Last active
May 19, 2022 22:13
-
-
Save lynxluna/bbc54ca894d57b81b8e2ebbc37fcceb7 to your computer and use it in GitHub Desktop.
MbedTLS OpenWatcom Patchs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
diff -Nbaur mbedtls-3.1.0/include/mbedtls/mbedtls_config.h binfetch/mbedtls-3.1.0/include/mbedtls/mbedtls_config.h | |
--- mbedtls-3.1.0/include/mbedtls/mbedtls_config.h 2021-12-15 20:48:01.000000000 +0700 | |
+++ binfetch/mbedtls-3.1.0/include/mbedtls/mbedtls_config.h 2022-05-20 01:50:44.000000000 +0700 | |
@@ -2440,7 +2440,7 @@ | |
* | |
* This module provides networking routines. | |
*/ | |
-#define MBEDTLS_NET_C | |
+//#define MBEDTLS_NET_C | |
/** | |
* \def MBEDTLS_OID_C | |
diff -Nbaur mbedtls-3.1.0/library/asn1parse.c binfetch/mbedtls-3.1.0/library/asn1parse.c | |
--- mbedtls-3.1.0/library/asn1parse.c 2021-12-15 20:48:01.000000000 +0700 | |
+++ binfetch/mbedtls-3.1.0/library/asn1parse.c 2022-05-20 05:04:18.000000000 +0700 | |
@@ -369,7 +369,10 @@ | |
mbedtls_asn1_sequence *cur, | |
int tag) | |
{ | |
- asn1_get_sequence_of_cb_ctx_t cb_ctx = { tag, cur }; | |
+ asn1_get_sequence_of_cb_ctx_t cb_ctx; | |
+ cb_ctx.tag = tag; | |
+ cb_ctx.cur = cur; | |
+ | |
memset( cur, 0, sizeof( mbedtls_asn1_sequence ) ); | |
return( mbedtls_asn1_traverse_sequence_of( | |
p, end, 0xFF, tag, 0, 0, | |
diff -Nbaur mbedtls-3.1.0/library/bignum.c binfetch/mbedtls-3.1.0/library/bignum.c | |
--- mbedtls-3.1.0/library/bignum.c 2021-12-15 20:48:01.000000000 +0700 | |
+++ binfetch/mbedtls-3.1.0/library/bignum.c 2022-05-20 05:04:18.000000000 +0700 | |
@@ -1508,11 +1508,14 @@ | |
*/ | |
int mbedtls_mpi_mul_int( mbedtls_mpi *X, const mbedtls_mpi *A, mbedtls_mpi_uint b ) | |
{ | |
+ size_t n; | |
+ int ret; | |
+ | |
MPI_VALIDATE_RET( X != NULL ); | |
MPI_VALIDATE_RET( A != NULL ); | |
/* mpi_mul_hlp can't deal with a leading 0. */ | |
- size_t n = A->n; | |
+ n = A->n; | |
while( n > 0 && A->p[n - 1] == 0 ) | |
--n; | |
@@ -1524,7 +1527,7 @@ | |
} | |
/* Calculate A*b as A + A*(b-1) to take advantage of mpi_mul_hlp */ | |
- int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; | |
+ ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; | |
/* In general, A * b requires 1 limb more than b. If | |
* A->p[n - 1] * b / b == A->p[n - 1], then A * b fits in the same | |
* number of limbs as A and the call to grow() is not required since | |
@@ -1990,8 +1993,8 @@ | |
static int mpi_select( mbedtls_mpi *R, const mbedtls_mpi *T, size_t T_size, size_t idx ) | |
{ | |
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; | |
- | |
- for( size_t i = 0; i < T_size; i++ ) | |
+ size_t i = 0; | |
+ for(i = 0; i < T_size; i++ ) | |
{ | |
MBEDTLS_MPI_CHK( mbedtls_mpi_safe_cond_assign( R, &T[i], | |
(unsigned char) mbedtls_ct_size_bool_eq( i, idx ) ) ); | |
diff -Nbaur mbedtls-3.1.0/library/cipher.c binfetch/mbedtls-3.1.0/library/cipher.c | |
--- mbedtls-3.1.0/library/cipher.c 2021-12-15 20:48:01.000000000 +0700 | |
+++ binfetch/mbedtls-3.1.0/library/cipher.c 2022-05-20 05:04:18.000000000 +0700 | |
@@ -1529,6 +1529,7 @@ | |
unsigned char *output, size_t output_len, | |
size_t *olen, size_t tag_len ) | |
{ | |
+ int ret; | |
CIPHER_VALIDATE_RET( ctx != NULL ); | |
CIPHER_VALIDATE_RET( iv_len == 0 || iv != NULL ); | |
CIPHER_VALIDATE_RET( ad_len == 0 || ad != NULL ); | |
@@ -1565,7 +1566,7 @@ | |
if( output_len < ilen + tag_len ) | |
return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); | |
- int ret = mbedtls_cipher_aead_encrypt( ctx, iv, iv_len, ad, ad_len, | |
+ ret = mbedtls_cipher_aead_encrypt( ctx, iv, iv_len, ad, ad_len, | |
input, ilen, output, olen, | |
output + ilen, tag_len ); | |
*olen += tag_len; | |
diff -Nbaur mbedtls-3.1.0/library/constant_time.c binfetch/mbedtls-3.1.0/library/constant_time.c | |
--- mbedtls-3.1.0/library/constant_time.c 2021-12-15 20:48:01.000000000 +0700 | |
+++ binfetch/mbedtls-3.1.0/library/constant_time.c 2022-05-20 05:04:18.000000000 +0700 | |
@@ -415,9 +415,9 @@ | |
/* mask = c1 == c2 ? 0xff : 0x00 */ | |
const size_t equal = mbedtls_ct_size_bool_eq( c1, c2 ); | |
const unsigned char mask = (unsigned char) mbedtls_ct_size_mask( equal ); | |
- | |
+ size_t i; | |
/* dest[i] = c1 == c2 ? src[i] : dest[i] */ | |
- for( size_t i = 0; i < len; i++ ) | |
+ for(i = 0; i < len; i++ ) | |
dest[i] = ( src[i] & mask ) | ( dest[i] & ~mask ); | |
} | |
diff -Nbaur mbedtls-3.1.0/library/ecjpake.c binfetch/mbedtls-3.1.0/library/ecjpake.c | |
--- mbedtls-3.1.0/library/ecjpake.c 2021-12-15 20:48:01.000000000 +0700 | |
+++ binfetch/mbedtls-3.1.0/library/ecjpake.c 2022-05-20 05:04:18.000000000 +0700 | |
@@ -967,10 +967,10 @@ | |
static int self_test_rng( void *ctx, unsigned char *out, size_t len ) | |
{ | |
static uint32_t state = 42; | |
- | |
+ size_t i; | |
(void) ctx; | |
- for( size_t i = 0; i < len; i++ ) | |
+ for(i = 0; i < len; i++ ) | |
{ | |
state = state * 1664525u + 1013904223u; | |
out[i] = (unsigned char) state; | |
diff -Nbaur mbedtls-3.1.0/library/ecp.c binfetch/mbedtls-3.1.0/library/ecp.c | |
--- mbedtls-3.1.0/library/ecp.c 2021-12-15 20:48:01.000000000 +0700 | |
+++ binfetch/mbedtls-3.1.0/library/ecp.c 2022-05-20 05:04:18.000000000 +0700 | |
@@ -1169,6 +1169,9 @@ | |
*/ | |
static int ecp_normalize_jac( const mbedtls_ecp_group *grp, mbedtls_ecp_point *pt ) | |
{ | |
+ int ret; | |
+ mbedtls_mpi Zi, ZZi; | |
+ | |
if( mbedtls_mpi_cmp_int( &pt->Z, 0 ) == 0 ) | |
return( 0 ); | |
@@ -1180,8 +1183,7 @@ | |
#if defined(MBEDTLS_ECP_NO_FALLBACK) && defined(MBEDTLS_ECP_NORMALIZE_JAC_ALT) | |
return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE ); | |
#else | |
- int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; | |
- mbedtls_mpi Zi, ZZi; | |
+ ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; | |
mbedtls_mpi_init( &Zi ); mbedtls_mpi_init( &ZZi ); | |
/* | |
@@ -1224,6 +1226,11 @@ | |
static int ecp_normalize_jac_many( const mbedtls_ecp_group *grp, | |
mbedtls_ecp_point *T[], size_t T_size ) | |
{ | |
+ | |
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; | |
+ size_t i; | |
+ mbedtls_mpi *c, u, Zi, ZZi; | |
+ | |
if( T_size < 2 ) | |
return( ecp_normalize_jac( grp, *T ) ); | |
@@ -1235,10 +1242,6 @@ | |
#if defined(MBEDTLS_ECP_NO_FALLBACK) && defined(MBEDTLS_ECP_NORMALIZE_JAC_MANY_ALT) | |
return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE ); | |
#else | |
- int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; | |
- size_t i; | |
- mbedtls_mpi *c, u, Zi, ZZi; | |
- | |
if( ( c = mbedtls_calloc( T_size, sizeof( mbedtls_mpi ) ) ) == NULL ) | |
return( MBEDTLS_ERR_ECP_ALLOC_FAILED ); | |
@@ -1351,6 +1354,10 @@ | |
static int ecp_double_jac( const mbedtls_ecp_group *grp, mbedtls_ecp_point *R, | |
const mbedtls_ecp_point *P ) | |
{ | |
+ | |
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; | |
+ mbedtls_mpi M, S, T, U; | |
+ | |
#if defined(MBEDTLS_SELF_TEST) | |
dbl_count++; | |
#endif | |
@@ -1363,8 +1370,6 @@ | |
#if defined(MBEDTLS_ECP_NO_FALLBACK) && defined(MBEDTLS_ECP_DOUBLE_JAC_ALT) | |
return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE ); | |
#else | |
- int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; | |
- mbedtls_mpi M, S, T, U; | |
mbedtls_mpi_init( &M ); mbedtls_mpi_init( &S ); mbedtls_mpi_init( &T ); mbedtls_mpi_init( &U ); | |
@@ -1451,6 +1456,9 @@ | |
static int ecp_add_mixed( const mbedtls_ecp_group *grp, mbedtls_ecp_point *R, | |
const mbedtls_ecp_point *P, const mbedtls_ecp_point *Q ) | |
{ | |
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; | |
+ mbedtls_mpi T1, T2, T3, T4, X, Y, Z; | |
+ | |
#if defined(MBEDTLS_SELF_TEST) | |
add_count++; | |
#endif | |
@@ -1463,8 +1471,6 @@ | |
#if defined(MBEDTLS_ECP_NO_FALLBACK) && defined(MBEDTLS_ECP_ADD_MIXED_ALT) | |
