godotengine/godot
1
0
Fork 0
mirror of https://github.com/godotengine/godot.git synced 2025-11-12 13:20:55 +00:00
Code Releases Wiki Activity

mbedtls: Update to upstream version 2.28.3

Browse Source 
Rediff patch from PR 1453, lstrlenW is no longer used upstream so
that part of the patch was dropped.

(cherry picked from commit 1fde2092d0)
This commit is contained in:
Rémi Verschelde
2023-04-18 10:38:24 +02:00
parent 212190ae49
commit ac4daf4147
174 changed files with 36064 additions and 35819 deletions
Download Patch File Download Diff File Expand all files Collapse all files

296
thirdparty/mbedtls/library/ssl_tls13_keys.c vendored
View File

@@ -29,11 +29,11 @@
#include <stdint.h>
#include <string.h>
#define MBEDTLS_SSL_TLS1_3_LABEL( name, string ) \
#define MBEDTLS_SSL_TLS1_3_LABEL(name, string) \
.name = string,
#define TLS1_3_EVOLVE_INPUT_SIZE ( PSA_HASH_MAX_SIZE > PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE ) ? \
PSA_HASH_MAX_SIZE : PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE
#define TLS1_3_EVOLVE_INPUT_SIZE (PSA_HASH_MAX_SIZE > PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE) ? \
PSA_HASH_MAX_SIZE : PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE
struct mbedtls_ssl_tls1_3_labels_struct const mbedtls_ssl_tls1_3_labels =
{
@@ -81,29 +81,29 @@ struct mbedtls_ssl_tls1_3_labels_struct const mbedtls_ssl_tls1_3_labels =
static const char tls1_3_label_prefix[6] = "tls13 ";
#define SSL_TLS1_3_KEY_SCHEDULE_HKDF_LABEL_LEN( label_len, context_len ) \
( 2 /* expansion length */ \
+ 1 /* label length */ \
+ label_len \
+ 1 /* context length */ \
+ context_len )
#define SSL_TLS1_3_KEY_SCHEDULE_HKDF_LABEL_LEN(label_len, context_len) \
(2 /* expansion length */ \
+ 1 /* label length */ \
+ label_len \
+ 1 /* context length */ \
+ context_len)
#define SSL_TLS1_3_KEY_SCHEDULE_MAX_HKDF_LABEL_LEN \
SSL_TLS1_3_KEY_SCHEDULE_HKDF_LABEL_LEN( \
sizeof(tls1_3_label_prefix) + \
MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_LABEL_LEN, \
MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_CONTEXT_LEN )
sizeof(tls1_3_label_prefix) + \
MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_LABEL_LEN, \
MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_CONTEXT_LEN)
static void ssl_tls1_3_hkdf_encode_label(
size_t desired_length,
const unsigned char *label, size_t llen,
const unsigned char *ctx, size_t clen,
unsigned char *dst, size_t *dlen )
size_t desired_length,
const unsigned char *label, size_t llen,
const unsigned char *ctx, size_t clen,
unsigned char *dst, size_t *dlen)
{
size_t total_label_len =
sizeof(tls1_3_label_prefix) + llen;
size_t total_hkdf_lbl_len =
SSL_TLS1_3_KEY_SCHEDULE_HKDF_LABEL_LEN( total_label_len, clen );
SSL_TLS1_3_KEY_SCHEDULE_HKDF_LABEL_LEN(total_label_len, clen);
unsigned char *p = dst;
@@ -112,73 +112,72 @@ static void ssl_tls1_3_hkdf_encode_label(
* TLS 1.3 HKDF key expansion to more than 255 Bytes. */
#if MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_EXPANSION_LEN > 255
#error "The implementation of ssl_tls1_3_hkdf_encode_label() is not fit for the \
value of MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_EXPANSION_LEN"
value of MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_EXPANSION_LEN"
#endif
*p++ = 0;
*p++ = MBEDTLS_BYTE_0( desired_length );
*p++ = MBEDTLS_BYTE_0(desired_length);
/* Add label incl. prefix */
*p++ = MBEDTLS_BYTE_0( total_label_len );
memcpy( p, tls1_3_label_prefix, sizeof(tls1_3_label_prefix) );
*p++ = MBEDTLS_BYTE_0(total_label_len);
memcpy(p, tls1_3_label_prefix, sizeof(tls1_3_label_prefix));
p += sizeof(tls1_3_label_prefix);
memcpy( p, label, llen );
memcpy(p, label, llen);
p += llen;
/* Add context value */
*p++ = MBEDTLS_BYTE_0( clen );
if( clen != 0 )
memcpy( p, ctx, clen );
*p++ = MBEDTLS_BYTE_0(clen);
if (clen != 0) {
memcpy(p, ctx, clen);
}
/* Return total length to the caller. */
*dlen = total_hkdf_lbl_len;
}
int mbedtls_ssl_tls1_3_hkdf_expand_label(
mbedtls_md_type_t hash_alg,
const unsigned char *secret, size_t slen,
const unsigned char *label, size_t llen,
const unsigned char *ctx, size_t clen,
unsigned char *buf, size_t blen )
mbedtls_md_type_t hash_alg,
const unsigned char *secret, size_t slen,
const unsigned char *label, size_t llen,
const unsigned char *ctx, size_t clen,
unsigned char *buf, size_t blen)
{
const mbedtls_md_info_t *md;
unsigned char hkdf_label[ SSL_TLS1_3_KEY_SCHEDULE_MAX_HKDF_LABEL_LEN ];
unsigned char hkdf_label[SSL_TLS1_3_KEY_SCHEDULE_MAX_HKDF_LABEL_LEN];
size_t hkdf_label_len;
if( llen > MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_LABEL_LEN )
{
if (llen > MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_LABEL_LEN) {
/* Should never happen since this is an internal
* function, and we know statically which labels
* are allowed. */
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
}
if( clen > MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_CONTEXT_LEN )
{
if (clen > MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_CONTEXT_LEN) {
/* Should not happen, as above. */
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
}
if( blen > MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_EXPANSION_LEN )
{
if (blen > MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_EXPANSION_LEN) {
/* Should not happen, as above. */
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
}
md = mbedtls_md_info_from_type( hash_alg );
if( md == NULL )
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
md = mbedtls_md_info_from_type(hash_alg);
if (md == NULL) {
return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
}
ssl_tls1_3_hkdf_encode_label( blen,
label, llen,
ctx, clen,
hkdf_label,
&hkdf_label_len );
ssl_tls1_3_hkdf_encode_label(blen,
label, llen,
ctx, clen,
hkdf_label,
&hkdf_label_len);
return( mbedtls_hkdf_expand( md,
secret, slen,
hkdf_label, hkdf_label_len,
buf, blen ) );
return mbedtls_hkdf_expand(md,
secret, slen,
hkdf_label, hkdf_label_len,
buf, blen);
}
/*
@@ -198,156 +197,157 @@ int mbedtls_ssl_tls1_3_hkdf_expand_label(
* keys in a single function call.
*/
int mbedtls_ssl_tls1_3_make_traffic_keys(
mbedtls_md_type_t hash_alg,
const unsigned char *client_secret,
const unsigned char *server_secret,
size_t slen, size_t key_len, size_t iv_len,
mbedtls_ssl_key_set *keys )
mbedtls_md_type_t hash_alg,
const unsigned char *client_secret,
const unsigned char *server_secret,
size_t slen, size_t key_len, size_t iv_len,
mbedtls_ssl_key_set *keys)
{
int ret = 0;
ret = mbedtls_ssl_tls1_3_hkdf_expand_label( hash_alg,
client_secret, slen,
MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN( key ),
NULL, 0,
keys->client_write_key, key_len );
if( ret != 0 )
return( ret );
ret = mbedtls_ssl_tls1_3_hkdf_expand_label(hash_alg,
client_secret, slen,
MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN(key),
NULL, 0,
keys->client_write_key, key_len);
if (ret != 0) {
return ret;
}
ret = mbedtls_ssl_tls1_3_hkdf_expand_label( hash_alg,
server_secret, slen,
MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN( key ),
NULL, 0,
keys->server_write_key, key_len );
if( ret != 0 )
return( ret );
ret = mbedtls_ssl_tls1_3_hkdf_expand_label(hash_alg,
server_secret, slen,
MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN(key),
NULL, 0,
keys->server_write_key, key_len);
if (ret != 0) {
return ret;
}
ret = mbedtls_ssl_tls1_3_hkdf_expand_label( hash_alg,
client_secret, slen,
MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN( iv ),
NULL, 0,
keys->client_write_iv, iv_len );
if( ret != 0 )
return( ret );
ret = mbedtls_ssl_tls1_3_hkdf_expand_label(hash_alg,
client_secret, slen,
MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN(iv),
NULL, 0,
keys->client_write_iv, iv_len);
if (ret != 0) {
return ret;
}
ret = mbedtls_ssl_tls1_3_hkdf_expand_label( hash_alg,
server_secret, slen,
MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN( iv ),
NULL, 0,
keys->server_write_iv, iv_len );
if( ret != 0 )
return( ret );
ret = mbedtls_ssl_tls1_3_hkdf_expand_label(hash_alg,
server_secret, slen,
MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN(iv),
NULL, 0,
keys->server_write_iv, iv_len);
if (ret != 0) {
return ret;
}
keys->key_len = key_len;
keys->iv_len = iv_len;
return( 0 );
return 0;
}
int mbedtls_ssl_tls1_3_derive_secret(
mbedtls_md_type_t hash_alg,
const unsigned char *secret, size_t slen,
const unsigned char *label, size_t llen,
const unsigned char *ctx, size_t clen,
int ctx_hashed,
unsigned char *dstbuf, size_t buflen )
mbedtls_md_type_t hash_alg,
const unsigned char *secret, size_t slen,
const unsigned char *label, size_t llen,
const unsigned char *ctx, size_t clen,
int ctx_hashed,
unsigned char *dstbuf, size_t buflen)
{
int ret;
unsigned char hashed_context[ MBEDTLS_MD_MAX_SIZE ];
unsigned char hashed_context[MBEDTLS_MD_MAX_SIZE];
const mbedtls_md_info_t *md;
md = mbedtls_md_info_from_type( hash_alg );
if( md == NULL )
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
if( ctx_hashed == MBEDTLS_SSL_TLS1_3_CONTEXT_UNHASHED )
{
ret = mbedtls_md( md, ctx, clen, hashed_context );
if( ret != 0 )
return( ret );
clen = mbedtls_md_get_size( md );
md = mbedtls_md_info_from_type(hash_alg);
if (md == NULL) {
return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
}
else
{
if( clen > sizeof(hashed_context) )
{
if (ctx_hashed == MBEDTLS_SSL_TLS1_3_CONTEXT_UNHASHED) {
ret = mbedtls_md(md, ctx, clen, hashed_context);
if (ret != 0) {
return ret;
}
clen = mbedtls_md_get_size(md);
} else {
if (clen > sizeof(hashed_context)) {
/* This should never happen since this function is internal
* and the code sets `ctx_hashed` correctly.
* Let's double-check nonetheless to not run at the risk
* of getting a stack overflow. */
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
}
memcpy( hashed_context, ctx, clen );
memcpy(hashed_context, ctx, clen);
}
return( mbedtls_ssl_tls1_3_hkdf_expand_label( hash_alg,
secret, slen,
label, llen,
hashed_context, clen,
dstbuf, buflen ) );
return mbedtls_ssl_tls1_3_hkdf_expand_label(hash_alg,
secret, slen,
label, llen,
hashed_context, clen,
dstbuf, buflen);
}
int mbedtls_ssl_tls1_3_evolve_secret(
mbedtls_md_type_t hash_alg,
const unsigned char *secret_old,
const unsigned char *input, size_t input_len,
unsigned char *secret_new )
mbedtls_md_type_t hash_alg,
const unsigned char *secret_old,
const unsigned char *input, size_t input_len,
unsigned char *secret_new)
{
int ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR;
size_t hlen, ilen;
unsigned char tmp_secret[ PSA_MAC_MAX_SIZE ] = { 0 };
unsigned char tmp_input [ TLS1_3_EVOLVE_INPUT_SIZE ] = { 0 };
unsigned char tmp_secret[PSA_MAC_MAX_SIZE] = { 0 };
unsigned char tmp_input[TLS1_3_EVOLVE_INPUT_SIZE] = { 0 };
const mbedtls_md_info_t *md;
md = mbedtls_md_info_from_type( hash_alg );
if( md == NULL )
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
md = mbedtls_md_info_from_type(hash_alg);
if (md == NULL) {
return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
}
hlen = mbedtls_md_get_size( md );
hlen = mbedtls_md_get_size(md);
/* For non-initial runs, call Derive-Secret( ., "derived", "")
* on the old secret. */
if( secret_old != NULL )
{
if (secret_old != NULL) {
ret = mbedtls_ssl_tls1_3_derive_secret(
hash_alg,
secret_old, hlen,
MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN( derived ),
NULL, 0, /* context */
MBEDTLS_SSL_TLS1_3_CONTEXT_UNHASHED,
tmp_secret, hlen );
if( ret != 0 )
hash_alg,
secret_old, hlen,
MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN(derived),
NULL, 0, /* context */
MBEDTLS_SSL_TLS1_3_CONTEXT_UNHASHED,
tmp_secret, hlen);
if (ret != 0) {
goto cleanup;
}
}
if( input != NULL )
{
memcpy( tmp_input, input, input_len );
if (input != NULL) {
memcpy(tmp_input, input, input_len);
ilen = input_len;
}
else
{
} else {
ilen = hlen;
}
/* HKDF-Extract takes a salt and input key material.
* The salt is the old secret, and the input key material
* is the input secret (PSK / ECDHE). */
ret = mbedtls_hkdf_extract( md,
tmp_secret, hlen,
tmp_input, ilen,
secret_new );
if( ret != 0 )
ret = mbedtls_hkdf_extract(md,
tmp_secret, hlen,
tmp_input, ilen,
secret_new);
if (ret != 0) {
goto cleanup;
}
ret = 0;
cleanup:
cleanup:
mbedtls_platform_zeroize( tmp_secret, sizeof(tmp_secret) );
mbedtls_platform_zeroize( tmp_input, sizeof(tmp_input) );
return( ret );
mbedtls_platform_zeroize(tmp_secret, sizeof(tmp_secret));
mbedtls_platform_zeroize(tmp_input, sizeof(tmp_input));
return ret;
}
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */