Merge remote-tracking branch 'origin/pr/641' into baremetal

This commit is contained in:
Simon Butcher 2019-09-04 12:17:33 +01:00
commit 8afa0883af
4 changed files with 639 additions and 677 deletions

View File

@ -58,6 +58,14 @@
#include "tinycrypt/ecc_dh.h" #include "tinycrypt/ecc_dh.h"
#endif #endif
#if defined(__GNUC__) || defined(__arm__)
#define MBEDTLS_ALWAYS_INLINE __attribute__((always_inline))
#define MBEDTLS_NO_INLINE __attribute__((noinline))
#else
#define MBEDTLS_ALWAYS_INLINE
#define MBEDTLS_NO_INLINE
#endif
#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \ #if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
!defined(inline) && !defined(__cplusplus) !defined(inline) && !defined(__cplusplus)
#define inline __inline #define inline __inline
@ -499,13 +507,6 @@ struct mbedtls_ssl_handshake_params
#endif #endif
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
void (*update_checksum)(mbedtls_ssl_context *, const unsigned char *, size_t);
void (*calc_verify)(const mbedtls_ssl_context *, unsigned char *, size_t *);
void (*calc_finished)(mbedtls_ssl_context *, unsigned char *, int);
int (*tls_prf)(const unsigned char *, size_t, const char *,
const unsigned char *, size_t,
unsigned char *, size_t);
#if !defined(MBEDTLS_SSL_CONF_SINGLE_CIPHERSUITE) #if !defined(MBEDTLS_SSL_CONF_SINGLE_CIPHERSUITE)
mbedtls_ssl_ciphersuite_handle_t ciphersuite_info; mbedtls_ssl_ciphersuite_handle_t ciphersuite_info;
#endif /* !MBEDTLS_SSL_CONF_SINGLE_CIPHERSUITE */ #endif /* !MBEDTLS_SSL_CONF_SINGLE_CIPHERSUITE */
@ -1011,7 +1012,6 @@ mbedtls_pk_type_t mbedtls_ssl_pk_alg_from_sig( unsigned char sig );
mbedtls_md_type_t mbedtls_ssl_md_alg_from_hash( unsigned char hash ); mbedtls_md_type_t mbedtls_ssl_md_alg_from_hash( unsigned char hash );
unsigned char mbedtls_ssl_hash_from_md_alg( int md ); unsigned char mbedtls_ssl_hash_from_md_alg( int md );
int mbedtls_ssl_set_calc_verify_md( mbedtls_ssl_context *ssl, int md );
#if defined(MBEDTLS_ECP_C) #if defined(MBEDTLS_ECP_C)
int mbedtls_ssl_check_curve( const mbedtls_ssl_context *ssl, mbedtls_ecp_group_id grp_id ); int mbedtls_ssl_check_curve( const mbedtls_ssl_context *ssl, mbedtls_ecp_group_id grp_id );
@ -1185,9 +1185,8 @@ int mbedtls_ssl_get_key_exchange_md_tls1_2( mbedtls_ssl_context *ssl,
* 1.0 <-> 3.2 (DTLS 1.0 is based on TLS 1.1) * 1.0 <-> 3.2 (DTLS 1.0 is based on TLS 1.1)
* 1.x <-> 3.x+1 for x != 0 (DTLS 1.2 based on TLS 1.2) * 1.x <-> 3.x+1 for x != 0 (DTLS 1.2 based on TLS 1.2)
*/ */
static inline void mbedtls_ssl_write_version( int major, int minor, MBEDTLS_ALWAYS_INLINE static inline void mbedtls_ssl_write_version(
int transport, int major, int minor, int transport, unsigned char ver[2] )
unsigned char ver[2] )
{ {
#if !defined(MBEDTLS_SSL_TRANSPORT__BOTH) #if !defined(MBEDTLS_SSL_TRANSPORT__BOTH)
((void) transport); ((void) transport);
@ -1212,9 +1211,8 @@ static inline void mbedtls_ssl_write_version( int major, int minor,
#endif #endif
} }
static inline void mbedtls_ssl_read_version( int *major, int *minor, MBEDTLS_ALWAYS_INLINE static inline void mbedtls_ssl_read_version(
int transport, int *major, int *minor, int transport, const unsigned char ver[2] )
const unsigned char ver[2] )
{ {
#if !defined(MBEDTLS_SSL_TRANSPORT__BOTH) #if !defined(MBEDTLS_SSL_TRANSPORT__BOTH)
((void) transport); ((void) transport);
@ -1803,12 +1801,6 @@ static inline unsigned int mbedtls_ssl_conf_get_ems_enforced(
#endif /* MBEDTLS_SSL_CONF_SINGLE_SIG_HASH */ #endif /* MBEDTLS_SSL_CONF_SINGLE_SIG_HASH */
#if defined(__GNUC__) || defined(__arm__)
#define MBEDTLS_ALWAYS_INLINE __attribute__((always_inline))
#else
#define MBEDTLS_ALWAYS_INLINE
#endif
/* This internal function can be used to pend a fatal alert for /* This internal function can be used to pend a fatal alert for
* later delivery. * later delivery.
* *
@ -1842,6 +1834,31 @@ static inline int mbedtls_ssl_session_get_compression(
#endif #endif
} }
MBEDTLS_ALWAYS_INLINE static inline void mbedtls_ssl_update_checksum(
mbedtls_ssl_context *ssl,
const unsigned char *buf, size_t len )
{
#if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \
defined(MBEDTLS_SSL_PROTO_TLS1_1)
mbedtls_md5_update_ret( &ssl->handshake->fin_md5 , buf, len );
mbedtls_sha1_update_ret( &ssl->handshake->fin_sha1, buf, len );
#endif
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
#if defined(MBEDTLS_SHA256_C)
mbedtls_sha256_update_ret( &ssl->handshake->fin_sha256, buf, len );
#endif
#if defined(MBEDTLS_SHA512_C)
mbedtls_sha512_update_ret( &ssl->handshake->fin_sha512, buf, len );
#endif
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
}
int mbedtls_ssl_calc_verify( int minor_ver,
mbedtls_md_type_t hash,
mbedtls_ssl_context const *ssl,
unsigned char *dst,
size_t *hlen );
#define MBEDTLS_SSL_CHK(f) do { if( ( ret = f ) < 0 ) goto cleanup; } while( 0 ) #define MBEDTLS_SSL_CHK(f) do { if( ( ret = f ) < 0 ) goto cleanup; } while( 0 )
#if defined(MBEDTLS_USE_TINYCRYPT) #if defined(MBEDTLS_USE_TINYCRYPT)

