diff --git a/library/aria.c b/library/aria.c index f78d289a45..924f952834 100644 --- a/library/aria.c +++ b/library/aria.c @@ -888,15 +888,17 @@ static const uint8_t aria_test2_ctr_ct[3][48] = // CTR ciphertext }; #endif /* MBEDTLS_CIPHER_MODE_CFB */ -#define ARIA_SELF_TEST_IF_FAIL \ - { \ - if( verbose ) \ - mbedtls_printf( "failed\n" ); \ - goto exit; \ - } else { \ - if( verbose ) \ - mbedtls_printf( "passed\n" ); \ - } +#define ARIA_SELF_TEST_ASSERT( cond ) \ + do { \ + if( cond ) { \ + if( verbose ) \ + mbedtls_printf( "failed\n" ); \ + goto exit; \ + } else { \ + if( verbose ) \ + mbedtls_printf( "passed\n" ); \ + } \ + } while( 0 ) /* * Checkup routine @@ -930,16 +932,18 @@ int mbedtls_aria_self_test( int verbose ) mbedtls_printf( " ARIA-ECB-%d (enc): ", 128 + 64 * i ); mbedtls_aria_setkey_enc( &ctx, aria_test1_ecb_key, 128 + 64 * i ); mbedtls_aria_crypt_ecb( &ctx, aria_test1_ecb_pt, blk ); - if( memcmp( blk, aria_test1_ecb_ct[i], MBEDTLS_ARIA_BLOCKSIZE ) != 0 ) - ARIA_SELF_TEST_IF_FAIL; + ARIA_SELF_TEST_ASSERT( + memcmp( blk, aria_test1_ecb_ct[i], MBEDTLS_ARIA_BLOCKSIZE ) + != 0 ); /* test ECB decryption */ if( verbose ) mbedtls_printf( " ARIA-ECB-%d (dec): ", 128 + 64 * i ); mbedtls_aria_setkey_dec( &ctx, aria_test1_ecb_key, 128 + 64 * i ); mbedtls_aria_crypt_ecb( &ctx, aria_test1_ecb_ct[i], blk ); - if( memcmp( blk, aria_test1_ecb_pt, MBEDTLS_ARIA_BLOCKSIZE ) != 0 ) - ARIA_SELF_TEST_IF_FAIL; + ARIA_SELF_TEST_ASSERT( + memcmp( blk, aria_test1_ecb_pt, MBEDTLS_ARIA_BLOCKSIZE ) + != 0 ); } if( verbose ) mbedtls_printf( "\n" ); @@ -958,8 +962,8 @@ int mbedtls_aria_self_test( int verbose ) memset( buf, 0x55, sizeof( buf ) ); mbedtls_aria_crypt_cbc( &ctx, MBEDTLS_ARIA_ENCRYPT, 48, iv, aria_test2_pt, buf ); - if( memcmp( buf, aria_test2_cbc_ct[i], 48 ) != 0 ) - ARIA_SELF_TEST_IF_FAIL; + ARIA_SELF_TEST_ASSERT( memcmp( buf, aria_test2_cbc_ct[i], 48 ) + != 0 ); /* Test CBC decryption */ if( verbose ) @@ -969,8 +973,7 @@ int mbedtls_aria_self_test( int verbose ) memset( buf, 0xAA, sizeof( buf ) ); mbedtls_aria_crypt_cbc( &ctx, MBEDTLS_ARIA_DECRYPT, 48, iv, aria_test2_cbc_ct[i], buf ); - if( memcmp( buf, aria_test2_pt, 48 ) != 0 ) - ARIA_SELF_TEST_IF_FAIL; + ARIA_SELF_TEST_ASSERT( memcmp( buf, aria_test2_pt, 48 ) != 0 ); } if( verbose ) mbedtls_printf( "\n" ); @@ -989,8 +992,7 @@ int mbedtls_aria_self_test( int verbose ) j = 0; mbedtls_aria_crypt_cfb128( &ctx, MBEDTLS_ARIA_ENCRYPT, 48, &j, iv, aria_test2_pt, buf ); - if( memcmp( buf, aria_test2_cfb_ct[i], 48 ) != 0 ) - ARIA_SELF_TEST_IF_FAIL; + ARIA_SELF_TEST_ASSERT( memcmp( buf, aria_test2_cfb_ct[i], 48 ) != 0 ); /* Test CFB decryption */ if( verbose ) @@ -1001,8 +1003,7 @@ int mbedtls_aria_self_test( int verbose ) j = 0; mbedtls_aria_crypt_cfb128( &ctx, MBEDTLS_ARIA_DECRYPT, 48, &j, iv, aria_test2_cfb_ct[i], buf ); - if( memcmp( buf, aria_test2_pt, 48 ) != 0 ) - ARIA_SELF_TEST_IF_FAIL; + ARIA_SELF_TEST_ASSERT( memcmp( buf, aria_test2_pt, 48 ) != 0 ); } if( verbose ) mbedtls_printf( "\n" ); @@ -1020,8 +1021,7 @@ int mbedtls_aria_self_test( int verbose ) j = 0; mbedtls_aria_crypt_ctr( &ctx, 48, &j, iv, blk, aria_test2_pt, buf ); - if( memcmp( buf, aria_test2_ctr_ct[i], 48 ) != 0 ) - ARIA_SELF_TEST_IF_FAIL; + ARIA_SELF_TEST_ASSERT( memcmp( buf, aria_test2_ctr_ct[i], 48 ) != 0 ); /* Test CTR decryption */ if( verbose ) @@ -1032,8 +1032,7 @@ int mbedtls_aria_self_test( int verbose ) j = 0; mbedtls_aria_crypt_ctr( &ctx, 48, &j, iv, blk, aria_test2_ctr_ct[i], buf ); - if( memcmp( buf, aria_test2_pt, 48 ) != 0 ) - ARIA_SELF_TEST_IF_FAIL; + ARIA_SELF_TEST_ASSERT( memcmp( buf, aria_test2_pt, 48 ) != 0 ); } if( verbose ) mbedtls_printf( "\n" ); diff --git a/library/asn1write.c b/library/asn1write.c index f1adcb55f5..98c591d0bc 100644 --- a/library/asn1write.c +++ b/library/asn1write.c @@ -72,9 +72,11 @@ int mbedtls_asn1_write_len( unsigned char **p, const unsigned char *start, size_ return( 4 ); } + int len_is_valid = 1; #if SIZE_MAX > 0xFFFFFFFF - if( len <= 0xFFFFFFFF ) + len_is_valid = ( len <= 0xFFFFFFFF ); #endif + if( len_is_valid ) { if( *p - start < 5 ) return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL ); @@ -87,9 +89,7 @@ int mbedtls_asn1_write_len( unsigned char **p, const unsigned char *start, size_ return( 5 ); } -#if SIZE_MAX > 0xFFFFFFFF return( MBEDTLS_ERR_ASN1_INVALID_LENGTH ); -#endif } int mbedtls_asn1_write_tag( unsigned char **p, const unsigned char *start, unsigned char tag ) diff --git a/library/ecdh.c b/library/ecdh.c index 35ab1b7044..c9c2e06bd1 100644 --- a/library/ecdh.c +++ b/library/ecdh.c @@ -71,10 +71,12 @@ static int ecdh_gen_public_restartable( mbedtls_ecp_group *grp, { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - /* If multiplication is in progress, we already generated a privkey */ + int restarting = 0; #if defined(MBEDTLS_ECP_RESTARTABLE) - if( rs_ctx == NULL || rs_ctx->rsm == NULL ) + restarting = ( rs_ctx != NULL && rs_ctx->rsm != NULL ); #endif + /* If multiplication is in progress, we already generated a privkey */ + if( !restarting ) MBEDTLS_MPI_CHK( mbedtls_ecp_gen_privkey( grp, d, f_rng, p_rng ) ); MBEDTLS_MPI_CHK( mbedtls_ecp_mul_restartable( grp, Q, d, &grp->G, diff --git a/library/ecp.c b/library/ecp.c index ee6c24a466..5c597d5340 100644 --- a/library/ecp.c +++ b/library/ecp.c @@ -2279,12 +2279,14 @@ cleanup: mbedtls_free( T ); } - /* don't free R while in progress in case R == P */ -#if defined(MBEDTLS_ECP_RESTARTABLE) - if( ret != MBEDTLS_ERR_ECP_IN_PROGRESS ) -#endif /* prevent caller from using invalid value */ - if( ret != 0 ) + int should_free_R = ( ret != 0 ); +#if defined(MBEDTLS_ECP_RESTARTABLE) + /* don't free R while in progress in case R == P */ + if( ret == MBEDTLS_ERR_ECP_IN_PROGRESS ) + should_free_R = 0; +#endif + if( should_free_R ) mbedtls_ecp_point_free( R ); ECP_RS_LEAVE( rsm ); @@ -2529,10 +2531,12 @@ static int ecp_mul_restartable_internal( mbedtls_ecp_group *grp, mbedtls_ecp_poi MBEDTLS_MPI_CHK( mbedtls_internal_ecp_init( grp ) ); #endif /* MBEDTLS_ECP_INTERNAL_ALT */ + int restarting = 0; #if defined(MBEDTLS_ECP_RESTARTABLE) - /* skip argument check when restarting */ - if( rs_ctx == NULL || rs_ctx->rsm == NULL ) + restarting = ( rs_ctx != NULL && rs_ctx->rsm != NULL ); #endif + /* skip argument check when restarting */ + if( !restarting ) { /* check_privkey is free */ MBEDTLS_ECP_BUDGET( MBEDTLS_ECP_OPS_CHK ); diff --git a/library/sha256.c b/library/sha256.c index 0e9c1a1262..1a9a855fab 100644 --- a/library/sha256.c +++ b/library/sha256.c @@ -655,9 +655,11 @@ int mbedtls_sha256_finish( mbedtls_sha256_context *ctx, MBEDTLS_PUT_UINT32_BE( ctx->state[5], output, 20 ); MBEDTLS_PUT_UINT32_BE( ctx->state[6], output, 24 ); + int truncated = 0; #if defined(MBEDTLS_SHA224_C) - if( ctx->is224 == 0 ) + truncated = ctx->is224; #endif + if( !truncated ) MBEDTLS_PUT_UINT32_BE( ctx->state[7], output, 28 ); return( 0 ); diff --git a/library/sha512.c b/library/sha512.c index aa6f06aa22..92ada8c35f 100644 --- a/library/sha512.c +++ b/library/sha512.c @@ -810,9 +810,11 @@ int mbedtls_sha512_finish( mbedtls_sha512_context *ctx, sha512_put_uint64_be( ctx->state[4], output, 32 ); sha512_put_uint64_be( ctx->state[5], output, 40 ); + int truncated = 0; #if defined(MBEDTLS_SHA384_C) - if( ctx->is384 == 0 ) + truncated = ctx->is384; #endif + if( !truncated ) { sha512_put_uint64_be( ctx->state[6], output, 48 ); sha512_put_uint64_be( ctx->state[7], output, 56 ); diff --git a/library/ssl_client.c b/library/ssl_client.c index 01f1b68eb5..d9c6781592 100644 --- a/library/ssl_client.c +++ b/library/ssl_client.c @@ -370,9 +370,11 @@ static int ssl_write_client_hello_cipher_suites( /* * Add TLS_EMPTY_RENEGOTIATION_INFO_SCSV */ + int renegotiating = 0; #if defined(MBEDTLS_SSL_RENEGOTIATION) - if( ssl->renego_status == MBEDTLS_SSL_INITIAL_HANDSHAKE ) + renegotiating = ( ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE ); #endif + if( !renegotiating ) { MBEDTLS_SSL_DEBUG_MSG( 3, ( "adding EMPTY_RENEGOTIATION_INFO_SCSV" ) ); MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 ); @@ -811,9 +813,12 @@ static int ssl_prepare_client_hello( mbedtls_ssl_context *ssl ) * RFC 5077 section 3.4: "When presenting a ticket, the client MAY * generate and include a Session ID in the TLS ClientHello." */ + int renegotiating = 0; #if defined(MBEDTLS_SSL_RENEGOTIATION) - if( ssl->renego_status == MBEDTLS_SSL_INITIAL_HANDSHAKE ) + if( ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE ) + renegotiating = 1; #endif + if( !renegotiating ) { if( ( session_negotiate->ticket != NULL ) && ( session_negotiate->ticket_len != 0 ) ) diff --git a/library/ssl_msg.c b/library/ssl_msg.c index 4f998b4f5f..4cd4107ca1 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -3847,8 +3847,8 @@ int mbedtls_ssl_read_record( mbedtls_ssl_context *ssl, if( ssl_record_is_in_progress( ssl ) == 0 ) { + int dtls_have_buffered = 0; #if defined(MBEDTLS_SSL_PROTO_DTLS) - int have_buffered = 0; /* We only check for buffered messages if the * current datagram is fully consumed. */ @@ -3856,11 +3856,11 @@ int mbedtls_ssl_read_record( mbedtls_ssl_context *ssl, ssl_next_record_is_in_datagram( ssl ) == 0 ) { if( ssl_load_buffered_message( ssl ) == 0 ) - have_buffered = 1; + dtls_have_buffered = 1; } - if( have_buffered == 0 ) #endif /* MBEDTLS_SSL_PROTO_DTLS */ + if( dtls_have_buffered == 0 ) { ret = ssl_get_next_record( ssl ); if( ret == MBEDTLS_ERR_SSL_CONTINUE_PROCESSING ) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 63a433dbeb..0759ef95b1 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -1224,9 +1224,11 @@ int mbedtls_ssl_session_reset_int( mbedtls_ssl_context *ssl, int partial ) #endif #if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C) + int free_cli_id = 1; #if defined(MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE) - if( partial == 0 ) + free_cli_id = ( partial == 0 ); #endif + if( free_cli_id ) { mbedtls_free( ssl->cli_id ); ssl->cli_id = NULL; @@ -7714,11 +7716,16 @@ static int ssl_tls12_populate_transform( mbedtls_ssl_transform *transform, * sequence number). */ transform->ivlen = 12; + + int is_chachapoly = 0; #if defined(MBEDTLS_USE_PSA_CRYPTO) - if( key_type == PSA_KEY_TYPE_CHACHA20 ) + is_chachapoly = ( key_type == PSA_KEY_TYPE_CHACHA20 ); #else - if( mbedtls_cipher_info_get_mode( cipher_info ) == MBEDTLS_MODE_CHACHAPOLY ) + is_chachapoly = ( mbedtls_cipher_info_get_mode( cipher_info ) + == MBEDTLS_MODE_CHACHAPOLY ); #endif /* MBEDTLS_USE_PSA_CRYPTO */ + + if( is_chachapoly ) transform->fixed_ivlen = 12; else transform->fixed_ivlen = 4; diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c index 72c77bb891..d82918f925 100644 --- a/library/ssl_tls12_client.c +++ b/library/ssl_tls12_client.c @@ -2444,9 +2444,11 @@ start_processing: if( ret != 0 ) { + int send_alert_msg = 1; #if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED) - if( ret != MBEDTLS_ERR_ECP_IN_PROGRESS ) + send_alert_msg = ( ret != MBEDTLS_ERR_ECP_IN_PROGRESS ); #endif + if( send_alert_msg ) mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index 66c61a3aa8..71f703c7ff 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -708,11 +708,13 @@ static int ssl_pick_cert( mbedtls_ssl_context *ssl, #endif list = ssl->conf->key_cert; + int pk_alg_is_none = 0; #if defined(MBEDTLS_USE_PSA_CRYPTO) - if( pk_alg == PSA_ALG_NONE ) + pk_alg_is_none = ( pk_alg == PSA_ALG_NONE ); #else - if( pk_alg == MBEDTLS_PK_NONE ) + pk_alg_is_none = ( pk_alg == MBEDTLS_PK_NONE ); #endif /* MBEDTLS_USE_PSA_CRYPTO */ + if( pk_alg_is_none ) return( 0 ); MBEDTLS_SSL_DEBUG_MSG( 3, ( "ciphersuite requires certificate" ) ); @@ -729,18 +731,21 @@ static int ssl_pick_cert( mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_CRT( 3, "candidate certificate chain, certificate", cur->cert ); + int key_type_matches = 0; #if defined(MBEDTLS_USE_PSA_CRYPTO) #if defined(MBEDTLS_SSL_ASYNC_PRIVATE) - if( ( ssl->conf->f_async_sign_start == NULL && - ssl->conf->f_async_decrypt_start == NULL && - ! mbedtls_pk_can_do_ext( cur->key, pk_alg, pk_usage ) ) || - ! mbedtls_pk_can_do_ext( &cur->cert->pk, pk_alg, pk_usage ) ) + key_type_matches = ( ( ssl->conf->f_async_sign_start != NULL || + ssl->conf->f_async_decrypt_start != NULL || + mbedtls_pk_can_do_ext( cur->key, pk_alg, pk_usage ) ) && + mbedtls_pk_can_do_ext( &cur->cert->pk, pk_alg, pk_usage ) ); #else - if( ! mbedtls_pk_can_do_ext( cur->key, pk_alg, pk_usage ) ) + key_type_matches = ( + mbedtls_pk_can_do_ext( cur->key, pk_alg, pk_usage ) ); #endif /* MBEDTLS_SSL_ASYNC_PRIVATE */ #else - if( ! mbedtls_pk_can_do( &cur->cert->pk, pk_alg ) ) + key_type_matches = mbedtls_pk_can_do( &cur->cert->pk, pk_alg ); #endif /* MBEDTLS_USE_PSA_CRYPTO */ + if( !key_type_matches ) { MBEDTLS_SSL_DEBUG_MSG( 3, ( "certificate mismatch: key type" ) ); continue; @@ -917,6 +922,8 @@ static int ssl_parse_client_hello( mbedtls_ssl_context *ssl ) MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse client hello" ) ); + int renegotiating; + #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) read_record_header: #endif @@ -925,9 +932,11 @@ read_record_header: * otherwise read it ourselves manually in order to support SSLv2 * ClientHello, which doesn't use the same record layer format. */ + renegotiating = 0; #if defined(MBEDTLS_SSL_RENEGOTIATION) - if( ssl->renego_status == MBEDTLS_SSL_INITIAL_HANDSHAKE ) + renegotiating = ( ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE ); #endif + if( !renegotiating ) { if( ( ret = mbedtls_ssl_fetch_input( ssl, 5 ) ) != 0 ) { diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 8b9ac343a0..741ead0eb5 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -674,11 +674,13 @@ static int ssl_tls13_write_server_pre_shared_key_ext( mbedtls_ssl_context *ssl, *olen = 0; + int not_using_psk = 0; #if defined(MBEDTLS_USE_PSA_CRYPTO) - if( mbedtls_svc_key_id_is_null( ssl->handshake->psk_opaque ) ) + not_using_psk = ( mbedtls_svc_key_id_is_null( ssl->handshake->psk_opaque ) ); #else - if( ssl->handshake->psk == NULL ) + not_using_psk = ( ssl->handshake->psk == NULL ); #endif + if( not_using_psk ) { /* We shouldn't have called this extension writer unless we've * chosen to use a PSK. */ diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 556ecb97c4..80862f96a0 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -1731,15 +1731,17 @@ int main( int argc, char *argv[] ) if( ret != 0 ) break; } - if( ret == 0 ) #endif /* MBEDTLS_PEM_PARSE_C */ - for( i = 0; mbedtls_test_cas_der[i] != NULL; i++ ) + if( ret == 0 ) { - ret = mbedtls_x509_crt_parse_der( &cacert, - (const unsigned char *) mbedtls_test_cas_der[i], - mbedtls_test_cas_der_len[i] ); - if( ret != 0 ) - break; + for( i = 0; mbedtls_test_cas_der[i] != NULL; i++ ) + { + ret = mbedtls_x509_crt_parse_der( &cacert, + (const unsigned char *) mbedtls_test_cas_der[i], + mbedtls_test_cas_der_len[i] ); + if( ret != 0 ) + break; + } } } if( ret < 0 ) diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 67be9bf8a5..9ec2f874d0 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -2613,15 +2613,17 @@ int main( int argc, char *argv[] ) if( ret != 0 ) break; } - if( ret == 0 ) #endif /* MBEDTLS_PEM_PARSE_C */ - for( i = 0; mbedtls_test_cas_der[i] != NULL; i++ ) + if( ret == 0 ) { - ret = mbedtls_x509_crt_parse_der( &cacert, - (const unsigned char *) mbedtls_test_cas_der[i], - mbedtls_test_cas_der_len[i] ); - if( ret != 0 ) - break; + for( i = 0; mbedtls_test_cas_der[i] != NULL; i++ ) + { + ret = mbedtls_x509_crt_parse_der( &cacert, + (const unsigned char *) mbedtls_test_cas_der[i], + mbedtls_test_cas_der_len[i] ); + if( ret != 0 ) + break; + } } } if( ret < 0 )