yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2025-06-19 17:17:52 +00:00
Code Issues Packages Projects Releases Wiki Activity

Use function for 16/24/32-bit BE conversion

Browse source 
Use functions for 16/24/32-bit big endian conversion to save ROM.
This commit is contained in:
Arto Kinnunen 2019-09-04 14:04:57 +03:00
parent 505be8be4d
commit 0b62ce8ed4
8 changed files with 276 additions and 323 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

78
include/mbedtls/platform_util.h
View file

@ -189,6 +189,84 @@ struct tm *mbedtls_platform_gmtime_r( const mbedtls_time_t *tt,
struct tm *tm_buf ); struct tm *tm_buf );
#endif /* MBEDTLS_HAVE_TIME_DATE */ #endif /* MBEDTLS_HAVE_TIME_DATE */
/**
* \brief Convert 32-bit number to big endian format.
*
* This function converts 32-bit number to big endian format and
* writes it to given buffer.
*
* \param buf Address where converted number is written.
* \param num Number that needs to be converted to big endian.
*
* \return Address to end of buffer where number is written.
*/
unsigned char * mbedtls_platform_put_uint32_be( unsigned char *buf,
unsigned long num );
/**
* \brief Convert 24-bit number to big endian format.
*
* This function converts 24-bit number to big endian format and
* writes it to given buffer.
*
* \param buf Address where converted number is written.
* \param num Number that needs to be converted to big endian.
*
* \return Address to end of buffer where number is written.
*/
unsigned char * mbedtls_platform_put_uint24_be( unsigned char *buf,
unsigned long num );
/**
* \brief Convert 16-bit number to big endian format.
*
* This function converts 16-bit number to big endian format and
* writes it to given buffer.
*
* \param buf Address where converted number is written.
* \param num Number that needs to be converted to big endian.
*
* \return Address to end of buffer where number is written.
*/
unsigned char * mbedtls_platform_put_uint16_be( unsigned char *buf,
unsigned long num );
/**
* \brief Convert 32-bit number from big endian format.
*
* The function reads 32-bit number form Big Endian format and
* returns it to the caller.
*
* \param buf Buffer where 32-bit number locates.
*
* \return Converted number.
*/
unsigned int mbedtls_platform_get_uint32_be( const unsigned char *buf );
/**
* \brief Convert 24-bit number from big endian format.
*
* The function reads 24-bit number form Big Endian format and
* returns it to the caller.
*
* \param buf Buffer where 24-bit number locates.
*
* \return Converted number.
*/
unsigned int mbedtls_platform_get_uint24_be( const unsigned char *buf );
/**
* \brief Convert 16-bit number from big endian format.
*
* The function reads 16-bit number form Big Endian format and
* returns it to the caller.
*
* \param buf Buffer where 16-bit number locates.
*
* \return Converted number.
*/
unsigned short mbedtls_platform_get_uint16_be( const unsigned char *b );
#ifdef __cplusplus #ifdef __cplusplus
} }
#endif #endif

51
library/platform_util.c
View file

@ -134,3 +134,54 @@ struct tm *mbedtls_platform_gmtime_r( const mbedtls_time_t *tt,
#endif /* _WIN32 && !EFIX64 && !EFI32 */ #endif /* _WIN32 && !EFIX64 && !EFI32 */
} }
#endif /* MBEDTLS_HAVE_TIME_DATE && MBEDTLS_PLATFORM_GMTIME_R_ALT */ #endif /* MBEDTLS_HAVE_TIME_DATE && MBEDTLS_PLATFORM_GMTIME_R_ALT */
unsigned char * mbedtls_platform_put_uint32_be( unsigned char *buf,
unsigned long num)
{
*buf++ = (unsigned char) ( num >> 24 );
*buf++ = (unsigned char) ( num >> 16 );
*buf++ = (unsigned char) ( num >> 8 );
*buf++ = (unsigned char) ( num );
return buf;
}
unsigned char * mbedtls_platform_put_uint24_be( unsigned char *buf,
unsigned long num )
{
*buf++ = (unsigned char) ( num >> 16 );
*buf++ = (unsigned char) ( num >> 8 );
*buf++ = (unsigned char) ( num );
return buf;
}
unsigned char * mbedtls_platform_put_uint16_be( unsigned char *buf,
unsigned long num )
{
*buf++ = (unsigned char) ( num >> 8 );
*buf++ = (unsigned char) ( num );
return buf;
}
unsigned int mbedtls_platform_get_uint32_be( const unsigned char *buf )
{
return ( ( (unsigned int) buf[0] << 24 ) |
( (unsigned int) buf[1] << 16 ) |
( (unsigned int) buf[2] << 8 ) |
( (unsigned int) buf[3] ) );
}
unsigned int mbedtls_platform_get_uint24_be( const unsigned char *buf )
{
return ( ( buf[0] << 16 ) |
( buf[1] << 8) |
( buf[2] ) );
}
unsigned short mbedtls_platform_get_uint16_be( const unsigned char *buf )
{
return ( ( buf[0] << 8 ) |
( buf[1] ) );
}

50
library/sha256.c
View file

@ -49,40 +49,12 @@
#endif /* MBEDTLS_PLATFORM_C */ #endif /* MBEDTLS_PLATFORM_C */
#endif /* MBEDTLS_SELF_TEST */ #endif /* MBEDTLS_SELF_TEST */
#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
!defined(inline) && !defined(__cplusplus)
#define inline __inline
#endif
#define SHA256_VALIDATE_RET(cond) \ #define SHA256_VALIDATE_RET(cond) \
MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_SHA256_BAD_INPUT_DATA ) MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_SHA256_BAD_INPUT_DATA )
#define SHA256_VALIDATE(cond) MBEDTLS_INTERNAL_VALIDATE( cond ) #define SHA256_VALIDATE(cond) MBEDTLS_INTERNAL_VALIDATE( cond )
#if !defined(MBEDTLS_SHA256_ALT) #if !defined(MBEDTLS_SHA256_ALT)
/*
* 32-bit integer manipulation (big endian)
*/
#ifndef GET_UINT32_BE
#define GET_UINT32_BE(n,b,i) \
do { \
(n) = ( (uint32_t) (b)[(i) ] << 24 ) \
| ( (uint32_t) (b)[(i) + 1] << 16 ) \
| ( (uint32_t) (b)[(i) + 2] << 8 ) \
| ( (uint32_t) (b)[(i) + 3] ); \
} while( 0 )
#endif
static inline void sha256_put_uint32_be( uint32_t n,
unsigned char *b,
uint8_t i )
{
b[i ] = (unsigned char) ( n >> 24 );
b[i + 1] = (unsigned char) ( n >> 16 );
b[i + 2] = (unsigned char) ( n >> 8 );
b[i + 3] = (unsigned char) ( n );
}
void mbedtls_sha256_init( mbedtls_sha256_context *ctx ) void mbedtls_sha256_init( mbedtls_sha256_context *ctx )
{ {
SHA256_VALIDATE( ctx != NULL ); SHA256_VALIDATE( ctx != NULL );
@ -227,7 +199,7 @@ int mbedtls_internal_sha256_process( mbedtls_sha256_context *ctx,
for( i = 0; i < 64; i++ ) for( i = 0; i < 64; i++ )
{ {
if( i < 16 ) if( i < 16 )
GET_UINT32_BE( W[i], data, 4 * i ); W[i] = mbedtls_platform_get_uint32_be( &data[4 * i] );
else else
R( i ); R( i );
@ -238,7 +210,7 @@ int mbedtls_internal_sha256_process( mbedtls_sha256_context *ctx,
} }
#else /* MBEDTLS_SHA256_SMALLER */ #else /* MBEDTLS_SHA256_SMALLER */
for( i = 0; i < 16; i++ ) for( i = 0; i < 16; i++ )
GET_UINT32_BE( W[i], data, 4 * i ); W[i] = mbedtls_platform_get_uint32_be( &data[4 * i] );
for( i = 0; i < 16; i += 8 ) for( i = 0; i < 16; i += 8 )
{ {
@ -385,8 +357,8 @@ int mbedtls_sha256_finish_ret( mbedtls_sha256_context *ctx,
| ( ctx->total[1] << 3 ); | ( ctx->total[1] << 3 );
low = ( ctx->total[0] << 3 ); low = ( ctx->total[0] << 3 );
sha256_put_uint32_be( high, ctx->buffer, 56 ); mbedtls_platform_put_uint32_be( ctx->buffer + 56, high );
sha256_put_uint32_be( low, ctx->buffer, 60 ); mbedtls_platform_put_uint32_be( ctx->buffer + 60, low );
if( ( ret = mbedtls_internal_sha256_process( ctx, ctx->buffer ) ) != 0 ) if( ( ret = mbedtls_internal_sha256_process( ctx, ctx->buffer ) ) != 0 )
return( ret ); return( ret );
@ -394,18 +366,16 @@ int mbedtls_sha256_finish_ret( mbedtls_sha256_context *ctx,
/* /*
* Output final state * Output final state
*/ */
sha256_put_uint32_be( ctx->state[0], output, 0 );
sha256_put_uint32_be( ctx->state[1], output, 4 ); for ( int s_pos = 0, o_pos = 0; s_pos < 7; s_pos++, o_pos += 4 )
sha256_put_uint32_be( ctx->state[2], output, 8 ); {
sha256_put_uint32_be( ctx->state[3], output, 12 ); mbedtls_platform_put_uint32_be( &output[o_pos], ctx->state[s_pos] );
sha256_put_uint32_be( ctx->state[4], output, 16 ); }
sha256_put_uint32_be( ctx->state[5], output, 20 );
sha256_put_uint32_be( ctx->state[6], output, 24 );
#if !defined(MBEDTLS_SHA256_NO_SHA224) #if !defined(MBEDTLS_SHA256_NO_SHA224)
if( ctx->is224 == 0 ) if( ctx->is224 == 0 )
#endif #endif
sha256_put_uint32_be( ctx->state[7], output, 28 ); mbedtls_platform_put_uint32_be( &output[28], ctx->state[7] );
return( 0 ); return( 0 );
} }