View File

@ -1823,7 +1823,6 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl )
MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR ); MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR );
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
} }
mbedtls_ssl_optimize_checksum( ssl, server_suite_info );
MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, session id len.: %d", n ) ); MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, session id len.: %d", n ) );
MBEDTLS_SSL_DEBUG_BUF( 3, "server hello, session id", buf + 35, n ); MBEDTLS_SSL_DEBUG_BUF( 3, "server hello, session id", buf + 35, n );
@ -3890,7 +3889,10 @@ static int ssl_write_certificate_verify( mbedtls_ssl_context *ssl )
sign: sign:
#endif #endif
ssl->handshake->calc_verify( ssl, hash, &hashlen ); mbedtls_ssl_calc_verify(
mbedtls_ssl_get_minor_ver( ssl ),
mbedtls_ssl_suite_get_mac( ciphersuite_info ),
ssl, hash, &hashlen );
#if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \ #if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \
defined(MBEDTLS_SSL_PROTO_TLS1_1) defined(MBEDTLS_SSL_PROTO_TLS1_1)

View File

@ -1138,7 +1138,7 @@ static int ssl_parse_client_hello_v2( mbedtls_ssl_context *ssl )
return( ret ); return( ret );
} }
ssl->handshake->update_checksum( ssl, buf + 2, n ); mbedtls_ssl_update_checksum( ssl, buf + 2, n );
buf = ssl->in_msg; buf = ssl->in_msg;
n = ssl->in_left - 5; n = ssl->in_left - 5;
@ -1523,7 +1523,7 @@ read_record_header:
MBEDTLS_SSL_DEBUG_BUF( 4, "record contents", buf, msg_len ); MBEDTLS_SSL_DEBUG_BUF( 4, "record contents", buf, msg_len );
ssl->handshake->update_checksum( ssl, buf, msg_len ); mbedtls_ssl_update_checksum( ssl, buf, msg_len );
/* /*
* Handshake layer: * Handshake layer:
@ -4524,7 +4524,14 @@ static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl )
*/ */
md_alg = mbedtls_ssl_md_alg_from_hash( ssl->in_msg[i] ); md_alg = mbedtls_ssl_md_alg_from_hash( ssl->in_msg[i] );
if( md_alg == MBEDTLS_MD_NONE || mbedtls_ssl_set_calc_verify_md( ssl, ssl->in_msg[i] ) ) if(
#if defined(MBEDTLS_SHA512_C)
md_alg != MBEDTLS_MD_SHA384 &&
#endif
#if defined(MBEDTLS_SHA256_C)
md_alg != MBEDTLS_MD_SHA256 &&
#endif
1 )
{ {
MBEDTLS_SSL_DEBUG_MSG( 1, ( "peer not adhering to requested sig_alg" MBEDTLS_SSL_DEBUG_MSG( 1, ( "peer not adhering to requested sig_alg"
" for verify message" ) ); " for verify message" ) );
@ -4532,11 +4539,6 @@ static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl )
goto exit; goto exit;
} }
#if !defined(MBEDTLS_MD_SHA1)
if( MBEDTLS_MD_SHA1 == md_alg )
hash_start += 16;
#endif
/* Info from md_alg will be used instead */ /* Info from md_alg will be used instead */
hashlen = 0; hashlen = 0;
@ -4593,7 +4595,9 @@ static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl )
/* Calculate hash and verify signature */ /* Calculate hash and verify signature */
{ {
size_t dummy_hlen; size_t dummy_hlen;
ssl->handshake->calc_verify( ssl, hash, &dummy_hlen ); mbedtls_ssl_calc_verify(
mbedtls_ssl_get_minor_ver( ssl ),
md_alg, ssl, hash, &dummy_hlen );
} }
if( ( ret = mbedtls_pk_verify( peer_pk, if( ( ret = mbedtls_pk_verify( peer_pk,

File diff suppressed because it is too large Load Diff