return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE ); | |
#else | |
- int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; | |
- mbedtls_mpi T1, T2, T3, T4, X, Y, Z; | |
/* | |
* Trivial cases: P == 0 or Q == 0 (case 1) | |
@@ -3236,10 +3242,10 @@ | |
static int self_test_rng( void *ctx, unsigned char *out, size_t len ) | |
{ | |
static uint32_t state = 42; | |
- | |
+ size_t i; | |
(void) ctx; | |
- for( size_t i = 0; i < len; i++ ) | |
+ for(i = 0; i < len; i++ ) | |
{ | |
state = state * 1664525u + 1013904223u; | |
out[i] = (unsigned char) state; | |
diff -Nbaur mbedtls-3.1.0/library/ecp_curves.c binfetch/mbedtls-3.1.0/library/ecp_curves.c | |
--- mbedtls-3.1.0/library/ecp_curves.c 2021-12-15 20:48:01.000000000 +0700 | |
+++ binfetch/mbedtls-3.1.0/library/ecp_curves.c 2022-05-20 05:04:18.000000000 +0700 | |
@@ -5004,6 +5004,7 @@ | |
void mbedtls_ecp_fix_negative( mbedtls_mpi *N, signed char c, size_t bits ) | |
{ | |
size_t i; | |
+ mbedtls_mpi_uint msw; | |
/* Set N := 2^bits - 1 - N. We know that 0 <= N < 2^bits, so | |
* set the absolute value to 0xfff...fff - N. There is no carry | |
@@ -5023,7 +5024,7 @@ | |
/* Add |c| * 2^bits to the absolute value. Since c and N are | |
* negative, this adds c * 2^bits. */ | |
- mbedtls_mpi_uint msw = (mbedtls_mpi_uint) -c; | |
+ msw = (mbedtls_mpi_uint) -c; | |
#if defined(MBEDTLS_HAVE_INT64) | |
if( bits == 224 ) | |
msw <<= 32; | |
diff -Nbaur mbedtls-3.1.0/library/platform.c binfetch/mbedtls-3.1.0/library/platform.c | |
--- mbedtls-3.1.0/library/platform.c 2021-12-15 20:48:01.000000000 +0700 | |
+++ binfetch/mbedtls-3.1.0/library/platform.c 2022-05-20 04:19:31.000000000 +0700 | |
@@ -132,7 +132,7 @@ | |
if( s == NULL || n == 0 || fmt == NULL ) | |
return( -1 ); | |
-#if defined(_TRUNCATE) | |
+#if defined(_TRUNCATE) && !defined(__MINGW32__) | |
ret = vsnprintf_s( s, n, _TRUNCATE, fmt, arg ); | |
#else | |
ret = vsnprintf( s, n, fmt, arg ); | |
diff -Nbaur mbedtls-3.1.0/library/platform_util.c binfetch/mbedtls-3.1.0/library/platform_util.c | |
--- mbedtls-3.1.0/library/platform_util.c 2021-12-15 20:48:01.000000000 +0700 | |
+++ binfetch/mbedtls-3.1.0/library/platform_util.c 2022-05-20 05:09:11.000000000 +0700 | |
@@ -103,9 +103,9 @@ | |
struct tm *mbedtls_platform_gmtime_r( const mbedtls_time_t *tt, | |
struct tm *tm_buf ) | |
{ | |
-#if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32) | |
+#if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32) && !defined(__WATCOMC__) | |
return( ( gmtime_s( tm_buf, tt ) == 0 ) ? tm_buf : NULL ); | |
-#elif !defined(PLATFORM_UTIL_USE_GMTIME) | |
+#elif !defined(PLATFORM_UTIL_USE_GMTIME) && !defined(__WATCOMC__) | |
return( gmtime_r( tt, tm_buf ) ); | |
#else | |
struct tm *lt; | |
diff -Nbaur mbedtls-3.1.0/library/psa_crypto.c binfetch/mbedtls-3.1.0/library/psa_crypto.c | |
--- mbedtls-3.1.0/library/psa_crypto.c 2021-12-15 20:48:01.000000000 +0700 | |
+++ binfetch/mbedtls-3.1.0/library/psa_crypto.c 2022-05-20 05:12:49.000000000 +0700 | |
@@ -666,6 +666,8 @@ | |
( PSA_ALG_FULL_LENGTH_MAC( alg1 ) == | |
PSA_ALG_FULL_LENGTH_MAC( alg2 ) ) ) | |
{ | |
+ size_t alg1_len, alg2_len, restricted_len; | |
+ | |
/* Validate the combination of key type and algorithm. Since the base | |
* algorithm of alg1 and alg2 are the same, we only need this once. */ | |
if( PSA_SUCCESS != psa_mac_key_can_do( alg1, key_type ) ) | |
@@ -679,9 +681,9 @@ | |
* Note that for at-least-this-length wildcard algorithms, the output | |
* length is set to the shortest allowed length, which allows us to | |
* calculate the most restrictive tag length for the intersection. */ | |
- size_t alg1_len = PSA_MAC_LENGTH( key_type, 0, alg1 ); | |
- size_t alg2_len = PSA_MAC_LENGTH( key_type, 0, alg2 ); | |
- size_t restricted_len = alg1_len > alg2_len ? alg1_len : alg2_len; | |
+ alg1_len = PSA_MAC_LENGTH( key_type, 0, alg1 ); | |
+ alg2_len = PSA_MAC_LENGTH( key_type, 0, alg2 ); | |
+ restricted_len = alg1_len > alg2_len ? alg1_len : alg2_len; | |
/* If both are wildcards, return most restrictive wildcard */ | |
if( ( ( alg1 & PSA_ALG_MAC_AT_LEAST_THIS_LENGTH_FLAG ) != 0 ) && | |
@@ -748,6 +750,7 @@ | |
( PSA_ALG_FULL_LENGTH_MAC( policy_alg ) == | |
PSA_ALG_FULL_LENGTH_MAC( requested_alg ) ) ) | |
{ | |
+ size_t requested_output_length, default_output_length; | |
/* Validate the combination of key type and algorithm. Since the policy | |
* and requested algorithms are the same, we only need this once. */ | |
if( PSA_SUCCESS != psa_mac_key_can_do( policy_alg, key_type ) ) | |
@@ -758,9 +761,9 @@ | |
* Note that none of the currently supported algorithms have an output | |
* length dependent on actual key size, so setting it to a bogus value | |
* of 0 is currently OK. */ | |
- size_t requested_output_length = PSA_MAC_LENGTH( | |
+ requested_output_length = PSA_MAC_LENGTH( | |
key_type, 0, requested_alg ); | |
- size_t default_output_length = PSA_MAC_LENGTH( | |
+ default_output_length = PSA_MAC_LENGTH( | |
key_type, 0, | |
PSA_ALG_FULL_LENGTH_MAC( requested_alg ) ); | |
@@ -1302,6 +1305,7 @@ | |
psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED; | |
psa_key_slot_t *slot; | |
+ psa_key_attributes_t attributes; | |
/* Reject a zero-length output buffer now, since this can never be a | |
* valid key representation. This way we know that data must be a valid | |
* pointer and we can do things like memset(data, ..., data_size). */ | |
@@ -1323,9 +1327,7 @@ | |
if( status != PSA_SUCCESS ) | |
return( status ); | |
- psa_key_attributes_t attributes = { | |
- .core = slot->attr | |
- }; | |
+ attributes.core = slot->attr; | |
status = psa_driver_wrapper_export_key( &attributes, | |
slot->key.data, slot->key.bytes, | |
data, data_size, data_length ); | |
@@ -1406,6 +1408,8 @@ | |
psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED; | |
psa_key_slot_t *slot; | |
+ psa_key_attributes_t attributes; | |
+ | |
/* Reject a zero-length output buffer now, since this can never be a | |
* valid key representation. This way we know that data must be a valid | |
* pointer and we can do things like memset(data, ..., data_size). */ | |
@@ -1429,9 +1433,8 @@ | |
goto exit; | |
} | |
- psa_key_attributes_t attributes = { | |
- .core = slot->attr | |
- }; | |
+ attributes.core = slot->attr; | |
+ | |
status = psa_driver_wrapper_export_public_key( | |
&attributes, slot->key.data, slot->key.bytes, | |
data, data_size, data_length ); | |
@@ -2104,11 +2107,12 @@ | |
psa_status_t psa_hash_abort( psa_hash_operation_t *operation ) | |
{ | |
+ psa_status_t status; | |
/* Aborting a non-active operation is allowed */ | |
if( operation->id == 0 ) | |
return( PSA_SUCCESS ); | |
- psa_status_t status = psa_driver_wrapper_hash_abort( operation ); | |
+ status = psa_driver_wrapper_hash_abort( operation ); | |
operation->id = 0; | |
return( status ); | |
@@ -2176,11 +2180,13 @@ | |
size_t hash_size, | |
size_t *hash_length ) | |
{ | |
+ psa_status_t status; | |
+ | |
*hash_length = 0; | |
if( operation->id == 0 ) | |
return( PSA_ERROR_BAD_STATE ); | |
- psa_status_t status = psa_driver_wrapper_hash_finish( | |
+ status = psa_driver_wrapper_hash_finish( | |
operation, hash, hash_size, hash_length ); | |
psa_hash_abort( operation ); | |
return( status ); | |
@@ -2236,11 +2242,12 @@ | |
{ | |
uint8_t actual_hash[PSA_HASH_MAX_SIZE]; | |
size_t actual_hash_length; | |
+ psa_status_t status; | |
if( !PSA_ALG_IS_HASH( alg ) ) | |
return( PSA_ERROR_INVALID_ARGUMENT ); | |
- psa_status_t status = psa_driver_wrapper_hash_compute( | |
+ status = psa_driver_wrapper_hash_compute( | |
alg, input, input_length, | |
actual_hash, sizeof(actual_hash), | |
&actual_hash_length ); | |
@@ -2262,13 +2269,15 @@ | |
