mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2025-01-12 20:05:34 +00:00
Fixes for invalid printf format specifiers
Fixes for printf format specifiers, where they have been flagged as invalid sizes by coverity, and new build flags to enable catching these errors when building using CMake. Note that this patch uses %zu, which requires C99 or later. Signed-off-by: Paul Elliott <paul.elliott@arm.com>
This commit is contained in:
parent
dd9e8f6dd0
commit
9f35211774
|
@ -685,7 +685,7 @@ static int ssl_write_session_ticket_ext( mbedtls_ssl_context *ssl,
|
||||||
return( 0 );
|
return( 0 );
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 3,
|
MBEDTLS_SSL_DEBUG_MSG( 3,
|
||||||
( "sending session ticket of length %d", tlen ) );
|
( "sending session ticket of length %zu", tlen ) );
|
||||||
|
|
||||||
memcpy( p, ssl->session_negotiate->ticket, tlen );
|
memcpy( p, ssl->session_negotiate->ticket, tlen );
|
||||||
|
|
||||||
|
@ -905,7 +905,7 @@ static int ssl_generate_random( mbedtls_ssl_context *ssl )
|
||||||
*p++ = (unsigned char)( t >> 8 );
|
*p++ = (unsigned char)( t >> 8 );
|
||||||
*p++ = (unsigned char)( t );
|
*p++ = (unsigned char)( t );
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, current time: %lu", t ) );
|
MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, current time: %lld", (long long) t ) );
|
||||||
#else
|
#else
|
||||||
if( ( ret = ssl->conf->f_rng( ssl->conf->p_rng, p, 4 ) ) != 0 )
|
if( ( ret = ssl->conf->f_rng( ssl->conf->p_rng, p, 4 ) ) != 0 )
|
||||||
return( ret );
|
return( ret );
|
||||||
|
@ -1114,7 +1114,7 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl )
|
||||||
for( i = 0; i < n; i++ )
|
for( i = 0; i < n; i++ )
|
||||||
*p++ = ssl->session_negotiate->id[i];
|
*p++ = ssl->session_negotiate->id[i];
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, session id len.: %d", n ) );
|
MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, session id len.: %zu", n ) );
|
||||||
MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, session id", buf + 39, n );
|
MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, session id", buf + 39, n );
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
@ -1182,7 +1182,7 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl )
|
||||||
continue;
|
continue;
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, add ciphersuite: %#04x (%s)",
|
MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, add ciphersuite: %#04x (%s)",
|
||||||
ciphersuites[i], ciphersuite_info->name ) );
|
(unsigned int)ciphersuites[i], ciphersuite_info->name ) );
|
||||||
|
|
||||||
#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
|
#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
|
||||||
defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
|
defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
|
||||||
|
@ -1197,7 +1197,7 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl )
|
||||||
}
|
}
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 3,
|
MBEDTLS_SSL_DEBUG_MSG( 3,
|
||||||
( "client hello, got %d ciphersuites (excluding SCSVs)", n ) );
|
( "client hello, got %zu ciphersuites (excluding SCSVs)", n ) );
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Add TLS_EMPTY_RENEGOTIATION_INFO_SCSV
|
* Add TLS_EMPTY_RENEGOTIATION_INFO_SCSV
|
||||||
|
@ -1420,7 +1420,7 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl )
|
||||||
/* olen unused if all extensions are disabled */
|
/* olen unused if all extensions are disabled */
|
||||||
((void) olen);
|
((void) olen);
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, total extension length: %d",
|
MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, total extension length: %zu",
|
||||||
ext_len ) );
|
ext_len ) );
|
||||||
|
|
||||||
if( ext_len > 0 )
|
if( ext_len > 0 )
|
||||||
|
@ -2167,10 +2167,10 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl )
|
||||||
}
|
}
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, current time: %lu",
|
MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, current time: %lu",
|
||||||
( (uint32_t) buf[2] << 24 ) |
|
( (unsigned long) buf[2] << 24 ) |
|
||||||
( (uint32_t) buf[3] << 16 ) |
|
( (unsigned long) buf[3] << 16 ) |
|
||||||
( (uint32_t) buf[4] << 8 ) |
|
( (unsigned long) buf[4] << 8 ) |
|
||||||
( (uint32_t) buf[5] ) ) );
|
( (unsigned long) buf[5] ) ) );
|
||||||
|
|
||||||
memcpy( ssl->handshake->randbytes + 32, buf + 2, 32 );
|
memcpy( ssl->handshake->randbytes + 32, buf + 2, 32 );
|
||||||
|
|
||||||
|
@ -2253,7 +2253,7 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl )
|
||||||
if( ssl->handshake->ciphersuite_info == NULL )
|
if( ssl->handshake->ciphersuite_info == NULL )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 1,
|
MBEDTLS_SSL_DEBUG_MSG( 1,
|
||||||
( "ciphersuite info for %04x not found", i ) );
|
( "ciphersuite info for %04x not found", (unsigned int)i ) );
|
||||||
mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
|
mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
|
||||||
MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR );
|
MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR );
|
||||||
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
|
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
|
||||||
|
@ -2261,7 +2261,7 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl )
|
||||||
|
|
||||||
mbedtls_ssl_optimize_checksum( ssl, ssl->handshake->ciphersuite_info );
|
mbedtls_ssl_optimize_checksum( ssl, ssl->handshake->ciphersuite_info );
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, session id len.: %d", n ) );
|
MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, session id len.: %zu", n ) );
|
||||||
MBEDTLS_SSL_DEBUG_BUF( 3, "server hello, session id", buf + 35, n );
|
MBEDTLS_SSL_DEBUG_BUF( 3, "server hello, session id", buf + 35, n );
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
