mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-27 14:24:18 +01:00
Merge pull request #3579 from paul-elliott-arm/fix_printf
Fixes for invalid printf format specifiers
This commit is contained in:
commit
5d5fa8b788
@ -179,6 +179,9 @@ if(CMAKE_COMPILER_IS_GNU)
|
|||||||
execute_process(COMMAND ${CMAKE_C_COMPILER} -dumpversion
|
execute_process(COMMAND ${CMAKE_C_COMPILER} -dumpversion
|
||||||
OUTPUT_VARIABLE GCC_VERSION)
|
OUTPUT_VARIABLE GCC_VERSION)
|
||||||
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wall -Wextra -Wwrite-strings")
|
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wall -Wextra -Wwrite-strings")
|
||||||
|
if (GCC_VERSION VERSION_GREATER 3.0 OR GCC_VERSION VERSION_EQUAL 3.0)
|
||||||
|
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wformat=2 -Wno-format-nonliteral")
|
||||||
|
endif()
|
||||||
if (GCC_VERSION VERSION_GREATER 4.3 OR GCC_VERSION VERSION_EQUAL 4.3)
|
if (GCC_VERSION VERSION_GREATER 4.3 OR GCC_VERSION VERSION_EQUAL 4.3)
|
||||||
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wvla")
|
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wvla")
|
||||||
endif()
|
endif()
|
||||||
@ -194,6 +197,9 @@ if(CMAKE_COMPILER_IS_GNU)
|
|||||||
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wformat-signedness")
|
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wformat-signedness")
|
||||||
endif()
|
endif()
|
||||||
endif()
|
endif()
|
||||||
|
if (GCC_VERSION VERSION_GREATER 7.0 OR GCC_VERSION VERSION_EQUAL 7.0)
|
||||||
|
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wformat-overflow=2 -Wformat-truncation=2")
|
||||||
|
endif()
|
||||||
set(CMAKE_C_FLAGS_RELEASE "-O2")
|
set(CMAKE_C_FLAGS_RELEASE "-O2")
|
||||||
set(CMAKE_C_FLAGS_DEBUG "-O0 -g3")
|
set(CMAKE_C_FLAGS_DEBUG "-O0 -g3")
|
||||||
set(CMAKE_C_FLAGS_COVERAGE "-O0 -g3 --coverage")
|
set(CMAKE_C_FLAGS_COVERAGE "-O0 -g3 --coverage")
|
||||||
@ -204,7 +210,7 @@ if(CMAKE_COMPILER_IS_GNU)
|
|||||||
endif(CMAKE_COMPILER_IS_GNU)
|
endif(CMAKE_COMPILER_IS_GNU)
|
||||||
|
|
||||||
if(CMAKE_COMPILER_IS_CLANG)
|
if(CMAKE_COMPILER_IS_CLANG)
|
||||||
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wall -Wextra -Wwrite-strings -Wpointer-arith -Wimplicit-fallthrough -Wshadow -Wvla")
|
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wall -Wextra -Wwrite-strings -Wpointer-arith -Wimplicit-fallthrough -Wshadow -Wvla -Wformat=2 -Wno-format-nonliteral")
|
||||||
set(CMAKE_C_FLAGS_RELEASE "-O2")
|
set(CMAKE_C_FLAGS_RELEASE "-O2")
|
||||||
set(CMAKE_C_FLAGS_DEBUG "-O0 -g3")
|
set(CMAKE_C_FLAGS_DEBUG "-O0 -g3")
|
||||||
set(CMAKE_C_FLAGS_COVERAGE "-O0 -g3 --coverage")
|
set(CMAKE_C_FLAGS_COVERAGE "-O0 -g3 --coverage")
|
||||||
|
10
ChangeLog.d/fix-printf-specifiers.txt
Normal file
10
ChangeLog.d/fix-printf-specifiers.txt
Normal file
@ -0,0 +1,10 @@
|
|||||||
|
Bugfix
|
||||||
|
* Add printf function attributes to mbedtls_debug_print_msg to ensure we
|
||||||
|
get printf format specifier warnings.
|
||||||
|
Changes
|
||||||
|
* Add extra printf compiler warning flags to builds.
|
||||||
|
Requirement changes
|
||||||
|
* The library now uses the %zu format specifier with the printf() family of
|
||||||
|
functions, so requires a toolchain that supports it. This change does not
|
||||||
|
affect the maintained LTS branches, so when contributing changes please
|
||||||
|
bear this in mind and do not add them to backported code.
|
@ -80,6 +80,50 @@
|
|||||||
|
|
||||||
#endif /* MBEDTLS_DEBUG_C */
|
#endif /* MBEDTLS_DEBUG_C */
|
||||||
|
|
||||||
|
/**
|
||||||
|
* \def MBEDTLS_PRINTF_ATTRIBUTE
|
||||||
|
*
|
||||||
|
* Mark a function as having printf attributes, and thus enable checking
|
||||||
|
* via -wFormat and other flags. This does nothing on builds with compilers
|
||||||
|
* that do not support the format attribute
|
||||||
|
*
|
||||||
|
* Module: library/debug.c
|
||||||
|
* Caller:
|
||||||
|
*
|
||||||
|
* This module provides debugging functions.
|
||||||
|
*/
|
||||||
|
#if defined(__has_attribute)
|
||||||
|
#if __has_attribute(format)
|
||||||
|
#define MBEDTLS_PRINTF_ATTRIBUTE(string_index, first_to_check) \
|
||||||
|
__attribute__((format (printf, string_index, first_to_check)))
|
||||||
|
#else /* __has_attribute(format) */
|
||||||
|
#define MBEDTLS_PRINTF_ATTRIBUTE(string_index, first_to_check)
|
||||||
|
#endif /* __has_attribute(format) */
|
||||||
|
#else /* defined(__has_attribute) */
|
||||||
|
#define MBEDTLS_PRINTF_ATTRIBUTE(string_index, first_to_check)
|
||||||
|
#endif
|
||||||
|
|
||||||
|
/**
|
||||||
|
* \def MBEDTLS_PRINTF_SIZET
|
||||||
|
*
|
||||||
|
* MBEDTLS_PRINTF_xxx: Due to issues with older window compilers
|
||||||
|
* and MinGW we need to define the printf specifier for size_t
|
||||||
|
* and long long per platform.
|
||||||
|
*
|
||||||
|
* Module: library/debug.c
|
||||||
|
* Caller:
|
||||||
|
*
|
||||||
|
* This module provides debugging functions.
|
||||||
|
*/
|
||||||
|
#if defined(__MINGW32__) || (defined(_MSC_VER) && _MSC_VER < 1800)
|
||||||
|
#include <inttypes.h>
|
||||||
|
#define MBEDTLS_PRINTF_SIZET PRIuPTR
|
||||||
|
#define MBEDTLS_PRINTF_LONGLONG "I64d"
|
||||||
|
#else /* defined(__MINGW32__) || (defined(_MSC_VER) && _MSC_VER < 1800) */
|
||||||
|
#define MBEDTLS_PRINTF_SIZET "zu"
|
||||||
|
#define MBEDTLS_PRINTF_LONGLONG "lld"
|
||||||
|
#endif /* defined(__MINGW32__) || (defined(_MSC_VER) && _MSC_VER < 1800) */
|
||||||
|
|
||||||
#ifdef __cplusplus
|
#ifdef __cplusplus
|
||||||
extern "C" {
|
extern "C" {
|
||||||
#endif
|
#endif
|
||||||
@ -118,7 +162,7 @@ void mbedtls_debug_set_threshold( int threshold );
|
|||||||
*/
|
*/
|
||||||
void mbedtls_debug_print_msg( const mbedtls_ssl_context *ssl, int level,
|
void mbedtls_debug_print_msg( const mbedtls_ssl_context *ssl, int level,
|
||||||
const char *file, int line,
|
const char *file, int line,
|
||||||
const char *format, ... );
|
const char *format, ... ) MBEDTLS_PRINTF_ATTRIBUTE(5, 6);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* \brief Print the return value of a function to the debug output. This
