Use MBEDTLS_GET_UINTxx_BE macro

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
This commit is contained in:
Dave Rodgman 2023-11-03 23:34:02 +00:00
parent b2e8419b50
commit a3d0f61aec
7 changed files with 43 additions and 67 deletions

View file

@ -48,7 +48,7 @@ static int dhm_read_bignum(mbedtls_mpi *X,
return MBEDTLS_ERR_DHM_BAD_INPUT_DATA;
}
n = ((*p)[0] << 8) | (*p)[1];
n = MBEDTLS_GET_UINT16_BE(*p, 0);
(*p) += 2;
if ((size_t) (end - *p) < (size_t) n) {

View file

@ -98,14 +98,9 @@ static psa_status_t psa_its_read_file(psa_storage_uid_t uid,
return PSA_ERROR_DATA_CORRUPT;
}
p_info->size = (header.size[0] |
header.size[1] << 8 |
header.size[2] << 16 |
header.size[3] << 24);
p_info->flags = (header.flags[0] |
header.flags[1] << 8 |
header.flags[2] << 16 |
header.flags[3] << 24);
p_info->size = MBEDTLS_GET_UINT32_LE(header.size, 0);
p_info->flags = MBEDTLS_GET_UINT32_LE(header.flags, 0);
return PSA_SUCCESS;
}

View file

@ -3097,16 +3097,12 @@ static int ssl_hs_is_proper_fragment(mbedtls_ssl_context *ssl)
static uint32_t ssl_get_hs_frag_len(mbedtls_ssl_context const *ssl)
{
return (ssl->in_msg[9] << 16) |
(ssl->in_msg[10] << 8) |
ssl->in_msg[11];
return MBEDTLS_GET_UINT24_BE(ssl->in_msg, 9);
}
static uint32_t ssl_get_hs_frag_off(mbedtls_ssl_context const *ssl)
{
return (ssl->in_msg[6] << 16) |
(ssl->in_msg[7] << 8) |
ssl->in_msg[8];
return MBEDTLS_GET_UINT24_BE(ssl->in_msg, 6);
}
MBEDTLS_CHECK_RETURN_CRITICAL
@ -3219,9 +3215,7 @@ static size_t ssl_get_reassembly_buffer_size(size_t msg_len,
static uint32_t ssl_get_hs_total_len(mbedtls_ssl_context const *ssl)
{
return (ssl->in_msg[1] << 16) |
(ssl->in_msg[2] << 8) |
ssl->in_msg[3];
return MBEDTLS_GET_UINT24_BE(ssl->in_msg, 1);
}
int mbedtls_ssl_prepare_handshake_record(mbedtls_ssl_context *ssl)
@ -3242,7 +3236,7 @@ int mbedtls_ssl_prepare_handshake_record(mbedtls_ssl_context *ssl)
#if defined(MBEDTLS_SSL_PROTO_DTLS)
if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned int recv_msg_seq = (ssl->in_msg[4] << 8) | ssl->in_msg[5];
unsigned int recv_msg_seq = MBEDTLS_GET_UINT16_BE(ssl->in_msg, 4);
if (ssl_check_hs_header(ssl) != 0) {
MBEDTLS_SSL_DEBUG_MSG(1, ("invalid handshake header"));
@ -3857,8 +3851,7 @@ static int ssl_parse_record_header(mbedtls_ssl_context const *ssl,
*/
rec->data_offset = rec_hdr_len_offset + rec_hdr_len_len;
rec->data_len = ((size_t) buf[rec_hdr_len_offset + 0] << 8) |
((size_t) buf[rec_hdr_len_offset + 1] << 0);
rec->data_len = MBEDTLS_GET_UINT16_BE(buf, rec_hdr_len_offset);
MBEDTLS_SSL_DEBUG_BUF(4, "input record header", buf, rec->data_offset);
MBEDTLS_SSL_DEBUG_MSG(3, ("input record: msgtype = %u, "
@ -3886,7 +3879,7 @@ static int ssl_parse_record_header(mbedtls_ssl_context const *ssl,
*/
#if defined(MBEDTLS_SSL_PROTO_DTLS)
if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
rec_epoch = (rec->ctr[0] << 8) | rec->ctr[1];
rec_epoch = MBEDTLS_GET_UINT16_BE(rec->ctr, 0);
/* Check that the datagram is large enough to contain a record
* of the advertised length. */
@ -3936,7 +3929,7 @@ static int ssl_parse_record_header(mbedtls_ssl_context const *ssl,
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_check_client_reconnect(mbedtls_ssl_context *ssl)
{
unsigned int rec_epoch = (ssl->in_ctr[0] << 8) | ssl->in_ctr[1];
unsigned int rec_epoch = MBEDTLS_GET_UINT16_BE(ssl->in_ctr, 0);
/*
* Check for an epoch 0 ClientHello. We can't use in_msg here to
@ -4258,9 +4251,7 @@ static int ssl_load_buffered_message(mbedtls_ssl_context *ssl)
hs_buf = &hs->buffering.hs[0];
if ((hs_buf->is_valid == 1) && (hs_buf->is_complete == 1)) {
/* Synthesize a record containing the buffered HS message. */
size_t msg_len = (hs_buf->data[1] << 16) |
(hs_buf->data[2] << 8) |
hs_buf->data[3];
size_t msg_len = MBEDTLS_GET_UINT24_BE(hs_buf->data, 1);
/* Double-check that we haven't accidentally buffered
* a message that doesn't fit into the input buffer. */
@ -4357,7 +4348,7 @@ static int ssl_buffer_message(mbedtls_ssl_context *ssl)
case MBEDTLS_SSL_MSG_HANDSHAKE:
{
unsigned recv_msg_seq_offset;
unsigned recv_msg_seq = (ssl->in_msg[4] << 8) | ssl->in_msg[5];
unsigned recv_msg_seq = MBEDTLS_GET_UINT16_BE(ssl->in_msg, 4);
mbedtls_ssl_hs_buffer *hs_buf;
size_t msg_len = ssl->in_hslen - 12;