136
library/ssl_cli.c
View file

@ -102,18 +102,14 @@ static void ssl_write_hostname_ext( mbedtls_ssl_context *ssl,
* } ServerNameList; * } ServerNameList;
* *
*/ */
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SERVERNAME >> 8 ) & 0xFF );
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SERVERNAME ) & 0xFF );
*p++ = (unsigned char)( ( (hostname_len + 5) >> 8 ) & 0xFF ); p = mbedtls_platform_put_uint16_be( p, MBEDTLS_TLS_EXT_SERVERNAME );
*p++ = (unsigned char)( ( (hostname_len + 5) ) & 0xFF ); p = mbedtls_platform_put_uint16_be( p, hostname_len + 5 );
p = mbedtls_platform_put_uint16_be( p, hostname_len + 3 );
*p++ = (unsigned char)( ( (hostname_len + 3) >> 8 ) & 0xFF );
*p++ = (unsigned char)( ( (hostname_len + 3) ) & 0xFF );
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SERVERNAME_HOSTNAME ) & 0xFF ); *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SERVERNAME_HOSTNAME ) & 0xFF );
*p++ = (unsigned char)( ( hostname_len >> 8 ) & 0xFF );
*p++ = (unsigned char)( ( hostname_len ) & 0xFF ); p = mbedtls_platform_put_uint16_be( p, hostname_len );
memcpy( p, ssl->hostname, hostname_len ); memcpy( p, ssl->hostname, hostname_len );
@ -148,8 +144,7 @@ static void ssl_write_renegotiation_ext( mbedtls_ssl_context *ssl,
/* /*
* Secure renegotiation * Secure renegotiation
*/ */
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_RENEGOTIATION_INFO >> 8 ) & 0xFF ); p = mbedtls_platform_put_uint16_be( p, MBEDTLS_TLS_EXT_RENEGOTIATION_INFO );
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_RENEGOTIATION_INFO ) & 0xFF );
*p++ = 0x00; *p++ = 0x00;
*p++ = ( ssl->verify_data_len + 1 ) & 0xFF; *p++ = ( ssl->verify_data_len + 1 ) & 0xFF;
@ -237,15 +232,10 @@ static void ssl_write_signature_algorithms_ext( mbedtls_ssl_context *ssl,
* SignatureAndHashAlgorithm * SignatureAndHashAlgorithm
* supported_signature_algorithms<2..2^16-2>; * supported_signature_algorithms<2..2^16-2>;
*/ */
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SIG_ALG >> 8 ) & 0xFF );
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SIG_ALG ) & 0xFF );
*p++ = (unsigned char)( ( ( sig_alg_len + 2 ) >> 8 ) & 0xFF );
*p++ = (unsigned char)( ( ( sig_alg_len + 2 ) ) & 0xFF );
*p++ = (unsigned char)( ( sig_alg_len >> 8 ) & 0xFF );
*p++ = (unsigned char)( ( sig_alg_len ) & 0xFF );
p = mbedtls_platform_put_uint16_be( p, MBEDTLS_TLS_EXT_SIG_ALG );
p = mbedtls_platform_put_uint16_be( p, ( sig_alg_len + 2 ) );
p = mbedtls_platform_put_uint16_be( p, sig_alg_len );
*olen = 6 + sig_alg_len; *olen = 6 + sig_alg_len;
} }
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 && #endif /* MBEDTLS_SSL_PROTO_TLS1_2 &&
@ -290,18 +280,13 @@ static void ssl_write_supported_elliptic_curves_ext( mbedtls_ssl_context *ssl,
return; return;
} }
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SUPPORTED_ELLIPTIC_CURVES >> 8 ) & 0xFF ); p = mbedtls_platform_put_uint16_be( p, MBEDTLS_TLS_EXT_SUPPORTED_ELLIPTIC_CURVES );
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SUPPORTED_ELLIPTIC_CURVES ) & 0xFF ); p = mbedtls_platform_put_uint16_be( p, ( elliptic_curve_len + 2 ) );
p = mbedtls_platform_put_uint16_be( p, ( elliptic_curve_len ) );
*p++ = (unsigned char)( ( ( elliptic_curve_len + 2 ) >> 8 ) & 0xFF );
*p++ = (unsigned char)( ( ( elliptic_curve_len + 2 ) ) & 0xFF );
*p++ = (unsigned char)( ( ( elliptic_curve_len ) >> 8 ) & 0xFF );
*p++ = (unsigned char)( ( ( elliptic_curve_len ) ) & 0xFF );
MBEDTLS_SSL_BEGIN_FOR_EACH_SUPPORTED_EC_TLS_ID( tls_id ) MBEDTLS_SSL_BEGIN_FOR_EACH_SUPPORTED_EC_TLS_ID( tls_id )
*p++ = tls_id >> 8; p = mbedtls_platform_put_uint16_be( p, tls_id );
*p++ = tls_id & 0xFF;
MBEDTLS_SSL_END_FOR_EACH_SUPPORTED_EC_TLS_ID MBEDTLS_SSL_END_FOR_EACH_SUPPORTED_EC_TLS_ID
*olen = 6 + elliptic_curve_len; *olen = 6 + elliptic_curve_len;
@ -324,8 +309,7 @@ static void ssl_write_supported_point_formats_ext( mbedtls_ssl_context *ssl,
return; return;
} }
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS >> 8 ) & 0xFF ); p = mbedtls_platform_put_uint16_be( p, MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS );
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS ) & 0xFF );
*p++ = 0x00; *p++ = 0x00;
*p++ = 2; *p++ = 2;
@ -362,8 +346,7 @@ static void ssl_write_ecjpake_kkpp_ext( mbedtls_ssl_context *ssl,
return; return;
} }
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_ECJPAKE_KKPP >> 8 ) & 0xFF ); p = mbedtls_platform_put_uint16_be( p, MBEDTLS_TLS_EXT_ECJPAKE_KKPP );
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_ECJPAKE_KKPP ) & 0xFF );
/* /*
* We may need to send ClientHello multiple times for Hello verification. * We may need to send ClientHello multiple times for Hello verification.
@ -410,8 +393,7 @@ static void ssl_write_ecjpake_kkpp_ext( mbedtls_ssl_context *ssl,
memcpy( p + 2, ssl->handshake->ecjpake_cache, kkpp_len ); memcpy( p + 2, ssl->handshake->ecjpake_cache, kkpp_len );
} }
*p++ = (unsigned char)( ( kkpp_len >> 8 ) & 0xFF ); p = mbedtls_platform_put_uint16_be( p, kkpp_len );
*p++ = (unsigned char)( ( kkpp_len ) & 0xFF );
*olen = kkpp_len + 4; *olen = kkpp_len + 4;
} }
@ -452,11 +434,10 @@ static void ssl_write_cid_ext( mbedtls_ssl_context *ssl,
} }
/* Add extension ID + size */ /* Add extension ID + size */
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_CID >> 8 ) & 0xFF ); p = mbedtls_platform_put_uint16_be( p, MBEDTLS_TLS_EXT_CID );
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_CID ) & 0xFF );
ext_len = (size_t) ssl->own_cid_len + 1; ext_len = (size_t) ssl->own_cid_len + 1;
*p++ = (unsigned char)( ( ext_len >> 8 ) & 0xFF );
*p++ = (unsigned char)( ( ext_len ) & 0xFF ); p = mbedtls_platform_put_uint16_be( p, ext_len );
*p++ = (uint8_t) ssl->own_cid_len; *p++ = (uint8_t) ssl->own_cid_len;
memcpy( p, ssl->own_cid, ssl->own_cid_len ); memcpy( p, ssl->own_cid, ssl->own_cid_len );
@ -487,8 +468,7 @@ static void ssl_write_max_fragment_length_ext( mbedtls_ssl_context *ssl,
return; return;
} }
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH >> 8 ) & 0xFF ); p = mbedtls_platform_put_uint16_be( p, MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH );
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH ) & 0xFF );
*p++ = 0x00; *p++ = 0x00;
*p++ = 1; *p++ = 1;
@ -521,8 +501,7 @@ static void ssl_write_truncated_hmac_ext( mbedtls_ssl_context *ssl,
return; return;
} }
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_TRUNCATED_HMAC >> 8 ) & 0xFF ); p = mbedtls_platform_put_uint16_be( p, MBEDTLS_TLS_EXT_TRUNCATED_HMAC );
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_TRUNCATED_HMAC ) & 0xFF );
*p++ = 0x00; *p++ = 0x00;
*p++ = 0x00; *p++ = 0x00;
@ -556,8 +535,7 @@ static void ssl_write_encrypt_then_mac_ext( mbedtls_ssl_context *ssl,
return; return;
} }
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC >> 8 ) & 0xFF ); p = mbedtls_platform_put_uint16_be( p, MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC );
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC ) & 0xFF );
*p++ = 0x00; *p++ = 0x00;
*p++ = 0x00; *p++ = 0x00;
@ -592,8 +570,7 @@ static void ssl_write_extended_ms_ext( mbedtls_ssl_context *ssl,
return; return;
} }
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET >> 8 ) & 0xFF ); p = mbedtls_platform_put_uint16_be( p, MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET );
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET ) & 0xFF );
*p++ = 0x00; *p++ = 0x00;
*p++ = 0x00; *p++ = 0x00;
@ -625,11 +602,8 @@ static void ssl_write_session_ticket_ext( mbedtls_ssl_context *ssl,
return; return;
} }