@ -2304,7 +2304,7 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl )
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "%s session has been resumed",
|
MBEDTLS_SSL_DEBUG_MSG( 3, ( "%s session has been resumed",
|
||||||
ssl->handshake->resume ? "a" : "no" ) );
|
ssl->handshake->resume ? "a" : "no" ) );
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, chosen ciphersuite: %04x", i ) );
|
MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, chosen ciphersuite: %04x", (unsigned int)i ) );
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, compress alg.: %d",
|
MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, compress alg.: %d",
|
||||||
buf[37 + n] ) );
|
buf[37 + n] ) );
|
||||||
|
|
||||||
|
@ -2373,7 +2373,7 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl )
|
||||||
ext = buf + 40 + n;
|
ext = buf + 40 + n;
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 2,
|
MBEDTLS_SSL_DEBUG_MSG( 2,
|
||||||
( "server hello, total extension length: %d", ext_len ) );
|
( "server hello, total extension length: %zu", ext_len ) );
|
||||||
|
|
||||||
while( ext_len )
|
while( ext_len )
|
||||||
{
|
{
|
||||||
|
@ -2537,7 +2537,7 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl )
|
||||||
|
|
||||||
default:
|
default:
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 3,
|
MBEDTLS_SSL_DEBUG_MSG( 3,
|
||||||
( "unknown extension found: %d (ignoring)", ext_id ) );
|
( "unknown extension found: %u (ignoring)", ext_id ) );
|
||||||
}
|
}
|
||||||
|
|
||||||
ext_len -= 4 + ext_size;
|
ext_len -= 4 + ext_size;
|
||||||
|
@ -2628,7 +2628,7 @@ static int ssl_parse_server_dh_params( mbedtls_ssl_context *ssl,
|
||||||
|
|
||||||
if( ssl->handshake->dhm_ctx.len * 8 < ssl->conf->dhm_min_bitlen )
|
if( ssl->handshake->dhm_ctx.len * 8 < ssl->conf->dhm_min_bitlen )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "DHM prime too short: %d < %d",
|
MBEDTLS_SSL_DEBUG_MSG( 1, ( "DHM prime too short: %zu < %u",
|
||||||
ssl->handshake->dhm_ctx.len * 8,
|
ssl->handshake->dhm_ctx.len * 8,
|
||||||
ssl->conf->dhm_min_bitlen ) );
|
ssl->conf->dhm_min_bitlen ) );
|
||||||
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
|
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
|
||||||
|
@ -4347,7 +4347,7 @@ static int ssl_parse_new_session_ticket( mbedtls_ssl_context *ssl )
|
||||||
return( MBEDTLS_ERR_SSL_BAD_HS_NEW_SESSION_TICKET );
|
return( MBEDTLS_ERR_SSL_BAD_HS_NEW_SESSION_TICKET );
|
||||||
}
|
}
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "ticket length: %d", ticket_len ) );
|
MBEDTLS_SSL_DEBUG_MSG( 3, ( "ticket length: %zu", ticket_len ) );
|
||||||
|
|
||||||
/* We're not waiting for a NewSessionTicket message any more */
|
/* We're not waiting for a NewSessionTicket message any more */
|
||||||
ssl->handshake->new_session_ticket = 0;
|
ssl->handshake->new_session_ticket = 0;
|
||||||
|
|
|
@ -283,8 +283,8 @@ static int ssl_double_retransmit_timeout( mbedtls_ssl_context *ssl )
|
||||||
}
|
}
|
||||||
|
|
||||||
ssl->handshake->retransmit_timeout = new_timeout;
|
ssl->handshake->retransmit_timeout = new_timeout;
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "update timeout value to %d millisecs",
|
MBEDTLS_SSL_DEBUG_MSG( 3, ( "update timeout value to %lu millisecs",
|
||||||
ssl->handshake->retransmit_timeout ) );
|
(unsigned long) ssl->handshake->retransmit_timeout ) );
|
||||||
|
|
||||||
return( 0 );
|
return( 0 );
|
||||||
}
|
}
|
||||||
|
@ -292,8 +292,8 @@ static int ssl_double_retransmit_timeout( mbedtls_ssl_context *ssl )
|
||||||
static void ssl_reset_retransmit_timeout( mbedtls_ssl_context *ssl )
|
static void ssl_reset_retransmit_timeout( mbedtls_ssl_context *ssl )
|
||||||
{
|
{
|
||||||
ssl->handshake->retransmit_timeout = ssl->conf->hs_timeout_min;
|
ssl->handshake->retransmit_timeout = ssl->conf->hs_timeout_min;
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "update timeout value to %d millisecs",
|
MBEDTLS_SSL_DEBUG_MSG( 3, ( "update timeout value to %lu millisecs",
|
||||||
ssl->handshake->retransmit_timeout ) );
|
(unsigned long) ssl->handshake->retransmit_timeout ) );
|
||||||
}
|
}
|
||||||
#endif /* MBEDTLS_SSL_PROTO_DTLS */
|
#endif /* MBEDTLS_SSL_PROTO_DTLS */
|
||||||
|
|
||||||
|
@ -764,7 +764,7 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
|
||||||
{
|
{
|
||||||
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
||||||
size_t olen;
|
size_t olen;
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "before encrypt: msglen = %d, "
|
MBEDTLS_SSL_DEBUG_MSG( 3, ( "before encrypt: msglen = %zu, "
|
||||||
"including %d bytes of padding",
|
"including %d bytes of padding",
|
||||||
rec->data_len, 0 ) );
|
rec->data_len, 0 ) );
|
||||||
|
|
||||||
|
@ -842,7 +842,7 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
|
||||||
dynamic_iv_is_explicit ? dynamic_iv_len : 0 );
|
dynamic_iv_is_explicit ? dynamic_iv_len : 0 );
|
||||||
MBEDTLS_SSL_DEBUG_BUF( 4, "additional data used for AEAD",
|
MBEDTLS_SSL_DEBUG_BUF( 4, "additional data used for AEAD",
|
||||||
add_data, add_data_len );
|
add_data, add_data_len );
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "before encrypt: msglen = %d, "
|
MBEDTLS_SSL_DEBUG_MSG( 3, ( "before encrypt: msglen = %zu, "
|
||||||
"including 0 bytes of padding",
|
"including 0 bytes of padding",
|
||||||
rec->data_len ) );
|
rec->data_len ) );
|
||||||
|
|
||||||
|
@ -945,8 +945,8 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
|
||||||
}
|
}
|
||||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_1 || MBEDTLS_SSL_PROTO_TLS1_2 */
|
#endif /* MBEDTLS_SSL_PROTO_TLS1_1 || MBEDTLS_SSL_PROTO_TLS1_2 */
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "before encrypt: msglen = %d, "
|
MBEDTLS_SSL_DEBUG_MSG( 3, ( "before encrypt: msglen = %zu, "
|
||||||
"including %d bytes of IV and %d bytes of padding",
|
"including %zu bytes of IV and %zu bytes of padding",
|
||||||
rec->data_len, transform->ivlen,
|
rec->data_len, transform->ivlen,
|
||||||
padlen + 1 ) );
|
padlen + 1 ) );
|
||||||
|
|
||||||
|
@ -1366,7 +1366,7 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl,
|
||||||
{
|
{
|
||||||
if( rec->data_len < dynamic_iv_len )
|
if( rec->data_len < dynamic_iv_len )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "msglen (%d) < explicit_iv_len (%d) ",
|
MBEDTLS_SSL_DEBUG_MSG( 1, ( "msglen (%zu) < explicit_iv_len (%zu) ",
|
||||||
rec->data_len,
|
rec->data_len,
|
||||||
dynamic_iv_len ) );
|
dynamic_iv_len ) );
|
||||||
return( MBEDTLS_ERR_SSL_INVALID_MAC );
|
return( MBEDTLS_ERR_SSL_INVALID_MAC );
|
||||||
|
@ -1385,7 +1385,7 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl,
|
||||||
/* Check that there's space for the authentication tag. */
|
/* Check that there's space for the authentication tag. */
|
||||||
if( rec->data_len < transform->taglen )
|
if( rec->data_len < transform->taglen )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "msglen (%d) < taglen (%d) ",
|
MBEDTLS_SSL_DEBUG_MSG( 1, ( "msglen (%zu) < taglen (%zu) ",
|
||||||
rec->data_len,
|
rec->data_len,
|
||||||
transform->taglen ) );
|
transform->taglen ) );
|
||||||
return( MBEDTLS_ERR_SSL_INVALID_MAC );
|
return( MBEDTLS_ERR_SSL_INVALID_MAC );
|
||||||
|
@ -1488,7 +1488,7 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl,
|
||||||
if( rec->data_len < minlen + transform->ivlen ||
|
if( rec->data_len < minlen + transform->ivlen ||
|
||||||
rec->data_len < minlen + transform->maclen + 1 )
|
rec->data_len < minlen + transform->maclen + 1 )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "msglen (%d) < max( ivlen(%d), maclen (%d) "
|
MBEDTLS_SSL_DEBUG_MSG( 1, ( "msglen (%zu) < max( ivlen(%zu), maclen (%zu) "
|
||||||
"+ 1 ) ( + expl IV )", rec->data_len,
|
"+ 1 ) ( + expl IV )", rec->data_len,
|
||||||
transform->ivlen,
|
transform->ivlen,
|
||||||
transform->maclen ) );
|
transform->maclen ) );
|
||||||
|
@ -1554,7 +1554,7 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl,
|
||||||
* data_len >= minlen + ivlen ( = minlen or 2 * minlen ). */
|
* data_len >= minlen + ivlen ( = minlen or 2 * minlen ). */
|
||||||
if( rec->data_len % transform->ivlen != 0 )
|
if( rec->data_len % transform->ivlen != 0 )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "msglen (%d) %% ivlen (%d) != 0",
|
MBEDTLS_SSL_DEBUG_MSG( 1, ( "msglen (%zu) %% ivlen (%zu) != 0",
|
||||||
rec->data_len, transform->ivlen ) );
|
rec->data_len, transform->ivlen ) );
|
||||||
return( MBEDTLS_ERR_SSL_INVALID_MAC );
|
return( MBEDTLS_ERR_SSL_INVALID_MAC );
|
||||||
}
|
}
|
||||||
|
@ -1624,7 +1624,7 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl,
|
||||||
#if defined(MBEDTLS_SSL_DEBUG_ALL)
|
#if defined(MBEDTLS_SSL_DEBUG_ALL)
|
||||||
if( rec->data_len < transform->maclen + padlen + 1 )
|
if( rec->data_len < transform->maclen + padlen + 1 )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "msglen (%d) < maclen (%d) + padlen (%d)",
|
MBEDTLS_SSL_DEBUG_MSG( 1, ( "msglen (%zu) < maclen (%zu) + padlen (%zu)",
|
||||||
rec->data_len,
|
rec->data_len,
|
||||||
transform->maclen,
|
transform->maclen,
|
||||||
padlen + 1 ) );
|
padlen + 1 ) );
|
||||||
|
@ -1653,8 +1653,8 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl,
|
||||||
if( padlen > transform->ivlen )
|
if( padlen > transform->ivlen )
|
||||||
{
|
{
|
||||||
#if defined(MBEDTLS_SSL_DEBUG_ALL)
|
#if defined(MBEDTLS_SSL_DEBUG_ALL)
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad padding length: is %d, "
|
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad padding length: is %zu, "
|
||||||
"should be no more than %d",
|
"should be no more than %zu",
|
||||||
padlen, transform->ivlen ) );
|
padlen, transform->ivlen ) );
|
||||||
#endif
|
#endif
|
||||||
correct = 0;
|
correct = 0;
|
||||||
|
@ -1890,7 +1890,7 @@ static int ssl_compress_buf( mbedtls_ssl_context *ssl )
|
||||||
|
|
||||||
memcpy( msg_pre, ssl->out_msg, len_pre );
|
memcpy( msg_pre, ssl->out_msg, len_pre );
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "before compression: msglen = %d, ",
|
MBEDTLS_SSL_DEBUG_MSG( 3, ( "before compression: msglen = %zu, ",
|
||||||
ssl->out_msglen ) );
|
ssl->out_msglen ) );
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_BUF( 4, "before compression: output payload",
|
MBEDTLS_SSL_DEBUG_BUF( 4, "before compression: output payload",
|
||||||
|
@ -1911,7 +1911,7 @@ static int ssl_compress_buf( mbedtls_ssl_context *ssl )
|
||||||
ssl->out_msglen = out_buf_len -
|
ssl->out_msglen = out_buf_len -
|
||||||
ssl->transform_out->ctx_deflate.avail_out - bytes_written;
|
ssl->transform_out->ctx_deflate.avail_out - bytes_written;
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "after compression: msglen = %d, ",
|
MBEDTLS_SSL_DEBUG_MSG( 3, ( "after compression: msglen = %zu, ",
|
||||||
ssl->out_msglen ) );
|
ssl->out_msglen ) );
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_BUF( 4, "after compression: output payload",
|
MBEDTLS_SSL_DEBUG_BUF( 4, "after compression: output payload",
|
||||||
|
@ -1942,7 +1942,7 @@ static int ssl_decompress_buf( mbedtls_ssl_context *ssl )
|
||||||
|
|
||||||
memcpy( msg_pre, ssl->in_msg, len_pre );
|
memcpy( msg_pre, ssl->in_msg, len_pre );
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "before decompression: msglen = %d, ",
|
MBEDTLS_SSL_DEBUG_MSG( 3, ( "before decompression: msglen = %zu, ",
|
||||||
ssl->in_msglen ) );
|
ssl->in_msglen ) );
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_BUF( 4, "before decompression: input payload",
|
MBEDTLS_SSL_DEBUG_BUF( 4, "before decompression: input payload",
|
||||||
|
@ -1963,7 +1963,7 @@ static int ssl_decompress_buf( mbedtls_ssl_context *ssl )
|
||||||
ssl->in_msglen = in_buf_len -
|
ssl->in_msglen = in_buf_len -
|
||||||
ssl->transform_in->ctx_inflate.avail_out - header_bytes;
|
ssl->transform_in->ctx_inflate.avail_out - header_bytes;
