Use MBEDTLS_GET_UINTxx_BE macro
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
This commit is contained in:
Dave Rodgman
parent
b2e8419b50
commit
a3d0f61aec
7 changed files with 43 additions and 67 deletions
|
|
@ -48,7 +48,7 @@ static int dhm_read_bignum(mbedtls_mpi *X,
|
|||
return MBEDTLS_ERR_DHM_BAD_INPUT_DATA;
|
||||
}
|
||||
|
||||
n = ((*p)[0] << 8) | (*p)[1];
|
||||
n = MBEDTLS_GET_UINT16_BE(*p, 0);
|
||||
(*p) += 2;
|
||||
|
||||
if ((size_t) (end - *p) < (size_t) n) {
|
||||
|
|
|
|||
|
|
@ -98,14 +98,9 @@ static psa_status_t psa_its_read_file(psa_storage_uid_t uid,
|
|||
return PSA_ERROR_DATA_CORRUPT;
|
||||
}
|
||||
|
||||
p_info->size = (header.size[0] |
|
||||
header.size[1] << 8 |
|
||||
header.size[2] << 16 |
|
||||
header.size[3] << 24);
|
||||
p_info->flags = (header.flags[0] |
|
||||
header.flags[1] << 8 |
|
||||
header.flags[2] << 16 |
|
||||
header.flags[3] << 24);
|
||||
p_info->size = MBEDTLS_GET_UINT32_LE(header.size, 0);
|
||||
p_info->flags = MBEDTLS_GET_UINT32_LE(header.flags, 0);
|
||||
|
||||
return PSA_SUCCESS;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -3097,16 +3097,12 @@ static int ssl_hs_is_proper_fragment(mbedtls_ssl_context *ssl)
|
|||
|
||||
static uint32_t ssl_get_hs_frag_len(mbedtls_ssl_context const *ssl)
|
||||
{
|
||||
return (ssl->in_msg[9] << 16) |
|
||||
(ssl->in_msg[10] << 8) |
|
||||
ssl->in_msg[11];
|
||||
return MBEDTLS_GET_UINT24_BE(ssl->in_msg, 9);
|
||||
}
|
||||
|
||||
static uint32_t ssl_get_hs_frag_off(mbedtls_ssl_context const *ssl)
|
||||
{
|
||||
return (ssl->in_msg[6] << 16) |
|
||||
(ssl->in_msg[7] << 8) |
|
||||
ssl->in_msg[8];
|
||||
return MBEDTLS_GET_UINT24_BE(ssl->in_msg, 6);
|
||||
}
|
||||
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
|
|
@ -3219,9 +3215,7 @@ static size_t ssl_get_reassembly_buffer_size(size_t msg_len,
|
|||
|
||||
static uint32_t ssl_get_hs_total_len(mbedtls_ssl_context const *ssl)
|
||||
{
|
||||
return (ssl->in_msg[1] << 16) |
|
||||
(ssl->in_msg[2] << 8) |
|
||||
ssl->in_msg[3];
|
||||
return MBEDTLS_GET_UINT24_BE(ssl->in_msg, 1);
|
||||
}
|
||||
|
||||
int mbedtls_ssl_prepare_handshake_record(mbedtls_ssl_context *ssl)
|
||||
|
|
@ -3242,7 +3236,7 @@ int mbedtls_ssl_prepare_handshake_record(mbedtls_ssl_context *ssl)
|
|||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||
if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
|
||||
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
||||
unsigned int recv_msg_seq = (ssl->in_msg[4] << 8) | ssl->in_msg[5];
|
||||
unsigned int recv_msg_seq = MBEDTLS_GET_UINT16_BE(ssl->in_msg, 4);
|
||||
|
||||
if (ssl_check_hs_header(ssl) != 0) {
|
||||
MBEDTLS_SSL_DEBUG_MSG(1, ("invalid handshake header"));
|
||||
|
|
@ -3857,8 +3851,7 @@ static int ssl_parse_record_header(mbedtls_ssl_context const *ssl,
|
|||
*/
|
||||
|
||||
rec->data_offset = rec_hdr_len_offset + rec_hdr_len_len;
|
||||
rec->data_len = ((size_t) buf[rec_hdr_len_offset + 0] << 8) |
|
||||
((size_t) buf[rec_hdr_len_offset + 1] << 0);
|
||||