psa_status_t psa_hash_clone( const psa_hash_operation_t *source_operation, | |
psa_hash_operation_t *target_operation ) | |
{ | |
+ psa_status_t status; | |
+ | |
if( source_operation->id == 0 || | |
target_operation->id != 0 ) | |
{ | |
return( PSA_ERROR_BAD_STATE ); | |
} | |
- psa_status_t status = psa_driver_wrapper_hash_clone( source_operation, | |
+ status = psa_driver_wrapper_hash_clone( source_operation, | |
target_operation ); | |
if( status != PSA_SUCCESS ) | |
psa_hash_abort( target_operation ); | |
@@ -2283,11 +2292,13 @@ | |
psa_status_t psa_mac_abort( psa_mac_operation_t *operation ) | |
{ | |
+ psa_status_t status; | |
+ | |
/* Aborting a non-active operation is allowed */ | |
if( operation->id == 0 ) | |
return( PSA_SUCCESS ); | |
- psa_status_t status = psa_driver_wrapper_mac_abort( operation ); | |
+ status = psa_driver_wrapper_mac_abort( operation ); | |
operation->mac_size = 0; | |
operation->is_sign = 0; | |
operation->id = 0; | |
@@ -2344,6 +2355,8 @@ | |
psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED; | |
psa_key_slot_t *slot = NULL; | |
+ psa_key_attributes_t attributes; | |
+ | |
/* A context must be freshly initialized before it can be set up. */ | |
if( operation->id != 0 ) | |
{ | |
@@ -2359,9 +2372,7 @@ | |
if( status != PSA_SUCCESS ) | |
goto exit; | |
- psa_key_attributes_t attributes = { | |
- .core = slot->attr | |
- }; | |
+ attributes.core = slot->attr; | |
status = psa_mac_finalize_alg_and_key_validation( alg, &attributes, | |
&operation->mac_size ); | |
@@ -2414,6 +2425,8 @@ | |
const uint8_t *input, | |
size_t input_length ) | |
{ | |
+ psa_status_t status; | |
+ | |
if( operation->id == 0 ) | |
return( PSA_ERROR_BAD_STATE ); | |
@@ -2422,7 +2435,7 @@ | |
if( input_length == 0 ) | |
return( PSA_SUCCESS ); | |
- psa_status_t status = psa_driver_wrapper_mac_update( operation, | |
+ status = psa_driver_wrapper_mac_update( operation, | |
input, input_length ); | |
if( status != PSA_SUCCESS ) | |
psa_mac_abort( operation ); | |
@@ -2538,6 +2551,8 @@ | |
psa_key_slot_t *slot; | |
uint8_t operation_mac_size = 0; | |
+ psa_key_attributes_t attributes; | |
+ | |
status = psa_get_and_lock_key_slot_with_policy( | |
key, | |
&slot, | |
@@ -2546,9 +2561,7 @@ | |
if( status != PSA_SUCCESS ) | |
goto exit; | |
- psa_key_attributes_t attributes = { | |
- .core = slot->attr | |
- }; | |
+ attributes.core = slot->attr; | |
status = psa_mac_finalize_alg_and_key_validation( alg, &attributes, | |
&operation_mac_size ); | |
@@ -2675,6 +2688,7 @@ | |
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; | |
psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED; | |
psa_key_slot_t *slot; | |
+ psa_key_attributes_t attributes; | |
*signature_length = 0; | |
@@ -2704,9 +2718,7 @@ | |
goto exit; | |
} | |
- psa_key_attributes_t attributes = { | |
- .core = slot->attr | |
- }; | |
+ attributes.core = slot->attr; | |
if( input_is_message ) | |
{ | |
@@ -2754,6 +2766,7 @@ | |
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; | |
psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED; | |
psa_key_slot_t *slot; | |
+ psa_key_attributes_t attributes; | |
status = psa_sign_verify_check_alg( input_is_message, alg ); | |
if( status != PSA_SUCCESS ) | |
@@ -2768,9 +2781,7 @@ | |
if( status != PSA_SUCCESS ) | |
return( status ); | |
- psa_key_attributes_t attributes = { | |
- .core = slot->attr | |
- }; | |
+ attributes.core = slot->attr; | |
if( input_is_message ) | |
{ | |
@@ -3286,6 +3297,7 @@ | |
psa_key_usage_t usage = ( cipher_operation == MBEDTLS_ENCRYPT ? | |
PSA_KEY_USAGE_ENCRYPT : | |
PSA_KEY_USAGE_DECRYPT ); | |
+ psa_key_attributes_t attributes; | |
/* A context must be freshly initialized before it can be set up. */ | |
if( operation->id != 0 ) | |
@@ -3315,9 +3327,7 @@ | |
operation->iv_required = 1; | |
operation->default_iv_length = PSA_CIPHER_IV_LENGTH( slot->attr.type, alg ); | |
- psa_key_attributes_t attributes = { | |
- .core = slot->attr | |
- }; | |
+ attributes.core = slot->attr; | |
/* Try doing the operation through a driver before using software fallback. */ | |
if( cipher_operation == MBEDTLS_ENCRYPT ) | |
@@ -3552,6 +3562,7 @@ | |
psa_key_slot_t *slot = NULL; | |
uint8_t local_iv[PSA_CIPHER_IV_MAX_SIZE]; | |
size_t default_iv_length = 0; | |
+ psa_key_attributes_t attributes; | |
if( ! PSA_ALG_IS_CIPHER( alg ) ) | |
{ | |
@@ -3565,9 +3576,7 @@ | |
if( status != PSA_SUCCESS ) | |
goto exit; | |
- psa_key_attributes_t attributes = { | |
- .core = slot->attr | |
- }; | |
+ attributes.core = slot->attr; | |
default_iv_length = PSA_CIPHER_IV_LENGTH( slot->attr.type, alg ); | |
if( default_iv_length > PSA_CIPHER_IV_MAX_SIZE ) | |
@@ -3623,6 +3632,7 @@ | |
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; | |
psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED; | |
psa_key_slot_t *slot = NULL; | |
+ psa_key_attributes_t attributes; | |
if( ! PSA_ALG_IS_CIPHER( alg ) ) | |
{ | |
@@ -3636,9 +3646,7 @@ | |
if( status != PSA_SUCCESS ) | |
goto exit; | |
- psa_key_attributes_t attributes = { | |
- .core = slot->attr | |
- }; | |
+ attributes.core = slot->attr; | |
if( alg == PSA_ALG_CCM_STAR_NO_TAG && input_length < PSA_BLOCK_CIPHER_BLOCK_LENGTH( slot->attr.type ) ) | |
{ | |
@@ -3733,6 +3741,7 @@ | |
{ | |
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; | |
psa_key_slot_t *slot; | |
+ psa_key_attributes_t attributes; | |
*ciphertext_length = 0; | |
@@ -3744,9 +3753,7 @@ | |
if( status != PSA_SUCCESS ) | |
return( status ); | |
- psa_key_attributes_t attributes = { | |
- .core = slot->attr | |
- }; | |
+ attributes.core = slot->attr; | |
status = psa_aead_check_nonce_length( alg, nonce_length ); | |
if( status != PSA_SUCCESS ) | |
@@ -3783,6 +3790,7 @@ | |
{ | |
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; | |
psa_key_slot_t *slot; | |
+ psa_key_attributes_t attributes; | |
*plaintext_length = 0; | |
@@ -3794,9 +3802,7 @@ | |
if( status != PSA_SUCCESS ) | |
return( status ); | |
- psa_key_attributes_t attributes = { | |
- .core = slot->attr | |
- }; | |
+ attributes.core = slot->attr; | |
status = psa_aead_check_nonce_length( alg, nonce_length ); | |
if( status != PSA_SUCCESS ) | |
@@ -3829,6 +3835,7 @@ | |
psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED; | |
psa_key_slot_t *slot = NULL; | |
psa_key_usage_t key_usage = 0; | |
+ psa_key_attributes_t attributes; | |
if( !PSA_ALG_IS_AEAD( alg ) || PSA_ALG_IS_WILDCARD( alg ) ) | |
{ | |
@@ -3859,9 +3866,7 @@ | |
if( status != PSA_SUCCESS ) | |
goto exit; | |
- psa_key_attributes_t attributes = { | |
- .core = slot->attr | |
- }; | |
+ attributes.core = slot->attr; | |
if( is_encrypt ) | |
status = psa_driver_wrapper_aead_encrypt_setup( operation, | |
@@ -4781,6 +4786,7 @@ | |
size_t bytes = PSA_BITS_TO_BYTES( bits ); | |
size_t storage_size = bytes; | |
psa_status_t status; | |
+ psa_key_attributes_t attributes; | |
if( ! key_type_is_raw_bytes( slot->attr.type ) ) | |
return( PSA_ERROR_INVALID_ARGUMENT ); | |
@@ -4799,9 +4805,7 @@ | |
#endif /* MBEDTLS_PSA_BUILTIN_KEY_TYPE_DES */ | |
slot->attr.bits = (psa_key_bits_t) bits; | |
- psa_key_attributes_t attributes = { | |
- .core = slot->attr | |
- }; | |
+ attributes.core = slot->attr; | |
if( psa_key_lifetime_is_external( attributes.core.lifetime ) ) | |
{ | |
@@ -5376,10 +5380,13 @@ | |
{ | |
#if defined(MBEDTLS_PSA_BUILTIN_ALG_ECDH) | |
case PSA_ALG_ECDH: | |
+ { | |
+ mbedtls_ecp_keypair *ecp = NULL; | |
+ psa_status_t status; | |
+ | |
if( ! PSA_KEY_TYPE_IS_ECC_KEY_PAIR( private_key->attr.type ) ) | |
return( PSA_ERROR_INVALID_ARGUMENT ); | |
- mbedtls_ecp_keypair *ecp = NULL; | |
- psa_status_t status = mbedtls_psa_ecp_load_representation( | |