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SESSION_TICKET >> 8 ) & 0xFF ); p = mbedtls_platform_put_uint16_be( p, MBEDTLS_TLS_EXT_SESSION_TICKET );
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SESSION_TICKET ) & 0xFF ); p = mbedtls_platform_put_uint16_be( p, tlen );
*p++ = (unsigned char)( ( tlen >> 8 ) & 0xFF );
*p++ = (unsigned char)( ( tlen ) & 0xFF );
*olen = 4; *olen = 4;
@ -673,8 +647,7 @@ static void ssl_write_alpn_ext( mbedtls_ssl_context *ssl,
return; return;
} }
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_ALPN >> 8 ) & 0xFF ); p = mbedtls_platform_put_uint16_be( p, MBEDTLS_TLS_EXT_ALPN );
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_ALPN ) & 0xFF );
/* /*
* opaque ProtocolName<1..2^8-1>; * opaque ProtocolName<1..2^8-1>;
@ -697,12 +670,9 @@ static void ssl_write_alpn_ext( mbedtls_ssl_context *ssl,
*olen = p - buf; *olen = p - buf;
/* List length = olen - 2 (ext_type) - 2 (ext_len) - 2 (list_len) */ /* List length = olen - 2 (ext_type) - 2 (ext_len) - 2 (list_len) */
buf[4] = (unsigned char)( ( ( *olen - 6 ) >> 8 ) & 0xFF ); mbedtls_platform_put_uint16_be( &buf[4], ( *olen - 6 ) );
buf[5] = (unsigned char)( ( ( *olen - 6 ) ) & 0xFF );
/* Extension length = olen - 2 (ext_type) - 2 (ext_len) */ /* Extension length = olen - 2 (ext_type) - 2 (ext_len) */
buf[2] = (unsigned char)( ( ( *olen - 4 ) >> 8 ) & 0xFF ); mbedtls_platform_put_uint16_be( &buf[2], ( *olen - 4 ) );
buf[3] = (unsigned char)( ( ( *olen - 4 ) ) & 0xFF );
} }
#endif /* MBEDTLS_SSL_ALPN */ #endif /* MBEDTLS_SSL_ALPN */
@ -730,11 +700,7 @@ static int ssl_generate_random( mbedtls_ssl_context *ssl )
#if defined(MBEDTLS_HAVE_TIME) #if defined(MBEDTLS_HAVE_TIME)
t = mbedtls_time( NULL ); t = mbedtls_time( NULL );
*p++ = (unsigned char)( t >> 24 ); p = mbedtls_platform_put_uint32_be( p, t );
*p++ = (unsigned char)( t >> 16 );
*p++ = (unsigned char)( t >> 8 );
*p++ = (unsigned char)( t );
MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, current time: %lu", t ) ); MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, current time: %lu", t ) );
#else #else
if( ( ret = mbedtls_ssl_conf_get_frng( ssl->conf ) if( ( ret = mbedtls_ssl_conf_get_frng( ssl->conf )
@ -1012,8 +978,7 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl )
if( ssl->conf->fallback == MBEDTLS_SSL_IS_FALLBACK ) if( ssl->conf->fallback == MBEDTLS_SSL_IS_FALLBACK )
{ {
MBEDTLS_SSL_DEBUG_MSG( 3, ( "adding FALLBACK_SCSV" ) ); MBEDTLS_SSL_DEBUG_MSG( 3, ( "adding FALLBACK_SCSV" ) );
*p++ = (unsigned char)( MBEDTLS_SSL_FALLBACK_SCSV_VALUE >> 8 ); p = mbedtls_platform_put_uint16_be( p, MBEDTLS_SSL_FALLBACK_SCSV_VALUE );
*p++ = (unsigned char)( MBEDTLS_SSL_FALLBACK_SCSV_VALUE );
n++; n++;
} }
#endif #endif
@ -1141,8 +1106,7 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl )
if( ext_len > 0 ) if( ext_len > 0 )
{ {
*p++ = (unsigned char)( ( ext_len >> 8 ) & 0xFF ); p = mbedtls_platform_put_uint16_be( p, ext_len );
*p++ = (unsigned char)( ( ext_len ) & 0xFF );
p += ext_len; p += ext_len;
} }
@ -1497,7 +1461,7 @@ static int ssl_parse_alpn_ext( mbedtls_ssl_context *ssl,
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
} }
list_len = ( buf[0] << 8 ) | buf[1]; list_len = mbedtls_platform_get_uint16_be( buf );
if( list_len != len - 2 ) if( list_len != len - 2 )
{ {
mbedtls_ssl_pend_fatal_alert( ssl, mbedtls_ssl_pend_fatal_alert( ssl,
@ -1743,11 +1707,7 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl )
#endif /* !MBEDTLS_SSL_CONF_FIXED_MAJOR_VER */ #endif /* !MBEDTLS_SSL_CONF_FIXED_MAJOR_VER */
} }
MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, current time: %lu", MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, current time: %lu", mbedtls_platform_get_uint32_be(&buf[2])) );
( (uint32_t) buf[2] << 24 ) |
( (uint32_t) buf[3] << 16 ) |
( (uint32_t) buf[4] << 8 ) |
( (uint32_t) buf[5] ) ) );
memcpy( ssl->handshake->randbytes + 32, buf + 2, 32 ); memcpy( ssl->handshake->randbytes + 32, buf + 2, 32 );
@ -1790,7 +1750,7 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl )
} }
/* ciphersuite (used later) */ /* ciphersuite (used later) */
i = ( buf[35 + n] << 8 ) | buf[36 + n]; i = mbedtls_platform_get_uint16_be( &buf[ 35 + n ] );
/* /*
* Read and check compression * Read and check compression
@ -2462,8 +2422,7 @@ static int ssl_rsa_encrypt_partial_pms( mbedtls_ssl_context *ssl,
defined(MBEDTLS_SSL_PROTO_TLS1_2) defined(MBEDTLS_SSL_PROTO_TLS1_2)
if( len_bytes == 2 ) if( len_bytes == 2 )
{ {
out[0] = (unsigned char)( *olen >> 8 ); mbedtls_platform_put_uint16_be( out, *olen );
out[1] = (unsigned char)( *olen );
*olen += 2; *olen += 2;
} }
#endif #endif
@ -2977,7 +2936,8 @@ static int ssl_in_server_key_exchange_parse( mbedtls_ssl_context *ssl,
MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
} }
sig_len = ( p[0] << 8 ) | p[1];
sig_len = mbedtls_platform_get_uint16_be( p );
p += 2; p += 2;
if( p != end - sig_len ) if( p != end - sig_len )
@ -3573,9 +3533,7 @@ static int ssl_out_client_key_exchange_write( mbedtls_ssl_context *ssl,
if( (size_t)( end - p ) < n + 2 ) if( (size_t)( end - p ) < n + 2 )
return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL ); return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
p[0] = (unsigned char)( n >> 8 ); p = mbedtls_platform_put_uint16_be( p, n );
p[1] = (unsigned char)( n );
p += 2;
ret = mbedtls_dhm_make_public( &ssl->handshake->dhm_ctx, ret = mbedtls_dhm_make_public( &ssl->handshake->dhm_ctx,
(int) mbedtls_mpi_size( &ssl->handshake->dhm_ctx.P ), (int) mbedtls_mpi_size( &ssl->handshake->dhm_ctx.P ),
@ -3690,9 +3648,7 @@ static int ssl_out_client_key_exchange_write( mbedtls_ssl_context *ssl,
return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL ); return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
} }
p[0] = (unsigned char)( n >> 8 ); p = mbedtls_platform_put_uint16_be( p, n );
p[1] = (unsigned char)( n );
p += 2;
memcpy( p, ssl->conf->psk_identity, n ); memcpy( p, ssl->conf->psk_identity, n );
p += ssl->conf->psk_identity_len; p += ssl->conf->psk_identity_len;
@ -3736,9 +3692,7 @@ static int ssl_out_client_key_exchange_write( mbedtls_ssl_context *ssl,
return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL ); return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
} }
p[0] = (unsigned char)( n >> 8 ); p = mbedtls_platform_put_uint16_be( p, n );
p[1] = (unsigned char)( n );
p += 2;
ret = mbedtls_dhm_make_public( &ssl->handshake->dhm_ctx, ret = mbedtls_dhm_make_public( &ssl->handshake->dhm_ctx,
(int) mbedtls_mpi_size( &ssl->handshake->dhm_ctx.P ), (int) mbedtls_mpi_size( &ssl->handshake->dhm_ctx.P ),
@ -4036,8 +3990,7 @@ sign:
return( ret ); return( ret );
} }
ssl->out_msg[4 + offset] = (unsigned char)( n >> 8 ); mbedtls_platform_put_uint16_be( &ssl->out_msg[4 + offset], n );
ssl->out_msg[5 + offset] = (unsigned char)( n );
ssl->out_msglen = 6 + n + offset; ssl->out_msglen = 6 + n + offset;
ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE; ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE;
@ -4103,10 +4056,9 @@ static int ssl_parse_new_session_ticket( mbedtls_ssl_context *ssl )
msg = ssl->in_msg + mbedtls_ssl_hs_hdr_len( ssl ); msg = ssl->in_msg + mbedtls_ssl_hs_hdr_len( ssl );
lifetime = ( ((uint32_t) msg[0]) << 24 ) | ( msg[1] << 16 ) | lifetime = mbedtls_platform_get_uint32_be( msg );
( msg[2] << 8 ) | ( msg[3] );
ticket_len = ( msg[4] << 8 ) | ( msg[5] ); ticket_len = mbedtls_platform_get_uint16_be( &msg[4] );
if( ticket_len + 6 + mbedtls_ssl_hs_hdr_len( ssl ) != ssl->in_hslen ) if( ticket_len + 6 + mbedtls_ssl_hs_hdr_len( ssl ) != ssl->in_hslen )
{ {

12
library/ssl_cookie.c
View file

@ -172,12 +172,7 @@ int mbedtls_ssl_cookie_write( void *p_ctx,
#else #else
t = ctx->serial++; t = ctx->serial++;
#endif #endif
*p = mbedtls_platform_put_uint32_be( *p, t );
(*p)[0] = (unsigned char)( t >> 24 );
(*p)[1] = (unsigned char)( t >> 16 );
(*p)[2] = (unsigned char)( t >> 8 );
(*p)[3] = (unsigned char)( t );
*p += 4;
#if defined(MBEDTLS_THREADING_C) #if defined(MBEDTLS_THREADING_C)
if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 ) if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 )
@ -243,10 +238,7 @@ int mbedtls_ssl_cookie_check( void *p_ctx,
cur_time = ctx->serial; cur_time = ctx->serial;
#endif #endif
cookie_time = ( (unsigned long) cookie[0] << 24 ) | cookie_time = mbedtls_platform_get_uint32_be( cookie );
( (unsigned long) cookie[1] << 16 ) |
( (unsigned long) cookie[2] << 8 ) |
( (unsigned long) cookie[3] );
if( ctx->timeout != 0 && cur_time - cookie_time > ctx->timeout ) if( ctx->timeout != 0 && cur_time - cookie_time > ctx->timeout )
return( -1 ); return( -1 );

109
library/ssl_srv.c
View file

@ -98,7 +98,8 @@ static int ssl_parse_servername_ext( mbedtls_ssl_context *ssl,
MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
} }
servername_list_size = ( ( buf[0] << 8 ) | ( buf[1] ) ); servername_list_size = mbedtls_platform_get_uint16_be( buf );
if( servername_list_size + 2 != len ) if( servername_list_size + 2 != len )
{ {
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) ); MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
@ -110,7 +111,7 @@ static int ssl_parse_servername_ext( mbedtls_ssl_context *ssl,
p = buf + 2; p = buf + 2;
while( servername_list_size > 2 ) while( servername_list_size > 2 )
{ {
hostname_len = ( ( p[1] << 8 ) | p[2] ); hostname_len = mbedtls_platform_get_uint16_be( &p[1] );
if( hostname_len + 3 > servername_list_size ) if( hostname_len + 3 > servername_list_size )
{ {
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) ); MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
@ -218,7 +219,9 @@ static int ssl_parse_signature_algorithms_ext( mbedtls_ssl_context *ssl,
MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
} }
sig_alg_list_size = ( ( buf[0] << 8 ) | ( buf[1] ) );
sig_alg_list_size = mbedtls_platform_get_uint16_be( buf );
if( sig_alg_list_size + 2 != len || if( sig_alg_list_size + 2 != len ||
sig_alg_list_size % 2 != 0 ) sig_alg_list_size % 2 != 0 )
{ {
@ -293,7 +296,8 @@ static int ssl_parse_supported_elliptic_curves( mbedtls_ssl_context *ssl,
MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
} }
list_size = ( ( buf[0] << 8 ) | ( buf[1] ) );
list_size = mbedtls_platform_get_uint16_be( buf );
if( list_size + 2 != len || if( list_size + 2 != len ||
list_size % 2 != 0 ) list_size % 2 != 0 )
{ {
@ -658,6 +662,7 @@ static int ssl_parse_alpn_ext( mbedtls_ssl_context *ssl,
} }
list_len = ( buf[0] << 8 ) | buf[1]; list_len = ( buf[0] << 8 ) | buf[1];
if( list_len != len - 2 ) if( list_len != len - 2 )
{ {
mbedtls_ssl_pend_fatal_alert( ssl, mbedtls_ssl_pend_fatal_alert( ssl,
@ -751,8 +756,7 @@ static int ssl_check_key_curve( mbedtls_pk_context *pk,
while( ec_tls_ids_len-- != 0 ) while( ec_tls_ids_len-- != 0 )
{ {
uint16_t const cur_tls_id = uint16_t const cur_tls_id = mbedtls_platform_get_uint16_be( acceptable_ec_tls_ids );
( acceptable_ec_tls_ids[0] << 8 ) | acceptable_ec_tls_ids[1];
if( cur_tls_id == tls_id ) if( cur_tls_id == tls_id )
return( 0 ); return( 0 );
@ -1102,7 +1106,7 @@ static int ssl_parse_client_hello_v2( mbedtls_ssl_context *ssl )
return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
} }
n = ( ( buf[0] << 8 ) | buf[1] ) & 0x7FFF; n = mbedtls_platform_get_uint16_be( buf );
if( n < 17 || n > 512 ) if( n < 17 || n > 512 )
{ {
@ -1162,9 +1166,9 @@ static int ssl_parse_client_hello_v2( mbedtls_ssl_context *ssl )
*/ */
MBEDTLS_SSL_DEBUG_BUF( 4, "record contents", buf, n ); MBEDTLS_SSL_DEBUG_BUF( 4, "record contents", buf, n );
ciph_len = ( buf[0] << 8 ) | buf[1]; ciph_len = mbedtls_platform_get_uint16_be( &buf[0] );
sess_len = ( buf[2] << 8 ) | buf[3]; sess_len = mbedtls_platform_get_uint16_be( &buf[2] );
chal_len = ( buf[4] << 8 ) | buf[5]; chal_len = mbedtls_platform_get_uint16_be( &buf[4] );
MBEDTLS_SSL_DEBUG_MSG( 3, ( "ciph_len: %d, sess_len: %d, chal_len: %d", MBEDTLS_SSL_DEBUG_MSG( 3, ( "ciph_len: %d, sess_len: %d, chal_len: %d",
ciph_len, sess_len, chal_len ) ); ciph_len, sess_len, chal_len ) );
@ -1489,7 +1493,7 @@ read_record_header:
} }
#endif /* MBEDTLS_SSL_PROTO_DTLS */ #endif /* MBEDTLS_SSL_PROTO_DTLS */
msg_len = ( ssl->in_len[0] << 8 ) | ssl->in_len[1]; msg_len = mbedtls_platform_get_uint16_be( ssl->in_len );
#if defined(MBEDTLS_SSL_RENEGOTIATION) #if defined(MBEDTLS_SSL_RENEGOTIATION)
if( ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE ) if( ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE )
@ -1578,8 +1582,7 @@ read_record_header:
if( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS ) if( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS )
{ {
/* This couldn't be done in ssl_prepare_handshake_record() */ /* This couldn't be done in ssl_prepare_handshake_record() */
unsigned int cli_msg_seq = ( ssl->in_msg[4] << 8 ) | unsigned int cli_msg_seq = mbedtls_platform_get_uint16_be( &ssl->in_msg[4] );
ssl->in_msg[5];
if( cli_msg_seq != ssl->handshake->in_msg_seq ) if( cli_msg_seq != ssl->handshake->in_msg_seq )
{ {
@ -1594,8 +1597,8 @@ read_record_header:
else else
#endif #endif
{ {
unsigned int cli_msg_seq = ( ssl->in_msg[4] << 8 ) | unsigned int cli_msg_seq = mbedtls_platform_get_uint16_be( &ssl->in_msg[4] );
ssl->in_msg[5];
ssl->handshake->out_msg_seq = cli_msg_seq; ssl->handshake->out_msg_seq = cli_msg_seq;
ssl->handshake->in_msg_seq = cli_msg_seq + 1; ssl->handshake->in_msg_seq = cli_msg_seq + 1;
} }
@ -1783,8 +1786,8 @@ read_record_header:
} }
#endif /* MBEDTLS_SSL_PROTO_TLS */ #endif /* MBEDTLS_SSL_PROTO_TLS */
ciph_len = ( buf[ciph_offset + 0] << 8 )
| ( buf[ciph_offset + 1] ); ciph_len = mbedtls_platform_get_uint16_be( &buf[ciph_offset + 0] );
if( ciph_len < 2 || if( ciph_len < 2 ||
ciph_len + 2 + ciph_offset + 1 > msg_len || /* 1 for comp. alg. len */ ciph_len + 2 + ciph_offset + 1 > msg_len || /* 1 for comp. alg. len */
@ -2323,9 +2326,7 @@ static void ssl_write_truncated_hmac_ext( mbedtls_ssl_context *ssl,
MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, adding truncated hmac extension" ) ); MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, adding truncated hmac extension" ) );
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_TRUNCATED_HMAC >> 8 ) & 0xFF ); p = mbedtls_platform_put_uint16_be( p, MBEDTLS_TLS_EXT_TRUNCATED_HMAC );
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_TRUNCATED_HMAC ) & 0xFF );
*p++ = 0x00; *p++ = 0x00;
*p++ = 0x00; *p++ = 0x00;
@ -2367,13 +2368,9 @@ static void ssl_write_cid_ext( mbedtls_ssl_context *ssl,
* opaque cid<0..2^8-1>; * opaque cid<0..2^8-1>;
* } ConnectionId; * } ConnectionId;
*/ */
p = mbedtls_platform_put_uint16_be( p, MBEDTLS_TLS_EXT_CID );
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_CID >> 8 ) & 0xFF );
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_CID ) & 0xFF );
ext_len = (size_t) ssl->own_cid_len + 1; ext_len = (size_t) ssl->own_cid_len + 1;
*p++ = (unsigned char)( ( ext_len >> 8 ) & 0xFF ); p = mbedtls_platform_put_uint16_be( p, ext_len );
*p++ = (unsigned char)( ( ext_len ) & 0xFF );
*p++ = (uint8_t) ssl->own_cid_len; *p++ = (uint8_t) ssl->own_cid_len;
memcpy( p, ssl->own_cid, ssl->own_cid_len ); memcpy( p, ssl->own_cid, ssl->own_cid_len );
@ -2423,9 +2420,7 @@ static void ssl_write_encrypt_then_mac_ext( mbedtls_ssl_context *ssl,
MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, adding encrypt then mac extension" ) ); MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, adding encrypt then mac extension" ) );
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC >> 8 ) & 0xFF ); p = mbedtls_platform_put_uint16_be( p, MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC );
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC ) & 0xFF );
*p++ = 0x00; *p++ = 0x00;
*p++ = 0x00; *p++ = 0x00;
@ -2451,8 +2446,7 @@ static void ssl_write_extended_ms_ext( mbedtls_ssl_context *ssl,
MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, adding extended master secret " MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, adding extended master secret "
"extension" ) ); "extension" ) );
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET >> 8 ) & 0xFF ); p = mbedtls_platform_put_uint16_be( p, MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET );
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET ) & 0xFF );
*p++ = 0x00; *p++ = 0x00;
*p++ = 0x00; *p++ = 0x00;
@ -2476,9 +2470,7 @@ static void ssl_write_session_ticket_ext( mbedtls_ssl_context *ssl,
MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, adding session ticket extension" ) ); MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, adding session ticket extension" ) );
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SESSION_TICKET >> 8 ) & 0xFF ); p = mbedtls_platform_put_uint16_be( p, MBEDTLS_TLS_EXT_SESSION_TICKET );
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SESSION_TICKET ) & 0xFF );
*p++ = 0x00; *p++ = 0x00;
*p++ = 0x00; *p++ = 0x00;
@ -2541,9 +2533,7 @@ static void ssl_write_max_fragment_length_ext( mbedtls_ssl_context *ssl,
MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, max_fragment_length extension" ) ); MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, max_fragment_length extension" ) );
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH >> 8 ) & 0xFF ); p = mbedtls_platform_put_uint16_be( p, MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH );
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH ) & 0xFF );
*p++ = 0x00; *p++ = 0x00;
*p++ = 1; *p++ = 1;
@ -2626,9 +2616,7 @@ static void ssl_write_ecjpake_kkpp_ext( mbedtls_ssl_context *ssl,
return; return;
} }
*p++ = (unsigned char)( ( kkpp_len >> 8 ) & 0xFF ); p = mbedtls_platform_put_uint16_be( p, kkpp_len );
*p++ = (unsigned char)( ( kkpp_len ) & 0xFF );
*olen = kkpp_len + 4; *olen = kkpp_len + 4;
} }
#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ #endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
@ -2652,16 +2640,11 @@ static void ssl_write_alpn_ext( mbedtls_ssl_context *ssl,
* 6 . 6 protocol name length * 6 . 6 protocol name length
* 7 . 7+n protocol name * 7 . 7+n protocol name
*/ */
buf[0] = (unsigned char)( ( MBEDTLS_TLS_EXT_ALPN >> 8 ) & 0xFF ); mbedtls_platform_put_uint16_be( &buf[0], MBEDTLS_TLS_EXT_ALPN );
buf[1] = (unsigned char)( ( MBEDTLS_TLS_EXT_ALPN ) & 0xFF );
*olen = 7 + strlen( ssl->alpn_chosen ); *olen = 7 + strlen( ssl->alpn_chosen );
mbedtls_platform_put_uint16_be( &buf[2], ( *olen - 4 ) );
buf[2] = (unsigned char)( ( ( *olen - 4 ) >> 8 ) & 0xFF ); mbedtls_platform_put_uint16_be( &buf[4], ( *olen - 6 ) );
buf[3] = (unsigned char)( ( ( *olen - 4 ) ) & 0xFF );
buf[4] = (unsigned char)( ( ( *olen - 6 ) >> 8 ) & 0xFF );
buf[5] = (unsigned char)( ( ( *olen - 6 ) ) & 0xFF );
buf[6] = (unsigned char)( ( ( *olen - 7 ) ) & 0xFF ); buf[6] = (unsigned char)( ( ( *olen - 7 ) ) & 0xFF );
@ -2791,10 +2774,7 @@ static int ssl_write_server_hello( mbedtls_ssl_context *ssl )
#if defined(MBEDTLS_HAVE_TIME) #if defined(MBEDTLS_HAVE_TIME)
t = mbedtls_time( NULL ); t = mbedtls_time( NULL );
*p++ = (unsigned char)( t >> 24 ); p = mbedtls_platform_put_uint32_be( p, t );
*p++ = (unsigned char)( t >> 16 );
*p++ = (unsigned char)( t >> 8 );
*p++ = (unsigned char)( t );
MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, current time: %lu", t ) ); MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, current time: %lu", t ) );
#else #else
@ -3121,8 +3101,7 @@ static int ssl_write_certificate_request( mbedtls_ssl_context *ssl )
} }
MBEDTLS_SSL_END_FOR_EACH_SIG_HASH_TLS MBEDTLS_SSL_END_FOR_EACH_SIG_HASH_TLS
p[0] = (unsigned char)( sa_len >> 8 ); mbedtls_platform_put_uint16_be( p, sa_len );
p[1] = (unsigned char)( sa_len );
sa_len += 2; sa_len += 2;
p += sa_len; p += sa_len;
} }
@ -3167,8 +3146,7 @@ static int ssl_write_certificate_request( mbedtls_ssl_context *ssl )
break; break;
} }
*p++ = (unsigned char)( dn_size >> 8 ); p = mbedtls_platform_put_uint16_be( p, dn_size );
*p++ = (unsigned char)( dn_size );
memcpy( p, frame->subject_raw.p, dn_size ); memcpy( p, frame->subject_raw.p, dn_size );
p += dn_size; p += dn_size;
@ -3185,8 +3163,7 @@ static int ssl_write_certificate_request( mbedtls_ssl_context *ssl )
ssl->out_msglen = p - buf; ssl->out_msglen = p - buf;
ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE; ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE;
ssl->out_msg[0] = MBEDTLS_SSL_HS_CERTIFICATE_REQUEST; ssl->out_msg[0] = MBEDTLS_SSL_HS_CERTIFICATE_REQUEST;
ssl->out_msg[4 + ct_len + sa_len] = (unsigned char)( total_dn_size >> 8 ); mbedtls_platform_put_uint16_be( &ssl->out_msg[4 + ct_len + sa_len], total_dn_size );
ssl->out_msg[5 + ct_len + sa_len] = (unsigned char)( total_dn_size );
ret = mbedtls_ssl_write_handshake_msg( ssl ); ret = mbedtls_ssl_write_handshake_msg( ssl );
@ -3740,8 +3717,8 @@ static int ssl_write_server_key_exchange( mbedtls_ssl_context *ssl )
#if defined(MBEDTLS_KEY_EXCHANGE__WITH_SERVER_SIGNATURE__ENABLED) #if defined(MBEDTLS_KEY_EXCHANGE__WITH_SERVER_SIGNATURE__ENABLED)
if( signature_len != 0 ) if( signature_len != 0 )
{ {
ssl->out_msg[ssl->out_msglen++] = (unsigned char)( signature_len >> 8 ); mbedtls_platform_put_uint16_be( &ssl->out_msg[ssl->out_msglen], signature_len );
ssl->out_msg[ssl->out_msglen++] = (unsigned char)( signature_len ); ssl->out_msglen += 2;
MBEDTLS_SSL_DEBUG_BUF( 3, "my signature", MBEDTLS_SSL_DEBUG_BUF( 3, "my signature",
ssl->out_msg + ssl->out_msglen, ssl->out_msg + ssl->out_msglen,
@ -4610,7 +4587,7 @@ static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl )
goto exit; goto exit;
} }
sig_len = ( ssl->in_msg[i] << 8 ) | ssl->in_msg[i+1]; sig_len = mbedtls_platform_get_uint16_be( &ssl->in_msg[i] );
i += 2; i += 2;
if( i + sig_len != ssl->in_hslen ) if( i + sig_len != ssl->in_hslen )
@ -4682,15 +4659,9 @@ static int ssl_write_new_session_ticket( mbedtls_ssl_context *ssl )
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_ticket_write", ret ); MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_ticket_write", ret );
tlen = 0; tlen = 0;
} }
mbedtls_platform_put_uint32_be( &ssl->out_msg[4], lifetime );
ssl->out_msg[4] = ( lifetime >> 24 ) & 0xFF; mbedtls_platform_put_uint16_be( &ssl->out_msg[8], tlen );
ssl->out_msg[5] = ( lifetime >> 16 ) & 0xFF;
ssl->out_msg[6] = ( lifetime >> 8 ) & 0xFF;
ssl->out_msg[7] = ( lifetime ) & 0xFF;
ssl->out_msg[8] = (unsigned char)( ( tlen >> 8 ) & 0xFF );
ssl->out_msg[9] = (unsigned char)( ( tlen ) & 0xFF );
ssl->out_msglen = 10 + tlen; ssl->out_msglen = 10 + tlen;
/* /*

4
library/ssl_ticket.c
View file

@ -221,8 +221,8 @@ int mbedtls_ssl_ticket_write( void *p_ticket,
{ {
goto cleanup; goto cleanup;
} }
state_len_bytes[0] = ( clear_len >> 8 ) & 0xff;
state_len_bytes[1] = ( clear_len ) & 0xff; mbedtls_platform_put_uint16_be( state_len_bytes, clear_len );
/* Encrypt and authenticate */ /* Encrypt and authenticate */
tag = state + clear_len; tag = state + clear_len;

159
library/ssl_tls.c
View file

@ -2102,8 +2102,7 @@ int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl, mbedtls_key_exch
if( end - p < 2 ) if( end - p < 2 )
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
*(p++) = (unsigned char)( psk_len >> 8 ); p = mbedtls_platform_put_uint16_be( p, psk_len );
*(p++) = (unsigned char)( psk_len );
if( end < p || (size_t)( end - p ) < psk_len ) if( end < p || (size_t)( end - p ) < psk_len )
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
@ -2144,8 +2143,7 @@ int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl, mbedtls_key_exch
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_dhm_calc_secret", ret ); MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_dhm_calc_secret", ret );
return( ret ); return( ret );
} }
*(p++) = (unsigned char)( len >> 8 ); p = mbedtls_platform_put_uint16_be( p, len );
*(p++) = (unsigned char)( len );
p += len; p += len;
MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: K ", &ssl->handshake->dhm_ctx.K ); MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: K ", &ssl->handshake->dhm_ctx.K );
@ -2185,8 +2183,7 @@ int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl, mbedtls_key_exch
MBEDTLS_DEBUG_ECDH_Z ); MBEDTLS_DEBUG_ECDH_Z );
#endif /* MBEDTLS_USE_TINYCRYPT */ #endif /* MBEDTLS_USE_TINYCRYPT */
*(p++) = (unsigned char)( zlen >> 8 ); p = mbedtls_platform_put_uint16_be( p, zlen );
*(p++) = (unsigned char)( zlen );
p += zlen; p += zlen;
} }
@ -2201,8 +2198,7 @@ int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl, mbedtls_key_exch
if( end - p < 2 ) if( end - p < 2 )
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
*(p++) = (unsigned char)( psk_len >> 8 ); p = mbedtls_platform_put_uint16_be( p, psk_len );
*(p++) = (unsigned char)( psk_len );
if( end < p || (size_t)( end - p ) < psk_len ) if( end < p || (size_t)( end - p ) < psk_len )
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
@ -2241,8 +2237,7 @@ static void ssl_mac( mbedtls_md_context_t *md_ctx,
memcpy( header, ctr, 8 ); memcpy( header, ctr, 8 );
header[ 8] = (unsigned char) type; header[ 8] = (unsigned char) type;
header[ 9] = (unsigned char)( len >> 8 ); mbedtls_platform_put_uint16_be( &header[9], len );
header[10] = (unsigned char)( len );
memset( padding, 0x36, padlen ); memset( padding, 0x36, padlen );
mbedtls_md_starts( md_ctx ); mbedtls_md_starts( md_ctx );
@ -2394,15 +2389,13 @@ static void ssl_extract_add_data_from_record( unsigned char* add_data,
{ {
memcpy( add_data + 11, rec->cid, rec->cid_len ); memcpy( add_data + 11, rec->cid, rec->cid_len );
add_data[11 + rec->cid_len + 0] = rec->cid_len; add_data[11 + rec->cid_len + 0] = rec->cid_len;
add_data[11 + rec->cid_len + 1] = ( rec->data_len >> 8 ) & 0xFF; mbedtls_platform_put_uint16_be( &add_data[11 + rec->cid_len + 1], rec->data_len );
add_data[11 + rec->cid_len + 2] = ( rec->data_len >> 0 ) & 0xFF;
*add_data_len = 13 + 1 + rec->cid_len; *add_data_len = 13 + 1 + rec->cid_len;
} }
else else
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
{ {
add_data[11 + 0] = ( rec->data_len >> 8 ) & 0xFF; mbedtls_platform_put_uint16_be( &add_data[11], rec->data_len );
add_data[11 + 1] = ( rec->data_len >> 0 ) & 0xFF;
*add_data_len = 13; *add_data_len = 13;
} }
} }
@ -4150,13 +4143,8 @@ int mbedtls_ssl_flight_transmit( mbedtls_ssl_context *ssl )
* Handshake headers: type(1) len(3) seq(2) f_off(3) f_len(3) */ * Handshake headers: type(1) len(3) seq(2) f_off(3) f_len(3) */
memcpy( ssl->out_msg, cur->p, 6 ); memcpy( ssl->out_msg, cur->p, 6 );
ssl->out_msg[6] = ( ( frag_off >> 16 ) & 0xff ); mbedtls_platform_put_uint24_be( &ssl->out_msg[6], frag_off );
ssl->out_msg[7] = ( ( frag_off >> 8 ) & 0xff ); mbedtls_platform_put_uint24_be( &ssl->out_msg[9], cur_hs_frag_len );
ssl->out_msg[8] = ( ( frag_off ) & 0xff );
ssl->out_msg[ 9] = ( ( cur_hs_frag_len >> 16 ) & 0xff );
ssl->out_msg[10] = ( ( cur_hs_frag_len >> 8 ) & 0xff );
ssl->out_msg[11] = ( ( cur_hs_frag_len ) & 0xff );
MBEDTLS_SSL_DEBUG_BUF( 3, "handshake header", ssl->out_msg, 12 ); MBEDTLS_SSL_DEBUG_BUF( 3, "handshake header", ssl->out_msg, 12 );
@ -4353,9 +4341,7 @@ int mbedtls_ssl_write_handshake_msg( mbedtls_ssl_context *ssl )
*/ */
if( ssl->out_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE ) if( ssl->out_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE )
{ {
ssl->out_msg[1] = (unsigned char)( hs_len >> 16 ); mbedtls_platform_put_uint24_be( &ssl->out_msg[1], hs_len );
ssl->out_msg[2] = (unsigned char)( hs_len >> 8 );
ssl->out_msg[3] = (unsigned char)( hs_len );
/* /*
* DTLS has additional fields in the Handshake layer, * DTLS has additional fields in the Handshake layer,
@ -4383,8 +4369,7 @@ int mbedtls_ssl_write_handshake_msg( mbedtls_ssl_context *ssl )
/* Write message_seq and update it, except for HelloRequest */ /* Write message_seq and update it, except for HelloRequest */
if( hs_type != MBEDTLS_SSL_HS_HELLO_REQUEST ) if( hs_type != MBEDTLS_SSL_HS_HELLO_REQUEST )
{ {
ssl->out_msg[4] = ( ssl->handshake->out_msg_seq >> 8 ) & 0xFF; mbedtls_platform_put_uint16_be( &ssl->out_msg[4], ssl->handshake->out_msg_seq );
ssl->out_msg[5] = ( ssl->handshake->out_msg_seq ) & 0xFF;
++( ssl->handshake->out_msg_seq ); ++( ssl->handshake->out_msg_seq );
} }
else else
@ -4495,8 +4480,7 @@ int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl, uint8_t force_flush )
ssl->conf->transport, ssl->out_hdr + 1 ); ssl->conf->transport, ssl->out_hdr + 1 );
memcpy( ssl->out_ctr, ssl->cur_out_ctr, 8 ); memcpy( ssl->out_ctr, ssl->cur_out_ctr, 8 );
ssl->out_len[0] = (unsigned char)( len >> 8 ); mbedtls_platform_put_uint16_be( ssl->out_len, len );
ssl->out_len[1] = (unsigned char)( len );
if( ssl->transform_out != NULL ) if( ssl->transform_out != NULL )
{ {
@ -4539,8 +4523,7 @@ int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl, uint8_t force_flush )
memcpy( ssl->out_cid, rec.cid, rec.cid_len ); memcpy( ssl->out_cid, rec.cid, rec.cid_len );
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
ssl->out_msglen = len = rec.data_len; ssl->out_msglen = len = rec.data_len;
ssl->out_len[0] = (unsigned char)( rec.data_len >> 8 ); mbedtls_platform_put_uint16_be( ssl->out_len, rec.data_len );
ssl->out_len[1] = (unsigned char)( rec.data_len );
} }
protected_record_size = len + mbedtls_ssl_out_hdr_len( ssl ); protected_record_size = len + mbedtls_ssl_out_hdr_len( ssl );
@ -4641,16 +4624,12 @@ static int ssl_hs_is_proper_fragment( mbedtls_ssl_context *ssl )
static uint32_t ssl_get_hs_frag_len( mbedtls_ssl_context const *ssl ) static uint32_t ssl_get_hs_frag_len( mbedtls_ssl_context const *ssl )
{ {
return( ( ssl->in_msg[9] << 16 ) | return mbedtls_platform_get_uint24_be( &ssl->in_msg[9] );
( ssl->in_msg[10] << 8 ) |
ssl->in_msg[11] );
} }
static uint32_t ssl_get_hs_frag_off( mbedtls_ssl_context const *ssl ) static uint32_t ssl_get_hs_frag_off( mbedtls_ssl_context const *ssl )
{ {
return( ( ssl->in_msg[6] << 16 ) | return mbedtls_platform_get_uint24_be( &ssl->in_msg[6] );
( ssl->in_msg[7] << 8 ) |
ssl->in_msg[8] );
} }
static int ssl_check_hs_header( mbedtls_ssl_context const *ssl ) static int ssl_check_hs_header( mbedtls_ssl_context const *ssl )
@ -4753,9 +4732,7 @@ static size_t ssl_get_reassembly_buffer_size( size_t msg_len,
static uint32_t ssl_get_hs_total_len( mbedtls_ssl_context const *ssl ) static uint32_t ssl_get_hs_total_len( mbedtls_ssl_context const *ssl )
{ {
return( ( ssl->in_msg[1] << 16 ) | return mbedtls_platform_get_uint24_be( &ssl->in_msg[1] );
( ssl->in_msg[2] << 8 ) |
ssl->in_msg[3] );
} }
int mbedtls_ssl_prepare_handshake_record( mbedtls_ssl_context *ssl ) int mbedtls_ssl_prepare_handshake_record( mbedtls_ssl_context *ssl )
@ -4777,7 +4754,7 @@ int mbedtls_ssl_prepare_handshake_record( mbedtls_ssl_context *ssl )
if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport ) ) if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport ) )
{ {
int ret; int ret;
unsigned int recv_msg_seq = ( ssl->in_msg[4] << 8 ) | ssl->in_msg[5]; unsigned int recv_msg_seq = mbedtls_platform_get_uint16_be( &ssl->in_msg[4] );
if( ssl_check_hs_header( ssl ) != 0 ) if( ssl_check_hs_header( ssl ) != 0 )
{ {
@ -5104,12 +5081,12 @@ static int ssl_check_dtls_clihlo_cookie(
/* Go back and fill length fields */ /* Go back and fill length fields */
obuf[27] = (unsigned char)( *olen - 28 ); obuf[27] = (unsigned char)( *olen - 28 );
obuf[14] = obuf[22] = (unsigned char)( ( *olen - 25 ) >> 16 ); mbedtls_platform_put_uint24_be( &obuf[14], ( *olen - 25 ) );
obuf[15] = obuf[23] = (unsigned char)( ( *olen - 25 ) >> 8 ); obuf[22] = obuf[14];
obuf[16] = obuf[24] = (unsigned char)( ( *olen - 25 ) ); obuf[23] = obuf[15];
obuf[24] = obuf[16];
obuf[11] = (unsigned char)( ( *olen - 13 ) >> 8 ); mbedtls_platform_put_uint16_be( &obuf[11], ( *olen - 13 ) );
obuf[12] = (unsigned char)( ( *olen - 13 ) );
return( MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED ); return( MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED );
} }
@ -5371,8 +5348,7 @@ static int ssl_parse_record_header( mbedtls_ssl_context const *ssl,
*/ */
rec->data_offset = rec_hdr_len_offset + rec_hdr_len_len; rec->data_offset = rec_hdr_len_offset + rec_hdr_len_len;
rec->data_len = ( (size_t) buf[ rec_hdr_len_offset + 0 ] << 8 ) | rec->data_len = mbedtls_platform_get_uint16_be( &buf[rec_hdr_len_offset] );
( (size_t) buf[ rec_hdr_len_offset + 1 ] << 0 );
MBEDTLS_SSL_DEBUG_BUF( 4, "input record header", buf, rec->data_offset ); MBEDTLS_SSL_DEBUG_BUF( 4, "input record header", buf, rec->data_offset );
MBEDTLS_SSL_DEBUG_MSG( 3, ( "input record: msgtype = %d, " MBEDTLS_SSL_DEBUG_MSG( 3, ( "input record: msgtype = %d, "
@ -5451,7 +5427,7 @@ static int ssl_parse_record_header( mbedtls_ssl_context const *ssl,
#if defined(MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE) && defined(MBEDTLS_SSL_SRV_C) #if defined(MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE) && defined(MBEDTLS_SSL_SRV_C)
static int ssl_check_client_reconnect( mbedtls_ssl_context *ssl ) static int ssl_check_client_reconnect( mbedtls_ssl_context *ssl )
{ {
unsigned int rec_epoch = ( ssl->in_ctr[0] << 8 ) | ssl->in_ctr[1]; unsigned int rec_epoch = mbedtls_platform_get_uint16_be( &ssl->in_ctr[0] );
/* /*
* Check for an epoch 0 ClientHello. We can't use in_msg here to * Check for an epoch 0 ClientHello. We can't use in_msg here to
@ -5798,9 +5774,7 @@ static int ssl_load_buffered_message( mbedtls_ssl_context *ssl )
if( ( hs_buf->is_valid == 1 ) && ( hs_buf->is_complete == 1 ) ) if( ( hs_buf->is_valid == 1 ) && ( hs_buf->is_complete == 1 ) )
{ {
/* Synthesize a record containing the buffered HS message. */ /* Synthesize a record containing the buffered HS message. */
size_t msg_len = ( hs_buf->data[1] << 16 ) | size_t msg_len = mbedtls_platform_get_uint24_be( &hs_buf->data[1] );
( hs_buf->data[2] << 8 ) |
hs_buf->data[3];
/* Double-check that we haven't accidentally buffered /* Double-check that we haven't accidentally buffered
* a message that doesn't fit into the input buffer. */ * a message that doesn't fit into the input buffer. */
@ -5899,7 +5873,8 @@ static int ssl_buffer_message( mbedtls_ssl_context *ssl )
case MBEDTLS_SSL_MSG_HANDSHAKE: case MBEDTLS_SSL_MSG_HANDSHAKE:
{ {
unsigned recv_msg_seq_offset; unsigned recv_msg_seq_offset;
unsigned recv_msg_seq = ( ssl->in_msg[4] << 8 ) | ssl->in_msg[5]; unsigned recv_msg_seq = mbedtls_platform_get_uint16_be( &ssl->in_msg[4] );
mbedtls_ssl_hs_buffer *hs_buf; mbedtls_ssl_hs_buffer *hs_buf;
size_t msg_len = ssl->in_hslen - 12; size_t msg_len = ssl->in_hslen - 12;
@ -6497,8 +6472,7 @@ static int ssl_get_next_record( mbedtls_ssl_context *ssl )
ssl->in_hdr[0] = rec.type; ssl->in_hdr[0] = rec.type;
ssl->in_msg = rec.buf + rec.data_offset; ssl->in_msg = rec.buf + rec.data_offset;
ssl->in_msglen = rec.data_len; ssl->in_msglen = rec.data_len;
ssl->in_len[0] = (unsigned char)( rec.data_len >> 8 ); mbedtls_platform_put_uint16_be( ssl->in_len, rec.data_len );
ssl->in_len[1] = (unsigned char)( rec.data_len );
return( 0 ); return( 0 );
} }
@ -6830,17 +6804,13 @@ int mbedtls_ssl_write_certificate( mbedtls_ssl_context *ssl )
return( MBEDTLS_ERR_SSL_CERTIFICATE_TOO_LARGE ); return( MBEDTLS_ERR_SSL_CERTIFICATE_TOO_LARGE );
} }
ssl->out_msg[i ] = (unsigned char)( n >> 16 ); mbedtls_platform_put_uint24_be( &ssl->out_msg[i], n );
ssl->out_msg[i + 1] = (unsigned char)( n >> 8 );
ssl->out_msg[i + 2] = (unsigned char)( n );
i += 3; memcpy( ssl->out_msg + i, crt->raw.p, n ); i += 3; memcpy( ssl->out_msg + i, crt->raw.p, n );
i += n; crt = crt->next; i += n; crt = crt->next;
} }
ssl->out_msg[4] = (unsigned char)( ( i - 7 ) >> 16 ); mbedtls_platform_put_uint24_be( &ssl->out_msg[4], ( i - 7 ) );
ssl->out_msg[5] = (unsigned char)( ( i - 7 ) >> 8 );
ssl->out_msg[6] = (unsigned char)( ( i - 7 ) );
ssl->out_msglen = i; ssl->out_msglen = i;
ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE; ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE;
@ -6947,7 +6917,7 @@ static int ssl_parse_certificate_chain( mbedtls_ssl_context *ssl,
/* /*
* Same message structure as in mbedtls_ssl_write_certificate() * Same message structure as in mbedtls_ssl_write_certificate()
*/ */
n = ( ssl->in_msg[i+1] << 8 ) | ssl->in_msg[i+2]; n = mbedtls_platform_get_uint16_be( &ssl->in_msg[i + 1] );
if( ssl->in_msg[i] != 0 || if( ssl->in_msg[i] != 0 ||
ssl->in_hslen != n + 3 + mbedtls_ssl_hs_hdr_len( ssl ) ) ssl->in_hslen != n + 3 + mbedtls_ssl_hs_hdr_len( ssl ) )
@ -6982,8 +6952,7 @@ static int ssl_parse_certificate_chain( mbedtls_ssl_context *ssl,
} }
/* Read length of the next CRT in the chain. */ /* Read length of the next CRT in the chain. */
n = ( (unsigned int) ssl->in_msg[i + 1] << 8 ) n = mbedtls_platform_get_uint16_be( &ssl->in_msg[i + 1] );
| (unsigned int) ssl->in_msg[i + 2];
i += 3; i += 3;
if( n < 128 || i + n > ssl->in_hslen ) if( n < 128 || i + n > ssl->in_hslen )
@ -9789,8 +9758,7 @@ static int ssl_session_save( const mbedtls_ssl_session *session,
{ {
const int ciphersuite = const int ciphersuite =
mbedtls_ssl_session_get_ciphersuite( session ); mbedtls_ssl_session_get_ciphersuite( session );
*p++ = (unsigned char)( ( ciphersuite >> 8 ) & 0xFF ); p = mbedtls_platform_put_uint16_be( p, ciphersuite );
*p++ = (unsigned char)( ( ciphersuite ) & 0xFF );
#if defined(MBEDTLS_ZLIB_SUPPORT) #if defined(MBEDTLS_ZLIB_SUPPORT)
*p++ = (unsigned char)( *p++ = (unsigned char)(
@ -9803,11 +9771,7 @@ static int ssl_session_save( const mbedtls_ssl_session *session,
memcpy( p, session->master, 48 ); memcpy( p, session->master, 48 );
p += 48; p += 48;
p = mbedtls_platform_put_uint32_be( p, session->verify_result );
*p++ = (unsigned char)( ( session->verify_result >> 24 ) & 0xFF );
*p++ = (unsigned char)( ( session->verify_result >> 16 ) & 0xFF );
*p++ = (unsigned char)( ( session->verify_result >> 8 ) & 0xFF );
*p++ = (unsigned char)( ( session->verify_result ) & 0xFF );
} }
/* /*
@ -9824,9 +9788,7 @@ static int ssl_session_save( const mbedtls_ssl_session *session,
if( used <= buf_len ) if( used <= buf_len )
{ {
*p++ = (unsigned char)( ( cert_len >> 16 ) & 0xFF ); p = mbedtls_platform_put_uint24_be( p, cert_len );
*p++ = (unsigned char)( ( cert_len >> 8 ) & 0xFF );
*p++ = (unsigned char)( ( cert_len ) & 0xFF );
if( session->peer_cert != NULL ) if( session->peer_cert != NULL )
{ {
@ -9869,9 +9831,7 @@ static int ssl_session_save( const mbedtls_ssl_session *session,
if( used <= buf_len ) if( used <= buf_len )
{ {
*p++ = (unsigned char)( ( session->ticket_len >> 16 ) & 0xFF ); p = mbedtls_platform_put_uint24_be( p, session->ticket_len );
*p++ = (unsigned char)( ( session->ticket_len >> 8 ) & 0xFF );
*p++ = (unsigned char)( ( session->ticket_len ) & 0xFF );
if( session->ticket != NULL ) if( session->ticket != NULL )
{ {
@ -9879,10 +9839,7 @@ static int ssl_session_save( const mbedtls_ssl_session *session,
p += session->ticket_len; p += session->ticket_len;
} }
*p++ = (unsigned char)( ( session->ticket_lifetime >> 24 ) & 0xFF ); p = mbedtls_platform_put_uint32_be( p, session->ticket_lifetime );
*p++ = (unsigned char)( ( session->ticket_lifetime >> 16 ) & 0xFF );
*p++ = (unsigned char)( ( session->ticket_lifetime >> 8 ) & 0xFF );
*p++ = (unsigned char)( ( session->ticket_lifetime ) & 0xFF );
} }
#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_CLI_C */ #endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_CLI_C */
@ -10017,7 +9974,7 @@ static int ssl_session_load( mbedtls_ssl_session *session,
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
} }
ciphersuite = ( p[0] << 8 ) | p[1]; ciphersuite = mbedtls_platform_get_uint16_be( p );
p += 2; p += 2;
#if !defined(MBEDTLS_SSL_CONF_SINGLE_CIPHERSUITE) #if !defined(MBEDTLS_SSL_CONF_SINGLE_CIPHERSUITE)
@ -10041,10 +9998,7 @@ static int ssl_session_load( mbedtls_ssl_session *session,
memcpy( session->master, p, 48 ); memcpy( session->master, p, 48 );
p += 48; p += 48;
session->verify_result = ( (uint32_t) p[0] << 24 ) | session->verify_result = mbedtls_platform_get_uint32_be( p );
( (uint32_t) p[1] << 16 ) |
( (uint32_t) p[2] << 8 ) |
( (uint32_t) p[3] );
p += 4; p += 4;
/* Immediately clear invalid pointer values that have been read, in case /* Immediately clear invalid pointer values that have been read, in case
@ -10068,7 +10022,8 @@ static int ssl_session_load( mbedtls_ssl_session *session,
if( 3 > (size_t)( end - p ) ) if( 3 > (size_t)( end - p ) )
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
cert_len = ( p[0] << 16 ) | ( p[1] << 8 ) | p[2]; cert_len = mbedtls_platform_get_uint24_be( &p[0] );
p += 3; p += 3;
if( cert_len == 0 ) if( cert_len == 0 )
@ -10139,7 +10094,7 @@ static int ssl_session_load( mbedtls_ssl_session *session,
if( 3 > (size_t)( end - p ) ) if( 3 > (size_t)( end - p ) )
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
session->ticket_len = ( p[0] << 16 ) | ( p[1] << 8 ) | p[2]; session->ticket_len = mbedtls_platform_get_uint24_be( &p[0] );
p += 3; p += 3;
if( session->ticket_len != 0 ) if( session->ticket_len != 0 )
@ -10158,10 +10113,7 @@ static int ssl_session_load( mbedtls_ssl_session *session,
if( 4 > (size_t)( end - p ) ) if( 4 > (size_t)( end - p ) )
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
session->ticket_lifetime = ( (uint32_t) p[0] << 24 ) | session->ticket_lifetime = mbedtls_platform_get_uint32_be( p );
( (uint32_t) p[1] << 16 ) |
( (uint32_t) p[2] << 8 ) |
( (uint32_t) p[3] );
p += 4; p += 4;
#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_CLI_C */ #endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_CLI_C */
@ -11267,10 +11219,7 @@ int mbedtls_ssl_context_save( mbedtls_ssl_context *ssl,
used += 4 + session_len; used += 4 + session_len;
if( used <= buf_len ) if( used <= buf_len )
{ {
*p++ = (unsigned char)( ( session_len >> 24 ) & 0xFF ); p = mbedtls_platform_put_uint32_be( p, session_len );
*p++ = (unsigned char)( ( session_len >> 16 ) & 0xFF );
*p++ = (unsigned char)( ( session_len >> 8 ) & 0xFF );
*p++ = (unsigned char)( ( session_len ) & 0xFF );
ret = ssl_session_save( ssl->session, 1, ret = ssl_session_save( ssl->session, 1,
p, session_len, &session_len ); p, session_len, &session_len );
@ -11312,10 +11261,7 @@ int mbedtls_ssl_context_save( mbedtls_ssl_context *ssl,
used += 4; used += 4;
if( used <= buf_len ) if( used <= buf_len )
{ {
*p++ = (unsigned char)( ( ssl->badmac_seen >> 24 ) & 0xFF ); p = mbedtls_platform_put_uint32_be( p, ssl->badmac_seen );
*p++ = (unsigned char)( ( ssl->badmac_seen >> 16 ) & 0xFF );
*p++ = (unsigned char)( ( ssl->badmac_seen >> 8 ) & 0xFF );
*p++ = (unsigned char)( ( ssl->badmac_seen ) & 0xFF );
} }
#endif /* MBEDTLS_SSL_DTLS_BADMAC_LIMIT */ #endif /* MBEDTLS_SSL_DTLS_BADMAC_LIMIT */
@ -11362,8 +11308,7 @@ int mbedtls_ssl_context_save( mbedtls_ssl_context *ssl,
used += 2; used += 2;
if( used <= buf_len ) if( used <= buf_len )
{ {
*p++ = (unsigned char)( ( ssl->mtu >> 8 ) & 0xFF ); p = mbedtls_platform_put_uint16_be( p, ssl->mtu );
*p++ = (unsigned char)( ( ssl->mtu ) & 0xFF );
} }
#endif /* MBEDTLS_SSL_PROTO_DTLS */ #endif /* MBEDTLS_SSL_PROTO_DTLS */
@ -11466,10 +11411,7 @@ static int ssl_context_load( mbedtls_ssl_context *ssl,
if( (size_t)( end - p ) < 4 ) if( (size_t)( end - p ) < 4 )
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
session_len = ( (size_t) p[0] << 24 ) | session_len = mbedtls_platform_get_uint32_be( p );
( (size_t) p[1] << 16 ) |
( (size_t) p[2] << 8 ) |
( (size_t) p[3] );
p += 4; p += 4;
/* This has been allocated by ssl_handshake_init(), called by /* This has been allocated by ssl_handshake_init(), called by
@ -11558,10 +11500,7 @@ static int ssl_context_load( mbedtls_ssl_context *ssl,
if( (size_t)( end - p ) < 4 ) if( (size_t)( end - p ) < 4 )
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
ssl->badmac_seen = ( (uint32_t) p[0] << 24 ) | ssl->badmac_seen = mbedtls_platform_get_uint32_be( p );
( (uint32_t) p[1] << 16 ) |
( (uint32_t) p[2] << 8 ) |
( (uint32_t) p[3] );
p += 4; p += 4;
#endif /* MBEDTLS_SSL_DTLS_BADMAC_LIMIT */ #endif /* MBEDTLS_SSL_DTLS_BADMAC_LIMIT */
@ -11607,7 +11546,7 @@ static int ssl_context_load( mbedtls_ssl_context *ssl,
if( (size_t)( end - p ) < 2 ) if( (size_t)( end - p ) < 2 )
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
ssl->mtu = ( p[0] << 8 ) | p[1]; ssl->mtu = mbedtls_platform_get_uint16_be( p );
p += 2; p += 2;
#endif /* MBEDTLS_SSL_PROTO_DTLS */ #endif /* MBEDTLS_SSL_PROTO_DTLS */