Skip to content

Instantly share code, notes, and snippets.

@lynxluna

lynxluna/watcom_mbed.patch

Last active May 19, 2022 22:13
Show Gist options
  • Save lynxluna/bbc54ca894d57b81b8e2ebbc37fcceb7 to your computer and use it in GitHub Desktop.
Save lynxluna/bbc54ca894d57b81b8e2ebbc37fcceb7 to your computer and use it in GitHub Desktop.
Download ZIP
MbedTLS OpenWatcom Patchs
Raw
watcom_mbed.patch
diff -Nbaur mbedtls-3.1.0/include/mbedtls/mbedtls_config.h binfetch/mbedtls-3.1.0/include/mbedtls/mbedtls_config.h
--- mbedtls-3.1.0/include/mbedtls/mbedtls_config.h 2021-12-15 20:48:01.000000000 +0700
+++ binfetch/mbedtls-3.1.0/include/mbedtls/mbedtls_config.h 2022-05-20 01:50:44.000000000 +0700
@@ -2440,7 +2440,7 @@
*
* This module provides networking routines.
*/
-#define MBEDTLS_NET_C
+//#define MBEDTLS_NET_C
/**
* \def MBEDTLS_OID_C
diff -Nbaur mbedtls-3.1.0/library/asn1parse.c binfetch/mbedtls-3.1.0/library/asn1parse.c
--- mbedtls-3.1.0/library/asn1parse.c 2021-12-15 20:48:01.000000000 +0700
+++ binfetch/mbedtls-3.1.0/library/asn1parse.c 2022-05-20 05:04:18.000000000 +0700
@@ -369,7 +369,10 @@
mbedtls_asn1_sequence *cur,
int tag)
{
- asn1_get_sequence_of_cb_ctx_t cb_ctx = { tag, cur };
+ asn1_get_sequence_of_cb_ctx_t cb_ctx;
+ cb_ctx.tag = tag;
+ cb_ctx.cur = cur;
+
memset( cur, 0, sizeof( mbedtls_asn1_sequence ) );
return( mbedtls_asn1_traverse_sequence_of(
p, end, 0xFF, tag, 0, 0,
diff -Nbaur mbedtls-3.1.0/library/bignum.c binfetch/mbedtls-3.1.0/library/bignum.c
--- mbedtls-3.1.0/library/bignum.c 2021-12-15 20:48:01.000000000 +0700
+++ binfetch/mbedtls-3.1.0/library/bignum.c 2022-05-20 05:04:18.000000000 +0700
@@ -1508,11 +1508,14 @@
*/
int mbedtls_mpi_mul_int( mbedtls_mpi *X, const mbedtls_mpi *A, mbedtls_mpi_uint b )
{
+ size_t n;
+ int ret;
+
MPI_VALIDATE_RET( X != NULL );
MPI_VALIDATE_RET( A != NULL );
/* mpi_mul_hlp can't deal with a leading 0. */
- size_t n = A->n;
+ n = A->n;
while( n > 0 && A->p[n - 1] == 0 )
--n;
@@ -1524,7 +1527,7 @@
}
/* Calculate A*b as A + A*(b-1) to take advantage of mpi_mul_hlp */
- int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+ ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
/* In general, A * b requires 1 limb more than b. If
* A->p[n - 1] * b / b == A->p[n - 1], then A * b fits in the same
* number of limbs as A and the call to grow() is not required since
@@ -1990,8 +1993,8 @@
static int mpi_select( mbedtls_mpi *R, const mbedtls_mpi *T, size_t T_size, size_t idx )
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-
- for( size_t i = 0; i < T_size; i++ )
+ size_t i = 0;
+ for(i = 0; i < T_size; i++ )
{
MBEDTLS_MPI_CHK( mbedtls_mpi_safe_cond_assign( R, &T[i],
(unsigned char) mbedtls_ct_size_bool_eq( i, idx ) ) );
diff -Nbaur mbedtls-3.1.0/library/cipher.c binfetch/mbedtls-3.1.0/library/cipher.c
--- mbedtls-3.1.0/library/cipher.c 2021-12-15 20:48:01.000000000 +0700
+++ binfetch/mbedtls-3.1.0/library/cipher.c 2022-05-20 05:04:18.000000000 +0700
@@ -1529,6 +1529,7 @@
unsigned char *output, size_t output_len,
size_t *olen, size_t tag_len )
{
+ int ret;
CIPHER_VALIDATE_RET( ctx != NULL );
CIPHER_VALIDATE_RET( iv_len == 0 || iv != NULL );
CIPHER_VALIDATE_RET( ad_len == 0 || ad != NULL );
@@ -1565,7 +1566,7 @@
if( output_len < ilen + tag_len )
return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
- int ret = mbedtls_cipher_aead_encrypt( ctx, iv, iv_len, ad, ad_len,
+ ret = mbedtls_cipher_aead_encrypt( ctx, iv, iv_len, ad, ad_len,
input, ilen, output, olen,
output + ilen, tag_len );
*olen += tag_len;
diff -Nbaur mbedtls-3.1.0/library/constant_time.c binfetch/mbedtls-3.1.0/library/constant_time.c
--- mbedtls-3.1.0/library/constant_time.c 2021-12-15 20:48:01.000000000 +0700
+++ binfetch/mbedtls-3.1.0/library/constant_time.c 2022-05-20 05:04:18.000000000 +0700
@@ -415,9 +415,9 @@
/* mask = c1 == c2 ? 0xff : 0x00 */
const size_t equal = mbedtls_ct_size_bool_eq( c1, c2 );
const unsigned char mask = (unsigned char) mbedtls_ct_size_mask( equal );
-
+ size_t i;
/* dest[i] = c1 == c2 ? src[i] : dest[i] */
- for( size_t i = 0; i < len; i++ )
+ for(i = 0; i < len; i++ )
dest[i] = ( src[i] & mask ) | ( dest[i] & ~mask );
}
diff -Nbaur mbedtls-3.1.0/library/ecjpake.c binfetch/mbedtls-3.1.0/library/ecjpake.c
--- mbedtls-3.1.0/library/ecjpake.c 2021-12-15 20:48:01.000000000 +0700
+++ binfetch/mbedtls-3.1.0/library/ecjpake.c 2022-05-20 05:04:18.000000000 +0700
@@ -967,10 +967,10 @@
static int self_test_rng( void *ctx, unsigned char *out, size_t len )
{
static uint32_t state = 42;
-
+ size_t i;
(void) ctx;
- for( size_t i = 0; i < len; i++ )
+ for(i = 0; i < len; i++ )
{
state = state * 1664525u + 1013904223u;
out[i] = (unsigned char) state;
diff -Nbaur mbedtls-3.1.0/library/ecp.c binfetch/mbedtls-3.1.0/library/ecp.c
--- mbedtls-3.1.0/library/ecp.c 2021-12-15 20:48:01.000000000 +0700
+++ binfetch/mbedtls-3.1.0/library/ecp.c 2022-05-20 05:04:18.000000000 +0700
@@ -1169,6 +1169,9 @@
*/
static int ecp_normalize_jac( const mbedtls_ecp_group *grp, mbedtls_ecp_point *pt )
{
+ int ret;
+ mbedtls_mpi Zi, ZZi;
+
if( mbedtls_mpi_cmp_int( &pt->Z, 0 ) == 0 )
return( 0 );
@@ -1180,8 +1183,7 @@
#if defined(MBEDTLS_ECP_NO_FALLBACK) && defined(MBEDTLS_ECP_NORMALIZE_JAC_ALT)
return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE );
#else
- int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- mbedtls_mpi Zi, ZZi;
+ ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_mpi_init( &Zi ); mbedtls_mpi_init( &ZZi );
/*
@@ -1224,6 +1226,11 @@
static int ecp_normalize_jac_many( const mbedtls_ecp_group *grp,
mbedtls_ecp_point *T[], size_t T_size )
{
+
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+ size_t i;
+ mbedtls_mpi *c, u, Zi, ZZi;
+
if( T_size < 2 )
return( ecp_normalize_jac( grp, *T ) );
@@ -1235,10 +1242,6 @@
#if defined(MBEDTLS_ECP_NO_FALLBACK) && defined(MBEDTLS_ECP_NORMALIZE_JAC_MANY_ALT)
return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE );
#else
- int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- size_t i;
- mbedtls_mpi *c, u, Zi, ZZi;
-
if( ( c = mbedtls_calloc( T_size, sizeof( mbedtls_mpi ) ) ) == NULL )
return( MBEDTLS_ERR_ECP_ALLOC_FAILED );
@@ -1351,6 +1354,10 @@
static int ecp_double_jac( const mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
const mbedtls_ecp_point *P )
{
+
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+ mbedtls_mpi M, S, T, U;
+
#if defined(MBEDTLS_SELF_TEST)
dbl_count++;
#endif
@@ -1363,8 +1370,6 @@
#if defined(MBEDTLS_ECP_NO_FALLBACK) && defined(MBEDTLS_ECP_DOUBLE_JAC_ALT)
return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE );
#else
- int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- mbedtls_mpi M, S, T, U;
mbedtls_mpi_init( &M ); mbedtls_mpi_init( &S ); mbedtls_mpi_init( &T ); mbedtls_mpi_init( &U );
@@ -1451,6 +1456,9 @@
static int ecp_add_mixed( const mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
const mbedtls_ecp_point *P, const mbedtls_ecp_point *Q )
{
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+ mbedtls_mpi T1, T2, T3, T4, X, Y, Z;
+
#if defined(MBEDTLS_SELF_TEST)
add_count++;
#endif
@@ -1463,8 +1471,6 @@
#if defined(MBEDTLS_ECP_NO_FALLBACK) && defined(MBEDTLS_ECP_ADD_MIXED_ALT)
return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE );
#else
- int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- mbedtls_mpi T1, T2, T3, T4, X, Y, Z;
/*
* Trivial cases: P == 0 or Q == 0 (case 1)
@@ -3236,10 +3242,10 @@
static int self_test_rng( void *ctx, unsigned char *out, size_t len )
{
static uint32_t state = 42;
-
+ size_t i;
(void) ctx;
- for( size_t i = 0; i < len; i++ )
+ for(i = 0; i < len; i++ )
{
state = state * 1664525u + 1013904223u;
out[i] = (unsigned char) state;
diff -Nbaur mbedtls-3.1.0/library/ecp_curves.c binfetch/mbedtls-3.1.0/library/ecp_curves.c
--- mbedtls-3.1.0/library/ecp_curves.c 2021-12-15 20:48:01.000000000 +0700
+++ binfetch/mbedtls-3.1.0/library/ecp_curves.c 2022-05-20 05:04:18.000000000 +0700
@@ -5004,6 +5004,7 @@
void mbedtls_ecp_fix_negative( mbedtls_mpi *N, signed char c, size_t bits )
{
size_t i;
+ mbedtls_mpi_uint msw;
/* Set N := 2^bits - 1 - N. We know that 0 <= N < 2^bits, so
* set the absolute value to 0xfff...fff - N. There is no carry
@@ -5023,7 +5024,7 @@
/* Add |c| * 2^bits to the absolute value. Since c and N are
* negative, this adds c * 2^bits. */
- mbedtls_mpi_uint msw = (mbedtls_mpi_uint) -c;
+ msw = (mbedtls_mpi_uint) -c;
#if defined(MBEDTLS_HAVE_INT64)
if( bits == 224 )
msw <<= 32;
diff -Nbaur mbedtls-3.1.0/library/platform.c binfetch/mbedtls-3.1.0/library/platform.c
--- mbedtls-3.1.0/library/platform.c 2021-12-15 20:48:01.000000000 +0700
+++ binfetch/mbedtls-3.1.0/library/platform.c 2022-05-20 04:19:31.000000000 +0700
@@ -132,7 +132,7 @@
if( s == NULL || n == 0 || fmt == NULL )
return( -1 );
-#if defined(_TRUNCATE)
+#if defined(_TRUNCATE) && !defined(__MINGW32__)
ret = vsnprintf_s( s, n, _TRUNCATE, fmt, arg );
#else
ret = vsnprintf( s, n, fmt, arg );
diff -Nbaur mbedtls-3.1.0/library/platform_util.c binfetch/mbedtls-3.1.0/library/platform_util.c
--- mbedtls-3.1.0/library/platform_util.c 2021-12-15 20:48:01.000000000 +0700
+++ binfetch/mbedtls-3.1.0/library/platform_util.c 2022-05-20 05:09:11.000000000 +0700
@@ -103,9 +103,9 @@
struct tm *mbedtls_platform_gmtime_r( const mbedtls_time_t *tt,
struct tm *tm_buf )
{
-#if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
+#if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32) && !defined(__WATCOMC__)
return( ( gmtime_s( tm_buf, tt ) == 0 ) ? tm_buf : NULL );
-#elif !defined(PLATFORM_UTIL_USE_GMTIME)
+#elif !defined(PLATFORM_UTIL_USE_GMTIME) && !defined(__WATCOMC__)
return( gmtime_r( tt, tm_buf ) );
#else
struct tm *lt;
diff -Nbaur mbedtls-3.1.0/library/psa_crypto.c binfetch/mbedtls-3.1.0/library/psa_crypto.c
--- mbedtls-3.1.0/library/psa_crypto.c 2021-12-15 20:48:01.000000000 +0700
+++ binfetch/mbedtls-3.1.0/library/psa_crypto.c 2022-05-20 05:12:49.000000000 +0700
@@ -666,6 +666,8 @@
( PSA_ALG_FULL_LENGTH_MAC( alg1 ) ==
PSA_ALG_FULL_LENGTH_MAC( alg2 ) ) )
{
+ size_t alg1_len, alg2_len, restricted_len;
+
/* Validate the combination of key type and algorithm. Since the base
* algorithm of alg1 and alg2 are the same, we only need this once. */
if( PSA_SUCCESS != psa_mac_key_can_do( alg1, key_type ) )
@@ -679,9 +681,9 @@
* Note that for at-least-this-length wildcard algorithms, the output
* length is set to the shortest allowed length, which allows us to
* calculate the most restrictive tag length for the intersection. */
- size_t alg1_len = PSA_MAC_LENGTH( key_type, 0, alg1 );
- size_t alg2_len = PSA_MAC_LENGTH( key_type, 0, alg2 );
- size_t restricted_len = alg1_len > alg2_len ? alg1_len : alg2_len;
+ alg1_len = PSA_MAC_LENGTH( key_type, 0, alg1 );
+ alg2_len = PSA_MAC_LENGTH( key_type, 0, alg2 );
+ restricted_len = alg1_len > alg2_len ? alg1_len : alg2_len;
/* If both are wildcards, return most restrictive wildcard */
if( ( ( alg1 & PSA_ALG_MAC_AT_LEAST_THIS_LENGTH_FLAG ) != 0 ) &&
@@ -748,6 +750,7 @@
( PSA_ALG_FULL_LENGTH_MAC( policy_alg ) ==
PSA_ALG_FULL_LENGTH_MAC( requested_alg ) ) )
{
+ size_t requested_output_length, default_output_length;
/* Validate the combination of key type and algorithm. Since the policy
* and requested algorithms are the same, we only need this once. */
if( PSA_SUCCESS != psa_mac_key_can_do( policy_alg, key_type ) )
@@ -758,9 +761,9 @@
* Note that none of the currently supported algorithms have an output
* length dependent on actual key size, so setting it to a bogus value
* of 0 is currently OK. */
- size_t requested_output_length = PSA_MAC_LENGTH(
+ requested_output_length = PSA_MAC_LENGTH(
key_type, 0, requested_alg );
- size_t default_output_length = PSA_MAC_LENGTH(
+ default_output_length = PSA_MAC_LENGTH(
key_type, 0,
PSA_ALG_FULL_LENGTH_MAC( requested_alg ) );
@@ -1302,6 +1305,7 @@
psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
psa_key_slot_t *slot;
+ psa_key_attributes_t attributes;
/* Reject a zero-length output buffer now, since this can never be a
* valid key representation. This way we know that data must be a valid
* pointer and we can do things like memset(data, ..., data_size). */
@@ -1323,9 +1327,7 @@
if( status != PSA_SUCCESS )
return( status );
- psa_key_attributes_t attributes = {
- .core = slot->attr
- };
+ attributes.core = slot->attr;
status = psa_driver_wrapper_export_key( &attributes,
slot->key.data, slot->key.bytes,
data, data_size, data_length );
@@ -1406,6 +1408,8 @@
psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
psa_key_slot_t *slot;
+ psa_key_attributes_t attributes;
+
/* Reject a zero-length output buffer now, since this can never be a
* valid key representation. This way we know that data must be a valid
* pointer and we can do things like memset(data, ..., data_size). */
@@ -1429,9 +1433,8 @@
goto exit;
}
- psa_key_attributes_t attributes = {
- .core = slot->attr
- };
+ attributes.core = slot->attr;
+
status = psa_driver_wrapper_export_public_key(
&attributes, slot->key.data, slot->key.bytes,
data, data_size, data_length );
@@ -2104,11 +2107,12 @@
psa_status_t psa_hash_abort( psa_hash_operation_t *operation )
{
+ psa_status_t status;
/* Aborting a non-active operation is allowed */
if( operation->id == 0 )
return( PSA_SUCCESS );
- psa_status_t status = psa_driver_wrapper_hash_abort( operation );
+ status = psa_driver_wrapper_hash_abort( operation );
operation->id = 0;
return( status );
@@ -2176,11 +2180,13 @@
size_t hash_size,
size_t *hash_length )
{
+ psa_status_t status;
+
*hash_length = 0;
if( operation->id == 0 )
return( PSA_ERROR_BAD_STATE );
- psa_status_t status = psa_driver_wrapper_hash_finish(
+ status = psa_driver_wrapper_hash_finish(
operation, hash, hash_size, hash_length );
psa_hash_abort( operation );
return( status );
@@ -2236,11 +2242,12 @@
{
uint8_t actual_hash[PSA_HASH_MAX_SIZE];
size_t actual_hash_length;
+ psa_status_t status;
if( !PSA_ALG_IS_HASH( alg ) )
return( PSA_ERROR_INVALID_ARGUMENT );
- psa_status_t status = psa_driver_wrapper_hash_compute(
+ status = psa_driver_wrapper_hash_compute(
alg, input, input_length,
actual_hash, sizeof(actual_hash),
&actual_hash_length );
@@ -2262,13 +2269,15 @@
psa_status_t psa_hash_clone( const psa_hash_operation_t *source_operation,
psa_hash_operation_t *target_operation )
{
+ psa_status_t status;
+
if( source_operation->id == 0 ||
target_operation->id != 0 )
{
return( PSA_ERROR_BAD_STATE );
}
- psa_status_t status = psa_driver_wrapper_hash_clone( source_operation,
+ status = psa_driver_wrapper_hash_clone( source_operation,
target_operation );
if( status != PSA_SUCCESS )
psa_hash_abort( target_operation );
@@ -2283,11 +2292,13 @@
psa_status_t psa_mac_abort( psa_mac_operation_t *operation )
{
+ psa_status_t status;
+
/* Aborting a non-active operation is allowed */
if( operation->id == 0 )
return( PSA_SUCCESS );
- psa_status_t status = psa_driver_wrapper_mac_abort( operation );
+ status = psa_driver_wrapper_mac_abort( operation );
operation->mac_size = 0;
operation->is_sign = 0;
operation->id = 0;
@@ -2344,6 +2355,8 @@
psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
psa_key_slot_t *slot = NULL;
+ psa_key_attributes_t attributes;
+
/* A context must be freshly initialized before it can be set up. */
if( operation->id != 0 )
{
@@ -2359,9 +2372,7 @@
if( status != PSA_SUCCESS )
goto exit;
- psa_key_attributes_t attributes = {
- .core = slot->attr
- };
+ attributes.core = slot->attr;
status = psa_mac_finalize_alg_and_key_validation( alg, &attributes,
&operation->mac_size );
@@ -2414,6 +2425,8 @@
const uint8_t *input,
size_t input_length )
{
+ psa_status_t status;
+
if( operation->id == 0 )
return( PSA_ERROR_BAD_STATE );
@@ -2422,7 +2435,7 @@
if( input_length == 0 )
return( PSA_SUCCESS );
- psa_status_t status = psa_driver_wrapper_mac_update( operation,
+ status = psa_driver_wrapper_mac_update( operation,
input, input_length );
if( status != PSA_SUCCESS )
psa_mac_abort( operation );
@@ -2538,6 +2551,8 @@
psa_key_slot_t *slot;
uint8_t operation_mac_size = 0;
+ psa_key_attributes_t attributes;
+
status = psa_get_and_lock_key_slot_with_policy(
key,
&slot,
@@ -2546,9 +2561,7 @@
if( status != PSA_SUCCESS )
goto exit;
- psa_key_attributes_t attributes = {
- .core = slot->attr
- };
+ attributes.core = slot->attr;
status = psa_mac_finalize_alg_and_key_validation( alg, &attributes,
&operation_mac_size );
@@ -2675,6 +2688,7 @@
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
psa_key_slot_t *slot;
+ psa_key_attributes_t attributes;
*signature_length = 0;
@@ -2704,9 +2718,7 @@
goto exit;
}
- psa_key_attributes_t attributes = {
- .core = slot->attr
- };
+ attributes.core = slot->attr;
if( input_is_message )
{
@@ -2754,6 +2766,7 @@
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
psa_key_slot_t *slot;
+ psa_key_attributes_t attributes;
status = psa_sign_verify_check_alg( input_is_message, alg );
if( status != PSA_SUCCESS )
@@ -2768,9 +2781,7 @@
if( status != PSA_SUCCESS )
return( status );
- psa_key_attributes_t attributes = {
- .core = slot->attr
- };
+ attributes.core = slot->attr;
if( input_is_message )
{
@@ -3286,6 +3297,7 @@
psa_key_usage_t usage = ( cipher_operation == MBEDTLS_ENCRYPT ?
PSA_KEY_USAGE_ENCRYPT :
PSA_KEY_USAGE_DECRYPT );
+ psa_key_attributes_t attributes;
/* A context must be freshly initialized before it can be set up. */
if( operation->id != 0 )
@@ -3315,9 +3327,7 @@
operation->iv_required = 1;
operation->default_iv_length = PSA_CIPHER_IV_LENGTH( slot->attr.type, alg );
- psa_key_attributes_t attributes = {
- .core = slot->attr
- };
+ attributes.core = slot->attr;
/* Try doing the operation through a driver before using software fallback. */
if( cipher_operation == MBEDTLS_ENCRYPT )
@@ -3552,6 +3562,7 @@
psa_key_slot_t *slot = NULL;
uint8_t local_iv[PSA_CIPHER_IV_MAX_SIZE];
size_t default_iv_length = 0;
+ psa_key_attributes_t attributes;
if( ! PSA_ALG_IS_CIPHER( alg ) )
{
@@ -3565,9 +3576,7 @@
if( status != PSA_SUCCESS )
goto exit;
- psa_key_attributes_t attributes = {
- .core = slot->attr
- };
+ attributes.core = slot->attr;
default_iv_length = PSA_CIPHER_IV_LENGTH( slot->attr.type, alg );
if( default_iv_length > PSA_CIPHER_IV_MAX_SIZE )
@@ -3623,6 +3632,7 @@
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
psa_key_slot_t *slot = NULL;
+ psa_key_attributes_t attributes;
if( ! PSA_ALG_IS_CIPHER( alg ) )
{
@@ -3636,9 +3646,7 @@
if( status != PSA_SUCCESS )
goto exit;
- psa_key_attributes_t attributes = {
- .core = slot->attr
- };
+ attributes.core = slot->attr;
if( alg == PSA_ALG_CCM_STAR_NO_TAG && input_length < PSA_BLOCK_CIPHER_BLOCK_LENGTH( slot->attr.type ) )
{
@@ -3733,6 +3741,7 @@
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_key_slot_t *slot;
+ psa_key_attributes_t attributes;
*ciphertext_length = 0;
@@ -3744,9 +3753,7 @@
if( status != PSA_SUCCESS )
return( status );
- psa_key_attributes_t attributes = {
- .core = slot->attr
- };
+ attributes.core = slot->attr;
status = psa_aead_check_nonce_length( alg, nonce_length );
if( status != PSA_SUCCESS )
@@ -3783,6 +3790,7 @@
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_key_slot_t *slot;
+ psa_key_attributes_t attributes;
*plaintext_length = 0;
@@ -3794,9 +3802,7 @@
if( status != PSA_SUCCESS )
return( status );
- psa_key_attributes_t attributes = {
- .core = slot->attr
- };
+ attributes.core = slot->attr;
status = psa_aead_check_nonce_length( alg, nonce_length );
if( status != PSA_SUCCESS )
@@ -3829,6 +3835,7 @@
psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
psa_key_slot_t *slot = NULL;
psa_key_usage_t key_usage = 0;
+ psa_key_attributes_t attributes;
if( !PSA_ALG_IS_AEAD( alg ) || PSA_ALG_IS_WILDCARD( alg ) )
{
@@ -3859,9 +3866,7 @@
if( status != PSA_SUCCESS )
goto exit;
- psa_key_attributes_t attributes = {
- .core = slot->attr
- };
+ attributes.core = slot->attr;
if( is_encrypt )
status = psa_driver_wrapper_aead_encrypt_setup( operation,
@@ -4781,6 +4786,7 @@
size_t bytes = PSA_BITS_TO_BYTES( bits );
size_t storage_size = bytes;
psa_status_t status;
+ psa_key_attributes_t attributes;
if( ! key_type_is_raw_bytes( slot->attr.type ) )
return( PSA_ERROR_INVALID_ARGUMENT );
@@ -4799,9 +4805,7 @@
#endif /* MBEDTLS_PSA_BUILTIN_KEY_TYPE_DES */
slot->attr.bits = (psa_key_bits_t) bits;
- psa_key_attributes_t attributes = {
- .core = slot->attr
- };
+ attributes.core = slot->attr;
if( psa_key_lifetime_is_external( attributes.core.lifetime ) )
{
@@ -5376,10 +5380,13 @@
{
#if defined(MBEDTLS_PSA_BUILTIN_ALG_ECDH)
case PSA_ALG_ECDH:
+ {
+ mbedtls_ecp_keypair *ecp = NULL;
+ psa_status_t status;
+
if( ! PSA_KEY_TYPE_IS_ECC_KEY_PAIR( private_key->attr.type ) )
return( PSA_ERROR_INVALID_ARGUMENT );
- mbedtls_ecp_keypair *ecp = NULL;
- psa_status_t status = mbedtls_psa_ecp_load_representation(
+ status = mbedtls_psa_ecp_load_representation(
private_key->attr.type,
private_key->attr.bits,
private_key->key.data,
@@ -5393,7 +5400,9 @@
shared_secret_length );
mbedtls_ecp_keypair_free( ecp );
mbedtls_free( ecp );
+
return( status );
+ }
#endif /* MBEDTLS_PSA_BUILTIN_ALG_ECDH */
default:
(void) private_key;
diff -Nbaur mbedtls-3.1.0/library/psa_crypto_mac.c binfetch/mbedtls-3.1.0/library/psa_crypto_mac.c
--- mbedtls-3.1.0/library/psa_crypto_mac.c 2021-12-15 20:48:01.000000000 +0700
+++ binfetch/mbedtls-3.1.0/library/psa_crypto_mac.c 2022-05-20 05:04:18.000000000 +0700
@@ -157,6 +157,7 @@
const uint8_t *key_buffer )
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+ const mbedtls_cipher_info_t * cipher_info;
#if defined(PSA_WANT_KEY_TYPE_DES)
/* Mbed TLS CMAC does not accept 3DES with only two keys, nor does it accept
@@ -167,8 +168,7 @@
return( PSA_ERROR_NOT_SUPPORTED );
#endif
- const mbedtls_cipher_info_t * cipher_info =
- mbedtls_cipher_info_from_psa(
+ cipher_info = mbedtls_cipher_info_from_psa(
PSA_ALG_CMAC,
psa_get_key_type( attributes ),
psa_get_key_bits( attributes ),
diff -Nbaur mbedtls-3.1.0/library/psa_crypto_rsa.c binfetch/mbedtls-3.1.0/library/psa_crypto_rsa.c
--- mbedtls-3.1.0/library/psa_crypto_rsa.c 2021-12-15 20:48:01.000000000 +0700
+++ binfetch/mbedtls-3.1.0/library/psa_crypto_rsa.c 2022-05-20 05:04:18.000000000 +0700
@@ -433,13 +433,15 @@
const mbedtls_rsa_context *rsa,
size_t hash_length )
{
+ int klen, hlen, room;
+
if( PSA_ALG_IS_RSA_PSS_ANY_SALT( alg ) )
return( MBEDTLS_RSA_SALT_LEN_ANY );
/* Otherwise: standard salt length, i.e. largest possible salt length
* up to the hash length. */
- int klen = (int) mbedtls_rsa_get_len( rsa ); // known to fit
- int hlen = (int) hash_length; // known to fit
- int room = klen - 2 - hlen;
+ klen = (int) mbedtls_rsa_get_len( rsa ); // known to fit
+ hlen = (int) hash_length; // known to fit
+ room = klen - 2 - hlen;
if( room < 0 )
return( 0 ); // there is no valid signature in this case anyway
else if( room > hlen )
diff -Nbaur mbedtls-3.1.0/library/psa_crypto_slot_management.c binfetch/mbedtls-3.1.0/library/psa_crypto_slot_management.c
--- mbedtls-3.1.0/library/psa_crypto_slot_management.c 2021-12-15 20:48:01.000000000 +0700
+++ binfetch/mbedtls-3.1.0/library/psa_crypto_slot_management.c 2022-05-20 05:04:18.000000000 +0700
@@ -349,6 +349,7 @@
psa_key_slot_t **p_slot )
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ psa_key_id_t volatile_key_id;
*p_slot = NULL;
if( ! global_data.key_slots_initialized )
@@ -365,7 +366,6 @@
/* Loading keys from storage requires support for such a mechanism */
#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) || \
defined(MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS)
- psa_key_id_t volatile_key_id;
status = psa_get_empty_key_slot( &volatile_key_id, p_slot );
if( status != PSA_SUCCESS )
diff -Nbaur mbedtls-3.1.0/library/ssl_msg.c binfetch/mbedtls-3.1.0/library/ssl_msg.c
--- mbedtls-3.1.0/library/ssl_msg.c 2021-12-15 20:48:01.000000000 +0700
+++ binfetch/mbedtls-3.1.0/library/ssl_msg.c 2022-05-20 05:04:18.000000000 +0700
@@ -656,14 +656,16 @@
#endif
) )
{
+ unsigned char mac[MBEDTLS_SSL_MAC_ADD];
+ int ret;
+
if( post_avail < transform->maclen )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "Buffer provided for encrypted record not large enough" ) );
return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
}
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
- unsigned char mac[MBEDTLS_SSL_MAC_ADD];
- int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+ ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
ssl_extract_add_data_from_record( add_data, &add_data_len, rec,
transform->minor_ver,
@@ -1366,6 +1368,7 @@
* we have data_len >= padlen here. */
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
+ {
/* The padding check involves a series of up to 256
* consecutive memory reads at the end of the record
* plaintext buffer. In order to hide the length and
@@ -1393,7 +1396,7 @@
pad_count += mask & equal;
}
correct &= mbedtls_ct_size_bool_eq( pad_count, padlen );
-
+ }
#if defined(MBEDTLS_SSL_DEBUG_ALL)
if( padlen > 0 && correct == 0 )
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad padding byte detected" ) );
@@ -1449,6 +1452,7 @@
transform->taglen );
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
+ {
/*
* The next two sizes are the minimum and maximum values of
* data_len over all padlen values.
@@ -1476,6 +1480,7 @@
rec->data_len,
min_len, max_len,
transform->maclen );
+ }
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
#if defined(MBEDTLS_SSL_DEBUG_ALL)
diff -Nbaur mbedtls-3.1.0/library/ssl_srv.c binfetch/mbedtls-3.1.0/library/ssl_srv.c
--- mbedtls-3.1.0/library/ssl_srv.c 2021-12-15 20:48:01.000000000 +0700
+++ binfetch/mbedtls-3.1.0/library/ssl_srv.c 2022-05-20 05:04:18.000000000 +0700
@@ -2900,6 +2900,7 @@
{
const mbedtls_ssl_ciphersuite_t *ciphersuite_info =
ssl->handshake->ciphersuite_info;
+ size_t out_buf_len;
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PFS_ENABLED)
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED)
@@ -2914,9 +2915,9 @@
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED)
#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
- size_t out_buf_len = ssl->out_buf_len - ( ssl->out_msg - ssl->out_buf );
+ out_buf_len = ssl->out_buf_len - ( ssl->out_msg - ssl->out_buf );
#else
- size_t out_buf_len = MBEDTLS_SSL_OUT_BUFFER_LEN - ( ssl->out_msg - ssl->out_buf );
+ out_buf_len = MBEDTLS_SSL_OUT_BUFFER_LEN - ( ssl->out_msg - ssl->out_buf );
#endif
#endif
diff -Nbaur mbedtls-3.1.0/library/ssl_tls.c binfetch/mbedtls-3.1.0/library/ssl_tls.c
--- mbedtls-3.1.0/library/ssl_tls.c 2021-12-15 20:48:01.000000000 +0700
+++ binfetch/mbedtls-3.1.0/library/ssl_tls.c 2022-05-20 05:04:18.000000000 +0700
@@ -3114,18 +3114,19 @@
/* Heap allocate and translate curve_list from internal to IANA group ids */
if ( ssl->conf->curve_list != NULL )
{
- size_t length;
+ size_t length, i;
const mbedtls_ecp_group_id *curve_list = ssl->conf->curve_list;
+ uint16_t *group_list;
for( length = 0; ( curve_list[length] != MBEDTLS_ECP_DP_NONE ) &&
( length < MBEDTLS_ECP_DP_MAX ); length++ ) {}
/* Leave room for zero termination */
- uint16_t *group_list = mbedtls_calloc( length + 1, sizeof(uint16_t) );
+ group_list = mbedtls_calloc( length + 1, sizeof(uint16_t) );
if ( group_list == NULL )
return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
- for( size_t i = 0; i < length; i++ )
+ for( i = 0; i < length; i++ )
{
const mbedtls_ecp_curve_info *info =
mbedtls_ecp_curve_info_from_grp_id( curve_list[i] );
@@ -6821,10 +6822,11 @@
int mbedtls_ssl_check_curve( const mbedtls_ssl_context *ssl, mbedtls_ecp_group_id grp_id )
{
const uint16_t *group_list = mbedtls_ssl_get_groups( ssl );
+ uint16_t tls_id;
if( group_list == NULL )
return( -1 );
- uint16_t tls_id = mbedtls_ecp_curve_info_from_grp_id(grp_id)->tls_id;
+ tls_id = mbedtls_ecp_curve_info_from_grp_id(grp_id)->tls_id;
for( ; *group_list != 0; group_list++ )
{
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment