphersuites.c
index 9ad5cf9ce25..7efc558ddb5 100644
--- a/dll/3rdparty/mbedtls/ssl_ciphersuites.c
+++ b/dll/3rdparty/mbedtls/ssl_ciphersuites.c
@@ -3,7 +3,7 @@
*
* \brief SSL ciphersuites for mbed TLS
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ * Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*
* This file is provided under the Apache License 2.0, or the
@@ -44,8 +44,6 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*
* **********
- *
- * This file is part of mbed TLS (https://tls.mbed.org)
*/
#if !defined(MBEDTLS_CONFIG_FILE)
diff --git a/dll/3rdparty/mbedtls/ssl_cli.c b/dll/3rdparty/mbedtls/ssl_cli.c
index 8276826dfc8..8a48570784b 100644
--- a/dll/3rdparty/mbedtls/ssl_cli.c
+++ b/dll/3rdparty/mbedtls/ssl_cli.c
@@ -1,7 +1,7 @@
/*
* SSLv3/TLSv1 client-side functions
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ * Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*
* This file is provided under the Apache License 2.0, or the
@@ -42,8 +42,6 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*
* **********
- *
- * This file is part of mbed TLS (https://tls.mbed.org)
*/
#if !defined(MBEDTLS_CONFIG_FILE)
diff --git a/dll/3rdparty/mbedtls/ssl_cookie.c b/dll/3rdparty/mbedtls/ssl_cookie.c
index 053a11bf95e..a777a93f632 100644
--- a/dll/3rdparty/mbedtls/ssl_cookie.c
+++ b/dll/3rdparty/mbedtls/ssl_cookie.c
@@ -1,7 +1,7 @@
/*
* DTLS cookie callbacks implementation
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ * Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*
* This file is provided under the Apache License 2.0, or the
@@ -42,8 +42,6 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*
* **********
- *
- * This file is part of mbed TLS (https://tls.mbed.org)
*/
/*
* These session callbacks use a simple chained list
diff --git a/dll/3rdparty/mbedtls/ssl_srv.c b/dll/3rdparty/mbedtls/ssl_srv.c
index a6ba858dcb0..6300966b1cc 100644
--- a/dll/3rdparty/mbedtls/ssl_srv.c
+++ b/dll/3rdparty/mbedtls/ssl_srv.c
@@ -1,7 +1,7 @@
/*
* SSLv3/TLSv1 server-side functions
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ * Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*
* This file is provided under the Apache License 2.0, or the
@@ -42,8 +42,6 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*
* **********
- *
- * This file is part of mbed TLS (https://tls.mbed.org)
*/
#if !defined(MBEDTLS_CONFIG_FILE)
diff --git a/dll/3rdparty/mbedtls/ssl_ticket.c b/dll/3rdparty/mbedtls/ssl_ticket.c
index 0e0b3deb37c..ad0f11f22c0 100644
--- a/dll/3rdparty/mbedtls/ssl_ticket.c
+++ b/dll/3rdparty/mbedtls/ssl_ticket.c
@@ -1,7 +1,7 @@
/*
* TLS server tickets callbacks implementation
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ * Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*
* This file is provided under the Apache License 2.0, or the
@@ -42,8 +42,6 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*
* **********
- *
- * This file is part of mbed TLS (https://tls.mbed.org)
*/
#if !defined(MBEDTLS_CONFIG_FILE)
diff --git a/dll/3rdparty/mbedtls/ssl_tls.c b/dll/3rdparty/mbedtls/ssl_tls.c
index 66596bffc9c..3b06feee86d 100644
--- a/dll/3rdparty/mbedtls/ssl_tls.c
+++ b/dll/3rdparty/mbedtls/ssl_tls.c
@@ -1,7 +1,7 @@
/*
* SSLv3/TLSv1 shared functions
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ * Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*
* This file is provided under the Apache License 2.0, or the
@@ -42,8 +42,6 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*
* **********
- *
- * This file is part of mbed TLS (https://tls.mbed.org)
*/
/*
* The SSL 3.0 specification was drafted by Netscape in 1996,
@@ -1301,32 +1299,10 @@ static void ssl_mac( mbedtls_md_context_t *md_ctx,
#endif /* MBEDTLS_SSL_PROTO_SSL3 */
#if defined(MBEDTLS_ARC4_C) || defined(MBEDTLS_CIPHER_NULL_CIPHER) || \
- ( defined(MBEDTLS_CIPHER_MODE_CBC) && \
- ( defined(MBEDTLS_AES_C) || defined(MBEDTLS_CAMELLIA_C) ) )
+ defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC)
#define SSL_SOME_MODES_USE_MAC
#endif
-/* The function below is only used in the Lucky 13 counter-measure in
- * ssl_decrypt_buf(). These are the defines that guard the call site. */
-#if defined(SSL_SOME_MODES_USE_MAC) && \
- ( defined(MBEDTLS_SSL_PROTO_TLS1) || \
- defined(MBEDTLS_SSL_PROTO_TLS1_1) || \
- defined(MBEDTLS_SSL_PROTO_TLS1_2) )
-/* This function makes sure every byte in the memory region is accessed
- * (in ascending addresses order) */
-static void ssl_read_memory( unsigned char *p, size_t len )
-{
- unsigned char acc = 0;
- volatile unsigned char force;
-
- for( ; len != 0; p++, len-- )
- acc ^= *p;
-
- force = acc;
- (void) force;
-}
-#endif /* SSL_SOME_MODES_USE_MAC && ( TLS1 || TLS1_1 || TLS1_2 ) */
-
/*
* Encryption/decryption functions
*/
@@ -1523,8 +1499,7 @@ static int ssl_encrypt_buf( mbedtls_ssl_context *ssl )
}
else
#endif /* MBEDTLS_GCM_C || MBEDTLS_CCM_C */
-#if defined(MBEDTLS_CIPHER_MODE_CBC) && \
- ( defined(MBEDTLS_AES_C) || defined(MBEDTLS_CAMELLIA_C) )
+#if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC)
if( mode == MBEDTLS_MODE_CBC )
{
int ret;
@@ -1643,8 +1618,7 @@ static int ssl_encrypt_buf( mbedtls_ssl_context *ssl )
#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */
}
else
-#endif /* MBEDTLS_CIPHER_MODE_CBC &&
- ( MBEDTLS_AES_C || MBEDTLS_CAMELLIA_C ) */
+#endif /* MBEDTLS_SSL_SOME_SUITES_USE_CBC */
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
@@ -1662,6 +1636,156 @@ static int ssl_encrypt_buf( mbedtls_ssl_context *ssl )
return( 0 );
}
+#if defined(MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC)
+/*
+ * Constant-flow conditional memcpy:
+ * - if c1 == c2, equivalent to memcpy(dst, src, len),
+ * - otherwise, a no-op,
+ * but with execution flow independent of the values of c1 and c2.
+ *
+ * Use only bit operations to avoid branches that could be used by some
+ * compilers on some platforms to translate comparison operators.
+ */
+static void mbedtls_ssl_cf_memcpy_if_eq( unsigned char *dst,
+ const unsigned char *src,
+ size_t len,
+ size_t c1, size_t c2 )
+{
+ /* diff = 0 if c1 == c2, non-zero otherwise */
+ const size_t diff = c1 ^ c2;
+
+ /* MSVC has a warning about unary minus on unsigned integer types,
+ * but this is well-defined and precisely what we want to do here. */
+#if defined(_MSC_VER)
+#pragma warning( push )
+#pragma warning( disable : 4146 )
+#endif
+
+ /* diff_msb's most significant bit is equal to c1 != c2 */
+ const size_t diff_msb = ( diff | -diff );
+
+ /* diff1 = c1 != c2 */
+ const size_t diff1 = diff_msb >> ( sizeof( diff_msb ) * 8 - 1 );
+
+ /* mask = c1 != c2 ? 0xff : 0x00 */
+ const unsigned char mask = (unsigned char) -diff1;
+
+#if defined(_MSC_VER)
+#pragma warning( pop )
+#endif
+
+ /* dst[i] = c1 != c2 ? dst[i] : src[i] */
+ size_t i;
+ for( i = 0; i < len; i++ )
+ dst[i] = ( dst[i] & mask ) | ( src[i] & ~mask );
+}
+
+/*
+ * Compute HMAC of variable-length data with constant flow.
+ *
+ * Only works with MD-5, SHA-1, SHA-256 and SHA-384.
+ * (Otherwise, computation of block_size needs to be adapted.)
+ */
+int mbedtls_ssl_cf_hmac(
+ mbedtls_md_context_t *ctx,
+ const unsigned char *add_data, size_t add_data_len,
+ const unsigned char *data, size_t data_len_secret,
+ size_t min_data_len, size_t max_data_len,
+ unsigned char *output )
+{
+ /*
+ * This function breaks the HMAC abstraction and uses the md_clone()
+ * extension to the MD API in order to get constant-flow behaviour.
+ *
+ * HMAC(msg) is defined as HASH(okey + HASH(ikey + msg)) where + means
+ * concatenation, and okey/ikey are the XOR of the key with some fixed bit
+ * patterns (see RFC 2104, sec. 2), which are stored in ctx->hmac_ctx.
+ *
+ * We'll first compute inner_hash = HASH(ikey + msg) by hashing up to
+ * minlen, then cloning the context, and for each byte up to maxlen
+ * finishing up the hash computation, keeping only the correct result.
+ *
+ * Then we only need to compute HASH(okey + inner_hash) and we're done.
+ */
+ const mbedtls_md_type_t md_alg = mbedtls_md_get_type( ctx->md_info );
+ /* TLS 1.0-1.2 only support SHA-384, SHA-256, SHA-1, MD-5,
+ * all of which have the same block size except SHA-384. */
+ const size_t block_size = md_alg == MBEDTLS_MD_SHA384 ? 128 : 64;
+ const unsigned char * const ikey = ctx->hmac_ctx;
+ const unsigned char * const okey = ikey + block_size;
+ const size_t hash_size = mbedtls_md_get_size( ctx->md_info );
+
+ unsigned char aux_out[MBEDTLS_MD_MAX_SIZE];
+ mbedtls_md_context_t aux;
+ size_t offset;
+ int ret;
+
+ mbedtls_md_init( &aux );
+
+#define MD_CHK( func_call ) \
+ do { \
+ ret = (func_call); \
+ if( ret != 0 ) \
+ goto cleanup; \
+ } while( 0 )
+
+ MD_CHK( mbedtls_md_setup( &aux, ctx->md_info, 0 ) );
+
+ /* After hmac_start() of hmac_reset(), ikey has already been hashed,
+ * so we can start directly with the message */
+ MD_CHK( mbedtls_md_update( ctx, add_data, add_data_len ) );
+ MD_CHK( mbedtls_md_update( ctx, data, min_data_len ) );
+
+ /* For each possible length, compute the hash up to that point */
+ for( offset = min_data_len; offset <= max_data_len; offset++ )
+ {
+ MD_CHK( mbedtls_md_clone( &aux, ctx ) );
+ MD_CHK( mbedtls_md_finish( &aux, aux_out ) );
+ /* Keep only the correct inner_hash in the output buffer */
+ mbedtls_ssl_cf_memcpy_if_eq( output, aux_out, hash_size,
+ offset, data_len_secret );
+
+ if( offset < max_data_len )
+ MD_CHK( mbedtls_md_update( ctx, data + offset, 1 ) );
+ }
+
+ /* Now compute HASH(okey + inner_hash) */
+ MD_CHK( mbedtls_md_starts( ctx ) );
+ MD_CHK( mbedtls_md_update( ctx, okey, block_size ) );
+ MD_CHK( mbedtls_md_update( ctx, output, hash_size ) );
+ MD_CHK( mbedtls_md_finish( ctx, output ) );
+
+ /* Done, get ready for next time */
+ MD_CHK( mbedtls_md_hmac_reset( ctx ) );
+
+#undef MD_CHK
+
+cleanup:
+ mbedtls_md_free( &aux );
+ return( ret );
+}
+
+/*
+ * Constant-flow memcpy from variable position in buffer.
+ * - functionally equivalent to memcpy(dst, src + offset_secret, len)
+ * - but with execution flow independent from the value of offset_secret.
+ */
+void mbedtls_ssl_cf_memcpy_offset( unsigned char *dst,
+ const unsigned char *src_base,
+ size_t offset_secret,
+ size_t offset_min, size_t offset_max,
+ size_t len )
+{
+ size_t offset;
+
+ for( offset = offset_min; offset <= offset_max; offset++ )
+ {
+ mbedtls_ssl_cf_memcpy_if_eq( dst, src_base + offset, len,
+ offset, offset_secret );
+ }
+}
+#endif /* MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC */
+
static int ssl_decrypt_buf( mbedtls_ssl_context *ssl )
{
size_t i;
@@ -1787,8 +1911,7 @@ static int ssl_decrypt_buf( mbedtls_ssl_context *ssl )
}
else
#endif /* MBEDTLS_GCM_C || MBEDTLS_CCM_C */
-#if defined(MBEDTLS_CIPHER_MODE_CBC) && \
- ( defined(MBEDTLS_AES_C) || defined(MBEDTLS_CAMELLIA_C) )
+#if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC)
if( mode == MBEDTLS_MODE_CBC )
{
/*
@@ -1999,8 +2122,7 @@ static int ssl_decrypt_buf( mbedtls_ssl_context *ssl )
ssl->in_msglen -= padlen;
}
else
-#endif /* MBEDTLS_CIPHER_MODE_CBC &&
- ( MBEDTLS_AES_C || MBEDTLS_CAMELLIA_C ) */
+#endif /* MBEDTLS_SSL_SOME_SUITES_USE_CBC) */
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
@@ -2019,6 +2141,7 @@ static int ssl_decrypt_buf( mbedtls_ssl_context *ssl )
if( auth_done == 0 )
{
unsigned char mac_expect[MBEDTLS_SSL_MAC_ADD];
+ unsigned char mac_peer[MBEDTLS_SSL_MAC_ADD];
ssl->in_msglen -= ssl->transform_in->maclen;
@@ -2033,6 +2156,8 @@ static int ssl_decrypt_buf( mbedtls_ssl_context *ssl )
ssl->in_msg, ssl->in_msglen,
ssl->in_ctr, ssl->in_msgtype,
mac_expect );
+ memcpy( mac_peer, ssl->in_msg + ssl->in_msglen,
+ ssl->transform_in->maclen );
}
else
#endif /* MBEDTLS_SSL_PROTO_SSL3 */
@@ -2040,34 +2165,8 @@ static int ssl_decrypt_buf( mbedtls_ssl_context *ssl )
defined(MBEDTLS_SSL_PROTO_TLS1_2)
if( ssl->minor_ver > MBEDTLS_SSL_MINOR_VERSION_0 )
{
- /*
- * Process MAC and always update for padlen afterwards to make
- * total time independent of padlen.
- *
- * Known timing attacks:
- * - Lucky Thirteen (http://www.isg.rhul.ac.uk/tls/TLStiming.pdf)
- *
- * To compensate for different timings for the MAC calculation
- * depending on how much padding was removed (which is determined
- * by padlen), process extra_run more blocks through the hash
- * function.
- *
- * The formula in the paper is
- * extra_run = ceil( (L1-55) / 64 ) - ceil( (L2-55) / 64 )
- * where L1 is the size of the header plus the decrypted message
- * plus CBC padding and L2 is the size of the header plus the
- * decrypted message. This is for an underlying hash function
- * with 64-byte blocks.
- * We use ( (Lx+8) / 64 ) to handle 'negative Lx' values
- * correctly. We round down instead of up, so -56 is the correct
- * value for our calculations instead of -55.
- *
- * Repeat the formula rather than defining a block_size variable.
- * This avoids requiring division by a variable at runtime
- * (which would be marginally less efficient and would require
- * linking an extra division function in some builds).
- */
- size_t j, extra_run = 0;
+ int ret;
+ unsigned char add_data[13];
/*
* The next two sizes are the minimum and maximum values of
@@ -2082,66 +2181,25 @@ static int ssl_decrypt_buf( mbedtls_ssl_context *ssl )
const size_t max_len = ssl->in_msglen + padlen;
const size_t min_len = ( max_len > 256 ) ? max_len - 256 : 0;
- switch( ssl->transform_in->ciphersuite_info->mac )
- {
-#if defined(MBEDTLS_MD5_C) || defined(MBEDTLS_SHA1_C) || \
- defined(MBEDTLS_SHA256_C)
- case MBEDTLS_MD_MD5:
- case MBEDTLS_MD_SHA1:
- case MBEDTLS_MD_SHA256:
- /* 8 bytes of message size, 64-byte compression blocks */
- extra_run = ( 13 + ssl->in_msglen + padlen + 8 ) / 64 -
- ( 13 + ssl->in_msglen + 8 ) / 64;
- break;
-#endif
-#if defined(MBEDTLS_SHA512_C)
- case MBEDTLS_MD_SHA384:
- /* 16 bytes of message size, 128-byte compression blocks */
- extra_run = ( 13 + ssl->in_msglen + padlen + 16 ) / 128 -
- ( 13 + ssl->in_msglen + 16 ) / 128;
- break;
-#endif
- default:
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
- return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
- }
-
- extra_run &= correct * 0xFF;
-
- mbedtls_md_hmac_update( &ssl->transform_in->md_ctx_dec, ssl->in_ctr, 8 );
- mbedtls_md_hmac_update( &ssl->transform_in->md_ctx_dec, ssl->in_hdr, 3 );
- mbedtls_md_hmac_update( &ssl->transform_in->md_ctx_dec, ssl->in_len, 2 );
- mbedtls_md_hmac_update( &ssl->transform_in->md_ctx_dec, ssl->in_msg,
- ssl->in_msglen );
- /* Make sure we access everything even when padlen > 0. This
- * makes the synchronisation requirements for just-in-time
- * Prime+Probe attacks much tighter and hopefully impractical. */
- ssl_read_memory( ssl->in_msg + ssl->in_msglen, padlen );
- mbedtls_md_hmac_finish( &ssl->transform_in->md_ctx_dec, mac_expect );
+ memcpy( add_data + 0, ssl->in_ctr, 8 );
+ memcpy( add_data + 8, ssl->in_hdr, 3 );
+ memcpy( add_data + 11, ssl->in_len, 2 );
- /* Dummy calls to compression function.
- * Call mbedtls_md_process at least once due to cache attacks
- * that observe whether md_process() was called of not.
- * Respect the usual start-(process|update)-finish sequence for
- * the sake of hardware accelerators that might require it. */
- mbedtls_md_starts( &ssl->transform_in->md_ctx_dec );
- for( j = 0; j < extra_run + 1; j++ )
- mbedtls_md_process( &ssl->transform_in->md_ctx_dec, ssl->in_msg );
+ ret = mbedtls_ssl_cf_hmac( &ssl->transform_in->md_ctx_dec,
+ add_data, sizeof( add_data ),
+ ssl->in_msg, ssl->in_msglen,
+ min_len, max_len,
+ mac_expect );
+ if( ret != 0 )
{
- /* The switch statement above already checks that we're using
- * one of MD-5, SHA-1, SHA-256 or SHA-384. */
- unsigned char tmp[384 / 8];
- mbedtls_md_finish( &ssl->transform_in->md_ctx_dec, tmp );
+ MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_cf_hmac", ret );
+ return( ret );
}
- mbedtls_md_hmac_reset( &ssl->transform_in->md_ctx_dec );
-
- /* Make sure we access all the memory that could contain the MAC,
- * before we check it in the next code block. This makes the
- * synchronisation requirements for just-in-time Prime+Probe
- * attacks much tighter and hopefully impractical. */
- ssl_read_memory( ssl->in_msg + min_len,
- max_len - min_len + ssl->transform_in->maclen );
+ mbedtls_ssl_cf_memcpy_offset( mac_peer, ssl->in_msg,
+ ssl->in_msglen,
+ min_len, max_len,
+ ssl->transform_in->maclen );
}
else
#endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 || \
@@ -2153,11 +2211,10 @@ static int ssl_decrypt_buf( mbedtls_ssl_context *ssl )
#if defined(MBEDTLS_SSL_DEBUG_ALL)
MBEDTLS_SSL_DEBUG_BUF( 4, "expected mac", mac_expect, ssl->transform_in->maclen );
- MBEDTLS_SSL_DEBUG_BUF( 4, "message mac", ssl->in_msg + ssl->in_msglen,
- ssl->transform_in->maclen );
+ MBEDTLS_SSL_DEBUG_BUF( 4, "message mac", mac_peer, ssl->transform_in->maclen );
#endif
- if( mbedtls_ssl_safer_memcmp( ssl->in_msg + ssl->in_msglen, mac_expect,
+ if( mbedtls_ssl_safer_memcmp( mac_peer, mac_expect,
ssl->transform_in->maclen ) != 0 )
{
#if defined(MBEDTLS_SSL_DEBUG_ALL)
@@ -2581,7 +2638,7 @@ int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want )
if( ret < 0 )
return( ret );
- if ( (size_t)ret > len || ( INT_MAX > SIZE_MAX && ret > SIZE_MAX ) )
+ if ( (size_t)ret > len || ( INT_MAX > SIZE_MAX && ret > (int)SIZE_MAX ) )
{
MBEDTLS_SSL_DEBUG_MSG( 1,
( "f_recv returned %d bytes but only %lu were requested",
@@ -2636,7 +2693,7 @@ int mbedtls_ssl_flush_output( mbedtls_ssl_context *ssl )
if( ret <= 0 )
return( ret );
- if( (size_t)ret > ssl->out_left || ( INT_MAX > SIZE_MAX && ret > SIZE_MAX ) )
+ if( (size_t)ret > ssl->out_left || ( INT_MAX > SIZE_MAX && ret > (int)SIZE_MAX ) )
{
MBEDTLS_SSL_DEBUG_MSG( 1,
( "f_send returned %d bytes but only %lu bytes were sent",
@@ -7347,6 +7404,10 @@ int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len )
memcpy( buf, ssl->in_offt, n );
ssl->in_msglen -= n;
+ /* Zeroising the plaintext buffer to erase unused application data
+ from the memory. */
+ mbedtls_zeroize( ssl->in_offt, n );
+
if( ssl->in_msglen == 0 )
{
/* all bytes consumed */
diff --git a/dll/3rdparty/mbedtls/threading.c b/dll/3rdparty/mbedtls/threading.c
index 68667a3a892..838cd74d93d 100644
--- a/dll/3rdparty/mbedtls/threading.c
+++ b/dll/3rdparty/mbedtls/threading.c
@@ -1,7 +1,7 @@
/*
* Threading abstraction layer
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ * Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*
* This file is provided under the Apache License 2.0, or the
@@ -42,8 +42,6 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*
* **********
- *
- * This file is part of mbed TLS (https://tls.mbed.org)
*/
#if !defined(MBEDTLS_CONFIG_FILE)
diff --git a/dll/3rdparty/mbedtls/timing.c b/dll/3rdparty/mbedtls/timing.c
index 4b25057f9a9..6b91ea43c7e 100644
--- a/dll/3rdparty/mbedtls/timing.c
+++ b/dll/3rdparty/mbedtls/timing.c
@@ -1,7 +1,7 @@
/*
* Portable interface to the CPU cycle counter
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ * Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*
* This file is provided under the Apache License 2.0, or the
@@ -42,8 +42,6 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*
* **********
- *
- * This file is part of mbed TLS (https://tls.mbed.org)
*/
#if !defined(MBEDTLS_CONFIG_FILE)
diff --git a/dll/3rdparty/mbedtls/version.c b/dll/3rdparty/mbedtls/version.c
index 225cfe73cee..22682b85788 100644
--- a/dll/3rdparty/mbedtls/version.c
+++ b/dll/3rdparty/mbedtls/version.c
@@ -1,7 +1,7 @@
/*
* Version information
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ * Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*
* This file is provided under the Apache License 2.0, or the
@@ -42,8 +42,6 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*
* **********
- *
- * This file is part of mbed TLS (https://tls.mbed.org)
*/
#if !defined(MBEDTLS_CONFIG_FILE)
diff --git a/dll/3rdparty/mbedtls/version_features.c b/dll/3rdparty/mbedtls/version_features.c
index 454c2be7f01..a3e3df4f998 100644
--- a/dll/3rdparty/mbedtls/version_features.c
+++ b/dll/3rdparty/mbedtls/version_features.c
@@ -1,7 +1,7 @@
/*
* Version feature information
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ * Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*
* This file is provided under the Apache License 2.0, or the
@@ -42,8 +42,6 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*
* **********
- *
- * This file is part of mbed TLS (https://tls.mbed.org)
*/
#if !defined(MBEDTLS_CONFIG_FILE)
@@ -255,6 +253,12 @@ static const char *features[] = {
#if defined(MBEDTLS_ECP_NORMALIZE_MXZ_ALT)
"MBEDTLS_ECP_NORMALIZE_MXZ_ALT",
#endif /* MBEDTLS_ECP_NORMALIZE_MXZ_ALT */
+#if defined(MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN)
+ "MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN",
+#endif /* MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN */
+#if defined(MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND)
+ "MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND",
+#endif /* MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND */
#if defined(MBEDTLS_TEST_NULL_ENTROPY)
"MBEDTLS_TEST_NULL_ENTROPY",
#endif /* MBEDTLS_TEST_NULL_ENTROPY */
diff --git a/dll/3rdparty/mbedtls/x509.c b/dll/3rdparty/mbedtls/x509.c
index 593f316010d..377c106d8c1 100644
--- a/dll/3rdparty/mbedtls/x509.c
+++ b/dll/3rdparty/mbedtls/x509.c
@@ -1,7 +1,7 @@
/*
* X.509 common functions for parsing and verification
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ * Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*
* This file is provided under the Apache License 2.0, or the
@@ -42,8 +42,6 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*
* **********
- *
- * This file is part of mbed TLS (https://tls.mbed.org)
*/
/*
* The ITU-T X.509 standard defines a certificate format for PKI.
diff --git a/dll/3rdparty/mbedtls/x509_create.c b/dll/3rdparty/mbedtls/x509_create.c
index afcb50a7434..252e835bb32 100644
--- a/dll/3rdparty/mbedtls/x509_create.c
+++ b/dll/3rdparty/mbedtls/x509_create.c
@@ -1,7 +1,7 @@
/*
* X.509 base functions for creating certificates / CSRs
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ * Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*
* This file is provided under the Apache License 2.0, or the
@@ -42,8 +42,6 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*
* **********
- *
- * This file is part of mbed TLS (https://tls.mbed.org)
*/
#if !defined(MBEDTLS_CONFIG_FILE)
diff --git a/dll/3rdparty/mbedtls/x509_crl.c b/dll/3rdparty/mbedtls/x509_crl.c
index 846cd45d02c..73a300d217e 100644
--- a/dll/3rdparty/mbedtls/x509_crl.c
+++ b/dll/3rdparty/mbedtls/x509_crl.c
@@ -1,7 +1,7 @@
/*
* X.509 Certidicate Revocation List (CRL) parsing
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ * Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*
* This file is provided under the Apache License 2.0, or the
@@ -42,8 +42,6 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*
* **********
- *
- * This file is part of mbed TLS (https://tls.mbed.org)
*/
/*
* The ITU-T X.509 standard defines a certificate format for PKI.
@@ -289,13 +287,13 @@ static int x509_get_entries( unsigned char **p,
size_t len2;
const unsigned char *end2;
+ cur_entry->raw.tag = **p;
if( ( ret = mbedtls_asn1_get_tag( p, end, &len2,
MBEDTLS_ASN1_SEQUENCE | MBEDTLS_ASN1_CONSTRUCTED ) ) != 0 )
{
return( ret );
}
- cur_entry->raw.tag = **p;
cur_entry->raw.p = *p;
cur_entry->raw.len = len2;
end2 = *p + len2;
diff --git a/dll/3rdparty/mbedtls/x509_crt.c b/dll/3rdparty/mbedtls/x509_crt.c
index 7b6481529b0..8a59bf89712 100644
--- a/dll/3rdparty/mbedtls/x509_crt.c
+++ b/dll/3rdparty/mbedtls/x509_crt.c
@@ -1,7 +1,7 @@
/*
* X.509 certificate parsing and verification
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ * Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*
* This file is provided under the Apache License 2.0, or the
@@ -42,8 +42,6 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*
* **********
- *
- * This file is part of mbed TLS (https://tls.mbed.org)
*/
/*
* The ITU-T X.509 standard defines a certificate format for PKI.
@@ -1788,8 +1786,7 @@ int mbedtls_x509_crt_is_revoked( const mbedtls_x509_crt *crt, const mbedtls_x509
if( crt->serial.len == cur->serial.len &&
memcmp( crt->serial.p, cur->serial.p, crt->serial.len ) == 0 )
{
- if( mbedtls_x509_time_is_past( &cur->revocation_date ) )
- return( 1 );
+ return( 1 );
}
cur = cur->next;
diff --git a/dll/3rdparty/mbedtls/x509_csr.c b/dll/3rdparty/mbedtls/x509_csr.c
index cb25809aeef..50988e019d7 100644
--- a/dll/3rdparty/mbedtls/x509_csr.c
+++ b/dll/3rdparty/mbedtls/x509_csr.c
@@ -1,7 +1,7 @@
/*
* X.509 Certificate Signing Request (CSR) parsing
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ * Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*
* This file is provided under the Apache License 2.0, or the
@@ -42,8 +42,6 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*
* **********
- *
- * This file is part of mbed TLS (https://tls.mbed.org)
*/
/*
* The ITU-T X.509 standard defines a certificate format for PKI.
diff --git a/dll/3rdparty/mbedtls/x509write_crt.c b/dll/3rdparty/mbedtls/x509write_crt.c
index a69098638c3..daebb813ef4 100644
--- a/dll/3rdparty/mbedtls/x509write_crt.c
+++ b/dll/3rdparty/mbedtls/x509write_crt.c
@@ -1,7 +1,7 @@
/*
* X.509 certificate writing
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ * Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*
* This file is provided under the Apache License 2.0, or the
@@ -42,8 +42,6 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*
* **********
- *
- * This file is part of mbed TLS (https://tls.mbed.org)
*/
/*
* References:
diff --git a/dll/3rdparty/mbedtls/x509write_csr.c b/dll/3rdparty/mbedtls/x509write_csr.c
index 0d810999c84..cbf4276eca5 100644
--- a/dll/3rdparty/mbedtls/x509write_csr.c
+++ b/dll/3rdparty/mbedtls/x509write_csr.c
@@ -1,7 +1,7 @@
/*
* X.509 Certificate Signing Request writing
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ * Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*
* This file is provided under the Apache License 2.0, or the
@@ -42,8 +42,6 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*
* **********
- *
- * This file is part of mbed TLS (https://tls.mbed.org)
*/
/*
* References:
diff --git a/dll/3rdparty/mbedtls/xtea.c b/dll/3rdparty/mbedtls/xtea.c
index 6ed64e03050..a1e51414442 100644
--- a/dll/3rdparty/mbedtls/xtea.c
+++ b/dll/3rdparty/mbedtls/xtea.c
@@ -1,7 +1,7 @@
/*
* An 32-bit implementation of the XTEA algorithm
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ * Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*
* This file is provided under the Apache License 2.0, or the
@@ -42,8 +42,6 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*
* **********
- *
- * This file is part of mbed TLS (https://tls.mbed.org)
*/
#if !defined(MBEDTLS_CONFIG_FILE)
diff --git a/media/doc/3rd Party Files.txt b/media/doc/3rd Party Files.txt
index 392a38fffd3..236d474e0c5 100644
--- a/media/doc/3rd Party Files.txt
+++ b/media/doc/3rd Party Files.txt
@@ -51,7 +51,7 @@ URL: http://xmlsoft.org
Title: mbed TLS
Path: dll/3rdparty/mbedtls
-Used Version: 2.7.16
+Used Version: 2.7.17
License: Apache-2.0 (https://spdx.org/licenses/Apache-2.0.html)
URL: https://tls.mbed.org/
diff --git a/sdk/include/reactos/libs/mbedtls/aes.h b/sdk/include/reactos/libs/mbedtls/aes.h
index 8fa80ef4f34..a187796b202 100644
--- a/sdk/include/reactos/libs/mbedtls/aes.h
+++ b/sdk/include/reactos/libs/mbedtls/aes.h
@@ -13,7 +13,7 @@
* ciphers</em>.
*/
/*
- * Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved.
+ * Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*
* This file is provided under the Apache License 2.0, or the
@@ -54,8 +54,6 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*
* **********
- *
- * This file is part of Mbed TLS (https://tls.mbed.org)
*/
#ifndef MBEDTLS_AES_H
diff --git a/sdk/include/reactos/libs/mbedtls/aesni.h b/sdk/include/reactos/libs/mbedtls/aesni.h
index 46ffcb7ae08..845da74e8c1 100644
--- a/sdk/include/reactos/libs/mbedtls/aesni.h
+++ b/sdk/include/reactos/libs/mbedtls/aesni.h
@@ -4,7 +4,7 @@
* \brief AES-NI for hardware AES acceleration on some Intel processors
*/
/*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ * Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*
* This file is provided under the Apache License 2.0, or the
@@ -45,8 +45,6 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*
* **********
- *
- * This file is part of mbed TLS (https://tls.mbed.org)
*/
#ifndef MBEDTLS_AESNI_H
#define MBEDTLS_AESNI_H
diff --git a/sdk/include/reactos/libs/mbedtls/arc4.h b/sdk/include/reactos/libs/mbedtls/arc4.h
index a1db537b4d6..50b6f48334a 100644
--- a/sdk/include/reactos/libs/mbedtls/arc4.h
+++ b/sdk/include/reactos/libs/mbedtls/arc4.h
@@ -7,7 +7,7 @@
* security risk. We recommend considering stronger ciphers instead.
*/
/*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ * Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*
* This file is provided under the Apache License 2.0, or the
@@ -49,8 +49,6 @@
*
* **********
*
- * This file is part of mbed TLS (https://tls.mbed.org)
- *
*/
#ifndef MBEDTLS_ARC4_H
#define MBEDTLS_ARC4_H
diff --git a/sdk/include/reactos/libs/mbedtls/asn1.h b/sdk/include/reactos/libs/mbedtls/asn1.h
index c64038cdb5c..0e596bca2cd 100644
--- a/sdk/include/reactos/libs/mbedtls/asn1.h
+++ b/sdk/include/reactos/libs/mbedtls/asn1.h
@@ -4,7 +4,7 @@
* \brief Generic ASN.1 parsing
*/
/*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ * Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*
* This file is provided under the Apache License 2.0, or the
@@ -45,8 +45,6 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*
* **********
- *
- * This file is part of mbed TLS (https://tls.mbed.org)
*/
#ifndef MBEDTLS_ASN1_H
#define MBEDTLS_ASN1_H
diff --git a/sdk/include/reactos/libs/mbedtls/asn1write.h b/sdk/include/reactos/libs/mbedtls/asn1write.h
index 79d2bfce414..93c570a45c9 100644
--- a/sdk/include/reactos/libs/mbedtls/asn1write.h
+++ b/sdk/include/reactos/libs/mbedtls/asn1write.h
@@ -4,7 +4,7 @@
* \brief ASN.1 buffer writing functionality
*/
/*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ * Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*
* This file is provided under the Apache License 2.0, or the
@@ -45,8 +45,6 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*
* **********
- *
- * This file is part of mbed TLS (https://tls.mbed.org)
*/
#ifndef MBEDTLS_ASN1_WRITE_H
#define MBEDTLS_ASN1_WRITE_H
diff --git a/sdk/include/reactos/libs/mbedtls/base64.h b/sdk/include/reactos/libs/mbedtls/base64.h
index 814860bd010..f30be4ac3e9 100644
--- a/sdk/include/reactos/libs/mbedtls/base64.h
+++ b/sdk/include/reactos/libs/mbedtls/base64.h
@@ -4,7 +4,7 @@
* \brief RFC 1521 base64 encoding/decoding
*/
/*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ * Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*
* This file is provided under the Apache License 2.0, or the
@@ -45,8 +45,6 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*
* **********
- *
- * This file is part of mbed TLS (https://tls.mbed.org)
*/
#ifndef MBEDTLS_BASE64_H
#define MBEDTLS_BASE64_H
diff --git a/sdk/include/reactos/libs/mbedtls/bignum.h b/sdk/include/reactos/libs/mbedtls/bignum.h
index 956c57f3f49..754b50a3bf3 100644
--- a/sdk/include/reactos/libs/mbedtls/bignum.h
+++ b/sdk/include/reactos/libs/mbedtls/bignum.h
@@ -4,7 +4,7 @@
* \brief Multi-precision integer library
*/
/*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ * Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*
* This file is provided under the Apache License 2.0, or the
@@ -45,8 +45,6 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*
* **********
- *
- * This file is part of mbed TLS (https://tls.mbed.org)
*/
#ifndef MBEDTLS_BIGNUM_H
#define MBEDTLS_BIGNUM_H
diff --git a/sdk/include/reactos/libs/mbedtls/blowfish.h b/sdk/include/reactos/libs/mbedtls/blowfish.h
index b8be15de95b..60017af3dcf 100644
--- a/sdk/include/reactos/libs/mbedtls/blowfish.h
+++ b/sdk/include/reactos/libs/mbedtls/blowfish.h
@@ -4,7 +4,7 @@
* \brief Blowfish block cipher
*/
/*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ * Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*
* This file is provided under the Apache License 2.0, or the
@@ -45,8 +45,6 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*
* **********
- *
- * This file is part of mbed TLS (https://tls.mbed.org)
*/
#ifndef MBEDTLS_BLOWFISH_H
#define MBEDTLS_BLOWFISH_H
diff --git a/sdk/include/reactos/libs/mbedtls/bn_mul.h b/sdk/include/reactos/libs/mbedtls/bn_mul.h
index dad2b408cda..d0b1022310e 100644
--- a/sdk/include/reactos/libs/mbedtls/bn_mul.h
+++ b/sdk/include/reactos/libs/mbedtls/bn_mul.h
@@ -4,7 +4,7 @@
* \brief Multi-precision integer library
*/
/*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ * Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*
* This file is provided under the Apache License 2.0, or the
@@ -45,8 +45,6 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*
* **********
- *
- * This file is part of mbed TLS (https://tls.mbed.org)
*/
/*
* Multiply source vector [s] with b, add result
diff --git a/sdk/include/reactos/libs/mbedtls/camellia.h b/sdk/include/reactos/libs/mbedtls/camellia.h
index 2cde2d9a8bc..1ed0ca4bd7c 100644
--- a/sdk/include/reactos/libs/mbedtls/camellia.h
+++ b/sdk/include/reactos/libs/mbedtls/camellia.h
@@ -4,7 +4,7 @@
* \brief Camellia block cipher
*/
/*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ * Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*
* This file is provided under the Apache License 2.0, or the
@@ -45,8 +45,6 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*
* **********
- *
- * This file is part of mbed TLS (https://tls.mbed.org)
*/
#ifndef MBEDTLS_CAMELLIA_H
#define MBEDTLS_CAMELLIA_H
diff --git a/sdk/include/reactos/libs/mbedtls/ccm.h b/sdk/include/reactos/libs/mbedtls/ccm.h
index 153b1287d42..80cc1f68c4f 100644
--- a/sdk/include/reactos/libs/mbedtls/ccm.h
+++ b/sdk/include/reactos/libs/mbedtls/ccm.h
@@ -13,7 +13,7 @@
*
*/
/*
- * Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved
+ * Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*
* This file is provided under the Apache License 2.0, or the
@@ -54,8 +54,6 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*
* **********
- *
- * This file is part of Mbed TLS (https://tls.mbed.org)
*/
#ifndef MBEDTLS_CCM_H
diff --git a/sdk/include/reactos/libs/mbedtls/certs.h b/sdk/include/reactos/libs/mbedtls/certs.h
index 10cadfc7cfc..867228840d7 100644
--- a/sdk/include/reactos/libs/mbedtls/certs.h
+++ b/sdk/include/reactos/libs/mbedtls/certs.h
@@ -4,7 +4,7 @@
* \brief Sample certificates and DHM parameters for testing
*/
/*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ * Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*
* This file is provided under the Apache License 2.0, or the
@@ -45,8 +45,6 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*
* **********
- *
- * This file is part of mbed TLS (https://tls.mbed.org)
*/
#ifndef MBEDTLS_CERTS_H
#define MBEDTLS_CERTS_H
diff --git a/sdk/include/reactos/libs/mbedtls/check_config.h b/sdk/include/reactos/libs/mbedtls/check_config.h
index 1215e6eb95c..654c6ba57e8 100644
--- a/sdk/include/reactos/libs/mbedtls/check_config.h
+++ b/sdk/include/reactos/libs/mbedtls/check_config.h
@@ -4,7 +4,7 @@
* \brief Consistency checks for configuration options
*/
/*
- * Copyright (C) 2006-2016, ARM Limited, All Rights Reserved
+ * Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*
* This file is provided under the Apache License 2.0, or the
@@ -45,8 +45,6 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*
* **********
- *
- * This file is part of mbed TLS (https://tls.mbed.org)
*/
/*
@@ -182,6 +180,16 @@
#error "MBEDTLS_ENTROPY_FORCE_SHA256 defined, but not all prerequisites"
#endif
+#if defined(__has_feature)
+#if __has_feature(memory_sanitizer)
+#define MBEDTLS_HAS_MEMSAN
+#endif
+#endif
+#if defined(MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN) && !defined(MBEDTLS_HAS_MEMSAN)
+#error "MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN requires building with MemorySanitizer"
+#endif
+#undef MBEDTLS_HAS_MEMSAN
+
#if defined(MBEDTLS_TEST_NULL_ENTROPY) && \
( !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES) )
#error "MBEDTLS_TEST_NULL_ENTROPY defined, but not all prerequisites"
diff --git a/sdk/include/reactos/libs/mbedtls/cipher.h b/sdk/include/reactos/libs/mbedtls/cipher.h
index 8830107df37..7f40b7ec8d5 100644
--- a/sdk/include/reactos/libs/mbedtls/cipher.h
+++ b/sdk/include/reactos/libs/mbedtls/cipher.h
@@ -6,7 +6,7 @@
* \author Adriaan de Jong <dejong(a)fox-it.com>
*/
/*
- * Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved
+ * Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*
* This file is provided under the Apache License 2.0, or the
@@ -47,8 +47,6 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*
* **********
- *
- * This file is part of Mbed TLS (https://tls.mbed.org)
*/
#ifndef MBEDTLS_CIPHER_H
diff --git a/sdk/include/reactos/libs/mbedtls/cipher_internal.h b/sdk/include/reactos/libs/mbedtls/cipher_internal.h
index 7e0b75a8797..758cf95aa22 100644
--- a/sdk/include/reactos/libs/mbedtls/cipher_internal.h
+++ b/sdk/include/reactos/libs/mbedtls/cipher_internal.h
@@ -6,7 +6,7 @@
* \author Adriaan de Jong <dejong(a)fox-it.com>
*/
/*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ * Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*
* This file is provided under the Apache License 2.0, or the
@@ -47,8 +47,6 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*
* **********
- *
- * This file is part of mbed TLS (https://tls.mbed.org)
*/
#ifndef MBEDTLS_CIPHER_WRAP_H
#define MBEDTLS_CIPHER_WRAP_H
diff --git a/sdk/include/reactos/libs/mbedtls/cmac.h b/sdk/include/reactos/libs/mbedtls/cmac.h
index 6b3414144dd..dbfc1bbf9c2 100644
--- a/sdk/include/reactos/libs/mbedtls/cmac.h
+++ b/sdk/include/reactos/libs/mbedtls/cmac.h
@@ -5,7 +5,7 @@
* Authentication.
*/
/*
- * Copyright (C) 2015-2018, Arm Limited (or its affiliates), All Rights Reserved
+ * Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*
* This file is provided under the Apache License 2.0, or the
@@ -46,8 +46,6 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*
* **********
- *
- * This file is part of Mbed TLS (https://tls.mbed.org)
*/
#ifndef MBEDTLS_CMAC_H
diff --git a/sdk/include/reactos/libs/mbedtls/compat-1.3.h b/sdk/include/reactos/libs/mbedtls/compat-1.3.h
index 8b6d36b2373..b0103cc893d 100644
--- a/sdk/include/reactos/libs/mbedtls/compat-1.3.h
+++ b/sdk/include/reactos/libs/mbedtls/compat-1.3.h
@@ -7,7 +7,7 @@
* \deprecated Use the new names directly instead
*/
/*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ * Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*
* This file is provided under the Apache License 2.0, or the
@@ -48,8 +48,6 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*
* **********
- *
- * This file is part of mbed TLS (https://tls.mbed.org)
*/
#if !defined(MBEDTLS_CONFIG_FILE)
diff --git a/sdk/include/reactos/libs/mbedtls/config.h b/sdk/include/reactos/libs/mbedtls/config.h
index 990589418ab..1d0e659ca36 100644
--- a/sdk/include/reactos/libs/mbedtls/config.h
+++ b/sdk/include/reactos/libs/mbedtls/config.h
@@ -8,7 +8,7 @@
* memory footprint.
*/
/*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ * Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*
* This file is provided under the Apache License 2.0, or the
@@ -49,8 +49,6 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*
* **********
- *
- * This file is part of mbed TLS (https://tls.mbed.org)
*/
#ifndef MBEDTLS_CONFIG_H
@@ -444,6 +442,42 @@
//#define MBEDTLS_ECP_RANDOMIZE_MXZ_ALT
//#define MBEDTLS_ECP_NORMALIZE_MXZ_ALT
+/**
+ * \def MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN
+ *
+ * Enable testing of the constant-flow nature of some sensitive functions with
+ * clang's MemorySanitizer. This causes some existing tests to also test
+ * this non-functional property of the code under test.
+ *
+ * This setting requires compiling with clang -fsanitize=memory. The test
+ * suites can then be run normally.
+ *
+ * \warning This macro is only used for extended testing; it is not considered
+ * part of the library's API, so it may change or disappear at any time.
+ *
+ * Uncomment to enable testing of the constant-flow nature of selected code.
+ */
+//#define MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN
+
+/**
+ * \def MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND
+ *
+ * Enable testing of the constant-flow nature of some sensitive functions with
+ * valgrind's memcheck tool. This causes some existing tests to also test
+ * this non-functional property of the code under test.
+ *
+ * This setting requires valgrind headers for building, and is only useful for
+ * testing if the tests suites are run with valgrind's memcheck. This can be
+ * done for an individual test suite with 'valgrind ./test_suite_xxx', or when
+ * using CMake, this can be done for all test suites with 'make memcheck'.
+ *
+ * \warning This macro is only used for extended testing; it is not considered
+ * part of the library's API, so it may change or disappear at any time.
+ *
+ * Uncomment to enable testing of the constant-flow nature of selected code.
+ */
+//#define MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND
+
/**
* \def MBEDTLS_TEST_NULL_ENTROPY
*
diff --git a/sdk/include/reactos/libs/mbedtls/ctr_drbg.h b/sdk/include/reactos/libs/mbedtls/ctr_drbg.h
index 390059c3b90..7aadaf9b4e7 100644
--- a/sdk/include/reactos/libs/mbedtls/ctr_drbg.h
+++ b/sdk/include/reactos/libs/mbedtls/ctr_drbg.h
@@ -32,7 +32,7 @@
* - \c 32 if \c MBEDTLS_ENTROPY_FORCE_SHA256 is enabled at compile time.
*/
/*
- * Copyright (C) 2006-2019, Arm Limited (or its affiliates), All Rights Reserved
+ * Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*
* This file is provided under the Apache License 2.0, or the
@@ -73,8 +73,6 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*
* **********
- *
- * This file is part of Mbed TLS (https://tls.mbed.org)
*/
#ifndef MBEDTLS_CTR_DRBG_H
diff --git a/sdk/include/reactos/libs/mbedtls/debug.h b/sdk/include/reactos/libs/mbedtls/debug.h
index 1949622c74e..efc7e9fff98 100644
--- a/sdk/include/reactos/libs/mbedtls/debug.h
+++ b/sdk/include/reactos/libs/mbedtls/debug.h
@@ -4,7 +4,7 @@
* \brief Functions for controlling and providing debug output from the library.
*/
/*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ * Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*
* This file is provided under the Apache License 2.0, or the
@@ -45,8 +45,6 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*
* **********
- *
- * This file is part of mbed TLS (https://tls.mbed.org)
*/
#ifndef MBEDTLS_DEBUG_H
#define MBEDTLS_DEBUG_H
diff --git a/sdk/include/reactos/libs/mbedtls/des.h b/sdk/include/reactos/libs/mbedtls/des.h
index b948744895c..b04ad170ded 100644
--- a/sdk/include/reactos/libs/mbedtls/des.h
+++ b/sdk/include/reactos/libs/mbedtls/des.h
@@ -8,7 +8,7 @@
* instead.
*/
/*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ * Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*
* This file is provided under the Apache License 2.0, or the
@@ -50,8 +50,6 @@
*
* **********
*
- * This file is part of mbed TLS (https://tls.mbed.org)
- *
*/
#ifndef MBEDTLS_DES_H
#define MBEDTLS_DES_H
diff --git a/sdk/include/reactos/libs/mbedtls/dhm.h b/sdk/include/reactos/libs/mbedtls/dhm.h
index 7077cb3a5b1..233b1f20031 100644
--- a/sdk/include/reactos/libs/mbedtls/dhm.h
+++ b/sdk/include/reactos/libs/mbedtls/dhm.h
@@ -38,7 +38,7 @@
*
*/
/*
- * Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved
+ * Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*
* This file is provided under the Apache License 2.0, or the
@@ -79,8 +79,6 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*
* **********
- *
- * This file is part of Mbed TLS (https://tls.mbed.org)
*/
#ifndef MBEDTLS_DHM_H
diff --git a/sdk/include/reactos/libs/mbedtls/ecdh.h b/sdk/include/reactos/libs/mbedtls/ecdh.h
index 476156b9492..e937c899fff 100644
--- a/sdk/include/reactos/libs/mbedtls/ecdh.h
+++ b/sdk/include/reactos/libs/mbedtls/ecdh.h
@@ -12,7 +12,7 @@
* Cryptography</em>.
*/
/*
- * Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved
+ * Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*
* This file is provided under the Apache License 2.0, or the
@@ -53,8 +53,6 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*
* **********
- *
- * This file is part of Mbed TLS (https://tls.mbed.org)
*/
#ifndef MBEDTLS_ECDH_H
diff --git a/sdk/include/reactos/libs/mbedtls/ecdsa.h b/sdk/include/reactos/libs/mbedtls/ecdsa.h
index faec04db0fd..1a34ff271b1 100644
--- a/sdk/include/reactos/libs/mbedtls/ecdsa.h
+++ b/sdk/include/reactos/libs/mbedtls/ecdsa.h
@@ -10,7 +10,7 @@
*
*/
/*
- * Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved
+ * Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*
* This file is provided under the Apache License 2.0, or the
@@ -51,8 +51,6 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*
* **********
- *
- * This file is part of Mbed TLS (https://tls.mbed.org)
*/
#ifndef MBEDTLS_ECDSA_H
diff --git a/sdk/include/reactos/libs/mbedtls/ecjpake.h b/sdk/include/reactos/libs/mbedtls/ecjpake.h
index 95620c52d63..1e941702f60 100644
--- a/sdk/include/reactos/libs/mbedtls/ecjpake.h
+++ b/sdk/include/reactos/libs/mbedtls/ecjpake.h
@@ -4,7 +4,7 @@
* \brief Elliptic curve J-PAKE
*/
/*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ * Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*
* This file is provided under the Apache License 2.0, or the
@@ -45,8 +45,6 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*
* **********
- *
- * This file is part of mbed TLS (https://tls.mbed.org)
*/
#ifndef MBEDTLS_ECJPAKE_H
#define MBEDTLS_ECJPAKE_H
diff --git a/sdk/include/reactos/libs/mbedtls/ecp.h b/sdk/include/reactos/libs/mbedtls/ecp.h
index 73eac625ea9..6ebd2d654d9 100644
--- a/sdk/include/reactos/libs/mbedtls/ecp.h
+++ b/sdk/include/reactos/libs/mbedtls/ecp.h
@@ -4,7 +4,7 @@
* \brief Elliptic curves over GF(p)
*/
/*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ * Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*
* This file is provided under the Apache License 2.0, or the
@@ -45,8 +45,6 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*
* **********
- *
- * This file is part of mbed TLS (https://tls.mbed.org)
*/
#ifndef MBEDTLS_ECP_H
#define MBEDTLS_ECP_H
diff --git a/sdk/include/reactos/libs/mbedtls/ecp_internal.h b/sdk/include/reactos/libs/mbedtls/ecp_internal.h
index 4e9445ae444..0047bd4ef91 100644
--- a/sdk/include/reactos/libs/mbedtls/ecp_internal.h
+++ b/sdk/include/reactos/libs/mbedtls/ecp_internal.h
@@ -5,7 +5,7 @@
* point arithmetic.
*/
/*
- * Copyright (C) 2016, ARM Limited, All Rights Reserved
+ * Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*
* This file is provided under the Apache License 2.0, or the
@@ -46,8 +46,6 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*
* **********
- *
- * This file is part of mbed TLS (https://tls.mbed.org)
*/
/*
diff --git a/sdk/include/reactos/libs/mbedtls/entropy.h b/sdk/include/reactos/libs/mbedtls/entropy.h
index 258ad554d75..cee6ab5a789 100644
--- a/sdk/include/reactos/libs/mbedtls/entropy.h
+++ b/sdk/include/reactos/libs/mbedtls/entropy.h
@@ -4,7 +4,7 @@
* \brief Entropy accumulator implementation
*/
/*
- * Copyright (C) 2006-2016, ARM Limited, All Rights Reserved
+ * Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*
* This file is provided under the Apache License 2.0, or the
@@ -45,8 +45,6 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*
* **********
- *
- * This file is part of mbed TLS (https://tls.mbed.org)
*/
#ifndef MBEDTLS_ENTROPY_H
#define MBEDTLS_ENTROPY_H
diff --git a/sdk/include/reactos/libs/mbedtls/entropy_poll.h b/sdk/include/reactos/libs/mbedtls/entropy_poll.h
index 9843a9e460b..c348fe52d42 100644
--- a/sdk/include/reactos/libs/mbedtls/entropy_poll.h
+++ b/sdk/include/reactos/libs/mbedtls/entropy_poll.h
@@ -4,7 +4,7 @@
* \brief Platform-specific and custom entropy polling functions
*/
/*
- * Copyright (C) 2006-2016, ARM Limited, All Rights Reserved
+ * Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*
* This file is provided under the Apache License 2.0, or the
@@ -45,8 +45,6 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*
* **********
- *
- * This file is part of mbed TLS (https://tls.mbed.org)
*/
#ifndef MBEDTLS_ENTROPY_POLL_H
#define MBEDTLS_ENTROPY_POLL_H
diff --git a/sdk/include/reactos/libs/mbedtls/error.h b/sdk/include/reactos/libs/mbedtls/error.h
index 2c55bccf7c4..1035454328f 100644
--- a/sdk/include/reactos/libs/mbedtls/error.h
+++ b/sdk/include/reactos/libs/mbedtls/error.h
@@ -4,7 +4,7 @@
* \brief Error to string translation
*/
/*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ * Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*
* This file is provided under the Apache License 2.0, or the
@@ -45,8 +45,6 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*
* **********
- *
- * This file is part of mbed TLS (https://tls.mbed.org)
*/
#ifndef MBEDTLS_ERROR_H
#define MBEDTLS_ERROR_H
diff --git a/sdk/include/reactos/libs/mbedtls/gcm.h b/sdk/include/reactos/libs/mbedtls/gcm.h
index 5b96ca2c5c8..2a49a87f72d 100644
--- a/sdk/include/reactos/libs/mbedtls/gcm.h
+++ b/sdk/include/reactos/libs/mbedtls/gcm.h
@@ -10,7 +10,7 @@
*
*/
/*
- * Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved
+ * Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*
* This file is provided under the Apache License 2.0, or the
@@ -51,8 +51,6 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*
* **********
- *
- * This file is part of Mbed TLS (https://tls.mbed.org)
*/
#ifndef MBEDTLS_GCM_H
diff --git a/sdk/include/reactos/libs/mbedtls/havege.h b/sdk/include/reactos/libs/mbedtls/havege.h
index 82bba6d61b3..781a6094eee 100644
--- a/sdk/include/reactos/libs/mbedtls/havege.h
+++ b/sdk/include/reactos/libs/mbedtls/havege.h
@@ -4,7 +4,7 @@
* \brief HAVEGE: HArdware Volatile Entropy Gathering and Expansion
*/
/*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ * Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*
* This file is provided under the Apache License 2.0, or the
@@ -45,8 +45,6 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*
* **********
- *
- * This file is part of mbed TLS (https://tls.mbed.org)
*/
#ifndef MBEDTLS_HAVEGE_H
#define MBEDTLS_HAVEGE_H
diff --git a/sdk/include/reactos/libs/mbedtls/hmac_drbg.h b/sdk/include/reactos/libs/mbedtls/hmac_drbg.h
index e5ab7cd12b0..289cf488973 100644
--- a/sdk/include/reactos/libs/mbedtls/hmac_drbg.h
+++ b/sdk/include/reactos/libs/mbedtls/hmac_drbg.h
@@ -8,7 +8,7 @@
* Deterministic Random Bit Generators</em>.
*/
/*
- * Copyright (C) 2006-2019, ARM Limited, All Rights Reserved
+ * Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*
* This file is provided under the Apache License 2.0, or the
@@ -49,8 +49,6 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*
* **********
- *
- * This file is part of mbed TLS (https://tls.mbed.org)
*/
#ifndef MBEDTLS_HMAC_DRBG_H
#define MBEDTLS_HMAC_DRBG_H
diff --git a/sdk/include/reactos/libs/mbedtls/md.h b/sdk/include/reactos/libs/mbedtls/md.h
index f424903cb1f..2903e4352d1 100644
--- a/sdk/include/reactos/libs/mbedtls/md.h
+++ b/sdk/include/reactos/libs/mbedtls/md.h
@@ -6,7 +6,7 @@
* \author Adriaan de Jong <dejong(a)fox-it.com>
*/
/*
- * Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved
+ * Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*
* This file is provided under the Apache License 2.0, or the
@@ -47,8 +47,6 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*
* **********
- *
- * This file is part of Mbed TLS (https://tls.mbed.org)
*/
#ifndef MBEDTLS_MD_H
diff --git a/sdk/include/reactos/libs/mbedtls/md2.h b/sdk/include/reactos/libs/mbedtls/md2.h
index 1e4f2553bbe..795db37dbf5 100644
--- a/sdk/include/reactos/libs/mbedtls/md2.h
+++ b/sdk/include/reactos/libs/mbedtls/md2.h
@@ -8,7 +8,7 @@
* instead.
*/
/*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ * Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*
* This file is provided under the Apache License 2.0, or the
@@ -50,8 +50,6 @@
*
* **********
*
- * This file is part of mbed TLS (https://tls.mbed.org)
- *
*/
#ifndef MBEDTLS_MD2_H
#define MBEDTLS_MD2_H
diff --git a/sdk/include/reactos/libs/mbedtls/md4.h b/sdk/include/reactos/libs/mbedtls/md4.h
index 3c85af249e7..e091fd91b1d 100644
--- a/sdk/include/reactos/libs/mbedtls/md4.h
+++ b/sdk/include/reactos/libs/mbedtls/md4.h
@@ -8,7 +8,7 @@
* instead.
*/
/*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ * Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*
* This file is provided under the Apache License 2.0, or the
@@ -50,8 +50,6 @@
*
* **********
*
- * This file is part of mbed TLS (https://tls.mbed.org)
- *
*/
#ifndef MBEDTLS_MD4_H
#define MBEDTLS_MD4_H
diff --git a/sdk/include/reactos/libs/mbedtls/md5.h b/sdk/include/reactos/libs/mbedtls/md5.h
index eb5d499ad7e..e24c87de540 100644
--- a/sdk/include/reactos/libs/mbedtls/md5.h
+++ b/sdk/include/reactos/libs/mbedtls/md5.h
@@ -8,7 +8,7 @@
* digests instead.
*/
/*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ * Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*
* This file is provided under the Apache License 2.0, or the
@@ -49,8 +49,6 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*
* **********
- *
- * This file is part of mbed TLS (https://tls.mbed.org)
*/
#ifndef MBEDTLS_MD5_H
#define MBEDTLS_MD5_H
diff --git a/sdk/include/reactos/libs/mbedtls/md_internal.h b/sdk/include/reactos/libs/mbedtls/md_internal.h
index 154b8bbc270..847f50aa0a8 100644
--- a/sdk/include/reactos/libs/mbedtls/md_internal.h
+++ b/sdk/include/reactos/libs/mbedtls/md_internal.h
@@ -8,7 +8,7 @@
* \author Adriaan de Jong <dejong(a)fox-it.com>
*/
/*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ * Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*
* This file is provided under the Apache License 2.0, or the
@@ -49,8 +49,6 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*
* **********
- *
- * This file is part of mbed TLS (https://tls.mbed.org)
*/
#ifndef MBEDTLS_MD_WRAP_H
#define MBEDTLS_MD_WRAP_H
diff --git a/sdk/include/reactos/libs/mbedtls/memory_buffer_alloc.h b/sdk/include/reactos/libs/mbedtls/memory_buffer_alloc.h
index c1e0926b13f..89c06174957 100644
--- a/sdk/include/reactos/libs/mbedtls/memory_buffer_alloc.h
+++ b/sdk/include/reactos/libs/mbedtls/memory_buffer_alloc.h
@@ -4,7 +4,7 @@
* \brief Buffer-based memory allocator
*/
/*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ * Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*
* This file is provided under the Apache License 2.0, or the
@@ -45,8 +45,6 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*
* **********
- *
- * This file is part of mbed TLS (https://tls.mbed.org)
*/
#ifndef MBEDTLS_MEMORY_BUFFER_ALLOC_H
#define MBEDTLS_MEMORY_BUFFER_ALLOC_H
diff --git a/sdk/include/reactos/libs/mbedtls/net.h b/sdk/include/reactos/libs/mbedtls/net.h
index bba4a359406..6c7a49d3bdf 100644
--- a/sdk/include/reactos/libs/mbedtls/net.h
+++ b/sdk/include/reactos/libs/mbedtls/net.h
@@ -6,7 +6,7 @@
* \deprecated Superseded by mbedtls/net_sockets.h
*/
/*
- * Copyright (C) 2006-2016, ARM Limited, All Rights Reserved
+ * Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*
* This file is provided under the Apache License 2.0, or the
@@ -47,8 +47,6 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*
* **********
- *
- * This file is part of mbed TLS (https://tls.mbed.org)
*/
#if !defined(MBEDTLS_CONFIG_FILE)
#include "config.h"
diff --git a/sdk/include/reactos/libs/mbedtls/net_sockets.h b/sdk/include/reactos/libs/mbedtls/net_sockets.h
index d1f9c9a06d3..0d61547d09f 100644
--- a/sdk/include/reactos/libs/mbedtls/net_sockets.h
+++ b/sdk/include/reactos/libs/mbedtls/net_sockets.h
@@ -4,7 +4,7 @@
* \brief Network communication functions
*/
/*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ * Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*
* This file is provided under the Apache License 2.0, or the
@@ -45,8 +45,6 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*
* **********
- *
- * This file is part of mbed TLS (https://tls.mbed.org)
*/
#ifndef MBEDTLS_NET_SOCKETS_H
#define MBEDTLS_NET_SOCKETS_H
diff --git a/sdk/include/reactos/libs/mbedtls/oid.h b/sdk/include/reactos/libs/mbedtls/oid.h
index 9d5cbfbb8a7..40b4bc4ff15 100644
--- a/sdk/include/reactos/libs/mbedtls/oid.h
+++ b/sdk/include/reactos/libs/mbedtls/oid.h
@@ -4,7 +4,7 @@
* \brief Object Identifier (OID) database
*/
/*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ * Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*
* This file is provided under the Apache License 2.0, or the
@@ -45,8 +45,6 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*
* **********
- *
- * This file is part of mbed TLS (https://tls.mbed.org)
*/
#ifndef MBEDTLS_OID_H
#define MBEDTLS_OID_H
diff --git a/sdk/include/reactos/libs/mbedtls/padlock.h b/sdk/include/reactos/libs/mbedtls/padlock.h
index 85868d9fe1d..91ad2a6ca6f 100644
--- a/sdk/include/reactos/libs/mbedtls/padlock.h
+++ b/sdk/include/reactos/libs/mbedtls/padlock.h
@@ -5,7 +5,7 @@
* processors
*/
/*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ * Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*
* This file is provided under the Apache License 2.0, or the
@@ -46,8 +46,6 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*
* **********
- *
- * This file is part of mbed TLS (https://tls.mbed.org)
*/
#ifndef MBEDTLS_PADLOCK_H
#define MBEDTLS_PADLOCK_H
diff --git a/sdk/include/reactos/libs/mbedtls/pem.h b/sdk/include/reactos/libs/mbedtls/pem.h
index 7239363f3a9..dfcc51872da 100644
--- a/sdk/include/reactos/libs/mbedtls/pem.h
+++ b/sdk/include/reactos/libs/mbedtls/pem.h
@@ -4,7 +4,7 @@
* \brief Privacy Enhanced Mail (PEM) decoding
*/
/*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ * Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*
* This file is provided under the Apache License 2.0, or the
@@ -45,8 +45,6 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*
* **********
- *
- * This file is part of mbed TLS (https://tls.mbed.org)
*/
#ifndef MBEDTLS_PEM_H
#define MBEDTLS_PEM_H
diff --git a/sdk/include/reactos/libs/mbedtls/pk.h b/sdk/include/reactos/libs/mbedtls/pk.h
index e80cb81e1cc..c636c3d53e6 100644
--- a/sdk/include/reactos/libs/mbedtls/pk.h
+++ b/sdk/include/reactos/libs/mbedtls/pk.h
@@ -4,7 +4,7 @@
* \brief Public Key abstraction layer
*/
/*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ * Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*
* This file is provided under the Apache License 2.0, or the
@@ -45,8 +45,6 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*
* **********
- *
- * This file is part of mbed TLS (https://tls.mbed.org)
*/
#ifndef MBEDTLS_PK_H
diff --git a/sdk/include/reactos/libs/mbedtls/pk_internal.h b/sdk/include/reactos/libs/mbedtls/pk_internal.h
index 7c8d914999a..038acf9acb0 100644
--- a/sdk/include/reactos/libs/mbedtls/pk_internal.h
+++ b/sdk/include/reactos/libs/mbedtls/pk_internal.h
@@ -4,7 +4,7 @@
* \brief Public Key abstraction layer: wrapper functions
*/
/*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ * Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*
* This file is provided under the Apache License 2.0, or the
@@ -45,8 +45,6 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*
* **********
- *
- * This file is part of mbed TLS (https://tls.mbed.org)
*/
#ifndef MBEDTLS_PK_WRAP_H
diff --git a/sdk/include/reactos/libs/mbedtls/pkcs11.h b/sdk/include/reactos/libs/mbedtls/pkcs11.h
index 9a23019bab4..c620722e383 100644
--- a/sdk/include/reactos/libs/mbedtls/pkcs11.h
+++ b/sdk/include/reactos/libs/mbedtls/pkcs11.h
@@ -6,7 +6,7 @@
* \author Adriaan de Jong <dejong(a)fox-it.com>
*/
/*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ * Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*
* This file is provided under the Apache License 2.0, or the
@@ -47,8 +47,6 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*
* **********
- *
- * This file is part of mbed TLS (https://tls.mbed.org)
*/
#ifndef MBEDTLS_PKCS11_H
#define MBEDTLS_PKCS11_H
diff --git a/sdk/include/reactos/libs/mbedtls/pkcs12.h b/sdk/include/reactos/libs/mbedtls/pkcs12.h
index c418e8f243d..9cbcb173055 100644
--- a/sdk/include/reactos/libs/mbedtls/pkcs12.h
+++ b/sdk/include/reactos/libs/mbedtls/pkcs12.h
@@ -4,7 +4,7 @@
* \brief PKCS#12 Personal Information Exchange Syntax
*/
/*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ * Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*
* This file is provided under the Apache License 2.0, or the
@@ -45,8 +45,6 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*
* **********
- *
- * This file is part of mbed TLS (https://tls.mbed.org)
*/
#ifndef MBEDTLS_PKCS12_H
#define MBEDTLS_PKCS12_H
diff --git a/sdk/include/reactos/libs/mbedtls/pkcs5.h b/sdk/include/reactos/libs/mbedtls/pkcs5.h
index 362a66782fa..759d1722b0b 100644
--- a/sdk/include/reactos/libs/mbedtls/pkcs5.h
+++ b/sdk/include/reactos/libs/mbedtls/pkcs5.h
@@ -6,7 +6,7 @@
* \author Mathias Olsson <mathias(a)kompetensum.com>
*/
/*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ * Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*
* This file is provided under the Apache License 2.0, or the
@@ -47,8 +47,6 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*
* **********
- *
- * This file is part of mbed TLS (https://tls.mbed.org)
*/
#ifndef MBEDTLS_PKCS5_H
#define MBEDTLS_PKCS5_H
diff --git a/sdk/include/reactos/libs/mbedtls/platform.h b/sdk/include/reactos/libs/mbedtls/platform.h
index e68ebc3c7e2..4eaad53c469 100644
--- a/sdk/include/reactos/libs/mbedtls/platform.h
+++ b/sdk/include/reactos/libs/mbedtls/platform.h
@@ -4,7 +4,7 @@
* \brief The Mbed TLS platform abstraction layer.
*/
/*
- * Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved
+ * Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*
* This file is provided under the Apache License 2.0, or the
@@ -45,8 +45,6 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*
* **********
- *
- * This file is part of Mbed TLS (https://tls.mbed.org)
*/
#ifndef MBEDTLS_PLATFORM_H
#define MBEDTLS_PLATFORM_H
diff --git a/sdk/include/reactos/libs/mbedtls/platform_time.h b/sdk/include/reactos/libs/mbedtls/platform_time.h
index a45870c3a65..e132f6a688c 100644
--- a/sdk/include/reactos/libs/mbedtls/platform_time.h
+++ b/sdk/include/reactos/libs/mbedtls/platform_time.h
@@ -4,7 +4,7 @@
* \brief mbed TLS Platform time abstraction
*/
/*
- * Copyright (C) 2006-2016, ARM Limited, All Rights Reserved
+ * Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*
* This file is provided under the Apache License 2.0, or the
@@ -45,8 +45,6 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*
* **********
- *
- * This file is part of mbed TLS (https://tls.mbed.org)
*/
#ifndef MBEDTLS_PLATFORM_TIME_H
#define MBEDTLS_PLATFORM_TIME_H
diff --git a/sdk/include/reactos/libs/mbedtls/ripemd160.h b/sdk/include/reactos/libs/mbedtls/ripemd160.h
index 6a8cf295c39..e954c65bf63 100644
--- a/sdk/include/reactos/libs/mbedtls/ripemd160.h
+++ b/sdk/include/reactos/libs/mbedtls/ripemd160.h
@@ -4,7 +4,7 @@
* \brief RIPE MD-160 message digest
*/
/*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ * Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*
* This file is provided under the Apache License 2.0, or the
@@ -45,8 +45,6 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*
* **********
- *
- * This file is part of mbed TLS (https://tls.mbed.org)
*/
#ifndef MBEDTLS_RIPEMD160_H
#define MBEDTLS_RIPEMD160_H
diff --git a/sdk/include/reactos/libs/mbedtls/rsa.h b/sdk/include/reactos/libs/mbedtls/rsa.h
index 752e047cd8a..7b508c5dcaa 100644
--- a/sdk/include/reactos/libs/mbedtls/rsa.h
+++ b/sdk/include/reactos/libs/mbedtls/rsa.h
@@ -9,7 +9,7 @@
*
*/
/*
- * Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved
+ * Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*
* This file is provided under the Apache License 2.0, or the
@@ -50,8 +50,6 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*
* **********
- *
- * This file is part of Mbed TLS (https://tls.mbed.org)
*/
#ifndef MBEDTLS_RSA_H
#define MBEDTLS_RSA_H
diff --git a/sdk/include/reactos/libs/mbedtls/rsa_internal.h b/sdk/include/reactos/libs/mbedtls/rsa_internal.h
index 2464e6b082b..953cb7b81d7 100644
--- a/sdk/include/reactos/libs/mbedtls/rsa_internal.h
+++ b/sdk/include/reactos/libs/mbedtls/rsa_internal.h
@@ -35,7 +35,7 @@
*
*/
/*
- * Copyright (C) 2006-2017, ARM Limited, All Rights Reserved
+ * Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*
* This file is provided under the Apache License 2.0, or the
@@ -77,8 +77,6 @@
*
* **********
*
- * This file is part of mbed TLS (https://tls.mbed.org)
- *
*/
#ifndef MBEDTLS_RSA_INTERNAL_H
diff --git a/sdk/include/reactos/libs/mbedtls/sha1.h b/sdk/include/reactos/libs/mbedtls/sha1.h
index 01c02a31035..4ae8ad60770 100644
--- a/sdk/include/reactos/libs/mbedtls/sha1.h
+++ b/sdk/include/reactos/libs/mbedtls/sha1.h
@@ -8,7 +8,7 @@
* digests instead.
*/
/*
- * Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved
+ * Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*
* This file is provided under the Apache License 2.0, or the
@@ -49,8 +49,6 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*
* **********
- *
- * This file is part of Mbed TLS (https://tls.mbed.org)
*/
#ifndef MBEDTLS_SHA1_H
#define MBEDTLS_SHA1_H
diff --git a/sdk/include/reactos/libs/mbedtls/sha256.h b/sdk/include/reactos/libs/mbedtls/sha256.h
index e7cb439a280..9bcf28cbfac 100644
--- a/sdk/include/reactos/libs/mbedtls/sha256.h
+++ b/sdk/include/reactos/libs/mbedtls/sha256.h
@@ -4,7 +4,7 @@
* \brief The SHA-224 and SHA-256 cryptographic hash function.
*/
/*
- * Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved
+ * Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*
* This file is provided under the Apache License 2.0, or the
@@ -45,8 +45,6 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*
* **********
- *
- * This file is part of Mbed TLS (https://tls.mbed.org)
*/
#ifndef MBEDTLS_SHA256_H
#define MBEDTLS_SHA256_H
diff --git a/sdk/include/reactos/libs/mbedtls/sha512.h b/sdk/include/reactos/libs/mbedtls/sha512.h
index 3518f98018e..33c32ce8e02 100644
--- a/sdk/include/reactos/libs/mbedtls/sha512.h
+++ b/sdk/include/reactos/libs/mbedtls/sha512.h
@@ -4,7 +4,7 @@
* \brief The SHA-384 and SHA-512 cryptographic hash function.
*/
/*
- * Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved
+ * Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*
* This file is provided under the Apache License 2.0, or the
@@ -45,8 +45,6 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*
* **********
- *
- * This file is part of Mbed TLS (https://tls.mbed.org)
*/
#ifndef MBEDTLS_SHA512_H
#define MBEDTLS_SHA512_H
diff --git a/sdk/include/reactos/libs/mbedtls/ssl.h b/sdk/include/reactos/libs/mbedtls/ssl.h
index 3d133ab8db5..c5324419bd4 100644
--- a/sdk/include/reactos/libs/mbedtls/ssl.h
+++ b/sdk/include/reactos/libs/mbedtls/ssl.h
@@ -4,7 +4,7 @@
* \brief SSL/TLS functions.
*/
/*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ * Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*
* This file is provided under the Apache License 2.0, or the
@@ -45,8 +45,6 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*
* **********
- *
- * This file is part of mbed TLS (https://tls.mbed.org)
*/
#ifndef MBEDTLS_SSL_H
#define MBEDTLS_SSL_H
diff --git a/sdk/include/reactos/libs/mbedtls/ssl_cache.h b/sdk/include/reactos/libs/mbedtls/ssl_cache.h
index e987c29e110..612d81776ef 100644
--- a/sdk/include/reactos/libs/mbedtls/ssl_cache.h
+++ b/sdk/include/reactos/libs/mbedtls/ssl_cache.h
@@ -4,7 +4,7 @@
* \brief SSL session cache implementation
*/
/*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ * Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*
* This file is provided under the Apache License 2.0, or the
@@ -45,8 +45,6 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*
* **********
- *
- * This file is part of mbed TLS (https://tls.mbed.org)
*/
#ifndef MBEDTLS_SSL_CACHE_H
#define MBEDTLS_SSL_CACHE_H
diff --git a/sdk/include/reactos/libs/mbedtls/ssl_ciphersuites.h b/sdk/include/reactos/libs/mbedtls/ssl_ciphersuites.h
index 3243778a83d..fcfbca83670 100644
--- a/sdk/include/reactos/libs/mbedtls/ssl_ciphersuites.h
+++ b/sdk/include/reactos/libs/mbedtls/ssl_ciphersuites.h
@@ -4,7 +4,7 @@
* \brief SSL Ciphersuites for mbed TLS
*/
/*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ * Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*
* This file is provided under the Apache License 2.0, or the
@@ -45,8 +45,6 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*
* **********
- *
- * This file is part of mbed TLS (https://tls.mbed.org)
*/
#ifndef MBEDTLS_SSL_CIPHERSUITES_H
#define MBEDTLS_SSL_CIPHERSUITES_H
diff --git a/sdk/include/reactos/libs/mbedtls/ssl_cookie.h b/sdk/include/reactos/libs/mbedtls/ssl_cookie.h
index a69854c1722..cd526f6d006 100644
--- a/sdk/include/reactos/libs/mbedtls/ssl_cookie.h
+++ b/sdk/include/reactos/libs/mbedtls/ssl_cookie.h
@@ -4,7 +4,7 @@
* \brief DTLS cookie callbacks implementation
*/
/*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ * Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*
* This file is provided under the Apache License 2.0, or the
@@ -45,8 +45,6 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*
* **********
- *
- * This file is part of mbed TLS (https://tls.mbed.org)
*/
#ifndef MBEDTLS_SSL_COOKIE_H
#define MBEDTLS_SSL_COOKIE_H
diff --git a/sdk/include/reactos/libs/mbedtls/ssl_internal.h b/sdk/include/reactos/libs/mbedtls/ssl_internal.h
index 4aa746373ca..6a04c8d05d4 100644
--- a/sdk/include/reactos/libs/mbedtls/ssl_internal.h
+++ b/sdk/include/reactos/libs/mbedtls/ssl_internal.h
@@ -4,7 +4,7 @@
* \brief Internal functions shared by the SSL modules
*/
/*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ * Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*
* This file is provided under the Apache License 2.0, or the
@@ -45,8 +45,6 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*
* **********
- *
- * This file is part of mbed TLS (https://tls.mbed.org)
*/
#ifndef MBEDTLS_SSL_INTERNAL_H
#define MBEDTLS_SSL_INTERNAL_H
@@ -144,6 +142,23 @@
#define MBEDTLS_SSL_RETRANS_WAITING 2
#define MBEDTLS_SSL_RETRANS_FINISHED 3
+/* This macro determines whether CBC is supported. */
+#if defined(MBEDTLS_CIPHER_MODE_CBC) && \
+ ( defined(MBEDTLS_AES_C) || \
+ defined(MBEDTLS_CAMELLIA_C) || \
+ defined(MBEDTLS_DES_C) )
+#define MBEDTLS_SSL_SOME_SUITES_USE_CBC
+#endif
+
+/* This macro determines whether the CBC construct used in TLS 1.0-1.2 (as
+ * opposed to the very different CBC construct used in SSLv3) is supported. */
+#if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC) && \
+ ( defined(MBEDTLS_SSL_PROTO_TLS1) || \
+ defined(MBEDTLS_SSL_PROTO_TLS1_1) || \
+ defined(MBEDTLS_SSL_PROTO_TLS1_2) )
+#define MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC
+#endif
+
/*
* Allow extra bytes for record, authentication and encryption overhead:
* counter (8) + header (5) + IV(16) + MAC (16-48) + padding (0-256)
@@ -732,6 +747,73 @@ int mbedtls_ssl_get_key_exchange_md_tls1_2( mbedtls_ssl_context *ssl,
#endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 || \
MBEDTLS_SSL_PROTO_TLS1_2 */
+#if defined(MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC)
+/** \brief Compute the HMAC of variable-length data with constant flow.
+ *
+ * This function computes the HMAC of the concatenation of \p add_data and \p
+ * data, and does with a code flow and memory access pattern that does not
+ * depend on \p data_len_secret, but only on \p min_data_len and \p
+ * max_data_len. In particular, this function always reads exactly \p
+ * max_data_len bytes from \p data.
+ *
+ * \param ctx The HMAC context. It must have keys configured
+ * with mbedtls_md_hmac_starts() and use one of the
+ * following hashes: SHA-384, SHA-256, SHA-1 or MD-5.
+ * It is reset using mbedtls_md_hmac_reset() after
+ * the computation is complete to prepare for the
+ * next computation.
+ * \param add_data The additional data prepended to \p data. This
+ * must point to a readable buffer of \p add_data_len
+ * bytes.
+ * \param add_data_len The length of \p add_data in bytes.
+ * \param data The data appended to \p add_data. This must point
+ * to a readable buffer of \p max_data_len bytes.
+ * \param data_len_secret The length of the data to process in \p data.
+ * This must be no less than \p min_data_len and no
+ * greater than \p max_data_len.
+ * \param min_data_len The minimal length of \p data in bytes.
+ * \param max_data_len The maximal length of \p data in bytes.
+ * \param output The HMAC will be written here. This must point to
+ * a writable buffer of sufficient size to hold the
+ * HMAC value.
+ *
+ * \retval 0
+ * Success.
+ * \retval non-zero
+ * Failure.
+ */
+int mbedtls_ssl_cf_hmac(
+ mbedtls_md_context_t *ctx,
+ const unsigned char *add_data, size_t add_data_len,
+ const unsigned char *data, size_t data_len_secret,
+ size_t min_data_len, size_t max_data_len,
+ unsigned char *output );
+
+/** \brief Copy data from a secret position with constant flow.
+ *
+ * This function copies \p len bytes from \p src_base + \p offset_secret to \p
+ * dst, with a code flow and memory access pattern that does not depend on \p
+ * offset_secret, but only on \p offset_min, \p offset_max and \p len.
+ *
+ * \param dst The destination buffer. This must point to a writable
+ * buffer of at least \p len bytes.
+ * \param src_base The base of the source buffer. This must point to a
+ * readable buffer of at least \p offset_max + \p len
+ * bytes.
+ * \param offset_secret The offset in the source buffer from which to copy.
+ * This must be no less than \p offset_min and no greater
+ * than \p offset_max.
+ * \param offset_min The minimal value of \p offset_secret.
+ * \param offset_max The maximal value of \p offset_secret.
+ * \param len The number of bytes to copy.
+ */
+void mbedtls_ssl_cf_memcpy_offset( unsigned char *dst,
+ const unsigned char *src_base,
+ size_t offset_secret,
+ size_t offset_min, size_t offset_max,
+ size_t len );
+#endif /* MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC */
+
#ifdef __cplusplus
}
#endif
diff --git a/sdk/include/reactos/libs/mbedtls/ssl_ticket.h b/sdk/include/reactos/libs/mbedtls/ssl_ticket.h
index 5ee38017f3e..53c39c5f5dc 100644
--- a/sdk/include/reactos/libs/mbedtls/ssl_ticket.h
+++ b/sdk/include/reactos/libs/mbedtls/ssl_ticket.h
@@ -4,7 +4,7 @@
* \brief TLS server ticket callbacks implementation
*/
/*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ * Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*
* This file is provided under the Apache License 2.0, or the
@@ -45,8 +45,6 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*
* **********
- *
- * This file is part of mbed TLS (https://tls.mbed.org)
*/
#ifndef MBEDTLS_SSL_TICKET_H
#define MBEDTLS_SSL_TICKET_H
diff --git a/sdk/include/reactos/libs/mbedtls/threading.h b/sdk/include/reactos/libs/mbedtls/threading.h
index 2c8df8827b4..a5d0a34a66f 100644
--- a/sdk/include/reactos/libs/mbedtls/threading.h
+++ b/sdk/include/reactos/libs/mbedtls/threading.h
@@ -4,7 +4,7 @@
* \brief Threading abstraction layer
*/
/*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ * Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*
* This file is provided under the Apache License 2.0, or the
@@ -45,8 +45,6 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*
* **********
- *
- * This file is part of mbed TLS (https://tls.mbed.org)
*/
#ifndef MBEDTLS_THREADING_H
#define MBEDTLS_THREADING_H
diff --git a/sdk/include/reactos/libs/mbedtls/timing.h b/sdk/include/reactos/libs/mbedtls/timing.h
index 9bb1f42fb00..564e76b8c38 100644
--- a/sdk/include/reactos/libs/mbedtls/timing.h
+++ b/sdk/include/reactos/libs/mbedtls/timing.h
@@ -4,7 +4,7 @@
* \brief Portable interface to timeouts and to the CPU cycle counter
*/
/*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ * Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*
* This file is provided under the Apache License 2.0, or the
@@ -45,8 +45,6 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*
* **********
- *
- * This file is part of mbed TLS (https://tls.mbed.org)
*/
#ifndef MBEDTLS_TIMING_H
#define MBEDTLS_TIMING_H
diff --git a/sdk/include/reactos/libs/mbedtls/version.h b/sdk/include/reactos/libs/mbedtls/version.h
index 289ec75efc2..547cd4cf7b2 100644
--- a/sdk/include/reactos/libs/mbedtls/version.h
+++ b/sdk/include/reactos/libs/mbedtls/version.h
@@ -4,7 +4,7 @@
* \brief Run-time version information
*/
/*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ * Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*
* This file is provided under the Apache License 2.0, or the
@@ -45,8 +45,6 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*
* **********
- *
- * This file is part of mbed TLS (https://tls.mbed.org)
*/
/*
* This set of compile-time defines and run-time variables can be used to
@@ -67,16 +65,16 @@
*/
#define MBEDTLS_VERSION_MAJOR 2
#define MBEDTLS_VERSION_MINOR 7
-#define MBEDTLS_VERSION_PATCH 16
+#define MBEDTLS_VERSION_PATCH 17
/**
* The single version number has the following structure:
* MMNNPP00
* Major version | Minor version | Patch version
*/
-#define MBEDTLS_VERSION_NUMBER 0x02071000
-#define MBEDTLS_VERSION_STRING "2.7.16"
-#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 2.7.16"
+#define MBEDTLS_VERSION_NUMBER 0x02071100
+#define MBEDTLS_VERSION_STRING "2.7.17"
+#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 2.7.17"
#if defined(MBEDTLS_VERSION_C)
diff --git a/sdk/include/reactos/libs/mbedtls/x509.h b/sdk/include/reactos/libs/mbedtls/x509.h
index 0e07b6d248f..e8b98a1e157 100644
--- a/sdk/include/reactos/libs/mbedtls/x509.h
+++ b/sdk/include/reactos/libs/mbedtls/x509.h
@@ -4,7 +4,7 @@
* \brief X.509 generic defines and structures
*/
/*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ * Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*
* This file is provided under the Apache License 2.0, or the
@@ -45,8 +45,6 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*
* **********
- *
- * This file is part of mbed TLS (https://tls.mbed.org)
*/
#ifndef MBEDTLS_X509_H
#define MBEDTLS_X509_H
diff --git a/sdk/include/reactos/libs/mbedtls/x509_crl.h b/sdk/include/reactos/libs/mbedtls/x509_crl.h
index 0e37f65e8f0..2ade47c89db 100644
--- a/sdk/include/reactos/libs/mbedtls/x509_crl.h
+++ b/sdk/include/reactos/libs/mbedtls/x509_crl.h
@@ -4,7 +4,7 @@
* \brief X.509 certificate revocation list parsing
*/
/*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ * Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*
* This file is provided under the Apache License 2.0, or the
@@ -45,8 +45,6 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*
* **********
- *
- * This file is part of mbed TLS (https://tls.mbed.org)
*/
#ifndef MBEDTLS_X509_CRL_H
#define MBEDTLS_X509_CRL_H
diff --git a/sdk/include/reactos/libs/mbedtls/x509_crt.h b/sdk/include/reactos/libs/mbedtls/x509_crt.h
index 216481d5a18..af2a3b42760 100644
--- a/sdk/include/reactos/libs/mbedtls/x509_crt.h
+++ b/sdk/include/reactos/libs/mbedtls/x509_crt.h
@@ -4,7 +4,7 @@
* \brief X.509 certificate parsing and writing
*/
/*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ * Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*
* This file is provided under the Apache License 2.0, or the
@@ -45,8 +45,6 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*
* **********
- *
- * This file is part of mbed TLS (https://tls.mbed.org)
*/
#ifndef MBEDTLS_X509_CRT_H
#define MBEDTLS_X509_CRT_H
diff --git a/sdk/include/reactos/libs/mbedtls/x509_csr.h b/sdk/include/reactos/libs/mbedtls/x509_csr.h
index 8ba2cda0dc5..5dfb4213e8d 100644
--- a/sdk/include/reactos/libs/mbedtls/x509_csr.h
+++ b/sdk/include/reactos/libs/mbedtls/x509_csr.h
@@ -4,7 +4,7 @@
* \brief X.509 certificate signing request parsing and writing
*/
/*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ * Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*
* This file is provided under the Apache License 2.0, or the
@@ -45,8 +45,6 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*
* **********
- *
- * This file is part of mbed TLS (https://tls.mbed.org)
*/
#ifndef MBEDTLS_X509_CSR_H
#define MBEDTLS_X509_CSR_H
diff --git a/sdk/include/reactos/libs/mbedtls/xtea.h b/sdk/include/reactos/libs/mbedtls/xtea.h
index 5df5585962b..c0259b8c556 100644
--- a/sdk/include/reactos/libs/mbedtls/xtea.h
+++ b/sdk/include/reactos/libs/mbedtls/xtea.h
@@ -4,7 +4,7 @@
* \brief XTEA block cipher (32-bit)
*/
/*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ * Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*
* This file is provided under the Apache License 2.0, or the
@@ -45,8 +45,6 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*
* **********
- *
- * This file is part of mbed TLS (https://tls.mbed.org)
*/
#ifndef MBEDTLS_XTEA_H
#define MBEDTLS_XTEA_H