From 218e2596debcd9bc353605a0f2ec03ce7d0fd8af Mon Sep 17 00:00:00 2001 From: Thomas Faber Date: Sat, 11 Sep 2021 19:41:25 -0400 Subject: [PATCH] [MBEDTLS] Update to version 2.7.17. CORE-17252 --- dll/3rdparty/mbedtls/aes.c | 4 +- dll/3rdparty/mbedtls/aesni.c | 4 +- dll/3rdparty/mbedtls/arc4.c | 4 +- dll/3rdparty/mbedtls/asn1parse.c | 4 +- dll/3rdparty/mbedtls/asn1write.c | 4 +- dll/3rdparty/mbedtls/base64.c | 4 +- dll/3rdparty/mbedtls/bignum.c | 4 +- dll/3rdparty/mbedtls/blowfish.c | 4 +- dll/3rdparty/mbedtls/camellia.c | 4 +- dll/3rdparty/mbedtls/ccm.c | 4 +- dll/3rdparty/mbedtls/certs.c | 26 +- dll/3rdparty/mbedtls/cipher.c | 4 +- dll/3rdparty/mbedtls/cipher_wrap.c | 4 +- dll/3rdparty/mbedtls/cmac.c | 4 +- dll/3rdparty/mbedtls/ctr_drbg.c | 4 +- dll/3rdparty/mbedtls/debug.c | 4 +- dll/3rdparty/mbedtls/des.c | 4 +- dll/3rdparty/mbedtls/dhm.c | 60 +++- dll/3rdparty/mbedtls/ecdh.c | 4 +- dll/3rdparty/mbedtls/ecdsa.c | 4 +- dll/3rdparty/mbedtls/ecjpake.c | 4 +- dll/3rdparty/mbedtls/ecp.c | 4 +- dll/3rdparty/mbedtls/ecp_curves.c | 4 +- dll/3rdparty/mbedtls/entropy.c | 4 +- dll/3rdparty/mbedtls/entropy_poll.c | 4 +- dll/3rdparty/mbedtls/error.c | 4 +- dll/3rdparty/mbedtls/gcm.c | 4 +- dll/3rdparty/mbedtls/havege.c | 4 +- dll/3rdparty/mbedtls/hmac_drbg.c | 4 +- dll/3rdparty/mbedtls/md.c | 4 +- dll/3rdparty/mbedtls/md2.c | 4 +- dll/3rdparty/mbedtls/md4.c | 4 +- dll/3rdparty/mbedtls/md5.c | 4 +- dll/3rdparty/mbedtls/md_wrap.c | 4 +- dll/3rdparty/mbedtls/memory_buffer_alloc.c | 4 +- dll/3rdparty/mbedtls/net_sockets.c | 9 +- dll/3rdparty/mbedtls/oid.c | 4 +- dll/3rdparty/mbedtls/padlock.c | 4 +- dll/3rdparty/mbedtls/pem.c | 4 +- dll/3rdparty/mbedtls/pk.c | 4 +- dll/3rdparty/mbedtls/pk_wrap.c | 4 +- dll/3rdparty/mbedtls/pkcs11.c | 4 +- dll/3rdparty/mbedtls/pkcs12.c | 4 +- dll/3rdparty/mbedtls/pkcs5.c | 4 +- dll/3rdparty/mbedtls/pkparse.c | 4 +- dll/3rdparty/mbedtls/pkwrite.c | 4 +- dll/3rdparty/mbedtls/platform.c | 4 +- dll/3rdparty/mbedtls/ripemd160.c | 4 +- dll/3rdparty/mbedtls/rsa.c | 46 ++- dll/3rdparty/mbedtls/rsa_internal.c | 4 +- dll/3rdparty/mbedtls/sha1.c | 4 +- dll/3rdparty/mbedtls/sha256.c | 4 +- dll/3rdparty/mbedtls/sha512.c | 4 +- dll/3rdparty/mbedtls/ssl_cache.c | 4 +- dll/3rdparty/mbedtls/ssl_ciphersuites.c | 4 +- dll/3rdparty/mbedtls/ssl_cli.c | 4 +- dll/3rdparty/mbedtls/ssl_cookie.c | 4 +- dll/3rdparty/mbedtls/ssl_srv.c | 4 +- dll/3rdparty/mbedtls/ssl_ticket.c | 4 +- dll/3rdparty/mbedtls/ssl_tls.c | 309 +++++++++++------- dll/3rdparty/mbedtls/threading.c | 4 +- dll/3rdparty/mbedtls/timing.c | 4 +- dll/3rdparty/mbedtls/version.c | 4 +- dll/3rdparty/mbedtls/version_features.c | 10 +- dll/3rdparty/mbedtls/x509.c | 4 +- dll/3rdparty/mbedtls/x509_create.c | 4 +- dll/3rdparty/mbedtls/x509_crl.c | 6 +- dll/3rdparty/mbedtls/x509_crt.c | 7 +- dll/3rdparty/mbedtls/x509_csr.c | 4 +- dll/3rdparty/mbedtls/x509write_crt.c | 4 +- dll/3rdparty/mbedtls/x509write_csr.c | 4 +- dll/3rdparty/mbedtls/xtea.c | 4 +- media/doc/3rd Party Files.txt | 2 +- sdk/include/reactos/libs/mbedtls/aes.h | 4 +- sdk/include/reactos/libs/mbedtls/aesni.h | 4 +- sdk/include/reactos/libs/mbedtls/arc4.h | 4 +- sdk/include/reactos/libs/mbedtls/asn1.h | 4 +- sdk/include/reactos/libs/mbedtls/asn1write.h | 4 +- sdk/include/reactos/libs/mbedtls/base64.h | 4 +- sdk/include/reactos/libs/mbedtls/bignum.h | 4 +- sdk/include/reactos/libs/mbedtls/blowfish.h | 4 +- sdk/include/reactos/libs/mbedtls/bn_mul.h | 4 +- sdk/include/reactos/libs/mbedtls/camellia.h | 4 +- sdk/include/reactos/libs/mbedtls/ccm.h | 4 +- sdk/include/reactos/libs/mbedtls/certs.h | 4 +- .../reactos/libs/mbedtls/check_config.h | 14 +- sdk/include/reactos/libs/mbedtls/cipher.h | 4 +- .../reactos/libs/mbedtls/cipher_internal.h | 4 +- sdk/include/reactos/libs/mbedtls/cmac.h | 4 +- sdk/include/reactos/libs/mbedtls/compat-1.3.h | 4 +- sdk/include/reactos/libs/mbedtls/config.h | 40 ++- sdk/include/reactos/libs/mbedtls/ctr_drbg.h | 4 +- sdk/include/reactos/libs/mbedtls/debug.h | 4 +- sdk/include/reactos/libs/mbedtls/des.h | 4 +- sdk/include/reactos/libs/mbedtls/dhm.h | 4 +- sdk/include/reactos/libs/mbedtls/ecdh.h | 4 +- sdk/include/reactos/libs/mbedtls/ecdsa.h | 4 +- sdk/include/reactos/libs/mbedtls/ecjpake.h | 4 +- sdk/include/reactos/libs/mbedtls/ecp.h | 4 +- .../reactos/libs/mbedtls/ecp_internal.h | 4 +- sdk/include/reactos/libs/mbedtls/entropy.h | 4 +- .../reactos/libs/mbedtls/entropy_poll.h | 4 +- sdk/include/reactos/libs/mbedtls/error.h | 4 +- sdk/include/reactos/libs/mbedtls/gcm.h | 4 +- sdk/include/reactos/libs/mbedtls/havege.h | 4 +- sdk/include/reactos/libs/mbedtls/hmac_drbg.h | 4 +- sdk/include/reactos/libs/mbedtls/md.h | 4 +- sdk/include/reactos/libs/mbedtls/md2.h | 4 +- sdk/include/reactos/libs/mbedtls/md4.h | 4 +- sdk/include/reactos/libs/mbedtls/md5.h | 4 +- .../reactos/libs/mbedtls/md_internal.h | 4 +- .../libs/mbedtls/memory_buffer_alloc.h | 4 +- sdk/include/reactos/libs/mbedtls/net.h | 4 +- .../reactos/libs/mbedtls/net_sockets.h | 4 +- sdk/include/reactos/libs/mbedtls/oid.h | 4 +- sdk/include/reactos/libs/mbedtls/padlock.h | 4 +- sdk/include/reactos/libs/mbedtls/pem.h | 4 +- sdk/include/reactos/libs/mbedtls/pk.h | 4 +- .../reactos/libs/mbedtls/pk_internal.h | 4 +- sdk/include/reactos/libs/mbedtls/pkcs11.h | 4 +- sdk/include/reactos/libs/mbedtls/pkcs12.h | 4 +- sdk/include/reactos/libs/mbedtls/pkcs5.h | 4 +- sdk/include/reactos/libs/mbedtls/platform.h | 4 +- .../reactos/libs/mbedtls/platform_time.h | 4 +- sdk/include/reactos/libs/mbedtls/ripemd160.h | 4 +- sdk/include/reactos/libs/mbedtls/rsa.h | 4 +- .../reactos/libs/mbedtls/rsa_internal.h | 4 +- sdk/include/reactos/libs/mbedtls/sha1.h | 4 +- sdk/include/reactos/libs/mbedtls/sha256.h | 4 +- sdk/include/reactos/libs/mbedtls/sha512.h | 4 +- sdk/include/reactos/libs/mbedtls/ssl.h | 4 +- sdk/include/reactos/libs/mbedtls/ssl_cache.h | 4 +- .../reactos/libs/mbedtls/ssl_ciphersuites.h | 4 +- sdk/include/reactos/libs/mbedtls/ssl_cookie.h | 4 +- .../reactos/libs/mbedtls/ssl_internal.h | 88 ++++- sdk/include/reactos/libs/mbedtls/ssl_ticket.h | 4 +- sdk/include/reactos/libs/mbedtls/threading.h | 4 +- sdk/include/reactos/libs/mbedtls/timing.h | 4 +- sdk/include/reactos/libs/mbedtls/version.h | 12 +- sdk/include/reactos/libs/mbedtls/x509.h | 4 +- sdk/include/reactos/libs/mbedtls/x509_crl.h | 4 +- sdk/include/reactos/libs/mbedtls/x509_crt.h | 4 +- sdk/include/reactos/libs/mbedtls/x509_csr.h | 4 +- sdk/include/reactos/libs/mbedtls/xtea.h | 4 +- 144 files changed, 558 insertions(+), 595 deletions(-) diff --git a/dll/3rdparty/mbedtls/aes.c b/dll/3rdparty/mbedtls/aes.c index cda63ef5203..e0c7a11c38e 100644 --- a/dll/3rdparty/mbedtls/aes.c +++ b/dll/3rdparty/mbedtls/aes.c @@ -1,7 +1,7 @@ /* * FIPS-197 compliant AES implementation * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later * * This file is provided under the Apache License 2.0, or the @@ -42,8 +42,6 @@ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * * ********** - * - * This file is part of mbed TLS (https://tls.mbed.org) */ /* * The AES block cipher was designed by Vincent Rijmen and Joan Daemen. diff --git a/dll/3rdparty/mbedtls/aesni.c b/dll/3rdparty/mbedtls/aesni.c index 18050d80337..d4969f521b1 100644 --- a/dll/3rdparty/mbedtls/aesni.c +++ b/dll/3rdparty/mbedtls/aesni.c @@ -1,7 +1,7 @@ /* * AES-NI support functions * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later * * This file is provided under the Apache License 2.0, or the @@ -42,8 +42,6 @@ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * * ********** - * - * This file is part of mbed TLS (https://tls.mbed.org) */ /* diff --git a/dll/3rdparty/mbedtls/arc4.c b/dll/3rdparty/mbedtls/arc4.c index 052aa328f0c..338ecd7a7bb 100644 --- a/dll/3rdparty/mbedtls/arc4.c +++ b/dll/3rdparty/mbedtls/arc4.c @@ -1,7 +1,7 @@ /* * An implementation of the ARCFOUR algorithm * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later * * This file is provided under the Apache License 2.0, or the @@ -42,8 +42,6 @@ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * * ********** - * - * This file is part of mbed TLS (https://tls.mbed.org) */ /* * The ARCFOUR algorithm was publicly disclosed on 94/09. diff --git a/dll/3rdparty/mbedtls/asn1parse.c b/dll/3rdparty/mbedtls/asn1parse.c index 1ef388dcffe..9b4455857d7 100644 --- a/dll/3rdparty/mbedtls/asn1parse.c +++ b/dll/3rdparty/mbedtls/asn1parse.c @@ -1,7 +1,7 @@ /* * Generic ASN.1 parsing * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later * * This file is provided under the Apache License 2.0, or the @@ -42,8 +42,6 @@ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * * ********** - * - * This file is part of mbed TLS (https://tls.mbed.org) */ #if !defined(MBEDTLS_CONFIG_FILE) diff --git a/dll/3rdparty/mbedtls/asn1write.c b/dll/3rdparty/mbedtls/asn1write.c index 6828b8ded5d..9740320b77e 100644 --- a/dll/3rdparty/mbedtls/asn1write.c +++ b/dll/3rdparty/mbedtls/asn1write.c @@ -1,7 +1,7 @@ /* * ASN.1 buffer writing functionality * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later * * This file is provided under the Apache License 2.0, or the @@ -42,8 +42,6 @@ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * * ********** - * - * This file is part of mbed TLS (https://tls.mbed.org) */ #if !defined(MBEDTLS_CONFIG_FILE) diff --git a/dll/3rdparty/mbedtls/base64.c b/dll/3rdparty/mbedtls/base64.c index 75849d1214d..bfafb05353c 100644 --- a/dll/3rdparty/mbedtls/base64.c +++ b/dll/3rdparty/mbedtls/base64.c @@ -1,7 +1,7 @@ /* * RFC 1521 base64 encoding/decoding * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later * * This file is provided under the Apache License 2.0, or the @@ -42,8 +42,6 @@ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * * ********** - * - * This file is part of mbed TLS (https://tls.mbed.org) */ #if !defined(MBEDTLS_CONFIG_FILE) diff --git a/dll/3rdparty/mbedtls/bignum.c b/dll/3rdparty/mbedtls/bignum.c index 84a43c8cba8..3135ec4adc6 100644 --- a/dll/3rdparty/mbedtls/bignum.c +++ b/dll/3rdparty/mbedtls/bignum.c @@ -1,7 +1,7 @@ /* * Multi-precision integer library * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later * * This file is provided under the Apache License 2.0, or the @@ -42,8 +42,6 @@ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * * ********** - * - * This file is part of mbed TLS (https://tls.mbed.org) */ /* diff --git a/dll/3rdparty/mbedtls/blowfish.c b/dll/3rdparty/mbedtls/blowfish.c index eeafe2869bb..66bf355efd3 100644 --- a/dll/3rdparty/mbedtls/blowfish.c +++ b/dll/3rdparty/mbedtls/blowfish.c @@ -1,7 +1,7 @@ /* * Blowfish implementation * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later * * This file is provided under the Apache License 2.0, or the @@ -42,8 +42,6 @@ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * * ********** - * - * This file is part of mbed TLS (https://tls.mbed.org) */ /* * The Blowfish block cipher was designed by Bruce Schneier in 1993. diff --git a/dll/3rdparty/mbedtls/camellia.c b/dll/3rdparty/mbedtls/camellia.c index e3609d3554c..6ef4c213345 100644 --- a/dll/3rdparty/mbedtls/camellia.c +++ b/dll/3rdparty/mbedtls/camellia.c @@ -1,7 +1,7 @@ /* * Camellia implementation * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later * * This file is provided under the Apache License 2.0, or the @@ -42,8 +42,6 @@ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * * ********** - * - * This file is part of mbed TLS (https://tls.mbed.org) */ /* * The Camellia block cipher was designed by NTT and Mitsubishi Electric diff --git a/dll/3rdparty/mbedtls/ccm.c b/dll/3rdparty/mbedtls/ccm.c index 456fedc3125..ed3c74c8c61 100644 --- a/dll/3rdparty/mbedtls/ccm.c +++ b/dll/3rdparty/mbedtls/ccm.c @@ -1,7 +1,7 @@ /* * NIST SP800-38C compliant CCM implementation * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later * * This file is provided under the Apache License 2.0, or the @@ -42,8 +42,6 @@ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * * ********** - * - * This file is part of mbed TLS (https://tls.mbed.org) */ /* diff --git a/dll/3rdparty/mbedtls/certs.c b/dll/3rdparty/mbedtls/certs.c index 73409afc99b..360325c85e8 100644 --- a/dll/3rdparty/mbedtls/certs.c +++ b/dll/3rdparty/mbedtls/certs.c @@ -1,7 +1,7 @@ /* * X.509 test certificates * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later * * This file is provided under the Apache License 2.0, or the @@ -42,8 +42,6 @@ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * * ********** - * - * This file is part of mbed TLS (https://tls.mbed.org) */ #if !defined(MBEDTLS_CONFIG_FILE) @@ -207,16 +205,12 @@ const size_t mbedtls_test_ca_crt_rsa_len = sizeof( mbedtls_test_ca_crt_rsa ); #if defined(MBEDTLS_SHA256_C) /* tests/data_files/server2-sha256.crt */ -/* Or more precisely, this is the contents of the version of this file - * that's in the mbedtls-2.16 branch, due to a backporting mistake. - * We don't want to change the contents now, as that would change the size - * which is part of the ABI, which should be stable in LTS branches. */ #define TEST_SRV_CRT_RSA_SHA256 \ "-----BEGIN CERTIFICATE-----\r\n" \ "MIIDNzCCAh+gAwIBAgIBAjANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER\r\n" \ -"MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN\r\n" \ +"MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN\r\n" \ "MTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA0MQswCQYDVQQGEwJOTDERMA8G\r\n" \ -"A1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcN\r\n" \ +"A1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcN\r\n" \ "AQEBBQADggEPADCCAQoCggEBAMFNo93nzR3RBNdJcriZrA545Do8Ss86ExbQWuTN\r\n" \ "owCIp+4ea5anUrSQ7y1yej4kmvy2NKwk9XfgJmSMnLAofaHa6ozmyRyWvP7BBFKz\r\n" \ "NtSj+uGxdtiQwWG0ZlI2oiZTqqt0Xgd9GYLbKtgfoNkNHC1JZvdbJXNG6AuKT2kM\r\n" \ @@ -224,13 +218,13 @@ const size_t mbedtls_test_ca_crt_rsa_len = sizeof( mbedtls_test_ca_crt_rsa ); "hYvai0Re4hjGYi/HZo36Xdh98yeJKQHFkA4/J/EwyEoO79bex8cna8cFPXrEAjya\r\n" \ "HT4P6DSYW8tzS1KW2BGiLICIaTla0w+w3lkvEcf36hIBMJcCAwEAAaNNMEswCQYD\r\n" \ "VR0TBAIwADAdBgNVHQ4EFgQUpQXoZLjc32APUBJNYKhkr02LQ5MwHwYDVR0jBBgw\r\n" \ -"FoAUtFrkpbPe0lL2udWmlQ/rPrzH/f8wDQYJKoZIhvcNAQELBQADggEBAC465FJh\r\n" \ -"Pqel7zJngHIHJrqj/wVAxGAFOTF396XKATGAp+HRCqJ81Ry60CNK1jDzk8dv6M6U\r\n" \ -"HoS7RIFiM/9rXQCbJfiPD5xMTejZp5n5UYHAmxsxDaazfA5FuBhkfokKK6jD4Eq9\r\n" \ -"1C94xGKb6X4/VkaPF7cqoBBw/bHxawXc0UEPjqayiBpCYU/rJoVZgLqFVP7Px3sv\r\n" \ -"a1nOrNx8rPPI1hJ+ZOg8maiPTxHZnBVLakSSLQy/sWeWyazO1RnrbxjrbgQtYKz0\r\n" \ -"e3nwGpu1w13vfckFmUSBhHXH7AAS/HpKC4IH7G2GAk3+n8iSSN71sZzpxonQwVbo\r\n" \ -"pMZqLmbBm/7WPLc=\r\n" \ +"FoAUtFrkpbPe0lL2udWmlQ/rPrzH/f8wDQYJKoZIhvcNAQELBQADggEBALVvYxsd\r\n" \ +"o5YSOIaApPlpnFUnz5zD/TbI9/63iJH+ae61jvpjTY1bqLBBEcqMMg9tVFUdt4xd\r\n" \ +"9MifL5zRZOGqKpfhWyoUZv7kXXMtfJsy0A6sqK11FcUE9r2Mt50tAO1MLZLJ5tKD\r\n" \ +"XY9/dTqXnENPxCGUo89/UwIFuNhKPUDBRMeyx8FaKsGVksF/lGxYVFWrfzZFlW0M\r\n" \ +"SXduk5xjoHE83erLEtZoxWIgrx7LXXgkDtswGkH+VpFt9dFFXJaeAQPeUBDAhEE9\r\n" \ +"UDkaCx5tPlyriwUW1w1xDx40VFV+Dgg9CFxiHCF+ppg+MG8HV0LVDRJlhN94QHNg\r\n" \ +"DAAVd5iuv8P+00Y=\r\n" \ "-----END CERTIFICATE-----\r\n" const char mbedtls_test_srv_crt_rsa[] = TEST_SRV_CRT_RSA_SHA256; diff --git a/dll/3rdparty/mbedtls/cipher.c b/dll/3rdparty/mbedtls/cipher.c index b8da586cbbd..7054f4bca5b 100644 --- a/dll/3rdparty/mbedtls/cipher.c +++ b/dll/3rdparty/mbedtls/cipher.c @@ -5,7 +5,7 @@ * * \author Adriaan de Jong * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later * * This file is provided under the Apache