+ status = mbedtls_psa_ecp_load_representation( | |
private_key->attr.type, | |
private_key->attr.bits, | |
private_key->key.data, | |
@@ -5393,7 +5400,9 @@ | |
shared_secret_length ); | |
mbedtls_ecp_keypair_free( ecp ); | |
mbedtls_free( ecp ); | |
+ | |
return( status ); | |
+ } | |
#endif /* MBEDTLS_PSA_BUILTIN_ALG_ECDH */ | |
default: | |
(void) private_key; | |
diff -Nbaur mbedtls-3.1.0/library/psa_crypto_mac.c binfetch/mbedtls-3.1.0/library/psa_crypto_mac.c | |
--- mbedtls-3.1.0/library/psa_crypto_mac.c 2021-12-15 20:48:01.000000000 +0700 | |
+++ binfetch/mbedtls-3.1.0/library/psa_crypto_mac.c 2022-05-20 05:04:18.000000000 +0700 | |
@@ -157,6 +157,7 @@ | |
const uint8_t *key_buffer ) | |
{ | |
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; | |
+ const mbedtls_cipher_info_t * cipher_info; | |
#if defined(PSA_WANT_KEY_TYPE_DES) | |
/* Mbed TLS CMAC does not accept 3DES with only two keys, nor does it accept | |
@@ -167,8 +168,7 @@ | |
return( PSA_ERROR_NOT_SUPPORTED ); | |
#endif | |
- const mbedtls_cipher_info_t * cipher_info = | |
- mbedtls_cipher_info_from_psa( | |
+ cipher_info = mbedtls_cipher_info_from_psa( | |
PSA_ALG_CMAC, | |
psa_get_key_type( attributes ), | |
psa_get_key_bits( attributes ), | |
diff -Nbaur mbedtls-3.1.0/library/psa_crypto_rsa.c binfetch/mbedtls-3.1.0/library/psa_crypto_rsa.c | |
--- mbedtls-3.1.0/library/psa_crypto_rsa.c 2021-12-15 20:48:01.000000000 +0700 | |
+++ binfetch/mbedtls-3.1.0/library/psa_crypto_rsa.c 2022-05-20 05:04:18.000000000 +0700 | |
@@ -433,13 +433,15 @@ | |
const mbedtls_rsa_context *rsa, | |
size_t hash_length ) | |
{ | |
+ int klen, hlen, room; | |
+ | |
if( PSA_ALG_IS_RSA_PSS_ANY_SALT( alg ) ) | |
return( MBEDTLS_RSA_SALT_LEN_ANY ); | |
/* Otherwise: standard salt length, i.e. largest possible salt length | |
* up to the hash length. */ | |
- int klen = (int) mbedtls_rsa_get_len( rsa ); // known to fit | |
- int hlen = (int) hash_length; // known to fit | |
- int room = klen - 2 - hlen; | |
+ klen = (int) mbedtls_rsa_get_len( rsa ); // known to fit | |
+ hlen = (int) hash_length; // known to fit | |
+ room = klen - 2 - hlen; | |
if( room < 0 ) | |
return( 0 ); // there is no valid signature in this case anyway | |
else if( room > hlen ) | |
diff -Nbaur mbedtls-3.1.0/library/psa_crypto_slot_management.c binfetch/mbedtls-3.1.0/library/psa_crypto_slot_management.c | |
--- mbedtls-3.1.0/library/psa_crypto_slot_management.c 2021-12-15 20:48:01.000000000 +0700 | |
+++ binfetch/mbedtls-3.1.0/library/psa_crypto_slot_management.c 2022-05-20 05:04:18.000000000 +0700 | |
@@ -349,6 +349,7 @@ | |
psa_key_slot_t **p_slot ) | |
{ | |
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; | |
+ psa_key_id_t volatile_key_id; | |
*p_slot = NULL; | |
if( ! global_data.key_slots_initialized ) | |
@@ -365,7 +366,6 @@ | |
/* Loading keys from storage requires support for such a mechanism */ | |
#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) || \ | |
defined(MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS) | |
- psa_key_id_t volatile_key_id; | |
status = psa_get_empty_key_slot( &volatile_key_id, p_slot ); | |
if( status != PSA_SUCCESS ) | |
diff -Nbaur mbedtls-3.1.0/library/ssl_msg.c binfetch/mbedtls-3.1.0/library/ssl_msg.c | |
--- mbedtls-3.1.0/library/ssl_msg.c 2021-12-15 20:48:01.000000000 +0700 | |
+++ binfetch/mbedtls-3.1.0/library/ssl_msg.c 2022-05-20 05:04:18.000000000 +0700 | |
@@ -656,14 +656,16 @@ | |
#endif | |
) ) | |
{ | |
+ unsigned char mac[MBEDTLS_SSL_MAC_ADD]; | |
+ int ret; | |
+ | |
if( post_avail < transform->maclen ) | |
{ | |
MBEDTLS_SSL_DEBUG_MSG( 1, ( "Buffer provided for encrypted record not large enough" ) ); | |
return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL ); | |
} | |
#if defined(MBEDTLS_SSL_PROTO_TLS1_2) | |
- unsigned char mac[MBEDTLS_SSL_MAC_ADD]; | |
