Merge remote-tracking branch 'origin/pr/649' into baremetal
diff --git a/include/mbedtls/cipher.h b/include/mbedtls/cipher.h
index 082a691..cb57521 100644
--- a/include/mbedtls/cipher.h
+++ b/include/mbedtls/cipher.h
@@ -283,17 +283,17 @@
*/
typedef struct mbedtls_cipher_context_t
{
+ /** Operation that the key of the context has been
+ * initialized for.
+ */
+ mbedtls_operation_t operation;
+
/** Information about the associated cipher. */
const mbedtls_cipher_info_t *cipher_info;
/** Key length to use. */
int key_bitlen;
- /** Operation that the key of the context has been
- * initialized for.
- */
- mbedtls_operation_t operation;
-
#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING)
/** Padding functions to use, if relevant for
* the specific cipher mode.
@@ -302,16 +302,9 @@
int (*get_padding)( unsigned char *input, size_t ilen, size_t *data_len );
#endif
- /** Buffer for input that has not been processed yet. */
- unsigned char unprocessed_data[MBEDTLS_MAX_BLOCK_LENGTH];
-
/** Number of Bytes that have not been processed yet. */
size_t unprocessed_len;
- /** Current IV or NONCE_COUNTER for CTR-mode, data unit (or sector) number
- * for XTS-mode. */
- unsigned char iv[MBEDTLS_MAX_IV_LENGTH];
-
/** IV size in Bytes, for ciphers with variable-length IVs. */
size_t iv_size;
@@ -322,6 +315,13 @@
/** CMAC-specific context. */
mbedtls_cmac_context_t *cmac_ctx;
#endif
+
+ /** Buffer for input that has not been processed yet. */
+ unsigned char unprocessed_data[MBEDTLS_MAX_BLOCK_LENGTH];
+
+ /** Current IV or NONCE_COUNTER for CTR-mode, data unit (or sector) number
+ * for XTS-mode. */
+ unsigned char iv[MBEDTLS_MAX_IV_LENGTH];
} mbedtls_cipher_context_t;
/**
diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 79c6868..40ad4b1 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -1249,10 +1249,26 @@
struct mbedtls_ssl_context
{
- const mbedtls_ssl_config *conf; /*!< configuration information */
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+ uint8_t disable_datagram_packing; /*!< Disable packing multiple records
+ * within a single datagram. */
+#endif /* MBEDTLS_SSL_PROTO_DTLS */
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
+ /* CID configuration to use in subsequent handshakes. */
+ uint8_t own_cid_len; /*!< The length of \c own_cid. */
+ uint8_t negotiate_cid; /*!< This indicates whether the CID extension should
+ * be negotiated in the next handshake or not.
+ * Possible values are #MBEDTLS_SSL_CID_ENABLED
+ * and #MBEDTLS_SSL_CID_DISABLED. */
+#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
unsigned char pending_fatal_alert_msg; /*!< Type of a fatal alert
* pending to be delivered. */
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+ uint16_t in_epoch; /*!< DTLS epoch for incoming records */
+ uint16_t mtu; /*!< path mtu, used to fragment outgoing messages */
+#endif /* MBEDTLS_SSL_PROTO_DTLS */
+ const mbedtls_ssl_config *conf; /*!< configuration information */
/*
* Miscellaneous
@@ -1340,14 +1356,9 @@
size_t in_msglen; /*!< record header: message length */
size_t in_left; /*!< amount of data read so far */
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- uint16_t in_epoch; /*!< DTLS epoch for incoming records */
size_t next_record_offset; /*!< offset of the next record in datagram
(equal to in_left if none) */
#endif /* MBEDTLS_SSL_PROTO_DTLS */
-#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
- uint64_t in_window_top; /*!< last validated record seq_num */
- uint64_t in_window; /*!< bitmask for replay detection */
-#endif /* MBEDTLS_SSL_DTLS_ANTI_REPLAY */
size_t in_hslen; /*!< current handshake message length,
including the handshake header */
@@ -1356,11 +1367,6 @@
int keep_current_message; /*!< drop or reuse current message
on next call to record layer? */
-#if defined(MBEDTLS_SSL_PROTO_DTLS)
- uint8_t disable_datagram_packing; /*!< Disable packing multiple records
- * within a single datagram. */
-#endif /* MBEDTLS_SSL_PROTO_DTLS */
-
/*
* Record layer (outgoing data)
*/
@@ -1379,12 +1385,6 @@
size_t out_msglen; /*!< record header: message length */
size_t out_left; /*!< amount of data not yet written */
- unsigned char cur_out_ctr[8]; /*!< Outgoing record sequence number. */
-
-#if defined(MBEDTLS_SSL_PROTO_DTLS)
- uint16_t mtu; /*!< path mtu, used to fragment outgoing messages */
-#endif /* MBEDTLS_SSL_PROTO_DTLS */
-
#if defined(MBEDTLS_ZLIB_SUPPORT)
unsigned char *compress_buf; /*!< zlib data buffer */
#endif /* MBEDTLS_ZLIB_SUPPORT */
@@ -1429,6 +1429,13 @@
char peer_verify_data[MBEDTLS_SSL_VERIFY_DATA_MAX_LEN]; /*!< previous handshake verify data */
#endif /* MBEDTLS_SSL_RENEGOTIATION */
+ unsigned char cur_out_ctr[8]; /*!< Outgoing record sequence number. */
+
+#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
+ uint64_t in_window_top; /*!< last validated record seq_num */
+ uint64_t in_window; /*!< bitmask for replay detection */
+#endif /* MBEDTLS_SSL_DTLS_ANTI_REPLAY */
+
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
/* CID configuration to use in subsequent handshakes. */
@@ -1437,11 +1444,6 @@
* CID currently used in case the user has re-configured the CID
* after an initial handshake. */
unsigned char own_cid[ MBEDTLS_SSL_CID_IN_LEN_MAX ];
- uint8_t own_cid_len; /*!< The length of \c own_cid. */
- uint8_t negotiate_cid; /*!< This indicates whether the CID extension should
- * be negotiated in the next handshake or not.
- * Possible values are #MBEDTLS_SSL_CID_ENABLED
- * and #MBEDTLS_SSL_CID_DISABLED. */
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
};
diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h
index 64138c5..d9690cb 100644
--- a/include/mbedtls/ssl_internal.h
+++ b/include/mbedtls/ssl_internal.h
@@ -385,17 +385,28 @@
/*
* Handshake specific crypto variables
*/
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+ unsigned char verify_cookie_len; /*!< Cli: cookie length
+ Srv: flag for sending a cookie */
+ unsigned char retransmit_state; /*!< Retransmission state */
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
+ /* The state of CID configuration in this handshake. */
+
+ uint8_t cid_in_use; /*!< This indicates whether the use of the CID extension
+ * has been negotiated. Possible values are
+ * #MBEDTLS_SSL_CID_ENABLED and
+ * #MBEDTLS_SSL_CID_DISABLED. */
+ uint8_t peer_cid_len; /*!< The length of
+ * \c peer_cid. */
+#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
+ uint16_t mtu; /*!< Handshake mtu, used to fragment outgoing messages */
+
+#endif /* MBEDTLS_SSL_PROTO_DTLS */
#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
mbedtls_ssl_sig_hash_set_t hash_algs; /*!< Set of suitable sig-hash pairs */
#endif
-#if defined(MBEDTLS_DHM_C)
- mbedtls_dhm_context dhm_ctx; /*!< DHM key exchange */
-#endif
-#if defined(MBEDTLS_ECDH_C)
- mbedtls_ecdh_context ecdh_ctx; /*!< ECDH key exchange */
-#endif
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
mbedtls_ecjpake_context ecjpake_ctx; /*!< EC J-PAKE key exchange */
#if defined(MBEDTLS_SSL_CLI_C)
@@ -409,12 +420,20 @@
defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
uint16_t curve_tls_id; /*!< TLS ID of EC for ECDHE. */
#endif
+
+ size_t pmslen; /*!< premaster length */
+ int cli_exts; /*!< client extension presence*/
+
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
unsigned char *psk; /*!< PSK from the callback */
size_t psk_len; /*!< Length of PSK from callback */
#endif
#if defined(MBEDTLS_X509_CRT_PARSE_C)
mbedtls_ssl_key_cert *key_cert; /*!< chosen key/cert pair (server) */
+#if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
+ mbedtls_pk_context peer_pubkey; /*!< The public key from the peer. */
+#endif /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
+
#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
int sni_authmode; /*!< authmode from SNI callback */
mbedtls_ssl_key_cert *sni_key_cert; /*!< key/cert list from SNI */
@@ -433,21 +452,13 @@
} ecrs_state; /*!< current (or last) operation */
mbedtls_x509_crt *ecrs_peer_cert; /*!< The peer's CRT chain. */
#endif
-#if defined(MBEDTLS_X509_CRT_PARSE_C) && \
- !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
- mbedtls_pk_context peer_pubkey; /*!< The public key from the peer. */
-#endif /* MBEDTLS_X509_CRT_PARSE_C && !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
#if defined(MBEDTLS_SSL_PROTO_DTLS)
unsigned int out_msg_seq; /*!< Outgoing handshake sequence number */
unsigned int in_msg_seq; /*!< Incoming handshake sequence number */
unsigned char *verify_cookie; /*!< Cli: HelloVerifyRequest cookie
Srv: unused */
- unsigned char verify_cookie_len; /*!< Cli: cookie length
- Srv: flag for sending a cookie */
-
uint32_t retransmit_timeout; /*!< Current value of timeout */
- unsigned char retransmit_state; /*!< Retransmission state */
mbedtls_ssl_flight_item *flight; /*!< Current outgoing flight */
mbedtls_ssl_flight_item *cur_msg; /*!< Current message in flight */
unsigned char *cur_msg_p; /*!< Position in current message */
@@ -457,27 +468,21 @@
resending messages */
unsigned char alt_out_ctr[8]; /*!< Alternative record epoch/counter
for resending messages */
-
-#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
- /* The state of CID configuration in this handshake. */
-
- uint8_t cid_in_use; /*!< This indicates whether the use of the CID extension
- * has been negotiated. Possible values are
- * #MBEDTLS_SSL_CID_ENABLED and
- * #MBEDTLS_SSL_CID_DISABLED. */
- unsigned char peer_cid[ MBEDTLS_SSL_CID_OUT_LEN_MAX ]; /*! The peer's CID */
- uint8_t peer_cid_len; /*!< The length of
- * \c peer_cid. */
-#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
-
struct
{
- size_t total_bytes_buffered; /*!< Cumulative size of heap allocated
- * buffers used for message buffering. */
-
uint8_t seen_ccs; /*!< Indicates if a CCS message has
* been seen in the current flight. */
+ size_t total_bytes_buffered; /*!< Cumulative size of heap allocated
+ * buffers used for message buffering. */
+
+ struct
+ {
+ unsigned char *data;
+ size_t len;
+ unsigned epoch;
+ } future_record;
+
struct mbedtls_ssl_hs_buffer
{
unsigned is_valid : 1;
@@ -486,46 +491,20 @@
unsigned char *data;
size_t data_len;
} hs[MBEDTLS_SSL_MAX_BUFFERED_HS];
-
- struct
- {
- unsigned char *data;
- size_t len;
- unsigned epoch;
- } future_record;
-
} buffering;
-
- uint16_t mtu; /*!< Handshake mtu, used to fragment outgoing messages */
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
+ /* The state of CID configuration in this handshake. */
+ unsigned char peer_cid[ MBEDTLS_SSL_CID_OUT_LEN_MAX ]; /*! The peer's CID */
+#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
#endif /* MBEDTLS_SSL_PROTO_DTLS */
-
- /*
- * Checksum contexts
- */
-#if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \
- defined(MBEDTLS_SSL_PROTO_TLS1_1)
- mbedtls_md5_context fin_md5;
- mbedtls_sha1_context fin_sha1;
-#endif
-#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
-#if defined(MBEDTLS_SHA256_C)
- mbedtls_sha256_context fin_sha256;
-#endif
-#if defined(MBEDTLS_SHA512_C)
- mbedtls_sha512_context fin_sha512;
-#endif
-#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
+ unsigned char randbytes[64]; /*!< random bytes */
+ unsigned char premaster[MBEDTLS_PREMASTER_SIZE];
+ /*!< premaster secret */
#if !defined(MBEDTLS_SSL_CONF_SINGLE_CIPHERSUITE)
mbedtls_ssl_ciphersuite_handle_t ciphersuite_info;
#endif /* !MBEDTLS_SSL_CONF_SINGLE_CIPHERSUITE */
- size_t pmslen; /*!< premaster length */
-
- unsigned char randbytes[64]; /*!< random bytes */
- unsigned char premaster[MBEDTLS_PREMASTER_SIZE];
- /*!< premaster secret */
-
#if !defined(MBEDTLS_SSL_NO_SESSION_RESUMPTION)
int resume; /*!< session resume indicator*/
#endif /* !MBEDTLS_SSL_NO_SESSION_RESUMPTION */
@@ -537,7 +516,6 @@
int max_minor_ver; /*!< max. minor version client*/
#endif /* MBEDTLS_SSL_SRV_C && ( MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED ||
MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED ) */
- int cli_exts; /*!< client extension presence*/
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
int new_session_ticket; /*!< use NewSessionTicket? */
@@ -564,6 +542,30 @@
uint8_t ecdh_privkey[NUM_ECC_BYTES];
uint8_t ecdh_peerkey[2*NUM_ECC_BYTES];
#endif /* MBEDTLS_USE_TINYCRYPT */
+
+ /*
+ * Checksum contexts
+ */
+#if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \
+ defined(MBEDTLS_SSL_PROTO_TLS1_1)
+ mbedtls_md5_context fin_md5;
+ mbedtls_sha1_context fin_sha1;
+#endif
+#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
+#if defined(MBEDTLS_SHA256_C)
+ mbedtls_sha256_context fin_sha256;
+#endif
+#if defined(MBEDTLS_SHA512_C)
+ mbedtls_sha512_context fin_sha512;
+#endif
+#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
+
+#if defined(MBEDTLS_DHM_C)
+ mbedtls_dhm_context dhm_ctx; /*!< DHM key exchange */
+#endif
+#if defined(MBEDTLS_ECDH_C)
+ mbedtls_ecdh_context ecdh_ctx; /*!< ECDH key exchange */
+#endif
};
/*
@@ -698,6 +700,10 @@
*/
struct mbedtls_ssl_transform
{
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
+ uint8_t in_cid_len;
+ uint8_t out_cid_len;
+#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
/*
* Session specific crypto layer
*/
@@ -726,16 +732,11 @@
#endif /* MBEDTLS_SSL_SOME_MODES_USE_MAC */
- mbedtls_cipher_context_t cipher_ctx_enc; /*!< encryption context */
- mbedtls_cipher_context_t cipher_ctx_dec; /*!< decryption context */
-
#if !defined(MBEDTLS_SSL_CONF_FIXED_MINOR_VER)
int minor_ver;
#endif
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
- uint8_t in_cid_len;
- uint8_t out_cid_len;
unsigned char in_cid [ MBEDTLS_SSL_CID_OUT_LEN_MAX ];
unsigned char out_cid[ MBEDTLS_SSL_CID_OUT_LEN_MAX ];
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
@@ -748,6 +749,9 @@
z_stream ctx_inflate; /*!< decompression context */
#endif
+ mbedtls_cipher_context_t cipher_ctx_enc; /*!< encryption context */
+ mbedtls_cipher_context_t cipher_ctx_dec; /*!< decryption context */
+
#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
/* We need the Hello random bytes in order to re-derive keys from the
* Master Secret and other session info, see ssl_populate_transform() */
@@ -808,14 +812,9 @@
typedef struct
{
- uint8_t ctr[8]; /* In TLS: The implicit record sequence number.
- * In DTLS: The 2-byte epoch followed by
- * the 6-byte sequence number.
- * This is stored as a raw big endian byte array
- * as opposed to a uint64_t because we rarely
- * need to perform arithmetic on this, but do
- * need it as a Byte array for the purpose of
- * MAC computations. */
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
+ uint8_t cid_len; /* Length of the CID (0 if not present) */
+#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
uint8_t type; /* The record content type. */
uint8_t ver[2]; /* SSL/TLS version as present on the wire.
* Convert to internal presentation of versions
@@ -827,9 +826,15 @@
size_t buf_len; /* Buffer length */
size_t data_offset; /* Offset of record content */
size_t data_len; /* Length of record content */
-
+ uint8_t ctr[8]; /* In TLS: The implicit record sequence number.
+ * In DTLS: The 2-byte epoch followed by
+ * the 6-byte sequence number.
+ * This is stored as a raw big endian byte array
+ * as opposed to a uint64_t because we rarely
+ * need to perform arithmetic on this, but do
+ * need it as a Byte array for the purpose of
+ * MAC computations. */
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
- uint8_t cid_len; /* Length of the CID (0 if not present) */
unsigned char cid[ MBEDTLS_SSL_CID_LEN_MAX ]; /* The CID */
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
} mbedtls_record;
diff --git a/include/mbedtls/ssl_ticket.h b/include/mbedtls/ssl_ticket.h
index 774a007..bb6cfe3 100644
--- a/include/mbedtls/ssl_ticket.h
+++ b/include/mbedtls/ssl_ticket.h
@@ -63,15 +63,15 @@
*/
typedef struct mbedtls_ssl_ticket_context
{
- mbedtls_ssl_ticket_key keys[2]; /*!< ticket protection keys */
unsigned char active; /*!< index of the currently active key */
-
uint32_t ticket_lifetime; /*!< lifetime of tickets in seconds */
/** Callback for getting (pseudo-)random numbers */
int (*f_rng)(void *, unsigned char *, size_t);
void *p_rng; /*!< context for the RNG function */
+ mbedtls_ssl_ticket_key keys[2]; /*!< ticket protection keys */
+
#if defined(MBEDTLS_THREADING_C)
mbedtls_threading_mutex_t mutex;
#endif
diff --git a/include/mbedtls/x509_crl.h b/include/mbedtls/x509_crl.h
index bf9e3be..e4e2233 100644
--- a/include/mbedtls/x509_crl.h
+++ b/include/mbedtls/x509_crl.h
@@ -69,13 +69,21 @@
*/
typedef struct mbedtls_x509_crl
{
+ mbedtls_md_type_t sig_md; /**< Internal representation of the MD algorithm of the signature algorithm, e.g. MBEDTLS_MD_SHA256 */
+ mbedtls_pk_type_t sig_pk; /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. MBEDTLS_PK_RSA */
+
+ int version; /**< CRL version (1=v1, 2=v2) */
+ void *sig_opts; /**< Signature options to be passed to mbedtls_pk_verify_ext(), e.g. for RSASSA-PSS */
+
+ struct mbedtls_x509_crl *next;
+
+ mbedtls_x509_buf_raw issuer_raw; /**< The raw issuer data (DER). */
+
mbedtls_x509_buf raw; /**< The raw certificate data (DER). */
mbedtls_x509_buf tbs; /**< The raw certificate body (DER). The part that is To Be Signed. */
- int version; /**< CRL version (1=v1, 2=v2) */
- mbedtls_x509_buf sig_oid; /**< CRL signature type identifier */
- mbedtls_x509_buf_raw issuer_raw; /**< The raw issuer data (DER). */
+ mbedtls_x509_buf sig_oid; /**< CRL signature type identifier */
mbedtls_x509_name issuer; /**< The parsed issuer data (named information object). */
@@ -88,11 +96,6 @@
mbedtls_x509_buf sig_oid2;
mbedtls_x509_buf sig;
- mbedtls_md_type_t sig_md; /**< Internal representation of the MD algorithm of the signature algorithm, e.g. MBEDTLS_MD_SHA256 */
- mbedtls_pk_type_t sig_pk; /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. MBEDTLS_PK_RSA */
- void *sig_opts; /**< Signature options to be passed to mbedtls_pk_verify_ext(), e.g. for RSASSA-PSS */
-
- struct mbedtls_x509_crl *next;
}
mbedtls_x509_crl;
diff --git a/library/x509_crt.c b/library/x509_crt.c
index 00d40db..0089ef2 100644
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@@ -2070,10 +2070,10 @@
mbedtls_md_type_t sig_md;
mbedtls_pk_type_t sig_pk;
void *sig_opts;
- uint8_t crt_hash[MBEDTLS_MD_MAX_SIZE];
size_t crt_hash_len;
mbedtls_x509_buf_raw sig;
mbedtls_x509_buf_raw issuer_raw;
+ uint8_t crt_hash[MBEDTLS_MD_MAX_SIZE];
} mbedtls_x509_crt_sig_info;
static void x509_crt_free_sig_info( mbedtls_x509_crt_sig_info *info )