License 2.0, or the @@ -46,8 +46,6 @@ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * * ********** - * - * This file is part of mbed TLS (https://tls.mbed.org) */ #if !defined(MBEDTLS_CONFIG_FILE) diff --git a/dll/3rdparty/mbedtls/cipher_wrap.c b/dll/3rdparty/mbedtls/cipher_wrap.c index 56a935efc80..51a90a591d3 100644 --- a/dll/3rdparty/mbedtls/cipher_wrap.c +++ b/dll/3rdparty/mbedtls/cipher_wrap.c @@ -5,7 +5,7 @@ * * \author Adriaan de Jong * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later * * This file is provided under the Apache License 2.0, or the @@ -46,8 +46,6 @@ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * * ********** - * - * This file is part of mbed TLS (https://tls.mbed.org) */ #if !defined(MBEDTLS_CONFIG_FILE) diff --git a/dll/3rdparty/mbedtls/cmac.c b/dll/3rdparty/mbedtls/cmac.c index 0b769ff047a..0d8280416c8 100644 --- a/dll/3rdparty/mbedtls/cmac.c +++ b/dll/3rdparty/mbedtls/cmac.c @@ -3,7 +3,7 @@ * * \brief NIST SP800-38B compliant CMAC implementation for AES and 3DES * - * Copyright (C) 2006-2016, ARM Limited, All Rights Reserved + * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later * * This file is provided under the Apache License 2.0, or the @@ -44,8 +44,6 @@ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * * ********** - * - * This file is part of mbed TLS (https://tls.mbed.org) */ /* diff --git a/dll/3rdparty/mbedtls/ctr_drbg.c b/dll/3rdparty/mbedtls/ctr_drbg.c index ed00765c9ad..184e09fc104 100644 --- a/dll/3rdparty/mbedtls/ctr_drbg.c +++ b/dll/3rdparty/mbedtls/ctr_drbg.c @@ -1,7 +1,7 @@ /* * CTR_DRBG implementation based on AES-256 (NIST SP 800-90) * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later * * This file is provided under the Apache License 2.0, or the @@ -42,8 +42,6 @@ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * * ********** - * - * This file is part of mbed TLS (https://tls.mbed.org) */ /* * The NIST SP 800-90 DRBGs are described in the following publication. diff --git a/dll/3rdparty/mbedtls/debug.c b/dll/3rdparty/mbedtls/debug.c index 5fdb3a08fcc..25951eac5b4 100644 --- a/dll/3rdparty/mbedtls/debug.c +++ b/dll/3rdparty/mbedtls/debug.c @@ -1,7 +1,7 @@ /* * Debugging routines * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later * * This file is provided under the Apache License 2.0, or the @@ -42,8 +42,6 @@ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * * ********** - * - * This file is part of mbed TLS (https://tls.mbed.org) */ #if !defined(MBEDTLS_CONFIG_FILE) diff --git a/dll/3rdparty/mbedtls/des.c b/dll/3rdparty/mbedtls/des.c index 3dc925897d9..f68dba0b3af 100644 --- a/dll/3rdparty/mbedtls/des.c +++ b/dll/3rdparty/mbedtls/des.c @@ -1,7 +1,7 @@ /* * FIPS-46-3 compliant Triple-DES implementation * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later * * This file is provided under the Apache License 2.0, or the @@ -42,8 +42,6 @@ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * * ********** - * - * This file is part of mbed TLS (https://tls.mbed.org) */ /* * DES, on which TDES is based, was originally designed by Horst Feistel diff --git a/dll/3rdparty/mbedtls/dhm.c b/dll/3rdparty/mbedtls/dhm.c index d14b7296df1..e15cc8e949e 100644 --- a/dll/3rdparty/mbedtls/dhm.c +++ b/dll/3rdparty/mbedtls/dhm.c @@ -1,7 +1,7 @@ /* * Diffie-Hellman-Merkle key exchange * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later * * This file is provided under the Apache License 2.0, or the @@ -42,8 +42,6 @@ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * * ********** - * - * This file is part of mbed TLS (https://tls.mbed.org) */ /* * The following sources were referenced in the design of this implementation @@ -335,6 +333,32 @@ cleanup: return( 0 ); } +/* + * Pick a random R in the range [2, M) for blinding purposes + */ +static int dhm_random_below( mbedtls_mpi *R, const mbedtls_mpi *M, + int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) +{ + int ret, count; + + count = 0; + do + { + MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( R, mbedtls_mpi_size( M ), f_rng, p_rng ) ); + + while( mbedtls_mpi_cmp_mpi( R, M ) >= 0 ) + MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( R, 1 ) ); + + if( count++ > 10 ) + return( MBEDTLS_ERR_MPI_NOT_ACCEPTABLE ); + } + while( mbedtls_mpi_cmp_int( R, 1 ) <= 0 ); + +cleanup: + return( ret ); +} + + /* * Use the blinding method and optimisation suggested in section 10 of: * KOCHER, Paul C. Timing attacks on implementations of Diffie-Hellman, RSA, @@ -344,7 +368,10 @@ cleanup: static int dhm_update_blinding( mbedtls_dhm_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) { - int ret, count; + int ret; + mbedtls_mpi R; + + mbedtls_mpi_init( &R ); /* * Don't use any blinding the first time a particular X is used, @@ -379,24 +406,23 @@ static int dhm_update_blinding( mbedtls_dhm_context *ctx, */ /* Vi = random( 2, P-1 ) */ - count = 0; - do - { - MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( &ctx->Vi, mbedtls_mpi_size( &ctx->P ), f_rng, p_rng ) ); + MBEDTLS_MPI_CHK( dhm_random_below( &ctx->Vi, &ctx->P, f_rng, p_rng ) ); - while( mbedtls_mpi_cmp_mpi( &ctx->Vi, &ctx->P ) >= 0 ) - MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &ctx->Vi, 1 ) ); + /* Vf = Vi^-X mod P + * First compute Vi^-1 = R * (R Vi)^-1, (avoiding leaks from inv_mod), + * then elevate to the Xth power. */ + MBEDTLS_MPI_CHK( dhm_random_below( &R, &ctx->P, f_rng, p_rng ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &ctx->Vf, &ctx->Vi, &R ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &ctx->Vf, &ctx->Vf, &ctx->P ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( &ctx->Vf, &ctx->Vf, &ctx->P ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &ctx->Vf, &ctx->Vf, &R ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &ctx->Vf, &ctx->Vf, &ctx->P ) ); - if( count++ > 10 ) - return( MBEDTLS_ERR_MPI_NOT_ACCEPTABLE ); - } - while( mbedtls_mpi_cmp_int( &ctx->Vi, 1 ) <= 0 ); - - /* Vf = Vi^-X mod P */ - MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( &ctx->Vf, &ctx->Vi, &ctx->P ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &ctx->Vf, &ctx->Vf, &ctx->X, &ctx->P, &ctx->RP ) ); cleanup: + mbedtls_mpi_free( &R ); + return( ret ); } diff --git a/dll/3rdparty/mbedtls/ecdh.c b/dll/3rdparty/mbedtls/ecdh.c index 4c97f8ef359..a8ff5b94110 100644 --- a/dll/3rdparty/mbedtls/ecdh.c +++ b/dll/3rdparty/mbedtls/ecdh.c @@ -1,7 +1,7 @@ /* * Elliptic curve Diffie-Hellman * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later * * This file is provided under the Apache License 2.0, or the @@ -42,8 +42,6 @@ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * * ********** - * - * This file is part of mbed TLS (https://tls.mbed.org) */ /* diff --git a/dll/3rdparty/mbedtls/ecdsa.c b/dll/3rdparty/mbedtls/ecdsa.c index 10ef218558b..59803d04e1e 100644 --- a/dll/3rdparty/mbedtls/ecdsa.c +++ b/dll/3rdparty/mbedtls/ecdsa.c @@ -1,7 +1,7 @@ /* * Elliptic curve DSA * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later * * This file is provided under the Apache License 2.0, or the @@ -42,8 +42,6 @@ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * * ********** - * - * This file is part of mbed TLS (https://tls.mbed.org) */ /* diff --git a/dll/3rdparty/mbedtls/ecjpake.c b/dll/3rdparty/mbedtls/ecjpake.c index 09bd1fbc4c8..a6f50838651 100644 --- a/dll/3rdparty/mbedtls/ecjpake.c +++ b/dll/3rdparty/mbedtls/ecjpake.c @@ -1,7 +1,7 @@ /* * Elliptic curve J-PAKE * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later * * This file is provided under the Apache License 2.0, or the @@ -42,8 +42,6 @@ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * * ********** - * - * This file is part of mbed TLS (https://tls.mbed.org) */ /* diff --git a/dll/3rdparty/mbedtls/ecp.c b/dll/3rdparty/mbedtls/ecp.c index f83f4db7a0b..897c01e1432 100644 --- a/dll/3rdparty/mbedtls/ecp.c +++ b/dll/3rdparty/mbedtls/ecp.c @@ -1,7 +1,7 @@ /* * Elliptic curves over GF(p): generic functions * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later * * This file is provided under the Apache License 2.0, or the @@ -42,8 +42,6 @@ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * * ********** - * - * This file is part of mbed TLS (https://tls.mbed.org) */ /* diff --git a/dll/3rdparty/mbedtls/ecp_curves.c b/dll/3rdparty/mbedtls/ecp_curves.c index e2d46c90c44..26f62584c35 100644 --- a/dll/3rdparty/mbedtls/ecp_curves.c +++ b/dll/3rdparty/mbedtls/ecp_curves.c @@ -1,7 +1,7 @@ /* * Elliptic curves over GF(p): curve-specific data and functions * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later * * This file is provided under the Apache License 2.0, or the @@ -42,8 +42,6 @@ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * * ********** - * - * This file is part of mbed TLS (https://tls.mbed.org) */ #if !defined(MBEDTLS_CONFIG_FILE) diff --git a/dll/3rdparty/mbedtls/entropy.c b/dll/3rdparty/mbedtls/entropy.c index 4d7a9b32c3e..ee98e4cdb94 100644 --- a/dll/3rdparty/mbedtls/entropy.c +++ b/dll/3rdparty/mbedtls/entropy.c @@ -1,7 +1,7 @@ /* * Entropy accumulator implementation * - * Copyright (C) 2006-2016, ARM Limited, All Rights Reserved + * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later * * This file is provided under the Apache License 2.0, or the @@ -42,8 +42,6 @@ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * * ********** - * - * This file is part of mbed TLS (https://tls.mbed.org) */ #if !defined(MBEDTLS_CONFIG_FILE) diff --git a/dll/3rdparty/mbedtls/entropy_poll.c b/dll/3rdparty/mbedtls/entropy_poll.c index c3b21312d09..dbb57008e32 100644 --- a/dll/3rdparty/mbedtls/entropy_poll.c +++ b/dll/3rdparty/mbedtls/entropy_poll.c @@ -1,7 +1,7 @@ /* * Platform-specific and custom entropy polling functions * - * Copyright (C) 2006-2016, ARM Limited, All Rights Reserved + * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later * * This file is provided under the Apache License 2.0, or the @@ -42,8 +42,6 @@ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * * ********** - * - * This file is part of mbed TLS (https://tls.mbed.org) */ #if !defined(MBEDTLS_CONFIG_FILE) diff --git a/dll/3rdparty/mbedtls/error.c b/dll/3rdparty/mbedtls/error.c index fa0e01f919a..0757268f250 100644 --- a/dll/3rdparty/mbedtls/error.c +++ b/dll/3rdparty/mbedtls/error.c @@ -1,7 +1,7 @@ /* * Error message information * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later * * This file is provided under the Apache License 2.0, or the @@ -42,8 +42,6 @@ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * * ********** - * - * This file is part of mbed TLS (https://tls.mbed.org) */ #if !defined(MBEDTLS_CONFIG_FILE) diff --git a/dll/3rdparty/mbedtls/gcm.c b/dll/3rdparty/mbedtls/gcm.c index 9a9de2d2b47..a7e6706364e 100644 --- a/dll/3rdparty/mbedtls/gcm.c +++ b/dll/3rdparty/mbedtls/gcm.c @@ -1,7 +1,7 @@ /* * NIST SP800-38D compliant GCM implementation * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later * * This file is provided under the Apache License 2.0, or the @@ -42,8 +42,6 @@ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * * ********** - * - * This file is part of mbed TLS (https://tls.mbed.org) */ /* diff --git a/dll/3rdparty/mbedtls/havege.c b/dll/3rdparty/mbedtls/havege.c index fed80017e6a..8d106df895c 100644 --- a/dll/3rdparty/mbedtls/havege.c +++ b/dll/3rdparty/mbedtls/havege.c @@ -1,7 +1,7 @@ /** * \brief HAVEGE: HArdware Volatile Entropy Gathering and Expansion * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later * * This file is provided under the Apache License 2.0, or the @@ -42,8 +42,6 @@ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * * ********** - * - * This file is part of mbed TLS (https://tls.mbed.org) */ /* * The HAVEGE RNG was designed by Andre Seznec in 2002. diff --git a/dll/3rdparty/mbedtls/hmac_drbg.c b/dll/3rdparty/mbedtls/hmac_drbg.c index 2ce20bc63b5..f24a66c852f 100644 --- a/dll/3rdparty/mbedtls/hmac_drbg.c +++ b/dll/3rdparty/mbedtls/hmac_drbg.c @@ -1,7 +1,7 @@ /* * HMAC_DRBG implementation (NIST SP 800-90) * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later * * This file is provided under the Apache License 2.0, or the @@ -42,8 +42,6 @@ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * * ********** - * - * This file is part of mbed TLS (https://tls.mbed.org) */ /* diff --git a/dll/3rdparty/mbedtls/md.c b/dll/3rdparty/mbedtls/md.c index 2af2f5fab40..ba48471c6cb 100644 --- a/dll/3rdparty/mbedtls/md.c +++ b/dll/3rdparty/mbedtls/md.c @@ -5,7 +5,7 @@ * * \author Adriaan de Jong * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later * * This file is provided under the Apache License 2.0, or the @@ -46,8 +46,6 @@ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * * ********** - * - * This file is part of mbed TLS (https://tls.mbed.org) */ #if !defined(MBEDTLS_CONFIG_FILE) diff --git a/dll/3rdparty/mbedtls/md2.c b/dll/3rdparty/mbedtls/md2.c index dbe2417a20c..293ada30451 100644 --- a/dll/3rdparty/mbedtls/md2.c +++ b/dll/3rdparty/mbedtls/md2.c @@ -1,7 +1,7 @@ /* * RFC 1115/1319 compliant MD2 implementation * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later * * This file is provided under the Apache License 2.0, or the @@ -42,8 +42,6 @@ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * * ********** - * - * This file is part of mbed TLS (https://tls.mbed.org) */ /* * The MD2 algorithm was designed by Ron Rivest in 1989. diff --git a/dll/3rdparty/mbedtls/md4.c b/dll/3rdparty/mbedtls/md4.c index 7a60bbafc47..69825595f66 100644 --- a/dll/3rdparty/mbedtls/md4.c +++ b/dll/3rdparty/mbedtls/md4.c @@ -1,7 +1,7 @@ /* * RFC 1186/1320 compliant MD4 implementation * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later * * This file is provided under the Apache License 2.0, or the @@ -42,8 +42,6 @@ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * * ********** - * - * This file is part of mbed TLS (https://tls.mbed.org) */ /* * The MD4 algorithm was designed by Ron Rivest in 1990. diff --git a/dll/3rdparty/mbedtls/md5.c b/dll/3rdparty/mbedtls/md5.c index 6924dc0487f..009a013ef05 100644 --- a/dll/3rdparty/mbedtls/md5.c +++ b/dll/3rdparty/mbedtls/md5.c @@ -1,7 +1,7 @@ /* * RFC 1321 compliant MD5 implementation * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later * * This file is provided under the Apache License 2.0, or the @@ -42,8 +42,6 @@ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * * ********** - * - * This file is part of mbed TLS (https://tls.mbed.org) */ /* * The MD5 algorithm was designed by Ron Rivest in 1991. diff --git a/dll/3rdparty/mbedtls/md_wrap.c b/dll/3rdparty/mbedtls/md_wrap.c index 7c737d87e98..7459db2faf9 100644 --- a/dll/3rdparty/mbedtls/md_wrap.c +++ b/dll/3rdparty/mbedtls/md_wrap.c @@ -5,7 +5,7 @@ * * \author Adriaan de Jong * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later * * This file is provided under the Apache License 2.0, or the @@ -46,8 +46,6 @@ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * * ********** - * - * This file is part of mbed TLS (https://tls.mbed.org) */ #if !defined(MBEDTLS_CONFIG_FILE) diff --git a/dll/3rdparty/mbedtls/memory_buffer_alloc.c b/dll/3rdparty/mbedtls/memory_buffer_alloc.c index 056a6ea63d9..dc8b4bf09f5 100644 --- a/dll/3rdparty/mbedtls/memory_buffer_alloc.c +++ b/dll/3rdparty/mbedtls/memory_buffer_alloc.c @@ -1,7 +1,7 @@ /* * Buffer-based memory allocator * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later * * This file is provided under the Apache License 2.0, or the @@ -42,8 +42,6 @@ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * * ********** - * - * This file is part of mbed TLS (https://tls.mbed.org) */ #if !defined(MBEDTLS_CONFIG_FILE) diff --git a/dll/3rdparty/mbedtls/net_sockets.c b/dll/3rdparty/mbedtls/net_sockets.c index 7a56917007e..2876f8fdd61 100644 --- a/dll/3rdparty/mbedtls/net_sockets.c +++ b/dll/3rdparty/mbedtls/net_sockets.c @@ -1,7 +1,7 @@ /* * TCP/IP or UDP/IP networking functions * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later * * This file is provided under the Apache License 2.0, or the @@ -42,8 +42,6 @@ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * * ********** - * - * This file is part of mbed TLS (https://tls.mbed.org) */ #if !defined(MBEDTLS_CONFIG_FILE) @@ -335,8 +333,9 @@ int mbedtls_net_accept( mbedtls_net_context *bind_ctx, struct sockaddr_storage client_addr; -#if defined(__socklen_t_defined) || defined(_SOCKLEN_T) || \ - defined(_SOCKLEN_T_DECLARED) || defined(__DEFINED_socklen_t) +#if defined(__socklen_t_defined) || defined(_SOCKLEN_T) || \ + defined(_SOCKLEN_T_DECLARED) || defined(__DEFINED_socklen_t) || \ + ( defined(__NetBSD__) && defined(socklen_t) ) socklen_t n = (socklen_t) sizeof( client_addr ); socklen_t type_len = (socklen_t) sizeof( type ); #else diff --git a/dll/3rdparty/mbedtls/oid.c b/dll/3rdparty/mbedtls/oid.c index 9d0101310d9..ad2c32221d6 100644 --- a/dll/3rdparty/mbedtls/oid.c +++ b/dll/3rdparty/mbedtls/oid.c @@ -3,7 +3,7 @@ * * \brief Object Identifier (OID) database * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later * * This file is provided under the Apache License 2.0, or the @@ -44,8 +44,6 @@ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * * ********** - * - * This file is part of mbed TLS (https://tls.mbed.org) */ #if !defined(MBEDTLS_CONFIG_FILE) diff --git a/dll/3rdparty/mbedtls/padlock.c b/dll/3rdparty/mbedtls/padlock.c index fe6e7f9cf37..afb7e0ad42b 100644 --- a/dll/3rdparty/mbedtls/padlock.c +++ b/dll/3rdparty/mbedtls/padlock.c @@ -1,7 +1,7 @@ /* * VIA PadLock support functions * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later * * This file is provided under the Apache License 2.0, or the @@ -42,8 +42,6 @@ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * * ********** - * - * This file is part of mbed TLS (https://tls.mbed.org) */ /* * This implementation is based on the VIA PadLock Programming Guide: diff --git a/dll/3rdparty/mbedtls/pem.c b/dll/3rdparty/mbedtls/pem.c index 6ff4b01a4db..9eff10ea1db 100644 --- a/dll/3rdparty/mbedtls/pem.c +++ b/dll/3rdparty/mbedtls/pem.c @@ -1,7 +1,7 @@ /* * Privacy Enhanced Mail (PEM) decoding * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later * * This file is provided under the Apache License 2.0, or the @@ -42,8 +42,6 @@ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * * ********** - * - * This file is part of mbed TLS (https://tls.mbed.org) */ #if !defined(MBEDTLS_CONFIG_FILE) diff --git a/dll/3rdparty/mbedtls/pk.c b/dll/3rdparty/mbedtls/pk.c index 637fd49dd00..bf96debba13 100644 --- a/dll/3rdparty/mbedtls/pk.c +++ b/dll/3rdparty/mbedtls/pk.c @@ -1,7 +1,7 @@ /* * Public Key abstraction layer * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later * * This file is provided under the Apache License 2.0, or the @@ -42,8 +42,6 @@ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * * ********** - * - * This file is part of mbed TLS (https://tls.mbed.org) */ #if !defined(MBEDTLS_CONFIG_FILE) diff --git a/dll/3rdparty/mbedtls/pk_wrap.c b/dll/3rdparty/mbedtls/pk_wrap.c index f73992886ee..966a17c1855 100644 --- a/dll/3rdparty/mbedtls/pk_wrap.c +++ b/dll/3rdparty/mbedtls/pk_wrap.c @@ -1,7 +1,7 @@ /* * Public Key abstraction layer: wrapper functions * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later * * This file is provided under the Apache License 2.0, or the @@ -42,8 +42,6 @@ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * * ********** - * - * This file is part of mbed TLS (https://tls.mbed.org) */ #if !defined(MBEDTLS_CONFIG_FILE) diff --git a/dll/3rdparty/mbedtls/pkcs11.c b/dll/3rdparty/mbedtls/pkcs11.c index 30d045bf18e..cf484b86eb4 100644 --- a/dll/3rdparty/mbedtls/pkcs11.c +++ b/dll/3rdparty/mbedtls/pkcs11.c @@ -5,7 +5,7 @@ * * \author Adriaan de Jong * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later * * This file is provided under the Apache License 2.0, or the @@ -46,8 +46,6 @@ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * * ********** - * - * This file is part of mbed TLS (https://tls.mbed.org) */ #include "mbedtls/pkcs11.h" diff --git a/dll/3rdparty/mbedtls/pkcs12.c b/dll/3rdparty/mbedtls/pkcs12.c index 5a522c16faf..9ee63c2d323 100644 --- a/dll/3rdparty/mbedtls/pkcs12.c +++ b/dll/3rdparty/mbedtls/pkcs12.c @@ -1,7 +1,7 @@ /* * PKCS#12 Personal Information Exchange Syntax * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later * * This file is provided under the Apache License 2.0, or the @@ -42,8 +42,6 @@ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * * ********** - * - * This file is part of mbed TLS (https://tls.mbed.org) */ /* * The PKCS #12 Personal Information Exchange Syntax Standard v1.1 diff --git a/dll/3rdparty/mbedtls/pkcs5.c b/dll/3rdparty/mbedtls/pkcs5.c index 7ac67093c02..8a80aa5d05c 100644 --- a/dll/3rdparty/mbedtls/pkcs5.c +++ b/dll/3rdparty/mbedtls/pkcs5.c @@ -5,7 +5,7 @@ * * \author Mathias Olsson * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later * * This file is provided under the Apache License 2.0, or the @@ -46,8 +46,6 @@ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * * ********** - * - * This file is part of mbed TLS (https://tls.mbed.org) */ /* * PKCS#5 includes PBKDF2 and more diff --git a/dll/3rdparty/mbedtls/pkparse.c b/dll/3rdparty/mbedtls/pkparse.c index 9a5e1b88c57..77d48c1ad86 100644 --- a/dll/3rdparty/mbedtls/pkparse.c +++ b/dll/3rdparty/mbedtls/pkparse.c @@ -1,7 +1,7 @@ /* * Public Key layer for parsing key files and structures * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later * * This file is provided under the Apache License 2.0, or the @@ -42,8 +42,6 @@ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * * ********** - * - * This file is part of mbed TLS (https://tls.mbed.org) */ #if !defined(MBEDTLS_CONFIG_FILE) diff --git a/dll/3rdparty/mbedtls/pkwrite.c b/dll/3rdparty/mbedtls/pkwrite.c index e1076251f00..b0295651904 100644 --- a/dll/3rdparty/mbedtls/pkwrite.c +++ b/dll/3rdparty/mbedtls/pkwrite.c @@ -1,7 +1,7 @@ /* * Public Key layer for writing key files and structures * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later * * This file is provided under the Apache License 2.0, or the @@ -42,8 +42,6 @@ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * * ********** - * - * This file is part of mbed TLS (https://tls.mbed.org) */ #if !defined(MBEDTLS_CONFIG_FILE) diff --git a/dll/3rdparty/mbedtls/platform.c b/dll/3rdparty/mbedtls/platform.c index a8b30f0bdd5..a9267b16f84 100644 --- a/dll/3rdparty/mbedtls/platform.c +++ b/dll/3rdparty/mbedtls/platform.c @@ -1,7 +1,7 @@ /* * Platform abstraction layer * - * Copyright (C) 2006-2016, ARM Limited, All Rights Reserved + * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later * * This file is provided under the Apache License 2.0, or the @@ -42,8 +42,6 @@ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * * ********** - * - * This file is part of mbed TLS (https://tls.mbed.org) */ #if !defined(MBEDTLS_CONFIG_FILE) diff --git a/dll/3rdparty/mbedtls/ripemd160.c b/dll/3rdparty/mbedtls/ripemd160.c index f5868e287ae..aee1123114b 100644 --- a/dll/3rdparty/mbedtls/ripemd160.c +++ b/dll/3rdparty/mbedtls/ripemd160.c @@ -1,7 +1,7 @@ /* * RIPE MD-160 implementation * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later * * This file is provided under the Apache License 2.0, or the @@ -42,8 +42,6 @@ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * * ********** - * - * This file is part of mbed TLS (https://tls.mbed.org) */ /* diff --git a/dll/3rdparty/mbedtls/rsa.c b/dll/3rdparty/mbedtls/rsa.c index 96afccb0e4b..c5dbdacf22a 100644 --- a/dll/3rdparty/mbedtls/rsa.c +++ b/dll/3rdparty/mbedtls/rsa.c @@ -1,7 +1,7 @@ /* * The RSA public-key cryptosystem * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later * * This file is provided under the Apache License 2.0, or the @@ -42,8 +42,6 @@ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * * ********** - * - * This file is part of mbed TLS (https://tls.mbed.org) */ /* @@ -82,7 +80,7 @@ #include "mbedtls/md.h" #endif -#if defined(MBEDTLS_PKCS1_V15) && !defined(__OpenBSD__) +#if defined(MBEDTLS_PKCS1_V15) && !defined(__OpenBSD__) && !defined(__NetBSD__) #include #endif @@ -746,6 +744,9 @@ static int rsa_prepare_blinding( mbedtls_rsa_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) { int ret, count = 0; + mbedtls_mpi R; + + mbedtls_mpi_init( &R ); if( ctx->Vf.p != NULL ) { @@ -761,18 +762,41 @@ static int rsa_prepare_blinding( mbedtls_rsa_context *ctx, /* Unblinding value: Vf = random number, invertible mod N */ do { if( count++ > 10 ) - return( MBEDTLS_ERR_RSA_RNG_FAILED ); + { + ret = MBEDTLS_ERR_RSA_RNG_FAILED; + goto cleanup; + } MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( &ctx->Vf, ctx->len - 1, f_rng, p_rng ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_gcd( &ctx->Vi, &ctx->Vf, &ctx->N ) ); - } while( mbedtls_mpi_cmp_int( &ctx->Vi, 1 ) != 0 ); - /* Blinding value: Vi = Vf^(-e) mod N */ - MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( &ctx->Vi, &ctx->Vf, &ctx->N ) ); + /* Compute Vf^-1 as R * (R Vf)^-1 to avoid leaks from inv_mod. */ + MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( &R, ctx->len - 1, f_rng, p_rng ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &ctx->Vi, &ctx->Vf, &R ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &ctx->Vi, &ctx->Vi, &ctx->N ) ); + + /* At this point, Vi is invertible mod N if and only if both Vf and R + * are invertible mod N. If one of them isn't, we don't need to know + * which one, we just loop and choose new values for both of them. + * (Each iteration succeeds with overwhelming probability.) */ + ret = mbedtls_mpi_inv_mod( &ctx->Vi, &ctx->Vi, &ctx->N ); + if( ret == MBEDTLS_ERR_MPI_NOT_ACCEPTABLE ) + continue; + if( ret != 0 ) + goto cleanup; + + /* Finish the computation of Vf^-1 = R * (R Vf)^-1 */ + MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &ctx->Vi, &ctx->Vi, &R ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &ctx->Vi, &ctx->Vi, &ctx->N ) ); + } while( 0 ); + + /* Blinding value: Vi = Vf^(-e) mod N + * (Vi already contains Vf^-1 at this point) */ MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &ctx->Vi, &ctx->Vi, &ctx->E, &ctx->N, &ctx->RN ) ); cleanup: + mbedtls_mpi_free( &R ); + return( ret ); } @@ -2404,7 +2428,7 @@ void mbedtls_rsa_free( mbedtls_rsa_context *ctx ) #if defined(MBEDTLS_PKCS1_V15) static int myrand( void *rng_state, unsigned char *output, size_t len ) { -#if !defined(__OpenBSD__) +#if !defined(__OpenBSD__) && !defined(__NetBSD__) size_t i; if( rng_state != NULL ) @@ -2417,7 +2441,7 @@ static int myrand( void *rng_state, unsigned char *output, size_t len ) rng_state = NULL; arc4random_buf( output, len ); -#endif /* !OpenBSD */ +#endif /* !OpenBSD && !NetBSD */ return( 0 ); } diff --git a/dll/3rdparty/mbedtls/rsa_internal.c b/dll/3rdparty/mbedtls/rsa_internal.c index 39fbe09b73e..30115a0d383 100644 --- a/dll/3rdparty/mbedtls/rsa_internal.c +++ b/dll/3rdparty/mbedtls/rsa_internal.c @@ -1,7 +1,7 @@ /* * Helper functions for the RSA module * - * Copyright (C) 2006-2017, ARM Limited, All Rights Reserved + * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later * * This file is provided under the Apache License 2.0, or the @@ -43,8 +43,6 @@ * * ********** * - * This file is part of mbed TLS (https://tls.mbed.org) - * */ #if !defined(MBEDTLS_CONFIG_FILE) diff --git a/dll/3rdparty/mbedtls/sha1.c b/dll/3rdparty/mbedtls/sha1.c index 1b1a1d7ecae..83ef9bdbdad 100644 --- a/dll/3rdparty/mbedtls/sha1.c +++ b/dll/3rdparty/mbedtls/sha1.c @@ -1,7 +1,7 @@ /* * FIPS-180-1 compliant SHA-1 implementation * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later * * This file is provided under the Apache License 2.0, or the @@ -42,8 +42,6 @@ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * * ********** - * - * This file is part of mbed TLS (https://tls.mbed.org) */ /* * The SHA-1 standard was published by NIST in 1993. diff --git a/dll/3rdparty/mbedtls/sha256.c b/dll/3rdparty/mbedtls/sha256.c index 987580c8108..6ae6a0ef6ec 100644 --- a/dll/3rdparty/mbedtls/sha256.c +++ b/dll/3rdparty/mbedtls/sha256.c @@ -1,7 +1,7 @@ /* * FIPS-180-2 compliant SHA-256 implementation * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later * * This file is provided under the Apache License 2.0, or the @@ -42,8 +42,6 @@ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * * ********** - * - * This file is part of mbed TLS (https://tls.mbed.org) */ /* * The SHA-256 Secure Hash Standard was published by NIST in 2002. diff --git a/dll/3rdparty/mbedtls/sha512.c b/dll/3rdparty/mbedtls/sha512.c index 265923674a8..0a42f55634f 100644 --- a/dll/3rdparty/mbedtls/sha512.c +++ b/dll/3rdparty/mbedtls/sha512.c @@ -1,7 +1,7 @@ /* * FIPS-180-2 compliant SHA-384/512 implementation * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later * * This file is provided under the Apache License 2.0, or the @@ -42,8 +42,6 @@ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * * ********** - * - * This file is part of mbed TLS (https://tls.mbed.org) */ /* * The SHA-512 Secure Hash Standard was published by NIST in 2002. diff --git a/dll/3rdparty/mbedtls/ssl_cache.c b/dll/3rdparty/mbedtls/ssl_cache.c index 3cbfeb740a8..1d2558a1893 100644 --- a/dll/3rdparty/mbedtls/ssl_cache.c +++ b/dll/3rdparty/mbedtls/ssl_cache.c @@ -1,7 +1,7 @@ /* * SSL session cache implementation * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later * * This file is provided under the Apache License 2.0, or the @@ -42,8 +42,6 @@ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * * ********** - * - * This file is part of mbed TLS (https://tls.mbed.org) */ /* * These session callbacks use a simple chained list diff --git a/dll/3rdparty/mbedtls/ssl_ciphersuites.c b/dll/3rdparty/mbedtls/ssl_ciphersuites.c index 9ad5cf9ce25..7efc558ddb5 100644 --- a/dll/3rdparty/mbedtls/ssl_ciphersuites.c +++ b/dll/3rdparty/mbedtls/ssl_ciphersuites.c @@ -3,7 +3,7 @@ * * \brief SSL ciphersuites for mbed TLS * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later * * This file is provided under the Apache License 2.0, or the @@ -44,8 +44,6 @@ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * * ********** - * - * This file is part of mbed TLS (https://tls.mbed.org) */ #if !defined(MBEDTLS_CONFIG_FILE) diff --git a/dll/3rdparty/mbedtls/ssl_cli.c b/dll/3rdparty/mbedtls/ssl_cli.c index 8276826dfc8..8a48570784b 100644 --- a/dll/3rdparty/mbedtls/ssl_cli.c +++ b/dll/3rdparty/mbedtls/ssl_cli.c @@ -1,7 +1,7 @@ /* * SSLv3/TLSv1 client-side functions * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later * * This file is provided under the Apache License 2.0, or the @@ -42,8 +42,6 @@ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * * ********** - * - * This file is part of mbed TLS (https://tls.mbed.org) */ #if !defined(MBEDTLS_CONFIG_FILE) diff --git a/dll/3rdparty/mbedtls/ssl_cookie.c b/dll/3rdparty/mbedtls/ssl_cookie.c index 053a11bf95e..a777a93f632 100644 --- a/dll/3rdparty/mbedtls/ssl_cookie.c +++ b/dll/3rdparty/mbedtls/ssl_cookie.c @@ -1,7 +1,7 @@ /* * DTLS cookie callbacks implementation * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later * * This file is provided under the Apache License 2.0, or the @@ -42,8 +42,6 @@ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * * ********** - * - * This file is part of mbed TLS (https://tls.mbed.org) */ /* * These session callbacks use a simple chained list diff --git a/dll/3rdparty/mbedtls/ssl_srv.c b/dll/3rdparty/mbedtls/ssl_srv.c index a6ba858dcb0..6300966b1cc 100644 --- a/dll/3rdparty/mbedtls/ssl_srv.c +++ b/dll/3rdparty/mbedtls/ssl_srv.c @@ -1,7 +1,7 @@ /* * SSLv3/TLSv1 server-side functions * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later * * This file is provided under the Apache License 2.0, or the @@ -42,8 +42,6 @@ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * * ********** - * - * This file is part of mbed TLS (https://tls.mbed.org) */ #if !defined(MBEDTLS_CONFIG_FILE) diff --git a/dll/3rdparty/mbedtls/ssl_ticket.c b/dll/3rdparty/mbedtls/ssl_ticket.c index 0e0b3deb37c..ad0f11f22c0 100644 --- a/dll/3rdparty/mbedtls/ssl_ticket.c +++ b/dll/3rdparty/mbedtls/ssl_ticket.c @@ -1,7 +1,7 @@ /* * TLS server tickets callbacks implementation * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later * * This file is provided under the Apache License 2.0, or the @@ -42,8 +42,6 @@ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * * ********** - * - * This file is part of mbed TLS (https://tls.mbed.org) */ #if !defined(MBEDTLS_CONFIG_FILE) diff --git a/dll/3rdparty/mbedtls/ssl_tls.c b/dll/3rdparty/mbedtls/ssl_tls.c index 66596bffc9c..3b06feee86d 100644 --- a/dll/3rdparty/mbedtls/ssl_tls.c +++ b/dll/3rdparty/mbedtls/ssl_tls.c @@ -1,7 +1,7 @@ /* * SSLv3/TLSv1 shared functions * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later * * This file is provided under the Apache License 2.0, or the @@ -42,8 +42,6 @@ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * * ********** - * - * This file is part of mbed TLS (https://tls.mbed.org) */ /* * The SSL 3.0 specification was drafted by Netscape in 1996, @@ -1301,32 +1299,10 @@ static void ssl_mac( mbedtls_md_context_t *md_ctx, #endif /* MBEDTLS_SSL_PROTO_SSL3 */ #if defined(MBEDTLS_ARC4_C) || defined(MBEDTLS_CIPHER_NULL_CIPHER) || \ - ( defined(MBEDTLS_CIPHER_MODE_CBC) && \ - ( defined(MBEDTLS_AES_C) || defined(MBEDTLS_CAMELLIA_C) ) ) + defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC) #define SSL_SOME_MODES_USE_MAC #endif -/* The function below is only used in the Lucky 13 counter-measure in - * ssl_decrypt_buf(). These are the defines that guard the call site. */ -#if defined(SSL_SOME_MODES_USE_MAC) && \ - ( defined(MBEDTLS_SSL_PROTO_TLS1) || \ - defined(MBEDTLS_SSL_PROTO_TLS1_1) || \ - defined(MBEDTLS_SSL_PROTO_TLS1_2) ) -/* This function makes sure every byte in the memory region is accessed - * (in ascending addresses order) */ -static void ssl_read_memory( unsigned char *p, size_t len ) -{ - unsigned char acc = 0; - volatile unsigned char force; - - for( ; len != 0; p++, len-- ) - acc ^= *p; - - force = acc; - (void) force; -} -#endif /* SSL_SOME_MODES_USE_MAC && ( TLS1 || TLS1_1 || TLS1_2 ) */ - /* * Encryption/decryption functions */ @@ -1523,8 +1499,7 @@ static int ssl_encrypt_buf( mbedtls_ssl_context *ssl ) } else #endif /* MBEDTLS_GCM_C || MBEDTLS_CCM_C */ -#if defined(MBEDTLS_CIPHER_MODE_CBC) && \ - ( defined(MBEDTLS_AES_C) || defined(MBEDTLS_CAMELLIA_C) ) +#if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC) if( mode == MBEDTLS_MODE_CBC ) { int ret; @@ -1643,8 +1618,7 @@ static int ssl_encrypt_buf( mbedtls_ssl_context *ssl ) #endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */ } else -#endif /* MBEDTLS_CIPHER_MODE_CBC && - ( MBEDTLS_AES_C || MBEDTLS_CAMELLIA_C ) */ +#endif /* MBEDTLS_SSL_SOME_SUITES_USE_CBC */ { MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); @@ -1662,6 +1636,156 @@ static int ssl_encrypt_buf( mbedtls_ssl_context *ssl ) return( 0 ); } +#if defined(MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC) +/* + * Constant-flow conditional memcpy: + * - if c1 == c2, equivalent to memcpy(dst, src, len), + * - otherwise, a no-op, + * but with execution flow independent of the values of c1 and c2. + * + * Use only bit operations to avoid branches that could be used by some + * compilers on some platforms to translate comparison operators. + */ +static void mbedtls_ssl_cf_memcpy_if_eq( unsigned char *dst, + const unsigned char *src, + size_t len, + size_t c1, size_t c2 ) +{ + /* diff = 0 if c1 == c2, non-zero otherwise */ + const size_t diff = c1 ^ c2; + + /* MSVC has a warning about unary minus on unsigned integer types, + * but this is well-defined and precisely what we want to do here. */ +#if defined(_MSC_VER) +#pragma warning( push ) +#pragma warning( disable : 4146 ) +#endif + + /* diff_msb's most significant bit is equal to c1 != c2 */ + const size_t diff_msb = ( diff | -diff ); + + /* diff1 = c1 != c2 */ + const size_t diff1 = diff_msb >> ( sizeof( diff_msb ) * 8 - 1 ); + + /* mask = c1 != c2 ? 0xff : 0x00 */ + const unsigned char mask = (unsigned char) -diff1; + +#if defined(_MSC_VER) +#pragma warning( pop ) +#endif + + /* dst[i] = c1 != c2 ? dst[i] : src[i] */ + size_t i; + for( i = 0; i < len; i++ ) + dst[i] = ( dst[i] & mask ) | ( src[i] & ~mask ); +} + +/* + * Compute HMAC of variable-length data with constant flow. + * + * Only works with MD-5, SHA-1, SHA-256 and SHA-384. + * (Otherwise, computation of block_size needs to be adapted.) + */ +int mbedtls_ssl_cf_hmac( + mbedtls_md_context_t *ctx, + const unsigned char *add_data, size_t add_data_len, + const unsigned char *data, size_t data_len_secret, + size_t min_data_len, size_t max_data_len, + unsigned char *output ) +{ + /* + * This function breaks the HMAC abstraction and uses the md_clone() + * extension to the MD API in order to get constant-flow behaviour. + * + * HMAC(msg) is defined as HASH(okey + HASH(ikey + msg)) where + means + * concatenation, and okey/ikey are the XOR of the key with some fixed bit + * patterns (see RFC 2104, sec. 2), which are stored in ctx->hmac_ctx. + * + * We'll first compute inner_hash = HASH(ikey + msg) by hashing up to + * minlen, then cloning the context, and for each byte up to maxlen + * finishing up the hash computation, keeping only the correct result. + * + * Then we only need to compute HASH(okey + inner_hash) and we're done. + */ + const mbedtls_md_type_t md_alg = mbedtls_md_get_type( ctx->md_info ); + /* TLS 1.0-1.2 only support SHA-384, SHA-256, SHA-1, MD-5, + * all of which have the same block size except SHA-384. */ + const size_t block_size = md_alg == MBEDTLS_MD_SHA384 ? 128 : 64; + const unsigned char * const ikey = ctx->hmac_ctx; + const unsigned char * const okey = ikey + block_size; + const size_t hash_size = mbedtls_md_get_size( ctx->md_info ); + + unsigned char aux_out[MBEDTLS_MD_MAX_SIZE]; + mbedtls_md_context_t aux; + size_t offset; + int ret; + + mbedtls_md_init( &aux ); + +#define MD_CHK( func_call ) \ + do { \ + ret = (func_call); \ + if( ret != 0 ) \ + goto cleanup; \ + } while( 0 ) + + MD_CHK( mbedtls_md_setup( &aux, ctx->md_info, 0 ) ); + + /* After hmac_start() of hmac_reset(), ikey has already been hashed, + * so we can start directly with the message */ + MD_CHK( mbedtls_md_update( ctx, add_data, add_data_len ) ); + MD_CHK( mbedtls_md_update( ctx, data, min_data_len ) ); + + /* For each possible length, compute the hash up to that point */ + for( offset = min_data_len; offset <= max_data_len; offset++ ) + { + MD_CHK( mbedtls_md_clone( &aux, ctx ) ); + MD_CHK( mbedtls_md_finish( &aux, aux_out ) ); + /* Keep only the correct inner_hash in the output buffer */ + mbedtls_ssl_cf_memcpy_if_eq( output, aux_out, hash_size, + offset, data_len_secret ); + + if( offset < max_data_len ) + MD_CHK( mbedtls_md_update( ctx, data + offset, 1 ) ); + } + + /* Now compute HASH(okey + inner_hash) */ + MD_CHK( mbedtls_md_starts( ctx ) ); + MD_CHK( mbedtls_md_update( ctx, okey, block_size ) ); + MD_CHK( mbedtls_md_update( ctx, output, hash_size ) ); + MD_CHK( mbedtls_md_finish( ctx, output ) ); + + /* Done, get ready for next time */ + MD_CHK( mbedtls_md_hmac_reset( ctx ) ); + +#undef MD_CHK + +cleanup: + mbedtls_md_free( &aux ); + return( ret ); +} + +/* + * Constant-flow memcpy from variable position in buffer. + * - functionally equivalent to memcpy(dst, src + offset_secret, len) + * - but with execution flow independent from the value of offset_secret. + */ +void mbedtls_ssl_cf_memcpy_offset( unsigned char *dst, + const unsigned char *src_base, + size_t offset_secret, + size_t offset_min, size_t offset_max, + size_t len ) +{ + size_t offset; + + for( offset = offset_min; offset <= offset_max; offset++ ) + { + mbedtls_ssl_cf_memcpy_if_eq( dst, src_base + offset, len, + offset, offset_secret ); + } +} +#endif /* MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC */ + static int ssl_decrypt_buf( mbedtls_ssl_context *ssl ) { size_t i; @@ -1787,8 +1911,7 @@ static int ssl_decrypt_buf( mbedtls_ssl_context *ssl ) } else #endif /* MBEDTLS_GCM_C || MBEDTLS_CCM_C */ -#if defined(MBEDTLS_CIPHER_MODE_CBC) && \ - ( defined(MBEDTLS_AES_C) || defined(MBEDTLS_CAMELLIA_C) ) +#if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC) if( mode == MBEDTLS_MODE_CBC ) { /* @@ -1999,8 +2122,7 @@ static int ssl_decrypt_buf( mbedtls_ssl_context *ssl ) ssl->in_msglen -= padlen; } else -#endif /* MBEDTLS_CIPHER_MODE_CBC && - ( MBEDTLS_AES_C || MBEDTLS_CAMELLIA_C ) */ +#endif /* MBEDTLS_SSL_SOME_SUITES_USE_CBC) */ { MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); @@ -2019,6 +2141,7 @@ static int ssl_decrypt_buf( mbedtls_ssl_context *ssl ) if( auth_done == 0 ) { unsigned char mac_expect[MBEDTLS_SSL_MAC_ADD]; + unsigned char mac_peer[MBEDTLS_SSL_MAC_ADD]; ssl->in_msglen -= ssl->transform_in->maclen; @@ -2033,6 +2156,8 @@ static int ssl_decrypt_buf( mbedtls_ssl_context *ssl ) ssl->in_msg, ssl->in_msglen, ssl->in_ctr, ssl->in_msgtype, mac_expect ); + memcpy( mac_peer, ssl->in_msg + ssl->in_msglen, + ssl->transform_in->maclen ); } else #endif /* MBEDTLS_SSL_PROTO_SSL3 */ @@ -2040,34 +2165,8 @@ static int ssl_decrypt_buf( mbedtls_ssl_context *ssl ) defined(MBEDTLS_SSL_PROTO_TLS1_2) if( ssl->minor_ver > MBEDTLS_SSL_MINOR_VERSION_0 ) { - /* - * Process MAC and always update for padlen afterwards to make - * total time independent of padlen. - * - * Known timing attacks: - * - Lucky Thirteen (http://www.isg.rhul.ac.uk/tls/TLStiming.pdf) - * - * To compensate for different timings for the MAC calculation - * depending on how much padding was removed (which is determined - * by padlen), process extra_run more blocks through the hash - * function. - * - * The formula in the paper is - * extra_run = ceil( (L1-55) / 64 ) - ceil( (L2-55) / 64 ) - * where L1 is the size of the header plus the decrypted message - * plus CBC padding and L2 is the size of the header plus the - * decrypted message. This is for an underlying hash function - * with 64-byte blocks. - * We use ( (Lx+8) / 64 ) to handle 'negative Lx' values - * correctly. We round down instead of up, so -56 is the correct - * value for our calculations instead of -55. - * - * Repeat the formula rather than defining a block_size variable. - * This avoids requiring division by a variable at runtime - * (which would be marginally less efficient and would require - * linking an extra division function in some builds). - */ - size_t j, extra_run = 0; + int ret; + unsigned char add_data[13]; /* * The next two sizes are the minimum and maximum values of @@ -2082,66 +2181,25 @@ static int ssl_decrypt_buf( mbedtls_ssl_context *ssl ) const size_t max_len = ssl->in_msglen + padlen; const size_t min_len = ( max_len > 256 ) ? max_len - 256 : 0; - switch( ssl->transform_in->ciphersuite_info->mac ) + memcpy( add_data + 0, ssl->in_ctr, 8 ); + memcpy( add_data + 8, ssl->in_hdr, 3 ); + memcpy( add_data + 11, ssl->in_len, 2 ); + + ret = mbedtls_ssl_cf_hmac( &ssl->transform_in->md_ctx_dec, + add_data, sizeof( add_data ), + ssl->in_msg, ssl->in_msglen, + min_len, max_len, + mac_expect ); + if( ret != 0 ) { -#if defined(MBEDTLS_MD5_C) || defined(MBEDTLS_SHA1_C) || \ - defined(MBEDTLS_SHA256_C) - case MBEDTLS_MD_MD5: - case MBEDTLS_MD_SHA1: - case MBEDTLS_MD_SHA256: - /* 8 bytes of message size, 64-byte compression blocks */ - extra_run = ( 13 + ssl->in_msglen + padlen + 8 ) / 64 - - ( 13 + ssl->in_msglen + 8 ) / 64; - break; -#endif -#if defined(MBEDTLS_SHA512_C) - case MBEDTLS_MD_SHA384: - /* 16 bytes of message size, 128-byte compression blocks */ - extra_run = ( 13 + ssl->in_msglen + padlen + 16 ) / 128 - - ( 13 + ssl->in_msglen + 16 ) / 128; - break; -#endif - default: - MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_cf_hmac", ret ); + return( ret ); } - extra_run &= correct * 0xFF; - - mbedtls_md_hmac_update( &ssl->transform_in->md_ctx_dec, ssl->in_ctr, 8 ); - mbedtls_md_hmac_update( &ssl->transform_in->md_ctx_dec, ssl->in_hdr, 3 ); - mbedtls_md_hmac_update( &ssl->transform_in->md_ctx_dec, ssl->in_len, 2 ); - mbedtls_md_hmac_update( &ssl->transform_in->md_ctx_dec, ssl->in_msg, - ssl->in_msglen ); - /* Make sure we access everything even when padlen > 0. This - * makes the synchronisation requirements for just-in-time - * Prime+Probe attacks much tighter and hopefully impractical. */ - ssl_read_memory( ssl->in_msg + ssl->in_msglen, padlen ); - mbedtls_md_hmac_finish( &ssl->transform_in->md_ctx_dec, mac_expect ); - - /* Dummy calls to compression function. - * Call mbedtls_md_process at least once due to cache attacks - * that observe whether md_process() was called of not. - * Respect the usual start-(process|update)-finish sequence for - * the sake of hardware accelerators that might require it. */ - mbedtls_md_starts( &ssl->transform_in->md_ctx_dec ); - for( j = 0; j < extra_run + 1; j++ ) - mbedtls_md_process( &ssl->transform_in->md_ctx_dec, ssl->in_msg ); - { - /* The switch statement above already checks that we're using - * one of MD-5, SHA-1, SHA-256 or SHA-384. */ - unsigned char tmp[384 / 8]; - mbedtls_md_finish( &ssl->transform_in->md_ctx_dec, tmp ); - } - - mbedtls_md_hmac_reset( &ssl->transform_in->md_ctx_dec ); - - /* Make sure we access all the memory that could contain the MAC, - * before we check it in the next code block. This makes the - * synchronisation requirements for just-in-time Prime+Probe - * attacks much tighter and hopefully impractical. */ - ssl_read_memory( ssl->in_msg + min_len, - max_len - min_len + ssl->transform_in->maclen ); + mbedtls_ssl_cf_memcpy_offset( mac_peer, ssl->in_msg, + ssl->in_msglen, + min_len, max_len, + ssl->transform_in->maclen ); } else #endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 || \ @@ -2153,11 +2211,10 @@ static int ssl_decrypt_buf( mbedtls_ssl_context *ssl ) #if defined(MBEDTLS_SSL_DEBUG_ALL) MBEDTLS_SSL_DEBUG_BUF( 4, "expected mac", mac_expect, ssl->transform_in->maclen ); - MBEDTLS_SSL_DEBUG_BUF( 4, "message mac", ssl->in_msg + ssl->in_msglen, - ssl->transform_in->maclen ); + MBEDTLS_SSL_DEBUG_BUF( 4, "message mac", mac_peer, ssl->transform_in->maclen ); #endif - if( mbedtls_ssl_safer_memcmp( ssl->in_msg + ssl->in_msglen, mac_expect, + if( mbedtls_ssl_safer_memcmp( mac_peer, mac_expect, ssl->transform_in->maclen ) != 0 ) { #if defined(MBEDTLS_SSL_DEBUG_ALL) @@ -2581,7 +2638,7 @@ int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want ) if( ret < 0 ) return( ret ); - if ( (size_t)ret > len || ( INT_MAX > SIZE_MAX && ret > SIZE_MAX ) ) + if ( (size_t)ret > len || ( INT_MAX > SIZE_MAX && ret > (int)SIZE_MAX ) ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "f_recv returned %d bytes but only %lu were requested", @@ -2636,7 +2693,7 @@ int mbedtls_ssl_flush_output( mbedtls_ssl_context *ssl ) if( ret <= 0 ) return( ret ); - if( (size_t)ret > ssl->out_left || ( INT_MAX > SIZE_MAX && ret > SIZE_MAX ) ) + if( (size_t)ret > ssl->out_left || ( INT_MAX > SIZE_MAX && ret > (int)SIZE_MAX ) ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "f_send returned %d bytes but only %lu bytes were sent", @@ -7347,6 +7404,10 @@ int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len ) memcpy( buf, ssl->in_offt, n ); ssl->in_msglen -= n; + /* Zeroising the plaintext buffer to erase unused application data + from the memory. */ + mbedtls_zeroize( ssl->in_offt, n ); + if( ssl->in_msglen == 0 ) { /* all bytes consumed */ diff --git a/dll/3rdparty/mbedtls/threading.c b/dll/3rdparty/mbedtls/threading.c index 68667a3a892..838cd74d93d 100644 --- a/dll/3rdparty/mbedtls/threading.c +++ b/dll/3rdparty/mbedtls/threading.c @@ -1,7 +1,7 @@ /* * Threading abstraction layer * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later * * This file is provided under the Apache License 2.0, or the @@ -42,8 +42,6 @@ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * * ********** - * - * This file is part of mbed TLS (https://tls.mbed.org) */ #if !defined(MBEDTLS_CONFIG_FILE) diff --git a/dll/3rdparty/mbedtls/timing.c b/dll/3rdparty/mbedtls/timing.c index 4b25057f9a9..6b91ea43c7e 100644 --- a/dll/3rdparty/mbedtls/timing.c +++ b/dll/3rdparty/mbedtls/timing.c @@ -1,7 +1,7 @@ /* * Portable interface to the CPU cycle counter * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later * * This file is provided under the Apache License 2.0, or the @@ -42,8 +42,6 @@ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * * ********** - * - * This file is part of mbed TLS (https://tls.mbed.org) */ #if !defined(MBEDTLS_CONFIG_FILE) diff --git a/dll/3rdparty/mbedtls/version.c b/dll/3rdparty/mbedtls/version.c index 225cfe73cee..22682b85788 100644 --- a/dll/3rdparty/mbedtls/version.c +++ b/dll/3rdparty/mbedtls/version.c @@ -1,7 +1,7 @@ /* * Version information * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later * * This file is provided under the Apache License 2.0, or the @@ -42,8 +42,6 @@ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * * ********** - * - * This file is part of mbed TLS (https://tls.mbed.org) */ #if !defined(MBEDTLS_CONFIG_FILE) diff --git a/dll/3rdparty/mbedtls/version_features.c b/dll/3rdparty/mbedtls/version_features.c index 454c2be7f01..a3e3df4f998 100644 --- a/dll/3rdparty/mbedtls/version_features.c +++ b/dll/3rdparty/mbedtls/version_features.c @@ -1,7 +1,7 @@ /* * Version feature information * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later * * This file is provided under the Apache License 2.0, or the @@ -42,8 +42,6 @@ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * * ********** - * - * This file is part of mbed TLS (https://tls.mbed.org) */ #if !defined(MBEDTLS_CONFIG_FILE) @@ -255,6 +253,12 @@ static const char *features[] = { #if defined(MBEDTLS_ECP_NORMALIZE_MXZ_ALT) "MBEDTLS_ECP_NORMALIZE_MXZ_ALT", #endif /* MBEDTLS_ECP_NORMALIZE_MXZ_ALT */ +#if defined(MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN) + "MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN", +#endif /* MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN */ +#if defined(MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND) + "MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND", +#endif /* MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND */ #if defined(MBEDTLS_TEST_NULL_ENTROPY) "MBEDTLS_TEST_NULL_ENTROPY", #endif /* MBEDTLS_TEST_NULL_ENTROPY */ diff --git a/dll/3rdparty/mbedtls/x509.c b/dll/3rdparty/mbedtls/x509.c index 593f316010d..377c106d8c1 100644 --- a/dll/3rdparty/mbedtls/x509.c +++ b/dll/3rdparty/mbedtls/x509.c @@ -1,7 +1,7 @@ /* * X.509 common functions for parsing and verification * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later * * This file is provided under the Apache License 2.0, or the @@ -42,8 +42,6 @@ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * * ********** - * - * This file is part of mbed TLS (https://tls.mbed.org) */ /* * The ITU-T X.509 standard defines a certificate format for PKI. diff --git a/dll/3rdparty/mbedtls/x509_create.c b/dll/3rdparty/mbedtls/x509_create.c index afcb50a7434..252e835bb32 100644 --- a/dll/3rdparty/mbedtls/x509_create.c +++ b/dll/3rdparty/mbedtls/x509_create.c @@ -1,7 +1,7 @@ /* * X.509 base functions for creating certificates / CSRs * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later * * This file is provided under the Apache License 2.0, or the @@ -42,8 +42,6 @@ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * * ********** - * - * This file is part of mbed TLS (https://tls.mbed.org) */ #if !defined(MBEDTLS_CONFIG_FILE) diff --git a/dll/3rdparty/mbedtls/x509_crl.c b/dll/3rdparty/mbedtls/x509_crl.c index 846cd45d02c..73a300d217e 100644 --- a/dll/3rdparty/mbedtls/x509_crl.c +++ b/dll/3rdparty/mbedtls/x509_crl.c @@ -1,7 +1,7 @@ /* * X.509 Certidicate Revocation List (CRL) parsing * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later * * This file is provided under the Apache License 2.0, or the @@ -42,8 +42,6 @@ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * * ********** - * - * This file is part of mbed TLS (https://tls.mbed.org) */ /* * The ITU-T X.509 standard defines a certificate format for PKI. @@ -289,13 +287,13 @@ static int x509_get_entries( unsigned char **p, size_t len2; const unsigned char *end2; + cur_entry->raw.tag = **p; if( ( ret = mbedtls_asn1_get_tag( p, end, &len2, MBEDTLS_ASN1_SEQUENCE | MBEDTLS_ASN1_CONSTRUCTED ) ) != 0 ) { return( ret ); } - cur_entry->raw.tag = **p; cur_entry->raw.p = *p; cur_entry->raw.len = len2; end2 = *p + len2; diff --git a/dll/3rdparty/mbedtls/x509_crt.c b/dll/3rdparty/mbedtls/x509_crt.c index 7b6481529b0..8a59bf89712 100644 --- a/dll/3rdparty/mbedtls/x509_crt.c +++ b/dll/3rdparty/mbedtls/x509_crt.c @@ -1,7 +1,7 @@ /* * X.509 certificate parsing and verification * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later * * This file is provided under the Apache License 2.0, or the @@ -42,8 +42,6 @@ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * * ********** - * - * This file is part of mbed TLS (https://tls.mbed.org) */ /* * The ITU-T X.509 standard defines a certificate format for PKI. @@ -1788,8 +1786,7 @@ int mbedtls_x509_crt_is_revoked( const mbedtls_x509_crt *crt, const mbedtls_x509 if( crt->serial.len == cur->serial.len && memcmp( crt->serial.p, cur->serial.p, crt->serial.len ) == 0 ) { - if( mbedtls_x509_time_is_past( &cur->revocation_date ) ) - return( 1 ); + return( 1 ); } cur = cur->next; diff --git a/dll/3rdparty/mbedtls/x509_csr.c b/dll/3rdparty/mbedtls/x509_csr.c index cb25809aeef..50988e019d7 100644 --- a/dll/3rdparty/mbedtls/x509_csr.c +++ b/dll/3rdparty/mbedtls/x509_csr.c @@ -1,7 +1,7 @@ /* * X.509 Certificate Signing Request (CSR) parsing * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later * * This file is provided under the Apache License 2.0, or the @@ -42,8 +42,6 @@ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * * ********** - * - * This file is part of mbed TLS (https://tls.mbed.org) */ /* * The ITU-T X.509 standard defines a certificate format for PKI. diff --git a/dll/3rdparty/mbedtls/x509write_crt.c b/dll/3rdparty/mbedtls/x509write_crt.c index a69098638c3..daebb813ef4 100644 --- a/dll/3rdparty/mbedtls/x509write_crt.c +++ b/dll/3rdparty/mbedtls/x509write_crt.c @@ -1,7 +1,7 @@ /* * X.509 certificate writing * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later * * This file is provided under the Apache License 2.0, or the @@ -42,8 +42,6 @@ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * * ********** - * - * This file is part of mbed TLS (https://tls.mbed.org) */ /* * References: diff --git a/dll/3rdparty/mbedtls/x509write_csr.c b/dll/3rdparty/mbedtls/x509write_csr.c index 0d810999c84..cbf4276eca5 100644 --- a/dll/3rdparty/mbedtls/x509write_csr.c +++ b/dll/3rdparty/mbedtls/x509write_csr.c @@ -1,7 +1,7 @@ /* * X.509 Certificate Signing Request writing * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later * * This file is provided under the Apache License 2.0, or the @@ -42,8 +42,6 @@ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * * ********** - * - * This file is part of mbed TLS (https://tls.mbed.org) */ /* * References: diff --git a/dll/3rdparty/mbedtls/xtea.c b/dll/3rdparty/mbedtls/xtea.c index 6ed64e03050..a1e51414442 100644 --- a/dll/3rdparty/mbedtls/xtea.c +++ b/dll/3rdparty/mbedtls/xtea.c @@ -1,7 +1,7 @@ /* * An 32-bit implementation of the XTEA algorithm * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later * * This file is provided under the Apache License 2.0, or the @@ -42,8 +42,6 @@ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * * ********** - * - * This file is part of mbed TLS (https://tls.mbed.org) */ #if !defined(MBEDTLS_CONFIG_FILE) diff --git a/media/doc/3rd Party Files.txt b/media/doc/3rd Party Files.txt index 392a38fffd3..236d474e0c5 100644 --- a/media/doc/3rd Party Files.txt +++ b/media/doc/3rd Party Files.txt @@ -51,7 +51,7 @@ URL: http://xmlsoft.org Title: mbed TLS Path: dll/3rdparty/mbedtls -Used Version: 2.7.16 +Used Version: 2.7.17 License: Apache-2.0 (https://spdx.org/licenses/Apache-2.0.html) URL: https://tls.mbed.org/ diff --git a/sdk/include/reactos/libs/mbedtls/aes.h b/sdk/include/reactos/libs/mbedtls/aes.h index 8fa80ef4f34..a187796b202 100644 --- a/sdk/include/reactos/libs/mbedtls/aes.h +++ b/sdk/include/reactos/libs/mbedtls/aes.h @@ -13,7 +13,7 @@ * ciphers. */ /* - * Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved. + * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later * * This file is provided under the Apache License 2.0, or the @@ -54,8 +54,6 @@ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * * ********** - * - * This file is part of Mbed TLS (https://tls.mbed.org) */ #ifndef MBEDTLS_AES_H diff --git a/sdk/include/reactos/libs/mbedtls/aesni.h b/sdk/include/reactos/libs/mbedtls/aesni.h index 46ffcb7ae08..845da74e8c1 100644 --- a/sdk/include/reactos/libs/mbedtls/aesni.h +++ b/sdk/include/reactos/libs/mbedtls/aesni.h @@ -4,7 +4,7 @@ * \brief AES-NI for hardware AES acceleration on some Intel processors */ /* - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later * * This file is provided under the Apache License 2.0, or the @@ -45,8 +45,6 @@ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * * ********** - * - * This file is part of mbed TLS (https://tls.mbed.org) */ #ifndef MBEDTLS_AESNI_H #define MBEDTLS_AESNI_H diff --git a/sdk/include/reactos/libs/mbedtls/arc4.h b/sdk/include/reactos/libs/mbedtls/arc4.h index a1db537b4d6..50b6f48334a 100644 --- a/sdk/include/reactos/libs/mbedtls/arc4.h +++ b/sdk/include/reactos/libs/mbedtls/arc4.h @@ -7,7 +7,7 @@ * security risk. We recommend considering stronger ciphers instead. */ /* - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later * * This file is provided under the Apache License 2.0, or the @@ -49,8 +49,6 @@ * * ********** * - * This file is part of mbed TLS (https://tls.mbed.org) - * */ #ifndef MBEDTLS_ARC4_H #define MBEDTLS_ARC4_H diff --git a/sdk/include/reactos/libs/mbedtls/asn1.h b/sdk/include/reactos/libs/mbedtls/asn1.h index c64038cdb5c..0e596bca2cd 100644 --- a/sdk/include/reactos/libs/mbedtls/asn1.h +++ b/sdk/include/reactos/libs/mbedtls/asn1.h @@ -4,7 +4,7 @@ * \brief Generic ASN.1 parsing */ /* - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later * * This file is provided under the Apache License 2.0, or the @@ -45,8 +45,6 @@ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * * ********** - * - * This file is part of mbed TLS (https://tls.mbed.org) */ #ifndef MBEDTLS_ASN1_H #define MBEDTLS_ASN1_H diff --git a/sdk/include/reactos/libs/mbedtls/asn1write.h b/sdk/include/reactos/libs/mbedtls/asn1write.h index 79d2bfce414..93c570a45c9 100644 --- a/sdk/include/reactos/libs/mbedtls/asn1write.h +++ b/sdk/include/reactos/libs/mbedtls/asn1write.h @@ -4,7 +4,7 @@ * \brief ASN.1 buffer writing functionality */ /* - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later * * This file is provided under the Apache License 2.0, or the @@ -45,8 +45,6 @@ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * * ********** - * - * This file is part of mbed TLS (https://tls.mbed.org) */ #ifndef MBEDTLS_ASN1_WRITE_H #define MBEDTLS_ASN1_WRITE_H diff --git a/sdk/include/reactos/libs/mbedtls/base64.h b/sdk/include/reactos/libs/mbedtls/base64.h index 814860bd010..f30be4ac3e9 100644 --- a/sdk/include/reactos/libs/mbedtls/base64.h +++ b/sdk/include/reactos/libs/mbedtls/base64.h @@ -4,7 +4,7 @@ * \brief RFC 1521 base64 encoding/decoding */ /* - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later * * This file is provided under the Apache License 2.0, or the @@ -45,8 +45,6 @@ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * * ********** - * - * This file is part of mbed TLS (https://tls.mbed.org) */ #ifndef MBEDTLS_BASE64_H #define MBEDTLS_BASE64_H diff --git a/sdk/include/reactos/libs/mbedtls/bignum.h b/sdk/include/reactos/libs/mbedtls/bignum.h index 956c57f3f49..754b50a3bf3 100644 --- a/sdk/include/reactos/libs/mbedtls/bignum.h +++ b/sdk/include/reactos/libs/mbedtls/bignum.h @@ -4,7 +4,7 @@ * \brief Multi-precision integer library */ /* - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later * * This file is provided under the Apache License 2.0, or the @@ -45,8 +45,6 @@ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * * ********** - * - * This file is part of mbed TLS (https://tls.mbed.org) */ #ifndef MBEDTLS_BIGNUM_H #define MBEDTLS_BIGNUM_H diff --git a/sdk/include/reactos/libs/mbedtls/blowfish.h b/sdk/include/reactos/libs/mbedtls/blowfish.h index b8be15de95b..60017af3dcf 100644 --- a/sdk/include/reactos/libs/mbedtls/blowfish.h +++ b/sdk/include/reactos/libs/mbedtls/blowfish.h @@ -4,7 +4,7 @@ * \brief Blowfish block cipher */ /* - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later * * This file is provided under the Apache License 2.0, or the @@ -45,8 +45,6 @@ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * * ********** - * - * This file is part of mbed TLS (https://tls.mbed.org) */ #ifndef MBEDTLS_BLOWFISH_H #define MBEDTLS_BLOWFISH_H diff --git a/sdk/include/reactos/libs/mbedtls/bn_mul.h b/sdk/include/reactos/libs/mbedtls/bn_mul.h index dad2b408cda..d0b1022310e 100644 --- a/sdk/include/reactos/libs/mbedtls/bn_mul.h +++ b/sdk/include/reactos/libs/mbedtls/bn_mul.h @@ -4,7 +4,7 @@ * \brief Multi-precision integer library */ /* - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later * * This file is provided under the Apache License 2.0, or the @@ -45,8 +45,6 @@ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * * ********** - * - * This file is part of mbed TLS (https://tls.mbed.org) */ /* * Multiply source vector [s] with b, add result diff --git a/sdk/include/reactos/libs/mbedtls/camellia.h b/sdk/include/reactos/libs/mbedtls/camellia.h index 2cde2d9a8bc..1ed0ca4bd7c 100644 --- a/sdk/include/reactos/libs/mbedtls/camellia.h +++ b/sdk/include/reactos/libs/mbedtls/camellia.h @@ -4,7 +4,7 @@ * \brief Camellia block cipher */ /* - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later * * This file is provided under the Apache License 2.0, or the @@ -45,8 +45,6 @@ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * * ********** - * - * This file is part of mbed TLS (https://tls.mbed.org) */ #ifndef MBEDTLS_CAMELLIA_H #define MBEDTLS_CAMELLIA_H diff --git a/sdk/include/reactos/libs/mbedtls/ccm.h b/sdk/include/reactos/libs/mbedtls/ccm.h index 153b1287d42..80cc1f68c4f 100644 --- a/sdk/include/reactos/libs/mbedtls/ccm.h +++ b/sdk/include/reactos/libs/mbedtls/ccm.h @@ -13,7 +13,7 @@ * */ /* - * Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved + * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later * * This file is provided under the Apache License 2.0, or the @@ -54,8 +54,6 @@ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * * ********** - * - * This file is part of Mbed TLS (https://tls.mbed.org) */ #ifndef MBEDTLS_CCM_H diff --git a/sdk/include/reactos/libs/mbedtls/certs.h b/sdk/include/reactos/libs/mbedtls/certs.h index 10cadfc7cfc..867228840d7 100644 --- a/sdk/include/reactos/libs/mbedtls/certs.h +++ b/sdk/include/reactos/libs/mbedtls/certs.h @@ -4,7 +4,7 @@ * \brief Sample certificates and DHM parameters for testing */ /* - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later * * This file is provided under the Apache License 2.0, or the @@ -45,8 +45,6 @@ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * * ********** - * - * This file is part of mbed TLS (https://tls.mbed.org) */ #ifndef MBEDTLS_CERTS_H #define MBEDTLS_CERTS_H diff --git a/sdk/include/reactos/libs/mbedtls/check_config.h b/sdk/include/reactos/libs/mbedtls/check_config.h index 1215e6eb95c..654c6ba57e8 100644 --- a/sdk/include/reactos/libs/mbedtls/check_config.h +++ b/sdk/include/reactos/libs/mbedtls/check_config.h @@ -4,7 +4,7 @@ * \brief Consistency checks for configuration options */ /* - * Copyright (C) 2006-2016, ARM Limited, All Rights Reserved + * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later * * This file is provided under the Apache License 2.0, or the @@ -45,8 +45,6 @@ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * * ********** - * - * This file is part of mbed TLS (https://tls.mbed.org) */ /* @@ -182,6 +180,16 @@ #error "MBEDTLS_ENTROPY_FORCE_SHA256 defined, but not all prerequisites" #endif +#if defined(__has_feature) +#if __has_feature(memory_sanitizer) +#define MBEDTLS_HAS_MEMSAN +#endif +#endif +#if defined(MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN) && !defined(MBEDTLS_HAS_MEMSAN) +#error "MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN requires building with MemorySanitizer" +#endif +#undef MBEDTLS_HAS_MEMSAN + #if defined(MBEDTLS_TEST_NULL_ENTROPY) && \ ( !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES) ) #error "MBEDTLS_TEST_NULL_ENTROPY defined, but not all prerequisites" diff --git a/sdk/include/reactos/libs/mbedtls/cipher.h b/sdk/include/reactos/libs/mbedtls/cipher.h index 8830107df37..7f40b7ec8d5 100644 --- a/sdk/include/reactos/libs/mbedtls/cipher.h +++ b/sdk/include/reactos/libs/mbedtls/cipher.h @@ -6,7 +6,7 @@ * \author Adriaan de Jong */ /* - * Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved + * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later * * This file is provided under the Apache License 2.0, or the @@ -47,8 +47,6 @@ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * * ********** - * - * This file is part of Mbed TLS (https://tls.mbed.org) */ #ifndef MBEDTLS_CIPHER_H diff --git a/sdk/include/reactos/libs/mbedtls/cipher_internal.h b/sdk/include/reactos/libs/mbedtls/cipher_internal.h index 7e0b75a8797..758cf95aa22 100644 --- a/sdk/include/reactos/libs/mbedtls/cipher_internal.h +++ b/sdk/include/reactos/libs/mbedtls/cipher_internal.h @@ -6,7 +6,7 @@ * \author Adriaan de Jong */ /* - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later * * This file is provided under the Apache License 2.0, or the @@ -47,8 +47,6 @@ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * * ********** - * - * This file is part of mbed TLS (https://tls.mbed.org) */ #ifndef MBEDTLS_CIPHER_WRAP_H #define MBEDTLS_CIPHER_WRAP_H diff --git a/sdk/include/reactos/libs/mbedtls/cmac.h b/sdk/include/reactos/libs/mbedtls/cmac.h index 6b3414144dd..dbfc1bbf9c2 100644 --- a/sdk/include/reactos/libs/mbedtls/cmac.h +++ b/sdk/include/reactos/libs/mbedtls/cmac.h @@ -5,7 +5,7 @@ * Authentication. */ /* - * Copyright (C) 2015-2018, Arm Limited (or its affiliates), All Rights Reserved + * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later * * This file is provided under the Apache License 2.0, or the @@ -46,8 +46,6 @@ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * * ********** - * - * This file is part of Mbed TLS (https://tls.mbed.org) */ #ifndef MBEDTLS_CMAC_H diff --git a/sdk/include/reactos/libs/mbedtls/compat-1.3.h b/sdk/include/reactos/libs/mbedtls/compat-1.3.h index 8b6d36b2373..b0103cc893d 100644 --- a/sdk/include/reactos/libs/mbedtls/compat-1.3.h +++ b/sdk/include/reactos/libs/mbedtls/compat-1.3.h @@ -7,7 +7,7 @@ * \deprecated Use the new names directly instead */ /* - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later * * This file is provided under the Apache License 2.0, or the @@ -48,8 +48,6 @@ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * * ********** - * - * This file is part of mbed TLS (https://tls.mbed.org) */ #if !defined(MBEDTLS_CONFIG_FILE) diff --git a/sdk/include/reactos/libs/mbedtls/config.h b/sdk/include/reactos/libs/mbedtls/config.h index 990589418ab..1d0e659ca36 100644 --- a/sdk/include/reactos/libs/mbedtls/config.h +++ b/sdk/include/reactos/libs/mbedtls/config.h @@ -8,7 +8,7 @@ * memory footprint. */ /* - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later * * This file is provided under the Apache License 2.0, or the @@ -49,8 +49,6 @@ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * * ********** - * - * This file is part of mbed TLS (https://tls.mbed.org) */ #ifndef MBEDTLS_CONFIG_H @@ -444,6 +442,42 @@ //#define MBEDTLS_ECP_RANDOMIZE_MXZ_ALT //#define MBEDTLS_ECP_NORMALIZE_MXZ_ALT +/** + * \def MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN + * + * Enable testing of the constant-flow nature of some sensitive functions with + * clang's MemorySanitizer. This causes some existing tests to also test + * this non-functional property of the code under test. + * + * This setting requires compiling with clang -fsanitize=memory. The test + * suites can then be run normally. + * + * \warning This macro is only used for extended testing; it is not considered + * part of the library's API, so it may change or disappear at any time. + * + * Uncomment to enable testing of the constant-flow nature of selected code. + */ +//#define MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN + +/** + * \def MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND + * + * Enable testing of the constant-flow nature of some sensitive functions with + * valgrind's memcheck tool. This causes some existing tests to also test + * this non-functional property of the code under test. + * + * This setting requires valgrind headers for building, and is only useful for + * testing if the tests suites are run with valgrind's memcheck. This can be + * done for an individual test suite with 'valgrind ./test_suite_xxx', or when + * using CMake, this can be done for all test suites with 'make memcheck'. + * + * \warning This macro is only used for extended testing; it is not considered + * part of the library's API, so it may change or disappear at any time. + * + * Uncomment to enable testing of the constant-flow nature of selected code. + */ +//#define MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND + /** * \def MBEDTLS_TEST_NULL_ENTROPY * diff --git a/sdk/include/reactos/libs/mbedtls/ctr_drbg.h b/sdk/include/reactos/libs/mbedtls/ctr_drbg.h index 390059c3b90..7aadaf9b4e7 100644 --- a/sdk/include/reactos/libs/mbedtls/ctr_drbg.h +++ b/sdk/include/reactos/libs/mbedtls/ctr_drbg.h @@ -32,7 +32,7 @@ * - \c 32 if \c MBEDTLS_ENTROPY_FORCE_SHA256 is enabled at compile time. */ /* - * Copyright (C) 2006-2019, Arm Limited (or its affiliates), All Rights Reserved + * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later * * This file is provided under the Apache License 2.0, or the @@ -73,8 +73,6 @@ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * * ********** - * - * This file is part of Mbed TLS (https://tls.mbed.org) */ #ifndef MBEDTLS_CTR_DRBG_H diff --git a/sdk/include/reactos/libs/mbedtls/debug.h b/sdk/include/reactos/libs/mbedtls/debug.h index 1949622c74e..efc7e9fff98 100644 --- a/sdk/include/reactos/libs/mbedtls/debug.h +++ b/sdk/include/reactos/libs/mbedtls/debug.h @@ -4,7 +4,7 @@ * \brief Functions for controlling and providing debug output from the library. */ /* - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later * * This file is provided under the Apache License 2.0, or the @@ -45,8 +45,6 @@ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * * ********** - * - * This file is part of mbed TLS (https://tls.mbed.org) */ #ifndef MBEDTLS_DEBUG_H #define MBEDTLS_DEBUG_H diff --git a/sdk/include/reactos/libs/mbedtls/des.h b/sdk/include/reactos/libs/mbedtls/des.h index b948744895c..b04ad170ded 100644 --- a/sdk/include/reactos/libs/mbedtls/des.h +++ b/sdk/include/reactos/libs/mbedtls/des.h @@ -8,7 +8,7 @@ * instead. */ /* - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later * * This file is provided under the Apache License 2.0, or the @@ -50,8 +50,6 @@ * * ********** * - * This file is part of mbed TLS (https://tls.mbed.org) - * */ #ifndef MBEDTLS_DES_H #define MBEDTLS_DES_H diff --git a/sdk/include/reactos/libs/mbedtls/dhm.h b/sdk/include/reactos/libs/mbedtls/dhm.h index 7077cb3a5b1..233b1f20031 100644 --- a/sdk/include/reactos/libs/mbedtls/dhm.h +++ b/sdk/include/reactos/libs/mbedtls/dhm.h @@ -38,7 +38,7 @@ * */ /* - * Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved + * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later * * This file is provided under the Apache License 2.0, or the @@ -79,8 +79,6 @@ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * * ********** - * - * This file is part of Mbed TLS (https://tls.mbed.org) */ #ifndef MBEDTLS_DHM_H diff --git a/sdk/include/reactos/libs/mbedtls/ecdh.h b/sdk/include/reactos/libs/mbedtls/ecdh.h index 476156b9492..e937c899fff 100644 --- a/sdk/include/reactos/libs/mbedtls/ecdh.h +++ b/sdk/include/reactos/libs/mbedtls/ecdh.h @@ -12,7 +12,7 @@ * Cryptography. */ /* - * Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved + * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later * * This file is provided under the Apache License 2.0, or the @@ -53,8 +53,6 @@ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * * ********** - * - * This file is part of Mbed TLS (https://tls.mbed.org) */ #ifndef MBEDTLS_ECDH_H diff --git a/sdk/include/reactos/libs/mbedtls/ecdsa.h b/sdk/include/reactos/libs/mbedtls/ecdsa.h index faec04db0fd..1a34ff271b1 100644 --- a/sdk/include/reactos/libs/mbedtls/ecdsa.h +++ b/sdk/include/reactos/libs/mbedtls/ecdsa.h @@ -10,7 +10,7 @@ * */ /* - * Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved + * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later * * This file is provided under the Apache License 2.0, or the @@ -51,8 +51,6 @@ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * * ********** - * - * This file is part of Mbed TLS (https://tls.mbed.org) */ #ifndef MBEDTLS_ECDSA_H diff --git a/sdk/include/reactos/libs/mbedtls/ecjpake.h b/sdk/include/reactos/libs/mbedtls/ecjpake.h index 95620c52d63..1e941702f60 100644 --- a/sdk/include/reactos/libs/mbedtls/ecjpake.h +++ b/sdk/include/reactos/libs/mbedtls/ecjpake.h @@ -4,7 +4,7 @@ * \brief Elliptic curve J-PAKE */ /* - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later * * This file is provided under the Apache License 2.0, or the @@ -45,8 +45,6 @@ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * * ********** - * - * This file is part of mbed TLS (https://tls.mbed.org) */ #ifndef MBEDTLS_ECJPAKE_H #define MBEDTLS_ECJPAKE_H diff --git a/sdk/include/reactos/libs/mbedtls/ecp.h b/sdk/include/reactos/libs/mbedtls/ecp.h index 73eac625ea9..6ebd2d654d9 100644 --- a/sdk/include/reactos/libs/mbedtls/ecp.h +++ b/sdk/include/reactos/libs/mbedtls/ecp.h @@ -4,7 +4,7 @@ * \brief Elliptic curves over GF(p) */ /* - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later * * This file is provided under the Apache License 2.0, or the @@ -45,8 +45,6 @@ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * * ********** - * - * This file is part of mbed TLS (https://tls.mbed.org) */ #ifndef MBEDTLS_ECP_H #define MBEDTLS_ECP_H diff --git a/sdk/include/reactos/libs/mbedtls/ecp_internal.h b/sdk/include/reactos/libs/mbedtls/ecp_internal.h index 4e9445ae444..0047bd4ef91 100644 --- a/sdk/include/reactos/libs/mbedtls/ecp_internal.h +++ b/sdk/include/reactos/libs/mbedtls/ecp_internal.h @@ -5,7 +5,7 @@ * point arithmetic. */ /* - * Copyright (C) 2016, ARM Limited, All Rights Reserved + * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later * * This file is provided under the Apache License 2.0, or the @@ -46,8 +46,6 @@ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * * ********** - * - * This file is part of mbed TLS (https://tls.mbed.org) */ /* diff --git a/sdk/include/reactos/libs/mbedtls/entropy.h b/sdk/include/reactos/libs/mbedtls/entropy.h index 258ad554d75..cee6ab5a789 100644 --- a/sdk/include/reactos/libs/mbedtls/entropy.h +++ b/sdk/include/reactos/libs/mbedtls/entropy.h @@ -4,7 +4,7 @@ * \brief Entropy accumulator implementation */ /* - * Copyright (C) 2006-2016, ARM Limited, All Rights Reserved + * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later * * This file is provided under the Apache License 2.0, or the @@ -45,8 +45,6 @@ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * * ********** - * - * This file is part of mbed TLS (https://tls.mbed.org) */ #ifndef MBEDTLS_ENTROPY_H #define MBEDTLS_ENTROPY_H diff --git a/sdk/include/reactos/libs/mbedtls/entropy_poll.h b/sdk/include/reactos/libs/mbedtls/entropy_poll.h index 9843a9e460b..c348fe52d42 100644 --- a/sdk/include/reactos/libs/mbedtls/entropy_poll.h +++ b/sdk/include/reactos/libs/mbedtls/entropy_poll.h @@ -4,7 +4,7 @@ * \brief Platform-specific and custom entropy polling functions */ /* - * Copyright (C) 2006-2016, ARM Limited, All Rights Reserved + * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later * * This file is provided under the Apache License 2.0, or the @@ -45,8 +45,6 @@ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * * ********** - * - * This file is part of mbed TLS (https://tls.mbed.org) */ #ifndef MBEDTLS_ENTROPY_POLL_H #define MBEDTLS_ENTROPY_POLL_H diff --git a/sdk/include/reactos/libs/mbedtls/error.h b/sdk/include/reactos/libs/mbedtls/error.h index 2c55bccf7c4..1035454328f 100644 --- a/sdk/include/reactos/libs/mbedtls/error.h +++ b/sdk/include/reactos/libs/mbedtls/error.h @@ -4,7 +4,7 @@ * \brief Error to string translation */ /* - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later * * This file is provided under the Apache License 2.0, or the @@ -45,8 +45,6 @@ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * * ********** - * - * This file is part of mbed TLS (https://tls.mbed.org) */ #ifndef MBEDTLS_ERROR_H #define MBEDTLS_ERROR_H diff --git a/sdk/include/reactos/libs/mbedtls/gcm.h b/sdk/include/reactos/libs/mbedtls/gcm.h index 5b96ca2c5c8..2a49a87f72d 100644 --- a/sdk/include/reactos/libs/mbedtls/gcm.h +++ b/sdk/include/reactos/libs/mbedtls/gcm.h @@ -10,7 +10,7 @@ * */ /* - * Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved + * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later * * This file is provided under the Apache License 2.0, or the @@ -51,8 +51,6 @@ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * * ********** - * - * This file is part of Mbed TLS (https://tls.mbed.org) */ #ifndef MBEDTLS_GCM_H diff --git a/sdk/include/reactos/libs/mbedtls/havege.h b/sdk/include/reactos/libs/mbedtls/havege.h index 82bba6d61b3..781a6094eee 100644 --- a/sdk/include/reactos/libs/mbedtls/havege.h +++ b/sdk/include/reactos/libs/mbedtls/havege.h @@ -4,7 +4,7 @@ * \brief HAVEGE: HArdware Volatile Entropy Gathering and Expansion */ /* - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later * * This file is provided under the Apache License 2.0, or the @@ -45,8 +45,6 @@ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * * ********** - * - * This file is part of mbed TLS (https://tls.mbed.org) */ #ifndef MBEDTLS_HAVEGE_H #define MBEDTLS_HAVEGE_H diff --git a/sdk/include/reactos/libs/mbedtls/hmac_drbg.h b/sdk/include/reactos/libs/mbedtls/hmac_drbg.h index e5ab7cd12b0..289cf488973 100644 --- a/sdk/include/reactos/libs/mbedtls/hmac_drbg.h +++ b/sdk/include/reactos/libs/mbedtls/hmac_drbg.h @@ -8,7 +8,7 @@ * Deterministic Random Bit Generators. */ /* - * Copyright (C) 2006-2019, ARM Limited, All Rights Reserved + * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later * * This file is provided under the Apache License 2.0, or the @@ -49,8 +49,6 @@ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * * ********** - * - * This file is part of mbed TLS (https://tls.mbed.org) */ #ifndef MBEDTLS_HMAC_DRBG_H #define MBEDTLS_HMAC_DRBG_H diff --git a/sdk/include/reactos/libs/mbedtls/md.h b/sdk/include/reactos/libs/mbedtls/md.h index f424903cb1f..2903e4352d1 100644 --- a/sdk/include/reactos/libs/mbedtls/md.h +++ b/sdk/include/reactos/libs/mbedtls/md.h @@ -6,7 +6,7 @@ * \author Adriaan de Jong */ /* - * Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved + * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later * * This file is provided under the Apache License 2.0, or the @@ -47,8 +47,6 @@ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * * ********** - * - * This file is part of Mbed TLS (https://tls.mbed.org) */ #ifndef MBEDTLS_MD_H diff --git a/sdk/include/reactos/libs/mbedtls/md2.h b/sdk/include/reactos/libs/mbedtls/md2.h index 1e4f2553bbe..795db37dbf5 100644 --- a/sdk/include/reactos/libs/mbedtls/md2.h +++ b/sdk/include/reactos/libs/mbedtls/md2.h @@ -8,7 +8,7 @@ * instead. */ /* - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later * * This file is provided under the Apache License 2.0, or the @@ -50,8 +50,6 @@ * * ********** * - * This file is part of mbed TLS (https://tls.mbed.org) - * */ #ifndef MBEDTLS_MD2_H #define MBEDTLS_MD2_H diff --git a/sdk/include/reactos/libs/mbedtls/md4.h b/sdk/include/reactos/libs/mbedtls/md4.h index 3c85af249e7..e091fd91b1d 100644 --- a/sdk/include/reactos/libs/mbedtls/md4.h +++ b/sdk/include/reactos/libs/mbedtls/md4.h @@ -8,7 +8,7 @@ * instead. */ /* - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later * * This file is provided under the Apache License 2.0, or the @@ -50,8 +50,6 @@ * * ********** * - * This file is part of mbed TLS (https://tls.mbed.org) - * */ #ifndef MBEDTLS_MD4_H #define MBEDTLS_MD4_H diff --git a/sdk/include/reactos/libs/mbedtls/md5.h b/sdk/include/reactos/libs/mbedtls/md5.h index eb5d499ad7e..e24c87de540 100644 --- a/sdk/include/reactos/libs/mbedtls/md5.h +++ b/sdk/include/reactos/libs/mbedtls/md5.h @@ -8,7 +8,7 @@ * digests instead. */ /* - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later * * This file is provided under the Apache License 2.0, or the @@ -49,8 +49,6 @@ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * * ********** - * - * This file is part of mbed TLS (https://tls.mbed.org) */ #ifndef MBEDTLS_MD5_H #define MBEDTLS_MD5_H diff --git a/sdk/include/reactos/libs/mbedtls/md_internal.h b/sdk/include/reactos/libs/mbedtls/md_internal.h index 154b8bbc270..847f50aa0a8 100644 --- a/sdk/include/reactos/libs/mbedtls/md_internal.h +++ b/sdk/include/reactos/libs/mbedtls/md_internal.h @@ -8,7 +8,7 @@ * \author Adriaan de Jong */ /* - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later * * This file is provided under the Apache License 2.0, or the @@ -49,8 +49,6 @@ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * * ********** - * - * This file is part of mbed TLS (https://tls.mbed.org) */ #ifndef MBEDTLS_MD_WRAP_H #define MBEDTLS_MD_WRAP_H diff --git a/sdk/include/reactos/libs/mbedtls/memory_buffer_alloc.h b/sdk/include/reactos/libs/mbedtls/memory_buffer_alloc.h index c1e0926b13f..89c06174957 100644 --- a/sdk/include/reactos/libs/mbedtls/memory_buffer_alloc.h +++ b/sdk/include/reactos/libs/mbedtls/memory_buffer_alloc.h @@ -4,7 +4,7 @@ * \brief Buffer-based memory allocator */ /* - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later * * This file is provided under the Apache License 2.0, or the @@ -45,8 +45,6 @@ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * * ********** - * - * This file is part of mbed TLS (https://tls.mbed.org) */ #ifndef MBEDTLS_MEMORY_BUFFER_ALLOC_H #define MBEDTLS_MEMORY_BUFFER_ALLOC_H diff --git a/sdk/include/reactos/libs/mbedtls/net.h b/sdk/include/reactos/libs/mbedtls/net.h index bba4a359406..6c7a49d3bdf 100644 --- a/sdk/include/reactos/libs/mbedtls/net.h +++ b/sdk/include/reactos/libs/mbedtls/net.h @@ -6,7 +6,7 @@ * \deprecated Superseded by mbedtls/net_sockets.h */ /* - * Copyright (C) 2006-2016, ARM Limited, All Rights Reserved + * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later * * This file is provided under the Apache License 2.0, or the @@ -47,8 +47,6 @@ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * * ********** - * - * This file is part of mbed TLS (https://tls.mbed.org) */ #if !defined(MBEDTLS_CONFIG_FILE) #include "config.h" diff --git a/sdk/include/reactos/libs/mbedtls/net_sockets.h b/sdk/include/reactos/libs/mbedtls/net_sockets.h index d1f9c9a06d3..0d61547d09f 100644 --- a/sdk/include/reactos/libs/mbedtls/net_sockets.h +++ b/sdk/include/reactos/libs/mbedtls/net_sockets.h @@ -4,7 +4,7 @@ * \brief Network communication functions */ /* - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later * * This file is provided under the Apache License 2.0, or the @@ -45,8 +45,6 @@ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * * ********** - * - * This file is part of mbed TLS (https://tls.mbed.org) */ #ifndef MBEDTLS_NET_SOCKETS_H #define MBEDTLS_NET_SOCKETS_H diff --git a/sdk/include/reactos/libs/mbedtls/oid.h b/sdk/include/reactos/libs/mbedtls/oid.h index 9d5cbfbb8a7..40b4bc4ff15 100644 --- a/sdk/include/reactos/libs/mbedtls/oid.h +++ b/sdk/include/reactos/libs/mbedtls/oid.h @@ -4,7 +4,7 @@ * \brief Object Identifier (OID) database */ /* - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later * * This file is provided under the Apache License 2.0, or the @@ -45,8 +45,6 @@ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * * ********** - * - * This file is part of mbed TLS (https://tls.mbed.org) */ #ifndef MBEDTLS_OID_H #define MBEDTLS_OID_H diff --git a/sdk/include/reactos/libs/mbedtls/padlock.h b/sdk/include/reactos/libs/mbedtls/padlock.h index 85868d9fe1d..91ad2a6ca6f 100644 --- a/sdk/include/reactos/libs/mbedtls/padlock.h +++ b/sdk/include/reactos/libs/mbedtls/padlock.h @@ -5,7 +5,7 @@ * processors */ /* - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later * * This file is provided under the Apache License 2.0, or the @@ -46,8 +46,6 @@ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * * ********** - * - * This file is part of mbed TLS (https://tls.mbed.org) */ #ifndef MBEDTLS_PADLOCK_H #define MBEDTLS_PADLOCK_H diff --git a/sdk/include/reactos/libs/mbedtls/pem.h b/sdk/include/reactos/libs/mbedtls/pem.h index 7239363f3a9..dfcc51872da 100644 --- a/sdk/include/reactos/libs/mbedtls/pem.h +++ b/sdk/include/reactos/libs/mbedtls/pem.h @@ -4,7 +4,7 @@ * \brief Privacy Enhanced Mail (PEM) decoding */ /* - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later * * This file is provided under the Apache License 2.0, or the @@ -45,8 +45,6 @@ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * * ********** - * - * This file is part of mbed TLS (https://tls.mbed.org) */ #ifndef MBEDTLS_PEM_H #define MBEDTLS_PEM_H diff --git a/sdk/include/reactos/libs/mbedtls/pk.h b/sdk/include/reactos/libs/mbedtls/pk.h index e80cb81e1cc..c636c3d53e6 100644 --- a/sdk/include/reactos/libs/mbedtls/pk.h +++ b/sdk/include/reactos/libs/mbedtls/pk.h @@ -4,7 +4,7 @@ * \brief Public Key abstraction layer */ /* - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later * * This file is provided under the Apache License 2.0, or the @@ -45,8 +45,6 @@ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * * ********** - * - * This file is part of mbed TLS (https://tls.mbed.org) */ #ifndef MBEDTLS_PK_H diff --git a/sdk/include/reactos/libs/mbedtls/pk_internal.h b/sdk/include/reactos/libs/mbedtls/pk_internal.h index 7c8d914999a..038acf9acb0 100644 --- a/sdk/include/reactos/libs/mbedtls/pk_internal.h +++ b/sdk/include/reactos/libs/mbedtls/pk_internal.h @@ -4,7 +4,7 @@ * \brief Public Key abstraction layer: wrapper functions */ /* - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later * * This file is provided under the Apache License 2.0, or the @@ -45,8 +45,6 @@ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * * ********** - * - * This file is part of mbed TLS (https://tls.mbed.org) */ #ifndef MBEDTLS_PK_WRAP_H diff --git a/sdk/include/reactos/libs/mbedtls/pkcs11.h b/sdk/include/reactos/libs/mbedtls/pkcs11.h index 9a23019bab4..c620722e383 100644 --- a/sdk/include/reactos/libs/mbedtls/pkcs11.h +++ b/sdk/include/reactos/libs/mbedtls/pkcs11.h @@ -6,7 +6,7 @@ * \author Adriaan de Jong */ /* - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later * * This file is provided under the Apache License 2.0, or the @@ -47,8 +47,6 @@ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * * ********** - * - * This file is part of mbed TLS (https://tls.mbed.org) */ #ifndef MBEDTLS_PKCS11_H #define MBEDTLS_PKCS11_H diff --git a/sdk/include/reactos/libs/mbedtls/pkcs12.h b/sdk/include/reactos/libs/mbedtls/pkcs12.h index c418e8f243d..9cbcb173055 100644 --- a/sdk/include/reactos/libs/mbedtls/pkcs12.h +++ b/sdk/include/reactos/libs/mbedtls/pkcs12.h @@ -4,7 +4,7 @@ * \brief PKCS#12 Personal Information Exchange Syntax */ /* - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later * * This file is provided under the Apache License 2.0, or the @@ -45,8 +45,6 @@ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * * ********** - * - * This file is part of mbed TLS (https://tls.mbed.org) */ #ifndef MBEDTLS_PKCS12_H #define MBEDTLS_PKCS12_H diff --git a/sdk/include/reactos/libs/mbedtls/pkcs5.h b/sdk/include/reactos/libs/mbedtls/pkcs5.h index 362a66782fa..759d1722b0b 100644 --- a/sdk/include/reactos/libs/mbedtls/pkcs5.h +++ b/sdk/include/reactos/libs/mbedtls/pkcs5.h @@ -6,7 +6,7 @@ * \author Mathias Olsson */ /* - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later * * This file is provided under the Apache License 2.0, or the @@ -47,8 +47,6 @@ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * * ********** - * - * This file is part of mbed TLS (https://tls.mbed.org) */ #ifndef MBEDTLS_PKCS5_H #define MBEDTLS_PKCS5_H diff --git a/sdk/include/reactos/libs/mbedtls/platform.h b/sdk/include/reactos/libs/mbedtls/platform.h index e68ebc3c7e2..4eaad53c469 100644 --- a/sdk/include/reactos/libs/mbedtls/platform.h +++ b/sdk/include/reactos/libs/mbedtls/platform.h @@ -4,7 +4,7 @@ * \brief The Mbed TLS platform abstraction layer. */ /* - * Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved + * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later * * This file is provided under the Apache License 2.0, or the @@ -45,8 +45,6 @@ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * * ********** - * - * This file is part of Mbed TLS (https://tls.mbed.org) */ #ifndef MBEDTLS_PLATFORM_H #define MBEDTLS_PLATFORM_H diff --git a/sdk/include/reactos/libs/mbedtls/platform_time.h b/sdk/include/reactos/libs/mbedtls/platform_time.h index a45870c3a65..e132f6a688c 100644 --- a/sdk/include/reactos/libs/mbedtls/platform_time.h +++ b/sdk/include/reactos/libs/mbedtls/platform_time.h @@ -4,7 +4,7 @@ * \brief mbed TLS Platform time abstraction */ /* - * Copyright (C) 2006-2016, ARM Limited, All Rights Reserved + * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later * * This file is provided under the Apache License 2.0, or the @@ -45,8 +45,6 @@ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * * ********** - * - * This file is part of mbed TLS (https://tls.mbed.org) */ #ifndef MBEDTLS_PLATFORM_TIME_H #define MBEDTLS_PLATFORM_TIME_H diff --git a/sdk/include/reactos/libs/mbedtls/ripemd160.h b/sdk/include/reactos/libs/mbedtls/ripemd160.h index 6a8cf295c39..e954c65bf63 100644 --- a/sdk/include/reactos/libs/mbedtls/ripemd160.h +++ b/sdk/include/reactos/libs/mbedtls/ripemd160.h @@ -4,7 +4,7 @@ * \brief RIPE MD-160 message digest */ /* - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later * * This file is provided under the Apache License 2.0, or the @@ -45,8 +45,6 @@ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * * ********** - * - * This file is part of mbed TLS (https://tls.mbed.org) */ #ifndef MBEDTLS_RIPEMD160_H #define MBEDTLS_RIPEMD160_H diff --git a/sdk/include/reactos/libs/mbedtls/rsa.h b/sdk/include/reactos/libs/mbedtls/rsa.h index 752e047cd8a..7b508c5dcaa 100644 --- a/sdk/include/reactos/libs/mbedtls/rsa.h +++ b/sdk/include/reactos/libs/mbedtls/rsa.h @@ -9,7 +9,7 @@ * */ /* - * Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved + * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later * * This file is provided under the Apache License 2.0, or the @@ -50,8 +50,6 @@ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * * ********** - * - * This file is part of Mbed TLS (https://tls.mbed.org) */ #ifndef MBEDTLS_RSA_H #define MBEDTLS_RSA_H diff --git a/sdk/include/reactos/libs/mbedtls/rsa_internal.h b/sdk/include/reactos/libs/mbedtls/rsa_internal.h index 2464e6b082b..953cb7b81d7 100644 --- a/sdk/include/reactos/libs/mbedtls/rsa_internal.h +++ b/sdk/include/reactos/libs/mbedtls/rsa_internal.h @@ -35,7 +35,7 @@ * */ /* - * Copyright (C) 2006-2017, ARM Limited, All Rights Reserved + * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later * * This file is provided under the Apache License 2.0, or the @@ -77,8 +77,6 @@ * * ********** * - * This file is part of mbed TLS (https://tls.mbed.org) - * */ #ifndef MBEDTLS_RSA_INTERNAL_H diff --git a/sdk/include/reactos/libs/mbedtls/sha1.h b/sdk/include/reactos/libs/mbedtls/sha1.h index 01c02a31035..4ae8ad60770 100644 --- a/sdk/include/reactos/libs/mbedtls/sha1.h +++ b/sdk/include/reactos/libs/mbedtls/sha1.h @@ -8,7 +8,7 @@ * digests instead. */ /* - * Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved + * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later * * This file is provided under the Apache License 2.0, or the @@ -49,8 +49,6 @@ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * * ********** - * - * This file is part of Mbed TLS (https://tls.mbed.org) */ #ifndef MBEDTLS_SHA1_H #define MBEDTLS_SHA1_H diff --git a/sdk/include/reactos/libs/mbedtls/sha256.h b/sdk/include/reactos/libs/mbedtls/sha256.h index e7cb439a280..9bcf28cbfac 100644 --- a/sdk/include/reactos/libs/mbedtls/sha256.h +++ b/sdk/include/reactos/libs/mbedtls/sha256.h @@ -4,7 +4,7 @@ * \brief The SHA-224 and SHA-256 cryptographic hash function. */ /* - * Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved + * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later * * This file is provided under the Apache License 2.0, or the @@ -45,8 +45,6 @@ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * * ********** - * - * This file is part of Mbed TLS (https://tls.mbed.org) */ #ifndef MBEDTLS_SHA256_H #define MBEDTLS_SHA256_H diff --git a/sdk/include/reactos/libs/mbedtls/sha512.h b/sdk/include/reactos/libs/mbedtls/sha512.h index 3518f98018e..33c32ce8e02 100644 --- a/sdk/include/reactos/libs/mbedtls/sha512.h +++ b/sdk/include/reactos/libs/mbedtls/sha512.h @@ -4,7 +4,7 @@ * \brief The SHA-384 and SHA-512 cryptographic hash function. */ /* - * Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved + * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later * * This file is provided under the Apache License 2.0, or the @@ -45,8 +45,6 @@ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * * ********** - * - * This file is part of Mbed TLS (https://tls.mbed.org) */ #ifndef MBEDTLS_SHA512_H #define MBEDTLS_SHA512_H diff --git a/sdk/include/reactos/libs/mbedtls/ssl.h b/sdk/include/reactos/libs/mbedtls/ssl.h index 3d133ab8db5..c5324419bd4 100644 --- a/sdk/include/reactos/libs/mbedtls/ssl.h +++ b/sdk/include/reactos/libs/mbedtls/ssl.h @@ -4,7 +4,7 @@ * \brief SSL/TLS functions. */ /* - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later * * This file is provided under the Apache License 2.0, or the @@ -45,8 +45,6 @@ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * * ********** - * - * This file is part of mbed TLS (https://tls.mbed.org) */ #ifndef MBEDTLS_SSL_H #define MBEDTLS_SSL_H diff --git a/sdk/include/reactos/libs/mbedtls/ssl_cache.h b/sdk/include/reactos/libs/mbedtls/ssl_cache.h index e987c29e110..612d81776ef 100644 --- a/sdk/include/reactos/libs/mbedtls/ssl_cache.h +++ b/sdk/include/reactos/libs/mbedtls/ssl_cache.h @@ -4,7 +4,7 @@ * \brief SSL session cache implementation */ /* - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later * * This file is provided under the Apache License 2.0, or the @@ -45,8 +45,6 @@ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * * ********** - * - * This file is part of mbed TLS (https://tls.mbed.org) */ #ifndef MBEDTLS_SSL_CACHE_H #define MBEDTLS_SSL_CACHE_H diff --git a/sdk/include/reactos/libs/mbedtls/ssl_ciphersuites.h b/sdk/include/reactos/libs/mbedtls/ssl_ciphersuites.h index 3243778a83d..fcfbca83670 100644 --- a/sdk/include/reactos/libs/mbedtls/ssl_ciphersuites.h +++ b/sdk/include/reactos/libs/mbedtls/ssl_ciphersuites.h @@ -4,7 +4,7 @@ * \brief SSL Ciphersuites for mbed TLS */ /* - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later * * This file is provided under the Apache License 2.0, or the @@ -45,8 +45,6 @@ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * * ********** - * - * This file is part of mbed TLS (https://tls.mbed.org) */ #ifndef MBEDTLS_SSL_CIPHERSUITES_H #define MBEDTLS_SSL_CIPHERSUITES_H diff --git a/sdk/include/reactos/libs/mbedtls/ssl_cookie.h b/sdk/include/reactos/libs/mbedtls/ssl_cookie.h index a69854c1722..cd526f6d006 100644 --- a/sdk/include/reactos/libs/mbedtls/ssl_cookie.h +++ b/sdk/include/reactos/libs/mbedtls/ssl_cookie.h @@ -4,7 +4,7 @@ * \brief DTLS cookie callbacks implementation */ /* - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later * * This file is provided under the Apache License 2.0, or the @@ -45,8 +45,6 @@ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * * ********** - * - * This file is part of mbed TLS (https://tls.mbed.org) */ #ifndef MBEDTLS_SSL_COOKIE_H #define MBEDTLS_SSL_COOKIE_H diff --git a/sdk/include/reactos/libs/mbedtls/ssl_internal.h b/sdk/include/reactos/libs/mbedtls/ssl_internal.h index 4aa746373ca..6a04c8d05d4 100644 --- a/sdk/include/reactos/libs/mbedtls/ssl_internal.h +++ b/sdk/include/reactos/libs/mbedtls/ssl_internal.h @@ -4,7 +4,7 @@ * \brief Internal functions shared by the SSL modules */ /* - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later * * This file is provided under the Apache License 2.0, or the @@ -45,8 +45,6 @@ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * * ********** - * - * This file is part of mbed TLS (https://tls.mbed.org) */ #ifndef MBEDTLS_SSL_INTERNAL_H #define MBEDTLS_SSL_INTERNAL_H @@ -144,6 +142,23 @@ #define MBEDTLS_SSL_RETRANS_WAITING 2 #define MBEDTLS_SSL_RETRANS_FINISHED 3 +/* This macro determines whether CBC is supported. */ +#if defined(MBEDTLS_CIPHER_MODE_CBC) && \ + ( defined(MBEDTLS_AES_C) || \ + defined(MBEDTLS_CAMELLIA_C) || \ + defined(MBEDTLS_DES_C) ) +#define MBEDTLS_SSL_SOME_SUITES_USE_CBC +#endif + +/* This macro determines whether the CBC construct used in TLS 1.0-1.2 (as + * opposed to the very different CBC construct used in SSLv3) is supported. */ +#if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC) && \ + ( defined(MBEDTLS_SSL_PROTO_TLS1) || \ + defined(MBEDTLS_SSL_PROTO_TLS1_1) || \ + defined(MBEDTLS_SSL_PROTO_TLS1_2) ) +#define MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC +#endif + /* * Allow extra bytes for record, authentication and encryption overhead: * counter (8) + header (5) + IV(16) + MAC (16-48) + padding (0-256) @@ -732,6 +747,73 @@ int mbedtls_ssl_get_key_exchange_md_tls1_2( mbedtls_ssl_context *ssl, #endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 || \ MBEDTLS_SSL_PROTO_TLS1_2 */ +#if defined(MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC) +/** \brief Compute the HMAC of variable-length data with constant flow. + * + * This function computes the HMAC of the concatenation of \p add_data and \p + * data, and does with a code flow and memory access pattern that does not + * depend on \p data_len_secret, but only on \p min_data_len and \p + * max_data_len. In particular, this function always reads exactly \p + * max_data_len bytes from \p data. + * + * \param ctx The HMAC context. It must have keys configured + * with mbedtls_md_hmac_starts() and use one of the + * following hashes: SHA-384, SHA-256, SHA-1 or MD-5. + * It is reset using mbedtls_md_hmac_reset() after + * the computation is complete to prepare for the + * next computation. + * \param add_data The additional data prepended to \p data. This + * must point to a readable buffer of \p add_data_len + * bytes. + * \param add_data_len The length of \p add_data in bytes. + * \param data The data appended to \p add_data. This must point + * to a readable buffer of \p max_data_len bytes. + * \param data_len_secret The length of the data to process in \p data. + * This must be no less than \p min_data_len and no + * greater than \p max_data_len. + * \param min_data_len The minimal length of \p data in bytes. + * \param max_data_len The maximal length of \p data in bytes. + * \param output The HMAC will be written here. This must point to + * a writable buffer of sufficient size to hold the + * HMAC value. + * + * \retval 0 + * Success. + * \retval non-zero + * Failure. + */ +int mbedtls_ssl_cf_hmac( + mbedtls_md_context_t *ctx, + const unsigned char *add_data, size_t add_data_len, + const unsigned char *data, size_t data_len_secret, + size_t min_data_len, size_t max_data_len, + unsigned char *output ); + +/** \brief Copy data from a secret position with constant flow. + * + * This function copies \p len bytes from \p src_base + \p offset_secret to \p + * dst, with a code flow and memory access pattern that does not depend on \p + * offset_secret, but only on \p offset_min, \p offset_max and \p len. + * + * \param dst The destination buffer. This must point to a writable + * buffer of at least \p len bytes. + * \param src_base The base of the source buffer. This must point to a + * readable buffer of at least \p offset_max + \p len + * bytes. + * \param offset_secret The offset in the source buffer from which to copy. + * This must be no less than \p offset_min and no greater + * than \p offset_max. + * \param offset_min The minimal value of \p offset_secret. + * \param offset_max The maximal value of \p offset_secret. + * \param len The number of bytes to copy. + */ +void mbedtls_ssl_cf_memcpy_offset( unsigned char *dst, + const unsigned char *src_base, + size_t offset_secret, + size_t offset_min, size_t offset_max, + size_t len ); +#endif /* MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC */ + #ifdef __cplusplus } #endif diff --git a/sdk/include/reactos/libs/mbedtls/ssl_ticket.h b/sdk/include/reactos/libs/mbedtls/ssl_ticket.h index 5ee38017f3e..53c39c5f5dc 100644 --- a/sdk/include/reactos/libs/mbedtls/ssl_ticket.h +++ b/sdk/include/reactos/libs/mbedtls/ssl_ticket.h @@ -4,7 +4,7 @@ * \brief TLS server ticket callbacks implementation */ /* - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later * * This file is provided under the Apache License 2.0, or the @@ -45,8 +45,6 @@ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * * ********** - * - * This file is part of mbed TLS (https://tls.mbed.org) */ #ifndef MBEDTLS_SSL_TICKET_H #define MBEDTLS_SSL_TICKET_H diff --git a/sdk/include/reactos/libs/mbedtls/threading.h b/sdk/include/reactos/libs/mbedtls/threading.h index 2c8df8827b4..a5d0a34a66f 100644 --- a/sdk/include/reactos/libs/mbedtls/threading.h +++ b/sdk/include/reactos/libs/mbedtls/threading.h @@ -4,7 +4,7 @@ * \brief Threading abstraction layer */ /* - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later * * This file is provided under the Apache License 2.0, or the @@ -45,8 +45,6 @@ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * * ********** - * - * This file is part of mbed TLS (https://tls.mbed.org) */ #ifndef MBEDTLS_THREADING_H #define MBEDTLS_THREADING_H diff --git a/sdk/include/reactos/libs/mbedtls/timing.h b/sdk/include/reactos/libs/mbedtls/timing.h index 9bb1f42fb00..564e76b8c38 100644 --- a/sdk/include/reactos/libs/mbedtls/timing.h +++ b/sdk/include/reactos/libs/mbedtls/timing.h @@ -4,7 +4,7 @@ * \brief Portable interface to timeouts and to the CPU cycle counter */ /* - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later * * This file is provided under the Apache License 2.0, or the @@ -45,8 +45,6 @@ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * * ********** - * - * This file is part of mbed TLS (https://tls.mbed.org) */ #ifndef MBEDTLS_TIMING_H #define MBEDTLS_TIMING_H diff --git a/sdk/include/reactos/libs/mbedtls/version.h b/sdk/include/reactos/libs/mbedtls/version.h index 289ec75efc2..547cd4cf7b2 100644 --- a/sdk/include/reactos/libs/mbedtls/version.h +++ b/sdk/include/reactos/libs/mbedtls/version.h @@ -4,7 +4,7 @@ * \brief Run-time version information */ /* - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later * * This file is provided under the Apache License 2.0, or the @@ -45,8 +45,6 @@ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * * ********** - * - * This file is part of mbed TLS (https://tls.mbed.org) */ /* * This set of compile-time defines and run-time variables can be used to @@ -67,16 +65,16 @@ */ #define MBEDTLS_VERSION_MAJOR 2 #define MBEDTLS_VERSION_MINOR 7 -#define MBEDTLS_VERSION_PATCH 16 +#define MBEDTLS_VERSION_PATCH 17 /** * The single version number has the following structure: * MMNNPP00 * Major version | Minor version | Patch version */ -#define MBEDTLS_VERSION_NUMBER 0x02071000 -#define MBEDTLS_VERSION_STRING "2.7.16" -#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 2.7.16" +#define MBEDTLS_VERSION_NUMBER 0x02071100 +#define MBEDTLS_VERSION_STRING "2.7.17" +#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 2.7.17" #if defined(MBEDTLS_VERSION_C) diff --git a/sdk/include/reactos/libs/mbedtls/x509.h b/sdk/include/reactos/libs/mbedtls/x509.h index 0e07b6d248f..e8b98a1e157 100644 --- a/sdk/include/reactos/libs/mbedtls/x509.h +++ b/sdk/include/reactos/libs/mbedtls/x509.h @@ -4,7 +4,7 @@ * \brief X.509 generic defines and structures */ /* - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later * * This file is provided under the Apache License 2.0, or the @@ -45,8 +45,6 @@ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * * ********** - * - * This file is part of mbed TLS (https://tls.mbed.org) */ #ifndef MBEDTLS_X509_H #define MBEDTLS_X509_H diff --git a/sdk/include/reactos/libs/mbedtls/x509_crl.h b/sdk/include/reactos/libs/mbedtls/x509_crl.h index 0e37f65e8f0..2ade47c89db 100644 --- a/sdk/include/reactos/libs/mbedtls/x509_crl.h +++ b/sdk/include/reactos/libs/mbedtls/x509_crl.h @@ -4,7 +4,7 @@ * \brief X.509 certificate revocation list parsing */ /* - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later * * This file is provided under the Apache License 2.0, or the @@ -45,8 +45,6 @@ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * * ********** - * - * This file is part of mbed TLS (https://tls.mbed.org) */ #ifndef MBEDTLS_X509_CRL_H #define MBEDTLS_X509_CRL_H diff --git a/sdk/include/reactos/libs/mbedtls/x509_crt.h b/sdk/include/reactos/libs/mbedtls/x509_crt.h index 216481d5a18..af2a3b42760 100644 --- a/sdk/include/reactos/libs/mbedtls/x509_crt.h +++ b/sdk/include/reactos/libs/mbedtls/x509_crt.h @@ -4,7 +4,7 @@ * \brief X.509 certificate parsing and writing */ /* - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later * * This file is provided under the Apache License 2.0, or the @@ -45,8 +45,6 @@ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * * ********** - * - * This file is part of mbed TLS (https://tls.mbed.org) */ #ifndef MBEDTLS_X509_CRT_H #define MBEDTLS_X509_CRT_H diff --git a/sdk/include/reactos/libs/mbedtls/x509_csr.h b/sdk/include/reactos/libs/mbedtls/x509_csr.h index 8ba2cda0dc5..5dfb4213e8d 100644 --- a/sdk/include/reactos/libs/mbedtls/x509_csr.h +++ b/sdk/include/reactos/libs/mbedtls/x509_csr.h @@ -4,7 +4,7 @@ * \brief X.509 certificate signing request parsing and writing */ /* - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later * * This file is provided under the Apache License 2.0, or the @@ -45,8 +45,6 @@ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * * ********** - * - * This file is part of mbed TLS (https://tls.mbed.org) */ #ifndef MBEDTLS_X509_CSR_H #define MBEDTLS_X509_CSR_H diff --git a/sdk/include/reactos/libs/mbedtls/xtea.h b/sdk/include/reactos/libs/mbedtls/xtea.h index 5df5585962b..c0259b8c556 100644 --- a/sdk/include/reactos/libs/mbedtls/xtea.h +++ b/sdk/include/reactos/libs/mbedtls/xtea.h @@ -4,7 +4,7 @@ * \brief XTEA block cipher (32-bit) */ /* - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later * * This file is provided under the Apache License 2.0, or the @@ -45,8 +45,6 @@ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * * ********** - * - * This file is part of mbed TLS (https://tls.mbed.org) */ #ifndef MBEDTLS_XTEA_H #define MBEDTLS_XTEA_H