mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-12-25 13:35:32 +00:00
Merge pull request #5314 from gilles-peskine-arm/missing-ret-check-mbedtls_md_hmac-2.x
Backport 2.x: Check HMAC return values
This commit is contained in:
commit
1c68ba1afd
|
@ -5,6 +5,8 @@ Bugfix
|
|||
This does not concern the implementation provided with Mbed TLS,
|
||||
where this function cannot fail, or full-module replacements with
|
||||
MBEDTLS_AES_ALT or MBEDTLS_DES_ALT. Reported by Armelle Duboc in #1092.
|
||||
* Some failures of HMAC operations were ignored. These failures could only
|
||||
happen with an alternative implementation of the underlying hash module.
|
||||
|
||||
Features
|
||||
* Warn if errors from certain functions are ignored. This is currently
|
||||
|
@ -13,5 +15,5 @@ Features
|
|||
(where supported) for critical functions where ignoring the return
|
||||
value is almost always a bug. Enable the new configuration option
|
||||
MBEDTLS_CHECK_RETURN_WARNING to get warnings for other functions. This
|
||||
is currently implemented in the AES and DES modules, and will be extended
|
||||
to other modules in the future.
|
||||
is currently implemented in the AES, DES and md modules, and will be
|
||||
extended to other modules in the future.
|
||||
|
|
5
ChangeLog.d/ssl-mac-zeroize.txt
Normal file
5
ChangeLog.d/ssl-mac-zeroize.txt
Normal file
|
@ -0,0 +1,5 @@
|
|||
Security
|
||||
* Zeroize intermediate variables used to calculate the MAC in CBC cipher
|
||||
suites. This hardens the library in case stack memory leaks through a
|
||||
memory disclosure vulnerabilty, which could formerly have allowed a
|
||||
man-in-the-middle to inject fake ciphertext into a DTLS connection.
|
|
@ -32,6 +32,7 @@
|
|||
#else
|
||||
#include MBEDTLS_CONFIG_FILE
|
||||
#endif
|
||||
#include "mbedtls/platform_util.h"
|
||||
|
||||
/** The selected feature is not available. */
|
||||
#define MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE -0x5080
|
||||
|
@ -210,6 +211,7 @@ int mbedtls_md_init_ctx( mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_
|
|||
* failure.
|
||||
* \return #MBEDTLS_ERR_MD_ALLOC_FAILED on memory-allocation failure.
|
||||
*/
|
||||
MBEDTLS_CHECK_RETURN_TYPICAL
|
||||
int mbedtls_md_setup( mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_info, int hmac );
|
||||
|
||||
/**
|
||||
|
@ -231,6 +233,7 @@ int mbedtls_md_setup( mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_inf
|
|||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification failure.
|
||||
*/
|
||||
MBEDTLS_CHECK_RETURN_TYPICAL
|
||||
int mbedtls_md_clone( mbedtls_md_context_t *dst,
|
||||
const mbedtls_md_context_t *src );
|
||||
|
||||
|
@ -280,6 +283,7 @@ const char *mbedtls_md_get_name( const mbedtls_md_info_t *md_info );
|
|||
* \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification
|
||||
* failure.
|
||||
*/
|
||||
MBEDTLS_CHECK_RETURN_TYPICAL
|
||||
int mbedtls_md_starts( mbedtls_md_context_t *ctx );
|
||||
|
||||
/**
|
||||
|
@ -298,6 +302,7 @@ int mbedtls_md_starts( mbedtls_md_context_t *ctx );
|
|||
* \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification
|
||||
* failure.
|
||||
*/
|
||||
MBEDTLS_CHECK_RETURN_TYPICAL
|
||||
int mbedtls_md_update( mbedtls_md_context_t *ctx, const unsigned char *input, size_t ilen );
|
||||
|
||||
/**
|
||||
|
@ -318,6 +323,7 @@ int mbedtls_md_update( mbedtls_md_context_t *ctx, const unsigned char *input, si
|
|||
* \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification
|
||||
* failure.
|
||||
*/
|
||||
MBEDTLS_CHECK_RETURN_TYPICAL
|
||||
int mbedtls_md_finish( mbedtls_md_context_t *ctx, unsigned char *output );
|
||||
|
||||
/**
|
||||
|
@ -338,6 +344,7 @@ int mbedtls_md_finish( mbedtls_md_context_t *ctx, unsigned char *output );
|
|||
* \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification
|
||||
* failure.
|
||||
*/
|
||||
MBEDTLS_CHECK_RETURN_TYPICAL
|
||||
int mbedtls_md( const mbedtls_md_info_t *md_info, const unsigned char *input, size_t ilen,
|
||||
unsigned char *output );
|
||||
|
||||
|
@ -359,6 +366,7 @@ int mbedtls_md( const mbedtls_md_info_t *md_info, const unsigned char *input, si
|
|||
* the file pointed by \p path.
|
||||
* \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA if \p md_info was NULL.
|
||||
*/
|
||||
MBEDTLS_CHECK_RETURN_TYPICAL
|
||||
int mbedtls_md_file( const mbedtls_md_info_t *md_info, const char *path,
|
||||
unsigned char *output );
|
||||
#endif /* MBEDTLS_FS_IO */
|
||||
|
@ -381,6 +389,7 @@ int mbedtls_md_file( const mbedtls_md_info_t *md_info, const char *path,
|
|||
* \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification
|
||||
* failure.
|
||||
*/
|
||||
MBEDTLS_CHECK_RETURN_TYPICAL
|
||||
int mbedtls_md_hmac_starts( mbedtls_md_context_t *ctx, const unsigned char *key,
|
||||
size_t keylen );
|
||||
|
||||
|
@ -403,6 +412,7 @@ int mbedtls_md_hmac_starts( mbedtls_md_context_t *ctx, const unsigned char *key,
|
|||
* \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification
|
||||
* failure.
|
||||
*/
|
||||
MBEDTLS_CHECK_RETURN_TYPICAL
|
||||
int mbedtls_md_hmac_update( mbedtls_md_context_t *ctx, const unsigned char *input,
|
||||
size_t ilen );
|
||||
|
||||
|
@ -424,6 +434,7 @@ int mbedtls_md_hmac_update( mbedtls_md_context_t *ctx, const unsigned char *inpu
|
|||
* \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification
|
||||
* failure.
|
||||
*/
|
||||
MBEDTLS_CHECK_RETURN_TYPICAL
|
||||
int mbedtls_md_hmac_finish( mbedtls_md_context_t *ctx, unsigned char *output);
|
||||
|
||||
/**
|
||||
|
@ -441,6 +452,7 @@ int mbedtls_md_hmac_finish( mbedtls_md_context_t *ctx, unsigned char *output);
|
|||
* \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification
|
||||
* failure.
|
||||
*/
|
||||
MBEDTLS_CHECK_RETURN_TYPICAL
|
||||
int mbedtls_md_hmac_reset( mbedtls_md_context_t *ctx );
|
||||
|
||||
/**
|
||||
|
@ -465,11 +477,13 @@ int mbedtls_md_hmac_reset( mbedtls_md_context_t *ctx );
|
|||
* \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification
|
||||
* failure.
|
||||
*/
|
||||
MBEDTLS_CHECK_RETURN_TYPICAL
|
||||
int mbedtls_md_hmac( const mbedtls_md_info_t *md_info, const unsigned char *key, size_t keylen,
|
||||
const unsigned char *input, size_t ilen,
|
||||
unsigned char *output );
|
||||
|
||||
/* Internal use */
|
||||
MBEDTLS_CHECK_RETURN_TYPICAL
|
||||
int mbedtls_md_process( mbedtls_md_context_t *ctx, const unsigned char *data );
|
||||
|
||||
#ifdef __cplusplus
|
||||
|
|
|
@ -474,17 +474,18 @@ static void ssl_extract_add_data_from_record( unsigned char* add_data,
|
|||
/*
|
||||
* SSLv3.0 MAC functions
|
||||
*/
|
||||
static void ssl_mac( mbedtls_md_context_t *md_ctx,
|
||||
const unsigned char *secret,
|
||||
const unsigned char *buf, size_t len,
|
||||
const unsigned char *ctr, int type,
|
||||
unsigned char out[SSL3_MAC_MAX_BYTES] )
|
||||
static int ssl_mac( mbedtls_md_context_t *md_ctx,
|
||||
const unsigned char *secret,
|
||||
const unsigned char *buf, size_t len,
|
||||
const unsigned char *ctr, int type,
|
||||
unsigned char out[SSL3_MAC_MAX_BYTES] )
|
||||
{
|
||||
unsigned char header[11];
|
||||
unsigned char padding[48];
|
||||
int padlen;
|
||||
int md_size = mbedtls_md_get_size( md_ctx->md_info );
|
||||
int md_type = mbedtls_md_get_type( md_ctx->md_info );
|
||||
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
||||
|
||||
/* Only MD5 and SHA-1 supported */
|
||||
if( md_type == MBEDTLS_MD_MD5 )
|
||||
|
@ -497,19 +498,43 @@ static void ssl_mac( mbedtls_md_context_t *md_ctx,
|
|||
MBEDTLS_PUT_UINT16_BE( len, header, 9);
|
||||
|
||||
memset( padding, 0x36, padlen );
|
||||
mbedtls_md_starts( md_ctx );
|
||||
mbedtls_md_update( md_ctx, secret, md_size );
|
||||
mbedtls_md_update( md_ctx, padding, padlen );
|
||||
mbedtls_md_update( md_ctx, header, 11 );
|
||||
mbedtls_md_update( md_ctx, buf, len );
|
||||
mbedtls_md_finish( md_ctx, out );
|
||||
ret = mbedtls_md_starts( md_ctx );
|
||||
if( ret != 0 )
|
||||
return( ret );
|
||||
ret = mbedtls_md_update( md_ctx, secret, md_size );
|
||||
if( ret != 0 )
|
||||
return( ret );
|
||||
ret = mbedtls_md_update( md_ctx, padding, padlen );
|
||||
if( ret != 0 )
|
||||
return( ret );
|
||||
ret = mbedtls_md_update( md_ctx, header, 11 );
|
||||
if( ret != 0 )
|
||||
return( ret );
|
||||
ret = mbedtls_md_update( md_ctx, buf, len );
|
||||
if( ret != 0 )
|
||||
return( ret );
|
||||
ret = mbedtls_md_finish( md_ctx, out );
|
||||
if( ret != 0 )
|
||||
return( ret );
|
||||
|
||||
memset( padding, 0x5C, padlen );
|
||||
mbedtls_md_starts( md_ctx );
|
||||
mbedtls_md_update( md_ctx, secret, md_size );
|
||||
mbedtls_md_update( md_ctx, padding, padlen );
|
||||
mbedtls_md_update( md_ctx, out, md_size );
|
||||
mbedtls_md_finish( md_ctx, out );
|
||||
ret = mbedtls_md_starts( md_ctx );
|
||||
if( ret != 0 )
|
||||
return( ret );
|
||||
ret = mbedtls_md_update( md_ctx, secret, md_size );
|
||||
if( ret != 0 )
|
||||
return( ret );
|
||||
ret = mbedtls_md_update( md_ctx, padding, padlen );
|
||||
if( ret != 0 )
|
||||
return( ret );
|
||||
ret = mbedtls_md_update( md_ctx, out, md_size );
|
||||
if( ret != 0 )
|
||||
return( ret );
|
||||
ret = mbedtls_md_finish( md_ctx, out );
|
||||
if( ret != 0 )
|
||||
return( ret );
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
#endif /* MBEDTLS_SSL_PROTO_SSL3 */
|
||||
|
||||
|
@ -714,9 +739,17 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
|
|||
if( transform->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 )
|
||||
{
|
||||
unsigned char mac[SSL3_MAC_MAX_BYTES];
|
||||
ssl_mac( &transform->md_ctx_enc, transform->mac_enc,
|
||||
data, rec->data_len, rec->ctr, rec->type, mac );
|
||||
memcpy( data + rec->data_len, mac, transform->maclen );
|
||||
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
||||
ret = ssl_mac( &transform->md_ctx_enc, transform->mac_enc,
|
||||
data, rec->data_len, rec->ctr, rec->type, mac );
|
||||
if( ret == 0 )
|
||||
memcpy( data + rec->data_len, mac, transform->maclen );
|
||||
mbedtls_platform_zeroize( mac, transform->maclen );
|
||||
if( ret != 0 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_RET( 1, "ssl_mac", ret );
|
||||
return( ret );
|
||||
}
|
||||
}
|
||||
else
|
||||
#endif
|
||||
|
@ -725,18 +758,35 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
|
|||
if( transform->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_1 )
|
||||
{
|
||||
unsigned char mac[MBEDTLS_SSL_MAC_ADD];
|
||||
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
||||
|
||||
ssl_extract_add_data_from_record( add_data, &add_data_len, rec,
|
||||
transform->minor_ver );
|
||||
|
||||
mbedtls_md_hmac_update( &transform->md_ctx_enc, add_data,
|
||||
add_data_len );
|
||||
mbedtls_md_hmac_update( &transform->md_ctx_enc,
|
||||
data, rec->data_len );
|
||||
mbedtls_md_hmac_finish( &transform->md_ctx_enc, mac );
|
||||
mbedtls_md_hmac_reset( &transform->md_ctx_enc );
|
||||
ret = mbedtls_md_hmac_update( &transform->md_ctx_enc,
|
||||
add_data, add_data_len );
|
||||
if( ret != 0 )
|
||||
goto hmac_failed_etm_disabled;
|
||||
ret = mbedtls_md_hmac_update( &transform->md_ctx_enc,
|
||||
data, rec->data_len );
|
||||
if( ret != 0 )
|
||||
goto hmac_failed_etm_disabled;
|
||||
ret = mbedtls_md_hmac_finish( &transform->md_ctx_enc, mac );
|
||||
if( ret != 0 )
|
||||
goto hmac_failed_etm_disabled;
|
||||
ret = mbedtls_md_hmac_reset( &transform->md_ctx_enc );
|
||||
if( ret != 0 )
|
||||
goto hmac_failed_etm_disabled;
|
||||
|
||||
memcpy( data + rec->data_len, mac, transform->maclen );
|
||||
|
||||
hmac_failed_etm_disabled:
|
||||
mbedtls_platform_zeroize( mac, transform->maclen );
|
||||
if( ret != 0 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md_hmac_xxx", ret );
|
||||
return( ret );
|
||||
}
|
||||
}
|
||||
else
|
||||
#endif
|
||||
|
@ -1009,18 +1059,34 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
|
|||
MBEDTLS_SSL_DEBUG_BUF( 4, "MAC'd meta-data", add_data,
|
||||
add_data_len );
|
||||
|
||||
mbedtls_md_hmac_update( &transform->md_ctx_enc, add_data,
|
||||
add_data_len );
|
||||
mbedtls_md_hmac_update( &transform->md_ctx_enc,
|
||||
data, rec->data_len );
|
||||
mbedtls_md_hmac_finish( &transform->md_ctx_enc, mac );
|
||||
mbedtls_md_hmac_reset( &transform->md_ctx_enc );
|
||||
ret = mbedtls_md_hmac_update( &transform->md_ctx_enc, add_data,
|
||||
add_data_len );
|
||||
if( ret != 0 )
|
||||
goto hmac_failed_etm_enabled;
|
||||
ret = mbedtls_md_hmac_update( &transform->md_ctx_enc,
|
||||
data, rec->data_len );
|
||||
if( ret != 0 )
|
||||
goto hmac_failed_etm_enabled;
|
||||
ret = mbedtls_md_hmac_finish( &transform->md_ctx_enc, mac );
|
||||
if( ret != 0 )
|
||||
goto hmac_failed_etm_enabled;
|
||||
ret = mbedtls_md_hmac_reset( &transform->md_ctx_enc );
|
||||
if( ret != 0 )
|
||||
goto hmac_failed_etm_enabled;
|
||||
|
||||
memcpy( data + rec->data_len, mac, transform->maclen );
|
||||
|
||||
rec->data_len += transform->maclen;
|
||||
post_avail -= transform->maclen;
|
||||
auth_done++;
|
||||
|
||||
hmac_failed_etm_enabled:
|
||||
mbedtls_platform_zeroize( mac, transform->maclen );
|
||||
if( ret != 0 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_RET( 1, "HMAC calculation failed", ret );
|
||||
return( ret );
|
||||
}
|
||||
}
|
||||
#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */
|
||||
}
|
||||
|
@ -1292,12 +1358,20 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl,
|
|||
/* Calculate expected MAC. */
|
||||
MBEDTLS_SSL_DEBUG_BUF( 4, "MAC'd meta-data", add_data,
|
||||
add_data_len );
|
||||
mbedtls_md_hmac_update( &transform->md_ctx_dec, add_data,
|
||||
add_data_len );
|
||||
mbedtls_md_hmac_update( &transform->md_ctx_dec,
|
||||
ret = mbedtls_md_hmac_update( &transform->md_ctx_dec, add_data,
|
||||
add_data_len );
|
||||
if( ret != 0 )
|
||||
goto hmac_failed_etm_enabled;
|
||||
ret = mbedtls_md_hmac_update( &transform->md_ctx_dec,
|
||||
data, rec->data_len );
|
||||
mbedtls_md_hmac_finish( &transform->md_ctx_dec, mac_expect );
|
||||
mbedtls_md_hmac_reset( &transform->md_ctx_dec );
|
||||
if( ret != 0 )
|
||||
goto hmac_failed_etm_enabled;
|
||||
ret = mbedtls_md_hmac_finish( &transform->md_ctx_dec, mac_expect );
|
||||
if( ret != 0 )
|
||||
goto hmac_failed_etm_enabled;
|
||||
ret = mbedtls_md_hmac_reset( &transform->md_ctx_dec );
|
||||
if( ret != 0 )
|
||||
goto hmac_failed_etm_enabled;
|
||||
|
||||
MBEDTLS_SSL_DEBUG_BUF( 4, "message mac", data + rec->data_len,
|
||||
transform->maclen );
|
||||
|
@ -1309,9 +1383,19 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl,
|
|||
transform->maclen ) != 0 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "message mac does not match" ) );
|
||||
return( MBEDTLS_ERR_SSL_INVALID_MAC );
|
||||
ret = MBEDTLS_ERR_SSL_INVALID_MAC;
|
||||
goto hmac_failed_etm_enabled;
|
||||
}
|
||||
auth_done++;
|
||||
|
||||
hmac_failed_etm_enabled:
|
||||
mbedtls_platform_zeroize( mac_expect, transform->maclen );
|
||||
if( ret != 0 )
|
||||
{
|
||||
if( ret != MBEDTLS_ERR_SSL_INVALID_MAC )
|
||||
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_hmac_xxx", ret );
|
||||
return( ret );
|
||||
}
|
||||
}
|
||||
#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */
|
||||
|
||||
|
@ -1529,11 +1613,16 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl,
|
|||
#if defined(MBEDTLS_SSL_PROTO_SSL3)
|
||||
if( transform->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 )
|
||||
{
|
||||
ssl_mac( &transform->md_ctx_dec,
|
||||
transform->mac_dec,
|
||||
data, rec->data_len,
|
||||
rec->ctr, rec->type,
|
||||
mac_expect );
|
||||
ret = ssl_mac( &transform->md_ctx_dec,
|
||||
transform->mac_dec,
|
||||
data, rec->data_len,
|
||||
rec->ctr, rec->type,
|
||||
mac_expect );
|
||||
if( ret != 0 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_RET( 1, "ssl_mac", ret );
|
||||
goto hmac_failed_etm_disabled;
|
||||
}
|
||||
memcpy( mac_peer, data + rec->data_len, transform->maclen );
|
||||
}
|
||||
else
|
||||
|
@ -1562,7 +1651,7 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl,
|
|||
if( ret != 0 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ct_hmac", ret );
|
||||
return( ret );
|
||||
goto hmac_failed_etm_disabled;
|
||||
}
|
||||
|
||||
mbedtls_ct_memcpy_offset( mac_peer, data,
|
||||
|
@ -1592,6 +1681,12 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl,
|
|||
correct = 0;
|
||||
}
|
||||
auth_done++;
|
||||
|
||||
hmac_failed_etm_disabled:
|
||||
mbedtls_platform_zeroize( mac_peer, transform->maclen );
|
||||
mbedtls_platform_zeroize( mac_expect, transform->maclen );
|
||||
if( ret != 0 )
|
||||
return( ret );
|
||||
}
|
||||
|
||||
/*
|
||||
|
|
|
@ -442,19 +442,37 @@ static int tls1_prf( const unsigned char *secret, size_t slen,
|
|||
goto exit;
|
||||
}
|
||||
|
||||
mbedtls_md_hmac_starts( &md_ctx, S1, hs );
|
||||
mbedtls_md_hmac_update( &md_ctx, tmp + 20, nb );
|
||||
mbedtls_md_hmac_finish( &md_ctx, 4 + tmp );
|
||||
ret = mbedtls_md_hmac_starts( &md_ctx, S1, hs );
|
||||
if( ret != 0 )
|
||||
goto exit;
|
||||
ret = mbedtls_md_hmac_update( &md_ctx, tmp + 20, nb );
|
||||
if( ret != 0 )
|
||||
goto exit;
|
||||
ret = mbedtls_md_hmac_finish( &md_ctx, 4 + tmp );
|
||||
if( ret != 0 )
|
||||
goto exit;
|
||||
|
||||
for( i = 0; i < dlen; i += 16 )
|
||||
{
|
||||
mbedtls_md_hmac_reset ( &md_ctx );
|
||||
mbedtls_md_hmac_update( &md_ctx, 4 + tmp, 16 + nb );
|
||||
mbedtls_md_hmac_finish( &md_ctx, h_i );
|
||||
ret = mbedtls_md_hmac_reset ( &md_ctx );
|
||||
if( ret != 0 )
|
||||
goto exit;
|
||||
ret = mbedtls_md_hmac_update( &md_ctx, 4 + tmp, 16 + nb );
|
||||
if( ret != 0 )
|
||||
goto exit;
|
||||
ret = mbedtls_md_hmac_finish( &md_ctx, h_i );
|
||||
if( ret != 0 )
|
||||
goto exit;
|
||||
|
||||
mbedtls_md_hmac_reset ( &md_ctx );
|
||||
mbedtls_md_hmac_update( &md_ctx, 4 + tmp, 16 );
|
||||
mbedtls_md_hmac_finish( &md_ctx, 4 + tmp );
|
||||
ret = mbedtls_md_hmac_reset ( &md_ctx );
|
||||
if( ret != 0 )
|
||||
goto exit;
|
||||
ret = mbedtls_md_hmac_update( &md_ctx, 4 + tmp, 16 );
|
||||
if( ret != 0 )
|
||||
goto exit;
|
||||
ret = mbedtls_md_hmac_finish( &md_ctx, 4 + tmp );
|
||||
if( ret != 0 )
|
||||
goto exit;
|
||||
|
||||
k = ( i + 16 > dlen ) ? dlen % 16 : 16;
|
||||
|
||||
|
@ -478,19 +496,37 @@ static int tls1_prf( const unsigned char *secret, size_t slen,
|
|||
goto exit;
|
||||
}
|
||||
|
||||
mbedtls_md_hmac_starts( &md_ctx, S2, hs );
|
||||
mbedtls_md_hmac_update( &md_ctx, tmp + 20, nb );
|
||||
mbedtls_md_hmac_finish( &md_ctx, tmp );
|
||||
ret = mbedtls_md_hmac_starts( &md_ctx, S2, hs );
|
||||
if( ret != 0 )
|
||||
goto exit;
|
||||
ret = mbedtls_md_hmac_update( &md_ctx, tmp + 20, nb );
|
||||
if( ret != 0 )
|
||||
goto exit;
|
||||
ret = mbedtls_md_hmac_finish( &md_ctx, tmp );
|
||||
if( ret != 0 )
|
||||
goto exit;
|
||||
|
||||
for( i = 0; i < dlen; i += 20 )
|
||||
{
|
||||
mbedtls_md_hmac_reset ( &md_ctx );
|
||||
mbedtls_md_hmac_update( &md_ctx, tmp, 20 + nb );
|
||||
mbedtls_md_hmac_finish( &md_ctx, h_i );
|
||||
ret = mbedtls_md_hmac_reset ( &md_ctx );
|
||||
if( ret != 0 )
|
||||
goto exit;
|
||||
ret = mbedtls_md_hmac_update( &md_ctx, tmp, 20 + nb );
|
||||
if( ret != 0 )
|
||||
goto exit;
|
||||
ret = mbedtls_md_hmac_finish( &md_ctx, h_i );
|
||||
if( ret != 0 )
|
||||
goto exit;
|
||||
|
||||
mbedtls_md_hmac_reset ( &md_ctx );
|
||||
mbedtls_md_hmac_update( &md_ctx, tmp, 20 );
|
||||
mbedtls_md_hmac_finish( &md_ctx, tmp );
|
||||
ret = mbedtls_md_hmac_reset ( &md_ctx );
|
||||
if( ret != 0 )
|
||||
goto exit;
|
||||
ret = mbedtls_md_hmac_update( &md_ctx, tmp, 20 );
|
||||
if( ret != 0 )
|
||||
goto exit;
|
||||
ret = mbedtls_md_hmac_finish( &md_ctx, tmp );
|
||||
if( ret != 0 )
|
||||
goto exit;
|
||||
|
||||
k = ( i + 20 > dlen ) ? dlen % 20 : 20;
|
||||
|
||||
|
@ -680,19 +716,37 @@ static int tls_prf_generic( mbedtls_md_type_t md_type,
|
|||
if ( ( ret = mbedtls_md_setup( &md_ctx, md_info, 1 ) ) != 0 )
|
||||
goto exit;
|
||||
|
||||
mbedtls_md_hmac_starts( &md_ctx, secret, slen );
|
||||
mbedtls_md_hmac_update( &md_ctx, tmp + md_len, nb );
|
||||
mbedtls_md_hmac_finish( &md_ctx, tmp );
|
||||
ret = mbedtls_md_hmac_starts( &md_ctx, secret, slen );
|
||||
if( ret != 0 )
|
||||
goto exit;
|
||||
ret = mbedtls_md_hmac_update( &md_ctx, tmp + md_len, nb );
|
||||
if( ret != 0 )
|
||||
goto exit;
|
||||
ret = mbedtls_md_hmac_finish( &md_ctx, tmp );
|
||||
if( ret != 0 )
|
||||
goto exit;
|
||||
|
||||
for( i = 0; i < dlen; i += md_len )
|
||||
{
|
||||
mbedtls_md_hmac_reset ( &md_ctx );
|
||||
mbedtls_md_hmac_update( &md_ctx, tmp, md_len + nb );
|
||||
mbedtls_md_hmac_finish( &md_ctx, h_i );
|
||||
ret = mbedtls_md_hmac_reset ( &md_ctx );
|
||||
if( ret != 0 )
|
||||
goto exit;
|
||||
ret = mbedtls_md_hmac_update( &md_ctx, tmp, md_len + nb );
|
||||
if( ret != 0 )
|
||||
goto exit;
|
||||
ret = mbedtls_md_hmac_finish( &md_ctx, h_i );
|
||||
if( ret != 0 )
|
||||
goto exit;
|
||||
|
||||
mbedtls_md_hmac_reset ( &md_ctx );
|
||||
mbedtls_md_hmac_update( &md_ctx, tmp, md_len );
|
||||
mbedtls_md_hmac_finish( &md_ctx, tmp );
|
||||
ret = mbedtls_md_hmac_reset ( &md_ctx );
|
||||
if( ret != 0 )
|
||||
goto exit;
|
||||
ret = mbedtls_md_hmac_update( &md_ctx, tmp, md_len );
|
||||
if( ret != 0 )
|
||||
goto exit;
|
||||
ret = mbedtls_md_hmac_finish( &md_ctx, tmp );
|
||||
if( ret != 0 )
|
||||
goto exit;
|
||||
|
||||
k = ( i + md_len > dlen ) ? dlen % md_len : md_len;
|
||||
|
||||
|
@ -1232,8 +1286,14 @@ static int ssl_populate_transform( mbedtls_ssl_transform *transform,
|
|||
For AEAD-based ciphersuites, there is nothing to do here. */
|
||||
if( mac_key_len != 0 )
|
||||
{
|
||||
mbedtls_md_hmac_starts( &transform->md_ctx_enc, mac_enc, mac_key_len );
|
||||
mbedtls_md_hmac_starts( &transform->md_ctx_dec, mac_dec, mac_key_len );
|
||||
ret = mbedtls_md_hmac_starts( &transform->md_ctx_enc,
|
||||
mac_enc, mac_key_len );
|
||||
if( ret != 0 )
|
||||
goto end;
|
||||
ret = mbedtls_md_hmac_starts( &transform->md_ctx_dec,
|
||||
mac_dec, mac_key_len );
|
||||
if( ret != 0 )
|
||||
goto end;
|
||||
}
|
||||
}
|
||||
else
|
||||
|
|
Loading…
Reference in a new issue