|
* \brief Print the return value of a function to the debug output. This
|
||||||
|
@ -2,7 +2,7 @@
|
|||||||
# Also see "include/mbedtls/config.h"
|
# Also see "include/mbedtls/config.h"
|
||||||
|
|
||||||
CFLAGS ?= -O2
|
CFLAGS ?= -O2
|
||||||
WARNING_CFLAGS ?= -Wall -Wextra
|
WARNING_CFLAGS ?= -Wall -Wextra -Wformat=2 -Wno-format-nonliteral
|
||||||
LDFLAGS ?=
|
LDFLAGS ?=
|
||||||
|
|
||||||
# Include ../include for public headers and . for private headers.
|
# Include ../include for public headers and . for private headers.
|
||||||
|
@ -74,6 +74,7 @@ static inline void debug_send_line( const mbedtls_ssl_context *ssl, int level,
|
|||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
|
|
||||||
|
MBEDTLS_PRINTF_ATTRIBUTE(5, 6)
|
||||||
void mbedtls_debug_print_msg( const mbedtls_ssl_context *ssl, int level,
|
void mbedtls_debug_print_msg( const mbedtls_ssl_context *ssl, int level,
|
||||||
const char *file, int line,
|
const char *file, int line,
|
||||||
const char *format, ... )
|
const char *format, ... )
|
||||||
|
@ -47,7 +47,7 @@
|
|||||||
#define PSA_ITS_STORAGE_PREFIX ""
|
#define PSA_ITS_STORAGE_PREFIX ""
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#define PSA_ITS_STORAGE_FILENAME_PATTERN "%08lx%08lx"
|
#define PSA_ITS_STORAGE_FILENAME_PATTERN "%08x%08x"
|
||||||
#define PSA_ITS_STORAGE_SUFFIX ".psa_its"
|
#define PSA_ITS_STORAGE_SUFFIX ".psa_its"
|
||||||
#define PSA_ITS_STORAGE_FILENAME_LENGTH \
|
#define PSA_ITS_STORAGE_FILENAME_LENGTH \
|
||||||
( sizeof( PSA_ITS_STORAGE_PREFIX ) - 1 + /*prefix without terminating 0*/ \
|
( sizeof( PSA_ITS_STORAGE_PREFIX ) - 1 + /*prefix without terminating 0*/ \
|
||||||
@ -87,8 +87,8 @@ static void psa_its_fill_filename( psa_storage_uid_t uid, char *filename )
|
|||||||
mbedtls_snprintf( filename, PSA_ITS_STORAGE_FILENAME_LENGTH,
|
mbedtls_snprintf( filename, PSA_ITS_STORAGE_FILENAME_LENGTH,
|
||||||
"%s" PSA_ITS_STORAGE_FILENAME_PATTERN "%s",
|
"%s" PSA_ITS_STORAGE_FILENAME_PATTERN "%s",
|
||||||
PSA_ITS_STORAGE_PREFIX,
|
PSA_ITS_STORAGE_PREFIX,
|
||||||
(unsigned long) ( uid >> 32 ),
|
(unsigned) ( uid >> 32 ),
|
||||||
(unsigned long) ( uid & 0xffffffff ),
|
(unsigned) ( uid & 0xffffffff ),
|
||||||
PSA_ITS_STORAGE_SUFFIX );
|
PSA_ITS_STORAGE_SUFFIX );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -685,7 +685,7 @@ static int ssl_write_session_ticket_ext( mbedtls_ssl_context *ssl,
|
|||||||
return( 0 );
|
return( 0 );
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 3,
|
MBEDTLS_SSL_DEBUG_MSG( 3,
|
||||||
( "sending session ticket of length %d", tlen ) );
|
( "sending session ticket of length %" MBEDTLS_PRINTF_SIZET, tlen ) );
|
||||||
|
|
||||||
memcpy( p, ssl->session_negotiate->ticket, tlen );
|
memcpy( p, ssl->session_negotiate->ticket, tlen );
|
||||||
|
|
||||||
@ -905,7 +905,8 @@ static int ssl_generate_random( mbedtls_ssl_context *ssl )
|
|||||||
*p++ = (unsigned char)( t >> 8 );
|
*p++ = (unsigned char)( t >> 8 );
|
||||||
*p++ = (unsigned char)( t );
|
*p++ = (unsigned char)( t );
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, current time: %lu", t ) );
|
MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, current time: %" MBEDTLS_PRINTF_LONGLONG,
|
||||||
|
(long long) t ) );
|
||||||
#else
|
#else
|
||||||
if( ( ret = ssl->conf->f_rng( ssl->conf->p_rng, p, 4 ) ) != 0 )
|
if( ( ret = ssl->conf->f_rng( ssl->conf->p_rng, p, 4 ) ) != 0 )
|
||||||
return( ret );
|
return( ret );
|
||||||
@ -1114,7 +1115,7 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl )
|
|||||||
for( i = 0; i < n; i++ )
|
for( i = 0; i < n; i++ )
|
||||||
*p++ = ssl->session_negotiate->id[i];
|
*p++ = ssl->session_negotiate->id[i];
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, session id len.: %d", n ) );
|
MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, session id len.: %" MBEDTLS_PRINTF_SIZET, n ) );
|
||||||
MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, session id", buf + 39, n );
|
MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, session id", buf + 39, n );
|
||||||
|
|
||||||
/*
|
/*
|
||||||
@ -1182,7 +1183,7 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl )
|
|||||||
continue;
|
continue;
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, add ciphersuite: %#04x (%s)",
|
MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, add ciphersuite: %#04x (%s)",
|
||||||
ciphersuites[i], ciphersuite_info->name ) );
|
(unsigned int)ciphersuites[i], ciphersuite_info->name ) );
|
||||||
|
|
||||||
#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
|
#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
|
||||||
defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
|
defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
|
||||||
@ -1197,7 +1198,7 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl )
|
|||||||
}
|
}
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 3,
|
MBEDTLS_SSL_DEBUG_MSG( 3,
|
||||||
( "client hello, got %d ciphersuites (excluding SCSVs)", n ) );
|
( "client hello, got %" MBEDTLS_PRINTF_SIZET " ciphersuites (excluding SCSVs)", n ) );
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Add TLS_EMPTY_RENEGOTIATION_INFO_SCSV
|
* Add TLS_EMPTY_RENEGOTIATION_INFO_SCSV
|
||||||
@ -1420,7 +1421,7 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl )
|
|||||||
/* olen unused if all extensions are disabled */
|
/* olen unused if all extensions are disabled */
|
||||||
((void) olen);
|
((void) olen);
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, total extension length: %d",
|
MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, total extension length: %" MBEDTLS_PRINTF_SIZET,
|
||||||
ext_len ) );
|
ext_len ) );
|
||||||
|
|
||||||
if( ext_len > 0 )
|
if( ext_len > 0 )
|
||||||
@ -2167,10 +2168,10 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl )
|
|||||||
}
|
}
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, current time: %lu",
|
MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, current time: %lu",
|
||||||
( (uint32_t) buf[2] << 24 ) |
|
( (unsigned long) buf[2] << 24 ) |
|
||||||
( (uint32_t) buf[3] << 16 ) |
|
( (unsigned long) buf[3] << 16 ) |
|
||||||
( (uint32_t) buf[4] << 8 ) |
|
( (unsigned long) buf[4] << 8 ) |
|
||||||
( (uint32_t) buf[5] ) ) );
|
( (unsigned long) buf[5] ) ) );
|
||||||
|
|
||||||
memcpy( ssl->handshake->randbytes + 32, buf + 2, 32 );
|
memcpy( ssl->handshake->randbytes + 32, buf + 2, 32 );
|
||||||
|
|
||||||
@ -2253,7 +2254,7 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl )
|
|||||||
if( ssl->handshake->ciphersuite_info == NULL )
|
if( ssl->handshake->ciphersuite_info == NULL )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 1,
|
MBEDTLS_SSL_DEBUG_MSG( 1,
|
||||||
( "ciphersuite info for %04x not found", i ) );
|
( "ciphersuite info for %04x not found", (unsigned int)i ) );
|
||||||
mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
|
mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
|
||||||
MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR );
|
MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR );
|
||||||
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
|
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
|
||||||
@ -2261,7 +2262,7 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl )
|
|||||||
|
|
||||||
mbedtls_ssl_optimize_checksum( ssl, ssl->handshake->ciphersuite_info );
|
mbedtls_ssl_optimize_checksum( ssl, ssl->handshake->ciphersuite_info );
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, session id len.: %d", n ) );
|
MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, session id len.: %" MBEDTLS_PRINTF_SIZET, n ) );
|
||||||
MBEDTLS_SSL_DEBUG_BUF( 3, "server hello, session id", buf + 35, n );
|
MBEDTLS_SSL_DEBUG_BUF( 3, "server hello, session id", buf + 35, n );
|
||||||
|
|
||||||
/*
|
/*
|
||||||
@ -2304,7 +2305,7 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl )
|
|||||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "%s session has been resumed",
|
MBEDTLS_SSL_DEBUG_MSG( 3, ( "%s session has been resumed",
|
||||||
