mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-26 11:05:47 +01:00
Changed mbedtls_platform_memcpy to memcpy in places which don't handle critical data
and under baremetal define
This commit is contained in:
parent
b5c4671a80
commit
6f4e030166
@ -211,7 +211,7 @@ struct tm *mbedtls_platform_gmtime_r( const mbedtls_time_t *tt,
|
||||
|
||||
if( lt != NULL )
|
||||
{
|
||||
mbedtls_platform_memcpy( tm_buf, lt, sizeof( struct tm ) );
|
||||
memcpy( tm_buf, lt, sizeof( struct tm ) );
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_THREADING_C)
|
||||
|
@ -440,7 +440,8 @@ static void ssl_write_cid_ext( mbedtls_ssl_context *ssl,
|
||||
p = mbedtls_platform_put_uint16_be( p, ext_len );
|
||||
|
||||
*p++ = (uint8_t) ssl->own_cid_len;
|
||||
mbedtls_platform_memcpy( p, ssl->own_cid, ssl->own_cid_len );
|
||||
/* Not using more secure mbedtls_platform_memcpy as cid is public */
|
||||
memcpy( p, ssl->own_cid, ssl->own_cid_len );
|
||||
|
||||
*olen = ssl->own_cid_len + 5;
|
||||
}
|
||||
@ -1272,7 +1273,8 @@ static int ssl_parse_cid_ext( mbedtls_ssl_context *ssl,
|
||||
|
||||
ssl->handshake->cid_in_use = MBEDTLS_SSL_CID_ENABLED;
|
||||
ssl->handshake->peer_cid_len = (uint8_t) peer_cid_len;
|
||||
mbedtls_platform_memcpy( ssl->handshake->peer_cid, buf, peer_cid_len );
|
||||
/* Not using more secure mbedtls_platform_memcpy as peer_cid is public */
|
||||
memcpy( ssl->handshake->peer_cid, buf, peer_cid_len );
|
||||
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "Use of CID extension negotiated" ) );
|
||||
MBEDTLS_SSL_DEBUG_BUF( 3, "Server CID", buf, peer_cid_len );
|
||||
@ -1848,7 +1850,8 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl )
|
||||
ssl->session_negotiate->compression = comp;
|
||||
#endif
|
||||
ssl->session_negotiate->id_len = n;
|
||||
mbedtls_platform_memcpy( ssl->session_negotiate->id, buf + 35, n );
|
||||
/* Not using more secure mbedtls_platform_memcpy as id is public */
|
||||
memcpy( ssl->session_negotiate->id, buf + 35, n );
|
||||
}
|
||||
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "%s session has been resumed",
|
||||
|
@ -63,7 +63,8 @@ int mbedtls_ssl_set_client_transport_id( mbedtls_ssl_context *ssl,
|
||||
if( ( ssl->cli_id = mbedtls_calloc( 1, ilen ) ) == NULL )
|
||||
return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
|
||||
|
||||
mbedtls_platform_memcpy( ssl->cli_id, info, ilen );
|
||||
/* Not using more secure mbedtls_platform_memcpy as id is public*/
|
||||
memcpy( ssl->cli_id, info, ilen );
|
||||
ssl->cli_id_len = ilen;
|
||||
|
||||
return( 0 );
|
||||
@ -485,7 +486,8 @@ static int ssl_parse_cid_ext( mbedtls_ssl_context *ssl,
|
||||
|
||||
ssl->handshake->cid_in_use = MBEDTLS_SSL_CID_ENABLED;
|
||||
ssl->handshake->peer_cid_len = (uint8_t) peer_cid_len;
|
||||
mbedtls_platform_memcpy( ssl->handshake->peer_cid, buf, peer_cid_len );
|
||||
/* Not using more secure mbedtls_platform_memcpy as peer_cid is is public */
|
||||
memcpy( ssl->handshake->peer_cid, buf, peer_cid_len );
|
||||
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "Use of CID extension negotiated" ) );
|
||||
MBEDTLS_SSL_DEBUG_BUF( 3, "Client CID", buf, peer_cid_len );
|
||||
@ -1738,7 +1740,8 @@ read_record_header:
|
||||
ssl->session_negotiate->id_len = sess_len;
|
||||
memset( ssl->session_negotiate->id, 0,
|
||||
sizeof( ssl->session_negotiate->id ) );
|
||||
mbedtls_platform_memcpy( ssl->session_negotiate->id, buf + 35,
|
||||
/* Not using more secure mbedtls_platform_memcpy as id is public */
|
||||
memcpy( ssl->session_negotiate->id, buf + 35,
|
||||
ssl->session_negotiate->id_len );
|
||||
|
||||
/*
|
||||
@ -2391,7 +2394,8 @@ static void ssl_write_cid_ext( mbedtls_ssl_context *ssl,
|
||||
ext_len = (size_t) ssl->own_cid_len + 1;
|
||||
p = mbedtls_platform_put_uint16_be( p, ext_len );
|
||||
*p++ = (uint8_t) ssl->own_cid_len;
|
||||
mbedtls_platform_memcpy( p, ssl->own_cid, ssl->own_cid_len );
|
||||
/* Not using more secure mbedtls_platform_memcpy as cid is public */
|
||||
memcpy( p, ssl->own_cid, ssl->own_cid_len );
|
||||
|
||||
*olen = ssl->own_cid_len + 5;
|
||||
}
|
||||
@ -2887,7 +2891,8 @@ static int ssl_write_server_hello( mbedtls_ssl_context *ssl )
|
||||
* 44+n . 43+n+m extensions
|
||||
*/
|
||||
*p++ = (unsigned char) ssl->session_negotiate->id_len;
|
||||
mbedtls_platform_memcpy( p, ssl->session_negotiate->id, ssl->session_negotiate->id_len );
|
||||
/* Not using more secure mbedtls_platform_memcpy as id is public */
|
||||
memcpy( p, ssl->session_negotiate->id, ssl->session_negotiate->id_len );
|
||||
p += ssl->session_negotiate->id_len;
|
||||
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, session id len.: %d", n ) );
|
||||
|
@ -299,7 +299,8 @@ int mbedtls_ssl_set_cid( mbedtls_ssl_context *ssl,
|
||||
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
|
||||
}
|
||||
|
||||
mbedtls_platform_memcpy( ssl->own_cid, own_cid, own_cid_len );
|
||||
/* Not using more secure mbedtls_platform_memcpy as cid is public */
|
||||
memcpy( ssl->own_cid, own_cid, own_cid_len );
|
||||
/* Truncation is not an issue here because
|
||||
* MBEDTLS_SSL_CID_IN_LEN_MAX at most 255. */
|
||||
ssl->own_cid_len = (uint8_t) own_cid_len;
|
||||
@ -335,7 +336,8 @@ int mbedtls_ssl_get_peer_cid( mbedtls_ssl_context *ssl,
|
||||
*peer_cid_len = ssl->transform_in->out_cid_len;
|
||||
if( peer_cid != NULL )
|
||||
{
|
||||
mbedtls_platform_memcpy( peer_cid, ssl->transform_in->out_cid,
|
||||
/* Not using more secure mbedtls_platform_memcpy as cid is public */
|
||||
memcpy( peer_cid, ssl->transform_in->out_cid,
|
||||
ssl->transform_in->out_cid_len );
|
||||
}
|
||||
}
|
||||
@ -1317,12 +1319,14 @@ int ssl_populate_transform( mbedtls_ssl_transform *transform,
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "Copy CIDs into SSL transform" ) );
|
||||
|
||||
transform->in_cid_len = ssl->own_cid_len;
|
||||
mbedtls_platform_memcpy( transform->in_cid, ssl->own_cid, ssl->own_cid_len );
|
||||
/* Not using more secure mbedtls_platform_memcpy as cid is public */
|
||||
memcpy( transform->in_cid, ssl->own_cid, ssl->own_cid_len );
|
||||
MBEDTLS_SSL_DEBUG_BUF( 3, "Incoming CID", transform->in_cid,
|
||||
transform->in_cid_len );
|
||||
|
||||
transform->out_cid_len = ssl->handshake->peer_cid_len;
|
||||
mbedtls_platform_memcpy( transform->out_cid, ssl->handshake->peer_cid,
|
||||
/* Not using more secure mbedtls_platform_memcpy as cid is public */
|
||||
memcpy( transform->out_cid, ssl->handshake->peer_cid,
|
||||
ssl->handshake->peer_cid_len );
|
||||
MBEDTLS_SSL_DEBUG_BUF( 3, "Outgoing CID", transform->out_cid,
|
||||
transform->out_cid_len );
|
||||
@ -2479,7 +2483,8 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
|
||||
* Add CID information
|
||||
*/
|
||||
rec->cid_len = transform->out_cid_len;
|
||||
mbedtls_platform_memcpy( rec->cid, transform->out_cid, transform->out_cid_len );
|
||||
/* Not using more secure mbedtls_platform_memcpy as cid is public */
|
||||
memcpy( rec->cid, transform->out_cid, transform->out_cid_len );
|
||||
MBEDTLS_SSL_DEBUG_BUF( 3, "CID", rec->cid, rec->cid_len );
|
||||
|
||||
if( rec->cid_len != 0 )
|
||||
@ -4540,7 +4545,8 @@ int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl, uint8_t force_flush )
|
||||
/* Update the record content type and CID. */
|
||||
ssl->out_msgtype = rec.type;
|
||||
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID )
|
||||
mbedtls_platform_memcpy( ssl->out_cid, rec.cid, rec.cid_len );
|
||||
/* Not using more secure mbedtls_platform_memcpy as cid is public */
|
||||
memcpy( ssl->out_cid, rec.cid, rec.cid_len );
|
||||
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
|
||||
ssl->out_msglen = len = rec.data_len;
|
||||
(void)mbedtls_platform_put_uint16_be( ssl->out_len, rec.data_len );
|
||||
@ -5328,7 +5334,8 @@ static int ssl_parse_record_header( mbedtls_ssl_context const *ssl,
|
||||
/* configured CID len is guaranteed at most 255, see
|
||||
* MBEDTLS_SSL_CID_OUT_LEN_MAX in check_config.h */
|
||||
rec->cid_len = (uint8_t) rec_hdr_cid_len;
|
||||
mbedtls_platform_memcpy( rec->cid, buf + rec_hdr_cid_offset, rec_hdr_cid_len );
|
||||
/* Not using more secure mbedtls_platform_memcpy as cid is public */
|
||||
memcpy( rec->cid, buf + rec_hdr_cid_offset, rec_hdr_cid_len );
|
||||
}
|
||||
else
|
||||
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
|
||||
@ -5372,7 +5379,8 @@ static int ssl_parse_record_header( mbedtls_ssl_context const *ssl,
|
||||
if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport ) )
|
||||
{
|
||||
/* Copy explicit record sequence number from input buffer. */
|
||||
mbedtls_platform_memcpy( &rec->ctr[0], buf + rec_hdr_ctr_offset,
|
||||
/* Not using more secure mbedtls_platform_memcpy as sequence number is public */
|
||||
memcpy( &rec->ctr[0], buf + rec_hdr_ctr_offset,
|
||||
rec_hdr_ctr_len );
|
||||
}
|
||||
MBEDTLS_SSL_TRANSPORT_ELSE
|
||||
@ -5380,7 +5388,8 @@ static int ssl_parse_record_header( mbedtls_ssl_context const *ssl,
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS)
|
||||
{
|
||||
/* Copy implicit record sequence number from SSL context structure. */
|
||||
mbedtls_platform_memcpy( &rec->ctr[0], ssl->in_ctr, rec_hdr_ctr_len );
|
||||
/* Not using more secure mbedtls_platform_memcpy as sequence number is public */
|
||||
memcpy( &rec->ctr[0], ssl->in_ctr, rec_hdr_ctr_len );
|
||||
}
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS */
|
||||
|
||||
@ -9019,7 +9028,8 @@ int mbedtls_ssl_set_hostname( mbedtls_ssl_context *ssl, const char *hostname )
|
||||
if( ssl->hostname == NULL )
|
||||
return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
|
||||
|
||||
mbedtls_platform_memcpy( ssl->hostname, hostname, hostname_len );
|
||||
/* Not using more secure mbedtls_platform_memcpy as hostname is public in initial handshake */
|
||||
memcpy( ssl->hostname, hostname, hostname_len );
|
||||
|
||||
ssl->hostname[hostname_len] = '\0';
|
||||
}
|
||||
@ -9828,7 +9838,8 @@ static int ssl_session_save( const mbedtls_ssl_session *session,
|
||||
#endif
|
||||
|
||||
*p++ = (unsigned char)( session->id_len & 0xFF );
|
||||
mbedtls_platform_memcpy( p, session->id, 32 );
|
||||
/* Not using more secure mbedtls_platform_memcpy as session id is public */
|
||||
memcpy( p, session->id, 32 );
|
||||
p += 32;
|
||||
|
||||
mbedtls_platform_memcpy( p, session->master, 48 );
|
||||
@ -10055,7 +10066,8 @@ static int ssl_session_load( mbedtls_ssl_session *session,
|
||||
#endif
|
||||
|
||||
session->id_len = *p++;
|
||||
mbedtls_platform_memcpy( session->id, p, 32 );
|
||||
/* Not using more secure mbedtls_platform_memcpy as session id is public */
|
||||
memcpy( session->id, p, 32 );
|
||||
p += 32;
|
||||
|
||||
mbedtls_platform_memcpy( session->master, p, 48 );
|
||||
@ -11313,11 +11325,13 @@ int mbedtls_ssl_context_save( mbedtls_ssl_context *ssl,
|
||||
if( used <= buf_len )
|
||||
{
|
||||
*p++ = ssl->transform->in_cid_len;
|
||||
mbedtls_platform_memcpy( p, ssl->transform->in_cid, ssl->transform->in_cid_len );
|
||||
/* Not using more secure mbedtls_platform_memcpy as cid is public */
|
||||
memcpy( p, ssl->transform->in_cid, ssl->transform->in_cid_len );
|
||||
p += ssl->transform->in_cid_len;
|
||||
|
||||
*p++ = ssl->transform->out_cid_len;
|
||||
mbedtls_platform_memcpy( p, ssl->transform->out_cid, ssl->transform->out_cid_len );
|
||||
/* Not using more secure mbedtls_platform_memcpy as cid is public */
|
||||
memcpy( p, ssl->transform->out_cid, ssl->transform->out_cid_len );
|
||||
p += ssl->transform->out_cid_len;
|
||||
}
|
||||
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
|
||||
@ -11554,7 +11568,8 @@ static int ssl_context_load( mbedtls_ssl_context *ssl,
|
||||
if( (size_t)( end - p ) < ssl->transform->in_cid_len + 1u )
|
||||
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
|
||||
|
||||
mbedtls_platform_memcpy( ssl->transform->in_cid, p, ssl->transform->in_cid_len );
|
||||
/* Not using more secure mbedtls_platform_memcpy as cid is public */
|
||||
memcpy( ssl->transform->in_cid, p, ssl->transform->in_cid_len );
|
||||
p += ssl->transform->in_cid_len;
|
||||
|
||||
ssl->transform->out_cid_len = *p++;
|
||||
@ -11562,7 +11577,8 @@ static int ssl_context_load( mbedtls_ssl_context *ssl,
|
||||
if( (size_t)( end - p ) < ssl->transform->out_cid_len )
|
||||
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
|
||||
|
||||
mbedtls_platform_memcpy( ssl->transform->out_cid, p, ssl->transform->out_cid_len );
|
||||
/* Not using more secure mbedtls_platform_memcpy as cid is public */
|
||||
memcpy( ssl->transform->out_cid, p, ssl->transform->out_cid_len );
|
||||
p += ssl->transform->out_cid_len;
|
||||
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user