View file

@ -444,7 +444,7 @@ int mbedtls_ssl_ticket_parse(void *p_ticket,
goto cleanup;
}
enc_len = (enc_len_p[0] << 8) | enc_len_p[1];
enc_len = MBEDTLS_GET_UINT16_BE(enc_len_p, 0);
if (len != TICKET_MIN_LEN + enc_len) {
ret = MBEDTLS_ERR_SSL_BAD_INPUT_DATA;

View file

@ -4747,7 +4747,7 @@ static int ssl_context_load(mbedtls_ssl_context *ssl,
return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
}
ssl->mtu = (p[0] << 8) | p[1];
ssl->mtu = MBEDTLS_GET_UINT16_BE(p, 0);
p += 2;
#endif /* MBEDTLS_SSL_PROTO_DTLS */
@ -7103,7 +7103,7 @@ static int ssl_parse_certificate_chain(mbedtls_ssl_context *ssl,
/*
* Same message structure as in mbedtls_ssl_write_certificate()
*/
n = (ssl->in_msg[i+1] << 8) | ssl->in_msg[i+2];
n = MBEDTLS_GET_UINT16_BE(ssl->in_msg, i + 1);
if (ssl->in_msg[i] != 0 ||
ssl->in_hslen != n + 3 + mbedtls_ssl_hs_hdr_len(ssl)) {
@ -7137,8 +7137,7 @@ static int ssl_parse_certificate_chain(mbedtls_ssl_context *ssl,
}
/* Read length of the next CRT in the chain. */
n = ((unsigned int) ssl->in_msg[i + 1] << 8)
| (unsigned int) ssl->in_msg[i + 2];
n = MBEDTLS_GET_UINT16_BE(ssl->in_msg, i + 1);
i += 3;
if (n < 128 || i + n > ssl->in_hslen) {
@ -9038,7 +9037,7 @@ static int ssl_tls12_session_load(mbedtls_ssl_session *session,
return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
}
session->ciphersuite = (p[0] << 8) | p[1];
session->ciphersuite = MBEDTLS_GET_UINT16_BE(p, 0);
p += 2;
session->id_len = *p++;
@ -9074,7 +9073,7 @@ static int ssl_tls12_session_load(mbedtls_ssl_session *session,
return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
}
cert_len = (p[0] << 16) | (p[1] << 8) | p[2];
cert_len = MBEDTLS_GET_UINT24_BE(p, 0);
p += 3;
if (cert_len != 0) {
@ -9146,7 +9145,7 @@ static int ssl_tls12_session_load(mbedtls_ssl_session *session,
return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
}
session->ticket_len = (p[0] << 16) | (p[1] << 8) | p[2];
session->ticket_len = MBEDTLS_GET_UINT24_BE(p, 0);
p += 3;
if (session->ticket_len != 0) {