ssl->handshake->resume ? "a" : "no" ) );
|
ssl->handshake->resume ? "a" : "no" ) );
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, chosen ciphersuite: %04x", i ) );
|
MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, chosen ciphersuite: %04x", (unsigned) i ) );
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, compress alg.: %d",
|
MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, compress alg.: %d",
|
||||||
buf[37 + n] ) );
|
buf[37 + n] ) );
|
||||||
|
|
||||||
@ -2373,7 +2374,7 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl )
|
|||||||
ext = buf + 40 + n;
|
ext = buf + 40 + n;
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 2,
|
MBEDTLS_SSL_DEBUG_MSG( 2,
|
||||||
( "server hello, total extension length: %d", ext_len ) );
|
( "server hello, total extension length: %" MBEDTLS_PRINTF_SIZET, ext_len ) );
|
||||||
|
|
||||||
while( ext_len )
|
while( ext_len )
|
||||||
{
|
{
|
||||||
@ -2537,7 +2538,7 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl )
|
|||||||
|
|
||||||
default:
|
default:
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 3,
|
MBEDTLS_SSL_DEBUG_MSG( 3,
|
||||||
( "unknown extension found: %d (ignoring)", ext_id ) );
|
( "unknown extension found: %u (ignoring)", ext_id ) );
|
||||||
}
|
}
|
||||||
|
|
||||||
ext_len -= 4 + ext_size;
|
ext_len -= 4 + ext_size;
|
||||||
@ -2628,7 +2629,7 @@ static int ssl_parse_server_dh_params( mbedtls_ssl_context *ssl,
|
|||||||
|
|
||||||
if( ssl->handshake->dhm_ctx.len * 8 < ssl->conf->dhm_min_bitlen )
|
if( ssl->handshake->dhm_ctx.len * 8 < ssl->conf->dhm_min_bitlen )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "DHM prime too short: %d < %d",
|
MBEDTLS_SSL_DEBUG_MSG( 1, ( "DHM prime too short: %" MBEDTLS_PRINTF_SIZET " < %u",
|
||||||
ssl->handshake->dhm_ctx.len * 8,
|
ssl->handshake->dhm_ctx.len * 8,
|
||||||
ssl->conf->dhm_min_bitlen ) );
|
ssl->conf->dhm_min_bitlen ) );
|
||||||
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
|
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
|
||||||
@ -4347,7 +4348,7 @@ static int ssl_parse_new_session_ticket( mbedtls_ssl_context *ssl )
|
|||||||
return( MBEDTLS_ERR_SSL_BAD_HS_NEW_SESSION_TICKET );
|
return( MBEDTLS_ERR_SSL_BAD_HS_NEW_SESSION_TICKET );
|
||||||
}
|
}
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "ticket length: %d", ticket_len ) );
|
MBEDTLS_SSL_DEBUG_MSG( 3, ( "ticket length: %" MBEDTLS_PRINTF_SIZET, ticket_len ) );
|
||||||
|
|
||||||
/* We're not waiting for a NewSessionTicket message any more */
|
/* We're not waiting for a NewSessionTicket message any more */
|
||||||
ssl->handshake->new_session_ticket = 0;
|
ssl->handshake->new_session_ticket = 0;
|
||||||
|
@ -283,8 +283,8 @@ static int ssl_double_retransmit_timeout( mbedtls_ssl_context *ssl )
|
|||||||
}
|
}
|
||||||
|
|
||||||
ssl->handshake->retransmit_timeout = new_timeout;
|
ssl->handshake->retransmit_timeout = new_timeout;
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "update timeout value to %d millisecs",
|
MBEDTLS_SSL_DEBUG_MSG( 3, ( "update timeout value to %lu millisecs",
|
||||||
ssl->handshake->retransmit_timeout ) );
|
(unsigned long) ssl->handshake->retransmit_timeout ) );
|
||||||
|
|
||||||
return( 0 );
|
return( 0 );
|
||||||
}
|
}
|
||||||
@ -292,8 +292,8 @@ static int ssl_double_retransmit_timeout( mbedtls_ssl_context *ssl )
|
|||||||
static void ssl_reset_retransmit_timeout( mbedtls_ssl_context *ssl )
|
static void ssl_reset_retransmit_timeout( mbedtls_ssl_context *ssl )
|
||||||
{
|
{
|
||||||
ssl->handshake->retransmit_timeout = ssl->conf->hs_timeout_min;
|
ssl->handshake->retransmit_timeout = ssl->conf->hs_timeout_min;
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "update timeout value to %d millisecs",
|
MBEDTLS_SSL_DEBUG_MSG( 3, ( "update timeout value to %lu millisecs",
|
||||||
ssl->handshake->retransmit_timeout ) );
|
(unsigned long) ssl->handshake->retransmit_timeout ) );
|
||||||
}
|
}
|
||||||
#endif /* MBEDTLS_SSL_PROTO_DTLS */
|
#endif /* MBEDTLS_SSL_PROTO_DTLS */
|
||||||
|
|
||||||
@ -623,9 +623,10 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
|
|||||||
|
|
||||||
if( rec->data_len > MBEDTLS_SSL_OUT_CONTENT_LEN )
|
if( rec->data_len > MBEDTLS_SSL_OUT_CONTENT_LEN )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "Record content %u too large, maximum %d",
|
MBEDTLS_SSL_DEBUG_MSG( 1, ( "Record content %" MBEDTLS_PRINTF_SIZET
|
||||||
(unsigned) rec->data_len,
|
" too large, maximum %" MBEDTLS_PRINTF_SIZET,
|
||||||
MBEDTLS_SSL_OUT_CONTENT_LEN ) );
|
rec->data_len,
|
||||||
|
(size_t) MBEDTLS_SSL_OUT_CONTENT_LEN ) );
|
||||||
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
|
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -764,7 +765,7 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
|
|||||||
{
|
{
|
||||||
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
||||||
size_t olen;
|
size_t olen;
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "before encrypt: msglen = %d, "
|
MBEDTLS_SSL_DEBUG_MSG( 3, ( "before encrypt: msglen = %" MBEDTLS_PRINTF_SIZET ", "
|
||||||
"including %d bytes of padding",
|
"including %d bytes of padding",
|
||||||
rec->data_len, 0 ) );
|
rec->data_len, 0 ) );
|
||||||
|
|
||||||
@ -842,7 +843,7 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
|
|||||||
dynamic_iv_is_explicit ? dynamic_iv_len : 0 );
|
dynamic_iv_is_explicit ? dynamic_iv_len : 0 );
|
||||||
MBEDTLS_SSL_DEBUG_BUF( 4, "additional data used for AEAD",
|
MBEDTLS_SSL_DEBUG_BUF( 4, "additional data used for AEAD",
|
||||||
add_data, add_data_len );
|
add_data, add_data_len );
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "before encrypt: msglen = %d, "
|
MBEDTLS_SSL_DEBUG_MSG( 3, ( "before encrypt: msglen = %" MBEDTLS_PRINTF_SIZET ", "
|
||||||
"including 0 bytes of padding",
|
"including 0 bytes of padding",
|
||||||
rec->data_len ) );
|
rec->data_len ) );
|
||||||
|
|
||||||
@ -945,8 +946,9 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
|
|||||||
}
|
}
|
||||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_1 || MBEDTLS_SSL_PROTO_TLS1_2 */
|
#endif /* MBEDTLS_SSL_PROTO_TLS1_1 || MBEDTLS_SSL_PROTO_TLS1_2 */
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "before encrypt: msglen = %d, "
|
MBEDTLS_SSL_DEBUG_MSG( 3, ( "before encrypt: msglen = %" MBEDTLS_PRINTF_SIZET ", "
|
||||||
"including %d bytes of IV and %d bytes of padding",
|
"including %" MBEDTLS_PRINTF_SIZET
|
||||||
|
" bytes of IV and %" MBEDTLS_PRINTF_SIZET " bytes of padding",
|
||||||
rec->data_len, transform->ivlen,
|
rec->data_len, transform->ivlen,
|
||||||
padlen + 1 ) );
|
padlen + 1 ) );
|
||||||
|
|
||||||
@ -1366,7 +1368,8 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl,
|
|||||||
{
|
{
|
||||||
if( rec->data_len < dynamic_iv_len )
|
if( rec->data_len < dynamic_iv_len )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "msglen (%d) < explicit_iv_len (%d) ",
|
MBEDTLS_SSL_DEBUG_MSG( 1, ( "msglen (%" MBEDTLS_PRINTF_SIZET
|
||||||
|
" ) < explicit_iv_len (%" MBEDTLS_PRINTF_SIZET ") ",
|
||||||
rec->data_len,
|
rec->data_len,
|
||||||
dynamic_iv_len ) );
|
dynamic_iv_len ) );
|
||||||
return( MBEDTLS_ERR_SSL_INVALID_MAC );
|
return( MBEDTLS_ERR_SSL_INVALID_MAC );
|
||||||
@ -1385,7 +1388,8 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl,
|
|||||||
/* Check that there's space for the authentication tag. */
|
/* Check that there's space for the authentication tag. */
|
||||||
if( rec->data_len < transform->taglen )
|
if( rec->data_len < transform->taglen )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "msglen (%d) < taglen (%d) ",
|
MBEDTLS_SSL_DEBUG_MSG( 1, ( "msglen (%" MBEDTLS_PRINTF_SIZET
|
||||||
|
") < taglen (%" MBEDTLS_PRINTF_SIZET ") ",
|
||||||
rec->data_len,
|
rec->data_len,
|
||||||
transform->taglen ) );
|
transform->taglen ) );
|
||||||
return( MBEDTLS_ERR_SSL_INVALID_MAC );
|
return( MBEDTLS_ERR_SSL_INVALID_MAC );
|
||||||
@ -1488,7 +1492,9 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl,
|
|||||||
if( rec->data_len < minlen + transform->ivlen ||
|
