Merge pull request #8727 from ronald-cron-arm/tls13-ignore-early-data-when-rejected
TLS 1.3: SRV: Ignore early data when rejected
diff --git a/include/mbedtls/debug.h b/include/mbedtls/debug.h
index 922e5be..424ed4b 100644
--- a/include/mbedtls/debug.h
+++ b/include/mbedtls/debug.h
@@ -149,165 +149,8 @@
*/
void mbedtls_debug_set_threshold(int threshold);
-/**
- * \brief Print a message to the debug output. This function is always used
- * through the MBEDTLS_SSL_DEBUG_MSG() macro, which supplies the ssl
- * context, file and line number parameters.
- *
- * \param ssl SSL context
- * \param level error level of the debug message
- * \param file file the message has occurred in
- * \param line line number the message has occurred at
- * \param format format specifier, in printf format
- * \param ... variables used by the format specifier
- *
- * \attention This function is intended for INTERNAL usage within the
- * library only.
- */
-void mbedtls_debug_print_msg(const mbedtls_ssl_context *ssl, int level,
- const char *file, int line,
- const char *format, ...) MBEDTLS_PRINTF_ATTRIBUTE(5, 6);
-
-/**
- * \brief Print the return value of a function to the debug output. This
- * function is always used through the MBEDTLS_SSL_DEBUG_RET() macro,
- * which supplies the ssl context, file and line number parameters.
- *
- * \param ssl SSL context
- * \param level error level of the debug message
- * \param file file the error has occurred in
- * \param line line number the error has occurred in
- * \param text the name of the function that returned the error
- * \param ret the return code value
- *
- * \attention This function is intended for INTERNAL usage within the
- * library only.
- */
-void mbedtls_debug_print_ret(const mbedtls_ssl_context *ssl, int level,
- const char *file, int line,
- const char *text, int ret);
-
-/**
- * \brief Output a buffer of size len bytes to the debug output. This function
- * is always used through the MBEDTLS_SSL_DEBUG_BUF() macro,
- * which supplies the ssl context, file and line number parameters.
- *
- * \param ssl SSL context
- * \param level error level of the debug message
- * \param file file the error has occurred in
- * \param line line number the error has occurred in
- * \param text a name or label for the buffer being dumped. Normally the
- * variable or buffer name
- * \param buf the buffer to be outputted
- * \param len length of the buffer
- *
- * \attention This function is intended for INTERNAL usage within the
- * library only.
- */
-void mbedtls_debug_print_buf(const mbedtls_ssl_context *ssl, int level,
- const char *file, int line, const char *text,
- const unsigned char *buf, size_t len);
-
-#if defined(MBEDTLS_BIGNUM_C)
-/**
- * \brief Print a MPI variable to the debug output. This function is always
- * used through the MBEDTLS_SSL_DEBUG_MPI() macro, which supplies the
- * ssl context, file and line number parameters.
- *
- * \param ssl SSL context
- * \param level error level of the debug message
- * \param file file the error has occurred in
- * \param line line number the error has occurred in
- * \param text a name or label for the MPI being output. Normally the
- * variable name
- * \param X the MPI variable
- *
- * \attention This function is intended for INTERNAL usage within the
- * library only.
- */
-void mbedtls_debug_print_mpi(const mbedtls_ssl_context *ssl, int level,
- const char *file, int line,
- const char *text, const mbedtls_mpi *X);
-#endif
-
-#if defined(MBEDTLS_ECP_LIGHT)
-/**
- * \brief Print an ECP point to the debug output. This function is always
- * used through the MBEDTLS_SSL_DEBUG_ECP() macro, which supplies the
- * ssl context, file and line number parameters.
- *
- * \param ssl SSL context
- * \param level error level of the debug message
- * \param file file the error has occurred in
- * \param line line number the error has occurred in
- * \param text a name or label for the ECP point being output. Normally the
- * variable name
- * \param X the ECP point
- *
- * \attention This function is intended for INTERNAL usage within the
- * library only.
- */
-void mbedtls_debug_print_ecp(const mbedtls_ssl_context *ssl, int level,
- const char *file, int line,
- const char *text, const mbedtls_ecp_point *X);
-#endif
-
-#if defined(MBEDTLS_X509_CRT_PARSE_C) && !defined(MBEDTLS_X509_REMOVE_INFO)
-/**
- * \brief Print a X.509 certificate structure to the debug output. This
- * function is always used through the MBEDTLS_SSL_DEBUG_CRT() macro,
- * which supplies the ssl context, file and line number parameters.
- *
- * \param ssl SSL context
- * \param level error level of the debug message
- * \param file file the error has occurred in
- * \param line line number the error has occurred in
- * \param text a name or label for the certificate being output
- * \param crt X.509 certificate structure
- *
- * \attention This function is intended for INTERNAL usage within the
- * library only.
- */
-void mbedtls_debug_print_crt(const mbedtls_ssl_context *ssl, int level,
- const char *file, int line,
- const char *text, const mbedtls_x509_crt *crt);
-#endif
-
-/* Note: the MBEDTLS_ECDH_C guard here is mandatory because this debug function
- only works for the built-in implementation. */
-#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_ANY_ENABLED) && \
- defined(MBEDTLS_ECDH_C)
-typedef enum {
- MBEDTLS_DEBUG_ECDH_Q,
- MBEDTLS_DEBUG_ECDH_QP,
- MBEDTLS_DEBUG_ECDH_Z,
-} mbedtls_debug_ecdh_attr;
-
-/**
- * \brief Print a field of the ECDH structure in the SSL context to the debug
- * output. This function is always used through the
- * MBEDTLS_SSL_DEBUG_ECDH() macro, which supplies the ssl context, file
- * and line number parameters.
- *
- * \param ssl SSL context
- * \param level error level of the debug message
- * \param file file the error has occurred in
- * \param line line number the error has occurred in
- * \param ecdh the ECDH context
- * \param attr the identifier of the attribute being output
- *
- * \attention This function is intended for INTERNAL usage within the
- * library only.
- */
-void mbedtls_debug_printf_ecdh(const mbedtls_ssl_context *ssl, int level,
- const char *file, int line,
- const mbedtls_ecdh_context *ecdh,
- mbedtls_debug_ecdh_attr attr);
-#endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_ANY_ENABLED &&
- MBEDTLS_ECDH_C */
-
#ifdef __cplusplus
}
#endif
-#endif /* debug.h */
+#endif /* MBEDTLS_DEBUG_H */
diff --git a/include/mbedtls/pk.h b/include/mbedtls/pk.h
index 27768bd..2fdcaef 100644
--- a/include/mbedtls/pk.h
+++ b/include/mbedtls/pk.h
@@ -1042,14 +1042,6 @@
const mbedtls_pk_context *key);
#endif /* MBEDTLS_PK_WRITE_C */
-/*
- * Internal module functions. You probably do not want to use these unless you
- * know you do.
- */
-#if defined(MBEDTLS_FS_IO)
-int mbedtls_pk_load_file(const char *path, unsigned char **buf, size_t *n);
-#endif
-
#if defined(MBEDTLS_USE_PSA_CRYPTO)
/**
* \brief Turn an EC or RSA key into an opaque one.
diff --git a/include/mbedtls/pkcs7.h b/include/mbedtls/pkcs7.h
index 70b25a9..e9b4822 100644
--- a/include/mbedtls/pkcs7.h
+++ b/include/mbedtls/pkcs7.h
@@ -41,7 +41,6 @@
#include "mbedtls/build_info.h"
#include "mbedtls/asn1.h"
-#include "mbedtls/x509.h"
#include "mbedtls/x509_crt.h"
/**
diff --git a/include/mbedtls/ssl_ciphersuites.h b/include/mbedtls/ssl_ciphersuites.h
index 8cecbb6..f755ef3 100644
--- a/include/mbedtls/ssl_ciphersuites.h
+++ b/include/mbedtls/ssl_ciphersuites.h
@@ -463,18 +463,6 @@
const mbedtls_ssl_ciphersuite_t *mbedtls_ssl_ciphersuite_from_string(const char *ciphersuite_name);
const mbedtls_ssl_ciphersuite_t *mbedtls_ssl_ciphersuite_from_id(int ciphersuite_id);
-#if defined(MBEDTLS_PK_C)
-mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_pk_alg(const mbedtls_ssl_ciphersuite_t *info);
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
-psa_algorithm_t mbedtls_ssl_get_ciphersuite_sig_pk_psa_alg(const mbedtls_ssl_ciphersuite_t *info);
-psa_key_usage_t mbedtls_ssl_get_ciphersuite_sig_pk_psa_usage(const mbedtls_ssl_ciphersuite_t *info);
-#endif
-mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_alg(const mbedtls_ssl_ciphersuite_t *info);
-#endif
-
-int mbedtls_ssl_ciphersuite_uses_ec(const mbedtls_ssl_ciphersuite_t *info);
-int mbedtls_ssl_ciphersuite_uses_psk(const mbedtls_ssl_ciphersuite_t *info);
-
static inline const char *mbedtls_ssl_ciphersuite_get_name(const mbedtls_ssl_ciphersuite_t *info)
{
return info->MBEDTLS_PRIVATE(name);
@@ -482,133 +470,6 @@
size_t mbedtls_ssl_ciphersuite_get_cipher_key_bitlen(const mbedtls_ssl_ciphersuite_t *info);
-#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PFS_ENABLED)
-static inline int mbedtls_ssl_ciphersuite_has_pfs(const mbedtls_ssl_ciphersuite_t *info)
-{
- switch (info->MBEDTLS_PRIVATE(key_exchange)) {
- case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
- case MBEDTLS_KEY_EXCHANGE_DHE_PSK:
- case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
- case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK:
- case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
- case MBEDTLS_KEY_EXCHANGE_ECJPAKE:
- return 1;
-
- default:
- return 0;
- }
-}
-#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PFS_ENABLED */
-
-#if defined(MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED)
-static inline int mbedtls_ssl_ciphersuite_no_pfs(const mbedtls_ssl_ciphersuite_t *info)
-{
- switch (info->MBEDTLS_PRIVATE(key_exchange)) {
- case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
- case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
- case MBEDTLS_KEY_EXCHANGE_RSA:
- case MBEDTLS_KEY_EXCHANGE_PSK:
- case MBEDTLS_KEY_EXCHANGE_RSA_PSK:
- return 1;
-
- default:
- return 0;
- }
-}
-#endif /* MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED */
-
-#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_ENABLED)
-static inline int mbedtls_ssl_ciphersuite_uses_ecdh(const mbedtls_ssl_ciphersuite_t *info)
-{
- switch (info->MBEDTLS_PRIVATE(key_exchange)) {
- case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
- case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
- return 1;
-
- default:
- return 0;
- }
-}
-#endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDH_ENABLED */
-
-static inline int mbedtls_ssl_ciphersuite_cert_req_allowed(const mbedtls_ssl_ciphersuite_t *info)
-{
- switch (info->MBEDTLS_PRIVATE(key_exchange)) {
- case MBEDTLS_KEY_EXCHANGE_RSA:
- case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
- case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
- case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
- case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
- case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
- return 1;
-
- default:
- return 0;
- }
-}
-
-static inline int mbedtls_ssl_ciphersuite_uses_srv_cert(const mbedtls_ssl_ciphersuite_t *info)
-{
- switch (info->MBEDTLS_PRIVATE(key_exchange)) {
- case MBEDTLS_KEY_EXCHANGE_RSA:
- case MBEDTLS_KEY_EXCHANGE_RSA_PSK:
- case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
- case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
- case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
- case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
- case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
- return 1;
-
- default:
- return 0;
- }
-}
-
-#if defined(MBEDTLS_KEY_EXCHANGE_SOME_DHE_ENABLED)
-static inline int mbedtls_ssl_ciphersuite_uses_dhe(const mbedtls_ssl_ciphersuite_t *info)
-{
- switch (info->MBEDTLS_PRIVATE(key_exchange)) {
- case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
- case MBEDTLS_KEY_EXCHANGE_DHE_PSK:
- return 1;
-
- default:
- return 0;
- }
-}
-#endif /* MBEDTLS_KEY_EXCHANGE_SOME_DHE_ENABLED) */
-
-#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED)
-static inline int mbedtls_ssl_ciphersuite_uses_ecdhe(const mbedtls_ssl_ciphersuite_t *info)
-{
- switch (info->MBEDTLS_PRIVATE(key_exchange)) {
- case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
- case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
- case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK:
- return 1;
-
- default:
- return 0;
- }
-}
-#endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED) */
-
-#if defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED)
-static inline int mbedtls_ssl_ciphersuite_uses_server_signature(
- const mbedtls_ssl_ciphersuite_t *info)
-{
- switch (info->MBEDTLS_PRIVATE(key_exchange)) {
- case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
- case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
- case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
- return 1;
-
- default:
- return 0;
- }
-}
-#endif /* MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED */
-
#ifdef __cplusplus
}
#endif
diff --git a/include/mbedtls/x509.h b/include/mbedtls/x509.h
index e2e0667..be63612 100644
--- a/include/mbedtls/x509.h
+++ b/include/mbedtls/x509.h
@@ -307,6 +307,7 @@
mbedtls_x509_san_list;
/** \} name Structures for parsing X.509 certificates, CRLs and CSRs */
+/** \} addtogroup x509_module */
/**
* \brief Store the certificate DN in printable form into buf;
@@ -321,201 +322,7 @@
*/
int mbedtls_x509_dn_gets(char *buf, size_t size, const mbedtls_x509_name *dn);
-/**
- * \brief Return the next relative DN in an X509 name.
- *
- * \note Intended use is to compare function result to dn->next
- * in order to detect boundaries of multi-valued RDNs.
- *
- * \param dn Current node in the X509 name
- *
- * \return Pointer to the first attribute-value pair of the
- * next RDN in sequence, or NULL if end is reached.
- */
-static inline mbedtls_x509_name *mbedtls_x509_dn_get_next(
- mbedtls_x509_name *dn)
-{
- while (dn->MBEDTLS_PRIVATE(next_merged) && dn->next != NULL) {
- dn = dn->next;
- }
- return dn->next;
-}
-
-/**
- * \brief Store the certificate serial in printable form into buf;
- * no more than size characters will be written.
- *
- * \param buf Buffer to write to
- * \param size Maximum size of buffer
- * \param serial The X509 serial to represent
- *
- * \return The length of the string written (not including the
- * terminated nul byte), or a negative error code.
- */
-int mbedtls_x509_serial_gets(char *buf, size_t size, const mbedtls_x509_buf *serial);
-
-/**
- * \brief Compare pair of mbedtls_x509_time.
- *
- * \param t1 mbedtls_x509_time to compare
- * \param t2 mbedtls_x509_time to compare
- *
- * \return < 0 if t1 is before t2
- * 0 if t1 equals t2
- * > 0 if t1 is after t2
- */
-int mbedtls_x509_time_cmp(const mbedtls_x509_time *t1, const mbedtls_x509_time *t2);
-
-#if defined(MBEDTLS_HAVE_TIME_DATE)
-/**
- * \brief Fill mbedtls_x509_time with provided mbedtls_time_t.
- *
- * \param tt mbedtls_time_t to convert
- * \param now mbedtls_x509_time to fill with converted mbedtls_time_t
- *
- * \return \c 0 on success
- * \return A non-zero return value on failure.
- */
-int mbedtls_x509_time_gmtime(mbedtls_time_t tt, mbedtls_x509_time *now);
-#endif /* MBEDTLS_HAVE_TIME_DATE */
-
-/**
- * \brief Check a given mbedtls_x509_time against the system time
- * and tell if it's in the past.
- *
- * \note Intended usage is "if( is_past( valid_to ) ) ERROR".
- * Hence the return value of 1 if on internal errors.
- *
- * \param to mbedtls_x509_time to check
- *
- * \return 1 if the given time is in the past or an error occurred,
- * 0 otherwise.
- */
-int mbedtls_x509_time_is_past(const mbedtls_x509_time *to);
-
-/**
- * \brief Check a given mbedtls_x509_time against the system time
- * and tell if it's in the future.
- *
- * \note Intended usage is "if( is_future( valid_from ) ) ERROR".
- * Hence the return value of 1 if on internal errors.
- *
- * \param from mbedtls_x509_time to check
- *
- * \return 1 if the given time is in the future or an error occurred,
- * 0 otherwise.
- */
-int mbedtls_x509_time_is_future(const mbedtls_x509_time *from);
-
-/**
- * \brief This function parses an item in the SubjectAlternativeNames
- * extension. Please note that this function might allocate
- * additional memory for a subject alternative name, thus
- * mbedtls_x509_free_subject_alt_name has to be called
- * to dispose of this additional memory afterwards.
- *
- * \param san_buf The buffer holding the raw data item of the subject
- * alternative name.
- * \param san The target structure to populate with the parsed presentation
- * of the subject alternative name encoded in \p san_buf.
- *
- * \note Supported GeneralName types, as defined in RFC 5280:
- * "rfc822Name", "dnsName", "directoryName",
- * "uniformResourceIdentifier" and "hardware_module_name"
- * of type "otherName", as defined in RFC 4108.
- *
- * \note This function should be called on a single raw data of
- * subject alternative name. For example, after successful
- * certificate parsing, one must iterate on every item in the
- * \c crt->subject_alt_names sequence, and pass it to
- * this function.
- *
- * \warning The target structure contains pointers to the raw data of the
- * parsed certificate, and its lifetime is restricted by the
- * lifetime of the certificate.
- *
- * \return \c 0 on success
- * \return #MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE for an unsupported
- * SAN type.
- * \return Another negative value for any other failure.
- */
-int mbedtls_x509_parse_subject_alt_name(const mbedtls_x509_buf *san_buf,
- mbedtls_x509_subject_alternative_name *san);
-/**
- * \brief Unallocate all data related to subject alternative name
- *
- * \param san SAN structure - extra memory owned by this structure will be freed
- */
-void mbedtls_x509_free_subject_alt_name(mbedtls_x509_subject_alternative_name *san);
-
-/** \} addtogroup x509_module */
-
-/*
- * Internal module functions. You probably do not want to use these unless you
- * know you do.
- */
-int mbedtls_x509_get_name(unsigned char **p, const unsigned char *end,
- mbedtls_x509_name *cur);
-int mbedtls_x509_get_alg_null(unsigned char **p, const unsigned char *end,
- mbedtls_x509_buf *alg);
-int mbedtls_x509_get_alg(unsigned char **p, const unsigned char *end,
- mbedtls_x509_buf *alg, mbedtls_x509_buf *params);
-#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
-int mbedtls_x509_get_rsassa_pss_params(const mbedtls_x509_buf *params,
- mbedtls_md_type_t *md_alg, mbedtls_md_type_t *mgf_md,
- int *salt_len);
-#endif
-int mbedtls_x509_get_sig(unsigned char **p, const unsigned char *end, mbedtls_x509_buf *sig);
-int mbedtls_x509_get_sig_alg(const mbedtls_x509_buf *sig_oid, const mbedtls_x509_buf *sig_params,
- mbedtls_md_type_t *md_alg, mbedtls_pk_type_t *pk_alg,
- void **sig_opts);
-int mbedtls_x509_get_time(unsigned char **p, const unsigned char *end,
- mbedtls_x509_time *t);
-int mbedtls_x509_get_serial(unsigned char **p, const unsigned char *end,
- mbedtls_x509_buf *serial);
-int mbedtls_x509_get_ext(unsigned char **p, const unsigned char *end,
- mbedtls_x509_buf *ext, int tag);
-#if !defined(MBEDTLS_X509_REMOVE_INFO)
-int mbedtls_x509_sig_alg_gets(char *buf, size_t size, const mbedtls_x509_buf *sig_oid,
- mbedtls_pk_type_t pk_alg, mbedtls_md_type_t md_alg,
- const void *sig_opts);
-#endif
-int mbedtls_x509_key_size_helper(char *buf, size_t buf_size, const char *name);
int mbedtls_x509_string_to_names(mbedtls_asn1_named_data **head, const char *name);
-int mbedtls_x509_set_extension(mbedtls_asn1_named_data **head, const char *oid, size_t oid_len,
- int critical, const unsigned char *val,
- size_t val_len);
-int mbedtls_x509_write_extensions(unsigned char **p, unsigned char *start,
- mbedtls_asn1_named_data *first);
-int mbedtls_x509_write_names(unsigned char **p, unsigned char *start,
- mbedtls_asn1_named_data *first);
-int mbedtls_x509_write_sig(unsigned char **p, unsigned char *start,
- const char *oid, size_t oid_len,
- unsigned char *sig, size_t size,
- mbedtls_pk_type_t pk_alg);
-int mbedtls_x509_get_ns_cert_type(unsigned char **p,
- const unsigned char *end,
- unsigned char *ns_cert_type);
-int mbedtls_x509_get_key_usage(unsigned char **p,
- const unsigned char *end,
- unsigned int *key_usage);
-int mbedtls_x509_get_subject_alt_name(unsigned char **p,
- const unsigned char *end,
- mbedtls_x509_sequence *subject_alt_name);
-int mbedtls_x509_get_subject_alt_name_ext(unsigned char **p,
- const unsigned char *end,
- mbedtls_x509_sequence *subject_alt_name);
-int mbedtls_x509_info_subject_alt_name(char **buf, size_t *size,
- const mbedtls_x509_sequence
- *subject_alt_name,
- const char *prefix);
-int mbedtls_x509_info_cert_type(char **buf, size_t *size,
- unsigned char ns_cert_type);
-int mbedtls_x509_info_key_usage(char **buf, size_t *size,
- unsigned int key_usage);
-
-int mbedtls_x509_write_set_san_common(mbedtls_asn1_named_data **extensions,
- const mbedtls_x509_san_list *san_list);
/**
* \brief This function parses a CN string as an IP address.
@@ -547,4 +354,4 @@
}
#endif
-#endif /* x509.h */
+#endif /* MBEDTLS_X509_H */
diff --git a/library/debug.c b/library/debug.c
index a9d58e5..c36ed3c 100644
--- a/library/debug.c
+++ b/library/debug.c
@@ -11,7 +11,7 @@
#include "mbedtls/platform.h"
-#include "mbedtls/debug.h"
+#include "debug_internal.h"
#include "mbedtls/error.h"
#include <stdarg.h>
diff --git a/library/debug_internal.h b/library/debug_internal.h
new file mode 100644
index 0000000..4523b46
--- /dev/null
+++ b/library/debug_internal.h
@@ -0,0 +1,172 @@
+/**
+ * \file debug_internal.h
+ *
+ * \brief Internal part of the public "debug.h".
+ */
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+#ifndef MBEDTLS_DEBUG_INTERNAL_H
+#define MBEDTLS_DEBUG_INTERNAL_H
+
+#include "mbedtls/debug.h"
+
+/**
+ * \brief Print a message to the debug output. This function is always used
+ * through the MBEDTLS_SSL_DEBUG_MSG() macro, which supplies the ssl
+ * context, file and line number parameters.
+ *
+ * \param ssl SSL context
+ * \param level error level of the debug message
+ * \param file file the message has occurred in
+ * \param line line number the message has occurred at
+ * \param format format specifier, in printf format
+ * \param ... variables used by the format specifier
+ *
+ * \attention This function is intended for INTERNAL usage within the
+ * library only.
+ */
+void mbedtls_debug_print_msg(const mbedtls_ssl_context *ssl, int level,
+ const char *file, int line,
+ const char *format, ...) MBEDTLS_PRINTF_ATTRIBUTE(5, 6);
+
+/**
+ * \brief Print the return value of a function to the debug output. This
+ * function is always used through the MBEDTLS_SSL_DEBUG_RET() macro,
+ * which supplies the ssl context, file and line number parameters.
+ *
+ * \param ssl SSL context
+ * \param level error level of the debug message
+ * \param file file the error has occurred in
+ * \param line line number the error has occurred in
+ * \param text the name of the function that returned the error
+ * \param ret the return code value
+ *
+ * \attention This function is intended for INTERNAL usage within the
+ * library only.
+ */
+void mbedtls_debug_print_ret(const mbedtls_ssl_context *ssl, int level,
+ const char *file, int line,
+ const char *text, int ret);
+
+/**
+ * \brief Output a buffer of size len bytes to the debug output. This function
+ * is always used through the MBEDTLS_SSL_DEBUG_BUF() macro,
+ * which supplies the ssl context, file and line number parameters.
+ *
+ * \param ssl SSL context
+ * \param level error level of the debug message
+ * \param file file the error has occurred in
+ * \param line line number the error has occurred in
+ * \param text a name or label for the buffer being dumped. Normally the
+ * variable or buffer name
+ * \param buf the buffer to be outputted
+ * \param len length of the buffer
+ *
+ * \attention This function is intended for INTERNAL usage within the
+ * library only.
+ */
+void mbedtls_debug_print_buf(const mbedtls_ssl_context *ssl, int level,
+ const char *file, int line, const char *text,
+ const unsigned char *buf, size_t len);
+
+#if defined(MBEDTLS_BIGNUM_C)
+/**
+ * \brief Print a MPI variable to the debug output. This function is always
+ * used through the MBEDTLS_SSL_DEBUG_MPI() macro, which supplies the
+ * ssl context, file and line number parameters.
+ *
+ * \param ssl SSL context
+ * \param level error level of the debug message
+ * \param file file the error has occurred in
+ * \param line line number the error has occurred in
+ * \param text a name or label for the MPI being output. Normally the
+ * variable name
+ * \param X the MPI variable
+ *
+ * \attention This function is intended for INTERNAL usage within the
+ * library only.
+ */
+void mbedtls_debug_print_mpi(const mbedtls_ssl_context *ssl, int level,
+ const char *file, int line,
+ const char *text, const mbedtls_mpi *X);
+#endif
+
+#if defined(MBEDTLS_ECP_LIGHT)
+/**
+ * \brief Print an ECP point to the debug output. This function is always
+ * used through the MBEDTLS_SSL_DEBUG_ECP() macro, which supplies the
+ * ssl context, file and line number parameters.
+ *
+ * \param ssl SSL context
+ * \param level error level of the debug message
+ * \param file file the error has occurred in
+ * \param line line number the error has occurred in
+ * \param text a name or label for the ECP point being output. Normally the
+ * variable name
+ * \param X the ECP point
+ *
+ * \attention This function is intended for INTERNAL usage within the
+ * library only.
+ */
+void mbedtls_debug_print_ecp(const mbedtls_ssl_context *ssl, int level,
+ const char *file, int line,
+ const char *text, const mbedtls_ecp_point *X);
+#endif
+
+#if defined(MBEDTLS_X509_CRT_PARSE_C) && !defined(MBEDTLS_X509_REMOVE_INFO)
+/**
+ * \brief Print a X.509 certificate structure to the debug output. This
+ * function is always used through the MBEDTLS_SSL_DEBUG_CRT() macro,
+ * which supplies the ssl context, file and line number parameters.
+ *
+ * \param ssl SSL context
+ * \param level error level of the debug message
+ * \param file file the error has occurred in
+ * \param line line number the error has occurred in
+ * \param text a name or label for the certificate being output
+ * \param crt X.509 certificate structure
+ *
+ * \attention This function is intended for INTERNAL usage within the
+ * library only.
+ */
+void mbedtls_debug_print_crt(const mbedtls_ssl_context *ssl, int level,
+ const char *file, int line,
+ const char *text, const mbedtls_x509_crt *crt);
+#endif
+
+/* Note: the MBEDTLS_ECDH_C guard here is mandatory because this debug function
+ only works for the built-in implementation. */
+#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_ANY_ENABLED) && \
+ defined(MBEDTLS_ECDH_C)
+typedef enum {
+ MBEDTLS_DEBUG_ECDH_Q,
+ MBEDTLS_DEBUG_ECDH_QP,
+ MBEDTLS_DEBUG_ECDH_Z,
+} mbedtls_debug_ecdh_attr;
+
+/**
+ * \brief Print a field of the ECDH structure in the SSL context to the debug
+ * output. This function is always used through the
+ * MBEDTLS_SSL_DEBUG_ECDH() macro, which supplies the ssl context, file
+ * and line number parameters.
+ *
+ * \param ssl SSL context
+ * \param level error level of the debug message
+ * \param file file the error has occurred in
+ * \param line line number the error has occurred in
+ * \param ecdh the ECDH context
+ * \param attr the identifier of the attribute being output
+ *
+ * \attention This function is intended for INTERNAL usage within the
+ * library only.
+ */
+void mbedtls_debug_printf_ecdh(const mbedtls_ssl_context *ssl, int level,
+ const char *file, int line,
+ const mbedtls_ecdh_context *ecdh,
+ mbedtls_debug_ecdh_attr attr);
+#endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_ANY_ENABLED &&
+ MBEDTLS_ECDH_C */
+
+#endif /* MBEDTLS_DEBUG_INTERNAL_H */
diff --git a/library/gcm.c b/library/gcm.c
index c677ca4..033cb59 100644
--- a/library/gcm.c
+++ b/library/gcm.c
@@ -354,9 +354,17 @@
{
const unsigned char *p;
size_t use_len, offset;
+ uint64_t new_add_len;
- /* IV is limited to 2^64 bits, so 2^61 bytes */
- if ((uint64_t) add_len >> 61 != 0) {
+ /* AD is limited to 2^64 bits, ie 2^61 bytes
+ * Also check for possible overflow */
+#if SIZE_MAX > 0xFFFFFFFFFFFFFFFFULL
+ if (add_len > 0xFFFFFFFFFFFFFFFFULL) {
+ return MBEDTLS_ERR_GCM_BAD_INPUT;
+ }
+#endif
+ new_add_len = ctx->add_len + (uint64_t) add_len;
+ if (new_add_len < ctx->add_len || new_add_len >> 61 != 0) {
return MBEDTLS_ERR_GCM_BAD_INPUT;
}
@@ -539,6 +547,9 @@
(void) output_size;
*output_length = 0;
+ /* Total length is restricted to 2^39 - 256 bits, ie 2^36 - 2^5 bytes
+ * and AD length is restricted to 2^64 bits, ie 2^61 bytes so neither of
+ * the two multiplications would overflow. */
orig_len = ctx->len * 8;
orig_add_len = ctx->add_len * 8;
diff --git a/library/pk_internal.h b/library/pk_internal.h
index 3d5adf8..da6c7f1 100644
--- a/library/pk_internal.h
+++ b/library/pk_internal.h
@@ -144,4 +144,8 @@
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng);
#endif
+#if defined(MBEDTLS_FS_IO)
+int mbedtls_pk_load_file(const char *path, unsigned char **buf, size_t *n);
+#endif
+
#endif /* MBEDTLS_PK_INTERNAL_H */
diff --git a/library/pkcs7.c b/library/pkcs7.c
index 0869c2e..3aac662 100644
--- a/library/pkcs7.c
+++ b/library/pkcs7.c
@@ -7,7 +7,7 @@
#include "mbedtls/build_info.h"
#if defined(MBEDTLS_PKCS7_C)
#include "mbedtls/pkcs7.h"
-#include "mbedtls/x509.h"
+#include "x509_internal.h"
#include "mbedtls/asn1.h"
#include "mbedtls/x509_crt.h"
#include "mbedtls/x509_crl.h"
diff --git a/library/ssl_ciphersuites_internal.h b/library/ssl_ciphersuites_internal.h
new file mode 100644
index 0000000..27ff721
--- /dev/null
+++ b/library/ssl_ciphersuites_internal.h
@@ -0,0 +1,154 @@
+/**
+ * \file ssl_ciphersuites_internal.h
+ *
+ * \brief Internal part of the public "ssl_ciphersuites.h".
+ */
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+#ifndef MBEDTLS_SSL_CIPHERSUITES_INTERNAL_H
+#define MBEDTLS_SSL_CIPHERSUITES_INTERNAL_H
+
+#include "mbedtls/pk.h"
+
+#if defined(MBEDTLS_PK_C)
+mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_pk_alg(const mbedtls_ssl_ciphersuite_t *info);
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+psa_algorithm_t mbedtls_ssl_get_ciphersuite_sig_pk_psa_alg(const mbedtls_ssl_ciphersuite_t *info);
+psa_key_usage_t mbedtls_ssl_get_ciphersuite_sig_pk_psa_usage(const mbedtls_ssl_ciphersuite_t *info);
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_alg(const mbedtls_ssl_ciphersuite_t *info);
+#endif /* MBEDTLS_PK_C */
+
+int mbedtls_ssl_ciphersuite_uses_ec(const mbedtls_ssl_ciphersuite_t *info);
+int mbedtls_ssl_ciphersuite_uses_psk(const mbedtls_ssl_ciphersuite_t *info);
+
+#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PFS_ENABLED)
+static inline int mbedtls_ssl_ciphersuite_has_pfs(const mbedtls_ssl_ciphersuite_t *info)
+{
+ switch (info->MBEDTLS_PRIVATE(key_exchange)) {
+ case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
+ case MBEDTLS_KEY_EXCHANGE_DHE_PSK:
+ case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
+ case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK:
+ case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
+ case MBEDTLS_KEY_EXCHANGE_ECJPAKE:
+ return 1;
+
+ default:
+ return 0;
+ }
+}
+#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PFS_ENABLED */
+
+#if defined(MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED)
+static inline int mbedtls_ssl_ciphersuite_no_pfs(const mbedtls_ssl_ciphersuite_t *info)
+{
+ switch (info->MBEDTLS_PRIVATE(key_exchange)) {
+ case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
+ case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
+ case MBEDTLS_KEY_EXCHANGE_RSA:
+ case MBEDTLS_KEY_EXCHANGE_PSK:
+ case MBEDTLS_KEY_EXCHANGE_RSA_PSK:
+ return 1;
+
+ default:
+ return 0;
+ }
+}
+#endif /* MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED */
+
+#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_ENABLED)
+static inline int mbedtls_ssl_ciphersuite_uses_ecdh(const mbedtls_ssl_ciphersuite_t *info)
+{
+ switch (info->MBEDTLS_PRIVATE(key_exchange)) {
+ case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
+ case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
+ return 1;
+
+ default:
+ return 0;
+ }
+}
+#endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDH_ENABLED */
+
+static inline int mbedtls_ssl_ciphersuite_cert_req_allowed(const mbedtls_ssl_ciphersuite_t *info)
+{
+ switch (info->MBEDTLS_PRIVATE(key_exchange)) {
+ case MBEDTLS_KEY_EXCHANGE_RSA:
+ case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
+ case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
+ case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
+ case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
+ case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
+ return 1;
+
+ default:
+ return 0;
+ }
+}
+
+static inline int mbedtls_ssl_ciphersuite_uses_srv_cert(const mbedtls_ssl_ciphersuite_t *info)
+{
+ switch (info->MBEDTLS_PRIVATE(key_exchange)) {
+ case MBEDTLS_KEY_EXCHANGE_RSA:
+ case MBEDTLS_KEY_EXCHANGE_RSA_PSK:
+ case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
+ case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
+ case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
+ case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
+ case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
+ return 1;
+
+ default:
+ return 0;
+ }
+}
+
+#if defined(MBEDTLS_KEY_EXCHANGE_SOME_DHE_ENABLED)
+static inline int mbedtls_ssl_ciphersuite_uses_dhe(const mbedtls_ssl_ciphersuite_t *info)
+{
+ switch (info->MBEDTLS_PRIVATE(key_exchange)) {
+ case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
+ case MBEDTLS_KEY_EXCHANGE_DHE_PSK:
+ return 1;
+
+ default:
+ return 0;
+ }
+}
+#endif /* MBEDTLS_KEY_EXCHANGE_SOME_DHE_ENABLED) */
+
+#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED)
+static inline int mbedtls_ssl_ciphersuite_uses_ecdhe(const mbedtls_ssl_ciphersuite_t *info)
+{
+ switch (info->MBEDTLS_PRIVATE(key_exchange)) {
+ case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
+ case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
+ case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK:
+ return 1;
+
+ default:
+ return 0;
+ }
+}
+#endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED) */
+
+#if defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED)
+static inline int mbedtls_ssl_ciphersuite_uses_server_signature(
+ const mbedtls_ssl_ciphersuite_t *info)
+{
+ switch (info->MBEDTLS_PRIVATE(key_exchange)) {
+ case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
+ case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
+ case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
+ return 1;
+
+ default:
+ return 0;
+ }
+}
+#endif /* MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED */
+
+#endif /* MBEDTLS_SSL_CIPHERSUITES_INTERNAL_H */
diff --git a/library/ssl_client.c b/library/ssl_client.c
index d585ca5..6d988a8 100644
--- a/library/ssl_client.c
+++ b/library/ssl_client.c
@@ -12,7 +12,7 @@
#include <string.h>
-#include "mbedtls/debug.h"
+#include "debug_internal.h"
#include "mbedtls/error.h"
#include "mbedtls/platform.h"
diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index c9632f9..16cd62e 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -44,6 +44,8 @@
#endif
#include "mbedtls/pk.h"
+#include "ssl_ciphersuites_internal.h"
+#include "x509_internal.h"
#include "pk_internal.h"
#include "common.h"
diff --git a/library/ssl_msg.c b/library/ssl_msg.c
index 7af9fd2..c2e64c6 100644
--- a/library/ssl_msg.c
+++ b/library/ssl_msg.c
@@ -18,7 +18,7 @@
#include "mbedtls/ssl.h"
#include "ssl_misc.h"
-#include "mbedtls/debug.h"
+#include "debug_internal.h"
#include "mbedtls/error.h"
#include "mbedtls/platform_util.h"
#include "mbedtls/version.h"
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index c2f874b..8afedde 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -20,7 +20,7 @@
#include "ssl_debug_helpers.h"
#include "ssl_misc.h"
-#include "mbedtls/debug.h"
+#include "debug_internal.h"
#include "mbedtls/error.h"
#include "mbedtls/platform_util.h"
#include "mbedtls/version.h"
diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c
index 0c5af87..c3a8037 100644
--- a/library/ssl_tls12_client.c
+++ b/library/ssl_tls12_client.c
@@ -14,7 +14,7 @@
#include "mbedtls/ssl.h"
#include "ssl_client.h"
#include "ssl_misc.h"
-#include "mbedtls/debug.h"
+#include "debug_internal.h"
#include "mbedtls/error.h"
#include "mbedtls/constant_time.h"
diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c
index 5a9f6ca..f242faa 100644
--- a/library/ssl_tls12_server.c
+++ b/library/ssl_tls12_server.c
@@ -13,7 +13,7 @@
#include "mbedtls/ssl.h"
#include "ssl_misc.h"
-#include "mbedtls/debug.h"
+#include "debug_internal.h"
#include "mbedtls/error.h"
#include "mbedtls/platform_util.h"
#include "constant_time_internal.h"
diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index 2598bae..f4987b3 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -11,7 +11,7 @@
#include <string.h>
-#include "mbedtls/debug.h"
+#include "debug_internal.h"
#include "mbedtls/error.h"
#include "mbedtls/platform.h"
diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c
index 04ecd8b..2666067 100644
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c
@@ -12,7 +12,7 @@
#include <string.h>
#include "mbedtls/error.h"
-#include "mbedtls/debug.h"
+#include "debug_internal.h"
#include "mbedtls/oid.h"
#include "mbedtls/platform.h"
#include "mbedtls/constant_time.h"
diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c
index edb453c..739414e 100644
--- a/library/ssl_tls13_keys.c
+++ b/library/ssl_tls13_keys.c
@@ -13,7 +13,7 @@
#include <string.h>
#include "mbedtls/hkdf.h"
-#include "mbedtls/debug.h"
+#include "debug_internal.h"
#include "mbedtls/error.h"
#include "mbedtls/platform.h"
diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c
index 5f6d1a1..62b117c 100644
--- a/library/ssl_tls13_server.c
+++ b/library/ssl_tls13_server.c
@@ -9,7 +9,7 @@
#if defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_PROTO_TLS1_3)
-#include "mbedtls/debug.h"
+#include "debug_internal.h"
#include "mbedtls/error.h"
#include "mbedtls/platform.h"
#include "mbedtls/constant_time.h"
diff --git a/library/x509.c b/library/x509.c
index b7b71f3..f97fb44 100644
--- a/library/x509.c
+++ b/library/x509.c
@@ -19,7 +19,7 @@
#if defined(MBEDTLS_X509_USE_C)
-#include "mbedtls/x509.h"
+#include "x509_internal.h"
#include "mbedtls/asn1.h"
#include "mbedtls/error.h"
#include "mbedtls/oid.h"
diff --git a/library/x509_create.c b/library/x509_create.c
index f7a17e7..839b5df 100644
--- a/library/x509_create.c
+++ b/library/x509_create.c
@@ -9,7 +9,7 @@
#if defined(MBEDTLS_X509_CREATE_C)
-#include "mbedtls/x509.h"
+#include "x509_internal.h"
#include "mbedtls/asn1write.h"
#include "mbedtls/error.h"
#include "mbedtls/oid.h"
diff --git a/library/x509_crl.c b/library/x509_crl.c
index fdbad23..7901992 100644
--- a/library/x509_crl.c
+++ b/library/x509_crl.c
@@ -20,6 +20,7 @@
#if defined(MBEDTLS_X509_CRL_PARSE_C)
#include "mbedtls/x509_crl.h"
+#include "x509_internal.h"
#include "mbedtls/error.h"
#include "mbedtls/oid.h"
#include "mbedtls/platform_util.h"
diff --git a/library/x509_crt.c b/library/x509_crt.c
index 84b92a8..7f0160a 100644
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@@ -22,6 +22,7 @@
#if defined(MBEDTLS_X509_CRT_PARSE_C)
#include "mbedtls/x509_crt.h"
+#include "x509_internal.h"
#include "mbedtls/error.h"
#include "mbedtls/oid.h"
#include "mbedtls/platform_util.h"
diff --git a/library/x509_csr.c b/library/x509_csr.c
index 79b1589..813d644 100644
--- a/library/x509_csr.c
+++ b/library/x509_csr.c
@@ -20,6 +20,7 @@
#if defined(MBEDTLS_X509_CSR_PARSE_C)
#include "mbedtls/x509_csr.h"
+#include "x509_internal.h"
#include "mbedtls/error.h"
#include "mbedtls/oid.h"
#include "mbedtls/platform_util.h"
diff --git a/library/x509_internal.h b/library/x509_internal.h
new file mode 100644
index 0000000..15e097a
--- /dev/null
+++ b/library/x509_internal.h
@@ -0,0 +1,213 @@
+/**
+ * \file x509.h
+ *
+ * \brief Internal part of the public "x509.h".
+ */
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+#ifndef MBEDTLS_X509_INTERNAL_H
+#define MBEDTLS_X509_INTERNAL_H
+#include "mbedtls/private_access.h"
+
+#include "mbedtls/build_info.h"
+
+#include "mbedtls/x509.h"
+#include "mbedtls/asn1.h"
+#include "pk_internal.h"
+
+#if defined(MBEDTLS_RSA_C)
+#include "mbedtls/rsa.h"
+#endif
+
+/**
+ * \brief Return the next relative DN in an X509 name.
+ *
+ * \note Intended use is to compare function result to dn->next
+ * in order to detect boundaries of multi-valued RDNs.
+ *
+ * \param dn Current node in the X509 name
+ *
+ * \return Pointer to the first attribute-value pair of the
+ * next RDN in sequence, or NULL if end is reached.
+ */
+static inline mbedtls_x509_name *mbedtls_x509_dn_get_next(
+ mbedtls_x509_name *dn)
+{
+ while (dn->MBEDTLS_PRIVATE(next_merged) && dn->next != NULL) {
+ dn = dn->next;
+ }
+ return dn->next;
+}
+
+/**
+ * \brief Store the certificate serial in printable form into buf;
+ * no more than size characters will be written.
+ *
+ * \param buf Buffer to write to
+ * \param size Maximum size of buffer
+ * \param serial The X509 serial to represent
+ *
+ * \return The length of the string written (not including the
+ * terminated nul byte), or a negative error code.
+ */
+int mbedtls_x509_serial_gets(char *buf, size_t size, const mbedtls_x509_buf *serial);
+
+/**
+ * \brief Compare pair of mbedtls_x509_time.
+ *
+ * \param t1 mbedtls_x509_time to compare
+ * \param t2 mbedtls_x509_time to compare
+ *
+ * \return < 0 if t1 is before t2
+ * 0 if t1 equals t2
+ * > 0 if t1 is after t2
+ */
+int mbedtls_x509_time_cmp(const mbedtls_x509_time *t1, const mbedtls_x509_time *t2);
+
+#if defined(MBEDTLS_HAVE_TIME_DATE)
+/**
+ * \brief Fill mbedtls_x509_time with provided mbedtls_time_t.
+ *
+ * \param tt mbedtls_time_t to convert
+ * \param now mbedtls_x509_time to fill with converted mbedtls_time_t
+ *
+ * \return \c 0 on success
+ * \return A non-zero return value on failure.
+ */
+int mbedtls_x509_time_gmtime(mbedtls_time_t tt, mbedtls_x509_time *now);
+#endif /* MBEDTLS_HAVE_TIME_DATE */
+
+/**
+ * \brief Check a given mbedtls_x509_time against the system time
+ * and tell if it's in the past.
+ *
+ * \note Intended usage is "if( is_past( valid_to ) ) ERROR".
+ * Hence the return value of 1 if on internal errors.
+ *
+ * \param to mbedtls_x509_time to check
+ *
+ * \return 1 if the given time is in the past or an error occurred,
+ * 0 otherwise.
+ */
+int mbedtls_x509_time_is_past(const mbedtls_x509_time *to);
+
+/**
+ * \brief Check a given mbedtls_x509_time against the system time
+ * and tell if it's in the future.
+ *
+ * \note Intended usage is "if( is_future( valid_from ) ) ERROR".
+ * Hence the return value of 1 if on internal errors.
+ *
+ * \param from mbedtls_x509_time to check
+ *
+ * \return 1 if the given time is in the future or an error occurred,
+ * 0 otherwise.
+ */
+int mbedtls_x509_time_is_future(const mbedtls_x509_time *from);
+
+/**
+ * \brief This function parses an item in the SubjectAlternativeNames
+ * extension. Please note that this function might allocate
+ * additional memory for a subject alternative name, thus
+ * mbedtls_x509_free_subject_alt_name has to be called
+ * to dispose of this additional memory afterwards.
+ *
+ * \param san_buf The buffer holding the raw data item of the subject
+ * alternative name.
+ * \param san The target structure to populate with the parsed presentation
+ * of the subject alternative name encoded in \p san_buf.
+ *
+ * \note Supported GeneralName types, as defined in RFC 5280:
+ * "rfc822Name", "dnsName", "directoryName",
+ * "uniformResourceIdentifier" and "hardware_module_name"
+ * of type "otherName", as defined in RFC 4108.
+ *
+ * \note This function should be called on a single raw data of
+ * subject alternative name. For example, after successful
+ * certificate parsing, one must iterate on every item in the
+ * \c crt->subject_alt_names sequence, and pass it to
+ * this function.
+ *
+ * \warning The target structure contains pointers to the raw data of the
+ * parsed certificate, and its lifetime is restricted by the
+ * lifetime of the certificate.
+ *
+ * \return \c 0 on success
+ * \return #MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE for an unsupported
+ * SAN type.
+ * \return Another negative value for any other failure.
+ */
+int mbedtls_x509_parse_subject_alt_name(const mbedtls_x509_buf *san_buf,
+ mbedtls_x509_subject_alternative_name *san);
+/**
+ * \brief Unallocate all data related to subject alternative name
+ *
+ * \param san SAN structure - extra memory owned by this structure will be freed
+ */
+void mbedtls_x509_free_subject_alt_name(mbedtls_x509_subject_alternative_name *san);
+
+int mbedtls_x509_get_name(unsigned char **p, const unsigned char *end,
+ mbedtls_x509_name *cur);
+int mbedtls_x509_get_alg_null(unsigned char **p, const unsigned char *end,
+ mbedtls_x509_buf *alg);
+int mbedtls_x509_get_alg(unsigned char **p, const unsigned char *end,
+ mbedtls_x509_buf *alg, mbedtls_x509_buf *params);
+#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
+int mbedtls_x509_get_rsassa_pss_params(const mbedtls_x509_buf *params,
+ mbedtls_md_type_t *md_alg, mbedtls_md_type_t *mgf_md,
+ int *salt_len);
+#endif
+int mbedtls_x509_get_sig(unsigned char **p, const unsigned char *end, mbedtls_x509_buf *sig);
+int mbedtls_x509_get_sig_alg(const mbedtls_x509_buf *sig_oid, const mbedtls_x509_buf *sig_params,
+ mbedtls_md_type_t *md_alg, mbedtls_pk_type_t *pk_alg,
+ void **sig_opts);
+int mbedtls_x509_get_time(unsigned char **p, const unsigned char *end,
+ mbedtls_x509_time *t);
+int mbedtls_x509_get_serial(unsigned char **p, const unsigned char *end,
+ mbedtls_x509_buf *serial);
+int mbedtls_x509_get_ext(unsigned char **p, const unsigned char *end,
+ mbedtls_x509_buf *ext, int tag);
+#if !defined(MBEDTLS_X509_REMOVE_INFO)
+int mbedtls_x509_sig_alg_gets(char *buf, size_t size, const mbedtls_x509_buf *sig_oid,
+ mbedtls_pk_type_t pk_alg, mbedtls_md_type_t md_alg,
+ const void *sig_opts);
+#endif
+int mbedtls_x509_key_size_helper(char *buf, size_t buf_size, const char *name);
+int mbedtls_x509_set_extension(mbedtls_asn1_named_data **head, const char *oid, size_t oid_len,
+ int critical, const unsigned char *val,
+ size_t val_len);
+int mbedtls_x509_write_extensions(unsigned char **p, unsigned char *start,
+ mbedtls_asn1_named_data *first);
+int mbedtls_x509_write_names(unsigned char **p, unsigned char *start,
+ mbedtls_asn1_named_data *first);
+int mbedtls_x509_write_sig(unsigned char **p, unsigned char *start,
+ const char *oid, size_t oid_len,
+ unsigned char *sig, size_t size,
+ mbedtls_pk_type_t pk_alg);
+int mbedtls_x509_get_ns_cert_type(unsigned char **p,
+ const unsigned char *end,
+ unsigned char *ns_cert_type);
+int mbedtls_x509_get_key_usage(unsigned char **p,
+ const unsigned char *end,
+ unsigned int *key_usage);
+int mbedtls_x509_get_subject_alt_name(unsigned char **p,
+ const unsigned char *end,
+ mbedtls_x509_sequence *subject_alt_name);
+int mbedtls_x509_get_subject_alt_name_ext(unsigned char **p,
+ const unsigned char *end,
+ mbedtls_x509_sequence *subject_alt_name);
+int mbedtls_x509_info_subject_alt_name(char **buf, size_t *size,
+ const mbedtls_x509_sequence
+ *subject_alt_name,
+ const char *prefix);
+int mbedtls_x509_info_cert_type(char **buf, size_t *size,
+ unsigned char ns_cert_type);
+int mbedtls_x509_info_key_usage(char **buf, size_t *size,
+ unsigned int key_usage);
+
+int mbedtls_x509_write_set_san_common(mbedtls_asn1_named_data **extensions,
+ const mbedtls_x509_san_list *san_list);
+
+#endif /* MBEDTLS_X509_INTERNAL_H */
diff --git a/library/x509write.c b/library/x509write.c
index d434df5..4704900 100644
--- a/library/x509write.c
+++ b/library/x509write.c
@@ -8,6 +8,7 @@
#if defined(MBEDTLS_X509_CSR_WRITE_C) || defined(MBEDTLS_X509_CRT_WRITE_C)
#include "mbedtls/x509_crt.h"
+#include "x509_internal.h"
#include "mbedtls/asn1write.h"
#include "mbedtls/error.h"
#include "mbedtls/oid.h"
diff --git a/library/x509write_crt.c b/library/x509write_crt.c
index 913b15a..72f5a10 100644
--- a/library/x509write_crt.c
+++ b/library/x509write_crt.c
@@ -16,6 +16,7 @@
#if defined(MBEDTLS_X509_CRT_WRITE_C)
#include "mbedtls/x509_crt.h"
+#include "x509_internal.h"
#include "mbedtls/asn1write.h"
#include "mbedtls/error.h"
#include "mbedtls/oid.h"
diff --git a/library/x509write_csr.c b/library/x509write_csr.c
index af75e7f..d3ddbcc 100644
--- a/library/x509write_csr.c
+++ b/library/x509write_csr.c
@@ -14,7 +14,7 @@
#if defined(MBEDTLS_X509_CSR_WRITE_C)
-#include "mbedtls/x509.h"
+#include "x509_internal.h"
#include "mbedtls/x509_csr.h"
#include "mbedtls/asn1write.h"
#include "mbedtls/error.h"
diff --git a/tests/suites/test_suite_debug.function b/tests/suites/test_suite_debug.function
index b961040..eeefc95 100644
--- a/tests/suites/test_suite_debug.function
+++ b/tests/suites/test_suite_debug.function
@@ -1,5 +1,5 @@
/* BEGIN_HEADER */
-#include "mbedtls/debug.h"
+#include "debug_internal.h"
#include "string.h"
#include "mbedtls/pk.h"
diff --git a/tests/suites/test_suite_gcm.function b/tests/suites/test_suite_gcm.function
index 599c926..8bb7b8b 100644
--- a/tests/suites/test_suite_gcm.function
+++ b/tests/suites/test_suite_gcm.function
@@ -153,6 +153,21 @@
mbedtls_free(output);
}
+static void gcm_reset_ctx(mbedtls_gcm_context *ctx, const uint8_t *key,
+ size_t key_bits, const uint8_t *iv, size_t iv_len,
+ int starts_ret)
+{
+ int mode = MBEDTLS_GCM_ENCRYPT;
+ mbedtls_cipher_id_t valid_cipher = MBEDTLS_CIPHER_ID_AES;
+
+ mbedtls_gcm_init(ctx);
+ TEST_EQUAL(mbedtls_gcm_setkey(ctx, valid_cipher, key, key_bits), 0);
+ TEST_EQUAL(starts_ret, mbedtls_gcm_starts(ctx, mode, iv, iv_len));
+exit:
+ /* empty */
+ return;
+}
+
/* END_HEADER */
/* BEGIN_DEPENDENCIES
@@ -478,6 +493,118 @@
}
/* END_CASE */
+/* BEGIN_CASE */
+/* NISP SP 800-38D, Section 5.2.1.1 requires that bit length of IV should
+ * satisfy 1 <= bit_len(IV) <= 2^64 - 1. */
+void gcm_invalid_iv_len(void)
+{
+ mbedtls_gcm_context ctx;
+ mbedtls_gcm_init(&ctx);
+ uint8_t b16[16] = { 0 };
+
+ BLOCK_CIPHER_PSA_INIT();
+
+ // Invalid IV length 0
+ gcm_reset_ctx(&ctx, b16, sizeof(b16) * 8, b16, 0, MBEDTLS_ERR_GCM_BAD_INPUT);
+ mbedtls_gcm_free(&ctx);
+
+ // Only testable on platforms where sizeof(size_t) >= 8.
+#if SIZE_MAX >= UINT64_MAX
+ // Invalid IV length 2^61
+ gcm_reset_ctx(&ctx, b16, sizeof(b16) * 8, b16, 1ULL << 61, MBEDTLS_ERR_GCM_BAD_INPUT);
+ mbedtls_gcm_free(&ctx);
+#endif
+
+ goto exit; /* To suppress error that exit is defined but not used */
+exit:
+ mbedtls_gcm_free(&ctx);
+ BLOCK_CIPHER_PSA_DONE();
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void gcm_add_len_too_long(void)
+{
+ // Only testable on platforms where sizeof(size_t) >= 8.
+#if SIZE_MAX >= UINT64_MAX
+ mbedtls_gcm_context ctx;
+ mbedtls_gcm_init(&ctx);
+ uint8_t b16[16] = { 0 };
+ BLOCK_CIPHER_PSA_INIT();
+
+ /* NISP SP 800-38D, Section 5.2.1.1 requires that bit length of AD should
+ * be <= 2^64 - 1, ie < 2^64. This is the minimum invalid length in bytes. */
+ uint64_t len_max = 1ULL << 61;
+
+ gcm_reset_ctx(&ctx, b16, sizeof(b16) * 8, b16, sizeof(b16), 0);
+ // Feed AD that just exceeds the length limit
+ TEST_EQUAL(mbedtls_gcm_update_ad(&ctx, b16, len_max),
+ MBEDTLS_ERR_GCM_BAD_INPUT);
+ mbedtls_gcm_free(&ctx);
+
+ gcm_reset_ctx(&ctx, b16, sizeof(b16) * 8, b16, sizeof(b16), 0);
+ // Feed AD that just exceeds the length limit in two calls
+ TEST_EQUAL(mbedtls_gcm_update_ad(&ctx, b16, 1), 0);
+ TEST_EQUAL(mbedtls_gcm_update_ad(&ctx, b16, len_max - 1),
+ MBEDTLS_ERR_GCM_BAD_INPUT);
+ mbedtls_gcm_free(&ctx);
+
+ gcm_reset_ctx(&ctx, b16, sizeof(b16) * 8, b16, sizeof(b16), 0);
+ // Test if potential total AD length overflow is handled properly
+ TEST_EQUAL(mbedtls_gcm_update_ad(&ctx, b16, 1), 0);
+ TEST_EQUAL(mbedtls_gcm_update_ad(&ctx, b16, UINT64_MAX), MBEDTLS_ERR_GCM_BAD_INPUT);
+
+exit:
+ mbedtls_gcm_free(&ctx);
+ BLOCK_CIPHER_PSA_DONE();
+#endif
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void gcm_input_len_too_long(void)
+{
+ // Only testable on platforms where sizeof(size_t) >= 8
+#if SIZE_MAX >= UINT64_MAX
+ mbedtls_gcm_context ctx;
+ uint8_t b16[16] = { 0 };
+ uint8_t out[1];
+ size_t out_len;
+ mbedtls_gcm_init(&ctx);
+ BLOCK_CIPHER_PSA_INIT();
+
+ /* NISP SP 800-38D, Section 5.2.1.1 requires that bit length of input should
+ * be <= 2^39 - 256. This is the maximum valid length in bytes. */
+ uint64_t len_max = (1ULL << 36) - 32;
+
+ gcm_reset_ctx(&ctx, b16, sizeof(b16) * 8, b16, sizeof(b16), 0);
+ // Feed input that just exceeds the length limit
+ TEST_EQUAL(mbedtls_gcm_update(&ctx, b16, len_max + 1, out, len_max + 1,
+ &out_len),
+ MBEDTLS_ERR_GCM_BAD_INPUT);
+ mbedtls_gcm_free(&ctx);
+
+ gcm_reset_ctx(&ctx, b16, sizeof(b16) * 8, b16, sizeof(b16), 0);
+ // Feed input that just exceeds the length limit in two calls
+ TEST_EQUAL(mbedtls_gcm_update(&ctx, b16, 1, out, 1, &out_len), 0);
+ TEST_EQUAL(mbedtls_gcm_update(&ctx, b16, len_max, out, len_max, &out_len),
+ MBEDTLS_ERR_GCM_BAD_INPUT);
+ mbedtls_gcm_free(&ctx);
+
+ gcm_reset_ctx(&ctx, b16, sizeof(b16) * 8, b16, sizeof(b16), 0);
+ // Test if potential total input length overflow is handled properly
+ TEST_EQUAL(mbedtls_gcm_update(&ctx, b16, 1, out, 1, &out_len), 0);
+ TEST_EQUAL(mbedtls_gcm_update(&ctx, b16, UINT64_MAX, out, UINT64_MAX,
+ &out_len),
+ MBEDTLS_ERR_GCM_BAD_INPUT);
+
+exit:
+ mbedtls_gcm_free(&ctx);
+ BLOCK_CIPHER_PSA_DONE();
+#endif
+}
+/* END_CASE */
+
/* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST:MBEDTLS_CCM_GCM_CAN_AES */
void gcm_selftest()
{
diff --git a/tests/suites/test_suite_gcm.misc.data b/tests/suites/test_suite_gcm.misc.data
index f22b7a3..108630e 100644
--- a/tests/suites/test_suite_gcm.misc.data
+++ b/tests/suites/test_suite_gcm.misc.data
@@ -1,2 +1,14 @@
GCM - Invalid parameters
gcm_invalid_param:
+
+GCM - Invalid IV length
+depends_on:MBEDTLS_GCM_C:MBEDTLS_CCM_GCM_CAN_AES
+gcm_invalid_iv_len:
+
+GCM - Additional data length too long
+depends_on:MBEDTLS_GCM_C:MBEDTLS_CCM_GCM_CAN_AES
+gcm_add_len_too_long:
+
+GCM - Input length too long
+depends_on:MBEDTLS_GCM_C:MBEDTLS_CCM_GCM_CAN_AES
+gcm_input_len_too_long:
diff --git a/tests/suites/test_suite_pkcs7.function b/tests/suites/test_suite_pkcs7.function
index 65384a8..4c8bf23 100644
--- a/tests/suites/test_suite_pkcs7.function
+++ b/tests/suites/test_suite_pkcs7.function
@@ -4,6 +4,7 @@
#include "mbedtls/x509.h"
#include "mbedtls/x509_crt.h"
#include "mbedtls/x509_crl.h"
+#include "x509_internal.h"
#include "mbedtls/oid.h"
#include "sys/types.h"
#include "sys/stat.h"
diff --git a/tests/suites/test_suite_pkwrite.function b/tests/suites/test_suite_pkwrite.function
index 733909e..c760090 100644
--- a/tests/suites/test_suite_pkwrite.function
+++ b/tests/suites/test_suite_pkwrite.function
@@ -1,5 +1,5 @@
/* BEGIN_HEADER */
-#include "mbedtls/pk.h"
+#include "pk_internal.h"
#include "mbedtls/pem.h"
#include "mbedtls/oid.h"
#include "psa/crypto_sizes.h"
diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function
index c2a2f55..66477e0 100644
--- a/tests/suites/test_suite_x509parse.function
+++ b/tests/suites/test_suite_x509parse.function
@@ -4,6 +4,7 @@
#include "mbedtls/x509_crt.h"
#include "mbedtls/x509_crl.h"
#include "mbedtls/x509_csr.h"
+#include "x509_internal.h"
#include "mbedtls/pem.h"
#include "mbedtls/oid.h"
#include "mbedtls/base64.h"
diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function
index 1d8b87c..3d84c72 100644
--- a/tests/suites/test_suite_x509write.function
+++ b/tests/suites/test_suite_x509write.function
@@ -2,6 +2,7 @@
#include "mbedtls/bignum.h"
#include "mbedtls/x509_crt.h"
#include "mbedtls/x509_csr.h"
+#include "x509_internal.h"
#include "mbedtls/pem.h"
#include "mbedtls/oid.h"
#include "mbedtls/rsa.h"