rec->data_len = MBEDTLS_GET_UINT16_BE(buf, rec_hdr_len_offset);
|
||||
MBEDTLS_SSL_DEBUG_BUF(4, "input record header", buf, rec->data_offset);
|
||||
|
||||
MBEDTLS_SSL_DEBUG_MSG(3, ("input record: msgtype = %u, "
|
||||
|
|
@ -3886,7 +3879,7 @@ static int ssl_parse_record_header(mbedtls_ssl_context const *ssl,
|
|||
*/
|
||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||
if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
|
||||
rec_epoch = (rec->ctr[0] << 8) | rec->ctr[1];
|
||||
rec_epoch = MBEDTLS_GET_UINT16_BE(rec->ctr, 0);
|
||||
|
||||
/* Check that the datagram is large enough to contain a record
|
||||
* of the advertised length. */
|
||||
|
|
@ -3936,7 +3929,7 @@ static int ssl_parse_record_header(mbedtls_ssl_context const *ssl,
|
|||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_check_client_reconnect(mbedtls_ssl_context *ssl)
|
||||
{
|
||||
unsigned int rec_epoch = (ssl->in_ctr[0] << 8) | ssl->in_ctr[1];
|
||||
unsigned int rec_epoch = MBEDTLS_GET_UINT16_BE(ssl->in_ctr, 0);
|
||||
|
||||
/*
|
||||
* Check for an epoch 0 ClientHello. We can't use in_msg here to
|
||||
|
|
@ -4258,9 +4251,7 @@ static int ssl_load_buffered_message(mbedtls_ssl_context *ssl)
|
|||
hs_buf = &hs->buffering.hs[0];
|
||||
if ((hs_buf->is_valid == 1) && (hs_buf->is_complete == 1)) {
|
||||
/* Synthesize a record containing the buffered HS message. */
|
||||
size_t msg_len = (hs_buf->data[1] << 16) |
|
||||
(hs_buf->data[2] << 8) |
|
||||
hs_buf->data[3];
|
||||
size_t msg_len = MBEDTLS_GET_UINT24_BE(hs_buf->data, 1);
|
||||
|
||||
/* Double-check that we haven't accidentally buffered
|
||||
* a message that doesn't fit into the input buffer. */
|
||||
|
|
@ -4357,7 +4348,7 @@ static int ssl_buffer_message(mbedtls_ssl_context *ssl)
|
|||
case MBEDTLS_SSL_MSG_HANDSHAKE:
|
||||
{
|
||||
unsigned recv_msg_seq_offset;
|
||||
unsigned recv_msg_seq = (ssl->in_msg[4] << 8) | ssl->in_msg[5];
|
||||
unsigned recv_msg_seq = MBEDTLS_GET_UINT16_BE(ssl->in_msg, 4);
|
||||
mbedtls_ssl_hs_buffer *hs_buf;
|
||||
size_t msg_len = ssl->in_hslen - 12;
|
||||
|
||||
|
|
|
|||
|
|
@ -444,7 +444,7 @@ int mbedtls_ssl_ticket_parse(void *p_ticket,
|
|||
goto cleanup;
|
||||
}
|
||||
|
||||
enc_len = (enc_len_p[0] << 8) | enc_len_p[1];
|
||||
enc_len = MBEDTLS_GET_UINT16_BE(enc_len_p, 0);
|
||||
|
||||
if (len != TICKET_MIN_LEN + enc_len) {
|
||||
ret = MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
|
||||
|
|
|
|||
|
|
@ -4747,7 +4747,7 @@ static int ssl_context_load(mbedtls_ssl_context *ssl,
|
|||
return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
|
||||
}
|
||||
|
||||
ssl->mtu = (p[0] << 8) | p[1];
|
||||
ssl->mtu = MBEDTLS_GET_UINT16_BE(p, 0);
|
||||
p += 2;
|
||||
#endif /* MBEDTLS_SSL_PROTO_DTLS */
|
||||
|
||||
|
|
@ -7103,7 +7103,7 @@ static int ssl_parse_certificate_chain(mbedtls_ssl_context *ssl,
|
|||
/*
|
||||
* Same message structure as in mbedtls_ssl_write_certificate()
|
||||
*/
|
||||
n = (ssl->in_msg[i+1] << 8) | ssl->in_msg[i+2];
|
||||
n = MBEDTLS_GET_UINT16_BE(ssl->in_msg, i + 1);
|
||||
|
||||
if (ssl->in_msg[i] != 0 ||
|
||||
ssl->in_hslen != n + 3 + mbedtls_ssl_hs_hdr_len(ssl)) {
|
||||
|
|
@ -7137,8 +7137,7 @@ static int ssl_parse_certificate_chain(mbedtls_ssl_context *ssl,
|
|||
}
|
||||
|
||||
/* Read length of the next CRT in the chain. */
|
||||
n = ((unsigned int) ssl->in_msg[i + 1] << 8)
|
||||
| (unsigned int) ssl->in_msg[i + 2];
|
||||
n = MBEDTLS_GET_UINT16_BE(ssl->in_msg, i + 1);
|
||||
i += 3;
|
||||
|
||||
if (n < 128 || i + n > ssl->in_hslen) {
|
||||
|
|
@ -9038,7 +9037,7 @@ static int ssl_tls12_session_load(mbedtls_ssl_session *session,
|
|||
return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
|
||||
}
|
||||
|
||||
session->ciphersuite = (p[0] << 8) | p[1];
|
||||
session->ciphersuite = MBEDTLS_GET_UINT16_BE(p, 0);
|
||||
p += 2;
|
||||
|
||||
session->id_len = *p++;
|
||||
|
|
@ -9074,7 +9073,7 @@ static int ssl_tls12_session_load(mbedtls_ssl_session *session,
|
|||
return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
|
||||
}
|
||||
|
||||
cert_len = (p[0] << 16) | (p[1] << 8) | p[2];
|
||||
cert_len = MBEDTLS_GET_UINT24_BE(p, 0);
|
||||
p += 3;
|
||||
|
||||
if (cert_len != 0) {
|
||||
|
|
@ -9146,7 +9145,7 @@ static int ssl_tls12_session_load(mbedtls_ssl_session *session,
|
|||
return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
|
||||
}
|
||||
|
||||
session->ticket_len = (p[0] << 16) | (p[1] << 8) | p[2];
|
||||
session->ticket_len = MBEDTLS_GET_UINT24_BE(p, 0);
|
||||
p += 3;
|
||||
|
||||
if (session->ticket_len != 0) {
|
||||
|
|
|
|||
|
|
@ -941,7 +941,7 @@ static int ssl_parse_alpn_ext(mbedtls_ssl_context *ssl,
|
|||
return MBEDTLS_ERR_SSL_DECODE_ERROR;
|
||||
}
|
||||
|
||||
list_len = (buf[0] << 8) | buf[1];
|
||||
list_len = MBEDTLS_GET_UINT16_BE(buf, 0);
|
||||
if (list_len != len - 2) {
|
||||
mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
|
||||
MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR);
|
||||
|
|
@ -1304,8 +1304,7 @@ static int ssl_parse_server_hello(mbedtls_ssl_context *ssl)
|
|||
}
|
||||
|
||||
if (ssl->in_hslen > mbedtls_ssl_hs_hdr_len(ssl) + 39 + n) {
|
||||
ext_len = ((buf[38 + n] << 8)
|
||||
| (buf[39 + n]));
|
||||
ext_len = MBEDTLS_GET_UINT16_BE(buf, 38 + n);
|
||||
|
||||
if ((ext_len > 0 && ext_len < 4) ||
|
||||
ssl->in_hslen != mbedtls_ssl_hs_hdr_len(ssl) + 40 + n + ext_len) {
|
||||
|
|
@ -1326,7 +1325,7 @@ static int ssl_parse_server_hello(mbedtls_ssl_context *ssl)
|
|||
}
|
||||
|
||||
/* ciphersuite (used later) */
|
||||
i = (buf[35 + n] << 8) | buf[36 + n];
|
||||
i = (int) MBEDTLS_GET_UINT16_BE(buf, n + 35);
|
||||
|
||||
/*
|
||||
* Read and check compression
|
||||
|
|
@ -1447,10 +1446,8 @@ static int ssl_parse_server_hello(mbedtls_ssl_context *ssl)
|
|||
ext_len));
|
||||
|
||||
while (ext_len) {
|
||||
unsigned int ext_id = ((ext[0] << 8)
|
||||
| (ext[1]));
|
||||
unsigned int ext_size = ((ext[2] << 8)
|
||||
| (ext[3]));
|
||||
unsigned int ext_id = MBEDTLS_GET_UINT16_BE(ext, 0);
|
||||
unsigned int ext_size = MBEDTLS_GET_UINT16_BE(ext, 2);
|
||||
|
||||
if (ext_size + 4 > ext_len) {
|
||||
MBEDTLS_SSL_DEBUG_MSG(1, ("bad server hello message"));
|
||||
|
|
@ -1741,9 +1738,8 @@ static int ssl_parse_server_ecdh_params(mbedtls_ssl_context *ssl,
|
|||
}
|
||||
|
||||
/* Next two bytes are the namedcurve value */
|
||||
tls_id = *(*p)++;
|
||||
tls_id <<= 8;
|
||||
tls_id |= *(*p)++;
|
||||
tls_id = MBEDTLS_GET_UINT16_BE(*p, 0);
|
||||
*p += 2;
|
||||
|
||||
/* Check it's a curve we offered */
|
||||
if (mbedtls_ssl_check_curve_tls_id(ssl, tls_id) != 0) {
|
||||
|
|
@ -1883,7 +1879,7 @@ static int ssl_parse_server_psk_hint(mbedtls_ssl_context *ssl,
|
|||
("bad server key exchange message (psk_identity_hint length)"));
|
||||
return MBEDTLS_ERR_SSL_DECODE_ERROR;
|
||||
}
|
||||
len = (*p)[0] << 8 | (*p)[1];
|
||||
len = MBEDTLS_GET_UINT16_BE(*p, 0);
|
||||
*p += 2;
|
||||
|
||||
if (end - (*p) < len) {
|
||||
|
|
@ -2357,7 +2353,7 @@ start_processing:
|
|||
MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR);
|
||||
return MBEDTLS_ERR_SSL_DECODE_ERROR;
|
||||
}
|
||||
sig_len = (p[0] << 8) | p[1];
|
||||
sig_len = MBEDTLS_GET_UINT16_BE(p, 0);
|
||||
p += 2;
|
||||
|
||||
if (p != end - sig_len) {
|
||||
|
|
@ -2585,8 +2581,7 @@ static int ssl_parse_certificate_request(mbedtls_ssl_context *ssl)
|
|||
}
|
||||
|
||||
/* supported_signature_algorithms */
|
||||
sig_alg_len = ((buf[mbedtls_ssl_hs_hdr_len(ssl) + 1 + n] << 8)
|
||||
| (buf[mbedtls_ssl_hs_hdr_len(ssl) + 2 + n]));
|
||||
sig_alg_len = MBEDTLS_GET_UINT16_BE(buf, mbedtls_ssl_hs_hdr_len(ssl) + 1 + n);
|
||||
|
||||
/*
|
||||
* The furthest access in buf is in the loop few lines below:
|
||||
|
|
@ -2621,8 +2616,7 @@ static int ssl_parse_certificate_request(mbedtls_ssl_context *ssl)
|
|||
n += 2 + sig_alg_len;
|
||||
|
||||
/* certificate_authorities */
|
||||
dn_len = ((buf[mbedtls_ssl_hs_hdr_len(ssl) + 1 + n] << 8)
|
||||
| (buf[mbedtls_ssl_hs_hdr_len(ssl) + 2 + n]));
|
||||
dn_len = MBEDTLS_GET_UINT16_BE(buf, mbedtls_ssl_hs_hdr_len(ssl) + 1 + n);
|
||||
|
||||
n += dn_len;
|
||||
if (ssl->in_hslen != mbedtls_ssl_hs_hdr_len(ssl) + 3 + n) {
|
||||
|
|
@ -3421,10 +3415,9 @@ static int ssl_parse_new_session_ticket(mbedtls_ssl_context *ssl)
|
|||
|
||||
msg = ssl->in_msg + mbedtls_ssl_hs_hdr_len(ssl);
|
||||
|
||||
lifetime = (((uint32_t) msg[0]) << 24) | (msg[1] << 16) |
|
||||
(msg[2] << 8) | (msg[3]);
|
||||
lifetime = MBEDTLS_GET_UINT32_BE(msg, 0);
|
||||
|
||||
ticket_len = (msg[4] << 8) | (msg[5]);
|
||||
ticket_len = MBEDTLS_GET_UINT16_BE(msg, 4);
|
||||
|
||||
if (ticket_len + 6 + mbedtls_ssl_hs_hdr_len(ssl) != ssl->in_hslen) {
|
||||
MBEDTLS_SSL_DEBUG_MSG(1, ("bad new session ticket message"));
|
||||
|
|
|
|||
|
|
@ -192,7 +192,7 @@ static int ssl_parse_supported_groups_ext(mbedtls_ssl_context *ssl,
|
|||
MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR);
|
||||
return MBEDTLS_ERR_SSL_DECODE_ERROR;
|
||||
}
|
||||
list_size = ((buf[0] << 8) | (buf[1]));
|
||||
list_size = MBEDTLS_GET_UINT16_BE(buf, 0);
|
||||
if (list_size + 2 != len ||
|
||||
list_size % 2 != 0) {
|
||||
MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message"));
|
||||
|
|
@ -957,7 +957,7 @@ read_record_header:
|
|||
}
|
||||
|
||||
MBEDTLS_SSL_DEBUG_MSG(3, ("client hello, message len.: %d",
|
||||
(ssl->in_len[0] << 8) | ssl->in_len[1]));
|
||||
MBEDTLS_GET_UINT16_BE(ssl->in_len, 0)));
|
||||
|
||||
MBEDTLS_SSL_DEBUG_MSG(3, ("client hello, protocol version: [%d:%d]",
|
||||
buf[1], buf[2]));
|
||||
|
|
@ -993,7 +993,7 @@ read_record_header:
|
|||
}
|
||||
#endif /* MBEDTLS_SSL_PROTO_DTLS */
|
||||
|
||||
msg_len = (ssl->in_len[0] << 8) | ssl->in_len[1];
|
||||
msg_len = MBEDTLS_GET_UINT16_BE(ssl->in_len, 0);
|
||||
|
||||
#if defined(MBEDTLS_SSL_RENEGOTIATION)
|
||||
if (ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE) {
|
||||
|
|
@ -1251,8 +1251,7 @@ read_record_header:
|
|||
#endif /* MBEDTLS_SSL_PROTO_DTLS */
|
||||
ciph_offset = 35 + sess_len;
|
||||
|
||||
ciph_len = (buf[ciph_offset + 0] << 8)
|
||||
| (buf[ciph_offset + 1]);
|
||||
ciph_len = MBEDTLS_GET_UINT16_BE(buf, ciph_offset);
|
||||
|
||||
if (ciph_len < 2 ||
|
||||
ciph_len + 2 + ciph_offset + 1 > msg_len || /* 1 for comp. alg. len */
|
||||
|
|
@ -1300,8 +1299,7 @@ read_record_header:
|
|||
return MBEDTLS_ERR_SSL_DECODE_ERROR;
|
||||
}
|
||||
|
||||
ext_len = (buf[ext_offset + 0] << 8)
|
||||
| (buf[ext_offset + 1]);
|
||||
ext_len = MBEDTLS_GET_UINT16_BE(buf, ext_offset);
|
||||
|
||||
if (msg_len != ext_offset + 2 + ext_len) {
|
||||
MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message"));
|
||||
|
|
@ -1325,8 +1323,8 @@ read_record_header:
|
|||
MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR);
|
||||
return MBEDTLS_ERR_SSL_DECODE_ERROR;
|
||||
}
|
||||
ext_id = ((ext[0] << 8) | (ext[1]));
|
||||
ext_size = ((ext[2] << 8) | (ext[3]));
|
||||
ext_id = MBEDTLS_GET_UINT16_BE(ext, 0);
|
||||
ext_size = MBEDTLS_GET_UINT16_BE(ext, 2);
|
||||
|
||||
if (ext_size + 4 > ext_len) {
|
||||
MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message"));
|
||||
|
|
@ -3360,7 +3358,7 @@ static int ssl_parse_client_dh_public(mbedtls_ssl_context *ssl, unsigned char **
|
|||
return MBEDTLS_ERR_SSL_DECODE_ERROR;
|
||||
}
|
||||
|
||||
n = ((*p)[0] << 8) | (*p)[1];
|
||||
n = MBEDTLS_GET_UINT16_BE(*p, 0);
|
||||
*p += 2;
|
||||
|
||||
if (*p + n > end) {
|
||||
|
|
@ -3593,7 +3591,7 @@ static int ssl_parse_client_psk_identity(mbedtls_ssl_context *ssl, unsigned char
|
|||
return MBEDTLS_ERR_SSL_DECODE_ERROR;
|
||||
}
|
||||
|
||||
n = ((*p)[0] << 8) | (*p)[1];
|
||||
n = MBEDTLS_GET_UINT16_BE(*p, 0);
|
||||
*p += 2;
|
||||
|
||||
if (n == 0 || n > end - *p) {
|
||||
|
|
@ -4189,7 +4187,7 @@ static int ssl_parse_certificate_verify(mbedtls_ssl_context *ssl)
|
|||
return MBEDTLS_ERR_SSL_DECODE_ERROR;
|
||||
}
|
||||
|
||||
sig_len = (ssl->in_msg[i] << 8) | ssl->in_msg[i+1];
|
||||
sig_len = MBEDTLS_GET_UINT16_BE(ssl->in_msg, i);
|
||||
i += 2;
|
||||
|
||||
if (i + sig_len != ssl->in_hslen) {
|
||||
|
|
|
|||
Loading…
Reference in a new issue