if( rec->data_len < minlen + transform->ivlen ||
|
||||||
rec->data_len < minlen + transform->maclen + 1 )
|
rec->data_len < minlen + transform->maclen + 1 )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "msglen (%d) < max( ivlen(%d), maclen (%d) "
|
MBEDTLS_SSL_DEBUG_MSG( 1, ( "msglen (%" MBEDTLS_PRINTF_SIZET
|
||||||
|
") < max( ivlen(%" MBEDTLS_PRINTF_SIZET
|
||||||
|
"), maclen (%" MBEDTLS_PRINTF_SIZET ") "
|
||||||
"+ 1 ) ( + expl IV )", rec->data_len,
|
"+ 1 ) ( + expl IV )", rec->data_len,
|
||||||
transform->ivlen,
|
transform->ivlen,
|
||||||
transform->maclen ) );
|
transform->maclen ) );
|
||||||
@ -1554,7 +1560,8 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl,
|
|||||||
* data_len >= minlen + ivlen ( = minlen or 2 * minlen ). */
|
* data_len >= minlen + ivlen ( = minlen or 2 * minlen ). */
|
||||||
if( rec->data_len % transform->ivlen != 0 )
|
if( rec->data_len % transform->ivlen != 0 )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "msglen (%d) %% ivlen (%d) != 0",
|
MBEDTLS_SSL_DEBUG_MSG( 1, ( "msglen (%" MBEDTLS_PRINTF_SIZET
|
||||||
|
") %% ivlen (%" MBEDTLS_PRINTF_SIZET ") != 0",
|
||||||
rec->data_len, transform->ivlen ) );
|
rec->data_len, transform->ivlen ) );
|
||||||
return( MBEDTLS_ERR_SSL_INVALID_MAC );
|
return( MBEDTLS_ERR_SSL_INVALID_MAC );
|
||||||
}
|
}
|
||||||
@ -1624,7 +1631,9 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl,
|
|||||||
#if defined(MBEDTLS_SSL_DEBUG_ALL)
|
#if defined(MBEDTLS_SSL_DEBUG_ALL)
|
||||||
if( rec->data_len < transform->maclen + padlen + 1 )
|
if( rec->data_len < transform->maclen + padlen + 1 )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "msglen (%d) < maclen (%d) + padlen (%d)",
|
MBEDTLS_SSL_DEBUG_MSG( 1, ( "msglen (%" MBEDTLS_PRINTF_SIZET
|
||||||
|
") < maclen (%" MBEDTLS_PRINTF_SIZET
|
||||||
|
") + padlen (%" MBEDTLS_PRINTF_SIZET ")",
|
||||||
rec->data_len,
|
rec->data_len,
|
||||||
transform->maclen,
|
transform->maclen,
|
||||||
padlen + 1 ) );
|
padlen + 1 ) );
|
||||||
@ -1653,8 +1662,8 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl,
|
|||||||
if( padlen > transform->ivlen )
|
if( padlen > transform->ivlen )
|
||||||
{
|
{
|
||||||
#if defined(MBEDTLS_SSL_DEBUG_ALL)
|
#if defined(MBEDTLS_SSL_DEBUG_ALL)
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad padding length: is %d, "
|
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad padding length: is %" MBEDTLS_PRINTF_SIZET ", "
|
||||||
"should be no more than %d",
|
"should be no more than %" MBEDTLS_PRINTF_SIZET,
|
||||||
padlen, transform->ivlen ) );
|
padlen, transform->ivlen ) );
|
||||||
#endif
|
#endif
|
||||||
correct = 0;
|
correct = 0;
|
||||||
@ -1890,7 +1899,7 @@ static int ssl_compress_buf( mbedtls_ssl_context *ssl )
|
|||||||
|
|
||||||
memcpy( msg_pre, ssl->out_msg, len_pre );
|
memcpy( msg_pre, ssl->out_msg, len_pre );
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "before compression: msglen = %d, ",
|
MBEDTLS_SSL_DEBUG_MSG( 3, ( "before compression: msglen = %" MBEDTLS_PRINTF_SIZET ", ",
|
||||||
ssl->out_msglen ) );
|
ssl->out_msglen ) );
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_BUF( 4, "before compression: output payload",
|
MBEDTLS_SSL_DEBUG_BUF( 4, "before compression: output payload",
|
||||||
@ -1911,7 +1920,7 @@ static int ssl_compress_buf( mbedtls_ssl_context *ssl )
|
|||||||
ssl->out_msglen = out_buf_len -
|
ssl->out_msglen = out_buf_len -
|
||||||
ssl->transform_out->ctx_deflate.avail_out - bytes_written;
|
ssl->transform_out->ctx_deflate.avail_out - bytes_written;
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "after compression: msglen = %d, ",
|
MBEDTLS_SSL_DEBUG_MSG( 3, ( "after compression: msglen = %" MBEDTLS_PRINTF_SIZET ", ",
|
||||||
ssl->out_msglen ) );
|
ssl->out_msglen ) );
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_BUF( 4, "after compression: output payload",
|
MBEDTLS_SSL_DEBUG_BUF( 4, "after compression: output payload",
|
||||||
@ -1942,7 +1951,7 @@ static int ssl_decompress_buf( mbedtls_ssl_context *ssl )
|
|||||||
|
|
||||||
memcpy( msg_pre, ssl->in_msg, len_pre );
|
memcpy( msg_pre, ssl->in_msg, len_pre );
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "before decompression: msglen = %d, ",
|
MBEDTLS_SSL_DEBUG_MSG( 3, ( "before decompression: msglen = %" MBEDTLS_PRINTF_SIZET ", ",
|
||||||
ssl->in_msglen ) );
|
ssl->in_msglen ) );
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_BUF( 4, "before decompression: input payload",
|
MBEDTLS_SSL_DEBUG_BUF( 4, "before decompression: input payload",
|
||||||
@ -1963,7 +1972,7 @@ static int ssl_decompress_buf( mbedtls_ssl_context *ssl )
|
|||||||
ssl->in_msglen = in_buf_len -
|
ssl->in_msglen = in_buf_len -
|
||||||
ssl->transform_in->ctx_inflate.avail_out - header_bytes;
|
ssl->transform_in->ctx_inflate.avail_out - header_bytes;
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "after decompression: msglen = %d, ",
|
MBEDTLS_SSL_DEBUG_MSG( 3, ( "after decompression: msglen = %" MBEDTLS_PRINTF_SIZET ", ",
|
||||||
ssl->in_msglen ) );
|
ssl->in_msglen ) );
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_BUF( 4, "after decompression: input payload",
|
MBEDTLS_SSL_DEBUG_BUF( 4, "after decompression: input payload",
|
||||||
@ -2042,7 +2051,8 @@ int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want )
|
|||||||
|
|
||||||
if( ssl->in_left != 0 )
|
if( ssl->in_left != 0 )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "next record in same datagram, offset: %d",
|
MBEDTLS_SSL_DEBUG_MSG( 2, ( "next record in same datagram, offset: %"
|
||||||
|
MBEDTLS_PRINTF_SIZET,
|
||||||
ssl->next_record_offset ) );
|
ssl->next_record_offset ) );
|
||||||
memmove( ssl->in_hdr,
|
memmove( ssl->in_hdr,
|
||||||
ssl->in_hdr + ssl->next_record_offset,
|
ssl->in_hdr + ssl->next_record_offset,
|
||||||
@ -2052,7 +2062,8 @@ int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want )
|
|||||||
ssl->next_record_offset = 0;
|
ssl->next_record_offset = 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "in_left: %d, nb_want: %d",
|
MBEDTLS_SSL_DEBUG_MSG( 2, ( "in_left: %" MBEDTLS_PRINTF_SIZET
|
||||||
|
", nb_want: %" MBEDTLS_PRINTF_SIZET,
|
||||||
ssl->in_left, nb_want ) );
|
ssl->in_left, nb_want ) );
|
||||||
|
|
||||||
/*
|
/*
|
||||||
@ -2094,7 +2105,7 @@ int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want )
|
|||||||
else
|
else
|
||||||
timeout = ssl->conf->read_timeout;
|
timeout = ssl->conf->read_timeout;
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "f_recv_timeout: %u ms", timeout ) );
|
MBEDTLS_SSL_DEBUG_MSG( 3, ( "f_recv_timeout: %lu ms", (unsigned long) timeout ) );
|
||||||
|
|
||||||
if( ssl->f_recv_timeout != NULL )
|
if( ssl->f_recv_timeout != NULL )
|
||||||
ret = ssl->f_recv_timeout( ssl->p_bio, ssl->in_hdr, len,
|
ret = ssl->f_recv_timeout( ssl->p_bio, ssl->in_hdr, len,
|
||||||
@ -2153,7 +2164,8 @@ int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want )
|
|||||||
else
|
else
|
||||||
#endif
|
#endif
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "in_left: %d, nb_want: %d",
|
MBEDTLS_SSL_DEBUG_MSG( 2, ( "in_left: %" MBEDTLS_PRINTF_SIZET
|
||||||
|
", nb_want: %" MBEDTLS_PRINTF_SIZET,
|
||||||
ssl->in_left, nb_want ) );
|
ssl->in_left, nb_want ) );
|
||||||
|
|
||||||
while( ssl->in_left < nb_want )
|
while( ssl->in_left < nb_want )
|
||||||
@ -2177,7 +2189,8 @@ int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want )
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "in_left: %d, nb_want: %d",
|
MBEDTLS_SSL_DEBUG_MSG( 2, ( "in_left: %" MBEDTLS_PRINTF_SIZET
|
||||||
|
", nb_want: %" MBEDTLS_PRINTF_SIZET,
|
||||||
ssl->in_left, nb_want ) );
|
ssl->in_left, nb_want ) );
|
||||||
MBEDTLS_SSL_DEBUG_RET( 2, "ssl->f_recv(_timeout)", ret );
|
MBEDTLS_SSL_DEBUG_RET( 2, "ssl->f_recv(_timeout)", ret );
|
||||||
|
|
||||||
@ -2190,8 +2203,8 @@ int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want )
|
|||||||
if ( (size_t)ret > len || ( INT_MAX > SIZE_MAX && ret > (int)SIZE_MAX ) )
|
if ( (size_t)ret > len || ( INT_MAX > SIZE_MAX && ret > (int)SIZE_MAX ) )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 1,
