Squashed commit upgrading to mbedtls-3.6.0
Squash merging branch import/mbedtls-3.6.0
0fc9291f4 ("libmbedtls: bignum: restore mbedtls_mpi_exp_mod() from v3.5.2")
0ef87b1e6 ("libmbedtls: reset minimum rsa key size")
70b079496 ("libmbedtls: adjust use of rsa pk_wrap API")
6cf76464f ("libmbedtls: allow inclusion of arm_neon.h")
27df5c911 ("libmbedtls: fix cipher_wrap.c for NIST AES Key Wrap mode")
aa584f9ed ("libmbedtls: fix cipher_wrap.c for chacha20 and chachapoly")
523ae957e ("libmbedtls: add fault mitigation in mbedtls_rsa_rsassa_pkcs1_v15_verify()")
30bdb1bbf ("libmbedtls: add fault mitigation in mbedtls_rsa_rsassa_pss_verify_ext()")
e45cdab62 ("libmbedtls: add SM2 curve")
d2fda4fc2 ("libmbedtls: fix no CRT issue")
ab0eb5515 ("libmbedtls: add interfaces in mbedtls for context memory operation")
7925a6f26 ("libmedtls: mpi_miller_rabin: increase count limit")
8eaf69279 ("libmbedtls: add mbedtls_mpi_init_mempool()")
12e83fc8d ("libmbedtls: make mbedtls_mpi_mont*() available")
f9e261da5 ("mbedtls: configure mbedtls to reach for config")
7b6f378d7 ("mbedtls: remove default include/mbedtls/config.h")
c16331743 ("Import mbedtls-3.6.0")
Signed-off-by: Tom Van Eyck <tom.vaneyck@kuleuven.be>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
diff --git a/lib/libmbedtls/mbedtls/library/ssl_cache.c b/lib/libmbedtls/mbedtls/library/ssl_cache.c
index 048c21d..772cb8f 100644
--- a/lib/libmbedtls/mbedtls/library/ssl_cache.c
+++ b/lib/libmbedtls/mbedtls/library/ssl_cache.c
@@ -2,19 +2,7 @@
* SSL session cache implementation
*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
/*
* These session callbacks use a simple chained list
@@ -29,6 +17,7 @@
#include "mbedtls/ssl_cache.h"
#include "ssl_misc.h"
+#include "mbedtls/error.h"
#include <string.h>
@@ -50,7 +39,7 @@
size_t session_id_len,
mbedtls_ssl_cache_entry **dst)
{
- int ret = 1;
+ int ret = MBEDTLS_ERR_SSL_CACHE_ENTRY_NOT_FOUND;
#if defined(MBEDTLS_HAVE_TIME)
mbedtls_time_t t = mbedtls_time(NULL);
#endif
@@ -87,7 +76,7 @@
size_t session_id_len,
mbedtls_ssl_session *session)
{
- int ret = 1;
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_ssl_cache_context *cache = (mbedtls_ssl_cache_context *) data;
mbedtls_ssl_cache_entry *entry;
@@ -130,8 +119,7 @@
/* zeroize and free session structure */
if (entry->session != NULL) {
- mbedtls_platform_zeroize(entry->session, entry->session_len);
- mbedtls_free(entry->session);
+ mbedtls_zeroize_and_free(entry->session, entry->session_len);
}
/* zeroize the whole entry structure */
@@ -197,7 +185,7 @@
/* Create new entry */
cur = mbedtls_calloc(1, sizeof(mbedtls_ssl_cache_entry));
if (cur == NULL) {
- return 1;
+ return MBEDTLS_ERR_SSL_ALLOC_FAILED;
}
/* Append to the end of the linked list. */
@@ -218,12 +206,13 @@
if (old == NULL) {
/* This should only happen on an ill-configured cache
* with max_entries == 0. */
- return 1;
+ return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
}
#else /* MBEDTLS_HAVE_TIME */
/* Reuse first entry in chain, but move to last place. */
if (cache->chain == NULL) {
- return 1;
+ /* This should never happen */
+ return MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
}
old = cache->chain;
@@ -259,11 +248,11 @@
size_t session_id_len,
const mbedtls_ssl_session *session)
{
- int ret = 1;
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_ssl_cache_context *cache = (mbedtls_ssl_cache_context *) data;
mbedtls_ssl_cache_entry *cur;
- size_t session_serialized_len;
+ size_t session_serialized_len = 0;
unsigned char *session_serialized = NULL;
#if defined(MBEDTLS_THREADING_C)
@@ -283,7 +272,6 @@
* and allocate a sufficiently large buffer. */
ret = mbedtls_ssl_session_save(session, NULL, 0, &session_serialized_len);
if (ret != MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL) {
- ret = 1;
goto exit;
}
@@ -303,7 +291,7 @@
}
if (session_id_len > sizeof(cur->session_id)) {
- ret = 1;
+ ret = MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
goto exit;
}
cur->session_id_len = session_id_len;
@@ -323,8 +311,7 @@
#endif
if (session_serialized != NULL) {
- mbedtls_platform_zeroize(session_serialized, session_serialized_len);
- mbedtls_free(session_serialized);
+ mbedtls_zeroize_and_free(session_serialized, session_serialized_len);
session_serialized = NULL;
}
@@ -335,7 +322,7 @@
unsigned char const *session_id,
size_t session_id_len)
{
- int ret = 1;
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_ssl_cache_context *cache = (mbedtls_ssl_cache_context *) data;
mbedtls_ssl_cache_entry *entry;
mbedtls_ssl_cache_entry *prev;