commit 4d211f3651520a3699ecc7d9be82e8107fdcdcf3
author Sungbae Yoo <sungbaey@nvidia.com> Tue Nov 19 02:47:55 2024 +0000
committer Jerome Forissier <jerome@forissier.org> Mon Nov 25 09:21:51 2024 +0100
tree d224fb3bbda793ef92740a4cd309ff14b084ac54
parent 3c1b812393fd89833e87ef88d33b8e9a1968b608

Import mbedtls-3.6.2

Imports Mbed TLS 3.6.2 from https://github.com/Mbed-TLS/mbedtls.git
tags mbedtls-3.6.2, v3.6.2

Files that are not needed are removed:

cd lib/libmbedtls
rm -rf mbedtls
cp -R path/to/mbedtls-3.6.2/mbedtls .
cd mbedtls
rm CMakeLists.txt DartConfiguration.tcl Makefile
rm .gitignore .travis.yml .pylintrc .globalrc .mypy.ini BRANCHES.md
rm include/.gitignore include/CMakeLists.txt library/.gitignore
rm library/CMakeLists.txt library/Makefile
rm -r cmake
rm -rf .git .github doxygen configs programs scripts tests visualc
rm -rf 3rdparty ChangeLog.d docs pkgconfig .gitmodules .readthedocs.yaml
rm library/mps_*
cd ..
git add mbedtls

This is a complete overwrite of previous code so earlier changes in the
previous branch import/mbedtls-3.6.0 will be added on top of this
commit.

Signed-off-by: Sungbae Yoo <sungbaey@nvidia.com>

lib/libmbedtls/mbedtls/library/cipher.c

diff --git a/lib/libmbedtls/mbedtls/library/cipher.c b/lib/libmbedtls/mbedtls/library/cipher.c
index 3f2f1a8..7f4c121 100644
--- a/lib/libmbedtls/mbedtls/library/cipher.c
+++ b/lib/libmbedtls/mbedtls/library/cipher.c
@@ -242,35 +242,6 @@
     mbedtls_platform_zeroize(ctx, sizeof(mbedtls_cipher_context_t));
 }
 
-int mbedtls_cipher_clone(mbedtls_cipher_context_t *dst,
-                         const mbedtls_cipher_context_t *src)
-{
-    if (dst == NULL || dst->cipher_info == NULL ||
-        src == NULL || src->cipher_info == NULL) {
-        return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
-    }
-
-    dst->cipher_info = src->cipher_info;
-    dst->key_bitlen = src->key_bitlen;
-    dst->operation = src->operation;
-#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING)
-    dst->add_padding = src->add_padding;
-    dst->get_padding = src->get_padding;
-#endif
-    memcpy(dst->unprocessed_data, src->unprocessed_data, MBEDTLS_MAX_BLOCK_LENGTH);
-    dst->unprocessed_len = src->unprocessed_len;
-    memcpy(dst->iv, src->iv, MBEDTLS_MAX_IV_LENGTH);
-    dst->iv_size = src->iv_size;
-    if (mbedtls_cipher_get_base(dst->cipher_info)->ctx_clone_func)
-        mbedtls_cipher_get_base(dst->cipher_info)->ctx_clone_func(dst->cipher_ctx, src->cipher_ctx);
-
-#if defined(MBEDTLS_CMAC_C)
-    if (dst->cmac_ctx != NULL && src->cmac_ctx != NULL)
-        memcpy(dst->cmac_ctx, src->cmac_ctx, sizeof(mbedtls_cmac_context_t));
-#endif
-    return 0;
-}
-
 int mbedtls_cipher_setup(mbedtls_cipher_context_t *ctx,
                          const mbedtls_cipher_info_t *cipher_info)
 {
@@ -328,16 +299,6 @@
 }
 #endif /* MBEDTLS_USE_PSA_CRYPTO && !MBEDTLS_DEPRECATED_REMOVED */
 
-int mbedtls_cipher_setup_info(mbedtls_cipher_context_t *ctx,
-                              const mbedtls_cipher_info_t *cipher_info )
-{
-    if (NULL == cipher_info || NULL == ctx)
-        return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
-
-    ctx->cipher_info = cipher_info;
-    return 0;
-}
-
 int mbedtls_cipher_setkey(mbedtls_cipher_context_t *ctx,
                           const unsigned char *key,
                           int key_bitlen,
@@ -888,6 +849,9 @@
     }
 
     padding_len = input[input_len - 1];
+    if (padding_len == 0 || padding_len > input_len) {
+        return MBEDTLS_ERR_CIPHER_INVALID_PADDING;
+    }
     *data_len = input_len - padding_len;
 
     mbedtls_ct_condition_t bad = mbedtls_ct_uint_gt(padding_len, input_len);