|
MBEDTLS_SSL_DEBUG_MSG( 1,
|
||||||
( "f_recv returned %d bytes but only %lu were requested",
|
( "f_recv returned %d bytes but only %" MBEDTLS_PRINTF_SIZET " were requested",
|
||||||
ret, (unsigned long)len ) );
|
ret, len ) );
|
||||||
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
|
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -2230,7 +2243,8 @@ int mbedtls_ssl_flush_output( mbedtls_ssl_context *ssl )
|
|||||||
|
|
||||||
while( ssl->out_left > 0 )
|
while( ssl->out_left > 0 )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "message length: %d, out_left: %d",
|
MBEDTLS_SSL_DEBUG_MSG( 2, ( "message length: %" MBEDTLS_PRINTF_SIZET
|
||||||
|
", out_left: %" MBEDTLS_PRINTF_SIZET,
|
||||||
mbedtls_ssl_out_hdr_len( ssl ) + ssl->out_msglen, ssl->out_left ) );
|
mbedtls_ssl_out_hdr_len( ssl ) + ssl->out_msglen, ssl->out_left ) );
|
||||||
|
|
||||||
buf = ssl->out_hdr - ssl->out_left;
|
buf = ssl->out_hdr - ssl->out_left;
|
||||||
@ -2244,8 +2258,8 @@ int mbedtls_ssl_flush_output( mbedtls_ssl_context *ssl )
|
|||||||
if( (size_t)ret > ssl->out_left || ( INT_MAX > SIZE_MAX && ret > (int)SIZE_MAX ) )
|
if( (size_t)ret > ssl->out_left || ( INT_MAX > SIZE_MAX && ret > (int)SIZE_MAX ) )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 1,
|
MBEDTLS_SSL_DEBUG_MSG( 1,
|
||||||
( "f_send returned %d bytes but only %lu bytes were sent",
|
( "f_send returned %d bytes but only %" MBEDTLS_PRINTF_SIZET " bytes were sent",
|
||||||
ret, (unsigned long)ssl->out_left ) );
|
ret, ssl->out_left ) );
|
||||||
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
|
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -2286,14 +2300,15 @@ static int ssl_flight_append( mbedtls_ssl_context *ssl )
|
|||||||
/* Allocate space for current message */
|
/* Allocate space for current message */
|
||||||
if( ( msg = mbedtls_calloc( 1, sizeof( mbedtls_ssl_flight_item ) ) ) == NULL )
|
if( ( msg = mbedtls_calloc( 1, sizeof( mbedtls_ssl_flight_item ) ) ) == NULL )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc %d bytes failed",
|
MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc %" MBEDTLS_PRINTF_SIZET " bytes failed",
|
||||||
sizeof( mbedtls_ssl_flight_item ) ) );
|
sizeof( mbedtls_ssl_flight_item ) ) );
|
||||||
return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
|
return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
|
||||||
}
|
}
|
||||||
|
|
||||||
if( ( msg->p = mbedtls_calloc( 1, ssl->out_msglen ) ) == NULL )
|
if( ( msg->p = mbedtls_calloc( 1, ssl->out_msglen ) ) == NULL )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc %d bytes failed", ssl->out_msglen ) );
|
MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc %" MBEDTLS_PRINTF_SIZET " bytes failed",
|
||||||
|
ssl->out_msglen ) );
|
||||||
mbedtls_free( msg );
|
mbedtls_free( msg );
|
||||||
return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
|
return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
|
||||||
}
|
}
|
||||||
@ -2699,9 +2714,10 @@ int mbedtls_ssl_write_handshake_msg( mbedtls_ssl_context *ssl )
|
|||||||
if( ssl->out_msglen > MBEDTLS_SSL_OUT_CONTENT_LEN )
|
if( ssl->out_msglen > MBEDTLS_SSL_OUT_CONTENT_LEN )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "Record too large: "
|
MBEDTLS_SSL_DEBUG_MSG( 1, ( "Record too large: "
|
||||||
"size %u, maximum %u",
|
"size %" MBEDTLS_PRINTF_SIZET
|
||||||
(unsigned) ssl->out_msglen,
|
", maximum %" MBEDTLS_PRINTF_SIZET,
|
||||||
(unsigned) MBEDTLS_SSL_OUT_CONTENT_LEN ) );
|
ssl->out_msglen,
|
||||||
|
(size_t) MBEDTLS_SSL_OUT_CONTENT_LEN ) );
|
||||||
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
|
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -2728,9 +2744,9 @@ int mbedtls_ssl_write_handshake_msg( mbedtls_ssl_context *ssl )
|
|||||||
if( MBEDTLS_SSL_OUT_CONTENT_LEN - ssl->out_msglen < 8 )
|
if( MBEDTLS_SSL_OUT_CONTENT_LEN - ssl->out_msglen < 8 )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "DTLS handshake message too large: "
|
MBEDTLS_SSL_DEBUG_MSG( 1, ( "DTLS handshake message too large: "
|
||||||
"size %u, maximum %u",
|
"size %" MBEDTLS_PRINTF_SIZET ", maximum %" MBEDTLS_PRINTF_SIZET,
|
||||||
(unsigned) ( hs_len ),
|
hs_len,
|
||||||
(unsigned) ( MBEDTLS_SSL_OUT_CONTENT_LEN - 12 ) ) );
|
(size_t) ( MBEDTLS_SSL_OUT_CONTENT_LEN - 12 ) ) );
|
||||||
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
|
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -2922,8 +2938,8 @@ int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl, uint8_t force_flush )
|
|||||||
/* Now write the potentially updated record content type. */
|
/* Now write the potentially updated record content type. */
|
||||||
ssl->out_hdr[0] = (unsigned char) ssl->out_msgtype;
|
ssl->out_hdr[0] = (unsigned char) ssl->out_msgtype;
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "output record: msgtype = %d, "
|
MBEDTLS_SSL_DEBUG_MSG( 3, ( "output record: msgtype = %u, "
|
||||||
"version = [%d:%d], msglen = %d",
|
"version = [%u:%u], msglen = %" MBEDTLS_PRINTF_SIZET,
|
||||||
ssl->out_hdr[0], ssl->out_hdr[1],
|
ssl->out_hdr[0], ssl->out_hdr[1],
|
||||||
ssl->out_hdr[2], len ) );
|
ssl->out_hdr[2], len ) );
|
||||||
|
|
||||||
@ -3119,7 +3135,7 @@ int mbedtls_ssl_prepare_handshake_record( mbedtls_ssl_context *ssl )
|
|||||||
{
|
{
|
||||||
if( ssl->in_msglen < mbedtls_ssl_hs_hdr_len( ssl ) )
|
if( ssl->in_msglen < mbedtls_ssl_hs_hdr_len( ssl ) )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "handshake message too short: %d",
|
MBEDTLS_SSL_DEBUG_MSG( 1, ( "handshake message too short: %" MBEDTLS_PRINTF_SIZET,
|
||||||
ssl->in_msglen ) );
|
ssl->in_msglen ) );
|
||||||
return( MBEDTLS_ERR_SSL_INVALID_RECORD );
|
return( MBEDTLS_ERR_SSL_INVALID_RECORD );
|
||||||
}
|
}
|
||||||
@ -3127,7 +3143,7 @@ int mbedtls_ssl_prepare_handshake_record( mbedtls_ssl_context *ssl )
|
|||||||
ssl->in_hslen = mbedtls_ssl_hs_hdr_len( ssl ) + ssl_get_hs_total_len( ssl );
|
ssl->in_hslen = mbedtls_ssl_hs_hdr_len( ssl ) + ssl_get_hs_total_len( ssl );
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "handshake message: msglen ="
|
MBEDTLS_SSL_DEBUG_MSG( 3, ( "handshake message: msglen ="
|
||||||
" %d, type = %d, hslen = %d",
|
" %" MBEDTLS_PRINTF_SIZET ", type = %u, hslen = %" MBEDTLS_PRINTF_SIZET,
|
||||||
ssl->in_msglen, ssl->in_msg[0], ssl->in_hslen ) );
|
ssl->in_msglen, ssl->in_msg[0], ssl->in_hslen ) );
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||||
@ -3163,7 +3179,7 @@ int mbedtls_ssl_prepare_handshake_record( mbedtls_ssl_context *ssl )
|
|||||||
ssl->in_msg[0] != MBEDTLS_SSL_HS_HELLO_VERIFY_REQUEST )
|
ssl->in_msg[0] != MBEDTLS_SSL_HS_HELLO_VERIFY_REQUEST )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "received message from last flight, "
|
MBEDTLS_SSL_DEBUG_MSG( 2, ( "received message from last flight, "
|
||||||
"message_seq = %d, start_of_flight = %d",
|
"message_seq = %u, start_of_flight = %u",
|
||||||
recv_msg_seq,
|
recv_msg_seq,
|
||||||
ssl->handshake->in_flight_start_seq ) );
|
ssl->handshake->in_flight_start_seq ) );
|
||||||
|
|
||||||
@ -3176,7 +3192,7 @@ int mbedtls_ssl_prepare_handshake_record( mbedtls_ssl_context *ssl )
|
|||||||
else
|
else
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "dropping out-of-sequence message: "
|
MBEDTLS_SSL_DEBUG_MSG( 2, ( "dropping out-of-sequence message: "
|
||||||
"message_seq = %d, expected = %d",
|
"message_seq = %u, expected = %u",
|
||||||
recv_msg_seq,
|
recv_msg_seq,
|
||||||
ssl->handshake->in_msg_seq ) );
|
ssl->handshake->in_msg_seq ) );
|
||||||
}
|
}
|
||||||
@ -3746,8 +3762,8 @@ static int ssl_parse_record_header( mbedtls_ssl_context const *ssl,
|
|||||||
( (size_t) buf[ rec_hdr_len_offset + 1 ] << 0 );
|
( (size_t) buf[ rec_hdr_len_offset + 1 ] << 0 );
|
||||||
MBEDTLS_SSL_DEBUG_BUF( 4, "input record header", buf, rec->data_offset );
|
MBEDTLS_SSL_DEBUG_BUF( 4, "input record header", buf, rec->data_offset );
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "input record: msgtype = %d, "
|
MBEDTLS_SSL_DEBUG_MSG( 3, ( "input record: msgtype = %u, "
