thirdparty,net.mbedtls: update mbedtls to latest compatible version v3.3.0 (#21118)

2025-09-13 22:42:26 +03:00 · 2024-03-28 07:46:21 +01:00 · 2024-03-28 07:46:21 +01:00 · 64a336932c
commit 64a336932c
parent cb402a3340
156 changed files with 16293 additions and 4396 deletions
--- a/thirdparty/mbedtls/library/x509.c
+++ b/thirdparty/mbedtls/library/x509.c
@ -43,16 +43,7 @@
 #include "mbedtls/pem.h"
 #endif

-#if defined(MBEDTLS_PLATFORM_C)
 #include "mbedtls/platform.h"
-#else
-#include <stdio.h>
-#include <stdlib.h>
-#define mbedtls_free      free
-#define mbedtls_calloc    calloc
-#define mbedtls_printf    printf
-#define mbedtls_snprintf  snprintf
-#endif

 #if defined(MBEDTLS_HAVE_TIME)
 #include "mbedtls/platform_time.h"
@ -62,6 +53,8 @@
 #include <time.h>
 #endif

+#include "mbedtls/legacy_or_psa.h"
+
 #define CHECK(code) if( ( ret = ( code ) ) != 0 ){ return( ret ); }
 #define CHECK_RANGE(min, max, val)                      \
    do                                                  \
@ -138,31 +131,31 @@ static inline const char* md_type_to_string( mbedtls_md_type_t md_alg )
 {
    switch( md_alg )
    {
-#if defined(MBEDTLS_MD5_C)
+#if defined(MBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA)
    case MBEDTLS_MD_MD5:
        return( "MD5" );
 #endif
-#if defined(MBEDTLS_SHA1_C)
+#if defined(MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA)
    case MBEDTLS_MD_SHA1:
        return( "SHA1" );
 #endif
-#if defined(MBEDTLS_SHA224_C)
+#if defined(MBEDTLS_HAS_ALG_SHA_224_VIA_MD_OR_PSA)
    case MBEDTLS_MD_SHA224:
        return( "SHA224" );
 #endif
-#if defined(MBEDTLS_SHA256_C)
+#if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA)
    case MBEDTLS_MD_SHA256:
        return( "SHA256" );
 #endif
-#if defined(MBEDTLS_SHA384_C)
+#if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA)
    case MBEDTLS_MD_SHA384:
        return( "SHA384" );
 #endif
-#if defined(MBEDTLS_SHA512_C)
+#if defined(MBEDTLS_HAS_ALG_SHA_512_VIA_MD_OR_PSA)
    case MBEDTLS_MD_SHA512:
        return( "SHA512" );
 #endif
-#if defined(MBEDTLS_RIPEMD160_C)
+#if defined(MBEDTLS_HAS_ALG_RIPEMD160_VIA_MD_OR_PSA)
    case MBEDTLS_MD_RIPEMD160:
        return( "RIPEMD160" );
 #endif
@ -240,7 +233,7 @@ static int x509_get_hash_alg( const mbedtls_x509_buf *alg, mbedtls_md_type_t *md
 *
 * RFC 4055 (which defines use of RSASSA-PSS in PKIX) states that the value
 * of trailerField MUST be 1, and PKCS#1 v2.2 doesn't even define any other
- * option. Enfore this at parsing time.
+ * option. Enforce this at parsing time.
 */
 int mbedtls_x509_get_rsassa_pss_params( const mbedtls_x509_buf *params,
                                mbedtls_md_type_t *md_alg, mbedtls_md_type_t *mgf_md,
@ -466,6 +459,11 @@ static int x509_get_attr_type_value( unsigned char **p,
 * For the general case we still use a flat list, but we mark elements of the
 * same set so that they are "merged" together in the functions that consume
 * this list, eg mbedtls_x509_dn_gets().
+ *
+ * On success, this function may allocate a linked list starting at cur->next
+ * that must later be free'd by the caller using mbedtls_free(). In error
+ * cases, this function frees all allocated memory internally and the caller
+ * has no freeing responsibilities.
 */
 int mbedtls_x509_get_name( unsigned char **p, const unsigned char *end,
                   mbedtls_x509_name *cur )
@ -473,6 +471,7 @@ int mbedtls_x509_get_name( unsigned char **p, const unsigned char *end,
    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
    size_t set_len;
    const unsigned char *end_set;
+    mbedtls_x509_name *head = cur;

    /* don't use recursion, we'd risk stack overflow if not optimized */
    while( 1 )
@ -482,14 +481,17 @@ int mbedtls_x509_get_name( unsigned char **p, const unsigned char *end,
         */
        if( ( ret = mbedtls_asn1_get_tag( p, end, &set_len,
                MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SET ) ) != 0 )
-            return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_NAME, ret ) );
+        {
+            ret = MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_NAME, ret );
+            goto error;
+        }

        end_set  = *p + set_len;

        while( 1 )
        {
            if( ( ret = x509_get_attr_type_value( p, end_set, cur ) ) != 0 )
-                return( ret );
+                goto error;

            if( *p == end_set )
                break;
@ -500,7 +502,10 @@ int mbedtls_x509_get_name( unsigned char **p, const unsigned char *end,
            cur->next = mbedtls_calloc( 1, sizeof( mbedtls_x509_name ) );

            if( cur->next == NULL )
-                return( MBEDTLS_ERR_X509_ALLOC_FAILED );
+            {
+                ret = MBEDTLS_ERR_X509_ALLOC_FAILED;
+                goto error;
+            }

            cur = cur->next;
        }
@ -514,10 +519,20 @@ int mbedtls_x509_get_name( unsigned char **p, const unsigned char *end,
        cur->next = mbedtls_calloc( 1, sizeof( mbedtls_x509_name ) );

        if( cur->next == NULL )
-            return( MBEDTLS_ERR_X509_ALLOC_FAILED );
+        {
+            ret = MBEDTLS_ERR_X509_ALLOC_FAILED;
+            goto error;
+        }

        cur = cur->next;
    }
+
+error:
+    /* Skip the first element as we did not allocate it */
+    mbedtls_asn1_free_named_data_list_shallow( head->next );
+    head->next = NULL;
+
+    return( ret );
 }

 static int x509_parse_int( unsigned char **p, size_t n, int *res )