View file

@ -941,7 +941,7 @@ static int ssl_parse_alpn_ext(mbedtls_ssl_context *ssl,
return MBEDTLS_ERR_SSL_DECODE_ERROR;
}
list_len = (buf[0] << 8) | buf[1];
list_len = MBEDTLS_GET_UINT16_BE(buf, 0);
if (list_len != len - 2) {
mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR);
@ -1304,8 +1304,7 @@ static int ssl_parse_server_hello(mbedtls_ssl_context *ssl)
}
if (ssl->in_hslen > mbedtls_ssl_hs_hdr_len(ssl) + 39 + n) {
ext_len = ((buf[38 + n] << 8)
| (buf[39 + n]));
ext_len = MBEDTLS_GET_UINT16_BE(buf, 38 + n);
if ((ext_len > 0 && ext_len < 4) ||
ssl->in_hslen != mbedtls_ssl_hs_hdr_len(ssl) + 40 + n + ext_len) {
@ -1326,7 +1325,7 @@ static int ssl_parse_server_hello(mbedtls_ssl_context *ssl)
}
/* ciphersuite (used later) */
i = (buf[35 + n] << 8) | buf[36 + n];
i = (int) MBEDTLS_GET_UINT16_BE(buf, n + 35);
/*
* Read and check compression
@ -1447,10 +1446,8 @@ static int ssl_parse_server_hello(mbedtls_ssl_context *ssl)
ext_len));
while (ext_len) {
unsigned int ext_id = ((ext[0] << 8)
| (ext[1]));
unsigned int ext_size = ((ext[2] << 8)
| (ext[3]));
unsigned int ext_id = MBEDTLS_GET_UINT16_BE(ext, 0);
unsigned int ext_size = MBEDTLS_GET_UINT16_BE(ext, 2);
if (ext_size + 4 > ext_len) {
MBEDTLS_SSL_DEBUG_MSG(1, ("bad server hello message"));
@ -1741,9 +1738,8 @@ static int ssl_parse_server_ecdh_params(mbedtls_ssl_context *ssl,
}
/* Next two bytes are the namedcurve value */
tls_id = *(*p)++;
tls_id <<= 8;
tls_id |= *(*p)++;
tls_id = MBEDTLS_GET_UINT16_BE(*p, 0);
*p += 2;
/* Check it's a curve we offered */
if (mbedtls_ssl_check_curve_tls_id(ssl, tls_id) != 0) {
@ -1883,7 +1879,7 @@ static int ssl_parse_server_psk_hint(mbedtls_ssl_context *ssl,
("bad server key exchange message (psk_identity_hint length)"));
return MBEDTLS_ERR_SSL_DECODE_ERROR;
}
len = (*p)[0] << 8 | (*p)[1];
len = MBEDTLS_GET_UINT16_BE(*p, 0);
*p += 2;
if (end - (*p) < len) {
@ -2357,7 +2353,7 @@ start_processing:
MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR);
return MBEDTLS_ERR_SSL_DECODE_ERROR;
}
sig_len = (p[0] << 8) | p[1];
sig_len = MBEDTLS_GET_UINT16_BE(p, 0);
p += 2;
if (p != end - sig_len) {
@ -2585,8 +2581,7 @@ static int ssl_parse_certificate_request(mbedtls_ssl_context *ssl)
}
/* supported_signature_algorithms */
sig_alg_len = ((buf[mbedtls_ssl_hs_hdr_len(ssl) + 1 + n] << 8)
| (buf[mbedtls_ssl_hs_hdr_len(ssl) + 2 + n]));
sig_alg_len = MBEDTLS_GET_UINT16_BE(buf, mbedtls_ssl_hs_hdr_len(ssl) + 1 + n);
/*
* The furthest access in buf is in the loop few lines below:
@ -2621,8 +2616,7 @@ static int ssl_parse_certificate_request(mbedtls_ssl_context *ssl)
n += 2 + sig_alg_len;
/* certificate_authorities */
dn_len = ((buf[mbedtls_ssl_hs_hdr_len(ssl) + 1 + n] << 8)
| (buf[mbedtls_ssl_hs_hdr_len(ssl) + 2 + n]));
dn_len = MBEDTLS_GET_UINT16_BE(buf, mbedtls_ssl_hs_hdr_len(ssl) + 1 + n);
n += dn_len;
if (ssl->in_hslen != mbedtls_ssl_hs_hdr_len(ssl) + 3 + n) {
@ -3421,10 +3415,9 @@ static int ssl_parse_new_session_ticket(mbedtls_ssl_context *ssl)
msg = ssl->in_msg + mbedtls_ssl_hs_hdr_len(ssl);
lifetime = (((uint32_t) msg[0]) << 24) | (msg[1] << 16) |
(msg[2] << 8) | (msg[3]);
lifetime = MBEDTLS_GET_UINT32_BE(msg, 0);
ticket_len = (msg[4] << 8) | (msg[5]);
ticket_len = MBEDTLS_GET_UINT16_BE(msg, 4);
if (ticket_len + 6 + mbedtls_ssl_hs_hdr_len(ssl) != ssl->in_hslen) {
MBEDTLS_SSL_DEBUG_MSG(1, ("bad new session ticket message"));

View file

@ -192,7 +192,7 @@ static int ssl_parse_supported_groups_ext(mbedtls_ssl_context *ssl,
MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR);
return MBEDTLS_ERR_SSL_DECODE_ERROR;
}
list_size = ((buf[0] << 8) | (buf[1]));
list_size = MBEDTLS_GET_UINT16_BE(buf, 0);
if (list_size + 2 != len ||
list_size % 2 != 0) {
MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message"));
@ -957,7 +957,7 @@ read_record_header:
}
MBEDTLS_SSL_DEBUG_MSG(3, ("client hello, message len.: %d",
(ssl->in_len[0] << 8) | ssl->in_len[1]));
MBEDTLS_GET_UINT16_BE(ssl->in_len, 0)));
MBEDTLS_SSL_DEBUG_MSG(3, ("client hello, protocol version: [%d:%d]",
buf[1], buf[2]));
@ -993,7 +993,7 @@ read_record_header:
}
#endif /* MBEDTLS_SSL_PROTO_DTLS */
msg_len = (ssl->in_len[0] << 8) | ssl->in_len[1];
msg_len = MBEDTLS_GET_UINT16_BE(ssl->in_len, 0);
#if defined(MBEDTLS_SSL_RENEGOTIATION)
if (ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE) {
@ -1251,8 +1251,7 @@ read_record_header:
#endif /* MBEDTLS_SSL_PROTO_DTLS */
ciph_offset = 35 + sess_len;
ciph_len = (buf[ciph_offset + 0] << 8)
| (buf[ciph_offset + 1]);
ciph_len = MBEDTLS_GET_UINT16_BE(buf, ciph_offset);
if (ciph_len < 2 ||
ciph_len + 2 + ciph_offset + 1 > msg_len || /* 1 for comp. alg. len */
@ -1300,8 +1299,7 @@ read_record_header:
return MBEDTLS_ERR_SSL_DECODE_ERROR;
}
ext_len = (buf[ext_offset + 0] << 8)
| (buf[ext_offset + 1]);
ext_len = MBEDTLS_GET_UINT16_BE(buf, ext_offset);
if (msg_len != ext_offset + 2 + ext_len) {
MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message"));
@ -1325,8 +1323,8 @@ read_record_header:
MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR);
return MBEDTLS_ERR_SSL_DECODE_ERROR;
}
ext_id = ((ext[0] << 8) | (ext[1]));
ext_size = ((ext[2] << 8) | (ext[3]));
ext_id = MBEDTLS_GET_UINT16_BE(ext, 0);
ext_size = MBEDTLS_GET_UINT16_BE(ext, 2);
if (ext_size + 4 > ext_len) {
MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message"));
@ -3360,7 +3358,7 @@ static int ssl_parse_client_dh_public(mbedtls_ssl_context *ssl, unsigned char **
return MBEDTLS_ERR_SSL_DECODE_ERROR;
}
n = ((*p)[0] << 8) | (*p)[1];
n = MBEDTLS_GET_UINT16_BE(*p, 0);
*p += 2;
if (*p + n > end) {
@ -3593,7 +3591,7 @@ static int ssl_parse_client_psk_identity(mbedtls_ssl_context *ssl, unsigned char
return MBEDTLS_ERR_SSL_DECODE_ERROR;
}
n = ((*p)[0] << 8) | (*p)[1];
n = MBEDTLS_GET_UINT16_BE(*p, 0);
*p += 2;
if (n == 0 || n > end - *p) {
@ -4189,7 +4187,7 @@ static int ssl_parse_certificate_verify(mbedtls_ssl_context *ssl)
return MBEDTLS_ERR_SSL_DECODE_ERROR;
}
sig_len = (ssl->in_msg[i] << 8) | ssl->in_msg[i+1];
sig_len = MBEDTLS_GET_UINT16_BE(ssl->in_msg, i);
i += 2;
if (i + sig_len != ssl->in_hslen) {