|
||||||
"version = [%d:%d], msglen = %d",
|
"version = [%d:%d], msglen = %" MBEDTLS_PRINTF_SIZET,
|
||||||
rec->type,
|
rec->type,
|
||||||
major_ver, minor_ver, rec->data_len ) );
|
major_ver, minor_ver, rec->data_len ) );
|
||||||
|
|
||||||
@ -3790,8 +3806,8 @@ static int ssl_parse_record_header( mbedtls_ssl_context const *ssl,
|
|||||||
if( rec_epoch != ssl->in_epoch )
|
if( rec_epoch != ssl->in_epoch )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "record from another epoch: "
|
MBEDTLS_SSL_DEBUG_MSG( 1, ( "record from another epoch: "
|
||||||
"expected %d, received %d",
|
"expected %u, received %lu",
|
||||||
ssl->in_epoch, rec_epoch ) );
|
ssl->in_epoch, (unsigned long) rec_epoch ) );
|
||||||
|
|
||||||
/* Records from the next epoch are considered for buffering
|
/* Records from the next epoch are considered for buffering
|
||||||
* (concretely: early Finished messages). */
|
* (concretely: early Finished messages). */
|
||||||
@ -4325,31 +4341,41 @@ static int ssl_buffer_message( mbedtls_ssl_context *ssl )
|
|||||||
{
|
{
|
||||||
/* If we can't buffer a future message because
|
/* If we can't buffer a future message because
|
||||||
* of space limitations -- ignore. */
|
* of space limitations -- ignore. */
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "Buffering of future message of size %u would exceed the compile-time limit %u (already %u bytes buffered) -- ignore\n",
|
MBEDTLS_SSL_DEBUG_MSG( 2, ( "Buffering of future message of size %" MBEDTLS_PRINTF_SIZET
|
||||||
(unsigned) msg_len, MBEDTLS_SSL_DTLS_MAX_BUFFERING,
|
" would exceed the compile-time limit %" MBEDTLS_PRINTF_SIZET
|
||||||
(unsigned) hs->buffering.total_bytes_buffered ) );
|
" (already %" MBEDTLS_PRINTF_SIZET
|
||||||
|
" bytes buffered) -- ignore\n",
|
||||||
|
msg_len, (size_t) MBEDTLS_SSL_DTLS_MAX_BUFFERING,
|
||||||
|
hs->buffering.total_bytes_buffered ) );
|
||||||
goto exit;
|
goto exit;
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "Buffering of future message of size %u would exceed the compile-time limit %u (already %u bytes buffered) -- attempt to make space by freeing buffered future messages\n",
|
MBEDTLS_SSL_DEBUG_MSG( 2, ( "Buffering of future message of size %" MBEDTLS_PRINTF_SIZET
|
||||||
(unsigned) msg_len, MBEDTLS_SSL_DTLS_MAX_BUFFERING,
|
" would exceed the compile-time limit %" MBEDTLS_PRINTF_SIZET
|
||||||
(unsigned) hs->buffering.total_bytes_buffered ) );
|
" (already %" MBEDTLS_PRINTF_SIZET
|
||||||
|
" bytes buffered) -- attempt to make space by freeing buffered future messages\n",
|
||||||
|
msg_len, (size_t) MBEDTLS_SSL_DTLS_MAX_BUFFERING,
|
||||||
|
hs->buffering.total_bytes_buffered ) );
|
||||||
}
|
}
|
||||||
|
|
||||||
if( ssl_buffer_make_space( ssl, reassembly_buf_sz ) != 0 )
|
if( ssl_buffer_make_space( ssl, reassembly_buf_sz ) != 0 )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "Reassembly of next message of size %u (%u with bitmap) would exceed the compile-time limit %u (already %u bytes buffered) -- fail\n",
|
MBEDTLS_SSL_DEBUG_MSG( 2, ( "Reassembly of next message of size %" MBEDTLS_PRINTF_SIZET
|
||||||
(unsigned) msg_len,
|
" (%" MBEDTLS_PRINTF_SIZET " with bitmap) would exceed"
|
||||||
(unsigned) reassembly_buf_sz,
|
" the compile-time limit %" MBEDTLS_PRINTF_SIZET
|
||||||
MBEDTLS_SSL_DTLS_MAX_BUFFERING,
|
" (already %" MBEDTLS_PRINTF_SIZET
|
||||||
(unsigned) hs->buffering.total_bytes_buffered ) );
|
" bytes buffered) -- fail\n",
|
||||||
|
msg_len,
|
||||||
|
reassembly_buf_sz,
|
||||||
|
(size_t) MBEDTLS_SSL_DTLS_MAX_BUFFERING,
|
||||||
|
hs->buffering.total_bytes_buffered ) );
|
||||||
ret = MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL;
|
ret = MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL;
|
||||||
goto exit;
|
goto exit;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "initialize reassembly, total length = %d",
|
MBEDTLS_SSL_DEBUG_MSG( 2, ( "initialize reassembly, total length = %" MBEDTLS_PRINTF_SIZET,
|
||||||
msg_len ) );
|
msg_len ) );
|
||||||
|
|
||||||
hs_buf->data = mbedtls_calloc( 1, reassembly_buf_sz );
|
hs_buf->data = mbedtls_calloc( 1, reassembly_buf_sz );
|
||||||
@ -4395,7 +4421,8 @@ static int ssl_buffer_message( mbedtls_ssl_context *ssl )
|
|||||||
frag_off = ssl_get_hs_frag_off( ssl );
|
frag_off = ssl_get_hs_frag_off( ssl );
|
||||||
frag_len = ssl_get_hs_frag_len( ssl );
|
frag_len = ssl_get_hs_frag_len( ssl );
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "adding fragment, offset = %d, length = %d",
|
MBEDTLS_SSL_DEBUG_MSG( 2, ( "adding fragment, offset = %" MBEDTLS_PRINTF_SIZET
|
||||||
|
", length = %" MBEDTLS_PRINTF_SIZET,
|
||||||
frag_off, frag_len ) );
|
frag_off, frag_len ) );
|
||||||
memcpy( msg + frag_off, ssl->in_msg + 12, frag_len );
|
memcpy( msg + frag_off, ssl->in_msg + 12, frag_len );
|
||||||
|
|
||||||
@ -4622,15 +4649,18 @@ static int ssl_buffer_future_record( mbedtls_ssl_context *ssl,
|
|||||||
if( rec->buf_len > ( MBEDTLS_SSL_DTLS_MAX_BUFFERING -
|
if( rec->buf_len > ( MBEDTLS_SSL_DTLS_MAX_BUFFERING -
|
||||||
hs->buffering.total_bytes_buffered ) )
|
hs->buffering.total_bytes_buffered ) )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "Buffering of future epoch record of size %u would exceed the compile-time limit %u (already %u bytes buffered) -- ignore\n",
|
MBEDTLS_SSL_DEBUG_MSG( 2, ( "Buffering of future epoch record of size %" MBEDTLS_PRINTF_SIZET
|
||||||
(unsigned) rec->buf_len, MBEDTLS_SSL_DTLS_MAX_BUFFERING,
|
" would exceed the compile-time limit %" MBEDTLS_PRINTF_SIZET
|
||||||
(unsigned) hs->buffering.total_bytes_buffered ) );
|
" (already %" MBEDTLS_PRINTF_SIZET
|
||||||
|
" bytes buffered) -- ignore\n",
|
||||||
|
rec->buf_len, (size_t) MBEDTLS_SSL_DTLS_MAX_BUFFERING,
|
||||||
|
hs->buffering.total_bytes_buffered ) );
|
||||||
return( 0 );
|
return( 0 );
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Buffer record */
|
/* Buffer record */
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "Buffer record from epoch %u",
|
MBEDTLS_SSL_DEBUG_MSG( 2, ( "Buffer record from epoch %u",
|
||||||
ssl->in_epoch + 1 ) );
|
ssl->in_epoch + 1U ) );
|
||||||
MBEDTLS_SSL_DEBUG_BUF( 3, "Buffered record", rec->buf, rec->buf_len );
|
MBEDTLS_SSL_DEBUG_BUF( 3, "Buffered record", rec->buf, rec->buf_len );
|
||||||
|
|
||||||
/* ssl_parse_record_header() only considers records
|
/* ssl_parse_record_header() only considers records
|
||||||
@ -4903,7 +4933,7 @@ int mbedtls_ssl_handle_message_type( mbedtls_ssl_context *ssl )
|
|||||||
{
|
{
|
||||||
if( ssl->in_msglen != 1 )
|
if( ssl->in_msglen != 1 )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "invalid CCS message, len: %d",
|
MBEDTLS_SSL_DEBUG_MSG( 1, ( "invalid CCS message, len: %" MBEDTLS_PRINTF_SIZET,
|
||||||
ssl->in_msglen ) );
|
ssl->in_msglen ) );
|
||||||
return( MBEDTLS_ERR_SSL_INVALID_RECORD );
|
return( MBEDTLS_ERR_SSL_INVALID_RECORD );
|
||||||
}
|
}
|
||||||
@ -4939,12 +4969,12 @@ int mbedtls_ssl_handle_message_type( mbedtls_ssl_context *ssl )
|
|||||||
/* Note: Standard allows for more than one 2 byte alert
|
/* Note: Standard allows for more than one 2 byte alert
|
||||||
to be packed in a single message, but Mbed TLS doesn't
|
to be packed in a single message, but Mbed TLS doesn't
|
||||||
currently support this. */
|
currently support this. */
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "invalid alert message, len: %d",
|
MBEDTLS_SSL_DEBUG_MSG( 1, ( "invalid alert message, len: %" MBEDTLS_PRINTF_SIZET,
|
||||||
ssl->in_msglen ) );
|
ssl->in_msglen ) );
|
||||||
return( MBEDTLS_ERR_SSL_INVALID_RECORD );
|
return( MBEDTLS_ERR_SSL_INVALID_RECORD );
|
||||||
}
|
}
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "got an alert message, type: [%d:%d]",
|
MBEDTLS_SSL_DEBUG_MSG( 2, ( "got an alert message, type: [%u:%u]",
|
||||||
ssl->in_msg[0], ssl->in_msg[1] ) );
|
ssl->in_msg[0], ssl->in_msg[1] ) );
|
||||||
|
|
||||||
/*
|
/*
|
||||||
@ -5771,7 +5801,8 @@ static int ssl_write_real( mbedtls_ssl_context *ssl,
|
|||||||
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
|
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "fragment larger than the (negotiated) "
|
MBEDTLS_SSL_DEBUG_MSG( 1, ( "fragment larger than the (negotiated) "
|
||||||
"maximum fragment length: %d > %d",
|
"maximum fragment length: %" MBEDTLS_PRINTF_SIZET
|
||||||
|
" > %" MBEDTLS_PRINTF_SIZET,
|
||||||
len, max_len ) );
|
len, max_len ) );
|
||||||
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
|
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
|
||||||
}
|
}
|
||||||
|
@ -298,13 +298,13 @@ static int ssl_parse_signature_algorithms_ext( mbedtls_ssl_context *ssl,
|
|||||||
{
|
{
|
||||||
mbedtls_ssl_sig_hash_set_add( &ssl->handshake->hash_algs, sig_cur, md_cur );
|
mbedtls_ssl_sig_hash_set_add( &ssl->handshake->hash_algs, sig_cur, md_cur );
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello v3, signature_algorithm ext:"
|
MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello v3, signature_algorithm ext:"
|
||||||
" match sig %d and hash %d",
|
" match sig %u and hash %u",
|
||||||
sig_cur, md_cur ) );
|
(unsigned) sig_cur, (unsigned) md_cur ) );
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello v3, signature_algorithm ext: "
|
MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello v3, signature_algorithm ext: "
|
||||||
"hash alg %d not supported", md_cur ) );
|
"hash alg %u not supported", (unsigned) md_cur ) );
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -633,7 +633,7 @@ static int ssl_parse_session_ticket_ext( mbedtls_ssl_context *ssl,
|
|||||||
/* Remember the client asked us to send a new ticket */
|
/* Remember the client asked us to send a new ticket */
|
||||||
ssl->handshake->new_session_ticket = 1;
|
ssl->handshake->new_session_ticket = 1;
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "ticket length: %d", len ) );
|
MBEDTLS_SSL_DEBUG_MSG( 3, ( "ticket length: %" MBEDTLS_PRINTF_SIZET, len ) );
|
||||||
|
|
||||||
if( len == 0 )
|
if( len == 0 )
|
||||||
return( 0 );
|
return( 0 );
|
||||||
@ -1048,7 +1048,7 @@ static int ssl_ciphersuite_match( mbedtls_ssl_context *ssl, int suite_id,
|
|||||||
}
|
}
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "trying ciphersuite: %#04x (%s)",
|
MBEDTLS_SSL_DEBUG_MSG( 3, ( "trying ciphersuite: %#04x (%s)",
|
||||||
suite_id, suite_info->name ) );
|
(unsigned int) suite_id, suite_info->name ) );
|
||||||
|
|
||||||
if( suite_info->min_minor_ver > ssl->minor_ver ||
|
if( suite_info->min_minor_ver > ssl->minor_ver ||
|
||||||
suite_info->max_minor_ver < ssl->minor_ver )
|
suite_info->max_minor_ver < ssl->minor_ver )
|
||||||
@ -1116,7 +1116,7 @@ static int ssl_ciphersuite_match( mbedtls_ssl_context *ssl, int suite_id,
|
|||||||
mbedtls_ssl_sig_hash_set_find( &ssl->handshake->hash_algs, sig_type ) == MBEDTLS_MD_NONE )
|
mbedtls_ssl_sig_hash_set_find( &ssl->handshake->hash_algs, sig_type ) == MBEDTLS_MD_NONE )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "ciphersuite mismatch: no suitable hash algorithm "
|
MBEDTLS_SSL_DEBUG_MSG( 3, ( "ciphersuite mismatch: no suitable hash algorithm "
|
||||||
"for signature algorithm %d", sig_type ) );
|
"for signature algorithm %u", (unsigned) sig_type ) );
|
||||||
return( 0 );
|
return( 0 );
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -1247,7 +1247,7 @@ static int ssl_parse_client_hello_v2( mbedtls_ssl_context *ssl )
|
|||||||
sess_len = ( buf[2] << 8 ) | buf[3];
|
sess_len = ( buf[2] << 8 ) | buf[3];
|
||||||
chal_len = ( buf[4] << 8 ) | buf[5];
|
chal_len = ( buf[4] << 8 ) | buf[5];
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "ciph_len: %d, sess_len: %d, chal_len: %d",
|
MBEDTLS_SSL_DEBUG_MSG( 3, ( "ciph_len: %u, sess_len: %u, chal_len: %u",
|
||||||
ciph_len, sess_len, chal_len ) );
|
ciph_len, sess_len, chal_len ) );
|
||||||
|
|
||||||
/*
|
/*
|
||||||
@ -1629,7 +1629,7 @@ read_record_header:
|
|||||||
if( cli_msg_seq != ssl->handshake->in_msg_seq )
|
if( cli_msg_seq != ssl->handshake->in_msg_seq )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message_seq: "
|
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message_seq: "
|
||||||
"%d (expected %d)", cli_msg_seq,
|
"%u (expected %u)", cli_msg_seq,
|
||||||
ssl->handshake->in_msg_seq ) );
|
ssl->handshake->in_msg_seq ) );
|
||||||
return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
|
return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
|
||||||
}
|
}
|
||||||
@ -2073,7 +2073,7 @@ read_record_header:
|
|||||||
#endif /* MBEDTLS_SSL_DTLS_SRTP */
|
#endif /* MBEDTLS_SSL_DTLS_SRTP */
|
||||||
|
|
||||||
default:
|
default:
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "unknown extension found: %d (ignoring)",
|
MBEDTLS_SSL_DEBUG_MSG( 3, ( "unknown extension found: %u (ignoring)",
|
||||||
ext_id ) );
|
ext_id ) );
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -2274,7 +2274,7 @@ have_ciphersuite:
|
|||||||
else
|
else
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "no hash algorithm for signature algorithm "
|
MBEDTLS_SSL_DEBUG_MSG( 3, ( "no hash algorithm for signature algorithm "
|
||||||
"%d - should not happen", sig_alg ) );
|
"%u - should not happen", (unsigned) sig_alg ) );
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
@ -2826,7 +2826,8 @@ static int ssl_write_server_hello( mbedtls_ssl_context *ssl )
|
|||||||
*p++ = (unsigned char)( t >> 8 );
|
*p++ = (unsigned char)( t >> 8 );
|
||||||
*p++ = (unsigned char)( t );
|
*p++ = (unsigned char)( t );
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, current time: %lu", t ) );
|
MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, current time: %" MBEDTLS_PRINTF_LONGLONG,
|
||||||
|
(long long) t ) );
|
||||||
#else
|
#else
|
||||||
if( ( ret = ssl->conf->f_rng( ssl->conf->p_rng, p, 4 ) ) != 0 )
|
if( ( ret = ssl->conf->f_rng( ssl->conf->p_rng, p, 4 ) ) != 0 )
|
||||||
return( ret );
|
return( ret );
|
||||||
@ -2914,7 +2915,7 @@ static int ssl_write_server_hello( mbedtls_ssl_context *ssl )
|
|||||||
memcpy( p, ssl->session_negotiate->id, ssl->session_negotiate->id_len );
|
memcpy( p, ssl->session_negotiate->id, ssl->session_negotiate->id_len );
|
||||||
p += ssl->session_negotiate->id_len;
|
p += ssl->session_negotiate->id_len;
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, session id len.: %d", n ) );
|
MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, session id len.: %" MBEDTLS_PRINTF_SIZET, n ) );
|
||||||
MBEDTLS_SSL_DEBUG_BUF( 3, "server hello, session id", buf + 39, n );
|
MBEDTLS_SSL_DEBUG_BUF( 3, "server hello, session id", buf + 39, n );
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "%s session has been resumed",
|
MBEDTLS_SSL_DEBUG_MSG( 3, ( "%s session has been resumed",
|
||||||
ssl->handshake->resume ? "a" : "no" ) );
|
ssl->handshake->resume ? "a" : "no" ) );
|
||||||
@ -2926,7 +2927,7 @@ static int ssl_write_server_hello( mbedtls_ssl_context *ssl )
|
|||||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, chosen ciphersuite: %s",
|
MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, chosen ciphersuite: %s",
|
||||||
mbedtls_ssl_get_ciphersuite_name( ssl->session_negotiate->ciphersuite ) ) );
|
mbedtls_ssl_get_ciphersuite_name( ssl->session_negotiate->ciphersuite ) ) );
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, compress alg.: 0x%02X",
|
MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, compress alg.: 0x%02X",
|
||||||
ssl->session_negotiate->compression ) );
|
(unsigned int) ssl->session_negotiate->compression ) );
|
||||||
|
|
||||||
/* Do not write the extensions if the protocol is SSLv3 */
|
/* Do not write the extensions if the protocol is SSLv3 */
|
||||||
#if defined(MBEDTLS_SSL_PROTO_SSL3)
|
#if defined(MBEDTLS_SSL_PROTO_SSL3)
|
||||||
@ -2995,7 +2996,8 @@ static int ssl_write_server_hello( mbedtls_ssl_context *ssl )
|
|||||||
ext_len += olen;
|
ext_len += olen;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, total extension length: %d", ext_len ) );
|
MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, total extension length: %" MBEDTLS_PRINTF_SIZET,
|
||||||
|
ext_len ) );
|
||||||
|
|
||||||
if( ext_len > 0 )
|
if( ext_len > 0 )
|
||||||
{
|
{
|
||||||
@ -3502,7 +3504,7 @@ curve_matching_done:
|
|||||||
md_alg = MBEDTLS_MD_NONE;
|
md_alg = MBEDTLS_MD_NONE;
|
||||||
}
|
}
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "pick hash algorithm %d for signing", md_alg ) );
|
MBEDTLS_SSL_DEBUG_MSG( 3, ( "pick hash algorithm %u for signing", (unsigned) md_alg ) );
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* 2.2: Compute the hash to be signed
|
* 2.2: Compute the hash to be signed
|
||||||
|
@ -283,7 +283,8 @@ static void handle_buffer_resizing( mbedtls_ssl_context *ssl, int downsizing,
|
|||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "Reallocating in_buf to %d", in_buf_new_len ) );
|
MBEDTLS_SSL_DEBUG_MSG( 2, ( "Reallocating in_buf to %" MBEDTLS_PRINTF_SIZET,
|
||||||
|
in_buf_new_len ) );
|
||||||
modified = 1;
|
modified = 1;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -304,7 +305,8 @@ static void handle_buffer_resizing( mbedtls_ssl_context *ssl, int downsizing,
|
|||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "Reallocating out_buf to %d", out_buf_new_len ) );
|
MBEDTLS_SSL_DEBUG_MSG( 2, ( "Reallocating out_buf to %" MBEDTLS_PRINTF_SIZET,
|
||||||
|
out_buf_new_len ) );
|
||||||
modified = 1;
|
modified = 1;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -961,7 +963,7 @@ static int ssl_populate_transform( mbedtls_ssl_transform *transform,
|
|||||||
cipher_info = mbedtls_cipher_info_from_type( ciphersuite_info->cipher );
|
cipher_info = mbedtls_cipher_info_from_type( ciphersuite_info->cipher );
|
||||||
if( cipher_info == NULL )
|
if( cipher_info == NULL )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "cipher info for %d not found",
|
MBEDTLS_SSL_DEBUG_MSG( 1, ( "cipher info for %u not found",
|
||||||
ciphersuite_info->cipher ) );
|
ciphersuite_info->cipher ) );
|
||||||
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
|
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
|
||||||
}
|
}
|
||||||
@ -969,8 +971,8 @@ static int ssl_populate_transform( mbedtls_ssl_transform *transform,
|
|||||||
md_info = mbedtls_md_info_from_type( ciphersuite_info->mac );
|
md_info = mbedtls_md_info_from_type( ciphersuite_info->mac );
|
||||||
if( md_info == NULL )
|
if( md_info == NULL )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "mbedtls_md info for %d not found",
|
MBEDTLS_SSL_DEBUG_MSG( 1, ( "mbedtls_md info for %u not found",
|
||||||
ciphersuite_info->mac ) );
|
(unsigned) ciphersuite_info->mac ) );
|
||||||
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
|
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -2215,8 +2217,9 @@ int mbedtls_ssl_write_certificate( mbedtls_ssl_context *ssl )
|
|||||||
n = crt->raw.len;
|
n = crt->raw.len;
|
||||||
if( n > MBEDTLS_SSL_OUT_CONTENT_LEN - 3 - i )
|
if( n > MBEDTLS_SSL_OUT_CONTENT_LEN - 3 - i )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "certificate too large, %d > %d",
|
MBEDTLS_SSL_DEBUG_MSG( 1, ( "certificate too large, %" MBEDTLS_PRINTF_SIZET
|
||||||
i + 3 + n, MBEDTLS_SSL_OUT_CONTENT_LEN ) );
|
" > %" MBEDTLS_PRINTF_SIZET,
|
||||||
|
i + 3 + n, (size_t) MBEDTLS_SSL_OUT_CONTENT_LEN ) );
|
||||||
return( MBEDTLS_ERR_SSL_CERTIFICATE_TOO_LARGE );
|
return( MBEDTLS_ERR_SSL_CERTIFICATE_TOO_LARGE );
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -2707,8 +2710,8 @@ static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl,
|
|||||||
#if defined(MBEDTLS_DEBUG_C)
|
#if defined(MBEDTLS_DEBUG_C)
|
||||||
if( ssl->session_negotiate->verify_result != 0 )
|
if( ssl->session_negotiate->verify_result != 0 )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "! Certificate verification flags %x",
|
MBEDTLS_SSL_DEBUG_MSG( 3, ( "! Certificate verification flags %08x",
|
||||||
ssl->session_negotiate->verify_result ) );
|
(unsigned int) ssl->session_negotiate->verify_result ) );
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
@ -2831,7 +2834,7 @@ int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl )
|
|||||||
chain = mbedtls_calloc( 1, sizeof( mbedtls_x509_crt ) );
|
chain = mbedtls_calloc( 1, sizeof( mbedtls_x509_crt ) );
|
||||||
if( chain == NULL )
|
if( chain == NULL )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc(%d bytes) failed",
|
MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc(%" MBEDTLS_PRINTF_SIZET " bytes) failed",
|
||||||
sizeof( mbedtls_x509_crt ) ) );
|
sizeof( mbedtls_x509_crt ) ) );
|
||||||
mbedtls_ssl_send_alert_message( ssl,
|
mbedtls_ssl_send_alert_message( ssl,
|
||||||
MBEDTLS_SSL_ALERT_LEVEL_FATAL,
|
MBEDTLS_SSL_ALERT_LEVEL_FATAL,
|
||||||
@ -3858,7 +3861,7 @@ int mbedtls_ssl_setup( mbedtls_ssl_context *ssl,
|
|||||||
ssl->in_buf = mbedtls_calloc( 1, in_buf_len );
|
ssl->in_buf = mbedtls_calloc( 1, in_buf_len );
|
||||||
if( ssl->in_buf == NULL )
|
if( ssl->in_buf == NULL )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc(%d bytes) failed", in_buf_len ) );
|
MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc(%" MBEDTLS_PRINTF_SIZET " bytes) failed", in_buf_len ) );
|
||||||
ret = MBEDTLS_ERR_SSL_ALLOC_FAILED;
|
ret = MBEDTLS_ERR_SSL_ALLOC_FAILED;
|
||||||
goto error;
|
goto error;
|
||||||
}
|
}
|
||||||
@ -3869,7 +3872,7 @@ int mbedtls_ssl_setup( mbedtls_ssl_context *ssl,
|
|||||||
ssl->out_buf = mbedtls_calloc( 1, out_buf_len );
|
ssl->out_buf = mbedtls_calloc( 1, out_buf_len );
|
||||||
if( ssl->out_buf == NULL )
|
if( ssl->out_buf == NULL )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc(%d bytes) failed", out_buf_len ) );
|
MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc(%" MBEDTLS_PRINTF_SIZET " bytes) failed", out_buf_len ) );
|
||||||
ret = MBEDTLS_ERR_SSL_ALLOC_FAILED;
|
ret = MBEDTLS_ERR_SSL_ALLOC_FAILED;
|
||||||
goto error;
|
goto error;
|
||||||
}
|
}
|
||||||
|
@ -3,8 +3,8 @@
|
|||||||
# To compile with PKCS11: add "-lpkcs11-helper" to LDFLAGS
|
# To compile with PKCS11: add "-lpkcs11-helper" to LDFLAGS
|
||||||
|
|
||||||
CFLAGS ?= -O2
|
CFLAGS ?= -O2
|
||||||
WARNING_CFLAGS ?= -Wall -Wextra
|
WARNING_CFLAGS ?= -Wall -Wextra -Wformat=2 -Wno-format-nonliteral
|
||||||
WARNING_CXXFLAGS ?= -Wall -Wextra
|
WARNING_CXXFLAGS ?= -Wall -Wextra -Wformat=2 -Wno-format-nonliteral
|
||||||
LDFLAGS ?=
|
LDFLAGS ?=
|
||||||
|
|
||||||
MBEDTLS_TEST_PATH:=../tests/src
|
MBEDTLS_TEST_PATH:=../tests/src
|
||||||
|
@ -1667,7 +1667,7 @@ int main( int argc, char *argv[] )
|
|||||||
PSA_ALG_SHA_256 ) ) != 0 )
|
PSA_ALG_SHA_256 ) ) != 0 )
|
||||||
{
|
{
|
||||||
mbedtls_printf( " failed\n ! "
|
mbedtls_printf( " failed\n ! "
|
||||||
"mbedtls_pk_wrap_as_opaque returned -0x%x\n\n", -ret );
|
"mbedtls_pk_wrap_as_opaque returned -0x%x\n\n", (unsigned int) -ret );
|
||||||
goto exit;
|
goto exit;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -3,7 +3,7 @@
|
|||||||
# To compile with PKCS11: add "-lpkcs11-helper" to LDFLAGS
|
# To compile with PKCS11: add "-lpkcs11-helper" to LDFLAGS
|
||||||
|
|
||||||
CFLAGS ?= -O2
|
CFLAGS ?= -O2
|
||||||
WARNING_CFLAGS ?= -Wall -Wextra
|
WARNING_CFLAGS ?= -Wall -Wextra -Wformat=2 -Wno-format-nonliteral
|
||||||
LDFLAGS ?=
|
LDFLAGS ?=
|
||||||
|
|
||||||
# Include public header files from ../include, test-specific header files
|
# Include public header files from ../include, test-specific header files
|
||||||
|
@ -16,6 +16,7 @@
|
|||||||
#define PSA_ITS_STORAGE_SUFFIX ".psa_its"
|
#define PSA_ITS_STORAGE_SUFFIX ".psa_its"
|
||||||
#define PSA_ITS_STORAGE_FILENAME_LENGTH \
|
#define PSA_ITS_STORAGE_FILENAME_LENGTH \
|
||||||
( sizeof( PSA_ITS_STORAGE_PREFIX ) - 1 + /*prefix without terminating 0*/ \
|
( sizeof( PSA_ITS_STORAGE_PREFIX ) - 1 + /*prefix without terminating 0*/ \
|
||||||
|
16 + /*UID (64-bit number in hex)*/ \
|
||||||
16 + /*UID (64-bit number in hex)*/ \
|
16 + /*UID (64-bit number in hex)*/ \
|
||||||
sizeof( PSA_ITS_STORAGE_SUFFIX ) - 1 + /*suffix without terminating 0*/ \
|
sizeof( PSA_ITS_STORAGE_SUFFIX ) - 1 + /*suffix without terminating 0*/ \
|
||||||
1 /*terminating null byte*/ )
|
1 /*terminating null byte*/ )
|
||||||
|
Loading…
Reference in New Issue
Block a user