- int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; | |
+ ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; | |
ssl_extract_add_data_from_record( add_data, &add_data_len, rec, | |
transform->minor_ver, | |
@@ -1366,6 +1368,7 @@ | |
* we have data_len >= padlen here. */ | |
#if defined(MBEDTLS_SSL_PROTO_TLS1_2) | |
+ { | |
/* The padding check involves a series of up to 256 | |
* consecutive memory reads at the end of the record | |
* plaintext buffer. In order to hide the length and | |
@@ -1393,7 +1396,7 @@ | |
pad_count += mask & equal; | |
} | |
correct &= mbedtls_ct_size_bool_eq( pad_count, padlen ); | |
- | |
+ } | |
#if defined(MBEDTLS_SSL_DEBUG_ALL) | |
if( padlen > 0 && correct == 0 ) | |
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad padding byte detected" ) ); | |
@@ -1449,6 +1452,7 @@ | |
transform->taglen ); | |
#if defined(MBEDTLS_SSL_PROTO_TLS1_2) | |
+ { | |
/* | |
* The next two sizes are the minimum and maximum values of | |
* data_len over all padlen values. | |
@@ -1476,6 +1480,7 @@ | |
rec->data_len, | |
min_len, max_len, | |
transform->maclen ); | |
+ } | |
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ | |
#if defined(MBEDTLS_SSL_DEBUG_ALL) | |
diff -Nbaur mbedtls-3.1.0/library/ssl_srv.c binfetch/mbedtls-3.1.0/library/ssl_srv.c | |
--- mbedtls-3.1.0/library/ssl_srv.c 2021-12-15 20:48:01.000000000 +0700 | |
+++ binfetch/mbedtls-3.1.0/library/ssl_srv.c 2022-05-20 05:04:18.000000000 +0700 | |
@@ -2900,6 +2900,7 @@ | |
{ | |
const mbedtls_ssl_ciphersuite_t *ciphersuite_info = | |
ssl->handshake->ciphersuite_info; | |
+ size_t out_buf_len; | |
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PFS_ENABLED) | |
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED) | |
@@ -2914,9 +2915,9 @@ | |
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED) | |
#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) | |
- size_t out_buf_len = ssl->out_buf_len - ( ssl->out_msg - ssl->out_buf ); | |
+ out_buf_len = ssl->out_buf_len - ( ssl->out_msg - ssl->out_buf ); | |
#else | |
- size_t out_buf_len = MBEDTLS_SSL_OUT_BUFFER_LEN - ( ssl->out_msg - ssl->out_buf ); | |
+ out_buf_len = MBEDTLS_SSL_OUT_BUFFER_LEN - ( ssl->out_msg - ssl->out_buf ); | |
#endif | |
#endif | |
diff -Nbaur mbedtls-3.1.0/library/ssl_tls.c binfetch/mbedtls-3.1.0/library/ssl_tls.c | |
--- mbedtls-3.1.0/library/ssl_tls.c 2021-12-15 20:48:01.000000000 +0700 | |
+++ binfetch/mbedtls-3.1.0/library/ssl_tls.c 2022-05-20 05:04:18.000000000 +0700 | |
@@ -3114,18 +3114,19 @@ | |
/* Heap allocate and translate curve_list from internal to IANA group ids */ | |
if ( ssl->conf->curve_list != NULL ) | |
{ | |
- size_t length; | |
+ size_t length, i; | |
const mbedtls_ecp_group_id *curve_list = ssl->conf->curve_list; | |
+ uint16_t *group_list; | |
for( length = 0; ( curve_list[length] != MBEDTLS_ECP_DP_NONE ) && | |
( length < MBEDTLS_ECP_DP_MAX ); length++ ) {} | |
/* Leave room for zero termination */ | |
- uint16_t *group_list = mbedtls_calloc( length + 1, sizeof(uint16_t) ); | |
+ group_list = mbedtls_calloc( length + 1, sizeof(uint16_t) ); | |
if ( group_list == NULL ) | |
return( MBEDTLS_ERR_SSL_ALLOC_FAILED ); | |
- for( size_t i = 0; i < length; i++ ) | |
+ for( i = 0; i < length; i++ ) | |
{ | |
const mbedtls_ecp_curve_info *info = | |
mbedtls_ecp_curve_info_from_grp_id( curve_list[i] ); | |
@@ -6821,10 +6822,11 @@ | |
int mbedtls_ssl_check_curve( const mbedtls_ssl_context *ssl, mbedtls_ecp_group_id grp_id ) | |
{ | |
const uint16_t *group_list = mbedtls_ssl_get_groups( ssl ); | |
+ uint16_t tls_id; | |
if( group_list == NULL ) | |
return( -1 ); | |
- uint16_t tls_id = mbedtls_ecp_curve_info_from_grp_id(grp_id)->tls_id; | |
+ tls_id = mbedtls_ecp_curve_info_from_grp_id(grp_id)->tls_id; | |
for( ; *group_list != 0; group_list++ ) | |
{ |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment