mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-03-26 02:37:08 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge pull request #6467 from davidhorstmann-arm/fix-unusual-macros-0

Browse Source 
Fix unusual macros
This commit is contained in:
Gilles Peskine 2022-10-25 19:55:29 +02:00 committed by GitHub
commit 744fd37d23
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
14 changed files with 111 additions and 73 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

49
library/aria.c
View File

@ -888,15 +888,17 @@ static const uint8_t aria_test2_ctr_ct[3][48] = // CTR ciphertext
}; };
#endif /* MBEDTLS_CIPHER_MODE_CFB */ #endif /* MBEDTLS_CIPHER_MODE_CFB */
#define ARIA_SELF_TEST_IF_FAIL \ #define ARIA_SELF_TEST_ASSERT( cond ) \
{ \ do { \
if( verbose ) \ if( cond ) { \
mbedtls_printf( "failed\n" ); \ if( verbose ) \
goto exit; \ mbedtls_printf( "failed\n" ); \
} else { \ goto exit; \
if( verbose ) \ } else { \
mbedtls_printf( "passed\n" ); \ if( verbose ) \
} mbedtls_printf( "passed\n" ); \
} \
} while( 0 )
/* /*
* Checkup routine * Checkup routine
@ -930,16 +932,18 @@ int mbedtls_aria_self_test( int verbose )
mbedtls_printf( " ARIA-ECB-%d (enc): ", 128 + 64 * i ); mbedtls_printf( " ARIA-ECB-%d (enc): ", 128 + 64 * i );
mbedtls_aria_setkey_enc( &ctx, aria_test1_ecb_key, 128 + 64 * i ); mbedtls_aria_setkey_enc( &ctx, aria_test1_ecb_key, 128 + 64 * i );
mbedtls_aria_crypt_ecb( &ctx, aria_test1_ecb_pt, blk ); mbedtls_aria_crypt_ecb( &ctx, aria_test1_ecb_pt, blk );
if( memcmp( blk, aria_test1_ecb_ct[i], MBEDTLS_ARIA_BLOCKSIZE ) != 0 ) ARIA_SELF_TEST_ASSERT(
ARIA_SELF_TEST_IF_FAIL; memcmp( blk, aria_test1_ecb_ct[i], MBEDTLS_ARIA_BLOCKSIZE )
!= 0 );
/* test ECB decryption */ /* test ECB decryption */
if( verbose ) if( verbose )
mbedtls_printf( " ARIA-ECB-%d (dec): ", 128 + 64 * i ); mbedtls_printf( " ARIA-ECB-%d (dec): ", 128 + 64 * i );
mbedtls_aria_setkey_dec( &ctx, aria_test1_ecb_key, 128 + 64 * i ); mbedtls_aria_setkey_dec( &ctx, aria_test1_ecb_key, 128 + 64 * i );
mbedtls_aria_crypt_ecb( &ctx, aria_test1_ecb_ct[i], blk ); mbedtls_aria_crypt_ecb( &ctx, aria_test1_ecb_ct[i], blk );
if( memcmp( blk, aria_test1_ecb_pt, MBEDTLS_ARIA_BLOCKSIZE ) != 0 ) ARIA_SELF_TEST_ASSERT(
ARIA_SELF_TEST_IF_FAIL; memcmp( blk, aria_test1_ecb_pt, MBEDTLS_ARIA_BLOCKSIZE )
!= 0 );
} }
if( verbose ) if( verbose )
mbedtls_printf( "\n" ); mbedtls_printf( "\n" );
@ -958,8 +962,8 @@ int mbedtls_aria_self_test( int verbose )
memset( buf, 0x55, sizeof( buf ) ); memset( buf, 0x55, sizeof( buf ) );
mbedtls_aria_crypt_cbc( &ctx, MBEDTLS_ARIA_ENCRYPT, 48, iv, mbedtls_aria_crypt_cbc( &ctx, MBEDTLS_ARIA_ENCRYPT, 48, iv,
aria_test2_pt, buf ); aria_test2_pt, buf );
if( memcmp( buf, aria_test2_cbc_ct[i], 48 ) != 0 ) ARIA_SELF_TEST_ASSERT( memcmp( buf, aria_test2_cbc_ct[i], 48 )
ARIA_SELF_TEST_IF_FAIL; != 0 );
/* Test CBC decryption */ /* Test CBC decryption */
if( verbose ) if( verbose )
@ -969,8 +973,7 @@ int mbedtls_aria_self_test( int verbose )
memset( buf, 0xAA, sizeof( buf ) ); memset( buf, 0xAA, sizeof( buf ) );
mbedtls_aria_crypt_cbc( &ctx, MBEDTLS_ARIA_DECRYPT, 48, iv, mbedtls_aria_crypt_cbc( &ctx, MBEDTLS_ARIA_DECRYPT, 48, iv,
aria_test2_cbc_ct[i], buf ); aria_test2_cbc_ct[i], buf );
if( memcmp( buf, aria_test2_pt, 48 ) != 0 ) ARIA_SELF_TEST_ASSERT( memcmp( buf, aria_test2_pt, 48 ) != 0 );
ARIA_SELF_TEST_IF_FAIL;
} }
if( verbose ) if( verbose )
mbedtls_printf( "\n" ); mbedtls_printf( "\n" );
@ -989,8 +992,7 @@ int mbedtls_aria_self_test( int verbose )
j = 0; j = 0;
mbedtls_aria_crypt_cfb128( &ctx, MBEDTLS_ARIA_ENCRYPT, 48, &j, iv, mbedtls_aria_crypt_cfb128( &ctx, MBEDTLS_ARIA_ENCRYPT, 48, &j, iv,
aria_test2_pt, buf ); aria_test2_pt, buf );
if( memcmp( buf, aria_test2_cfb_ct[i], 48 ) != 0 ) ARIA_SELF_TEST_ASSERT( memcmp( buf, aria_test2_cfb_ct[i], 48 ) != 0 );
ARIA_SELF_TEST_IF_FAIL;
/* Test CFB decryption */ /* Test CFB decryption */
if( verbose ) if( verbose )
@ -1001,8 +1003,7 @@ int mbedtls_aria_self_test( int verbose )
j = 0; j = 0;
mbedtls_aria_crypt_cfb128( &ctx, MBEDTLS_ARIA_DECRYPT, 48, &j, mbedtls_aria_crypt_cfb128( &ctx, MBEDTLS_ARIA_DECRYPT, 48, &j,
iv, aria_test2_cfb_ct[i], buf ); iv, aria_test2_cfb_ct[i], buf );
if( memcmp( buf, aria_test2_pt, 48 ) != 0 ) ARIA_SELF_TEST_ASSERT( memcmp( buf, aria_test2_pt, 48 ) != 0 );
ARIA_SELF_TEST_IF_FAIL;
} }
if( verbose ) if( verbose )
mbedtls_printf( "\n" ); mbedtls_printf( "\n" );
@ -1020,8 +1021,7 @@ int mbedtls_aria_self_test( int verbose )
j = 0; j = 0;
mbedtls_aria_crypt_ctr( &ctx, 48, &j, iv, blk, mbedtls_aria_crypt_ctr( &ctx, 48, &j, iv, blk,
aria_test2_pt, buf ); aria_test2_pt, buf );
if( memcmp( buf, aria_test2_ctr_ct[i], 48 ) != 0 ) ARIA_SELF_TEST_ASSERT( memcmp( buf, aria_test2_ctr_ct[i], 48 ) != 0 );
ARIA_SELF_TEST_IF_FAIL;
/* Test CTR decryption */ /* Test CTR decryption */
if( verbose ) if( verbose )
@ -1032,8 +1032,7 @@ int mbedtls_aria_self_test( int verbose )
j = 0; j = 0;
mbedtls_aria_crypt_ctr( &ctx, 48, &j, iv, blk, mbedtls_aria_crypt_ctr( &ctx, 48, &j, iv, blk,
aria_test2_ctr_ct[i], buf ); aria_test2_ctr_ct[i], buf );
if( memcmp( buf, aria_test2_pt, 48 ) != 0 ) ARIA_SELF_TEST_ASSERT( memcmp( buf, aria_test2_pt, 48 ) != 0 );
ARIA_SELF_TEST_IF_FAIL;
} }
if( verbose ) if( verbose )
mbedtls_printf( "\n" ); mbedtls_printf( "\n" );

6
library/asn1write.c
View File

@ -72,9 +72,11 @@ int mbedtls_asn1_write_len( unsigned char **p, const unsigned char *start, size_
return( 4 ); return( 4 );
} }
int len_is_valid = 1;
#if SIZE_MAX > 0xFFFFFFFF #if SIZE_MAX > 0xFFFFFFFF
if( len <= 0xFFFFFFFF ) len_is_valid = ( len <= 0xFFFFFFFF );
#endif #endif
if( len_is_valid )
{ {
if( *p - start < 5 ) if( *p - start < 5 )
return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL ); return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
@ -87,9 +89,7 @@ int mbedtls_asn1_write_len( unsigned char **p, const unsigned char *start, size_
return( 5 ); return( 5 );
} }
#if SIZE_MAX > 0xFFFFFFFF
return( MBEDTLS_ERR_ASN1_INVALID_LENGTH ); return( MBEDTLS_ERR_ASN1_INVALID_LENGTH );
#endif
} }
int mbedtls_asn1_write_tag( unsigned char **p, const unsigned char *start, unsigned char tag ) int mbedtls_asn1_write_tag( unsigned char **p, const unsigned char *start, unsigned char tag )

6
library/ecdh.c
View File

@ -71,10 +71,12 @@ static int ecdh_gen_public_restartable( mbedtls_ecp_group *grp,
{ {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
/* If multiplication is in progress, we already generated a privkey */ int restarting = 0;
#if defined(MBEDTLS_ECP_RESTARTABLE) #if defined(MBEDTLS_ECP_RESTARTABLE)
if( rs_ctx == NULL || rs_ctx->rsm == NULL ) restarting = ( rs_ctx != NULL && rs_ctx->rsm != NULL );
#endif #endif
/* If multiplication is in progress, we already generated a privkey */
if( !restarting )
MBEDTLS_MPI_CHK( mbedtls_ecp_gen_privkey( grp, d, f_rng, p_rng ) ); MBEDTLS_MPI_CHK( mbedtls_ecp_gen_privkey( grp, d, f_rng, p_rng ) );
MBEDTLS_MPI_CHK( mbedtls_ecp_mul_restartable( grp, Q, d, &grp->G, MBEDTLS_MPI_CHK( mbedtls_ecp_mul_restartable( grp, Q, d, &grp->G,

18
library/ecp.c
View File

@ -2279,12 +2279,14 @@ cleanup:
mbedtls_free( T ); mbedtls_free( T );
} }
/* don't free R while in progress in case R == P */
#if defined(MBEDTLS_ECP_RESTARTABLE)
if( ret != MBEDTLS_ERR_ECP_IN_PROGRESS )
#endif
/* prevent caller from using invalid value */ /* prevent caller from using invalid value */
if( ret != 0 ) int should_free_R = ( ret != 0 );
#if defined(MBEDTLS_ECP_RESTARTABLE)
/* don't free R while in progress in case R == P */
if( ret == MBEDTLS_ERR_ECP_IN_PROGRESS )
should_free_R = 0;
#endif
if( should_free_R )
mbedtls_ecp_point_free( R ); mbedtls_ecp_point_free( R );
ECP_RS_LEAVE( rsm ); ECP_RS_LEAVE( rsm );
@ -2529,10 +2531,12 @@ static int ecp_mul_restartable_internal( mbedtls_ecp_group *grp, mbedtls_ecp_poi
MBEDTLS_MPI_CHK( mbedtls_internal_ecp_init( grp ) ); MBEDTLS_MPI_CHK( mbedtls_internal_ecp_init( grp ) );
#endif /* MBEDTLS_ECP_INTERNAL_ALT */ #endif /* MBEDTLS_ECP_INTERNAL_ALT */
int restarting = 0;
#if defined(MBEDTLS_ECP_RESTARTABLE) #if defined(MBEDTLS_ECP_RESTARTABLE)
/* skip argument check when restarting */ restarting = ( rs_ctx != NULL && rs_ctx->rsm != NULL );
if( rs_ctx == NULL || rs_ctx->rsm == NULL )
#endif #endif
/* skip argument check when restarting */
if( !restarting )
{ {
/* check_privkey is free */ /* check_privkey is free */
MBEDTLS_ECP_BUDGET( MBEDTLS_ECP_OPS_CHK ); MBEDTLS_ECP_BUDGET( MBEDTLS_ECP_OPS_CHK );

4
library/sha256.c
View File

@ -655,9 +655,11 @@ int mbedtls_sha256_finish( mbedtls_sha256_context *ctx,
MBEDTLS_PUT_UINT32_BE( ctx->state[5], output, 20 ); MBEDTLS_PUT_UINT32_BE( ctx->state[5], output, 20 );
MBEDTLS_PUT_UINT32_BE( ctx->state[6], output, 24 ); MBEDTLS_PUT_UINT32_BE( ctx->state[6], output, 24 );
int truncated = 0;
#if defined(MBEDTLS_SHA224_C) #if defined(MBEDTLS_SHA224_C)
if( ctx->is224 == 0 ) truncated = ctx->is224;
#endif #endif
if( !truncated )
MBEDTLS_PUT_UINT32_BE( ctx->state[7], output, 28 ); MBEDTLS_PUT_UINT32_BE( ctx->state[7], output, 28 );
return( 0 ); return( 0 );

4
library/sha512.c
View File

@ -810,9 +810,11 @@ int mbedtls_sha512_finish( mbedtls_sha512_context *ctx,
sha512_put_uint64_be( ctx->state[4], output, 32 ); sha512_put_uint64_be( ctx->state[4], output, 32 );
sha512_put_uint64_be( ctx->state[5], output, 40 ); sha512_put_uint64_be( ctx->state[5], output, 40 );
int truncated = 0;
#if defined(MBEDTLS_SHA384_C) #if defined(MBEDTLS_SHA384_C)
if( ctx->is384 == 0 ) truncated = ctx->is384;
#endif #endif
if( !truncated )
{ {
sha512_put_uint64_be( ctx->state[6], output, 48 ); sha512_put_uint64_be( ctx->state[6], output, 48 );
sha512_put_uint64_be( ctx->state[7], output, 56 ); sha512_put_uint64_be( ctx->state[7], output, 56 );

9
library/ssl_client.c
View File

@ -370,9 +370,11 @@ static int ssl_write_client_hello_cipher_suites(
/* /*
* Add TLS_EMPTY_RENEGOTIATION_INFO_SCSV * Add TLS_EMPTY_RENEGOTIATION_INFO_SCSV
*/ */
int renegotiating = 0;
#if defined(MBEDTLS_SSL_RENEGOTIATION) #if defined(MBEDTLS_SSL_RENEGOTIATION)
if( ssl->renego_status == MBEDTLS_SSL_INITIAL_HANDSHAKE ) renegotiating = ( ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE );
#endif #endif
if( !renegotiating )
{ {
MBEDTLS_SSL_DEBUG_MSG( 3, ( "adding EMPTY_RENEGOTIATION_INFO_SCSV" ) ); MBEDTLS_SSL_DEBUG_MSG( 3, ( "adding EMPTY_RENEGOTIATION_INFO_SCSV" ) );
MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 ); MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 );
@ -811,9 +813,12 @@ static int ssl_prepare_client_hello( mbedtls_ssl_context *ssl )
* RFC 5077 section 3.4: "When presenting a ticket, the client MAY * RFC 5077 section 3.4: "When presenting a ticket, the client MAY
* generate and include a Session ID in the TLS ClientHello." * generate and include a Session ID in the TLS ClientHello."
*/ */
int renegotiating = 0;
#if defined(MBEDTLS_SSL_RENEGOTIATION) #if defined(MBEDTLS_SSL_RENEGOTIATION)
if( ssl->renego_status == MBEDTLS_SSL_INITIAL_HANDSHAKE ) if( ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE )
renegotiating = 1;
#endif #endif
if( !renegotiating )
{ {
if( ( session_negotiate->ticket != NULL ) && if( ( session_negotiate->ticket != NULL ) &&
( session_negotiate->ticket_len != 0 ) ) ( session_negotiate->ticket_len != 0 ) )

6
library/ssl_msg.c
View File

@ -3847,8 +3847,8 @@ int mbedtls_ssl_read_record( mbedtls_ssl_context *ssl,
if( ssl_record_is_in_progress( ssl ) == 0 ) if( ssl_record_is_in_progress( ssl ) == 0 )
{ {
int dtls_have_buffered = 0;
#if defined(MBEDTLS_SSL_PROTO_DTLS) #if defined(MBEDTLS_SSL_PROTO_DTLS)
int have_buffered = 0;
/* We only check for buffered messages if the /* We only check for buffered messages if the
* current datagram is fully consumed. */ * current datagram is fully consumed. */
@ -3856,11 +3856,11 @@ int mbedtls_ssl_read_record( mbedtls_ssl_context *ssl,
ssl_next_record_is_in_datagram( ssl ) == 0 ) ssl_next_record_is_in_datagram( ssl ) == 0 )
{ {
if( ssl_load_buffered_message( ssl ) == 0 ) if( ssl_load_buffered_message( ssl ) == 0 )
have_buffered = 1; dtls_have_buffered = 1;
} }
if( have_buffered == 0 )
#endif /* MBEDTLS_SSL_PROTO_DTLS */ #endif /* MBEDTLS_SSL_PROTO_DTLS */
if( dtls_have_buffered == 0 )
{ {
ret = ssl_get_next_record( ssl ); ret = ssl_get_next_record( ssl );
if( ret == MBEDTLS_ERR_SSL_CONTINUE_PROCESSING ) if( ret == MBEDTLS_ERR_SSL_CONTINUE_PROCESSING )

13
library/ssl_tls.c
View File

@ -1224,9 +1224,11 @@ int mbedtls_ssl_session_reset_int( mbedtls_ssl_context *ssl, int partial )
#endif #endif
#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C) #if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C)
int free_cli_id = 1;
#if defined(MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE) #if defined(MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE)
if( partial == 0 ) free_cli_id = ( partial == 0 );
#endif #endif
if( free_cli_id )
{ {
mbedtls_free( ssl->cli_id ); mbedtls_free( ssl->cli_id );
ssl->cli_id = NULL; ssl->cli_id = NULL;
@ -7714,11 +7716,16 @@ static int ssl_tls12_populate_transform( mbedtls_ssl_transform *transform,
* sequence number). * sequence number).
*/ */
transform->ivlen = 12; transform->ivlen = 12;
int is_chachapoly = 0;
#if defined(MBEDTLS_USE_PSA_CRYPTO) #if defined(MBEDTLS_USE_PSA_CRYPTO)
if( key_type == PSA_KEY_TYPE_CHACHA20 ) is_chachapoly = ( key_type == PSA_KEY_TYPE_CHACHA20 );
#else #else
if( mbedtls_cipher_info_get_mode( cipher_info ) == MBEDTLS_MODE_CHACHAPOLY ) is_chachapoly = ( mbedtls_cipher_info_get_mode( cipher_info )
== MBEDTLS_MODE_CHACHAPOLY );
#endif /* MBEDTLS_USE_PSA_CRYPTO */ #endif /* MBEDTLS_USE_PSA_CRYPTO */
if( is_chachapoly )
transform->fixed_ivlen = 12; transform->fixed_ivlen = 12;
else else
transform->fixed_ivlen = 4; transform->fixed_ivlen = 4;

4
library/ssl_tls12_client.c
View File

@ -2444,9 +2444,11 @@ start_processing:
if( ret != 0 ) if( ret != 0 )
{ {
int send_alert_msg = 1;
#if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED) #if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED)
if( ret != MBEDTLS_ERR_ECP_IN_PROGRESS ) send_alert_msg = ( ret != MBEDTLS_ERR_ECP_IN_PROGRESS );
#endif #endif
if( send_alert_msg )
mbedtls_ssl_send_alert_message( mbedtls_ssl_send_alert_message(
ssl, ssl,
MBEDTLS_SSL_ALERT_LEVEL_FATAL, MBEDTLS_SSL_ALERT_LEVEL_FATAL,

27
library/ssl_tls12_server.c
View File

@ -708,11 +708,13 @@ static int ssl_pick_cert( mbedtls_ssl_context *ssl,
#endif #endif
list = ssl->conf->key_cert; list = ssl->conf->key_cert;
int pk_alg_is_none = 0;
#if defined(MBEDTLS_USE_PSA_CRYPTO) #if defined(MBEDTLS_USE_PSA_CRYPTO)
if( pk_alg == PSA_ALG_NONE ) pk_alg_is_none = ( pk_alg == PSA_ALG_NONE );
#else #else
if( pk_alg == MBEDTLS_PK_NONE ) pk_alg_is_none = ( pk_alg == MBEDTLS_PK_NONE );
#endif /* MBEDTLS_USE_PSA_CRYPTO */ #endif /* MBEDTLS_USE_PSA_CRYPTO */
if( pk_alg_is_none )
return( 0 ); return( 0 );
MBEDTLS_SSL_DEBUG_MSG( 3, ( "ciphersuite requires certificate" ) ); MBEDTLS_SSL_DEBUG_MSG( 3, ( "ciphersuite requires certificate" ) );
@ -729,18 +731,21 @@ static int ssl_pick_cert( mbedtls_ssl_context *ssl,
MBEDTLS_SSL_DEBUG_CRT( 3, "candidate certificate chain, certificate", MBEDTLS_SSL_DEBUG_CRT( 3, "candidate certificate chain, certificate",
cur->cert ); cur->cert );
int key_type_matches = 0;
#if defined(MBEDTLS_USE_PSA_CRYPTO) #if defined(MBEDTLS_USE_PSA_CRYPTO)
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE) #if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
if( ( ssl->conf->f_async_sign_start == NULL && key_type_matches = ( ( ssl->conf->f_async_sign_start != NULL ||
ssl->conf->f_async_decrypt_start == NULL && ssl->conf->f_async_decrypt_start != NULL ||
! mbedtls_pk_can_do_ext( cur->key, pk_alg, pk_usage ) ) || mbedtls_pk_can_do_ext( cur->key, pk_alg, pk_usage ) ) &&
! mbedtls_pk_can_do_ext( &cur->cert->pk, pk_alg, pk_usage ) ) mbedtls_pk_can_do_ext( &cur->cert->pk, pk_alg, pk_usage ) );
#else #else
if( ! mbedtls_pk_can_do_ext( cur->key, pk_alg, pk_usage ) ) key_type_matches = (
mbedtls_pk_can_do_ext( cur->key, pk_alg, pk_usage ) );
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */ #endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
#else #else
if( ! mbedtls_pk_can_do( &cur->cert->pk, pk_alg ) ) key_type_matches = mbedtls_pk_can_do( &cur->cert->pk, pk_alg );
#endif /* MBEDTLS_USE_PSA_CRYPTO */ #endif /* MBEDTLS_USE_PSA_CRYPTO */
if( !key_type_matches )
{ {
MBEDTLS_SSL_DEBUG_MSG( 3, ( "certificate mismatch: key type" ) ); MBEDTLS_SSL_DEBUG_MSG( 3, ( "certificate mismatch: key type" ) );
continue; continue;
@ -917,6 +922,8 @@ static int ssl_parse_client_hello( mbedtls_ssl_context *ssl )
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse client hello" ) ); MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse client hello" ) );
int renegotiating;
#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
read_record_header: read_record_header:
#endif #endif
@ -925,9 +932,11 @@ read_record_header:
* otherwise read it ourselves manually in order to support SSLv2 * otherwise read it ourselves manually in order to support SSLv2
* ClientHello, which doesn't use the same record layer format. * ClientHello, which doesn't use the same record layer format.
*/ */
renegotiating = 0;
#if defined(MBEDTLS_SSL_RENEGOTIATION) #if defined(MBEDTLS_SSL_RENEGOTIATION)
if( ssl->renego_status == MBEDTLS_SSL_INITIAL_HANDSHAKE ) renegotiating = ( ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE );
#endif #endif
if( !renegotiating )
{ {
if( ( ret = mbedtls_ssl_fetch_input( ssl, 5 ) ) != 0 ) if( ( ret = mbedtls_ssl_fetch_input( ssl, 5 ) ) != 0 )
{ {

6
library/ssl_tls13_server.c
View File

@ -674,11 +674,13 @@ static int ssl_tls13_write_server_pre_shared_key_ext( mbedtls_ssl_context *ssl,
*olen = 0; *olen = 0;
int not_using_psk = 0;
#if defined(MBEDTLS_USE_PSA_CRYPTO) #if defined(MBEDTLS_USE_PSA_CRYPTO)
if( mbedtls_svc_key_id_is_null( ssl->handshake->psk_opaque ) ) not_using_psk = ( mbedtls_svc_key_id_is_null( ssl->handshake->psk_opaque ) );
#else #else
if( ssl->handshake->psk == NULL ) not_using_psk = ( ssl->handshake->psk == NULL );
#endif #endif
if( not_using_psk )
{ {
/* We shouldn't have called this extension writer unless we've /* We shouldn't have called this extension writer unless we've
* chosen to use a PSK. */ * chosen to use a PSK. */

16
programs/ssl/ssl_client2.c
View File

@ -1731,15 +1731,17 @@ int main( int argc, char *argv[] )
if( ret != 0 ) if( ret != 0 )
break; break;
} }
if( ret == 0 )
#endif /* MBEDTLS_PEM_PARSE_C */ #endif /* MBEDTLS_PEM_PARSE_C */
for( i = 0; mbedtls_test_cas_der[i] != NULL; i++ ) if( ret == 0 )
{ {
ret = mbedtls_x509_crt_parse_der( &cacert, for( i = 0; mbedtls_test_cas_der[i] != NULL; i++ )
(const unsigned char *) mbedtls_test_cas_der[i], {
mbedtls_test_cas_der_len[i] ); ret = mbedtls_x509_crt_parse_der( &cacert,
if( ret != 0 ) (const unsigned char *) mbedtls_test_cas_der[i],
break; mbedtls_test_cas_der_len[i] );
if( ret != 0 )
break;
}
} }
} }
if( ret < 0 ) if( ret < 0 )

16
programs/ssl/ssl_server2.c
View File

@ -2613,15 +2613,17 @@ int main( int argc, char *argv[] )
if( ret != 0 ) if( ret != 0 )
break; break;
} }
if( ret == 0 )
#endif /* MBEDTLS_PEM_PARSE_C */ #endif /* MBEDTLS_PEM_PARSE_C */
for( i = 0; mbedtls_test_cas_der[i] != NULL; i++ ) if( ret == 0 )
{ {
ret = mbedtls_x509_crt_parse_der( &cacert, for( i = 0; mbedtls_test_cas_der[i] != NULL; i++ )
(const unsigned char *) mbedtls_test_cas_der[i], {
mbedtls_test_cas_der_len[i] ); ret = mbedtls_x509_crt_parse_der( &cacert,
if( ret != 0 ) (const unsigned char *) mbedtls_test_cas_der[i],
break; mbedtls_test_cas_der_len[i] );
if( ret != 0 )
break;
}
} }
} }
if( ret < 0 ) if( ret < 0 )