diff --git a/include/mbedtls/platform_util.h b/include/mbedtls/platform_util.h index 98384add7..7033af837 100644 --- a/include/mbedtls/platform_util.h +++ b/include/mbedtls/platform_util.h @@ -30,7 +30,7 @@ #else #include MBEDTLS_CONFIG_FILE #endif - +#include #include #if defined(MBEDTLS_HAVE_TIME_DATE) #include "platform_time.h" @@ -195,6 +195,82 @@ struct tm *mbedtls_platform_gmtime_r( const mbedtls_time_t *tt, struct tm *tm_buf ); #endif /* MBEDTLS_HAVE_TIME_DATE */ +/** + * \brief Convert a 32-bit number to the big endian format and write it to + * the given buffer. + * + * \param buf Address where the converted number is written. + * \param num A number that needs to be converted to the big endian format. + * + * \return Address to the end of buffer where the converted number is + * written. + */ +unsigned char* mbedtls_platform_put_uint32_be( unsigned char *buf, + size_t num ); + +/** + * \brief Convert a 24-bit number to the big endian format and write it to + * the given buffer. + * + * \param buf Address where the converted number is written. + * \param num A number that needs to be converted to the big endian format. + * + * \return Address to the end of buffer where the converted number is + * written. + */ +unsigned char* mbedtls_platform_put_uint24_be( unsigned char *buf, + size_t num ); + +/** + * \brief Convert a 16-bit number to the big endian format and write it to + * the given buffer. + * + * + * \param buf Address where the converted number is written. + * \param num A number that needs to be converted to the big endian format. + * + * \return Address to the end of buffer where the converted number is + * written. + */ +unsigned char* mbedtls_platform_put_uint16_be( unsigned char *buf, + size_t num ); + +/** + * \brief Convert a 32-bit number from the big endian format. + * + * The function reads a 32-bit number from the given buffer in the + * big endian format and returns it to the caller. + * + * \param buf Buffer where the 32-bit number locates. + * + * \return Converted number. + */ +size_t mbedtls_platform_get_uint32_be( const unsigned char *buf ); + +/** + * \brief Convert a 24-bit number from the big endian format. + * + * The function reads a 14-bit number from the given buffer in the + * big endian format and returns it to the caller. + * + * \param buf Buffer where the 24-bit number locates. + * + * \return Converted number. + */ +size_t mbedtls_platform_get_uint24_be( const unsigned char *buf ); + +/** + * \brief Convert a 16-bit number from the big endian format. + * + * The function reads a 16-bit number from the given buffer in the + * big endian format and returns it to the caller. + * + * \param buf Buffer where the 16-bit number locates. + * + * \return Converted number. + */ +size_t mbedtls_platform_get_uint16_be( const unsigned char *buf ); + #ifdef __cplusplus } #endif diff --git a/library/platform_util.c b/library/platform_util.c index 756e22679..8f8a3aa0a 100644 --- a/library/platform_util.c +++ b/library/platform_util.c @@ -134,3 +134,54 @@ struct tm *mbedtls_platform_gmtime_r( const mbedtls_time_t *tt, #endif /* _WIN32 && !EFIX64 && !EFI32 */ } #endif /* MBEDTLS_HAVE_TIME_DATE && MBEDTLS_PLATFORM_GMTIME_R_ALT */ + +unsigned char* mbedtls_platform_put_uint32_be( unsigned char *buf, + size_t num ) +{ + *buf++ = (unsigned char) ( num >> 24 ); + *buf++ = (unsigned char) ( num >> 16 ); + *buf++ = (unsigned char) ( num >> 8 ); + *buf++ = (unsigned char) ( num ); + + return buf; +} + +unsigned char* mbedtls_platform_put_uint24_be( unsigned char *buf, + size_t num ) +{ + *buf++ = (unsigned char) ( num >> 16 ); + *buf++ = (unsigned char) ( num >> 8 ); + *buf++ = (unsigned char) ( num ); + + return buf; +} + +unsigned char* mbedtls_platform_put_uint16_be( unsigned char *buf, + size_t num ) +{ + *buf++ = (unsigned char) ( num >> 8 ); + *buf++ = (unsigned char) ( num ); + + return buf; +} + +size_t mbedtls_platform_get_uint32_be( const unsigned char *buf ) +{ + return ( ( (unsigned int) buf[0] << 24 ) | + ( (unsigned int) buf[1] << 16 ) | + ( (unsigned int) buf[2] << 8 ) | + ( (unsigned int) buf[3] ) ); +} + +size_t mbedtls_platform_get_uint24_be( const unsigned char *buf ) +{ + return ( ( buf[0] << 16 ) | + ( buf[1] << 8) | + ( buf[2] ) ); +} + +size_t mbedtls_platform_get_uint16_be( const unsigned char *buf ) +{ + return ( ( buf[0] << 8 ) | + ( buf[1] ) ); +} diff --git a/library/sha256.c b/library/sha256.c index c576a0346..98965f7a7 100644 --- a/library/sha256.c +++ b/library/sha256.c @@ -49,40 +49,12 @@ #endif /* MBEDTLS_PLATFORM_C */ #endif /* MBEDTLS_SELF_TEST */ -#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \ - !defined(inline) && !defined(__cplusplus) -#define inline __inline -#endif - #define SHA256_VALIDATE_RET(cond) \ MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_SHA256_BAD_INPUT_DATA ) #define SHA256_VALIDATE(cond) MBEDTLS_INTERNAL_VALIDATE( cond ) #if !defined(MBEDTLS_SHA256_ALT) -/* - * 32-bit integer manipulation (big endian) - */ -#ifndef GET_UINT32_BE -#define GET_UINT32_BE(n,b,i) \ -do { \ - (n) = ( (uint32_t) (b)[(i) ] << 24 ) \ - | ( (uint32_t) (b)[(i) + 1] << 16 ) \ - | ( (uint32_t) (b)[(i) + 2] << 8 ) \ - | ( (uint32_t) (b)[(i) + 3] ); \ -} while( 0 ) -#endif - -static inline void sha256_put_uint32_be( uint32_t n, - unsigned char *b, - uint8_t i ) -{ - b[i ] = (unsigned char) ( n >> 24 ); - b[i + 1] = (unsigned char) ( n >> 16 ); - b[i + 2] = (unsigned char) ( n >> 8 ); - b[i + 3] = (unsigned char) ( n ); -} - void mbedtls_sha256_init( mbedtls_sha256_context *ctx ) { SHA256_VALIDATE( ctx != NULL ); @@ -227,7 +199,7 @@ int mbedtls_internal_sha256_process( mbedtls_sha256_context *ctx, for( i = 0; i < 64; i++ ) { if( i < 16 ) - GET_UINT32_BE( W[i], data, 4 * i ); + W[i] = (uint32_t)mbedtls_platform_get_uint32_be( &data[4 * i] ); else R( i ); @@ -238,7 +210,7 @@ int mbedtls_internal_sha256_process( mbedtls_sha256_context *ctx, } #else /* MBEDTLS_SHA256_SMALLER */ for( i = 0; i < 16; i++ ) - GET_UINT32_BE( W[i], data, 4 * i ); + W[i] = (uint32_t)mbedtls_platform_get_uint32_be( &data[4 * i] ); for( i = 0; i < 16; i += 8 ) { @@ -348,7 +320,7 @@ void mbedtls_sha256_update( mbedtls_sha256_context *ctx, int mbedtls_sha256_finish_ret( mbedtls_sha256_context *ctx, unsigned char output[32] ) { - int ret; + int ret, s_pos, o_pos; uint32_t used; uint32_t high, low; @@ -385,8 +357,8 @@ int mbedtls_sha256_finish_ret( mbedtls_sha256_context *ctx, | ( ctx->total[1] << 3 ); low = ( ctx->total[0] << 3 ); - sha256_put_uint32_be( high, ctx->buffer, 56 ); - sha256_put_uint32_be( low, ctx->buffer, 60 ); + (void)mbedtls_platform_put_uint32_be( ctx->buffer + 56, high ); + (void)mbedtls_platform_put_uint32_be( ctx->buffer + 60, low ); if( ( ret = mbedtls_internal_sha256_process( ctx, ctx->buffer ) ) != 0 ) return( ret ); @@ -394,18 +366,17 @@ int mbedtls_sha256_finish_ret( mbedtls_sha256_context *ctx, /* * Output final state */ - sha256_put_uint32_be( ctx->state[0], output, 0 ); - sha256_put_uint32_be( ctx->state[1], output, 4 ); - sha256_put_uint32_be( ctx->state[2], output, 8 ); - sha256_put_uint32_be( ctx->state[3], output, 12 ); - sha256_put_uint32_be( ctx->state[4], output, 16 ); - sha256_put_uint32_be( ctx->state[5], output, 20 ); - sha256_put_uint32_be( ctx->state[6], output, 24 ); + + for( s_pos = 0, o_pos = 0; s_pos < 7; s_pos++, o_pos += 4 ) + { + (void)mbedtls_platform_put_uint32_be( &output[o_pos], + ctx->state[s_pos] ); + } #if !defined(MBEDTLS_SHA256_NO_SHA224) if( ctx->is224 == 0 ) #endif - sha256_put_uint32_be( ctx->state[7], output, 28 ); + (void)mbedtls_platform_put_uint32_be( &output[28], ctx->state[7] ); return( 0 ); } diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 84d5bbee5..0a1322ab0 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -102,18 +102,14 @@ static void ssl_write_hostname_ext( mbedtls_ssl_context *ssl, * } ServerNameList; * */ - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SERVERNAME >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SERVERNAME ) & 0xFF ); - *p++ = (unsigned char)( ( (hostname_len + 5) >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( (hostname_len + 5) ) & 0xFF ); - - *p++ = (unsigned char)( ( (hostname_len + 3) >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( (hostname_len + 3) ) & 0xFF ); + p = mbedtls_platform_put_uint16_be( p, MBEDTLS_TLS_EXT_SERVERNAME ); + p = mbedtls_platform_put_uint16_be( p, hostname_len + 5 ); + p = mbedtls_platform_put_uint16_be( p, hostname_len + 3 ); *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SERVERNAME_HOSTNAME ) & 0xFF ); - *p++ = (unsigned char)( ( hostname_len >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( hostname_len ) & 0xFF ); + + p = mbedtls_platform_put_uint16_be( p, hostname_len ); memcpy( p, ssl->hostname, hostname_len ); @@ -148,8 +144,7 @@ static void ssl_write_renegotiation_ext( mbedtls_ssl_context *ssl, /* * Secure renegotiation */ - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_RENEGOTIATION_INFO >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_RENEGOTIATION_INFO ) & 0xFF ); + p = mbedtls_platform_put_uint16_be( p, MBEDTLS_TLS_EXT_RENEGOTIATION_INFO ); *p++ = 0x00; *p++ = ( ssl->verify_data_len + 1 ) & 0xFF; @@ -237,15 +232,10 @@ static void ssl_write_signature_algorithms_ext( mbedtls_ssl_context *ssl, * SignatureAndHashAlgorithm * supported_signature_algorithms<2..2^16-2>; */ - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SIG_ALG >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SIG_ALG ) & 0xFF ); - - *p++ = (unsigned char)( ( ( sig_alg_len + 2 ) >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( ( sig_alg_len + 2 ) ) & 0xFF ); - - *p++ = (unsigned char)( ( sig_alg_len >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( sig_alg_len ) & 0xFF ); + p = mbedtls_platform_put_uint16_be( p, MBEDTLS_TLS_EXT_SIG_ALG ); + p = mbedtls_platform_put_uint16_be( p, ( sig_alg_len + 2 ) ); + p = mbedtls_platform_put_uint16_be( p, sig_alg_len ); *olen = 6 + sig_alg_len; } #endif /* MBEDTLS_SSL_PROTO_TLS1_2 && @@ -290,18 +280,13 @@ static void ssl_write_supported_elliptic_curves_ext( mbedtls_ssl_context *ssl, return; } - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SUPPORTED_ELLIPTIC_CURVES >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SUPPORTED_ELLIPTIC_CURVES ) & 0xFF ); - - *p++ = (unsigned char)( ( ( elliptic_curve_len + 2 ) >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( ( elliptic_curve_len + 2 ) ) & 0xFF ); - - *p++ = (unsigned char)( ( ( elliptic_curve_len ) >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( ( elliptic_curve_len ) ) & 0xFF ); + p = mbedtls_platform_put_uint16_be( p, MBEDTLS_TLS_EXT_SUPPORTED_ELLIPTIC_CURVES ); + p = mbedtls_platform_put_uint16_be( p, elliptic_curve_len + 2 ); + p = mbedtls_platform_put_uint16_be( p, elliptic_curve_len ); MBEDTLS_SSL_BEGIN_FOR_EACH_SUPPORTED_EC_TLS_ID( tls_id ) - *p++ = tls_id >> 8; - *p++ = tls_id & 0xFF; + p = mbedtls_platform_put_uint16_be( p, tls_id ); + MBEDTLS_SSL_END_FOR_EACH_SUPPORTED_EC_TLS_ID *olen = 6 + elliptic_curve_len; @@ -324,8 +309,7 @@ static void ssl_write_supported_point_formats_ext( mbedtls_ssl_context *ssl, return; } - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS ) & 0xFF ); + p = mbedtls_platform_put_uint16_be( p, MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS ); *p++ = 0x00; *p++ = 2; @@ -362,8 +346,7 @@ static void ssl_write_ecjpake_kkpp_ext( mbedtls_ssl_context *ssl, return; } - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_ECJPAKE_KKPP >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_ECJPAKE_KKPP ) & 0xFF ); + p = mbedtls_platform_put_uint16_be( p, MBEDTLS_TLS_EXT_ECJPAKE_KKPP ); /* * We may need to send ClientHello multiple times for Hello verification. @@ -410,8 +393,7 @@ static void ssl_write_ecjpake_kkpp_ext( mbedtls_ssl_context *ssl, memcpy( p + 2, ssl->handshake->ecjpake_cache, kkpp_len ); } - *p++ = (unsigned char)( ( kkpp_len >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( kkpp_len ) & 0xFF ); + p = mbedtls_platform_put_uint16_be( p, kkpp_len ); *olen = kkpp_len + 4; } @@ -452,11 +434,10 @@ static void ssl_write_cid_ext( mbedtls_ssl_context *ssl, } /* Add extension ID + size */ - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_CID >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_CID ) & 0xFF ); + p = mbedtls_platform_put_uint16_be( p, MBEDTLS_TLS_EXT_CID ); ext_len = (size_t) ssl->own_cid_len + 1; - *p++ = (unsigned char)( ( ext_len >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( ext_len ) & 0xFF ); + + p = mbedtls_platform_put_uint16_be( p, ext_len ); *p++ = (uint8_t) ssl->own_cid_len; memcpy( p, ssl->own_cid, ssl->own_cid_len ); @@ -487,8 +468,7 @@ static void ssl_write_max_fragment_length_ext( mbedtls_ssl_context *ssl, return; } - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH ) & 0xFF ); + p = mbedtls_platform_put_uint16_be( p, MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH ); *p++ = 0x00; *p++ = 1; @@ -521,8 +501,7 @@ static void ssl_write_truncated_hmac_ext( mbedtls_ssl_context *ssl, return; } - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_TRUNCATED_HMAC >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_TRUNCATED_HMAC ) & 0xFF ); + p = mbedtls_platform_put_uint16_be( p, MBEDTLS_TLS_EXT_TRUNCATED_HMAC ); *p++ = 0x00; *p++ = 0x00; @@ -556,8 +535,7 @@ static void ssl_write_encrypt_then_mac_ext( mbedtls_ssl_context *ssl, return; } - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC ) & 0xFF ); + p = mbedtls_platform_put_uint16_be( p, MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC ); *p++ = 0x00; *p++ = 0x00; @@ -592,8 +570,7 @@ static void ssl_write_extended_ms_ext( mbedtls_ssl_context *ssl, return; } - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET ) & 0xFF ); + p = mbedtls_platform_put_uint16_be( p, MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET ); *p++ = 0x00; *p++ = 0x00; @@ -625,11 +602,8 @@ static void ssl_write_session_ticket_ext( mbedtls_ssl_context *ssl, return; } - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SESSION_TICKET >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SESSION_TICKET ) & 0xFF ); - - *p++ = (unsigned char)( ( tlen >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( tlen ) & 0xFF ); + p = mbedtls_platform_put_uint16_be( p, MBEDTLS_TLS_EXT_SESSION_TICKET ); + p = mbedtls_platform_put_uint16_be( p, tlen ); *olen = 4; @@ -673,8 +647,7 @@ static void ssl_write_alpn_ext( mbedtls_ssl_context *ssl, return; } - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_ALPN >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_ALPN ) & 0xFF ); + p = mbedtls_platform_put_uint16_be( p, MBEDTLS_TLS_EXT_ALPN ); /* * opaque ProtocolName<1..2^8-1>; @@ -697,12 +670,9 @@ static void ssl_write_alpn_ext( mbedtls_ssl_context *ssl, *olen = p - buf; /* List length = olen - 2 (ext_type) - 2 (ext_len) - 2 (list_len) */ - buf[4] = (unsigned char)( ( ( *olen - 6 ) >> 8 ) & 0xFF ); - buf[5] = (unsigned char)( ( ( *olen - 6 ) ) & 0xFF ); - + (void)mbedtls_platform_put_uint16_be( &buf[4], ( *olen - 6 ) ); /* Extension length = olen - 2 (ext_type) - 2 (ext_len) */ - buf[2] = (unsigned char)( ( ( *olen - 4 ) >> 8 ) & 0xFF ); - buf[3] = (unsigned char)( ( ( *olen - 4 ) ) & 0xFF ); + (void)mbedtls_platform_put_uint16_be( &buf[2], ( *olen - 4 ) ); } #endif /* MBEDTLS_SSL_ALPN */ @@ -730,11 +700,7 @@ static int ssl_generate_random( mbedtls_ssl_context *ssl ) #if defined(MBEDTLS_HAVE_TIME) t = mbedtls_time( NULL ); - *p++ = (unsigned char)( t >> 24 ); - *p++ = (unsigned char)( t >> 16 ); - *p++ = (unsigned char)( t >> 8 ); - *p++ = (unsigned char)( t ); - + p = mbedtls_platform_put_uint32_be( p, (uint32_t) t ); MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, current time: %lu", t ) ); #else if( ( ret = mbedtls_ssl_conf_get_frng( ssl->conf ) @@ -1004,8 +970,7 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl ) if( mbedtls_ssl_get_renego_status( ssl ) == MBEDTLS_SSL_INITIAL_HANDSHAKE ) { MBEDTLS_SSL_DEBUG_MSG( 3, ( "adding EMPTY_RENEGOTIATION_INFO_SCSV" ) ); - *p++ = (unsigned char)( MBEDTLS_SSL_EMPTY_RENEGOTIATION_INFO >> 8 ); - *p++ = (unsigned char)( MBEDTLS_SSL_EMPTY_RENEGOTIATION_INFO ); + p = mbedtls_platform_put_uint16_be( p, MBEDTLS_SSL_EMPTY_RENEGOTIATION_INFO ); n++; } @@ -1014,8 +979,7 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl ) if( ssl->conf->fallback == MBEDTLS_SSL_IS_FALLBACK ) { MBEDTLS_SSL_DEBUG_MSG( 3, ( "adding FALLBACK_SCSV" ) ); - *p++ = (unsigned char)( MBEDTLS_SSL_FALLBACK_SCSV_VALUE >> 8 ); - *p++ = (unsigned char)( MBEDTLS_SSL_FALLBACK_SCSV_VALUE ); + p = mbedtls_platform_put_uint16_be( p, MBEDTLS_SSL_FALLBACK_SCSV_VALUE ); n++; } #endif @@ -1143,8 +1107,7 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl ) if( ext_len > 0 ) { - *p++ = (unsigned char)( ( ext_len >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( ext_len ) & 0xFF ); + p = mbedtls_platform_put_uint16_be( p, ext_len ); p += ext_len; } @@ -1499,7 +1462,7 @@ static int ssl_parse_alpn_ext( mbedtls_ssl_context *ssl, return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); } - list_len = ( buf[0] << 8 ) | buf[1]; + list_len = mbedtls_platform_get_uint16_be( buf ); if( list_len != len - 2 ) { mbedtls_ssl_pend_fatal_alert( ssl, @@ -1752,10 +1715,7 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl ) } MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, current time: %lu", - ( (uint32_t) buf[2] << 24 ) | - ( (uint32_t) buf[3] << 16 ) | - ( (uint32_t) buf[4] << 8 ) | - ( (uint32_t) buf[5] ) ) ); + (unsigned long)mbedtls_platform_get_uint32_be( &buf[2] ) ) ); memcpy( ssl->handshake->randbytes + 32, buf + 2, 32 ); @@ -1773,8 +1733,7 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl ) if( ssl->in_hslen > mbedtls_ssl_hs_hdr_len( ssl ) + 39 + n ) { - ext_len = ( ( buf[38 + n] << 8 ) - | ( buf[39 + n] ) ); + ext_len = mbedtls_platform_get_uint16_be( &buf[38 + n] ); if( ( ext_len > 0 && ext_len < 4 ) || ssl->in_hslen != mbedtls_ssl_hs_hdr_len( ssl ) + 40 + n + ext_len ) @@ -1798,7 +1757,7 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl ) } /* ciphersuite (used later) */ - i = ( buf[35 + n] << 8 ) | buf[36 + n]; + i = (int)mbedtls_platform_get_uint16_be( &buf[ 35 + n ] ); /* * Read and check compression @@ -1962,10 +1921,10 @@ server_picked_valid_suite: while( ext_len ) { - unsigned int ext_id = ( ( ext[0] << 8 ) - | ( ext[1] ) ); - unsigned int ext_size = ( ( ext[2] << 8 ) - | ( ext[3] ) ); + unsigned int ext_id = (unsigned int) + mbedtls_platform_get_uint16_be( ext ); + unsigned int ext_size = (unsigned int) + mbedtls_platform_get_uint16_be( &ext[2] ); if( ext_size + 4 > ext_len ) { @@ -2335,7 +2294,7 @@ static int ssl_parse_server_psk_hint( mbedtls_ssl_context *ssl, "(psk_identity_hint length)" ) ); return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); } - len = (*p)[0] << 8 | (*p)[1]; + len = mbedtls_platform_get_uint16_be( *p ); *p += 2; if( end - (*p) < (int) len ) @@ -2470,8 +2429,7 @@ static int ssl_rsa_encrypt_partial_pms( mbedtls_ssl_context *ssl, defined(MBEDTLS_SSL_PROTO_TLS1_2) if( len_bytes == 2 ) { - out[0] = (unsigned char)( *olen >> 8 ); - out[1] = (unsigned char)( *olen ); + (void)mbedtls_platform_put_uint16_be( out, *olen ); *olen += 2; } #endif @@ -2986,7 +2944,8 @@ static int ssl_in_server_key_exchange_parse( mbedtls_ssl_context *ssl, MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); } - sig_len = ( p[0] << 8 ) | p[1]; + + sig_len = mbedtls_platform_get_uint16_be( p ); p += 2; if( p != end - sig_len ) @@ -3297,8 +3256,7 @@ static int ssl_parse_certificate_request( mbedtls_ssl_context *ssl ) #if defined(MBEDTLS_SSL_PROTO_TLS1_2) if( mbedtls_ssl_get_minor_ver( ssl ) == MBEDTLS_SSL_MINOR_VERSION_3 ) { - size_t sig_alg_len = ( ( buf[mbedtls_ssl_hs_hdr_len( ssl ) + 1 + n] << 8 ) - | ( buf[mbedtls_ssl_hs_hdr_len( ssl ) + 2 + n] ) ); + size_t sig_alg_len = mbedtls_platform_get_uint16_be( &buf[mbedtls_ssl_hs_hdr_len( ssl ) + 1 + n] ); #if defined(MBEDTLS_DEBUG_C) unsigned char* sig_alg; size_t i; @@ -3338,8 +3296,7 @@ static int ssl_parse_certificate_request( mbedtls_ssl_context *ssl ) #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ /* certificate_authorities */ - dn_len = ( ( buf[mbedtls_ssl_hs_hdr_len( ssl ) + 1 + n] << 8 ) - | ( buf[mbedtls_ssl_hs_hdr_len( ssl ) + 2 + n] ) ); + dn_len = mbedtls_platform_get_uint16_be( &buf[mbedtls_ssl_hs_hdr_len( ssl ) + 1 + n] ); n += dn_len; if( ssl->in_hslen != mbedtls_ssl_hs_hdr_len( ssl ) + 3 + n ) @@ -3582,9 +3539,7 @@ static int ssl_out_client_key_exchange_write( mbedtls_ssl_context *ssl, if( (size_t)( end - p ) < n + 2 ) return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL ); - p[0] = (unsigned char)( n >> 8 ); - p[1] = (unsigned char)( n ); - p += 2; + p = mbedtls_platform_put_uint16_be( p, n ); ret = mbedtls_dhm_make_public( &ssl->handshake->dhm_ctx, (int) mbedtls_mpi_size( &ssl->handshake->dhm_ctx.P ), @@ -3699,9 +3654,7 @@ static int ssl_out_client_key_exchange_write( mbedtls_ssl_context *ssl, return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL ); } - p[0] = (unsigned char)( n >> 8 ); - p[1] = (unsigned char)( n ); - p += 2; + p = mbedtls_platform_put_uint16_be( p, n ); memcpy( p, ssl->conf->psk_identity, n ); p += ssl->conf->psk_identity_len; @@ -3745,9 +3698,7 @@ static int ssl_out_client_key_exchange_write( mbedtls_ssl_context *ssl, return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL ); } - p[0] = (unsigned char)( n >> 8 ); - p[1] = (unsigned char)( n ); - p += 2; + p = mbedtls_platform_put_uint16_be( p, n ); ret = mbedtls_dhm_make_public( &ssl->handshake->dhm_ctx, (int) mbedtls_mpi_size( &ssl->handshake->dhm_ctx.P ), @@ -4045,8 +3996,7 @@ sign: return( ret ); } - ssl->out_msg[4 + offset] = (unsigned char)( n >> 8 ); - ssl->out_msg[5 + offset] = (unsigned char)( n ); + (void)mbedtls_platform_put_uint16_be( &ssl->out_msg[4 + offset], n ); ssl->out_msglen = 6 + n + offset; ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE; @@ -4112,10 +4062,9 @@ static int ssl_parse_new_session_ticket( mbedtls_ssl_context *ssl ) msg = ssl->in_msg + mbedtls_ssl_hs_hdr_len( ssl ); - lifetime = ( ((uint32_t) msg[0]) << 24 ) | ( msg[1] << 16 ) | - ( msg[2] << 8 ) | ( msg[3] ); + lifetime = (uint32_t)mbedtls_platform_get_uint32_be( msg ); - ticket_len = ( msg[4] << 8 ) | ( msg[5] ); + ticket_len = mbedtls_platform_get_uint16_be( &msg[4] ); if( ticket_len + 6 + mbedtls_ssl_hs_hdr_len( ssl ) != ssl->in_hslen ) { diff --git a/library/ssl_cookie.c b/library/ssl_cookie.c index 6f0be8a26..67f9114bb 100644 --- a/library/ssl_cookie.c +++ b/library/ssl_cookie.c @@ -172,12 +172,7 @@ int mbedtls_ssl_cookie_write( void *p_ctx, #else t = ctx->serial++; #endif - - (*p)[0] = (unsigned char)( t >> 24 ); - (*p)[1] = (unsigned char)( t >> 16 ); - (*p)[2] = (unsigned char)( t >> 8 ); - (*p)[3] = (unsigned char)( t ); - *p += 4; + *p = mbedtls_platform_put_uint32_be( *p, t ); #if defined(MBEDTLS_THREADING_C) if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 ) @@ -243,10 +238,7 @@ int mbedtls_ssl_cookie_check( void *p_ctx, cur_time = ctx->serial; #endif - cookie_time = ( (unsigned long) cookie[0] << 24 ) | - ( (unsigned long) cookie[1] << 16 ) | - ( (unsigned long) cookie[2] << 8 ) | - ( (unsigned long) cookie[3] ); + cookie_time = (unsigned long)mbedtls_platform_get_uint32_be( cookie ); if( ctx->timeout != 0 && cur_time - cookie_time > ctx->timeout ) return( -1 ); diff --git a/library/ssl_srv.c b/library/ssl_srv.c index 0fa7c0eb2..69af31727 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -98,7 +98,8 @@ static int ssl_parse_servername_ext( mbedtls_ssl_context *ssl, MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); } - servername_list_size = ( ( buf[0] << 8 ) | ( buf[1] ) ); + servername_list_size = mbedtls_platform_get_uint16_be( buf ); + if( servername_list_size + 2 != len ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) ); @@ -110,7 +111,7 @@ static int ssl_parse_servername_ext( mbedtls_ssl_context *ssl, p = buf + 2; while( servername_list_size > 2 ) { - hostname_len = ( ( p[1] << 8 ) | p[2] ); + hostname_len = mbedtls_platform_get_uint16_be( &p[1] ); if( hostname_len + 3 > servername_list_size ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) ); @@ -218,7 +219,9 @@ static int ssl_parse_signature_algorithms_ext( mbedtls_ssl_context *ssl, MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); } - sig_alg_list_size = ( ( buf[0] << 8 ) | ( buf[1] ) ); + + sig_alg_list_size = mbedtls_platform_get_uint16_be( buf ); + if( sig_alg_list_size + 2 != len || sig_alg_list_size % 2 != 0 ) { @@ -293,7 +296,8 @@ static int ssl_parse_supported_elliptic_curves( mbedtls_ssl_context *ssl, MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); } - list_size = ( ( buf[0] << 8 ) | ( buf[1] ) ); + + list_size = mbedtls_platform_get_uint16_be( buf ); if( list_size + 2 != len || list_size % 2 != 0 ) { @@ -311,7 +315,8 @@ static int ssl_parse_supported_elliptic_curves( mbedtls_ssl_context *ssl, while( list_size > 0 ) { - uint16_t const peer_tls_id = ( p[0] << 8 ) | p[1]; + uint16_t const peer_tls_id = (uint16_t) + mbedtls_platform_get_uint16_be( p ); MBEDTLS_SSL_BEGIN_FOR_EACH_SUPPORTED_EC_TLS_ID( own_tls_id ) if( own_tls_id == peer_tls_id && @@ -657,7 +662,8 @@ static int ssl_parse_alpn_ext( mbedtls_ssl_context *ssl, return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); } - list_len = ( buf[0] << 8 ) | buf[1]; + list_len = mbedtls_platform_get_uint16_be ( buf ); + if( list_len != len - 2 ) { mbedtls_ssl_pend_fatal_alert( ssl, @@ -751,8 +757,8 @@ static int ssl_check_key_curve( mbedtls_pk_context *pk, while( ec_tls_ids_len-- != 0 ) { - uint16_t const cur_tls_id = - ( acceptable_ec_tls_ids[0] << 8 ) | acceptable_ec_tls_ids[1]; + uint16_t const cur_tls_id = (uint16_t) + mbedtls_platform_get_uint16_be( acceptable_ec_tls_ids ); if( cur_tls_id == tls_id ) return( 0 ); @@ -1105,7 +1111,7 @@ static int ssl_parse_client_hello_v2( mbedtls_ssl_context *ssl ) return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); } - n = ( ( buf[0] << 8 ) | buf[1] ) & 0x7FFF; + n = mbedtls_platform_get_uint16_be( buf ); if( n < 17 || n > 512 ) { @@ -1166,9 +1172,9 @@ static int ssl_parse_client_hello_v2( mbedtls_ssl_context *ssl ) */ MBEDTLS_SSL_DEBUG_BUF( 4, "record contents", buf, n ); - ciph_len = ( buf[0] << 8 ) | buf[1]; - sess_len = ( buf[2] << 8 ) | buf[3]; - chal_len = ( buf[4] << 8 ) | buf[5]; + ciph_len = (unsigned int)mbedtls_platform_get_uint16_be( &buf[0] ); + sess_len = (unsigned int)mbedtls_platform_get_uint16_be( &buf[2] ); + chal_len = (unsigned int)mbedtls_platform_get_uint16_be( &buf[4] ); MBEDTLS_SSL_DEBUG_MSG( 3, ( "ciph_len: %d, sess_len: %d, chal_len: %d", ciph_len, sess_len, chal_len ) ); @@ -1447,7 +1453,7 @@ read_record_header: } MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello v3, message len.: %d", - ( ssl->in_len[0] << 8 ) | ssl->in_len[1] ) ); + (int)mbedtls_platform_get_uint16_be( ssl->in_len ) ) ); MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello v3, protocol version: [%d:%d]", buf[1], buf[2] ) ); @@ -1494,7 +1500,7 @@ read_record_header: } #endif /* MBEDTLS_SSL_PROTO_DTLS */ - msg_len = ( ssl->in_len[0] << 8 ) | ssl->in_len[1]; + msg_len = mbedtls_platform_get_uint16_be( ssl->in_len ); #if defined(MBEDTLS_SSL_RENEGOTIATION) if( ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE ) @@ -1562,11 +1568,12 @@ read_record_header: } MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello v3, handshake len.: %d", - ( buf[1] << 16 ) | ( buf[2] << 8 ) | buf[3] ) ); + (int)mbedtls_platform_get_uint24_be( &buf[1]) ) ); /* We don't support fragmentation of ClientHello (yet?) */ if( buf[1] != 0 || - msg_len != mbedtls_ssl_hs_hdr_len( ssl ) + ( ( buf[2] << 8 ) | buf[3] ) ) + msg_len != ( mbedtls_ssl_hs_hdr_len( ssl ) + + mbedtls_platform_get_uint16_be( &buf[2]) ) ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) ); return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); @@ -1583,8 +1590,8 @@ read_record_header: if( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS ) { /* This couldn't be done in ssl_prepare_handshake_record() */ - unsigned int cli_msg_seq = ( ssl->in_msg[4] << 8 ) | - ssl->in_msg[5]; + unsigned int cli_msg_seq = (unsigned int) + mbedtls_platform_get_uint16_be( &ssl->in_msg[4] ); if( cli_msg_seq != ssl->handshake->in_msg_seq ) { @@ -1599,8 +1606,9 @@ read_record_header: else #endif { - unsigned int cli_msg_seq = ( ssl->in_msg[4] << 8 ) | - ssl->in_msg[5]; + unsigned int cli_msg_seq = (unsigned int) + mbedtls_platform_get_uint16_be( &ssl->in_msg[4] ); + ssl->handshake->out_msg_seq = cli_msg_seq; ssl->handshake->in_msg_seq = cli_msg_seq + 1; } @@ -1796,8 +1804,8 @@ read_record_header: } #endif /* MBEDTLS_SSL_PROTO_TLS */ - ciph_len = ( buf[ciph_offset + 0] << 8 ) - | ( buf[ciph_offset + 1] ); + + ciph_len = mbedtls_platform_get_uint16_be( &buf[ciph_offset + 0] ); if( ciph_len < 2 || ciph_len + 2 + ciph_offset + 1 > msg_len || /* 1 for comp. alg. len */ @@ -1870,8 +1878,7 @@ read_record_header: return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); } - ext_len = ( buf[ext_offset + 0] << 8 ) - | ( buf[ext_offset + 1] ); + ext_len = mbedtls_platform_get_uint16_be( &buf[ext_offset + 0] ); if( ( ext_len > 0 && ext_len < 4 ) || msg_len != ext_offset + 2 + ext_len ) @@ -1898,8 +1905,8 @@ read_record_header: MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); } - ext_id = ( ( ext[0] << 8 ) | ( ext[1] ) ); - ext_size = ( ( ext[2] << 8 ) | ( ext[3] ) ); + ext_id = (unsigned int)mbedtls_platform_get_uint16_be( ext ); + ext_size = (unsigned int)mbedtls_platform_get_uint16_be( &ext[2] ); if( ext_size + 4 > ext_len ) { @@ -2337,9 +2344,7 @@ static void ssl_write_truncated_hmac_ext( mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, adding truncated hmac extension" ) ); - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_TRUNCATED_HMAC >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_TRUNCATED_HMAC ) & 0xFF ); - + p = mbedtls_platform_put_uint16_be( p, MBEDTLS_TLS_EXT_TRUNCATED_HMAC ); *p++ = 0x00; *p++ = 0x00; @@ -2381,13 +2386,9 @@ static void ssl_write_cid_ext( mbedtls_ssl_context *ssl, * opaque cid<0..2^8-1>; * } ConnectionId; */ - - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_CID >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_CID ) & 0xFF ); + p = mbedtls_platform_put_uint16_be( p, MBEDTLS_TLS_EXT_CID ); ext_len = (size_t) ssl->own_cid_len + 1; - *p++ = (unsigned char)( ( ext_len >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( ext_len ) & 0xFF ); - + p = mbedtls_platform_put_uint16_be( p, ext_len ); *p++ = (uint8_t) ssl->own_cid_len; memcpy( p, ssl->own_cid, ssl->own_cid_len ); @@ -2437,9 +2438,7 @@ static void ssl_write_encrypt_then_mac_ext( mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, adding encrypt then mac extension" ) ); - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC ) & 0xFF ); - + p = mbedtls_platform_put_uint16_be( p, MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC ); *p++ = 0x00; *p++ = 0x00; @@ -2465,8 +2464,7 @@ static void ssl_write_extended_ms_ext( mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, adding extended master secret " "extension" ) ); - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET ) & 0xFF ); + p = mbedtls_platform_put_uint16_be( p, MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET ); *p++ = 0x00; *p++ = 0x00; @@ -2490,9 +2488,7 @@ static void ssl_write_session_ticket_ext( mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, adding session ticket extension" ) ); - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SESSION_TICKET >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SESSION_TICKET ) & 0xFF ); - + p = mbedtls_platform_put_uint16_be( p, MBEDTLS_TLS_EXT_SESSION_TICKET ); *p++ = 0x00; *p++ = 0x00; @@ -2514,8 +2510,7 @@ static void ssl_write_renegotiation_ext( mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, secure renegotiation extension" ) ); - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_RENEGOTIATION_INFO >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_RENEGOTIATION_INFO ) & 0xFF ); + p = mbedtls_platform_put_uint16_be( p, MBEDTLS_TLS_EXT_RENEGOTIATION_INFO ); #if defined(MBEDTLS_SSL_RENEGOTIATION) if( ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE ) @@ -2555,9 +2550,7 @@ static void ssl_write_max_fragment_length_ext( mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, max_fragment_length extension" ) ); - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH ) & 0xFF ); - + p = mbedtls_platform_put_uint16_be( p, MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH ); *p++ = 0x00; *p++ = 1; @@ -2586,8 +2579,7 @@ static void ssl_write_supported_point_formats_ext( mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, supported_point_formats extension" ) ); - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS ) & 0xFF ); + p = mbedtls_platform_put_uint16_be( p, MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS ); *p++ = 0x00; *p++ = 2; @@ -2627,8 +2619,7 @@ static void ssl_write_ecjpake_kkpp_ext( mbedtls_ssl_context *ssl, return; } - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_ECJPAKE_KKPP >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_ECJPAKE_KKPP ) & 0xFF ); + p = mbedtls_platform_put_uint16_be( p, MBEDTLS_TLS_EXT_ECJPAKE_KKPP ); ret = mbedtls_ecjpake_write_round_one( &ssl->handshake->ecjpake_ctx, p + 2, end - p - 2, &kkpp_len, @@ -2640,9 +2631,7 @@ static void ssl_write_ecjpake_kkpp_ext( mbedtls_ssl_context *ssl, return; } - *p++ = (unsigned char)( ( kkpp_len >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( kkpp_len ) & 0xFF ); - + p = mbedtls_platform_put_uint16_be( p, kkpp_len ); *olen = kkpp_len + 4; } #endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ @@ -2666,16 +2655,11 @@ static void ssl_write_alpn_ext( mbedtls_ssl_context *ssl, * 6 . 6 protocol name length * 7 . 7+n protocol name */ - buf[0] = (unsigned char)( ( MBEDTLS_TLS_EXT_ALPN >> 8 ) & 0xFF ); - buf[1] = (unsigned char)( ( MBEDTLS_TLS_EXT_ALPN ) & 0xFF ); + (void)mbedtls_platform_put_uint16_be( &buf[0], MBEDTLS_TLS_EXT_ALPN ); *olen = 7 + strlen( ssl->alpn_chosen ); - - buf[2] = (unsigned char)( ( ( *olen - 4 ) >> 8 ) & 0xFF ); - buf[3] = (unsigned char)( ( ( *olen - 4 ) ) & 0xFF ); - - buf[4] = (unsigned char)( ( ( *olen - 6 ) >> 8 ) & 0xFF ); - buf[5] = (unsigned char)( ( ( *olen - 6 ) ) & 0xFF ); + (void)mbedtls_platform_put_uint16_be( &buf[2], ( *olen - 4 ) ); + (void)mbedtls_platform_put_uint16_be( &buf[4], ( *olen - 6 ) ); buf[6] = (unsigned char)( ( ( *olen - 7 ) ) & 0xFF ); @@ -2805,10 +2789,7 @@ static int ssl_write_server_hello( mbedtls_ssl_context *ssl ) #if defined(MBEDTLS_HAVE_TIME) t = mbedtls_time( NULL ); - *p++ = (unsigned char)( t >> 24 ); - *p++ = (unsigned char)( t >> 16 ); - *p++ = (unsigned char)( t >> 8 ); - *p++ = (unsigned char)( t ); + p = mbedtls_platform_put_uint32_be( p, (uint32_t) t ); MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, current time: %lu", t ) ); #else @@ -2914,8 +2895,7 @@ static int ssl_write_server_hello( mbedtls_ssl_context *ssl ) mbedtls_ssl_handshake_get_resume( ssl->handshake ) ? "a" : "no" ) ); ciphersuite = mbedtls_ssl_session_get_ciphersuite( ssl->session_negotiate ); - *p++ = (unsigned char)( ciphersuite >> 8 ); - *p++ = (unsigned char)( ciphersuite ); + p = mbedtls_platform_put_uint16_be( p, ciphersuite ); *p++ = (unsigned char)( mbedtls_ssl_session_get_compression( ssl->session_negotiate ) ); @@ -2992,8 +2972,7 @@ static int ssl_write_server_hello( mbedtls_ssl_context *ssl ) if( ext_len > 0 ) { - *p++ = (unsigned char)( ( ext_len >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( ext_len ) & 0xFF ); + p = mbedtls_platform_put_uint16_be( p, ext_len ); p += ext_len; } @@ -3135,8 +3114,7 @@ static int ssl_write_certificate_request( mbedtls_ssl_context *ssl ) } MBEDTLS_SSL_END_FOR_EACH_SIG_HASH_TLS - p[0] = (unsigned char)( sa_len >> 8 ); - p[1] = (unsigned char)( sa_len ); + (void)mbedtls_platform_put_uint16_be( p, sa_len ); sa_len += 2; p += sa_len; } @@ -3181,8 +3159,7 @@ static int ssl_write_certificate_request( mbedtls_ssl_context *ssl ) break; } - *p++ = (unsigned char)( dn_size >> 8 ); - *p++ = (unsigned char)( dn_size ); + p = mbedtls_platform_put_uint16_be( p, dn_size ); memcpy( p, frame->subject_raw.p, dn_size ); p += dn_size; @@ -3199,8 +3176,8 @@ static int ssl_write_certificate_request( mbedtls_ssl_context *ssl ) ssl->out_msglen = p - buf; ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE; ssl->out_msg[0] = MBEDTLS_SSL_HS_CERTIFICATE_REQUEST; - ssl->out_msg[4 + ct_len + sa_len] = (unsigned char)( total_dn_size >> 8 ); - ssl->out_msg[5 + ct_len + sa_len] = (unsigned char)( total_dn_size ); + (void)mbedtls_platform_put_uint16_be( &ssl->out_msg[4 + ct_len + sa_len], + total_dn_size ); ret = mbedtls_ssl_write_handshake_msg( ssl ); @@ -3754,8 +3731,9 @@ static int ssl_write_server_key_exchange( mbedtls_ssl_context *ssl ) #if defined(MBEDTLS_KEY_EXCHANGE__WITH_SERVER_SIGNATURE__ENABLED) if( signature_len != 0 ) { - ssl->out_msg[ssl->out_msglen++] = (unsigned char)( signature_len >> 8 ); - ssl->out_msg[ssl->out_msglen++] = (unsigned char)( signature_len ); + (void)mbedtls_platform_put_uint16_be( &ssl->out_msg[ssl->out_msglen], + signature_len ); + ssl->out_msglen += 2; MBEDTLS_SSL_DEBUG_BUF( 3, "my signature", ssl->out_msg + ssl->out_msglen, @@ -3836,7 +3814,7 @@ static int ssl_parse_client_dh_public( mbedtls_ssl_context *ssl, unsigned char * return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE ); } - n = ( (*p)[0] << 8 ) | (*p)[1]; + n = mbedtls_platform_get_uint16_be ( *p ); *p += 2; if( *p + n > end ) @@ -4092,7 +4070,7 @@ static int ssl_parse_client_psk_identity( mbedtls_ssl_context *ssl, unsigned cha return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE ); } - n = ( (*p)[0] << 8 ) | (*p)[1]; + n = mbedtls_platform_get_uint16_be( *p ); *p += 2; if( n < 1 || n > 65535 || n > (size_t) ( end - *p ) ) @@ -4624,7 +4602,7 @@ static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl ) goto exit; } - sig_len = ( ssl->in_msg[i] << 8 ) | ssl->in_msg[i+1]; + sig_len = mbedtls_platform_get_uint16_be( &ssl->in_msg[i] ); i += 2; if( i + sig_len != ssl->in_hslen ) @@ -4696,15 +4674,9 @@ static int ssl_write_new_session_ticket( mbedtls_ssl_context *ssl ) MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_ticket_write", ret ); tlen = 0; } + (void)mbedtls_platform_put_uint32_be( &ssl->out_msg[4], lifetime ); - ssl->out_msg[4] = ( lifetime >> 24 ) & 0xFF; - ssl->out_msg[5] = ( lifetime >> 16 ) & 0xFF; - ssl->out_msg[6] = ( lifetime >> 8 ) & 0xFF; - ssl->out_msg[7] = ( lifetime ) & 0xFF; - - ssl->out_msg[8] = (unsigned char)( ( tlen >> 8 ) & 0xFF ); - ssl->out_msg[9] = (unsigned char)( ( tlen ) & 0xFF ); - + (void)mbedtls_platform_put_uint16_be( &ssl->out_msg[8], tlen ); ssl->out_msglen = 10 + tlen; /* diff --git a/library/ssl_ticket.c b/library/ssl_ticket.c index 5fe693c8f..285e73663 100644 --- a/library/ssl_ticket.c +++ b/library/ssl_ticket.c @@ -221,8 +221,8 @@ int mbedtls_ssl_ticket_write( void *p_ticket, { goto cleanup; } - state_len_bytes[0] = ( clear_len >> 8 ) & 0xff; - state_len_bytes[1] = ( clear_len ) & 0xff; + + (void)mbedtls_platform_put_uint16_be( state_len_bytes, clear_len ); /* Encrypt and authenticate */ tag = state + clear_len; @@ -298,7 +298,7 @@ int mbedtls_ssl_ticket_parse( void *p_ticket, if( ( ret = ssl_ticket_update_keys( ctx ) ) != 0 ) goto cleanup; - enc_len = ( enc_len_p[0] << 8 ) | enc_len_p[1]; + enc_len = mbedtls_platform_get_uint16_be( enc_len_p ); tag = ticket + enc_len; if( len != 4 + 12 + 2 + enc_len + 16 ) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index e9f66346c..850bcb172 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -497,7 +497,7 @@ static unsigned int ssl_mfl_code_to_length( int mfl ) switch( mfl ) { case MBEDTLS_SSL_MAX_FRAG_LEN_NONE: - return ( MBEDTLS_TLS_EXT_ADV_CONTENT_LEN ); + return( MBEDTLS_TLS_EXT_ADV_CONTENT_LEN ); case MBEDTLS_SSL_MAX_FRAG_LEN_512: return 512; case MBEDTLS_SSL_MAX_FRAG_LEN_1024: @@ -507,7 +507,7 @@ static unsigned int ssl_mfl_code_to_length( int mfl ) case MBEDTLS_SSL_MAX_FRAG_LEN_4096: return 4096; default: - return ( MBEDTLS_TLS_EXT_ADV_CONTENT_LEN ); + return( MBEDTLS_TLS_EXT_ADV_CONTENT_LEN ); } } #endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */ @@ -2111,8 +2111,7 @@ int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl, mbedtls_key_exch if( end - p < 2 ) return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); - *(p++) = (unsigned char)( psk_len >> 8 ); - *(p++) = (unsigned char)( psk_len ); + p = mbedtls_platform_put_uint16_be( p, psk_len ); if( end < p || (size_t)( end - p ) < psk_len ) return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); @@ -2153,8 +2152,7 @@ int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl, mbedtls_key_exch MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_dhm_calc_secret", ret ); return( ret ); } - *(p++) = (unsigned char)( len >> 8 ); - *(p++) = (unsigned char)( len ); + p = mbedtls_platform_put_uint16_be( p, len ); p += len; MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: K ", &ssl->handshake->dhm_ctx.K ); @@ -2194,10 +2192,8 @@ int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl, mbedtls_key_exch MBEDTLS_DEBUG_ECDH_Z ); #endif /* MBEDTLS_USE_TINYCRYPT */ - *(p++) = (unsigned char)( zlen >> 8 ); - *(p++) = (unsigned char)( zlen ); + p = mbedtls_platform_put_uint16_be( p, zlen ); p += zlen; - } else #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */ @@ -2210,8 +2206,7 @@ int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl, mbedtls_key_exch if( end - p < 2 ) return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); - *(p++) = (unsigned char)( psk_len >> 8 ); - *(p++) = (unsigned char)( psk_len ); + p = mbedtls_platform_put_uint16_be( p, psk_len ); if( end < p || (size_t)( end - p ) < psk_len ) return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); @@ -2249,9 +2244,8 @@ static void ssl_mac( mbedtls_md_context_t *md_ctx, padlen = 40; memcpy( header, ctr, 8 ); - header[ 8] = (unsigned char) type; - header[ 9] = (unsigned char)( len >> 8 ); - header[10] = (unsigned char)( len ); + header[8] = (unsigned char) type; + (void)mbedtls_platform_put_uint16_be( &header[9], len ); memset( padding, 0x36, padlen ); mbedtls_md_starts( md_ctx ); @@ -2403,15 +2397,14 @@ static void ssl_extract_add_data_from_record( unsigned char* add_data, { memcpy( add_data + 11, rec->cid, rec->cid_len ); add_data[11 + rec->cid_len + 0] = rec->cid_len; - add_data[11 + rec->cid_len + 1] = ( rec->data_len >> 8 ) & 0xFF; - add_data[11 + rec->cid_len + 2] = ( rec->data_len >> 0 ) & 0xFF; + (void)mbedtls_platform_put_uint16_be( &add_data[11 + rec->cid_len + 1], + rec->data_len ); *add_data_len = 13 + 1 + rec->cid_len; } else #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ { - add_data[11 + 0] = ( rec->data_len >> 8 ) & 0xFF; - add_data[11 + 1] = ( rec->data_len >> 0 ) & 0xFF; + (void)mbedtls_platform_put_uint16_be( &add_data[11], rec->data_len ); *add_data_len = 13; } } @@ -4168,13 +4161,9 @@ int mbedtls_ssl_flight_transmit( mbedtls_ssl_context *ssl ) * Handshake headers: type(1) len(3) seq(2) f_off(3) f_len(3) */ memcpy( ssl->out_msg, cur->p, 6 ); - ssl->out_msg[6] = ( ( frag_off >> 16 ) & 0xff ); - ssl->out_msg[7] = ( ( frag_off >> 8 ) & 0xff ); - ssl->out_msg[8] = ( ( frag_off ) & 0xff ); - - ssl->out_msg[ 9] = ( ( cur_hs_frag_len >> 16 ) & 0xff ); - ssl->out_msg[10] = ( ( cur_hs_frag_len >> 8 ) & 0xff ); - ssl->out_msg[11] = ( ( cur_hs_frag_len ) & 0xff ); + (void)mbedtls_platform_put_uint24_be( &ssl->out_msg[6], frag_off ); + (void)mbedtls_platform_put_uint24_be( &ssl->out_msg[9], + cur_hs_frag_len ); MBEDTLS_SSL_DEBUG_BUF( 3, "handshake header", ssl->out_msg, 12 ); @@ -4371,9 +4360,7 @@ int mbedtls_ssl_write_handshake_msg( mbedtls_ssl_context *ssl ) */ if( ssl->out_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE ) { - ssl->out_msg[1] = (unsigned char)( hs_len >> 16 ); - ssl->out_msg[2] = (unsigned char)( hs_len >> 8 ); - ssl->out_msg[3] = (unsigned char)( hs_len ); + (void)mbedtls_platform_put_uint24_be( &ssl->out_msg[1], hs_len ); /* * DTLS has additional fields in the Handshake layer, @@ -4401,8 +4388,8 @@ int mbedtls_ssl_write_handshake_msg( mbedtls_ssl_context *ssl ) /* Write message_seq and update it, except for HelloRequest */ if( hs_type != MBEDTLS_SSL_HS_HELLO_REQUEST ) { - ssl->out_msg[4] = ( ssl->handshake->out_msg_seq >> 8 ) & 0xFF; - ssl->out_msg[5] = ( ssl->handshake->out_msg_seq ) & 0xFF; + (void)mbedtls_platform_put_uint16_be( &ssl->out_msg[4], + ssl->handshake->out_msg_seq ); ++( ssl->handshake->out_msg_seq ); } else @@ -4513,8 +4500,7 @@ int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl, uint8_t force_flush ) ssl->conf->transport, ssl->out_hdr + 1 ); memcpy( ssl->out_ctr, ssl->cur_out_ctr, 8 ); - ssl->out_len[0] = (unsigned char)( len >> 8 ); - ssl->out_len[1] = (unsigned char)( len ); + (void)mbedtls_platform_put_uint16_be( ssl->out_len, len ); if( ssl->transform_out != NULL ) { @@ -4557,8 +4543,7 @@ int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl, uint8_t force_flush ) memcpy( ssl->out_cid, rec.cid, rec.cid_len ); #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ ssl->out_msglen = len = rec.data_len; - ssl->out_len[0] = (unsigned char)( rec.data_len >> 8 ); - ssl->out_len[1] = (unsigned char)( rec.data_len ); + (void)mbedtls_platform_put_uint16_be( ssl->out_len, rec.data_len ); } protected_record_size = len + mbedtls_ssl_out_hdr_len( ssl ); @@ -4659,16 +4644,12 @@ static int ssl_hs_is_proper_fragment( mbedtls_ssl_context *ssl ) static uint32_t ssl_get_hs_frag_len( mbedtls_ssl_context const *ssl ) { - return( ( ssl->in_msg[9] << 16 ) | - ( ssl->in_msg[10] << 8 ) | - ssl->in_msg[11] ); + return( (uint32_t)mbedtls_platform_get_uint24_be( &ssl->in_msg[9] ) ); } static uint32_t ssl_get_hs_frag_off( mbedtls_ssl_context const *ssl ) { - return( ( ssl->in_msg[6] << 16 ) | - ( ssl->in_msg[7] << 8 ) | - ssl->in_msg[8] ); + return( (uint32_t)mbedtls_platform_get_uint24_be( &ssl->in_msg[6] ) ); } static int ssl_check_hs_header( mbedtls_ssl_context const *ssl ) @@ -4771,9 +4752,7 @@ static size_t ssl_get_reassembly_buffer_size( size_t msg_len, static uint32_t ssl_get_hs_total_len( mbedtls_ssl_context const *ssl ) { - return( ( ssl->in_msg[1] << 16 ) | - ( ssl->in_msg[2] << 8 ) | - ssl->in_msg[3] ); + return( (uint32_t)mbedtls_platform_get_uint24_be( &ssl->in_msg[1] ) ); } int mbedtls_ssl_prepare_handshake_record( mbedtls_ssl_context *ssl ) @@ -4795,7 +4774,8 @@ int mbedtls_ssl_prepare_handshake_record( mbedtls_ssl_context *ssl ) if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport ) ) { int ret; - unsigned int recv_msg_seq = ( ssl->in_msg[4] << 8 ) | ssl->in_msg[5]; + unsigned int recv_msg_seq = (unsigned int) + mbedtls_platform_get_uint16_be( &ssl->in_msg[4] ); if( ssl_check_hs_header( ssl ) != 0 ) { @@ -5122,12 +5102,12 @@ static int ssl_check_dtls_clihlo_cookie( /* Go back and fill length fields */ obuf[27] = (unsigned char)( *olen - 28 ); - obuf[14] = obuf[22] = (unsigned char)( ( *olen - 25 ) >> 16 ); - obuf[15] = obuf[23] = (unsigned char)( ( *olen - 25 ) >> 8 ); - obuf[16] = obuf[24] = (unsigned char)( ( *olen - 25 ) ); + (void)mbedtls_platform_put_uint24_be( &obuf[14], ( *olen - 25 ) ); + obuf[22] = obuf[14]; + obuf[23] = obuf[15]; + obuf[24] = obuf[16]; - obuf[11] = (unsigned char)( ( *olen - 13 ) >> 8 ); - obuf[12] = (unsigned char)( ( *olen - 13 ) ); + (void)mbedtls_platform_put_uint16_be( &obuf[11], ( *olen - 13 ) ); return( MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED ); } @@ -5390,8 +5370,7 @@ static int ssl_parse_record_header( mbedtls_ssl_context const *ssl, */ rec->data_offset = rec_hdr_len_offset + rec_hdr_len_len; - rec->data_len = ( (size_t) buf[ rec_hdr_len_offset + 0 ] << 8 ) | - ( (size_t) buf[ rec_hdr_len_offset + 1 ] << 0 ); + rec->data_len = mbedtls_platform_get_uint16_be( &buf[rec_hdr_len_offset] ); MBEDTLS_SSL_DEBUG_BUF( 4, "input record header", buf, rec->data_offset ); MBEDTLS_SSL_DEBUG_MSG( 3, ( "input record: msgtype = %d, " @@ -5420,7 +5399,7 @@ static int ssl_parse_record_header( mbedtls_ssl_context const *ssl, #if defined(MBEDTLS_SSL_PROTO_DTLS) if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport ) ) { - rec_epoch = ( rec->ctr[0] << 8 ) | rec->ctr[1]; + rec_epoch = (uint32_t)mbedtls_platform_get_uint16_be( rec->ctr ); /* Check that the datagram is large enough to contain a record * of the advertised length. */ @@ -5470,7 +5449,8 @@ static int ssl_parse_record_header( mbedtls_ssl_context const *ssl, #if defined(MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE) && defined(MBEDTLS_SSL_SRV_C) static int ssl_check_client_reconnect( mbedtls_ssl_context *ssl ) { - unsigned int rec_epoch = ( ssl->in_ctr[0] << 8 ) | ssl->in_ctr[1]; + unsigned int rec_epoch = (unsigned int) + mbedtls_platform_get_uint16_be( &ssl->in_ctr[0] ); /* * Check for an epoch 0 ClientHello. We can't use in_msg here to @@ -5817,9 +5797,7 @@ static int ssl_load_buffered_message( mbedtls_ssl_context *ssl ) if( ( hs_buf->is_valid == 1 ) && ( hs_buf->is_complete == 1 ) ) { /* Synthesize a record containing the buffered HS message. */ - size_t msg_len = ( hs_buf->data[1] << 16 ) | - ( hs_buf->data[2] << 8 ) | - hs_buf->data[3]; + size_t msg_len = mbedtls_platform_get_uint24_be( &hs_buf->data[1] ); /* Double-check that we haven't accidentally buffered * a message that doesn't fit into the input buffer. */ @@ -5918,7 +5896,9 @@ static int ssl_buffer_message( mbedtls_ssl_context *ssl ) case MBEDTLS_SSL_MSG_HANDSHAKE: { unsigned recv_msg_seq_offset; - unsigned recv_msg_seq = ( ssl->in_msg[4] << 8 ) | ssl->in_msg[5]; + unsigned recv_msg_seq = (unsigned) + mbedtls_platform_get_uint16_be( &ssl->in_msg[4] ); + mbedtls_ssl_hs_buffer *hs_buf; size_t msg_len = ssl->in_hslen - 12; @@ -6516,8 +6496,7 @@ static int ssl_get_next_record( mbedtls_ssl_context *ssl ) ssl->in_hdr[0] = rec.type; ssl->in_msg = rec.buf + rec.data_offset; ssl->in_msglen = rec.data_len; - ssl->in_len[0] = (unsigned char)( rec.data_len >> 8 ); - ssl->in_len[1] = (unsigned char)( rec.data_len ); + (void)mbedtls_platform_put_uint16_be( ssl->in_len, rec.data_len ); return( 0 ); } @@ -6849,17 +6828,13 @@ int mbedtls_ssl_write_certificate( mbedtls_ssl_context *ssl ) return( MBEDTLS_ERR_SSL_CERTIFICATE_TOO_LARGE ); } - ssl->out_msg[i ] = (unsigned char)( n >> 16 ); - ssl->out_msg[i + 1] = (unsigned char)( n >> 8 ); - ssl->out_msg[i + 2] = (unsigned char)( n ); + (void)mbedtls_platform_put_uint24_be( &ssl->out_msg[i], n ); i += 3; memcpy( ssl->out_msg + i, crt->raw.p, n ); i += n; crt = crt->next; } - ssl->out_msg[4] = (unsigned char)( ( i - 7 ) >> 16 ); - ssl->out_msg[5] = (unsigned char)( ( i - 7 ) >> 8 ); - ssl->out_msg[6] = (unsigned char)( ( i - 7 ) ); + (void)mbedtls_platform_put_uint24_be( &ssl->out_msg[4], ( i - 7 ) ); ssl->out_msglen = i; ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE; @@ -6969,7 +6944,7 @@ static int ssl_parse_certificate_chain( mbedtls_ssl_context *ssl, /* * Same message structure as in mbedtls_ssl_write_certificate() */ - n = ( ssl->in_msg[i+1] << 8 ) | ssl->in_msg[i+2]; + n = mbedtls_platform_get_uint16_be( &ssl->in_msg[i + 1] ); if( ssl->in_msg[i] != 0 || ssl->in_hslen != n + 3 + mbedtls_ssl_hs_hdr_len( ssl ) ) @@ -7004,8 +6979,7 @@ static int ssl_parse_certificate_chain( mbedtls_ssl_context *ssl, } /* Read length of the next CRT in the chain. */ - n = ( (unsigned int) ssl->in_msg[i + 1] << 8 ) - | (unsigned int) ssl->in_msg[i + 2]; + n = mbedtls_platform_get_uint16_be( &ssl->in_msg[i + 1] ); i += 3; if( n < 128 || i + n > ssl->in_hslen ) @@ -9513,7 +9487,7 @@ static size_t ssl_get_current_mtu( const mbedtls_ssl_context *ssl ) if( mbedtls_ssl_conf_get_endpoint( ssl->conf ) == MBEDTLS_SSL_IS_CLIENT && ( ssl->state == MBEDTLS_SSL_CLIENT_HELLO || ssl->state == MBEDTLS_SSL_SERVER_HELLO ) ) - return ( 0 ); + return( 0 ); if( ssl->handshake == NULL || ssl->handshake->mtu == 0 ) return( ssl->mtu ); @@ -9825,8 +9799,7 @@ static int ssl_session_save( const mbedtls_ssl_session *session, { const int ciphersuite = mbedtls_ssl_session_get_ciphersuite( session ); - *p++ = (unsigned char)( ( ciphersuite >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( ciphersuite ) & 0xFF ); + p = mbedtls_platform_put_uint16_be( p, ciphersuite ); #if defined(MBEDTLS_ZLIB_SUPPORT) *p++ = (unsigned char)( @@ -9839,11 +9812,7 @@ static int ssl_session_save( const mbedtls_ssl_session *session, memcpy( p, session->master, 48 ); p += 48; - - *p++ = (unsigned char)( ( session->verify_result >> 24 ) & 0xFF ); - *p++ = (unsigned char)( ( session->verify_result >> 16 ) & 0xFF ); - *p++ = (unsigned char)( ( session->verify_result >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( session->verify_result ) & 0xFF ); + p = mbedtls_platform_put_uint32_be( p, session->verify_result ); } /* @@ -9860,9 +9829,7 @@ static int ssl_session_save( const mbedtls_ssl_session *session, if( used <= buf_len ) { - *p++ = (unsigned char)( ( cert_len >> 16 ) & 0xFF ); - *p++ = (unsigned char)( ( cert_len >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( cert_len ) & 0xFF ); + p = mbedtls_platform_put_uint24_be( p, cert_len ); if( session->peer_cert != NULL ) { @@ -9905,9 +9872,7 @@ static int ssl_session_save( const mbedtls_ssl_session *session, if( used <= buf_len ) { - *p++ = (unsigned char)( ( session->ticket_len >> 16 ) & 0xFF ); - *p++ = (unsigned char)( ( session->ticket_len >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( session->ticket_len ) & 0xFF ); + p = mbedtls_platform_put_uint24_be( p, session->ticket_len ); if( session->ticket != NULL ) { @@ -9915,10 +9880,7 @@ static int ssl_session_save( const mbedtls_ssl_session *session, p += session->ticket_len; } - *p++ = (unsigned char)( ( session->ticket_lifetime >> 24 ) & 0xFF ); - *p++ = (unsigned char)( ( session->ticket_lifetime >> 16 ) & 0xFF ); - *p++ = (unsigned char)( ( session->ticket_lifetime >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( session->ticket_lifetime ) & 0xFF ); + p = mbedtls_platform_put_uint32_be( p, session->ticket_lifetime ); } #endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_CLI_C */ @@ -10053,7 +10015,7 @@ static int ssl_session_load( mbedtls_ssl_session *session, return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); } - ciphersuite = ( p[0] << 8 ) | p[1]; + ciphersuite = (int)mbedtls_platform_get_uint16_be( p ); p += 2; #if !defined(MBEDTLS_SSL_CONF_SINGLE_CIPHERSUITE) @@ -10077,10 +10039,7 @@ static int ssl_session_load( mbedtls_ssl_session *session, memcpy( session->master, p, 48 ); p += 48; - session->verify_result = ( (uint32_t) p[0] << 24 ) | - ( (uint32_t) p[1] << 16 ) | - ( (uint32_t) p[2] << 8 ) | - ( (uint32_t) p[3] ); + session->verify_result = (uint32_t)mbedtls_platform_get_uint32_be( p ); p += 4; /* Immediately clear invalid pointer values that have been read, in case @@ -10104,7 +10063,8 @@ static int ssl_session_load( mbedtls_ssl_session *session, if( 3 > (size_t)( end - p ) ) return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); - cert_len = ( p[0] << 16 ) | ( p[1] << 8 ) | p[2]; + cert_len = mbedtls_platform_get_uint24_be( &p[0] ); + p += 3; if( cert_len == 0 ) @@ -10175,7 +10135,7 @@ static int ssl_session_load( mbedtls_ssl_session *session, if( 3 > (size_t)( end - p ) ) return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); - session->ticket_len = ( p[0] << 16 ) | ( p[1] << 8 ) | p[2]; + session->ticket_len = mbedtls_platform_get_uint24_be( &p[0] ); p += 3; if( session->ticket_len != 0 ) @@ -10194,10 +10154,7 @@ static int ssl_session_load( mbedtls_ssl_session *session, if( 4 > (size_t)( end - p ) ) return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); - session->ticket_lifetime = ( (uint32_t) p[0] << 24 ) | - ( (uint32_t) p[1] << 16 ) | - ( (uint32_t) p[2] << 8 ) | - ( (uint32_t) p[3] ); + session->ticket_lifetime = (uint32_t)mbedtls_platform_get_uint32_be( p ); p += 4; #endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_CLI_C */ @@ -11307,10 +11264,7 @@ int mbedtls_ssl_context_save( mbedtls_ssl_context *ssl, used += 4 + session_len; if( used <= buf_len ) { - *p++ = (unsigned char)( ( session_len >> 24 ) & 0xFF ); - *p++ = (unsigned char)( ( session_len >> 16 ) & 0xFF ); - *p++ = (unsigned char)( ( session_len >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( session_len ) & 0xFF ); + p = mbedtls_platform_put_uint32_be( p, session_len ); ret = ssl_session_save( ssl->session, 1, p, session_len, &session_len ); @@ -11352,10 +11306,7 @@ int mbedtls_ssl_context_save( mbedtls_ssl_context *ssl, used += 4; if( used <= buf_len ) { - *p++ = (unsigned char)( ( ssl->badmac_seen >> 24 ) & 0xFF ); - *p++ = (unsigned char)( ( ssl->badmac_seen >> 16 ) & 0xFF ); - *p++ = (unsigned char)( ( ssl->badmac_seen >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( ssl->badmac_seen ) & 0xFF ); + p = mbedtls_platform_put_uint32_be( p, ssl->badmac_seen ); } #endif /* MBEDTLS_SSL_DTLS_BADMAC_LIMIT */ @@ -11402,8 +11353,7 @@ int mbedtls_ssl_context_save( mbedtls_ssl_context *ssl, used += 2; if( used <= buf_len ) { - *p++ = (unsigned char)( ( ssl->mtu >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( ssl->mtu ) & 0xFF ); + p = mbedtls_platform_put_uint16_be( p, ssl->mtu ); } #endif /* MBEDTLS_SSL_PROTO_DTLS */ @@ -11510,10 +11460,7 @@ static int ssl_context_load( mbedtls_ssl_context *ssl, if( (size_t)( end - p ) < 4 ) return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); - session_len = ( (size_t) p[0] << 24 ) | - ( (size_t) p[1] << 16 ) | - ( (size_t) p[2] << 8 ) | - ( (size_t) p[3] ); + session_len = mbedtls_platform_get_uint32_be( p ); p += 4; /* This has been allocated by ssl_handshake_init(), called by @@ -11602,10 +11549,7 @@ static int ssl_context_load( mbedtls_ssl_context *ssl, if( (size_t)( end - p ) < 4 ) return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); - ssl->badmac_seen = ( (uint32_t) p[0] << 24 ) | - ( (uint32_t) p[1] << 16 ) | - ( (uint32_t) p[2] << 8 ) | - ( (uint32_t) p[3] ); + ssl->badmac_seen = (unsigned)mbedtls_platform_get_uint32_be( p ); p += 4; #endif /* MBEDTLS_SSL_DTLS_BADMAC_LIMIT */ @@ -11650,8 +11594,7 @@ static int ssl_context_load( mbedtls_ssl_context *ssl, #if defined(MBEDTLS_SSL_PROTO_DTLS) if( (size_t)( end - p ) < 2 ) return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); - - ssl->mtu = ( p[0] << 8 ) | p[1]; + ssl->mtu = (uint16_t)mbedtls_platform_get_uint16_be( p ); p += 2; #endif /* MBEDTLS_SSL_PROTO_DTLS */