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "after decompression: msglen = %d, ",
|
MBEDTLS_SSL_DEBUG_MSG( 3, ( "after decompression: msglen = %zu, ",
|
||||||
ssl->in_msglen ) );
|
ssl->in_msglen ) );
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_BUF( 4, "after decompression: input payload",
|
MBEDTLS_SSL_DEBUG_BUF( 4, "after decompression: input payload",
|
||||||
|
@ -2042,7 +2042,7 @@ int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want )
|
||||||
|
|
||||||
if( ssl->in_left != 0 )
|
if( ssl->in_left != 0 )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "next record in same datagram, offset: %d",
|
MBEDTLS_SSL_DEBUG_MSG( 2, ( "next record in same datagram, offset: %zu",
|
||||||
ssl->next_record_offset ) );
|
ssl->next_record_offset ) );
|
||||||
memmove( ssl->in_hdr,
|
memmove( ssl->in_hdr,
|
||||||
ssl->in_hdr + ssl->next_record_offset,
|
ssl->in_hdr + ssl->next_record_offset,
|
||||||
|
@ -2052,7 +2052,7 @@ int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want )
|
||||||
ssl->next_record_offset = 0;
|
ssl->next_record_offset = 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "in_left: %d, nb_want: %d",
|
MBEDTLS_SSL_DEBUG_MSG( 2, ( "in_left: %zu, nb_want: %zu",
|
||||||
ssl->in_left, nb_want ) );
|
ssl->in_left, nb_want ) );
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
@ -2094,7 +2094,7 @@ int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want )
|
||||||
else
|
else
|
||||||
timeout = ssl->conf->read_timeout;
|
timeout = ssl->conf->read_timeout;
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "f_recv_timeout: %u ms", timeout ) );
|
MBEDTLS_SSL_DEBUG_MSG( 3, ( "f_recv_timeout: %lu ms", (unsigned long) timeout ) );
|
||||||
|
|
||||||
if( ssl->f_recv_timeout != NULL )
|
if( ssl->f_recv_timeout != NULL )
|
||||||
ret = ssl->f_recv_timeout( ssl->p_bio, ssl->in_hdr, len,
|
ret = ssl->f_recv_timeout( ssl->p_bio, ssl->in_hdr, len,
|
||||||
|
@ -2153,7 +2153,7 @@ int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want )
|
||||||
else
|
else
|
||||||
#endif
|
#endif
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "in_left: %d, nb_want: %d",
|
MBEDTLS_SSL_DEBUG_MSG( 2, ( "in_left: %zu, nb_want: %zu",
|
||||||
ssl->in_left, nb_want ) );
|
ssl->in_left, nb_want ) );
|
||||||
|
|
||||||
while( ssl->in_left < nb_want )
|
while( ssl->in_left < nb_want )
|
||||||
|
@ -2177,7 +2177,7 @@ int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want )
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "in_left: %d, nb_want: %d",
|
MBEDTLS_SSL_DEBUG_MSG( 2, ( "in_left: %zu, nb_want: %zu",
|
||||||
ssl->in_left, nb_want ) );
|
ssl->in_left, nb_want ) );
|
||||||
MBEDTLS_SSL_DEBUG_RET( 2, "ssl->f_recv(_timeout)", ret );
|
MBEDTLS_SSL_DEBUG_RET( 2, "ssl->f_recv(_timeout)", ret );
|
||||||
|
|
||||||
|
@ -2190,8 +2190,8 @@ int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want )
|
||||||
if ( (size_t)ret > len || ( INT_MAX > SIZE_MAX && ret > (int)SIZE_MAX ) )
|
if ( (size_t)ret > len || ( INT_MAX > SIZE_MAX && ret > (int)SIZE_MAX ) )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 1,
|
MBEDTLS_SSL_DEBUG_MSG( 1,
|
||||||
( "f_recv returned %d bytes but only %lu were requested",
|
( "f_recv returned %d bytes but only %zu were requested",
|
||||||
ret, (unsigned long)len ) );
|
ret, len ) );
|
||||||
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
|
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -2230,7 +2230,7 @@ int mbedtls_ssl_flush_output( mbedtls_ssl_context *ssl )
|
||||||
|
|
||||||
while( ssl->out_left > 0 )
|
while( ssl->out_left > 0 )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "message length: %d, out_left: %d",
|
MBEDTLS_SSL_DEBUG_MSG( 2, ( "message length: %zu, out_left: %zu",
|
||||||
mbedtls_ssl_out_hdr_len( ssl ) + ssl->out_msglen, ssl->out_left ) );
|
mbedtls_ssl_out_hdr_len( ssl ) + ssl->out_msglen, ssl->out_left ) );
|
||||||
|
|
||||||
buf = ssl->out_hdr - ssl->out_left;
|
buf = ssl->out_hdr - ssl->out_left;
|
||||||
|
@ -2244,8 +2244,8 @@ int mbedtls_ssl_flush_output( mbedtls_ssl_context *ssl )
|
||||||
if( (size_t)ret > ssl->out_left || ( INT_MAX > SIZE_MAX && ret > (int)SIZE_MAX ) )
|
if( (size_t)ret > ssl->out_left || ( INT_MAX > SIZE_MAX && ret > (int)SIZE_MAX ) )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 1,
|
MBEDTLS_SSL_DEBUG_MSG( 1,
|
||||||
( "f_send returned %d bytes but only %lu bytes were sent",
|
( "f_send returned %d bytes but only %zu bytes were sent",
|
||||||
ret, (unsigned long)ssl->out_left ) );
|
ret, ssl->out_left ) );
|
||||||
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
|
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -2286,14 +2286,14 @@ static int ssl_flight_append( mbedtls_ssl_context *ssl )
|
||||||
/* Allocate space for current message */
|
/* Allocate space for current message */
|
||||||
if( ( msg = mbedtls_calloc( 1, sizeof( mbedtls_ssl_flight_item ) ) ) == NULL )
|
if( ( msg = mbedtls_calloc( 1, sizeof( mbedtls_ssl_flight_item ) ) ) == NULL )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc %d bytes failed",
|
MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc %zu bytes failed",
|
||||||
sizeof( mbedtls_ssl_flight_item ) ) );
|
sizeof( mbedtls_ssl_flight_item ) ) );
|
||||||
return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
|
return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
|
||||||
}
|
}
|
||||||
|
|
||||||
if( ( msg->p = mbedtls_calloc( 1, ssl->out_msglen ) ) == NULL )
|
if( ( msg->p = mbedtls_calloc( 1, ssl->out_msglen ) ) == NULL )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc %d bytes failed", ssl->out_msglen ) );
|
MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc %zu bytes failed", ssl->out_msglen ) );
|
||||||
mbedtls_free( msg );
|
mbedtls_free( msg );
|
||||||
return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
|
return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
|
||||||
}
|
}
|
||||||
|
@ -2922,8 +2922,8 @@ int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl, uint8_t force_flush )
|
||||||
/* Now write the potentially updated record content type. */
|
/* Now write the potentially updated record content type. */
|
||||||
ssl->out_hdr[0] = (unsigned char) ssl->out_msgtype;
|
ssl->out_hdr[0] = (unsigned char) ssl->out_msgtype;
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "output record: msgtype = %d, "
|
MBEDTLS_SSL_DEBUG_MSG( 3, ( "output record: msgtype = %u, "
|
||||||
"version = [%d:%d], msglen = %d",
|
"version = [%u:%u], msglen = %zu",
|
||||||
ssl->out_hdr[0], ssl->out_hdr[1],
|
ssl->out_hdr[0], ssl->out_hdr[1],
|
||||||
ssl->out_hdr[2], len ) );
|
ssl->out_hdr[2], len ) );
|
||||||
|
|
||||||
|
@ -3119,7 +3119,7 @@ int mbedtls_ssl_prepare_handshake_record( mbedtls_ssl_context *ssl )
|
||||||
{
|
{
|
||||||
if( ssl->in_msglen < mbedtls_ssl_hs_hdr_len( ssl ) )
|
if( ssl->in_msglen < mbedtls_ssl_hs_hdr_len( ssl ) )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "handshake message too short: %d",
|
MBEDTLS_SSL_DEBUG_MSG( 1, ( "handshake message too short: %zu",
|
||||||
ssl->in_msglen ) );
|
ssl->in_msglen ) );
|
||||||
return( MBEDTLS_ERR_SSL_INVALID_RECORD );
|
return( MBEDTLS_ERR_SSL_INVALID_RECORD );
|
||||||
}
|
}
|
||||||
|
@ -3127,7 +3127,7 @@ int mbedtls_ssl_prepare_handshake_record( mbedtls_ssl_context *ssl )
|
||||||
ssl->in_hslen = mbedtls_ssl_hs_hdr_len( ssl ) + ssl_get_hs_total_len( ssl );
|
ssl->in_hslen = mbedtls_ssl_hs_hdr_len( ssl ) + ssl_get_hs_total_len( ssl );
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "handshake message: msglen ="
|
MBEDTLS_SSL_DEBUG_MSG( 3, ( "handshake message: msglen ="
|
||||||
" %d, type = %d, hslen = %d",
|
" %zu, type = %u, hslen = %zu",
|
||||||
ssl->in_msglen, ssl->in_msg[0], ssl->in_hslen ) );
|
ssl->in_msglen, ssl->in_msg[0], ssl->in_hslen ) );
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||||
|
@ -3163,7 +3163,7 @@ int mbedtls_ssl_prepare_handshake_record( mbedtls_ssl_context *ssl )
|
||||||
ssl->in_msg[0] != MBEDTLS_SSL_HS_HELLO_VERIFY_REQUEST )
|
ssl->in_msg[0] != MBEDTLS_SSL_HS_HELLO_VERIFY_REQUEST )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "received message from last flight, "
|
MBEDTLS_SSL_DEBUG_MSG( 2, ( "received message from last flight, "
|
||||||
"message_seq = %d, start_of_flight = %d",
|
"message_seq = %u, start_of_flight = %u",
|
||||||
recv_msg_seq,
|
recv_msg_seq,
|
||||||
ssl->handshake->in_flight_start_seq ) );
|
ssl->handshake->in_flight_start_seq ) );
|
||||||
|
|
||||||
|
@ -3176,7 +3176,7 @@ int mbedtls_ssl_prepare_handshake_record( mbedtls_ssl_context *ssl )
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "dropping out-of-sequence message: "
|
MBEDTLS_SSL_DEBUG_MSG( 2, ( "dropping out-of-sequence message: "
|
||||||
"message_seq = %d, expected = %d",
|
"message_seq = %u, expected = %u",
|
||||||
recv_msg_seq,
|
recv_msg_seq,
|
||||||
ssl->handshake->in_msg_seq ) );
|
ssl->handshake->in_msg_seq ) );
|
||||||
}
|
}
|
||||||
|
@ -3746,8 +3746,8 @@ static int ssl_parse_record_header( mbedtls_ssl_context const *ssl,
|
||||||
( (size_t) buf[ rec_hdr_len_offset + 1 ] << 0 );
|
( (size_t) buf[ rec_hdr_len_offset + 1 ] << 0 );
|
||||||
MBEDTLS_SSL_DEBUG_BUF( 4, "input record header", buf, rec->data_offset );
|
MBEDTLS_SSL_DEBUG_BUF( 4, "input record header", buf, rec->data_offset );
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "input record: msgtype = %d, "
|
MBEDTLS_SSL_DEBUG_MSG( 3, ( "input record: msgtype = %u, "
|
||||||
"version = [%d:%d], msglen = %d",
|
"version = [%d:%d], msglen = %zu",
|
||||||
rec->type,
|
rec->type,
|
||||||
major_ver, minor_ver, rec->data_len ) );
|
major_ver, minor_ver, rec->data_len ) );
|
||||||
|
|
||||||
|
@ -3790,8 +3790,8 @@ static int ssl_parse_record_header( mbedtls_ssl_context const *ssl,
|
||||||
if( rec_epoch != ssl->in_epoch )
|
if( rec_epoch != ssl->in_epoch )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "record from another epoch: "
|
MBEDTLS_SSL_DEBUG_MSG( 1, ( "record from another epoch: "
|
||||||
"expected %d, received %d",
|
"expected %u, received %lu",
|
||||||
ssl->in_epoch, rec_epoch ) );
|
ssl->in_epoch, (unsigned long) rec_epoch ) );
|
||||||
|
|
||||||
/* Records from the next epoch are considered for buffering
|
/* Records from the next epoch are considered for buffering
|
||||||
* (concretely: early Finished messages). */
|
* (concretely: early Finished messages). */
|
||||||
|
@ -4325,31 +4325,31 @@ static int ssl_buffer_message( mbedtls_ssl_context *ssl )
|
||||||
{
|
{
|
||||||
/* If we can't buffer a future message because
|
/* If we can't buffer a future message because
|
||||||
* of space limitations -- ignore. */
|
* of space limitations -- ignore. */
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "Buffering of future message of size %u would exceed the compile-time limit %u (already %u bytes buffered) -- ignore\n",
|
MBEDTLS_SSL_DEBUG_MSG( 2, ( "Buffering of future message of size %zu would exceed the compile-time limit %d (already %zu bytes buffered) -- ignore\n",
|
||||||
(unsigned) msg_len, MBEDTLS_SSL_DTLS_MAX_BUFFERING,
|
msg_len, MBEDTLS_SSL_DTLS_MAX_BUFFERING,
|
||||||
(unsigned) hs->buffering.total_bytes_buffered ) );
|
hs->buffering.total_bytes_buffered ) );
|
||||||
goto exit;
|
goto exit;
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "Buffering of future message of size %u would exceed the compile-time limit %u (already %u bytes buffered) -- attempt to make space by freeing buffered future messages\n",
|
MBEDTLS_SSL_DEBUG_MSG( 2, ( "Buffering of future message of size %zu would exceed the compile-time limit %d (already %zu bytes buffered) -- attempt to make space by freeing buffered future messages\n",
|
||||||
(unsigned) msg_len, MBEDTLS_SSL_DTLS_MAX_BUFFERING,
|
msg_len, MBEDTLS_SSL_DTLS_MAX_BUFFERING,
|
||||||
(unsigned) hs->buffering.total_bytes_buffered ) );
|
hs->buffering.total_bytes_buffered ) );
|
||||||
}
|
}
|
||||||
|
|
||||||
if( ssl_buffer_make_space( ssl, reassembly_buf_sz ) != 0 )
|
if( ssl_buffer_make_space( ssl, reassembly_buf_sz ) != 0 )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "Reassembly of next message of size %u (%u with bitmap) would exceed the compile-time limit %u (already %u bytes buffered) -- fail\n",
|
MBEDTLS_SSL_DEBUG_MSG( 2, ( "Reassembly of next message of size %zu (%zu with bitmap) would exceed the compile-time limit %d (already %zu bytes buffered) -- fail\n",
|
||||||
(unsigned) msg_len,
|
msg_len,
|
||||||
(unsigned) reassembly_buf_sz,
|
reassembly_buf_sz,
|
||||||
MBEDTLS_SSL_DTLS_MAX_BUFFERING,
|
MBEDTLS_SSL_DTLS_MAX_BUFFERING,
|
||||||
(unsigned) hs->buffering.total_bytes_buffered ) );
|
hs->buffering.total_bytes_buffered ) );
|
||||||
ret = MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL;
|
ret = MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL;
|
||||||
goto exit;
|
goto exit;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "initialize reassembly, total length = %d",
|
MBEDTLS_SSL_DEBUG_MSG( 2, ( "initialize reassembly, total length = %zu",
|
||||||
msg_len ) );
|
msg_len ) );
|
||||||
|
|
||||||
hs_buf->data = mbedtls_calloc( 1, reassembly_buf_sz );
|
hs_buf->data = mbedtls_calloc( 1, reassembly_buf_sz );
|
||||||
|
@ -4395,7 +4395,7 @@ static int ssl_buffer_message( mbedtls_ssl_context *ssl )
|
||||||
frag_off = ssl_get_hs_frag_off( ssl );
|
frag_off = ssl_get_hs_frag_off( ssl );
|
||||||
frag_len = ssl_get_hs_frag_len( ssl );
|
frag_len = ssl_get_hs_frag_len( ssl );
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "adding fragment, offset = %d, length = %d",
|
MBEDTLS_SSL_DEBUG_MSG( 2, ( "adding fragment, offset = %zu, length = %zu",
|
||||||
frag_off, frag_len ) );
|
frag_off, frag_len ) );
|
||||||
memcpy( msg + frag_off, ssl->in_msg + 12, frag_len );
|
memcpy( msg + frag_off, ssl->in_msg + 12, frag_len );
|
||||||
|
|
||||||
|
@ -4622,15 +4622,15 @@ static int ssl_buffer_future_record( mbedtls_ssl_context *ssl,
|
||||||
if( rec->buf_len > ( MBEDTLS_SSL_DTLS_MAX_BUFFERING -
|
if( rec->buf_len > ( MBEDTLS_SSL_DTLS_MAX_BUFFERING -
|
||||||
hs->buffering.total_bytes_buffered ) )
|
hs->buffering.total_bytes_buffered ) )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "Buffering of future epoch record of size %u would exceed the compile-time limit %u (already %u bytes buffered) -- ignore\n",
|
MBEDTLS_SSL_DEBUG_MSG( 2, ( "Buffering of future epoch record of size %zu would exceed the compile-time limit %d (already %zu bytes buffered) -- ignore\n",
|
||||||
(unsigned) rec->buf_len, MBEDTLS_SSL_DTLS_MAX_BUFFERING,
|
rec->buf_len, MBEDTLS_SSL_DTLS_MAX_BUFFERING,
|
||||||
(unsigned) hs->buffering.total_bytes_buffered ) );
|
hs->buffering.total_bytes_buffered ) );
|
||||||
return( 0 );
|
return( 0 );
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Buffer record */
|
/* Buffer record */
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "Buffer record from epoch %u",
|
MBEDTLS_SSL_DEBUG_MSG( 2, ( "Buffer record from epoch %u",
|
||||||
ssl->in_epoch + 1 ) );
|
ssl->in_epoch + 1U ) );
|
||||||
MBEDTLS_SSL_DEBUG_BUF( 3, "Buffered record", rec->buf, rec->buf_len );
|
MBEDTLS_SSL_DEBUG_BUF( 3, "Buffered record", rec->buf, rec->buf_len );
|
||||||
|
|
||||||
/* ssl_parse_record_header() only considers records
|
/* ssl_parse_record_header() only considers records
|
||||||
|
@ -4903,7 +4903,7 @@ int mbedtls_ssl_handle_message_type( mbedtls_ssl_context *ssl )
|
||||||
{
|
{
|
||||||
if( ssl->in_msglen != 1 )
|
if( ssl->in_msglen != 1 )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "invalid CCS message, len: %d",
|
MBEDTLS_SSL_DEBUG_MSG( 1, ( "invalid CCS message, len: %zu",
|
||||||
ssl->in_msglen ) );
|
ssl->in_msglen ) );
|
||||||
return( MBEDTLS_ERR_SSL_INVALID_RECORD );
|
return( MBEDTLS_ERR_SSL_INVALID_RECORD );
|
||||||
}
|
}
|
||||||
|
@ -4939,12 +4939,12 @@ int mbedtls_ssl_handle_message_type( mbedtls_ssl_context *ssl )
|
||||||
/* Note: Standard allows for more than one 2 byte alert
|
/* Note: Standard allows for more than one 2 byte alert
|
||||||
to be packed in a single message, but Mbed TLS doesn't
|
to be packed in a single message, but Mbed TLS doesn't
|
||||||
currently support this. */
|
currently support this. */
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "invalid alert message, len: %d",
|
MBEDTLS_SSL_DEBUG_MSG( 1, ( "invalid alert message, len: %zu",
|
||||||
ssl->in_msglen ) );
|
ssl->in_msglen ) );
|
||||||
return( MBEDTLS_ERR_SSL_INVALID_RECORD );
|
return( MBEDTLS_ERR_SSL_INVALID_RECORD );
|
||||||
}
|
}
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "got an alert message, type: [%d:%d]",
|
MBEDTLS_SSL_DEBUG_MSG( 2, ( "got an alert message, type: [%u:%u]",
|
||||||
ssl->in_msg[0], ssl->in_msg[1] ) );
|
ssl->in_msg[0], ssl->in_msg[1] ) );
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
@ -5771,7 +5771,7 @@ static int ssl_write_real( mbedtls_ssl_context *ssl,
|
||||||
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
|
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "fragment larger than the (negotiated) "
|
MBEDTLS_SSL_DEBUG_MSG( 1, ( "fragment larger than the (negotiated) "
|
||||||
"maximum fragment length: %d > %d",
|
"maximum fragment length: %zu > %zu",
|
||||||
len, max_len ) );
|
len, max_len ) );
|
||||||
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
|
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
|
||||||
}
|
}
|
||||||
|
|
|
@ -298,13 +298,13 @@ static int ssl_parse_signature_algorithms_ext( mbedtls_ssl_context *ssl,
|
||||||
{
|
{
|
||||||
mbedtls_ssl_sig_hash_set_add( &ssl->handshake->hash_algs, sig_cur, md_cur );
|
mbedtls_ssl_sig_hash_set_add( &ssl->handshake->hash_algs, sig_cur, md_cur );
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello v3, signature_algorithm ext:"
|
MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello v3, signature_algorithm ext:"
|
||||||
" match sig %d and hash %d",
|
" match sig %u and hash %u",
|
||||||
sig_cur, md_cur ) );
|
sig_cur, md_cur ) );
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello v3, signature_algorithm ext: "
|
MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello v3, signature_algorithm ext: "
|
||||||
"hash alg %d not supported", md_cur ) );
|
"hash alg %u not supported", md_cur ) );
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -633,7 +633,7 @@ static int ssl_parse_session_ticket_ext( mbedtls_ssl_context *ssl,
|
||||||
/* Remember the client asked us to send a new ticket */
|
/* Remember the client asked us to send a new ticket */
|
||||||
ssl->handshake->new_session_ticket = 1;
|
ssl->handshake->new_session_ticket = 1;
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "ticket length: %d", len ) );
|
MBEDTLS_SSL_DEBUG_MSG( 3, ( "ticket length: %zu", len ) );
|
||||||
|
|
||||||
if( len == 0 )
|
if( len == 0 )
|
||||||
return( 0 );
|
return( 0 );
|
||||||
|
@ -1048,7 +1048,7 @@ static int ssl_ciphersuite_match( mbedtls_ssl_context *ssl, int suite_id,
|
||||||
}
|
}
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "trying ciphersuite: %#04x (%s)",
|
MBEDTLS_SSL_DEBUG_MSG( 3, ( "trying ciphersuite: %#04x (%s)",
|
||||||
suite_id, suite_info->name ) );
|
(unsigned int)suite_id, suite_info->name ) );
|
||||||
|
|
||||||
if( suite_info->min_minor_ver > ssl->minor_ver ||
|
if( suite_info->min_minor_ver > ssl->minor_ver ||
|
||||||
suite_info->max_minor_ver < ssl->minor_ver )
|
suite_info->max_minor_ver < ssl->minor_ver )
|
||||||
|
@ -1116,7 +1116,7 @@ static int ssl_ciphersuite_match( mbedtls_ssl_context *ssl, int suite_id,
|
||||||
mbedtls_ssl_sig_hash_set_find( &ssl->handshake->hash_algs, sig_type ) == MBEDTLS_MD_NONE )
|
mbedtls_ssl_sig_hash_set_find( &ssl->handshake->hash_algs, sig_type ) == MBEDTLS_MD_NONE )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "ciphersuite mismatch: no suitable hash algorithm "
|
MBEDTLS_SSL_DEBUG_MSG( 3, ( "ciphersuite mismatch: no suitable hash algorithm "
|
||||||
"for signature algorithm %d", sig_type ) );
|
"for signature algorithm %u", sig_type ) );
|
||||||
return( 0 );
|
return( 0 );
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -1247,7 +1247,7 @@ static int ssl_parse_client_hello_v2( mbedtls_ssl_context *ssl )
|
||||||
sess_len = ( buf[2] << 8 ) | buf[3];
|
sess_len = ( buf[2] << 8 ) | buf[3];
|
||||||
chal_len = ( buf[4] << 8 ) | buf[5];
|
chal_len = ( buf[4] << 8 ) | buf[5];
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "ciph_len: %d, sess_len: %d, chal_len: %d",
|
MBEDTLS_SSL_DEBUG_MSG( 3, ( "ciph_len: %u, sess_len: %u, chal_len: %u",
|
||||||
ciph_len, sess_len, chal_len ) );
|
ciph_len, sess_len, chal_len ) );
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
@ -1629,7 +1629,7 @@ read_record_header:
|
||||||
if( cli_msg_seq != ssl->handshake->in_msg_seq )
|
if( cli_msg_seq != ssl->handshake->in_msg_seq )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message_seq: "
|
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message_seq: "
|
||||||
"%d (expected %d)", cli_msg_seq,
|
"%u (expected %u)", cli_msg_seq,
|
||||||
ssl->handshake->in_msg_seq ) );
|
ssl->handshake->in_msg_seq ) );
|
||||||
return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
|
return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
|
||||||
}
|
}
|
||||||
|
@ -2073,7 +2073,7 @@ read_record_header:
|
||||||
#endif /* MBEDTLS_SSL_DTLS_SRTP */
|
#endif /* MBEDTLS_SSL_DTLS_SRTP */
|
||||||
|
|
||||||
default:
|
default:
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "unknown extension found: %d (ignoring)",
|
MBEDTLS_SSL_DEBUG_MSG( 3, ( "unknown extension found: %u (ignoring)",
|
||||||
ext_id ) );
|
ext_id ) );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -2274,7 +2274,7 @@ have_ciphersuite:
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "no hash algorithm for signature algorithm "
|
MBEDTLS_SSL_DEBUG_MSG( 3, ( "no hash algorithm for signature algorithm "
|
||||||
"%d - should not happen", sig_alg ) );
|
"%u - should not happen", sig_alg ) );
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
@ -2826,7 +2826,7 @@ static int ssl_write_server_hello( mbedtls_ssl_context *ssl )
|
||||||
*p++ = (unsigned char)( t >> 8 );
|
*p++ = (unsigned char)( t >> 8 );
|
||||||
*p++ = (unsigned char)( t );
|
*p++ = (unsigned char)( t );
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, current time: %lu", t ) );
|
MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, current time: %lld", (long long) t ) );
|
||||||
#else
|
#else
|
||||||
if( ( ret = ssl->conf->f_rng( ssl->conf->p_rng, p, 4 ) ) != 0 )
|
if( ( ret = ssl->conf->f_rng( ssl->conf->p_rng, p, 4 ) ) != 0 )
|
||||||
return( ret );
|
return( ret );
|
||||||
|
@ -2914,7 +2914,7 @@ static int ssl_write_server_hello( mbedtls_ssl_context *ssl )
|
||||||
memcpy( p, ssl->session_negotiate->id, ssl->session_negotiate->id_len );
|
memcpy( p, ssl->session_negotiate->id, ssl->session_negotiate->id_len );
|
||||||
p += ssl->session_negotiate->id_len;
|
p += ssl->session_negotiate->id_len;
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, session id len.: %d", n ) );
|
MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, session id len.: %zu", n ) );
|
||||||
MBEDTLS_SSL_DEBUG_BUF( 3, "server hello, session id", buf + 39, n );
|
MBEDTLS_SSL_DEBUG_BUF( 3, "server hello, session id", buf + 39, n );
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "%s session has been resumed",
|
MBEDTLS_SSL_DEBUG_MSG( 3, ( "%s session has been resumed",
|
||||||
ssl->handshake->resume ? "a" : "no" ) );
|
ssl->handshake->resume ? "a" : "no" ) );
|
||||||
|
@ -2926,7 +2926,7 @@ static int ssl_write_server_hello( mbedtls_ssl_context *ssl )
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, chosen ciphersuite: %s",
|
MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, chosen ciphersuite: %s",
|
||||||
mbedtls_ssl_get_ciphersuite_name( ssl->session_negotiate->ciphersuite ) ) );
|
mbedtls_ssl_get_ciphersuite_name( ssl->session_negotiate->ciphersuite ) ) );
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, compress alg.: 0x%02X",
|
MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, compress alg.: 0x%02X",
|
||||||
ssl->session_negotiate->compression ) );
|
(unsigned int)ssl->session_negotiate->compression ) );
|
||||||
|
|
||||||
/* Do not write the extensions if the protocol is SSLv3 */
|
/* Do not write the extensions if the protocol is SSLv3 */
|
||||||
#if defined(MBEDTLS_SSL_PROTO_SSL3)
|
#if defined(MBEDTLS_SSL_PROTO_SSL3)
|
||||||
|
@ -2995,7 +2995,7 @@ static int ssl_write_server_hello( mbedtls_ssl_context *ssl )
|
||||||
ext_len += olen;
|
ext_len += olen;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, total extension length: %d", ext_len ) );
|
MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, total extension length: %zu", ext_len ) );
|
||||||
|
|
||||||
if( ext_len > 0 )
|
if( ext_len > 0 )
|
||||||
{
|
{
|
||||||
|
@ -3502,7 +3502,7 @@ curve_matching_done:
|
||||||
md_alg = MBEDTLS_MD_NONE;
|
md_alg = MBEDTLS_MD_NONE;
|
||||||
}
|
}
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "pick hash algorithm %d for signing", md_alg ) );
|
MBEDTLS_SSL_DEBUG_MSG( 3, ( "pick hash algorithm %u for signing", md_alg ) );
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* 2.2: Compute the hash to be signed
|
* 2.2: Compute the hash to be signed
|
||||||
|
|
|
@ -961,7 +961,7 @@ static int ssl_populate_transform( mbedtls_ssl_transform *transform,
|
||||||
cipher_info = mbedtls_cipher_info_from_type( ciphersuite_info->cipher );
|
cipher_info = mbedtls_cipher_info_from_type( ciphersuite_info->cipher );
|
||||||
if( cipher_info == NULL )
|
if( cipher_info == NULL )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "cipher info for %d not found",
|
MBEDTLS_SSL_DEBUG_MSG( 1, ( "cipher info for %u not found",
|
||||||
ciphersuite_info->cipher ) );
|
ciphersuite_info->cipher ) );
|
||||||
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
|
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
|
||||||
}
|
}
|
||||||
|
@ -969,7 +969,7 @@ static int ssl_populate_transform( mbedtls_ssl_transform *transform,
|
||||||
md_info = mbedtls_md_info_from_type( ciphersuite_info->mac );
|
md_info = mbedtls_md_info_from_type( ciphersuite_info->mac );
|
||||||
if( md_info == NULL )
|
if( md_info == NULL )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "mbedtls_md info for %d not found",
|
MBEDTLS_SSL_DEBUG_MSG( 1, ( "mbedtls_md info for %u not found",
|
||||||
ciphersuite_info->mac ) );
|
ciphersuite_info->mac ) );
|
||||||
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
|
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
|
||||||
}
|
}
|
||||||
|
@ -2215,7 +2215,7 @@ int mbedtls_ssl_write_certificate( mbedtls_ssl_context *ssl )
|
||||||
n = crt->raw.len;
|
n = crt->raw.len;
|
||||||
if( n > MBEDTLS_SSL_OUT_CONTENT_LEN - 3 - i )
|
if( n > MBEDTLS_SSL_OUT_CONTENT_LEN - 3 - i )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "certificate too large, %d > %d",
|
MBEDTLS_SSL_DEBUG_MSG( 1, ( "certificate too large, %zu > %d",
|
||||||
i + 3 + n, MBEDTLS_SSL_OUT_CONTENT_LEN ) );
|
i + 3 + n, MBEDTLS_SSL_OUT_CONTENT_LEN ) );
|
||||||
return( MBEDTLS_ERR_SSL_CERTIFICATE_TOO_LARGE );
|
return( MBEDTLS_ERR_SSL_CERTIFICATE_TOO_LARGE );
|
||||||
}
|
}
|
||||||
|
@ -2708,7 +2708,7 @@ static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl,
|
||||||
if( ssl->session_negotiate->verify_result != 0 )
|
if( ssl->session_negotiate->verify_result != 0 )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "! Certificate verification flags %x",
|
MBEDTLS_SSL_DEBUG_MSG( 3, ( "! Certificate verification flags %x",
|
||||||
ssl->session_negotiate->verify_result ) );
|
(unsigned int) ssl->session_negotiate->verify_result ) );
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
|
@ -2831,7 +2831,7 @@ int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl )
|
||||||
chain = mbedtls_calloc( 1, sizeof( mbedtls_x509_crt ) );
|
chain = mbedtls_calloc( 1, sizeof( mbedtls_x509_crt ) );
|
||||||
if( chain == NULL )
|
if( chain == NULL )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc(%d bytes) failed",
|
MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc(%zu bytes) failed",
|
||||||
sizeof( mbedtls_x509_crt ) ) );
|
sizeof( mbedtls_x509_crt ) ) );
|
||||||
mbedtls_ssl_send_alert_message( ssl,
|
mbedtls_ssl_send_alert_message( ssl,
|
||||||
MBEDTLS_SSL_ALERT_LEVEL_FATAL,
|
MBEDTLS_SSL_ALERT_LEVEL_FATAL,
|
||||||
|
@ -3858,7 +3858,7 @@ int mbedtls_ssl_setup( mbedtls_ssl_context *ssl,
|
||||||
ssl->in_buf = mbedtls_calloc( 1, in_buf_len );
|
ssl->in_buf = mbedtls_calloc( 1, in_buf_len );
|
||||||
if( ssl->in_buf == NULL )
|
if( ssl->in_buf == NULL )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc(%d bytes) failed", in_buf_len ) );
|
MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc(%zu bytes) failed", in_buf_len ) );
|
||||||
ret = MBEDTLS_ERR_SSL_ALLOC_FAILED;
|
ret = MBEDTLS_ERR_SSL_ALLOC_FAILED;
|
||||||
goto error;
|
goto error;
|
||||||
}
|
}
|
||||||
|
@ -3869,7 +3869,7 @@ int mbedtls_ssl_setup( mbedtls_ssl_context *ssl,
|
||||||
ssl->out_buf = mbedtls_calloc( 1, out_buf_len );
|
ssl->out_buf = mbedtls_calloc( 1, out_buf_len );
|
||||||
if( ssl->out_buf == NULL )
|
if( ssl->out_buf == NULL )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc(%d bytes) failed", out_buf_len ) );
|
MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc(%zu bytes) failed", out_buf_len ) );
|
||||||
ret = MBEDTLS_ERR_SSL_ALLOC_FAILED;
|
ret = MBEDTLS_ERR_SSL_ALLOC_FAILED;
|
||||||
goto error;
|
goto error;
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue